Re: [9fans] Kernel crash bug

erik quanstrom Sat, 01 Aug 2009 19:18:33 -0700

On Sat Aug  1 21:40:18 EDT 2009, quans...@quanstro.net wrote:
> diff -c /n/dump/2009/0801/sys/src/9/port/sysproc.c sysproc.c
> /n/dump/2009/0801/sys/src/9/port/sysproc.c:234,247 - sysproc.c:234,248


ready.  shoot.  aim.
sorry.  i sent the wrong patch.

i also should have mentioned that this patch is not as aggressive
about checking for arguments changing underfoot as russ'.  so
we can all anticipate the next program that'll be posted.

i do agree with charles that part of the solution is to ease fault386 to
only panic on addresses that obviously could have never been
valid, like 0, addresses in pci space, etc.

- erik

diffy -c sysproc.c chan.c
diff -c /n/dump/2009/0801/sys/src/9/port/sysproc.c sysproc.c
/n/dump/2009/0801/sys/src/9/port/sysproc.c:223,229 - sysproc.c:223,229
        int i;
        Chan *tc;
        char **argv, **argp;
-       char *a, *charp, *args, *file;
+       char *a, *charp, *args, *file, *file0;
        char *progarg[sizeof(Exec)/2+1], *elem, progelem[64];
        ulong ssize, spage, nargs, nbytes, n, bssend;
        int indir;
/n/dump/2009/0801/sys/src/9/port/sysproc.c:234,247 - sysproc.c:234,248
        ulong magic, text, entry, data, bss;
        Tos *tos;
  
-       validaddr(arg[0], 1, 0);
-       file = (char*)arg[0];
+       file = nil;
        indir = 0;
        elem = nil;
        if(waserror()){
                free(elem);
+               free(file);
                nexterror();
        }
+       file = file0 = validnamedup((char*)arg[0], 1);
        for(;;){
                tc = namec(file, Aopen, OEXEC, 0);
                if(waserror()){
/n/dump/2009/0801/sys/src/9/port/sysproc.c:375,380 - sysproc.c:376,382
                charp += n;
        }
  
+       free(file0);
        free(up->text);
        up->text = elem;
        elem = nil;     /* so waserror() won't free elem */
diff -c /n/dump/2009/0801/sys/src/9/port/chan.c chan.c
/n/dump/2009/0801/sys/src/9/port/chan.c:1689,1701 - chan.c:1689,1698
        if((ulong)name < KZERO){
                validaddr((ulong)name, 1, 0);
                if(!dup)
-                       print("warning: validname called from %lux with user 
pointer", pc);
+                       print("warning: validname called from %#p with user 
pointer", pc);
                p = name;
                t = BY2PG-((ulong)p&(BY2PG-1));
-               while((ename=vmemchr(p, 0, t)) == nil){
-                       p += t;
-                       t = BY2PG;
-               }
+               ename = vmemchr(name, 0, 1<<16);
        }else
                ename = memchr(name, 0, (1<<16));

- erik

Re: [9fans] Kernel crash bug

Reply via email to