Fixed panic that resulted from mmaping files in kernfs and procfs. A

regular user could panic the machine with a simple "tail /proc/curproc/mem"
command. The problem was twofold: both kernfs and procfs didn't fill in
the mnt_stat statfs struct (which would later lead to an integer divide
fault in the vnode pager), and kernfs bogusly paniced if a bmap was
attempted.

Reviewed by:	John Dyson

3 files changed, 7 insertions, 33 deletions

diff --git a/sys/fs/procfs/procfs.h b/sys/fs/procfs/procfs.h
index aabb1d3ef7b9..22c3800b930d 100644
--- a/sys/fs/procfs/procfs.h
+++ b/sys/fs/procfs/procfs.h
@@ -36,7 +36,7 @@
  *
  *	@(#)procfs.h	8.6 (Berkeley) 2/3/94
  *
- *	$Id: procfs.h,v 1.3 1995/03/16 18:13:45 bde Exp $
+ *	$Id: procfs.h,v 1.4 1995/04/15 02:30:08 davidg Exp $
  */
 
 /*
@@ -175,7 +175,7 @@ int	procfs_inactive __P((struct vop_inactive_args *));
 int	procfs_reclaim __P((struct vop_reclaim_args *));
 #define procfs_lock ((int (*) __P((struct vop_lock_args *))) nullop)
 #define procfs_unlock ((int (*) __P((struct vop_unlock_args *))) nullop)
-int	procfs_bmap __P((struct vop_bmap_args *));
+#define procfs_bmap ((int (*) __P((struct vop_bmap_args *))) procfs_badop)
 #define	procfs_strategy ((int (*) __P((struct vop_strategy_args *))) procfs_badop)
 int	procfs_print __P((struct vop_print_args *));
 #define procfs_islocked ((int (*) __P((struct vop_islocked_args *))) nullop)
diff --git a/sys/fs/procfs/procfs_vfsops.c b/sys/fs/procfs/procfs_vfsops.c
index b933a189b73a..4113063218c3 100644
--- a/sys/fs/procfs/procfs_vfsops.c
+++ b/sys/fs/procfs/procfs_vfsops.c
@@ -36,7 +36,7 @@
  *
  *	@(#)procfs_vfsops.c	8.4 (Berkeley) 1/21/94
  *
- *	$Id: procfs_vfsops.c,v 1.8 1995/03/16 18:13:47 bde Exp $
+ *	$Id: procfs_vfsops.c,v 1.9 1995/03/16 20:23:42 wollman Exp $
  */
 
 /*
@@ -56,6 +56,8 @@
 #include <miscfs/procfs/procfs.h>
 #include <vm/vm.h>			/* for PAGE_SIZE */
 
+int procfs_statfs __P((struct mount *, struct statfs *, struct proc *));
+
 /*
  * VFS Operations.
  *
@@ -90,7 +92,7 @@ procfs_mount(mp, path, data, ndp, p)
 	size = sizeof("procfs") - 1;
 	bcopy("procfs", mp->mnt_stat.f_mntfromname, size);
 	bzero(mp->mnt_stat.f_mntfromname + size, MNAMELEN - size);
-
+	(void)procfs_statfs(mp, &mp->mnt_stat, p);
 	return (0);
 }
 
diff --git a/sys/fs/procfs/procfs_vnops.c b/sys/fs/procfs/procfs_vnops.c
index 736b2fe3e45f..8decad4f8bed 100644
--- a/sys/fs/procfs/procfs_vnops.c
+++ b/sys/fs/procfs/procfs_vnops.c
@@ -36,7 +36,7 @@
  *
  *	@(#)procfs_vnops.c	8.6 (Berkeley) 2/7/94
  *
- *	$Id: procfs_vnops.c,v 1.11 1995/04/15 03:20:31 davidg Exp $
+ *	$Id: procfs_vnops.c,v 1.12 1995/05/11 19:26:33 rgrimes Exp $
  */
 
 /*
@@ -169,30 +169,6 @@ procfs_ioctl(ap)
 }
 
 /*
- * do block mapping for pfsnode (vp).
- * since we don't use the buffer cache
- * for procfs this function should never
- * be called.  in any case, it's not clear
- * what part of the kernel ever makes use
- * of this function.  for sanity, this is the
- * usual no-op bmap, although returning
- * (EIO) would be a reasonable alternative.
- */
-int
-procfs_bmap(ap)
-	struct vop_bmap_args *ap;
-{
-
-	if (ap->a_vpp != NULL)
-		*ap->a_vpp = ap->a_vp;
-	if (ap->a_bnp != NULL)
-		*ap->a_bnp = ap->a_bn;
-	if (ap->a_runp != NULL)
-		*ap->a_runp = 0;
-	return (0);
-}
-
-/*
  * _inactive is called when the pfsnode
  * is vrele'd and the reference count goes
  * to zero.  (vp) will be on the vnode free
@@ -428,10 +404,6 @@ procfs_getattr(ap)
 
 	case Pmem:
 		vap->va_nlink = 1;
-		vap->va_bytes = vap->va_size =
-			ctob(procp->p_vmspace->vm_tsize +
-				    procp->p_vmspace->vm_dsize +
-				    procp->p_vmspace->vm_ssize);
 		/*
 		 * If we denied owner access earlier, then we have to
 		 * change the owner to root - otherwise 'ps' and friends