ilo-pona/xv6-65oo2
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Activity

Remove the stack guard page. Processes are now contiguous from 0 to proc->sz, which means our syscall argument validation is correct. Add a pointer validation test and remove the stack test, which tested for the guard page.

Browse source
This commit is contained in:
Austin Clements 2010-09-01 16:46:37 -04:00
parent 41c4bbb505
commit b1d41d6788
3 changed files with 42 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
exec.c
View file

@ -52,7 +52,6 @@ exec(char *path, char **argv)
// Allocate and initialize stack at sz // Allocate and initialize stack at sz
sz = PGROUNDUP(sz); sz = PGROUNDUP(sz);
sz += PGSIZE; // leave an invalid page
if(!allocuvm(pgdir, (char *)sz, PGSIZE)) if(!allocuvm(pgdir, (char *)sz, PGSIZE))
goto bad; goto bad;
mem = uva2ka(pgdir, (char *)sz); mem = uva2ka(pgdir, (char *)sz);

5
syscall.c
View file

@ -22,8 +22,6 @@ fetchint(struct proc *p, uint addr, int *ip)
return 0; return 0;
} }
// XXX should we copy the string?
// Fetch the nul-terminated string at addr from process p. // Fetch the nul-terminated string at addr from process p.
// Doesn't actually copy the string - just sets *pp to point at it. // Doesn't actually copy the string - just sets *pp to point at it.
// Returns length of string, not including nul. // Returns length of string, not including nul.
@ -62,8 +60,7 @@ argptr(int n, char **pp, int size)
return -1; return -1;
if((uint)i >= proc->sz || (uint)i+size >= proc->sz) if((uint)i >= proc->sz || (uint)i+size >= proc->sz)
return -1; return -1;
// *pp = proc->mem + i; // XXXXX *pp = (char *) i;
*pp = (char *) i; // XXXXX
return 0; return 0;
} }

60
usertests.c
View file

@ -3,6 +3,8 @@
#include "user.h" #include "user.h"
#include "fs.h" #include "fs.h"
#include "fcntl.h" #include "fcntl.h"
#include "syscall.h"
#include "traps.h"
char buf[2048]; char buf[2048];
char name[3]; char name[3];
@ -1375,26 +1377,46 @@ sbrktest(void)
} }
void void
stacktest(void) validateint(int *p)
{ {
printf(stdout, "stack test\n"); int res;
char dummy = 1; asm("mov %%esp, %%ebx\n\t"
char *p = &dummy; "mov %3, %%esp\n\t"
int ppid = getpid(); "int %2\n\t"
int pid = fork(); "mov %%ebx, %%esp" :
if(pid < 0){ "=a" (res) :
printf(stdout, "fork failed\n"); "a" (SYS_sleep), "n" (T_SYSCALL), "c" (p) :
exit(); "ebx");
}
void
validatetest(void)
{
int hi = 1100*1024;
printf(stdout, "validate test\n");
uint p;
for (p = 0; p <= (uint)hi; p += 4096) {
int pid;
if ((pid = fork()) == 0) {
// try to crash the kernel by passing in a badly placed integer
validateint((int*)p);
exit();
}
sleep(0);
sleep(0);
kill(pid);
wait();
// try to crash the kernel by passing in a bad string pointer
if (link("nosuchfile", (char*)p) != -1) {
printf(stdout, "link should not succeed\n");
exit();
}
} }
if(pid == 0){
// should cause a trap: printf(stdout, "validate ok\n");
p[-4096] = 'z';
kill(ppid);
printf(stdout, "stack test failed: page before stack was writeable\n");
exit();
}
wait();
printf(stdout, "stack test OK\n");
} }
int int
@ -1408,8 +1430,8 @@ main(int argc, char *argv[])
} }
close(open("usertests.ran", O_CREATE)); close(open("usertests.ran", O_CREATE));
stacktest();
sbrktest(); sbrktest();
validatetest();
opentest(); opentest();
writetest(); writetest();