- Kernel call handlers cleaned up. More strict checking of input parameters.

- Moved generic_handler() from system.c to system/do_irqctl.c. - Set privileges of system processes somewhat stricter.
2005-07-29 15:26:23 +00:00
parent a93faca75f
commit 0946d128cd
25 changed files with 164 additions and 183 deletions
--- a/kernel/system/do_vdevio.c
+++ b/kernel/system/do_vdevio.c
@@ -14,16 +14,11 @@
 #if USE_VDEVIO

 /* Buffer for SYS_VDEVIO to copy (port,value)-pairs from/ to user. */
-PRIVATE char vdevio_pv_buf[VDEVIO_BUF_SIZE];      
+PRIVATE char vdevio_buf[VDEVIO_BUF_SIZE];      
+PRIVATE pvb_pair_t *pvb = (pvb_pair_t *) vdevio_buf;           
+PRIVATE pvw_pair_t *pvw = (pvw_pair_t *) vdevio_buf;      
+PRIVATE pvl_pair_t *pvl = (pvl_pair_t *) vdevio_buf;     

-/* SYS_VDEVIO sends a pointer to a (port,value)-pairs vector at the caller. 
- * Define the maximum number of (port,value)-pairs that can be handled in a 
- * in a single SYS_VDEVIO system call based on the struct definitions. 
- */
-#define MAX_PVB_PAIRS ((VDEVIO_BUF_SIZE * sizeof(char)) / sizeof(pvb_pair_t))
-#define MAX_PVW_PAIRS ((VDEVIO_BUF_SIZE * sizeof(char)) / sizeof(pvw_pair_t))
-#define MAX_PVL_PAIRS ((VDEVIO_BUF_SIZE * sizeof(char)) / sizeof(pvl_pair_t))
-	

 /*===========================================================================*
 *			        do_vdevio                                    *
@@ -37,88 +32,57 @@ register message *m_ptr;	/* pointer to request message */
 * that I/O batch from being interrrupted.
 * This is the counterpart of do_devio, which performs a single device I/O. 
 */ 
-    pvb_pair_t *pvb_pairs;      /* needed for byte values */
-    pvw_pair_t *pvw_pairs;      /* needed for word values */
-    pvl_pair_t *pvl_pairs;      /* needed for long values */
-    int i;
-    int caller_proc;            /* process number of caller */
-    size_t bytes;               /* # bytes to be copied */
-    vir_bytes caller_vir;       /* virtual address at caller */
-    phys_bytes caller_phys;     /* physical address at caller */
-    phys_bytes kernel_phys;     /* physical address in kernel */
-
-
-    /* Check if nr of ports is ok and get size of (port,value) data. */
-    if (m_ptr->DIO_VEC_SIZE <= 0) return(EINVAL);
-    switch(m_ptr->DIO_TYPE) {
-    case DIO_BYTE:
-        if (m_ptr->DIO_VEC_SIZE > MAX_PVB_PAIRS)  return(EINVAL);
-        bytes = (size_t) (m_ptr->DIO_VEC_SIZE * sizeof(pvb_pair_t));
-        break;
-    case DIO_WORD:
-        if (m_ptr->DIO_VEC_SIZE > MAX_PVW_PAIRS)  return(EINVAL);
-        bytes = (size_t) (m_ptr->DIO_VEC_SIZE * sizeof(pvw_pair_t));
-        break;
-    case DIO_LONG:
-        if (m_ptr->DIO_VEC_SIZE > MAX_PVL_PAIRS)  return(EINVAL);
-        bytes = (size_t) (m_ptr->DIO_VEC_SIZE * sizeof(pvl_pair_t));
-        break;
-    default:	/* this once and for all checks for a correct type */
-        return(EINVAL);
-    }
-
-    /* Calculate physical addresses and copy (port,value)-pairs from user. */
-    caller_proc = m_ptr->m_source; 
-    caller_vir = (vir_bytes) m_ptr->DIO_VEC_ADDR;
-    caller_phys = umap_local(proc_addr(caller_proc), D, caller_vir, bytes);
-    if (0 == caller_phys) return EFAULT;
-    kernel_phys = vir2phys(vdevio_pv_buf);
-    phys_copy(caller_phys, kernel_phys, (phys_bytes) bytes);
-
-    /* Perform actual device I/O for byte, word, and long values. Note that 
-    * the entire switch is wrapped in lock() and unlock() to prevent the I/O
-    * batch from being interrupted. It may be cleaner to do this just around 
-    * the for loops, but this results in rather lenghty code.
-    */
-    lock(13, "do_vdevio");
-    switch (m_ptr->DIO_TYPE) {
-        case DIO_BYTE: 					 /* byte values */
-            pvb_pairs = (pvb_pair_t *) vdevio_pv_buf;
-            if (DIO_INPUT == m_ptr->DIO_REQUEST) { 
-                for (i=0; i < m_ptr->DIO_VEC_SIZE; i++) 
-                    pvb_pairs[i].value = inb(pvb_pairs[i].port); 
-            } else { 
-                for (i=0; i < m_ptr->DIO_VEC_SIZE; i++) 
-                    outb(pvb_pairs[i].port, pvb_pairs[i].value); 
-            } 
-            break; 
-        case DIO_WORD:					  /* word values */
-            pvw_pairs = (pvw_pair_t *) vdevio_pv_buf;
-            if (DIO_INPUT == m_ptr->DIO_REQUEST) {
-                for (i=0; i < m_ptr->DIO_VEC_SIZE; i++) 
-                    pvw_pairs[i].value = inw(pvw_pairs[i].port);  
-            } else {
-                for (i=0; i < m_ptr->DIO_VEC_SIZE; i++) 
-                    outw(pvw_pairs[i].port, pvw_pairs[i].value); 
-            }
-            break; 
-	case DIO_LONG:			/* fall through: long values */
-        default:  /* only DIO_LONG can arrive here, see above switch */
-            pvl_pairs = (pvl_pair_t *) vdevio_pv_buf;
-            if (DIO_INPUT == m_ptr->DIO_REQUEST) { 
-                for (i=0; i < m_ptr->DIO_VEC_SIZE; i++) 
-                    pvl_pairs[i].value = inl(pvl_pairs[i].port);  
-            } else {
-                for (i=0; i < m_ptr->DIO_VEC_SIZE; i++) 
-                    outl(pvb_pairs[i].port, pvl_pairs[i].value); 
-            }
-    }
-    unlock(13);
+  int vec_size;               /* size of vector */
+  int io_in;                  /* true if input */
+  size_t bytes;               /* # bytes to be copied */
+  int caller_proc;            /* process number of caller */
+  vir_bytes caller_vir;       /* virtual address at caller */
+  phys_bytes caller_phys;     /* physical address at caller */
+  int i;
    
-    /* Almost done, copy back results for input requests. */
-    if (DIO_INPUT == m_ptr->REQUEST)
-        phys_copy(kernel_phys, caller_phys, (phys_bytes) bytes);
-    return(OK);
+  /* Get the request, size of the request vector, and check the values. */
+  if (m_ptr->DIO_REQUEST == DIO_INPUT) io_in = TRUE;
+  else if (m_ptr->DIO_REQUEST == DIO_OUTPUT) io_in = FALSE;
+  else return(EINVAL);
+  if ((vec_size = m_ptr->DIO_VEC_SIZE) <= 0) return(EINVAL);
+  switch (m_ptr->DIO_TYPE) {
+      case DIO_BYTE: bytes = vec_size * sizeof(pvb_pair_t); break;
+      case DIO_WORD: bytes = vec_size * sizeof(pvw_pair_t); break;
+      case DIO_LONG: bytes = vec_size * sizeof(pvl_pair_t); break;
+      default:  return(EINVAL);   /* check type once and for all */
+  }
+  if (bytes > sizeof(vdevio_buf))  return(E2BIG);
+
+  /* Calculate physical addresses and copy (port,value)-pairs from user. */
+  caller_proc = m_ptr->m_source; 
+  caller_vir = (vir_bytes) m_ptr->DIO_VEC_ADDR;
+  caller_phys = umap_local(proc_addr(caller_proc), D, caller_vir, bytes);
+  if (0 == caller_phys) return(EFAULT);
+  phys_copy(caller_phys, vir2phys(vdevio_buf), (phys_bytes) bytes);
+
+  /* Perform actual device I/O for byte, word, and long values. Note that 
+   * the entire switch is wrapped in lock() and unlock() to prevent the I/O
+   * batch from being interrupted. 
+   */  
+  lock(13, "do_vdevio");
+  switch (m_ptr->DIO_TYPE) {
+  case DIO_BYTE: 					 /* byte values */
+      if (io_in) for (i=0; i<vec_size; i++)  pvb[i].value = inb(pvb[i].port); 
+      else       for (i=0; i<vec_size; i++)  outb(pvb[i].port, pvb[i].value); 
+      break; 
+  case DIO_WORD:					  /* word values */
+      if (io_in) for (i=0; i<vec_size; i++)  pvw[i].value = inw(pvw[i].port);  
+      else       for (i=0; i<vec_size; i++)  outw(pvw[i].port, pvw[i].value); 
+      break; 
+  default:            					  /* long values */
+      if (io_in) for (i=0; i<vec_size; i++) pvl[i].value = inl(pvl[i].port);  
+      else       for (i=0; i<vec_size; i++) outl(pvb[i].port, pvl[i].value); 
+  }
+  unlock(13);
+    
+  /* Almost done, copy back results for input requests. */
+  if (io_in) phys_copy(vir2phys(vdevio_buf), caller_phys, (phys_bytes) bytes);
+  return(OK);
 }

 #endif /* USE_VDEVIO */