VM_PROT_READ|VM_PROT_EXECUTE. The previous default (VM_PROT_ALL)
would cause the following scenario:
- someone attempts to write kernel text (my test was writing
to an offset of /dev/kmem which was known to be in the text
segment, while in single-user mode).
- enter trap() with MMU fault (because of RO pte).
- trap() calls vm_fault(), which looks up vm_map_entry for
fauling address.
- vm_fault interprets write fault and VM_PROT_WRITE (in VM_PROT_ALL)
as COW; new page allocated, data copied to new page, new page
mapped in at trunc_page(<faulting va>).
- wow, look at the fireworks!
Fixes two potential symptoms:
- kernacc() returns TRUE when checking for permission to write
an offset in kernel text, which is bogus, since the text has
been mapped RO by pmap_bootstrap().
- Handling of a stray pointer that attempted to scribble into
kernel text would not be executed properly.
don't do this, kernacc() will bogusly return TRUE for page 0, causing a
NULL pointer dereference in uiomove() when reading /dev/kmem.
Thanks to Scott Reynolds for noticing the problem.
Still untested on -1260/-1230, and hangs when enforcing SFAS_NO_DMA on 2060;
but works with DMA on the latter.
Still untested in a NetBSD-12A environment. (Sorry, don't have the hardware
myself.)
Thanks to Laurent Baroukh for being the guinea pig, and to Jerome Lovy
for forwarding the hardware information Phase V gave him, and to Phase
V for providing it.
- Rename EX_NOBLOB to EX_NOCOALESCE; it's much more descriptive of
what's going on.
- Use ALIGN(), rather than our homegrown EXTENT_ALIGN(), when dealing
with map overhead. Privatize the EXTENT_ALIGN() macro; there's no need
to export it.
- Implement EX_BOUNDZERO flag. This changes the boundary line policy in
extent_alloc() and extent_alloc_subregion(); boundary lines are
computed relative to 0, rather then the start of the extent.
- Add a new flag to specify that it's ok to wait for space in the
extent: EX_WAITSPACE.
- Add some whitespace in the function prototypes.
- Rename EX_NOBLOB to EX_NOCOALESCE; it's much more descriptive of
what's going on.
- In extent_free_region_descriptor(), if we're a fixed extent,
freeing a dynamically allocated region descriptor, and someone
is waiting on the freelist, let the waiter have it, rather than
free'ing it back to the system.
- Use ALIGN(), rather than our homegrown EXTENT_ALIGN(), when dealing
with map overhead. Privatize the EXTENT_ALIGN() macro; there's no need
to export it.
- Implement EX_BOUNDZERO flag. This changes the boundary line policy in
extent_alloc() and extent_alloc_subregion(); boundary lines are
computed relative to 0, rather then the start of the extent.
- Fix a nasty race between multiple participants doing region and
descriptor allocation.
- Add a new flag to specify that it's ok to wait for space in the
extent: EX_WAITSPACE.
- Blow away an unnecessary splhigh()/splx().
- Put a bunch of sanity code inside #ifdef DIAGNOSTIC/#endif.
- Fix up usage of MBD_ISPID(). (from Jason Thorpe)
- Be careful not to deref bad pointers in the MMU fault handler. (ditto)
- Ensure trap() never deals with a NULL proc, and if our proc has
no pcb, punt. (Suggested by Gordon Ross)
- Initialize proc0.p_addr just after setting up the kernel stack, to avoid
getting NULL pointers in trap(). Change suggested by Gordon Ross.
- Panic if main() returns.
prototypes, and suppress a bogus "might be used uninitialized" warning.
It's clear from reading the logic of the function that produces the
warning that the variable will not be used uninitialized, but the
compiler just isn't smart enough, I guess. Marked XXX for future reference.
create an assembly label, and SYSCALLNUM to convert a syscall name into
the macro that's defined to be its number. Add a CALLSYS_NOERROR macro
which invokes the named system call. (CALLSYS_NOERROR is here since
it's used in locore, for sigcode.)
restart if we get multiple status interrupts before the softintr()
routine gets a chance to run. The fix is to determine and accumulate
status line changes at the H/W interrupt level, and then check and zero
the accumulated changes when the softint() finally runs. Many thanks
to Bill Studenmund <wrstuden@loki.stanford.edu> for finding and fixing.
* kill scc_tty[] and needs-count.
* Add usable-when-cold version of sccparam().
* Add pre-autconf() console initialization entrypoint.
* remove lint for gcc -Wall
* wbflush() -> tc_mb()
all but the last of which have been fed through cgd and committed to the
Alpha scc driver.
code as video memory must be reserved from main memory for the display.
In addition this adds generic support for using DRAM for video memory
on all machines. All video memory accessing should use the video_memory_t
structure.
Added support for the RC7500 motherboard. The RC7500 support includes a
replacement init_arm() function. This also supports the RC7500 prom debug
monitor for debugging the kernel boot.
dumps now work so call dumpsys() following a panic.
Added support for the SA110. This mainly consists of making sure the data
cache is cleaned when appropriate and that the instruction cache is
kept in sync during the bootstrap and when signal handlers are built on
the stack.
Use a larger UND32 mode stack if we are configured for KGDB.
Remove KERNEL_PT_KSTACK references as these should have died with the
removal of double mapped kstacks eons ago.
Make sure we call doshutdownhooks() if boot is called while we are still
cold.
Cleaned up prototypes declarations.
Sorted out comment indentation.
autoconfiguration. It clears the RPB's per-cpu-slot BIP flag and
sets up the RPB's restore_term and restart vectors, etc. add a
console_restart() function, which causes a panic and system dump,
that is invoked (indirectly) via those vectors.
eventually, the restart HWRPB vector), which calls console_restart. This
is invoked when the console halt switch is used and the user enters 'c'
at the console prompt, and eventually causes a system crash dump to be
generated.
clean and tlb flush code along with write buffer drains that are
dependant on the definition of CPU_SA110.
The memory reserved for the L1 pagetables is now wired into the memory map
during the pmap_init rather than at L1 pagetable allocation time.
The L1 pages tables are zeroed during initialisation and when they are
released rather than when they are allocated.
When searching for a free L1 page table start search at the page table
after the last one allocated rather than always starting from the first one.
Added some extra DIAGNOSTIC checks for invalidate page index numbers.
Removed some old debugging code that escaped the last clean up.
Idented comments in line with code.
The irq delivery code has been rewritten. On entry to the irq vector the
processor is switched to SVC32 mode so all interrupt routines now run
in SVC32 mode rather than IRQ32 mode. This fixes lots of irq re-enabling
problems.
Interrupt latency times are now vastly improved for high priority interrupts.
Cleaned up calling ast() before returning to USR32 mode (don't need to
mess about with trapframe copying.
Cleaned up all the comments and sorted out their indentation.
Rewritten the soft interrupt delivery code.
Added generic ARM7500 support rather than just RC7500 support.
of using it directly, use a local, and set that local to be curproc
if curproc is not NULL else a pointer to process 0's proc struct.
If syncing disks while handling a panic that occurred while 'curproc'
was NULL, the old code would dereference NULL and die.
ktrace context switch checking. If syncing disks while handling a panic
that occurred while 'curproc' was NULL, the old code would dereference
NULL and die. The (slight) reorganization was done so that space (one extra
splhigh()), rather than time (one extra comparison), would be wasted.
Added support for the SA110. This cpu does not need any register fix-ups
following a data abort.
Return valid signal code values on SEGV's. See machine/signal.h for
decoding SEGV signal codes.
required during pagemove() and vmapbuf() and vunmapbuf().
The kernel and undefined mode stack checks are now guarded with
#ifdef STACKCHECKS.
Tidied up comments.
cache needs to be cleans and the instruction and data caches need to
be invalidate along with the instruction and data tlbs when
the TTB is reloaded during a context switch.
if CPU_SA110 is defined. Cache cleaning is different on the SA110 as
the cache is a write back virtual cache and is split for data and instruction.
Also the cache and tlb control instructions use different coprocessor #15
registers.
is