From bd228a81566befa6154807d327d8c873f6a76c79 Mon Sep 17 00:00:00 2001
From: rtm <rtm>
Date: Tue, 18 Jul 2006 19:22:37 +0000
Subject: [PATCH] prevent longjmp / forkret from writing over tf->edi
---
pipe.c | 5 +++++
proc.c | 2 +-
syscall.c | 8 +++-----
3 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/pipe.c b/pipe.c
index 7ebe006..c8da428 100644
--- a/pipe.c
+++ b/pipe.c
@@ -61,6 +61,8 @@ pipe_alloc(struct fd **fd1, struct fd **fd2)
void
pipe_close(struct pipe *p, int writeable)
{
+ acquire(&p->lock);
+
if(writeable){
p->writeopen = 0;
wakeup(&p->readp);
@@ -68,6 +70,9 @@ pipe_close(struct pipe *p, int writeable)
p->readopen = 0;
wakeup(&p->writep);
}
+
+ release(&p->lock);
+
if(p->readopen == 0 && p->writeopen == 0)
kfree((char *) p, PAGE);
}
diff --git a/proc.c b/proc.c
index b3f352b..573da18 100644
--- a/proc.c
+++ b/proc.c
@@ -109,7 +109,7 @@ copyproc(struct proc* p)
// Set up new jmpbuf to start executing at forkret (see below).
memset(&np->jmpbuf, 0, sizeof np->jmpbuf);
np->jmpbuf.eip = (uint)forkret;
- np->jmpbuf.esp = (uint)np->tf;
+ np->jmpbuf.esp = (uint)np->tf - 4;
// Copy file descriptors
for(i = 0; i < NOFILE; i++){
diff --git a/syscall.c b/syscall.c
index 58045d4..3f5e2ba 100644
--- a/syscall.c
+++ b/syscall.c
@@ -13,8 +13,7 @@
* System call number in %eax.
* Arguments on the stack, from the user call to the C
* library system call function. The saved user %esp points
- * to a saved frame pointer, a program counter, and then
- * the first argument.
+ * to a saved program counter, and then the first argument.
*
* Return value? Error indication? Errno?
*/
@@ -56,11 +55,11 @@ fetcharg(int argno, void *ip)
}
int
-putint(struct proc *p, uint addr, int ip)
+putint(struct proc *p, uint addr, int x)
{
if(addr > p->sz - 4)
return -1;
- memmove(p->mem + addr, &ip, 4);
+ memmove(p->mem + addr, &x, 4);
return 0;
}
@@ -269,7 +268,6 @@ syscall(void)
int num = cp->tf->eax;
int ret = -1;
- //cprintf("%x sys %d\n", cp, num);
switch(num){
case SYS_fork:
ret = sys_fork();