the call to data_abort_fixup() as the fixup routines also try to
de-reference the fault pc.
- If a fault came from kernel mode, and the fault address looks to be in
the kernel's address space, and pcb_onfault is *set*, check the
instruction which caused the fault. If it's LDR{B,}T or STR{B,}T
then one of the copy in/out routines is trying to read/write a
kernel address with the wrong privilege. If that address is actually
mapped, we could end up in an infinite loop because we failed to
notice that it's really a 'user mode' access. Yay for "crashme".
I suspect this also fixes PR port-arm/23052.
Note: This *could* be fixed by adding sanity checks to copyin et al,
but that would add extra overhead to the non-error path...
- Fix a couple of __predict_false cases.
This code is not to be reenabled again until it is fixed to my satisfaction
(as a member of core and the person who ends up dealing with most of
the host tool build bugs)
to determine if a fault is read or write, make sure tf->tf_pc is 32-bit
aligned before dereferencing it.
Otherwise, deliver an illegal instruction signal to the process. We don't
support execution of Thumb code at this time.
This reloads the entire EEPROM, not just the MAC address, which can
cause problems for the host PCI bus under certain circumstances. The
chip already loads the EEPROM at powerup/reset anyway.
XXX: This probably applies to the other Rhine variants too, but I don't
have a data sheet to confirm this behaviour.
1) make sure Mach servers will not work on data beyond the end of the
request message buffer.
2) make sure that on copying out the reply message buffer, we will not
leak kernel data located after the buffer.
3) make sure that the server will not overwrite memory beyond the end
of the reply message buffer. That check is the responsability of the
server, there is just a DIAGNOSTIC test to check everything is in
good shape. All currently implemented servers in NetBSD have been
modified to check for this condition
While we are here, build the mach services table (formerly in mach_namemap.c)
and the services prototypes automatically from mach_services.master, just
as this is done for system calls.
The next step would be to fold the message formats in the mach_services.master
file, but this tends to be difficult, as some messages are quite long and
complex.
