minix/kernel/arch/i386/do_sdevio.c
David van Moolenbroek 0b5c2a058c Kernel: use okendpt() to resolve stored endpoints
This adds an integrity check at very little cost, and should stop
Coverity from flagging array overruns on the result.
2012-08-15 08:50:30 +00:00

163 lines
4.4 KiB
C

/* The kernel call implemented in this file:
* m_type: SYS_SDEVIO
*
* The parameters for this kernel call are:
* m2_i3: DIO_REQUEST (request input or output)
* m2_l1: DIO_PORT (port to read/ write)
* m2_p1: DIO_VEC_ADDR (virtual address of buffer, or grant ID)
* m2_l2: DIO_VEC_SIZE (number of elements)
* m2_i2: DIO_VEC_PROC (process where buffer is)
* m2_i1: DIO_OFFSET (offset into the grant)
*/
#include "kernel/system.h"
#include <minix/devio.h>
#include <minix/endpoint.h>
#include "arch_proto.h"
#if USE_SDEVIO
/*===========================================================================*
* do_sdevio *
*===========================================================================*/
int do_sdevio(struct proc * caller, message *m_ptr)
{
vir_bytes newoffset;
endpoint_t newep;
int proc_nr;
endpoint_t proc_nr_e = m_ptr->DIO_VEC_ENDPT;
vir_bytes count = m_ptr->DIO_VEC_SIZE;
long port = m_ptr->DIO_PORT;
phys_bytes vir_buf;
int i, req_type, req_dir, size, nr_io_range;
struct priv *privp;
struct io_range *iorp;
struct proc *destproc;
int retval;
/* Allow safe copies and accesses to SELF */
if ((m_ptr->DIO_REQUEST & _DIO_SAFEMASK) != _DIO_SAFE &&
proc_nr_e != SELF)
{
static int first= 1;
if (first)
{
first= 0;
printf("do_sdevio: for %d, req %d\n",
m_ptr->m_source, m_ptr->DIO_REQUEST);
}
}
/* Check if process endpoint is OK.
* A driver may directly provide a pointer to a buffer at the user-process
* that initiated the device I/O. Kernel processes, of course, are denied.
*/
if (proc_nr_e == SELF)
okendpt(caller->p_endpoint, &proc_nr);
else
if(!isokendpt(proc_nr_e, &proc_nr))
return(EINVAL);
if (iskerneln(proc_nr)) return(EPERM);
/* Extract direction (in or out) and type (size). */
req_dir = m_ptr->DIO_REQUEST & _DIO_DIRMASK;
req_type = m_ptr->DIO_REQUEST & _DIO_TYPEMASK;
/* Check for 'safe' variants. */
if((m_ptr->DIO_REQUEST & _DIO_SAFEMASK) == _DIO_SAFE) {
/* Map grant address to physical address. */
if(verify_grant(proc_nr_e, caller->p_endpoint,
(cp_grant_id_t) m_ptr->DIO_VEC_ADDR,
count,
req_dir == _DIO_INPUT ? CPF_WRITE : CPF_READ,
(vir_bytes) m_ptr->DIO_OFFSET,
&newoffset, &newep) != OK) {
printf("do_sdevio: verify_grant failed\n");
return EPERM;
}
if(!isokendpt(newep, &proc_nr))
return(EINVAL);
destproc = proc_addr(proc_nr);
vir_buf = newoffset;
} else {
if(proc_nr != _ENDPOINT_P(caller->p_endpoint))
{
printf("do_sdevio: unsafe sdevio by %d in %d denied\n",
caller->p_endpoint, proc_nr_e);
return EPERM;
}
/* Get and check physical address. */
vir_buf = (phys_bytes) m_ptr->DIO_VEC_ADDR;
destproc = proc_addr(proc_nr);
}
/* current process must be target for phys_* to be OK */
switch_address_space(destproc);
switch (req_type)
{
case _DIO_BYTE: size= 1; break;
case _DIO_WORD: size= 2; break;
case _DIO_LONG: size= 4; break;
default: size= 4; break; /* Be conservative */
}
privp= priv(caller);
if (privp && privp->s_flags & CHECK_IO_PORT)
{
port= m_ptr->DIO_PORT;
nr_io_range= privp->s_nr_io_range;
for (i= 0, iorp= privp->s_io_tab; i<nr_io_range; i++, iorp++)
{
if (port >= iorp->ior_base && port+size-1 <= iorp->ior_limit)
break;
}
if (i >= nr_io_range)
{
printf(
"do_sdevio: I/O port check failed for proc %d, port 0x%x\n",
m_ptr->m_source, port);
retval = EPERM;
goto return_error;
}
}
if (port & (size-1))
{
printf("do_devio: unaligned port 0x%x (size %d)\n", port, size);
retval = EPERM;
goto return_error;
}
/* Perform device I/O for bytes and words. Longs are not supported. */
if (req_dir == _DIO_INPUT) {
switch (req_type) {
case _DIO_BYTE: phys_insb(port, vir_buf, count); break;
case _DIO_WORD: phys_insw(port, vir_buf, count); break;
default:
retval = EINVAL;
goto return_error;
}
} else if (req_dir == _DIO_OUTPUT) {
switch (req_type) {
case _DIO_BYTE: phys_outsb(port, vir_buf, count); break;
case _DIO_WORD: phys_outsw(port, vir_buf, count); break;
default:
retval = EINVAL;
goto return_error;
}
}
else {
retval = EINVAL;
goto return_error;
}
retval = OK;
return_error:
/* switch back to the address of the process which made the call */
switch_address_space(caller);
return retval;
}
#endif /* USE_SDEVIO */