svn commit: r198400 - head/sys/powerpc/aim

Fri, 23 Oct 2009 07:28:14 -0700 

Author: nwhitehorn
Date: Fri Oct 23 14:27:40 2009
New Revision: 198400
URL: http://svn.freebsd.org/changeset/base/198400

Log:
  Do not map the trap vectors into the kernel's address space. They are
  only used in real mode and keeping them mapped only serves to make NULL
  a valid address, which results in silent NULL pointer deferences.
  
  Suggested by:   Patrick Kerharo
  Obtained from:        projects/ppc64

Modified:
  head/sys/powerpc/aim/mmu_oea64.c
  head/sys/powerpc/aim/trap_subr.S

Modified: head/sys/powerpc/aim/mmu_oea64.c
==============================================================================
--- head/sys/powerpc/aim/mmu_oea64.c    Fri Oct 23 14:22:51 2009        
(r198399)
+++ head/sys/powerpc/aim/mmu_oea64.c    Fri Oct 23 14:27:40 2009        
(r198400)
@@ -868,15 +868,17 @@ moea64_bridge_bootstrap(mmu_t mmup, vm_o
        ENABLE_TRANS(msr);
 
        /*
-        * Map certain important things, like ourselves and the exception
-        * vectors
+        * Map certain important things, like ourselves.
+        *
+        * NOTE: We do not map the exception vector space. That code is
+        * used only in real mode, and leaving it unmapped allows us to
+        * catch NULL pointer deferences, instead of making NULL a valid
+        * address.
         */
 
        DISABLE_TRANS(msr);
        for (pa = kernelstart & ~PAGE_MASK; pa < kernelend; pa += PAGE_SIZE) 
                moea64_kenter(mmup, pa, pa);
-       for (pa = EXC_RSVD; pa < EXC_LAST; pa += PAGE_SIZE) 
-               moea64_kenter(mmup, pa, pa);
        ENABLE_TRANS(msr);
 
        if (!ofw_real_mode) {

Modified: head/sys/powerpc/aim/trap_subr.S
==============================================================================
--- head/sys/powerpc/aim/trap_subr.S    Fri Oct 23 14:22:51 2009        
(r198399)
+++ head/sys/powerpc/aim/trap_subr.S    Fri Oct 23 14:27:40 2009        
(r198400)
@@ -275,10 +275,16 @@ CNAME(restorebridgesize) = .-CNAME(resto
 /*
  * Processor reset exception handler. These are typically
  * the first instructions the processor executes after a
- * software reset.
+ * software reset. We do this in two bits so that we are
+ * not still hanging around in the trap handling region
+ * once the MMU is turned on.
  */
        .globl  CNAME(rstcode), CNAME(rstsize)
 CNAME(rstcode):
+       ba      cpu_reset
+CNAME(rstsize) = . - CNAME(rstcode)
+
+cpu_reset:
        bl      1f
 
        .space  124
@@ -296,7 +302,6 @@ CNAME(rstcode):
        /* Should not be reached */
 9:
        b       9b
-CNAME(rstsize) = . - CNAME(rstcode)
 #endif
 
 /*
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to