CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: bouyer Date: Sat Mar 17 19:14:15 UTC 2012 Modified Files: src/sys/kern [netbsd-5-0]: kern_sig.c Log Message: Pull up following revision(s) (requested by christos in ticket #1741): sys/kern/kern_sig.c: revision 1.300 kpsignal2: do not make the signal pending twice when tracing the process, also update a comment and add an assert. Fixes PR/42309 by Nicolas Joly. To generate a diff of this commit: cvs rdiff -u -r1.289.4.5.2.1 -r1.289.4.5.2.2 src/sys/kern/kern_sig.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_sig.c diff -u src/sys/kern/kern_sig.c:1.289.4.5.2.1 src/sys/kern/kern_sig.c:1.289.4.5.2.2 --- src/sys/kern/kern_sig.c:1.289.4.5.2.1 Sat Jan 16 17:32:45 2010 +++ src/sys/kern/kern_sig.c Sat Mar 17 19:14:15 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_sig.c,v 1.289.4.5.2.1 2010/01/16 17:32:45 bouyer Exp $ */ +/* $NetBSD: kern_sig.c,v 1.289.4.5.2.2 2012/03/17 19:14:15 bouyer Exp $ */ /*- * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -66,7 +66,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_sig.c,v 1.289.4.5.2.1 2010/01/16 17:32:45 bouyer Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_sig.c,v 1.289.4.5.2.2 2012/03/17 19:14:15 bouyer Exp $); #include opt_ptrace.h #include opt_compat_sunos.h @@ -1382,15 +1382,13 @@ kpsignal2(struct proc *p, ksiginfo_t *ks goto out; } else { /* - * Process is stopped or stopping. If traced, then no - * further action is necessary. + * Process is stopped or stopping. + * - If traced, then no action is needed, unless killing. + * - Run the process only if sending SIGCONT or SIGKILL. */ - if ((p-p_slflag PSL_TRACED) != 0 signo != SIGKILL) + if ((p-p_slflag PSL_TRACED) != 0 signo != SIGKILL) { goto out; - - /* - * Run the process only if sending SIGCONT or SIGKILL. - */ + } if ((prop SA_CONT) != 0 || signo == SIGKILL) { /* * Re-adjust p_nstopchild if the process wasn't @@ -1398,9 +1396,13 @@ kpsignal2(struct proc *p, ksiginfo_t *ks */ p-p_stat = SACTIVE; p-p_sflag = ~PS_STOPPING; - if (!p-p_waited) + if (!p-p_waited) { p-p_pptr-p_nstopchild--; - + } + if (p-p_slflag PSL_TRACED) { +KASSERT(signo == SIGKILL); +goto deliver; + } /* * Do not make signal pending if SIGCONT is default. * @@ -1423,6 +1425,7 @@ kpsignal2(struct proc *p, ksiginfo_t *ks /* * Make signal pending. */ + KASSERT((p-p_slflag PSL_TRACED) == 0); sigput(p-p_sigpend, p, kp); deliver:
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: bouyer Date: Sun Feb 5 12:28:15 UTC 2012 Modified Files: src/sys/kern [netbsd-5-0]: kern_fork.c Log Message: Pull up following revision(s) (requested by rmind in ticket #1628): sys/kern/kern_fork.c: revision 1.184 via patch fork1: fix stop-on-fork case, lend a correct lock to LWP for LSSTOP state. Fixes PR/44935. To generate a diff of this commit: cvs rdiff -u -r1.171.8.1 -r1.171.8.2 src/sys/kern/kern_fork.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_fork.c diff -u src/sys/kern/kern_fork.c:1.171.8.1 src/sys/kern/kern_fork.c:1.171.8.2 --- src/sys/kern/kern_fork.c:1.171.8.1 Sat Jun 18 16:36:09 2011 +++ src/sys/kern/kern_fork.c Sun Feb 5 12:28:14 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_fork.c,v 1.171.8.1 2011/06/18 16:36:09 bouyer Exp $ */ +/* $NetBSD: kern_fork.c,v 1.171.8.2 2012/02/05 12:28:14 bouyer Exp $ */ /*- * Copyright (c) 1999, 2001, 2004, 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -67,7 +67,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_fork.c,v 1.171.8.1 2011/06/18 16:36:09 bouyer Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_fork.c,v 1.171.8.2 2012/02/05 12:28:14 bouyer Exp $); #include opt_ktrace.h @@ -509,13 +509,15 @@ fork1(struct lwp *l1, int flags, int exi p2-p_acflag = AFORK; lwp_lock(l2); if (p2-p_sflag PS_STOPFORK) { + struct schedstate_percpu *spc = l2-l_cpu-ci_schedstate; p2-p_nrlwps = 0; p2-p_stat = SSTOP; p2-p_waited = 0; p1-p_nstopchild++; l2-l_stat = LSSTOP; l2-l_flag |= tmp; - lwp_unlock(l2); + KASSERT(l2-l_wchan == NULL); + lwp_unlock_to(l2, spc-spc_lwplock); } else { p2-p_nrlwps = 1; p2-p_stat = SACTIVE; @@ -524,7 +526,6 @@ fork1(struct lwp *l1, int flags, int exi sched_enqueue(l2, false); lwp_unlock(l2); } - mutex_exit(p2-p_lock); /*
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: bouyer Date: Sun Feb 5 12:30:33 UTC 2012 Modified Files: src/sys/kern [netbsd-5-0]: vfs_bio.c Log Message: Pull up following revision(s) (requested by rmind in ticket #1718): sys/kern/vfs_bio.c: revision 1.233 sysctl_dobuf: re-acquire the sysctl lock on retry path. PR/45827. To generate a diff of this commit: cvs rdiff -u -r1.210 -r1.210.6.1 src/sys/kern/vfs_bio.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/vfs_bio.c diff -u src/sys/kern/vfs_bio.c:1.210 src/sys/kern/vfs_bio.c:1.210.6.1 --- src/sys/kern/vfs_bio.c:1.210 Thu Sep 11 09:14:46 2008 +++ src/sys/kern/vfs_bio.c Sun Feb 5 12:30:33 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_bio.c,v 1.210 2008/09/11 09:14:46 hannken Exp $ */ +/* $NetBSD: vfs_bio.c,v 1.210.6.1 2012/02/05 12:30:33 bouyer Exp $ */ /*- * Copyright (c) 2007, 2008 The NetBSD Foundation, Inc. @@ -109,7 +109,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: vfs_bio.c,v 1.210 2008/09/11 09:14:46 hannken Exp $); +__KERNEL_RCSID(0, $NetBSD: vfs_bio.c,v 1.210.6.1 2012/02/05 12:30:33 bouyer Exp $); #include fs_ffs.h #include opt_bufcache.h @@ -1788,6 +1788,7 @@ sysctl_dobuf(SYSCTLFN_ARGS) break; } mutex_exit(bufcache_lock); + sysctl_relock(); goto retry; } dp += elem_size;
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: sborrill Date: Sat Nov 19 22:24:12 UTC 2011 Modified Files: src/sys/kern [netbsd-5-0]: kern_event.c Log Message: Pull up the following revisions(s) (requested by rmind in ticket #1695): sys/kern/kern_event.c: revision 1.74 kqueue_register: avoid calling fd_getfile() with filedesc_t::fd_lock held. Fixes PR/45479 by KOGULE Ryo. To generate a diff of this commit: cvs rdiff -u -r1.60.6.1.2.1 -r1.60.6.1.2.2 src/sys/kern/kern_event.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_event.c diff -u src/sys/kern/kern_event.c:1.60.6.1.2.1 src/sys/kern/kern_event.c:1.60.6.1.2.2 --- src/sys/kern/kern_event.c:1.60.6.1.2.1 Sat Jan 9 01:10:52 2010 +++ src/sys/kern/kern_event.c Sat Nov 19 22:24:12 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_event.c,v 1.60.6.1.2.1 2010/01/09 01:10:52 snj Exp $ */ +/* $NetBSD: kern_event.c,v 1.60.6.1.2.2 2011/11/19 22:24:12 sborrill Exp $ */ /*- * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. @@ -58,7 +58,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_event.c,v 1.60.6.1.2.1 2010/01/09 01:10:52 snj Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_event.c,v 1.60.6.1.2.2 2011/11/19 22:24:12 sborrill Exp $); #include sys/param.h #include sys/systm.h @@ -866,18 +866,16 @@ kqueue_register(struct kqueue *kq, struc return (EINVAL); } - mutex_enter(fdp-fd_lock); - /* search if knote already exists */ if (kfilter-filtops-f_isfd) { /* monitoring a file descriptor */ fd = kev-ident; if ((fp = fd_getfile(fd)) == NULL) { - mutex_exit(fdp-fd_lock); rw_exit(kqueue_filter_lock); kmem_free(newkn, sizeof(*newkn)); return EBADF; } + mutex_enter(fdp-fd_lock); ff = fdp-fd_ofiles[fd]; if (fd = fdp-fd_lastkqfile) { SLIST_FOREACH(kn, ff-ff_knlist, kn_link) { @@ -891,6 +889,7 @@ kqueue_register(struct kqueue *kq, struc * not monitoring a file descriptor, so * lookup knotes in internal hash table */ + mutex_enter(fdp-fd_lock); if (fdp-fd_knhashmask != 0) { list = fdp-fd_knhash[ KN_HASH((u_long)kev-ident, fdp-fd_knhashmask)];
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: bouyer Date: Sat Jun 18 16:36:09 UTC 2011 Modified Files: src/sys/kern [netbsd-5-0]: kern_fork.c Log Message: Pull up following revision(s) (requested by rmind in ticket #1629): sys/kern/kern_fork.c: revision 1.181 Inherit proc_t::p_mqueue_cnt on fork(). To generate a diff of this commit: cvs rdiff -u -r1.171 -r1.171.8.1 src/sys/kern/kern_fork.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_fork.c diff -u src/sys/kern/kern_fork.c:1.171 src/sys/kern/kern_fork.c:1.171.8.1 --- src/sys/kern/kern_fork.c:1.171 Sat Oct 11 13:40:57 2008 +++ src/sys/kern/kern_fork.c Sat Jun 18 16:36:09 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_fork.c,v 1.171 2008/10/11 13:40:57 pooka Exp $ */ +/* $NetBSD: kern_fork.c,v 1.171.8.1 2011/06/18 16:36:09 bouyer Exp $ */ /*- * Copyright (c) 1999, 2001, 2004, 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -67,7 +67,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_fork.c,v 1.171 2008/10/11 13:40:57 pooka Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_fork.c,v 1.171.8.1 2011/06/18 16:36:09 bouyer Exp $); #include opt_ktrace.h @@ -343,6 +343,9 @@ else p2-p_fd = fd_copy(); + /* XXX racy */ + p2-p_mqueue_cnt = p1-p_mqueue_cnt; + if (flags FORK_SHARECWD) cwdshare(p2); else
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: bouyer Date: Sun Mar 20 21:20:06 UTC 2011 Modified Files: src/sys/kern [netbsd-5-0]: vfs_syscalls.c Log Message: Pull up following revision(s) (requested by dholland in ticket #1567): sys/kern/vfs_syscalls.c: revision 1.415 via patch Check for bogus flags to access() up front. Otherwise we end up calling VOP_ACCESS with flags 0 and something asserts deep in the bowels of kauth. PR 44648 from Taylor Campbell. (I moved the check earlier relative to the suggested patch.) Pullup candidate. To generate a diff of this commit: cvs rdiff -u -r1.376.4.2.2.2 -r1.376.4.2.2.3 src/sys/kern/vfs_syscalls.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/vfs_syscalls.c diff -u src/sys/kern/vfs_syscalls.c:1.376.4.2.2.2 src/sys/kern/vfs_syscalls.c:1.376.4.2.2.3 --- src/sys/kern/vfs_syscalls.c:1.376.4.2.2.2 Mon Dec 21 09:41:51 2009 +++ src/sys/kern/vfs_syscalls.c Sun Mar 20 21:20:06 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_syscalls.c,v 1.376.4.2.2.2 2009/12/21 09:41:51 sborrill Exp $ */ +/* $NetBSD: vfs_syscalls.c,v 1.376.4.2.2.3 2011/03/20 21:20:06 bouyer Exp $ */ /*- * Copyright (c) 2008 The NetBSD Foundation, Inc. @@ -63,7 +63,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: vfs_syscalls.c,v 1.376.4.2.2.2 2009/12/21 09:41:51 sborrill Exp $); +__KERNEL_RCSID(0, $NetBSD: vfs_syscalls.c,v 1.376.4.2.2.3 2011/03/20 21:20:06 bouyer Exp $); #include opt_compat_netbsd.h #include opt_compat_43.h @@ -2390,6 +2390,11 @@ int error, flags; struct nameidata nd; + if ((SCARG(uap, flags) ~(R_OK | W_OK | X_OK)) != 0) { + /* nonsense flags */ + return EINVAL; + } + cred = kauth_cred_dup(l-l_cred); kauth_cred_seteuid(cred, kauth_cred_getuid(l-l_cred)); kauth_cred_setegid(cred, kauth_cred_getgid(l-l_cred));
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: snj Date: Mon Mar 7 17:07:56 UTC 2011 Modified Files: src/sys/kern [netbsd-5-0]: init_sysctl.c Log Message: Apply patch (requested by joerg in ticket 1575): Sanitize arguments before memory allocation. To generate a diff of this commit: cvs rdiff -u -r1.149.4.4.2.3 -r1.149.4.4.2.4 src/sys/kern/init_sysctl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/init_sysctl.c diff -u src/sys/kern/init_sysctl.c:1.149.4.4.2.3 src/sys/kern/init_sysctl.c:1.149.4.4.2.4 --- src/sys/kern/init_sysctl.c:1.149.4.4.2.3 Wed Jul 1 22:42:38 2009 +++ src/sys/kern/init_sysctl.c Mon Mar 7 17:07:56 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: init_sysctl.c,v 1.149.4.4.2.3 2009/07/01 22:42:38 snj Exp $ */ +/* $NetBSD: init_sysctl.c,v 1.149.4.4.2.4 2011/03/07 17:07:56 snj Exp $ */ /*- * Copyright (c) 2003, 2007, 2008 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: init_sysctl.c,v 1.149.4.4.2.3 2009/07/01 22:42:38 snj Exp $); +__KERNEL_RCSID(0, $NetBSD: init_sysctl.c,v 1.149.4.4.2.4 2011/03/07 17:07:56 snj Exp $); #include opt_sysv.h #include opt_compat_netbsd32.h @@ -2528,6 +2528,11 @@ #endif len = sizeof(char *) * nargv; + if (nargv 0 || len ARG_MAX || len (size_t)nargv) { + error = EINVAL; + goto done; + } + if ((argvlen = len) != 0) argv = kmem_alloc(len, KM_SLEEP);
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: riz Date: Mon Nov 22 02:49:48 UTC 2010 Modified Files: src/sys/kern [netbsd-5-0]: vfs_wapbl.c Log Message: Pull up following revision(s) (requested by hannken in ticket #1477): sys/kern/vfs_wapbl.c: revision 1.38 Wapbl_register_deallocation(): the taken reader lock is not sufficient to protect wl_dealloc* members. Take the mutex here and change the lock requirements of these fields to writer lock or mutex. This error lead to file system corruption and freeing free block panics. To generate a diff of this commit: cvs rdiff -u -r1.3.8.1 -r1.3.8.1.2.1 src/sys/kern/vfs_wapbl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/vfs_wapbl.c diff -u src/sys/kern/vfs_wapbl.c:1.3.8.1 src/sys/kern/vfs_wapbl.c:1.3.8.1.2.1 --- src/sys/kern/vfs_wapbl.c:1.3.8.1 Tue Feb 24 04:13:35 2009 +++ src/sys/kern/vfs_wapbl.c Mon Nov 22 02:49:47 2010 @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_wapbl.c,v 1.3.8.1 2009/02/24 04:13:35 snj Exp $ */ +/* $NetBSD: vfs_wapbl.c,v 1.3.8.1.2.1 2010/11/22 02:49:47 riz Exp $ */ /*- * Copyright (c) 2003, 2008, 2009 The NetBSD Foundation, Inc. @@ -33,7 +33,7 @@ * This implements file system independent write ahead filesystem logging. */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: vfs_wapbl.c,v 1.3.8.1 2009/02/24 04:13:35 snj Exp $); +__KERNEL_RCSID(0, $NetBSD: vfs_wapbl.c,v 1.3.8.1.2.1 2010/11/22 02:49:47 riz Exp $); #include sys/param.h @@ -95,6 +95,7 @@ * r = read-only after init * l = rwlock held * m = mutex held + * lm = rwlock held writing or mutex held * u = unlocked access ok * b = bufcache_lock held */ @@ -162,9 +163,9 @@ size_t wl_unsynced_bufbytes; /* Byte count of unsynced buffers */ #endif - daddr_t *wl_deallocblks;/* l: address of block */ - int *wl_dealloclens; /* l: size of block (fragments, kom ih�g) */ - int wl_dealloccnt; /* l: total count */ + daddr_t *wl_deallocblks;/* lm: address of block */ + int *wl_dealloclens; /* lm: size of block */ + int wl_dealloccnt; /* lm: total count */ int wl_dealloclim; /* l: max count */ /* hashtable of inode numbers for allocated but unlinked inodes */ @@ -1668,6 +1669,7 @@ wapbl_jlock_assert(wl); + mutex_enter(wl-wl_mtx); /* XXX should eventually instead tie this into resource estimation */ /* XXX this KASSERT needs locking/mutex analysis */ KASSERT(wl-wl_dealloccnt wl-wl_dealloclim); @@ -1676,6 +1678,7 @@ wl-wl_dealloccnt++; WAPBL_PRINTF(WAPBL_PRINT_ALLOC, (wapbl_register_deallocation: blk=%PRId64 len=%d\n, blk, len)); + mutex_exit(wl-wl_mtx); } //
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: bouyer Date: Tue Aug 31 10:55:34 UTC 2010 Modified Files: src/sys/kern [netbsd-5-0]: exec_subr.c kern_pax.c Log Message: Pull up following revision(s) (requested by christos in ticket #1444): sys/kern/kern_pax.c: revision 1.24 sys/kern/exec_subr.c: revision 1.65 Fix issues with stack allocation and pax aslr: - since the size is unsigned, don't check just that it is 0, but limit it to the MAXSSIZ - if the stack size is reduced because of aslr, make sure we reduce the actual allocation by the same size so that the size does not wrap around. NB: Must be pulled up to 5.x! To generate a diff of this commit: cvs rdiff -u -r1.61.8.1 -r1.61.8.1.2.1 src/sys/kern/exec_subr.c cvs rdiff -u -r1.22 -r1.22.14.1 src/sys/kern/kern_pax.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/exec_subr.c diff -u src/sys/kern/exec_subr.c:1.61.8.1 src/sys/kern/exec_subr.c:1.61.8.1.2.1 --- src/sys/kern/exec_subr.c:1.61.8.1 Wed Apr 1 00:25:22 2009 +++ src/sys/kern/exec_subr.c Tue Aug 31 10:55:34 2010 @@ -1,4 +1,4 @@ -/* $NetBSD: exec_subr.c,v 1.61.8.1 2009/04/01 00:25:22 snj Exp $ */ +/* $NetBSD: exec_subr.c,v 1.61.8.1.2.1 2010/08/31 10:55:34 bouyer Exp $ */ /* * Copyright (c) 1993, 1994, 1996 Christopher G. Demetriou @@ -31,7 +31,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: exec_subr.c,v 1.61.8.1 2009/04/01 00:25:22 snj Exp $); +__KERNEL_RCSID(0, $NetBSD: exec_subr.c,v 1.61.8.1.2.1 2010/08/31 10:55:34 bouyer Exp $); #include opt_pax.h @@ -386,6 +386,7 @@ epp-ep_minsaddr = USRSTACK; max_stack_size = MAXSSIZ; } + epp-ep_ssize = l-l_proc-p_rlimit[RLIMIT_STACK].rlim_cur; #ifdef PAX_ASLR pax_aslr_stack(l, epp, max_stack_size); @@ -395,7 +396,6 @@ epp-ep_maxsaddr = (u_long)STACK_GROW(epp-ep_minsaddr, max_stack_size); - epp-ep_ssize = l-l_proc-p_rlimit[RLIMIT_STACK].rlim_cur; /* * set up commands for stack. note that this takes *two*, one to @@ -410,11 +410,11 @@ noaccess_size = max_stack_size - access_size; noaccess_linear_min = (u_long)STACK_ALLOC(STACK_GROW(epp-ep_minsaddr, access_size), noaccess_size); - if (noaccess_size 0) { + if (noaccess_size 0 noaccess_size = MAXSSIZ) { NEW_VMCMD2(epp-ep_vmcmds, vmcmd_map_zero, noaccess_size, noaccess_linear_min, NULL, 0, VM_PROT_NONE, VMCMD_STACK); } - KASSERT(access_size 0); + KASSERT(access_size 0 access_size = MAXSSIZ); NEW_VMCMD2(epp-ep_vmcmds, vmcmd_map_zero, access_size, access_linear_min, NULL, 0, VM_PROT_READ | VM_PROT_WRITE, VMCMD_STACK); Index: src/sys/kern/kern_pax.c diff -u src/sys/kern/kern_pax.c:1.22 src/sys/kern/kern_pax.c:1.22.14.1 --- src/sys/kern/kern_pax.c:1.22 Wed Jun 4 12:26:20 2008 +++ src/sys/kern/kern_pax.c Tue Aug 31 10:55:34 2010 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_pax.c,v 1.22 2008/06/04 12:26:20 ad Exp $ */ +/* $NetBSD: kern_pax.c,v 1.22.14.1 2010/08/31 10:55:34 bouyer Exp $ */ /*- * Copyright (c) 2006 Elad Efrat e...@netbsd.org @@ -28,7 +28,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_pax.c,v 1.22 2008/06/04 12:26:20 ad Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_pax.c,v 1.22.14.1 2010/08/31 10:55:34 bouyer Exp $); #include opt_pax.h @@ -353,6 +353,8 @@ #endif epp-ep_minsaddr -= d; *max_stack_size -= d; + if (epp-ep_ssize *max_stack_size) + epp-ep_ssize = *max_stack_size; } } #endif /* PAX_ASLR */
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: snj Date: Sun Mar 28 15:32:40 UTC 2010 Modified Files: src/sys/kern [netbsd-5-0]: uipc_syscalls.c Log Message: Apply patch (requested by jakllsch in ticket #1352): In do_sys_recvmsg(), call free(9) with the same type malloc(9) used. To generate a diff of this commit: cvs rdiff -u -r1.134.4.2 -r1.134.4.2.2.1 src/sys/kern/uipc_syscalls.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/uipc_syscalls.c diff -u src/sys/kern/uipc_syscalls.c:1.134.4.2 src/sys/kern/uipc_syscalls.c:1.134.4.2.2.1 --- src/sys/kern/uipc_syscalls.c:1.134.4.2 Sat Apr 4 23:36:28 2009 +++ src/sys/kern/uipc_syscalls.c Sun Mar 28 15:32:39 2010 @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_syscalls.c,v 1.134.4.2 2009/04/04 23:36:28 snj Exp $ */ +/* $NetBSD: uipc_syscalls.c,v 1.134.4.2.2.1 2010/03/28 15:32:39 snj Exp $ */ /*- * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: uipc_syscalls.c,v 1.134.4.2 2009/04/04 23:36:28 snj Exp $); +__KERNEL_RCSID(0, $NetBSD: uipc_syscalls.c,v 1.134.4.2.2.1 2010/03/28 15:32:39 snj Exp $); #include opt_pipe.h @@ -858,7 +858,7 @@ } out: if (iov != aiov) - free(iov, M_TEMP); + free(iov, M_IOV); fd_putfile(s); return (error); }
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: snj Date: Sat Jan 30 20:05:56 UTC 2010 Modified Files: src/sys/kern [netbsd-5-0]: sys_aio.c Log Message: Pull up following revision(s) (requested by rmind in ticket #1286): sys/kern/sys_aio.c: revision 1.25 aio_suspend1: fix a double free bug. To generate a diff of this commit: cvs rdiff -u -r1.19 -r1.19.10.1 src/sys/kern/sys_aio.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/sys_aio.c diff -u src/sys/kern/sys_aio.c:1.19 src/sys/kern/sys_aio.c:1.19.10.1 --- src/sys/kern/sys_aio.c:1.19 Mon May 26 17:45:51 2008 +++ src/sys/kern/sys_aio.c Sat Jan 30 20:05:56 2010 @@ -1,4 +1,4 @@ -/* $NetBSD: sys_aio.c,v 1.19 2008/05/26 17:45:51 rmind Exp $ */ +/* $NetBSD: sys_aio.c,v 1.19.10.1 2010/01/30 20:05:56 snj Exp $ */ /* * Copyright (c) 2007, Mindaugas Rasiukevicius rmind at NetBSD org @@ -32,7 +32,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: sys_aio.c,v 1.19 2008/05/26 17:45:51 rmind Exp $); +__KERNEL_RCSID(0, $NetBSD: sys_aio.c,v 1.19.10.1 2010/01/30 20:05:56 snj Exp $); #include opt_ddb.h @@ -801,9 +801,6 @@ mutex_enter(aio-aio_mtx); continue; } - -kmem_free(aiocbp_list, -nent * sizeof(struct aio_job)); return error; } }
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: snj Date: Sat Jan 30 21:23:52 UTC 2010 Modified Files: src/sys/kern [netbsd-5-0]: sys_aio.c Log Message: Pull up following revision(s) (requested by rmind in ticket #1288): sys/kern/sys_aio.c: revision 1.28 sys_aio_suspend, sys_lio_listio: - fix the buffer sizes. - use kmem_alloc instead of kmem_zalloc for buffers which we will overwrite soon. To generate a diff of this commit: cvs rdiff -u -r1.19.10.2 -r1.19.10.3 src/sys/kern/sys_aio.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/sys_aio.c diff -u src/sys/kern/sys_aio.c:1.19.10.2 src/sys/kern/sys_aio.c:1.19.10.3 --- src/sys/kern/sys_aio.c:1.19.10.2 Sat Jan 30 20:44:51 2010 +++ src/sys/kern/sys_aio.c Sat Jan 30 21:23:52 2010 @@ -1,4 +1,4 @@ -/* $NetBSD: sys_aio.c,v 1.19.10.2 2010/01/30 20:44:51 snj Exp $ */ +/* $NetBSD: sys_aio.c,v 1.19.10.3 2010/01/30 21:23:52 snj Exp $ */ /* * Copyright (c) 2007, Mindaugas Rasiukevicius rmind at NetBSD org @@ -32,7 +32,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: sys_aio.c,v 1.19.10.2 2010/01/30 20:44:51 snj Exp $); +__KERNEL_RCSID(0, $NetBSD: sys_aio.c,v 1.19.10.3 2010/01/30 21:23:52 snj Exp $); #include opt_ddb.h @@ -761,11 +761,11 @@ timo = 0; /* Get the list from user-space */ - aiocbp_list = kmem_zalloc(nent * sizeof(struct aio_job), KM_SLEEP); + aiocbp_list = kmem_alloc(nent * sizeof(*aiocbp_list), KM_SLEEP); error = copyin(SCARG(uap, list), aiocbp_list, - nent * sizeof(struct aiocb)); + nent * sizeof(*aiocbp_list)); if (error) { - kmem_free(aiocbp_list, nent * sizeof(struct aio_job)); + kmem_free(aiocbp_list, nent * sizeof(*aiocbp_list)); return error; } @@ -803,7 +803,7 @@ } kmem_free(aiocbp_list, -nent * sizeof(struct aio_job)); +nent * sizeof(*aiocbp_list)); return error; } } @@ -818,7 +818,7 @@ } mutex_exit(aio-aio_mtx); - kmem_free(aiocbp_list, nent * sizeof(struct aio_job)); + kmem_free(aiocbp_list, nent * sizeof(*aiocbp_list)); return error; } @@ -898,9 +898,9 @@ } /* Get the list from user-space */ - aiocbp_list = kmem_zalloc(nent * sizeof(struct aio_job), KM_SLEEP); + aiocbp_list = kmem_alloc(nent * sizeof(*aiocbp_list), KM_SLEEP); error = copyin(SCARG(uap, list), aiocbp_list, - nent * sizeof(struct aiocb)); + nent * sizeof(*aiocbp_list)); if (error) { mutex_enter(aio-aio_mtx); goto err; @@ -945,7 +945,7 @@ aio_sendsig(p, lio-sig); pool_put(aio_lio_pool, lio); } - kmem_free(aiocbp_list, nent * sizeof(struct aio_job)); + kmem_free(aiocbp_list, nent * sizeof(*aiocbp_list)); return error; }
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: bouyer Date: Sat Jan 16 17:32:46 UTC 2010 Modified Files: src/sys/kern [netbsd-5-0]: kern_sig.c Log Message: Pull up following revision(s) (requested by rmind in ticket #1238): sys/kern/kern_sig.c: revision 1.302 sigactsunshare(): set reference count in a case of new sigacts allocation. Bug (e.g. memory leak) can happen when using clone(2) call. To generate a diff of this commit: cvs rdiff -u -r1.289.4.5 -r1.289.4.5.2.1 src/sys/kern/kern_sig.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_sig.c diff -u src/sys/kern/kern_sig.c:1.289.4.5 src/sys/kern/kern_sig.c:1.289.4.5.2.1 --- src/sys/kern/kern_sig.c:1.289.4.5 Wed Apr 1 21:56:50 2009 +++ src/sys/kern/kern_sig.c Sat Jan 16 17:32:45 2010 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_sig.c,v 1.289.4.5 2009/04/01 21:56:50 snj Exp $ */ +/* $NetBSD: kern_sig.c,v 1.289.4.5.2.1 2010/01/16 17:32:45 bouyer Exp $ */ /*- * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -66,7 +66,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_sig.c,v 1.289.4.5 2009/04/01 21:56:50 snj Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_sig.c,v 1.289.4.5.2.1 2010/01/16 17:32:45 bouyer Exp $); #include opt_ptrace.h #include opt_compat_sunos.h @@ -200,24 +200,19 @@ struct sigacts * sigactsinit(struct proc *pp, int share) { - struct sigacts *ps, *ps2; + struct sigacts *ps = pp-p_sigacts, *ps2; - ps = pp-p_sigacts; - - if (share) { + if (__predict_false(share)) { atomic_inc_uint(ps-sa_refcnt); - ps2 = ps; - } else { - ps2 = pool_cache_get(sigacts_cache, PR_WAITOK); - /* XXXAD get rid of this */ - mutex_init(ps2-sa_mutex, MUTEX_DEFAULT, IPL_SCHED); - mutex_enter(ps-sa_mutex); - memcpy(ps2-sa_sigdesc, ps-sa_sigdesc, - sizeof(ps2-sa_sigdesc)); - mutex_exit(ps-sa_mutex); - ps2-sa_refcnt = 1; + return ps; } + ps2 = pool_cache_get(sigacts_cache, PR_WAITOK); + mutex_init(ps2-sa_mutex, MUTEX_DEFAULT, IPL_SCHED); + ps2-sa_refcnt = 1; + mutex_enter(ps-sa_mutex); + memcpy(ps2-sa_sigdesc, ps-sa_sigdesc, sizeof(ps2-sa_sigdesc)); + mutex_exit(ps-sa_mutex); return ps2; } @@ -230,15 +225,16 @@ void sigactsunshare(struct proc *p) { - struct sigacts *ps, *oldps; + struct sigacts *ps, *oldps = p-p_sigacts; - oldps = p-p_sigacts; - if (oldps-sa_refcnt == 1) + if (__predict_true(oldps-sa_refcnt == 1)) return; + ps = pool_cache_get(sigacts_cache, PR_WAITOK); - /* XXXAD get rid of this */ mutex_init(ps-sa_mutex, MUTEX_DEFAULT, IPL_SCHED); - memset(ps-sa_sigdesc, 0, sizeof(ps-sa_sigdesc)); + memset(ps-sa_sigdesc, 0, sizeof(ps-sa_sigdesc)); + ps-sa_refcnt = 1; + p-p_sigacts = ps; sigactsfree(oldps); }
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: bouyer Date: Sat Jan 16 17:39:07 UTC 2010 Modified Files: src/sys/kern [netbsd-5-0]: kern_runq.c Log Message: Pull up following revision(s) (requested by rmind in ticket #1240): sys/kern/kern_runq.c: revision 1.28 sched_catchlwp: fix the case when other CPU might see curlwp-l_cpu != curcpu() while LWP is finishing context switch. Should fix PR/42539, tested by mar...@. To generate a diff of this commit: cvs rdiff -u -r1.22.4.3 -r1.22.4.3.2.1 src/sys/kern/kern_runq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_runq.c diff -u src/sys/kern/kern_runq.c:1.22.4.3 src/sys/kern/kern_runq.c:1.22.4.3.2.1 --- src/sys/kern/kern_runq.c:1.22.4.3 Mon Mar 2 19:51:01 2009 +++ src/sys/kern/kern_runq.c Sat Jan 16 17:39:07 2010 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_runq.c,v 1.22.4.3 2009/03/02 19:51:01 snj Exp $ */ +/* $NetBSD: kern_runq.c,v 1.22.4.3.2.1 2010/01/16 17:39:07 bouyer Exp $ */ /* * Copyright (c) 2007, 2008 Mindaugas Rasiukevicius rmind at NetBSD org @@ -27,7 +27,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_runq.c,v 1.22.4.3 2009/03/02 19:51:01 snj Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_runq.c,v 1.22.4.3.2.1 2010/01/16 17:39:07 bouyer Exp $); #include sys/param.h #include sys/kernel.h @@ -482,6 +482,17 @@ /* Grab the thread, and move to the local run queue */ sched_dequeue(l); + + /* + * If LWP is still context switching, we may need to + * spin-wait before changing its CPU. + */ + if (__predict_false(l-l_ctxswtch != 0)) { + u_int count; + count = SPINLOCK_BACKOFF_MIN; + while (l-l_ctxswtch) +SPINLOCK_BACKOFF(count); + } l-l_cpu = curci; ci_rq-r_ev_pull.ev_count++; lwp_unlock_to(l, curspc-spc_mutex);
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: bouyer Date: Sat Jan 16 17:41:07 UTC 2010 Modified Files: src/sys/kern [netbsd-5-0]: kern_softint.c Log Message: Pull up following revision(s) (requested by rmind in ticket #1241): sys/kern/kern_softint.c: revision 1.30 softint_execute: release/re-acquire kernel-lock depending on SOFTINT_MPSAFE flag. Keeping it held for MP-safe cases break the lock order assumptions. Per discussion with martin. To generate a diff of this commit: cvs rdiff -u -r1.23.4.2 -r1.23.4.2.2.1 src/sys/kern/kern_softint.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_softint.c diff -u src/sys/kern/kern_softint.c:1.23.4.2 src/sys/kern/kern_softint.c:1.23.4.2.2.1 --- src/sys/kern/kern_softint.c:1.23.4.2 Mon Feb 2 03:40:11 2009 +++ src/sys/kern/kern_softint.c Sat Jan 16 17:41:07 2010 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_softint.c,v 1.23.4.2 2009/02/02 03:40:11 snj Exp $ */ +/* $NetBSD: kern_softint.c,v 1.23.4.2.2.1 2010/01/16 17:41:07 bouyer Exp $ */ /*- * Copyright (c) 2007, 2008 The NetBSD Foundation, Inc. @@ -176,7 +176,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_softint.c,v 1.23.4.2 2009/02/02 03:40:11 snj Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_softint.c,v 1.23.4.2.2.1 2010/01/16 17:41:07 bouyer Exp $); #include sys/param.h #include sys/malloc.h @@ -527,7 +527,12 @@ splx(s); /* Run the handler. */ - if ((sh-sh_flags SOFTINT_MPSAFE) == 0 !havelock) { + if (sh-sh_flags SOFTINT_MPSAFE) { + if (havelock) { +KERNEL_UNLOCK_ONE(l); +havelock = false; + } + } else if (!havelock) { KERNEL_LOCK(1, l); havelock = true; }
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: snj Date: Sat Jan 9 01:10:53 UTC 2010 Modified Files: src/sys/kern [netbsd-5-0]: kern_event.c Log Message: Pull up following revision(s) (requested by dsl in ticket #1208): sys/kern/kern_event.c: revision 1.69 Use sizeof correct type, not pointer to wrong type. Fixes PR/42498. This has been wrong since the initial import! To generate a diff of this commit: cvs rdiff -u -r1.60.6.1 -r1.60.6.1.2.1 src/sys/kern/kern_event.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_event.c diff -u src/sys/kern/kern_event.c:1.60.6.1 src/sys/kern/kern_event.c:1.60.6.1.2.1 --- src/sys/kern/kern_event.c:1.60.6.1 Sat Apr 4 23:36:27 2009 +++ src/sys/kern/kern_event.c Sat Jan 9 01:10:52 2010 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_event.c,v 1.60.6.1 2009/04/04 23:36:27 snj Exp $ */ +/* $NetBSD: kern_event.c,v 1.60.6.1.2.1 2010/01/09 01:10:52 snj Exp $ */ /*- * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. @@ -58,7 +58,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_event.c,v 1.60.6.1 2009/04/04 23:36:27 snj Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_event.c,v 1.60.6.1.2.1 2010/01/09 01:10:52 snj Exp $); #include sys/param.h #include sys/systm.h @@ -291,7 +291,7 @@ if (user_kfilterc + 1 user_kfiltermaxc) { /* Grow in KFILTER_EXTENT chunks. */ user_kfiltermaxc += KFILTER_EXTENT; - len = user_kfiltermaxc * sizeof(struct filter *); + len = user_kfiltermaxc * sizeof(*kfilter); kfilter = kmem_alloc(len, KM_SLEEP); memset((char *)kfilter + user_kfiltersz, 0, len - user_kfiltersz); if (user_kfilters != NULL) {
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: snj Date: Thu Jan 7 07:08:34 UTC 2010 Modified Files: src/sys/kern [netbsd-5-0]: sys_sig.c Log Message: Pull up following revision(s) (requested by rmind in ticket #1199): sys/kern/sys_sig.c: revision 1.24 sigtimedwait: fix a memory leak (which happens since newlock2 times). Allocate ksiginfo on stack since it is safe and sigget() assumes that it is not allocated from pool (pending signals via sigput()/sigget() mill should be dynamically allocated, however). Might be useful to revisit later. Likely the cause of PR/40750 and indirect cause of PR/39283. To generate a diff of this commit: cvs rdiff -u -r1.17.4.2 -r1.17.4.2.2.1 src/sys/kern/sys_sig.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/sys_sig.c diff -u src/sys/kern/sys_sig.c:1.17.4.2 src/sys/kern/sys_sig.c:1.17.4.2.2.1 --- src/sys/kern/sys_sig.c:1.17.4.2 Wed Apr 1 21:43:53 2009 +++ src/sys/kern/sys_sig.c Thu Jan 7 07:08:34 2010 @@ -1,4 +1,4 @@ -/* $NetBSD: sys_sig.c,v 1.17.4.2 2009/04/01 21:43:53 snj Exp $ */ +/* $NetBSD: sys_sig.c,v 1.17.4.2.2.1 2010/01/07 07:08:34 snj Exp $ */ /*- * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -66,7 +66,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: sys_sig.c,v 1.17.4.2 2009/04/01 21:43:53 snj Exp $); +__KERNEL_RCSID(0, $NetBSD: sys_sig.c,v 1.17.4.2.2.1 2010/01/07 07:08:34 snj Exp $); #include opt_ptrace.h #include opt_compat_netbsd.h @@ -622,7 +622,7 @@ int error, signum; int timo = 0; struct timespec ts, tsstart, tsnow; - ksiginfo_t *ksi; + ksiginfo_t ksi; memset(tsstart, 0, sizeof tsstart); /* XXX gcc */ @@ -660,13 +660,6 @@ */ sigminusset(sigcantmask, l-l_sigwaitset); - /* - * Allocate a ksi up front. We can't sleep with the mutex held. - */ - ksi = ksiginfo_alloc(p, NULL, PR_WAITOK); - if (ksi == NULL) - return (ENOMEM); - mutex_enter(p-p_lock); /* @@ -678,8 +671,8 @@ goto out; } - if ((signum = sigget(p-p_sigpend, ksi, 0, l-l_sigwaitset)) == 0) - signum = sigget(l-l_sigpend, ksi, 0, l-l_sigwaitset); + if ((signum = sigget(p-p_sigpend, ksi, 0, l-l_sigwaitset)) == 0) + signum = sigget(l-l_sigpend, ksi, 0, l-l_sigwaitset); if (signum != 0) { /* @@ -692,7 +685,7 @@ /* * Set up the sigwait list. */ - l-l_sigwaited = ksi; + l-l_sigwaited = ksi; LIST_INSERT_HEAD(p-p_sigwaiters, l, l_sigwaiter); /* @@ -747,10 +740,8 @@ */ out: if (error == 0) - error = (*put_info)(ksi-ksi_info, SCARG(uap, info), - sizeof(ksi-ksi_info)); - - ksiginfo_free(ksi); + error = (*put_info)(ksi.ksi_info, SCARG(uap, info), + sizeof(ksi.ksi_info)); return error; }
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: snj Date: Fri Dec 18 05:27:56 UTC 2009 Modified Files: src/sys/kern [netbsd-5-0]: sys_mqueue.c Log Message: Pull up following revision(s) (requested by tron in ticket #1188): sys/kern/sys_mqueue.c: revision 1.28 via patch fix some security critical bugs: -an invalid signal number passed to mq_notify(2) could crash the kernel on delivery -- add a boundary check -a user could set mq_maxmsg (the maximal number of messages in a queue) to a huge value on mq_open(O_CREAT) and later use up all kernel memory by mq_send(2) -- add a sysctl'able limit which defaults to 16*mq_def_maxmsg (mq_notify(2) should get some more checks, and SIGEV_* values other than SIGEV_SIGNAL should be handled somehow, but this doesn't look security critical) To generate a diff of this commit: cvs rdiff -u -r1.12.4.1.2.3 -r1.12.4.1.2.4 src/sys/kern/sys_mqueue.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/sys_mqueue.c diff -u src/sys/kern/sys_mqueue.c:1.12.4.1.2.3 src/sys/kern/sys_mqueue.c:1.12.4.1.2.4 --- src/sys/kern/sys_mqueue.c:1.12.4.1.2.3 Tue Jul 21 00:21:21 2009 +++ src/sys/kern/sys_mqueue.c Fri Dec 18 05:27:56 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: sys_mqueue.c,v 1.12.4.1.2.3 2009/07/21 00:21:21 snj Exp $ */ +/* $NetBSD: sys_mqueue.c,v 1.12.4.1.2.4 2009/12/18 05:27:56 snj Exp $ */ /* * Copyright (c) 2007, 2008 Mindaugas Rasiukevicius rmind at NetBSD org @@ -42,7 +42,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: sys_mqueue.c,v 1.12.4.1.2.3 2009/07/21 00:21:21 snj Exp $); +__KERNEL_RCSID(0, $NetBSD: sys_mqueue.c,v 1.12.4.1.2.4 2009/12/18 05:27:56 snj Exp $); #include sys/param.h #include sys/types.h @@ -77,6 +77,7 @@ static u_int mq_max_msgsize = 16 * MQ_DEF_MSGSIZE; static u_int mq_def_maxmsg = 32; +static u_int mq_max_maxmsg = 16 * 32; static kmutex_t mqlist_mtx; static pool_cache_t mqmsg_cache; @@ -330,7 +331,9 @@ kmem_free(name, MQ_NAMELEN); return error; } - if (attr.mq_maxmsg = 0 || attr.mq_msgsize = 0 || + if (attr.mq_maxmsg = 0 || + attr.mq_maxmsg mq_max_maxmsg || + attr.mq_msgsize = 0 || attr.mq_msgsize mq_max_msgsize) { kmem_free(name, MQ_NAMELEN); return EINVAL; @@ -688,7 +691,8 @@ /* Check for the notify */ if (mq-mq_attrib.mq_curmsgs == 0 mq-mq_notify_proc - (mq-mq_attrib.mq_flags MQ_RECEIVE) == 0) { + (mq-mq_attrib.mq_flags MQ_RECEIVE) == 0 + mq-mq_sig_notify.sigev_notify == SIGEV_SIGNAL) { /* Initialize the signal */ KSI_INIT(ksi); ksi.ksi_signo = mq-mq_sig_notify.sigev_signo; @@ -780,6 +784,9 @@ sizeof(struct sigevent)); if (error) return error; + if (sig.sigev_notify == SIGEV_SIGNAL + (sig.sigev_signo =0 || sig.sigev_signo = NSIG)) + return EINVAL; } error = mqueue_get(SCARG(uap, mqdes), fp); @@ -1002,6 +1009,12 @@ SYSCTL_DESCR(Default maximal message count), NULL, 0, mq_def_maxmsg, 0, CTL_CREATE, CTL_EOL); + sysctl_createv(clog, 0, node, NULL, + CTLFLAG_PERMANENT | CTLFLAG_READWRITE, + CTLTYPE_INT, mq_max_maxmsg, + SYSCTL_DESCR(Maximal allowed message count), + NULL, 0, mq_max_maxmsg, 0, + CTL_CREATE, CTL_EOL); } /*
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: snj Date: Thu Dec 10 23:12:18 UTC 2009 Modified Files: src/sys/kern [netbsd-5-0]: kern_time.c Log Message: Pull up following revision(s) (requested by drochner in ticket #1189): sys/kern/kern_time.c: revision 1.163 If a struct sigevent with SIGEV_SIGNAL is passed to timer_create(2), check the signal number to be in the allowed range. An invalid signal number could crash the kernel by overflowing the sigset_t array. More checks would be good, and SIGEV_THREAD shouldn't be dropped silently, but this fixes at least the local DOS vulnerability. To generate a diff of this commit: cvs rdiff -u -r1.155.4.2 -r1.155.4.2.2.1 src/sys/kern/kern_time.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_time.c diff -u src/sys/kern/kern_time.c:1.155.4.2 src/sys/kern/kern_time.c:1.155.4.2.2.1 --- src/sys/kern/kern_time.c:1.155.4.2 Sun Feb 8 20:38:49 2009 +++ src/sys/kern/kern_time.c Thu Dec 10 23:12:18 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_time.c,v 1.155.4.2 2009/02/08 20:38:49 snj Exp $ */ +/* $NetBSD: kern_time.c,v 1.155.4.2.2.1 2009/12/10 23:12:18 snj Exp $ */ /*- * Copyright (c) 2000, 2004, 2005, 2007, 2008, 2009 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_time.c,v 1.155.4.2 2009/02/08 20:38:49 snj Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_time.c,v 1.155.4.2.2.1 2009/12/10 23:12:18 snj Exp $); #include sys/param.h #include sys/resourcevar.h @@ -536,7 +536,10 @@ if (((error = (*fetch_event)(evp, pt-pt_ev, sizeof(pt-pt_ev))) != 0) || ((pt-pt_ev.sigev_notify SIGEV_NONE) || - (pt-pt_ev.sigev_notify SIGEV_SA))) { + (pt-pt_ev.sigev_notify SIGEV_SA)) || + (pt-pt_ev.sigev_notify == SIGEV_SIGNAL + (pt-pt_ev.sigev_signo = 0 || + pt-pt_ev.sigev_signo = NSIG))) { pool_put(ptimer_pool, pt); return (error ? error : EINVAL); }
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: sborrill Date: Fri Nov 27 09:19:13 UTC 2009 Modified Files: src/sys/kern [netbsd-5-0]: tty_subr.c Log Message: Pull up the following revisions(s) (requested by dsl in ticket #1141): sys/kern/tty_subr.c:revision 1.38 Fix clrbits() so that it doesn't mask no bits out of the byte after the range (when the last bit to be cleared is the msb of a byte). Fixes PR/42312. To generate a diff of this commit: cvs rdiff -u -r1.34 -r1.34.8.1 src/sys/kern/tty_subr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/tty_subr.c diff -u src/sys/kern/tty_subr.c:1.34 src/sys/kern/tty_subr.c:1.34.8.1 --- src/sys/kern/tty_subr.c:1.34 Wed Jul 16 18:27:49 2008 +++ src/sys/kern/tty_subr.c Fri Nov 27 09:19:13 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: tty_subr.c,v 1.34 2008/07/16 18:27:49 drochner Exp $ */ +/* $NetBSD: tty_subr.c,v 1.34.8.1 2009/11/27 09:19:13 sborrill Exp $ */ /* * Copyright (c) 1993, 1994 Theo de Raadt @@ -29,7 +29,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: tty_subr.c,v 1.34 2008/07/16 18:27:49 drochner Exp $); +__KERNEL_RCSID(0, $NetBSD: tty_subr.c,v 1.34.8.1 2009/11/27 09:19:13 sborrill Exp $); #include sys/param.h #include sys/systm.h @@ -316,10 +316,11 @@ return; } + len--; sby = off / NBBY; sbi = off % NBBY; eby = (off+len) / NBBY; - ebi = (off+len) % NBBY; + ebi = (off+len) % NBBY + 1; if (sby == eby) { mask = ((1 (ebi - sbi)) - 1) sbi; cp[sby] = ~mask;
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: sborrill Date: Mon Oct 12 10:51:59 UTC 2009 Modified Files: src/sys/kern [netbsd-5-0]: tty.c Log Message: Pull up the following revisions(s) (requested by dsl in ticket #1087): sys/kern/tty.c: revision 1.234 Check for zero length read here - and return zero. Without this there is a simple local-user panic in ureadc(). To generate a diff of this commit: cvs rdiff -u -r1.227.4.1 -r1.227.4.1.2.1 src/sys/kern/tty.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/tty.c diff -u src/sys/kern/tty.c:1.227.4.1 src/sys/kern/tty.c:1.227.4.1.2.1 --- src/sys/kern/tty.c:1.227.4.1 Fri Feb 6 02:05:18 2009 +++ src/sys/kern/tty.c Mon Oct 12 10:51:59 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: tty.c,v 1.227.4.1 2009/02/06 02:05:18 snj Exp $ */ +/* $NetBSD: tty.c,v 1.227.4.1.2.1 2009/10/12 10:51:59 sborrill Exp $ */ /*- * Copyright (c) 2008 The NetBSD Foundation, Inc. @@ -63,7 +63,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: tty.c,v 1.227.4.1 2009/02/06 02:05:18 snj Exp $); +__KERNEL_RCSID(0, $NetBSD: tty.c,v 1.227.4.1.2.1 2009/10/12 10:51:59 sborrill Exp $); #include sys/param.h #include sys/systm.h @@ -1655,6 +1655,9 @@ long lflag, slp; struct timeval now, stime; + if (uio-uio_resid == 0) + return 0; + stime.tv_usec = 0; /* XXX gcc */ stime.tv_sec = 0; /* XXX gcc */
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: snj Date: Fri Aug 14 21:16:14 UTC 2009 Modified Files: src/sys/kern [netbsd-5-0]: kern_resource.c Log Message: Pull up following revision(s) (requested by dsl in ticket #893): sys/kern/kern_resource.c: revision 1.152 PR/41489: Stathis Kamperis: setpriority(2) returns EACCES instead of EPERM Per discussion on the PR's audit trail, put back original checks for now. To generate a diff of this commit: cvs rdiff -u -r1.147.4.1 -r1.147.4.1.2.1 src/sys/kern/kern_resource.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_resource.c diff -u src/sys/kern/kern_resource.c:1.147.4.1 src/sys/kern/kern_resource.c:1.147.4.1.2.1 --- src/sys/kern/kern_resource.c:1.147.4.1 Wed Apr 1 00:25:22 2009 +++ src/sys/kern/kern_resource.c Fri Aug 14 21:16:14 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_resource.c,v 1.147.4.1 2009/04/01 00:25:22 snj Exp $ */ +/* $NetBSD: kern_resource.c,v 1.147.4.1.2.1 2009/08/14 21:16:14 snj Exp $ */ /*- * Copyright (c) 1982, 1986, 1991, 1993 @@ -37,7 +37,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_resource.c,v 1.147.4.1 2009/04/01 00:25:22 snj Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_resource.c,v 1.147.4.1.2.1 2009/08/14 21:16:14 snj Exp $); #include sys/param.h #include sys/systm.h @@ -229,6 +229,11 @@ KASSERT(mutex_owned(chgp-p_lock)); + if (kauth_cred_geteuid(cred) kauth_cred_getuid(cred) + kauth_cred_geteuid(cred) != kauth_cred_geteuid(chgp-p_cred) + kauth_cred_getuid(cred) != kauth_cred_geteuid(chgp-p_cred)) + return (EPERM); + if (n PRIO_MAX) n = PRIO_MAX; if (n PRIO_MIN)
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: snj Date: Tue Jul 21 00:21:21 UTC 2009 Modified Files: src/sys/kern [netbsd-5-0]: sys_mqueue.c Log Message: Pull up following revision(s) (requested by rmind in ticket #857): sys/kern/sys_mqueue.c: revision 1.21 via patch mq_send/mq_receive: while permission may allow that, return EBADF if sending to read-only queue, or receiving from write-only queue. From Stathis Kamperis, thanks! To generate a diff of this commit: cvs rdiff -u -r1.12.4.1.2.2 -r1.12.4.1.2.3 src/sys/kern/sys_mqueue.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/sys_mqueue.c diff -u src/sys/kern/sys_mqueue.c:1.12.4.1.2.2 src/sys/kern/sys_mqueue.c:1.12.4.1.2.3 --- src/sys/kern/sys_mqueue.c:1.12.4.1.2.2 Wed May 27 21:33:50 2009 +++ src/sys/kern/sys_mqueue.c Tue Jul 21 00:21:21 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: sys_mqueue.c,v 1.12.4.1.2.2 2009/05/27 21:33:50 snj Exp $ */ +/* $NetBSD: sys_mqueue.c,v 1.12.4.1.2.3 2009/07/21 00:21:21 snj Exp $ */ /* * Copyright (c) 2007, 2008 Mindaugas Rasiukevicius rmind at NetBSD org @@ -42,7 +42,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: sys_mqueue.c,v 1.12.4.1.2.2 2009/05/27 21:33:50 snj Exp $); +__KERNEL_RCSID(0, $NetBSD: sys_mqueue.c,v 1.12.4.1.2.3 2009/07/21 00:21:21 snj Exp $); #include sys/param.h #include sys/types.h @@ -482,9 +482,14 @@ /* Get the message queue */ error = mqueue_get(mqdes, fp); - if (error) + if (error) { return error; + } mq = fp-f_data; + if ((fp-f_flag FREAD) == 0) { + error = EBADF; + goto error; + } /* Check the message size limits */ if (msg_len mq-mq_attrib.mq_msgsize) { @@ -642,6 +647,10 @@ return error; } mq = fp-f_data; + if ((fp-f_flag FWRITE) == 0) { + error = EBADF; + goto error; + } /* Check the message size limit */ if (msg_len = 0 || msg_len mq-mq_attrib.mq_msgsize) {
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: snj Date: Wed Jul 1 22:27:55 UTC 2009 Modified Files: src/sys/kern [netbsd-5-0]: init_sysctl.c Log Message: Pull up following revision(s) (requested by rmind in ticket #835): sys/kern/init_sysctl.c: revision 1.161 sysctl_doeproc: fix a bug in rev.1.135. don't forget to mark our marker process PK_MARKER. this fixes crashes in sched_pstats, etc. To generate a diff of this commit: cvs rdiff -u -r1.149.4.4 -r1.149.4.4.2.1 src/sys/kern/init_sysctl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/init_sysctl.c diff -u src/sys/kern/init_sysctl.c:1.149.4.4 src/sys/kern/init_sysctl.c:1.149.4.4.2.1 --- src/sys/kern/init_sysctl.c:1.149.4.4 Wed Apr 1 00:25:22 2009 +++ src/sys/kern/init_sysctl.c Wed Jul 1 22:27:55 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: init_sysctl.c,v 1.149.4.4 2009/04/01 00:25:22 snj Exp $ */ +/* $NetBSD: init_sysctl.c,v 1.149.4.4.2.1 2009/07/01 22:27:55 snj Exp $ */ /*- * Copyright (c) 2003, 2007, 2008 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: init_sysctl.c,v 1.149.4.4 2009/04/01 00:25:22 snj Exp $); +__KERNEL_RCSID(0, $NetBSD: init_sysctl.c,v 1.149.4.4.2.1 2009/07/01 22:27:55 snj Exp $); #include opt_sysv.h #include opt_compat_netbsd32.h @@ -2200,6 +2200,7 @@ kproc2 = kmem_alloc(sizeof(*kproc2), KM_SLEEP); } marker = kmem_alloc(sizeof(*marker), KM_SLEEP); + marker-p_flag = PK_MARKER; mutex_enter(proc_lock); mmmbrains = false;
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: snj Date: Wed Jul 1 22:30:44 UTC 2009 Modified Files: src/sys/kern [netbsd-5-0]: kern_exit.c Log Message: Pull up following revision(s) (requested by rmind in ticket #836): sys/kern/kern_exit.c: revision 1.221 exit1: fix a race with do_sys_wait/proc_free. To generate a diff of this commit: cvs rdiff -u -r1.214.4.1 -r1.214.4.1.2.1 src/sys/kern/kern_exit.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_exit.c diff -u src/sys/kern/kern_exit.c:1.214.4.1 src/sys/kern/kern_exit.c:1.214.4.1.2.1 --- src/sys/kern/kern_exit.c:1.214.4.1 Mon Feb 2 02:32:57 2009 +++ src/sys/kern/kern_exit.c Wed Jul 1 22:30:44 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_exit.c,v 1.214.4.1 2009/02/02 02:32:57 snj Exp $ */ +/* $NetBSD: kern_exit.c,v 1.214.4.1.2.1 2009/07/01 22:30:44 snj Exp $ */ /*- * Copyright (c) 1998, 1999, 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -67,7 +67,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_exit.c,v 1.214.4.1 2009/02/02 02:32:57 snj Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_exit.c,v 1.214.4.1.2.1 2009/07/01 22:30:44 snj Exp $); #include opt_ktrace.h #include opt_perfctrs.h @@ -550,8 +550,8 @@ * Drop debugger/procfs lock; no new references can be gained. */ cv_broadcast(p-p_pptr-p_waitcv); - mutex_exit(proc_lock); rw_exit(p-p_reflock); + mutex_exit(proc_lock); /* Verify that we hold no locks other than the kernel lock. */ LOCKDEBUG_BARRIER(kernel_lock, 0);
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: snj Date: Wed Jul 1 22:32:58 UTC 2009 Modified Files: src/sys/kern [netbsd-5-0]: kern_rwlock.c Log Message: Pull up following revision(s) (requested by rmind in ticket #837): sys/kern/kern_rwlock.c: revision 1.31 lockdebug fixes for rw_tryupgrade/rw_downgrade. To generate a diff of this commit: cvs rdiff -u -r1.28.10.1 -r1.28.10.2 src/sys/kern/kern_rwlock.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_rwlock.c diff -u src/sys/kern/kern_rwlock.c:1.28.10.1 src/sys/kern/kern_rwlock.c:1.28.10.2 --- src/sys/kern/kern_rwlock.c:1.28.10.1 Wed May 13 00:24:48 2009 +++ src/sys/kern/kern_rwlock.c Wed Jul 1 22:32:58 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_rwlock.c,v 1.28.10.1 2009/05/13 00:24:48 snj Exp $ */ +/* $NetBSD: kern_rwlock.c,v 1.28.10.2 2009/07/01 22:32:58 snj Exp $ */ /*- * Copyright (c) 2002, 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -38,7 +38,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_rwlock.c,v 1.28.10.1 2009/05/13 00:24:48 snj Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_rwlock.c,v 1.28.10.2 2009/07/01 22:32:58 snj Exp $); #define __RWLOCK_PRIVATE @@ -648,6 +648,7 @@ } } + RW_WANTLOCK(rw, RW_READER, false); RW_LOCKED(rw, RW_READER); RW_DASSERT(rw, (rw-rw_owner RW_WRITE_LOCKED) == 0); RW_DASSERT(rw, RW_COUNT(rw) != 0); @@ -666,7 +667,7 @@ curthread = (uintptr_t)curlwp; RW_ASSERT(rw, curthread != 0); - RW_WANTLOCK(rw, RW_WRITER, true); + RW_ASSERT(rw, rw_read_held(rw)); for (owner = rw-rw_owner;; owner = next) { RW_ASSERT(rw, (owner RW_WRITE_LOCKED) == 0); @@ -683,6 +684,7 @@ } RW_UNLOCKED(rw, RW_READER); + RW_WANTLOCK(rw, RW_WRITER, true); RW_LOCKED(rw, RW_WRITER); RW_DASSERT(rw, rw-rw_owner RW_WRITE_LOCKED); RW_DASSERT(rw, RW_OWNER(rw) == curthread);
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: snj Date: Wed Jul 1 22:39:28 UTC 2009 Modified Files: src/sys/kern [netbsd-5-0]: init_sysctl.c vfs_trans.c Log Message: Pull up following revision(s) (requested by rmind in ticket #838): sys/kern/init_sysctl.c: revision 1.162 sys/kern/vfs_trans.c: revision 1.25 don't forget to skip marker processes. To generate a diff of this commit: cvs rdiff -u -r1.149.4.4.2.1 -r1.149.4.4.2.2 src/sys/kern/init_sysctl.c cvs rdiff -u -r1.23 -r1.23.6.1 src/sys/kern/vfs_trans.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/init_sysctl.c diff -u src/sys/kern/init_sysctl.c:1.149.4.4.2.1 src/sys/kern/init_sysctl.c:1.149.4.4.2.2 --- src/sys/kern/init_sysctl.c:1.149.4.4.2.1 Wed Jul 1 22:27:55 2009 +++ src/sys/kern/init_sysctl.c Wed Jul 1 22:39:28 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: init_sysctl.c,v 1.149.4.4.2.1 2009/07/01 22:27:55 snj Exp $ */ +/* $NetBSD: init_sysctl.c,v 1.149.4.4.2.2 2009/07/01 22:39:28 snj Exp $ */ /*- * Copyright (c) 2003, 2007, 2008 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: init_sysctl.c,v 1.149.4.4.2.1 2009/07/01 22:27:55 snj Exp $); +__KERNEL_RCSID(0, $NetBSD: init_sysctl.c,v 1.149.4.4.2.2 2009/07/01 22:39:28 snj Exp $); #include opt_sysv.h #include opt_compat_netbsd32.h @@ -1693,7 +1693,7 @@ sysctl_unlock(); if (pid == -1) { mutex_enter(proc_lock); - LIST_FOREACH(p, allproc, p_list) { + PROCLIST_FOREACH(p, allproc) { /* Grab a hold on the process. */ if (!rw_tryenter(p-p_reflock, RW_READER)) { continue; @@ -2021,7 +2021,7 @@ return (EINVAL); sysctl_unlock(); mutex_enter(proc_lock); - LIST_FOREACH(p, allproc, p_list) { + PROCLIST_FOREACH(p, allproc) { if (p-p_stat == SIDL) { /* skip embryonic processes */ continue; @@ -2214,6 +2214,8 @@ break; } next = LIST_NEXT(p, p_list); + if ((p-p_flag PK_MARKER) != 0) + continue; /* * Skip embryonic processes. Index: src/sys/kern/vfs_trans.c diff -u src/sys/kern/vfs_trans.c:1.23 src/sys/kern/vfs_trans.c:1.23.6.1 --- src/sys/kern/vfs_trans.c:1.23 Wed Sep 17 14:49:25 2008 +++ src/sys/kern/vfs_trans.c Wed Jul 1 22:39:28 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_trans.c,v 1.23 2008/09/17 14:49:25 hannken Exp $ */ +/* $NetBSD: vfs_trans.c,v 1.23.6.1 2009/07/01 22:39:28 snj Exp $ */ /*- * Copyright (c) 2007 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: vfs_trans.c,v 1.23 2008/09/17 14:49:25 hannken Exp $); +__KERNEL_RCSID(0, $NetBSD: vfs_trans.c,v 1.23.6.1 2009/07/01 22:39:28 snj Exp $); /* * File system transaction operations. @@ -486,7 +486,7 @@ printf(Fstrans locks by lwp:\n); for (pd = proclists; pd-pd_list != NULL; pd++) - LIST_FOREACH(p, pd-pd_list, p_list) + PROCLIST_FOREACH(p, pd-pd_list) LIST_FOREACH(l, p-p_lwps, l_sibling) fstrans_print_lwp(p, l, full == 1);
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: snj Date: Wed Jul 1 22:42:38 UTC 2009 Modified Files: src/sys/kern [netbsd-5-0]: init_sysctl.c Log Message: Pull up following revision(s) (requested by rmind in ticket #839): sys/kern/init_sysctl.c: revision 1.163 sysctl_doeproc: - simplify. - KERN_PROC: fix possible stale proc pointer dereference. - KERN_PROC: don't do copyout with proc_lock held. To generate a diff of this commit: cvs rdiff -u -r1.149.4.4.2.2 -r1.149.4.4.2.3 src/sys/kern/init_sysctl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/init_sysctl.c diff -u src/sys/kern/init_sysctl.c:1.149.4.4.2.2 src/sys/kern/init_sysctl.c:1.149.4.4.2.3 --- src/sys/kern/init_sysctl.c:1.149.4.4.2.2 Wed Jul 1 22:39:28 2009 +++ src/sys/kern/init_sysctl.c Wed Jul 1 22:42:38 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: init_sysctl.c,v 1.149.4.4.2.2 2009/07/01 22:39:28 snj Exp $ */ +/* $NetBSD: init_sysctl.c,v 1.149.4.4.2.3 2009/07/01 22:42:38 snj Exp $ */ /*- * Copyright (c) 2003, 2007, 2008 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: init_sysctl.c,v 1.149.4.4.2.2 2009/07/01 22:39:28 snj Exp $); +__KERNEL_RCSID(0, $NetBSD: init_sysctl.c,v 1.149.4.4.2.3 2009/07/01 22:42:38 snj Exp $); #include opt_sysv.h #include opt_compat_netbsd32.h @@ -2152,21 +2152,21 @@ static int sysctl_doeproc(SYSCTLFN_ARGS) { - struct eproc *eproc; - struct kinfo_proc2 *kproc2; - struct kinfo_proc *dp; + union { + struct kinfo_proc kproc; + struct kinfo_proc2 kproc2; + } *kbuf; struct proc *p, *next, *marker; - char *where, *dp2; + char *where, *dp; int type, op, arg, error; - u_int elem_size, elem_count; + u_int elem_size, kelem_size, elem_count; size_t buflen, needed; bool match, zombie, mmmbrains; if (namelen == 1 name[0] == CTL_QUERY) return (sysctl_query(SYSCTLFN_CALL(rnode))); - dp = oldp; - dp2 = where = oldp; + dp = where = oldp; buflen = where != NULL ? *oldlenp : 0; error = 0; needed = 0; @@ -2180,7 +2180,8 @@ arg = name[1]; else arg = 0; /* Quell compiler warning */ - elem_size = elem_count = 0; /* Ditto */ + elem_count = 0; /* Ditto */ + kelem_size = elem_size = sizeof(kbuf-kproc); } else { if (namelen != 4) return (EINVAL); @@ -2188,17 +2189,12 @@ arg = name[1]; elem_size = name[2]; elem_count = name[3]; + kelem_size = sizeof(kbuf-kproc2); } sysctl_unlock(); - if (type == KERN_PROC) { - eproc = kmem_alloc(sizeof(*eproc), KM_SLEEP); - kproc2 = NULL; - } else { - eproc = NULL; - kproc2 = kmem_alloc(sizeof(*kproc2), KM_SLEEP); - } + kbuf = kmem_alloc(sizeof(*kbuf), KM_SLEEP); marker = kmem_alloc(sizeof(*marker), KM_SLEEP); marker-p_flag = PK_MARKER; @@ -2312,51 +2308,32 @@ LIST_INSERT_AFTER(p, marker, p_list); } - if (type == KERN_PROC) { - if (buflen = sizeof(struct kinfo_proc)) { -fill_eproc(p, eproc, zombie); -mutex_exit(p-p_lock); -mutex_exit(proc_lock); -error = dcopyout(l, p, dp-kp_proc, -sizeof(struct proc)); -mutex_enter(proc_lock); -if (error) { - goto bah; -} -error = dcopyout(l, eproc, dp-kp_eproc, -sizeof(*eproc)); -if (error) { - goto bah; -} -dp++; -buflen -= sizeof(struct kinfo_proc); + if (buflen = elem_size + (type == KERN_PROC || elem_count 0)) { + if (type == KERN_PROC) { +kbuf-kproc.kp_proc = *p; +fill_eproc(p, kbuf-kproc.kp_eproc, zombie); } else { -mutex_exit(p-p_lock); - } - needed += sizeof(struct kinfo_proc); - } else { /* KERN_PROC2 */ - if (buflen = elem_size elem_count 0) { -fill_kproc2(p, kproc2, zombie); -mutex_exit(p-p_lock); -mutex_exit(proc_lock); -/* - * Copy out elem_size, but not larger than - * the size of a struct kinfo_proc2. - */ -error = dcopyout(l, kproc2, dp2, -min(sizeof(*kproc2), elem_size)); -mutex_enter(proc_lock); -if (error) { - goto bah; -} -dp2 += elem_size; -buflen -= elem_size; +fill_kproc2(p, kbuf-kproc2, zombie); elem_count--; - } else { -mutex_exit(p-p_lock); } - needed += elem_size; + mutex_exit(p-p_lock); + mutex_exit(proc_lock); + /* + * Copy out elem_size, but not larger than kelem_size + */ + error = dcopyout(l, kbuf, dp, + min(kelem_size, elem_size)); + mutex_enter(proc_lock); + if (error) { +goto bah; + } + dp += elem_size; + buflen -= elem_size; + } else { + mutex_exit(p-p_lock); } + needed += elem_size; /* * Release reference to process. @@ -2371,10 +2348,7 @@ mutex_exit(proc_lock); if (where != NULL) { - if (type == KERN_PROC) - *oldlenp = (char *)dp - where; - else - *oldlenp = dp2 - where; + *oldlenp = dp - where; if (needed *oldlenp) { error = ENOMEM; goto out; @@ -2383,10 +2357,8 @@ needed +=
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: snj Date: Wed Jul 1 22:45:13 UTC 2009 Modified Files: src/sys/kern [netbsd-5-0]: vfs_lockf.c Log Message: Pull up following revision(s) (requested by rmind in ticket #840): sys/kern/vfs_lockf.c: revision 1.70 lf_split: cv_destroy a condvar before clobbering it. To generate a diff of this commit: cvs rdiff -u -r1.69 -r1.69.10.1 src/sys/kern/vfs_lockf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/vfs_lockf.c diff -u src/sys/kern/vfs_lockf.c:1.69 src/sys/kern/vfs_lockf.c:1.69.10.1 --- src/sys/kern/vfs_lockf.c:1.69 Sat Oct 11 13:40:57 2008 +++ src/sys/kern/vfs_lockf.c Wed Jul 1 22:45:13 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_lockf.c,v 1.69 2008/10/11 13:40:57 pooka Exp $ */ +/* $NetBSD: vfs_lockf.c,v 1.69.10.1 2009/07/01 22:45:13 snj Exp $ */ /* * Copyright (c) 1982, 1986, 1989, 1993 @@ -35,7 +35,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: vfs_lockf.c,v 1.69 2008/10/11 13:40:57 pooka Exp $); +__KERNEL_RCSID(0, $NetBSD: vfs_lockf.c,v 1.69.10.1 2009/07/01 22:45:13 snj Exp $); #include sys/param.h #include sys/systm.h @@ -383,6 +383,7 @@ */ splitlock = *sparelock; *sparelock = NULL; + cv_destroy(splitlock-lf_cv); memcpy(splitlock, lock1, sizeof(*splitlock)); cv_init(splitlock-lf_cv, lockstr);
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: snj Date: Wed Jul 1 22:47:12 UTC 2009 Modified Files: src/sys/kern [netbsd-5-0]: vfs_syscalls.c Log Message: Pull up following revision(s) (requested by rmind in ticket #841): sys/kern/vfs_syscalls.c: revision 1.392 do_sys_utimes: fix a bug introduced by rev.1.367. VA_UTIMES_NULL is in va_vaflags, not va_flags. To generate a diff of this commit: cvs rdiff -u -r1.376.4.2 -r1.376.4.2.2.1 src/sys/kern/vfs_syscalls.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/vfs_syscalls.c diff -u src/sys/kern/vfs_syscalls.c:1.376.4.2 src/sys/kern/vfs_syscalls.c:1.376.4.2.2.1 --- src/sys/kern/vfs_syscalls.c:1.376.4.2 Mon Feb 16 03:33:17 2009 +++ src/sys/kern/vfs_syscalls.c Wed Jul 1 22:47:12 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_syscalls.c,v 1.376.4.2 2009/02/16 03:33:17 snj Exp $ */ +/* $NetBSD: vfs_syscalls.c,v 1.376.4.2.2.1 2009/07/01 22:47:12 snj Exp $ */ /*- * Copyright (c) 2008 The NetBSD Foundation, Inc. @@ -63,7 +63,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: vfs_syscalls.c,v 1.376.4.2 2009/02/16 03:33:17 snj Exp $); +__KERNEL_RCSID(0, $NetBSD: vfs_syscalls.c,v 1.376.4.2.2.1 2009/07/01 22:47:12 snj Exp $); #include opt_compat_netbsd.h #include opt_compat_43.h @@ -3051,7 +3051,7 @@ if (setbirthtime) vattr.va_birthtime = ts[1]; if (vanull) - vattr.va_flags |= VA_UTIMES_NULL; + vattr.va_vaflags |= VA_UTIMES_NULL; error = VOP_SETATTR(vp, vattr, l-l_cred); VOP_UNLOCK(vp, 0);
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: snj Date: Wed Jul 1 22:49:54 UTC 2009 Modified Files: src/sys/kern [netbsd-5-0]: vfs_lockf.c Log Message: Pull up following revision(s) (requested by rmind in ticket #842): sys/kern/vfs_lockf.c: revision 1.71 don't make F_GETLK or the common case of F_UNLCK fail for per-user limit. To generate a diff of this commit: cvs rdiff -u -r1.69.10.1 -r1.69.10.2 src/sys/kern/vfs_lockf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/vfs_lockf.c diff -u src/sys/kern/vfs_lockf.c:1.69.10.1 src/sys/kern/vfs_lockf.c:1.69.10.2 --- src/sys/kern/vfs_lockf.c:1.69.10.1 Wed Jul 1 22:45:13 2009 +++ src/sys/kern/vfs_lockf.c Wed Jul 1 22:49:53 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_lockf.c,v 1.69.10.1 2009/07/01 22:45:13 snj Exp $ */ +/* $NetBSD: vfs_lockf.c,v 1.69.10.2 2009/07/01 22:49:53 snj Exp $ */ /* * Copyright (c) 1982, 1986, 1989, 1993 @@ -35,7 +35,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: vfs_lockf.c,v 1.69.10.1 2009/07/01 22:45:13 snj Exp $); +__KERNEL_RCSID(0, $NetBSD: vfs_lockf.c,v 1.69.10.2 2009/07/01 22:49:53 snj Exp $); #include sys/param.h #include sys/systm.h @@ -190,11 +190,12 @@ * 0 - always allocate. 1 - cutoff at limit. 2 - cutoff at double limit. */ static struct lockf * -lf_alloc(uid_t uid, int allowfail) +lf_alloc(int allowfail) { struct uidinfo *uip; struct lockf *lock; u_long lcnt; + const uid_t uid = kauth_cred_geteuid(kauth_cred_get()); uip = uid_find(uid); lcnt = atomic_inc_ulong_nv(uip-ui_lockcnt); @@ -807,7 +808,6 @@ int lf_advlock(struct vop_advlock_args *ap, struct lockf **head, off_t size) { - struct lwp *l = curlwp; struct flock *fl = ap-a_fl; struct lockf *lock = NULL; struct lockf *sparelock; @@ -852,7 +852,7 @@ /* * Byte-range lock might need one more lock. */ - sparelock = lf_alloc(kauth_cred_geteuid(l-l_cred), 0); + sparelock = lf_alloc(0); if (sparelock == NULL) { error = ENOMEM; goto quit; @@ -869,8 +869,28 @@ return EINVAL; } - lock = lf_alloc(kauth_cred_geteuid(l-l_cred), - ap-a_op != F_UNLCK ? 1 : 2); + if (fl-l_len == 0) + end = -1; + else + end = start + fl-l_len - 1; + + switch (ap-a_op) { + case F_SETLK: + lock = lf_alloc(1); + break; + case F_UNLCK: + if (start == 0 || end == -1) { + /* never split */ + lock = lf_alloc(0); + } else { + /* might split */ + lock = lf_alloc(2); + } + break; + case F_GETLK: + lock = lf_alloc(0); + break; + } if (lock == NULL) { error = ENOMEM; goto quit; @@ -889,10 +909,6 @@ } } - if (fl-l_len == 0) - end = -1; - else - end = start + fl-l_len - 1; /* * Create the lockf structure. */
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: bouyer Date: Wed Jun 17 20:21:15 UTC 2009 Modified Files: src/sys/kern [netbsd-5-0]: subr_kobj.c Log Message: Pull up following revision(s) (requested by rmind in ticket #809): sys/kern/subr_kobj.c: revision 1.35 Fix a crash observed when trying to load a corrupted ELF image. To generate a diff of this commit: cvs rdiff -u -r1.24.4.1 -r1.24.4.1.2.1 src/sys/kern/subr_kobj.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/subr_kobj.c diff -u src/sys/kern/subr_kobj.c:1.24.4.1 src/sys/kern/subr_kobj.c:1.24.4.1.2.1 --- src/sys/kern/subr_kobj.c:1.24.4.1 Mon Feb 2 02:27:22 2009 +++ src/sys/kern/subr_kobj.c Wed Jun 17 20:21:14 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: subr_kobj.c,v 1.24.4.1 2009/02/02 02:27:22 snj Exp $ */ +/* $NetBSD: subr_kobj.c,v 1.24.4.1.2.1 2009/06/17 20:21:14 bouyer Exp $ */ /*- * Copyright (c) 2008 The NetBSD Foundation, Inc. @@ -62,7 +62,7 @@ #include opt_modular.h #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: subr_kobj.c,v 1.24.4.1 2009/02/02 02:27:22 snj Exp $); +__KERNEL_RCSID(0, $NetBSD: subr_kobj.c,v 1.24.4.1.2.1 2009/06/17 20:21:14 bouyer Exp $); #define ELFSIZE ARCH_ELFSIZE @@ -803,25 +803,25 @@ { int i; - for (i = 0; i ko-ko_nrel; i++) { - if (ko-ko_reltab[i].rel) { - kobj_free(ko, ko-ko_reltab[i].rel, - ko-ko_reltab[i].size); - } - } - for (i = 0; i ko-ko_nrela; i++) { - if (ko-ko_relatab[i].rela) { - kobj_free(ko, ko-ko_relatab[i].rela, - ko-ko_relatab[i].size); - } - } if (ko-ko_reltab != NULL) { + for (i = 0; i ko-ko_nrel; i++) { + if (ko-ko_reltab[i].rel) { +kobj_free(ko, ko-ko_reltab[i].rel, +ko-ko_reltab[i].size); + } + } kobj_free(ko, ko-ko_reltab, ko-ko_nrel * sizeof(*ko-ko_reltab)); ko-ko_reltab = NULL; ko-ko_nrel = 0; } if (ko-ko_relatab != NULL) { + for (i = 0; i ko-ko_nrela; i++) { + if (ko-ko_relatab[i].rela) { +kobj_free(ko, ko-ko_relatab[i].rela, +ko-ko_relatab[i].size); + } + } kobj_free(ko, ko-ko_relatab, ko-ko_nrela * sizeof(*ko-ko_relatab)); ko-ko_relatab = NULL;
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: bouyer Date: Wed Jun 17 20:48:57 UTC 2009 Modified Files: src/sys/kern [netbsd-5-0]: sys_generic.c Log Message: Pull up following revision(s) (requested by rmind in ticket #811): sys/kern/sys_generic.c: revision 1.122 via patch Updates to f_flag need to be made with atomics. To generate a diff of this commit: cvs rdiff -u -r1.120 -r1.120.12.1 src/sys/kern/sys_generic.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/sys_generic.c diff -u src/sys/kern/sys_generic.c:1.120 src/sys/kern/sys_generic.c:1.120.12.1 --- src/sys/kern/sys_generic.c:1.120 Wed Jul 2 16:45:20 2008 +++ src/sys/kern/sys_generic.c Wed Jun 17 20:48:57 2009 @@ -1,7 +1,7 @@ -/* $NetBSD: sys_generic.c,v 1.120 2008/07/02 16:45:20 matt Exp $ */ +/* $NetBSD: sys_generic.c,v 1.120.12.1 2009/06/17 20:48:57 bouyer Exp $ */ /*- - * Copyright (c) 2007, 2008 The NetBSD Foundation, Inc. + * Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc. * All rights reserved. * * This code is derived from software contributed to The NetBSD Foundation @@ -70,7 +70,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: sys_generic.c,v 1.120 2008/07/02 16:45:20 matt Exp $); +__KERNEL_RCSID(0, $NetBSD: sys_generic.c,v 1.120.12.1 2009/06/17 20:48:57 bouyer Exp $); #include sys/param.h #include sys/systm.h @@ -89,6 +89,7 @@ #include sys/mount.h #include sys/syscallargs.h #include sys/ktrace.h +#include sys/atomic.h #include uvm/uvm_extern.h @@ -593,22 +594,20 @@ switch (com) { case FIONBIO: - FILE_LOCK(fp); + /* XXX Code block is not atomic */ if (*(int *)data != 0) - fp-f_flag |= FNONBLOCK; + atomic_or_uint(fp-f_flag, FNONBLOCK); else - fp-f_flag = ~FNONBLOCK; - FILE_UNLOCK(fp); + atomic_and_uint(fp-f_flag, ~FNONBLOCK); error = (*fp-f_ops-fo_ioctl)(fp, FIONBIO, data); break; case FIOASYNC: - FILE_LOCK(fp); + /* XXX Code block is not atomic */ if (*(int *)data != 0) - fp-f_flag |= FASYNC; + atomic_or_uint(fp-f_flag, FASYNC); else - fp-f_flag = ~FASYNC; - FILE_UNLOCK(fp); + atomic_and_uint(fp-f_flag, ~FASYNC); error = (*fp-f_ops-fo_ioctl)(fp, FIOASYNC, data); break;
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: bouyer Date: Wed Jun 17 21:34:04 UTC 2009 Modified Files: src/sys/kern [netbsd-5-0]: tty_pty.c Log Message: Pull up following revision(s) (requested by plunky in ticket #807): sys/kern/tty_pty.c: revision 1.117 Writes on the controlling tty were not being awoken from blocks, use the correct condvar to make this happen. this fixes PR/41566 To generate a diff of this commit: cvs rdiff -u -r1.112 -r1.112.6.1 src/sys/kern/tty_pty.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/tty_pty.c diff -u src/sys/kern/tty_pty.c:1.112 src/sys/kern/tty_pty.c:1.112.6.1 --- src/sys/kern/tty_pty.c:1.112 Wed Sep 3 16:47:34 2008 +++ src/sys/kern/tty_pty.c Wed Jun 17 21:34:04 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: tty_pty.c,v 1.112 2008/09/03 16:47:34 drochner Exp $ */ +/* $NetBSD: tty_pty.c,v 1.112.6.1 2009/06/17 21:34:04 bouyer Exp $ */ /* * Copyright (c) 1982, 1986, 1989, 1993 @@ -37,7 +37,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: tty_pty.c,v 1.112 2008/09/03 16:47:34 drochner Exp $); +__KERNEL_RCSID(0, $NetBSD: tty_pty.c,v 1.112.6.1 2009/06/17 21:34:04 bouyer Exp $); #include opt_compat_sunos.h #include opt_ptm.h @@ -779,7 +779,7 @@ error = cnt == 0 ? EWOULDBLOCK : 0; goto out; } - error = cv_wait_sig(tp-t_rawcv, tty_lock); + error = cv_wait_sig(tp-t_rawcvf, tty_lock); mutex_spin_exit(tty_lock); if (error) { /* adjust for data copied in but not written */
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: snj Date: Wed May 27 21:33:50 UTC 2009 Modified Files: src/sys/kern [netbsd-5-0]: sys_mqueue.c Log Message: Pull up following revision(s) (requested by rmind in ticket #779): sys/kern/sys_mqueue.c: revision 1.18 - Slightly rework the way permissions are checked. Neither mq_receive() not mq_send() should fail due to permissions. Noted by Stathis Kamperis! - Check for empty message queue name (POSIX does not allow this for regular files, and it's weird), check for DTYPE_MQUEUE, fix permission check in mq_unlink(), clean up. To generate a diff of this commit: cvs rdiff -u -r1.12.4.1.2.1 -r1.12.4.1.2.2 src/sys/kern/sys_mqueue.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/sys_mqueue.c diff -u src/sys/kern/sys_mqueue.c:1.12.4.1.2.1 src/sys/kern/sys_mqueue.c:1.12.4.1.2.2 --- src/sys/kern/sys_mqueue.c:1.12.4.1.2.1 Mon May 18 19:50:13 2009 +++ src/sys/kern/sys_mqueue.c Wed May 27 21:33:50 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: sys_mqueue.c,v 1.12.4.1.2.1 2009/05/18 19:50:13 bouyer Exp $ */ +/* $NetBSD: sys_mqueue.c,v 1.12.4.1.2.2 2009/05/27 21:33:50 snj Exp $ */ /* * Copyright (c) 2007, 2008 Mindaugas Rasiukevicius rmind at NetBSD org @@ -42,7 +42,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: sys_mqueue.c,v 1.12.4.1.2.1 2009/05/18 19:50:13 bouyer Exp $); +__KERNEL_RCSID(0, $NetBSD: sys_mqueue.c,v 1.12.4.1.2.2 2009/05/27 21:33:50 snj Exp $); #include sys/param.h #include sys/types.h @@ -86,8 +86,6 @@ static int mq_poll_fop(file_t *, int); static int mq_close_fop(file_t *); -#define FNOVAL -1 - static const struct fileops mqops = { .fo_read = fbadop_read, .fo_write = fbadop_write, @@ -166,57 +164,28 @@ } /* - * Check access against message queue. - */ -static inline int -mqueue_access(struct lwp *l, struct mqueue *mq, int access) -{ - mode_t acc_mode = 0; - - KASSERT(mutex_owned(mq-mq_mtx)); - KASSERT(access != FNOVAL); - - /* Note the difference between VREAD/VWRITE and FREAD/FWRITE */ - if (access FREAD) - acc_mode |= VREAD; - if (access FWRITE) - acc_mode |= VWRITE; - - return vaccess(VNON, mq-mq_mode, mq-mq_euid, mq-mq_egid, - acc_mode, l-l_cred); -} - -/* - * Get the mqueue from the descriptor. - * = locks the message queue, if found - * = increments the reference on file entry + * mqueue_get: get the mqueue from the descriptor. + * = locks the message queue, if found. + * = holds a reference on the file descriptor. */ static int -mqueue_get(struct lwp *l, mqd_t mqd, int access, file_t **fpr) +mqueue_get(mqd_t mqd, file_t **fpr) { - file_t *fp; struct mqueue *mq; + file_t *fp; - /* Get the file and descriptor */ fp = fd_getfile((int)mqd); - if (fp == NULL) + if (__predict_false(fp == NULL)) { return EBADF; - - /* Increment the reference of file entry, and lock the mqueue */ - mq = fp-f_data; - *fpr = fp; - mutex_enter(mq-mq_mtx); - if (access == FNOVAL) { - KASSERT(mutex_owned(mq-mq_mtx)); - return 0; } - - /* Check the access mode and permission */ - if ((fp-f_flag access) != access || mqueue_access(l, mq, access)) { - mutex_exit(mq-mq_mtx); + if (__predict_false(fp-f_type != DTYPE_MQUEUE)) { fd_putfile((int)mqd); - return EPERM; + return EBADF; } + mq = fp-f_data; + mutex_enter(mq-mq_mtx); + + *fpr = fp; return 0; } @@ -347,6 +316,12 @@ return EMFILE; } + /* Empty name is invalid */ + if (name[0] == '\0') { + kmem_free(name, MQ_NAMELEN); + return EINVAL; + } + /* Check for mqueue attributes */ if (SCARG(uap, attr)) { error = copyin(SCARG(uap, attr), attr, @@ -383,7 +358,9 @@ strlcpy(mq_new-mq_name, name, MQ_NAMELEN); memcpy(mq_new-mq_attrib, attr, sizeof(struct mq_attr)); - mq_new-mq_attrib.mq_flags = oflag; + + CTASSERT((O_MASK (MQ_UNLINK | MQ_RECEIVE)) == 0); + mq_new-mq_attrib.mq_flags = (O_MASK oflag); /* Store mode and effective UID with GID */ mq_new-mq_mode = ((SCARG(uap, mode) @@ -408,6 +385,8 @@ mutex_enter(mqlist_mtx); mq = mqueue_lookup(name); if (mq) { + mode_t acc_mode; + KASSERT(mutex_owned(mq-mq_mtx)); /* Check if mqueue is not marked as unlinking */ @@ -420,8 +399,20 @@ error = EEXIST; goto exit; } - /* Check the permission */ - if (mqueue_access(l, mq, fp-f_flag)) { + + /* + * Check the permissions. Note the difference between + * VREAD/VWRITE and FREAD/FWRITE. + */ + acc_mode = 0; + if (fp-f_flag FREAD) { + acc_mode |= VREAD; + } + if (fp-f_flag FWRITE) { + acc_mode |= VWRITE; + } + if (vaccess(VNON, mq-mq_mode, mq-mq_euid, mq-mq_egid, + acc_mode, l-l_cred)) { error = EACCES; goto exit; } @@ -490,7 +481,7 @@ int error; /* Get the message queue */ - error = mqueue_get(l, mqdes, FREAD, fp); + error = mqueue_get(mqdes, fp); if (error) return error; mq = fp-f_data; @@ -645,7 +636,7 @@ msg-msg_prio = msg_prio; /* Get
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: snj Date: Wed May 27 21:45:21 UTC 2009 Modified Files: src/sys/kern [netbsd-5-0]: kern_physio.c Log Message: Pull up following revision(s) (requested by hannken in ticket #781): sys/kern/kern_physio.c: revision 1.91 PR kern/39536: bufq related problem when writing DVDR and DVDRWs. Remove a race where physio_done() may use memory already freed. Observed by Hans Rosenfeld rosenf...@grumpf.hope-2000.org. To generate a diff of this commit: cvs rdiff -u -r1.88 -r1.88.6.1 src/sys/kern/kern_physio.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_physio.c diff -u src/sys/kern/kern_physio.c:1.88 src/sys/kern/kern_physio.c:1.88.6.1 --- src/sys/kern/kern_physio.c:1.88 Wed Sep 24 08:19:19 2008 +++ src/sys/kern/kern_physio.c Wed May 27 21:45:21 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_physio.c,v 1.88 2008/09/24 08:19:19 hannken Exp $ */ +/* $NetBSD: kern_physio.c,v 1.88.6.1 2009/05/27 21:45:21 snj Exp $ */ /*- * Copyright (c) 1982, 1986, 1990, 1993 @@ -71,7 +71,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_physio.c,v 1.88 2008/09/24 08:19:19 hannken Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_physio.c,v 1.88.6.1 2009/05/27 21:45:21 snj Exp $); #include sys/param.h #include sys/systm.h @@ -117,6 +117,7 @@ size_t todo = bp-b_bufsize; size_t done = bp-b_bcount - bp-b_resid; struct physio_stat *ps = bp-b_private; + bool is_iobuf; KASSERT(bp-b_work == wk); KASSERT(bp-b_bcount = todo); @@ -128,6 +129,7 @@ uvm_vsunlock(bp-b_proc-p_vmspace, bp-b_data, todo); mutex_enter(ps-ps_lock); + is_iobuf = (bp != ps-ps_orig_bp); if (__predict_false(done != todo)) { off_t endoffset = dbtob(bp-b_blkno) + done; @@ -163,7 +165,7 @@ cv_signal(ps-ps_cv); mutex_exit(ps-ps_lock); - if (bp != ps-ps_orig_bp) + if (is_iobuf) putiobuf(bp); }
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: bouyer Date: Mon May 18 19:50:13 UTC 2009 Modified Files: src/sys/kern [netbsd-5-0]: sys_mqueue.c Log Message: Pull up following revision(s) (requested by rmind in ticket #762): sys/kern/sys_mqueue.c: revision 1.17 sys_mq_open: remove broken access flag check. Noted by Stathis Kamperis. To generate a diff of this commit: cvs rdiff -u -r1.12.4.1 -r1.12.4.1.2.1 src/sys/kern/sys_mqueue.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/sys_mqueue.c diff -u src/sys/kern/sys_mqueue.c:1.12.4.1 src/sys/kern/sys_mqueue.c:1.12.4.1.2.1 --- src/sys/kern/sys_mqueue.c:1.12.4.1 Sat Apr 4 23:36:27 2009 +++ src/sys/kern/sys_mqueue.c Mon May 18 19:50:13 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: sys_mqueue.c,v 1.12.4.1 2009/04/04 23:36:27 snj Exp $ */ +/* $NetBSD: sys_mqueue.c,v 1.12.4.1.2.1 2009/05/18 19:50:13 bouyer Exp $ */ /* * Copyright (c) 2007, 2008 Mindaugas Rasiukevicius rmind at NetBSD org @@ -42,7 +42,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: sys_mqueue.c,v 1.12.4.1 2009/04/04 23:36:27 snj Exp $); +__KERNEL_RCSID(0, $NetBSD: sys_mqueue.c,v 1.12.4.1.2.1 2009/05/18 19:50:13 bouyer Exp $); #include sys/param.h #include sys/types.h @@ -327,10 +327,7 @@ char *name; int mqd, error, oflag; - /* Check access mode flags */ oflag = SCARG(uap, oflag); - if ((oflag O_ACCMODE) == 0) - return EINVAL; /* Get the name from the user-space */ name = kmem_zalloc(MQ_NAMELEN, KM_SLEEP);
CVS commit: [netbsd-5-0] src/sys/kern
Module Name:src Committed By: snj Date: Wed May 13 00:24:48 UTC 2009 Modified Files: src/sys/kern [netbsd-5-0]: kern_rwlock.c Log Message: Pull up following revision(s) (requested by ad in ticket #725): sys/kern/kern_rwlock.c: revision 1.30 A workaround for a bug with some Opteron revisions where locked operations sometimes do not serve as memory barriers, allowing memory references to bleed outside of critical sections. It's possible that this is the reason for pkgbuild's longstanding crashiness. For rwlocks, always enable the explicit membars. They were disabled only on x86, and since they are not in the fast-path it's not a big deal. TODO: convert these to an atomic_membar_foo() or similar that does ordering between regular data references and atomic references. To generate a diff of this commit: cvs rdiff -u -r1.28 -r1.28.10.1 src/sys/kern/kern_rwlock.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_rwlock.c diff -u src/sys/kern/kern_rwlock.c:1.28 src/sys/kern/kern_rwlock.c:1.28.10.1 --- src/sys/kern/kern_rwlock.c:1.28 Tue Jul 29 16:13:39 2008 +++ src/sys/kern/kern_rwlock.c Wed May 13 00:24:48 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_rwlock.c,v 1.28 2008/07/29 16:13:39 thorpej Exp $ */ +/* $NetBSD: kern_rwlock.c,v 1.28.10.1 2009/05/13 00:24:48 snj Exp $ */ /*- * Copyright (c) 2002, 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -38,7 +38,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_rwlock.c,v 1.28 2008/07/29 16:13:39 thorpej Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_rwlock.c,v 1.28.10.1 2009/05/13 00:24:48 snj Exp $); #define __RWLOCK_PRIVATE @@ -329,9 +329,7 @@ ~RW_WRITE_WANTED); if (__predict_true(next == owner)) { /* Got it! */ -#ifndef __HAVE_ATOMIC_AS_MEMBAR membar_enter(); -#endif break; } @@ -453,9 +451,7 @@ * proceed to do direct handoff if there are waiters, and if the * lock would become unowned. */ -#ifndef __HAVE_ATOMIC_AS_MEMBAR membar_exit(); -#endif for (;;) { new = (owner - decr); if ((new (RW_THREAD | RW_HAS_WAITERS)) == RW_HAS_WAITERS) @@ -555,13 +551,11 @@ next = rw_cas(rw, owner, owner + incr); if (__predict_true(next == owner)) { /* Got it! */ + membar_enter(); break; } } -#ifndef __HAVE_ATOMIC_AS_MEMBAR - membar_enter(); -#endif RW_WANTLOCK(rw, op, true); RW_LOCKED(rw, op); RW_DASSERT(rw, (op != RW_READER RW_OWNER(rw) == curthread) || @@ -588,10 +582,7 @@ RW_ASSERT(rw, RW_OWNER(rw) == curthread); RW_UNLOCKED(rw, RW_WRITER); -#ifndef __HAVE_ATOMIC_AS_MEMBAR membar_producer(); -#endif - owner = rw-rw_owner; if ((owner RW_HAS_WAITERS) == 0) { /* @@ -685,8 +676,10 @@ } new = curthread | RW_WRITE_LOCKED | (owner ~RW_THREAD); next = rw_cas(rw, owner, new); - if (__predict_true(next == owner)) + if (__predict_true(next == owner)) { + membar_producer(); break; + } } RW_UNLOCKED(rw, RW_READER); @@ -694,10 +687,6 @@ RW_DASSERT(rw, rw-rw_owner RW_WRITE_LOCKED); RW_DASSERT(rw, RW_OWNER(rw) == curthread); -#ifndef __HAVE_ATOMIC_AS_MEMBAR - membar_producer(); -#endif - return 1; }