and make the stack and heap non-executable by default. the changes
fall into two basic catagories:
- pmap and trap-handler changes. these are all MD:
= alpha: we already track per-page execute permission with the (software)
PG_EXEC bit, so just have the trap handler pay attention to it.
= i386: use a new GDT segment for %cs for processes that have no
executable mappings above a certain threshold (currently the
bottom of the stack). track per-page execute permission with
the last unused PTE bit.
= powerpc/ibm4xx: just use the hardware exec bit.
= powerpc/oea: we already track per-page exec bits, but the hardware only
implements non-exec mappings at the segment level. so track the
number of executable mappings in each segment and turn on the no-exec
segment bit iff the count is 0. adjust the trap handler to deal.
= sparc (sun4m): fix our use of the hardware protection bits.
fix the trap handler to recognize text faults.
= sparc64: split the existing unified TSB into data and instruction TSBs,
and only load TTEs into the appropriate TSB(s) for the permissions.
fix the trap handler to check for execute permission.
= not yet implemented: amd64, hppa, sh5
- changes in all the emulations that put a signal trampoline on the stack.
instead, we now put the trampoline into a uvm_aobj and map that into
the process separately.
originally from openbsd, adapted for netbsd by me.
as argument passed by value' trick, as gcc 3.3.x makes (valid) assumptions
about the stack that will not be true. Costs 2 instructions per trap/syscall
on i386, 4 per interrupt for MP. One instruction per trap/syscall on amd64,
2 per interrupt for MP. I expect gcc 3.3.1 to make up for this by better
optimization (it'd better..)
While here, make amd64 compile again by using subr_mbr_disk.c
(previously 'GLptr' was used as mask.)
this long standing bug seems to be uncovered by
my previous change(rev.1.2) on some machines.
PR/22457 from Matthias Scheler, and tested by him.
I doubt it makes much sense to use the VM's stack for this, but the
old code was doubtless wrong because it potentially overwrote random
user memory.
(It might be a good idea to use the process' pre-vm86()-call stack,
but atm the infrastructure for this is missing.)
destroy %dl (drive number) across the 'disk reset' command.
Preserve %dl across that call and all registers across the disk reads.
Reorder the code to remove some long conditional jumps to save space.
esiop has been tested enouth now.
esiop not added to INSTALL kernels because of possible space constraint.
siop should be able to drive all adapters supported by esiop.
when loading from CDROM. Change so we don't care what %cs is.
Adjust code layout so that anyone who feels so inclinded can use this for
the mbr code. Note that mbr slot 0 overlays a data area that must be zero
when this is read from the pbr.
fvdl