[OpenBIOS] [PATCH 2/2] Don't map the page 0 to make NULL-dereferencing more obvious
Artyom Tarasenko
atar4qemu at gmail.com
Mon Apr 8 21:00:49 CEST 2013
On Sat, Apr 6, 2013 at 3:57 AM, Artyom Tarasenko <atar4qemu at gmail.com> wrote:
>
> Signed-off-by: Artyom Tarasenko <atar4qemu at gmail.com>
> ---
> arch/sparc32/lib.c | 5 ++++-
> 1 files changed, 4 insertions(+), 1 deletions(-)
>
> diff --git a/arch/sparc32/lib.c b/arch/sparc32/lib.c
> index 483069c..215ddcc 100644
> --- a/arch/sparc32/lib.c
> +++ b/arch/sparc32/lib.c
> @@ -19,6 +19,8 @@
>
> #define NCTX_SWIFT 0x100
> #define LOWMEMSZ 32 * 1024 * 1024
> +/* Avoid mapping the first page to make NULL-dereferencing more obvious */
> +#define LOWMEM_START PAGE_SIZE
>
> #ifdef CONFIG_DEBUG_MEM
> #define DPRINTF(fmt, args...) \
> @@ -403,7 +405,8 @@ init_mmu_swift(void)
> ofmem_arch_map_pages(pa, va, size, ofmem_arch_default_translation_mode(pa));
>
> // 1:1 mapping for RAM
> - ofmem_arch_map_pages(0, 0, LOWMEMSZ, ofmem_arch_default_translation_mode(0));
> + ofmem_arch_map_pages(LOWMEM_START, LOWMEM_START, LOWMEMSZ,
> + ofmem_arch_default_translation_mode(LOWMEM_START));
>
> /*
> * Flush cache
Found one bug in Forth code using this patch:
0 > debug (.property-by-name)
Stepper keys: <space>/<enter> Up Down Trace Rstack Forth
ok
0 > cd / ok
0 > .properties
name
: (.property-by-name) ( ffd2e398 4 ffd2e398 4 ffd3872c 14 )
ffd30c00: 2over ( ffd2e398 4 ffd2e398 4 ffd3872c 14 ffd2e398 4 )
ffd30c04: (") ( ffd2e398 4 ffd2e398 4 ffd3872c 14 ffd2e398 4 ffd30c0c 3 )
ffd30c10: strcmp ( ffd2e398 4 ffd2e398 4 ffd3872c 14 1 )
ffd30c14: 0= ( ffd2e398 4 ffd2e398 4 ffd3872c 14 0 )
ffd30c18: do?branch ( ffd2e398 4 ffd2e398 4 ffd3872c 14 )
ffd30c38: active-package ( ffd2e398 4 ffd2e398 4 ffd3872c 14 ffd2e318 )
ffd30c3c: get-nodename ( ffd2e398 4 ffd2e398 4 ffd3872c 14 ffd3872c 13 )
ffd30c40: (") ( ffd2e398 4 ffd2e398 4 ffd3872c 14 ffd3872c 13 ffd30c48 6 )
ffd30c50: strcmp ( ffd2e398 4 ffd2e398 4 ffd3872c 14 1 )
ffd30c54: 0= ( ffd2e398 4 ffd2e398 4 ffd3872c 14 0 )
ffd30c58: do?branch ( ffd2e398 4 ffd2e398 4 ffd3872c 14 )
ffd30ca0: (") ( ffd2e398 4 ffd2e398 4 ffd3872c 14 ffd30ca8 7 )
ffd30cb0: find-dev ( ffd2e398 4 ffd2e398 4 ffd3872c 14 ffd2e6f8 ffffffff )
ffd30cb4: do?branch ( ffd2e398 4 ffd2e398 4 ffd3872c 14 ffd2e6f8 )
ffd30cbc: (") ( ffd2e398 4 ffd2e398 4 ffd3872c 14 ffd2e6f8 ffd30cc4 3 )
ffd30cc8: rot ( ffd2e398 4 ffd2e398 4 ffd3872c 14 ffd30cc4 3 ffd2e6f8 )
ffd30ccc: get-package-property ( ffd2e398 4 ffd2e398 4 ffd3872c 14
ffd2e7c4 4 0 )
ffd30cd0: 0= ( ffd2e398 4 ffd2e398 4 ffd3872c 14 ffd2e7c4 4 ffffffff )
ffd30cd4: do?branch ( ffd2e398 4 ffd2e398 4 ffd3872c 14 ffd2e7c4 4 )
ffd30cdc: decode-int ( ffd2e398 4 ffd2e398 4 ffd3872c 14 ffd2e7c8 0 0 )
ffd30ce0: nip ( ffd2e398 4 ffd2e398 4 ffd3872c 14 ffd2e7c8 0 )
ffd30ce4: nip ( ffd2e398 4 ffd2e398 4 ffd3872c 14 0 )
^^^^ here we have a null-pointer de-referencing.
ffd30ce8: ihandle>phandle
Unhandled Exception 0x00000009
PC = 0xffd07f74 NPC = 0xffd07f78
I guess ihandle>phandle shouldn't be called for the root entry. What
do you think?
--
Regards,
Artyom Tarasenko
linux/sparc and solaris/sparc under qemu blog:
http://tyom.blogspot.com/search/label/qemu
More information about the OpenBIOS
mailing list