Kernel: Prevent executing I/O instructions in userspace

All threads were running with iomapbase=0 in their TSS, which the CPU interprets as "there's an I/O permission bitmap starting at offset 0 into my TSS". Because of that, any bits that were 1 inside the TSS would allow the thread to execute I/O instructions on the port with that bit index. Fix this by always setting the iomapbase to sizeof(TSS32), and also setting the TSS descriptor's limit to sizeof(TSS32), effectively making the I/O permissions bitmap zero-length. This should make it no longer possible to do I/O from userspace. :^)
author: Andreas Kling <awesomekling@gmail.com> 2020-01-01 17:26:25 +0100
committer: Andreas Kling <awesomekling@gmail.com> 2020-01-01 17:31:41 +0100
commit: f598bbbb1d71e33bb552c4cba9f2251c7438c92c (patch)
tree: ca911f7cf3aaa679b06d4b8594979d3ad230d1ca /Base/usr/share/man/man1/crash.md
parent: 37329c2009d167a982274ede30345c58dc673c9d (diff)
download: serenity-f598bbbb1d71e33bb552c4cba9f2251c7438c92c.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/Base/usr/share/man/man1/crash.md b/Base/usr/share/man/man1/crash.md
index f85d681fb5..94de627518 100644
--- a/Base/usr/share/man/man1/crash.md
+++ b/Base/usr/share/man/man1/crash.md
@@ -33,6 +33,7 @@ kinds of crashes.
 * `-y`: Write to recently freed memory. (Tests an opportunistic malloc guard.)
 * `-X`: Attempt to execute non-executable memory. (Not mapped with PROT\_EXEC.)
 * `-U`: Attempt to trigger an x86 User Mode Instruction Prevention fault.
+* `-I`: Use an x86 I/O instruction in userspace.
 
 ## Examples
author	Andreas Kling <awesomekling@gmail.com>	2020-01-01 17:26:25 +0100
committer	Andreas Kling <awesomekling@gmail.com>	2020-01-01 17:31:41 +0100
commit	f598bbbb1d71e33bb552c4cba9f2251c7438c92c (patch)
tree	ca911f7cf3aaa679b06d4b8594979d3ad230d1ca /Base/usr/share/man/man1/crash.md
parent	37329c2009d167a982274ede30345c58dc673c9d (diff)
download	serenity-f598bbbb1d71e33bb552c4cba9f2251c7438c92c.zip