CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: martin Date: Thu May 3 15:00:38 UTC 2018 Modified Files: src/sys/kern [netbsd-6]: uipc_mbuf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1547): sys/kern/uipc_mbuf.c: revision 1.211 (via patch) Modify m_defrag, so that it never frees the first mbuf of the chain. While here use the given 'flags' argument, and not M_DONTWAIT. We have a problem with several drivers: they poll an mbuf chain from their queues and call m_defrag on them, but m_defrag could update the mbuf pointer, so the mbuf in the queue is no longer valid. It is not easy to fix each driver, because doing pop+push will reorder the queue, and we don't really want that to happen. This problem was independently spotted by me, Kengo, Masanobu, and other people too it seems (perhaps PR/53218). Now m_defrag leaves the first mbuf in place, and compresses the chain only starting from the second mbuf in the chain. It is important not to compress the first mbuf with hacks, because the storage of this first mbuf may be shared with other mbufs. To generate a diff of this commit: cvs rdiff -u -r1.145.2.1 -r1.145.2.2 src/sys/kern/uipc_mbuf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/uipc_mbuf.c diff -u src/sys/kern/uipc_mbuf.c:1.145.2.1 src/sys/kern/uipc_mbuf.c:1.145.2.2 --- src/sys/kern/uipc_mbuf.c:1.145.2.1 Fri Feb 8 19:18:12 2013 +++ src/sys/kern/uipc_mbuf.c Thu May 3 15:00:37 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_mbuf.c,v 1.145.2.1 2013/02/08 19:18:12 riz Exp $ */ +/* $NetBSD: uipc_mbuf.c,v 1.145.2.2 2018/05/03 15:00:37 martin Exp $ */ /*- * Copyright (c) 1999, 2001 The NetBSD Foundation, Inc. @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: uipc_mbuf.c,v 1.145.2.1 2013/02/08 19:18:12 riz Exp $"); +__KERNEL_RCSID(0, "$NetBSD: uipc_mbuf.c,v 1.145.2.2 2018/05/03 15:00:37 martin Exp $"); #include "opt_mbuftrace.h" #include "opt_nmbclusters.h" @@ -1266,30 +1266,35 @@ m_makewritable(struct mbuf **mp, int off } /* - * Copy the mbuf chain to a new mbuf chain that is as short as possible. - * Return the new mbuf chain on success, NULL on failure. On success, - * free the old mbuf chain. + * Compress the mbuf chain. Return the new mbuf chain on success, NULL on + * failure. The first mbuf is preserved, and on success the pointer returned + * is the same as the one passed. */ struct mbuf * m_defrag(struct mbuf *mold, int flags) { struct mbuf *m0, *mn, *n; - size_t sz = mold->m_pkthdr.len; + int sz; #ifdef DIAGNOSTIC if ((mold->m_flags & M_PKTHDR) == 0) panic("m_defrag: not a mbuf chain header"); #endif - MGETHDR(m0, flags, MT_DATA); + if (mold->m_next == NULL) + return mold; + + m0 = m_get(flags, MT_DATA); if (m0 == NULL) return NULL; - M_COPY_PKTHDR(m0, mold); mn = m0; + sz = mold->m_pkthdr.len - mold->m_len; + KASSERT(sz >= 0); + do { - if (sz > MHLEN) { - MCLGET(mn, M_DONTWAIT); + if (sz > MLEN) { + MCLGET(mn, flags); if ((mn->m_flags & M_EXT) == 0) { m_freem(m0); return NULL; @@ -1305,7 +1310,7 @@ m_defrag(struct mbuf *mold, int flags) if (sz > 0) { /* need more mbufs */ - MGET(n, M_NOWAIT, MT_DATA); + n = m_get(flags, MT_DATA); if (n == NULL) { m_freem(m0); return NULL; @@ -1316,9 +1321,10 @@ m_defrag(struct mbuf *mold, int flags) } } while (sz > 0); - m_freem(mold); + m_freem(mold->m_next); + mold->m_next = m0; - return m0; + return mold; } int
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: martin Date: Thu May 3 15:00:38 UTC 2018 Modified Files: src/sys/kern [netbsd-6]: uipc_mbuf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1547): sys/kern/uipc_mbuf.c: revision 1.211 (via patch) Modify m_defrag, so that it never frees the first mbuf of the chain. While here use the given 'flags' argument, and not M_DONTWAIT. We have a problem with several drivers: they poll an mbuf chain from their queues and call m_defrag on them, but m_defrag could update the mbuf pointer, so the mbuf in the queue is no longer valid. It is not easy to fix each driver, because doing pop+push will reorder the queue, and we don't really want that to happen. This problem was independently spotted by me, Kengo, Masanobu, and other people too it seems (perhaps PR/53218). Now m_defrag leaves the first mbuf in place, and compresses the chain only starting from the second mbuf in the chain. It is important not to compress the first mbuf with hacks, because the storage of this first mbuf may be shared with other mbufs. To generate a diff of this commit: cvs rdiff -u -r1.145.2.1 -r1.145.2.2 src/sys/kern/uipc_mbuf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: snj Date: Sat Aug 19 04:24:24 UTC 2017 Modified Files: src/sys/kern [netbsd-6]: kern_ktrace.c Log Message: Pull up following revision(s) (requested by mrg in ticket #1484): sys/kern/kern_ktrace.c: revision 1.171 via patch Clamp the length we use, not the length we don't. Avoids uninitialized memory disclosure to userland. >From Ilja Van Sprundel. To generate a diff of this commit: cvs rdiff -u -r1.160.2.1 -r1.160.2.2 src/sys/kern/kern_ktrace.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: snj Date: Sat Aug 19 04:24:24 UTC 2017 Modified Files: src/sys/kern [netbsd-6]: kern_ktrace.c Log Message: Pull up following revision(s) (requested by mrg in ticket #1484): sys/kern/kern_ktrace.c: revision 1.171 via patch Clamp the length we use, not the length we don't. Avoids uninitialized memory disclosure to userland. >From Ilja Van Sprundel. To generate a diff of this commit: cvs rdiff -u -r1.160.2.1 -r1.160.2.2 src/sys/kern/kern_ktrace.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_ktrace.c diff -u src/sys/kern/kern_ktrace.c:1.160.2.1 src/sys/kern/kern_ktrace.c:1.160.2.2 --- src/sys/kern/kern_ktrace.c:1.160.2.1 Sun Dec 7 15:09:31 2014 +++ src/sys/kern/kern_ktrace.c Sat Aug 19 04:24:23 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_ktrace.c,v 1.160.2.1 2014/12/07 15:09:31 martin Exp $ */ +/* $NetBSD: kern_ktrace.c,v 1.160.2.2 2017/08/19 04:24:23 snj Exp $ */ /*- * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.160.2.1 2014/12/07 15:09:31 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.160.2.2 2017/08/19 04:24:23 snj Exp $"); #include #include @@ -952,7 +952,7 @@ ktruser(const char *id, void *addr, size user_dta = (void *)(ktp + 1); if ((error = copyin(addr, (void *)user_dta, len)) != 0) - len = 0; + kte->kte_kth.ktr_len = 0; ktraddentry(l, kte, KTA_WAITOK); return error;
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: snj Date: Sat Aug 19 04:17:11 UTC 2017 Modified Files: src/sys/kern [netbsd-6]: vfs_getcwd.c Log Message: Pull up following revision(s) (requested by mrg in ticket #1482): sys/kern/vfs_getcwd.c: revision 1.52 Don't walk off the end of the dirent buffer. >From Ilja Van Sprundel. To generate a diff of this commit: cvs rdiff -u -r1.47 -r1.47.14.1 src/sys/kern/vfs_getcwd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/vfs_getcwd.c diff -u src/sys/kern/vfs_getcwd.c:1.47 src/sys/kern/vfs_getcwd.c:1.47.14.1 --- src/sys/kern/vfs_getcwd.c:1.47 Tue Nov 30 10:30:02 2010 +++ src/sys/kern/vfs_getcwd.c Sat Aug 19 04:17:11 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_getcwd.c,v 1.47 2010/11/30 10:30:02 dholland Exp $ */ +/* $NetBSD: vfs_getcwd.c,v 1.47.14.1 2017/08/19 04:17:11 snj Exp $ */ /*- * Copyright (c) 1999 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: vfs_getcwd.c,v 1.47 2010/11/30 10:30:02 dholland Exp $"); +__KERNEL_RCSID(0, "$NetBSD: vfs_getcwd.c,v 1.47.14.1 2017/08/19 04:17:11 snj Exp $"); #include #include @@ -207,7 +207,8 @@ unionread: reclen = dp->d_reclen; /* check for malformed directory.. */ -if (reclen < _DIRENT_MINSIZE(dp)) { +if (reclen < _DIRENT_MINSIZE(dp) || +reclen > len) { error = EINVAL; goto out; }
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: snj Date: Sat Aug 19 04:17:11 UTC 2017 Modified Files: src/sys/kern [netbsd-6]: vfs_getcwd.c Log Message: Pull up following revision(s) (requested by mrg in ticket #1482): sys/kern/vfs_getcwd.c: revision 1.52 Don't walk off the end of the dirent buffer. >From Ilja Van Sprundel. To generate a diff of this commit: cvs rdiff -u -r1.47 -r1.47.14.1 src/sys/kern/vfs_getcwd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: snj Date: Fri Aug 18 14:53:10 UTC 2017 Modified Files: src/sys/kern [netbsd-6]: kern_malloc.c Log Message: Pull up following revision(s) (requested by martin in ticket #1465): sys/kern/kern_malloc.c: revision 1.146 Avoid integer overflow in kern_malloc(). Reported by Ilja Van Sprundel. To generate a diff of this commit: cvs rdiff -u -r1.138 -r1.138.2.1 src/sys/kern/kern_malloc.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: snj Date: Fri Aug 18 14:53:10 UTC 2017 Modified Files: src/sys/kern [netbsd-6]: kern_malloc.c Log Message: Pull up following revision(s) (requested by martin in ticket #1465): sys/kern/kern_malloc.c: revision 1.146 Avoid integer overflow in kern_malloc(). Reported by Ilja Van Sprundel. To generate a diff of this commit: cvs rdiff -u -r1.138 -r1.138.2.1 src/sys/kern/kern_malloc.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_malloc.c diff -u src/sys/kern/kern_malloc.c:1.138 src/sys/kern/kern_malloc.c:1.138.2.1 --- src/sys/kern/kern_malloc.c:1.138 Mon Feb 6 12:13:44 2012 +++ src/sys/kern/kern_malloc.c Fri Aug 18 14:53:10 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_malloc.c,v 1.138 2012/02/06 12:13:44 drochner Exp $ */ +/* $NetBSD: kern_malloc.c,v 1.138.2.1 2017/08/18 14:53:10 snj Exp $ */ /* * Copyright (c) 1987, 1991, 1993 @@ -66,7 +66,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_malloc.c,v 1.138 2012/02/06 12:13:44 drochner Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_malloc.c,v 1.138.2.1 2017/08/18 14:53:10 snj Exp $"); #include #include @@ -113,7 +113,10 @@ kern_malloc(unsigned long size, struct m void *p; if (size >= PAGE_SIZE) { - allocsize = PAGE_SIZE + size; /* for page alignment */ + if (size > (ULONG_MAX-PAGE_SIZE)) + allocsize = ULONG_MAX; /* this will fail later */ + else + allocsize = PAGE_SIZE + size; /* for page alignment */ hdroffset = PAGE_SIZE - sizeof(struct malloc_header); } else { allocsize = sizeof(struct malloc_header) + size;
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: snj Date: Fri Jul 14 06:18:25 UTC 2017 Modified Files: src/sys/kern [netbsd-6]: exec_elf.c Log Message: Pull up following revision(s) (requested by uwe in ticket #1438): sys/kern/exec_elf.c: revision 1.88 via patch netbsd_elf_signature - look at note segments (phdrs) not note sections. They point to the same data in the file, but sections are for linkers and are not necessarily present in an executable. The original switch from phdrs to shdrs seems to be just a cop-out to avoid parsing multiple notes per segment, which doesn't really avoid the problem b/c sections also can contain multiple notes. To generate a diff of this commit: cvs rdiff -u -r1.37.2.2 -r1.37.2.3 src/sys/kern/exec_elf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/exec_elf.c diff -u src/sys/kern/exec_elf.c:1.37.2.2 src/sys/kern/exec_elf.c:1.37.2.3 --- src/sys/kern/exec_elf.c:1.37.2.2 Fri Feb 14 23:21:20 2014 +++ src/sys/kern/exec_elf.c Fri Jul 14 06:18:25 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: exec_elf.c,v 1.37.2.2 2014/02/14 23:21:20 bouyer Exp $ */ +/* $NetBSD: exec_elf.c,v 1.37.2.3 2017/07/14 06:18:25 snj Exp $ */ /*- * Copyright (c) 1994, 2000, 2005 The NetBSD Foundation, Inc. @@ -57,7 +57,7 @@ */ #include -__KERNEL_RCSID(1, "$NetBSD: exec_elf.c,v 1.37.2.2 2014/02/14 23:21:20 bouyer Exp $"); +__KERNEL_RCSID(1, "$NetBSD: exec_elf.c,v 1.37.2.3 2017/07/14 06:18:25 snj Exp $"); #ifdef _KERNEL_OPT #include "opt_pax.h" @@ -94,6 +94,7 @@ extern struct emul emul_netbsd; #define elf_load_psection ELFNAME(load_psection) #define exec_elf_makecmds ELFNAME2(exec,makecmds) #define netbsd_elf_signature ELFNAME2(netbsd,signature) +#define netbsd_elf_note ELFNAME2(netbsd,note) #define netbsd_elf_probe ELFNAME2(netbsd,probe) #define coredump ELFNAMEEND(coredump) #define elf_free_emul_arg ELFNAME(free_emul_arg) @@ -104,6 +105,8 @@ void elf_load_psection(struct exec_vmcmd const Elf_Phdr *, Elf_Addr *, u_long *, int *, int); int netbsd_elf_signature(struct lwp *, struct exec_package *, Elf_Ehdr *); +int netbsd_elf_note(struct exec_package *, const Elf_Nhdr *, const char *, + const char *); int netbsd_elf_probe(struct lwp *, struct exec_package *, void *, char *, vaddr_t *); @@ -860,99 +863,140 @@ netbsd_elf_signature(struct lwp *l, stru Elf_Ehdr *eh) { size_t i; - Elf_Shdr *sh; - Elf_Nhdr *np; - size_t shsize; + Elf_Phdr *ph; + size_t phsize; + char *nbuf; int error; int isnetbsd = 0; - char *ndata; epp->ep_pax_flags = 0; - if (eh->e_shnum > MAXSHNUM || eh->e_shnum == 0) + + if (eh->e_phnum > MAXPHNUM || eh->e_phnum == 0) return ENOEXEC; - shsize = eh->e_shnum * sizeof(Elf_Shdr); - sh = kmem_alloc(shsize, KM_SLEEP); - error = exec_read_from(l, epp->ep_vp, eh->e_shoff, sh, shsize); + phsize = eh->e_phnum * sizeof(Elf_Phdr); + ph = kmem_alloc(phsize, KM_SLEEP); + error = exec_read_from(l, epp->ep_vp, eh->e_phoff, ph, phsize); if (error) goto out; - np = kmem_alloc(MAXNOTESIZE, KM_SLEEP); - for (i = 0; i < eh->e_shnum; i++) { - Elf_Shdr *shp = [i]; - - if (shp->sh_type != SHT_NOTE || - shp->sh_size > MAXNOTESIZE || - shp->sh_size < sizeof(Elf_Nhdr) + ELF_NOTE_NETBSD_NAMESZ) + nbuf = kmem_alloc(MAXNOTESIZE, KM_SLEEP); + for (i = 0; i < eh->e_phnum; i++) { + const char *nptr; + size_t nlen; + + if (ph[i].p_type != PT_NOTE || + ph[i].p_filesz > MAXNOTESIZE) continue; - error = exec_read_from(l, epp->ep_vp, shp->sh_offset, np, - shp->sh_size); + nlen = ph[i].p_filesz; + error = exec_read_from(l, epp->ep_vp, ph[i].p_offset, + nbuf, nlen); if (error) continue; - ndata = (char *)(np + 1); - switch (np->n_type) { - case ELF_NOTE_TYPE_NETBSD_TAG: - if (np->n_namesz != ELF_NOTE_NETBSD_NAMESZ || - np->n_descsz != ELF_NOTE_NETBSD_DESCSZ || - memcmp(ndata, ELF_NOTE_NETBSD_NAME, - ELF_NOTE_NETBSD_NAMESZ)) -goto bad; - isnetbsd = 1; - break; + nptr = nbuf; + while (nlen > 0) { + const Elf_Nhdr *np; + const char *ndata, *ndesc; + + /* note header */ + np = (const Elf_Nhdr *)nptr; + if (nlen < sizeof(*np)) { +break; + } + nptr += sizeof(*np); + nlen -= sizeof(*np); + + /* note name */ + ndata = nptr; + if (nlen < roundup(np->n_namesz, 4)) { +break; + } + nptr += roundup(np->n_namesz, 4); + nlen -= roundup(np->n_namesz, 4); + + /* note description */ + ndesc = nptr; + if (nlen < roundup(np->n_descsz, 4)) { +break; + } + nptr += roundup(np->n_descsz, 4); + nlen -= roundup(np->n_descsz, 4); + + isnetbsd |= netbsd_elf_note(epp, np, ndata, ndesc); + } + } + kmem_free(nbuf, MAXNOTESIZE); + + error = isnetbsd ? 0 : ENOEXEC; +out: + kmem_free(ph, phsize); + return error; +} + +int +netbsd_elf_note(struct exec_package *epp, + const Elf_Nhdr *np, const char *ndata, const char *ndesc) +{ + int isnetbsd
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: snj Date: Fri Jul 14 06:18:25 UTC 2017 Modified Files: src/sys/kern [netbsd-6]: exec_elf.c Log Message: Pull up following revision(s) (requested by uwe in ticket #1438): sys/kern/exec_elf.c: revision 1.88 via patch netbsd_elf_signature - look at note segments (phdrs) not note sections. They point to the same data in the file, but sections are for linkers and are not necessarily present in an executable. The original switch from phdrs to shdrs seems to be just a cop-out to avoid parsing multiple notes per segment, which doesn't really avoid the problem b/c sections also can contain multiple notes. To generate a diff of this commit: cvs rdiff -u -r1.37.2.2 -r1.37.2.3 src/sys/kern/exec_elf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: snj Date: Thu Jul 6 15:20:00 UTC 2017 Modified Files: src/sys/kern [netbsd-6]: subr_xcall.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1419): sys/kern/subr_xcall.c: revision 1.19 Fix a race condition of low priority xcall xc_lowpri and xc_thread are racy and xc_wait may return during/before executing all xcall callbacks, resulting in a kernel panic at worst. xc_lowpri serializes multiple jobs by a mutex and a cv. If all xcall callbacks are done, xc_wait returns and also xc_lowpri accepts a next job. The problem is that a counter that counts the number of finished xcall callbacks is incremented *before* actually executing a xcall callback (see xc_tailp++ in xc_thread). So xc_lowpri accepts a next job before all xcall callbacks complete and a next job begins to run its xcall callbacks. Even worse the counter is global and shared between jobs, so if a xcall callback of the next job completes, the shared counter is incremented, which confuses wc_wait of the previous job as all xcall callbacks of the previous job are done and wc_wait of the previous job returns during/before executing its xcall callbacks. How to fix: there are actually two counters that count the number of finished xcall callbacks for low priority xcall for historical reasons (I guess): xc_tailp and xc_low_pri.xc_donep. xc_low_pri.xc_donep is incremented correctly while xc_tailp is incremented wrongly, i.e., before executing a xcall callback. We can fix the issue by dropping xc_tailp and using only xc_low_pri.xc_donep. PR kern/51632 To generate a diff of this commit: cvs rdiff -u -r1.13.10.1 -r1.13.10.2 src/sys/kern/subr_xcall.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: snj Date: Thu Jul 6 15:20:00 UTC 2017 Modified Files: src/sys/kern [netbsd-6]: subr_xcall.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1419): sys/kern/subr_xcall.c: revision 1.19 Fix a race condition of low priority xcall xc_lowpri and xc_thread are racy and xc_wait may return during/before executing all xcall callbacks, resulting in a kernel panic at worst. xc_lowpri serializes multiple jobs by a mutex and a cv. If all xcall callbacks are done, xc_wait returns and also xc_lowpri accepts a next job. The problem is that a counter that counts the number of finished xcall callbacks is incremented *before* actually executing a xcall callback (see xc_tailp++ in xc_thread). So xc_lowpri accepts a next job before all xcall callbacks complete and a next job begins to run its xcall callbacks. Even worse the counter is global and shared between jobs, so if a xcall callback of the next job completes, the shared counter is incremented, which confuses wc_wait of the previous job as all xcall callbacks of the previous job are done and wc_wait of the previous job returns during/before executing its xcall callbacks. How to fix: there are actually two counters that count the number of finished xcall callbacks for low priority xcall for historical reasons (I guess): xc_tailp and xc_low_pri.xc_donep. xc_low_pri.xc_donep is incremented correctly while xc_tailp is incremented wrongly, i.e., before executing a xcall callback. We can fix the issue by dropping xc_tailp and using only xc_low_pri.xc_donep. PR kern/51632 To generate a diff of this commit: cvs rdiff -u -r1.13.10.1 -r1.13.10.2 src/sys/kern/subr_xcall.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/subr_xcall.c diff -u src/sys/kern/subr_xcall.c:1.13.10.1 src/sys/kern/subr_xcall.c:1.13.10.2 --- src/sys/kern/subr_xcall.c:1.13.10.1 Sat Apr 20 10:05:22 2013 +++ src/sys/kern/subr_xcall.c Thu Jul 6 15:20:00 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: subr_xcall.c,v 1.13.10.1 2013/04/20 10:05:22 bouyer Exp $ */ +/* $NetBSD: subr_xcall.c,v 1.13.10.2 2017/07/06 15:20:00 snj Exp $ */ /*- * Copyright (c) 2007-2010 The NetBSD Foundation, Inc. @@ -74,7 +74,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: subr_xcall.c,v 1.13.10.1 2013/04/20 10:05:22 bouyer Exp $"); +__KERNEL_RCSID(0, "$NetBSD: subr_xcall.c,v 1.13.10.2 2017/07/06 15:20:00 snj Exp $"); #include #include @@ -101,7 +101,6 @@ typedef struct { /* Low priority xcall structures. */ static xc_state_t xc_low_pri __cacheline_aligned; -static uint64_t xc_tailp __cacheline_aligned; /* High priority xcall structures. */ static xc_state_t xc_high_pri __cacheline_aligned; @@ -131,7 +130,6 @@ xc_init(void) memset(xclo, 0, sizeof(xc_state_t)); mutex_init(>xc_lock, MUTEX_DEFAULT, IPL_NONE); cv_init(>xc_busy, "xclocv"); - xc_tailp = 0; memset(xchi, 0, sizeof(xc_state_t)); mutex_init(>xc_lock, MUTEX_DEFAULT, IPL_SOFTCLOCK); @@ -253,7 +251,7 @@ xc_lowpri(xcfunc_t func, void *arg1, voi uint64_t where; mutex_enter(>xc_lock); - while (xc->xc_headp != xc_tailp) { + while (xc->xc_headp != xc->xc_donep) { cv_wait(>xc_busy, >xc_lock); } xc->xc_arg1 = arg1; @@ -274,7 +272,7 @@ xc_lowpri(xcfunc_t func, void *arg1, voi ci->ci_data.cpu_xcall_pending = true; cv_signal(>ci_data.cpu_xcall); } - KASSERT(xc_tailp < xc->xc_headp); + KASSERT(xc->xc_donep < xc->xc_headp); where = xc->xc_headp; mutex_exit(>xc_lock); @@ -299,7 +297,7 @@ xc_thread(void *cookie) mutex_enter(>xc_lock); for (;;) { while (!ci->ci_data.cpu_xcall_pending) { - if (xc->xc_headp == xc_tailp) { + if (xc->xc_headp == xc->xc_donep) { cv_broadcast(>xc_busy); } cv_wait(>ci_data.cpu_xcall, >xc_lock); @@ -309,7 +307,6 @@ xc_thread(void *cookie) func = xc->xc_func; arg1 = xc->xc_arg1; arg2 = xc->xc_arg2; - xc_tailp++; mutex_exit(>xc_lock); KASSERT(func != NULL);
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: snj Date: Fri Nov 11 07:08:05 UTC 2016 Modified Files: src/sys/kern [netbsd-6]: uipc_usrreq.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1415): sys/kern/uipc_usrreq.c: revision 1.181 Memory leak, found by Mootja. It is easily triggerable from userland. To generate a diff of this commit: cvs rdiff -u -r1.136.8.3 -r1.136.8.4 src/sys/kern/uipc_usrreq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: snj Date: Fri Nov 11 07:08:05 UTC 2016 Modified Files: src/sys/kern [netbsd-6]: uipc_usrreq.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1415): sys/kern/uipc_usrreq.c: revision 1.181 Memory leak, found by Mootja. It is easily triggerable from userland. To generate a diff of this commit: cvs rdiff -u -r1.136.8.3 -r1.136.8.4 src/sys/kern/uipc_usrreq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/uipc_usrreq.c diff -u src/sys/kern/uipc_usrreq.c:1.136.8.3 src/sys/kern/uipc_usrreq.c:1.136.8.4 --- src/sys/kern/uipc_usrreq.c:1.136.8.3 Mon Feb 18 22:00:49 2013 +++ src/sys/kern/uipc_usrreq.c Fri Nov 11 07:08:05 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_usrreq.c,v 1.136.8.3 2013/02/18 22:00:49 riz Exp $ */ +/* $NetBSD: uipc_usrreq.c,v 1.136.8.4 2016/11/11 07:08:05 snj Exp $ */ /*- * Copyright (c) 1998, 2000, 2004, 2008, 2009 The NetBSD Foundation, Inc. @@ -96,7 +96,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: uipc_usrreq.c,v 1.136.8.3 2013/02/18 22:00:49 riz Exp $"); +__KERNEL_RCSID(0, "$NetBSD: uipc_usrreq.c,v 1.136.8.4 2016/11/11 07:08:05 snj Exp $"); #include #include @@ -1014,11 +1014,11 @@ unp_connect(struct socket *so, struct mb goto bad2; } vp = nd.ni_vp; + pathbuf_destroy(pb); if (vp->v_type != VSOCK) { error = ENOTSOCK; goto bad; } - pathbuf_destroy(pb); if ((error = VOP_ACCESS(vp, VWRITE, l->l_cred)) != 0) goto bad; /* Acquire v_interlock to protect against unp_detach(). */
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: snj Date: Thu Jul 14 06:56:03 UTC 2016 Modified Files: src/sys/kern [netbsd-6]: kern_softint.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #1356): sys/kern/kern_softint.c: revision 1.42 fix the following softint parallel operation problem. (0) softint handler "handler A" is established (1) CPU#X does softint_schedule() for "handler A" - the softhand_t is set SOFTINT_PENDING flag - the softhand_t is NOT set SOFTINT_ACTIVE flag yet (2) CPU#X begins other H/W interrupt processing (3) CPU#Y does softint_disestablish() for "handler A" - waits until softhand_t's SOFTINT_ACTIVE of all CPUs is clear - the softhand_t is set not SOFTINT_ACTIVE but SOFTINT_PENDING, so CPU#Y does not wait - unset the function of "handler A" (4) CPU#X does softint_execute() - the function of "handler A" is already clear, so panic To generate a diff of this commit: cvs rdiff -u -r1.38.8.1 -r1.38.8.2 src/sys/kern/kern_softint.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_softint.c diff -u src/sys/kern/kern_softint.c:1.38.8.1 src/sys/kern/kern_softint.c:1.38.8.2 --- src/sys/kern/kern_softint.c:1.38.8.1 Fri Feb 8 19:32:07 2013 +++ src/sys/kern/kern_softint.c Thu Jul 14 06:56:03 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_softint.c,v 1.38.8.1 2013/02/08 19:32:07 riz Exp $ */ +/* $NetBSD: kern_softint.c,v 1.38.8.2 2016/07/14 06:56:03 snj Exp $ */ /*- * Copyright (c) 2007, 2008 The NetBSD Foundation, Inc. @@ -176,7 +176,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_softint.c,v 1.38.8.1 2013/02/08 19:32:07 riz Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_softint.c,v 1.38.8.2 2016/07/14 06:56:03 snj Exp $"); #include #include @@ -424,8 +424,8 @@ softint_disestablish(void *arg) KASSERT(sh->sh_func != NULL); flags |= sh->sh_flags; } - /* Inactive on all CPUs? */ - if ((flags & SOFTINT_ACTIVE) == 0) { + /* Neither pending nor active on all CPUs? */ + if ((flags & (SOFTINT_PENDING | SOFTINT_ACTIVE)) == 0) { break; } /* Oops, still active. Wait for it to clear. */
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: snj Date: Thu Jul 14 06:56:03 UTC 2016 Modified Files: src/sys/kern [netbsd-6]: kern_softint.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #1356): sys/kern/kern_softint.c: revision 1.42 fix the following softint parallel operation problem. (0) softint handler "handler A" is established (1) CPU#X does softint_schedule() for "handler A" - the softhand_t is set SOFTINT_PENDING flag - the softhand_t is NOT set SOFTINT_ACTIVE flag yet (2) CPU#X begins other H/W interrupt processing (3) CPU#Y does softint_disestablish() for "handler A" - waits until softhand_t's SOFTINT_ACTIVE of all CPUs is clear - the softhand_t is set not SOFTINT_ACTIVE but SOFTINT_PENDING, so CPU#Y does not wait - unset the function of "handler A" (4) CPU#X does softint_execute() - the function of "handler A" is already clear, so panic To generate a diff of this commit: cvs rdiff -u -r1.38.8.1 -r1.38.8.2 src/sys/kern/kern_softint.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: bouyer Date: Sun Nov 15 17:36:32 UTC 2015 Modified Files: src/sys/kern [netbsd-6]: sys_pset.c Log Message: Pull up following revision(s) (requested by oster in ticket #1320): sys/kern/sys_pset.c: revision 1.19 Don't forget to unlock the LWP. ok rmind@ To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.17.8.1 src/sys/kern/sys_pset.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/sys_pset.c diff -u src/sys/kern/sys_pset.c:1.17 src/sys/kern/sys_pset.c:1.17.8.1 --- src/sys/kern/sys_pset.c:1.17 Sun Aug 7 21:13:05 2011 +++ src/sys/kern/sys_pset.c Sun Nov 15 17:36:32 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: sys_pset.c,v 1.17 2011/08/07 21:13:05 rmind Exp $ */ +/* $NetBSD: sys_pset.c,v 1.17.8.1 2015/11/15 17:36:32 bouyer Exp $ */ /* * Copyright (c) 2008, Mindaugas Rasiukevicius @@ -36,7 +36,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: sys_pset.c,v 1.17 2011/08/07 21:13:05 rmind Exp $"); +__KERNEL_RCSID(0, "$NetBSD: sys_pset.c,v 1.17.8.1 2015/11/15 17:36:32 bouyer Exp $"); #include @@ -380,6 +380,7 @@ sys_pset_assign(struct lwp *l, const str mutex_exit(_lock); return EPERM; } + lwp_unlock(t); } /* * Set the processor-set ID.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: bouyer Date: Sun Nov 15 17:36:32 UTC 2015 Modified Files: src/sys/kern [netbsd-6]: sys_pset.c Log Message: Pull up following revision(s) (requested by oster in ticket #1320): sys/kern/sys_pset.c: revision 1.19 Don't forget to unlock the LWP. ok rmind@ To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.17.8.1 src/sys/kern/sys_pset.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: bouyer Date: Sun Nov 15 20:37:04 UTC 2015 Modified Files: src/sys/kern [netbsd-6]: kern_exec.c kern_exit.c kern_synch.c Log Message: Pull up following revision(s) (requested by pgoyette in ticket #1333): sys/kern/kern_exec.c: revision 1.420 sys/kern/kern_synch.c: revision 1.309 sys/kern/kern_exit.c: revision 1.246 sys/kern/kern_exit.c: revision 1.247 sys/kern/kern_exec.c: revision 1.419 In execve_runproc(), update the p_waited entry for the process being moved to SSTOP state, not for its parent. (It is correct to update the parent's p_nstopchild count.) If the value is not already zero, it could prevent its parent from waiting for the process. Fixes PR kern/50298 Pullups will be requested for: NetBSD-7, -6, -6-0, -6-1, -5, -5-0, -5-1, and -5-2 When clearing out the scheduler queues during system shutdown, we move all processes to the SSTOP state. Make sure we update each process's p_waited and the parents' p_nstopchild counters to maintain consistent values. Should not make any real difference this late in the shutdown process, but we should still be consistent just in case. Fixes PR kern/50318 Pullups will be requested for: NetBSD-7, -6, -6-0, -6-1, -5, -5-0, -5-1, and -5-2 Currently, if a process is exiting and its parent has indicated no intent of reaping the process (nor any other children), the process wil get reparented to init. Since the state of the exiting process at this point is SDEAD, proc_reparent() will not update either the old or new parent's p_nstopchild counters. This change causes both old and new parents to be properly updated. Fixes PR kern/50300 Pullups will be requested for: NetBSD-7, -6, -6-0, -6-1, -5, -5-0, -5-1, and -5-2 For processes marked with PS_STOPEXIT, update the process's p_waited value, and update its parent's p_nstopchild value when marking the process's p_stat to SSTOP. The process needed to be SACTIVE to get here, so this transition represents an additional process for which the parent needs to wait. Fixes PR kern/50308 Pullups will be requested for: NetBSD-7, -6, -6-0, -6-1, -5, -5-0, -5-1, and -5-2 In spawn_return() we temporarily move the process state to SSTOP, but without updating its p_waited value or its parent's p_nstopchild counter. Later, we restore the original state, again without any adjustment of the related values. This leaves a relatively short window when the values are inconsistent and could interfere with the proper operation of sys_wait() for the parent (if it manages to be scheduled; it's not totally clear what, if anything, prevents scheduling/execution of the parent). If during this window, any of the checks being made result in an error, we call exit1() which will eventually migrate the process's state to SDEAD (with an intermediate transition to SDYING). At this point the other variables get updated, and we finally restore a consistent state. This change updates the p_waited and parent's p_nstopchild at each step to eliminate any windows during which the values could lead to incorrect decisions. Fixes PR kern/50330 Pullups will be requested for NetBSD-7, -6, -6-0, and -6-1 To generate a diff of this commit: cvs rdiff -u -r1.339.2.9 -r1.339.2.10 src/sys/kern/kern_exec.c cvs rdiff -u -r1.236.2.3 -r1.236.2.4 src/sys/kern/kern_exit.c cvs rdiff -u -r1.297.2.1 -r1.297.2.2 src/sys/kern/kern_synch.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_exec.c diff -u src/sys/kern/kern_exec.c:1.339.2.9 src/sys/kern/kern_exec.c:1.339.2.10 --- src/sys/kern/kern_exec.c:1.339.2.9 Mon Apr 21 10:00:10 2014 +++ src/sys/kern/kern_exec.c Sun Nov 15 20:37:04 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_exec.c,v 1.339.2.9 2014/04/21 10:00:10 bouyer Exp $ */ +/* $NetBSD: kern_exec.c,v 1.339.2.10 2015/11/15 20:37:04 bouyer Exp $ */ /*- * Copyright (c) 2008 The NetBSD Foundation, Inc. @@ -59,7 +59,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.339.2.9 2014/04/21 10:00:10 bouyer Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.339.2.10 2015/11/15 20:37:04 bouyer Exp $"); #include "opt_exec.h" #include "opt_ktrace.h" @@ -1412,7 +1412,7 @@ execve_runproc(struct lwp *l, struct exe if (p->p_sflag & PS_STOPEXEC) { KERNEL_UNLOCK_ALL(l, >l_biglocks); p->p_pptr->p_nstopchild++; - p->p_pptr->p_waited = 0; + p->p_waited = 0; mutex_enter(p->p_lock); ksiginfo_queue_init(); sigclearall(p, , ); @@ -1849,6 +1849,7 @@ spawn_return(void *arg) struct spawn_exec_data *spawn_data = arg; struct lwp *l = curlwp; int error, newfd; + int ostat; size_t i; const struct posix_spawn_file_actions_entry *fae; pid_t ppid; @@ -1921,7 +1922,6 @@ spawn_return(void *arg) /* handle posix_spawnattr */ if (spawn_data->sed_attrs != NULL) { - int ostat; struct sigaction sigact;
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: bouyer Date: Sun Nov 15 20:37:04 UTC 2015 Modified Files: src/sys/kern [netbsd-6]: kern_exec.c kern_exit.c kern_synch.c Log Message: Pull up following revision(s) (requested by pgoyette in ticket #1333): sys/kern/kern_exec.c: revision 1.420 sys/kern/kern_synch.c: revision 1.309 sys/kern/kern_exit.c: revision 1.246 sys/kern/kern_exit.c: revision 1.247 sys/kern/kern_exec.c: revision 1.419 In execve_runproc(), update the p_waited entry for the process being moved to SSTOP state, not for its parent. (It is correct to update the parent's p_nstopchild count.) If the value is not already zero, it could prevent its parent from waiting for the process. Fixes PR kern/50298 Pullups will be requested for: NetBSD-7, -6, -6-0, -6-1, -5, -5-0, -5-1, and -5-2 When clearing out the scheduler queues during system shutdown, we move all processes to the SSTOP state. Make sure we update each process's p_waited and the parents' p_nstopchild counters to maintain consistent values. Should not make any real difference this late in the shutdown process, but we should still be consistent just in case. Fixes PR kern/50318 Pullups will be requested for: NetBSD-7, -6, -6-0, -6-1, -5, -5-0, -5-1, and -5-2 Currently, if a process is exiting and its parent has indicated no intent of reaping the process (nor any other children), the process wil get reparented to init. Since the state of the exiting process at this point is SDEAD, proc_reparent() will not update either the old or new parent's p_nstopchild counters. This change causes both old and new parents to be properly updated. Fixes PR kern/50300 Pullups will be requested for: NetBSD-7, -6, -6-0, -6-1, -5, -5-0, -5-1, and -5-2 For processes marked with PS_STOPEXIT, update the process's p_waited value, and update its parent's p_nstopchild value when marking the process's p_stat to SSTOP. The process needed to be SACTIVE to get here, so this transition represents an additional process for which the parent needs to wait. Fixes PR kern/50308 Pullups will be requested for: NetBSD-7, -6, -6-0, -6-1, -5, -5-0, -5-1, and -5-2 In spawn_return() we temporarily move the process state to SSTOP, but without updating its p_waited value or its parent's p_nstopchild counter. Later, we restore the original state, again without any adjustment of the related values. This leaves a relatively short window when the values are inconsistent and could interfere with the proper operation of sys_wait() for the parent (if it manages to be scheduled; it's not totally clear what, if anything, prevents scheduling/execution of the parent). If during this window, any of the checks being made result in an error, we call exit1() which will eventually migrate the process's state to SDEAD (with an intermediate transition to SDYING). At this point the other variables get updated, and we finally restore a consistent state. This change updates the p_waited and parent's p_nstopchild at each step to eliminate any windows during which the values could lead to incorrect decisions. Fixes PR kern/50330 Pullups will be requested for NetBSD-7, -6, -6-0, and -6-1 To generate a diff of this commit: cvs rdiff -u -r1.339.2.9 -r1.339.2.10 src/sys/kern/kern_exec.c cvs rdiff -u -r1.236.2.3 -r1.236.2.4 src/sys/kern/kern_exit.c cvs rdiff -u -r1.297.2.1 -r1.297.2.2 src/sys/kern/kern_synch.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: bouyer Date: Sun Nov 15 20:40:20 UTC 2015 Modified Files: src/sys/kern [netbsd-6]: kern_sig.c Log Message: Pull up following revision(s) (requested by pgoyette in ticket #1334): sys/kern/kern_sig.c: revision 1.321 When delivering a signal, it's possible that the process's state in p_stat is SACTIVE yet p_sflag is PS_STOPPING (while waiting for other lwp's to stop). In that case, we don't want to adjust the parent's p_nstopchild count. Found by Robert Elz. XXX Pullups to: NetBSD-7, -6{,-0,-1}, and -5{,-0,-1,-2} To generate a diff of this commit: cvs rdiff -u -r1.316 -r1.316.8.1 src/sys/kern/kern_sig.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_sig.c diff -u src/sys/kern/kern_sig.c:1.316 src/sys/kern/kern_sig.c:1.316.8.1 --- src/sys/kern/kern_sig.c:1.316 Fri Sep 16 22:07:17 2011 +++ src/sys/kern/kern_sig.c Sun Nov 15 20:40:20 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_sig.c,v 1.316 2011/09/16 22:07:17 reinoud Exp $ */ +/* $NetBSD: kern_sig.c,v 1.316.8.1 2015/11/15 20:40:20 bouyer Exp $ */ /*- * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -70,7 +70,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_sig.c,v 1.316 2011/09/16 22:07:17 reinoud Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_sig.c,v 1.316.8.1 2015/11/15 20:40:20 bouyer Exp $"); #include "opt_ptrace.h" #include "opt_compat_sunos.h" @@ -1461,14 +1461,13 @@ kpsignal2(struct proc *p, ksiginfo_t *ks } if ((prop & SA_CONT) != 0 || signo == SIGKILL) { /* - * Re-adjust p_nstopchild if the process wasn't - * collected by its parent. + * Re-adjust p_nstopchild if the process was + * stopped but not yet collected by its parent. */ + if (p->p_stat == SSTOP && !p->p_waited) +p->p_pptr->p_nstopchild--; p->p_stat = SACTIVE; p->p_sflag &= ~PS_STOPPING; - if (!p->p_waited) { -p->p_pptr->p_nstopchild--; - } if (p->p_slflag & PSL_TRACED) { KASSERT(signo == SIGKILL); goto deliver;
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: bouyer Date: Sun Nov 15 20:40:20 UTC 2015 Modified Files: src/sys/kern [netbsd-6]: kern_sig.c Log Message: Pull up following revision(s) (requested by pgoyette in ticket #1334): sys/kern/kern_sig.c: revision 1.321 When delivering a signal, it's possible that the process's state in p_stat is SACTIVE yet p_sflag is PS_STOPPING (while waiting for other lwp's to stop). In that case, we don't want to adjust the parent's p_nstopchild count. Found by Robert Elz. XXX Pullups to: NetBSD-7, -6{,-0,-1}, and -5{,-0,-1,-2} To generate a diff of this commit: cvs rdiff -u -r1.316 -r1.316.8.1 src/sys/kern/kern_sig.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: bouyer Date: Sun Nov 15 20:44:10 UTC 2015 Modified Files: src/sys/kern [netbsd-6]: kern_exit.c Log Message: Pull up following revision(s) (requested by pgoyette in ticket #1336): sys/kern/kern_exit.c: revision 1.248 Update value of p_stat before we release the proc_lock. Thanks to Robert Elz. XXX Pull-ups for -7, -6{,-0,-1} and -5{,-0,-1,-2} To generate a diff of this commit: cvs rdiff -u -r1.236.2.4 -r1.236.2.5 src/sys/kern/kern_exit.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: bouyer Date: Sun Nov 15 20:44:10 UTC 2015 Modified Files: src/sys/kern [netbsd-6]: kern_exit.c Log Message: Pull up following revision(s) (requested by pgoyette in ticket #1336): sys/kern/kern_exit.c: revision 1.248 Update value of p_stat before we release the proc_lock. Thanks to Robert Elz. XXX Pull-ups for -7, -6{,-0,-1} and -5{,-0,-1,-2} To generate a diff of this commit: cvs rdiff -u -r1.236.2.4 -r1.236.2.5 src/sys/kern/kern_exit.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_exit.c diff -u src/sys/kern/kern_exit.c:1.236.2.4 src/sys/kern/kern_exit.c:1.236.2.5 --- src/sys/kern/kern_exit.c:1.236.2.4 Sun Nov 15 20:37:04 2015 +++ src/sys/kern/kern_exit.c Sun Nov 15 20:44:10 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_exit.c,v 1.236.2.4 2015/11/15 20:37:04 bouyer Exp $ */ +/* $NetBSD: kern_exit.c,v 1.236.2.5 2015/11/15 20:44:10 bouyer Exp $ */ /*- * Copyright (c) 1998, 1999, 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -67,7 +67,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_exit.c,v 1.236.2.4 2015/11/15 20:37:04 bouyer Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_exit.c,v 1.236.2.5 2015/11/15 20:44:10 bouyer Exp $"); #include "opt_ktrace.h" #include "opt_perfctrs.h" @@ -248,8 +248,8 @@ exit1(struct lwp *l, int rv) } p->p_waited = 0; p->p_pptr->p_nstopchild++; - mutex_exit(proc_lock); p->p_stat = SSTOP; + mutex_exit(proc_lock); lwp_lock(l); p->p_nrlwps--; l->l_stat = LSSTOP;
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: msaitoh Date: Mon Nov 3 15:27:46 UTC 2014 Modified Files: src/sys/kern [netbsd-6]: kern_rndpool.c kern_rndq.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1118): sys/kern/kern_rndq.c: revision 1.27 sys/kern/kern_rndpool.c: revision 1.7 buf is not guaranteed to be aligned; don't *(uint32_t *) it in kern_rndq.c. done is not guaranteed to be aligned; don't *(uint32_t *) it in kern_rndq.c. To generate a diff of this commit: cvs rdiff -u -r1.1.2.1 -r1.1.2.2 src/sys/kern/kern_rndpool.c cvs rdiff -u -r1.1.2.5 -r1.1.2.6 src/sys/kern/kern_rndq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_rndpool.c diff -u src/sys/kern/kern_rndpool.c:1.1.2.1 src/sys/kern/kern_rndpool.c:1.1.2.2 --- src/sys/kern/kern_rndpool.c:1.1.2.1 Fri Apr 20 23:35:20 2012 +++ src/sys/kern/kern_rndpool.c Mon Nov 3 15:27:46 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_rndpool.c,v 1.1.2.1 2012/04/20 23:35:20 riz Exp $*/ +/* $NetBSD: kern_rndpool.c,v 1.1.2.2 2014/11/03 15:27:46 msaitoh Exp $*/ /*- * Copyright (c) 1997 The NetBSD Foundation, Inc. @@ -31,7 +31,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_rndpool.c,v 1.1.2.1 2012/04/20 23:35:20 riz Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_rndpool.c,v 1.1.2.2 2014/11/03 15:27:46 msaitoh Exp $); #include sys/param.h #include sys/systm.h @@ -191,8 +191,7 @@ rndpool_add_data(rndpool_t *rp, void *p, buf = p; for (; len 3; len -= 4) { - val = *((u_int32_t *)buf); - + (void)memcpy(val, buf, 4); rndpool_add_one_word(rp, val); buf += 4; } Index: src/sys/kern/kern_rndq.c diff -u src/sys/kern/kern_rndq.c:1.1.2.5 src/sys/kern/kern_rndq.c:1.1.2.6 --- src/sys/kern/kern_rndq.c:1.1.2.5 Fri Feb 8 20:28:07 2013 +++ src/sys/kern/kern_rndq.c Mon Nov 3 15:27:46 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_rndq.c,v 1.1.2.5 2013/02/08 20:28:07 riz Exp $ */ +/* $NetBSD: kern_rndq.c,v 1.1.2.6 2014/11/03 15:27:46 msaitoh Exp $ */ /*- * Copyright (c) 1997-2011 The NetBSD Foundation, Inc. @@ -32,7 +32,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_rndq.c,v 1.1.2.5 2013/02/08 20:28:07 riz Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_rndq.c,v 1.1.2.6 2014/11/03 15:27:46 msaitoh Exp $); #include sys/param.h #include sys/ioctl.h @@ -663,7 +663,8 @@ rnd_add_data_ts(krndsource_t *rs, const u_int32_t entropy, uint32_t ts) { rnd_sample_t *state = NULL; - const uint32_t *dint = data; + const uint8_t *p = data; + uint32_t dint; int todo, done, filled = 0; SIMPLEQ_HEAD(, _rnd_sample_t) tmp_samples = SIMPLEQ_HEAD_INITIALIZER(tmp_samples); @@ -676,7 +677,7 @@ rnd_add_data_ts(krndsource_t *rs, const * Loop over data packaging it into sample buffers. * If a sample buffer allocation fails, drop all data. */ - todo = len / sizeof(*dint); + todo = len / sizeof(dint); for (done = 0; done todo ; done++) { state = rs-state; if (state == NULL) { @@ -688,7 +689,8 @@ rnd_add_data_ts(krndsource_t *rs, const } state-ts[state-cursor] = ts; - state-values[state-cursor] = dint[done]; + (void)memcpy(dint, p[done*4], 4); + state-values[state-cursor] = dint; state-cursor++; if (state-cursor == RND_SAMPLE_COUNT) {
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: msaitoh Date: Mon Nov 3 15:27:46 UTC 2014 Modified Files: src/sys/kern [netbsd-6]: kern_rndpool.c kern_rndq.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1118): sys/kern/kern_rndq.c: revision 1.27 sys/kern/kern_rndpool.c: revision 1.7 buf is not guaranteed to be aligned; don't *(uint32_t *) it in kern_rndq.c. done is not guaranteed to be aligned; don't *(uint32_t *) it in kern_rndq.c. To generate a diff of this commit: cvs rdiff -u -r1.1.2.1 -r1.1.2.2 src/sys/kern/kern_rndpool.c cvs rdiff -u -r1.1.2.5 -r1.1.2.6 src/sys/kern/kern_rndq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: msaitoh Date: Mon Oct 27 05:41:21 UTC 2014 Modified Files: src/sys/kern [netbsd-6]: subr_pcq.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1132): sys/kern/subr_pcq.c: revision 1.7 __HAVE_ATOMIC_AS_MEMBAR is spelled with two leading underscores. This underscores the need to replace this error-prone cpp API by unconditionally defined {pre,post}atomic_membar_*. This change should only remove unnecessary membar_producers on x86. To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.6.2.1 src/sys/kern/subr_pcq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/subr_pcq.c diff -u src/sys/kern/subr_pcq.c:1.6 src/sys/kern/subr_pcq.c:1.6.2.1 --- src/sys/kern/subr_pcq.c:1.6 Tue Jan 31 20:40:09 2012 +++ src/sys/kern/subr_pcq.c Mon Oct 27 05:41:21 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: subr_pcq.c,v 1.6 2012/01/31 20:40:09 alnsn Exp $ */ +/* $NetBSD: subr_pcq.c,v 1.6.2.1 2014/10/27 05:41:21 msaitoh Exp $ */ /*- * Copyright (c) 2009 The NetBSD Foundation, Inc. @@ -34,7 +34,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: subr_pcq.c,v 1.6 2012/01/31 20:40:09 alnsn Exp $); +__KERNEL_RCSID(0, $NetBSD: subr_pcq.c,v 1.6.2.1 2014/10/27 05:41:21 msaitoh Exp $); #include sys/param.h #include sys/types.h @@ -115,7 +115,7 @@ pcq_put(pcq_t *pcq, void *item) * that the caller made to the data item are globally visible * before we put it onto the list. */ -#ifndef _HAVE_ATOMIC_AS_MEMBAR +#ifndef __HAVE_ATOMIC_AS_MEMBAR membar_producer(); #endif pcq-pcq_items[op] = item; @@ -180,7 +180,7 @@ pcq_get(pcq_t *pcq) * after it, we could in theory wipe out a modification made * to pcq_items[] by pcq_put(). */ -#ifndef _HAVE_ATOMIC_AS_MEMBAR +#ifndef __HAVE_ATOMIC_AS_MEMBAR membar_producer(); #endif while (__predict_false(atomic_cas_32(pcq-pcq_pc, v, nv) != v)) {
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: msaitoh Date: Mon Oct 27 05:41:21 UTC 2014 Modified Files: src/sys/kern [netbsd-6]: subr_pcq.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1132): sys/kern/subr_pcq.c: revision 1.7 __HAVE_ATOMIC_AS_MEMBAR is spelled with two leading underscores. This underscores the need to replace this error-prone cpp API by unconditionally defined {pre,post}atomic_membar_*. This change should only remove unnecessary membar_producers on x86. To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.6.2.1 src/sys/kern/subr_pcq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: msaitoh Date: Mon Jul 14 06:21:22 UTC 2014 Modified Files: src/sys/kern [netbsd-6]: kern_core.c Log Message: Pull up following revision(s) (requested by maxt in ticket #1097): sys/kern/kern_core.c: revision 1.23 Fix a read-beyond-end string read. To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.20.8.1 src/sys/kern/kern_core.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_core.c diff -u src/sys/kern/kern_core.c:1.20 src/sys/kern/kern_core.c:1.20.8.1 --- src/sys/kern/kern_core.c:1.20 Sat Sep 24 22:53:50 2011 +++ src/sys/kern/kern_core.c Mon Jul 14 06:21:22 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_core.c,v 1.20 2011/09/24 22:53:50 christos Exp $ */ +/* $NetBSD: kern_core.c,v 1.20.8.1 2014/07/14 06:21:22 msaitoh Exp $ */ /* * Copyright (c) 1982, 1986, 1989, 1991, 1993 @@ -37,7 +37,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_core.c,v 1.20 2011/09/24 22:53:50 christos Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_core.c,v 1.20.8.1 2014/07/14 06:21:22 msaitoh Exp $); #include sys/param.h #include sys/vnode.h @@ -155,6 +155,12 @@ coredump(struct lwp *l, const char *patt error = coredump_buildname(p, name, pattern, MAXPATHLEN); mutex_exit(lim-pl_lock); + if (error) { + mutex_exit(p-p_lock); + mutex_exit(proc_lock); + goto done; + } + /* * On a simple filename, see if the filesystem allow us to write * core dumps there.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: msaitoh Date: Mon Jul 14 06:32:31 UTC 2014 Modified Files: src/sys/kern [netbsd-6]: sys_module.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1098): sys/kern/sys_module.c: revision 1.15 Fix a user-controlled memory allocation. kmem_alloc(0) will panic the system. ok christos@ To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.13.8.1 src/sys/kern/sys_module.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/sys_module.c diff -u src/sys/kern/sys_module.c:1.13 src/sys/kern/sys_module.c:1.13.8.1 --- src/sys/kern/sys_module.c:1.13 Fri Jul 8 09:32:45 2011 +++ src/sys/kern/sys_module.c Mon Jul 14 06:32:30 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: sys_module.c,v 1.13 2011/07/08 09:32:45 mrg Exp $ */ +/* $NetBSD: sys_module.c,v 1.13.8.1 2014/07/14 06:32:30 msaitoh Exp $ */ /*- * Copyright (c) 2008 The NetBSD Foundation, Inc. @@ -31,7 +31,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: sys_module.c,v 1.13 2011/07/08 09:32:45 mrg Exp $); +__KERNEL_RCSID(0, $NetBSD: sys_module.c,v 1.13.8.1 2014/07/14 06:32:30 msaitoh Exp $); #include sys/param.h #include sys/systm.h @@ -43,6 +43,11 @@ __KERNEL_RCSID(0, $NetBSD: sys_module.c #include sys/syscall.h #include sys/syscallargs.h +/* + * Arbitrary limit to avoid DoS for excessive memory allocation. + */ +#define MAXPROPSLEN 4096 + static int handle_modctl_load(modctl_load_t *ml) { @@ -64,7 +69,12 @@ handle_modctl_load(modctl_load_t *ml) goto out2; if (ml-ml_props != NULL) { + if (ml-ml_propslen MAXPROPSLEN) { + error = ENOMEM; + goto out2; + } propslen = ml-ml_propslen + 1; + props = (char *)kmem_alloc(propslen, KM_SLEEP); if (props == NULL) { error = ENOMEM;
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: msaitoh Date: Mon Jul 14 06:21:22 UTC 2014 Modified Files: src/sys/kern [netbsd-6]: kern_core.c Log Message: Pull up following revision(s) (requested by maxt in ticket #1097): sys/kern/kern_core.c: revision 1.23 Fix a read-beyond-end string read. To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.20.8.1 src/sys/kern/kern_core.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: msaitoh Date: Mon Jul 14 06:32:31 UTC 2014 Modified Files: src/sys/kern [netbsd-6]: sys_module.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1098): sys/kern/sys_module.c: revision 1.15 Fix a user-controlled memory allocation. kmem_alloc(0) will panic the system. ok christos@ To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.13.8.1 src/sys/kern/sys_module.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: bouyer Date: Wed May 21 20:34:38 UTC 2014 Modified Files: src/sys/kern [netbsd-6]: subr_pool.c Log Message: Pull up following revision(s) (requested by abs in ticket #1054): sys/kern/subr_pool.c: revision 1.202 Ensure pool_head is non static - for vmstat -i To generate a diff of this commit: cvs rdiff -u -r1.194.2.1 -r1.194.2.2 src/sys/kern/subr_pool.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/subr_pool.c diff -u src/sys/kern/subr_pool.c:1.194.2.1 src/sys/kern/subr_pool.c:1.194.2.2 --- src/sys/kern/subr_pool.c:1.194.2.1 Mon Jul 2 19:04:42 2012 +++ src/sys/kern/subr_pool.c Wed May 21 20:34:38 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: subr_pool.c,v 1.194.2.1 2012/07/02 19:04:42 jdc Exp $ */ +/* $NetBSD: subr_pool.c,v 1.194.2.2 2014/05/21 20:34:38 bouyer Exp $ */ /*- * Copyright (c) 1997, 1999, 2000, 2002, 2007, 2008, 2010 @@ -32,7 +32,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: subr_pool.c,v 1.194.2.1 2012/07/02 19:04:42 jdc Exp $); +__KERNEL_RCSID(0, $NetBSD: subr_pool.c,v 1.194.2.2 2014/05/21 20:34:38 bouyer Exp $); #include opt_ddb.h #include opt_pool.h @@ -70,8 +70,8 @@ __KERNEL_RCSID(0, $NetBSD: subr_pool.c, * an internal pool of page headers (`phpool'). */ -/* List of all pools */ -static TAILQ_HEAD(, pool) pool_head = TAILQ_HEAD_INITIALIZER(pool_head); +/* List of all pools. Non static as needed by 'vmstat -i' */ +TAILQ_HEAD(, pool) pool_head = TAILQ_HEAD_INITIALIZER(pool_head); /* Private pool for page header structures */ #define PHPOOL_MAX 8
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: bouyer Date: Wed May 21 21:04:31 UTC 2014 Modified Files: src/sys/kern [netbsd-6]: kern_exit.c Log Message: Pull up following revision(s) (requested by christos in ticket #1061): sys/kern/kern_exit.c: revision 1.244 Free pid for linux processes. Reported by Mark Davies, fix by dsl@ XXX: pullup 6 To generate a diff of this commit: cvs rdiff -u -r1.236.2.2 -r1.236.2.3 src/sys/kern/kern_exit.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_exit.c diff -u src/sys/kern/kern_exit.c:1.236.2.2 src/sys/kern/kern_exit.c:1.236.2.3 --- src/sys/kern/kern_exit.c:1.236.2.2 Mon Oct 1 23:07:07 2012 +++ src/sys/kern/kern_exit.c Wed May 21 21:04:31 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_exit.c,v 1.236.2.2 2012/10/01 23:07:07 riz Exp $ */ +/* $NetBSD: kern_exit.c,v 1.236.2.3 2014/05/21 21:04:31 bouyer Exp $ */ /*- * Copyright (c) 1998, 1999, 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -67,7 +67,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_exit.c,v 1.236.2.2 2012/10/01 23:07:07 riz Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_exit.c,v 1.236.2.3 2014/05/21 21:04:31 bouyer Exp $); #include opt_ktrace.h #include opt_perfctrs.h @@ -540,12 +540,10 @@ exit1(struct lwp *l, int rv) */ pcu_discard_all(l); - /* - * Remaining lwp resources will be freed in lwp_exit2() once we've - * switch to idle context; at that point, we will be marked as a - * full blown zombie. - */ mutex_enter(p-p_lock); + /* Free the linux lwp id */ + if ((l-l_pflag LP_PIDLID) != 0 l-l_lid != p-p_pid) + proc_free_pid(l-l_lid); lwp_drainrefs(l); lwp_lock(l); l-l_prflag = ~LPR_DETACHED;
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: bouyer Date: Wed May 21 20:34:38 UTC 2014 Modified Files: src/sys/kern [netbsd-6]: subr_pool.c Log Message: Pull up following revision(s) (requested by abs in ticket #1054): sys/kern/subr_pool.c: revision 1.202 Ensure pool_head is non static - for vmstat -i To generate a diff of this commit: cvs rdiff -u -r1.194.2.1 -r1.194.2.2 src/sys/kern/subr_pool.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: bouyer Date: Wed May 21 21:04:31 UTC 2014 Modified Files: src/sys/kern [netbsd-6]: kern_exit.c Log Message: Pull up following revision(s) (requested by christos in ticket #1061): sys/kern/kern_exit.c: revision 1.244 Free pid for linux processes. Reported by Mark Davies, fix by dsl@ XXX: pullup 6 To generate a diff of this commit: cvs rdiff -u -r1.236.2.2 -r1.236.2.3 src/sys/kern/kern_exit.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: bouyer Date: Mon Apr 21 10:00:11 UTC 2014 Modified Files: src/sys/kern [netbsd-6]: kern_exec.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1048): sys/kern/kern_exec.c: revision 1.403 'error' is not set on failure. This is a true bug: everything is freed and unlocked while zero is returned. Since there's no error, execve_runproc() will get called and will try to use those freed things. To generate a diff of this commit: cvs rdiff -u -r1.339.2.8 -r1.339.2.9 src/sys/kern/kern_exec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: msaitoh Date: Tue Mar 18 09:21:30 UTC 2014 Modified Files: src/sys/kern [netbsd-6]: kern_verifiedexec.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1034): sys/kern/kern_verifiedexec.c: revision 1.132 Reorder code to avoid use-after-free on error. From Maxime Villard To generate a diff of this commit: cvs rdiff -u -r1.128 -r1.128.4.1 src/sys/kern/kern_verifiedexec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_verifiedexec.c diff -u src/sys/kern/kern_verifiedexec.c:1.128 src/sys/kern/kern_verifiedexec.c:1.128.4.1 --- src/sys/kern/kern_verifiedexec.c:1.128 Sun Nov 20 10:32:33 2011 +++ src/sys/kern/kern_verifiedexec.c Tue Mar 18 09:21:30 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_verifiedexec.c,v 1.128 2011/11/20 10:32:33 hannken Exp $ */ +/* $NetBSD: kern_verifiedexec.c,v 1.128.4.1 2014/03/18 09:21:30 msaitoh Exp $ */ /*- * Copyright (c) 2005, 2006 Elad Efrat e...@netbsd.org @@ -29,7 +29,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_verifiedexec.c,v 1.128 2011/11/20 10:32:33 hannken Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_verifiedexec.c,v 1.128.4.1 2014/03/18 09:21:30 msaitoh Exp $); #include opt_veriexec.h @@ -1281,18 +1281,6 @@ veriexec_file_add(struct lwp *l, prop_di vfe-npages = 0; vfe-last_page_size = 0; - vte = veriexec_table_lookup(vp-v_mount); - if (vte == NULL) - vte = veriexec_table_add(l, vp-v_mount); - - /* XXX if we bail below this, we might want to gc newly created vtes. */ - - error = fileassoc_add(vp, veriexec_hook, vfe); - if (error) - goto unlock_out; - - vte-vte_count++; - if (prop_bool_true(prop_dictionary_get(dict, eval-on-load)) || (vfe-type VERIEXEC_UNTRUSTED)) { u_char *digest; @@ -1314,6 +1302,18 @@ veriexec_file_add(struct lwp *l, prop_di kmem_free(digest, vfe-ops-hash_len); } + vte = veriexec_table_lookup(vp-v_mount); + if (vte == NULL) + vte = veriexec_table_add(l, vp-v_mount); + + /* XXX if we bail below this, we might want to gc newly created vtes. */ + + error = fileassoc_add(vp, veriexec_hook, vfe); + if (error) + goto unlock_out; + + vte-vte_count++; + veriexec_file_report(NULL, New entry., file, NULL, REPORT_DEBUG); veriexec_bypass = 0;
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: msaitoh Date: Tue Mar 18 09:21:30 UTC 2014 Modified Files: src/sys/kern [netbsd-6]: kern_verifiedexec.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1034): sys/kern/kern_verifiedexec.c: revision 1.132 Reorder code to avoid use-after-free on error. From Maxime Villard To generate a diff of this commit: cvs rdiff -u -r1.128 -r1.128.4.1 src/sys/kern/kern_verifiedexec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: bouyer Date: Fri Feb 14 23:21:20 UTC 2014 Modified Files: src/sys/kern [netbsd-6]: exec_elf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1028): sys/kern/exec_elf.c: revision 1.55 Fix memory leak. ok christos@ agc@ To generate a diff of this commit: cvs rdiff -u -r1.37.2.1 -r1.37.2.2 src/sys/kern/exec_elf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/exec_elf.c diff -u src/sys/kern/exec_elf.c:1.37.2.1 src/sys/kern/exec_elf.c:1.37.2.2 --- src/sys/kern/exec_elf.c:1.37.2.1 Thu Apr 12 17:05:36 2012 +++ src/sys/kern/exec_elf.c Fri Feb 14 23:21:20 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: exec_elf.c,v 1.37.2.1 2012/04/12 17:05:36 riz Exp $ */ +/* $NetBSD: exec_elf.c,v 1.37.2.2 2014/02/14 23:21:20 bouyer Exp $ */ /*- * Copyright (c) 1994, 2000, 2005 The NetBSD Foundation, Inc. @@ -57,7 +57,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(1, $NetBSD: exec_elf.c,v 1.37.2.1 2012/04/12 17:05:36 riz Exp $); +__KERNEL_RCSID(1, $NetBSD: exec_elf.c,v 1.37.2.2 2014/02/14 23:21:20 bouyer Exp $); #ifdef _KERNEL_OPT #include opt_pax.h @@ -820,6 +820,7 @@ exec_elf_makecmds(struct lwp *l, struct if ((error = elf_load_file(l, epp, interp, epp-ep_vmcmds, interp_offset, ap, pos)) != 0) { + kmem_free(ap, sizeof(*ap)); goto bad; } ap-arg_interp = epp-ep_vmcmds.evs_cmds[j].ev_addr;
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: bouyer Date: Fri Feb 14 23:21:20 UTC 2014 Modified Files: src/sys/kern [netbsd-6]: exec_elf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1028): sys/kern/exec_elf.c: revision 1.55 Fix memory leak. ok christos@ agc@ To generate a diff of this commit: cvs rdiff -u -r1.37.2.1 -r1.37.2.2 src/sys/kern/exec_elf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: bouyer Date: Sat Dec 14 19:36:33 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: uipc_syscalls.c Log Message: Pull up following revision(s) (requested by spz in ticket #996): sys/kern/uipc_syscalls.c: revision 1.163 PR/47591: Michael Plass: If the unix socket is closed before accept, unp-unp_conn will be NULL in PRU_ACCEPT, as called from sys_accept-so_accept. This will cause the usrreq to return with no error, leaving the mbuf gotten from m_get() with an uninitialized length, containing junk from a previous call. Initialize m_len to be 0 to handle this case. This is yet another reason why Beverly's idea of setting m_len = 0 in m_get() makes a lot of sense. Arguably this could be an error, since the data we return now has 0 family and length. To generate a diff of this commit: cvs rdiff -u -r1.154.2.4 -r1.154.2.5 src/sys/kern/uipc_syscalls.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/uipc_syscalls.c diff -u src/sys/kern/uipc_syscalls.c:1.154.2.4 src/sys/kern/uipc_syscalls.c:1.154.2.5 --- src/sys/kern/uipc_syscalls.c:1.154.2.4 Mon Feb 18 22:00:49 2013 +++ src/sys/kern/uipc_syscalls.c Sat Dec 14 19:36:33 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_syscalls.c,v 1.154.2.4 2013/02/18 22:00:49 riz Exp $ */ +/* $NetBSD: uipc_syscalls.c,v 1.154.2.5 2013/12/14 19:36:33 bouyer Exp $ */ /*- * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: uipc_syscalls.c,v 1.154.2.4 2013/02/18 22:00:49 riz Exp $); +__KERNEL_RCSID(0, $NetBSD: uipc_syscalls.c,v 1.154.2.5 2013/12/14 19:36:33 bouyer Exp $); #include opt_pipe.h @@ -184,6 +184,7 @@ do_sys_accept(struct lwp *l, int sock, s return (error); } nam = m_get(M_WAIT, MT_SONAME); + nam-m_len = 0; *new_sock = fd; so = fp-f_data; solock(so);
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: bouyer Date: Sat Dec 14 19:36:33 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: uipc_syscalls.c Log Message: Pull up following revision(s) (requested by spz in ticket #996): sys/kern/uipc_syscalls.c: revision 1.163 PR/47591: Michael Plass: If the unix socket is closed before accept, unp-unp_conn will be NULL in PRU_ACCEPT, as called from sys_accept-so_accept. This will cause the usrreq to return with no error, leaving the mbuf gotten from m_get() with an uninitialized length, containing junk from a previous call. Initialize m_len to be 0 to handle this case. This is yet another reason why Beverly's idea of setting m_len = 0 in m_get() makes a lot of sense. Arguably this could be an error, since the data we return now has 0 family and length. To generate a diff of this commit: cvs rdiff -u -r1.154.2.4 -r1.154.2.5 src/sys/kern/uipc_syscalls.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: bouyer Date: Mon Nov 25 08:26:33 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: uipc_socket.c Log Message: Pull up following revision(s) (requested by spz in ticket #988): sys/kern/uipc_socket.c: revision 1.220 PR/48098: Brian Marcotte: panic: kernel diagnostic assertion cred != NULL: Fix from Michael van Elst, tcpdrop crashes kernel on ebryonic connections. To generate a diff of this commit: cvs rdiff -u -r1.209.2.3 -r1.209.2.4 src/sys/kern/uipc_socket.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/uipc_socket.c diff -u src/sys/kern/uipc_socket.c:1.209.2.3 src/sys/kern/uipc_socket.c:1.209.2.4 --- src/sys/kern/uipc_socket.c:1.209.2.3 Fri Aug 2 20:12:30 2013 +++ src/sys/kern/uipc_socket.c Mon Nov 25 08:26:33 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_socket.c,v 1.209.2.3 2013/08/02 20:12:30 martin Exp $ */ +/* $NetBSD: uipc_socket.c,v 1.209.2.4 2013/11/25 08:26:33 bouyer Exp $ */ /*- * Copyright (c) 2002, 2007, 2008, 2009 The NetBSD Foundation, Inc. @@ -63,7 +63,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: uipc_socket.c,v 1.209.2.3 2013/08/02 20:12:30 martin Exp $); +__KERNEL_RCSID(0, $NetBSD: uipc_socket.c,v 1.209.2.4 2013/11/25 08:26:33 bouyer Exp $); #include opt_compat_netbsd.h #include opt_sock_counters.h @@ -416,7 +416,7 @@ socket_listener_cb(kauth_cred_t cred, ka /* Normal users can only drop their own connections. */ struct socket *so = (struct socket *)arg1; - if (proc_uidmatch(cred, so-so_cred) == 0) + if (so-so_cred proc_uidmatch(cred, so-so_cred) == 0) result = KAUTH_RESULT_ALLOW; break;
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: bouyer Date: Mon Nov 25 08:26:33 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: uipc_socket.c Log Message: Pull up following revision(s) (requested by spz in ticket #988): sys/kern/uipc_socket.c: revision 1.220 PR/48098: Brian Marcotte: panic: kernel diagnostic assertion cred != NULL: Fix from Michael van Elst, tcpdrop crashes kernel on ebryonic connections. To generate a diff of this commit: cvs rdiff -u -r1.209.2.3 -r1.209.2.4 src/sys/kern/uipc_socket.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: msaitoh Date: Mon Jul 29 06:00:35 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: subr_disk_mbr.c Log Message: Pull up following revision(s) (requested by matt in ticket #910): sys/kern/subr_disk_mbr.c: revision 1.46 If the MBR is a protective MBR, don't bother looking at it. To generate a diff of this commit: cvs rdiff -u -r1.42.8.1 -r1.42.8.2 src/sys/kern/subr_disk_mbr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/subr_disk_mbr.c diff -u src/sys/kern/subr_disk_mbr.c:1.42.8.1 src/sys/kern/subr_disk_mbr.c:1.42.8.2 --- src/sys/kern/subr_disk_mbr.c:1.42.8.1 Sun Aug 12 19:02:33 2012 +++ src/sys/kern/subr_disk_mbr.c Mon Jul 29 06:00:35 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: subr_disk_mbr.c,v 1.42.8.1 2012/08/12 19:02:33 martin Exp $ */ +/* $NetBSD: subr_disk_mbr.c,v 1.42.8.2 2013/07/29 06:00:35 msaitoh Exp $ */ /* * Copyright (c) 1982, 1986, 1988 Regents of the University of California. @@ -54,7 +54,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: subr_disk_mbr.c,v 1.42.8.1 2012/08/12 19:02:33 martin Exp $); +__KERNEL_RCSID(0, $NetBSD: subr_disk_mbr.c,v 1.42.8.2 2013/07/29 06:00:35 msaitoh Exp $); #include sys/param.h #include sys/systm.h @@ -160,6 +160,15 @@ scan_mbr(mbr_args_t *a, int (*actn)(mbr_ if (mbr-mbr_magic != htole16(MBR_MAGIC)) return SCAN_CONTINUE; + /* + * If this is a protective MBR, bail now. + */ + if (mbr-mbr_parts[0].mbrp_type == MBR_PTYPE_PMBR + mbr-mbr_parts[1].mbrp_type == MBR_PTYPE_UNUSED + mbr-mbr_parts[2].mbrp_type == MBR_PTYPE_UNUSED + mbr-mbr_parts[3].mbrp_type == MBR_PTYPE_UNUSED) + return SCAN_CONTINUE; + /* Copy data out of buffer so action can use bp */ memcpy(ptns, mbr-mbr_parts, sizeof ptns);
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: msaitoh Date: Mon Jul 29 06:00:35 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: subr_disk_mbr.c Log Message: Pull up following revision(s) (requested by matt in ticket #910): sys/kern/subr_disk_mbr.c: revision 1.46 If the MBR is a protective MBR, don't bother looking at it. To generate a diff of this commit: cvs rdiff -u -r1.42.8.1 -r1.42.8.2 src/sys/kern/subr_disk_mbr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Sat May 11 21:43:06 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: kern_drvctl.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #883): sys/kern/kern_drvctl.c: revision 1.34 Fix memory leak on the following cases when device attached or detached: - No one open drvctl. - kmem_alloc() failed in devmon_insert(). XXX pullup to both netbsd-5 and netbsd-6. To generate a diff of this commit: cvs rdiff -u -r1.32 -r1.32.8.1 src/sys/kern/kern_drvctl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_drvctl.c diff -u src/sys/kern/kern_drvctl.c:1.32 src/sys/kern/kern_drvctl.c:1.32.8.1 --- src/sys/kern/kern_drvctl.c:1.32 Wed Aug 31 18:31:02 2011 +++ src/sys/kern/kern_drvctl.c Sat May 11 21:43:06 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_drvctl.c,v 1.32 2011/08/31 18:31:02 plunky Exp $ */ +/* $NetBSD: kern_drvctl.c,v 1.32.8.1 2013/05/11 21:43:06 riz Exp $ */ /* * Copyright (c) 2004 @@ -27,7 +27,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_drvctl.c,v 1.32 2011/08/31 18:31:02 plunky Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_drvctl.c,v 1.32.8.1 2013/05/11 21:43:06 riz Exp $); #include sys/param.h #include sys/systm.h @@ -115,6 +115,7 @@ devmon_insert(const char *event, prop_di mutex_enter(drvctl_lock); if (drvctl_nopen == 0) { + prop_object_release(ev); mutex_exit(drvctl_lock); return; } @@ -128,6 +129,7 @@ devmon_insert(const char *event, prop_di dce = kmem_alloc(sizeof(*dce), KM_SLEEP); if (dce == NULL) { + prop_object_release(ev); mutex_exit(drvctl_lock); return; }
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Sat May 11 21:43:06 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: kern_drvctl.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #883): sys/kern/kern_drvctl.c: revision 1.34 Fix memory leak on the following cases when device attached or detached: - No one open drvctl. - kmem_alloc() failed in devmon_insert(). XXX pullup to both netbsd-5 and netbsd-6. To generate a diff of this commit: cvs rdiff -u -r1.32 -r1.32.8.1 src/sys/kern/kern_drvctl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: bouyer Date: Sat Apr 20 10:05:23 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: subr_xcall.c Log Message: Pull up following revision(s) (requested by rmind in ticket #868): sys/kern/subr_xcall.c: revision 1.15 xc_highpri: fix assert. To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.13.10.1 src/sys/kern/subr_xcall.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/subr_xcall.c diff -u src/sys/kern/subr_xcall.c:1.13 src/sys/kern/subr_xcall.c:1.13.10.1 --- src/sys/kern/subr_xcall.c:1.13 Fri May 13 22:16:44 2011 +++ src/sys/kern/subr_xcall.c Sat Apr 20 10:05:22 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: subr_xcall.c,v 1.13 2011/05/13 22:16:44 rmind Exp $ */ +/* $NetBSD: subr_xcall.c,v 1.13.10.1 2013/04/20 10:05:22 bouyer Exp $ */ /*- * Copyright (c) 2007-2010 The NetBSD Foundation, Inc. @@ -74,7 +74,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: subr_xcall.c,v 1.13 2011/05/13 22:16:44 rmind Exp $); +__KERNEL_RCSID(0, $NetBSD: subr_xcall.c,v 1.13.10.1 2013/04/20 10:05:22 bouyer Exp $); #include sys/types.h #include sys/param.h @@ -411,7 +411,7 @@ xc_highpri(xcfunc_t func, void *arg1, vo } kpreempt_enable(); #else - KASSERT(curcpu() == ci); + KASSERT(ci == NULL || curcpu() == ci); xc_ipi_handler(); #endif
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: bouyer Date: Sat Apr 20 10:17:55 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: subr_kmem.c Log Message: Pull up following revision(s) (requested by para in ticket #876): sys/kern/subr_kmem.c: revision 1.47 addresses PR/47512 properly return NULL for failed allocations not 0x8 with size checks enabled. To generate a diff of this commit: cvs rdiff -u -r1.42.2.2 -r1.42.2.3 src/sys/kern/subr_kmem.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/subr_kmem.c diff -u src/sys/kern/subr_kmem.c:1.42.2.2 src/sys/kern/subr_kmem.c:1.42.2.3 --- src/sys/kern/subr_kmem.c:1.42.2.2 Sun Aug 12 14:45:31 2012 +++ src/sys/kern/subr_kmem.c Sat Apr 20 10:17:55 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: subr_kmem.c,v 1.42.2.2 2012/08/12 14:45:31 martin Exp $ */ +/* $NetBSD: subr_kmem.c,v 1.42.2.3 2013/04/20 10:17:55 bouyer Exp $ */ /*- * Copyright (c) 2009 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: subr_kmem.c,v 1.42.2.2 2012/08/12 14:45:31 martin Exp $); +__KERNEL_RCSID(0, $NetBSD: subr_kmem.c,v 1.42.2.3 2013/04/20 10:17:55 bouyer Exp $); #include sys/param.h #include sys/callback.h @@ -223,8 +223,10 @@ kmem_intr_alloc(size_t size, km_flag_t k kmem_poison_check(p, size); FREECHECK_OUT(kmem_freecheck, p); kmem_size_set(p, size); + + return p + SIZE_SIZE; } - return p + SIZE_SIZE; + return p; } /*
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: bouyer Date: Sat Apr 20 10:05:23 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: subr_xcall.c Log Message: Pull up following revision(s) (requested by rmind in ticket #868): sys/kern/subr_xcall.c: revision 1.15 xc_highpri: fix assert. To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.13.10.1 src/sys/kern/subr_xcall.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: bouyer Date: Sat Apr 20 10:17:55 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: subr_kmem.c Log Message: Pull up following revision(s) (requested by para in ticket #876): sys/kern/subr_kmem.c: revision 1.47 addresses PR/47512 properly return NULL for failed allocations not 0x8 with size checks enabled. To generate a diff of this commit: cvs rdiff -u -r1.42.2.2 -r1.42.2.3 src/sys/kern/subr_kmem.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: msaitoh Date: Fri Mar 29 00:44:29 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: subr_cprng.c Log Message: Pull up following revision(s) (requested by tls in ticket #859): sys/kern/subr_cprng.c: revision 1.16 Re-fix 'fix' for SA-2013-003. Because the original fix evaluated a flag backwards, in low-entropy conditions there was a time interval in which /dev/urandom could still output bits on an unacceptably short key. Output from /dev/random was *NOT* impacted. Eliminate the flag in question -- it's safest to always fill the requested key buffer with output from the entropy-pool, even if we let the caller know we couldn't provide bytes with the full entropy it requested. Advisory will be updated soon with a full worst-case analysis of the /dev/urandom output path in the presence of either variant of the SA-2013-003 bug. Fortunately, because a large amount of other input is mixed in before users can obtain any output, it doesn't look as dangerous in practice as I'd feared it might be. To generate a diff of this commit: cvs rdiff -u -r1.5.2.7 -r1.5.2.8 src/sys/kern/subr_cprng.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/subr_cprng.c diff -u src/sys/kern/subr_cprng.c:1.5.2.7 src/sys/kern/subr_cprng.c:1.5.2.8 --- src/sys/kern/subr_cprng.c:1.5.2.7 Sat Jan 26 21:35:23 2013 +++ src/sys/kern/subr_cprng.c Fri Mar 29 00:44:28 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: subr_cprng.c,v 1.5.2.7 2013/01/26 21:35:23 bouyer Exp $ */ +/* $NetBSD: subr_cprng.c,v 1.5.2.8 2013/03/29 00:44:28 msaitoh Exp $ */ /*- * Copyright (c) 2011 The NetBSD Foundation, Inc. @@ -46,7 +46,7 @@ #include sys/cprng.h -__KERNEL_RCSID(0, $NetBSD: subr_cprng.c,v 1.5.2.7 2013/01/26 21:35:23 bouyer Exp $); +__KERNEL_RCSID(0, $NetBSD: subr_cprng.c,v 1.5.2.8 2013/03/29 00:44:28 msaitoh Exp $); void cprng_init(void) @@ -157,11 +157,11 @@ cprng_strong_reseed(void *const arg) } static size_t -cprng_entropy_try(uint8_t *key, size_t keylen, int hard) +cprng_entropy_try(uint8_t *key, size_t keylen) { int r; r = rnd_extract_data(key, keylen, RND_EXTRACT_GOOD); - if (r != keylen !hard) { + if (r != keylen) { /* Always fill in, for safety */ rnd_extract_data(key + r, keylen - r, RND_EXTRACT_ANY); } return r; @@ -196,7 +196,7 @@ cprng_strong_create(const char *const na selinit(c-selq); - r = cprng_entropy_try(key, sizeof(key), c-flags CPRNG_INIT_ANY); + r = cprng_entropy_try(key, sizeof(key)); if (r != sizeof(key)) { if (c-flags CPRNG_INIT_ANY) { #ifdef DEBUG @@ -251,7 +251,7 @@ rekeyany: if (c-flags CPRNG_REKEY_ANY) { uint8_t key[NIST_BLOCK_KEYLEN_BYTES]; - if (cprng_entropy_try(key, sizeof(key), 0) != + if (cprng_entropy_try(key, sizeof(key)) != sizeof(key)) { printf(cprng %s: WARNING pseudorandom rekeying.\n, c-name);
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: msaitoh Date: Fri Mar 29 00:44:29 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: subr_cprng.c Log Message: Pull up following revision(s) (requested by tls in ticket #859): sys/kern/subr_cprng.c: revision 1.16 Re-fix 'fix' for SA-2013-003. Because the original fix evaluated a flag backwards, in low-entropy conditions there was a time interval in which /dev/urandom could still output bits on an unacceptably short key. Output from /dev/random was *NOT* impacted. Eliminate the flag in question -- it's safest to always fill the requested key buffer with output from the entropy-pool, even if we let the caller know we couldn't provide bytes with the full entropy it requested. Advisory will be updated soon with a full worst-case analysis of the /dev/urandom output path in the presence of either variant of the SA-2013-003 bug. Fortunately, because a large amount of other input is mixed in before users can obtain any output, it doesn't look as dangerous in practice as I'd feared it might be. To generate a diff of this commit: cvs rdiff -u -r1.5.2.7 -r1.5.2.8 src/sys/kern/subr_cprng.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Mon Feb 18 22:00:49 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: uipc_syscalls.c uipc_usrreq.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #831): sys/kern/uipc_usrreq.c: revision 1.141 sys/kern/uipc_syscalls.c: revision 1.159 Fix some screw cases in cmsg file descriptor passing. - Don't leave garbage in the control buffer if allocating file descriptors fails in unp_externalize. - Scrub the space between CMSG_LEN and CMSG_SPACE to avoid kernel memory disclosure in unp_externalize. - Don't read past cmsg_len when closing file descriptors that couldn't get delivered, in free_rights. ok christos To generate a diff of this commit: cvs rdiff -u -r1.154.2.3 -r1.154.2.4 src/sys/kern/uipc_syscalls.c cvs rdiff -u -r1.136.8.2 -r1.136.8.3 src/sys/kern/uipc_usrreq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/uipc_syscalls.c diff -u src/sys/kern/uipc_syscalls.c:1.154.2.3 src/sys/kern/uipc_syscalls.c:1.154.2.4 --- src/sys/kern/uipc_syscalls.c:1.154.2.3 Thu Feb 14 22:13:59 2013 +++ src/sys/kern/uipc_syscalls.c Mon Feb 18 22:00:49 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_syscalls.c,v 1.154.2.3 2013/02/14 22:13:59 jdc Exp $ */ +/* $NetBSD: uipc_syscalls.c,v 1.154.2.4 2013/02/18 22:00:49 riz Exp $ */ /*- * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: uipc_syscalls.c,v 1.154.2.3 2013/02/14 22:13:59 jdc Exp $); +__KERNEL_RCSID(0, $NetBSD: uipc_syscalls.c,v 1.154.2.4 2013/02/18 22:00:49 riz Exp $); #include opt_pipe.h @@ -742,17 +742,21 @@ sys_recvmsg(struct lwp *l, const struct static void free_rights(struct mbuf *m) { - int nfd; - int i; + struct cmsghdr *cm; int *fdv; + unsigned int nfds, i; - nfd = m-m_len CMSG_SPACE(sizeof(int)) ? 0 - : (m-m_len - CMSG_SPACE(sizeof(int))) / sizeof(int) + 1; - fdv = (int *) CMSG_DATA(mtod(m,struct cmsghdr *)); - for (i = 0; i nfd; i++) { + KASSERT(sizeof(*cm) = m-m_len); + cm = mtod(m, struct cmsghdr *); + + KASSERT(CMSG_ALIGN(sizeof(*cm)) = cm-cmsg_len); + KASSERT(cm-cmsg_len = m-m_len); + nfds = (cm-cmsg_len - CMSG_ALIGN(sizeof(*cm))) / sizeof(int); + fdv = (int *)CMSG_DATA(cm); + + for (i = 0; i nfds; i++) if (fd_getfile(fdv[i]) != NULL) (void)fd_close(fdv[i]); - } } void Index: src/sys/kern/uipc_usrreq.c diff -u src/sys/kern/uipc_usrreq.c:1.136.8.2 src/sys/kern/uipc_usrreq.c:1.136.8.3 --- src/sys/kern/uipc_usrreq.c:1.136.8.2 Tue Oct 9 23:45:21 2012 +++ src/sys/kern/uipc_usrreq.c Mon Feb 18 22:00:49 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_usrreq.c,v 1.136.8.2 2012/10/09 23:45:21 riz Exp $ */ +/* $NetBSD: uipc_usrreq.c,v 1.136.8.3 2013/02/18 22:00:49 riz Exp $ */ /*- * Copyright (c) 1998, 2000, 2004, 2008, 2009 The NetBSD Foundation, Inc. @@ -96,7 +96,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: uipc_usrreq.c,v 1.136.8.2 2012/10/09 23:45:21 riz Exp $); +__KERNEL_RCSID(0, $NetBSD: uipc_usrreq.c,v 1.136.8.3 2013/02/18 22:00:49 riz Exp $); #include sys/param.h #include sys/systm.h @@ -1336,14 +1336,24 @@ unp_externalize(struct mbuf *rights, str } out: if (__predict_false(error != 0)) { - rp = (file_t **)CMSG_DATA(cm); - for (size_t i = 0; i nfds; i++) { - file_t * const fp = *rp; - *rp++ = 0; - unp_discard_now(fp); - } + file_t **const fpp = (file_t **)CMSG_DATA(cm); + for (size_t i = 0; i nfds; i++) + unp_discard_now(fpp[i]); + /* + * Truncate the array so that nobody will try to interpret + * what is now garbage in it. + */ + cm-cmsg_len = CMSG_LEN(0); + rights-m_len = CMSG_SPACE(0); } + /* + * Don't disclose kernel memory in the alignment space. + */ + KASSERT(cm-cmsg_len = rights-m_len); + memset(mtod(rights, char *)[cm-cmsg_len], 0, rights-m_len - + cm-cmsg_len); + rw_exit(p-p_cwdi-cwdi_lock); kmem_free(fdp, nfds * sizeof(int)); return error;
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Mon Feb 18 22:00:49 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: uipc_syscalls.c uipc_usrreq.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #831): sys/kern/uipc_usrreq.c: revision 1.141 sys/kern/uipc_syscalls.c: revision 1.159 Fix some screw cases in cmsg file descriptor passing. - Don't leave garbage in the control buffer if allocating file descriptors fails in unp_externalize. - Scrub the space between CMSG_LEN and CMSG_SPACE to avoid kernel memory disclosure in unp_externalize. - Don't read past cmsg_len when closing file descriptors that couldn't get delivered, in free_rights. ok christos To generate a diff of this commit: cvs rdiff -u -r1.154.2.3 -r1.154.2.4 src/sys/kern/uipc_syscalls.c cvs rdiff -u -r1.136.8.2 -r1.136.8.3 src/sys/kern/uipc_usrreq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: jdc Date: Thu Feb 14 22:13:59 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: uipc_socket.c uipc_syscalls.c Log Message: Pull up revisions: src/sys/kern/uipc_socket.c revision 1.213 src/sys/kern/uipc_syscalls.c revision 1.160 (requested by christos in ticket #822). PR/47569: Valery Ushakov: SOCK_NONBLOCK does not work because it does not set SS_NBIO. XXX: there are too many flags that mean the same thing in too many places= , and too many flags that mean the same thing and are different. To generate a diff of this commit: cvs rdiff -u -r1.209.2.1 -r1.209.2.2 src/sys/kern/uipc_socket.c cvs rdiff -u -r1.154.2.2 -r1.154.2.3 src/sys/kern/uipc_syscalls.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/uipc_socket.c diff -u src/sys/kern/uipc_socket.c:1.209.2.1 src/sys/kern/uipc_socket.c:1.209.2.2 --- src/sys/kern/uipc_socket.c:1.209.2.1 Thu Jul 12 17:11:17 2012 +++ src/sys/kern/uipc_socket.c Thu Feb 14 22:13:59 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_socket.c,v 1.209.2.1 2012/07/12 17:11:17 riz Exp $ */ +/* $NetBSD: uipc_socket.c,v 1.209.2.2 2013/02/14 22:13:59 jdc Exp $ */ /*- * Copyright (c) 2002, 2007, 2008, 2009 The NetBSD Foundation, Inc. @@ -63,7 +63,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: uipc_socket.c,v 1.209.2.1 2012/07/12 17:11:17 riz Exp $); +__KERNEL_RCSID(0, $NetBSD: uipc_socket.c,v 1.209.2.2 2013/02/14 22:13:59 jdc Exp $); #include opt_compat_netbsd.h #include opt_sock_counters.h @@ -585,6 +585,8 @@ fsocreate(int domain, struct socket **so fp-f_data = so; fd_affix(curproc, fp, fd); *fdout = fd; + if (flags SOCK_NONBLOCK) + so-so_state |= SS_NBIO; } return error; } Index: src/sys/kern/uipc_syscalls.c diff -u src/sys/kern/uipc_syscalls.c:1.154.2.2 src/sys/kern/uipc_syscalls.c:1.154.2.3 --- src/sys/kern/uipc_syscalls.c:1.154.2.2 Mon Jan 7 16:53:18 2013 +++ src/sys/kern/uipc_syscalls.c Thu Feb 14 22:13:59 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_syscalls.c,v 1.154.2.2 2013/01/07 16:53:18 riz Exp $ */ +/* $NetBSD: uipc_syscalls.c,v 1.154.2.3 2013/02/14 22:13:59 jdc Exp $ */ /*- * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: uipc_syscalls.c,v 1.154.2.2 2013/01/07 16:53:18 riz Exp $); +__KERNEL_RCSID(0, $NetBSD: uipc_syscalls.c,v 1.154.2.3 2013/02/14 22:13:59 jdc Exp $); #include opt_pipe.h @@ -234,6 +234,8 @@ do_sys_accept(struct lwp *l, int sock, s ((flags SOCK_NOSIGPIPE) ? FNOSIGPIPE : 0); fp2-f_ops = socketops; fp2-f_data = so2; + if (flags SOCK_NONBLOCK) + so2-so_state |= SS_NBIO; error = soaccept(so2, nam); so2-so_cred = kauth_cred_dup(so-so_cred); sounlock(so); @@ -424,6 +426,8 @@ makesocket(struct lwp *l, file_t **fp, i (*fp)-f_type = DTYPE_SOCKET; (*fp)-f_ops = socketops; (*fp)-f_data = so; + if (flags SOCK_NONBLOCK) + so-so_state |= SS_NBIO; return 0; }
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Mon Feb 11 20:42:32 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: subr_pserialize.c Log Message: Pull up following revision(s) (requested by rmind in ticket #811): sys/kern/subr_pserialize.c: revision 1.7 - pserialize_switchpoint: check for passing twice, not more than needed. - pserialize_perform: avoid a possible race with softint handler. Reported by hannken@. To generate a diff of this commit: cvs rdiff -u -r1.5.2.1 -r1.5.2.2 src/sys/kern/subr_pserialize.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/subr_pserialize.c diff -u src/sys/kern/subr_pserialize.c:1.5.2.1 src/sys/kern/subr_pserialize.c:1.5.2.2 --- src/sys/kern/subr_pserialize.c:1.5.2.1 Fri Feb 8 19:32:07 2013 +++ src/sys/kern/subr_pserialize.c Mon Feb 11 20:42:32 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: subr_pserialize.c,v 1.5.2.1 2013/02/08 19:32:07 riz Exp $ */ +/* $NetBSD: subr_pserialize.c,v 1.5.2.2 2013/02/11 20:42:32 riz Exp $ */ /*- * Copyright (c) 2010, 2011 The NetBSD Foundation, Inc. @@ -38,7 +38,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: subr_pserialize.c,v 1.5.2.1 2013/02/08 19:32:07 riz Exp $); +__KERNEL_RCSID(0, $NetBSD: subr_pserialize.c,v 1.5.2.2 2013/02/11 20:42:32 riz Exp $); #include sys/param.h @@ -48,13 +48,13 @@ __KERNEL_RCSID(0, $NetBSD: subr_pserial #include sys/kmem.h #include sys/mutex.h #include sys/pserialize.h +#include sys/proc.h #include sys/queue.h #include sys/xcall.h struct pserialize { TAILQ_ENTRY(pserialize) psz_chain; lwp_t * psz_owner; - kcondvar_t psz_notifier; kcpuset_t * psz_target; kcpuset_t * psz_pass; }; @@ -102,7 +102,6 @@ pserialize_create(void) pserialize_t psz; psz = kmem_zalloc(sizeof(struct pserialize), KM_SLEEP); - cv_init(psz-psz_notifier, psrlz); kcpuset_create(psz-psz_target, true); kcpuset_create(psz-psz_pass, true); psz-psz_owner = NULL; @@ -121,7 +120,6 @@ pserialize_destroy(pserialize_t psz) KASSERT(psz-psz_owner == NULL); - cv_destroy(psz-psz_notifier); kcpuset_destroy(psz-psz_target); kcpuset_destroy(psz-psz_pass); kmem_free(psz, sizeof(struct pserialize)); @@ -163,27 +161,21 @@ pserialize_perform(pserialize_t psz) mutex_spin_enter(psz_lock); TAILQ_INSERT_TAIL(psz_queue0, psz, psz_chain); psz_work_todo++; - mutex_spin_exit(psz_lock); - /* - * Force some context switch activity on every CPU, as the system - * may not be busy. Note: should pass the point twice. - */ - xc = xc_broadcast(XC_HIGHPRI, (xcfunc_t)nullop, NULL, NULL); - xc_wait(xc); + do { + mutex_spin_exit(psz_lock); - /* No need to xc_wait() as we implement our own condvar. */ - xc_broadcast(XC_HIGHPRI, (xcfunc_t)nullop, NULL, NULL); + /* + * Force some context switch activity on every CPU, as + * the system may not be busy. Pause to not flood. + */ + xc = xc_broadcast(XC_HIGHPRI, (xcfunc_t)nullop, NULL, NULL); + xc_wait(xc); + kpause(psrlz, false, 1, NULL); + + mutex_spin_enter(psz_lock); + } while (!kcpuset_iszero(psz-psz_target)); - /* - * Wait for all CPUs to cycle through mi_switch() twice. - * The last one through will remove our update from the - * queue and awaken us. - */ - mutex_spin_enter(psz_lock); - while (!kcpuset_iszero(psz-psz_target)) { - cv_wait(psz-psz_notifier, psz_lock); - } psz_ev_excl.ev_count++; mutex_spin_exit(psz_lock); @@ -236,8 +228,8 @@ pserialize_switchpoint(void) */ for (psz = TAILQ_FIRST(psz_queue1); psz != NULL; psz = next) { next = TAILQ_NEXT(psz, psz_chain); + kcpuset_set(psz-psz_pass, cid); if (!kcpuset_match(psz-psz_pass, psz-psz_target)) { - kcpuset_set(psz-psz_pass, cid); continue; } kcpuset_zero(psz-psz_pass); @@ -250,8 +242,8 @@ pserialize_switchpoint(void) */ for (psz = TAILQ_FIRST(psz_queue0); psz != NULL; psz = next) { next = TAILQ_NEXT(psz, psz_chain); + kcpuset_set(psz-psz_pass, cid); if (!kcpuset_match(psz-psz_pass, psz-psz_target)) { - kcpuset_set(psz-psz_pass, cid); continue; } kcpuset_zero(psz-psz_pass); @@ -265,7 +257,6 @@ pserialize_switchpoint(void) while ((psz = TAILQ_FIRST(psz_queue2)) != NULL) { TAILQ_REMOVE(psz_queue2, psz, psz_chain); kcpuset_zero(psz-psz_target); - cv_signal(psz-psz_notifier); psz_work_todo--; } mutex_spin_exit(psz_lock);
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Mon Feb 11 20:42:32 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: subr_pserialize.c Log Message: Pull up following revision(s) (requested by rmind in ticket #811): sys/kern/subr_pserialize.c: revision 1.7 - pserialize_switchpoint: check for passing twice, not more than needed. - pserialize_perform: avoid a possible race with softint handler. Reported by hannken@. To generate a diff of this commit: cvs rdiff -u -r1.5.2.1 -r1.5.2.2 src/sys/kern/subr_pserialize.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Fri Feb 8 20:22:03 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: subr_vmem.c Log Message: Pull up following revision(s) (requested by para in ticket #789): sys/kern/subr_vmem.c: revision 1.81 sys/kern/subr_vmem.c: revision 1.77 fix a lock order reversal during global boundary tag refill. thanks to chuq@ xxx: request pullup Fix release of vmem_btag_lock (don't release twice in error path) To generate a diff of this commit: cvs rdiff -u -r1.72.2.1 -r1.72.2.2 src/sys/kern/subr_vmem.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/subr_vmem.c diff -u src/sys/kern/subr_vmem.c:1.72.2.1 src/sys/kern/subr_vmem.c:1.72.2.2 --- src/sys/kern/subr_vmem.c:1.72.2.1 Tue Apr 3 16:14:02 2012 +++ src/sys/kern/subr_vmem.c Fri Feb 8 20:22:03 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: subr_vmem.c,v 1.72.2.1 2012/04/03 16:14:02 riz Exp $ */ +/* $NetBSD: subr_vmem.c,v 1.72.2.2 2013/02/08 20:22:03 riz Exp $ */ /*- * Copyright (c)2006,2007,2008,2009 YAMAMOTO Takashi, @@ -34,7 +34,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: subr_vmem.c,v 1.72.2.1 2012/04/03 16:14:02 riz Exp $); +__KERNEL_RCSID(0, $NetBSD: subr_vmem.c,v 1.72.2.2 2013/02/08 20:22:03 riz Exp $); #if defined(_KERNEL) #include opt_ddb.h @@ -263,6 +263,7 @@ static int static_qc_pool_count = STATIC vmem_t *kmem_va_meta_arena; vmem_t *kmem_meta_arena; +static kmutex_t vmem_refill_lock; static kmutex_t vmem_btag_lock; static LIST_HEAD(, vmem_btag) vmem_btag_freelist; static size_t vmem_btag_freelist_count = 0; @@ -282,19 +283,24 @@ bt_refillglobal(vm_flag_t flags) bt_t *bt; int i; + mutex_enter(vmem_refill_lock); + mutex_enter(vmem_btag_lock); if (vmem_btag_freelist_count (BT_MINRESERVE * 16)) { mutex_exit(vmem_btag_lock); + mutex_exit(vmem_refill_lock); return 0; } + mutex_exit(vmem_btag_lock); if (vmem_alloc(kmem_meta_arena, PAGE_SIZE, (flags ~VM_FITMASK) | VM_INSTANTFIT | VM_POPULATING, va) != 0) { - mutex_exit(vmem_btag_lock); + mutex_exit(vmem_refill_lock); return ENOMEM; } VMEM_EVCNT_INCR(bt_pages); + mutex_enter(vmem_btag_lock); btp = (void *) va; for (i = 0; i (BT_PER_PAGE); i++) { bt = btp; @@ -308,9 +314,14 @@ bt_refillglobal(vm_flag_t flags) } mutex_exit(vmem_btag_lock); - bt_refill(kmem_arena, (flags ~VM_FITMASK) | VM_INSTANTFIT); - bt_refill(kmem_va_meta_arena, (flags ~VM_FITMASK) | VM_INSTANTFIT); - bt_refill(kmem_meta_arena, (flags ~VM_FITMASK) | VM_INSTANTFIT); + bt_refill(kmem_arena, (flags ~VM_FITMASK) + | VM_INSTANTFIT | VM_POPULATING); + bt_refill(kmem_va_meta_arena, (flags ~VM_FITMASK) + | VM_INSTANTFIT | VM_POPULATING); + bt_refill(kmem_meta_arena, (flags ~VM_FITMASK) + | VM_INSTANTFIT | VM_POPULATING); + + mutex_exit(vmem_refill_lock); return 0; } @@ -320,7 +331,9 @@ bt_refill(vmem_t *vm, vm_flag_t flags) { bt_t *bt; - bt_refillglobal(flags); + if (!(flags VM_POPULATING)) { + bt_refillglobal(flags); + } VMEM_LOCK(vm); mutex_enter(vmem_btag_lock); @@ -691,6 +704,7 @@ vmem_bootstrap(void) { mutex_init(vmem_list_lock, MUTEX_DEFAULT, IPL_VM); + mutex_init(vmem_refill_lock, MUTEX_DEFAULT, IPL_VM); mutex_init(vmem_btag_lock, MUTEX_DEFAULT, IPL_VM); while (static_bt_count-- 0) {
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Fri Feb 8 20:28:07 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: kern_rndq.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #790): sys/kern/kern_rndq.c: revision 1.7 Set resource limit. The rnd_process_events() function is called every tick and process the sample queue. Without limitation, if a lot of rnd_add_*() are called, all kernel memory may be eaten up. To generate a diff of this commit: cvs rdiff -u -r1.1.2.4 -r1.1.2.5 src/sys/kern/kern_rndq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_rndq.c diff -u src/sys/kern/kern_rndq.c:1.1.2.4 src/sys/kern/kern_rndq.c:1.1.2.5 --- src/sys/kern/kern_rndq.c:1.1.2.4 Fri Nov 23 16:16:56 2012 +++ src/sys/kern/kern_rndq.c Fri Feb 8 20:28:07 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_rndq.c,v 1.1.2.4 2012/11/23 16:16:56 riz Exp $ */ +/* $NetBSD: kern_rndq.c,v 1.1.2.5 2013/02/08 20:28:07 riz Exp $ */ /*- * Copyright (c) 1997-2011 The NetBSD Foundation, Inc. @@ -32,7 +32,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_rndq.c,v 1.1.2.4 2012/11/23 16:16:56 riz Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_rndq.c,v 1.1.2.5 2013/02/08 20:28:07 riz Exp $); #include sys/param.h #include sys/ioctl.h @@ -405,7 +405,17 @@ rnd_init(void) rnd_mempc = pool_cache_init(sizeof(rnd_sample_t), 0, 0, 0, rndsample, NULL, IPL_VM, NULL, NULL, NULL); - /* Mix *something*, *anything* into the pool to help it get started. + + /* + * Set resource limit. The rnd_process_events() function + * is called every tick and process the sample queue. + * Without limitation, if a lot of rnd_add_*() are called, + * all kernel memory may be eaten up. + */ + pool_cache_sethardlimit(rnd_mempc, RND_POOLBITS, NULL, 0); + + /* + * Mix *something*, *anything* into the pool to help it get started. * However, it's not safe for rnd_counter() to call microtime() yet, * so on some platforms we might just end up with zeros anyway. * XXX more things to add would be nice.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Fri Feb 8 20:22:03 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: subr_vmem.c Log Message: Pull up following revision(s) (requested by para in ticket #789): sys/kern/subr_vmem.c: revision 1.81 sys/kern/subr_vmem.c: revision 1.77 fix a lock order reversal during global boundary tag refill. thanks to chuq@ xxx: request pullup Fix release of vmem_btag_lock (don't release twice in error path) To generate a diff of this commit: cvs rdiff -u -r1.72.2.1 -r1.72.2.2 src/sys/kern/subr_vmem.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Fri Feb 8 20:28:07 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: kern_rndq.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #790): sys/kern/kern_rndq.c: revision 1.7 Set resource limit. The rnd_process_events() function is called every tick and process the sample queue. Without limitation, if a lot of rnd_add_*() are called, all kernel memory may be eaten up. To generate a diff of this commit: cvs rdiff -u -r1.1.2.4 -r1.1.2.5 src/sys/kern/kern_rndq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: bouyer Date: Sat Jan 26 21:35:23 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: subr_cprng.c Log Message: Pull up following revision(s) (requested by tls in ticket #800): sys/kern/subr_cprng.c: revision 1.15 Fix a security issue: when we are reseeding a PRNG seeded early in boot before we had ever had any entropy, if something else has consumed the entropy that triggered the immediate reseed, we can reseed with as little as sizeof(int) bytes of entropy. To generate a diff of this commit: cvs rdiff -u -r1.5.2.6 -r1.5.2.7 src/sys/kern/subr_cprng.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/subr_cprng.c diff -u src/sys/kern/subr_cprng.c:1.5.2.6 src/sys/kern/subr_cprng.c:1.5.2.7 --- src/sys/kern/subr_cprng.c:1.5.2.6 Sat Nov 24 20:58:00 2012 +++ src/sys/kern/subr_cprng.c Sat Jan 26 21:35:23 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: subr_cprng.c,v 1.5.2.6 2012/11/24 20:58:00 jdc Exp $ */ +/* $NetBSD: subr_cprng.c,v 1.5.2.7 2013/01/26 21:35:23 bouyer Exp $ */ /*- * Copyright (c) 2011 The NetBSD Foundation, Inc. @@ -46,7 +46,7 @@ #include sys/cprng.h -__KERNEL_RCSID(0, $NetBSD: subr_cprng.c,v 1.5.2.6 2012/11/24 20:58:00 jdc Exp $); +__KERNEL_RCSID(0, $NetBSD: subr_cprng.c,v 1.5.2.7 2013/01/26 21:35:23 bouyer Exp $); void cprng_init(void) @@ -84,6 +84,8 @@ cprng_strong_doreseed(cprng_strong_t *co cc, sizeof(cc))) { panic(cprng %s: nist_ctr_drbg_reseed failed., c-name); } + memset(c-reseed.data, 0, c-reseed.len); + #ifdef RND_VERBOSE printf(cprng %s: reseeded with rnd_filled = %d\n, c-name, rnd_filled); @@ -154,6 +156,17 @@ cprng_strong_reseed(void *const arg) mutex_exit(c-mtx); } +static size_t +cprng_entropy_try(uint8_t *key, size_t keylen, int hard) +{ + int r; + r = rnd_extract_data(key, keylen, RND_EXTRACT_GOOD); + if (r != keylen !hard) { + rnd_extract_data(key + r, keylen - r, RND_EXTRACT_ANY); + } + return r; +} + cprng_strong_t * cprng_strong_create(const char *const name, int ipl, int flags) { @@ -183,15 +196,13 @@ cprng_strong_create(const char *const na selinit(c-selq); - r = rnd_extract_data(key, sizeof(key), RND_EXTRACT_GOOD); + r = cprng_entropy_try(key, sizeof(key), c-flags CPRNG_INIT_ANY); if (r != sizeof(key)) { if (c-flags CPRNG_INIT_ANY) { #ifdef DEBUG printf(cprng %s: WARNING insufficient entropy at creation.\n, name); #endif - rnd_extract_data(key + r, sizeof(key - r), - RND_EXTRACT_ANY); } else { hard++; } @@ -240,15 +251,18 @@ rekeyany: if (c-flags CPRNG_REKEY_ANY) { uint8_t key[NIST_BLOCK_KEYLEN_BYTES]; - printf(cprng %s: WARNING pseudorandom rekeying.\n, - c-name); -rnd_extract_data(key, sizeof(key), RND_EXTRACT_ANY); + if (cprng_entropy_try(key, sizeof(key), 0) != + sizeof(key)) { + printf(cprng %s: WARNING + pseudorandom rekeying.\n, c-name); + } cc = cprng_counter(); if (nist_ctr_drbg_reseed(c-drbg, key, sizeof(key), cc, sizeof(cc))) { panic(cprng %s: nist_ctr_drbg_reseed failed., c-name); } + memset(key, 0, sizeof(key)); } else { int wr;
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: bouyer Date: Sat Jan 26 21:35:23 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: subr_cprng.c Log Message: Pull up following revision(s) (requested by tls in ticket #800): sys/kern/subr_cprng.c: revision 1.15 Fix a security issue: when we are reseeding a PRNG seeded early in boot before we had ever had any entropy, if something else has consumed the entropy that triggered the immediate reseed, we can reseed with as little as sizeof(int) bytes of entropy. To generate a diff of this commit: cvs rdiff -u -r1.5.2.6 -r1.5.2.7 src/sys/kern/subr_cprng.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Mon Jan 7 16:53:19 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: uipc_syscalls.c Log Message: Pull up following revision(s) (requested by mlelstv in ticket #778): sys/kern/uipc_syscalls.c: revision 1.157 sys/kern/uipc_syscalls.c: revision 1.158 If an untraced process sleeps in recvmsg/sendmsg, the syscall does not allocate an iov structure for ktrace. When tracing is then enabled and the process wakes up, it crashes the kernel. Undo the last commit which introduced this error path. Avoid the mentioned kmem_alloc assertion by adding a sanity check analog to similar code in sys_generic.c for I/O on file handles instead of sockets. This also causes the syscall to return EMSGSIZE if the msg_iovlen member of the msg structure is less than or equal to 0, as defined in recvmsg(2)/sendmsg(2). The sanity check prevented messages that carry only ancillary data. To generate a diff of this commit: cvs rdiff -u -r1.154.2.1 -r1.154.2.2 src/sys/kern/uipc_syscalls.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/uipc_syscalls.c diff -u src/sys/kern/uipc_syscalls.c:1.154.2.1 src/sys/kern/uipc_syscalls.c:1.154.2.2 --- src/sys/kern/uipc_syscalls.c:1.154.2.1 Fri Jul 20 23:10:06 2012 +++ src/sys/kern/uipc_syscalls.c Mon Jan 7 16:53:18 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_syscalls.c,v 1.154.2.1 2012/07/20 23:10:06 riz Exp $ */ +/* $NetBSD: uipc_syscalls.c,v 1.154.2.2 2013/01/07 16:53:18 riz Exp $ */ /*- * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: uipc_syscalls.c,v 1.154.2.1 2012/07/20 23:10:06 riz Exp $); +__KERNEL_RCSID(0, $NetBSD: uipc_syscalls.c,v 1.154.2.2 2013/01/07 16:53:18 riz Exp $); #include opt_pipe.h @@ -640,10 +640,9 @@ do_sys_sendmsg(struct lwp *l, int s, str *retsize = len - auio.uio_resid; bad: - if (ktrpoint(KTR_GENIO)) { + if (ktriov != NULL) { ktrgeniov(s, UIO_WRITE, ktriov, *retsize, error); - if (ktriov != NULL) - kmem_free(ktriov, iovsz); + kmem_free(ktriov, iovsz); } if (iov != aiov) @@ -897,10 +896,9 @@ do_sys_recvmsg(struct lwp *l, int s, str /* Some data transferred */ error = 0; - if (ktrpoint(KTR_GENIO)) { + if (ktriov != NULL) { ktrgeniov(s, UIO_READ, ktriov, len, error); - if (ktriov != NULL) - kmem_free(ktriov, iovsz); + kmem_free(ktriov, iovsz); } if (error != 0) {
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Mon Jan 7 16:53:19 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: uipc_syscalls.c Log Message: Pull up following revision(s) (requested by mlelstv in ticket #778): sys/kern/uipc_syscalls.c: revision 1.157 sys/kern/uipc_syscalls.c: revision 1.158 If an untraced process sleeps in recvmsg/sendmsg, the syscall does not allocate an iov structure for ktrace. When tracing is then enabled and the process wakes up, it crashes the kernel. Undo the last commit which introduced this error path. Avoid the mentioned kmem_alloc assertion by adding a sanity check analog to similar code in sys_generic.c for I/O on file handles instead of sockets. This also causes the syscall to return EMSGSIZE if the msg_iovlen member of the msg structure is less than or equal to 0, as defined in recvmsg(2)/sendmsg(2). The sanity check prevented messages that carry only ancillary data. To generate a diff of this commit: cvs rdiff -u -r1.154.2.1 -r1.154.2.2 src/sys/kern/uipc_syscalls.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Wed Jan 2 23:23:15 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: vfs_wapbl.c Log Message: Pull up following revision(s) (requested by hannken in ticket #758): sys/kern/vfs_wapbl.c: revision 1.53 sys/kern/vfs_wapbl.c: revision 1.54 wapbl_biodone: Release the buffer before reclaiming the log. wapbl_flush() may wait for the log to become empty and all buffers should be unbusy before it returns. Try to coalesce writes to the journal in MAXPHYS sized and aligned blocks. Speeds up wapbl_flush() on raid5 by a factor of 3-4. Discussed on tech-kern. Needs pullup to NetBSD-6. To generate a diff of this commit: cvs rdiff -u -r1.51.2.1 -r1.51.2.2 src/sys/kern/vfs_wapbl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/vfs_wapbl.c diff -u src/sys/kern/vfs_wapbl.c:1.51.2.1 src/sys/kern/vfs_wapbl.c:1.51.2.2 --- src/sys/kern/vfs_wapbl.c:1.51.2.1 Mon May 7 03:01:13 2012 +++ src/sys/kern/vfs_wapbl.c Wed Jan 2 23:23:15 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_wapbl.c,v 1.51.2.1 2012/05/07 03:01:13 riz Exp $ */ +/* $NetBSD: vfs_wapbl.c,v 1.51.2.2 2013/01/02 23:23:15 riz Exp $ */ /*- * Copyright (c) 2003, 2008, 2009 The NetBSD Foundation, Inc. @@ -36,7 +36,7 @@ #define WAPBL_INTERNAL #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: vfs_wapbl.c,v 1.51.2.1 2012/05/07 03:01:13 riz Exp $); +__KERNEL_RCSID(0, $NetBSD: vfs_wapbl.c,v 1.51.2.2 2013/01/02 23:23:15 riz Exp $); #include sys/param.h #include sys/bitops.h @@ -184,6 +184,10 @@ struct wapbl { SIMPLEQ_HEAD(, wapbl_entry) wl_entries; /* On disk transaction accounting */ + + u_char *wl_buffer; /* l: buffer for wapbl_buffered_write() */ + daddr_t wl_buffer_dblk; /* l: buffer disk block address */ + size_t wl_buffer_used; /* l: buffer current use */ }; #ifdef WAPBL_DEBUG_PRINT @@ -489,6 +493,9 @@ wapbl_start(struct wapbl ** wlp, struct wl-wl_dealloclens = wapbl_alloc(sizeof(*wl-wl_dealloclens) * wl-wl_dealloclim); + wl-wl_buffer = wapbl_alloc(MAXPHYS); + wl-wl_buffer_used = 0; + wapbl_inodetrk_init(wl, WAPBL_INODETRK_SIZE); /* Initialize the commit header */ @@ -537,6 +544,7 @@ wapbl_start(struct wapbl ** wlp, struct sizeof(*wl-wl_deallocblks) * wl-wl_dealloclim); wapbl_free(wl-wl_dealloclens, sizeof(*wl-wl_dealloclens) * wl-wl_dealloclim); + wapbl_free(wl-wl_buffer, MAXPHYS); wapbl_inodetrk_free(wl); wapbl_free(wl, sizeof(*wl)); @@ -716,6 +724,7 @@ wapbl_stop(struct wapbl *wl, int force) sizeof(*wl-wl_deallocblks) * wl-wl_dealloclim); wapbl_free(wl-wl_dealloclens, sizeof(*wl-wl_dealloclens) * wl-wl_dealloclim); + wapbl_free(wl-wl_buffer, MAXPHYS); wapbl_inodetrk_free(wl); cv_destroy(wl-wl_reclaimable_cv); @@ -791,6 +800,81 @@ wapbl_read(void *data, size_t len, struc } /* + * Flush buffered data if any. + */ +static int +wapbl_buffered_flush(struct wapbl *wl) +{ + int error; + + if (wl-wl_buffer_used == 0) + return 0; + + error = wapbl_doio(wl-wl_buffer, wl-wl_buffer_used, + wl-wl_devvp, wl-wl_buffer_dblk, B_WRITE); + wl-wl_buffer_used = 0; + + return error; +} + +/* + * Write data to the log. + * Try to coalesce writes and emit MAXPHYS aligned blocks. + */ +static int +wapbl_buffered_write(void *data, size_t len, struct wapbl *wl, daddr_t pbn) +{ + int error; + size_t resid; + + /* + * If not adjacent to buffered data flush first. Disk block + * address is always valid for non-empty buffer. + */ + if (wl-wl_buffer_used 0 + pbn != wl-wl_buffer_dblk + btodb(wl-wl_buffer_used)) { + error = wapbl_buffered_flush(wl); + if (error) + return error; + } + /* + * If this write goes to an empty buffer we have to + * save the disk block address first. + */ + if (wl-wl_buffer_used == 0) + wl-wl_buffer_dblk = pbn; + /* + * Remaining space so this buffer ends on a MAXPHYS boundary. + * + * Cannot become less or equal zero as the buffer would have been + * flushed on the last call then. + */ + resid = MAXPHYS - dbtob(wl-wl_buffer_dblk % btodb(MAXPHYS)) - + wl-wl_buffer_used; + KASSERT(resid 0); + KASSERT(dbtob(btodb(resid)) == resid); + if (len = resid) { + memcpy(wl-wl_buffer + wl-wl_buffer_used, data, resid); + wl-wl_buffer_used += resid; + error = wapbl_doio(wl-wl_buffer, wl-wl_buffer_used, + wl-wl_devvp, wl-wl_buffer_dblk, B_WRITE); + data = (uint8_t *)data + resid; + len -= resid; + wl-wl_buffer_dblk = pbn + btodb(resid); + wl-wl_buffer_used = 0; + if (error) + return error; + } + KASSERT(len MAXPHYS); + if (len 0) { + memcpy(wl-wl_buffer + wl-wl_buffer_used, data, len); + wl-wl_buffer_used += len; + } + + return 0; +} + +/* * Off is byte offset returns new offset for next write * handles log wraparound */ @@ -813,7 +897,7 @@ wapbl_circ_write(struct wapbl *wl, void #ifdef _KERNEL pbn = btodb(pbn wl-wl_log_dev_bshift); #endif - error =
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Wed Jan 2 23:23:15 UTC 2013 Modified Files: src/sys/kern [netbsd-6]: vfs_wapbl.c Log Message: Pull up following revision(s) (requested by hannken in ticket #758): sys/kern/vfs_wapbl.c: revision 1.53 sys/kern/vfs_wapbl.c: revision 1.54 wapbl_biodone: Release the buffer before reclaiming the log. wapbl_flush() may wait for the log to become empty and all buffers should be unbusy before it returns. Try to coalesce writes to the journal in MAXPHYS sized and aligned blocks. Speeds up wapbl_flush() on raid5 by a factor of 3-4. Discussed on tech-kern. Needs pullup to NetBSD-6. To generate a diff of this commit: cvs rdiff -u -r1.51.2.1 -r1.51.2.2 src/sys/kern/vfs_wapbl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: jdc Date: Sat Nov 24 20:50:16 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: kern_runq.c Log Message: Pull up revision 1.34 (requested by para in ticket #712). change sched_upreempt_pri default to 0 as discussed on tech-kern@ should improve interactive performance on SMP machines as user preemption happens immediately in x-cpu wakeup case now To generate a diff of this commit: cvs rdiff -u -r1.33 -r1.33.4.1 src/sys/kern/kern_runq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_runq.c diff -u src/sys/kern/kern_runq.c:1.33 src/sys/kern/kern_runq.c:1.33.4.1 --- src/sys/kern/kern_runq.c:1.33 Fri Dec 2 12:31:03 2011 +++ src/sys/kern/kern_runq.c Sat Nov 24 20:50:15 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_runq.c,v 1.33 2011/12/02 12:31:03 yamt Exp $ */ +/* $NetBSD: kern_runq.c,v 1.33.4.1 2012/11/24 20:50:15 jdc Exp $ */ /* * Copyright (c) 2007, 2008 Mindaugas Rasiukevicius rmind at NetBSD org @@ -27,7 +27,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_runq.c,v 1.33 2011/12/02 12:31:03 yamt Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_runq.c,v 1.33.4.1 2012/11/24 20:50:15 jdc Exp $); #include sys/param.h #include sys/kernel.h @@ -99,7 +99,7 @@ static void sched_balance(void *); /* * Preemption control. */ -int sched_upreempt_pri = PRI_KERNEL; +int sched_upreempt_pri = 0; #ifdef __HAVE_PREEMPTION # ifdef DEBUG int sched_kpreempt_pri = 0;
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: jdc Date: Sat Nov 24 20:58:00 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: subr_cprng.c Log Message: Pull up revision 1.14 (requested by msaitoh in ticket #714). Pass correct wait channel string. To generate a diff of this commit: cvs rdiff -u -r1.5.2.5 -r1.5.2.6 src/sys/kern/subr_cprng.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/subr_cprng.c diff -u src/sys/kern/subr_cprng.c:1.5.2.5 src/sys/kern/subr_cprng.c:1.5.2.6 --- src/sys/kern/subr_cprng.c:1.5.2.5 Wed Oct 31 17:30:21 2012 +++ src/sys/kern/subr_cprng.c Sat Nov 24 20:58:00 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: subr_cprng.c,v 1.5.2.5 2012/10/31 17:30:21 riz Exp $ */ +/* $NetBSD: subr_cprng.c,v 1.5.2.6 2012/11/24 20:58:00 jdc Exp $ */ /*- * Copyright (c) 2011 The NetBSD Foundation, Inc. @@ -46,7 +46,7 @@ #include sys/cprng.h -__KERNEL_RCSID(0, $NetBSD: subr_cprng.c,v 1.5.2.5 2012/10/31 17:30:21 riz Exp $); +__KERNEL_RCSID(0, $NetBSD: subr_cprng.c,v 1.5.2.6 2012/11/24 20:58:00 jdc Exp $); void cprng_init(void) @@ -178,7 +178,7 @@ cprng_strong_create(const char *const na mutex_init(c-mtx, MUTEX_DEFAULT, ipl); if (c-flags CPRNG_USE_CV) { - cv_init(c-cv, name); + cv_init(c-cv, (const char *)c-name); } selinit(c-selq);
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: jdc Date: Sat Nov 24 20:50:16 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: kern_runq.c Log Message: Pull up revision 1.34 (requested by para in ticket #712). change sched_upreempt_pri default to 0 as discussed on tech-kern@ should improve interactive performance on SMP machines as user preemption happens immediately in x-cpu wakeup case now To generate a diff of this commit: cvs rdiff -u -r1.33 -r1.33.4.1 src/sys/kern/kern_runq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: jdc Date: Sat Nov 24 20:58:00 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: subr_cprng.c Log Message: Pull up revision 1.14 (requested by msaitoh in ticket #714). Pass correct wait channel string. To generate a diff of this commit: cvs rdiff -u -r1.5.2.5 -r1.5.2.6 src/sys/kern/subr_cprng.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Fri Nov 23 16:16:56 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: kern_rndq.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #696): sys/kern/kern_rndq.c: revision 1.6 Fix hardware RNGs -- accept their entropy estimates *rather than* using timestamps to estimate the entropy of their input. I'd accidentally made it so no entropy was ever counted from them at all. To generate a diff of this commit: cvs rdiff -u -r1.1.2.3 -r1.1.2.4 src/sys/kern/kern_rndq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_rndq.c diff -u src/sys/kern/kern_rndq.c:1.1.2.3 src/sys/kern/kern_rndq.c:1.1.2.4 --- src/sys/kern/kern_rndq.c:1.1.2.3 Wed Oct 17 21:27:12 2012 +++ src/sys/kern/kern_rndq.c Fri Nov 23 16:16:56 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_rndq.c,v 1.1.2.3 2012/10/17 21:27:12 riz Exp $ */ +/* $NetBSD: kern_rndq.c,v 1.1.2.4 2012/11/23 16:16:56 riz Exp $ */ /*- * Copyright (c) 1997-2011 The NetBSD Foundation, Inc. @@ -32,7 +32,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_rndq.c,v 1.1.2.3 2012/10/17 21:27:12 riz Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_rndq.c,v 1.1.2.4 2012/11/23 16:16:56 riz Exp $); #include sys/param.h #include sys/ioctl.h @@ -640,6 +640,11 @@ void rnd_add_data(krndsource_t *rs, const void *const data, uint32_t len, uint32_t entropy) { + /* + * This interface is meant for feeding data which is, + * itself, random. Don't estimate entropy based on + * timestamp, just directly add the data. + */ rnd_add_data_ts(rs, data, len, entropy, rnd_counter()); } @@ -835,8 +840,6 @@ rnd_process_events(void *arg) SIMPLEQ_REMOVE_HEAD(dq_samples, next); source = sample-source; entropy = sample-entropy; - if (source-flags RND_FLAG_NO_ESTIMATE) - entropy = 0; /* * Hardware generators are great but sometimes they
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Fri Nov 23 16:16:56 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: kern_rndq.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #696): sys/kern/kern_rndq.c: revision 1.6 Fix hardware RNGs -- accept their entropy estimates *rather than* using timestamps to estimate the entropy of their input. I'd accidentally made it so no entropy was ever counted from them at all. To generate a diff of this commit: cvs rdiff -u -r1.1.2.3 -r1.1.2.4 src/sys/kern/kern_rndq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Thu Nov 22 18:50:23 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: vfs_vnode.c vfs_vnops.c Log Message: Pull up following revision(s) (requested by hannken in ticket #692): sys/kern/vfs_vnode.c: revision 1.17 sys/kern/vfs_vnops.c: revision 1.186 Bring back Manuel Bouyers patch to resolve races between vget() and vrelel() resulting in vget() returning dead vnodes. It is impossible to resolve these races in vn_lock(). Needs pullup to NetBSD-6. To generate a diff of this commit: cvs rdiff -u -r1.15 -r1.15.2.1 src/sys/kern/vfs_vnode.c cvs rdiff -u -r1.183.8.1 -r1.183.8.2 src/sys/kern/vfs_vnops.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/vfs_vnode.c diff -u src/sys/kern/vfs_vnode.c:1.15 src/sys/kern/vfs_vnode.c:1.15.2.1 --- src/sys/kern/vfs_vnode.c:1.15 Tue Dec 20 16:49:37 2011 +++ src/sys/kern/vfs_vnode.c Thu Nov 22 18:50:23 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_vnode.c,v 1.15 2011/12/20 16:49:37 hannken Exp $ */ +/* $NetBSD: vfs_vnode.c,v 1.15.2.1 2012/11/22 18:50:23 riz Exp $ */ /*- * Copyright (c) 1997-2011 The NetBSD Foundation, Inc. @@ -120,7 +120,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: vfs_vnode.c,v 1.15 2011/12/20 16:49:37 hannken Exp $); +__KERNEL_RCSID(0, $NetBSD: vfs_vnode.c,v 1.15.2.1 2012/11/22 18:50:23 riz Exp $); #include sys/param.h #include sys/kernel.h @@ -555,6 +555,22 @@ vget(vnode_t *vp, int flags) return ENOENT; } + if ((vp-v_iflag VI_INACTNOW) != 0) { + /* + * if it's being desactived, wait for it to complete. + * Make sure to not return a clean vnode. + */ + if ((flags LK_NOWAIT) != 0) { + vrelel(vp, 0); + return EBUSY; + } + vwait(vp, VI_INACTNOW); + if ((vp-v_iflag VI_CLEAN) != 0) { + vrelel(vp, 0); + return ENOENT; + } + } + /* * Ok, we got it in good shape. Just locking left. */ @@ -665,8 +681,12 @@ retry: /* The pagedaemon can't wait around; defer. */ defer = true; } else if (curlwp == vrele_lwp) { - /* We have to try harder. */ - vp-v_iflag = ~VI_INACTREDO; + /* + * We have to try harder. But we can't sleep + * with VI_INACTNOW as vget() may be waiting on it. + */ + vp-v_iflag = ~(VI_INACTREDO|VI_INACTNOW); + cv_broadcast(vp-v_cv); mutex_exit(vp-v_interlock); error = vn_lock(vp, LK_EXCLUSIVE); if (error != 0) { @@ -674,6 +694,18 @@ retry: vnpanic(vp, %s: unable to lock %p, __func__, vp); } + mutex_enter(vp-v_interlock); + /* + * if we did get another reference while + * sleeping, don't try to inactivate it yet. + */ + if (__predict_false(vtryrele(vp))) { +VOP_UNLOCK(vp); +mutex_exit(vp-v_interlock); +return; + } + vp-v_iflag |= VI_INACTNOW; + mutex_exit(vp-v_interlock); defer = false; } else if ((vp-v_iflag VI_LAYER) != 0) { /* @@ -709,6 +741,7 @@ retry: if (++vrele_pending (desiredvnodes 8)) cv_signal(vrele_cv); mutex_exit(vrele_lock); + cv_broadcast(vp-v_cv); mutex_exit(vp-v_interlock); return; } @@ -726,6 +759,7 @@ retry: VOP_INACTIVE(vp, recycle); mutex_enter(vp-v_interlock); vp-v_iflag = ~VI_INACTNOW; + cv_broadcast(vp-v_cv); if (!recycle) { if (vtryrele(vp)) { mutex_exit(vp-v_interlock); Index: src/sys/kern/vfs_vnops.c diff -u src/sys/kern/vfs_vnops.c:1.183.8.1 src/sys/kern/vfs_vnops.c:1.183.8.2 --- src/sys/kern/vfs_vnops.c:1.183.8.1 Thu Apr 12 17:15:23 2012 +++ src/sys/kern/vfs_vnops.c Thu Nov 22 18:50:23 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_vnops.c,v 1.183.8.1 2012/04/12 17:15:23 riz Exp $ */ +/* $NetBSD: vfs_vnops.c,v 1.183.8.2 2012/11/22 18:50:23 riz Exp $ */ /*- * Copyright (c) 2009 The NetBSD Foundation, Inc. @@ -66,7 +66,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: vfs_vnops.c,v 1.183.8.1 2012/04/12 17:15:23 riz Exp $); +__KERNEL_RCSID(0, $NetBSD: vfs_vnops.c,v 1.183.8.2 2012/11/22 18:50:23 riz Exp $); #include veriexec.h @@ -805,15 +805,6 @@ vn_lock(struct vnode *vp, int flags) } else { mutex_exit(vp-v_interlock); error = VOP_LOCK(vp, (flags ~LK_RETRY)); - if (error == 0 (flags LK_RETRY) == 0) { -mutex_enter(vp-v_interlock); -if ((vp-v_iflag VI_CLEAN)) { - mutex_exit(vp-v_interlock); - VOP_UNLOCK(vp); - return ENOENT; -} -mutex_exit(vp-v_interlock); - } if (error == 0 || error == EDEADLK || error == EBUSY) return (error); }
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Thu Nov 22 18:50:23 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: vfs_vnode.c vfs_vnops.c Log Message: Pull up following revision(s) (requested by hannken in ticket #692): sys/kern/vfs_vnode.c: revision 1.17 sys/kern/vfs_vnops.c: revision 1.186 Bring back Manuel Bouyers patch to resolve races between vget() and vrelel() resulting in vget() returning dead vnodes. It is impossible to resolve these races in vn_lock(). Needs pullup to NetBSD-6. To generate a diff of this commit: cvs rdiff -u -r1.15 -r1.15.2.1 src/sys/kern/vfs_vnode.c cvs rdiff -u -r1.183.8.1 -r1.183.8.2 src/sys/kern/vfs_vnops.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Tue Nov 20 21:32:24 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: kern_exec.c Log Message: Pull up following revision(s) (requested by christos in ticket #670): sys/kern/kern_exec.c: revision 1.358 If you are going to dick around with p_stat, remember to put it back so that spawn processes with attributes don't end up starting up stopped! XXX: pullup to 6. To generate a diff of this commit: cvs rdiff -u -r1.339.2.5 -r1.339.2.6 src/sys/kern/kern_exec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_exec.c diff -u src/sys/kern/kern_exec.c:1.339.2.5 src/sys/kern/kern_exec.c:1.339.2.6 --- src/sys/kern/kern_exec.c:1.339.2.5 Mon Apr 16 15:28:19 2012 +++ src/sys/kern/kern_exec.c Tue Nov 20 21:32:24 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_exec.c,v 1.339.2.5 2012/04/16 15:28:19 riz Exp $ */ +/* $NetBSD: kern_exec.c,v 1.339.2.6 2012/11/20 21:32:24 riz Exp $ */ /*- * Copyright (c) 2008 The NetBSD Foundation, Inc. @@ -59,7 +59,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_exec.c,v 1.339.2.5 2012/04/16 15:28:19 riz Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_exec.c,v 1.339.2.6 2012/11/20 21:32:24 riz Exp $); #include opt_exec.h #include opt_ktrace.h @@ -1916,6 +1916,7 @@ spawn_return(void *arg) /* handle posix_spawnattr */ if (spawn_data-sed_attrs != NULL) { + int ostat; struct sigaction sigact; sigact._sa_u._sa_handler = SIG_DFL; sigact.sa_flags = 0; @@ -1924,6 +1925,7 @@ spawn_return(void *arg) * set state to SSTOP so that this proc can be found by pid. * see proc_enterprp, do_sched_setparam below */ + ostat = l-l_proc-p_stat; l-l_proc-p_stat = SSTOP; /* Set process group */ @@ -1985,6 +1987,7 @@ spawn_return(void *arg) 0); } } + l-l_proc-p_stat = ostat; } /* now do the real exec */
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Tue Nov 20 21:32:24 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: kern_exec.c Log Message: Pull up following revision(s) (requested by christos in ticket #670): sys/kern/kern_exec.c: revision 1.358 If you are going to dick around with p_stat, remember to put it back so that spawn processes with attributes don't end up starting up stopped! XXX: pullup to 6. To generate a diff of this commit: cvs rdiff -u -r1.339.2.5 -r1.339.2.6 src/sys/kern/kern_exec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Tue Oct 9 23:45:21 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: uipc_usrreq.c Log Message: Pull up following revision(s) (requested by christos in ticket #593): sys/kern/uipc_usrreq.c: revision 1.140 Avoid crash dereferencing a NULL fp in fd_affix() in unp_externalize caused by the sequence of passing two fd's with two sendmsg()'s, then doing a read() and a recvmsg(). The read() calls dom_dispose() which discards both messages in the mbuf, and sets the fp's in the array to NULL. Linux dequeues only one message per read() so the second recvmsg() gets the fd from the second message. This fix just avoids the NULL pointer de-reference, making the second recvmsg() to fail. It is dubious to pass fd's with stream sockets and expect mixing read() and recvmsg() to work. Plus processing one control message per read() changes the current semantics and should be examined before applied. In addition there is a race between dom_externalize() and dom_dispose(): what happens in a multi-threaded network stack when one thread disposes where the other externalizes the same array? NB: Pullup to 6. To generate a diff of this commit: cvs rdiff -u -r1.136.8.1 -r1.136.8.2 src/sys/kern/uipc_usrreq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/uipc_usrreq.c diff -u src/sys/kern/uipc_usrreq.c:1.136.8.1 src/sys/kern/uipc_usrreq.c:1.136.8.2 --- src/sys/kern/uipc_usrreq.c:1.136.8.1 Mon Jun 11 23:20:38 2012 +++ src/sys/kern/uipc_usrreq.c Tue Oct 9 23:45:21 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_usrreq.c,v 1.136.8.1 2012/06/11 23:20:38 riz Exp $ */ +/* $NetBSD: uipc_usrreq.c,v 1.136.8.2 2012/10/09 23:45:21 riz Exp $ */ /*- * Copyright (c) 1998, 2000, 2004, 2008, 2009 The NetBSD Foundation, Inc. @@ -96,7 +96,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: uipc_usrreq.c,v 1.136.8.1 2012/06/11 23:20:38 riz Exp $); +__KERNEL_RCSID(0, $NetBSD: uipc_usrreq.c,v 1.136.8.2 2012/10/09 23:45:21 riz Exp $); #include sys/param.h #include sys/systm.h @@ -1235,78 +1235,66 @@ unp_drain(void) int unp_externalize(struct mbuf *rights, struct lwp *l, int flags) { - struct cmsghdr *cm = mtod(rights, struct cmsghdr *); - struct proc *p = l-l_proc; - int i, *fdp; + struct cmsghdr * const cm = mtod(rights, struct cmsghdr *); + struct proc * const p = l-l_proc; file_t **rp; - file_t *fp; - int nfds, error = 0; + int error = 0; - nfds = (cm-cmsg_len - CMSG_ALIGN(sizeof(*cm))) / + const size_t nfds = (cm-cmsg_len - CMSG_ALIGN(sizeof(*cm))) / sizeof(file_t *); - rp = (file_t **)CMSG_DATA(cm); - fdp = malloc(nfds * sizeof(int), M_TEMP, M_WAITOK); + int * const fdp = kmem_alloc(nfds * sizeof(int), KM_SLEEP); rw_enter(p-p_cwdi-cwdi_lock, RW_READER); /* Make sure the recipient should be able to see the files.. */ - if (p-p_cwdi-cwdi_rdir != NULL) { - rp = (file_t **)CMSG_DATA(cm); - for (i = 0; i nfds; i++) { - fp = *rp++; - /* - * If we are in a chroot'ed directory, and - * someone wants to pass us a directory, make - * sure it's inside the subtree we're allowed - * to access. - */ - if (fp-f_type == DTYPE_VNODE) { -vnode_t *vp = (vnode_t *)fp-f_data; -if ((vp-v_type == VDIR) -!vn_isunder(vp, p-p_cwdi-cwdi_rdir, l)) { - error = EPERM; - break; -} + rp = (file_t **)CMSG_DATA(cm); + for (size_t i = 0; i nfds; i++) { + file_t * const fp = *rp++; + if (fp == NULL) { + error = EINVAL; + goto out; + } + /* + * If we are in a chroot'ed directory, and + * someone wants to pass us a directory, make + * sure it's inside the subtree we're allowed + * to access. + */ + if (p-p_cwdi-cwdi_rdir != NULL fp-f_type == DTYPE_VNODE) { + vnode_t *vp = (vnode_t *)fp-f_data; + if ((vp-v_type == VDIR) + !vn_isunder(vp, p-p_cwdi-cwdi_rdir, l)) { +error = EPERM; +goto out; } } } restart: - rp = (file_t **)CMSG_DATA(cm); - if (error != 0) { - for (i = 0; i nfds; i++) { - fp = *rp; - *rp++ = 0; - unp_discard_now(fp); - } - goto out; - } - /* * First loop -- allocate file descriptor table slots for the * new files. */ - for (i = 0; i nfds; i++) { - fp = *rp++; + for (size_t i = 0; i nfds; i++) { if ((error = fd_alloc(p, 0, fdp[i])) != 0) { /* * Back out what we've done so far. */ - for (--i; i = 0; i--) { + while (i-- 0) { fd_abort(p, NULL, fdp[i]); } if (error == ENOSPC) { fd_tryexpand(p); error = 0; - } else { -/* - * This is the error that has historically - * been returned, and some callers may - * expect it. - */ -error = EMSGSIZE; +goto restart; } - goto restart; + /* + * This is the error that has historically + * been returned, and some callers may + * expect it. + */ + error = EMSGSIZE; + goto out; } } @@ -1315,12 +1303,17 @@
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Mon Aug 20 19:15:36 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: tty.c Log Message: Pull up following revision(s) (requested by christos in ticket #516): sys/kern/tty.c: revision 1.251 sys/kern/tty.c: revision 1.252 sys/kern/tty.c: revision 1.253 Better (not racy fix) from Paul Goyette. Use the queue of the tty not garbage from the stack (Paul Goyette) PR/46780: Dennis Ferguson: Take the easy way out and return EBUSY when changing the queue size if the output queue is not empty. Other solutions seemed too complex/fragile. To generate a diff of this commit: cvs rdiff -u -r1.249.8.1 -r1.249.8.2 src/sys/kern/tty.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/tty.c diff -u src/sys/kern/tty.c:1.249.8.1 src/sys/kern/tty.c:1.249.8.2 --- src/sys/kern/tty.c:1.249.8.1 Mon Mar 19 23:23:10 2012 +++ src/sys/kern/tty.c Mon Aug 20 19:15:36 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: tty.c,v 1.249.8.1 2012/03/19 23:23:10 riz Exp $ */ +/* $NetBSD: tty.c,v 1.249.8.2 2012/08/20 19:15:36 riz Exp $ */ /*- * Copyright (c) 2008 The NetBSD Foundation, Inc. @@ -63,7 +63,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: tty.c,v 1.249.8.1 2012/03/19 23:23:10 riz Exp $); +__KERNEL_RCSID(0, $NetBSD: tty.c,v 1.249.8.2 2012/08/20 19:15:36 riz Exp $); #include sys/param.h #include sys/systm.h @@ -224,7 +224,7 @@ tty_get_qsize(int *qsize, int newsize) return 0; } -static void +static int tty_set_qsize(struct tty *tp, int newsize) { struct clist rawq, canq, outq; @@ -236,6 +236,14 @@ tty_set_qsize(struct tty *tp, int newsiz mutex_spin_enter(tty_lock); + if (tp-t_outq.c_cc != 0) { + mutex_spin_exit(tty_lock); + clfree(rawq); + clfree(canq); + clfree(outq); + return EBUSY; + } + orawq = tp-t_rawq; ocanq = tp-t_canq; ooutq = tp-t_outq; @@ -252,6 +260,8 @@ tty_set_qsize(struct tty *tp, int newsiz clfree(orawq); clfree(ocanq); clfree(ooutq); + + return 0; } static int @@ -1350,7 +1360,7 @@ ttioctl(struct tty *tp, u_long cmd, void case TIOCSQSIZE: if ((error = tty_get_qsize(s, *(int *)data)) == 0 s != tp-t_qsize) - tty_set_qsize(tp, s); + error = tty_set_qsize(tp, s); return error; default: /* We may have to load the compat module for this. */
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Mon Aug 20 19:15:36 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: tty.c Log Message: Pull up following revision(s) (requested by christos in ticket #516): sys/kern/tty.c: revision 1.251 sys/kern/tty.c: revision 1.252 sys/kern/tty.c: revision 1.253 Better (not racy fix) from Paul Goyette. Use the queue of the tty not garbage from the stack (Paul Goyette) PR/46780: Dennis Ferguson: Take the easy way out and return EBUSY when changing the queue size if the output queue is not empty. Other solutions seemed too complex/fragile. To generate a diff of this commit: cvs rdiff -u -r1.249.8.1 -r1.249.8.2 src/sys/kern/tty.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Sun Aug 19 17:36:42 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: kern_synch.c Log Message: Pull up following revision(s) (requested by christos in ticket #513): sys/kern/kern_synch.c: revision 1.303 PR/46811: Tetsua Isaki: Don't handle cpu limits when runtime is negative. To generate a diff of this commit: cvs rdiff -u -r1.297 -r1.297.2.1 src/sys/kern/kern_synch.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_synch.c diff -u src/sys/kern/kern_synch.c:1.297 src/sys/kern/kern_synch.c:1.297.2.1 --- src/sys/kern/kern_synch.c:1.297 Sat Jan 28 12:22:33 2012 +++ src/sys/kern/kern_synch.c Sun Aug 19 17:36:41 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_synch.c,v 1.297 2012/01/28 12:22:33 rmind Exp $ */ +/* $NetBSD: kern_synch.c,v 1.297.2.1 2012/08/19 17:36:41 riz Exp $ */ /*- * Copyright (c) 1999, 2000, 2004, 2006, 2007, 2008, 2009 @@ -69,7 +69,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_synch.c,v 1.297 2012/01/28 12:22:33 rmind Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_synch.c,v 1.297.2.1 2012/08/19 17:36:41 riz Exp $); #include opt_kstack.h #include opt_perfctrs.h @@ -1204,6 +1204,16 @@ sched_pstats(void) /* Calculating p_pctcpu only for ps(1) */ p-p_pctcpu = (p-p_pctcpu * ccpu) FSHIFT; + if (__predict_false(runtm 0)) { + if (!backwards) { +backwards = true; +printf(WARNING: negative runtime; +monotonic clock has gone backwards\n); + } + mutex_exit(p-p_lock); + continue; + } + /* * Check if the process exceeds its CPU resource allocation. * If over the hard limit, kill it with SIGKILL. @@ -1227,13 +1237,7 @@ sched_pstats(void) } } mutex_exit(p-p_lock); - if (__predict_false(runtm 0)) { - if (!backwards) { -backwards = true; -printf(WARNING: negative runtime; -monotonic clock has gone backwards\n); - } - } else if (__predict_false(sig)) { + if (__predict_false(sig)) { KASSERT((p-p_flag PK_SYSTEM) == 0); psignal(p, sig); }
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Sun Aug 19 17:36:42 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: kern_synch.c Log Message: Pull up following revision(s) (requested by christos in ticket #513): sys/kern/kern_synch.c: revision 1.303 PR/46811: Tetsua Isaki: Don't handle cpu limits when runtime is negative. To generate a diff of this commit: cvs rdiff -u -r1.297 -r1.297.2.1 src/sys/kern/kern_synch.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: martin Date: Sun Aug 12 14:45:31 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: subr_kmem.c Log Message: Pull up following revision(s) (requested by para in ticket #486): sys/kern/subr_kmem.c: revision 1.46 (via patch) split allocation lookup table to decrease overall memory used making allocator more flexible for allocations larger then 4kb move the encoded size under DEBUG back to the begining of allocated chunk To generate a diff of this commit: cvs rdiff -u -r1.42.2.1 -r1.42.2.2 src/sys/kern/subr_kmem.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/subr_kmem.c diff -u src/sys/kern/subr_kmem.c:1.42.2.1 src/sys/kern/subr_kmem.c:1.42.2.2 --- src/sys/kern/subr_kmem.c:1.42.2.1 Tue Apr 3 16:14:02 2012 +++ src/sys/kern/subr_kmem.c Sun Aug 12 14:45:31 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: subr_kmem.c,v 1.42.2.1 2012/04/03 16:14:02 riz Exp $ */ +/* $NetBSD: subr_kmem.c,v 1.42.2.2 2012/08/12 14:45:31 martin Exp $ */ /*- * Copyright (c) 2009 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: subr_kmem.c,v 1.42.2.1 2012/04/03 16:14:02 riz Exp $); +__KERNEL_RCSID(0, $NetBSD: subr_kmem.c,v 1.42.2.2 2012/08/12 14:45:31 martin Exp $); #include sys/param.h #include sys/callback.h @@ -77,10 +77,12 @@ __KERNEL_RCSID(0, $NetBSD: subr_kmem.c, #include lib/libkern/libkern.h -static const struct kmem_cache_info { +struct kmem_cache_info { size_t kc_size; const char * kc_name; -} kmem_cache_sizes[] = { +}; + +static const struct kmem_cache_info kmem_cache_sizes[] = { { 8, kmem-8 }, { 16, kmem-16 }, { 24, kmem-24 }, @@ -103,24 +105,39 @@ static const struct kmem_cache_info { { 512, kmem-512 }, { 768, kmem-768 }, { 1024, kmem-1024 }, + { 0, NULL } +}; + +static const struct kmem_cache_info kmem_cache_big_sizes[] = { { 2048, kmem-2048 }, { 4096, kmem-4096 }, + { 8192, kmem-8192 }, + { 16384, kmem-16384 }, { 0, NULL } }; /* * KMEM_ALIGN is the smallest guaranteed alignment and also the - * smallest allocateable quantum. Every cache size is a multiply - * of CACHE_LINE_SIZE and gets CACHE_LINE_SIZE alignment. + * smallest allocateable quantum. + * Every cache size = CACHE_LINE_SIZE gets CACHE_LINE_SIZE alignment. */ #define KMEM_ALIGN 8 #define KMEM_SHIFT 3 -#define KMEM_MAXSIZE 4096 +#define KMEM_MAXSIZE 1024 #define KMEM_CACHE_COUNT (KMEM_MAXSIZE KMEM_SHIFT) static pool_cache_t kmem_cache[KMEM_CACHE_COUNT] __cacheline_aligned; static size_t kmem_cache_maxidx __read_mostly; +#define KMEM_BIG_ALIGN 2048 +#define KMEM_BIG_SHIFT 11 +#define KMEM_BIG_MAXSIZE 16384 +#define KMEM_CACHE_BIG_COUNT (KMEM_BIG_MAXSIZE KMEM_BIG_SHIFT) + +static pool_cache_t kmem_cache_big[KMEM_CACHE_BIG_COUNT] __cacheline_aligned; +static size_t kmem_cache_big_maxidx __read_mostly; + + #if defined(DEBUG) int kmem_guard_depth = 0; size_t kmem_guard_size; @@ -160,6 +177,10 @@ static void kmem_size_check(void *, size CTASSERT(KM_SLEEP == PR_WAITOK); CTASSERT(KM_NOSLEEP == PR_NOWAIT); +/* + * kmem_intr_alloc: allocate wired memory. + */ + void * kmem_intr_alloc(size_t size, km_flag_t kmflags) { @@ -175,28 +196,41 @@ kmem_intr_alloc(size_t size, km_flag_t k (kmflags KM_SLEEP) != 0); } #endif - allocsz = kmem_roundup_size(size) + REDZONE_SIZE + SIZE_SIZE; - index = (allocsz - 1) KMEM_SHIFT; + size = kmem_roundup_size(size); + allocsz = size + REDZONE_SIZE + SIZE_SIZE; - if (index = kmem_cache_maxidx) { + if ((index = ((allocsz -1) KMEM_SHIFT)) + kmem_cache_maxidx) { + pc = kmem_cache[index]; + } else if ((index = ((allocsz - 1) KMEM_BIG_SHIFT)) + kmem_cache_big_maxidx) { + pc = kmem_cache_big[index]; + } else { int ret = uvm_km_kmem_alloc(kmem_va_arena, (vsize_t)round_page(size), ((kmflags KM_SLEEP) ? VM_SLEEP : VM_NOSLEEP) | VM_INSTANTFIT, (vmem_addr_t *)p); - return ret ? NULL : p; + if (ret) { + return NULL; + } + FREECHECK_OUT(kmem_freecheck, p); + return p; } - pc = kmem_cache[index]; p = pool_cache_get(pc, kmflags); if (__predict_true(p != NULL)) { - kmem_poison_check(p, kmem_roundup_size(size)); + kmem_poison_check(p, size); FREECHECK_OUT(kmem_freecheck, p); - kmem_size_set(p, allocsz); + kmem_size_set(p, size); } - return p; + return p + SIZE_SIZE; } +/* + * kmem_intr_zalloc: allocate zeroed wired memory. + */ + void * kmem_intr_zalloc(size_t size, km_flag_t kmflags) { @@ -209,6 +243,10 @@ kmem_intr_zalloc(size_t size, km_flag_t return p; } +/* + * kmem_intr_free: free wired memory allocated by kmem_alloc. + */ + void kmem_intr_free(void *p, size_t size) { @@ -224,22 +262,30 @@ kmem_intr_free(void *p, size_t size) return; } #endif - allocsz = kmem_roundup_size(size) + REDZONE_SIZE + SIZE_SIZE; - index = (allocsz - 1) KMEM_SHIFT; + size =
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: martin Date: Sun Aug 12 19:02:33 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: subr_disk_mbr.c Log Message: Pull up following revision(s) (requested by tsutsui in ticket #482): sys/kern/subr_disk_mbr.c: revision 1.43 Apply workaround for installcd mountroot failure on some i386 machines To generate a diff of this commit: cvs rdiff -u -r1.42 -r1.42.8.1 src/sys/kern/subr_disk_mbr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/subr_disk_mbr.c diff -u src/sys/kern/subr_disk_mbr.c:1.42 src/sys/kern/subr_disk_mbr.c:1.42.8.1 --- src/sys/kern/subr_disk_mbr.c:1.42 Thu Jun 30 20:09:41 2011 +++ src/sys/kern/subr_disk_mbr.c Sun Aug 12 19:02:33 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: subr_disk_mbr.c,v 1.42 2011/06/30 20:09:41 wiz Exp $ */ +/* $NetBSD: subr_disk_mbr.c,v 1.42.8.1 2012/08/12 19:02:33 martin Exp $ */ /* * Copyright (c) 1982, 1986, 1988 Regents of the University of California. @@ -54,7 +54,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: subr_disk_mbr.c,v 1.42 2011/06/30 20:09:41 wiz Exp $); +__KERNEL_RCSID(0, $NetBSD: subr_disk_mbr.c,v 1.42.8.1 2012/08/12 19:02:33 martin Exp $); #include sys/param.h #include sys/systm.h @@ -364,9 +364,11 @@ scan_iso_vrs(mbr_args_t *a) a-lp-d_partitions[0].p_size = a-lp-d_secperunit; a-lp-d_partitions[0].p_cdsession = is_iso9660; a-lp-d_partitions[0].p_fstype = FS_ISO9660; +#ifdef notyet } else { a-lp-d_partitions[0].p_size = 0; a-lp-d_partitions[0].p_fstype = FS_UNUSED; +#endif } /* add udf partition if found */
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: martin Date: Sun Aug 12 14:45:31 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: subr_kmem.c Log Message: Pull up following revision(s) (requested by para in ticket #486): sys/kern/subr_kmem.c: revision 1.46 (via patch) split allocation lookup table to decrease overall memory used making allocator more flexible for allocations larger then 4kb move the encoded size under DEBUG back to the begining of allocated chunk To generate a diff of this commit: cvs rdiff -u -r1.42.2.1 -r1.42.2.2 src/sys/kern/subr_kmem.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: martin Date: Sun Aug 12 19:02:33 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: subr_disk_mbr.c Log Message: Pull up following revision(s) (requested by tsutsui in ticket #482): sys/kern/subr_disk_mbr.c: revision 1.43 Apply workaround for installcd mountroot failure on some i386 machines To generate a diff of this commit: cvs rdiff -u -r1.42 -r1.42.8.1 src/sys/kern/subr_disk_mbr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Fri Jul 20 23:10:07 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: uipc_syscalls.c Log Message: Pull up following revision(s) (requested by njoly in ticket #423): sys/kern/uipc_syscalls.c: revision 1.156 Avoid kmem_alloc KASSERT for 0 byte allocation, when tracing processes that use empty messages with sendmsg/recvmsg. To generate a diff of this commit: cvs rdiff -u -r1.154 -r1.154.2.1 src/sys/kern/uipc_syscalls.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/uipc_syscalls.c diff -u src/sys/kern/uipc_syscalls.c:1.154 src/sys/kern/uipc_syscalls.c:1.154.2.1 --- src/sys/kern/uipc_syscalls.c:1.154 Wed Jan 25 16:56:13 2012 +++ src/sys/kern/uipc_syscalls.c Fri Jul 20 23:10:06 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_syscalls.c,v 1.154 2012/01/25 16:56:13 christos Exp $ */ +/* $NetBSD: uipc_syscalls.c,v 1.154.2.1 2012/07/20 23:10:06 riz Exp $ */ /*- * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: uipc_syscalls.c,v 1.154 2012/01/25 16:56:13 christos Exp $); +__KERNEL_RCSID(0, $NetBSD: uipc_syscalls.c,v 1.154.2.1 2012/07/20 23:10:06 riz Exp $); #include opt_pipe.h @@ -605,7 +605,7 @@ do_sys_sendmsg(struct lwp *l, int s, str } } - if (ktrpoint(KTR_GENIO)) { + if (ktrpoint(KTR_GENIO) iovsz 0) { ktriov = kmem_alloc(iovsz, KM_SLEEP); memcpy(ktriov, auio.uio_iov, iovsz); } @@ -640,9 +640,10 @@ do_sys_sendmsg(struct lwp *l, int s, str *retsize = len - auio.uio_resid; bad: - if (ktriov != NULL) { + if (ktrpoint(KTR_GENIO)) { ktrgeniov(s, UIO_WRITE, ktriov, *retsize, error); - kmem_free(ktriov, iovsz); + if (ktriov != NULL) + kmem_free(ktriov, iovsz); } if (iov != aiov) @@ -826,7 +827,7 @@ int do_sys_recvmsg(struct lwp *l, int s, struct msghdr *mp, struct mbuf **from, struct mbuf **control, register_t *retsize) { - struct iovec aiov[UIO_SMALLIOV], *iov = aiov, *tiov, *ktriov; + struct iovec aiov[UIO_SMALLIOV], *iov = aiov, *tiov, *ktriov = NULL; struct socket *so; struct uio auio; size_t len, iovsz; @@ -880,8 +881,7 @@ do_sys_recvmsg(struct lwp *l, int s, str } } - ktriov = NULL; - if (ktrpoint(KTR_GENIO)) { + if (ktrpoint(KTR_GENIO) iovsz 0) { ktriov = kmem_alloc(iovsz, KM_SLEEP); memcpy(ktriov, auio.uio_iov, iovsz); } @@ -897,9 +897,10 @@ do_sys_recvmsg(struct lwp *l, int s, str /* Some data transferred */ error = 0; - if (ktriov != NULL) { + if (ktrpoint(KTR_GENIO)) { ktrgeniov(s, UIO_READ, ktriov, len, error); - kmem_free(ktriov, iovsz); + if (ktriov != NULL) + kmem_free(ktriov, iovsz); } if (error != 0) {
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Sat Jul 21 00:00:14 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: sys_sig.c Log Message: Pull up following revision(s) (requested by christos in ticket #430): sys/kern/sys_sig.c: revision 1.38 From Roger Pau Monne: kill(2) called for a zombie process should return 0, according to: http://pubs.opengroup.org/onlinepubs/9699919799/functions/kill.html To generate a diff of this commit: cvs rdiff -u -r1.36 -r1.36.6.1 src/sys/kern/sys_sig.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/sys_sig.c diff -u src/sys/kern/sys_sig.c:1.36 src/sys/kern/sys_sig.c:1.36.6.1 --- src/sys/kern/sys_sig.c:1.36 Fri Nov 18 03:34:13 2011 +++ src/sys/kern/sys_sig.c Sat Jul 21 00:00:13 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: sys_sig.c,v 1.36 2011/11/18 03:34:13 christos Exp $ */ +/* $NetBSD: sys_sig.c,v 1.36.6.1 2012/07/21 00:00:13 riz Exp $ */ /*- * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -66,7 +66,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: sys_sig.c,v 1.36 2011/11/18 03:34:13 christos Exp $); +__KERNEL_RCSID(0, $NetBSD: sys_sig.c,v 1.36.6.1 2012/07/21 00:00:13 riz Exp $); #include sys/param.h #include sys/kernel.h @@ -242,10 +242,11 @@ kill1(struct lwp *l, pid_t pid, ksiginfo if (pid 0) { /* kill single process */ mutex_enter(proc_lock); - p = proc_find(pid); - if (p == NULL) { + p = proc_find_raw(pid); + if (p == NULL || (p-p_stat != SACTIVE p-p_stat != SSTOP)) { mutex_exit(proc_lock); - return ESRCH; + /* IEEE Std 1003.1-2001: return success for zombies */ + return p ? 0 : ESRCH; } mutex_enter(p-p_lock); error = kauth_authorize_process(l-l_cred,
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Fri Jul 20 23:10:07 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: uipc_syscalls.c Log Message: Pull up following revision(s) (requested by njoly in ticket #423): sys/kern/uipc_syscalls.c: revision 1.156 Avoid kmem_alloc KASSERT for 0 byte allocation, when tracing processes that use empty messages with sendmsg/recvmsg. To generate a diff of this commit: cvs rdiff -u -r1.154 -r1.154.2.1 src/sys/kern/uipc_syscalls.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Sat Jul 21 00:00:14 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: sys_sig.c Log Message: Pull up following revision(s) (requested by christos in ticket #430): sys/kern/sys_sig.c: revision 1.38 From Roger Pau Monne: kill(2) called for a zombie process should return 0, according to: http://pubs.opengroup.org/onlinepubs/9699919799/functions/kill.html To generate a diff of this commit: cvs rdiff -u -r1.36 -r1.36.6.1 src/sys/kern/sys_sig.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Thu Jul 12 17:11:17 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: uipc_socket.c Log Message: Pull up following revision(s) (requested by chs in ticket #408): sys/kern/uipc_socket.c: revision 1.211 in soreceive(), handle uios larger than 31 bits. fixes the remaining problem in PR 43240. To generate a diff of this commit: cvs rdiff -u -r1.209 -r1.209.2.1 src/sys/kern/uipc_socket.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/uipc_socket.c diff -u src/sys/kern/uipc_socket.c:1.209 src/sys/kern/uipc_socket.c:1.209.2.1 --- src/sys/kern/uipc_socket.c:1.209 Wed Feb 1 02:27:23 2012 +++ src/sys/kern/uipc_socket.c Thu Jul 12 17:11:17 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_socket.c,v 1.209 2012/02/01 02:27:23 matt Exp $ */ +/* $NetBSD: uipc_socket.c,v 1.209.2.1 2012/07/12 17:11:17 riz Exp $ */ /*- * Copyright (c) 2002, 2007, 2008, 2009 The NetBSD Foundation, Inc. @@ -63,7 +63,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: uipc_socket.c,v 1.209 2012/02/01 02:27:23 matt Exp $); +__KERNEL_RCSID(0, $NetBSD: uipc_socket.c,v 1.209.2.1 2012/07/12 17:11:17 riz Exp $); #include opt_compat_netbsd.h #include opt_sock_counters.h @@ -1132,7 +1132,8 @@ soreceive(struct socket *so, struct mbuf { struct lwp *l = curlwp; struct mbuf *m, **mp, *mt; - int atomic, flags, len, error, s, offset, moff, type, orig_resid; + size_t len, offset, moff, orig_resid; + int atomic, flags, error, s, type; const struct protosw *pr; struct mbuf *nextrecord; int mbuf_removed = 0; @@ -1165,7 +1166,7 @@ soreceive(struct socket *so, struct mbuf goto bad; do { error = uiomove(mtod(m, void *), - (int) min(uio-uio_resid, m-m_len), uio); + MIN(uio-uio_resid, m-m_len), uio); m = m_free(m); } while (uio-uio_resid 0 error == 0 m); bad: @@ -1419,7 +1420,7 @@ soreceive(struct socket *so, struct mbuf SBLASTMBUFCHK(so-so_rcv, soreceive uiomove); sounlock(so); splx(s); - error = uiomove(mtod(m, char *) + moff, (int)len, uio); + error = uiomove(mtod(m, char *) + moff, len, uio); s = splsoftnet(); solock(so); if (error != 0) {
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Tue Jun 12 17:16:28 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: vfs_bio.c Log Message: Pull up following revision(s) (requested by dsl in ticket #307): sys/kern/vfs_bio.c: revision 1.239 Use separate temporaries for the 'int' percentage and the 'long' water marks. Previous paniced on sparc64 due to a misaligned copy. To generate a diff of this commit: cvs rdiff -u -r1.236.2.1 -r1.236.2.2 src/sys/kern/vfs_bio.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/vfs_bio.c diff -u src/sys/kern/vfs_bio.c:1.236.2.1 src/sys/kern/vfs_bio.c:1.236.2.2 --- src/sys/kern/vfs_bio.c:1.236.2.1 Tue Jun 12 17:13:56 2012 +++ src/sys/kern/vfs_bio.c Tue Jun 12 17:16:28 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_bio.c,v 1.236.2.1 2012/06/12 17:13:56 riz Exp $ */ +/* $NetBSD: vfs_bio.c,v 1.236.2.2 2012/06/12 17:16:28 riz Exp $ */ /*- * Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc. @@ -123,7 +123,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: vfs_bio.c,v 1.236.2.1 2012/06/12 17:13:56 riz Exp $); +__KERNEL_RCSID(0, $NetBSD: vfs_bio.c,v 1.236.2.2 2012/06/12 17:16:28 riz Exp $); #include opt_bufcache.h @@ -1732,12 +1732,18 @@ sysctl_bufvm_update(SYSCTLFN_ARGS) { int error, rv; struct sysctlnode node; - union u_int_long { unsigned int i; unsigned long l; } t; + unsigned int temp_bufcache; + unsigned long temp_water; /* Take a copy of the supplied node and its data */ node = *rnode; - node.sysctl_data = t; - t = *(union u_int_long *)rnode-sysctl_data; + if (node.sysctl_data == bufcache) { + node.sysctl_data = temp_bufcache; + temp_bufcache = *(unsigned int *)rnode-sysctl_data; + } else { + node.sysctl_data = temp_water; + temp_water = *(unsigned long *)rnode-sysctl_data; + } /* Update the copy */ error = sysctl_lookup(SYSCTLFN_CALL(node)); @@ -1745,18 +1751,18 @@ sysctl_bufvm_update(SYSCTLFN_ARGS) return (error); if (rnode-sysctl_data == bufcache) { - if (t.i 100) + if (temp_bufcache 100) return (EINVAL); - bufcache = t.i; + bufcache = temp_bufcache; buf_setwm(); } else if (rnode-sysctl_data == bufmem_lowater) { - if (bufmem_hiwater - t.l 16) + if (bufmem_hiwater - temp_water 16) return (EINVAL); - bufmem_lowater = t.l; + bufmem_lowater = temp_water; } else if (rnode-sysctl_data == bufmem_hiwater) { - if (t.l - bufmem_lowater 16) + if (temp_water - bufmem_lowater 16) return (EINVAL); - bufmem_hiwater = t.l; + bufmem_hiwater = temp_water; } else return (EINVAL);
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Tue Jun 12 17:16:28 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: vfs_bio.c Log Message: Pull up following revision(s) (requested by dsl in ticket #307): sys/kern/vfs_bio.c: revision 1.239 Use separate temporaries for the 'int' percentage and the 'long' water marks. Previous paniced on sparc64 due to a misaligned copy. To generate a diff of this commit: cvs rdiff -u -r1.236.2.1 -r1.236.2.2 src/sys/kern/vfs_bio.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Mon Jun 11 23:20:38 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: uipc_usrreq.c Log Message: Pull up following revision(s) (requested by martin in ticket #304): sys/kern/uipc_usrreq.c: revision 1.137 Stopgap fix for PR kern/46463: disallow passing of kqueue descriptors via SCM_RIGHT anxiliary socket messages. To generate a diff of this commit: cvs rdiff -u -r1.136 -r1.136.8.1 src/sys/kern/uipc_usrreq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/uipc_usrreq.c diff -u src/sys/kern/uipc_usrreq.c:1.136 src/sys/kern/uipc_usrreq.c:1.136.8.1 --- src/sys/kern/uipc_usrreq.c:1.136 Sun Jun 26 16:42:43 2011 +++ src/sys/kern/uipc_usrreq.c Mon Jun 11 23:20:38 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_usrreq.c,v 1.136 2011/06/26 16:42:43 christos Exp $ */ +/* $NetBSD: uipc_usrreq.c,v 1.136.8.1 2012/06/11 23:20:38 riz Exp $ */ /*- * Copyright (c) 1998, 2000, 2004, 2008, 2009 The NetBSD Foundation, Inc. @@ -96,7 +96,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: uipc_usrreq.c,v 1.136 2011/06/26 16:42:43 christos Exp $); +__KERNEL_RCSID(0, $NetBSD: uipc_usrreq.c,v 1.136.8.1 2012/06/11 23:20:38 riz Exp $); #include sys/param.h #include sys/systm.h @@ -1382,7 +1382,10 @@ unp_internalize(struct mbuf **controlp) error = EAGAIN; goto out; } - if ((fp = fd_getfile(fd)) == NULL) { + if ((fp = fd_getfile(fd)) == NULL + || fp-f_type == DTYPE_KQUEUE) { + if (fp) + fd_putfile(fd); atomic_dec_uint(unp_rights); nfds = i; error = EBADF;
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Mon Jun 11 23:20:38 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: uipc_usrreq.c Log Message: Pull up following revision(s) (requested by martin in ticket #304): sys/kern/uipc_usrreq.c: revision 1.137 Stopgap fix for PR kern/46463: disallow passing of kqueue descriptors via SCM_RIGHT anxiliary socket messages. To generate a diff of this commit: cvs rdiff -u -r1.136 -r1.136.8.1 src/sys/kern/uipc_usrreq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Sat May 19 15:01:36 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: vfs_mount.c vfs_syscalls.c Log Message: Pull up following revision(s) (requested by manu in ticket #259): sys/kern/vfs_syscalls.c: revision 1.456 sys/kern/vfs_mount.c: revision 1.14 sys/kern/vfs_syscalls.c: revision 1.452 sys/kern/vfs_syscalls.c: revision 1.453 sys/kern/vfs_syscalls.c: revision 1.454 Do not use vp after mount_domount() call as it sets it to NULL on success. This fixes a panic when starting extended attributes. Fix mount -o extattr : previous patch fixed a panic but caused operation to happen on the mount point instead of the mounted filesystem. Fix the extattr start fix. Looking up the filesystemroot vnode again does not seems to be reliable. Instead save it before mount_domount() sets it to NULL. Move VFS_EXTATTRCTL to mount_domount(). This makes the fs/puffs/t_fuzz:mountfuzz7, fs/puffs/t_fuzz:mountfuzz8, and fs/zfs/t_zpool:create tests pass again. Patch from manu, discussed on tech-kern and committed at his request. To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.12.6.1 src/sys/kern/vfs_mount.c cvs rdiff -u -r1.449.2.1 -r1.449.2.2 src/sys/kern/vfs_syscalls.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/vfs_mount.c diff -u src/sys/kern/vfs_mount.c:1.12 src/sys/kern/vfs_mount.c:1.12.6.1 --- src/sys/kern/vfs_mount.c:1.12 Fri Nov 18 21:17:45 2011 +++ src/sys/kern/vfs_mount.c Sat May 19 15:01:35 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_mount.c,v 1.12 2011/11/18 21:17:45 christos Exp $ */ +/* $NetBSD: vfs_mount.c,v 1.12.6.1 2012/05/19 15:01:35 riz Exp $ */ /*- * Copyright (c) 1997-2011 The NetBSD Foundation, Inc. @@ -67,7 +67,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: vfs_mount.c,v 1.12 2011/11/18 21:17:45 christos Exp $); +__KERNEL_RCSID(0, $NetBSD: vfs_mount.c,v 1.12.6.1 2012/05/19 15:01:35 riz Exp $); #include sys/param.h #include sys/kernel.h @@ -83,6 +83,7 @@ __KERNEL_RCSID(0, $NetBSD: vfs_mount.c, #include sys/module.h #include sys/mount.h #include sys/namei.h +#include sys/extattr.h #include sys/syscallargs.h #include sys/sysctl.h #include sys/systm.h @@ -758,8 +759,15 @@ mount_domount(struct lwp *l, vnode_t **v vfs_unbusy(mp, true, NULL); (void) VFS_STATVFS(mp, mp-mnt_stat); error = VFS_START(mp, 0); - if (error) + if (error) { vrele(vp); + } else if (flags MNT_EXTATTR) { + error = VFS_EXTATTRCTL(vp-v_mountedhere, + EXTATTR_CMD_START, NULL, 0, NULL); + if (error) + printf(%s: failed to start extattr: error = %d\n, + vp-v_mountedhere-mnt_stat.f_mntonname, error); + } /* Drop reference held for VFS_START(). */ vfs_destroy(mp); *vpp = NULL; Index: src/sys/kern/vfs_syscalls.c diff -u src/sys/kern/vfs_syscalls.c:1.449.2.1 src/sys/kern/vfs_syscalls.c:1.449.2.2 --- src/sys/kern/vfs_syscalls.c:1.449.2.1 Thu May 17 18:12:12 2012 +++ src/sys/kern/vfs_syscalls.c Sat May 19 15:01:35 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_syscalls.c,v 1.449.2.1 2012/05/17 18:12:12 riz Exp $ */ +/* $NetBSD: vfs_syscalls.c,v 1.449.2.2 2012/05/19 15:01:35 riz Exp $ */ /*- * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. @@ -70,7 +70,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: vfs_syscalls.c,v 1.449.2.1 2012/05/17 18:12:12 riz Exp $); +__KERNEL_RCSID(0, $NetBSD: vfs_syscalls.c,v 1.449.2.2 2012/05/19 15:01:35 riz Exp $); #ifdef _KERNEL_OPT #include opt_fileassoc.h @@ -273,20 +273,20 @@ mount_update(struct lwp *l, struct vnode if ((error == 0) !(saved_flags MNT_EXTATTR) (flags MNT_EXTATTR)) { - if (VFS_EXTATTRCTL(vp-v_mount, EXTATTR_CMD_START, + if (VFS_EXTATTRCTL(mp, EXTATTR_CMD_START, NULL, 0, NULL) != 0) { printf(%s: failed to start extattr, error = %d, - vp-v_mount-mnt_stat.f_mntonname, error); + mp-mnt_stat.f_mntonname, error); mp-mnt_flag = ~MNT_EXTATTR; } } if ((error == 0) (saved_flags MNT_EXTATTR) !(flags MNT_EXTATTR)) { - if (VFS_EXTATTRCTL(vp-v_mount, EXTATTR_CMD_STOP, + if (VFS_EXTATTRCTL(mp, EXTATTR_CMD_STOP, NULL, 0, NULL) != 0) { printf(%s: failed to stop extattr, error = %d, - vp-v_mount-mnt_stat.f_mntonname, error); + mp-mnt_stat.f_mntonname, error); mp-mnt_flag |= MNT_RDONLY; } } @@ -463,14 +463,6 @@ do_sys_mount(struct lwp *l, struct vfsop error = mount_domount(l, vp, vfsops, path, flags, data_buf, data_len); vfsopsrele = false; - - if ((error == 0) (flags MNT_EXTATTR)) { - if (VFS_EXTATTRCTL(vp-v_mount, EXTATTR_CMD_START, - NULL, 0, NULL) != 0) -printf(%s: failed to start extattr, - vp-v_mount-mnt_stat.f_mntonname); -/* XXX remove flag */ - } } done:
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: riz Date: Sat May 19 15:29:21 UTC 2012 Modified Files: src/sys/kern [netbsd-6]: vfs_subr.c Log Message: Pull up following revision(s) (requested by chs in ticket #267): sys/kern/vfs_subr.c: revision 1.435 remove a bogus optimization introduced in the previous change. fixes hangs in the rump/rumpvfs/t_etfs test. To generate a diff of this commit: cvs rdiff -u -r1.432.2.1 -r1.432.2.2 src/sys/kern/vfs_subr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/vfs_subr.c diff -u src/sys/kern/vfs_subr.c:1.432.2.1 src/sys/kern/vfs_subr.c:1.432.2.2 --- src/sys/kern/vfs_subr.c:1.432.2.1 Mon May 7 03:01:13 2012 +++ src/sys/kern/vfs_subr.c Sat May 19 15:29:21 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_subr.c,v 1.432.2.1 2012/05/07 03:01:13 riz Exp $ */ +/* $NetBSD: vfs_subr.c,v 1.432.2.2 2012/05/19 15:29:21 riz Exp $ */ /*- * Copyright (c) 1997, 1998, 2004, 2005, 2007, 2008 The NetBSD Foundation, Inc. @@ -67,7 +67,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: vfs_subr.c,v 1.432.2.1 2012/05/07 03:01:13 riz Exp $); +__KERNEL_RCSID(0, $NetBSD: vfs_subr.c,v 1.432.2.2 2012/05/19 15:29:21 riz Exp $); #include opt_ddb.h #include opt_compat_netbsd.h @@ -290,9 +290,6 @@ vflushbuf(struct vnode *vp, int flags) mutex_enter(vp-v_interlock); (void) VOP_PUTPAGES(vp, 0, 0, pflags); - if (LIST_EMPTY(vp-v_dirtyblkhd) || (flags FSYNC_DATAONLY)) - return 0; - loop: mutex_enter(bufcache_lock); for (bp = LIST_FIRST(vp-v_dirtyblkhd); bp; bp = nbp) {