and make the stack and heap non-executable by default. the changes
fall into two basic catagories:
- pmap and trap-handler changes. these are all MD:
= alpha: we already track per-page execute permission with the (software)
PG_EXEC bit, so just have the trap handler pay attention to it.
= i386: use a new GDT segment for %cs for processes that have no
executable mappings above a certain threshold (currently the
bottom of the stack). track per-page execute permission with
the last unused PTE bit.
= powerpc/ibm4xx: just use the hardware exec bit.
= powerpc/oea: we already track per-page exec bits, but the hardware only
implements non-exec mappings at the segment level. so track the
number of executable mappings in each segment and turn on the no-exec
segment bit iff the count is 0. adjust the trap handler to deal.
= sparc (sun4m): fix our use of the hardware protection bits.
fix the trap handler to recognize text faults.
= sparc64: split the existing unified TSB into data and instruction TSBs,
and only load TTEs into the appropriate TSB(s) for the permissions.
fix the trap handler to check for execute permission.
= not yet implemented: amd64, hppa, sh5
- changes in all the emulations that put a signal trampoline on the stack.
instead, we now put the trampoline into a uvm_aobj and map that into
the process separately.
originally from openbsd, adapted for netbsd by me.
be inserted into ktrace records. The general change has been to replace
"struct proc *" with "struct lwp *" in various function prototypes, pass
the lwp through and use l_proc to get the process pointer when needed.
Bump the kernel rev up to 1.6V
merge the two emul_irix structures; the only difference was
setregs function, which can be handled by exec-specific setregs hook
rename setregs_n32() to irix_n32_setregs(), and make it suitable
as the exec-specific setregs hook
make irix_check_exec() a macro now that just single compare
private to the process within the share group.
There is one bit missing in this implementation: when replicating a change
in a process VM to the other process of the share group, we avoid copying
mappings for private regions in the target process, but we don't prevent
copying private regions from the source process.
usync_cntl() system calls.
- when usync_cntl is used and the process is aborted (eg: by kill -9)
libc does not call usync_cntl() to unblock things. We have to cleanup
data allocated in the kernel. This is now done through the emulation
specific exit hook
- IRIX initialize some data in the system part of the PRDA: the pid and
a prid (PRDA ID?). We initialize both to pid.
- Move back struct irix_share_group from irix_exec.h to irix_prctl.h, it
is more revelant here.
- fix a few typos
private area called PRDA that remains unshared. We implement this by using
different vmspace for each share group member, and keeping the memory
appings in sync on each mmap/munmap/mprotect/break...
We use irix_saddr_sync_vmcmd and irix_saddr_sync_syscall to apply a
vmcmd or a syscall to all share group member, this makes the job a bit
easier.
Also implements {get|set}rlimit{64}.
- First implementation of procblk(). THis is supposed to suspend processes.
We emulate this by sending a SIGSTOP, which is not very accurate since
on IRIX, sending a SIGCONT to a process suspended by procblk() will not
resume it.
- support for shared groups
a SIGSEGV when sigaction(2) is used before a fork(2) and a signal is received
in the child.
- we now nearly correctly emulate PR_TERMCHILD in prctl(2). (the perfect
emulation would not send a SIGHUP if the parent is killed)
address 0x200000 (disasembling usinit shows that this address is hardcoded in
libc). It uses it for locks and semaphres.
We therefore allocate this page of memory, to prevent IRIX process from
faulting when thay call usinit(3).
- the signal trampoline address is given to the kernel by a sigaction()
fourth argument
- we introduce an irix_emuldata structure to keep track of the signal
trampoline address
- we don't support per-sigaction signal trampolines, we only do per-process
- now that we use the IRIX libc signal trampoline, we do not have to handle
the errno update from the signal trampoline
- it is possible that IRIX 5 signal delivery works too, since theses binaries
will come with their own signal trampoline
header to distinguish between o32, n32 and n64 ABIs. We now use this.
This suppress the need of the mips_option test, which had some fake positive.
This also removes the mandatory ordering of n32 vs o32 in the exec switch
(exec_conf.c)
