aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Greenman <dg@FreeBSD.org>1995-05-25 01:35:24 +0000
committerDavid Greenman <dg@FreeBSD.org>1995-05-25 01:35:24 +0000
commit243e5a88d532ff611f3fc3b4decfc51eecda3854 (patch)
treed8e24731030c03fe1ed42d7824786e43f50fbeec
parent903463ef42563351d2179ff01b733f725e60e50d (diff)
downloadsrc-243e5a88d532ff611f3fc3b4decfc51eecda3854.tar.gz
src-243e5a88d532ff611f3fc3b4decfc51eecda3854.zip
Fixed panic that resulted from mmaping files in kernfs and procfs. A
regular user could panic the machine with a simple "tail /proc/curproc/mem" command. The problem was twofold: both kernfs and procfs didn't fill in the mnt_stat statfs struct (which would later lead to an integer divide fault in the vnode pager), and kernfs bogusly paniced if a bmap was attempted. Reviewed by: John Dyson
Notes
Notes: svn path=/head/; revision=8740
-rw-r--r--sys/fs/procfs/procfs.h4
-rw-r--r--sys/fs/procfs/procfs_vfsops.c6
-rw-r--r--sys/fs/procfs/procfs_vnops.c30
-rw-r--r--sys/miscfs/kernfs/kernfs_vfsops.c5
-rw-r--r--sys/miscfs/kernfs/kernfs_vnops.c6
-rw-r--r--sys/miscfs/procfs/procfs.h4
-rw-r--r--sys/miscfs/procfs/procfs_vfsops.c6
-rw-r--r--sys/miscfs/procfs/procfs_vnops.c30
8 files changed, 20 insertions, 71 deletions
diff --git a/sys/fs/procfs/procfs.h b/sys/fs/procfs/procfs.h
index aabb1d3ef7b9..22c3800b930d 100644
--- a/sys/fs/procfs/procfs.h
+++ b/sys/fs/procfs/procfs.h
@@ -36,7 +36,7 @@
*
* @(#)procfs.h 8.6 (Berkeley) 2/3/94
*
- * $Id: procfs.h,v 1.3 1995/03/16 18:13:45 bde Exp $
+ * $Id: procfs.h,v 1.4 1995/04/15 02:30:08 davidg Exp $
*/
/*
@@ -175,7 +175,7 @@ int procfs_inactive __P((struct vop_inactive_args *));
int procfs_reclaim __P((struct vop_reclaim_args *));
#define procfs_lock ((int (*) __P((struct vop_lock_args *))) nullop)
#define procfs_unlock ((int (*) __P((struct vop_unlock_args *))) nullop)
-int procfs_bmap __P((struct vop_bmap_args *));
+#define procfs_bmap ((int (*) __P((struct vop_bmap_args *))) procfs_badop)
#define procfs_strategy ((int (*) __P((struct vop_strategy_args *))) procfs_badop)
int procfs_print __P((struct vop_print_args *));
#define procfs_islocked ((int (*) __P((struct vop_islocked_args *))) nullop)
diff --git a/sys/fs/procfs/procfs_vfsops.c b/sys/fs/procfs/procfs_vfsops.c
index b933a189b73a..4113063218c3 100644
--- a/sys/fs/procfs/procfs_vfsops.c
+++ b/sys/fs/procfs/procfs_vfsops.c
@@ -36,7 +36,7 @@
*
* @(#)procfs_vfsops.c 8.4 (Berkeley) 1/21/94
*
- * $Id: procfs_vfsops.c,v 1.8 1995/03/16 18:13:47 bde Exp $
+ * $Id: procfs_vfsops.c,v 1.9 1995/03/16 20:23:42 wollman Exp $
*/
/*
@@ -56,6 +56,8 @@
#include <miscfs/procfs/procfs.h>
#include <vm/vm.h> /* for PAGE_SIZE */
+int procfs_statfs __P((struct mount *, struct statfs *, struct proc *));
+
/*
* VFS Operations.
*
@@ -90,7 +92,7 @@ procfs_mount(mp, path, data, ndp, p)
size = sizeof("procfs") - 1;
bcopy("procfs", mp->mnt_stat.f_mntfromname, size);
bzero(mp->mnt_stat.f_mntfromname + size, MNAMELEN - size);
-
+ (void)procfs_statfs(mp, &mp->mnt_stat, p);
return (0);
}
diff --git a/sys/fs/procfs/procfs_vnops.c b/sys/fs/procfs/procfs_vnops.c
index 736b2fe3e45f..8decad4f8bed 100644
--- a/sys/fs/procfs/procfs_vnops.c
+++ b/sys/fs/procfs/procfs_vnops.c
@@ -36,7 +36,7 @@
*
* @(#)procfs_vnops.c 8.6 (Berkeley) 2/7/94
*
- * $Id: procfs_vnops.c,v 1.11 1995/04/15 03:20:31 davidg Exp $
+ * $Id: procfs_vnops.c,v 1.12 1995/05/11 19:26:33 rgrimes Exp $
*/
/*
@@ -169,30 +169,6 @@ procfs_ioctl(ap)
}
/*
- * do block mapping for pfsnode (vp).
- * since we don't use the buffer cache
- * for procfs this function should never
- * be called. in any case, it's not clear
- * what part of the kernel ever makes use
- * of this function. for sanity, this is the
- * usual no-op bmap, although returning
- * (EIO) would be a reasonable alternative.
- */
-int
-procfs_bmap(ap)
- struct vop_bmap_args *ap;
-{
-
- if (ap->a_vpp != NULL)
- *ap->a_vpp = ap->a_vp;
- if (ap->a_bnp != NULL)
- *ap->a_bnp = ap->a_bn;
- if (ap->a_runp != NULL)
- *ap->a_runp = 0;
- return (0);
-}
-
-/*
* _inactive is called when the pfsnode
* is vrele'd and the reference count goes
* to zero. (vp) will be on the vnode free
@@ -428,10 +404,6 @@ procfs_getattr(ap)
case Pmem:
vap->va_nlink = 1;
- vap->va_bytes = vap->va_size =
- ctob(procp->p_vmspace->vm_tsize +
- procp->p_vmspace->vm_dsize +
- procp->p_vmspace->vm_ssize);
/*
* If we denied owner access earlier, then we have to
* change the owner to root - otherwise 'ps' and friends
diff --git a/sys/miscfs/kernfs/kernfs_vfsops.c b/sys/miscfs/kernfs/kernfs_vfsops.c
index 4c549758213f..e6f97c700f91 100644
--- a/sys/miscfs/kernfs/kernfs_vfsops.c
+++ b/sys/miscfs/kernfs/kernfs_vfsops.c
@@ -34,7 +34,7 @@
* SUCH DAMAGE.
*
* @(#)kernfs_vfsops.c 8.4 (Berkeley) 1/21/94
- * $Id: kernfs_vfsops.c,v 1.7 1995/03/16 18:13:23 bde Exp $
+ * $Id: kernfs_vfsops.c,v 1.8 1995/03/16 20:23:38 wollman Exp $
*/
/*
@@ -57,6 +57,8 @@
struct vnode *rrootvp;
+int kernfs_statfs __P((struct mount *, struct statfs *, struct proc *));
+
/*
* Create a vnode for a character device.
*/
@@ -160,6 +162,7 @@ kernfs_mount(mp, path, data, ndp, p)
bzero(mp->mnt_stat.f_mntonname + size, MNAMELEN - size);
bzero(mp->mnt_stat.f_mntfromname, MNAMELEN);
bcopy("kernfs", mp->mnt_stat.f_mntfromname, sizeof("kernfs"));
+ (void)kernfs_statfs(mp, &mp->mnt_stat, p);
#ifdef KERNFS_DIAGNOSTIC
printf("kernfs_mount: at %s\n", mp->mnt_stat.f_mntonname);
#endif
diff --git a/sys/miscfs/kernfs/kernfs_vnops.c b/sys/miscfs/kernfs/kernfs_vnops.c
index b38fc5e2b743..a9bf9e713675 100644
--- a/sys/miscfs/kernfs/kernfs_vnops.c
+++ b/sys/miscfs/kernfs/kernfs_vnops.c
@@ -34,7 +34,7 @@
* SUCH DAMAGE.
*
* @(#)kernfs_vnops.c 8.6 (Berkeley) 2/10/94
- * $Id: kernfs_vnops.c,v 1.6 1994/10/02 17:48:09 phk Exp $
+ * $Id: kernfs_vnops.c,v 1.7 1994/11/15 20:30:56 jkh Exp $
*/
/*
@@ -693,9 +693,7 @@ kernfs_enotsupp()
int
kernfs_badop()
{
-
- panic("kernfs: bad op");
- /* NOTREACHED */
+ return (EIO);
}
/*
diff --git a/sys/miscfs/procfs/procfs.h b/sys/miscfs/procfs/procfs.h
index aabb1d3ef7b9..22c3800b930d 100644
--- a/sys/miscfs/procfs/procfs.h
+++ b/sys/miscfs/procfs/procfs.h
@@ -36,7 +36,7 @@
*
* @(#)procfs.h 8.6 (Berkeley) 2/3/94
*
- * $Id: procfs.h,v 1.3 1995/03/16 18:13:45 bde Exp $
+ * $Id: procfs.h,v 1.4 1995/04/15 02:30:08 davidg Exp $
*/
/*
@@ -175,7 +175,7 @@ int procfs_inactive __P((struct vop_inactive_args *));
int procfs_reclaim __P((struct vop_reclaim_args *));
#define procfs_lock ((int (*) __P((struct vop_lock_args *))) nullop)
#define procfs_unlock ((int (*) __P((struct vop_unlock_args *))) nullop)
-int procfs_bmap __P((struct vop_bmap_args *));
+#define procfs_bmap ((int (*) __P((struct vop_bmap_args *))) procfs_badop)
#define procfs_strategy ((int (*) __P((struct vop_strategy_args *))) procfs_badop)
int procfs_print __P((struct vop_print_args *));
#define procfs_islocked ((int (*) __P((struct vop_islocked_args *))) nullop)
diff --git a/sys/miscfs/procfs/procfs_vfsops.c b/sys/miscfs/procfs/procfs_vfsops.c
index b933a189b73a..4113063218c3 100644
--- a/sys/miscfs/procfs/procfs_vfsops.c
+++ b/sys/miscfs/procfs/procfs_vfsops.c
@@ -36,7 +36,7 @@
*
* @(#)procfs_vfsops.c 8.4 (Berkeley) 1/21/94
*
- * $Id: procfs_vfsops.c,v 1.8 1995/03/16 18:13:47 bde Exp $
+ * $Id: procfs_vfsops.c,v 1.9 1995/03/16 20:23:42 wollman Exp $
*/
/*
@@ -56,6 +56,8 @@
#include <miscfs/procfs/procfs.h>
#include <vm/vm.h> /* for PAGE_SIZE */
+int procfs_statfs __P((struct mount *, struct statfs *, struct proc *));
+
/*
* VFS Operations.
*
@@ -90,7 +92,7 @@ procfs_mount(mp, path, data, ndp, p)
size = sizeof("procfs") - 1;
bcopy("procfs", mp->mnt_stat.f_mntfromname, size);
bzero(mp->mnt_stat.f_mntfromname + size, MNAMELEN - size);
-
+ (void)procfs_statfs(mp, &mp->mnt_stat, p);
return (0);
}
diff --git a/sys/miscfs/procfs/procfs_vnops.c b/sys/miscfs/procfs/procfs_vnops.c
index 736b2fe3e45f..8decad4f8bed 100644
--- a/sys/miscfs/procfs/procfs_vnops.c
+++ b/sys/miscfs/procfs/procfs_vnops.c
@@ -36,7 +36,7 @@
*
* @(#)procfs_vnops.c 8.6 (Berkeley) 2/7/94
*
- * $Id: procfs_vnops.c,v 1.11 1995/04/15 03:20:31 davidg Exp $
+ * $Id: procfs_vnops.c,v 1.12 1995/05/11 19:26:33 rgrimes Exp $
*/
/*
@@ -169,30 +169,6 @@ procfs_ioctl(ap)
}
/*
- * do block mapping for pfsnode (vp).
- * since we don't use the buffer cache
- * for procfs this function should never
- * be called. in any case, it's not clear
- * what part of the kernel ever makes use
- * of this function. for sanity, this is the
- * usual no-op bmap, although returning
- * (EIO) would be a reasonable alternative.
- */
-int
-procfs_bmap(ap)
- struct vop_bmap_args *ap;
-{
-
- if (ap->a_vpp != NULL)
- *ap->a_vpp = ap->a_vp;
- if (ap->a_bnp != NULL)
- *ap->a_bnp = ap->a_bn;
- if (ap->a_runp != NULL)
- *ap->a_runp = 0;
- return (0);
-}
-
-/*
* _inactive is called when the pfsnode
* is vrele'd and the reference count goes
* to zero. (vp) will be on the vnode free
@@ -428,10 +404,6 @@ procfs_getattr(ap)
case Pmem:
vap->va_nlink = 1;
- vap->va_bytes = vap->va_size =
- ctob(procp->p_vmspace->vm_tsize +
- procp->p_vmspace->vm_dsize +
- procp->p_vmspace->vm_ssize);
/*
* If we denied owner access earlier, then we have to
* change the owner to root - otherwise 'ps' and friends