Summary: | Limit /dev/mem access to addresses in phys_avail[] - i.e. actual memory | ||
---|---|---|---|
Product: | Base System | Reporter: | Ed Maste <emaste> |
Component: | kern | Assignee: | Ed Maste <emaste> |
Status: | New --- | ||
Severity: | Affects Only Me | CC: | alc, grahamperrin, jhb, ler, mhorne, op, ygy |
Priority: | --- | ||
Version: | CURRENT | ||
Hardware: | Any | ||
OS: | Any | ||
See Also: | https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194995 | ||
Bug Depends on: | |||
Bug Blocks: | 231027 |
Description
Ed Maste
2014-11-12 22:17:35 UTC
Let me know if I need to get Vic involved. Larry Rosenman Maintainer, sysutils/lsof Use dump_avail[] rather than phys_avail[]. Between the time that we first initialize phys_avail[] and finally execute vm_page_startup(), we remove pages from phys_avail[] for various purposes. Also, dump_avail[] includes pages containing the kernel code and data that are excluded from phys_avail[]. In summary, dump_avail[] more accurately describes the physical memory of the machine. See the arm version of this code. It already implements the check against dump_avail[]. I do think we want some kind of expert mode to permit kgdb to examine things that aren't memory (e.g. reading registers from a 64-bit BAR that may be above Maxmem). That said, I would be fine with that mode not being on by default. This is simple to implement for some architectures like arm, but it might be impractical on others. I tried making the fix on amd64 but it broke acpidump(8), since the acpi tables are excluded from dump_avail[]. I'm not sure if there's an easy solution to that, and there may be other cases of userland utilities that are similarly affected if they rely on reading device memory through /dev/mem. For amd64 you might try using the EFI memory map or SMAP as the source of truth instead of dump_avail (and only fallback to dump_avail as a last resort if either of those isn't present). You would then perhaps permit access by default to some memory types listed in SMAP/EFI that aren't plain RAM. I think ACPI tables can be listed in one of those (firmware memory or some such). Arguably, we should perhaps be including those pages in dump_avail but not phys_avail anyway since it might be nice to have firmware tables in crash dumps. You'd have to dump_add_page them, but still. |