Security check on physical address to be < 16 MB (ISA DMA uses 24-bit

addressing, which can address 16 MB max).
Floppy driver now dynamically loaded.
This commit is contained in:
Jorrit Herder 2005-08-05 16:23:42 +00:00
parent 655d1e074f
commit 7de7ca978d
5 changed files with 32 additions and 10 deletions

View file

@ -29,8 +29,8 @@ $(LIBDRIVER):
cd $d/libdriver && $(MAKE) cd $d/libdriver && $(MAKE)
# install with other drivers # install with other drivers
install: /usr/sbin/$(DRIVER) install: /sbin/$(DRIVER)
/usr/sbin/$(DRIVER): $(DRIVER) /sbin/$(DRIVER): $(DRIVER)
install -o root -cs $? $@ install -o root -cs $? $@
# clean up local files # clean up local files

View file

@ -33,12 +33,14 @@
#define FDC_DATA 0x3F5 /* floppy disk controller data register */ #define FDC_DATA 0x3F5 /* floppy disk controller data register */
#define FDC_RATE 0x3F7 /* transfer rate register */ #define FDC_RATE 0x3F7 /* transfer rate register */
#define DMA_ADDR 0x004 /* port for low 16 bits of DMA address */ #define DMA_ADDR 0x004 /* port for low 16 bits of DMA address */
#define DMA_TOP 0x081 /* port for top 4 bits of 20-bit DMA addr */ #define DMA_TOP 0x081 /* port for top 8 bits of 24-bit DMA addr */
#define DMA_COUNT 0x005 /* port for DMA count (count = bytes - 1) */ #define DMA_COUNT 0x005 /* port for DMA count (count = bytes - 1) */
#define DMA_FLIPFLOP 0x00C /* DMA byte pointer flip-flop */ #define DMA_FLIPFLOP 0x00C /* DMA byte pointer flip-flop */
#define DMA_MODE 0x00B /* DMA mode port */ #define DMA_MODE 0x00B /* DMA mode port */
#define DMA_INIT 0x00A /* DMA init port */ #define DMA_INIT 0x00A /* DMA init port */
#define DMA_RESET_VAL 0x06 #define DMA_RESET_VAL 0x006
#define DMA_ADDR_MASK 0xFFFFFF /* mask to verify DMA address is 24-bit */
/* Status registers returned as result of operation. */ /* Status registers returned as result of operation. */
#define ST0 0x00 /* status register 0 */ #define ST0 0x00 /* status register 0 */
@ -245,7 +247,7 @@ FORWARD _PROTOTYPE( char *f_name, (void) );
FORWARD _PROTOTYPE( void f_cleanup, (void) ); FORWARD _PROTOTYPE( void f_cleanup, (void) );
FORWARD _PROTOTYPE( int f_transfer, (int proc_nr, int opcode, off_t position, FORWARD _PROTOTYPE( int f_transfer, (int proc_nr, int opcode, off_t position,
iovec_t *iov, unsigned nr_req) ); iovec_t *iov, unsigned nr_req) );
FORWARD _PROTOTYPE( void dma_setup, (int opcode) ); FORWARD _PROTOTYPE( int dma_setup, (int opcode) );
FORWARD _PROTOTYPE( void start_motor, (void) ); FORWARD _PROTOTYPE( void start_motor, (void) );
FORWARD _PROTOTYPE( int seek, (void) ); FORWARD _PROTOTYPE( int seek, (void) );
FORWARD _PROTOTYPE( int fdc_transfer, (int opcode) ); FORWARD _PROTOTYPE( int fdc_transfer, (int opcode) );
@ -571,7 +573,13 @@ unsigned nr_req; /* length of request vector */
/* Set up the DMA chip and perform the transfer. */ /* Set up the DMA chip and perform the transfer. */
if (r == OK) { if (r == OK) {
dma_setup(opcode); if (dma_setup(opcode) != OK) {
/* This can only fail for addresses above 16MB
* that cannot be handled by the controller,
* because it uses 24-bit addressing.
*/
return(EIO);
}
r = fdc_transfer(opcode); r = fdc_transfer(opcode);
} }
@ -627,7 +635,7 @@ unsigned nr_req; /* length of request vector */
/*===========================================================================* /*===========================================================================*
* dma_setup * * dma_setup *
*===========================================================================*/ *===========================================================================*/
PRIVATE void dma_setup(opcode) PRIVATE int dma_setup(opcode)
int opcode; /* DEV_GATHER or DEV_SCATTER */ int opcode; /* DEV_GATHER or DEV_SCATTER */
{ {
/* The IBM PC can perform DMA operations by using the DMA chip. To use it, /* The IBM PC can perform DMA operations by using the DMA chip. To use it,
@ -636,10 +644,21 @@ int opcode; /* DEV_GATHER or DEV_SCATTER */
* opcode. This routine sets up the DMA chip. Note that the chip is not * opcode. This routine sets up the DMA chip. Note that the chip is not
* capable of doing a DMA across a 64K boundary (e.g., you can't read a * capable of doing a DMA across a 64K boundary (e.g., you can't read a
* 512-byte block starting at physical address 65520). * 512-byte block starting at physical address 65520).
*
* Warning! Also note that it's not possible to do DMA above 16 MB because
* the ISA bus uses 24-bit addresses. Addresses above 16 MB therefore will
* be interpreted modulo 16 MB, dangerously overwriting arbitrary memory.
* A check here denies the I/O if the address is out of range.
*/ */
pvb_pair_t byte_out[9]; pvb_pair_t byte_out[9];
int s; int s;
/* First check the DMA memory address not to exceed maximum. */
if (tmp_phys != (tmp_phys & DMA_ADDR_MASK)) {
report("FLOPPY", "DMA denied because address out of range", NO_NUM);
return(EIO);
}
/* Set up the DMA registers. (The comment on the reset is a bit strong, /* Set up the DMA registers. (The comment on the reset is a bit strong,
* it probably only resets the floppy channel.) * it probably only resets the floppy channel.)
*/ */
@ -655,6 +674,7 @@ int opcode; /* DEV_GATHER or DEV_SCATTER */
if ((s=sys_voutb(byte_out, 9)) != OK) if ((s=sys_voutb(byte_out, 9)) != OK)
panic("FLOPPY","Sys_voutb in dma_setup() failed", s); panic("FLOPPY","Sys_voutb in dma_setup() failed", s);
return(OK);
} }

View file

@ -41,6 +41,7 @@
#if (CHIP == INTEL) #if (CHIP == INTEL)
#if USE_EXTRA_DMA_BUF && DMA_BUF_SIZE < 2048 #if USE_EXTRA_DMA_BUF && DMA_BUF_SIZE < 2048
/* A bit extra scratch for the Adaptec driver. */ /* A bit extra scratch for the Adaptec driver. */
#define BUF_EXTRA (2048 - DMA_BUF_SIZE) #define BUF_EXTRA (2048 - DMA_BUF_SIZE)
@ -156,7 +157,7 @@ PRIVATE void init_buffer()
tmp_buf += left; tmp_buf += left;
tmp_phys += left; tmp_phys += left;
} }
#endif /* CHIP != INTEL */ #endif /* CHIP == INTEL */
} }

4
etc/rc
View file

@ -51,8 +51,10 @@ start)
# National keyboard? # National keyboard?
test -f /etc/keymap && loadkeys /etc/keymap test -f /etc/keymap && loadkeys /etc/keymap
# Start crucial system services # Start crucial system services. The floppy driver *must* be loaded
# first, as it needs memory below 16MB in order to do ISA DMA.
echo -n "Starting services:" echo -n "Starting services:"
up floppy "" /dev/fd0
up is "" up is ""
up cmos "" /dev/cmos up cmos "" /dev/cmos
echo . echo .

View file

@ -102,7 +102,6 @@ start)
done done
up inet "" up inet ""
up printer "" /dev/lp up printer "" /dev/lp
# up floppy "" /dev/fd0
echo . echo .
# Network initialization. # Network initialization.