From owner-freebsd-hackers  Tue Jul 20 19:22:19 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from bingnet2.cc.binghamton.edu (mailbox.adm.binghamton.edu [128.226.10.60])
	by hub.freebsd.org (Postfix) with ESMTP id 8E1A5150B5
	for <freebsd-hackers@freebsd.org>; Tue, 20 Jul 1999 19:22:07 -0700 (PDT)
	(envelope-from zzhang@cs.binghamton.edu)
Received: from cs.binghamton.edu (bing241.net108.binghamton.edu [128.226.108.241])
	by bingnet2.cc.binghamton.edu (8.9.3/8.9.3) with ESMTP id WAA10171
	for <freebsd-hackers@freebsd.org>; Tue, 20 Jul 1999 22:22:04 -0400 (EDT)
Message-ID: <37952EBF.3960E7D4@cs.binghamton.edu>
Date: Tue, 20 Jul 1999 22:21:51 -0400
From: Zhihui Zhang <zzhang@cs.binghamton.edu>
Organization: SUNY - Binghamton
X-Mailer: Mozilla 4.05 [en] (Win95; I)
MIME-Version: 1.0
To: freebsd-hackers@freebsd.org
Subject: understanding code related to forced COW for debugger
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG



I have tried to understand the following code in vm_map_lookup() without
much success:

        if (fault_type & VM_PROT_OVERRIDE_WRITE)
                prot = entry->max_protection;
        else
                prot = entry->protection;
         ........

        if (entry->wired_count && (fault_type & VM_PROT_WRITE) &&
                        (entry->eflags & MAP_ENTRY_COW) &&
                        (fault_typea & VM_PROT_OVERRIDE_WRITE) == 0) {
                        RETURN(KERN_PROTECTION_FAILURE);
        }

At first, it seems to me that if you want to write a COW page, you must
have OVERRIDE_WRITE set.
But later I find that when wired_count is non zero, we are actually
simulating a page fault, not a real one.
Anyway, I do not know how the above code (1) prevents a debugger from
writing a binary code, (2) forces
a COW when a debugger write other data.

I also have some questions on wiring a page:

(1)  According to the man pages of mlock(2), a wired page can still
cause protection-violation faults.
But in the same vm_map_lookup(), we have the following code:

        if (*wired)
                prot = fault_type = entry->protection;

and the comment says "get it for all possible accesses".  As I undersand
it, we wire a page by simulating
a page fault (no matter whether it is kernel or user who is wiring a
page).

(2)  Can the kernel wire a page of a user process without that user's
request (by calling mlock)?

Any help is appreciated.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message