From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <a0f6b6622967044ad528bbd0247ad54a@quanstro.net>
From: erik quanstrom <quanstro@quanstro.net>
Date: Sat,  1 Aug 2009 22:13:45 -0400
To: 9fans@9fans.net
In-Reply-To: <ccf33bfa3bb16eaa82d860ce725abeb4@quanstro.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Subject: Re: [9fans] Kernel crash bug
Topicbox-Message-UUID: 354a7938-ead5-11e9-9d60-3106f5b1d025

On Sat Aug  1 21:40:18 EDT 2009, quanstro@quanstro.net wrote:
> diff -c /n/dump/2009/0801/sys/src/9/port/sysproc.c sysproc.c
> /n/dump/2009/0801/sys/src/9/port/sysproc.c:234,247 - sysproc.c:234,248

ready.  shoot.  aim.
sorry.  i sent the wrong patch.

i also should have mentioned that this patch is not as aggressive
about checking for arguments changing underfoot as russ'.  so
we can all anticipate the next program that'll be posted.

i do agree with charles that part of the solution is to ease fault386 to
only panic on addresses that obviously could have never been
valid, like 0, addresses in pci space, etc.

- erik

diffy -c sysproc.c chan.c
diff -c /n/dump/2009/0801/sys/src/9/port/sysproc.c sysproc.c
/n/dump/2009/0801/sys/src/9/port/sysproc.c:223,229 - sysproc.c:223,229
  	int i;
  	Chan *tc;
  	char **argv, **argp;
- 	char *a, *charp, *args, *file;
+ 	char *a, *charp, *args, *file, *file0;
  	char *progarg[sizeof(Exec)/2+1], *elem, progelem[64];
  	ulong ssize, spage, nargs, nbytes, n, bssend;
  	int indir;
/n/dump/2009/0801/sys/src/9/port/sysproc.c:234,247 - sysproc.c:234,248
  	ulong magic, text, entry, data, bss;
  	Tos *tos;

- 	validaddr(arg[0], 1, 0);
- 	file = (char*)arg[0];
+ 	file = nil;
  	indir = 0;
  	elem = nil;
  	if(waserror()){
  		free(elem);
+ 		free(file);
  		nexterror();
  	}
+ 	file = file0 = validnamedup((char*)arg[0], 1);
  	for(;;){
  		tc = namec(file, Aopen, OEXEC, 0);
  		if(waserror()){
/n/dump/2009/0801/sys/src/9/port/sysproc.c:375,380 - sysproc.c:376,382
  		charp += n;
  	}

+ 	free(file0);
  	free(up->text);
  	up->text = elem;
  	elem = nil;	/* so waserror() won't free elem */
diff -c /n/dump/2009/0801/sys/src/9/port/chan.c chan.c
/n/dump/2009/0801/sys/src/9/port/chan.c:1689,1701 - chan.c:1689,1698
  	if((ulong)name < KZERO){
  		validaddr((ulong)name, 1, 0);
  		if(!dup)
- 			print("warning: validname called from %lux with user pointer", pc);
+ 			print("warning: validname called from %#p with user pointer", pc);
  		p = name;
  		t = BY2PG-((ulong)p&(BY2PG-1));
- 		while((ename=vmemchr(p, 0, t)) == nil){
- 			p += t;
- 			t = BY2PG;
- 		}
+ 		ename = vmemchr(name, 0, 1<<16);
  	}else
  		ename = memchr(name, 0, (1<<16));

- erik