Avoid calling sdgetdev() for every I/O. Instead,
put the SDunit pointer for #S/sdXX/* files in Chan.aux
and keep a reference to SDev between sdopen()/sdclose().
This avoids having to do the sdindex() lookup and
qlock(),incref(),decref() on every read/write
operation. Removal of SDev's is quite rare and only
can happen with pcmcia ide controllers, and i assume
that for that we can assume thet fileservers having
been exited properly and closed their files before
we attempt to remove a device.
The rest is improving waserror() codepaths, making
sure we release the locks for any of the interface
callbacks (verify/online).
Also get rid of tas() and instead only change the
unit's rawopen flag while holding raw qlock.
The change 775a4bea43
"libsec: various changes to tls"
...
4. simply prf code...
... broke the TLS1.0 prf function, missing the fact
that the prf ouput for sha1 and md5 need to be
xored together.
pci uarts are detected late and usually do not contain
the console= parameter logic.
for these, we can just enable them when devuart is reset,
and replay the boot messages once enabled.
this is usefull as it allows us to use these uarts for
kernel debugging in interrupt context.
MBC3 write switches on a>>13, so the RTC register is 5 (0xA000-0xBFFF).
Mask off upper bits of DH register when updating the timer. Only the
lowest bit is part of the day counter.
Use uint for x in timerforward() so that we don't set negative values
for timer registers if it happens to overflow.
Update timer and then latch rather than the other way around.
Otherwise, timer remains static and will overflow after 512 days.
Although git9 always uses the same commit date and author date, other
implementation do make a distinction. Since commit date is more
representative of the commit graph order, use this as a traversal hint
instead of author date.
If the server only supports the dumb protocol, the first 4 bytes of
response will be the initial part of the hash of the first ref.
The http-protocol documentation says that we should fall back to the
dumb protocol when we don't see a content-type of
application/x-$servicename-advertisement. Check this before
attempting to read a smart git packet.
We now keep track of 3 sets during traversal:
- keep: commits we've reached from head commits
- drop: commits we've reached from tail commits
- skip: ancestors of commits in both 'keep' and 'drop'
Commits in 'keep' and/or 'drop' may be added later to the 'skip' set
if we discover later that they are part of a common subgraph of the
head and tail commits.
From these sets we can calculate the commits we are interested in:
lca commits are those in 'keep' and 'drop', but not in 'skip'.
findtwixt commits are those in 'keep', but not in 'drop' or 'skip'.
The "LCA" commit returned is a common ancestor such that there are no
other common ancestors that can reach that commit. Although there can
be multiple commits that meet this criteria, where one is technically
lower on the commit-graph than the other, these cases only happen in
complex merge arrangements and any choice is likely a decent merge
base.
Repainting is now done in paint() directly. When we find a boundary
commit, we switch our paint color to 'skip'. 'skip' painting does
not stop when it hits another color; we continue until we are left
with only 'skip' commits on the queue.
This fixes several mishandled cases in the current algorithm:
1. If we hit the common subgraph from tail commits first (if the tail
commit was newer than the head commit), we ended up traversing the
entire commit graph. This is because we couldn't distinguish
between 'drop' commits that were part of the common subgraph, and
those that were still looking for it.
2. If we traversed through an initial part of the common subgraph from
head commits before reaching it from tail commits, these commits
were returned from findtwixt even though they were also reachable
from tail commits.
3. In the same case as 2, we might end up choosing an incorrect
commit as the LCA, which is an ancestor of the real LCA.
When loading an acme dump file that contains a window with only one
tag line, there are cases where acme hides that window (i.e. not even
its tag is visible).
The following commands reproduce the issue:
% ed <<EOE
1
i
/tmp
/lib/font/bit/pelm/unicode.8.font
/lib/font/bit/pelm/unicode.8.font
0
f 0 5 175 175 1
5 40 175 1 0 /sys/src/cmd/acme/ Del Snarf Get | Look
f 0 4 330 330 3
4 27 330 1 0 /tmp/ Del Snarf Get | Look
.
,w /tmp/test.dump
Q
EOE
% window -dx 900 -dy 600 'acme -l /tmp/test.dump'
This issue was introduced in commit 47b7dc5ccd.
This avoids ipconfig having to explicitely specify the tag
when we want to set route type, as the tag can be provided
implicitely thru the "tag" command.
This adds a new route "t"-flag that enables network address translation,
replacing the source address (and local port) of a forwarded packet to
one of the outgoing interface.
The state for a translation is kept in a new Translation structure,
which contains two Iphash entries, so it can be inserted into the
per protocol 4-tuple hash table, requiering no extra lookups.
Translations have a low overhead (~200 bytes on amd64),
so we can have many of them. They get reused after 5 minutes
of inactivity or when the per protocol limit of 1000 entries
is reached (then the one with longest inactivity is reused).
The protocol needs to export a "forward" function that is responsible
for modifying the forwarded packet, and then handle translations in
its input function for iphash hits with Iphash.trans != 0.
This patch also fixes a few minor things found during development:
- Include the Iphash in the Conv structure, avoiding estra malloc
- Fix ttl exceeded check (ttl < 1 -> ttl <= 1)
- Router should not reply with ttl exceeded for multicast flows
- Extra checks for icmp advice to avoid protocol confusions.
the bug happens when we did the fast exit thru "done" label,
where we would not make sure that theres space in the buffer
for the NUL terminator.
instead, avoid the fast exit and always do the final
adjbuf() that makes sure we have space for the NUL terminator.
remove the pointless pb checks, they'r wrong (should'v
been bp >= buf+bufsz) and adjbuf() already makes sure this
can never happen.
EDID 1.3 section 5 gives a table describing the priority order of
timing information. Use this ordering when constructing the EDID
mode list.
Since aux/vga selects the first mode in the modelist that matches
the given size, it will now select the mode of that size with the
highest preference. Or, if you set vgasize=auto (or some other
string without an 'x'), aux/vga will select the Preferred Detailed
Timing.
This should make it unnecessary to modify vgadb in many cases.
when reverting files, 'cp -x' updates the mtime
to the time the file was committed. this prevents
'mk' from rebuilding the file, leading to stale
builds.
this change touches the file on revert, so that
we rebuild the file.
Use an RWlock so readers can work in parallel in
the common case (no cache updates).
When a reader needs to update the cache to add
a new learned source mac address, it will drop
the rlock and aquire the wlock to do the update.
When we get a read error, we now unbind the
port to avoid further packets being forwarded
to it.
This is usefull for hotplug ethernet devices
like usb ones or tunnels.
Simplify the unbind, getting rid of the refcount,
by having only the reader proc call freeport().
Avoid holding the bridge lock while opening
and closing ethernet/tunnel device files during
bind and unbind.
Dont use smalloc() (especially when holding locks).
Allocate bridges dynamically, so we do not waste
the memory when we do not need them.
Reject non-hostowner from allocating new bridges.
Use consistent naming: port -> port
Use consistent comment style: // -> /* */
The altsetting was handled only for a single endpoint
(per interface number), but has to be handled for each
endpoint (per interface *AND* altsetting number).
A multi function device (like a disk) can have
multiple interfaces, all with the same interface number
but varying altsetting numbers and each of these
interfaces would list distict endpoint configurations.
Multiple interfaces can even share some endpoints (they
use the same endpoint addresses), but
we still have to duplicate them for each
interface+altsetting number (as they'r part of
actually distict interfaces with distict endpoint
configurations).
It is also important to *NOT* make endpoints bi-directional
(dir == Eboth) when only one direction is used in a
interface/altsetting and the other direction in another.
This was the case for nusb/disk with some seagate drive
where endpoints where shared between the UAS and
usb storage class interface (but with distict altsettings).
The duplicate endpoints (as in using the same endpoint address)
are chained together by a next pointer and the head
is stored in Usbdev.ep[addr], where addr is the endpoint
address. These Ep structures will have distinct endpoint
numbers Ep.id (when they have conflicting types), but all
will share the endpoint address (lower 4 bits of the
endpoint number).
The consequence is that all of the endpoints configuration
(attributes, interval) is now stored in the Ep struct and
no more Altc struct is present.
A pointer to the Ep struct has to be passed to openep()
for it to configure the endpoint.
For the Iface struct, we will now create multiple of them:
one for each interface *AND* altsetting nunber,
chained together on a next pointer and the head being
stored in conf->iface[ifaceid].
--
cinap
Wlock()'ing the ifc causes a deadlock with Medium
bind/unbind as the routine can walk /net, while
ndb/dns or ndb/cs are currently blocked enumerating
/net/ipifc/*.
The fix is to have a fake medium, called "unbound",
that is set temporarily during the call of Medium
bind and unbind.
That way, the interface rwlock can be released while
bind/unbind is in progress.
The ipifcunbind() routine will refuse to unbind a
ifc that is currently assigned to the "unbound"
medium, preventing any accidents.
Pattern matching with lists no longer works:
; ls /tmp/*.c
/tmp/npage.c
/tmp/pagedebug.c
/tmp/pageold.c
/tmp/scheduler.c
/tmp/writeimagetest.c
; ls /tmp/^(*.c)
ls: /tmp/*.c: '/tmp/*.c' directory entry not found
; 9fs dump
; bind /n/dump/2021/1002/amd64/bin/rc /bin/rc
; rc
; ls /tmp/^(*.c)
/tmp/npage.c
/tmp/pagedebug.c
/tmp/pageold.c
/tmp/scheduler.c
/tmp/writeimagetest.c
the fix:
we have to propagate the glob attribute thru lists
as well. before it was only handled for single words
and propagated thru concatenations...
the Xglob instruction now works on list, and we
propagate the glob attribute thru PAREN and WORDS
and ARGLIST nodes.
also, avoid using negative numbers for the Tree.glob
field as char might be unsigned on some targets.
SSL is implemented by devssl. It's extremely
obsolete by now, and is not used anywhere but
cpu, import, and oexportfs.
This change strips out the devssl bits, but
does not (yet) remove the code from libsec.
If we don’t explicitly check for ‘h’ in troff, we can’t reliably check
for non-htmlroff well.
Consider the following:
.if h \{\
. de M
. tm m
..\}
Without this change, this will print m and not define macro M.
the pack cache was very stupid: it would close packs
as early as possible, which would prevent packs from
getting reused effectively. It would also select a
bad pack to close.
This picks the oldest pack, refcounts correctly, and
keeps up to Npackcache open at once (though it will
go over if more are in use).
This makes vmap()/vunmap() take a vlong size argument,
and change the type of Pci.mem[].size to vlong as well.
Even if vmap() wont support large mappings, it is nice to
get the original unruncated value for error checking.
pc64 needs a bigger VMAP window, as system76 pangolin
puts the framebuffer at a physical address > 512GB.
To reproduce run the following on a terminal:
<snip>
cpu% leak -s `{pstree | grep termrc | sed 1q | awk '{print $1}'}
src(0x00209a82); // 12
src(0x0020b2a6); // 1
cpu% acid `{pstree | grep termrc | sed 1q | awk '{print $1}'}
/proc/358/text:amd64 plan 9 executable
/sys/lib/acid/port
/sys/lib/acid/amd64
acid: src(0x0020b2a6)
/sys/src/cmd/rc/plan9.c:169
164 if(runq->argv->words == 0)
165 poplist();
166 else {
167 free(runq->cmdfile);
168 int f = open(runq->argv->words->word, 0);
>169 runq->cmdfile = strdup(runq->argv->words->word);
170 runq->lexline = 1;
171 runq->pc--;
172 popword();
173 if(f>=0) execcmds(openfd(f));
174 }
acid:
</snap>
Another `runq->cmdfile` leak is present here (captured on a cpu server):
<snip>
277 ├listen [tcp * /rc/bin/service <nil>]
321 │├listen [/net/tcp/2 tcp!*!80]
322 │├listen [/net/tcp/3 tcp!*!17019]
324 ││└rc [/net/tcp/5 tcp!185.64.155.70!3516]
334 ││ ├rc -li
382 ││ │└pstree
336 ││ └rc
338 ││ └cat
323 │└listen [/net/tcp/4 tcp!*!17020]
278 ├listen [tcp * /rc/bin/service.auth <nil>]
320 │└listen [/net/tcp/1 tcp!*!567]
381 └closeproc
cpu% leak -s 336
src(0x00209a82); // 2
src(0x002051d2); // 1
cpu% acid 336
/proc/336/text:amd64 plan 9 executable
/sys/lib/acid/port
/sys/lib/acid/amd64
acid: src(0x002051d2)
/sys/src/cmd/rc/exec.c:1056
1051
1052 void
1053 Xsrcfile(void)
1054 {
1055 free(runq->cmdfile);
>1056 runq->cmdfile = strdup(runq->code[runq->pc++].s);
1057 }
acid:
</snap>
These leaks happen because we do not free cmdfile on all execution paths
where `Xreturn()` is invoked. In `/sys/src/cmd/rc/exec.c:/^Xreturn`
<snip>
void
Xreturn(void)
{
struct thread *p = runq;
turfredir();
while(p->argv) poplist();
codefree(p->code);
runq = p->ret;
free(p);
if(runq==0)
Exit(getstatus());
}
</snip>
Note how the function `Xreturn()` frees a heap allocated instance of type
`thread` with its members *except* the `cmdfile` member.
On some code paths where `Xreturn()` is called there is an attempt to free
`cmdfile`, however, there are some code paths where `Xreturn()` is called
where `cmdfile` is not freed, leading to a leak.
The attached patch calls `free(p->cmdfile)` in `Xreturn()` to avoid leaking
memory and handling the free in one place.
After applying the patch this particular leak is removed. There are still
other leaks in rc:
<snip>
277 ├listen [tcp * /rc/bin/service <nil>]
321 │├listen [/net/tcp/2 tcp!*!80]
322 │├listen [/net/tcp/3 tcp!*!17019]
324 ││└rc [/net/tcp/5 tcp!185.64.155.70!3516]
334 ││ ├rc -li
382 ││ │└pstree
336 ││ └rc
338 ││ └cat
323 │└listen [/net/tcp/4 tcp!*!17020]
278 ├listen [tcp * /rc/bin/service.auth <nil>]
320 │└listen [/net/tcp/1 tcp!*!567]
381 └closeproc
cpu% leak -s 336
src(0x00209a82); // 2
src(0x002051d2); // 1
cpu% acid 336
/proc/336/text:amd64 plan 9 executable
/sys/lib/acid/port
/sys/lib/acid/amd64
acid: src(0x00209a82)
/sys/src/cmd/rc/subr.c:9
4 #include "fns.h"
5
6 void *
7 emalloc(long n)
8 {
>9 void *p = malloc(n);
10 if(p==0)
11 panic("Can't malloc %d bytes", n);
12 return p;
13 }
14
</snap>
To help fixing those leaks emalloc(…) and erealloc(…) have been amended to use
setmalloctag(…) and setrealloctag(…). The actual fixes for other reported leaks
are *not* part of this merge and will follow.
/*
* emmc2 has different DMA constraints based on SoC revisions. It was
* moved into its own bus, so as for RPi4's firmware to update them.
* The firmware will find whether the emmc2bus alias is defined, and if
* so, it'll edit the dma-ranges property below accordingly.
*/
emmc2bus: emmc2bus {
compatible = "simple-bus";
ranges = <0x0 0x7e000000 0x0 0xfe000000 0x01800000>;
dma-ranges = <0x0 0xc0000000 0x0 0x00000000 0x40000000>;
emmc2: mmc@7e340000 {
compatible = "brcm,bcm2711-emmc2";
reg = <0x0 0x7e340000 0x100>;
interrupts = <GIC_SPI 126 IRQ_TYPE_LEVEL_HIGH>;
clocks = <&clocks BCM2711_CLOCK_EMMC2>;
status = "disabled";
};
};
Some mmc controllers have no card detect pin, so the only
way to detect card presence is to issue the ACMD41 which will
fail after a pretty long timeout.
To avoid mmconline() blocking, we only try to initialize the
card synchronous once, and then retry in a background process,
while returning immediately from mmconline() while the retry
is in progress.
This speeds up network boot times significantly on a raspi
without a sdcard inserted.
If the font chosen for acme is retrieved via `getenv("font")` its
memory is leaked:
<snip>
if(fontnames[0] == nil)
fontnames[0] = getenv("font");
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> getenv(…) mallocs memory
if(fontnames[0] == nil)
fontnames[0] = "/lib/font/bit/vga/unicode.font";
if(access(fontnames[0], 0) < 0){
fprint(2, "acme: can't access %s: %r\n", fontnames[0]);
exits("font open");
}
if(fontnames[1] == nil)
fontnames[1] = fontnames[0];
fontnames[0] = estrdup(fontnames[0]);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> if the `getenv("font")` path was taken above, this assignment
> will leak its memory.
</snap>
The following leak/acid session demonstrates the issue:
<snip>
cpu% leak -s 212252
src(0x002000cb); // 1
cpu% acid 212252
/proc/212252/text:amd64 plan 9 executable
/sys/lib/acid/port
/sys/lib/acid/amd64
acid: src(0x002000cb)
/sys/src/cmd/acme/acme.c:107
102 fprint(2, "usage: acme [-aib] [-c ncol] [-f font] [-F fixedfont] [-l loadfile | file...]\n");
103 exits("usage");
104 }ARGEND
105
106 if(fontnames[0] == nil)
>107 fontnames[0] = getenv("font");
108 if(fontnames[0] == nil)
109 fontnames[0] = "/lib/font/bit/vga/unicode.font";
110 if(access(fontnames[0], 0) < 0){
111 fprint(2, "acme: can't access %s: %r\n", fontnames[0]);
112 exits("font open");
acid:
</snap>
The fix tries to first check if a font has been set via
command line options in which case the font string is
malloced via estrdup(…).
If no font has been selected on the command line getenv("font")
is used. If no getenv("font") var is found we malloc a default
font via estrdup(…).
<snip>
if(fontnames[0] != nil)
fontnames[0] = estrdup(fontnames[0]);
else
if((fontnames[0] = getenv("font")) == nil)
fontnames[0] = estrdup("/lib/font/bit/vga/unicode.font");
if(access(fontnames[0], 0) < 0){
fprint(2, "acme: can't access %s: %r\n", fontnames[0]);
exits("font open");
}
if(fontnames[1] == nil)
fontnames[1] = fontnames[0];
fontnames[1] = estrdup(fontnames[1]);
</snap>
This resolves the memory leak reported by leak(1).
git/revert requires a file name argument, but when none is given
it fails in a strange way:
% git/revert
usage: cleanname [-d pwd] name...
/bin/git/revert:15: null list in concatenation
txt and caa rr strings might contain binary control characters
such as newlines and double quotes which mess up the output
in ndb(6) format.
so handle them as binary blobs internally and escape special
characters as \DDD where D is a octal digit when printing.
txtrr() will unescape them when reading into internal
binary representation.
remove the undocumented nullrr ndb attribute parsing code.
introduce our own RR* format %P for pretty
printing and call %R format internally,
then use it to print the rest of the line
after the tab, prefixed with the padded
output.
have todo multiple fmtprint() calls for idnname()
as the buffer is shared.
do not idnname() rp->os and rp->cpu, these are symbols.
always quote txt= records.
If the source string has a run of more than 256 runes without
a "." dot, we'd overflow the runebuffer in idn2utf().
The utf2idn() routine had a check in the while loop, but that
is actually wrong too, as it would insert a dot and restart
the loop in the middle of a domain component. Just error
out if a domain component is too long.
- allow for external command to be run to install a challenge using -e flag
- remove the challengedom argument, it is given by the subject in the csr
- fix some filedescriptor leaks in error paths
In a few places, we where using a fixed buffer of sizeof(Dir)+100
size for stat. This is not correct and fails if the name returned
in stat is long.
This results in being unable to seek to the end of file with a
long filename.
The kernel should do the same thing as dirfstat() from libc;
handling the conversion and buffer allocation and returning a
freeable Dir* pointer.
For this, a new dirchanstat() function was added.
The fstat syscall was not rewriting the name to the last path
element; fix it.
In addition, gracefully handle the mountfix case, reallocating
the buffer to accomidate the required stat length plus
size of the new name so dirsetname() does not fail.
this patch fixes bugs in tls extension handling:
1. if conn->serverName is an empty string, tlsClientExtensions
will generate a SNI with an empty hostname, which is forbidden
according to RFC 6066:
opaque HostName<1..2^16-1>;
check if conn->serverName has at least one char.
2. checkClientExtensions fail with clients that doesn't have
extensions, because it doesn't check if ext is nil. fix that
up.
3. rewrite checkClientExtensions. some parts of the code does
not check the length properly, and it could be simplified
heavily.
The standard states in section 19.5.93:
.... Notice that if this operation is performed
on an obeject reference such as one produced by
the Alias, Index, or RefOf statements, the obect
type of the base object is returned.
Do the debuglevel check before calling the print
function for _threaddebug, by making it a macro.
Do not waste cycles passing arguments.
Generalize the _threaddebug function into _threadprint()
and add a varargcheck pragma. This function can
also be used from _threadassert().
Fix missing arguments in one case, fix trailing
newlines in _threaddebug().
Make _threadgetproc()/_threadsetproc() a macro,
just dereferencing Proc**_threadprocp.
Simplify the mainjump, just call _threadsetproc()
directly without that mainp dance. Remove the
_schedinit() argument, it uses _threadgetproc() now.
Get rid of Mainarg struct, just have a global variable
for argc.
The timing loop is here for the case if the
controller doesnt produce an interrupt when
becoming broken. In normal case, we should
just get worken up from the interrupt.
In any case, 100 times a second polling is
not neccessary here, increase to 1 second.
The old strategy of wait and retry doesnt seem to
work very well as it keeps all the forking parents
stuck waiting in the kernel worsening the situation.
The idea with this change is to have rfork() return
error quickly; and without whining; as most callers
would just react with a sysfatal() which might be
better for surviving this.
It is a bit of a annoyance that kenc will try to expand
function like macros on any symbol with the same name
and then complain when it doesnt see the '(' in the
invocation.
test case below:
void
foo(int)
{
}
struct Bar
{
int baz; /* <- should not conflict */
};
void
main(void)
{
baz(123);
}
The current behaviour of the kernel to deadlock itself
instead of returning an error on fork.
This might change in the future, so prepare libthread
to handle this case.
For _schedfork(), we'r going to just retry forking
on every switch, while for _schedexec(), the exec
will fail and send ~0 down the pid channel.
The ipoput4() and ipoput6() functions can raise an error(),
which means before calling sndrst() or limbo() (from tcpiput()),
we have to get rid of our blist by calling freeblist(bp).
Makse sure to set the Block pointer to nil after freeing in
ipiput() to avoid accidents.
Fix wrong panic string in sndsynack, and make any sending
functions like sndrst(), sndsynack() and tcpsendka()
return the value of ipoput*(), so we can distinguish
"no route" error.
Add a Enoroute[] string constant.
Both htontcp4() and htontcp6() can never return nil,
as they will allocate new or resize the existing block.
Remove the misleading error handling code that assumes
that it can fail.
Unlock proto on error in limborexmit() which can
be raised from sndsynack() -> ipoput*() -> error().
Make sndsynack() pass a Routehint pointer to ipoput*()
as it already did the route lookup, so we dont have todo
it twice.
i'm not confident about mutating the route tree
pointers and have concurrent readers walking the
pointer chains.
given that most route lookups are bypassed now
for non-routing case and we are not building a
high performance router here, lets play it safe.
theres no structure in the lower 32 bits of an ipv6 address.
use the top bit to distinguish special stuff like multicast
and link-local addresses, and use the 16-bit subnet-id bits
for the rest.
Instead of having to do an arp hash table lookup for each
outgoing ip packet, forward the Routehint pointer to the
medium's bwrite() function and let it cache the arp entry
pointer.
This avoids route and arp hash table lookups for tcp, il
and connection oriented udp.
It also allows us to avoid multiple route and arp table
lookups for the retransmits once an arp/neighbour solicitation
response arrives.
The Mhead structures have two sources of references to them:
- from Pgrp.mnthash hash-table
- from a channels Chan.umh pointer as returned by namec() for a union directory
Unless one holds the Mhead.lock RWLock, the Mhead.mount chain
can be mutated by eigther cmount(), cunmount() or closepgrp().
Readers, skipping acquiering the lock where:
mountfix(): responsible for rewriting directory entries for
union directory reads; was walking the Mhead.mount chain to
detect if the passed channel itself appears in the mount list.
cmount(): had a check and copy when "new" chan was a union itself
and if the MCREATE flag is set and would copy the mount table.
All this needs to be done with Mhead read-locked while copying
the mount entries.
devproc(): in the handler for reading /proc/n/ns file.
namec(): while checking if the Chan->umh should be initialized.
In addition to this, cmount() is changed to do the mountfree()
of the original mount chain when MREPL is done after releasing
the locks.
Also, some cosmetic changes...
The IPv4 ARP cache used to indefinitely buffer packets in the Arpent hold list.
This is bad in case of a router, because it opens a 1 second
(retransmit time) window to leak all the to be forwarded packets.
This change makes the ipv4 arp code path similar to the IPv6 neighbour
solicitation path, using the retransmit process to time out old entries
(after 3 arp retransmits => 3 seconds).
A new function arpcontinue() has been added that unifies the point when
we schedule the (ipv6 sol retransmit) / (ipv4 arp timeout) and reduce
the hold queue to the last packet and unlock the cache.
As a bonus, we also now send a icmp host unreachable notification
for the dropped packets.
tlsbwrite() would call checkstate() before calling tlsrecwrite()
to make sure the channel is open. however, because checkstate()
only raises the error, the Block* passed wont be freed and
would result in a memory leak.
move the checkstate() call inside tlsrecwrite() to reuse the
error handling that frees the block on error.
in OpenBSD 6.9 and up, the kernel (bsd, bsd.mp) still has
the ostype symbols, but bsd.rd appears to have lost them,
even when decompressed.
so, as a result, we should use what we have, which isn't
much.
Due to the way LCA is defined, a using a strict LCA
on a graph like this:
<--a--b--c--d--e--f--g
\ /
+-----h-------
can lead to spurious requests to merge. This happens
because 'lca(b, g)' would return 'a', since it can be
reached in one step from 'b', and 2 steps from 'g', while
reaching 'b' from 'a' would be a longer path.
As a result, we need to implement an lca variant that
returns the starting node if one is reachable from the
other, even if it's already found the technically correct
least common ancestor.
This replaces our LCA algorithm with one based on the
painting we do while finding a twixt, making it give
the resutls we want.
git/query: fix spurious merge requests
Due to the way LCA is defined, a using a strict LCA
on a graph like this:
<--a--b--c--d--e--f--g
\ /
+-----h-------
can lead to spurious requests to merge. This happens
because 'lca(b, g)' would return 'a', since it can be
reached in one step from 'b', and 2 steps from 'g', while
reaching 'b' from 'a' would be a longer path.
As a result, we need to implement an lca variant that
returns the starting node if one is reachable from the
other, even if it's already found the technically correct
least common ancestor.
This replaces our LCA algorithm with one based on the
painting we do while finding a twixt.
directory entries cannot span sector boundaries, meaning
that the end of a sector would be zero padded until the
next sector.
we have to skip over these zero paddings to fully read
the directory.
Plumber both posts a service to /srv and sets a $plumbsrv environment
variable. Our libplumb no longer uses $plumbsrv and nothing else
does. It's a silly hack; rc doesn't update /env immediately, and
scripts, which for instance set up subrios, cannot rely on it to
clean up the plumber at the end.
Instead, add the option to specify a srvname, actually check for some
common errors and print a usage string.
Thanks to Ori for input and a preliminary patch.
- enforce same behaviour as cachedb server in dblookup():
- force Taaaa record type on ipv6= attributes, regardless of value
- return Taaaa records for ip= attributes containing ipv6 values
- return Ta records only for ip= attributes containing ipv4 values
- for compatibility, bring back support for txtrr= type, but handle consistently
Git has the ability to track the person who
creates a commit separately from the person
who wrote the commit. For git9, we ignored
this feature.
However, as we start using git/import more,
it will be useful to figure out who imported
a commit, as well as who wrote it.
This change adds support for seeing this
information in git, as well as setting the
author and committer separately in git/import.
Target generation is revised, split into $YTARG and $TARG.
$PROGS is inlined to the cmd target.
%.cpus is added to allow chaining: mk all.cpus
$POWERLESS is added, since dtracy doesn't build yet on ppc.
$DIRS regexp is simplified, simplifing $NOMK.
$cpuobjtype is replaced with cp's recipe for copying itself on $cputype.
$APEDIRS is removed.
The none target is renamed to usage, since it prints out usage.
The ape target is removed.
The dirs target is replaced by all.dirs
%.directories is replaced by %.dirs
The all target serializes directories after cmds to match the install target recipe.
All regexp rules are replaced with nonregexp versions for clarity.
The &:n: rule is removed. Just build the $O.$cmd file.
.y files now build .c files, not .tab.c files, and remove (bc|units|mpc|pc).c:R:
All safeinstall rules are removed.
The cleanfiles rule is renamed to cleancmds and simplified.
%.clean is removed. Just use mk cleancmds.
The install rule serializes cp and yacc before building anything else, avoiding races.
The installall recipe is simplified with the install.cpus prereq.
%.installall is removed. Just use mk $cmd.install.cpus
The $O.cj, %.update, and compilers rules are removed.
openssh now disables RSA/SHA-1 by default, so using RSA/SHA-1 will
eventually cause us problems:
https://undeadly.org/cgi?action=article;sid=20210830113413
in addition, github will disable RSA/SHA-1 for recently added RSA keys:
https://github.blog/2021-09-01-improving-git-protocol-security-github/
this patch modifies ssh.c to use RSA/SHA-256 (aka rsa-sha2-256)
instead of RSA/SHA-1 (aka ssh-rsa) as the public key algorithm.
NOTE: public rsa keys and thumbprints are ***NOT AFFECTED***
by this patch.
while we're here, remove the workaround for github.com. it seems
that github has fixed their implementation, and does not look into
macalgs when we're using an aead cipher.
---
remove old /sys/src/games/nes/joynes in favor of joy(1).
joy(1) has more buttons for the other emulators; there is
no longer a significance in the order of the keys.
document nusb/joy, add information in each emulator manpage.
> This patch enables use of the igfx controller rather than vesa on the
> eeepc1005ha netbook. This means using the full screen resolution of
> 1024x600.
> *Andrew Eggenberger*
Per the docs:
the sender SHOULD include a LF, but the
receiver MUST NOT complain if it is not
present.
I typoed away the SHOULD, and got missed the
MUST NOT.
thanks qbit.
the subst utility no longer supports a '-g'
flag, but this was left behind in commit;
this means that the lines listing modified
files were not correctly commented in the
commit header.
This is mostly harmless, but when using an
editor like sam to edit the commit message,
the modified lines would have to be removed
manually.
was testing out the git/import tweaks and accidentally
pushed this commit. No comment on whether we want it,
but it definitely wasn't ready for merge.
Oops.
Often, people (including myself) will write emails that
can almost be applied with git/import. This changes
git/diff and git/import so that things will generally
work even when assembling diffs by hand:
1. git/import becomes slightly more lax:
^diff ...
^--- ...
will both be detected as the start of a patch.
2. git/diff produces the same format of diff
as git/export, starting with paths:
--- a/path/to/file
+++ b/path/to/file
which means that the 'ape/patch -p1' used
within git/import will just work.
So with this, if you send an email to the mailing list,
write up a committable description, and append the
output of git/diff to the end of the email, git/import
should just work.
[this patch was send through the mailing list using the
above procedure, and will be committed with git/import
to verify that it works as advertised]
2021-08-14 17:50 GMT, kemal <kemalinanc8@gmail.com>:
> 1- as driver reads 8 bytes from nvm instead of 6 so fw doesn't
> spit us an ADVANCED_SYSASSERT, it was reading 2 more
> extra bytes. apparently those 2 extra bytes were put to
> the first 2 bytes of our buffer, so we got to skip that.
some more thoughts on this, i think as 0x15*2 is not multiple
of 8, fw rounds the offset to 0x14*2. i have touched to code
to read data from 0x14*2 then ignore the first 2 bytes, just
so it's not confusing. if this causes mac to be read wrong again,
report.
also, some more changes:
1. set the fwname at iwlpci, just to align the behavior with 8000+.
this is a cosmetic change.
2. i have discovered that on device boot/reset/shutdown functions,
our driver slept way much more than it should. the reason for that is,
driver used the function delay() on places where it needs to use
microdelay() instead. i have modified the code to use microdelay().
wpi likely needs similar changes too. i hope that this does not
break the code.
3. zzz a bit more on tx/rx scheduler shutdowns and niclock.
4. openbsd's iwm and linux apparently does not check if ownership
was obtained anymore in their handover functions. instead they
just loop until the hw is ready. aligned the behavior.
see linux commit: 289e5501c3141191dd830957f1d764d3dc14a54f
5. don't take antenna masks from nvm. it's apparently empty
in some cards from 7k family. we will rely on what the fw file gives
us.
6. when the calibration is completed, wakeup the proc that runs
postboot. otherwise that thing sleeps for like 2 whole seconds
even if calibration completed earlier.
i honestly don't think any of these changes will fix 7260 not
being able to get calibration results, but i don't see anything
wrong at all in postboot7000 at this point. i will just hope
these changes somehow make it get calibration results.
NOTE: latest patch on the 9front ml, posted Mon, 14 Feb 2022 15:26:55 +0300
(non functional as of yet)
Some gba cartridges use flash chips produced by a few different
manufacturers for backup memory. A game rom may then try to read the
device id for its flash chip and break if it's the wrong one. There's
no way for us to know which chip is supposed to be there, save for
looking it up in some database. These chips are either 64k or 128k
big. gba(1) hardcodes the id for the SST 64k chip, but games like the
Pokémon ones use a 128k Macronix chip and expect a different id,
completely breaking them.
This patch sets a different default for 128k flash backups, and gives
the ability to set the exact type when creating the save file if it's
really necessary. This new default fixes the Pokémons. The type is
saved in the save file, but this will *not* break existing ones. It
may be that we don't need to worry about the type and just have an id
that corresponds to the right chip size, which is why these defaults
make sense, but I haven't tested more than a dozen roms, mostly since
I don't really know which games use 128k flash.
Before applying this patch the following will fail to open ed
in the '/tmp/s p a c e' folder:
<snip>
% mkdir '/tmp/s p a c e'
% window -cd '/tmp/s p a c e' ed
!pwd
/tmp/s p a c e
!
q
<snap>
After applying the patch the above sequence works as expected,
opening ed in the '/tmp/s p a c e' folder, printing the present
working directory, and quitting ed.
The root cause was a faulty computation of the pointer `s`,
being off by one, leading to any arguments after the
directory path to be skipped.
This regression was introduced in revision:
• 614f1d6268
Thanks umbraticus for finding and reporting the issue.
The device address is highly variable and depends on
all prior enumerated devices.
This can happen with some devices that do not have
a serial number and all devices of the same type
having the same hname.
Using a counter of collisions per hname makes more sense
and is more stable (given that the order devices are
enumerated is deterministic).
This allows mapping incoming filenames to a different name
using regular expressions, followed by subtitutions
of the %[ICE] format strings.
I needed this to have individual cmdline.txt files for
netbooted raspberry pi's. In this example, i map cmdline.txt
to %C, which gets substituted for /cfg/pxe/$ether of the client.
The transitional PCI device ID for block devices is 0x1001, and the
virtio spec says that devices must have the transitional device ID or
0x1040 + the virtio device ID (2).
Mothra does not currently render text inside <samp> tags inline
similar to <code>, but instead treats them like <pre> which is actually
incorrect behavior. The following small patch should fixes issue.
Sometimes, there is the one-off occation when one needs to
pass a huge list in rc...
This change makes devenv track total memory consumption
of environment groups allowing them to grow up to 1MB in
size (including overhead).
(Before, only the variable size was restricted, but
not the amount of files being created).
The maximum value size of a single environment variable
is set to half of the total size, which allows the
occational large value. (But not many of them).
Because we track all memory consuption, it is also
now possible to create around 10k small environment
variales.
A hashtable is added for name lookups and the qid.path
was changed to allow direct indexing into the entry
array without needing a scan lookup.
All smalloc() calls have been removed, exhaustion is
handled with error(Enomem) avoiding deadlock
in case we run out of kernel memory.
This does not have any adverse effect, since yylex never calls mpatov
with a string with leading 0 (and not 0x) that contains non-octal
digits, but the condition was wrong regardless.
Strings for existing codes in the most used server (OpenSSH) just
repeat the error code name. OTOH we like to have wording of the
strings under our control as much as possible, so we can easier find
and process them. Error strings are still usefull as fallback for
compatibility with future versions of the server.
- fix showpage1 only decrementing proc counter once limit is reached;
this blocked having more than one loadpages process after NPROC calls,
since the next one has to wait until the last has exited
- allow procs to skip pages currently being loaded by others; this
forced processes to wait for each other at the same page
- bump NPROC from 4 to 8
- (hack) immediately fork a few times after adding all pages at
startup to force loading a batch of pages in parallel
To avoid a MAXMACH limit of 32 and make
txtflush into an array for the bitmap.
Provide portable macros for testing and clearing
the bits: needtxtflush(), donetxtflush().
On pc/pc64, define inittxtflush()/settxtflush()
as no-op macros, avoiding the storage overhead of
the txtflush array alltogether.
The new rc's exit status will be '' for a successfull
pipeline execution instead of '|'.
This is a bit too tightly coupled, so just use if()
statement instead, handling this in a portable way.
programs that try to use /srv would choke when running
under iostats, because we intercepted operations on the
special, magic fd passing; we should instead give them
access to the real /srv.
when running outside of a repository, we would try to
remove '$msgfile.tmp', but we had never actually set
'$msgfile'.
the error is harmless, but annoying.
The following patch fixes acme display glitches at the bottom fringe
of columns when adding/moving/resizing windows.
Here an example of an easy to reproduce case:
• https://invidio.xamh.de/watch?v=iLekQrxycaM
…opening acme and resizing a column to the right is all that is needed.
The functions winresize(…) and textresize(…) are extended with an
additional parameter `fillfringe` to indicate if a window/tag shall
fill a potential fringe area that would otherwise remain white.
The changes have been inspired by the approach taken in plan9port
acme.
Eckard's test case:
cat <<! | cat
asdf
!
The issue is that we have to continue parsing until we see
the '\n' before consuming the here document.
So we revert to the old approach of having two functions:
heredoc() which remembers if we'v seen a heredoc redirection
and a second readhere() function that reads the doc from
the lexers input and sets Tree.str on thee REDIR node.
due to the way the size of buf was calculated, the parent
file had one trailing null byte for each parent. also, while
we're here, replace the sprint with seprint, and compute the
size from how much we printed in.
Fixup remaining Plan9 dependencies (chartorune()).
Add Makefile for UNIX-like systems (tested with Linux and APE).
Make error printing consistent, use Errstr() explicitely.
Get rid of NSTATUS buffer limit, just malloc it.
git used to track cache size in object
count, rather than bytes. This had the
unfortunate effect of making memory use
depend on the size of objects -- repos
with lots of large objects could cause
out of memory deaths.
now, we track sizes in bytes, which should
keep our memory usage flatter.
Untangle the lexer and interpreter thread state.
Fix the file and line number error reporting, getting rid of
Xsrcfile instruction, as the whole code block can only come
from a single file, stuff the source file in slot[1] of the
code block instead.
Remove limitations for globber (path element limits)
and be more intelligent about handling globbing by
inserting Xglob instruction only when needed and not
run it over every Xsimple argument list.
Remove fragile ndot magic and make it explicit by adding
the -q flag to . builtin command.
Add -b flag for full compilation.
Make exitnext() smart, so we can speculate thru rcmain and
avoid the fork().
Get rid of all print(2) format functions and use io
instead.
Improve the io library, adding rstr() to handle tokenization,
which allows us to look ahead in the already read buffer
for the terminators, avoiding alot of string copies.
Auto indent pcmd(), to make line number reporting more usefull.
Implement here documents properly, so they can work everywhere.
We seem to have a botch in the protocol negotiation, where
we leak some protocol packets into the packfile; this will
need to be fixed before we put this change in.
The initial working directory of a new window may be set by a
`-cd directory` option. However, the `-cd directory` option is
not capable of handling paths with spaces when used via wctl.
To enable paths with spaces the function
/sys/src/cmd/rio/wctl.c:/^parsewctl is extended to handle quoted
directory paths.
Before applying the patch the following will fail to open a new
window by writing to /dev/wctl:
<snip>
% rio -i window
% mkdir '/tmp/path with space'
% echo new -cd '''/tmp/path with space''' window -x rc >> /dev/wctl
% pwd
/tmp/path with space
<snap>
The following invocation fails as well:
<snip>
% window -cd '/tmp/path with space'
% pwd
/tmp/path with space
<snap>
After applying the patch the above sequences work as expected,
opening a window running rc with the working directory set to
'/tmp/path with space'.
exportfs -d logs 9p traffic to /tmp/exportdb.
-f allows writing to a different file.
exportfs silently continues if it doesn't have
permissions to create or write to /tmp/exportdb.
These are poor behaviors.
A better default is to write to stderr, since it
is 9P debug info that is better immediately printed,
and not user info that is better handled by syslog().
As a result, -f is obsolete and thus removed.
Redirect responsibility is now on rc.
As a side effect, rc will fail if it doesn't
have permissions to write.
exportfs(4) is updated to reflect all changes
and with a better Synopsis.
oexportfs is changed to match exportfs.
oexportfs(4) is updated to reflect all changes.
The Synopsis is not changed due to the number of flags.
Removed -f from iostats.
iostats(4) is updated to reflect all changes.
---
http://fqa.9front.org/fqa1.html#1.2 states the supported archs.
However, clean and nuke also remove build files for 0 (spim) and q
(power). 'mk all' using those archs fails; 'mk kernels' also tries to
build all the kernels, even those which are not supported. For
example, I tried to build the power arch (qc, qa, ql) and without
surprise it failed (when building dtracy): ...
mk dtracy
qc -FTVw dtracy.c
yacc -v -d -D1 parse.y
qc -FTVw cgen.c
qc -FTVw act.c
qc -FTVw type.c
== regfree ==
REGISTER R0 <11> STRUCT DTAct cgen.c:302
== regfree ==
REGISTER R0 <11> STRUCT DTAct act.c:266
== regfree ==
qc -FTVw agg.c
cgen.c:299 unknown type in regalloc: STRUCT DTAct
cgen.c:299 bad opcode in gmove INT -> STRUCT DTAct
cgen.c:302 unknown type in regalloc: STRUCT DTAct
cgen.c:302 bad opcode in gmove INT -> STRUCT DTAct
cgen.c:302 error in regfree: 0 [0]
REGISTERmk: qc -FTVw cgen.c : exit status=rc 387386: qc 387392: error R0
<11> STRUCT DTAct act.c:269
act.c:250 unknown type in regalloc: STRUCT DTAct
act.c:250 bad opcode in gmove INT -> STRUCT DTAct
act.c:266 unknown type in regalloc: STRUCT DTAct
act.c:266 bad opcode in gmove INT -> STRUCT DTAct
act.c:266 error in regfree: 0 [0]
act.c:269 unknown type in regalloc: STRUCT DTAct
act.c:269 bad opcode in gmove INT -> STRUCT DTAct
act.c:269 error in regfree: 0 [0]
act.c:274 unknown type in regalloc: STRUCT DTAct
act.c:274 bad opcode in gmove INT -> STRUCT DTAct
act.c:274 error in regfree: 0 [0]
too many errors
mk: for(i in cc ... : exit status=rc 382748: rc 387379: mk 387381: error
mk: date for (i ... : exit status=rc 373781: rc 382226: mk 382227: error
cpu%
The patch below skips over non-supported architectures. Is that
something we want? This way, 'mk kernels' should work without a
problem (tested on amd64). Then if someone works on getting those
architectures supported again in the future, they can be added back
in.
snoopy shares ndb/dns's dns parser code, but has its own
copy of rralloc() function, which is responsible to allocating
auxiolary data structures on an RR depending on the type.
ndb/dns gained some support for some new types, but snoopy's
copy of rralloc() was not updated, resulting the auxiolary
structures to be nil, and the shared parsing routines crashes
when trying to dereference them.
this just syncs the copies, we might consider moving rralloc()
into its own file so it can be completely shared.
Git currently gets a bit confused if you try to
manipulate files by absolute path. There were also a
number of places where user-controlled file paths ended
up getting passed to regex interpretation, which could
confuse things.
This change mainly does 2 things:
- Adds a 'drop' function which drops
a non-regex prefix from a string, and uses
that to manipulate paths, simplifies 'subst',
and removes 'subst -g', which was only used
with fixed regexes; sed does this job fine.
- When getting a path from a user, we
make it absolute and then strip out the head
Along the way it cleans up a couple of stupids:
- 'for(f in $list) if(! ~ $#f 0) use $f:
$f can't be a nil list because of
list flattening.
- removes a useless substitution here:
all=`$nl{{git/query -c $1 $2; git/query -c $2 $3} | sed 's/^..//' | \
gsubst '^('$ourbr'|'$basebr'|'$theirbr')/*' | sort | uniq}
where git/query -c doesn't produce
paths prefixed with the query.
exportfs -d logs 9p traffic to /tmp/exportdb.
-f allows writing to a different file.
exportfs silently continues if it doesn't have
permissions to create or write to /tmp/exportdb.
These are poor behaviors.
A better default is to write to stderr, since it
is 9P debug info that is better immediately printed,
and not user info that is better handled by syslog().
As a result, -f is obsolete and thus removed.
Redirect responsibility is now on rc.
As a side effect, rc will fail if it doesn't
have permissions to write.
exportfs(4) is updated to reflect all changes
and with a better Synopsis.
