Fixes bug with pop_ros_ctx (x86)
authorBarret Rhoden <brho@cs.berkeley.edu>
Fri, 19 Apr 2013 01:51:37 +0000 (18:51 -0700)
committerBarret Rhoden <brho@cs.berkeley.edu>
Fri, 19 Apr 2013 01:54:39 +0000 (18:54 -0700)
Again, much like 2612bab3, removing the memset in 0a19848d0 caused
another bug, where we were no longer sending in EV_NONE and a null
message.  Having a gibberish message led to sending very high event
numbers, which was basically a quasi-random function pointer.

Good times!

kern/arch/i686/trap.c
kern/src/syscall.c
user/parlib/event.c
user/parlib/include/event.h
user/parlib/include/i686/vcore.h

index b5ec185..29e9794 100644 (file)
@@ -555,6 +555,13 @@ void page_fault_handler(struct hw_trapframe *hw_tf)
                       current->pid, prot & PROT_READ ? "READ" : "WRITE", fault_va,
                       hw_tf->tf_eip, core_id(), err);
                print_trapframe(hw_tf);
+               /* Turn this on to help debug bad function pointers */
+               printd("esp %08p\n\t 0(esp): %08p\n\t 4(esp): %08p\n\t 8(esp): %08p\n"
+                      "\t12(esp): %08p\n", hw_tf->tf_esp,
+                      *(uintptr_t*)(hw_tf->tf_esp +  0),
+                      *(uintptr_t*)(hw_tf->tf_esp +  4),
+                      *(uintptr_t*)(hw_tf->tf_esp +  8),
+                      *(uintptr_t*)(hw_tf->tf_esp + 12));
                proc_destroy(current);
        }
 }
index 9b368a8..61cad03 100644 (file)
@@ -832,9 +832,6 @@ static int sys_self_notify(struct proc *p, uint32_t vcoreid,
                            bool priv)
 {
        struct event_msg local_msg = {0};
-
-       printd("[kernel] received self notify for vcoreid %d, type %d, msg %08p\n",
-              vcoreid, ev_type, u_msg);
        /* if the user provided an ev_msg, copy it in and use that */
        if (u_msg) {
                if (memcpy_from_user(p, &local_msg, u_msg, sizeof(struct event_msg))) {
@@ -844,6 +841,12 @@ static int sys_self_notify(struct proc *p, uint32_t vcoreid,
        } else {
                local_msg.ev_type = ev_type;
        }
+       if (local_msg.ev_type >= MAX_NR_EVENT) {
+               printk("[kernel] received self-notify for vcoreid %d, ev_type %d, "
+                      "u_msg %08p, u_msg->type %d\n", vcoreid, ev_type, u_msg,
+                      u_msg ? u_msg->ev_type : 0);
+               return -1;
+       }
        /* this will post a message and IPI, regardless of wants/needs/debutantes.*/
        post_vcore_event(p, &local_msg, vcoreid, priv ? EVENT_VCORE_PRIVATE : 0);
        proc_notify(p, vcoreid);
index 4259bc8..ab17d88 100644 (file)
@@ -179,6 +179,7 @@ int handle_one_mbox_msg(struct event_mbox *ev_mbox)
        if (get_ucq_msg(&ev_mbox->ev_msgs, &local_msg) == -1)
                return 0;
        ev_type = local_msg.ev_type;
+       assert(ev_type < MAX_NR_EVENT);
        printd("[event] UCQ (mbox %08p), ev_type: %d\n", ev_mbox, ev_type);
        if (ev_handlers[ev_type])
                ev_handlers[ev_type](&local_msg, ev_type);
@@ -431,3 +432,14 @@ void ev_we_returned(bool were_handling_remotes)
        if (were_handling_remotes)
                __vc_handle_an_mbox = TRUE;
 }
+
+/* Debugging */
+void print_ev_msg(struct event_msg *msg)
+{
+       printf("MSG at %08p\n", msg);
+       printf("\ttype: %d\n", msg->ev_type);
+       printf("\targ1 (16): 0x%4x\n", msg->ev_arg1);
+       printf("\targ2 (32): 0x%8x\n", msg->ev_arg2);
+       printf("\targ3 (32): 0x%8x\n", msg->ev_arg3);
+       printf("\targ4 (64): 0x%16x\n", msg->ev_arg4);
+}
index f998b6d..41f2321 100644 (file)
@@ -48,4 +48,7 @@ void try_handle_remote_mbox(void);
 bool ev_might_not_return(void);
 void ev_we_returned(bool were_handling_remotes);
 
+/* Debugging */
+void print_ev_msg(struct event_msg *msg);
+
 #endif /* _EVENT_H */
index ea77c76..baa944b 100644 (file)
@@ -84,7 +84,9 @@ static inline void pop_user_ctx(struct user_context *ctx, uint32_t vcoreid)
        rst->sysc->num = SYS_self_notify;
        rst->sysc->flags = 0;
        rst->sysc->ev_q = 0;            /* technically not needed but will avoid bugs */
-       rst->sysc->arg0 = vcoreid;      /* arg 1 & 2 already = 0 (null notif, no u_ne)*/
+       rst->sysc->arg0 = vcoreid;
+       rst->sysc->arg1 = EV_NONE;
+       rst->sysc->arg2 = 0;            /* no ev_msg */
        rst->sysc->arg3 = TRUE;         /* just a private VCPD notification */
        rst->eax_save = 0;                      /* avoid bugs */
        rst->eflags = tf->tf_eflags;