cf9b36ab1d
VM_PROT_READ|VM_PROT_EXECUTE. The previous default (VM_PROT_ALL) would cause the following scenario: - someone attempts to write kernel text (my test was writing to an offset of /dev/kmem which was known to be in the text segment, while in single-user mode). - enter trap() with MMU fault (because of RO pte). - trap() calls vm_fault(), which looks up vm_map_entry for fauling address. - vm_fault interprets write fault and VM_PROT_WRITE (in VM_PROT_ALL) as COW; new page allocated, data copied to new page, new page mapped in at trunc_page(<faulting va>). - wow, look at the fireworks! Fixes two potential symptoms: - kernacc() returns TRUE when checking for permission to write an offset in kernel text, which is bogus, since the text has been mapped RO by pmap_bootstrap(). - Handling of a stray pointer that attempted to scribble into kernel text would not be executed properly. |
||
---|---|---|
bin | ||
distrib | ||
etc | ||
games | ||
gnu | ||
include | ||
lib | ||
libexec | ||
regress | ||
sbin | ||
share | ||
sys | ||
usr.bin | ||
usr.sbin | ||
Makefile |