RMGR incorrectly checks regions

Mon, 12 Nov 2001 11:35:27 -0000

I think I've found a bug in the rmgr code that loads
the executable code
of the kernel and modules. In the file
rmgr/src/startup.c, the function
startup() calls exec_load() to do the work. The
functions
mod_exec_read() and mod_exec_read_exec() are given to
exec_load() to do
the reading. These two functions make use of the
overlaps_myself()
function to do some checks on where the buffers are.

static int
overlaps_myself(vm_offset_t begin, vm_offset_t end)
{
return (begin <= (vm_offset_t) &__crt_dummy__
&& end >= (vm_offset_t) &__crt_dummy__)
|| (begin <= (vm_offset_t) &_end
&& end >= (vm_offset_t) &_end)
|| (begin <= mod_range_start
&& end >= mod_range_start)
|| (begin <= mod_range_end
&& end >= mod_range_end);
}

This function appears to be checking if the range
[begin, end] overlaps
the code sections of the process it is running in or
the code of any of
the modules. There seems to be a bug though. This code
doesn't catch the
case where [begin,end] is strictly inside the the
process or strictly
inside the module region.

Additionally, looking at the code for Fiasco, different
semantics exist
altogether. mod_exec_read checks that the region is
completely inside
the executable to be sure that copies are going into
the data region of
the process. mod_exec_read_exec() checks that it isn't
inside the region
of the process or the modules, to make sure it doesn't
overwrite things
yet to be loaded.

L4KA Internals

Anonymous — Fri, 03 Nov 2000 02:33:42 -0000

Recent changes to support-requests

RMGR incorrectly checks regions

L4KA Internals