PDP11: Properly range check DMA access to the I/O page

Make sure that DMA access to the I/O page can only see addresses on the Qbus/Unibus and not internal CPU registers
2026-04-17 00:36:00 +00:00 · 2018-09-06 11:03:45 -07:00
parent 5f0370749e
commit 7677dad67d
16 changed files with 56 additions and 22 deletions
--- a/PDP11/pdp11_io_lib.c
+++ b/PDP11/pdp11_io_lib.c
@@ -47,11 +47,10 @@ extern int32 int_vec_set[IPL_HLVL][32];                 /* bits to set in vector
 extern int32 (*int_ack[IPL_HLVL][32])(void);
 extern t_stat (*iodispR[IOPAGESIZE >> 1])(int32 *dat, int32 ad, int32 md);
 extern t_stat (*iodispW[IOPAGESIZE >> 1])(int32 dat, int32 ad, int32 md);
+extern DIB *iodibp[IOPAGESIZE >> 1];

 extern t_stat build_dib_tab (void);

-static DIB *iodibp[IOPAGESIZE >> 1];
-
 static void build_vector_tab (void);

 #if !defined(UNIMEMSIZE)
@@ -307,6 +306,7 @@ const char *cdname;

 if ((dptr == NULL) || (dibp == NULL))                   /* validate args */
    return SCPE_IERR;
+dibp->dptr = dptr;                                      /* save back pointer */
 if (dibp->vnum > VEC_DEVMAX)
    return SCPE_IERR;
 vec = dibp->vec;
@@ -453,12 +453,7 @@ for (i = 0, dibp = NULL; i < (IOPAGESIZE >> 1); i++) {  /* loop thru entries */
    size_t l;
    if (iodibp[i] && (iodibp[i] != dibp)) {             /* new block? */
        dibp = iodibp[i];                               /* DIB for block */
-        for (j = 0, dptr = NULL; sim_devices[j] != NULL; j++) {
-            if (((DIB*) sim_devices[j]->ctxt) == dibp) {
-                dptr = sim_devices[j];                  /* locate device */
-                break;
-                }                                       /* end if */
-            }                                           /* end for j */
+        dptr = dibp->dptr;
        if ((dibp->ba+ dibp->lnt - 1) > maxaddr)
            maxaddr = dibp->ba+ dibp->lnt - 1;
        if (dibp->vec > maxvec)
@@ -522,12 +517,7 @@ fputc ('\n', st);
 for (i = 0, dibp = NULL; i < (IOPAGESIZE >> 1); i++) {  /* loop thru entries */
    if (iodibp[i] && (iodibp[i] != dibp)) {             /* new block? */
        dibp = iodibp[i];                               /* DIB for block */
-        for (j = 0, dptr = NULL; sim_devices[j] != NULL; j++) {
-            if (((DIB*) sim_devices[j]->ctxt) == dibp) {
-                dptr = sim_devices[j];                  /* locate device */
-                break;
-                }                                       /* end if */
-            }                                           /* end for j */
+        dptr = dibp->dptr;                              /* locate device */
        fprint_val (st, (t_value) dibp->ba, DEV_RDX, 32, PV_LEFT);
        fprintf (st, " - ");
        fprint_val (st, (t_value) dibp->ba + dibp->lnt - 1, DEV_RDX, 32, PV_LEFT);