Date: Sun, 30 Jun 1996 19:17:52 +0200 (MET DST) From: Juergen Lock <nox@jelal.hb.north.de> To: stable@freebsd.org Subject: misc things possibly worth merging? Message-ID: <199606301717.TAA03820@saturn.hb.north.de>
next in thread | raw e-mail | index | archive | help
This is from a cvs diff -u -rRELENG_2_1_0 which i just looked thru:
(I guess there are many more little things of this kind... :)
Index: src/gnu/usr.bin/ld/rrs.c
===================================================================
RCS file: /home/cvs/cvs/src/gnu/usr.bin/ld/rrs.c,v
retrieving revision 1.14
diff -u -r1.14 rrs.c
--- rrs.c 1995/03/04 17:46:09 1.14
+++ rrs.c 1996/05/28 01:33:30
@@ -1185,6 +1185,7 @@
sodp[i].sod_library = 1;
} else
sodp[i].sod_library = 0;
+ sodp[i].sod_reserved = 0;
pos += 1 + strlen(name);
sodp[i].sod_next = (i == number_of_shobjs - 1) ? 0 :
(thats from: revision 1.15
date: 1996/05/27 18:06:02; author: jdp; state: Exp; lines: +2 -1
Zero out an unused field in a structure that is written to the output
file. The field formerly contained random garbage, leading to spurious
differences between otherwise identical executables and libraries.)
Index: src/sys/ddb/db_ps.c
===================================================================
RCS file: /home/cvs/cvs/src/sys/ddb/db_ps.c,v
retrieving revision 1.6.4.2
diff -u -r1.6.4.2 db_ps.c
--- db_ps.c 1995/09/12 04:21:43 1.6.4.2
+++ db_ps.c 1996/06/15 10:39:48
@@ -82,6 +82,10 @@
return;
}
}
+ if (p == NULL) {
+ printf("oops, ran out of processes early!\n");
+ break;
+ }
pp = p->p_pptr;
if (pp == NULL)
pp = p;
(from: revision 1.12
date: 1996/06/15 07:08:02; author: peter; state: Exp; lines: +5 -1
A small bit of defensive programming in case the panic is during process
exit and cleanup. the 'ps' command assumes that there are always 'nproc'
processes on the lists and will walk off the end without checking if not,
causing ddb to trap during the 'ps' command.
)
i have not yet had such a panic, just looked useful when i saw it...
Index: src/usr.sbin/lpr/lpd/printjob.c
===================================================================
RCS file: /home/cvs/cvs/src/usr.sbin/lpr/lpd/printjob.c,v
retrieving revision 1.4.4.2
diff -u -r1.4.4.2 printjob.c
--- printjob.c 1995/10/06 10:30:44 1.4.4.2
+++ printjob.c 1996/06/11 10:21:34
@@ -622,6 +622,13 @@
printer, format);
return(ERROR);
}
+ if (prog == NULL) {
+ (void) close(fi);
+ syslog(LOG_ERR,
+ "%s: no filter found in printcap for format character '%c'",
+ printer, format);
+ return(ERROR);
+ }
if ((av[0] = rindex(prog, '/')) != NULL)
av[0]++;
else
(from: revision 1.8
date: 1996/05/05 22:40:48; author: joerg; state: Exp; lines: +173 -75
Pull a bunch of fixes from the 4.4BSD-Lite2 branch. It's really
surprising how many trivial errors there have been... :-)
Some more cleanup is needed, but i'd like to separate the Lite2 changes
from other work, that's why this goes into a different commit.
People with serial printers should see whether i have broken the stty-
style printcap options (i hope not).
Inspired by: Sergey Shkonda <serg@bcs1.bcs.zaporizhzhe.ua>
)
this was after a lpr -dlqhi (which should have been lpr -P..
as you can guess) got me messages of coredumping lpd processes :)
(haven't looked at the other fixes in that commit, i guess many
of them could also go in?)
and finally some USER_LDT fixes from current, they make wine
work at least a little better.
just in case someone still finds the time and look at this...
Juergen
Index: src/sys/i386/i386/machdep.c
===================================================================
RCS file: /home/cvs/cvs/src/sys/i386/i386/machdep.c,v
retrieving revision 1.128.4.8
diff -u -r1.128.4.8 machdep.c
--- machdep.c 1996/06/25 20:19:29 1.128.4.8
+++ machdep.c 1996/06/26 19:44:34
@@ -1003,6 +1003,19 @@
{
int *regs = p->p_md.md_regs;
+#ifdef USER_LDT
+ struct pcb *pcb = &p->p_addr->u_pcb;
+
+ /* was i386_user_cleanup() in NetBSD */
+ if (pcb->pcb_ldt) {
+ if (pcb == curpcb)
+ lldt(GSEL(GUSERLDT_SEL, SEL_KPL));
+ kmem_free(kernel_map, (vm_offset_t)pcb->pcb_ldt,
+ pcb->pcb_ldt_len * sizeof(union descriptor));
+ pcb->pcb_ldt_len = (int)pcb->pcb_ldt = 0;
+ }
+#endif
+
bzero(regs, sizeof(struct trapframe));
regs[tEIP] = entry;
regs[tESP] = stack;
Index: src/sys/i386/i386/sys_machdep.c
===================================================================
RCS file: /home/cvs/cvs/src/sys/i386/i386/sys_machdep.c,v
retrieving revision 1.9
diff -u -r1.9 sys_machdep.c
--- sys_machdep.c 1995/05/30 07:59:40 1.9
+++ sys_machdep.c 1996/04/30 19:22:55
@@ -45,6 +45,13 @@
#include <vm/vm_kern.h> /* for kernel_map */
+#define MAX_LD 8192
+#define LD_PER_PAGE 512
+#define NEW_MAX_LD(num) ((num + LD_PER_PAGE) & ~(LD_PER_PAGE-1))
+#define SIZE_FROM_LARGEST_LD(num) (NEW_MAX_LD(num) << 3)
+
+
+
void set_user_ldt __P((struct pcb *pcb));
int i386_get_ldt __P((struct proc *, char *, int *));
int i386_set_ldt __P((struct proc *, char *, int *));
@@ -80,6 +87,10 @@
}
#ifdef USER_LDT
+/*
+ * Update the GDT entry pointing to the LDT to point to the LDT of the
+ * current process.
+ */
void
set_user_ldt(struct pcb *pcb)
{
@@ -107,17 +118,19 @@
int nldt, num;
union descriptor *lp;
int s;
- struct i386_get_ldt_args ua, *uap;
+ struct i386_get_ldt_args ua;
+ struct i386_get_ldt_args *uap = &ua;
- if ((error = copyin(args, &ua, sizeof(struct i386_get_ldt_args))) < 0)
+ if ((error = copyin(args, uap, sizeof(struct i386_get_ldt_args))) < 0)
return(error);
- uap = &ua;
#ifdef DEBUG
- printf("i386_get_ldt: start=%d num=%d descs=%x\n", uap->start, uap->num, uap->desc);
+ printf("i386_get_ldt: start=%d num=%d descs=%x\n", uap->start,
+ uap->num, uap->desc);
#endif
- if (uap->start < 0 || uap->num < 0)
+ /* verify range of LDTs exist */
+ if ((uap->start < 0) || (uap->num <= 0))
return(EINVAL);
s = splhigh();
@@ -157,7 +170,9 @@
int *retval;
{
int error = 0, i, n;
+ int largest_ld;
struct pcb *pcb = &p->p_addr->u_pcb;
+ union descriptor desc;
union descriptor *lp;
int s;
struct i386_set_ldt_args ua, *uap;
@@ -171,25 +186,36 @@
printf("i386_set_ldt: start=%d num=%d descs=%x\n", uap->start, uap->num, uap->desc);
#endif
- if (uap->start < 0 || uap->num < 0)
- return(EINVAL);
-
- /* XXX Should be 8192 ! */
- if (uap->start > 512 ||
- (uap->start + uap->num) > 512)
- return(EINVAL);
-
- /* allocate user ldt */
- if (!pcb->pcb_ldt) {
- union descriptor *new_ldt =
- (union descriptor *)kmem_alloc(kernel_map, 512*sizeof(union descriptor));
- bcopy(ldt, new_ldt, sizeof(ldt));
- pcb->pcb_ldt = (caddr_t)new_ldt;
- pcb->pcb_ldt_len = 512; /* XXX need to grow */
-#ifdef DEBUG
- printf("i386_set_ldt(%d): new_ldt=%x\n", p->p_pid, new_ldt);
-#endif
- }
+ /* verify range of descriptors to modify */
+ if ((uap->start < NLDT) || (uap->start >= MAX_LD) || (uap->num < 0) ||
+ (uap->num > MAX_LD))
+ {
+ return(EINVAL);
+ }
+ largest_ld = uap->start + uap->num - 1;
+ if (largest_ld >= MAX_LD)
+ return(EINVAL);
+
+ /* allocate user ldt */
+ if (!pcb->pcb_ldt || (largest_ld >= pcb->pcb_ldt_len)) {
+ union descriptor *new_ldt = (union descriptor *)kmem_alloc(
+ kernel_map, SIZE_FROM_LARGEST_LD(largest_ld));
+ if (new_ldt == NULL) {
+ return ENOMEM;
+ }
+ if (pcb->pcb_ldt) {
+ bcopy(pcb->pcb_ldt, new_ldt, pcb->pcb_ldt_len
+ * sizeof(union descriptor));
+ kmem_free(kernel_map, (vm_offset_t)pcb->pcb_ldt,
+ pcb->pcb_ldt_len * sizeof(union descriptor));
+ } else {
+ bcopy(ldt, new_ldt, sizeof(ldt));
+ }
+ pcb->pcb_ldt = (caddr_t)new_ldt;
+ pcb->pcb_ldt_len = NEW_MAX_LD(largest_ld);
+ if (pcb == curpcb)
+ set_user_ldt(pcb);
+ }
/* Check descriptors for access violations */
for (i = 0, n = uap->start; i < uap->num; i++, n++) {
@@ -199,63 +225,71 @@
if (error)
return(error);
- /* Only user (ring-3) descriptors */
- if (desc.sd.sd_dpl != SEL_UPL)
- return(EACCES);
-
- /* Must be "present" */
- if (desc.sd.sd_p == 0)
- return(EACCES);
-
switch (desc.sd.sd_type) {
- case SDT_SYSNULL:
- case SDT_SYS286CGT:
- case SDT_SYS386CGT:
- break;
- case SDT_MEMRO:
- case SDT_MEMROA:
- case SDT_MEMRW:
- case SDT_MEMRWA:
- case SDT_MEMROD:
- case SDT_MEMRODA:
- case SDT_MEME:
- case SDT_MEMEA:
- case SDT_MEMER:
- case SDT_MEMERA:
- case SDT_MEMEC:
- case SDT_MEMEAC:
- case SDT_MEMERC:
- case SDT_MEMERAC: {
-#if 0
- unsigned long base = (desc.sd.sd_hibase << 24)&0xFF000000;
- base |= (desc.sd.sd_lobase&0x00FFFFFF);
- if (base >= KERNBASE)
- return(EACCES);
-#endif
+ case SDT_SYSNULL: /* system null */
+ desc.sd.sd_p = 0;
+ break;
+ case SDT_SYS286TSS: /* system 286 TSS available */
+ case SDT_SYSLDT: /* system local descriptor table */
+ case SDT_SYS286BSY: /* system 286 TSS busy */
+ case SDT_SYSTASKGT: /* system task gate */
+ case SDT_SYS286IGT: /* system 286 interrupt gate */
+ case SDT_SYS286TGT: /* system 286 trap gate */
+ case SDT_SYSNULL2: /* undefined by Intel */
+ case SDT_SYS386TSS: /* system 386 TSS available */
+ case SDT_SYSNULL3: /* undefined by Intel */
+ case SDT_SYS386BSY: /* system 386 TSS busy */
+ case SDT_SYSNULL4: /* undefined by Intel */
+ case SDT_SYS386IGT: /* system 386 interrupt gate */
+ case SDT_SYS386TGT: /* system 386 trap gate */
+ case SDT_SYS286CGT: /* system 286 call gate */
+ case SDT_SYS386CGT: /* system 386 call gate */
+ /* I can't think of any reason to allow a user proc
+ * to create a segment of these types. They are
+ * for OS use only.
+ */
+ return EACCES;
+
+ /* memory segment types */
+ case SDT_MEMEC: /* memory execute only conforming */
+ case SDT_MEMEAC: /* memory execute only accessed conforming */
+ case SDT_MEMERC: /* memory execute read conforming */
+ case SDT_MEMERAC: /* memory execute read accessed conforming */
+ /* Must be "present" if executable and conforming. */
+ if (desc.sd.sd_p == 0)
+ return (EACCES);
+ break;
+ case SDT_MEMRO: /* memory read only */
+ case SDT_MEMROA: /* memory read only accessed */
+ case SDT_MEMRW: /* memory read write */
+ case SDT_MEMRWA: /* memory read write accessed */
+ case SDT_MEMROD: /* memory read only expand dwn limit */
+ case SDT_MEMRODA: /* memory read only expand dwn lim accessed */
+ case SDT_MEMRWD: /* memory read write expand dwn limit */
+ case SDT_MEMRWDA: /* memory read write expand dwn lim acessed */
+ case SDT_MEME: /* memory execute only */
+ case SDT_MEMEA: /* memory execute only accessed */
+ case SDT_MEMER: /* memory execute read */
+ case SDT_MEMERA: /* memory execute read accessed */
break;
- }
default:
- return(EACCES);
+ return(EINVAL);
/*NOTREACHED*/
}
+
+ /* Only user (ring-3) descriptors may be present. */
+ if ((desc.sd.sd_p != 0) && (desc.sd.sd_dpl != SEL_UPL))
+ return (EACCES);
}
s = splhigh();
/* Fill in range */
- for (i = 0, n = uap->start; i < uap->num && !error; i++, n++) {
- union descriptor desc, *dp;
- dp = &uap->desc[i];
- lp = &((union descriptor *)(pcb->pcb_ldt))[n];
-#ifdef DEBUG
- printf("i386_set_ldt(%d): ldtp=%x\n", p->p_pid, lp);
-#endif
- error = copyin(dp, lp, sizeof(union descriptor));
- }
- if (!error) {
- *retval = uap->start;
-/* need_resched(); */
- }
+ error = copyin(uap->desc,
+ &((union descriptor *)(pcb->pcb_ldt))[uap->start],
+ uap->num * sizeof(union descriptor));
+ if (!error)
+ *retval = uap->start;
splx(s);
return(error);
Index: src/sys/i386/i386/vm_machdep.c
===================================================================
RCS file: /home/cvs/cvs/src/sys/i386/i386/vm_machdep.c,v
retrieving revision 1.39.4.4
diff -u -r1.39.4.4 vm_machdep.c
--- vm_machdep.c 1996/06/20 08:08:29 1.39.4.4
+++ vm_machdep.c 1996/06/22 21:00:02
@@ -580,10 +580,23 @@
cpu_exit(p)
register struct proc *p;
{
+#ifdef USER_LDT
+ struct pcb *pcb;
+#endif
#if NNPX > 0
npxexit(p);
#endif /* NNPX */
+#ifdef USER_LDT
+ pcb = &p->p_addr->u_pcb;
+ if (pcb->pcb_ldt != 0) {
+ if (pcb == curpcb)
+ lldt(GSEL(GUSERLDT_SEL, SEL_KPL));
+ kmem_free(kernel_map, (vm_offset_t)pcb->pcb_ldt,
+ pcb->pcb_ldt_len * sizeof(union descriptor));
+ pcb->pcb_ldt_len = (int)pcb->pcb_ldt = 0;
+ }
+#endif
cnt.v_swtch++;
cpu_switch(p);
panic("cpu_exit");
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606301717.TAA03820>