![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to null.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [MW Coherent from dump] / coherent / d / PS2_KERNEL / coh.386|
Return to null.c CVS log | Up to [MW Coherent from dump] / coherent / d / PS2_KERNEL / coh.386 |
1.1 ! root 1: /* $Header: /kernel/kersrc/coh.386/RCS/null.c,v 1.2 92/08/04 12:33:53 bin Exp Locker: bin $ */ ! 2: /* (lgl- ! 3: * The information contained herein is a trade secret of Mark Williams ! 4: * Company, and is confidential information. It is provided under a ! 5: * license agreement, and may be copied or disclosed only under the ! 6: * terms of that agreement. Any reproduction or disclosure of this ! 7: * material without the express written authorization of Mark Williams ! 8: * Company or persuant to the license agreement is unlawful. ! 9: * ! 10: * COHERENT Version 2.3.37 ! 11: * Copyright (c) 1982, 1983, 1984. ! 12: * An unpublished work by Mark Williams Company, Chicago. ! 13: * All rights reserved. ! 14: -lgl) */ ! 15: /* ! 16: * Null and memory driver. ! 17: * Minor device 0 is /dev/null ! 18: * Minor device 1 is /dev/mem, physical memory ! 19: * Minor device 2 is /dev/kmem, kernel data ! 20: * Minor device 3 is /dev/cmos ! 21: * Minor device 4 is /dev/boot_gift ! 22: * ! 23: * $Log: null.c,v $ ! 24: * Revision 1.2 92/08/04 12:33:53 bin ! 25: * changed for ker 59 ! 26: * ! 27: * Revision 1.2 92/01/06 11:59:49 hal ! 28: * Compile with cc.mwc. ! 29: * ! 30: * Revision 1.1 88/03/24 16:14:04 src ! 31: * Initial revision ! 32: * ! 33: */ ! 34: ! 35: /* ! 36: * The symbol "DANGEROUS" should be undefined for a production system. ! 37: */ ! 38: #define NULL_IOCTL /* Allow ioctl()s for /dev/kmem. */ ! 39: #define DANGEROUS /* Allow dangerous ioctl()s for /dev/null. */ ! 40: ! 41: #include <sys/coherent.h> ! 42: #include <sys/con.h> ! 43: #include <errno.h> ! 44: #include <sys/stat.h> ! 45: #include <sys/typed.h> ! 46: #ifdef NULL_IOCTL ! 47: #include <sys/null.h> ! 48: #endif /* NULL_IOCTL */ ! 49: ! 50: /* These are minor numbers. */ ! 51: #define DEV_NULL 0 /* /dev/null */ ! 52: #define DEV_MEM 1 /* /dev/mem */ ! 53: #define DEV_KMEM 2 /* /dev/kmem */ ! 54: #define DEV_CMOS 3 /* /dev/cmos */ ! 55: #define DEV_BOOTGIFT 4 /* /dev/bootgift */ ! 56: ! 57: /* ! 58: * Functions for configuration. ! 59: */ ! 60: int nlread(); ! 61: int nlwrite(); ! 62: int nlioctl(); ! 63: int nulldev(); ! 64: int nonedev(); ! 65: ! 66: /* ! 67: * Configuration table. ! 68: */ ! 69: CON nlcon ={ ! 70: DFCHR, /* Flags */ ! 71: 0, /* Major index */ ! 72: nulldev, /* Open */ ! 73: nulldev, /* Close */ ! 74: nulldev, /* Block */ ! 75: nlread, /* Read */ ! 76: nlwrite, /* Write */ ! 77: #ifdef NULL_IOCTL ! 78: nlioctl, /* Ioctl */ ! 79: #else /* NULL_IOCTL */ ! 80: nonedev, /* Ioctl */ ! 81: #endif /* NULL_IOCTL */ ! 82: nulldev, /* Powerfail */ ! 83: nulldev, /* Timeout */ ! 84: nulldev, /* Load */ ! 85: nulldev /* Unload */ ! 86: }; ! 87: ! 88: /* ! 89: * Null/memory read routine. ! 90: */ ! 91: nlread(dev, iop) ! 92: dev_t dev; ! 93: register IO *iop; ! 94: { ! 95: register unsigned n; ! 96: unsigned char tmp, read_cmos(); ! 97: extern typed_space boot_gift; ! 98: ! 99: switch (minor(dev)) { ! 100: case DEV_NULL: ! 101: n = 0; ! 102: break; ! 103: ! 104: case DEV_MEM: ! 105: n = pxcopy((long)iop->io_seek, iop->io.pbase, iop->io_ioc, ! 106: SEG_386_UD); ! 107: break; ! 108: ! 109: case DEV_KMEM: ! 110: n = kucopy((vaddr_t)iop->io_seek, iop->io.vbase, iop->io_ioc); ! 111: break; ! 112: ! 113: case DEV_CMOS: ! 114: for (n = iop->io_ioc; n > 0; --n) { ! 115: tmp = read_cmos(iop->io_seek + n); ! 116: if (0 == kucopy(&tmp, iop->io.vbase + n, sizeof(tmp))){ ! 117: /* Abort the loop if we run out of destination. */ ! 118: break; ! 119: } ! 120: } ! 121: n = iop->io_ioc - n; ! 122: break; ! 123: ! 124: case DEV_BOOTGIFT: ! 125: if (iop->io_seek < BG_LEN) { ! 126: n = iop->io_ioc; ! 127: /* Copy no more than to the end of boot_gift. */ ! 128: if (iop->io_seek + n > BG_LEN) { ! 129: n = BG_LEN - (iop->io_seek); ! 130: } ! 131: ! 132: n = kucopy(&boot_gift, iop->io.vbase, n); ! 133: } else { ! 134: n = 0; ! 135: } ! 136: break; ! 137: ! 138: default: ! 139: u.u_error = ENXIO; ! 140: return; ! 141: } ! 142: iop->io_ioc -= n; ! 143: if (u.u_error == EFAULT) ! 144: u.u_error = 0; ! 145: } ! 146: ! 147: /* ! 148: * Null/memory write routine. ! 149: */ ! 150: nlwrite(dev, iop) ! 151: dev_t dev; ! 152: register IO *iop; ! 153: { ! 154: register unsigned n; ! 155: ! 156: switch (minor(dev)) { ! 157: case DEV_NULL: ! 158: n = iop->io_ioc; ! 159: break; ! 160: ! 161: case DEV_MEM: ! 162: n = xpcopy(iop->io.pbase, (long)iop->io_seek, iop->io_ioc, ! 163: SEG_386_UD); ! 164: break; ! 165: ! 166: case DEV_KMEM: ! 167: n = ukcopy(iop->io.vbase, (vaddr_t)iop->io_seek, iop->io_ioc); ! 168: break; ! 169: ! 170: case DEV_CMOS: ! 171: n = 0; /* /dev/cmos is not writable. */ ! 172: break; ! 173: ! 174: case DEV_BOOTGIFT: ! 175: n = 0; /* /dev/bootgift is not writable. */ ! 176: break; ! 177: ! 178: default: ! 179: u.u_error = ENXIO; ! 180: return; ! 181: } ! 182: iop->io_ioc -= n; ! 183: if (u.u_error == EFAULT) ! 184: u.u_error = 0; ! 185: } ! 186: ! 187: #ifdef NULL_IOCTL /* Includes all of nlioctl(). */ ! 188: ! 189: /* ! 190: * Do an ioctl call for /dev/null. ! 191: */ ! 192: int ! 193: nlioctl(dev, cmd, vec) ! 194: dev_t dev; ! 195: int cmd; ! 196: char * vec; ! 197: { ! 198: /* Only /dev/kmem has an ioctl. */ ! 199: if (minor(dev) != DEV_KMEM) { ! 200: u.u_error = EINVAL; ! 201: return (-1); ! 202: } ! 203: ! 204: switch (cmd) { ! 205: #ifdef DANGEROUS ! 206: case NLCALL: /* Call a function. */ ! 207: return docall(vec); ! 208: #endif /* DANGEROUS */ ! 209: default: ! 210: u.u_error = EINVAL; ! 211: return(-1); ! 212: } ! 213: } /* nlioctl() */ ! 214: ! 215: #endif /* NULL_IOCTL */ ! 216: ! 217: #ifdef DANGEROUS /* Includes all of docall(). */ ! 218: /* ! 219: * MASSIVE SECURITY HOLE! This should NOT be included in a distribution ! 220: * system. Among other problems, it becomes possible to do "setuid(0)". ! 221: * ! 222: * Call a function with arguments. ! 223: * ! 224: * Takes an array of unsigned ints. The first element is the length of ! 225: * the whole array, the second element is a pointer to the function to ! 226: * call, all other elements are arguments. At most 5 arguments may be ! 227: * passed. ! 228: * ! 229: * Returns the return value of the called fuction in uvec[0]. ! 230: */ ! 231: int ! 232: docall(uvec) ! 233: unsigned uvec[]; ! 234: { ! 235: int (* func)(); ! 236: unsigned kvec[7]; ! 237: int retval; ! 238: ! 239: printf("NLCALL security hole.\n"); ! 240: ! 241: /* Fetch the first element of vec. */ ! 242: ukcopy(uvec, kvec, sizeof(unsigned)); ! 243: ! 244: if ((kvec[0] < 2) || (kvec[0] > 7)) { ! 245: /* Invalid number of elements in uvec. */ ! 246: u.u_error = EINVAL; ! 247: return(-1); ! 248: } ! 249: ! 250: /* Fetch the whole vector. */ ! 251: ukcopy(uvec, kvec, kvec[0] * sizeof(unsigned)); ! 252: ! 253: /* Extract the function. */ ! 254: func = (int (*)()) kvec[1]; ! 255: ! 256: /* Call the function with all arguments. */ ! 257: retval = (*func)(kvec[2], kvec[3], kvec[4], kvec[5], kvec[6]); ! 258: ! 259: kucopy(&retval, uvec, sizeof(unsigned)); ! 260: ! 261: } /* docall() */ ! 262: ! 263: #endif /* DANGEROUS */
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.