Fix dlmalloc horror bug - mman_map overwrites application code
This commit is contained in:
@ -4,17 +4,12 @@
|
||||
#include "hal/hal.h"
|
||||
#include "gdt.h"
|
||||
|
||||
#define GDT_SIZE 5
|
||||
#define GDT_PRESENT 0x80
|
||||
#define GDT_TSS 0x89
|
||||
|
||||
#define KSTACK 8192
|
||||
ALIGNED(16) static uint8_t kernelstack[KSTACK];
|
||||
|
||||
#define ISTS 7
|
||||
#define ISTACK 4096
|
||||
ALIGNED(16) static uint8_t iststacks[ISTS][ISTACK];
|
||||
|
||||
typedef struct {
|
||||
uint16_t limitlow;
|
||||
uint16_t baselow;
|
||||
@ -35,19 +30,7 @@ typedef struct {
|
||||
GdtEntry tsshigh;
|
||||
} PACKED ExtendedGdt;
|
||||
|
||||
typedef struct {
|
||||
uint32_t resv0;
|
||||
uint64_t rsp0;
|
||||
uint64_t rsp1;
|
||||
uint64_t rsp2;
|
||||
uint64_t resv1;
|
||||
uint64_t ist[ISTS];
|
||||
uint64_t resv2;
|
||||
uint16_t resv3;
|
||||
uint16_t iopb_off;
|
||||
} PACKED Tss;
|
||||
|
||||
ALIGNED(16) static Tss tss = {0};
|
||||
ALIGNED(16) Tss tss = {0};
|
||||
ALIGNED(16) static ExtendedGdt gdt = {0};
|
||||
|
||||
void gdt_setentry(GdtEntry *ent, uint32_t base, uint32_t limit, uint8_t acc, uint8_t gran) {
|
||||
@ -65,18 +48,14 @@ void gdt_init(void) {
|
||||
|
||||
tss.rsp0 = (uint64_t)(kernelstack + sizeof(kernelstack));
|
||||
|
||||
for (size_t i = 0; i < ISTS; i++) {
|
||||
tss.ist[i] = (uint64_t)(iststacks[i] + sizeof(iststacks[i]));
|
||||
}
|
||||
|
||||
uint64_t tss_base = (uint64_t)&tss;
|
||||
uint32_t tss_limit = sizeof(tss) - 1;
|
||||
|
||||
gdt_setentry(&gdt.old[0], 0, 0, 0, 0);
|
||||
gdt_setentry(&gdt.old[1], 0, 0xFFFFF, 0x9a, 0xA0);
|
||||
gdt_setentry(&gdt.old[2], 0, 0xFFFFF, 0x92, 0xA0);
|
||||
gdt_setentry(&gdt.old[2], 0, 0xFFFFF, 0x92, 0xC0);
|
||||
gdt_setentry(&gdt.old[3], 0, 0xFFFFF, 0xfa, 0xA0);
|
||||
gdt_setentry(&gdt.old[4], 0, 0xFFFFF, 0xf2, 0xA0);
|
||||
gdt_setentry(&gdt.old[4], 0, 0xFFFFF, 0xf2, 0xC0);
|
||||
|
||||
gdt_setentry(&gdt.tsslow, tss_base & 0xFFFFFFFF, tss_limit, GDT_PRESENT | GDT_TSS, 0x0);
|
||||
|
||||
|
||||
@ -7,6 +7,20 @@
|
||||
#define UDATA 0x20
|
||||
#define TSS 0x28
|
||||
|
||||
typedef struct {
|
||||
uint32_t resv0;
|
||||
uint64_t rsp0;
|
||||
uint64_t rsp1;
|
||||
uint64_t rsp2;
|
||||
uint64_t resv1;
|
||||
uint64_t ist[7];
|
||||
uint64_t resv2;
|
||||
uint16_t resv3;
|
||||
uint16_t iopb_off;
|
||||
} PACKED Tss;
|
||||
|
||||
ALIGNED(16) extern Tss tss;
|
||||
|
||||
void gdt_init(void);
|
||||
|
||||
#endif // HAL_GDT_H_
|
||||
|
||||
@ -44,10 +44,10 @@ typedef struct {
|
||||
ALIGNED(0x10) static IdtGate idtgates[ENTRIES] = {0};
|
||||
static Idt idt = {0};
|
||||
|
||||
void idt_setentry(int i, uint64_t handler, uint8_t ist, uint8_t flags) {
|
||||
void idt_setentry(int i, uint64_t handler, uint8_t flags) {
|
||||
idtgates[i].intrlow = handler & 0xffff;
|
||||
idtgates[i].kernelcs = KCODE;
|
||||
idtgates[i].ist = ist;
|
||||
idtgates[i].ist = 0;
|
||||
idtgates[i].attrs = flags;
|
||||
idtgates[i].intrmid = (handler >> 16) & 0xFFFF;
|
||||
idtgates[i].intrhigh = (handler >> 32) & 0xFFFFFFFF;
|
||||
@ -76,60 +76,60 @@ static const char *exceptions[] = {
|
||||
};
|
||||
|
||||
void intr_init(void) {
|
||||
#define MKINTR(N, IST) \
|
||||
#define MKINTR(N) \
|
||||
extern void intr_vec##N(void); \
|
||||
idt_setentry(N, (uint64_t)&intr_vec##N, IST, 0x8E);
|
||||
idt_setentry(N, (uint64_t)&intr_vec##N, 0x8E);
|
||||
|
||||
MKINTR(0, 0);
|
||||
MKINTR(1, 0);
|
||||
MKINTR(2, 2);
|
||||
MKINTR(4, 0);
|
||||
MKINTR(5, 0);
|
||||
MKINTR(6, 0);
|
||||
MKINTR(7, 0);
|
||||
MKINTR(8, 1);
|
||||
MKINTR(9, 0);
|
||||
MKINTR(10, 0);
|
||||
MKINTR(11, 0);
|
||||
MKINTR(12, 0);
|
||||
MKINTR(13, 0);
|
||||
MKINTR(14, 0);
|
||||
MKINTR(15, 0);
|
||||
MKINTR(16, 0);
|
||||
MKINTR(17, 0);
|
||||
MKINTR(18, 0);
|
||||
MKINTR(19, 0);
|
||||
MKINTR(20, 0);
|
||||
MKINTR(21, 0);
|
||||
MKINTR(22, 0);
|
||||
MKINTR(23, 0);
|
||||
MKINTR(24, 0);
|
||||
MKINTR(25, 0);
|
||||
MKINTR(26, 0);
|
||||
MKINTR(27, 0);
|
||||
MKINTR(28, 0);
|
||||
MKINTR(29, 0);
|
||||
MKINTR(30, 0);
|
||||
MKINTR(31, 0);
|
||||
MKINTR(32, 0);
|
||||
MKINTR(33, 0);
|
||||
MKINTR(34, 0);
|
||||
MKINTR(35, 0);
|
||||
MKINTR(36, 0);
|
||||
MKINTR(37, 0);
|
||||
MKINTR(38, 0);
|
||||
MKINTR(39, 0);
|
||||
MKINTR(40, 3);
|
||||
MKINTR(41, 0);
|
||||
MKINTR(42, 0);
|
||||
MKINTR(43, 0);
|
||||
MKINTR(44, 0);
|
||||
MKINTR(45, 0);
|
||||
MKINTR(46, 0);
|
||||
MKINTR(47, 0);
|
||||
MKINTR(0);
|
||||
MKINTR(1);
|
||||
MKINTR(2);
|
||||
MKINTR(4);
|
||||
MKINTR(5);
|
||||
MKINTR(6);
|
||||
MKINTR(7);
|
||||
MKINTR(8);
|
||||
MKINTR(9);
|
||||
MKINTR(10);
|
||||
MKINTR(11);
|
||||
MKINTR(12);
|
||||
MKINTR(13);
|
||||
MKINTR(14);
|
||||
MKINTR(15);
|
||||
MKINTR(16);
|
||||
MKINTR(17);
|
||||
MKINTR(18);
|
||||
MKINTR(19);
|
||||
MKINTR(20);
|
||||
MKINTR(21);
|
||||
MKINTR(22);
|
||||
MKINTR(23);
|
||||
MKINTR(24);
|
||||
MKINTR(25);
|
||||
MKINTR(26);
|
||||
MKINTR(27);
|
||||
MKINTR(28);
|
||||
MKINTR(29);
|
||||
MKINTR(30);
|
||||
MKINTR(31);
|
||||
MKINTR(32);
|
||||
MKINTR(33);
|
||||
MKINTR(34);
|
||||
MKINTR(35);
|
||||
MKINTR(36);
|
||||
MKINTR(37);
|
||||
MKINTR(38);
|
||||
MKINTR(39);
|
||||
MKINTR(40);
|
||||
MKINTR(41);
|
||||
MKINTR(42);
|
||||
MKINTR(43);
|
||||
MKINTR(44);
|
||||
MKINTR(45);
|
||||
MKINTR(46);
|
||||
MKINTR(47);
|
||||
|
||||
extern void intr_vec128(void);
|
||||
idt_setentry(0x80, (uint64_t)&intr_vec128, 0, 0xEE);
|
||||
idt_setentry(0x80, (uint64_t)&intr_vec128, 0xEE);
|
||||
|
||||
idt_init();
|
||||
}
|
||||
@ -165,6 +165,8 @@ void hal_syscalldispatch(IntrStackFrame *frame) {
|
||||
frame->regs.rax = E_BADSYSCALL;
|
||||
return;
|
||||
}
|
||||
uint64_t cr3;
|
||||
asm volatile("mov %%cr3, %0" : "=r"(cr3));
|
||||
int32_t ret = fn(frame->regs.rdi, frame->regs.rsi, frame->regs.rdx,
|
||||
frame->regs.r10, frame->regs.r8, frame->regs.r9);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user