CVS commit: src/sys/fs/udf
Module Name:src Committed By: reinoud Date: Thu Dec 16 22:24:11 UTC 2021 Modified Files: src/sys/fs/udf: udf_subr.c Log Message: Fix typo: reader -> header To generate a diff of this commit: cvs rdiff -u -r1.161 -r1.162 src/sys/fs/udf/udf_subr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/fs/udf/udf_subr.c diff -u src/sys/fs/udf/udf_subr.c:1.161 src/sys/fs/udf/udf_subr.c:1.162 --- src/sys/fs/udf/udf_subr.c:1.161 Thu Dec 16 22:19:08 2021 +++ src/sys/fs/udf/udf_subr.c Thu Dec 16 22:24:10 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: udf_subr.c,v 1.161 2021/12/16 22:19:08 reinoud Exp $ */ +/* $NetBSD: udf_subr.c,v 1.162 2021/12/16 22:24:10 reinoud Exp $ */ /* * Copyright (c) 2006, 2008 Reinoud Zandijk @@ -29,7 +29,7 @@ #include #ifndef lint -__KERNEL_RCSID(0, "$NetBSD: udf_subr.c,v 1.161 2021/12/16 22:19:08 reinoud Exp $"); +__KERNEL_RCSID(0, "$NetBSD: udf_subr.c,v 1.162 2021/12/16 22:24:10 reinoud Exp $"); #endif /* not lint */ @@ -614,7 +614,7 @@ udf_search_writing_tracks(struct udf_mou /* * Check if the blob starts with a good UDF tag. Tags are protected by a - * checksum over the reader except one byte at position 4 that is the checksum + * checksum over the header except one byte at position 4 that is the checksum * itself. */
CVS commit: src/sys/fs/udf
Module Name:src Committed By: reinoud Date: Thu Dec 16 22:24:11 UTC 2021 Modified Files: src/sys/fs/udf: udf_subr.c Log Message: Fix typo: reader -> header To generate a diff of this commit: cvs rdiff -u -r1.161 -r1.162 src/sys/fs/udf/udf_subr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/fs/udf
Module Name:src Committed By: reinoud Date: Thu Dec 16 22:19:09 UTC 2021 Modified Files: src/sys/fs/udf: udf_subr.c Log Message: Fix serious issue with recordable media formatted with Win10. When closing it after modification the VAT was written out corrupted making the disc unreadable anymore on remount. Thanks for ig@ for spotting it in the wild! To generate a diff of this commit: cvs rdiff -u -r1.160 -r1.161 src/sys/fs/udf/udf_subr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/fs/udf/udf_subr.c diff -u src/sys/fs/udf/udf_subr.c:1.160 src/sys/fs/udf/udf_subr.c:1.161 --- src/sys/fs/udf/udf_subr.c:1.160 Wed Dec 15 22:02:30 2021 +++ src/sys/fs/udf/udf_subr.c Thu Dec 16 22:19:08 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: udf_subr.c,v 1.160 2021/12/15 22:02:30 reinoud Exp $ */ +/* $NetBSD: udf_subr.c,v 1.161 2021/12/16 22:19:08 reinoud Exp $ */ /* * Copyright (c) 2006, 2008 Reinoud Zandijk @@ -29,7 +29,7 @@ #include #ifndef lint -__KERNEL_RCSID(0, "$NetBSD: udf_subr.c,v 1.160 2021/12/15 22:02:30 reinoud Exp $"); +__KERNEL_RCSID(0, "$NetBSD: udf_subr.c,v 1.161 2021/12/16 22:19:08 reinoud Exp $"); #endif /* not lint */ @@ -2765,10 +2765,11 @@ udf_update_vat_descriptor(struct udf_mou struct icb_tag *icbtag; struct udf_oldvat_tail *oldvat_tl; struct udf_vat *vat; + struct regid *regid; uint64_t unique_id; uint32_t lb_size; uint8_t *raw_vat; - int filetype, error; + int vat_length, impl_use_len, filetype, error; KASSERT(vat_node); KASSERT(lvinfo); @@ -2813,11 +2814,20 @@ udf_update_vat_descriptor(struct udf_mou sizeof(struct udf_oldvat_tail), ump->vat_entries * 4); } else { /* compose the VAT2 header */ + vat_length = sizeof(struct udf_vat); vat = (struct udf_vat *) raw_vat; - memset(vat, 0, sizeof(struct udf_vat)); - vat->header_len = udf_rw16(152); /* as per spec */ - vat->impl_use_len = udf_rw16(0); + error = udf_vat_read(vat_node, raw_vat, vat_length, 0); + if (error) + goto errout; + + impl_use_len = udf_rw16(vat->impl_use_len); + vat_length += impl_use_len; + + error = udf_vat_read(vat_node, raw_vat, vat_length, 0); + if (error) + goto errout; + memmove(vat->logvol_id, ump->logical_vol->logvol_id, 128); vat->prev_vat = udf_rw32(0x); vat->num_files= lvinfo->num_files; @@ -2826,9 +2836,20 @@ udf_update_vat_descriptor(struct udf_mou vat->min_udf_writever = lvinfo->min_udf_writever; vat->max_udf_writever = lvinfo->max_udf_writever; - error = udf_vat_write(vat_node, raw_vat, - sizeof(struct udf_vat), 0); + if (impl_use_len >= sizeof(struct regid)) { + /* insert our implementation identification */ + memset(vat->data, 0, impl_use_len); + regid = (struct regid *) vat->data; + udf_set_regid(regid, IMPL_NAME); + udf_add_app_regid(ump, regid); + } else { + if (impl_use_len) +memset(vat->data, 0, impl_use_len); + vat->impl_use_len = 0; + } + error = udf_vat_write(vat_node, raw_vat, vat_length, 0); } +errout: free(raw_vat, M_TEMP); return error; /* success! */ @@ -2997,7 +3018,7 @@ udf_check_for_vat(struct udf_node *vat_n /* definition */ vat = (struct udf_vat *) raw_vat; - vat_offset = vat->header_len; + vat_offset = udf_rw16(vat->header_len); vat_entries = (vat_length - vat_offset)/4; assert(lvinfo);
CVS commit: src/sys/fs/udf
Module Name:src Committed By: reinoud Date: Thu Dec 16 22:19:09 UTC 2021 Modified Files: src/sys/fs/udf: udf_subr.c Log Message: Fix serious issue with recordable media formatted with Win10. When closing it after modification the VAT was written out corrupted making the disc unreadable anymore on remount. Thanks for ig@ for spotting it in the wild! To generate a diff of this commit: cvs rdiff -u -r1.160 -r1.161 src/sys/fs/udf/udf_subr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/fs/udf
Module Name:src Committed By: reinoud Date: Thu Dec 16 21:39:53 UTC 2021 Modified Files: src/sys/fs/udf: udf_vfsops.c Log Message: Make sysctl udf.verbose dependent on UDF_DEBUG instead of DEBUG To generate a diff of this commit: cvs rdiff -u -r1.82 -r1.83 src/sys/fs/udf/udf_vfsops.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/fs/udf/udf_vfsops.c diff -u src/sys/fs/udf/udf_vfsops.c:1.82 src/sys/fs/udf/udf_vfsops.c:1.83 --- src/sys/fs/udf/udf_vfsops.c:1.82 Thu Sep 16 22:19:11 2021 +++ src/sys/fs/udf/udf_vfsops.c Thu Dec 16 21:39:53 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: udf_vfsops.c,v 1.82 2021/09/16 22:19:11 andvar Exp $ */ +/* $NetBSD: udf_vfsops.c,v 1.83 2021/12/16 21:39:53 reinoud Exp $ */ /* * Copyright (c) 2006, 2008 Reinoud Zandijk @@ -28,7 +28,7 @@ #include #ifndef lint -__KERNEL_RCSID(0, "$NetBSD: udf_vfsops.c,v 1.82 2021/09/16 22:19:11 andvar Exp $"); +__KERNEL_RCSID(0, "$NetBSD: udf_vfsops.c,v 1.83 2021/12/16 21:39:53 reinoud Exp $"); #endif /* not lint */ @@ -182,7 +182,7 @@ SYSCTL_SETUP(udf_sysctl_setup, "udf sysc SYSCTL_DESCR("OSTA Universal File System"), NULL, 0, NULL, 0, CTL_VFS, 24, CTL_EOL); -#ifdef DEBUG +#ifdef UDF_DEBUG sysctl_createv(clog, 0, NULL, , CTLFLAG_PERMANENT|CTLFLAG_READWRITE, CTLTYPE_INT, "verbose",
CVS commit: src/sys/fs/udf
Module Name:src Committed By: reinoud Date: Thu Dec 16 21:39:53 UTC 2021 Modified Files: src/sys/fs/udf: udf_vfsops.c Log Message: Make sysctl udf.verbose dependent on UDF_DEBUG instead of DEBUG To generate a diff of this commit: cvs rdiff -u -r1.82 -r1.83 src/sys/fs/udf/udf_vfsops.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/fs/udf
Module Name:src Committed By: reinoud Date: Wed Dec 15 22:02:30 UTC 2021 Modified Files: src/sys/fs/udf: udf_subr.c Log Message: While searching the VAT on recordable media, search the last sector too! This fixes Win10 formatted discs from being mounted incorrectly. To generate a diff of this commit: cvs rdiff -u -r1.159 -r1.160 src/sys/fs/udf/udf_subr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/fs/udf/udf_subr.c diff -u src/sys/fs/udf/udf_subr.c:1.159 src/sys/fs/udf/udf_subr.c:1.160 --- src/sys/fs/udf/udf_subr.c:1.159 Sun Dec 5 04:21:31 2021 +++ src/sys/fs/udf/udf_subr.c Wed Dec 15 22:02:30 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: udf_subr.c,v 1.159 2021/12/05 04:21:31 msaitoh Exp $ */ +/* $NetBSD: udf_subr.c,v 1.160 2021/12/15 22:02:30 reinoud Exp $ */ /* * Copyright (c) 2006, 2008 Reinoud Zandijk @@ -29,7 +29,7 @@ #include #ifndef lint -__KERNEL_RCSID(0, "$NetBSD: udf_subr.c,v 1.159 2021/12/05 04:21:31 msaitoh Exp $"); +__KERNEL_RCSID(0, "$NetBSD: udf_subr.c,v 1.160 2021/12/15 22:02:30 reinoud Exp $"); #endif /* not lint */ @@ -3102,7 +3102,7 @@ udf_search_vat(struct udf_mount *ump, un if (vat_node) vput(vat_node->vnode); vat_loc++; /* walk forward */ - } while (vat_loc < late_vat_loc); + } while (vat_loc <= late_vat_loc); if (accepted_vat_node) break;
CVS commit: src/sys/fs/udf
Module Name:src Committed By: reinoud Date: Wed Dec 15 22:02:30 UTC 2021 Modified Files: src/sys/fs/udf: udf_subr.c Log Message: While searching the VAT on recordable media, search the last sector too! This fixes Win10 formatted discs from being mounted incorrectly. To generate a diff of this commit: cvs rdiff -u -r1.159 -r1.160 src/sys/fs/udf/udf_subr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/usr.sbin/makefs
Module Name:src Committed By: reinoud Date: Fri Nov 12 07:41:55 UTC 2021 Modified Files: src/usr.sbin/makefs: makefs.8 Log Message: Explain cd9660 and udf exceptions on the rule that the default sectorsize is 512. To generate a diff of this commit: cvs rdiff -u -r1.67 -r1.68 src/usr.sbin/makefs/makefs.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.sbin/makefs/makefs.8 diff -u src/usr.sbin/makefs/makefs.8:1.67 src/usr.sbin/makefs/makefs.8:1.68 --- src/usr.sbin/makefs/makefs.8:1.67 Sat Apr 3 14:10:56 2021 +++ src/usr.sbin/makefs/makefs.8 Fri Nov 12 07:41:55 2021 @@ -1,4 +1,4 @@ -.\" $NetBSD: makefs.8,v 1.67 2021/04/03 14:10:56 simonb Exp $ +.\" $NetBSD: makefs.8,v 1.68 2021/11/12 07:41:55 reinoud Exp $ .\" .\" Copyright (c) 2001-2003 Wasabi Systems, Inc. .\" All rights reserved. @@ -197,8 +197,11 @@ When merging multiple directories replac .It Fl S Ar sector-size Set the file system sector size to .Ar sector-size . -.\" XXX: next line also true for cd9660? -Defaults to 512. +Defaults to 512 for most file systems, but is 2048 for +.Sy cd9660 +and +.Sy udf +for CD/DVD/BD optical media types. .It Fl s Ar image-size Set the size of the file system image to .Ar image-size .
CVS commit: src/usr.sbin/makefs
Module Name:src Committed By: reinoud Date: Fri Nov 12 07:41:55 UTC 2021 Modified Files: src/usr.sbin/makefs: makefs.8 Log Message: Explain cd9660 and udf exceptions on the rule that the default sectorsize is 512. To generate a diff of this commit: cvs rdiff -u -r1.67 -r1.68 src/usr.sbin/makefs/makefs.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Re: CVS commit: src/sys
On Wed, Sep 15, 2021 at 07:58:20PM +0900, Rin Okuyama wrote: > On 2021/09/11 19:09, Taylor R Campbell wrote: > > Module Name:src > > Committed By: riastradh > > Date: Sat Sep 11 10:09:55 UTC 2021 > > > > Modified Files: > > src/sys/arch/sparc64/sparc64: machdep.c > > src/sys/kern: kern_ksyms.c subr_csan.c subr_msan.c > > src/sys/sys: ksyms.h > > > > Log Message: > > ksyms: Use pserialize(9) for kernel access to ksyms. Sorry for my ignorance but I thought that the ksyms list was static? ie read-only? Or is this change to support kernel modules symbols too and thus need rw access control? With regards, Reinoud
Re: CVS commit: src/doc
Hi Simon, On Wed, Jan 27, 2021 at 05:27:01AM +, Simon Burge wrote: > Module Name: src > Committed By: simonb > Date: Wed Jan 27 05:27:01 UTC 2021 > > Modified Files: > src/doc: CHANGES > > Log Message: > Note support for QEMU "mipssim" emulator. Is this machine also *able* to run big endian? Or/and can it also use virtio over either FDT/ACPI or PCI? With regards, Reinoud
Re: CVS commit: src/usr.bin/make
Hi, On Tue, Jan 26, 2021 at 11:44:56PM +, Roland Illig wrote: > Module Name: src > Committed By: rillig > Date: Tue Jan 26 23:44:56 UTC 2021 > > Modified Files: > src/usr.bin/make: parse.c > src/usr.bin/make/unit-tests: include-main.exp include-subsub.mk > > Log Message: > make(1): in -dp mode, print stack trace with each diagnostic Maybe related but could you make printing of the 1st failing error message easier to find in a parallel build? Say recording the command and output of the offending command and print it at the end ? Reinoud
Re: CVS commit: src/sys/dev/pci
On Tue, Jan 26, 2021 at 05:51:42PM +0900, Rin Okuyama wrote: > Hi, > This seems not correct for me. Is the attached patch OK with you? Well you spotted a bug indeed int he freeing section. I'll fix and commit it. Thanks for reporting. Reinoud signature.asc Description: PGP signature
Re: CVS commit: src/sys/dev/pci
On Fri, Jan 22, 2021 at 04:54:51PM +1100, matthew green wrote: > > +#ifndef _LP64 > > _LP64 is a terrible way to make this choice. > > heaps of our 32 bit platforms implement the _8 variants. Can't we then just make sure they have the 8 bit variant? and set a define if its atomic or not? This way drivers van use the _8 variant freely and for the few drivers that NEED the atomicity, they can check the define and deal with it the way they like. Reinoud
Re: CVS commit: src/share/mk
On Sun, Sep 04, 2016 at 06:57:40PM +, matthew green wrote: ... > and considering riscv and or1k both need to either wait for GCC 6 or have > someone who cares port their 5.x patches to our tree, that really only means > we have mips and m68k left. riscv is still a WIP in the current 5.x tree. I have no idea what needs to be changed to get the latest patches in, better ask Matt (gimpy) about it. Reinoud
Re: CVS commit: src/sys/arch/arm
Hi Nick! On Thu, Mar 03, 2016 at 05:01:31PM +, Nick Hudson wrote: > Log Message: > Get the RPI3 working (in aarch32 mode) by recognising Cortex A53 CPUs. > While I'm here add some A57/A72 info as well. > > My RPI3 works with FB console - the uart needs some help with its clocks. Thanks for your work on the RPI3! Reinoud
Re: CVS commit: src/sys/arch/riscv/riscv
Hi Matt, On Tue, Mar 31, 2015 at 01:30:50AM +, Matt Thomas wrote: When the cpu gets an exception from kernel mode, the sscratch register will be 0 and curlwp will be in the tp register. When the cpu gets an exception from user mode, the sscratch register will be a pointer to the current lwp. Will the kernel not be confused and choose the wrong path if a userland programs clears the sp register and gets an exception, say be storing a stack frame? by accident or deliberately? Index: src/sys/arch/riscv/riscv/locore.S diff -u src/sys/arch/riscv/riscv/locore.S:1.1 src/sys/arch/riscv/riscv/locore.S:1.2 --- src/sys/arch/riscv/riscv/locore.S:1.1 Sat Mar 28 16:13:56 2015 +++ src/sys/arch/riscv/riscv/locore.S Tue Mar 31 01:30:50 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: locore.S,v 1.1 2015/03/28 16:13:56 matt Exp $ */ +/* $NetBSD: locore.S,v 1.2 2015/03/31 01:30:50 matt Exp $ */ /*- * Copyright (c) 2014 The NetBSD Foundation, Inc. * All rights reserved. @@ -78,10 +78,10 @@ ENTRY_NP(start) callmemset // zero through kernel_end // As a temporary hack, word 0 contains the amount of memory in MB - lw a7, (zero) // load memory size + INT_L a7, (zero) // load memory size sllia7, a7, (20-PGSHIFT)// convert MB to pages - auipc t0, %pcrel_hi(physmem) - sw a7, %pcrel_lo(physmem)(t0) // store it in physmem +.L01:auipc t0, %pcrel_hi(physmem) + INT_S a7, %pcrel_lo(.L01)(t0) // store it in physmem Why are you loading the lower PC relative part of .L01 in stead of physmem? won't that give the wrong lower bits? Isn't there a PTR_S macro to handle this? With regards, Reinoud pgpjQXdqjH9e1.pgp Description: PGP signature
Re: CVS commit: src/sys/dev/usb
Hi :) On Sun, Sep 21, 2014 at 01:02:24PM -0400, Christos Zoulas wrote: Module Name: src Committed By: christos Date: Sun Sep 21 17:02:24 UTC 2014 Modified Files: src/sys/dev/usb: stuirda.c Log Message: remove stray return ... @@ -175,7 +175,6 @@ stuirda_fwload(struct uirda_softc *sc) { if (rc) { printf(%s: Cannot load firmware\n, device_xname(sc-sc_dev)); - return 0; return rc; } fwsize = firmware_get_size(fh); I'd say this does change the code, since rc is not zero at this point. So is it really stray? Why was the `return 0' inserted? Or was it your own code? With regards, Reinoud
Re: CVS commit: src/sys/arch
Mi Matthew, On Fri, Aug 29, 2014 at 09:53:31AM +1000, matthew green wrote: Reinoud Zandijk writes: Module Name:src Committed By: reinoud Date: Thu Aug 28 18:02:37 UTC 2014 Modified Files: src/sys/arch/arm/samsung: exynos_io.c exynos_soc.c exynos_var.h src/sys/arch/evbarm/odroid: odroid_machdep.c Log Message: Implement CPU speed control for Exynos4 and Exynos5 CPUs using APLL frequency adjustment. this change seems broken as it modifies cpu_counter specific information in cpu_data. It might be wrong, but all the evbarm architectures i've seen refect the cpu freq. in that variable. Not sure even if it needs to be updated on frequency changes. I'll dig into this though i'd love to see some more information! With regards, Reinoud
Re: CVS commit: src/lib/libc/arch/arm/gen
Hi Veleriy, On Wed, Jul 11, 2012 at 11:08:46PM +0400, Valeriy E. Ushakov wrote: Log Message: On the libc/libgcc clashes cleanup that removed divsi3.o from libc, ARM/evbarm was forgotten. This patch fixes it making static binaries possible again! Please, complete this by moving the .S file out of common into libkern. IIRC the file was never there; it was reaching over already to common. With regards, Reinoud
Re: CVS commit: [jmcneill-usbmp] src/sys
On Sat, Feb 18, 2012 at 07:36:37AM +, matthew green wrote: Module Name: src Committed By: mrg Date: Sat Feb 18 07:36:03 UTC 2012 ... Log Message: merge to -current. Don't you mean pullup to -current? or has it been merged into -current? Reinoud
Re: CVS commit: src or a tale on NetBSD/usermode
Hi Jean-Yves, On Wed, Dec 21, 2011 at 07:55:45PM +0100, jean-Yves Migeon wrote: On Wed, 21 Dec 2011 16:47:49 +0100, Reinoud Zandijk wrote: The patch is written to allow for multiple non-UVM flags to be attached to mappings and allow the kernel to react on them. NetBSD/usermode uses this to disallow system calls to be made from within mapped regions and get them returned as illegal instructions so it can analyse and emulate the system calls. To prevent every process to be scrutinized this way a process flag has been introduced to mark if a process needs this check since the detection involve acuiring a lock to walk the uvm map. Why make this a memory-level property, and not a process-level property? If you want to proxy syscalls between host and usermode kernel, why make it exclusive to certain mem regions? I am probably missing something with the way usermode processes, usermode kernel host kernel interact. I understand your confusion on this point. Its due to the way NetBSD/usermode is build and why it is build that way. The main goals/features, for me at least, and even though some were formulated allong the way, come back to: - it should behave like a separate (though virtual) machine. - there should be no difference between operating and developing in a NetBSD/usermode and a normal NetBSD kernel as much as possible. - it should be usable for kernel development for as many subsystems as possible. - it should be portable to, or just run on, every POSIX machine. The NetBSD/usermode kernel is build to run like a normal program and behaves like a normal program but is build just like a normal NetBSD port. On start up, it sets up memory areas just like normal MD kernel code does and initialises a pmap, the UVM and other stuff just like normal kernels do. It uses mmap(2) to provide a as `real' as possible virtual memory system without needing to know a thing about its target architecture or memory percularities like pkgsrc's wine does with its user ldt's and thus only suitable for i386/amd64. NetBSD/usermode should be able to run also on ARM, Sparc, PowerPC, HPPA, SH4 etc. After the memory has been set up it then attaches devices, like a virtual cpu and a ld(4) driver for a disk image. After the attachments, NetBSD/usermode loads and starts init(8) from *within* its own memory space. At this point the confusion starts when the loader of init(8) starts to issue system calls. Without intervention, those system calls are going to the host os that runs the NetBSD/usermode kernel, resulting in all kinds of mayhem. Externalizing the userland processes would not only violate some of the goals but would also create a potential logistical nightmare. This would also create a distributed system rather than a NetBSD usermode kernel. A whole new project that would be fun to do, but out of scope. It could include process migration between machines, network transport, caching and proxies etc. etc. Internalizing the userland processes is closer to the goals. The main problem with internal userland processes is determining where the system calls are called: is it the NetBSD/usermode kernel itself or the userland process running inside it. To distinguish the two, we tried to use PTRACE to intercept them. This ptrace solution turned out to be quite a hack and never worked since we stumbled on lots of NetBSD bugs involving signams and the fact that ptrace was never designed to be a gateway between the kernel and a userland process but more a snooper. A feasable solution turned out to have a tailored usermode userland. Recognizing that the kernel is only called using two macro's in libc, i patched the macros to not create the system call instructions but to generate dedicated and detectable illegal instructions. The userland code would thus not call the kernel but raise an SIGILL that the NetBSD/usermode kernel can catch, detect and process like it got a system call from the userland. So far, the usermode code could well run on every POSIX system (with some porting of course), but could not run stock NetBSD binaries, only the tailored ones. To manage running native binaries, it needed help from the kernel and thus this patch arose. With it regions of memory could be designated as `not-for-systemcalls'. It could be that argued that a single virtual memory range setting function for this purpose could be used but that would make it a very tailored solution and not the general purpose one it is now. On the enhancing security argument, malicious source code could trigger compiler bugs that allow for code to be modified or otherwise manipulated to issue system calls where they shouldn't. Although it wouldn't nessiarily pose a system security issue, it could be used for extracting info or for malicious behaviour where with the patch it would simply bomb out. That's the part I have trouble with. It looks like a weaker form of W^X (or PaX's mprotect), and I can't see the additional security
Re: CVS commit: src
Hi folks, i am not subscribed to this mailing list so i only found this discussion when someone pointed it out to me. I'll try to answer some questions raised about it. There are also good feedbacks i'll incorporate. Please CC me on replies. The code was indeed committed a bit short-tracked and i'm sorry for that. It just happend that we were discussing it on chat a lot and all the lights were green so to say and ppl. encouraged me to commit it, so i bypassed the mailing lists yes where i should have queried them. From the beginning of the usermode project, we struggled with the fact that system calls in usermode's userland will go to the wrong kernel and get confused, crash or mess things up. We've tried to tackle this with ptrace constructions including the PTRACE emul stuf but that turned out to be a dead-end since ptrace was never designed to allow redirection or interception of system calls. On top of that, it also turned out to be agonizing slow. The patch is thus indeed written, but surely not exclusively meant for NetBSD/usermode support. With the patch, NetBSD/usermode can run native i.e. unmodified binaries/sets/packages. Without the patch it can only run explicitly compiled for code where all the system calls instructions (int 0x80/sysenter for i386/amd64) are replaced by undefined instructions UD1 and UD2 (x86). The patch is written to allow for multiple non-UVM flags to be attached to mappings and allow the kernel to react on them. NetBSD/usermode uses this to disallow system calls to be made from within mapped regions and get them returned as illegal instructions so it can analyse and emulate the system calls. To prevent every process to be scrutinized this way a process flag has been introduced to mark if a process needs this check since the detection involve acuiring a lock to walk the uvm map. On the enhancing security argument, malicious source code could trigger compiler bugs that allow for code to be modified or otherwise manipulated to issue system calls where they shouldn't. Although it wouldn't nessiarily pose a system security issue, it could be used for extracting info or for malicious behaviour where with the patch it would simply bomb out. As for the panic in sys_mmap(), as pointed out by Joerg and David Young, yes, that should return a EOPNOTSUPP or an EINVAL. Panicing is indeed far too crude and i'll change that. Hope this answers most of your questions. With regards, Reinoud
CVS commit: src/sys/fs/udf
Module Name:src Committed By: reinoud Date: Fri Feb 26 09:57:39 UTC 2010 Modified Files: src/sys/fs/udf: udf_allocation.c Log Message: Typo and style To generate a diff of this commit: cvs rdiff -u -r1.28 -r1.29 src/sys/fs/udf/udf_allocation.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/fs/udf
Module Name:src Committed By: reinoud Date: Fri Feb 26 09:57:39 UTC 2010 Modified Files: src/sys/fs/udf: udf_allocation.c Log Message: Typo and style To generate a diff of this commit: cvs rdiff -u -r1.28 -r1.29 src/sys/fs/udf/udf_allocation.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/fs/udf/udf_allocation.c diff -u src/sys/fs/udf/udf_allocation.c:1.28 src/sys/fs/udf/udf_allocation.c:1.29 --- src/sys/fs/udf/udf_allocation.c:1.28 Thu Feb 25 16:15:57 2010 +++ src/sys/fs/udf/udf_allocation.c Fri Feb 26 09:57:39 2010 @@ -1,4 +1,4 @@ -/* $NetBSD: udf_allocation.c,v 1.28 2010/02/25 16:15:57 reinoud Exp $ */ +/* $NetBSD: udf_allocation.c,v 1.29 2010/02/26 09:57:39 reinoud Exp $ */ /* * Copyright (c) 2006, 2008 Reinoud Zandijk @@ -28,7 +28,7 @@ #include sys/cdefs.h #ifndef lint -__KERNEL_RCSID(0, $NetBSD: udf_allocation.c,v 1.28 2010/02/25 16:15:57 reinoud Exp $); +__KERNEL_RCSID(0, $NetBSD: udf_allocation.c,v 1.29 2010/02/26 09:57:39 reinoud Exp $); #endif /* not lint */ @@ -1499,7 +1499,7 @@ DPRINTF(RESERVE, (\tfree space on metadata partition %PRIu64 blks\n, meta_free_lbs)); /* give away some of the free meta space, in unit block sizes */ - to_trunc = meta_free_lbs/4; /* give out a quart */ + to_trunc = meta_free_lbs/4; /* give out a quarter */ to_trunc = MAX(to_trunc, num_lb); to_trunc = unit * ((to_trunc + unit-1) / unit); /* round up */ @@ -1534,7 +1534,6 @@ sbd-num_bytes = udf_rw32(sbd-num_bytes) - to_trunc/8; bitmap-max_offset = udf_rw32(sbd-num_bits); - num_vpart = udf_rw32(lvid-num_part); freepos = lvid-tables[0] + meta_vpart_num; sizepos = lvid-tables[0] + num_vpart + meta_vpart_num;
CVS commit: src/sys/fs/udf
Module Name:src Committed By: reinoud Date: Thu Feb 25 16:15:58 UTC 2010 Modified Files: src/sys/fs/udf: udf.h udf_allocation.c udf_subr.c udf_subr.h Log Message: First part of shrinking/growing metadata partition support: - extending the metadata partition Still to follow: - sparsify metadata partition - growing the metadata partition - unsparsifying metadata partition To generate a diff of this commit: cvs rdiff -u -r1.40 -r1.41 src/sys/fs/udf/udf.h cvs rdiff -u -r1.27 -r1.28 src/sys/fs/udf/udf_allocation.c cvs rdiff -u -r1.103 -r1.104 src/sys/fs/udf/udf_subr.c cvs rdiff -u -r1.17 -r1.18 src/sys/fs/udf/udf_subr.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/fs/udf
Module Name:src Committed By: reinoud Date: Wed Feb 24 19:14:12 UTC 2010 Modified Files: src/sys/fs/udf: udf.h udf_subr.c Log Message: Extract UDF metadata partition parameters as already done for VAT and sparable partitions. To generate a diff of this commit: cvs rdiff -u -r1.38 -r1.39 src/sys/fs/udf/udf.h cvs rdiff -u -r1.101 -r1.102 src/sys/fs/udf/udf_subr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/fs/udf
Module Name:src Committed By: reinoud Date: Wed Feb 24 19:20:13 UTC 2010 Modified Files: src/sys/fs/udf: udf.h udf_subr.c Log Message: Rename metadata partition parameters to be less generic and add the flags. To generate a diff of this commit: cvs rdiff -u -r1.39 -r1.40 src/sys/fs/udf/udf.h cvs rdiff -u -r1.102 -r1.103 src/sys/fs/udf/udf_subr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.