From owner-cvs-all Wed Jan 3 15:51:51 2001 From owner-cvs-all@FreeBSD.ORG Wed Jan 3 15:51:44 2001 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from io.yi.org (cr66388-a.rchrd1.on.wave.home.com [24.114.165.24]) by hub.freebsd.org (Postfix) with ESMTP id CEF9537B400; Wed, 3 Jan 2001 15:51:43 -0800 (PST) Received: from io.yi.org (localhost.gvcl1.bc.wave.home.com [127.0.0.1]) by io.yi.org (Postfix) with ESMTP id CC0B9BA7D; Wed, 3 Jan 2001 18:46:57 -0500 (EST) X-Mailer: exmh version 2.1.1 10/15/1999 To: Peter Wemm Cc: Matt Jacob , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/dev/isp isp.c In-Reply-To: Message from Peter Wemm of "Sat, 30 Dec 2000 12:27:25 PST." <200012302027.eBUKRPm09381@mobile.wemm.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 03 Jan 2001 18:46:57 -0500 From: Jake Burkholder Message-Id: <20010103234657.CC0B9BA7D@io.yi.org> Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Matt Jacob wrote: > > mjacob 2000/12/30 12:09:27 PST > > > > Modified files: > > sys/dev/isp isp.c > > Log: > > Change the modification of what could be a const string. Apparently the > > construct: > > > > char *foo; > > ... > > foo = "XXX"; > > ... > > foo[1] = 'Y'; > > > > is wrong. IT blew up on NetBSD-sparc64 because that platform write-protects > > constant strings. > > We do too, but it depends how it is loaded: > > peter@mobile[12:22pm]/tmp-125> cat foo.c > main() > { > char *foo; > foo = "XXX"; > foo[1] = 'Y'; > printf("%s\n", foo); > } > peter@mobile[12:22pm]/tmp-126> cc -o foo foo.c > peter@mobile[12:22pm]/tmp-127> ./foo > Bus error (core dumped) > peter@mobile[12:22pm]/tmp-128> cc -fwritable-strings -o foo foo.c > peter@mobile[12:23pm]/tmp-129> ./foo > XYX > > cc puts the strings in the text segment. On userland, this is always > enforced. > > In the kernel, text is write protected for the static kernel. But we do > something funky with the PSE 4MB pages and double map the text/data > segments or something, I dont recall. I think it might be possible for writes > to the text segment to slip through the data area, but I am far from sure > about this. I would have thought we'd have discovered this by now if so. > (Or bde would have found it :-). I don't think it is protected at least for i386. I wrote a kld a while ago that wrote into kernel text, and it worked ok. This comment in sys/i386/i386/machdep.c:init386() might have some thing to do with it: /* * XXX text protection is temporarily (?) disabled. The limit was * i386_btop(round_page(etext)) - 1. */ gdt_segs[GCODE_SEL].ssd_limit = i386_btop(0) - 1; gdt_segs[GDATA_SEL].ssd_limit = i386_btop(0) - 1; Jake > > KLD's however do not have this enforced. The two ELF load segments are both > write enabled. Maybe your testing was with klds? or preloaded klds from > the loader? > > Cheers, > -Peter > -- > Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au > "All of this is for nothing if we don't go to the stars" - JMS/B5 > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message