kernel: dont call pprint() while holding up->debug qlock
pprint() might block or even (maliciously) call into devproc write which will corrupt the qlock chain on attempt to qlock up->debug again.
This commit is contained in:
parent
afc2d547e1
commit
42074003ca
12 changed files with 43 additions and 72 deletions
|
@ -543,9 +543,9 @@ notify(Ureg *ur)
|
|||
}
|
||||
|
||||
if(n->flag != NUser && (up->notified || up->notify==0)) {
|
||||
qunlock(&up->debug);
|
||||
if(n->flag == NDebug)
|
||||
pprint("suicide: %s\n", n->msg);
|
||||
qunlock(&up->debug);
|
||||
pexit(n->msg, n->flag!=NDebug);
|
||||
}
|
||||
|
||||
|
@ -564,9 +564,8 @@ notify(Ureg *ur)
|
|||
|
||||
if(!okaddr((ulong)up->notify, BY2WD, 0)
|
||||
|| !okaddr(sp-ERRMAX-6*BY2WD, sizeof(Ureg)+ERRMAX-6*BY2WD, 1)) {
|
||||
pprint("suicide: bad address or sp in notify\n");
|
||||
print("suicide: bad address or sp in notify\n");
|
||||
qunlock(&up->debug);
|
||||
pprint("suicide: bad address or sp in notify\n");
|
||||
pexit("Suicide", 0);
|
||||
}
|
||||
|
||||
|
@ -618,7 +617,6 @@ noted(Ureg *kur, Ureg **urp, ulong arg0)
|
|||
if(arg0!=NRSTR && !up->notified) {
|
||||
qunlock(&up->debug);
|
||||
pprint("call to noted() when not notified\n");
|
||||
print("call to noted() when not notified\n");
|
||||
pexit("Suicide", 0);
|
||||
}
|
||||
up->notified = 0;
|
||||
|
@ -630,16 +628,14 @@ print("call to noted() when not notified\n");
|
|||
oureg = (ulong)nur;
|
||||
if((oureg & (BY2V-1))
|
||||
|| !okaddr((ulong)oureg-BY2WD, BY2WD+sizeof(Ureg), 0)){
|
||||
pprint("bad ureg in noted or call to noted() when not notified\n");
|
||||
print("bad ureg in noted or call to noted() when not notified\n");
|
||||
qunlock(&up->debug);
|
||||
pprint("bad ureg in noted or call to noted() when not notified\n");
|
||||
pexit("Suicide", 0);
|
||||
}
|
||||
|
||||
if(!validstatus(kur->status, nur->status)) {
|
||||
qunlock(&up->debug);
|
||||
pprint("bad noted ureg status %lux\n", (ulong)nur->status);
|
||||
print("bad noted ureg status %lux\n", (ulong)nur->status);
|
||||
pexit("Suicide", 0);
|
||||
}
|
||||
|
||||
|
@ -648,9 +644,8 @@ print("bad noted ureg status %lux\n", (ulong)nur->status);
|
|||
case NCONT:
|
||||
case NRSTR:
|
||||
if(!okaddr(nur->pc, BY2WD, 0) || !okaddr(nur->usp, BY2WD, 0)){
|
||||
pprint("suicide: trap in noted\n");
|
||||
print("suicide: trap in noted\n");
|
||||
qunlock(&up->debug);
|
||||
pprint("suicide: trap in noted\n");
|
||||
pexit("Suicide", 0);
|
||||
}
|
||||
up->ureg = (Ureg*)(*(ulong*)(oureg-BY2WD));
|
||||
|
@ -661,9 +656,8 @@ print("suicide: trap in noted\n");
|
|||
|
||||
case NSAVE:
|
||||
if(!okaddr(nur->pc, BY2WD, 0) || !okaddr(nur->usp, BY2WD, 0)){
|
||||
pprint("suicide: trap in noted\n");
|
||||
print("suicide: trap in noted\n");
|
||||
qunlock(&up->debug);
|
||||
pprint("suicide: trap in noted\n");
|
||||
pexit("Suicide", 0);
|
||||
}
|
||||
qunlock(&up->debug);
|
||||
|
@ -677,15 +671,13 @@ print("suicide: trap in noted\n");
|
|||
break;
|
||||
|
||||
default:
|
||||
pprint("unknown noted arg 0x%lux\n", arg0);
|
||||
print("unknown noted arg 0x%lux\n", arg0);
|
||||
up->lastnote.flag = NDebug;
|
||||
/* fall through */
|
||||
|
||||
case NDFLT:
|
||||
qunlock(&up->debug);
|
||||
if(up->lastnote.flag == NDebug)
|
||||
pprint("suicide: %s\n", up->lastnote.msg);
|
||||
qunlock(&up->debug);
|
||||
pexit(up->lastnote.msg, up->lastnote.flag!=NDebug);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -124,7 +124,7 @@ etherconfig(int on, char *spec, DevConf *cf)
|
|||
ether->ea[0], ether->ea[1], ether->ea[2],
|
||||
ether->ea[3], ether->ea[4], ether->ea[5]);
|
||||
seprint(p, e, "\n");
|
||||
pprint(buf);
|
||||
print("%s", buf);
|
||||
|
||||
etherxx[ctlrno] = ether;
|
||||
return 0;
|
||||
|
|
|
@ -617,8 +617,8 @@ noted(Ureg* ureg, ulong arg0)
|
|||
/* sanity clause */
|
||||
oureg = (ulong)nureg;
|
||||
if(!okaddr((ulong)oureg-BY2WD, BY2WD+sizeof(Ureg), 0)){
|
||||
pprint("bad ureg in noted or call to noted when not notified\n");
|
||||
qunlock(&up->debug);
|
||||
pprint("bad ureg in noted or call to noted when not notified\n");
|
||||
pexit("Suicide", 0);
|
||||
}
|
||||
|
||||
|
@ -656,16 +656,13 @@ noted(Ureg* ureg, ulong arg0)
|
|||
break;
|
||||
|
||||
default:
|
||||
pprint("unknown noted arg 0x%lux\n", arg0);
|
||||
up->lastnote.flag = NDebug;
|
||||
/* fall through */
|
||||
|
||||
case NDFLT:
|
||||
if(up->lastnote.flag == NDebug){
|
||||
qunlock(&up->debug);
|
||||
if(up->lastnote.flag == NDebug)
|
||||
pprint("suicide: %s\n", up->lastnote.msg);
|
||||
} else
|
||||
qunlock(&up->debug);
|
||||
pexit(up->lastnote.msg, up->lastnote.flag!=NDebug);
|
||||
}
|
||||
}
|
||||
|
@ -698,9 +695,9 @@ notify(Ureg* ureg)
|
|||
}
|
||||
|
||||
if(n->flag!=NUser && (up->notified || up->notify==0)){
|
||||
qunlock(&up->debug);
|
||||
if(n->flag == NDebug)
|
||||
pprint("suicide: %s\n", n->msg);
|
||||
qunlock(&up->debug);
|
||||
pexit(n->msg, n->flag!=NDebug);
|
||||
}
|
||||
|
||||
|
@ -719,8 +716,8 @@ notify(Ureg* ureg)
|
|||
|
||||
if(!okaddr((ulong)up->notify, 1, 0)
|
||||
|| !okaddr(sp-ERRMAX-4*BY2WD, sizeof(Ureg)+ERRMAX+4*BY2WD, 1)){
|
||||
pprint("suicide: bad address in notify\n");
|
||||
qunlock(&up->debug);
|
||||
pprint("suicide: bad address in notify\n");
|
||||
pexit("Suicide", 0);
|
||||
}
|
||||
|
||||
|
|
|
@ -80,16 +80,12 @@ noted(Ureg* cur, uintptr arg0)
|
|||
cur->sp = PTR2UINT(nf);
|
||||
break;
|
||||
default:
|
||||
pprint("unknown noted arg %#p\n", arg0);
|
||||
up->lastnote.flag = NDebug;
|
||||
/*FALLTHROUGH*/
|
||||
case NDFLT:
|
||||
if(up->lastnote.flag == NDebug){
|
||||
qunlock(&up->debug);
|
||||
if(up->lastnote.flag == NDebug)
|
||||
pprint("suicide: %s\n", up->lastnote.msg);
|
||||
}
|
||||
else
|
||||
qunlock(&up->debug);
|
||||
pexit(up->lastnote.msg, up->lastnote.flag != NDebug);
|
||||
}
|
||||
}
|
||||
|
@ -127,9 +123,9 @@ notify(Ureg* ureg)
|
|||
}
|
||||
|
||||
if(n->flag != NUser && (up->notified || up->notify == 0)){
|
||||
qunlock(&up->debug);
|
||||
if(n->flag == NDebug)
|
||||
pprint("suicide: %s\n", n->msg);
|
||||
qunlock(&up->debug);
|
||||
pexit(n->msg, n->flag != NDebug);
|
||||
}
|
||||
|
||||
|
@ -144,8 +140,8 @@ notify(Ureg* ureg)
|
|||
pexit(n->msg, n->flag != NDebug);
|
||||
}
|
||||
if(!okaddr(PTR2UINT(up->notify), 1, 0)){
|
||||
pprint("suicide: notify function address %#p\n", up->notify);
|
||||
qunlock(&up->debug);
|
||||
pprint("suicide: notify function address %#p\n", up->notify);
|
||||
pexit("Suicide", 0);
|
||||
}
|
||||
|
||||
|
|
|
@ -717,9 +717,9 @@ notify(Ureg* ur)
|
|||
}
|
||||
|
||||
if(n->flag!=NUser && (up->notified || up->notify==0)){
|
||||
qunlock(&up->debug);
|
||||
if(n->flag == NDebug)
|
||||
pprint("suicide: %s\n", n->msg);
|
||||
qunlock(&up->debug);
|
||||
pexit(n->msg, n->flag!=NDebug);
|
||||
}
|
||||
|
||||
|
@ -738,8 +738,8 @@ notify(Ureg* ur)
|
|||
|
||||
if(!okaddr((ulong)up->notify, BY2WD, 0) ||
|
||||
!okaddr(sp-ERRMAX-4*BY2WD, sizeof(Ureg)+ERRMAX+4*BY2WD, 1)) {
|
||||
pprint("suicide: bad address or sp in notify\n");
|
||||
qunlock(&up->debug);
|
||||
pprint("suicide: bad address or sp in notify\n");
|
||||
pexit("Suicide", 0);
|
||||
}
|
||||
|
||||
|
@ -788,8 +788,8 @@ noted(Ureg* ureg, ulong arg0)
|
|||
/* sanity clause */
|
||||
oureg = (ulong)nureg;
|
||||
if(!okaddr((ulong)oureg-BY2WD, BY2WD+sizeof(Ureg), 0)){
|
||||
pprint("bad ureg in noted or call to noted when not notified\n");
|
||||
qunlock(&up->debug);
|
||||
pprint("bad ureg in noted or call to noted when not notified\n");
|
||||
pexit("Suicide", 0);
|
||||
}
|
||||
|
||||
|
@ -799,8 +799,8 @@ noted(Ureg* ureg, ulong arg0)
|
|||
case NCONT:
|
||||
case NRSTR:
|
||||
if(!okaddr(nureg->pc, 1, 0) || !okaddr(nureg->usp, BY2WD, 0)){
|
||||
pprint("suicide: trap in noted\n");
|
||||
qunlock(&up->debug);
|
||||
pprint("suicide: trap in noted\n");
|
||||
pexit("Suicide", 0);
|
||||
}
|
||||
up->ureg = (Ureg*)(*(ulong*)(oureg-BY2WD));
|
||||
|
@ -810,8 +810,8 @@ noted(Ureg* ureg, ulong arg0)
|
|||
case NSAVE:
|
||||
if(!okaddr(nureg->pc, BY2WD, 0)
|
||||
|| !okaddr(nureg->usp, BY2WD, 0)){
|
||||
pprint("suicide: trap in noted\n");
|
||||
qunlock(&up->debug);
|
||||
pprint("suicide: trap in noted\n");
|
||||
pexit("Suicide", 0);
|
||||
}
|
||||
qunlock(&up->debug);
|
||||
|
@ -823,14 +823,13 @@ noted(Ureg* ureg, ulong arg0)
|
|||
break;
|
||||
|
||||
default:
|
||||
pprint("unknown noted arg 0x%lux\n", arg0);
|
||||
up->lastnote.flag = NDebug;
|
||||
/* fall through */
|
||||
|
||||
case NDFLT:
|
||||
qunlock(&up->debug);
|
||||
if(up->lastnote.flag == NDebug)
|
||||
pprint("suicide: %s\n", up->lastnote.msg);
|
||||
qunlock(&up->debug);
|
||||
pexit(up->lastnote.msg, up->lastnote.flag!=NDebug);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -80,16 +80,12 @@ noted(Ureg* cur, uintptr arg0)
|
|||
cur->sp = PTR2UINT(nf);
|
||||
break;
|
||||
default:
|
||||
pprint("unknown noted arg %#p\n", arg0);
|
||||
up->lastnote.flag = NDebug;
|
||||
/*FALLTHROUGH*/
|
||||
case NDFLT:
|
||||
if(up->lastnote.flag == NDebug){
|
||||
qunlock(&up->debug);
|
||||
if(up->lastnote.flag == NDebug)
|
||||
pprint("suicide: %s\n", up->lastnote.msg);
|
||||
}
|
||||
else
|
||||
qunlock(&up->debug);
|
||||
pexit(up->lastnote.msg, up->lastnote.flag != NDebug);
|
||||
}
|
||||
}
|
||||
|
@ -127,9 +123,9 @@ notify(Ureg* ureg)
|
|||
}
|
||||
|
||||
if(n->flag != NUser && (up->notified || up->notify == 0)){
|
||||
qunlock(&up->debug);
|
||||
if(n->flag == NDebug)
|
||||
pprint("suicide: %s\n", n->msg);
|
||||
qunlock(&up->debug);
|
||||
pexit(n->msg, n->flag != NDebug);
|
||||
}
|
||||
|
||||
|
@ -144,8 +140,8 @@ notify(Ureg* ureg)
|
|||
pexit(n->msg, n->flag != NDebug);
|
||||
}
|
||||
if(!okaddr(PTR2UINT(up->notify), 1, 0)){
|
||||
pprint("suicide: notify function address %#p\n", up->notify);
|
||||
qunlock(&up->debug);
|
||||
pprint("suicide: notify function address %#p\n", up->notify);
|
||||
pexit("Suicide", 0);
|
||||
}
|
||||
|
||||
|
|
|
@ -154,9 +154,9 @@ notify(Ureg *ureg)
|
|||
sprint(n->msg + l, " pc=0x%.8lux", ureg->pc);
|
||||
}
|
||||
if(n->flag != NUser && (up->notified || up->notify == 0)){
|
||||
qunlock(&up->debug);
|
||||
if(n->flag == NDebug)
|
||||
pprint("suicide: %s\n", n->msg);
|
||||
qunlock(&up->debug);
|
||||
pexit(n->msg, n->flag != NDebug);
|
||||
}
|
||||
if(up->notified){
|
||||
|
@ -247,7 +247,6 @@ noted(Ureg *ureg, ulong arg0)
|
|||
break;
|
||||
|
||||
default:
|
||||
pprint("unknown noted arg 0x%lux\n", arg0);
|
||||
up->lastnote.flag = NDebug;
|
||||
/* fallthrough */
|
||||
|
||||
|
|
|
@ -846,9 +846,9 @@ notify(Ureg* ureg)
|
|||
}
|
||||
|
||||
if(n->flag!=NUser && (up->notified || up->notify==0)){
|
||||
qunlock(&up->debug);
|
||||
if(n->flag == NDebug)
|
||||
pprint("suicide: %s\n", n->msg);
|
||||
qunlock(&up->debug);
|
||||
pexit(n->msg, n->flag!=NDebug);
|
||||
}
|
||||
|
||||
|
@ -964,16 +964,13 @@ if(0) print("%s %lud: noted %.8lux %.8lux\n",
|
|||
break;
|
||||
|
||||
default:
|
||||
pprint("unknown noted arg 0x%lux\n", arg0);
|
||||
up->lastnote.flag = NDebug;
|
||||
/* fall through */
|
||||
|
||||
case NDFLT:
|
||||
if(up->lastnote.flag == NDebug){
|
||||
qunlock(&up->debug);
|
||||
if(up->lastnote.flag == NDebug)
|
||||
pprint("suicide: %s\n", up->lastnote.msg);
|
||||
} else
|
||||
qunlock(&up->debug);
|
||||
pexit(up->lastnote.msg, up->lastnote.flag!=NDebug);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -446,7 +446,7 @@ procopen(Chan *c, int omode)
|
|||
break;
|
||||
|
||||
default:
|
||||
pprint("procopen %#lux\n", QID(c->qid));
|
||||
print("procopen %#lux\n", QID(c->qid));
|
||||
error(Egreg);
|
||||
}
|
||||
|
||||
|
@ -1156,7 +1156,7 @@ procwrite(Chan *c, void *va, long n, vlong off)
|
|||
error(Ebadarg);
|
||||
break;
|
||||
default:
|
||||
pprint("unknown qid in procwrite\n");
|
||||
print("unknown qid in procwrite\n");
|
||||
error(Egreg);
|
||||
}
|
||||
poperror();
|
||||
|
|
|
@ -328,7 +328,6 @@ okaddr(ulong addr, ulong len, int write)
|
|||
return 1;
|
||||
}
|
||||
}
|
||||
pprint("suicide: invalid address %#lux/%lud in sys call pc=%#lux\n", addr, len, userpc());
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -336,6 +335,7 @@ void
|
|||
validaddr(ulong addr, ulong len, int write)
|
||||
{
|
||||
if(!okaddr(addr, len, write)){
|
||||
pprint("suicide: invalid address %#lux/%lud in sys call pc=%#lux\n", addr, len, userpc());
|
||||
postnote(up, 1, "sys: bad address in syscall", NDebug);
|
||||
error(Ebadarg);
|
||||
}
|
||||
|
|
|
@ -728,9 +728,9 @@ notify(Ureg* ur)
|
|||
}
|
||||
|
||||
if(n->flag!=NUser && (up->notified || up->notify==0)){
|
||||
qunlock(&up->debug);
|
||||
if(n->flag == NDebug)
|
||||
pprint("suicide: %s\n", n->msg);
|
||||
qunlock(&up->debug);
|
||||
pexit(n->msg, n->flag!=NDebug);
|
||||
}
|
||||
|
||||
|
@ -750,8 +750,8 @@ notify(Ureg* ur)
|
|||
|
||||
if(!okaddr((ulong)up->notify, BY2WD, 0) ||
|
||||
!okaddr(sp-ERRMAX-4*BY2WD, sizeof(Ureg)+ERRMAX+4*BY2WD, 1)) {
|
||||
pprint("suicide: bad address or sp in notify\n");
|
||||
qunlock(&up->debug);
|
||||
pprint("suicide: bad address or sp in notify\n");
|
||||
pexit("Suicide", 0);
|
||||
}
|
||||
|
||||
|
@ -800,8 +800,8 @@ noted(Ureg* ureg, ulong arg0)
|
|||
/* sanity clause */
|
||||
oureg = (ulong)nureg;
|
||||
if(!okaddr((ulong)oureg-BY2WD, BY2WD+sizeof(Ureg), 0)){
|
||||
pprint("bad ureg in noted or call to noted when not notified\n");
|
||||
qunlock(&up->debug);
|
||||
pprint("bad ureg in noted or call to noted when not notified\n");
|
||||
pexit("Suicide", 0);
|
||||
}
|
||||
|
||||
|
@ -811,8 +811,8 @@ noted(Ureg* ureg, ulong arg0)
|
|||
case NCONT:
|
||||
case NRSTR:
|
||||
if(!okaddr(nureg->pc, 1, 0) || !okaddr(nureg->usp, BY2WD, 0)){
|
||||
pprint("suicide: trap in noted\n");
|
||||
qunlock(&up->debug);
|
||||
pprint("suicide: trap in noted\n");
|
||||
pexit("Suicide", 0);
|
||||
}
|
||||
up->ureg = (Ureg*)(*(ulong*)(oureg-BY2WD));
|
||||
|
@ -822,8 +822,8 @@ noted(Ureg* ureg, ulong arg0)
|
|||
case NSAVE:
|
||||
if(!okaddr(nureg->pc, BY2WD, 0)
|
||||
|| !okaddr(nureg->usp, BY2WD, 0)){
|
||||
pprint("suicide: trap in noted\n");
|
||||
qunlock(&up->debug);
|
||||
pprint("suicide: trap in noted\n");
|
||||
pexit("Suicide", 0);
|
||||
}
|
||||
qunlock(&up->debug);
|
||||
|
@ -835,14 +835,13 @@ noted(Ureg* ureg, ulong arg0)
|
|||
break;
|
||||
|
||||
default:
|
||||
pprint("unknown noted arg 0x%lux\n", arg0);
|
||||
up->lastnote.flag = NDebug;
|
||||
/* fall through */
|
||||
|
||||
case NDFLT:
|
||||
qunlock(&up->debug);
|
||||
if(up->lastnote.flag == NDebug)
|
||||
pprint("suicide: %s\n", up->lastnote.msg);
|
||||
qunlock(&up->debug);
|
||||
pexit(up->lastnote.msg, up->lastnote.flag!=NDebug);
|
||||
}
|
||||
up->fpstate &= ~FPillegal;
|
||||
|
|
|
@ -86,16 +86,12 @@ noted(Ureg* cur, uintptr arg0)
|
|||
cur->sp = PTR2UINT(nf);
|
||||
break;
|
||||
default:
|
||||
pprint("unknown noted arg %#p\n", arg0);
|
||||
up->lastnote.flag = NDebug;
|
||||
/*FALLTHROUGH*/
|
||||
case NDFLT:
|
||||
if(up->lastnote.flag == NDebug){
|
||||
qunlock(&up->debug);
|
||||
if(up->lastnote.flag == NDebug)
|
||||
pprint("suicide: %s\n", up->lastnote.msg);
|
||||
}
|
||||
else
|
||||
qunlock(&up->debug);
|
||||
pexit(up->lastnote.msg, up->lastnote.flag != NDebug);
|
||||
}
|
||||
}
|
||||
|
@ -133,9 +129,9 @@ notify(Ureg* ureg)
|
|||
}
|
||||
|
||||
if(n->flag != NUser && (up->notified || up->notify == 0)){
|
||||
qunlock(&up->debug);
|
||||
if(n->flag == NDebug)
|
||||
pprint("suicide: %s\n", n->msg);
|
||||
qunlock(&up->debug);
|
||||
pexit(n->msg, n->flag != NDebug);
|
||||
}
|
||||
|
||||
|
@ -150,8 +146,8 @@ notify(Ureg* ureg)
|
|||
pexit(n->msg, n->flag != NDebug);
|
||||
}
|
||||
if(!okaddr(PTR2UINT(up->notify), 1, 0)){
|
||||
pprint("suicide: notify function address %#p\n", up->notify);
|
||||
qunlock(&up->debug);
|
||||
pprint("suicide: notify function address %#p\n", up->notify);
|
||||
pexit("Suicide", 0);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue