CVS commit: [netbsd-7-0] src/sys/kern
Module Name:src Committed By: msaitoh Date: Tue Apr 16 03:53:26 UTC 2019 Modified Files: src/sys/kern [netbsd-7-0]: sys_mqueue.c Log Message: Pull up following revision(s) (requested by martin in ticket #1688): sys/kern/sys_mqueue.c: revision 1.44 mq_send1: fix argument validation and reject too large lengths early. Discovered by Andy Nguyen. To generate a diff of this commit: cvs rdiff -u -r1.36 -r1.36.6.1 src/sys/kern/sys_mqueue.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/sys_mqueue.c diff -u src/sys/kern/sys_mqueue.c:1.36 src/sys/kern/sys_mqueue.c:1.36.6.1 --- src/sys/kern/sys_mqueue.c:1.36 Tue Feb 25 18:30:11 2014 +++ src/sys/kern/sys_mqueue.c Tue Apr 16 03:53:25 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: sys_mqueue.c,v 1.36 2014/02/25 18:30:11 pooka Exp $ */ +/* $NetBSD: sys_mqueue.c,v 1.36.6.1 2019/04/16 03:53:25 msaitoh Exp $ */ /* * Copyright (c) 2007-2011 Mindaugas Rasiukevicius @@ -43,7 +43,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: sys_mqueue.c,v 1.36 2014/02/25 18:30:11 pooka Exp $"); +__KERNEL_RCSID(0, "$NetBSD: sys_mqueue.c,v 1.36.6.1 2019/04/16 03:53:25 msaitoh Exp $"); #include #include @@ -794,6 +794,8 @@ mq_send1(mqd_t mqdes, const char *msg_pt return EINVAL; /* Allocate a new message */ + if (msg_len > mq_max_msgsize) + return EMSGSIZE; size = sizeof(struct mq_msg) + msg_len; if (size > mq_max_msgsize) return EMSGSIZE;
CVS commit: [netbsd-7-0] src/sys/kern
Module Name:src Committed By: martin Date: Sun Feb 24 10:55:24 UTC 2019 Modified Files: src/sys/kern [netbsd-7-0]: kern_time.c Log Message: Pull up following revision(s) (requested by mlelstv in ticket #1196): sys/kern/kern_time.c: revision 1.196 The callout is used by any nonvirtual timer including CLOCK_MONOTONIC and needs to be initialized. Detected by [syzkaller]. To generate a diff of this commit: cvs rdiff -u -r1.179.12.5 -r1.179.12.6 src/sys/kern/kern_time.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_time.c diff -u src/sys/kern/kern_time.c:1.179.12.5 src/sys/kern/kern_time.c:1.179.12.6 --- src/sys/kern/kern_time.c:1.179.12.5 Fri Feb 1 11:12:03 2019 +++ src/sys/kern/kern_time.c Sun Feb 24 10:55:24 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_time.c,v 1.179.12.5 2019/02/01 11:12:03 martin Exp $ */ +/* $NetBSD: kern_time.c,v 1.179.12.6 2019/02/24 10:55:24 martin Exp $ */ /*- * Copyright (c) 2000, 2004, 2005, 2007, 2008, 2009 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_time.c,v 1.179.12.5 2019/02/01 11:12:03 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_time.c,v 1.179.12.6 2019/02/24 10:55:24 martin Exp $"); #include #include @@ -1141,7 +1141,7 @@ dosetitimer(struct proc *p, int which, s pt->pt_type = which; pt->pt_entry = which; pt->pt_queued = false; - if (pt->pt_type == CLOCK_REALTIME) + if (!CLOCK_VIRTUAL_P(which)) callout_init(>pt_ch, CALLOUT_MPSAFE); else pt->pt_active = 0;
CVS commit: [netbsd-7-0] src/sys/kern
Module Name:src Committed By: martin Date: Fri Feb 1 11:12:03 UTC 2019 Modified Files: src/sys/kern [netbsd-7-0]: kern_time.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1678): sys/kern/kern_time.c: revision 1.190 sys/kern/kern_time.c: revision 1.194 Fix stack info leak. There are 4 bytes of padding in struct timeval. Looks like there are other leaks related to timeval in this file. [ 133.414352] kleak: Possible leak in copyout: [len=16, leaked=4] [ 133.414352] #0 0x80224d0a in kleak_note [ 133.424360] #1 0x80224d8a in kleak_copyout [ 133.434361] #2 0x80b5fd79 in sys___gettimeofday50 [ 133.434361] #3 0x8025a89c in sy_call [ 133.444351] #4 0x8025aace in sy_invoke [ 133.454365] #5 0x8025ab54 in syscall - Fix kernel info leaks. To generate a diff of this commit: cvs rdiff -u -r1.179.12.4 -r1.179.12.5 src/sys/kern/kern_time.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_time.c diff -u src/sys/kern/kern_time.c:1.179.12.4 src/sys/kern/kern_time.c:1.179.12.5 --- src/sys/kern/kern_time.c:1.179.12.4 Thu Dec 27 12:01:50 2018 +++ src/sys/kern/kern_time.c Fri Feb 1 11:12:03 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_time.c,v 1.179.12.4 2018/12/27 12:01:50 martin Exp $ */ +/* $NetBSD: kern_time.c,v 1.179.12.5 2019/02/01 11:12:03 martin Exp $ */ /*- * Copyright (c) 2000, 2004, 2005, 2007, 2008, 2009 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_time.c,v 1.179.12.4 2018/12/27 12:01:50 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_time.c,v 1.179.12.5 2019/02/01 11:12:03 martin Exp $"); #include #include @@ -388,6 +388,7 @@ sys___gettimeofday50(struct lwp *l, cons struct timezone tzfake; if (SCARG(uap, tp)) { + memset(, 0, sizeof(atv)); microtime(); error = copyout(, SCARG(uap, tp), sizeof(atv)); if (error) @@ -487,6 +488,7 @@ adjtime1(const struct timeval *delta, st extern int64_t time_adjtime; /* in kern_ntptime.c */ if (olddelta) { + memset(olddelta, 0, sizeof(*olddelta)); mutex_spin_enter(_lock); olddelta->tv_sec = time_adjtime / 100; olddelta->tv_usec = time_adjtime % 100;
CVS commit: [netbsd-7-0] src/sys/kern
Module Name:src Committed By: martin Date: Thu Jan 24 14:12:09 UTC 2019 Modified Files: src/sys/kern [netbsd-7-0]: kern_ntptime.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1675): sys/kern/kern_ntptime.c: revision 1.60 Zero out the ntptimeval structure to prevent a 4 byte kernel stack disclosure. Reported by Thomas Barabosch. To generate a diff of this commit: cvs rdiff -u -r1.55 -r1.55.8.1 src/sys/kern/kern_ntptime.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_ntptime.c diff -u src/sys/kern/kern_ntptime.c:1.55 src/sys/kern/kern_ntptime.c:1.55.8.1 --- src/sys/kern/kern_ntptime.c:1.55 Tue Feb 25 18:30:11 2014 +++ src/sys/kern/kern_ntptime.c Thu Jan 24 14:12:09 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_ntptime.c,v 1.55 2014/02/25 18:30:11 pooka Exp $ */ +/* $NetBSD: kern_ntptime.c,v 1.55.8.1 2019/01/24 14:12:09 martin Exp $ */ /*- * Copyright (c) 2008 The NetBSD Foundation, Inc. @@ -60,7 +60,7 @@ #include /* __FBSDID("$FreeBSD: src/sys/kern/kern_ntptime.c,v 1.59 2005/05/28 14:34:41 rwatson Exp $"); */ -__KERNEL_RCSID(0, "$NetBSD: kern_ntptime.c,v 1.55 2014/02/25 18:30:11 pooka Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_ntptime.c,v 1.55.8.1 2019/01/24 14:12:09 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_ntp.h" @@ -239,6 +239,7 @@ static void hardupdate(long offset); void ntp_gettime(struct ntptimeval *ntv) { + memset(ntv, 0, sizeof(*ntv)); mutex_spin_enter(_lock); nanotime(>time);
CVS commit: [netbsd-7-0] src/sys/kern
Module Name:src Committed By: martin Date: Thu Dec 27 12:01:50 UTC 2018 Modified Files: src/sys/kern [netbsd-7-0]: kern_time.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1667): sys/kern/kern_time.c: revision 1.191 Fix kernel info leak. There are 2x4 bytes of padding in struct itimerval. [ 738.451860] kleak: Possible leak in copyout: [len=32, leaked=8] [ 738.481840] #0 0x80b7c42a in kleak_note [ 738.491821] #1 0x80b7c4aa in kleak_copyout [ 738.501806] #2 0x80b6154e in sys___getitimer50 [ 738.511778] #3 0x80b61e39 in sys___setitimer50 [ 738.521781] #4 0x8025ab3c in sy_call [ 738.521781] #5 0x8025ad6e in sy_invoke [ 738.531808] #6 0x8025adf4 in syscall To generate a diff of this commit: cvs rdiff -u -r1.179.12.3 -r1.179.12.4 src/sys/kern/kern_time.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_time.c diff -u src/sys/kern/kern_time.c:1.179.12.3 src/sys/kern/kern_time.c:1.179.12.4 --- src/sys/kern/kern_time.c:1.179.12.3 Fri Dec 14 12:07:54 2018 +++ src/sys/kern/kern_time.c Thu Dec 27 12:01:50 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_time.c,v 1.179.12.3 2018/12/14 12:07:54 martin Exp $ */ +/* $NetBSD: kern_time.c,v 1.179.12.4 2018/12/27 12:01:50 martin Exp $ */ /*- * Copyright (c) 2000, 2004, 2005, 2007, 2008, 2009 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_time.c,v 1.179.12.3 2018/12/14 12:07:54 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_time.c,v 1.179.12.4 2018/12/27 12:01:50 martin Exp $"); #include #include @@ -1030,6 +1030,7 @@ sys___getitimer50(struct lwp *l, const s struct itimerval aitv; int error; + memset(, 0, sizeof(aitv)); error = dogetitimer(p, SCARG(uap, which), ); if (error) return error;
CVS commit: [netbsd-7-0] src/sys/kern
Module Name:src Committed By: martin Date: Wed Dec 12 11:37:42 UTC 2018 Modified Files: src/sys/kern [netbsd-7-0]: sys_sig.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1664): sys/kern/sys_sig.c: revision 1.47 Fix kernel info leak, 4 bytes of padding in struct _ksiginfo. Maybe we should just set _pad to zero on LP64? + Possible info leak: [len=40, leaked=4] | #0 0x80baf397 in kleak_copyout | #1 0x80bda817 in sigtimedwait1 | #2 0x80bdab95 in sys_sigtimedwait50 | #3 0x80259c42 in syscall To generate a diff of this commit: cvs rdiff -u -r1.42 -r1.42.6.1 src/sys/kern/sys_sig.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/sys_sig.c diff -u src/sys/kern/sys_sig.c:1.42 src/sys/kern/sys_sig.c:1.42.6.1 --- src/sys/kern/sys_sig.c:1.42 Fri Feb 14 16:35:11 2014 +++ src/sys/kern/sys_sig.c Wed Dec 12 11:37:42 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: sys_sig.c,v 1.42 2014/02/14 16:35:11 christos Exp $ */ +/* $NetBSD: sys_sig.c,v 1.42.6.1 2018/12/12 11:37:42 martin Exp $ */ /*- * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -66,7 +66,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: sys_sig.c,v 1.42 2014/02/14 16:35:11 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: sys_sig.c,v 1.42.6.1 2018/12/12 11:37:42 martin Exp $"); #include #include @@ -759,6 +759,8 @@ sigtimedwait1(struct lwp *l, const struc */ sigminusset(, >l_sigwaitset); + memset(_info, 0, sizeof(ksi.ksi_info)); + mutex_enter(p->p_lock); /* Check for pending signals in the process, if no - then in LWP. */
CVS commit: [netbsd-7-0] src/sys/kern
Module Name:src Committed By: martin Date: Fri Nov 30 10:40:19 UTC 2018 Modified Files: src/sys/kern [netbsd-7-0]: kern_sig.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1661): sys/kern/kern_sig.c: revision 1.350 Fix kernel info leak, 4 bytes of padding at the end of struct sigaction. + Possible info leak: [len=32, leaked=4] | #0 0x80baf327 in kleak_copyout | #1 0x80bd9ca8 in sys___sigaction_sigtramp | #2 0x80259c42 in syscall To generate a diff of this commit: cvs rdiff -u -r1.319.8.1 -r1.319.8.2 src/sys/kern/kern_sig.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_sig.c diff -u src/sys/kern/kern_sig.c:1.319.8.1 src/sys/kern/kern_sig.c:1.319.8.2 --- src/sys/kern/kern_sig.c:1.319.8.1 Thu Nov 5 09:21:50 2015 +++ src/sys/kern/kern_sig.c Fri Nov 30 10:40:19 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_sig.c,v 1.319.8.1 2015/11/05 09:21:50 snj Exp $ */ +/* $NetBSD: kern_sig.c,v 1.319.8.2 2018/11/30 10:40:19 martin Exp $ */ /*- * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -70,7 +70,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_sig.c,v 1.319.8.1 2015/11/05 09:21:50 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_sig.c,v 1.319.8.2 2018/11/30 10:40:19 martin Exp $"); #include "opt_ptrace.h" #include "opt_compat_sunos.h" @@ -191,6 +191,13 @@ signal_listener_cb(kauth_cred_t cred, ka return result; } +static int +sigacts_ctor(void *arg __unused, void *obj, int flags __unused) +{ + memset(obj, 0, sizeof(struct sigacts)); + return 0; +} + /* * signal_init: * @@ -204,7 +211,7 @@ signal_init(void) sigacts_cache = pool_cache_init(sizeof(struct sigacts), 0, 0, 0, "sigacts", sizeof(struct sigacts) > PAGE_SIZE ? - _allocator : NULL, IPL_NONE, NULL, NULL, NULL); + _allocator : NULL, IPL_NONE, sigacts_ctor, NULL, NULL); ksiginfo_cache = pool_cache_init(sizeof(ksiginfo_t), 0, 0, 0, "ksiginfo", NULL, IPL_VM, NULL, NULL, NULL);
CVS commit: [netbsd-7-0] src/sys/kern
Module Name:src Committed By: martin Date: Thu Nov 29 09:00:14 UTC 2018 Modified Files: src/sys/kern [netbsd-7-0]: kern_time.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1660): sys/kern/kern_time.c: revision 1.192 Fix kernel info leak. + Possible info leak: [len=32, leaked=16] | #0 0x80baf3a7 in kleak_copyout | #1 0x80b940f8 in sys___timer_settime50 | #2 0x80259c42 in syscall To generate a diff of this commit: cvs rdiff -u -r1.179.12.1 -r1.179.12.2 src/sys/kern/kern_time.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_time.c diff -u src/sys/kern/kern_time.c:1.179.12.1 src/sys/kern/kern_time.c:1.179.12.2 --- src/sys/kern/kern_time.c:1.179.12.1 Thu Mar 3 15:41:35 2016 +++ src/sys/kern/kern_time.c Thu Nov 29 09:00:14 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_time.c,v 1.179.12.1 2016/03/03 15:41:35 martin Exp $ */ +/* $NetBSD: kern_time.c,v 1.179.12.2 2018/11/29 09:00:14 martin Exp $ */ /*- * Copyright (c) 2000, 2004, 2005, 2007, 2008, 2009 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_time.c,v 1.179.12.1 2016/03/03 15:41:35 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_time.c,v 1.179.12.2 2018/11/29 09:00:14 martin Exp $"); #include #include @@ -566,6 +566,7 @@ timer_create1(timer_t *tid, clockid_t id pts = timers_alloc(p); pt = pool_get(_pool, PR_WAITOK); + memset(pt, 0, sizeof(*pt)); if (evp != NULL) { if (((error = (*fetch_event)(evp, >pt_ev, sizeof(pt->pt_ev))) != 0) ||
CVS commit: [netbsd-7-0] src/sys/kern
Module Name:src Committed By: martin Date: Wed Nov 28 19:37:46 UTC 2018 Modified Files: src/sys/kern [netbsd-7-0]: kern_exec.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1658): sys/kern/kern_exec.c: revision 1.462 Fix stack info leak. There are 2x4 bytes of padding in struct ps_strings. [ 223.896199] kleak: Possible leak in copyout: [len=32, leaked=8] [ 223.906430] #0 0x80224d0a in kleak_note [ 223.906430] #1 0x80224d8a in kleak_copyout [ 223.918363] #2 0x80b1e26c in copyoutpsstrs [ 223.926560] #3 0x80b1e331 in copyoutargs [ 223.936216] #4 0x80b21768 in execve_runproc [ 223.946225] #5 0x80b21cc9 in execve1 [ 223.946225] #6 0x8025a89c in sy_call [ 223.956225] #7 0x8025aace in sy_invoke [ 223.966232] #8 0x8025ab54 in syscall To generate a diff of this commit: cvs rdiff -u -r1.408.2.3.2.2 -r1.408.2.3.2.3 src/sys/kern/kern_exec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_exec.c diff -u src/sys/kern/kern_exec.c:1.408.2.3.2.2 src/sys/kern/kern_exec.c:1.408.2.3.2.3 --- src/sys/kern/kern_exec.c:1.408.2.3.2.2 Sun Feb 25 21:15:20 2018 +++ src/sys/kern/kern_exec.c Wed Nov 28 19:37:46 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_exec.c,v 1.408.2.3.2.2 2018/02/25 21:15:20 snj Exp $ */ +/* $NetBSD: kern_exec.c,v 1.408.2.3.2.3 2018/11/28 19:37:46 martin Exp $ */ /*- * Copyright (c) 2008 The NetBSD Foundation, Inc. @@ -59,7 +59,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.408.2.3.2.2 2018/02/25 21:15:20 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.408.2.3.2.3 2018/11/28 19:37:46 martin Exp $"); #include "opt_exec.h" #include "opt_execfmt.h" @@ -1391,6 +1391,8 @@ copyoutargs(struct execve_data * restric struct proc *p = l->l_proc; int error; + memset(>ed_arginfo, 0, sizeof(data->ed_arginfo)); + /* remember information about the process */ data->ed_arginfo.ps_nargvstr = data->ed_argc; data->ed_arginfo.ps_nenvstr = data->ed_envc;
CVS commit: [netbsd-7-0] src/sys/kern
Module Name:src Committed By: martin Date: Wed Nov 21 12:14:30 UTC 2018 Modified Files: src/sys/kern [netbsd-7-0]: kern_event.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1653): sys/kern/kern_event.c: revision 1.104 Fix kernel info leak. There are 4 bytes of padding in struct kevent. [ 287.537676] kleak: Possible leak in copyout: [len=40, leaked=4] [ 287.537676] #0 0x80b7c41a in kleak_note [ 287.547673] #1 0x80b7c49a in kleak_copyout [ 287.557677] #2 0x80b1d32d in kqueue_scan.isra.1.constprop.2 [ 287.557677] #3 0x80b1dc6a in kevent1 [ 287.567683] #4 0x80b1dcb0 in sys___kevent50 [ 287.567683] #5 0x8025ab3c in sy_call [ 287.577688] #6 0x8025ad6e in sy_invoke [ 287.587693] #7 0x8025adf4 in syscall To generate a diff of this commit: cvs rdiff -u -r1.80.2.1.2.1 -r1.80.2.1.2.2 src/sys/kern/kern_event.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_event.c diff -u src/sys/kern/kern_event.c:1.80.2.1.2.1 src/sys/kern/kern_event.c:1.80.2.1.2.2 --- src/sys/kern/kern_event.c:1.80.2.1.2.1 Sat Jul 8 16:51:56 2017 +++ src/sys/kern/kern_event.c Wed Nov 21 12:14:29 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_event.c,v 1.80.2.1.2.1 2017/07/08 16:51:56 snj Exp $ */ +/* $NetBSD: kern_event.c,v 1.80.2.1.2.2 2018/11/21 12:14:29 martin Exp $ */ /*- * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. @@ -58,7 +58,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_event.c,v 1.80.2.1.2.1 2017/07/08 16:51:56 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_event.c,v 1.80.2.1.2.2 2018/11/21 12:14:29 martin Exp $"); #include #include @@ -584,6 +584,7 @@ filt_proc(struct knote *kn, long hint) * event with the parent's pid. Register knote with new * process. */ + memset(, 0, sizeof(kev)); kev.ident = hint & NOTE_PDATAMASK; /* pid */ kev.filter = kn->kn_filter; kev.flags = kn->kn_flags | EV_ADD | EV_ENABLE | EV_FLAG1;
CVS commit: [netbsd-7-0] src/sys/kern
Module Name:src Committed By: martin Date: Tue May 22 17:38:05 UTC 2018 Modified Files: src/sys/kern [netbsd-7-0]: uipc_mbuf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1606): sys/kern/uipc_mbuf.c: revision 1.214 Revert my rev1.190, remove the M_READONLY check. The initial code was correct: what is read-only is the mbuf storage, not the mbuf itself. The storage contains the packet payload, and never has anything related to mbufs. So it is fine to remove M_PKTHDR on mbufs that have a read-only storage. In fact it was kind of obvious, since several places already manually remove M_PKTHDR without taking care of the external storage. To generate a diff of this commit: cvs rdiff -u -r1.158.4.1.2.3 -r1.158.4.1.2.4 src/sys/kern/uipc_mbuf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/uipc_mbuf.c diff -u src/sys/kern/uipc_mbuf.c:1.158.4.1.2.3 src/sys/kern/uipc_mbuf.c:1.158.4.1.2.4 --- src/sys/kern/uipc_mbuf.c:1.158.4.1.2.3 Tue May 15 04:48:16 2018 +++ src/sys/kern/uipc_mbuf.c Tue May 22 17:38:05 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_mbuf.c,v 1.158.4.1.2.3 2018/05/15 04:48:16 martin Exp $ */ +/* $NetBSD: uipc_mbuf.c,v 1.158.4.1.2.4 2018/05/22 17:38:05 martin Exp $ */ /*- * Copyright (c) 1999, 2001 The NetBSD Foundation, Inc. @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: uipc_mbuf.c,v 1.158.4.1.2.3 2018/05/15 04:48:16 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: uipc_mbuf.c,v 1.158.4.1.2.4 2018/05/22 17:38:05 martin Exp $"); #include "opt_mbuftrace.h" #include "opt_nmbclusters.h" @@ -458,11 +458,6 @@ m_pkthdr_remove(struct mbuf *m) { KASSERT(m->m_flags & M_PKTHDR); - if (M_READONLY(m)) { - /* Nothing we can do. */ - return; - } - m_tag_delete_chain(m, NULL); m->m_flags &= ~M_PKTHDR; memset(>m_pkthdr, 0, sizeof(m->m_pkthdr));
CVS commit: [netbsd-7-0] src/sys/kern
Module Name:src Committed By: martin Date: Tue May 15 04:48:16 UTC 2018 Modified Files: src/sys/kern [netbsd-7-0]: uipc_mbuf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1602): sys/kern/uipc_mbuf.c: revision 1.211 (via patch) Modify m_defrag, so that it never frees the first mbuf of the chain. While here use the given 'flags' argument, and not M_DONTWAIT. We have a problem with several drivers: they poll an mbuf chain from their queues and call m_defrag on them, but m_defrag could update the mbuf pointer, so the mbuf in the queue is no longer valid. It is not easy to fix each driver, because doing pop+push will reorder the queue, and we don't really want that to happen. This problem was independently spotted by me, Kengo, Masanobu, and other people too it seems (perhaps PR/53218). Now m_defrag leaves the first mbuf in place, and compresses the chain only starting from the second mbuf in the chain. It is important not to compress the first mbuf with hacks, because the storage of this first mbuf may be shared with other mbufs. To generate a diff of this commit: cvs rdiff -u -r1.158.4.1.2.2 -r1.158.4.1.2.3 src/sys/kern/uipc_mbuf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/uipc_mbuf.c diff -u src/sys/kern/uipc_mbuf.c:1.158.4.1.2.2 src/sys/kern/uipc_mbuf.c:1.158.4.1.2.3 --- src/sys/kern/uipc_mbuf.c:1.158.4.1.2.2 Tue Apr 17 08:30:08 2018 +++ src/sys/kern/uipc_mbuf.c Tue May 15 04:48:16 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_mbuf.c,v 1.158.4.1.2.2 2018/04/17 08:30:08 martin Exp $ */ +/* $NetBSD: uipc_mbuf.c,v 1.158.4.1.2.3 2018/05/15 04:48:16 martin Exp $ */ /*- * Copyright (c) 1999, 2001 The NetBSD Foundation, Inc. @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: uipc_mbuf.c,v 1.158.4.1.2.2 2018/04/17 08:30:08 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: uipc_mbuf.c,v 1.158.4.1.2.3 2018/05/15 04:48:16 martin Exp $"); #include "opt_mbuftrace.h" #include "opt_nmbclusters.h" @@ -1376,30 +1376,35 @@ m_makewritable(struct mbuf **mp, int off } /* - * Copy the mbuf chain to a new mbuf chain that is as short as possible. - * Return the new mbuf chain on success, NULL on failure. On success, - * free the old mbuf chain. + * Compress the mbuf chain. Return the new mbuf chain on success, NULL on + * failure. The first mbuf is preserved, and on success the pointer returned + * is the same as the one passed. */ struct mbuf * m_defrag(struct mbuf *mold, int flags) { struct mbuf *m0, *mn, *n; - size_t sz = mold->m_pkthdr.len; + int sz; #ifdef DIAGNOSTIC if ((mold->m_flags & M_PKTHDR) == 0) panic("m_defrag: not a mbuf chain header"); #endif - m0 = m_gethdr(flags, MT_DATA); + if (mold->m_next == NULL) + return mold; + + m0 = m_get(flags, MT_DATA); if (m0 == NULL) return NULL; - M_COPY_PKTHDR(m0, mold); mn = m0; + sz = mold->m_pkthdr.len - mold->m_len; + KASSERT(sz >= 0); + do { - if (sz > MHLEN) { - MCLGET(mn, M_DONTWAIT); + if (sz > MLEN) { + MCLGET(mn, flags); if ((mn->m_flags & M_EXT) == 0) { m_freem(m0); return NULL; @@ -1415,7 +1420,7 @@ m_defrag(struct mbuf *mold, int flags) if (sz > 0) { /* need more mbufs */ - n = m_get(M_NOWAIT, MT_DATA); + n = m_get(flags, MT_DATA); if (n == NULL) { m_freem(m0); return NULL; @@ -1426,9 +1431,10 @@ m_defrag(struct mbuf *mold, int flags) } } while (sz > 0); - m_freem(mold); + m_freem(mold->m_next); + mold->m_next = m0; - return m0; + return mold; } int
CVS commit: [netbsd-7-0] src/sys/kern
Module Name:src Committed By: martin Date: Tue Apr 17 08:30:08 UTC 2018 Modified Files: src/sys/kern [netbsd-7-0]: uipc_mbuf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1598): sys/kern/uipc_mbuf.c: revision 1.190 If the mbuf is shared leave M_PKTHDR in place. Given where this function is called from that's not supposed to happen, but I'm growing unconfident about our mbuf code. To generate a diff of this commit: cvs rdiff -u -r1.158.4.1.2.1 -r1.158.4.1.2.2 src/sys/kern/uipc_mbuf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/uipc_mbuf.c diff -u src/sys/kern/uipc_mbuf.c:1.158.4.1.2.1 src/sys/kern/uipc_mbuf.c:1.158.4.1.2.2 --- src/sys/kern/uipc_mbuf.c:1.158.4.1.2.1 Thu Apr 5 11:53:02 2018 +++ src/sys/kern/uipc_mbuf.c Tue Apr 17 08:30:08 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_mbuf.c,v 1.158.4.1.2.1 2018/04/05 11:53:02 martin Exp $ */ +/* $NetBSD: uipc_mbuf.c,v 1.158.4.1.2.2 2018/04/17 08:30:08 martin Exp $ */ /*- * Copyright (c) 1999, 2001 The NetBSD Foundation, Inc. @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: uipc_mbuf.c,v 1.158.4.1.2.1 2018/04/05 11:53:02 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: uipc_mbuf.c,v 1.158.4.1.2.2 2018/04/17 08:30:08 martin Exp $"); #include "opt_mbuftrace.h" #include "opt_nmbclusters.h" @@ -458,6 +458,11 @@ m_pkthdr_remove(struct mbuf *m) { KASSERT(m->m_flags & M_PKTHDR); + if (M_READONLY(m)) { + /* Nothing we can do. */ + return; + } + m_tag_delete_chain(m, NULL); m->m_flags &= ~M_PKTHDR; memset(>m_pkthdr, 0, sizeof(m->m_pkthdr));
CVS commit: [netbsd-7-0] src/sys/kern
Module Name:src Committed By: snj Date: Wed Jan 3 21:11:37 UTC 2018 Modified Files: src/sys/kern [netbsd-7-0]: subr_kobj.c Log Message: Pull up following revision(s) (requested by pgoyette in ticket #1539): sys/kern/subr_kobj.c: revision 1.52 Compare names of duplicate symbols properly, so we correctly return an error status. Fixes PR kern/45125 with patch supplied by Akinobu Mita To generate a diff of this commit: cvs rdiff -u -r1.50 -r1.50.6.1 src/sys/kern/subr_kobj.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/subr_kobj.c diff -u src/sys/kern/subr_kobj.c:1.50 src/sys/kern/subr_kobj.c:1.50.6.1 --- src/sys/kern/subr_kobj.c:1.50 Wed Jul 16 13:26:33 2014 +++ src/sys/kern/subr_kobj.c Wed Jan 3 21:11:37 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: subr_kobj.c,v 1.50 2014/07/16 13:26:33 maxv Exp $ */ +/* $NetBSD: subr_kobj.c,v 1.50.6.1 2018/01/03 21:11:37 snj Exp $ */ /*- * Copyright (c) 2008 The NetBSD Foundation, Inc. @@ -63,7 +63,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: subr_kobj.c,v 1.50 2014/07/16 13:26:33 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: subr_kobj.c,v 1.50.6.1 2018/01/03 21:11:37 snj Exp $"); #include "opt_modular.h" @@ -904,7 +904,7 @@ kobj_checksyms(kobj_t ko, bool undefined strcmp(name, "__end") == 0 || strcmp(name, "__end__") == 0 || strncmp(name, "__start_link_set_", 17) == 0 || - strncmp(name, "__stop_link_set_", 16)) { + strncmp(name, "__stop_link_set_", 16) == 0) { continue; } kobj_error(ko, "global symbol `%s' redefined",
CVS commit: [netbsd-7-0] src/sys/kern
Module Name:src Committed By: snj Date: Sat Aug 19 05:21:56 UTC 2017 Modified Files: src/sys/kern [netbsd-7-0]: kern_ktrace.c Log Message: Pull up following revision(s) (requested by mrg in ticket #1481): sys/kern/kern_ktrace.c: 1.171 via patch Clamp the length we use, not the length we don't. Avoids uninitialized memory disclosure to userland. >From Ilja Van Sprundel. To generate a diff of this commit: cvs rdiff -u -r1.164.4.1 -r1.164.4.1.2.1 src/sys/kern/kern_ktrace.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_ktrace.c diff -u src/sys/kern/kern_ktrace.c:1.164.4.1 src/sys/kern/kern_ktrace.c:1.164.4.1.2.1 --- src/sys/kern/kern_ktrace.c:1.164.4.1 Mon Dec 1 11:38:42 2014 +++ src/sys/kern/kern_ktrace.c Sat Aug 19 05:21:56 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_ktrace.c,v 1.164.4.1 2014/12/01 11:38:42 martin Exp $ */ +/* $NetBSD: kern_ktrace.c,v 1.164.4.1.2.1 2017/08/19 05:21:56 snj Exp $ */ /*- * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.164.4.1 2014/12/01 11:38:42 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.164.4.1.2.1 2017/08/19 05:21:56 snj Exp $"); #include #include @@ -931,7 +931,7 @@ ktruser(const char *id, void *addr, size user_dta = (void *)(ktp + 1); if ((error = copyin(addr, (void *)user_dta, len)) != 0) - len = 0; + kte->kte_kth.ktr_len = 0; ktraddentry(l, kte, KTA_WAITOK); return error;
CVS commit: [netbsd-7-0] src/sys/kern
Module Name:src Committed By: snj Date: Sat Aug 12 04:11:10 UTC 2017 Modified Files: src/sys/kern [netbsd-7-0]: vfs_getcwd.c Log Message: Pull up following revision(s) (requested by mrg in ticket #1478): sys/kern/vfs_getcwd.c: revision 1.52 Don't walk off the end of the dirent buffer. >From Ilja Van Sprundel. To generate a diff of this commit: cvs rdiff -u -r1.50 -r1.50.8.1 src/sys/kern/vfs_getcwd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/vfs_getcwd.c diff -u src/sys/kern/vfs_getcwd.c:1.50 src/sys/kern/vfs_getcwd.c:1.50.8.1 --- src/sys/kern/vfs_getcwd.c:1.50 Fri Feb 7 15:29:22 2014 +++ src/sys/kern/vfs_getcwd.c Sat Aug 12 04:11:10 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_getcwd.c,v 1.50 2014/02/07 15:29:22 hannken Exp $ */ +/* $NetBSD: vfs_getcwd.c,v 1.50.8.1 2017/08/12 04:11:10 snj Exp $ */ /*- * Copyright (c) 1999 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: vfs_getcwd.c,v 1.50 2014/02/07 15:29:22 hannken Exp $"); +__KERNEL_RCSID(0, "$NetBSD: vfs_getcwd.c,v 1.50.8.1 2017/08/12 04:11:10 snj Exp $"); #include #include @@ -211,7 +211,8 @@ unionread: reclen = dp->d_reclen; /* check for malformed directory.. */ -if (reclen < _DIRENT_MINSIZE(dp)) { +if (reclen < _DIRENT_MINSIZE(dp) || +reclen > len) { error = EINVAL; goto out; }
CVS commit: [netbsd-7-0] src/sys/kern
Module Name:src Committed By: snj Date: Wed Aug 9 06:31:33 UTC 2017 Modified Files: src/sys/kern [netbsd-7-0]: kern_malloc.c Log Message: Pull up following revision(s) (requested by martin in ticket #1461): sys/kern/kern_malloc.c: revision 1.146 Avoid integer overflow in kern_malloc(). Reported by Ilja Van Sprundel. To generate a diff of this commit: cvs rdiff -u -r1.143.2.1 -r1.143.2.1.2.1 src/sys/kern/kern_malloc.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_malloc.c diff -u src/sys/kern/kern_malloc.c:1.143.2.1 src/sys/kern/kern_malloc.c:1.143.2.1.2.1 --- src/sys/kern/kern_malloc.c:1.143.2.1 Wed Mar 25 16:54:37 2015 +++ src/sys/kern/kern_malloc.c Wed Aug 9 06:31:33 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_malloc.c,v 1.143.2.1 2015/03/25 16:54:37 snj Exp $ */ +/* $NetBSD: kern_malloc.c,v 1.143.2.1.2.1 2017/08/09 06:31:33 snj Exp $ */ /* * Copyright (c) 1987, 1991, 1993 @@ -70,7 +70,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_malloc.c,v 1.143.2.1 2015/03/25 16:54:37 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_malloc.c,v 1.143.2.1.2.1 2017/08/09 06:31:33 snj Exp $"); #include #include @@ -105,7 +105,10 @@ kern_malloc(unsigned long size, int flag void *p; if (size >= PAGE_SIZE) { - allocsize = PAGE_SIZE + size; /* for page alignment */ + if (size > (ULONG_MAX-PAGE_SIZE)) + allocsize = ULONG_MAX; /* this will fail later */ + else + allocsize = PAGE_SIZE + size; /* for page alignment */ hdroffset = PAGE_SIZE - sizeof(struct malloc_header); } else { allocsize = sizeof(struct malloc_header) + size;
CVS commit: [netbsd-7-0] src/sys/kern
Module Name:src Committed By: martin Date: Mon Jul 10 13:15:00 UTC 2017 Modified Files: src/sys/kern [netbsd-7-0]: vfs_lookup.c Log Message: Pull up following revision(s) (requested by dh in ticket #1451): sys/kern/vfs_lookup.c: revision 1.208 Fix vnode leak on error, introduced by the openat family changes in -r1.200. >From mjg@freebsd. To generate a diff of this commit: cvs rdiff -u -r1.201 -r1.201.8.1 src/sys/kern/vfs_lookup.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/vfs_lookup.c diff -u src/sys/kern/vfs_lookup.c:1.201 src/sys/kern/vfs_lookup.c:1.201.8.1 --- src/sys/kern/vfs_lookup.c:1.201 Fri Feb 7 15:29:22 2014 +++ src/sys/kern/vfs_lookup.c Mon Jul 10 13:15:00 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_lookup.c,v 1.201 2014/02/07 15:29:22 hannken Exp $ */ +/* $NetBSD: vfs_lookup.c,v 1.201.8.1 2017/07/10 13:15:00 martin Exp $ */ /* * Copyright (c) 1982, 1986, 1989, 1993 @@ -37,7 +37,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: vfs_lookup.c,v 1.201 2014/02/07 15:29:22 hannken Exp $"); +__KERNEL_RCSID(0, "$NetBSD: vfs_lookup.c,v 1.201.8.1 2017/07/10 13:15:00 martin Exp $"); #include "opt_magiclinks.h" @@ -678,8 +678,10 @@ namei_start(struct namei_state *state, i } /* NDAT may feed us with a non directory namei_getstartdir */ - if (startdir->v_type != VDIR) + if (startdir->v_type != VDIR) { + vrele(startdir); return ENOTDIR; + } vn_lock(startdir, LK_EXCLUSIVE | LK_RETRY);
CVS commit: [netbsd-7-0] src/sys/kern
Module Name:src Committed By: snj Date: Sat Jun 3 16:56:32 UTC 2017 Modified Files: src/sys/kern [netbsd-7-0]: kern_descrip.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1425): sys/kern/kern_descrip.c: revision 1.230 Explicitly set the flags instead of masking set values in. This fixes FNONBLOCK weirdness seen in audio.c OK christos@ and martin@. To generate a diff of this commit: cvs rdiff -u -r1.225.2.1 -r1.225.2.1.2.1 src/sys/kern/kern_descrip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_descrip.c diff -u src/sys/kern/kern_descrip.c:1.225.2.1 src/sys/kern/kern_descrip.c:1.225.2.1.2.1 --- src/sys/kern/kern_descrip.c:1.225.2.1 Tue Aug 4 17:24:59 2015 +++ src/sys/kern/kern_descrip.c Sat Jun 3 16:56:32 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_descrip.c,v 1.225.2.1 2015/08/04 17:24:59 snj Exp $ */ +/* $NetBSD: kern_descrip.c,v 1.225.2.1.2.1 2017/06/03 16:56:32 snj Exp $ */ /*- * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. @@ -70,7 +70,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_descrip.c,v 1.225.2.1 2015/08/04 17:24:59 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_descrip.c,v 1.225.2.1.2.1 2017/06/03 16:56:32 snj Exp $"); #include #include @@ -1864,7 +1864,7 @@ fd_clone(file_t *fp, unsigned fd, int fl fdfile_t *ff; filedesc_t *fdp; - fp->f_flag |= flag & FMASK; + fp->f_flag = flag & FMASK; fdp = curproc->p_fd; ff = fdp->fd_dt->dt_ff[fd]; KASSERT(ff != NULL);
CVS commit: [netbsd-7-0] src/sys/kern
Module Name:src Committed By: snj Date: Mon Dec 12 07:30:20 UTC 2016 Modified Files: src/sys/kern [netbsd-7-0]: subr_xcall.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1306): sys/kern/subr_xcall.c: revision 1.19 Fix a race condition of low priority xcall xc_lowpri and xc_thread are racy and xc_wait may return during/before executing all xcall callbacks, resulting in a kernel panic at worst. xc_lowpri serializes multiple jobs by a mutex and a cv. If all xcall callbacks are done, xc_wait returns and also xc_lowpri accepts a next job. The problem is that a counter that counts the number of finished xcall callbacks is incremented *before* actually executing a xcall callback (see xc_tailp++ in xc_thread). So xc_lowpri accepts a next job before all xcall callbacks complete and a next job begins to run its xcall callbacks. Even worse the counter is global and shared between jobs, so if a xcall callback of the next job completes, the shared counter is incremented, which confuses wc_wait of the previous job as all xcall callbacks of the previous job are done and wc_wait of the previous job returns during/before executing its xcall callbacks. How to fix: there are actually two counters that count the number of finished xcall callbacks for low priority xcall for historical reasons (I guess): xc_tailp and xc_low_pri.xc_donep. xc_low_pri.xc_donep is incremented correctly while xc_tailp is incremented wrongly, i.e., before executing a xcall callback. We can fix the issue by dropping xc_tailp and using only xc_low_pri.xc_donep. PR kern/51632 To generate a diff of this commit: cvs rdiff -u -r1.18 -r1.18.8.1 src/sys/kern/subr_xcall.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/subr_xcall.c diff -u src/sys/kern/subr_xcall.c:1.18 src/sys/kern/subr_xcall.c:1.18.8.1 --- src/sys/kern/subr_xcall.c:1.18 Tue Nov 26 21:13:05 2013 +++ src/sys/kern/subr_xcall.c Mon Dec 12 07:30:20 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: subr_xcall.c,v 1.18 2013/11/26 21:13:05 rmind Exp $ */ +/* $NetBSD: subr_xcall.c,v 1.18.8.1 2016/12/12 07:30:20 snj Exp $ */ /*- * Copyright (c) 2007-2010 The NetBSD Foundation, Inc. @@ -74,7 +74,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: subr_xcall.c,v 1.18 2013/11/26 21:13:05 rmind Exp $"); +__KERNEL_RCSID(0, "$NetBSD: subr_xcall.c,v 1.18.8.1 2016/12/12 07:30:20 snj Exp $"); #include #include @@ -105,7 +105,6 @@ typedef struct { /* Low priority xcall structures. */ static xc_state_t xc_low_pri __cacheline_aligned; -static uint64_t xc_tailp __cacheline_aligned; /* High priority xcall structures. */ static xc_state_t xc_high_pri __cacheline_aligned; @@ -134,7 +133,6 @@ xc_init(void) memset(xclo, 0, sizeof(xc_state_t)); mutex_init(>xc_lock, MUTEX_DEFAULT, IPL_NONE); cv_init(>xc_busy, "xclocv"); - xc_tailp = 0; memset(xchi, 0, sizeof(xc_state_t)); mutex_init(>xc_lock, MUTEX_DEFAULT, IPL_SOFTSERIAL); @@ -256,7 +254,7 @@ xc_lowpri(xcfunc_t func, void *arg1, voi uint64_t where; mutex_enter(>xc_lock); - while (xc->xc_headp != xc_tailp) { + while (xc->xc_headp != xc->xc_donep) { cv_wait(>xc_busy, >xc_lock); } xc->xc_arg1 = arg1; @@ -277,7 +275,7 @@ xc_lowpri(xcfunc_t func, void *arg1, voi ci->ci_data.cpu_xcall_pending = true; cv_signal(>ci_data.cpu_xcall); } - KASSERT(xc_tailp < xc->xc_headp); + KASSERT(xc->xc_donep < xc->xc_headp); where = xc->xc_headp; mutex_exit(>xc_lock); @@ -302,7 +300,7 @@ xc_thread(void *cookie) mutex_enter(>xc_lock); for (;;) { while (!ci->ci_data.cpu_xcall_pending) { - if (xc->xc_headp == xc_tailp) { + if (xc->xc_headp == xc->xc_donep) { cv_broadcast(>xc_busy); } cv_wait(>ci_data.cpu_xcall, >xc_lock); @@ -312,7 +310,6 @@ xc_thread(void *cookie) func = xc->xc_func; arg1 = xc->xc_arg1; arg2 = xc->xc_arg2; - xc_tailp++; mutex_exit(>xc_lock); KASSERT(func != NULL);
CVS commit: [netbsd-7-0] src/sys/kern
Module Name:src Committed By: snj Date: Tue Nov 1 20:09:11 UTC 2016 Modified Files: src/sys/kern [netbsd-7-0]: uipc_usrreq.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1268): sys/kern/uipc_usrreq.c: revision 1.181 Memory leak, found by Mootja. It is easily triggerable from userland. To generate a diff of this commit: cvs rdiff -u -r1.169.2.3 -r1.169.2.3.2.1 src/sys/kern/uipc_usrreq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/uipc_usrreq.c diff -u src/sys/kern/uipc_usrreq.c:1.169.2.3 src/sys/kern/uipc_usrreq.c:1.169.2.3.2.1 --- src/sys/kern/uipc_usrreq.c:1.169.2.3 Tue Apr 14 04:44:41 2015 +++ src/sys/kern/uipc_usrreq.c Tue Nov 1 20:09:11 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_usrreq.c,v 1.169.2.3 2015/04/14 04:44:41 snj Exp $ */ +/* $NetBSD: uipc_usrreq.c,v 1.169.2.3.2.1 2016/11/01 20:09:11 snj Exp $ */ /*- * Copyright (c) 1998, 2000, 2004, 2008, 2009 The NetBSD Foundation, Inc. @@ -96,7 +96,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: uipc_usrreq.c,v 1.169.2.3 2015/04/14 04:44:41 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: uipc_usrreq.c,v 1.169.2.3.2.1 2016/11/01 20:09:11 snj Exp $"); #include #include @@ -1173,11 +1173,11 @@ unp_connect(struct socket *so, struct mb goto bad2; } vp = nd.ni_vp; + pathbuf_destroy(pb); if (vp->v_type != VSOCK) { error = ENOTSOCK; goto bad; } - pathbuf_destroy(pb); if ((error = VOP_ACCESS(vp, VWRITE, l->l_cred)) != 0) goto bad; /* Acquire v_interlock to protect against unp_detach(). */
CVS commit: [netbsd-7-0] src/sys/kern
Module Name:src Committed By: martin Date: Thu Mar 3 15:41:35 UTC 2016 Modified Files: src/sys/kern [netbsd-7-0]: kern_time.c Log Message: Pull up following revision(s) (requested by uwe in ticket #1128): sys/kern/kern_time.c: revision 1.184 Don't leak garabage from the kernel stack on sleep(0) and equivalents. Hat tip to perl's ext/POSIX/t/wrappers.t To generate a diff of this commit: cvs rdiff -u -r1.179 -r1.179.12.1 src/sys/kern/kern_time.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_time.c diff -u src/sys/kern/kern_time.c:1.179 src/sys/kern/kern_time.c:1.179.12.1 --- src/sys/kern/kern_time.c:1.179 Wed May 22 16:00:52 2013 +++ src/sys/kern/kern_time.c Thu Mar 3 15:41:35 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_time.c,v 1.179 2013/05/22 16:00:52 christos Exp $ */ +/* $NetBSD: kern_time.c,v 1.179.12.1 2016/03/03 15:41:35 martin Exp $ */ /*- * Copyright (c) 2000, 2004, 2005, 2007, 2008, 2009 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_time.c,v 1.179 2013/05/22 16:00:52 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_time.c,v 1.179.12.1 2016/03/03 15:41:35 martin Exp $"); #include #include @@ -328,8 +328,14 @@ nanosleep1(struct lwp *l, clockid_t cloc struct timespec rmtstart; int error, timo; - if ((error = ts2timo(clock_id, flags, rqt, , )) != 0) - return error == ETIMEDOUT ? 0 : error; + if ((error = ts2timo(clock_id, flags, rqt, , )) != 0) { + if (error == ETIMEDOUT) { + error = 0; + if (rmt != NULL) +rmt->tv_sec = rmt->tv_nsec = 0; + } + return error; + } /* * Avoid inadvertently sleeping forever
CVS commit: [netbsd-7-0] src/sys/kern
Module Name:src Committed By: martin Date: Thu Mar 3 14:46:07 UTC 2016 Modified Files: src/sys/kern [netbsd-7-0]: kern_ksyms.c kern_module.c Log Message: Pull up following revision(s) (requested by pgoyette in ticket #1108): sys/kern/kern_module.c: revision 1.107-1.110 sys/kern/kern_ksyms.c: revision 1.82 Add some additional status messages for kern.module.verbose=TRUE Remove extraneous ')' from previous. KNF In module_do_load(), consolidate checking for a pre-existing module, and return a single error value EEXIST. When making a recursive call (to load required modules), treat a pre-existing module as success. Without this change, when a module was loaded by specific request (as opposed to being loaded as a requirement of some other module), we would always load the module from the file-system, and then after making various sanity/compatability checks we would destroy the new copy if there was a pre-existing copy. Fixes PR kern/40764 XXX Note that if the module exists, we bypass all of the various XXX "compatability" checks, including whether or not the existing XXX module is of any particular class! (In the previous code, we XXX checked to see if the newly-loaded copy had the correct class, XXX but not the pre-existing copy, which could have been loaded XXX from a different path/filename.) To generate a diff of this commit: cvs rdiff -u -r1.72 -r1.72.4.1 src/sys/kern/kern_ksyms.c cvs rdiff -u -r1.97.2.1 -r1.97.2.1.2.1 src/sys/kern/kern_module.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_ksyms.c diff -u src/sys/kern/kern_ksyms.c:1.72 src/sys/kern/kern_ksyms.c:1.72.4.1 --- src/sys/kern/kern_ksyms.c:1.72 Fri Jul 25 08:10:40 2014 +++ src/sys/kern/kern_ksyms.c Thu Mar 3 14:46:07 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_ksyms.c,v 1.72 2014/07/25 08:10:40 dholland Exp $ */ +/* $NetBSD: kern_ksyms.c,v 1.72.4.1 2016/03/03 14:46:07 martin Exp $ */ /*- * Copyright (c) 2008 The NetBSD Foundation, Inc. @@ -71,7 +71,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_ksyms.c,v 1.72 2014/07/25 08:10:40 dholland Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_ksyms.c,v 1.72.4.1 2016/03/03 14:46:07 martin Exp $"); #if defined(_KERNEL) && defined(_KERNEL_OPT) #include "opt_ddb.h" @@ -324,7 +324,7 @@ addsymtab(const char *name, void *symsta nglob = 0; for (i = n = 0; i < nsyms; i++) { - /* This breaks CTF mapping, so don't do it when + /* This breaks CTF mapping, so don't do it when * DTrace is enabled */ #ifndef KDTRACE_HOOKS @@ -389,7 +389,7 @@ addsymtab(const char *name, void *symsta panic("addsymtab"); #ifdef KDTRACE_HOOKS - /* + /* * Build the mapping from original symbol id to new symbol table. * Deleted symbols will have a zero map, indices will be one based * instead of zero based. @@ -481,7 +481,7 @@ ksyms_addsyms_elf(int symsize, void *sta shdr[ehdr->e_shstrndx].sh_offset; for (i = 1; i < ehdr->e_shnum; i++) { #ifdef DEBUG - printf("ksyms: checking %s\n", [shdr[i].sh_name]); + printf("ksyms: checking %s\n", [shdr[i].sh_name]); #endif if (shdr[i].sh_type != SHT_PROGBITS) continue; @@ -499,7 +499,7 @@ ksyms_addsyms_elf(int symsize, void *sta } #ifdef DEBUG } else { - printf("ksyms: e_shstrndx == 0\n"); + printf("ksyms: e_shstrndx == 0\n"); #endif } #endif @@ -527,9 +527,8 @@ ksyms_addsyms_elf(int symsize, void *sta */ void ksyms_addsyms_explicit(void *ehdr, void *symstart, size_t symsize, - void *strstart, size_t strsize) +void *strstart, size_t strsize) { - if (!ksyms_verify(symstart, strstart)) return; @@ -549,7 +548,7 @@ ksyms_addsyms_explicit(void *ehdr, void */ int ksyms_getval_unlocked(const char *mod, const char *sym, unsigned long *val, - int type) +int type) { struct ksyms_symtab *st; Elf_Sym *es; @@ -717,7 +716,7 @@ ksyms_getname(const char **mod, const ch */ void ksyms_modload(const char *name, void *symstart, vsize_t symsize, - char *strstart, vsize_t strsize) +char *strstart, vsize_t strsize) { struct ksyms_symtab *st; @@ -827,20 +826,20 @@ ksyms_sift(char *mod, char *sym, int mod static void ksyms_sizes_calc(void) { -struct ksyms_symtab *st; + struct ksyms_symtab *st; int i, delta; -ksyms_symsz = ksyms_strsz = 0; -TAILQ_FOREACH(st, _symtabs, sd_queue) { + ksyms_symsz = ksyms_strsz = 0; + TAILQ_FOREACH(st, _symtabs, sd_queue) { delta = ksyms_strsz - st->sd_usroffset; if (delta != 0) { for (i = 0; i < st->sd_symsize/sizeof(Elf_Sym); i++) st->sd_symstart[i].st_name += delta; st->sd_usroffset = ksyms_strsz; } -ksyms_symsz += st->sd_symsize; -ksyms_strsz += st->sd_strsize; -} + ksyms_symsz += st->sd_symsize; + ksyms_strsz += st->sd_strsize; + } } static void @@ -922,7 +921,6 @@ ksyms_hdr_init(void
CVS commit: [netbsd-7-0] src/sys/kern
Module Name:src Committed By: snj Date: Tue Jan 26 23:44:11 UTC 2016 Modified Files: src/sys/kern [netbsd-7-0]: vfs_vnode.c Log Message: Pull up following revision(s) (requested by hannken in ticket #1070): sys/kern/vfs_vnode.c: revision 1.46 via patch Take the vnode lock before the vnode is marked VI_CHANGING and fed to vclean(). Prevents a deadlock with two null mounts on the same physical mount where one thread tries to vclean() a layer node and another thread tries to vget() a layer node pointing to the same physical node. Fixes PR kern/50375 layerfs (nullfs) locking problem leading to livelock To generate a diff of this commit: cvs rdiff -u -r1.37.2.1 -r1.37.2.1.2.1 src/sys/kern/vfs_vnode.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/vfs_vnode.c diff -u src/sys/kern/vfs_vnode.c:1.37.2.1 src/sys/kern/vfs_vnode.c:1.37.2.1.2.1 --- src/sys/kern/vfs_vnode.c:1.37.2.1 Sun Oct 19 10:02:59 2014 +++ src/sys/kern/vfs_vnode.c Tue Jan 26 23:44:11 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_vnode.c,v 1.37.2.1 2014/10/19 10:02:59 martin Exp $ */ +/* $NetBSD: vfs_vnode.c,v 1.37.2.1.2.1 2016/01/26 23:44:11 snj Exp $ */ /*- * Copyright (c) 1997-2011 The NetBSD Foundation, Inc. @@ -116,7 +116,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: vfs_vnode.c,v 1.37.2.1 2014/10/19 10:02:59 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: vfs_vnode.c,v 1.37.2.1.2.1 2016/01/26 23:44:11 snj Exp $"); #define _VFS_VNODE_PRIVATE @@ -328,15 +328,17 @@ try_nextlist: KASSERT((vp->v_iflag & VI_CLEAN) == 0); KASSERT(vp->v_freelisthd == listhd); - if (!mutex_tryenter(vp->v_interlock)) + if (vn_lock(vp, LK_EXCLUSIVE | LK_NOWAIT) != 0) continue; - if ((vp->v_iflag & VI_XLOCK) != 0) { - mutex_exit(vp->v_interlock); + if (!mutex_tryenter(vp->v_interlock)) { + VOP_UNLOCK(vp); continue; } + KASSERT((vp->v_iflag & VI_XLOCK) == 0); mp = vp->v_mount; if (fstrans_start_nowait(mp, FSTRANS_SHARED) != 0) { mutex_exit(vp->v_interlock); + VOP_UNLOCK(vp); continue; } break; @@ -735,6 +737,11 @@ vrelel(vnode_t *vp, int flags) * Note that VOP_INACTIVE() will drop the vnode lock. */ VOP_INACTIVE(vp, ); + if (recycle) { + /* vclean() below will drop the lock. */ + if (vn_lock(vp, LK_EXCLUSIVE) != 0) +recycle = false; + } mutex_enter(vp->v_interlock); if (!recycle) { if (vtryrele(vp)) { @@ -959,6 +966,7 @@ holdrelel(vnode_t *vp) /* * Disassociate the underlying file system from a vnode. * + * Must be called with vnode locked and will return unlocked. * Must be called with the interlock held, and will return with it held. */ static void @@ -968,28 +976,21 @@ vclean(vnode_t *vp) bool recycle, active, doclose; int error; + KASSERT((vp->v_vflag & VV_LOCKSWORK) == 0 || + VOP_ISLOCKED(vp) == LK_EXCLUSIVE); KASSERT(mutex_owned(vp->v_interlock)); KASSERT((vp->v_iflag & VI_MARKER) == 0); + KASSERT((vp->v_iflag & (VI_XLOCK | VI_CLEAN)) == 0); KASSERT(vp->v_usecount != 0); - /* If already clean, nothing to do. */ - if ((vp->v_iflag & VI_CLEAN) != 0) { - return; - } - active = (vp->v_usecount > 1); doclose = ! (active && vp->v_type == VBLK && spec_node_getmountedfs(vp) != NULL); - mutex_exit(vp->v_interlock); - - vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); /* * Prevent the vnode from being recycled or brought into use * while we clean it out. */ - mutex_enter(vp->v_interlock); - KASSERT((vp->v_iflag & (VI_XLOCK | VI_CLEAN)) == 0); vp->v_iflag |= VI_XLOCK; if (vp->v_iflag & VI_EXECMAP) { atomic_add_int(, -vp->v_uobj.uo_npages); @@ -1073,23 +1074,26 @@ bool vrecycle(vnode_t *vp) { + if (vn_lock(vp, LK_EXCLUSIVE) != 0) + return false; + mutex_enter(vp->v_interlock); KASSERT((vp->v_iflag & VI_MARKER) == 0); if (vp->v_usecount != 1) { mutex_exit(vp->v_interlock); + VOP_UNLOCK(vp); return false; } if ((vp->v_iflag & VI_CHANGING) != 0) vwait(vp, VI_CHANGING); if (vp->v_usecount != 1) { mutex_exit(vp->v_interlock); + VOP_UNLOCK(vp); return false; - } else if ((vp->v_iflag & VI_CLEAN) != 0) { - mutex_exit(vp->v_interlock); - return true; } + KASSERT((vp->v_iflag & VI_CLEAN) == 0); vp->v_iflag |= VI_CHANGING; vclean(vp); vrelel(vp, VRELEL_CHANGING_SET); @@ -1137,6 +1141,11 @@ void vgone(vnode_t *vp) { + if (vn_lock(vp, LK_EXCLUSIVE) != 0) { + KASSERT((vp->v_iflag & VI_CLEAN) != 0); + vrele(vp); + } + mutex_enter(vp->v_interlock); if ((vp->v_iflag & VI_CHANGING) != 0) vwait(vp, VI_CHANGING);
CVS commit: [netbsd-7-0] src/sys/kern
Module Name:src Committed By: riz Date: Tue Jan 26 04:50:37 UTC 2016 Modified Files: src/sys/kern [netbsd-7-0]: kern_softint.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #1067): sys/kern/kern_softint.c: revision 1.42 fix the following softint parallel operation problem. (0) softint handler "handler A" is established (1) CPU#X does softint_schedule() for "handler A" - the softhand_t is set SOFTINT_PENDING flag - the softhand_t is NOT set SOFTINT_ACTIVE flag yet (2) CPU#X begins other H/W interrupt processing (3) CPU#Y does softint_disestablish() for "handler A" - waits until softhand_t's SOFTINT_ACTIVE of all CPUs is clear - the softhand_t is set not SOFTINT_ACTIVE but SOFTINT_PENDING, so CPU#Y does not wait - unset the function of "handler A" (4) CPU#X does softint_execute() - the function of "handler A" is already clear, so panic To generate a diff of this commit: cvs rdiff -u -r1.41 -r1.41.6.1 src/sys/kern/kern_softint.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_softint.c diff -u src/sys/kern/kern_softint.c:1.41 src/sys/kern/kern_softint.c:1.41.6.1 --- src/sys/kern/kern_softint.c:1.41 Sun May 25 15:42:01 2014 +++ src/sys/kern/kern_softint.c Tue Jan 26 04:50:37 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_softint.c,v 1.41 2014/05/25 15:42:01 rmind Exp $ */ +/* $NetBSD: kern_softint.c,v 1.41.6.1 2016/01/26 04:50:37 riz Exp $ */ /*- * Copyright (c) 2007, 2008 The NetBSD Foundation, Inc. @@ -170,7 +170,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_softint.c,v 1.41 2014/05/25 15:42:01 rmind Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_softint.c,v 1.41.6.1 2016/01/26 04:50:37 riz Exp $"); #include #include @@ -442,8 +442,8 @@ softint_disestablish(void *arg) KASSERT(sh->sh_func != NULL); flags |= sh->sh_flags; } - /* Inactive on all CPUs? */ - if ((flags & SOFTINT_ACTIVE) == 0) { + /* Neither pending nor active on all CPUs? */ + if ((flags & (SOFTINT_PENDING | SOFTINT_ACTIVE)) == 0) { break; } /* Oops, still active. Wait for it to clear. */
CVS commit: [netbsd-7-0] src/sys/kern
Module Name:src Committed By: snj Date: Thu Nov 5 09:30:20 UTC 2015 Modified Files: src/sys/kern [netbsd-7-0]: kern_exit.c Log Message: Pull up following revision(s) (requested by pgoyette in ticket #999): sys/kern/kern_exit.c: revision 1.248 Update value of p_stat before we release the proc_lock. Thanks to Robert Elz. To generate a diff of this commit: cvs rdiff -u -r1.244.6.1 -r1.244.6.2 src/sys/kern/kern_exit.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_exit.c diff -u src/sys/kern/kern_exit.c:1.244.6.1 src/sys/kern/kern_exit.c:1.244.6.2 --- src/sys/kern/kern_exit.c:1.244.6.1 Thu Nov 5 09:05:18 2015 +++ src/sys/kern/kern_exit.c Thu Nov 5 09:30:20 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_exit.c,v 1.244.6.1 2015/11/05 09:05:18 snj Exp $ */ +/* $NetBSD: kern_exit.c,v 1.244.6.2 2015/11/05 09:30:20 snj Exp $ */ /*- * Copyright (c) 1998, 1999, 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -67,7 +67,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_exit.c,v 1.244.6.1 2015/11/05 09:05:18 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_exit.c,v 1.244.6.2 2015/11/05 09:30:20 snj Exp $"); #include "opt_ktrace.h" #include "opt_perfctrs.h" @@ -235,8 +235,8 @@ exit1(struct lwp *l, int rv) } p->p_waited = 0; p->p_pptr->p_nstopchild++; - mutex_exit(proc_lock); p->p_stat = SSTOP; + mutex_exit(proc_lock); lwp_lock(l); p->p_nrlwps--; l->l_stat = LSSTOP;
CVS commit: [netbsd-7-0] src/sys/kern
Module Name:src Committed By: snj Date: Thu Nov 5 09:21:50 UTC 2015 Modified Files: src/sys/kern [netbsd-7-0]: kern_sig.c Log Message: Pull up following revision(s) (requested by pgoyette in ticket #997): sys/kern/kern_sig.c: revision 1.321 When delivering a signal, it's possible that the process's state in p_stat is SACTIVE yet p_sflag is PS_STOPPING (while waiting for other lwp's to stop). In that case, we don't want to adjust the parent's p_nstopchild count. Found by Robert Elz. To generate a diff of this commit: cvs rdiff -u -r1.319 -r1.319.8.1 src/sys/kern/kern_sig.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_sig.c diff -u src/sys/kern/kern_sig.c:1.319 src/sys/kern/kern_sig.c:1.319.8.1 --- src/sys/kern/kern_sig.c:1.319 Fri Nov 22 21:04:11 2013 +++ src/sys/kern/kern_sig.c Thu Nov 5 09:21:50 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_sig.c,v 1.319 2013/11/22 21:04:11 christos Exp $ */ +/* $NetBSD: kern_sig.c,v 1.319.8.1 2015/11/05 09:21:50 snj Exp $ */ /*- * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -70,7 +70,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_sig.c,v 1.319 2013/11/22 21:04:11 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_sig.c,v 1.319.8.1 2015/11/05 09:21:50 snj Exp $"); #include "opt_ptrace.h" #include "opt_compat_sunos.h" @@ -1364,14 +1364,13 @@ kpsignal2(struct proc *p, ksiginfo_t *ks } if ((prop & SA_CONT) != 0 || signo == SIGKILL) { /* - * Re-adjust p_nstopchild if the process wasn't - * collected by its parent. + * Re-adjust p_nstopchild if the process was + * stopped but not yet collected by its parent. */ + if (p->p_stat == SSTOP && !p->p_waited) +p->p_pptr->p_nstopchild--; p->p_stat = SACTIVE; p->p_sflag &= ~PS_STOPPING; - if (!p->p_waited) { -p->p_pptr->p_nstopchild--; - } if (p->p_slflag & PSL_TRACED) { KASSERT(signo == SIGKILL); goto deliver;