diff options
author | nwhitehorn <nwhitehorn@FreeBSD.org> | 2009-10-23 14:27:40 +0000 |
---|---|---|
committer | nwhitehorn <nwhitehorn@FreeBSD.org> | 2009-10-23 14:27:40 +0000 |
commit | 8f8a90522cbb3bb03782bc7bf40d03dc744c7572 (patch) | |
tree | dfbcca67cdee2950baee0f733c8807fb3a9fdf35 /sys/powerpc | |
parent | e0351f030b433a4f2b7d50ed4a1e133392faf49a (diff) | |
download | FreeBSD-src-8f8a90522cbb3bb03782bc7bf40d03dc744c7572.zip FreeBSD-src-8f8a90522cbb3bb03782bc7bf40d03dc744c7572.tar.gz |
Do not map the trap vectors into the kernel's address space. They are
only used in real mode and keeping them mapped only serves to make NULL
a valid address, which results in silent NULL pointer deferences.
Suggested by: Patrick Kerharo
Obtained from: projects/ppc64
Diffstat (limited to 'sys/powerpc')
-rw-r--r-- | sys/powerpc/aim/mmu_oea64.c | 10 | ||||
-rw-r--r-- | sys/powerpc/aim/trap_subr.S | 9 |
2 files changed, 13 insertions, 6 deletions
diff --git a/sys/powerpc/aim/mmu_oea64.c b/sys/powerpc/aim/mmu_oea64.c index 9a40036..680a391 100644 --- a/sys/powerpc/aim/mmu_oea64.c +++ b/sys/powerpc/aim/mmu_oea64.c @@ -868,15 +868,17 @@ moea64_bridge_bootstrap(mmu_t mmup, vm_offset_t kernelstart, vm_offset_t kernele ENABLE_TRANS(msr); /* - * Map certain important things, like ourselves and the exception - * vectors + * Map certain important things, like ourselves. + * + * NOTE: We do not map the exception vector space. That code is + * used only in real mode, and leaving it unmapped allows us to + * catch NULL pointer deferences, instead of making NULL a valid + * address. */ DISABLE_TRANS(msr); for (pa = kernelstart & ~PAGE_MASK; pa < kernelend; pa += PAGE_SIZE) moea64_kenter(mmup, pa, pa); - for (pa = EXC_RSVD; pa < EXC_LAST; pa += PAGE_SIZE) - moea64_kenter(mmup, pa, pa); ENABLE_TRANS(msr); if (!ofw_real_mode) { diff --git a/sys/powerpc/aim/trap_subr.S b/sys/powerpc/aim/trap_subr.S index bcffb29..5d9596b 100644 --- a/sys/powerpc/aim/trap_subr.S +++ b/sys/powerpc/aim/trap_subr.S @@ -275,10 +275,16 @@ CNAME(restorebridgesize) = .-CNAME(restorebridge) /* * Processor reset exception handler. These are typically * the first instructions the processor executes after a - * software reset. + * software reset. We do this in two bits so that we are + * not still hanging around in the trap handling region + * once the MMU is turned on. */ .globl CNAME(rstcode), CNAME(rstsize) CNAME(rstcode): + ba cpu_reset +CNAME(rstsize) = . - CNAME(rstcode) + +cpu_reset: bl 1f .space 124 @@ -296,7 +302,6 @@ CNAME(rstcode): /* Should not be reached */ 9: b 9b -CNAME(rstsize) = . - CNAME(rstcode) #endif /* |