the syscallno check in syscallfmt() was wrong. the unsigned
syscall number was cast to an signed integer. so negative
values would pass the check provoking bad memory access from
kernel. the check also has an off by one. one has to check
syscallno >= nsyscalls instead of syscallno > nsyscalls.
access to the p->syscalltrace string was not protected
from modification in devproc. you could awake the process
and cause it to free the string giving an opportunity for
the kernel to access bad memory. or someone could kill the
process (pexit would just free it).
now the string is protected by the usual p->debug qlock. we
also keep the string arround until it is overwritten again
or the process exists. this has the nice side effect that
one can inspect it after the process crashed.
another problem was that our validaddr() would error() instead
of pexiting the current process. the code was changed to only
access up->s.args after it was validated and copied instead of
accessing the user stack directly. this also prevents a sneaky
multithreaded process from chaning the arguments under us.
in case our validaddr() errors, we cannot assume valid user
stack after the waserror() if block. use up->s.arg[0] for the
noted() call to avoid bad access.
lazily close revlog files and keep up to 8
revlogs arround. also cache the latest extracted
file descriptor of a revision in the revlog.
this avoids the quite expensive reextracting/patching
when we reopen the same file revision.
dont use the racy mktemp()/create, instead create
a uniqueue name and create with OEXCL. this also
avoids a bunch of access() calls.
fix eof case and use pread() in fcopy() to avoid the
seeks.
dont modify changelog temp file but simulate trailing
newline instead.
check for write premission in the parent directory
for open with ORCLOSE. honor CHFNOPERM not just in
chancreat(), pikeshedd the error handling. added
estrdup()/erealloc() that call sysfatal instead
of returning nil.
getdent() introduced a bug as the qid check fails in
the case when we walk to DUMPROOTQID, but get ROOTQID
in the directory instead.
newentry() getblk(..., GBCREATE) caused the whole
directory to get dumped until it hit a free slot.
we cannot do this because this changes the addresses
of Dentries of files but doesnt update the loctree.
this caused the bogus walks when we hit a different
directory than we expected.
what we do now is the following: newentry() was changed
to never dump anything. it will just read the directory
and return a the address of a free slot or create a
new block having space for one. chancreat() then makes
a loc in the loctree for the free slot, drops the dirent
buffer and calls willmodify() on the new slot. this will
dump the block containing the slot (and possible other
slots) and updates the loctree to the new version.
after that, chancreate() modifies the slot filling the
Dentry. there should be no race, as newentry() skips
slots that have a loc in the loctree.
theres one case where newentry() can dump the block
immidiately when it is called from dump. added new
parameter for that and documented in the comment.
createuserdir() was simplified by just calling chancreat().
to get arround the permission check, a new per channel
flag CHFNOPERM was added.
always check if the directory entry qid from the loc still
matches the one on disk before doing anything. helps
catching bugs and is basically equivalent to what cwfs does
with its checktag.
make a haveloc() check in newentry() to make sure we dont
allocate a file slot thats still in use, but deleted.
this seems to fix the NPROC>1 build problems.
This patch adds client TLS authentication to libsec in compliance with
rfc 4346.
A new -c flag has been introduced for tlsclient allowing the user to
specify a certificate in pem(8) format which will be provided to the
server upon request.
A -D debug flag has been introduced to enable debugging output.
The patch has been tested against OpenSSL 0.9.7j 04 May 2006.
It exists today because of the great (debugging) help and insight
provided by Matthias Bauer.
TODOs:
- specification of a certain client key in factotum is not possible at
the moment
- tlssrv should support this too
These will get added in another patch.
The first try to submit this patch failed due to a network error.
Sorry for the duplication!
Kind regards,
Christian
newproc() didnt zero parentpid and kproc() didnt set it, so
kprocs ended up with random parent pid. this is harmless as
kprocs have no up->parent but it gives confusing results in
pstree(1).
now we zero parentpid in newproc(), and set it in sysrfork()
unless RFNOWAIT has been set.
assuming that this check tried to prevent the hostowner
from killing init, it is silly because init would just
handle the note.
with kbdfs, we actually want to send interrupt note to
the initial process group so instead of working arround
this with rfork(RFNOTEG|RFNAMEG), we remove the check.
these changes make the interrupt key available in the
console (before rio is started).
kbdfs: will now send a "interrupt" note to its invoking
process group in cooked mode.
bootrc: is now prepared to handle interrupts, mainly to
not accidently spawn a new bootargs prompt.
init: forwards the interrupt to the cpurc/termrc pgrp.
vncs: shields itself from kbdfs notegroup so interrrupt
wont kill the whole vnc session.
