Access control in do_sdevio and do_vdevio

kernel/system/do_sdevio.c

@@ -26,7 +26,10 @@ register message *m_ptr;	/* pointer to request message */
   int count = m_ptr->DIO_VEC_SIZE;
   long port = m_ptr->DIO_PORT;
   phys_bytes phys_buf;
-  int req_type, req_dir;
+  int i, req_type, req_dir, io_type, size, nr_io_range;
+  struct proc *rp;
+  struct priv *privp;
+  struct io_range *iorp;
 
   /* Allow safe copies and accesses to SELF */
   if ((m_ptr->DIO_REQUEST & _DIO_SAFEMASK) != _DIO_SAFE &&
@@ -73,6 +76,32 @@ register message *m_ptr;	/* pointer to request message */
          return(EFAULT);
   }
 
+  rp= proc_addr(who_p);
+  if (privp && privp->s_flags & CHECK_IO_PORT)
+  {
+	switch (io_type)
+	{
+	case _DIO_BYTE: size= 1; break;
+	case _DIO_WORD: size= 2; break;
+	case _DIO_LONG: size= 4; break;
+	default: size= 4; break;	/* Be conservative */
+	}
+	port= m_ptr->DIO_PORT;
+	nr_io_range= privp->s_nr_io_range;
+	for (i= 0, iorp= privp->s_io_tab; i<nr_io_range; i++, iorp++)
+	{
+		if (port >= iorp->ior_base && port+size-1 <= iorp->ior_limit)
+			break;
+	}
+	if (i >= nr_io_range)
+	{
+		kprintf(
+		"do_sdevio: I/O port check failed for proc %d, port 0x%x\n",
+			m_ptr->m_source, port);
+		return EPERM;
+	}
+  }
+
   /* Perform device I/O for bytes and words. Longs are not supported. */
   if (req_dir == _DIO_INPUT) { 
       switch (req_type) {

kernel/system/do_vdevio.c

@@ -37,8 +37,12 @@ register message *m_ptr;	/* pointer to request message */
   size_t bytes;               /* # bytes to be copied */
   vir_bytes caller_vir;       /* virtual address at caller */
   phys_bytes caller_phys;     /* physical address at caller */
-  int i;
+  port_t port;
+  int i, j, io_size, nr_io_range;
   int io_dir, io_type;
+  struct proc *rp;
+  struct priv *privp;
+  struct io_range *iorp;
     
   /* Get the request, size of the request vector, and check the values. */
   io_dir = m_ptr->DIO_REQUEST & _DIO_DIRMASK;
@@ -48,9 +52,18 @@ register message *m_ptr;	/* pointer to request message */
   else return(EINVAL);
   if ((vec_size = m_ptr->DIO_VEC_SIZE) <= 0) return(EINVAL);
   switch (io_type) {
-      case _DIO_BYTE: bytes = vec_size * sizeof(pvb_pair_t); break;
+      case _DIO_BYTE:
-      case _DIO_WORD: bytes = vec_size * sizeof(pvw_pair_t); break;
+	bytes = vec_size * sizeof(pvb_pair_t);
-      case _DIO_LONG: bytes = vec_size * sizeof(pvl_pair_t); break;
+	io_size= sizeof(u8_t);
+	break;
+      case _DIO_WORD:
+	bytes = vec_size * sizeof(pvw_pair_t);
+	io_size= sizeof(u16_t);
+	break;
+      case _DIO_LONG:
+	bytes = vec_size * sizeof(pvl_pair_t);
+	io_size= sizeof(u32_t);
+	break;
       default:  return(EINVAL);   /* check type once and for all */
   }
   if (bytes > sizeof(vdevio_buf))  return(E2BIG);
@@ -61,6 +74,37 @@ register message *m_ptr;	/* pointer to request message */
   if (0 == caller_phys) return(EFAULT);
   phys_copy(caller_phys, vir2phys(vdevio_buf), (phys_bytes) bytes);
 
+  rp= proc_addr(who_p);
+  privp= priv(rp);
+  if (privp && (privp->s_flags & CHECK_IO_PORT))
+  {
+	/* Check whether the I/O is allowed */
+	nr_io_range= privp->s_nr_io_range;
+	for (i=0; i<vec_size; i++)
+	{
+		switch (io_type) {
+		case _DIO_BYTE: port= pvb[i].port; break;
+		case _DIO_WORD: port= pvw[i].port; break;
+		default:	port= pvl[i].port; break;
+		}
+		for (j= 0, iorp= privp->s_io_tab; j<nr_io_range; j++, iorp++)
+		{
+			if (port >= iorp->ior_base &&
+				port+io_size-1 <= iorp->ior_limit)
+			{
+				break;
+			}
+		}
+		if (j >= nr_io_range)
+		{
+			kprintf(
+		"do_vdevio: I/O port check failed for proc %d, port 0x%x\n",
+				m_ptr->m_source, port);
+			return EPERM;
+		}
+	}
+  }
+
   /* Perform actual device I/O for byte, word, and long values. Note that 
    * the entire switch is wrapped in lock() and unlock() to prevent the I/O
    * batch from being interrupted.