ensure it fits in the actual array. fixes N64 binaries from
triggering later panic. move the panic check itself into a
common function that is called from a couple of new places too.
re-mapping a VA to a new PA the old mapping is removed first. This means
the cache alias code need to do less work and works better with the last
va tracking.
by range_test. This fixes msync, mlock and munlock, which all return EINVAL
instead of ENOMEM if the address is not in the va space.
It should also fix the recent ATF failures.
zero is hugely flawed. It is easy to demonstrate that one can trick UVM
into chosing a NULL hint after the user_va0_disable check from uvm_map.
Such a bypass allows kernel NULL pointer dereferences to be exploitable on
architectures with a shared userland<->kernel VA, like amd64.
Fix this by increasing the limit of the vm space made available for
userland processes. This way, UVM will never chose a NULL hint, since it
would be outside of the vm space.
The user_va0_disable sysctl still controls this feature.
UVM_KMF_PAGEABLE is also given as argument, only the VA is allocated and
UVM waits for the page to fault before kentering it. When kentering it, it
will use the UVM_PROT_ flag that was passed to uvm_map; which means that it
will kenter it as RWX.
With this change, the number of RWX pages in the amd64 kernel reaches
strictly zero.
mprotect settings so that debuggers can write to the text segment of traced
processes so that they can insert breakpoints. Turned off by default.
Ok: chuq (for now)
KASSERT() that we don't.
When calculating the load address for the interpreter (e.g. ld.elf_so),
we need to take into account wether the exec'd process will run with
topdown memory or bottom up. We can not use the current vmspace's flags
to test for that, as this happens too early. Luckily the execpack already
knows what the new state will be later, so instead of testing the current
vmspace, pass the info as additional argument to struct emul
e_vm_default_addr.
Fix all such functions and adopt all callers.
we can correctly clean up on process exit or fork.
Without this, firefox attaches to a shared memory segment but doesn't
detach before exit. Thus once firefox causes an autoload for sysv_ipc
it cannot be unloaded since the segment still retains references.
