Date: Wed, 03 Jan 2001 18:46:57 -0500 From: Jake Burkholder <jburkhol@home.com> To: Peter Wemm <peter@netplex.com.au> Cc: Matt Jacob <mjacob@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/dev/isp isp.c Message-ID: <20010103234657.CC0B9BA7D@io.yi.org> In-Reply-To: Message from Peter Wemm <peter@netplex.com.au> of "Sat, 30 Dec 2000 12:27:25 PST." <200012302027.eBUKRPm09381@mobile.wemm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Matt Jacob wrote:
> > mjacob 2000/12/30 12:09:27 PST
> >
> > Modified files:
> > sys/dev/isp isp.c
> > Log:
> > Change the modification of what could be a const string. Apparently the
> > construct:
> >
> > char *foo;
> > ...
> > foo = "XXX";
> > ...
> > foo[1] = 'Y';
> >
> > is wrong. IT blew up on NetBSD-sparc64 because that platform write-protects
> > constant strings.
>
> We do too, but it depends how it is loaded:
>
> peter@mobile[12:22pm]/tmp-125> cat foo.c
> main()
> {
> char *foo;
> foo = "XXX";
> foo[1] = 'Y';
> printf("%s\n", foo);
> }
> peter@mobile[12:22pm]/tmp-126> cc -o foo foo.c
> peter@mobile[12:22pm]/tmp-127> ./foo
> Bus error (core dumped)
> peter@mobile[12:22pm]/tmp-128> cc -fwritable-strings -o foo foo.c
> peter@mobile[12:23pm]/tmp-129> ./foo
> XYX
>
> cc puts the strings in the text segment. On userland, this is always
> enforced.
>
> In the kernel, text is write protected for the static kernel. But we do
> something funky with the PSE 4MB pages and double map the text/data
> segments or something, I dont recall. I think it might be possible for writes
> to the text segment to slip through the data area, but I am far from sure
> about this. I would have thought we'd have discovered this by now if so.
> (Or bde would have found it :-).
I don't think it is protected at least for i386. I wrote a kld
a while ago that wrote into kernel text, and it worked ok.
This comment in sys/i386/i386/machdep.c:init386() might have some
thing to do with it:
/*
* XXX text protection is temporarily (?) disabled. The limit was
* i386_btop(round_page(etext)) - 1.
*/
gdt_segs[GCODE_SEL].ssd_limit = i386_btop(0) - 1;
gdt_segs[GDATA_SEL].ssd_limit = i386_btop(0) - 1;
Jake
>
> KLD's however do not have this enforced. The two ELF load segments are both
> write enabled. Maybe your testing was with klds? or preloaded klds from
> the loader?
>
> Cheers,
> -Peter
> --
> Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au
> "All of this is for nothing if we don't go to the stars" - JMS/B5
>
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010103234657.CC0B9BA7D>