Import a vendor fix for a list overrun.
This has been considered as a security hole on some specialized ml,
but currently the secteam@ doesn't consider that way.
Reviewed by: emaste, des
Sponsored by: Sandvine Incorporated
MFC after: 3 days
MFp4:
Remove msleep() timeout from g_io_schedule_up/down(). It works fine
without it, saving few percents of CPU on high request rates without
need to rearm callout twice per request.
Remove constraint, requiring request data to fulfill controller's alignment
requirements. It is busdma task, to manage proper alignment by loading
data to bounce buffers.
PR: kern/127316
Reviewed by: current@
Tested by: Ryan Rogers
The clear_remove() and clear_inodedeps() call vn_start_write(NULL, &mp,
V_NOWAIT) on the non-busied mount point. Unmount might free ufs-specific
mp data, causing ffs_vgetf() to access freed memory.
In fhopen, vfs_ref() the mount point while vnode is unlocked, to prevent
vn_start_write(NULL, &mp) from operating on potentially freed or reused
struct mount *.
Remove unmatched vfs_rel() in cleanup.
Noted and reviewed by: tegge
Tested by: pho
MFC after: 3 days
Now that pty(4) is a loadable kernel module, I'd better move /dev/ptmx
in there as well. This means that pty(4) now provides almost all
pseudo-terminal compatibility code. This means it's very easy to test
whether applications use the proper library interfaces when allocating
pseudo-terminals (namely posix_openpt and openpty).
In the NEXTADDR macro use SA_SIZE() rather than directly using
sizeof(), as introduced in r186119, for advancing the current
position into the buffer.
See comment in net/route.h for a description of the difference.
This makes ndp -s work again.
This patch fixes an address scope violation. Considering the
scenario where an anycast address is assigned on one interface,
and a global address with the same scope is assigned on another
interface. In other words, the interface owns the anycast
address has only the link-local address as one other address.
Without this patch, "ping6" the anycast address from another
station will observe the source address of the returned ICMP6
echo reply has the link-local address, not the global address
that exists on the other interface in the same node.
This patch fixes the following issues:
- Interface link-local address is not reachable within the
node that owns the interface, this is due to the mismatch
in address scope as the result of the installed interface
address loopback route. Therefore for each interface
address loopback route, the rt_gateway field (of AF_LINK
type) will be used to track which interface a given
address belongs to. This will aid the address source to
use the proper interface for address scope/zone validation.
- The loopback address is not reachable. The root cause is
the same as the above.
- Empty nd6 entries are created for the IPv6 loopback addresses
only for validation reason. Doing so will eliminate as much
of the special case (loopback addresses) handling code
as possible, however, these empty nd6 entries should not
be returned to the userland applications such as the
"ndp" command.
Since both of the above issues contain common files, these
files are committed together.
These checks against BUSY aren't needed: the newbus layer does this
already with the appropriate locks held... There's no need to do it
here, so just delete the checks.
Note migration of tunable from hw.bus.devctl_disable to
hw.bus.devctl_queue. The sysctl interface provides legacys upport for
the latter sysctl, but the tunable support was removed.
If an interface is brought up with no cable it will experience
watchdog resets, this is due to a missing check for link in the
new multiqueue start code.
sam [Fri, 4 Sep 2009 22:34:57 +0000 (22:34 +0000)]
must also plumb static wep keys to the local sta db in sta mode; not
sure when this became necessary and might be caused by some missing
code to do auto-configuration of DWDS usage
Remove artificial MAX_IO_SIZE constant, equal to DFLTPHYS * 2. Use MAXPHYS
instead. It is NULL change for GENERIC kernel, but allows 'fast' mode to
work on systems with increased MAXPHYS.
Add to `camcontrol cmd` support for sending arbitrary ATA commands.
It could be used for broad range of tasks, such as configuring drive
power management modes, caching, security and any other features and tasks,
not supported by existing drivers.
If crypto operation is finished with EAGAIN, don't repeat operation from
the return context, but from the original context.
Before repeating operation clear DONE flag and error.
Reviewed by: sam
Obtained from: Wheel Sp. z o.o. (http://www.wheel.pl)
Remove 'ad:' prefix from disk serial number. We don't want serial number
to change when we reconnect the disk in a way that it is accessible through
CAM for example.
1) Remove single occurance of HAS_CTYPE ifdef, ctype functions
used here for a long time and needs their header in anycase.
2) Add (unsigned char) casts to more ctype macros.
3) Simplify menu input handling using ctype instead of range unguarded
hardcoded tricks.
Bring i386 up to date with amd64 and others.
The macros for PCPU can be slightly simplified, which makes the
resulting tangle qa lot easier to understand when trying to read them.
New counters now exist for:
requests sent
replies sent
requests received
replies received
packets received
total packets dropped due to no ARP entry
entrys timed out
Duplicate IPs seen
The new statistics are seen in the netstat command
when it is given the -s command line switch.
Time for house-cleaning:
o remove all entries before RELENG_7 was branched, as is tradition[*].
o Update examples... nobody cares about 5.x upgrades.
o minor format tweaking in a few places.
o update copyright (although at best I hold an editors copyright these days).
o Remove giving people permission to buy me beer. I don't do enough for
this document for that anymore...
Do the first step in removing lukemftpd from the base system. Disconnect
it from the build.
If you are using the FTP daemon, please consider using the port ftp/tnftpd
which is the same FTP server, but newer and might have more/better
functionality.
This results in us providing only one ftp daemon by default.
Right now libteken processes TF_REVERSE internally and returns the
toggled colors to the console driver. This isn't entirely correct. This
means that the bold flag is always processed by the foreground color,
while reversing should be done after the foreground color has been set
to a brighter version by the bold flag.
This is no problem with the syscons driver, because with VGA it only
supports 16 foreground and 8 background colors. My WIP console driver
reconfigures the graphics hardware to disable the blink functionality
and uses 16 foreground and 16 background colors. This means that this
driver will handle the TF_REVERSE flag a little different from what
syscons does right now.
Add intermediate states for attaching and detaching that will be
reused by the enhached newbus locking once it is checked in.
This change can be easilly MFCed to STABLE_8 at the appropriate moment.
Reviewed by: jhb, scottl
Tested by: Giovanni Trematerra <giovanni dot trematerra at gmail dot com>
I initially committed libteken to sys/dev/syscons/teken, but now that
I'm working on a console driver myself, I noticed this was not a good
decision. Move it to sys/teken to make it easier for other drivers to
use a terminal emulator.
Also list teken.c in sys/conf/files, instead of listing it in all the
files.arch files separately.
Fix regression introduced in r196712 - the 'name' string needs
to be rewritten for each file we want to check ACL on. Without
this change, ls(1) would check only the ACL on the first file
to list.
In the lockmgr support:
- GIANT_RESTORE() is just called when the sleep finishes, so the current
code can ends up into a giant unlock problem. Fix it by appropriately
call GIANT_RESTORE() when needed. Note that this is not exactly ideal
because for any interation of the adaptive spinning we drop and restore
Giant, but the overhead should be not a factor.
- In the lock held in exclusive mode case, after the adaptive spinning is
brought to completition, we should just retry to acquire the lock
instead to fallthrough. Fix that.
- Fix a style nit
In the sx support:
- Call GIANT_SAVE() before than looping. This saves some overhead because
in the current code GIANT_SAVE() is called several times.
Tested by: Giovanni Trematerra <giovanni dot trematerra at gmail dot com>
- Work around ACPI mode transition problem for recent NVIDIA 9400M chipset
based Intel Macs. Since r189055, these platforms started freezing when
ACPI is being initialized for unknown reason. For these platforms, we just
use the old PAT layout. Note this change is not enough to boot fully on
these platforms because of other problems but it makes debugging possible.
Note MacBook5,2 may be affected as well but it was not added here because
of lack of hardware to test.
- Initialize PAT MSR fully instead of reading and modifying it for safety.
- Remove BSD.{x11,x11-4}.dist as we merged prefixes a while ago and those
files aren't used anymore.
- Remove BSD.local.dist as the file moved to ports/Templates when we merged
prefixes.
- Bump PKG_INSTALL_VERSION to 20090902 after dougb's changes.
- Change the comment to say that version must be changed when a
non-cosmetic change is made.
Add NFSv4 ACL support to cp(1) and fix a few memory leaks.
Note that this changes error reporting behaviour somewhat - before,
no error was reported if ACL couldn't be copied because the target
filesystem doesn't support ACLs. Now, it will be reported - of course,
only if there actually is an ACL to copy.
1) Use isprint() instead of hardcoded values to detect non-printable.
2) Use (unsigned char) cast in waddch() calls.
It fix highlighting bug: sign extension of 8bit to the attributes area.
3) Use setlocale() in any case.
Don't attempt to bind the current thread to the CPU an IRQ is bound to
when removing an interrupt handler from an IRQ during shutdown. During
shutdown we are already bound to CPU 0 and this was triggering a panic.
Fix regression introduced with NFSv4 ACL support - make acl_to_text(3)
and acl_calc_mask(3) return error instead of crashing when acl passed
to them is NULL.
Submitted by: markus
Reviewed by: rwatson
MFC after: 3 days
Add counters for the i7 architecture which were accidentally left
out of the original commit of i7 support. These are all the counters
on pages A-32 and A-33 of the _Intel(R) 64 and IA32 Architectures
Software Developer's Manual Vol 3B_, June 2009. Almost all
of these counters relate to operations on the L2 cache.
In case an upper layer protocol tries to send a packet but the
L2 code does not have the ethernet address for the destination
within the broadcast domain in the table, we remember the
original mbuf in `la_hold' in arpresolve() and send out a
different packet with an arp request.
In case there will be more upper layer packets to send we will
free an earlier one held in `la_hold' and queue the new one.
Once we get a packet in, with which we can perfect our arp table
entry we send out the original 'on hold' packet, should there
be any.
Rather than continuing to process the packet that we received,
we returned without freeing the packet that came in, which
basically means that we leaked an mbuf for every arp request
we sent.
Rather than freeing the received packet and returning, continue
to process the incoming arp packet as well.
This should (a) improve some setups, also proxy-arp, in case it was an
incoming arp request and (b) resembles the behaviour FreeBSD had
from day 1, which alignes with RFC826 "Packet reception" (merge case).
Rename 'm0' to 'hold' to make the code more understandable as
well as diffable to earlier versions more easily.
Handle the link-layer entry 'la' lock comepletely in the block
where needed and release it as early as possible, rather than
holding it longer, down to the end of the function.
Found by: pointyhat, ns1
Bug hunting session with: erwin, simon, rwatson
Tested by: simon on cluster machines
Reviewed by: ratson, kmacy, julian
MFC after: 3 days
Reintroduce the r196640, after fixing the problem with my testing.
Remove the altkstacks, instead instantiate threads with kernel stack
allocated with the right size from the start. For the thread that has
kernel stack cached, verify that requested stack size is equial to the
actual, and reallocate the stack if sizes differ [1].
This fixes the bug introduced by r173361 that was committed several days
after r173004 and consisted of kthread_add(9) ignoring the non-default
kernel stack size.
Also, r173361 removed the caching of the kernel stacks for a non-first
thread in the process. Introduce separate kernel stack cache that keeps
some limited amount of preallocated kernel stacks to lower the latency
of thread allocation. Add vm_lowmem handler to prune the cache on
low memory condition. This way, system with reasonable amount of the
threads get lower latency of thread creation, while still not exhausting
significant portion of KVA for unused kstacks.
Submitted by: peter [1]
Discussed with: jhb, julian, peter
Reviewed by: jhb
Tested by: pho (and retested according to new test scenarious)
MFC after: 1 week