the assumption of only one producer ((abs)moustratrack()) is not true
for external mouse events from /dev/mousein, so protect the mouse state
and queue with ilock().
get rid of mousecreate(), just use devcreate().
reset cursor when all instances of /dev/mouse and /dev/cursor got closed,
instead of also considering /dev/mousectl. the reason is that kbdfs keeps
the mousectl file open. so exiting a program that has the cursor changed
will properly reset the cursor to arrow.
don't access user buffer while holding cursor spinlock! the memory access
can fault. theres also no lock needed there, we'r just copying *from* the
cursor memory.
fix use of strtol(), p will always be set, check for end of string.
keep pointer coordinates onscreen (off by one).
make lastms() function to get the last millisecond delta of last
call for resynchronization.
fix msg[3] buffer overflow in m5mouseputc().
get rid of mouseshifted logic, it is not used.
theres a bug is in sclose() where it doesnt check if wp is beyond
the buffer. also wp was not updated after realloc().
bug was reported by porlock on 9fans:
Plan 9's implementation of the standard C functions snprintf and
vsnprintf have a buffer overrun bug.
If the buffer length equals the output length (without the terminating
null), then one too many characters is written to the buffer.
For example,
snprintf(buf, 4, "ABCD");
will write 5 characters to buf.
remove bl2mem(), it is broken. a fault while copying to memory
yields a partially freed block list. it can be simply replaced
by readblist() and freeblist(), which we also use for qcopy()
now.
remove mem2bl(), and handle putting back remainer from a short
read internally (splitblock()) avoiding the releasing and re-
acquiering of the ilock.
always attempt to free blocks outside of the ilock.
have qaddlist() return the number of bytes enqueued, which
avoids walking the block list twice.
remove unneeded waserror() block, loopoput is alled from
loopbackbwrite only so we will always get called with a
*single* block, so the concatblock() is not needed.
the convention for Dev.bwrite() is that it accepts a *single* block,
and not a block chain. so we never have concatblock here.
to keep stuff consistent, we also guarantee thet Medium.bwrite()
will get a *single* block passed as well, as the callers are
few in number.
to avoid copying in padblock() when adding cryptographics macs to a block
in devtls/devssl/esp we reserve 16 extra bytes to the allocation.
remove qio ixsummary() function and add acid function qiostats() to
/sys/lib/acid/kernel
simplify iallocb(), remove iallocsummary() statitics.
given that devmnt will almost always write into a pipe
or a network connection, which supports te bwrite routine,
we can avoid the memory copy that would have been done by
devbwrite(). this also means the i/o buffer for writes
will get freed sooner without having to wait for the 9p
rpc to get a response, saving memory.
theres one case where we have to keep the rpc arround and
that is when we write to a cached file, as we want to update
the cache with the data that was written, but the user buffer
cannot be trusted to stay the same during the rpc.
sugen() calls cgen64() speculatively so that when cgen64() returns
zero, it will fall back and compile 64-bit copy.
the bug was that cgen64() compiled the left hand side and then recursively
called cgen64() again, which didnt handle the memory copy so it returned
zero and sugen() would compile the left hand side again resulting in two
function calls being emited.
some code that reproduced the issue:
#include <u.h>
#include <libc.h>
typedef struct
{
char x[10];
vlong a;
} X;
X a;
X *f(void) { return &a; }
void
main(int argc, char *argv[])
{
f()->a = a.a;
}
producing:
TEXT f+0(SB),0,$0
MOVL $a+0(SB),AX
RET ,
RET ,
TEXT main+0(SB),0,$0
CALL ,f+0(SB)
CALL ,f+0(SB) <- bug
MOVL AX,CX
LEAL a+12(SB),DX
MOVL (DX),AX
MOVL AX,12(CX)
MOVL 4(DX),AX
MOVL AX,16(CX)
RET ,
GLOBL a+0(SB),$20
END ,
devfs:
- fix memory leak in devfs leaking the aes key
- allocate aes-xts cipher state in secure memory
- actually check if the hexkey got fully parsed
cryptsetup:
- get rid of stupid "type YES" prompt
- use genrandom() to generate salts and keys
- rewrite cryptsetup to use common pbkdf2 and readcons routines
- fix alot of error handling and simplify the code
- move cryptsetup command to disk/cryptsetup
- update cryptsetup(8) manual page
get rid of _INI and _REG method calls, this is not full acpi environment
anyway and all we really want todo at kernel boot time is figuring out
the interrupt routing. aux/acpi can try to enable more stuff if it needs
to later when battery status desired.
dont snoop memory space regions in amlmapio(), this is just wrong as
amlmapio() is *lazily* mapping regions as they are accessed, so the
range table would never be really complete. instead, we provide generic
access to the physical address space, excluding kernel and user memory
with acpimem file.
we cannot retry posts and we do not know for sure if a
post had any side effect when we got no status, so always
make a new connection for a post request.
when dragging a window edge, allow one to slide to a corner
or slide from corner to corner (usefull when inverting).
also make sure the right or bottom of the rectangle returned
by whichrect() is not outside of the screen (which makes
drawing slow).
we can encrypt the 256 bit chacha key on each invocation
making it hard to reconstruct previous outputs of the
generator given the current state (backtracking resiatance).
the kernels custom rand() and nrand() functions where not working
as specified in rand(2). now we just use libc's rand() and nrand()
functions but provide a custom lrand() impelmenting the xoroshiro128+
algorithm as proposed by aiju.
we now access the user buffer in randomread() outside of the lock,
only copying and advancing the chacha state under the lock. this
means we can use randomread() within the fault handling path now
without fearing deadlock. this also allows multiple readers to
generate random numbers in parallel.
we might wake up on a different cpu after the sleep so
delta from machX->ticks - machY->ticks can become negative
giving spurious timeouts. to avoid this always use the
same mach 0 tick counter for the delta.
the manpage states that capabilities time out after a minute,
so we add ticks field into the Caphash struct and record the
time when the capability was inserted. freeing old capabilities
is handled in trimcaps(), which makes room for one extra cap
and frees timed out ones.
we also limit the capuse write size to less than 1024 bytes to
prevent denial of service as we have to copy the user buffer.
(memory exhaustion).
we have to check the from user *before* attempting to remove
the capability! the wrong user shouldnt be able to change any
state. this fixes the memory leak of the caphash.
do the hash comparsion with tsmemcmp(), avoiding timing
side channels.
allocate the capabilities in secret memory pool to prevent
debugger access.
previously, right shift >>0 resulted in >>32 being emited. this
is especially problematic when the shift count comes from a macro
expansion.
we now handle constant shift >>0 as <<0 (no shift) and allow
shift by 32 be specified.
this applies to logical right shift (>>) arithmetic right shift (->)
and right rotate (@>).
the prior implementation was unneccesarily complicated for
no good reason due to me misunderstanding how libc's nrand()
works. in contrast to libc, we already generate the *closest*
power-of-2 random number with mprand() in the sampling loop.
The kernel needs to keep cryptographic keys and cipher states
confidential. secalloc() allocates memory from the secret pool
which is protected from debuggers reading the memory thru devproc.
secfree() releases the memory, overriding the data with garbage.
drawterm, factotum, secstore and the auth commands
all had ther own implementation of readcons. we
want to have one common function for this to avoid
the duplication, so putting that in libauthsrv.
introduce PASSWDLEN which makes the use more explicit
than ANAMELEN.
when we get eof, stop the loop immidiately and do not
rely on the read to eventually return an error.
when convM2S() fails to decode the message, error out
and stop the loop. there is no point in continuing.
given that the memory leaks have been fixed, theres no need
for the obscure restart feature which is not reliable anyway.
remove the code updating procname on each 9p request.
handle convM2S error by exiting the service loop, dont read
9p channel after eof.
we used to not sign extend if the destination was unsigned
uvlong, which is wrong. we have to sign extend only based
on the signedness of the source (it gets propagated to vlong)
this bug hit in hjfs in the newentry() function, causing file
creation to fail with "create -- phase error":
newentry(...)
{
uvlong sj;
int si;
...
sj = si = -1;
...
}
usually, the plan9 partition table is contained in
the first 9fat partition after the pbs/fat header,
but when no 9fat partition is requested, we have
to make sure partitions wont overlap the partition
table (start at sector offset >= 2).
the pause function is different from just accessing the menu: it pauses both
single and multiplayer games, stops music and sound, and is recorded in demos
(does not cause a desync, unlike menu access).
this uses Kprint rather than Kbreak because Kbreak is e.g. Kctl+pause on some
keyboards.
the first time rtl8169link is called (from rtl8169pnp), the link isn't up, so
setting edev->mbps based on Phystatus register is skipped. edev->mbps is then
still set at the default 100, and that ends up being what devether uses.
this is why some rtl8169 cards are misprinted as 100Mbps in kmesg.
later, after rtl8169link is called again from rtl8169interrupt, the link is up
and edev->mbps is set to the correct value (as shown by e.g. /net/ether0/stats).
so instead, set speed regardless of link status.
blazing doors are a "fast" door type with its own sound effects, introduced in
doom2. doom2 map 2 has one right at the beginning.
this fixes two bugs:
- when a closing blazing door is completely shut, the closing sound effect is
erroneously played again (the first time being when it began closing). this
gives the impression of two doors closing.
- when reopening a closing blazing door (standing underneath a blazing door
while it's closing), the sound effect for regular doors opening is played,
instead of the one for blazing doors, because of a missing case in the switch
statement.
data[mn] and link[mn] are 24-bit values.
in the expression 'm = (n * ((freq * bpp)/8)) / (lsclk * lanes)',
uvlongs are used to prevent integer overflow, but since freq, bpp, lsclk and
lanes are all ints, the cast to uvlong does not happen until it's too late,
getting a wrong value.
instead, use u32int for m and n, and use casts where necessary.
example of bad calculation:
freq = 141400000
lsclk = 270000000
lanes = 2
bpp = 18
→ 0x7f3ee1ca6 (correct value: 0x4b69d0)
when ndb/dns runs as a resolver only (cfg.cachedb == 0),
we still want to purge the "local#" db records to reread
dns server configuration or react to changed ip addresses.
removing old poolcheck and dncheck code, these bugs have
been fixed a long time ago.
the onscreen cursor shows the cursor of the current
focused window or the window it points at. if there
is no window, then we set the default cursor (nil).
the arm compiler can lift long->vlong casts on multiplcation
and convert 64x64->64 multiplication into a 32x32->64 one
with optional 64 bit accumulate.
introduce rolor() function to subsitute (a << c) | (a >> (bits(a) - c))
with (a <<< c) where <<< is cyclic rotation and c is constant.
this almost doubles the speed of chacha encryption of 386 and amd64.
the peephole optimizer used to stop when it hit a shift or rol
instruction when attempting to eleminate moves by register
substitution. but we do not have to as long as the shift count
operand is not CX (which cannot be substituted) and CX is not
a subject for substitution.
neither symdel nor symstat were used anywhere. syminit was used but
had no effect. both syminit and symdel dereference pointers after
freeing them. symstat can be tricked into writing beyond the bounds of
its array
syminit() attemts to reset the symbol table by freeing
all the hash table entries, tho the code is buggy having
a obviously use after free bug.
as syminit() is only called once in main when it does not
contain any symbols, the bug never occured.
removing the unneccesary code alltogether.
