diff options
author | dg <dg@FreeBSD.org> | 1995-05-25 01:35:24 +0000 |
---|---|---|
committer | dg <dg@FreeBSD.org> | 1995-05-25 01:35:24 +0000 |
commit | a4ec59246f1ae1566f39b2ba1183f1f7d162cb46 (patch) | |
tree | d8e24731030c03fe1ed42d7824786e43f50fbeec /sys/miscfs | |
parent | e28ba9e18807abc8a6fc5b05e74a2be1b87ee5fe (diff) | |
download | FreeBSD-src-a4ec59246f1ae1566f39b2ba1183f1f7d162cb46.zip FreeBSD-src-a4ec59246f1ae1566f39b2ba1183f1f7d162cb46.tar.gz |
Fixed panic that resulted from mmaping files in kernfs and procfs. A
regular user could panic the machine with a simple "tail /proc/curproc/mem"
command. The problem was twofold: both kernfs and procfs didn't fill in
the mnt_stat statfs struct (which would later lead to an integer divide
fault in the vnode pager), and kernfs bogusly paniced if a bmap was
attempted.
Reviewed by: John Dyson
Diffstat (limited to 'sys/miscfs')
-rw-r--r-- | sys/miscfs/kernfs/kernfs_vfsops.c | 5 | ||||
-rw-r--r-- | sys/miscfs/kernfs/kernfs_vnops.c | 6 | ||||
-rw-r--r-- | sys/miscfs/procfs/procfs.h | 4 | ||||
-rw-r--r-- | sys/miscfs/procfs/procfs_vfsops.c | 6 | ||||
-rw-r--r-- | sys/miscfs/procfs/procfs_vnops.c | 30 |
5 files changed, 13 insertions, 38 deletions
diff --git a/sys/miscfs/kernfs/kernfs_vfsops.c b/sys/miscfs/kernfs/kernfs_vfsops.c index 4c54975..e6f97c7 100644 --- a/sys/miscfs/kernfs/kernfs_vfsops.c +++ b/sys/miscfs/kernfs/kernfs_vfsops.c @@ -34,7 +34,7 @@ * SUCH DAMAGE. * * @(#)kernfs_vfsops.c 8.4 (Berkeley) 1/21/94 - * $Id: kernfs_vfsops.c,v 1.7 1995/03/16 18:13:23 bde Exp $ + * $Id: kernfs_vfsops.c,v 1.8 1995/03/16 20:23:38 wollman Exp $ */ /* @@ -57,6 +57,8 @@ struct vnode *rrootvp; +int kernfs_statfs __P((struct mount *, struct statfs *, struct proc *)); + /* * Create a vnode for a character device. */ @@ -160,6 +162,7 @@ kernfs_mount(mp, path, data, ndp, p) bzero(mp->mnt_stat.f_mntonname + size, MNAMELEN - size); bzero(mp->mnt_stat.f_mntfromname, MNAMELEN); bcopy("kernfs", mp->mnt_stat.f_mntfromname, sizeof("kernfs")); + (void)kernfs_statfs(mp, &mp->mnt_stat, p); #ifdef KERNFS_DIAGNOSTIC printf("kernfs_mount: at %s\n", mp->mnt_stat.f_mntonname); #endif diff --git a/sys/miscfs/kernfs/kernfs_vnops.c b/sys/miscfs/kernfs/kernfs_vnops.c index b38fc5e..a9bf9e7 100644 --- a/sys/miscfs/kernfs/kernfs_vnops.c +++ b/sys/miscfs/kernfs/kernfs_vnops.c @@ -34,7 +34,7 @@ * SUCH DAMAGE. * * @(#)kernfs_vnops.c 8.6 (Berkeley) 2/10/94 - * $Id: kernfs_vnops.c,v 1.6 1994/10/02 17:48:09 phk Exp $ + * $Id: kernfs_vnops.c,v 1.7 1994/11/15 20:30:56 jkh Exp $ */ /* @@ -693,9 +693,7 @@ kernfs_enotsupp() int kernfs_badop() { - - panic("kernfs: bad op"); - /* NOTREACHED */ + return (EIO); } /* diff --git a/sys/miscfs/procfs/procfs.h b/sys/miscfs/procfs/procfs.h index aabb1d3..22c3800 100644 --- a/sys/miscfs/procfs/procfs.h +++ b/sys/miscfs/procfs/procfs.h @@ -36,7 +36,7 @@ * * @(#)procfs.h 8.6 (Berkeley) 2/3/94 * - * $Id: procfs.h,v 1.3 1995/03/16 18:13:45 bde Exp $ + * $Id: procfs.h,v 1.4 1995/04/15 02:30:08 davidg Exp $ */ /* @@ -175,7 +175,7 @@ int procfs_inactive __P((struct vop_inactive_args *)); int procfs_reclaim __P((struct vop_reclaim_args *)); #define procfs_lock ((int (*) __P((struct vop_lock_args *))) nullop) #define procfs_unlock ((int (*) __P((struct vop_unlock_args *))) nullop) -int procfs_bmap __P((struct vop_bmap_args *)); +#define procfs_bmap ((int (*) __P((struct vop_bmap_args *))) procfs_badop) #define procfs_strategy ((int (*) __P((struct vop_strategy_args *))) procfs_badop) int procfs_print __P((struct vop_print_args *)); #define procfs_islocked ((int (*) __P((struct vop_islocked_args *))) nullop) diff --git a/sys/miscfs/procfs/procfs_vfsops.c b/sys/miscfs/procfs/procfs_vfsops.c index b933a18..4113063 100644 --- a/sys/miscfs/procfs/procfs_vfsops.c +++ b/sys/miscfs/procfs/procfs_vfsops.c @@ -36,7 +36,7 @@ * * @(#)procfs_vfsops.c 8.4 (Berkeley) 1/21/94 * - * $Id: procfs_vfsops.c,v 1.8 1995/03/16 18:13:47 bde Exp $ + * $Id: procfs_vfsops.c,v 1.9 1995/03/16 20:23:42 wollman Exp $ */ /* @@ -56,6 +56,8 @@ #include <miscfs/procfs/procfs.h> #include <vm/vm.h> /* for PAGE_SIZE */ +int procfs_statfs __P((struct mount *, struct statfs *, struct proc *)); + /* * VFS Operations. * @@ -90,7 +92,7 @@ procfs_mount(mp, path, data, ndp, p) size = sizeof("procfs") - 1; bcopy("procfs", mp->mnt_stat.f_mntfromname, size); bzero(mp->mnt_stat.f_mntfromname + size, MNAMELEN - size); - + (void)procfs_statfs(mp, &mp->mnt_stat, p); return (0); } diff --git a/sys/miscfs/procfs/procfs_vnops.c b/sys/miscfs/procfs/procfs_vnops.c index 736b2fe..8decad4 100644 --- a/sys/miscfs/procfs/procfs_vnops.c +++ b/sys/miscfs/procfs/procfs_vnops.c @@ -36,7 +36,7 @@ * * @(#)procfs_vnops.c 8.6 (Berkeley) 2/7/94 * - * $Id: procfs_vnops.c,v 1.11 1995/04/15 03:20:31 davidg Exp $ + * $Id: procfs_vnops.c,v 1.12 1995/05/11 19:26:33 rgrimes Exp $ */ /* @@ -169,30 +169,6 @@ procfs_ioctl(ap) } /* - * do block mapping for pfsnode (vp). - * since we don't use the buffer cache - * for procfs this function should never - * be called. in any case, it's not clear - * what part of the kernel ever makes use - * of this function. for sanity, this is the - * usual no-op bmap, although returning - * (EIO) would be a reasonable alternative. - */ -int -procfs_bmap(ap) - struct vop_bmap_args *ap; -{ - - if (ap->a_vpp != NULL) - *ap->a_vpp = ap->a_vp; - if (ap->a_bnp != NULL) - *ap->a_bnp = ap->a_bn; - if (ap->a_runp != NULL) - *ap->a_runp = 0; - return (0); -} - -/* * _inactive is called when the pfsnode * is vrele'd and the reference count goes * to zero. (vp) will be on the vnode free @@ -428,10 +404,6 @@ procfs_getattr(ap) case Pmem: vap->va_nlink = 1; - vap->va_bytes = vap->va_size = - ctob(procp->p_vmspace->vm_tsize + - procp->p_vmspace->vm_dsize + - procp->p_vmspace->vm_ssize); /* * If we denied owner access earlier, then we have to * change the owner to root - otherwise 'ps' and friends |