Because sh executes commands in subshell environments without forking in
more and more cases (particularly from 8.0 on), it makes sense to describe
subshell environments more precisely using ideas from POSIX, together with
some FreeBSD-specific items.
In particular, the hash and times builtins may not behave as if their state
is copied for a subshell environment while leaving the parent shell
environment unchanged.
posix_spawn: If an error is detected in the child process, reap the zombie.
Formerly, in this case an error was returned but the pid was also returned
to the application, requiring the application to use unspecified behaviour
(the returned pid in error situations) to avoid zombies.
- Removing some unneeded definitions of NULL(cruft related to 1970's C).
In C90, NULL is guaranteed to be declared in <stddef.h> and also in
<string.h>. Though the correct way to define NULL in FreeBSD is to
include <sys/_null.h>, other parts of libstand still require <string.h>
to build; therefore, we keep <string.h> in stand.h and add a note about
this;
- Removing no longer used 'Prototype' definition. Quote from bde@:
'Cruft related to getting incomplete struct declarations within
prototypes forward-declared before the structs. It doesn't mean
"prototype" but only part of a prototype-related hack. No longer
used.'
- Replacing iaddr_t with uintptr_t;
- Removing use of long double to determine alignment. Use a fixed 16 byte
alignment instead;
Allow disk partitions associated with UFS read-only mounted
filesystems to be opened for writing. This functionality used to
be special-cased for just the root filesystem, but with this change
is now available for all UFS filesystems. This change is needed for
journaled soft updates recovery.
Per request of the docs team, install docs as packages, instead of via
the normal distfile mechanism. Thanks to Marc Fonvieille for the patch and
for putting up with me taking entirely too long to commit this!
Marius Strobl [Sat, 9 Jul 2011 18:47:51 +0000 (18:47 +0000)]
Fix the definition for PCPU_NAME_LEN, which is intended to fit
("CPU %d", cpuid) where cpuid <= MAXCPU.
1. sizeof(__XSTRING(MAXCPU) + 1) is a typo: typeof(__XSTRING(...) + 1)
is 'char *', so sizeof() will return the size of the pointer, not
the size of the string contents. The proper expression should be
'sizeof(__XSTRING(MAXCPU)) + 1'.
2. One should not add one, but substract it: sizeof() accounts for the
trailing '\0' and we have two sizeof's, so the size of one '\0'
should be substracted -- this will give the maximal string buffer
length for CPU with its number, no less, no more.
Add a facility to disable processing page faults. When activated,
uiomove generates EFAULT if any accessed address is not mapped, as
opposed to handling the fault.
Sponsored by: The FreeBSD Foundation
Reviewed by: alc (previous version)
Implement a helper functions to locally set thread-private flag, and
restore it to the previous state. Note that only setting a flag locally
is supported.
Sponsored by: The FreeBSD Foundation
Reviewed by: alc (previous version)
MFC after: 1 week
Stefan Eßer [Sat, 9 Jul 2011 12:14:57 +0000 (12:14 +0000)]
Some refactoring for easier maintenance of the code. This is a follow-up
to re-establishment of 64bit arithmetic, but is committed separately, to
not obscure that conversion. This commit does not change the observed
behaviour of expr in any way. Style will be fixed in a follow-up commit.
Stefan Eßer [Sat, 9 Jul 2011 12:05:53 +0000 (12:05 +0000)]
Make /bin/expr support 64bit numeric range and range checks by default,
again. This brings back the behaviour of expr in FreeBSD-4, which had been
reverted due to an assumed incompatbility with POSIX.1 for FreeBSD-5.
This issue has been discussed in the freebsd-standards list, and the
consensus was, that POSIX.1 is in fact not violated by this extension,
since it affects only cases of POSIX undefined behaviour (overflow of
signed long).
Other operating systems did upgrade their versions of expr to support
64bit range, after it had been initially brought to FreeBSD. They have
used it for a decade without problems, meanwhile.
The -e option is retained, but it will only select less strict checking
of numeric parameters (leading white-space, leading "+" are allowed and
skipped, an empty string is considered to represent 0 in numeric context.)
The call of check_utility_compat() as a means of establishing backwards
compatibility with FreeBSD-4 is considered obsolete, but preserved in
this commit. It is expected to be removed in a later revision of this
file.
Reviewed by: bde, das, jilles
MFC after: 2 month (those parts that do not violate POLA)
Add an option to have a fail point term only execute when run by a
specified pid. This is helpful for automated testing involving a global
knob that would otherwise be executed by many other threads.
Implement basic support for memory attributes. At this time we only
distinguish between UC and WB memory so that we can map the page to
either a region 6 address (for UC) or a region 7 address (for WB).
This change is only now possible, because previously we would map
regions 6 and 7 with 256MB translations and on top of that had the
kernel mapped in region 7 using a wired translation. The introduction
of the PBVM moved the kernel into its own region and freed up region
7 and allowed us to revert to standard page-sized translations.
This commit inroduces pmap_page_to_va() that respects the attribute.
Rather than checking to see if a descriptor is a kqueue, check to see if
its fileops flags include DFLAG_PASSABLE.
At the moment, these two tests are equivalent, but this will change with
the addition of capabilities that wrap kqueues but are themselves of type
DTYPE_CAPABILITY. We already have the DFLAG_PASSABLE abstraction, so let's
use it.
This change has been tested with [the newly improved] tools/regression/kqueue.
Approved by: mentor (rwatson), re (Capsicum blanket)
Sponsored by: Google Inc
Rather than using err() if either of two failure conditions
fires (which can produce spurious error messages), just use
errx() if the one condition that really matters fires.
In practice, this single test is enough to detect the failure
mode we're looking for (kqueue being inherited across fork).
Approved by: mentor (rwatson), re (Capsicum blanket)
Sponsored by: Google Inc
Andre Oppermann [Fri, 8 Jul 2011 10:50:13 +0000 (10:50 +0000)]
In the experimental soreceive_stream():
o Move the non-blocking socket test below the SBS_CANTRCVMORE so that EOF
is correctly returned on a remote connection close.
o In the non-blocking socket test compare SS_NBIO against the so->so_state
field instead of the incorrect sb->sb_state field.
o Simplify the ENOTCONN test by removing cases that can't occur.
Submitted by: trociny (with some further tweaks by committer)
Tested by: trociny
Fixing building bustage on 32 bits platforms when WARNS >= 2. Note that
this fix only applies to zalloc.c, the other part of libstand such like
qdivrem.c still gives compilation warnings on sparc64 tinderbox builds;
therefore, WARNS level isn't changed for now.
Submitted by: Garrett Cooper <yanegomi@gmail.com>
Reviewed by: bde
Rick Macklem [Fri, 8 Jul 2011 00:49:50 +0000 (00:49 +0000)]
Delete the /etc/rc.d/nfsserver script, since it is no
longer used by /etc/rc.d/nfsd and it is no longer necessary
to load the old nfs server by default, when nfs_server_enable="YES".
Tested by: sgk at troutmask.apl.washington.edu
Reviewed by: rc (Andrzej Tobola)
Ensure that kqueue is not inherited across fork().
Modify the existing unit test (from libkqueue) which already exercises process events via
fork() and kill(). Now, the child process simply checks that the 'kqfd' descriptor is invalid.
Some minor modifications were required to make err() work correctly. It seems that this test
was imported using the output of a configure script, but config.h was not included in key
places, nor was its syntax correct (need '#define HAVE_FOO 1' rather than '#define HAVE_FOO').
Finally, change main() to run the "proc" suite by default, but widened the '#if TODO' in
proc.c to include the non-functioning test event_trigger().
Approved by: mentor (rwatson), re (Capsicum blanket)
Sponsored by: Google Inc
This comment refers to CAP_NT_SMBS, which does not exist; it should refer to SMB_CAP_NT_SMBS.
Fixing this comment makes it easier for people interested in Capsicum to grep around for
capability rights, whose identifiers are of the form 'CAP_[A-Z_]'.
Approved by: mentor (rwatson), re (Capsicum blanket)
Sponsored by: Google Inc
Andre Oppermann [Thu, 7 Jul 2011 10:37:14 +0000 (10:37 +0000)]
Remove the TCP_SORECEIVE_STREAM compile time option. The use of
soreceive_stream() for TCP still has to be enabled with the loader
tuneable net.inet.tcp.soreceive_stream.
All the racct_*() calls need to happen with the proc locked. Fixing this
won't happen before 9.0. This commit adds "#ifdef RACCT" around all the
"PROC_LOCK(p); racct_whatever(p, ...); PROC_UNLOCK(p)" instances, in order
to avoid useless locking/unlocking in kernels built without "options RACCT".
Conditionally compile in the IPv4/IPv6 address family support.
Test it with feature_present(3), so that we do not end up with passing
an unsupported version to NgSendMsg(3).
Gordon Tetlow [Wed, 6 Jul 2011 06:34:08 +0000 (06:34 +0000)]
Only increment the ypcnt once per data record. The old implementation
was incrementing it twice making it impossible to iterate the table
since the records were 1, 3, 5, 7 (or 2, 4, 6, 8 for the v3 records).
ALL BIND USERS ARE ENCOURAGED TO UPGRADE IMMEDIATELY
This update addresses the following vulnerability:
CVE-2011-2464
=============
Severity: High
Exploitable: Remotely
Description:
A defect in the affected BIND 9 versions allows an attacker to remotely
cause the "named" process to exit using a specially crafted packet. This
defect affects both recursive and authoritative servers. The code location
of the defect makes it impossible to protect BIND using ACLs configured
within named.conf or by disabling any features at compile-time or run-time.
Marius Strobl [Tue, 5 Jul 2011 20:05:06 +0000 (20:05 +0000)]
Remove the IDR_CHEETAH_MAX_BN_PAIRS limit from cheetah_ipi_selected().
This is just a simple approach. For reasons unknown OpenSolaris uses a
more sophisticated one involving IPIing the remaining CPUs in reverse
order after the first batch of 32.
Colin Percival [Tue, 5 Jul 2011 18:49:55 +0000 (18:49 +0000)]
Remove #ifdef notyet code dating back to 4.3BSD Net/2 (and possibly earlier).
I think the benefit of making the code cleaner and easier to understand
outweighs the humour of leaving this intact (or possibly changing it to
#ifdef not_yet_and_probably_never).
Colin Percival [Tue, 5 Jul 2011 18:43:54 +0000 (18:43 +0000)]
Don't allow lro->len to exceed 65535, as this will result in overflow
when len is inserted back into the synthetic IP packet and cause a
multiple of 2^16 bytes of TCP "packet loss".
This improves Linux->FreeBSD netperf bandwidth by a factor of 300 in
testing on Amazon EC2.
Jung-uk Kim [Tue, 5 Jul 2011 18:42:10 +0000 (18:42 +0000)]
Correct cpu_monitor() and cpu_mwait() for amd64. These instructions take
%rcx as "extensions" in long mode. If any unused bit is set in %rcx, these
instructions cause general protection fault. Fix style nits and synchronize
i386 with amd64.
Marius Strobl [Tue, 5 Jul 2011 18:40:37 +0000 (18:40 +0000)]
Call pmap_qremove() before freeing or unwiring the pages, otherwise
there's a window during which a page can be re-used before its previous
mapping is removed.
Follow Linux by unconditionally stripping the RX vlan tag from incoming
packets. It turns out that all firmware versions insert it, whether or not
they support VLAN tagging.
Submitted by: glevand <geoffrey.levand at mail dot ru>
o Eliminate flow6_hash_entry in favor of flow_hash_entry. We don't need
a separate struct to start a slist of semi-opaque structs. This
makes some code more compact.
o Rewrite ng_netflow_flow_show() and its API/ABI:
- Support for IPv6 is added.
- Request and response now use same struct. Structure specifies
version (6 or 4), index of last retrieved hash, and also index
of last retrieved entry in the hash entry.
Ed Schouten [Tue, 5 Jul 2011 14:12:48 +0000 (14:12 +0000)]
Only print entries for which ut_host points to a character device.
Now that we use utmpx, we more often have entries for which the ut_line
is left blank. To prevent us from returning struct stat for "/dev/",
check that the resulting stat structure belongs to a character device.
This new version of _fget() requires new parameters:
- cap_rights_t needrights
the rights that we expect the capability's rights mask to include
(e.g. CAP_READ if we are going to read from the file)
- cap_rights_t *haverights
used to return the capability's rights mask (ignored if NULL)
- u_char *maxprotp
the maximum mmap() rights (e.g. VM_PROT_READ) that can be permitted
(only used if we are going to mmap the file; ignored if NULL)
- int fget_flags
FGET_GETCAP if we want to return the capability itself, rather than
the underlying object which it wraps
Approved by: mentor (rwatson), re (Capsicum blanket)
Sponsored by: Google Inc
Rick Macklem [Mon, 4 Jul 2011 23:32:09 +0000 (23:32 +0000)]
The algorithm used by nfscl_getopen() could have resulted in
multiple instances of the same lock_owner when a process both
inherited an open file descriptor plus opened the same file itself.
Since some NFSv4 servers cannot handle multiple instances of
the same lock_owner string, this patch changes the algorithm
used by nfscl_getopen() in the new NFSv4 client to keep that
from happening. The new algorithm is simpler, since there is
no longer any need to ascend the process's parentage tree because
all NFSv4 Closes for a file are done at VOP_INACTIVE()/VOP_RECLAIM(),
making the Opens indistinct w.r.t. use with Lock Ops.
This problem was discovered at the recent NFSv4 interoperability
Bakeathon.
Jeff Roberson [Mon, 4 Jul 2011 22:08:04 +0000 (22:08 +0000)]
- Speed up pendingblock processing again. Having too much delay between
ffs_blkfree() and the pending adjustment causes all kinds of
space related problems.
Jeff Roberson [Mon, 4 Jul 2011 20:53:55 +0000 (20:53 +0000)]
- It is impossible to run request_cleanup() while doing a copyonwrite.
This will most likely cause new block allocations which can recurse
into request cleanup.
- While here optimize the ufs locking slightly. We need only acquire and
drop once.
- process_removes() and process_truncates() also is only needed once.
- Attempt to flush each item on the worklist once but do not loop forever
if some can not be completed.
pf(4) tags now store the state key but tcp_respond tries to reuse a mbuf as an optimization.
This makes pf find the wrong state and cause errors reported with state mismatches.
Clear the cached state link on the pf(4) tag to avoid the state mismatches.
cap_funwrap() and cap_funwrap_mmap() unwrap capabilities, exposing the
underlying object. Attempting to unwrap a capability with an inadequate
rights mask (e.g. calling cap_funwrap(fp, CAP_WRITE | CAP_MMAP, &result)
on a capability whose rights mask is CAP_READ | CAP_MMAP) will result in
ENOTCAPABLE.
Unwrapping a non-capability is effectively a no-op.
These functions will be used by Capsicum-aware versions of _fget(), etc.
Approved by: mentor (rwatson), re (Capsicum blanket)
Sponsored by: Google Inc
- Remove the now unused CPU_NAND_ATOMIC()
- Add a comment explaining that CPU_OR_ATOMIC() and
CPU_COPY_STORE_REL() are special wrappers used to cater particular
cases.
With retirement of cpumask_t and usage of cpuset_t for representing a
mask of CPUs, pc_other_cpus and pc_cpumask become highly inefficient.
Remove them and replace their usage with custom pc_cpuid magic (as,
atm, pc_cpumask can be easilly represented by (1 << pc_cpuid) and
pc_other_cpus by (all_cpus & ~(1 << pc_cpuid))).
This change is not targeted for MFC because of struct pcpu members
removal and dependency by cpumask_t retirement.
- Use refcount(9) API to manage node and hook refcounting.
- Make ng_unref_node() void, since caller shouldn't be
interested in whether node is valid after call or not,
since it can't be guaranteed to be valid. [1]
ARP code reuses mbuf from ARP request to make a reply, but it does not
reset rcvif to NULL. Since rcvif is not NULL, ipfw(4) supposes that ARP
replies were received on specified interface.
Reset rcvif to NULL for ARP replies to fix this issue.