Current pselect(3) is implemented in usermode and thus vulnerable to
well-known race condition, which elimination was the reason for the
function appearance in first place. If sigmask supplied as argument to
pselect() enables a signal, the signal might be delivered before thread
called select(2), causing lost wakeup. Reimplement pselect() in kernel,
making change of sigmask and sleep atomic.
Since signal shall be delivered to the usermode, but sigmask restored,
set TDP_OLDMASK and save old mask in td_oldsigmask. The TDP_OLDMASK
should be cleared by ast() in case signal was not gelivered during
syscall execution.
In r197963, a race with thread being selected for signal delivery
while in kernel mode, and later changing signal mask to block the
signal, was fixed for sigprocmask(2) and ptread_exit(3). The same race
exists for sigreturn(2), setcontext(2) and swapcontext(2) syscalls.
Use kern_sigprocmask() instead of direct manipulation of td_sigmask to
reschedule newly blocked signals, closing the race.
In kern_sigsuspend(), better manipulate thread signal mask using
kern_sigprocmask() to properly notify other possible candidate threads
for signal delivery.
Since sigsuspend() shall only return to usermode after a signal was
delivered, do cursig/postsig loop immediately after waiting for
signal, repeating the wait if wakeup was spurious due to race with
other thread fetching signal from the process queue before us. Add
thread_suspend_check() call to allow the thread to be stopped or killed
while in loop.
Modify last argument of kern_sigprocmask() from boolean to flags,
allowing the function to be called with locked proc. Convertion of the
callers that supplied 1 to the old argument will be done in the next
commit, and due to SIGPROCMASK_OLD value equial to 1, code is formally
correct in between.
When protection of wired read-only mapping is changed to read-write,
install new shadow object behind the map entry and copy the pages
from the underlying objects to it. This makes the mprotect(2) call to
actually perform the requested operation instead of silently do nothing
and return success, that causes SIGSEGV on later write access to the
mapping.
Reuse vm_fault_copy_entry() to do the copying, modifying it to behave
correctly when src_entry == dst_entry.
Jaakko Heinonen [Mon, 26 Oct 2009 14:57:33 +0000 (14:57 +0000)]
Fix parsing of mount options specified with -o in case an option with
value is preceded by an option without value (for example -o
option1,option2=value). Options must be separated before searching for
'='. Also compare pnextopt explicitly against NULL.
Rong-En Fan [Mon, 26 Oct 2009 13:03:52 +0000 (13:03 +0000)]
Merge r198489 from vendor/ncurses/dist:
Pull upstream patch to fix ee(1) crash when received SIGWINCH:
modify _nc_wgetch() to check for a -1 in the fifo, e.g., after a
SIGWINCH, and discard that value, to avoid confusing application
(patch by Eygene Ryabinkin, FreeBSD bin/136223).
Rong-En Fan [Mon, 26 Oct 2009 13:01:29 +0000 (13:01 +0000)]
Pull upstream patch to fix ee(1) crash when received SIGWINCH:
modify _nc_wgetch() to check for a -1 in the fifo, e.g., after a
SIGWINCH, and discard that value, to avoid confusing application
(patch by Eygene Ryabinkin, FreeBSD bin/136223).
Alexander Kabaev [Sun, 25 Oct 2009 15:52:31 +0000 (15:52 +0000)]
Compile libgcov without stack protection. It can be linked into
both static and dynamic binaries compiled with or without stack
protection and should not depend on libssp_nonshared.a symbols.
Rui Paulo [Sun, 25 Oct 2009 10:23:11 +0000 (10:23 +0000)]
Update firmware images according to the latest iwn updated.
"device iwnfw" includes all firmware images, but you can pick just one
by using the model number, e.g.: "device iwn4965fw".
Bjoern A. Zeeb [Sun, 25 Oct 2009 09:58:56 +0000 (09:58 +0000)]
Unconditionally call the setsockopt for IPV6_V6ONLY for v6 linux sockets
no matter whether we are compiled as module or if our default of the
net.inet6.ip6.v6only sysctl already matches what we would set.
This avoids unnecessary complications with modules, VIMAGES, INET6 and
the sysctl value, especially considering that most users will use
linux compat as a module.
Jilles Tjoelker [Sat, 24 Oct 2009 21:20:04 +0000 (21:20 +0000)]
sh: Exempt $@ and $* from set -u
This seems more useful and will likely be in the next POSIX standard.
Also document more precisely in the man page what set -u does (note that
$@, $* and $! are the only special parameters that can ever be unset, all
the others are always set, although they may be empty).
Marcel Moolenaar [Sat, 24 Oct 2009 20:28:42 +0000 (20:28 +0000)]
A 32KB kernel stack is not quite enough. The new USB stack is a bit
more stack hungry as compared to the old one that my RX2660 gets
a machine check and spontaneously reboots at the time the USB DVD
drive is found and attached to CAM as a mass storage device. This
doesn't happen always, but definitely varies per kernel build.
Likewise when using a 128-byte printf buffer. The additional 128
bytes that printf needs seems to be enough to have the memory stack
and register stack collide and causing a machine check.
Nathan Whitehorn [Sat, 24 Oct 2009 18:33:01 +0000 (18:33 +0000)]
Turn on NAP mode on G5 systems, and refactor the HID0 setup code a little.
This makes my G5 Xserve sound slightly less like it is filled with
howling banshees.
Rui Paulo [Sat, 24 Oct 2009 09:55:11 +0000 (09:55 +0000)]
Updates to the iwn driver:
* iwnfw has now been split into individual modules so autoloading of
firmware module(s) does work again.
* Changes have been made to RUN -> AUTH transition, this should fix the
issue reported by Glen and others.
* Brandon reported issues in iwn_cmd() with large commands, those have
been fixed to.
* DEAUTH is now handled correctly.
Submitted by: Bernhard Schmidt <bschmidt at techwires.net>
Joseph Koshy [Sat, 24 Oct 2009 04:11:40 +0000 (04:11 +0000)]
Not all Intel Core (TM) CPUs implement PMC_CLASS_IAF fixed-function
counters. For such CPUs, use an alternate mapping of convenience
names to events supported by PMC_CLASS_IAP programmable counters.
Marcel Moolenaar [Fri, 23 Oct 2009 22:53:01 +0000 (22:53 +0000)]
BIOSes, buggy or otherwise, are i386 or amd64 specific.
Have the early USB takeover enabled for i386 and amd64
by default.
This also avoids a panic on PowerPC where the resource
isn't released properly and we find a busy resource
when the USB host controller wants to allocate it...
Nathan Whitehorn [Fri, 23 Oct 2009 21:36:33 +0000 (21:36 +0000)]
Add some more paranoia to setting HID registers, and update the AIM
clock routines to work better with SMP. This makes SMP work fully and
stably on an Xserve G5.
Robert Noland [Fri, 23 Oct 2009 18:44:53 +0000 (18:44 +0000)]
Correct some issues with zfs boot.
- Teach it to read gang blocks. (essentially untested)
If you see "ZFS: gang block detected!", please let
me know, so we can either remove the printf if it
works, or fix it if it doesn't.
- If multiple partitions exist on a disk, probe them all.
We also need to reset dsk->start to 0 to read the right
sector here.
- With GPT, we can have 128 partitions.
- If the bootfs property has ever been set on a pool
it seems that it never goes away. zpool won't allow
you to add to the pool with the bootfs property set.
However, if you clear the property back to default
we end up getting 0 for the object number and read
a bogus block pointer and fail to boot.
- Fix some error printfs. The printf in the loader is
only capable of c,s and u formats.
Jung-uk Kim [Fri, 23 Oct 2009 18:41:00 +0000 (18:41 +0000)]
- When we restore VESA state, try BIOS POST earlier. VESA restore state
function may not work properly if we don't. Turn off hardware cursor as
vesa_set_mode() does.
- Add VBE 3.0 specific fields in VESA mode structure and pack it. Note
the padding is 190 bytes although VBE 3.0 says 189 bytes. It must be wrong
because the size of structure becomes 255 bytes and the specification says
it must be 256 bytes in total. In fact, an example code in the spec. does
it right, though. While we are at it, fix some i386-isms.
- Remove state buffer size limitation. It is no longer necessary since
sys/compat/x86bios/x86bios.c r198251.
- Move int 0x10 vector test into vesa_bios_post() as we always do it anyway.
John Baldwin [Fri, 23 Oct 2009 15:14:54 +0000 (15:14 +0000)]
- Fix several off-by-one errors when using MAXCOMLEN. The p_comm[] and
td_name[] arrays are actually MAXCOMLEN + 1 in size and a few places that
created shadow copies of these arrays were just using MAXCOMLEN.
- Prefer using sizeof() of an array type to explicit constants for the
array length in a few places.
- Ensure that all of p_comm[] and td_name[] is always zero'd during
execve() to guard against any possible information leaks. Previously
trailing garbage in p_comm[] could be leaked to userland in ktrace
record headers via td_name[].
John Baldwin [Fri, 23 Oct 2009 15:09:51 +0000 (15:09 +0000)]
Don't bother copying the name of a kproc or kthread out into a temporary
array just to pass that array to printf(). kproc and kthread names are
NUL-terminated and can be printed using printf() directly.
Jilles Tjoelker [Fri, 23 Oct 2009 14:50:11 +0000 (14:50 +0000)]
wordexp(3): fix some bugs with signals and long outputs
* retry various system calls on EINTR
* retry the rest after a short read (common if there is more than about 1K
of output)
* block SIGCHLD like system(3) does (note that this does not and cannot
work fully in threaded programs, they will need to be careful with wait
functions)
Nathan Whitehorn [Fri, 23 Oct 2009 14:27:40 +0000 (14:27 +0000)]
Do not map the trap vectors into the kernel's address space. They are
only used in real mode and keeping them mapped only serves to make NULL
a valid address, which results in silent NULL pointer deferences.
Suggested by: Patrick Kerharo
Obtained from: projects/ppc64