and make the stack and heap non-executable by default. the changes
fall into two basic catagories:
- pmap and trap-handler changes. these are all MD:
= alpha: we already track per-page execute permission with the (software)
PG_EXEC bit, so just have the trap handler pay attention to it.
= i386: use a new GDT segment for %cs for processes that have no
executable mappings above a certain threshold (currently the
bottom of the stack). track per-page execute permission with
the last unused PTE bit.
= powerpc/ibm4xx: just use the hardware exec bit.
= powerpc/oea: we already track per-page exec bits, but the hardware only
implements non-exec mappings at the segment level. so track the
number of executable mappings in each segment and turn on the no-exec
segment bit iff the count is 0. adjust the trap handler to deal.
= sparc (sun4m): fix our use of the hardware protection bits.
fix the trap handler to recognize text faults.
= sparc64: split the existing unified TSB into data and instruction TSBs,
and only load TTEs into the appropriate TSB(s) for the permissions.
fix the trap handler to check for execute permission.
= not yet implemented: amd64, hppa, sh5
- changes in all the emulations that put a signal trampoline on the stack.
instead, we now put the trampoline into a uvm_aobj and map that into
the process separately.
originally from openbsd, adapted for netbsd by me.
be inserted into ktrace records. The general change has been to replace
"struct proc *" with "struct lwp *" in various function prototypes, pass
the lwp through and use l_proc to get the process pointer when needed.
Bump the kernel rev up to 1.6V
We try to map the console framebuffer through wsdisplay. It seems to work,
but we still need to _see_ something.
XXX Framebuffer size discovery is borken.
+ In ioframebuffer and iohidsystem:
More methods and more debug for io_connect_method_*
+ A few new IOKit mach traps.
Peeking at Darwin's header files gives some ideas of what we are doing here.
We know understand most of the stuff called by XDarwin and WindowServer before
mapping the framebuffer.
return packet was wrong (port descriptor instead of VM area descriptor),
thus leading to SIGSEGV when calling IOKit's IOFBCreateSharedCursor().
Now this is fixed we can move forward again on graphic mode.
for the IOHIDSystem driver in Darwin. IOHIDSystem provides access
to user interface devices.
Communication between userspace and kernel is done through a shared
memory page. Our plan is to have a kernel thread waiting on wscons
events (for now it just does nothing), and have it feeding the
shared page.
the off_t argument, Darwin does not. In order to get the off_t argument
going through our syscall machinery, we declare it as two long arguments,
and we reassemble it in darwin_sys_lseek.
Darwin specific files. The handler does nothing yet.
This needs some improvement. Darwin attaches an IOHIDSystem device to
each human-interface device in the tree: mouse, keyboard, and a few others.
For now we only emulate one IOHIDSystem device.
send, send once, and dead names, not for port sets and receive rights.
This make vi and telnet able to work again.
Also removed the all process right list and its lock, which got useless. The
all process lock is replaced by a per process lock, located in struct
mach_emuldata.
Also one bug fix: we did not correctly called Mach hooks for struct emuldata
initialization and release for Darwin processes.
1) rights should be shared by the threads within a process. While it would
be easier to handle this with the struct proc/struct lwp split, we attempt to
do this now by sharing the right lists. Because each right holds a reference
to struct proc, this might cause some problems later.
2) in pthread_exit, really exit the thread. Also reintialize the righ tlist to
make sure we will not destroy the parent's right list
3) rights can hold multiple permissions on a port (ie: send and receive). Fix th
is.
4) first attempt on right carried by messages. We still have to do rights carrie
d in the message body (complex messages).
for forking the traditional UNIX init(8) and it does the Mach port naming
service. We need mach_init for the naming service, but unfortunately, it
will only act as such if its PID is 1. We introduce a sysctl
(emul.darwin.init_pid) to fool a given process into thinking its PID is 1.
That way we can get mach_init into behaving as the name server.
Typical use:
/sbin/sysctl -w emul.darwin.init_pid=$$ ; exec /emul/darwin/sbin/mach_init
two ways:
- the child gets its pid as retval[0] (userland stub will turn it into a 0),
retval[1] is 1 and it is 0 in the parent.
- in the child, the fork syscall is successful, hence we must skip the next
instruction.
compat/common, so that they can be shared by several emulations, and use
them for Darwin.
This removes the ugly dependance on FreeBSD freebsd_file.c for COMPAT_DARWIN
used to get and set the thread user value, which is an opaque pointer to
a per thread structure stored in userland. cthread_self() is used by Darwin
as an implementation for pthread_self(), which return the thread id.
We use the p_emuldata field of struct proc in order to keep track of the
thread user value. For now the value is per-process, but we will make it
per-thread when we will take care of threading.
While we are there, do some KNF
macho_hdr, argc, *argv, NULL, *envp, NULL, progname, NULL,
*progname, **argv, **envp
Where progname is a pointer to the program name as given in the first
argument to execve(), and macho_hdr a pointer to the Mach-O header at
the beginning of the executable file.
manu