I have tried to understand the following code in vm_map_lookup() without
much success:
if (fault_type & VM_PROT_OVERRIDE_WRITE)
prot = entry->max_protection;
else
prot = entry->protection;
........
if (entry->wired_count && (fault_type & VM_PROT_WRITE) &&
(entry->eflags & MAP_ENTRY_COW) &&
(fault_typea & VM_PROT_OVERRIDE_WRITE) == 0) {
RETURN(KERN_PROTECTION_FAILURE);
}
At first, it seems to me that if you want to write a COW page, you must
have OVERRIDE_WRITE set.
But later I find that when wired_count is non zero, we are actually
simulating a page fault, not a real one.
Anyway, I do not know how the above code (1) prevents a debugger from
writing a binary code, (2) forces
a COW when a debugger write other data.
I also have some questions on wiring a page:
(1) According to the man pages of mlock(2), a wired page can still
cause protection-violation faults.
But in the same vm_map_lookup(), we have the following code:
if (*wired)
prot = fault_type = entry->protection;
and the comment says "get it for all possible accesses". As I undersand
it, we wire a page by simulating
a page fault (no matter whether it is kernel or user who is wiring a
page).
(2) Can the kernel wire a page of a user process without that user's
request (by calling mlock)?
Any help is appreciated.
To Unsubscribe: send mail to majord...@freebsd.org
with "unsubscribe freebsd-hackers" in the body of the message
