when mmapping a file, permissions are checked as it should be. When
mprotect()-ing the address range afterwards, no protection was checked
regarding the protection of the file originally opened. So
when you open /usr/bin/su RDONLY and SHARED you could afterwards change
the mmapped region to READ|WRITE. This gave the possibility to obtain
root privs obviously.
Here are some fixes I derived from the mach 3.0 VM system a couple of months
ago. At the time, I was giving the memory object routines a good looking
at, trying to fix the long-standing problem where vm_object_collapse()
sometimes fails to collapse objects left over from the exit of a forked
child. As bde has noted, the problem seems to occur when portions of the
parent are paged out. These "lost" memory objects, which can eat up a huge
amount of swap space, are reclaimed when the parent responsible for the
fork()s is killed.
it seems to keep the vm system from deadlocking the system when it runs
out of swap + physical memory.
prevents the system from giving the last page(s) to anything but the
referenced "processes" (especially important is the pager process,
which should never have to wait for a free page).
This patch adds the symbol names to icu.s that vmstat expects
the interrupt counters to be called. It also adds code to config
so that the names of the interrupts are written at the end of vectors.s
so vmstat can report real device names. It also cleans up and enables
the logging of stray interrupts. The counters for false interrupts
are added but the fix for them is not (the fix I have is not done
very good.) A false interrupt is when a device asserts it's interrupt
signal, then removes it before the 8259 can latch it. This is the number
one cause of stray IRQ7's and IRQ15's.
Additional device probe information is now printed. This includes
ending I/O address (many drivers do not return the correct value from a
probe this still needs to be fixed), memory address and size, driver
flags passed in by config.
This patch adds the symbol names to icu.s that vmstat expects
the interrupt counters to be called. It also adds code to config
so that the names of the interrupts are written at the end of vectors.s
so vmstat can report real device names. It also cleans up and enables
the logging of stray interrupts. The counters for false interrupts
are added but the fix for them is not (the fix I have is not done
very good.) A false interrupt is when a device asserts it's interrupt
signal, then removes it before the 8259 can latch it. This is the number
one cause of stray IRQ7's and IRQ15's.
Additional device probe information is now printed. This includes
ending I/O address (many drivers do not return the correct value from a
probe this still needs to be fixed), memory address and size, driver
flags passed in by config.
1: the fi_readers and fi_writers fields of the fifoinfo structure were not
being initialized to 0. This caused the driver to not sleep the first
process to open the fifo--it thought there was already another process to
talk to (most of the time.)
2: fifo_open() was calling tsleep() without unlocking the inode of the fifo
file. This caused *any* subsequent access to the file (even an ls (!)) to
hang forever. Note that this bug was usually masked by bug #1 above.
Return-Path: jsp@compnews.co.uk
Received: from ben.uknet.ac.uk by postgres.Berkeley.EDU (5.61/1.29)
id AA25983; Thu, 25 Mar 93 05:37:37 -0800
Received: from fennel.compnews.co.uk by ben.uknet.ac.uk via UKIP with SMTP (PP)
id <g.05640-0@ben.uknet.ac.uk>; Thu, 25 Mar 1993 13:37:19 +0000
Received: from sage.compnews.co.uk by fennel.compnews.co.uk;
Thu, 25 Mar 93 13:37:08 GMT
Message-Id: <28109.9303251337@sage.compnews.co.uk>
From: jsp@compnews.co.uk (Jan-Simon Pendry)
Date: Thu, 25 Mar 1993 13:37:05 +0100
In-Reply-To: cgd@postgres.berkeley.edu's message as of Mar 25, 5:32am.
Phone-Number-1: +44 430 432450
Phone-Number-2: +44 430 432480 x20
Fax-Number: +44 430 432022
X-Mailer: Mail User's Shell (7.2.5 10/14/92)
To: cgd@postgres.berkeley.edu
Subject: Re: fdesc/kernfs/etc code...
You may put this copyright message on the source code:
/*
* Copyright (c) 1990, 1992 Jan-Simon Pendry
* All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Jan-Simon Pendry.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*/