int main(void) { union ldt_entry descs; char *buf; u_long pgsz = sysconf(_SC_PAGESIZE); if ((buf = (char *)malloc(pgsz * 4)) == -1) { perror("malloc"); exit(EXIT_FAILURE); } memset(buf, 0x41, pgsz * 4); buf = (char *)(((u_long)buf & ~pgsz) + pgsz); if (mprotect((char *)((u_long)buf + (pgsz * 2)), (size_t)pgsz, PROT_WRITE) == -1) { perror("mprotect"); exit(EXIT_FAILURE); } /* * This will result in kalloc() size argument being 0x00000000 and copyin() * size argument being 0xfffffff8. */ if (i386_set_ldt(1024, (union ldt_entry *)&buf, -1) == -1) { perror("i386_set_ldt"); exit(EXIT_FAILURE); } exit(EXIT_SUCCESS); }
int main(int argc,char **argv){ if(i386_set_ldt(LUDATA_SEL+1,NULL,-1)==-1){ perror("i386_set_ldt"); exit(EXIT_FAILURE); } exit(EXIT_FAILURE); }
int linux_write_ldt(struct proc *p, struct linux_sys_modify_ldt_args *uap, register_t *retval) { struct linux_ldt_info ldt_info; struct segment_descriptor sd; struct i386_set_ldt_args sl; int error; caddr_t sg; char *parms; if (user_ldt_enable == 0) return (ENOSYS); if (SCARG(uap, bytecount) != sizeof(ldt_info)) return (EINVAL); if ((error = copyin(SCARG(uap, ptr), &ldt_info, sizeof(ldt_info))) != 0) return error; if (ldt_info.contents == 3) return (EINVAL); sg = stackgap_init(p->p_emul); sd.sd_lobase = ldt_info.base_addr & 0xffffff; sd.sd_hibase = (ldt_info.base_addr >> 24) & 0xff; sd.sd_lolimit = ldt_info.limit & 0xffff; sd.sd_hilimit = (ldt_info.limit >> 16) & 0xf; sd.sd_type = 16 | (ldt_info.contents << 2) | (!ldt_info.read_exec_only << 1); sd.sd_dpl = SEL_UPL; sd.sd_p = !ldt_info.seg_not_present; sd.sd_def32 = ldt_info.seg_32bit; sd.sd_gran = ldt_info.limit_in_pages; sl.start = ldt_info.entry_number; sl.desc = stackgap_alloc(&sg, sizeof(sd)); sl.num = 1; #if 0 printf("linux_write_ldt: idx=%d, base=%x, limit=%x\n", ldt_info.entry_number, ldt_info.base_addr, ldt_info.limit); #endif parms = stackgap_alloc(&sg, sizeof(sl)); if ((error = copyout(&sd, sl.desc, sizeof(sd))) != 0) return (error); if ((error = copyout(&sl, parms, sizeof(sl))) != 0) return (error); if ((error = i386_set_ldt(p, parms, retval)) != 0) return (error); *retval = 0; return (0); }
int sys_sysarch(struct proc *p, void *v, register_t *retval) { struct sys_sysarch_args /* { syscallarg(int) op; syscallarg(void *) parms; } */ *uap = v; int error = 0; switch(SCARG(uap, op)) { #ifdef USER_LDT case I386_GET_LDT: error = i386_get_ldt(p, SCARG(uap, parms), retval); break; case I386_SET_LDT: error = i386_set_ldt(p, SCARG(uap, parms), retval); break; #endif case I386_IOPL: error = i386_iopl(p, SCARG(uap, parms), retval); break; case I386_GET_IOPERM: error = i386_get_ioperm(p, SCARG(uap, parms), retval); break; case I386_SET_IOPERM: error = i386_set_ioperm(p, SCARG(uap, parms), retval); break; #ifdef VM86 case I386_VM86: error = i386_vm86(p, SCARG(uap, parms), retval); break; #endif case I386_GET_FSBASE: { uint32_t base = i386_get_threadbase(p, TSEG_FS); error = copyout(&base, SCARG(uap, parms), sizeof(base)); break; } case I386_SET_FSBASE: { uint32_t base; if ((error = copyin(SCARG(uap, parms), &base, sizeof(base)))) break; error = i386_set_threadbase(p, base, TSEG_FS); break; } case I386_GET_GSBASE: { uint32_t base = i386_get_threadbase(p, TSEG_GS); error = copyout(&base, SCARG(uap, parms), sizeof(base)); break; } case I386_SET_GSBASE: { uint32_t base; if ((error = copyin(SCARG(uap, parms), &base, sizeof(base)))) break; error = i386_set_threadbase(p, base, TSEG_GS); break; } default: error = EINVAL; break; } return (error); }