kernel: dont call pprint() while holding up->debug qlock

pprint() might block or even (maliciously) call into
devproc write which will corrupt the qlock chain on attempt
to qlock up->debug again.
This commit is contained in:
cinap_lenrek 2013-12-29 07:48:19 +01:00
parent afc2d547e1
commit 42074003ca
12 changed files with 43 additions and 72 deletions

View file

@ -543,9 +543,9 @@ notify(Ureg *ur)
}
if(n->flag != NUser && (up->notified || up->notify==0)) {
qunlock(&up->debug);
if(n->flag == NDebug)
pprint("suicide: %s\n", n->msg);
qunlock(&up->debug);
pexit(n->msg, n->flag!=NDebug);
}
@ -564,9 +564,8 @@ notify(Ureg *ur)
if(!okaddr((ulong)up->notify, BY2WD, 0)
|| !okaddr(sp-ERRMAX-6*BY2WD, sizeof(Ureg)+ERRMAX-6*BY2WD, 1)) {
pprint("suicide: bad address or sp in notify\n");
print("suicide: bad address or sp in notify\n");
qunlock(&up->debug);
pprint("suicide: bad address or sp in notify\n");
pexit("Suicide", 0);
}
@ -618,7 +617,6 @@ noted(Ureg *kur, Ureg **urp, ulong arg0)
if(arg0!=NRSTR && !up->notified) {
qunlock(&up->debug);
pprint("call to noted() when not notified\n");
print("call to noted() when not notified\n");
pexit("Suicide", 0);
}
up->notified = 0;
@ -630,16 +628,14 @@ print("call to noted() when not notified\n");
oureg = (ulong)nur;
if((oureg & (BY2V-1))
|| !okaddr((ulong)oureg-BY2WD, BY2WD+sizeof(Ureg), 0)){
pprint("bad ureg in noted or call to noted() when not notified\n");
print("bad ureg in noted or call to noted() when not notified\n");
qunlock(&up->debug);
pprint("bad ureg in noted or call to noted() when not notified\n");
pexit("Suicide", 0);
}
if(!validstatus(kur->status, nur->status)) {
qunlock(&up->debug);
pprint("bad noted ureg status %lux\n", (ulong)nur->status);
print("bad noted ureg status %lux\n", (ulong)nur->status);
pexit("Suicide", 0);
}
@ -648,9 +644,8 @@ print("bad noted ureg status %lux\n", (ulong)nur->status);
case NCONT:
case NRSTR:
if(!okaddr(nur->pc, BY2WD, 0) || !okaddr(nur->usp, BY2WD, 0)){
pprint("suicide: trap in noted\n");
print("suicide: trap in noted\n");
qunlock(&up->debug);
pprint("suicide: trap in noted\n");
pexit("Suicide", 0);
}
up->ureg = (Ureg*)(*(ulong*)(oureg-BY2WD));
@ -661,9 +656,8 @@ print("suicide: trap in noted\n");
case NSAVE:
if(!okaddr(nur->pc, BY2WD, 0) || !okaddr(nur->usp, BY2WD, 0)){
pprint("suicide: trap in noted\n");
print("suicide: trap in noted\n");
qunlock(&up->debug);
pprint("suicide: trap in noted\n");
pexit("Suicide", 0);
}
qunlock(&up->debug);
@ -677,15 +671,13 @@ print("suicide: trap in noted\n");
break;
default:
pprint("unknown noted arg 0x%lux\n", arg0);
print("unknown noted arg 0x%lux\n", arg0);
up->lastnote.flag = NDebug;
/* fall through */
case NDFLT:
qunlock(&up->debug);
if(up->lastnote.flag == NDebug)
pprint("suicide: %s\n", up->lastnote.msg);
qunlock(&up->debug);
pexit(up->lastnote.msg, up->lastnote.flag!=NDebug);
}
}

View file

@ -124,7 +124,7 @@ etherconfig(int on, char *spec, DevConf *cf)
ether->ea[0], ether->ea[1], ether->ea[2],
ether->ea[3], ether->ea[4], ether->ea[5]);
seprint(p, e, "\n");
pprint(buf);
print("%s", buf);
etherxx[ctlrno] = ether;
return 0;

View file

@ -617,8 +617,8 @@ noted(Ureg* ureg, ulong arg0)
/* sanity clause */
oureg = (ulong)nureg;
if(!okaddr((ulong)oureg-BY2WD, BY2WD+sizeof(Ureg), 0)){
pprint("bad ureg in noted or call to noted when not notified\n");
qunlock(&up->debug);
pprint("bad ureg in noted or call to noted when not notified\n");
pexit("Suicide", 0);
}
@ -656,16 +656,13 @@ noted(Ureg* ureg, ulong arg0)
break;
default:
pprint("unknown noted arg 0x%lux\n", arg0);
up->lastnote.flag = NDebug;
/* fall through */
case NDFLT:
if(up->lastnote.flag == NDebug){
qunlock(&up->debug);
if(up->lastnote.flag == NDebug)
pprint("suicide: %s\n", up->lastnote.msg);
} else
qunlock(&up->debug);
pexit(up->lastnote.msg, up->lastnote.flag!=NDebug);
}
}
@ -698,9 +695,9 @@ notify(Ureg* ureg)
}
if(n->flag!=NUser && (up->notified || up->notify==0)){
qunlock(&up->debug);
if(n->flag == NDebug)
pprint("suicide: %s\n", n->msg);
qunlock(&up->debug);
pexit(n->msg, n->flag!=NDebug);
}
@ -719,8 +716,8 @@ notify(Ureg* ureg)
if(!okaddr((ulong)up->notify, 1, 0)
|| !okaddr(sp-ERRMAX-4*BY2WD, sizeof(Ureg)+ERRMAX+4*BY2WD, 1)){
pprint("suicide: bad address in notify\n");
qunlock(&up->debug);
pprint("suicide: bad address in notify\n");
pexit("Suicide", 0);
}

View file

@ -80,16 +80,12 @@ noted(Ureg* cur, uintptr arg0)
cur->sp = PTR2UINT(nf);
break;
default:
pprint("unknown noted arg %#p\n", arg0);
up->lastnote.flag = NDebug;
/*FALLTHROUGH*/
case NDFLT:
if(up->lastnote.flag == NDebug){
qunlock(&up->debug);
if(up->lastnote.flag == NDebug)
pprint("suicide: %s\n", up->lastnote.msg);
}
else
qunlock(&up->debug);
pexit(up->lastnote.msg, up->lastnote.flag != NDebug);
}
}
@ -127,9 +123,9 @@ notify(Ureg* ureg)
}
if(n->flag != NUser && (up->notified || up->notify == 0)){
qunlock(&up->debug);
if(n->flag == NDebug)
pprint("suicide: %s\n", n->msg);
qunlock(&up->debug);
pexit(n->msg, n->flag != NDebug);
}
@ -144,8 +140,8 @@ notify(Ureg* ureg)
pexit(n->msg, n->flag != NDebug);
}
if(!okaddr(PTR2UINT(up->notify), 1, 0)){
pprint("suicide: notify function address %#p\n", up->notify);
qunlock(&up->debug);
pprint("suicide: notify function address %#p\n", up->notify);
pexit("Suicide", 0);
}

View file

@ -717,9 +717,9 @@ notify(Ureg* ur)
}
if(n->flag!=NUser && (up->notified || up->notify==0)){
qunlock(&up->debug);
if(n->flag == NDebug)
pprint("suicide: %s\n", n->msg);
qunlock(&up->debug);
pexit(n->msg, n->flag!=NDebug);
}
@ -738,8 +738,8 @@ notify(Ureg* ur)
if(!okaddr((ulong)up->notify, BY2WD, 0) ||
!okaddr(sp-ERRMAX-4*BY2WD, sizeof(Ureg)+ERRMAX+4*BY2WD, 1)) {
pprint("suicide: bad address or sp in notify\n");
qunlock(&up->debug);
pprint("suicide: bad address or sp in notify\n");
pexit("Suicide", 0);
}
@ -788,8 +788,8 @@ noted(Ureg* ureg, ulong arg0)
/* sanity clause */
oureg = (ulong)nureg;
if(!okaddr((ulong)oureg-BY2WD, BY2WD+sizeof(Ureg), 0)){
pprint("bad ureg in noted or call to noted when not notified\n");
qunlock(&up->debug);
pprint("bad ureg in noted or call to noted when not notified\n");
pexit("Suicide", 0);
}
@ -799,8 +799,8 @@ noted(Ureg* ureg, ulong arg0)
case NCONT:
case NRSTR:
if(!okaddr(nureg->pc, 1, 0) || !okaddr(nureg->usp, BY2WD, 0)){
pprint("suicide: trap in noted\n");
qunlock(&up->debug);
pprint("suicide: trap in noted\n");
pexit("Suicide", 0);
}
up->ureg = (Ureg*)(*(ulong*)(oureg-BY2WD));
@ -810,8 +810,8 @@ noted(Ureg* ureg, ulong arg0)
case NSAVE:
if(!okaddr(nureg->pc, BY2WD, 0)
|| !okaddr(nureg->usp, BY2WD, 0)){
pprint("suicide: trap in noted\n");
qunlock(&up->debug);
pprint("suicide: trap in noted\n");
pexit("Suicide", 0);
}
qunlock(&up->debug);
@ -823,14 +823,13 @@ noted(Ureg* ureg, ulong arg0)
break;
default:
pprint("unknown noted arg 0x%lux\n", arg0);
up->lastnote.flag = NDebug;
/* fall through */
case NDFLT:
qunlock(&up->debug);
if(up->lastnote.flag == NDebug)
pprint("suicide: %s\n", up->lastnote.msg);
qunlock(&up->debug);
pexit(up->lastnote.msg, up->lastnote.flag!=NDebug);
}
}

View file

@ -80,16 +80,12 @@ noted(Ureg* cur, uintptr arg0)
cur->sp = PTR2UINT(nf);
break;
default:
pprint("unknown noted arg %#p\n", arg0);
up->lastnote.flag = NDebug;
/*FALLTHROUGH*/
case NDFLT:
if(up->lastnote.flag == NDebug){
qunlock(&up->debug);
if(up->lastnote.flag == NDebug)
pprint("suicide: %s\n", up->lastnote.msg);
}
else
qunlock(&up->debug);
pexit(up->lastnote.msg, up->lastnote.flag != NDebug);
}
}
@ -127,9 +123,9 @@ notify(Ureg* ureg)
}
if(n->flag != NUser && (up->notified || up->notify == 0)){
qunlock(&up->debug);
if(n->flag == NDebug)
pprint("suicide: %s\n", n->msg);
qunlock(&up->debug);
pexit(n->msg, n->flag != NDebug);
}
@ -144,8 +140,8 @@ notify(Ureg* ureg)
pexit(n->msg, n->flag != NDebug);
}
if(!okaddr(PTR2UINT(up->notify), 1, 0)){
pprint("suicide: notify function address %#p\n", up->notify);
qunlock(&up->debug);
pprint("suicide: notify function address %#p\n", up->notify);
pexit("Suicide", 0);
}

View file

@ -154,9 +154,9 @@ notify(Ureg *ureg)
sprint(n->msg + l, " pc=0x%.8lux", ureg->pc);
}
if(n->flag != NUser && (up->notified || up->notify == 0)){
qunlock(&up->debug);
if(n->flag == NDebug)
pprint("suicide: %s\n", n->msg);
qunlock(&up->debug);
pexit(n->msg, n->flag != NDebug);
}
if(up->notified){
@ -247,7 +247,6 @@ noted(Ureg *ureg, ulong arg0)
break;
default:
pprint("unknown noted arg 0x%lux\n", arg0);
up->lastnote.flag = NDebug;
/* fallthrough */

View file

@ -846,9 +846,9 @@ notify(Ureg* ureg)
}
if(n->flag!=NUser && (up->notified || up->notify==0)){
qunlock(&up->debug);
if(n->flag == NDebug)
pprint("suicide: %s\n", n->msg);
qunlock(&up->debug);
pexit(n->msg, n->flag!=NDebug);
}
@ -964,16 +964,13 @@ if(0) print("%s %lud: noted %.8lux %.8lux\n",
break;
default:
pprint("unknown noted arg 0x%lux\n", arg0);
up->lastnote.flag = NDebug;
/* fall through */
case NDFLT:
if(up->lastnote.flag == NDebug){
qunlock(&up->debug);
if(up->lastnote.flag == NDebug)
pprint("suicide: %s\n", up->lastnote.msg);
} else
qunlock(&up->debug);
pexit(up->lastnote.msg, up->lastnote.flag!=NDebug);
}
}

View file

@ -446,7 +446,7 @@ procopen(Chan *c, int omode)
break;
default:
pprint("procopen %#lux\n", QID(c->qid));
print("procopen %#lux\n", QID(c->qid));
error(Egreg);
}
@ -1156,7 +1156,7 @@ procwrite(Chan *c, void *va, long n, vlong off)
error(Ebadarg);
break;
default:
pprint("unknown qid in procwrite\n");
print("unknown qid in procwrite\n");
error(Egreg);
}
poperror();

View file

@ -328,7 +328,6 @@ okaddr(ulong addr, ulong len, int write)
return 1;
}
}
pprint("suicide: invalid address %#lux/%lud in sys call pc=%#lux\n", addr, len, userpc());
return 0;
}
@ -336,6 +335,7 @@ void
validaddr(ulong addr, ulong len, int write)
{
if(!okaddr(addr, len, write)){
pprint("suicide: invalid address %#lux/%lud in sys call pc=%#lux\n", addr, len, userpc());
postnote(up, 1, "sys: bad address in syscall", NDebug);
error(Ebadarg);
}

View file

@ -728,9 +728,9 @@ notify(Ureg* ur)
}
if(n->flag!=NUser && (up->notified || up->notify==0)){
qunlock(&up->debug);
if(n->flag == NDebug)
pprint("suicide: %s\n", n->msg);
qunlock(&up->debug);
pexit(n->msg, n->flag!=NDebug);
}
@ -750,8 +750,8 @@ notify(Ureg* ur)
if(!okaddr((ulong)up->notify, BY2WD, 0) ||
!okaddr(sp-ERRMAX-4*BY2WD, sizeof(Ureg)+ERRMAX+4*BY2WD, 1)) {
pprint("suicide: bad address or sp in notify\n");
qunlock(&up->debug);
pprint("suicide: bad address or sp in notify\n");
pexit("Suicide", 0);
}
@ -800,8 +800,8 @@ noted(Ureg* ureg, ulong arg0)
/* sanity clause */
oureg = (ulong)nureg;
if(!okaddr((ulong)oureg-BY2WD, BY2WD+sizeof(Ureg), 0)){
pprint("bad ureg in noted or call to noted when not notified\n");
qunlock(&up->debug);
pprint("bad ureg in noted or call to noted when not notified\n");
pexit("Suicide", 0);
}
@ -811,8 +811,8 @@ noted(Ureg* ureg, ulong arg0)
case NCONT:
case NRSTR:
if(!okaddr(nureg->pc, 1, 0) || !okaddr(nureg->usp, BY2WD, 0)){
pprint("suicide: trap in noted\n");
qunlock(&up->debug);
pprint("suicide: trap in noted\n");
pexit("Suicide", 0);
}
up->ureg = (Ureg*)(*(ulong*)(oureg-BY2WD));
@ -822,8 +822,8 @@ noted(Ureg* ureg, ulong arg0)
case NSAVE:
if(!okaddr(nureg->pc, BY2WD, 0)
|| !okaddr(nureg->usp, BY2WD, 0)){
pprint("suicide: trap in noted\n");
qunlock(&up->debug);
pprint("suicide: trap in noted\n");
pexit("Suicide", 0);
}
qunlock(&up->debug);
@ -835,14 +835,13 @@ noted(Ureg* ureg, ulong arg0)
break;
default:
pprint("unknown noted arg 0x%lux\n", arg0);
up->lastnote.flag = NDebug;
/* fall through */
case NDFLT:
qunlock(&up->debug);
if(up->lastnote.flag == NDebug)
pprint("suicide: %s\n", up->lastnote.msg);
qunlock(&up->debug);
pexit(up->lastnote.msg, up->lastnote.flag!=NDebug);
}
up->fpstate &= ~FPillegal;

View file

@ -86,16 +86,12 @@ noted(Ureg* cur, uintptr arg0)
cur->sp = PTR2UINT(nf);
break;
default:
pprint("unknown noted arg %#p\n", arg0);
up->lastnote.flag = NDebug;
/*FALLTHROUGH*/
case NDFLT:
if(up->lastnote.flag == NDebug){
qunlock(&up->debug);
if(up->lastnote.flag == NDebug)
pprint("suicide: %s\n", up->lastnote.msg);
}
else
qunlock(&up->debug);
pexit(up->lastnote.msg, up->lastnote.flag != NDebug);
}
}
@ -133,9 +129,9 @@ notify(Ureg* ureg)
}
if(n->flag != NUser && (up->notified || up->notify == 0)){
qunlock(&up->debug);
if(n->flag == NDebug)
pprint("suicide: %s\n", n->msg);
qunlock(&up->debug);
pexit(n->msg, n->flag != NDebug);
}
@ -150,8 +146,8 @@ notify(Ureg* ureg)
pexit(n->msg, n->flag != NDebug);
}
if(!okaddr(PTR2UINT(up->notify), 1, 0)){
pprint("suicide: notify function address %#p\n", up->notify);
qunlock(&up->debug);
pprint("suicide: notify function address %#p\n", up->notify);
pexit("Suicide", 0);
}