Bugs found and fixed during deep audit of the Fase 5 commit
(implemented during WSL2/GCC instability):
BUG 1 (CRITICAL): vmm_map_page args were inverted in shm_at().
Signature is vmm_map_page(phys, virt, flags) but code passed
(virt, phys, flags). Would map physical pages at wrong addresses
causing memory corruption. Fixed both code paths.
BUG 2 (CRITICAL): shm_dt() used broken heuristic to find segment.
Matched by npages count — if two segments had same page count,
wrong one got decremented. Added shmid field to mmap entry struct
for direct O(1) lookup. Removed dead code loop that computed
expected_va and discarded it.
BUG 3: shm_at() with shmaddr!=0 didn't register in mmaps[].
shm_dt() would never find the slot, returning -EINVAL.
Now always registers in mmap table regardless of shmaddr.
BUG 4: shm_destroy() only cleared 'used' flag, leaving stale
key/size/npages/nattch. Now memset()s entire struct to zero.
BUG 5: shm_ctl(IPC_STAT) wrote directly to userspace pointer
while holding spinlock. Page fault under spinlock = deadlock.
Now copies to local struct, releases lock, then copy_to_user().
Additional fixes:
- Added shmid field to process mmap entry (process.h)
- Initialize mmaps[].shmid = -1 in all 3 process creation paths
(process_init, process_create_kernel, process_fork_create)
- Set shmid = -1 in syscall_mmap_impl and syscall_munmap_impl
- Fork now copies parent's mmap table to child (with shmid)
Passes: make, cppcheck, QEMU smoke test (all init tests OK).
projects / AdrOS.git / commit