Subject: NetBSD master CVS tree commits
To: None <source-changes@NetBSD.ORG>
From: None <source@NetBSD.ORG>
Date: 10/04/1996 09:00:02
Fri Oct 4 01:55:05 PDT 1996
Update of /cvsroot/src/sys/arch/hp300/hp300
In directory netbsd1:/var/slash-tmp/cvs-serv24904
At the end of the delay calibration routine, explcitly reset the timer.
This fixes a critical bug where a clock interrupt would happen sometime
between the call to hp300_calibrate_delay() and when proc0 is initialized.
This ends up dereferencing a bad pointer in itimerdecr(), which scribbles
over the first page of kernel text, specifically vectors 46 and 47 (decimal).
To complicate matters, the way the bug manifested itself was different
depending on whether or not DDB was configured into the kernel. When
DDB is in the kernel, kernel text is mapped read/write. When DDB is not
in the kernel, kernel text is mapped read-only. Note that the kernel
scribble happens early, typically before the console is initialized.
In the non-DDB case, the kernel will hang as soon as it's loaded because
the access causes a fault (before the console is initialized, so you
don't see the trap).
In the DDB case, the access does _not_ cause a fault. However, the
mechanism used to enter the kernel debugger is to issue a "trap #15".
Conveniently, this is one of the corrupted vectors (47), thus rendering
DDB useless (it actually caused a recursive panic/trap loop).
This _WILL_ be in the first 1.2 official patch.