thorpej
Sat Oct 19 01:51:36 PDT 1996
Update of /cvsroot/src/sys/arch/hp300/hp300
In directory netbsd1:/var/slash-tmp/cvs-serv28563

Modified Files:
	machdep.c 
Log Message:
Set up a kernel_map entry for the text segment with protection of
VM_PROT_READ|VM_PROT_EXECUTE.  The previous default (VM_PROT_ALL)
would cause the following scenario:
	- someone attempts to write kernel text (my test was writing
	  to an offset of /dev/kmem which was known to be in the text
	  segment, while in single-user mode).
	- enter trap() with MMU fault (because of RO pte).
	- trap() calls vm_fault(), which looks up vm_map_entry for
	  fauling address.
	- vm_fault interprets write fault and VM_PROT_WRITE (in VM_PROT_ALL)
	  as COW; new page allocated, data copied to new page, new page
	  mapped in at trunc_page(<faulting va>).
	- wow, look at the fireworks!
Fixes two potential symptoms:
	- kernacc() returns TRUE when checking for permission to write
	  an offset in kernel text, which is bogus, since the text has
	  been mapped RO by pmap_bootstrap().
	- Handling of a stray pointer that attempted to scribble into
	  kernel text would not be executed properly.