9520 Commits

Author SHA1 Message Date
tjr
b952d3fda3 Fix a multitude of security bugs in the iBCS2 emulator:
- Return NULL instead of returning memory outside of the stackgap
  in stackgap_alloc() (FreeBSD-SA-00:42.linux)
- Check for stackgap_alloc() returning NULL in ibcs2_emul_find();
  other calls to stackgap_alloc() have not been changed since they
  are small fixed-size allocations.
- Replace use of strcpy() with strlcpy() in exec_coff_imgact()
  to avoid buffer overflow
- Use strlcat() instead of strcat() to avoid a one byte buffer
  overflow in ibcs2_setipdomainname()
- Use copyinstr() instead of copyin() in ibcs2_setipdomainname()
  to ensure that the string is null-terminated
- Avoid integer overflow in ibcs2_setgroups() and ibcs2_setgroups()
  by checking that gidsetsize argument is non-negative and
  no larger than NGROUPS_MAX.
- Range-check signal numbers in ibcs2_wait(), ibcs2_sigaction(),
  ibcs2_sigsys() and ibcs2_kill() to avoid accessing array past
  the end (or before the start)
2003-10-12 04:25:26 +00:00
peter
7c3bdb09ce Set page zero read/write right from the start rather than trying to
change it later on.
2003-10-10 23:35:15 +00:00
peter
726f9463d0 Move the pmap_kenter(KERNBASE, 0) a bit earlier so that it works for
the hasbrokenint12 tunable case too.  (with some related and unrelated
style fixes)

Submitted by:  bde
2003-10-10 17:43:42 +00:00
robert
8519aa2ff0 Implement preliminary support for the PT_SYSCALL command to ptrace(2). 2003-10-09 10:17:16 +00:00
bms
d8d01a1fa7 Move pmap_resident_count() from the MD pmap.h to the MI pmap.h.
Add a definition of pmap_wired_count().
Add a definition of vmspace_wired_count().

Reviewed by:	truckman
Discussed with:	peter
2003-10-06 01:47:12 +00:00
alc
7e17f7f78e Don't bother setting a page table page's valid field. It is unused and
not setting it is consistent with other uses of VM_ALLOC_NOOBJ pages.
2003-10-05 00:12:16 +00:00
peter
6e1ae7d559 Fix the apm problem for real. We leave the first 4K page for the bios to
work in, but we had it mapped read-only.  While this has always been the
case, the PG_PS enable hack hid it and the apm bios code ended up taking
advantage of it.
2003-10-04 22:04:54 +00:00
jeff
ad0c897bd5 - The proper test is CPU_ENABLE_SSE and not CPU_ENABLED_SSE. This
effectively disabled the sse2_pagezero() code.

Spotted by:	bde
2003-10-04 13:07:53 +00:00
peter
ac3fcecc22 Emulate bugs in the old PSE code so that apm works again.
I do not yet understand why, but apm *depended* on the fact that the old
PSE code caused the first 1MB of ram to be mapped read/write because it
was in the same 4MB page as the kernel text+data+bss blob.

If anybody ever tried DISABLE_PSE before, apm would not work.

If your cpu did not have PSE, apm would not work there either (eg: 486).

This bug has been around for a Very Long Time.

The Pentium-4-fix commits did not emulate this unintended side effect of
the PSE post-early-boot fixup, and thus apm blew up.  I've added a hack to
emulate the bug until either apm is fixed or we set fire to our bridges.

This is bad though because it gives kernel mode code the opportunity
to accidently write to the first few megs of the general page pool
which is remapped at KERNBASE.  It needs to be fixed properly.
2003-10-04 06:30:56 +00:00
alc
b1691aebe4 Migrate pmap_prefault() into the machine-independent virtual memory layer.
A small helper function pmap_is_prefaultable() is added.  This function
encapsulate the few lines of pmap_prefault() that actually vary from
machine to machine.  Note: pmap_is_prefaultable() and pmap_mincore() have
much in common.  Going forward, it's worth considering their merger.
2003-10-03 22:46:53 +00:00
peter
b5f544f08b Add #include "opt_pmap.h" so locore picks up DISABLE_PSE etc options. 2003-10-03 14:33:00 +00:00
peter
b9ef48a8b5 Commit Bosko's patch to clean up the PSE/PG_G initialization to and
avoid problems with some Pentium 4 cpus and some older PPro/Pentium2
cpus.  There are several problems, some documented in Intel errata.
This patch:
1) moves the kernel to the second page in the PSE case.  There is an
errata that says that you Must Not point a 4MB page at physical
address zero on older cpus.  We avoided bugs here due to sheer luck.
2) sets up PSE page tables right from the start in locore, rather than
trying to switch from 4K to 4M (or 2M) pages part way through the boot
sequence at the same time that we're messing with PG_G.

For some reason, the pmap work over the last 18 months seems to tickle
the problems, and the PAE infrastructure changes disturb the cpu
bugs even more.

A couple of people have reported a problem with APM bios calls during
boot.  I'll work with people to get this resolved.

Obtained from:	bmilekic
2003-10-01 23:46:08 +00:00
jeff
346aa00460 - Add a memory barrier before the sse2_pagezero() function returns. This
code uses write combining which must be committed to memory prior to
   other uses of this page.

Spotted by:	alc
2003-10-01 08:52:46 +00:00
jeff
d259685f66 - Hide more #ifdef logic in a new invlcaddr inline. This function flushes
the full tlb if you're on an I386or does an invlpg otherwise.

Glanced at by:	peter
2003-10-01 05:56:46 +00:00
jeff
8155be3845 - Define an inline pagezero() to select the appropriate full-page zeroing
function from one of bzero, i686_pagezero, or sse2_pagezero.
 - Use pagezero() in the three pmap functions that need to zero full pages.
2003-10-01 05:42:58 +00:00
jeff
44e39f9ee3 - Add ss2_pagezero() for zeroing pages using the movnti instruction. This
instruction is enabled with SSE2 but does not use SSE registers.  It is a
   "non-temporal" move which bypasses the cache and does not dirty lines.
2003-10-01 05:25:27 +00:00
jeff
8ad009c95e - Correct a problem with the last commit. The CMAP ptes need to be zeroed
prior to invalidating the TLB to be certain that the processor doesn't
   keep a cached copy.

Discussed with:	pete
Paniced:	tegge
Pointy Hat:	The usual spot
2003-10-01 00:27:09 +00:00
jeff
db2419a0a1 - On my Pentium4-M laptop, invalpg takes ~1100 cycles if the page is found in
the TLB and ~1600 if it is not.  Therefore, it is more effecient to
   invalidate the TLB after operations that use CMAP rather than before.
 - So that the tlb is invalidated prior to switching off of a processor, we
   must change the switchin functions to switchout functions.
 - Remove td_switchout from the thread and move it to the x86 pcb.
 - Move the code that calls switchout into swtch.s.  These changes make this
   optimization truely x86 specific.
2003-09-30 08:11:36 +00:00
jeff
e1acf16c04 - Correct a typo in a comment. 2003-09-30 04:51:12 +00:00
bde
dbd9fee48d MFsio (sio.c 1.413: cleaned up and fixed setting of speeds in comparam()).
This is just a cleanup here (modulo rev.1.108 of kern/tty.c), since the
input speed can be different from to output speed and extra code to
handle both speeds naturally handled all cases.
2003-09-27 12:40:23 +00:00
phk
7099deadda The present defaults for the open and close for device drivers which
provide no methods does not make any sense, and is not used by any
driver.

It is a pretty hard to come up with even a theoretical concept of
a device driver which would always fail open and close with ENODEV.

Change the defaults to be nullopen() and nullclose() which simply
does nothing.

Remove explicit initializations to these from the drivers which
already used them.
2003-09-27 12:01:01 +00:00
bde
6d69006c55 Quick fix for bitrot in locking in the SMP case. cd_getreg() and
cd_setreg() were still using !(read_eflags() & PSL_I) as the condition
for the lock hidden by COM_LOCK() (if any) being held.  This worked
when spin mutexes and/or critical_enter() used hard interrupt disablement,
but it has caused recursion on the non-recursive mutex com_mtx since
all relevant interrupt disablement became soft.  The recursion is
harmless unless there are other bugs, but it breaks an invariant so
it is fatal if spinlocks are witnessed.
2003-09-27 10:30:03 +00:00
alc
81b2703638 Addendum to the previous revision: If vm_page_alloc() for the page
table page fails, perform a VM_WAIT; update some comments in
_pmap_allocpte().
2003-09-27 05:44:53 +00:00
phk
2c53f2561e Initialize cn_name, ignore cn_dev. 2003-09-26 08:51:54 +00:00
alc
3f8be813be - Eliminate the pte object.
- Use kmem_alloc_nofault() rather than kmem_alloc_pageable() to allocate
   KVA space for the page directory page(s).  Submitted by: tegge
2003-09-25 02:51:06 +00:00
peter
8ecb3577d8 Add sysentvec->sv_fixlimits() hook so that we can catch cases on 64 bit
systems where the data/stack/etc limits are too big for a 32 bit process.

Move the 5 or so identical instances of ELF_RTLD_ADDR() into imgact_elf.c.

Supply an ia32_fixlimits function.  Export the clip/default values to
sysctl under the compat.ia32 heirarchy.

Have mmap(0, ...) respect the current p->p_limits[RLIMIT_DATA].rlim_max
value rather than the sysctl tweakable variable.  This allows mmap to
place mappings at sensible locations when limits have been reduced.

Have the imgact_elf.c ld-elf.so.1 placement algorithm use the same
method as mmap(0, ...) now does.

Note that we cannot remove all references to the sysctl tweakable
maxdsiz etc variables because /etc/login.conf specifies a datasize
of 'unlimited'.  And that causes exec etc to fail since it can no
longer find space to mmap things.
2003-09-25 01:10:26 +00:00
imp
ea8586b356 Per TRB vote: restore the aquire_timer0 and associated goo. This will
be gone in FreeBSD 6, so put BURN_BRIDGES around it.  The TRB also
felt that if something better comes along sooner, it can be used to
replace this code.

Delayed by: BSDcon and subsequent disk crash.
2003-09-24 15:33:33 +00:00
nyan
2ae09c9ace Implement the bus_space_map() function to allocate resources and initialize
a bus_handle, but currently it does only initializing a bus_handle.
2003-09-23 08:22:34 +00:00
peter
9cd1883cc6 Microoptimization to allow the compiler to evaluate ntohl() etc on
known constants at compile time rather than at run time.  We have a number
of nasty hacks around the place to cache ntohl() of constants (eg: nfs).
This change allows the compiler to compile-time evaluate ntohl(1) as
0x01000000 rather than having to emit assembler code to do it.  This
has other smaller flow-on effects because the compiler can see that
ntohl(constant) itself has a constant value now and can propagate the
compile time evaluation.

Obtained from:  Ideas from NetBSD and Linux, and some code from NetBSD
2003-09-22 21:46:47 +00:00
alc
d94df47be5 Allocate the page table directory page(s) as "no object" pages. (This
leaves one explicit use of the pte object.)
2003-09-21 21:36:13 +00:00
alc
6c696bcaf2 Reimplement pmap_release() such that it uses the page table rather than the
pte object to locate the page table directory pages.  (This is another step
toward the elimination of the pte object.)
2003-09-20 23:54:36 +00:00
joerg
8dbe9dcdd4 Mention the puc(4) glue driver in a commented-out example so the user
of "dumb" PCI-based serial/parallel boards get a hint how to enable
them.

I wasn't sure about the ia64, pc98, powerpc, and sparc64 archs whether
they'd support puc(4) or not.
2003-09-19 20:04:55 +00:00
sam
a268cdd0f2 add Atheros driver 2003-09-19 01:42:24 +00:00
jhb
7951db66e4 Fix a busted constant related to PCI configuration acess method #1. The
reserved bits in the port that must be zero are 24:30, not 20:30.  Bits
16:23 are used to set the bus number.  This meant that when we tested for
config mechanism #1, if the previous PCI configuration transaction sent
used a bus number greater than 15, one of the bits in 20:23 would be
non-zero and we would fail to use config mechanism #1 and thus fail to see
that PCI existed on the machine at all.

Obtained from:	Shanley's PCI System Architecture book
Tested by:	des
Proxied through:	njl
2003-09-18 17:00:03 +00:00
bde
8325eea972 Don't forget to reenable interrupts after a breakpoint and trace traps from
user mode.  This goes with rev.1.468 of machdep.c which changed the gates
for these traps to interrupt gates.  Having the interrupts disabled for
these traps from user mode is just an unwanted side effect.

This fixes at least 1 case of "panic: absolutely cannot call
smp_ipi_shootdown with interrupts already disabled".  Too much code was
run with interrupts disabled, and it sometimes hit a sanity check.

Fix verified by:	deischen
2003-09-18 07:01:30 +00:00
iwasaki
e7572e5a6f Add final adjustment code of battery status based on the battery capacity
rather than returning unknown status.
2003-09-17 08:47:39 +00:00
alc
5c46fa913e Simplify (and micro-optimize) pmap_unuse_pt(): Only one caller,
pmap_remove_pte(), passed NULL instead of the required page table
page to pmap_unuse_pt().  Compute the necessary page table page
in pmap_remove_pte().  Also, remove some unreachable code from
pmap_remove_pte().
2003-09-13 21:57:38 +00:00
alc
76fcb264a0 Add a new parameter to pmap_extract_and_hold() that is needed to eliminate
Giant from vmapbuf().

Idea from:	tegge
2003-09-12 07:07:49 +00:00
obrien
f9ed8af720 Sort 'bge' correctly. 2003-09-10 18:54:59 +00:00
jhb
1f117d006c Whitespace. 2003-09-10 07:09:16 +00:00
jhb
b45d8ce18f We represent PCI intpin's two different ways. One is the way that the
intpin register is expressed in hardware where 0 means none, 1 means INTA,
2 INTB, etc.  The other way is commonly used in loops where 0 means INTA,
1 means INTB, etc.  The matchpin argument to pci_cfgintr_search() is
supposed to be the first form, but we passsed in a loop index of the
second.  This fix adds one to the loop index to convert to the first form.

Reported by:	Pavlin Radoslavov <pavlin@icir.org>
2003-09-10 06:00:53 +00:00
jhb
f1adf3f355 Finish an earlier commit:
Add a acpi_SetDefaultIntrModel() method to allow drivers to set the
interrupt model prior to the acpi0 device being probed and attached.
2003-09-10 05:29:30 +00:00
jhb
e6dc9246cc Remove an XXX comment by using the per CPU mask added after this comment
was added.
2003-09-10 01:36:48 +00:00
jhb
b4d0f7315d Add a acpi_SetDefaultIntrModel() method to allow drivers to set the
interrupt model prior to the acpi0 device being probed and attached.
2003-09-10 01:14:42 +00:00
jhb
dbc00c2c64 Fix a typo. 2003-09-10 01:11:58 +00:00
jhb
6d7d527e9e Add comments to the members of the timecounter struct similar to other
timecounters.
2003-09-10 01:10:24 +00:00
jhb
16813b6997 Add constants for entries in the IDT and use those instead of magic
numbers.
2003-09-10 01:07:04 +00:00
wpaul
fc3a8934ee Add a device driver for the Broadcom BCM4401 ethernet controller,
written by Stuart Walsh and Duncan Barclay (with some kibbitzing by
me). I'm checking it in on Stuart's behalf.

The BCM4401 is built into several x86 laptop and desktop systems. For the
moment, I have only enabled it in the x86 kernel config because although
it's a PCI device, I haven't heard of any standalone NICs that use it. If
somebody knows of one, we can easily add it to the other arches.

This driver uses register/structure data gleaned from the Linux
driver released by Broadcom, but does not contain any of the code
from the Linux driver itself. It uses busdma.
2003-09-09 18:17:23 +00:00
scottl
008d694364 Re-arrange the raid section a small bit and put drivers into their proper
category.
2003-09-09 06:36:32 +00:00
anholt
a2691786cd Hook the SiS DRM up to the build
Sponsored by:	LinuxFund
2003-09-09 00:29:02 +00:00