9554 Commits

Author SHA1 Message Date
Tim J. Robbins
a95edcba94 Fix a multitude of security bugs in the iBCS2 emulator:
- Return NULL instead of returning memory outside of the stackgap
  in stackgap_alloc() (FreeBSD-SA-00:42.linux)
- Check for stackgap_alloc() returning NULL in ibcs2_emul_find();
  other calls to stackgap_alloc() have not been changed since they
  are small fixed-size allocations.
- Replace use of strcpy() with strlcpy() in exec_coff_imgact()
  to avoid buffer overflow
- Use strlcat() instead of strcat() to avoid a one byte buffer
  overflow in ibcs2_setipdomainname()
- Use copyinstr() instead of copyin() in ibcs2_setipdomainname()
  to ensure that the string is null-terminated
- Avoid integer overflow in ibcs2_setgroups() and ibcs2_setgroups()
  by checking that gidsetsize argument is non-negative and
  no larger than NGROUPS_MAX.
- Range-check signal numbers in ibcs2_wait(), ibcs2_sigaction(),
  ibcs2_sigsys() and ibcs2_kill() to avoid accessing array past
  the end (or before the start)
2003-10-12 04:25:26 +00:00
Peter Wemm
c369afae3f Set page zero read/write right from the start rather than trying to
change it later on.
2003-10-10 23:35:15 +00:00
Peter Wemm
4dab350282 Move the pmap_kenter(KERNBASE, 0) a bit earlier so that it works for
the hasbrokenint12 tunable case too.  (with some related and unrelated
style fixes)

Submitted by:  bde
2003-10-10 17:43:42 +00:00
Robert Drehmel
ea924c4cd3 Implement preliminary support for the PT_SYSCALL command to ptrace(2). 2003-10-09 10:17:16 +00:00
Bruce M Simpson
2bc7dd5661 Move pmap_resident_count() from the MD pmap.h to the MI pmap.h.
Add a definition of pmap_wired_count().
Add a definition of vmspace_wired_count().

Reviewed by:	truckman
Discussed with:	peter
2003-10-06 01:47:12 +00:00
Alan Cox
ab87e2fb83 Don't bother setting a page table page's valid field. It is unused and
not setting it is consistent with other uses of VM_ALLOC_NOOBJ pages.
2003-10-05 00:12:16 +00:00
Peter Wemm
b63331a498 Fix the apm problem for real. We leave the first 4K page for the bios to
work in, but we had it mapped read-only.  While this has always been the
case, the PG_PS enable hack hid it and the apm bios code ended up taking
advantage of it.
2003-10-04 22:04:54 +00:00
Jeff Roberson
478042909d - The proper test is CPU_ENABLE_SSE and not CPU_ENABLED_SSE. This
effectively disabled the sse2_pagezero() code.

Spotted by:	bde
2003-10-04 13:07:53 +00:00
Peter Wemm
708b44ba6f Emulate bugs in the old PSE code so that apm works again.
I do not yet understand why, but apm *depended* on the fact that the old
PSE code caused the first 1MB of ram to be mapped read/write because it
was in the same 4MB page as the kernel text+data+bss blob.

If anybody ever tried DISABLE_PSE before, apm would not work.

If your cpu did not have PSE, apm would not work there either (eg: 486).

This bug has been around for a Very Long Time.

The Pentium-4-fix commits did not emulate this unintended side effect of
the PSE post-early-boot fixup, and thus apm blew up.  I've added a hack to
emulate the bug until either apm is fixed or we set fire to our bridges.

This is bad though because it gives kernel mode code the opportunity
to accidently write to the first few megs of the general page pool
which is remapped at KERNBASE.  It needs to be fixed properly.
2003-10-04 06:30:56 +00:00
Alan Cox
566526a957 Migrate pmap_prefault() into the machine-independent virtual memory layer.
A small helper function pmap_is_prefaultable() is added.  This function
encapsulate the few lines of pmap_prefault() that actually vary from
machine to machine.  Note: pmap_is_prefaultable() and pmap_mincore() have
much in common.  Going forward, it's worth considering their merger.
2003-10-03 22:46:53 +00:00
Peter Wemm
cd349af148 Add #include "opt_pmap.h" so locore picks up DISABLE_PSE etc options. 2003-10-03 14:33:00 +00:00
Peter Wemm
6ccf265bb0 Commit Bosko's patch to clean up the PSE/PG_G initialization to and
avoid problems with some Pentium 4 cpus and some older PPro/Pentium2
cpus.  There are several problems, some documented in Intel errata.
This patch:
1) moves the kernel to the second page in the PSE case.  There is an
errata that says that you Must Not point a 4MB page at physical
address zero on older cpus.  We avoided bugs here due to sheer luck.
2) sets up PSE page tables right from the start in locore, rather than
trying to switch from 4K to 4M (or 2M) pages part way through the boot
sequence at the same time that we're messing with PG_G.

For some reason, the pmap work over the last 18 months seems to tickle
the problems, and the PAE infrastructure changes disturb the cpu
bugs even more.

A couple of people have reported a problem with APM bios calls during
boot.  I'll work with people to get this resolved.

Obtained from:	bmilekic
2003-10-01 23:46:08 +00:00
Jeff Roberson
460c513686 - Add a memory barrier before the sse2_pagezero() function returns. This
code uses write combining which must be committed to memory prior to
   other uses of this page.

Spotted by:	alc
2003-10-01 08:52:46 +00:00
Jeff Roberson
1419773de3 - Hide more #ifdef logic in a new invlcaddr inline. This function flushes
the full tlb if you're on an I386or does an invlpg otherwise.

Glanced at by:	peter
2003-10-01 05:56:46 +00:00
Jeff Roberson
043407f803 - Define an inline pagezero() to select the appropriate full-page zeroing
function from one of bzero, i686_pagezero, or sse2_pagezero.
 - Use pagezero() in the three pmap functions that need to zero full pages.
2003-10-01 05:42:58 +00:00
Jeff Roberson
977f9ab515 - Add ss2_pagezero() for zeroing pages using the movnti instruction. This
instruction is enabled with SSE2 but does not use SSE registers.  It is a
   "non-temporal" move which bypasses the cache and does not dirty lines.
2003-10-01 05:25:27 +00:00
Jeff Roberson
fb9bde2d2b - Correct a problem with the last commit. The CMAP ptes need to be zeroed
prior to invalidating the TLB to be certain that the processor doesn't
   keep a cached copy.

Discussed with:	pete
Paniced:	tegge
Pointy Hat:	The usual spot
2003-10-01 00:27:09 +00:00
Jeff Roberson
fa3f9daae5 - On my Pentium4-M laptop, invalpg takes ~1100 cycles if the page is found in
the TLB and ~1600 if it is not.  Therefore, it is more effecient to
   invalidate the TLB after operations that use CMAP rather than before.
 - So that the tlb is invalidated prior to switching off of a processor, we
   must change the switchin functions to switchout functions.
 - Remove td_switchout from the thread and move it to the x86 pcb.
 - Move the code that calls switchout into swtch.s.  These changes make this
   optimization truely x86 specific.
2003-09-30 08:11:36 +00:00
Jeff Roberson
f75766288d - Correct a typo in a comment. 2003-09-30 04:51:12 +00:00
Bruce Evans
fa2e26c437 MFsio (sio.c 1.413: cleaned up and fixed setting of speeds in comparam()).
This is just a cleanup here (modulo rev.1.108 of kern/tty.c), since the
input speed can be different from to output speed and extra code to
handle both speeds naturally handled all cases.
2003-09-27 12:40:23 +00:00
Poul-Henning Kamp
70cd771337 The present defaults for the open and close for device drivers which
provide no methods does not make any sense, and is not used by any
driver.

It is a pretty hard to come up with even a theoretical concept of
a device driver which would always fail open and close with ENODEV.

Change the defaults to be nullopen() and nullclose() which simply
does nothing.

Remove explicit initializations to these from the drivers which
already used them.
2003-09-27 12:01:01 +00:00
Bruce Evans
7872ac5542 Quick fix for bitrot in locking in the SMP case. cd_getreg() and
cd_setreg() were still using !(read_eflags() & PSL_I) as the condition
for the lock hidden by COM_LOCK() (if any) being held.  This worked
when spin mutexes and/or critical_enter() used hard interrupt disablement,
but it has caused recursion on the non-recursive mutex com_mtx since
all relevant interrupt disablement became soft.  The recursion is
harmless unless there are other bugs, but it breaks an invariant so
it is fatal if spinlocks are witnessed.
2003-09-27 10:30:03 +00:00
Alan Cox
4487ff65db Addendum to the previous revision: If vm_page_alloc() for the page
table page fails, perform a VM_WAIT; update some comments in
_pmap_allocpte().
2003-09-27 05:44:53 +00:00
Poul-Henning Kamp
3623186cbc Initialize cn_name, ignore cn_dev. 2003-09-26 08:51:54 +00:00
Alan Cox
f3fd831cdd - Eliminate the pte object.
- Use kmem_alloc_nofault() rather than kmem_alloc_pageable() to allocate
   KVA space for the page directory page(s).  Submitted by: tegge
2003-09-25 02:51:06 +00:00
Peter Wemm
c460ac3a00 Add sysentvec->sv_fixlimits() hook so that we can catch cases on 64 bit
systems where the data/stack/etc limits are too big for a 32 bit process.

Move the 5 or so identical instances of ELF_RTLD_ADDR() into imgact_elf.c.

Supply an ia32_fixlimits function.  Export the clip/default values to
sysctl under the compat.ia32 heirarchy.

Have mmap(0, ...) respect the current p->p_limits[RLIMIT_DATA].rlim_max
value rather than the sysctl tweakable variable.  This allows mmap to
place mappings at sensible locations when limits have been reduced.

Have the imgact_elf.c ld-elf.so.1 placement algorithm use the same
method as mmap(0, ...) now does.

Note that we cannot remove all references to the sysctl tweakable
maxdsiz etc variables because /etc/login.conf specifies a datasize
of 'unlimited'.  And that causes exec etc to fail since it can no
longer find space to mmap things.
2003-09-25 01:10:26 +00:00
Warner Losh
00dc18b5a8 Per TRB vote: restore the aquire_timer0 and associated goo. This will
be gone in FreeBSD 6, so put BURN_BRIDGES around it.  The TRB also
felt that if something better comes along sooner, it can be used to
replace this code.

Delayed by: BSDcon and subsequent disk crash.
2003-09-24 15:33:33 +00:00
Yoshihiro Takahashi
33e38a2cc8 Implement the bus_space_map() function to allocate resources and initialize
a bus_handle, but currently it does only initializing a bus_handle.
2003-09-23 08:22:34 +00:00
Peter Wemm
795a3f5279 Microoptimization to allow the compiler to evaluate ntohl() etc on
known constants at compile time rather than at run time.  We have a number
of nasty hacks around the place to cache ntohl() of constants (eg: nfs).
This change allows the compiler to compile-time evaluate ntohl(1) as
0x01000000 rather than having to emit assembler code to do it.  This
has other smaller flow-on effects because the compiler can see that
ntohl(constant) itself has a constant value now and can propagate the
compile time evaluation.

Obtained from:  Ideas from NetBSD and Linux, and some code from NetBSD
2003-09-22 21:46:47 +00:00
Alan Cox
be19fdd17e Allocate the page table directory page(s) as "no object" pages. (This
leaves one explicit use of the pte object.)
2003-09-21 21:36:13 +00:00
Alan Cox
f8363bdee9 Reimplement pmap_release() such that it uses the page table rather than the
pte object to locate the page table directory pages.  (This is another step
toward the elimination of the pte object.)
2003-09-20 23:54:36 +00:00
Joerg Wunsch
9678710b1f Mention the puc(4) glue driver in a commented-out example so the user
of "dumb" PCI-based serial/parallel boards get a hint how to enable
them.

I wasn't sure about the ia64, pc98, powerpc, and sparc64 archs whether
they'd support puc(4) or not.
2003-09-19 20:04:55 +00:00
Sam Leffler
f4659f863c add Atheros driver 2003-09-19 01:42:24 +00:00
John Baldwin
eb975edd06 Fix a busted constant related to PCI configuration acess method #1. The
reserved bits in the port that must be zero are 24:30, not 20:30.  Bits
16:23 are used to set the bus number.  This meant that when we tested for
config mechanism #1, if the previous PCI configuration transaction sent
used a bus number greater than 15, one of the bits in 20:23 would be
non-zero and we would fail to use config mechanism #1 and thus fail to see
that PCI existed on the machine at all.

Obtained from:	Shanley's PCI System Architecture book
Tested by:	des
Proxied through:	njl
2003-09-18 17:00:03 +00:00
Bruce Evans
b6fab1eae2 Don't forget to reenable interrupts after a breakpoint and trace traps from
user mode.  This goes with rev.1.468 of machdep.c which changed the gates
for these traps to interrupt gates.  Having the interrupts disabled for
these traps from user mode is just an unwanted side effect.

This fixes at least 1 case of "panic: absolutely cannot call
smp_ipi_shootdown with interrupts already disabled".  Too much code was
run with interrupts disabled, and it sometimes hit a sanity check.

Fix verified by:	deischen
2003-09-18 07:01:30 +00:00
Mitsuru IWASAKI
d099a9d164 Add final adjustment code of battery status based on the battery capacity
rather than returning unknown status.
2003-09-17 08:47:39 +00:00
Alan Cox
6d66d714c7 Simplify (and micro-optimize) pmap_unuse_pt(): Only one caller,
pmap_remove_pte(), passed NULL instead of the required page table
page to pmap_unuse_pt().  Compute the necessary page table page
in pmap_remove_pte().  Also, remove some unreachable code from
pmap_remove_pte().
2003-09-13 21:57:38 +00:00
Alan Cox
b9850eb224 Add a new parameter to pmap_extract_and_hold() that is needed to eliminate
Giant from vmapbuf().

Idea from:	tegge
2003-09-12 07:07:49 +00:00
David E. O'Brien
3fc40c2484 Sort 'bge' correctly. 2003-09-10 18:54:59 +00:00
John Baldwin
bbdaad6fee Whitespace. 2003-09-10 07:09:16 +00:00
John Baldwin
810cb9ef5e We represent PCI intpin's two different ways. One is the way that the
intpin register is expressed in hardware where 0 means none, 1 means INTA,
2 INTB, etc.  The other way is commonly used in loops where 0 means INTA,
1 means INTB, etc.  The matchpin argument to pci_cfgintr_search() is
supposed to be the first form, but we passsed in a loop index of the
second.  This fix adds one to the loop index to convert to the first form.

Reported by:	Pavlin Radoslavov <pavlin@icir.org>
2003-09-10 06:00:53 +00:00
John Baldwin
a7321ecb19 Finish an earlier commit:
Add a acpi_SetDefaultIntrModel() method to allow drivers to set the
interrupt model prior to the acpi0 device being probed and attached.
2003-09-10 05:29:30 +00:00
John Baldwin
a547af297d Remove an XXX comment by using the per CPU mask added after this comment
was added.
2003-09-10 01:36:48 +00:00
John Baldwin
4c93af3788 Add a acpi_SetDefaultIntrModel() method to allow drivers to set the
interrupt model prior to the acpi0 device being probed and attached.
2003-09-10 01:14:42 +00:00
John Baldwin
f03cb48d41 Fix a typo. 2003-09-10 01:11:58 +00:00
John Baldwin
674e1d4532 Add comments to the members of the timecounter struct similar to other
timecounters.
2003-09-10 01:10:24 +00:00
John Baldwin
0e85b19ba9 Add constants for entries in the IDT and use those instead of magic
numbers.
2003-09-10 01:07:04 +00:00
Bill Paul
b9f78d2b4a Add a device driver for the Broadcom BCM4401 ethernet controller,
written by Stuart Walsh and Duncan Barclay (with some kibbitzing by
me). I'm checking it in on Stuart's behalf.

The BCM4401 is built into several x86 laptop and desktop systems. For the
moment, I have only enabled it in the x86 kernel config because although
it's a PCI device, I haven't heard of any standalone NICs that use it. If
somebody knows of one, we can easily add it to the other arches.

This driver uses register/structure data gleaned from the Linux
driver released by Broadcom, but does not contain any of the code
from the Linux driver itself. It uses busdma.
2003-09-09 18:17:23 +00:00
Scott Long
5fdcb0a62e Re-arrange the raid section a small bit and put drivers into their proper
category.
2003-09-09 06:36:32 +00:00
Eric Anholt
a1810e1513 Hook the SiS DRM up to the build
Sponsored by:	LinuxFund
2003-09-09 00:29:02 +00:00