_grpmems() was broken tokenizing group list in place.
we have to copy it to status buffer before tokenizing.
dynamically alloc path for test file to check write
permission on directory and add pid to the name to
prevent races.
use _OPEN instead of ape open to read /dev/ppid in
getppid().
use mode enums instead of numeric constants for _OPEN()
and _CREATE().
remove envname length limitation in _envsetup()
by using allocated buffer and use /env instead of #e
use /proc and getpid() instead of #p and #c in
readprocfdinit()
fix buffer overflow in execlp(), check if name
of failed exec starts with / . or is \0
make sure not to close our own filedescriptors
for FD_CLOEXEC in execve(), fix wrong length
check for flushing buffer to /env/_fdinfo.
fix error handling cases. copy the enviroment
before decoding \1 to \0 because the strings in
environ[] array might not be writable.
remove bogus close if we fail to open ppid file
in getppid() and use /dev/ppid instead of #c/ppid
setting Asud in the cmd register is not needed, because
Apwr is (Asud|Apod) already. the problem really was that
the drive comes up with sstatus Spresent (001), so we never
spun it up because (p->sstatus & Sphylink) == 0 was never
met (Sphylink being a mask (011) overlaping Spresent bit).
the spinup wait loop has to run only for the staggered spinup
case (h->cap & Hss) and it should wait for the drive to be
detected by the phy, not just cold presence detect.
thinkpad r400 dvd drive was not recognized. port status
indicated present device but no Sphylink because the
device did not spin up. setting the Asud bit in ahciconfigdrive()
made it come up clean.
add scsciverify() call in iaverify() for atapi inquiry.
keep in some of the debug prints and add a *ahcidebug= boot
parameter to enable them.
fix repeatproc timeout handling, add constants for Kbdelay
and Kbrepeat.
set procname so one knows which is keyboard and which is mouse
and on what endpoints they work.
9front's /dev/mousein and /dev/kbdin allow multiple opens,
so theres no need for the refcounted Kin structures.
spawn the worker procs in ther own note group, so they wont
get killed on interrupt in the original notegroup.
when -8 flag is given, upas/marshal override To:, Cc: and Bcc: headers.
add -B option for Bcc. it is also now valid to pass recipient list
on upas/marshal arguments and have -8 flag set. make nedmail and
/rc/bin/mail call upas/marshal with -8 now to make it effective.
bios takeover was broken. bad Ceecpmask (was 8, should be 0xFF)
causing it to miss the legacy control ecap and properly take
overship of the controller. also the order seems wrong, we
have to takeover before we do anything with the controller.
remove the pci config space 0xc0 = 0x2000 write. this the
uhci legacy register. its not anywhere in the ehci spec.
regarding the ohci spec, a overrun td might supply a full
packet of data. this change seemed to have caused nusb/kb to
fail with getting spurious zero byte reads. reverting for now.
handle short reads as errors and retry. this can happen
on ohci and some ps2 to usb converter. it might'v deen caused
by a recent change on sources handling td overrun differently.
fix error handling. have to check f->ep == nil after recovery
and check packet size. also, use f->ep->dfd instead of ptrfd
and kbdfd as it might be different after recovery. make a
setleds() error non fatal.
boost process priority for keyboard and mouse worker processes.
cleanup: use single write() in putmod(), improve error reporting.
implement SMM emulation driver handover in ohcireset(). this fixes
hang and defunct internal keyboard problems on a acer notebook.
dont spin forever waiting for the controller on soft reset in init().
check both, donehead pointer *and* interrupt status for
processed td event (Wdh) similar to the ohci spec example for
processed tds and unlink immidiately. acknowledge *all* the
interrupt status bits before masking. mask out unhandled
events.
various stuff:
check for christmas light interrupt status (cardbus controller
removed?)
add (missing?) break for Tddataovr error case in qhinterrupt().
(changed on sources, not clear why?)
mask interrupt events on shutdown() (from sources).
the syscallno check in syscallfmt() was wrong. the unsigned
syscall number was cast to an signed integer. so negative
values would pass the check provoking bad memory access from
kernel. the check also has an off by one. one has to check
syscallno >= nsyscalls instead of syscallno > nsyscalls.
access to the p->syscalltrace string was not protected
from modification in devproc. you could awake the process
and cause it to free the string giving an opportunity for
the kernel to access bad memory. or someone could kill the
process (pexit would just free it).
now the string is protected by the usual p->debug qlock. we
also keep the string arround until it is overwritten again
or the process exists. this has the nice side effect that
one can inspect it after the process crashed.
another problem was that our validaddr() would error() instead
of pexiting the current process. the code was changed to only
access up->s.args after it was validated and copied instead of
accessing the user stack directly. this also prevents a sneaky
multithreaded process from chaning the arguments under us.
in case our validaddr() errors, we cannot assume valid user
stack after the waserror() if block. use up->s.arg[0] for the
noted() call to avoid bad access.
lazily close revlog files and keep up to 8
revlogs arround. also cache the latest extracted
file descriptor of a revision in the revlog.
this avoids the quite expensive reextracting/patching
when we reopen the same file revision.
dont use the racy mktemp()/create, instead create
a uniqueue name and create with OEXCL. this also
avoids a bunch of access() calls.
fix eof case and use pread() in fcopy() to avoid the
seeks.
dont modify changelog temp file but simulate trailing
newline instead.
check for write premission in the parent directory
for open with ORCLOSE. honor CHFNOPERM not just in
chancreat(), pikeshedd the error handling. added
estrdup()/erealloc() that call sysfatal instead
of returning nil.
getdent() introduced a bug as the qid check fails in
the case when we walk to DUMPROOTQID, but get ROOTQID
in the directory instead.
newentry() getblk(..., GBCREATE) caused the whole
directory to get dumped until it hit a free slot.
we cannot do this because this changes the addresses
of Dentries of files but doesnt update the loctree.
this caused the bogus walks when we hit a different
directory than we expected.
what we do now is the following: newentry() was changed
to never dump anything. it will just read the directory
and return a the address of a free slot or create a
new block having space for one. chancreat() then makes
a loc in the loctree for the free slot, drops the dirent
buffer and calls willmodify() on the new slot. this will
dump the block containing the slot (and possible other
slots) and updates the loctree to the new version.
after that, chancreate() modifies the slot filling the
Dentry. there should be no race, as newentry() skips
slots that have a loc in the loctree.
theres one case where newentry() can dump the block
immidiately when it is called from dump. added new
parameter for that and documented in the comment.
createuserdir() was simplified by just calling chancreat().
to get arround the permission check, a new per channel
flag CHFNOPERM was added.
always check if the directory entry qid from the loc still
matches the one on disk before doing anything. helps
catching bugs and is basically equivalent to what cwfs does
with its checktag.
make a haveloc() check in newentry() to make sure we dont
allocate a file slot thats still in use, but deleted.
this seems to fix the NPROC>1 build problems.
This patch adds client TLS authentication to libsec in compliance with
rfc 4346.
A new -c flag has been introduced for tlsclient allowing the user to
specify a certificate in pem(8) format which will be provided to the
server upon request.
A -D debug flag has been introduced to enable debugging output.
The patch has been tested against OpenSSL 0.9.7j 04 May 2006.
It exists today because of the great (debugging) help and insight
provided by Matthias Bauer.
TODOs:
- specification of a certain client key in factotum is not possible at
the moment
- tlssrv should support this too
These will get added in another patch.
The first try to submit this patch failed due to a network error.
Sorry for the duplication!
Kind regards,
Christian
newproc() didnt zero parentpid and kproc() didnt set it, so
kprocs ended up with random parent pid. this is harmless as
kprocs have no up->parent but it gives confusing results in
pstree(1).
now we zero parentpid in newproc(), and set it in sysrfork()
unless RFNOWAIT has been set.
assuming that this check tried to prevent the hostowner
from killing init, it is silly because init would just
handle the note.
with kbdfs, we actually want to send interrupt note to
the initial process group so instead of working arround
this with rfork(RFNOTEG|RFNAMEG), we remove the check.
these changes make the interrupt key available in the
console (before rio is started).
kbdfs: will now send a "interrupt" note to its invoking
process group in cooked mode.
bootrc: is now prepared to handle interrupts, mainly to
not accidently spawn a new bootargs prompt.
init: forwards the interrupt to the cpurc/termrc pgrp.
vncs: shields itself from kbdfs notegroup so interrrupt
wont kill the whole vnc session.
functional identical, but uses different data structure.
instead of reading all words into memory, we read and
tokenize on demand keeping a simple linked list of words
to conume by further calls of getword(). once the list
is empty we read the next line, tokenize it and fill the
list up again. so we only need as mutch memory to hold
all the words of the longest line.
we can't really change the Window *input from
outside the winctl() thread. the problem is
that the window might end up reading the
mouse (scroll, select) which makes the w->cctl
channel block once you try to talk to the
window again (from the mousethread). this also
means we have to coordinate window switchin
from the winctl proc waiting for the current
window to release the input and then take over.
thers a new Winctl message Topped that basically
does that now using Wakeup and a chan to
synchronize.
wrepaint() used to also set the cursor for the window
if it was current. this reset the corner cursors on
bandresize when one tried to attempt to size a window
that was not current. make repaint just repaint the
window and border. set cursor explicitely for hold
toggle.
use notefd in killprocs() insead of postnote() as the process
might'v exited. the notefd stays valid even if the particular
process it was originaly opend on exited. remove the Window.pid
field as its not needed.
dup() the notefd for interruptproc as the window might'v gone
away and closed the notefd file descriptor, resulting in us
writing to the wrong thing.
use snprint() instead of sprint() for safety.
fix bogus debug fprint().
add missing "visible" flushimage() after Reshaped winctl message
got handled. i assumed wsetname()/nameimage() would be enough,
it but does a invisible flush so softscreen doesnt get updated
immidiately.
do not make allocimage() failure in scrtemps() fatal. it wont
draw the window properly, but it gives the user a chance to
delete some windows to recover.
allocate all the colors in iconinit(), remove unused ones
like grey. rename darkgrey to paletextcol because thats
what it is used for. new approach to window image allocation.
we allocate the window with DNofill and let the window fill
itself. this reduces flickering especially with (-b) option
and makes rio resize feel a lot faster.
wrefresh() didnt work. now fixed.
wtop() checked w->topped == topped as a fast exit. if you
had the top most window not being current (== input) which
can happen when you delete the current window, then wtop would
after resize would not make the window current because it
is already top topmost one. wtopme() and wcurrent() both are
non-ops when window is already the topmost or window is already
current, so remove the check as its not needed. also topping
the window feels less sluggish.
sort the window array by w->topped before reshaping all
windows. this preserves the window z-order.
remove implicit focus change on reshape/move. it called
wcurrent() in wtcl thread which might send a wctl message
to itself, bad... also we might not want to change focus
on reshape, like for the rio resize. so we set the input
window explicitely in all call sites.
window deletion was racy. wclosewin() destroys w->i, but
it is called outside the wctl thread so it might just
free the image under libframe doing some text selection.
this is fixed the following: add wclunk() function,
which basically just marks the window as deleted and
removes the reference from the window[] and hidden[]
arrays. (called on wclose() when refcount drops to
zero). wclosewin() now just frees the image and is only
called from the wctl thread on exit or when handing
the Deleted message.
get a reference to the window when doing sweeping or
moving as the filesystem might just clunk it under
us and we might end up sending wctl messages to
a Exited window.
wctl resize message has to fail if the window is not
current as it might be hidden... would also be annoying.
this is to catch crazy color channels like k8a8 and the 15/16 bit
ones and CMAP. basically, just convert to RGBA32 or RGB24 depending
on if it has an alpha channel.
as the menu is displayed, the window might go away or change its
label causing menuhit() to dereference bad memory. just strdup()
the labels before passing to menu3str to prevent accidents.
avoid double entries in the cache for copen() and properly handle
locking so we wont just give up if we cant lock the Mntcache entry,
but drop the cache lock, qlock the Mntcache entry, and then recheck
the cache.
general cleanup (cdev -> ccache, use eqchantdqid())
the lock order of page.Lock -> palloc.hashlock was
violated in cachedel() which is called from the
pager. change the code to do it in the right oder
to prevent deadlock.
change lookpage to retry on false hit. i assume that
a false hit means:
a) we'r low on memory -> cached page got uncached/reused
b) duppage() got called on the page, meaning theres another
cached copy in the image now.
paging in is expensive compared to the hashtable lookup, so
i think retrying is better.
cleanup fixfault, adding comments.
swaped pages use a 8bit refcount where as the Page uses a 16bit one.
this might be exploited with having a process having a single page
swaped out and then forking 255 times to make the swap map refcount
overflow and panic the kernel.
this condition is probably very rare. so instead of doubling the
size of the swap map, we add a single 32bit refcount swapalloc.xref
which will keep the combined refcount of all swap map entries who
exceeded 255 references.
zero swapimage.c in setswapchan() after closing it as the stat() call
below might error leaving a dangeling pointer.
attachimage()'s approach to handling newseg() error is flawed:
a) the the image is on the hash table, but ref is still 0, and
there is no segment/pages attached to it so nobody is going to
reclaim / putimage() it -> leak
b) calling pexit() would deadlock us because exec has acquired
up->seglock when calling attachimage(), so this would just deadlock.
the fix does the following:
attachimage() will putimage() and nexterror() if newseg() fails
instead of pexit(). this is less surprising.
exec now keeps the condition variable commit which is set once
we are commited / reached the point of no return and check this
variable in the highest waserror() handler and pexit() us there.
this way we have released up all the locks and pexit() will
cleanup.
note: this bug shouldnt us hit in with the current newseg()
implementation as it uses smalloc() which would wait to
satisfy the allocation instead of erroring.
kstrcpy() did not null terminate for < 4 byte buffers. fixed,
but i dont think there is any case where this can happen in
practice.
always set malloctag in kstrdup(), cleanup.
always use ERRMAX bounded kstrcpy() to set up->errstr, q->err
and note[]->msg. paranoia.
instead of silently truncating interface name in netifinit(),
panic the kernel if interface name is too long as this case
is clearly a mistake.
panic kernel when filename is too long for addbootfile() in
devroot. this might happen if your kernel configuration is
messed up.
