can read/write to mprotect(PROT_NONE) region with 2.6.14 on au1550

can read/write to mprotect(PROT_NONE) region with 2.6.14 on au1550

[Clem Taylor]

[-- Attachment #1: Type: text/plain, Size: 718 bytes --]

Hi,

I was trying to use mprotect(PROT_NONE) to help debug a problem, and
it seems that mprotect() isn't actually doing anything with my 2.6.14
linux-mips kernel on an au1550. Attached is a simple test program that
segfaults as expected on x86 (2.6.12), but does not segfault on mips
(2.6.14). I can both read and write PROT_NONE memory without problem,
which should result in a segfault. Originally, I was trying to
mprotect() a mmaped GFP_DMA region which wasn't working and then I
tried a simpler test that also wasn't working.

Shouldn't mprotect() work? Could I be missing a config option, or is
this just broken?

                               Thanks,
                               Clem Taylor

[-- Attachment #2: mprotectTest.c --]
[-- Type: text/x-csrc, Size: 1064 bytes --]

#include <stdio.h>
#include <stdlib.h>
#include <malloc.h>
#include <sys/mman.h>
#include <string.h>
#include <errno.h>

int main ( int argc, char *argv [ ] )
{
    int size = 65536, i, ret;
    unsigned char *buffer;

    buffer = memalign ( size, size );
    if ( buffer == NULL )
    {
        fprintf ( stderr, "memalign() failed.\n" );
        return 1;
    }

    fprintf ( stderr, "buffer=%p size=%d\n", buffer, size );

    /* write and read buffer */
    memset ( buffer, 0xAA, size );
    for ( i = 0; i < 2; i++ )
        fprintf ( stderr, "buffer [ %d ] = 0x%02X\n", i, buffer [ i ] );

    /* disable reading and writing */
    ret = mprotect ( buffer, size, PROT_NONE );
    if ( ret != 0 )
    {
        fprintf ( stderr, "mprotect(%p,%d,PROT_NONE) failed: %s\n",
            buffer, size, strerror ( errno ) );
        return 1;
    }

    /* write and read buffer, should segfault */
    memset ( buffer, 0x55, size );
    for ( i = 0; i < 2; i++ )
        fprintf ( stderr, "buffer [ %d ] = 0x%02X\n", i, buffer [ i ] );

    return 0;
}

Re: can read/write to mprotect(PROT_NONE) region with 2.6.14 on au1550

[Ralf Baechle]

On Wed, Dec 07, 2005 at 04:51:23PM -0500, Clem Taylor wrote:

> I was trying to use mprotect(PROT_NONE) to help debug a problem, and
> it seems that mprotect() isn't actually doing anything with my 2.6.14
> linux-mips kernel on an au1550. Attached is a simple test program that
> segfaults as expected on x86 (2.6.12), but does not segfault on mips
> (2.6.14). I can both read and write PROT_NONE memory without problem,
> which should result in a segfault. Originally, I was trying to
> mprotect() a mmaped GFP_DMA region which wasn't working and then I
> tried a simpler test that also wasn't working.
> 
> Shouldn't mprotect() work? Could I be missing a config option, or is
> this just broken?

That's a defect in CONFIG_64BIT_PHYS_ADDR which unfortunately is need
on Alchemy SOCs due to the silly address space layout.

  Ralf

[PATCH] FIx mprotect() syscall for MIPS32 w/36-bit physical address support

[Sergei Shtylyov]

[-- Attachment #1: Type: text/plain, Size: 248 bytes --]

Hello.

     Fix mprotect() syscall for MIPS32 CPUs with 36-bit physical address
support: pte_modify() macro didn't clear the hardware page protection bits
before modifying...

WBR, Sergei

Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>


[-- Attachment #2: MIPS32-36bit-phys-addr-mprotect-fix.patch --]
[-- Type: text/plain, Size: 593 bytes --]

diff --git a/include/asm-mips/pgtable.h b/include/asm-mips/pgtable.h
index 702a28f..80b3605 100644
--- a/include/asm-mips/pgtable.h
+++ b/include/asm-mips/pgtable.h
@@ -335,8 +335,9 @@ static inline pgprot_t pgprot_noncached(
 #if defined(CONFIG_64BIT_PHYS_ADDR) && defined(CONFIG_CPU_MIPS32_R1)
 static inline pte_t pte_modify(pte_t pte, pgprot_t newprot)
 {
-	pte.pte_low &= _PAGE_CHG_MASK;
-	pte.pte_low |= pgprot_val(newprot);
+	pte.pte_low  &= _PAGE_CHG_MASK;
+	pte.pte_high &= ~0x3f;
+	pte.pte_low  |= pgprot_val(newprot);
 	pte.pte_high |= pgprot_val(newprot) & 0x3f;
 	return pte;
 }