Date: Fri, 23 Oct 2009 14:27:40 +0000 (UTC) From: Nathan Whitehorn <nwhitehorn@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r198400 - head/sys/powerpc/aim Message-ID: <200910231427.n9NERe0J063382@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: nwhitehorn Date: Fri Oct 23 14:27:40 2009 New Revision: 198400 URL: http://svn.freebsd.org/changeset/base/198400 Log: Do not map the trap vectors into the kernel's address space. They are only used in real mode and keeping them mapped only serves to make NULL a valid address, which results in silent NULL pointer deferences. Suggested by: Patrick Kerharo Obtained from: projects/ppc64 Modified: head/sys/powerpc/aim/mmu_oea64.c head/sys/powerpc/aim/trap_subr.S Modified: head/sys/powerpc/aim/mmu_oea64.c ============================================================================== --- head/sys/powerpc/aim/mmu_oea64.c Fri Oct 23 14:22:51 2009 (r198399) +++ head/sys/powerpc/aim/mmu_oea64.c Fri Oct 23 14:27:40 2009 (r198400) @@ -868,15 +868,17 @@ moea64_bridge_bootstrap(mmu_t mmup, vm_o ENABLE_TRANS(msr); /* - * Map certain important things, like ourselves and the exception - * vectors + * Map certain important things, like ourselves. + * + * NOTE: We do not map the exception vector space. That code is + * used only in real mode, and leaving it unmapped allows us to + * catch NULL pointer deferences, instead of making NULL a valid + * address. */ DISABLE_TRANS(msr); for (pa = kernelstart & ~PAGE_MASK; pa < kernelend; pa += PAGE_SIZE) moea64_kenter(mmup, pa, pa); - for (pa = EXC_RSVD; pa < EXC_LAST; pa += PAGE_SIZE) - moea64_kenter(mmup, pa, pa); ENABLE_TRANS(msr); if (!ofw_real_mode) { Modified: head/sys/powerpc/aim/trap_subr.S ============================================================================== --- head/sys/powerpc/aim/trap_subr.S Fri Oct 23 14:22:51 2009 (r198399) +++ head/sys/powerpc/aim/trap_subr.S Fri Oct 23 14:27:40 2009 (r198400) @@ -275,10 +275,16 @@ CNAME(restorebridgesize) = .-CNAME(resto /* * Processor reset exception handler. These are typically * the first instructions the processor executes after a - * software reset. + * software reset. We do this in two bits so that we are + * not still hanging around in the trap handling region + * once the MMU is turned on. */ .globl CNAME(rstcode), CNAME(rstsize) CNAME(rstcode): + ba cpu_reset +CNAME(rstsize) = . - CNAME(rstcode) + +cpu_reset: bl 1f .space 124 @@ -296,7 +302,6 @@ CNAME(rstcode): /* Should not be reached */ 9: b 9b -CNAME(rstsize) = . - CNAME(rstcode) #endif /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910231427.n9NERe0J063382>