VM_PROT_READ|VM_PROT_EXECUTE. The previous default (VM_PROT_ALL)
would cause the following scenario:
- someone attempts to write kernel text (my test was writing
to an offset of /dev/kmem which was known to be in the text
segment, while in single-user mode).
- enter trap() with MMU fault (because of RO pte).
- trap() calls vm_fault(), which looks up vm_map_entry for
fauling address.
- vm_fault interprets write fault and VM_PROT_WRITE (in VM_PROT_ALL)
as COW; new page allocated, data copied to new page, new page
mapped in at trunc_page(<faulting va>).
- wow, look at the fireworks!
Fixes two potential symptoms:
- kernacc() returns TRUE when checking for permission to write
an offset in kernel text, which is bogus, since the text has
been mapped RO by pmap_bootstrap().
- Handling of a stray pointer that attempted to scribble into
kernel text would not be executed properly.
don't do this, kernacc() will bogusly return TRUE for page 0, causing a
NULL pointer dereference in uiomove() when reading /dev/kmem.
Thanks to Scott Reynolds for noticing the problem.
Still untested on -1260/-1230, and hangs when enforcing SFAS_NO_DMA on 2060;
but works with DMA on the latter.
Still untested in a NetBSD-12A environment. (Sorry, don't have the hardware
myself.)
Thanks to Laurent Baroukh for being the guinea pig, and to Jerome Lovy
for forwarding the hardware information Phase V gave him, and to Phase
V for providing it.
- Fix up usage of MBD_ISPID(). (from Jason Thorpe)
- Be careful not to deref bad pointers in the MMU fault handler. (ditto)
- Ensure trap() never deals with a NULL proc, and if our proc has
no pcb, punt. (Suggested by Gordon Ross)
- Initialize proc0.p_addr just after setting up the kernel stack, to avoid
getting NULL pointers in trap(). Change suggested by Gordon Ross.
- Panic if main() returns.
create an assembly label, and SYSCALLNUM to convert a syscall name into
the macro that's defined to be its number. Add a CALLSYS_NOERROR macro
which invokes the named system call. (CALLSYS_NOERROR is here since
it's used in locore, for sigcode.)
* kill scc_tty[] and needs-count.
* Add usable-when-cold version of sccparam().
* Add pre-autconf() console initialization entrypoint.
* remove lint for gcc -Wall
* wbflush() -> tc_mb()
all but the last of which have been fed through cgd and committed to the
Alpha scc driver.
