file offset is 64 bit signed integer, negative offsets
are invalid and rejected by the kernel. to still access
kernel memory on amd64, we unconditionally clear the sign
bit of the 64 bit offset in libmach and devproc sign
extends the offset back to a 64 bit address.
this doubling affects all segment types, not just bss.
(tho text/data are usually small...)
and theres no telling if the segment will actually
grow in the future justifying the reduction of memmove
overhead in ibrk().
some ape programs are approaching the 16mb ssegmap size
so that code might trigger.
removing the smarts...
as erik quanstro suggests, theres not much of a point in
storing the full 64bit pc as one cannot get a code segment
bigger than 4G and amd64 makes it hard to use a pc that
isnt 64bit sign extension of 32bit.
instead, we only store ulong (as originally), but sign
extend back when returning in getmalloctag() and
getrealloctag().
getrealloctag() used to be broken. its now fixed.
this change is in preparation for amd64. the systab calling
convention was also changed to return uintptr (as segattach
returns a pointer) and the arguments are now passed as
va_list which handles amd64 arguments properly (all arguments
are passed in 64bit quantities on the stack, tho the upper
part will not be initialized when the element is smaller
than 8 bytes).
this is partial. xalloc needs to be converted in the future.
when user does read of exactly 12*12 bytes on draw
ctl file, the snprint() adds one more \0 byte writing
beyond the user buffer and corrupting memory.
fix this by not snprint()ing the final space and add
it manually.
the stats and ifstats files in the 3rd level of a netif
are not per connection, but for the interface.
this made fstat fail for /net/ether0/N/*stats where N > 0
as the NETID() bits in the qid didnt compare.
from erik quanstros 9fans post:
i think the list insertion code needs a single-read
test that f->alarm != 0. to prevent the 0 from
acting like a fencepost. e.g. trying to insert -10 into
list -40 -30 0 -20.
if(alarms.head) {
l = &alarms.head;
for(f = *l; f; f = f->palarm) {
>> fw = f->alarm;
>> if(fw != 0 && (long)(fw - when) >= 0) {
up->palarm = f;
*l = up;
goto done;
}
l = &f->palarm;
}
*l = up;
}
make sure not to dereference Proc* nil pointer. this can potentially
happen from devip which has code like:
if(er->read4p)
postnote(er->read4p, 1, "unbind", 0);
the process it is about to kill can zero er->read4p at any time,
so there is the possibility of the condition to be true and then
er->read4p becoming nil.
check if the process has already exited (p->pid == 0) in postnote()
under p->debug qlock.
when alarmkproc is commited to send the alarm note to the process,
the process might have exited already, or worse, being reused for
another process. pexit() zeros p->alarm at the beginning, but the
kalarmproc() might read p->alarm before pexit() zeroed it, decide
to send the note, then get preempted and pexit() releases the proc.
once kalarmproc() is resumed, the proc might be already something
different and we send the note to the wrong thing.
we now check p->alarm under the debug qlock. that way, pexit()
cannot make progress while we test the condition.
remove the error label arround postnote(). postnote does not raise
error.
make sure noteid is valid (>0).
prohibit changing note group of kernel processes. this is also
checked for in pgrpnote().
prevent "none" user from changing its note group to another "none"
sessions. this would allow him to send notes other none processes
other than its own.
(11:02:29 PM) me: why is buf in /sys/src/9/port/devssl.c:/^sslwrite only 128 bytes?
(11:02:58 PM) me: it makes it so you can't use a 128 bytes secret as negotiated by infauth in a secretin or secretout ctl message
(11:03:30 PM) me: which in turn means you can't use such a secret with pushssl(2)
(11:06:15 PM) me: inferno's sslwrite is limited to 32 bytes, but its ssl library writes to the secret files instead of to the ctl file
(11:08:50 PM) mischief: what should it be instead of 128 bytes
(11:08:58 PM) me: larger
(11:09:16 PM) mischief: how about 129 bytes?
(11:09:59 PM) me: also broken in 9front, by the way
(11:15:14 PM) me: i guess it should be replaced with parsecmd
replaced the p->pid != 0 check with up->parentpid != 0 so
p->pid == up->parentpid is never true for p->pid == 0.
avoid allocating the wait records when up->parentpid == 0.
when a process got forked with RFNOWAIT, its p->parent will still
point to the parent process, but its p->parentpid == 0.
this causes the "parent still alive" check in pexit to get confused
as it only checked p->pid == up->parentpid. this condition is *TRUE*
in the case of RFNOWAIT when the parent process is actually dead
(p->pid == 0) so we attached the wait structure to the dead parent
leaking the memory.
catch the error() that can be thrown by sleep() and tsleep()
in kprocs.
add missing pexit() calls.
always set the freemem argument to pexit() from kproc otherwise
the process gets added to the broken list.
the image cache should not hold onto the text file channel
when not neccesary. now, the image keeps track of the number
of page cache references in Image.pgref. if the number of
page cache references and Image.ref are equal, this means
all the references to this image are from the page cache.
so no segments are using this image. in that case, we can
close the channel, but keep the Image in the hash table.
when attachimage() finds our image, it will check if Image.c
is nil and reattach the channel to the image before it is
used.
the Image.nocache flag isnt needed anymore.
the shr mount is linked into the Mhead with m->to initially nil. only
after the the server has been attached is m->to set. just check for
it in createdir().
the image cache has the property of keeping a channel
for the executable binary arround which prevents the
mountpoint from going away.
this can easily be reproduced by running:
@{rfork n; ramfs; cp /bin/echo /tmp; /tmp/echo}
observe how ramfs stays arround until the image is
reclaimed. the echo binary is also cached but is
unreachable from any namespace.
we now restrict the caching to mounts that use the client
cache (-C flag) only. this should always be the case
for /bin. places where this isnt the case might observe
a performance regression.
closechanq() is unable to fork a new closeproc when palloc
is locked. so we spawn a closeproc early in chandevinit()
and make sure theres always one process arround to handle
the queue.
the automatic routing from jack to dac/adc sometimes gets us
a path thats not audible. manually specifying a route path
gets us arround these. the syntax is just a comma separated
list of node ids in the "pin" and "inpin" audioctl commands
instead of a single pin node id.
to find alternative paths, audiostat now lists all the widgets;
not just the pins; and ther input connections.
initially mute all pins and amps of all function groups.
connectpath() and disconnectpath() will mute and unmute
the widgets as required later.
validaddr looks up the segments for an address range
and checks the flags and if the address range lies
within bounds on the segments.
as we'r going to lookup the segment in the syssem*
syscalls anyway, we can do the checks ourselfs avoiding
the double segment array lookups.
the implication of this tho is that now a semaphore cannot
span multiple segments. but this would be highly unusual
given that segments are page aligned.