VM_PROT_READ|VM_PROT_EXECUTE. The previous default (VM_PROT_ALL)
would cause the following scenario:
- someone attempts to write kernel text (my test was writing
to an offset of /dev/kmem which was known to be in the text
segment, while in single-user mode).
- enter trap() with MMU fault (because of RO pte).
- trap() calls vm_fault(), which looks up vm_map_entry for
fauling address.
- vm_fault interprets write fault and VM_PROT_WRITE (in VM_PROT_ALL)
as COW; new page allocated, data copied to new page, new page
mapped in at trunc_page(<faulting va>).
- wow, look at the fireworks!
Fixes two potential symptoms:
- kernacc() returns TRUE when checking for permission to write
an offset in kernel text, which is bogus, since the text has
been mapped RO by pmap_bootstrap().
- Handling of a stray pointer that attempted to scribble into
kernel text would not be executed properly.
don't do this, kernacc() will bogusly return TRUE for page 0, causing a
NULL pointer dereference in uiomove() when reading /dev/kmem.
Thanks to Scott Reynolds for noticing the problem.
Still untested on -1260/-1230, and hangs when enforcing SFAS_NO_DMA on 2060;
but works with DMA on the latter.
Still untested in a NetBSD-12A environment. (Sorry, don't have the hardware
myself.)
Thanks to Laurent Baroukh for being the guinea pig, and to Jerome Lovy
for forwarding the hardware information Phase V gave him, and to Phase
V for providing it.
- Rename EX_NOBLOB to EX_NOCOALESCE; it's much more descriptive of
what's going on.
- Use ALIGN(), rather than our homegrown EXTENT_ALIGN(), when dealing
with map overhead. Privatize the EXTENT_ALIGN() macro; there's no need
to export it.
- Implement EX_BOUNDZERO flag. This changes the boundary line policy in
extent_alloc() and extent_alloc_subregion(); boundary lines are
computed relative to 0, rather then the start of the extent.
- Add a new flag to specify that it's ok to wait for space in the
extent: EX_WAITSPACE.
- Add some whitespace in the function prototypes.
- Rename EX_NOBLOB to EX_NOCOALESCE; it's much more descriptive of
what's going on.
- In extent_free_region_descriptor(), if we're a fixed extent,
freeing a dynamically allocated region descriptor, and someone
is waiting on the freelist, let the waiter have it, rather than
free'ing it back to the system.
- Use ALIGN(), rather than our homegrown EXTENT_ALIGN(), when dealing
with map overhead. Privatize the EXTENT_ALIGN() macro; there's no need
to export it.
- Implement EX_BOUNDZERO flag. This changes the boundary line policy in
extent_alloc() and extent_alloc_subregion(); boundary lines are
computed relative to 0, rather then the start of the extent.
- Fix a nasty race between multiple participants doing region and
descriptor allocation.
- Add a new flag to specify that it's ok to wait for space in the
extent: EX_WAITSPACE.
- Blow away an unnecessary splhigh()/splx().
- Put a bunch of sanity code inside #ifdef DIAGNOSTIC/#endif.
- Fix up usage of MBD_ISPID(). (from Jason Thorpe)
- Be careful not to deref bad pointers in the MMU fault handler. (ditto)
- Ensure trap() never deals with a NULL proc, and if our proc has
no pcb, punt. (Suggested by Gordon Ross)
- Initialize proc0.p_addr just after setting up the kernel stack, to avoid
getting NULL pointers in trap(). Change suggested by Gordon Ross.
- Panic if main() returns.
prototypes, and suppress a bogus "might be used uninitialized" warning.
It's clear from reading the logic of the function that produces the
warning that the variable will not be used uninitialized, but the
compiler just isn't smart enough, I guess. Marked XXX for future reference.
create an assembly label, and SYSCALLNUM to convert a syscall name into
the macro that's defined to be its number. Add a CALLSYS_NOERROR macro
which invokes the named system call. (CALLSYS_NOERROR is here since
it's used in locore, for sigcode.)
