prevent longjmp / forkret from writing over tf->edi

Haximos · Jul 18, 2006 · bd228a8 · bd228a8
1 parent 0dd4253
commit bd228a8
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 6 deletions.
diff --git a/pipe.c b/pipe.c
@@ -61,13 +61,18 @@ pipe_alloc(struct fd **fd1, struct fd **fd2)
 void
 pipe_close(struct pipe *p, int writeable)
 {
+  acquire(&p->lock);
+
   if(writeable){
     p->writeopen = 0;
     wakeup(&p->readp);
   } else {
     p->readopen = 0;
     wakeup(&p->writep);
   }
+
+  release(&p->lock);
+
   if(p->readopen == 0 && p->writeopen == 0)
     kfree((char *) p, PAGE);
 }

diff --git a/proc.c b/proc.c
@@ -109,7 +109,7 @@ copyproc(struct proc* p)
   // Set up new jmpbuf to start executing at forkret (see below).
   memset(&np->jmpbuf, 0, sizeof np->jmpbuf);
   np->jmpbuf.eip = (uint)forkret;
-  np->jmpbuf.esp = (uint)np->tf;
+  np->jmpbuf.esp = (uint)np->tf - 4;
 
   // Copy file descriptors
   for(i = 0; i < NOFILE; i++){

diff --git a/syscall.c b/syscall.c
@@ -13,8 +13,7 @@
  * System call number in %eax.
  * Arguments on the stack, from the user call to the C
  * library system call function. The saved user %esp points
- * to a saved frame pointer, a program counter, and then
- * the first argument.
+ * to a saved program counter, and then the first argument.
  *
  * Return value? Error indication? Errno?
  */
@@ -56,11 +55,11 @@ fetcharg(int argno, void *ip)
 }
 
 int
-putint(struct proc *p, uint addr, int ip)
+putint(struct proc *p, uint addr, int x)
 {
   if(addr > p->sz - 4)
     return -1;
-  memmove(p->mem + addr, &ip, 4);
+  memmove(p->mem + addr, &x, 4);
   return 0;
 }
 
@@ -269,7 +268,6 @@ syscall(void)
   int num = cp->tf->eax;
   int ret = -1;
 
-  //cprintf("%x sys %d\n", cp, num);
   switch(num){
   case SYS_fork:
     ret = sys_fork();