Fix dlmalloc horror bug - mman_map overwrites application code

kernel/bitmap/bitmap.c

@@ -2,8 +2,7 @@
 #include <stddef.h>
 #include <stdbool.h>
 #include "bitmap.h"
-
-#define DIV_ROUNDUP(num, div) ((num + div - 1) / div)
+#include "util/util.h"
 
 void *bitmap_toptr(BitMap *bm, size_t block) {
   uint8_t *ptr = (uint8_t *)(bm->mem_start + (block * BITMAP_BLOCK_SIZE));
@@ -17,12 +16,12 @@ size_t bitmap_toblock(BitMap *bm, void *ptr) {
 
 size_t bitmap_toblock_roundup(BitMap *bm, void *ptr) {
   uint8_t *p = ptr;
-  return (size_t)DIV_ROUNDUP((size_t)(p - bm->mem_start), BITMAP_BLOCK_SIZE);
+  return (size_t)_DIV_ROUNDUP((size_t)(p - bm->mem_start), BITMAP_BLOCK_SIZE);
 }
 
 size_t bitmap_calcsize(size_t total) {
-  size_t nblocks = DIV_ROUNDUP(total, BITMAP_BLOCK_SIZE);
-  size_t nbytes = DIV_ROUNDUP(nblocks, 8);
+  size_t nblocks = _DIV_ROUNDUP(total, BITMAP_BLOCK_SIZE);
+  size_t nbytes = _DIV_ROUNDUP(nblocks, 8);
   return nbytes;
 }
 
@@ -59,7 +58,7 @@ void bitmap_markregion(BitMap *bm, void *baseptr, size_t size, bool is_used) {
 
   if (is_used) {
     base = bitmap_toblock(bm, baseptr);
-    size1 = DIV_ROUNDUP(size, BITMAP_BLOCK_SIZE);
+    size1 = _DIV_ROUNDUP(size, BITMAP_BLOCK_SIZE);
   } else {
     base = bitmap_toblock(bm, baseptr);
     size1 = size / BITMAP_BLOCK_SIZE;

kernel/hal/hal.h

@@ -27,5 +27,6 @@ void hal_wait(uint32_t ms);
 #include "x86_64/cpu.h"
 #include "x86_64/intr.h"
 #include "x86_64/io.h"
+#include "x86_64/gdt.h"
 
 #endif // KERNEL_HAL_HAL_H_

kernel/hal/x86_64/gdt.c

@@ -4,17 +4,12 @@
 #include "hal/hal.h"
 #include "gdt.h"
 
-#define GDT_SIZE 5
 #define GDT_PRESENT 0x80
 #define GDT_TSS     0x89
 
 #define KSTACK 8192
 ALIGNED(16) static uint8_t kernelstack[KSTACK];
 
-#define ISTS 7
-#define ISTACK 4096
-ALIGNED(16) static uint8_t iststacks[ISTS][ISTACK];
-
 typedef struct {
   uint16_t limitlow;
   uint16_t baselow;
@@ -35,19 +30,7 @@ typedef struct {
   GdtEntry tsshigh;
 } PACKED ExtendedGdt;
 
-typedef struct {
-  uint32_t resv0;
-  uint64_t rsp0;
-  uint64_t rsp1;
-  uint64_t rsp2;
-  uint64_t resv1;
-  uint64_t ist[ISTS];
-  uint64_t resv2;
-  uint16_t resv3;
-  uint16_t iopb_off;
-} PACKED Tss;
-
-ALIGNED(16) static Tss tss = {0};
+ALIGNED(16) Tss tss = {0};
 ALIGNED(16) static ExtendedGdt gdt = {0};
 
 void gdt_setentry(GdtEntry *ent, uint32_t base, uint32_t limit, uint8_t acc, uint8_t gran) {
@@ -65,18 +48,14 @@ void gdt_init(void) {
 
   tss.rsp0 = (uint64_t)(kernelstack + sizeof(kernelstack));
 
-  for (size_t i = 0; i < ISTS; i++) {
-    tss.ist[i] = (uint64_t)(iststacks[i] + sizeof(iststacks[i]));
-  }
-
   uint64_t tss_base = (uint64_t)&tss;
   uint32_t tss_limit = sizeof(tss) - 1;
 
   gdt_setentry(&gdt.old[0], 0, 0, 0, 0);
   gdt_setentry(&gdt.old[1], 0, 0xFFFFF, 0x9a, 0xA0);
-  gdt_setentry(&gdt.old[2], 0, 0xFFFFF, 0x92, 0xA0);
+  gdt_setentry(&gdt.old[2], 0, 0xFFFFF, 0x92, 0xC0);
   gdt_setentry(&gdt.old[3], 0, 0xFFFFF, 0xfa, 0xA0);
-  gdt_setentry(&gdt.old[4], 0, 0xFFFFF, 0xf2, 0xA0);
+  gdt_setentry(&gdt.old[4], 0, 0xFFFFF, 0xf2, 0xC0);
 
   gdt_setentry(&gdt.tsslow, tss_base & 0xFFFFFFFF, tss_limit, GDT_PRESENT | GDT_TSS, 0x0);
 

kernel/hal/x86_64/gdt.h

@@ -7,6 +7,20 @@
 #define UDATA 0x20
 #define TSS   0x28
 
+typedef struct {
+  uint32_t resv0;
+  uint64_t rsp0;
+  uint64_t rsp1;
+  uint64_t rsp2;
+  uint64_t resv1;
+  uint64_t ist[7];
+  uint64_t resv2;
+  uint16_t resv3;
+  uint16_t iopb_off;
+} PACKED Tss;
+
+ALIGNED(16) extern Tss tss;
+
 void gdt_init(void);
 
 #endif // HAL_GDT_H_

kernel/hal/x86_64/intr.c

@@ -44,10 +44,10 @@ typedef struct {
 ALIGNED(0x10) static IdtGate idtgates[ENTRIES] = {0};
 static Idt idt = {0};
 
-void idt_setentry(int i, uint64_t handler, uint8_t ist, uint8_t flags) {
+void idt_setentry(int i, uint64_t handler, uint8_t flags) {
   idtgates[i].intrlow = handler & 0xffff;
   idtgates[i].kernelcs = KCODE;
-  idtgates[i].ist = ist;
+  idtgates[i].ist = 0;
   idtgates[i].attrs = flags;
   idtgates[i].intrmid = (handler >> 16) & 0xFFFF;
   idtgates[i].intrhigh = (handler >> 32) & 0xFFFFFFFF;
@@ -76,60 +76,60 @@ static const char *exceptions[] = {
 };
 
 void intr_init(void) {
-  #define MKINTR(N, IST) \
+  #define MKINTR(N) \
     extern void intr_vec##N(void); \
-    idt_setentry(N, (uint64_t)&intr_vec##N, IST, 0x8E);
+    idt_setentry(N, (uint64_t)&intr_vec##N, 0x8E);
 
-  MKINTR(0, 0);
-  MKINTR(1, 0);
-  MKINTR(2, 2);
-  MKINTR(4, 0);
-  MKINTR(5, 0);
-  MKINTR(6, 0);
-  MKINTR(7, 0);
-  MKINTR(8, 1);
-  MKINTR(9, 0);
-  MKINTR(10, 0);
-  MKINTR(11, 0);
-  MKINTR(12, 0);
-  MKINTR(13, 0);
-  MKINTR(14, 0);
-  MKINTR(15, 0);
-  MKINTR(16, 0);
-  MKINTR(17, 0);
-  MKINTR(18, 0);
-  MKINTR(19, 0);
-  MKINTR(20, 0);
-  MKINTR(21, 0);
-  MKINTR(22, 0);
-  MKINTR(23, 0);
-  MKINTR(24, 0);
-  MKINTR(25, 0);
-  MKINTR(26, 0);
-  MKINTR(27, 0);
-  MKINTR(28, 0);
-  MKINTR(29, 0);
-  MKINTR(30, 0);
-  MKINTR(31, 0);
-  MKINTR(32, 0);
-  MKINTR(33, 0);
-  MKINTR(34, 0);
-  MKINTR(35, 0);
-  MKINTR(36, 0);
-  MKINTR(37, 0);
-  MKINTR(38, 0);
-  MKINTR(39, 0);
-  MKINTR(40, 3);
-  MKINTR(41, 0);
-  MKINTR(42, 0);
-  MKINTR(43, 0);
-  MKINTR(44, 0);
-  MKINTR(45, 0);
-  MKINTR(46, 0);
-  MKINTR(47, 0);
+  MKINTR(0);
+  MKINTR(1);
+  MKINTR(2);
+  MKINTR(4);
+  MKINTR(5);
+  MKINTR(6);
+  MKINTR(7);
+  MKINTR(8);
+  MKINTR(9);
+  MKINTR(10);
+  MKINTR(11);
+  MKINTR(12);
+  MKINTR(13);
+  MKINTR(14);
+  MKINTR(15);
+  MKINTR(16);
+  MKINTR(17);
+  MKINTR(18);
+  MKINTR(19);
+  MKINTR(20);
+  MKINTR(21);
+  MKINTR(22);
+  MKINTR(23);
+  MKINTR(24);
+  MKINTR(25);
+  MKINTR(26);
+  MKINTR(27);
+  MKINTR(28);
+  MKINTR(29);
+  MKINTR(30);
+  MKINTR(31);
+  MKINTR(32);
+  MKINTR(33);
+  MKINTR(34);
+  MKINTR(35);
+  MKINTR(36);
+  MKINTR(37);
+  MKINTR(38);
+  MKINTR(39);
+  MKINTR(40);
+  MKINTR(41);
+  MKINTR(42);
+  MKINTR(43);
+  MKINTR(44);
+  MKINTR(45);
+  MKINTR(46);
+  MKINTR(47);
     
   extern void intr_vec128(void);
-  idt_setentry(0x80, (uint64_t)&intr_vec128, 0, 0xEE);
+  idt_setentry(0x80, (uint64_t)&intr_vec128, 0xEE);
 
   idt_init();
 }
@@ -165,6 +165,8 @@ void hal_syscalldispatch(IntrStackFrame *frame) {
       frame->regs.rax = E_BADSYSCALL;
       return;
     }
+    uint64_t cr3;
+    asm volatile("mov %%cr3, %0" : "=r"(cr3));
     int32_t ret = fn(frame->regs.rdi, frame->regs.rsi, frame->regs.rdx,
                      frame->regs.r10, frame->regs.r8,  frame->regs.r9);
 

kernel/proc/proc.c

@@ -90,8 +90,10 @@ Proc *proc_spawnkern(void (*ent)(void), char *name) {
   proc->kern = true;
 
   uint8_t *sp = (uint8_t *)pmm_alloc(PROC_STACKBLOCKS) + PROC_STACKSIZE;
+  uint8_t *kstackp = (uint8_t *)pmm_alloc(PROC_STACKBLOCKS) + PROC_STACKSIZE;
+  proc->platformdata.kstack = kstackp;
+  proc->platformdata.pstack = sp;
 
-  proc->platformdata.kstack = sp;
   hal_memset(&proc->platformdata.trapframe, 0, sizeof(proc->platformdata.trapframe));
 
   proc->platformdata.trapframe.ss = 0x10;
@@ -99,7 +101,7 @@ Proc *proc_spawnkern(void (*ent)(void), char *name) {
   proc->platformdata.trapframe.rflags = 0x202;
   proc->platformdata.trapframe.cs = 0x08;
   proc->platformdata.trapframe.rip = (uint64_t)ent;
-  proc->platformdata.cr3 = hal_vmm_current_cr3();
+  proc->platformdata.cr3 = KERNEL_CR3;
   proc->state = PROC_EMBRYO;
   proc->pid = pids++;
   spinlock_init(&proc->bcast_pipes.spinlock);
@@ -145,21 +147,24 @@ Proc *proc_spawnuser(char *mountpoint, char *path) {
 
   uint8_t *sp = (uint8_t *)pmm_alloc(PROC_STACKBLOCKS) + PROC_STACKSIZE;
   uint8_t *spbase = sp - PROC_STACKSIZE;
+  uint8_t *kstackp = (uint8_t *)pmm_alloc(PROC_STACKBLOCKS) + PROC_STACKSIZE;
+  proc->platformdata.kstack = kstackp;
+  proc->platformdata.pstack = sp;
 
-  proc->platformdata.kstack = sp;
   hal_memset(&proc->platformdata.trapframe, 0, sizeof(proc->platformdata.trapframe));
     
   proc->platformdata.cr3 = hal_vmm_userproc_pml4(proc);
+
   uint32_t flags = HAL_PG_RW | HAL_PG_USER | HAL_PG_PRESENT;
+
   hal_vmm_map_range(VIRT(proc->platformdata.cr3), spbase, spbase, PROC_STACKSIZE, flags);
   VasRange *range = dlmalloc(sizeof(*range));
   range->virtstart = spbase;
   range->physstart = spbase;
   range->size = PROC_STACKSIZE;
   range->pgflags = flags;
-
   LL_APPEND(proc->vas, range);
-  
+
   ElfAuxval aux = proc_load_elf_segs(proc, data);
 
   proc->platformdata.trapframe.ss = 0x20 | 0x3;
@@ -216,15 +221,16 @@ void proc_reaper(void) {
         }
       }
 
-      for (size_t i = 0; i < PROC_PIPEHANDLES_MAX; i++) {
-        if (zombie->pipes[i] != NULL && zombie->pipes[i]->ownerpid == zombie->pid) {
-          dlfree(zombie->pipes[i]);
-          ipc_pipefree(zombie->pipes[i]);
-          zombie->pipes[i] = NULL;
-        }
-      }
+      /* for (size_t i = 0; i < PROC_PIPEHANDLES_MAX; i++) { */
+      /*   if (zombie->pipes[i] != NULL && zombie->pipes[i]->ownerpid == zombie->pid) { */
+      /*     dlfree(zombie->pipes[i]); */
+      /*     ipc_pipefree(zombie->pipes[i]); */
+      /*     zombie->pipes[i] = NULL; */
+      /*   } */
+      /* } */
 
       pmm_free((uintptr_t)(zombie->platformdata.kstack - PROC_STACKSIZE), PROC_STACKBLOCKS);
+      pmm_free((uintptr_t)(zombie->platformdata.pstack - PROC_STACKSIZE), PROC_STACKBLOCKS);
       
       if (!zombie->kern) {
         VasRange *vashead = zombie->vas;
@@ -258,8 +264,6 @@ void proc_reaper(void) {
   }
 }
 
-extern void hal_zombiespin(void);
-
 void proc_sched(void *cpustate) {
   hal_intr_disable();
   sched_ticks++;
@@ -274,6 +278,7 @@ void proc_sched(void *cpustate) {
     proc_reaper();
   }
 
+  tss.rsp0 = (uint64_t)VIRT(PROCS.current->platformdata.kstack);
   hal_switchproc(&PROCS.current->platformdata.trapframe, (void *)PROCS.current->platformdata.cr3);
 }
 
@@ -331,5 +336,6 @@ void proc_init(void) {
   proc_register(init);
   init->state = PROC_READY;
 
+  tss.rsp0 = (uint64_t)VIRT(PROCS.current->platformdata.kstack);
   hal_switchproc(&PROCS.current->platformdata.trapframe, (void *)PROCS.current->platformdata.cr3);
 }

kernel/proc/proc.h

@@ -24,6 +24,7 @@
 typedef struct {
   IntrStackFrame trapframe;
   uint8_t *kstack;
+  uint8_t *pstack;
   PgTable *cr3;
 } ProcPlatformData;