![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to null.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [MW Coherent from dump] / coherent / d / PS2_KERNEL / coh.386|
Return to null.c CVS log | Up to [MW Coherent from dump] / coherent / d / PS2_KERNEL / coh.386 |
1.1 root 1: /* $Header: /kernel/kersrc/coh.386/RCS/null.c,v 1.2 92/08/04 12:33:53 bin Exp Locker: bin $ */
2: /* (lgl-
3: * The information contained herein is a trade secret of Mark Williams
4: * Company, and is confidential information. It is provided under a
5: * license agreement, and may be copied or disclosed only under the
6: * terms of that agreement. Any reproduction or disclosure of this
7: * material without the express written authorization of Mark Williams
8: * Company or persuant to the license agreement is unlawful.
9: *
10: * COHERENT Version 2.3.37
11: * Copyright (c) 1982, 1983, 1984.
12: * An unpublished work by Mark Williams Company, Chicago.
13: * All rights reserved.
14: -lgl) */
15: /*
16: * Null and memory driver.
17: * Minor device 0 is /dev/null
18: * Minor device 1 is /dev/mem, physical memory
19: * Minor device 2 is /dev/kmem, kernel data
20: * Minor device 3 is /dev/cmos
21: * Minor device 4 is /dev/boot_gift
22: *
23: * $Log: null.c,v $
24: * Revision 1.2 92/08/04 12:33:53 bin
25: * changed for ker 59
26: *
27: * Revision 1.2 92/01/06 11:59:49 hal
28: * Compile with cc.mwc.
29: *
30: * Revision 1.1 88/03/24 16:14:04 src
31: * Initial revision
32: *
33: */
34:
35: /*
36: * The symbol "DANGEROUS" should be undefined for a production system.
37: */
38: #define NULL_IOCTL /* Allow ioctl()s for /dev/kmem. */
39: #define DANGEROUS /* Allow dangerous ioctl()s for /dev/null. */
40:
41: #include <sys/coherent.h>
42: #include <sys/con.h>
43: #include <errno.h>
44: #include <sys/stat.h>
45: #include <sys/typed.h>
46: #ifdef NULL_IOCTL
47: #include <sys/null.h>
48: #endif /* NULL_IOCTL */
49:
50: /* These are minor numbers. */
51: #define DEV_NULL 0 /* /dev/null */
52: #define DEV_MEM 1 /* /dev/mem */
53: #define DEV_KMEM 2 /* /dev/kmem */
54: #define DEV_CMOS 3 /* /dev/cmos */
55: #define DEV_BOOTGIFT 4 /* /dev/bootgift */
56:
57: /*
58: * Functions for configuration.
59: */
60: int nlread();
61: int nlwrite();
62: int nlioctl();
63: int nulldev();
64: int nonedev();
65:
66: /*
67: * Configuration table.
68: */
69: CON nlcon ={
70: DFCHR, /* Flags */
71: 0, /* Major index */
72: nulldev, /* Open */
73: nulldev, /* Close */
74: nulldev, /* Block */
75: nlread, /* Read */
76: nlwrite, /* Write */
77: #ifdef NULL_IOCTL
78: nlioctl, /* Ioctl */
79: #else /* NULL_IOCTL */
80: nonedev, /* Ioctl */
81: #endif /* NULL_IOCTL */
82: nulldev, /* Powerfail */
83: nulldev, /* Timeout */
84: nulldev, /* Load */
85: nulldev /* Unload */
86: };
87:
88: /*
89: * Null/memory read routine.
90: */
91: nlread(dev, iop)
92: dev_t dev;
93: register IO *iop;
94: {
95: register unsigned n;
96: unsigned char tmp, read_cmos();
97: extern typed_space boot_gift;
98:
99: switch (minor(dev)) {
100: case DEV_NULL:
101: n = 0;
102: break;
103:
104: case DEV_MEM:
105: n = pxcopy((long)iop->io_seek, iop->io.pbase, iop->io_ioc,
106: SEG_386_UD);
107: break;
108:
109: case DEV_KMEM:
110: n = kucopy((vaddr_t)iop->io_seek, iop->io.vbase, iop->io_ioc);
111: break;
112:
113: case DEV_CMOS:
114: for (n = iop->io_ioc; n > 0; --n) {
115: tmp = read_cmos(iop->io_seek + n);
116: if (0 == kucopy(&tmp, iop->io.vbase + n, sizeof(tmp))){
117: /* Abort the loop if we run out of destination. */
118: break;
119: }
120: }
121: n = iop->io_ioc - n;
122: break;
123:
124: case DEV_BOOTGIFT:
125: if (iop->io_seek < BG_LEN) {
126: n = iop->io_ioc;
127: /* Copy no more than to the end of boot_gift. */
128: if (iop->io_seek + n > BG_LEN) {
129: n = BG_LEN - (iop->io_seek);
130: }
131:
132: n = kucopy(&boot_gift, iop->io.vbase, n);
133: } else {
134: n = 0;
135: }
136: break;
137:
138: default:
139: u.u_error = ENXIO;
140: return;
141: }
142: iop->io_ioc -= n;
143: if (u.u_error == EFAULT)
144: u.u_error = 0;
145: }
146:
147: /*
148: * Null/memory write routine.
149: */
150: nlwrite(dev, iop)
151: dev_t dev;
152: register IO *iop;
153: {
154: register unsigned n;
155:
156: switch (minor(dev)) {
157: case DEV_NULL:
158: n = iop->io_ioc;
159: break;
160:
161: case DEV_MEM:
162: n = xpcopy(iop->io.pbase, (long)iop->io_seek, iop->io_ioc,
163: SEG_386_UD);
164: break;
165:
166: case DEV_KMEM:
167: n = ukcopy(iop->io.vbase, (vaddr_t)iop->io_seek, iop->io_ioc);
168: break;
169:
170: case DEV_CMOS:
171: n = 0; /* /dev/cmos is not writable. */
172: break;
173:
174: case DEV_BOOTGIFT:
175: n = 0; /* /dev/bootgift is not writable. */
176: break;
177:
178: default:
179: u.u_error = ENXIO;
180: return;
181: }
182: iop->io_ioc -= n;
183: if (u.u_error == EFAULT)
184: u.u_error = 0;
185: }
186:
187: #ifdef NULL_IOCTL /* Includes all of nlioctl(). */
188:
189: /*
190: * Do an ioctl call for /dev/null.
191: */
192: int
193: nlioctl(dev, cmd, vec)
194: dev_t dev;
195: int cmd;
196: char * vec;
197: {
198: /* Only /dev/kmem has an ioctl. */
199: if (minor(dev) != DEV_KMEM) {
200: u.u_error = EINVAL;
201: return (-1);
202: }
203:
204: switch (cmd) {
205: #ifdef DANGEROUS
206: case NLCALL: /* Call a function. */
207: return docall(vec);
208: #endif /* DANGEROUS */
209: default:
210: u.u_error = EINVAL;
211: return(-1);
212: }
213: } /* nlioctl() */
214:
215: #endif /* NULL_IOCTL */
216:
217: #ifdef DANGEROUS /* Includes all of docall(). */
218: /*
219: * MASSIVE SECURITY HOLE! This should NOT be included in a distribution
220: * system. Among other problems, it becomes possible to do "setuid(0)".
221: *
222: * Call a function with arguments.
223: *
224: * Takes an array of unsigned ints. The first element is the length of
225: * the whole array, the second element is a pointer to the function to
226: * call, all other elements are arguments. At most 5 arguments may be
227: * passed.
228: *
229: * Returns the return value of the called fuction in uvec[0].
230: */
231: int
232: docall(uvec)
233: unsigned uvec[];
234: {
235: int (* func)();
236: unsigned kvec[7];
237: int retval;
238:
239: printf("NLCALL security hole.\n");
240:
241: /* Fetch the first element of vec. */
242: ukcopy(uvec, kvec, sizeof(unsigned));
243:
244: if ((kvec[0] < 2) || (kvec[0] > 7)) {
245: /* Invalid number of elements in uvec. */
246: u.u_error = EINVAL;
247: return(-1);
248: }
249:
250: /* Fetch the whole vector. */
251: ukcopy(uvec, kvec, kvec[0] * sizeof(unsigned));
252:
253: /* Extract the function. */
254: func = (int (*)()) kvec[1];
255:
256: /* Call the function with all arguments. */
257: retval = (*func)(kvec[2], kvec[3], kvec[4], kvec[5], kvec[6]);
258:
259: kucopy(&retval, uvec, sizeof(unsigned));
260:
261: } /* docall() */
262:
263: #endif /* DANGEROUS */
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.