Return to BSD News archive
Path: sserve!newshost.anu.edu.au!munnari.oz.au!uunet!mcsun!news.funet.fi!hydra!klaava!klaava!not-for-mail From: torvalds@klaava.Helsinki.FI (Linus Torvalds) Newsgroups: comp.os.386bsd.bugs Subject: Re: Nethack Date: 4 Jul 1993 12:18:04 +0300 Organization: University of Helsinki Lines: 50 Message-ID: <21678c$13q@klaava.Helsinki.FI> References: <1993Jul3.055522.4000@fcom.cc.utah.edu> <214al6INNsmp@fstgds01.tu-graz.ac.at> NNTP-Posting-Host: klaava.helsinki.fi In article <214al6INNsmp@fstgds01.tu-graz.ac.at> chmr@edvz.tu-graz.ac.at (Christoph Robitschko) writes: >In article <1993Jul3.055522.4000@fcom.cc.utah.edu> A Wizard of Earth C (terry@cs.weber.edu) wrote: >-> In article <C9J9H8.Ltu@sneaky.lonestar.org> gordon@sneaky.lonestar.org (Gordon Burditt) writes: >-> > >-> >Now, the question I have is, with this bug in the system, why does >-> >it stay up for more than 10 minutes? Why can I run the compiler >-> >without it crashing? >-> > >-> >Is there a 486-specific fix for this (set the WP bit in the cr0 register? >-> >anything else needed or is that alone enough?) >-> >-> This would probably be enough if the process creation code didn't depend >-> on it being unenforced during create. >-> >It is not enough with the current copyout: It basically uses the kernel >permissions to write to user space (same in copyin: You can read the kernel >memory with write() ). Also, if WP is on, you cannot map memory read-only >to the user and read-write for the kernel, but this is needed. Why? This seems like major braindamage, as I can't see any reasons for the kernel to write to WP'd user pages and not get a SIGSEGV. mmap() and friends should go through the page tables anyway, and should fill in the page with any startup data before even inserting it into the user VM, so why are they using "copyout" in the first place? Linux enables WP by default on a 486, and I don't think it needed any kernel changes at all. >The 'bug' of the VM system is that is assumes read-only memory cant be modified. >The *bug* of the copyout family is that it happily writes to read-only memory. >It is obvious what should be fixed. (I'm working on a clean+fast patch). For speed, could I suggest doing the WP checks only once, and not in copyout? I haven't looked at the 386bsd sources, but I assume that copyout is used for partial ranges of memory for things like "read()" that copies the data in chunks from the buffer cache. It's probably more efficient to check the whole memory-area given as parameters to read first (you'd have to do this to check for EFAULT anyway), and then not worry about it at all in copyout(). Otherwise you'll end up going through tha page tables several times (for every byte if you are unlucky with terminal reads or something). And for your own sanity, may I suggest cleaning up the kernel so that WP can be enabled: anything which breaks WP right now is probably a kernel bug, really. I can't imagine that the original BSD sources depended on the bad 386 behaviour: that wouldn't be portable. Enabling WP also gets rid of the checks totally in a 486 (as well as being a good debugging tool: it can be used to check the behaviour of the 386 routines, as the WP errors should never trigger if they work all right). Linus