Bug 29194

Summary: read from raw device might corrupt nearby data
Product: Base System Reporter: tegge <tegge>
Component: kernAssignee: Matt Jacob <mjacob>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 5.0-CURRENT   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description tegge 2001-07-24 18:30:00 UTC 
When reading from a raw device, the userspace buffer is mapped into kernel
virtal address space.  To ensure that the pages are writable, a byte is read
from each relevant page and written back in vm_fault_quick to force a
copy-on-write if needed.  Unless the userspace buffer is page aligned, the
first writeback is outside the userspace buffer and might cause modification to
that byte by another CPU or DMA to be lost.

Fix: Don't write to 'unrelated' memory to force a copy-on-write.

Use the buffer start address instead of the page start address as the first
argument to vm_fault_quick if the page start address is below the buffer start
address.
How-To-Repeat: 
Perform multiple simultaneous small (2 KB) read operations from raw device to
memory in the same address space where pairs of userspace buffers share a page.
Comment 1 Matt Jacob freebsd_committer freebsd_triage 2001-10-02 06:11:58 UTC 
Responsible Changed
From-To: freebsd-bugs->mjacob

Huh- we missed picking up on this and this looks good to me- but I'll 
ask audit@ to check on it.
Comment 2 Matt Jacob freebsd_committer freebsd_triage 2001-10-02 19:39:08 UTC 
State Changed
From-To: open->closed

Patch applied to -current and MFC scheduled for 2 weeks, thank you.