- fix missing runlock(ifc) when ifcid != a->ifcid in rxmitsols() (thanks erik quanstro)
- don't leak packets when transfering blocks from arp entry hold list to droplist
- free rest of droplist when bwrite() errors in arpenter(), remove useless checks (ifc != nil)
- free arp entry hold list from cleanarpent()
- consistent use of nil for pointers
sprint() will replace invalid utf8 sequences with U+FFFD
which caused directory reads and stats to return the wrong
filename. just strcpy the name bytes.
the dynamic input buffer resize code (fillbuf()) is broken as
the calling code assumes that memory wont relocate. instead
of trying to work out all the cases where this happens, i'm
getting rid of fillbuf() and just read the whole file into
memory in setsource().
the bug could be reproduced with something as simple as:
@{for(i in `{seq 1 10000}){echo $i ', \'; }} | cpp
X509req() and X509gen() used to leak memory, and had no way for
the caller to free the allocated certificate/certificate request
buffer returned. this is not critical as these functions are only
used in short lived rsa(2) helper programs. but i prefer to have
library routines not leak memory as one does not know in advance
where the code is going to be used.
we used to negotiate tls1.1 for client cert authentication because the
signature generation was not implemented for tls1.2. this is now fixed
and tls1.2 can be negotiated with client certs.
actually verify the diffie hellman parameter signature, this
comes in two flavours. TLS1.2 uses X509 signature with a
single hash specified by the signature algorithm field in
the signature itself and pre TLS1.2 where md5+sha1 hashes
of the signed blob are pkcs1 padded and encrypted with the
rsa private key.
stop advertizing non-rsa cipher suits (DSS and ECDSA), as
we have not implmenented them.
fix some memory leaks in X509 code while we'r at it.
libdraw was attempting to bind '#i' and '#m' to /dev when it could not find
/dev/mouse or /dev/draw. a library shouldnt be that clever and do namespace
manipulations on behalf of the caller. so instead, we setup the graphics
environment in screenrc on boot time.
---------- Forwarded message ----------
From: Charles Forsyth <charles.forsyth@gmail.com>
Date: 13 September 2015 at 12:38
Subject: fis bug
To: erik quanstrom <quanstro@quanstro.net>
geoff spotted something similar in sdiahci.c, but it's in libfis as well:
c[Flba24] = lba >> 24;
c[Flba32] = lba >> 32;
c[Flba40] = lba >> 48;
>> 48?? should be >> 40, especially with drive sizes getting up there.
TLS1.2 requires the client to send the list of supported
signature and hash algorithm pairs. some servers will simply
reject the client hello otherwise. note that we do not implement
any dh/ecdh param signature verification.
order the cipher list to strogest first. aes128 is actually more
secure than aes256.
tar used to infer compression type from the filenames extension, but when
no file name is given (stdin/stdout), the -z flag was ignored and no
compression filter applied. this changes tar to assume the default
gzip compression method when z is given and no file name is specified.
these functions where undocumented and unused. especially
tprivfree() was buggy missing a unlock() call. theres not
much point in supporting these functions as theres
threaddata() and procdata().
this generates a disk image (to be written to usb or
sdmmc card) containing 9fat partition with kernel and
a hjfs filesystem partition with the 9front distribution.
this could be easily extended to generate raspberry pi
images as well, but i have no hardware to test.
for incoming connection, we used s->laddr to lookup the interface
for the incoming call, but this does not work when the announce
address is tcp!*!123, then s->laddr is all zeros "::". instead,
use the incoming destination address for interface mtu lookup.
thanks mycroftix for troubleshooting!
this is in preparation for replacing DES ticket encryption with
something better. but first need to make the code stop making
assumptions.
the wire encoding of the Ticket might be variable length
with TICKETLEN just giving an upper bound. the details will be
handled by libauthsrv _asgetticket() and _asgetresp() funciotns.
the Authenticator and Passwordreq structures are encrypted
with the random ticket key. The encryption schmeme will depend
on the Ticket format used, so we pass the Ticket* structure
instead of the DES key.
introduce Authkey structure that will hold all the required
cryptographic keys instead of passing DES key.
mthing->angle is a signed short, and if ANG45 * mthing->angle/45 < 0, the
result of the right shift is sign extended.
afaik, an being 16bit in the dos version of doom, you'd endup with a
negative array offset, which would just access values from adjacent arrays
(finetangent[] for finecosine[], and finecosine[] for finesine[]), and it
would result in a misplaced teleport fog in some circumstances (fog is not
in front of the player on respawn, hence "silent teleport"). so, this fix is
bug incompatible, but this only affects live multiplay.
to test:
% hget http://doomedsda.us/dm/ahfx7_2.zip | unzip -sv
extracting AHFX7_2.TXT
extracting AHFX7_2.LMP
% mv AHFX7_2.LMP ahfx7_2.lmp
% games/doom -playdemo ahfx7_2
[...]
doom 10553: suicide: sys: trap: fault read addr=0x400429e10 pc=0x205b45
KEY_F11 and KEY_F12 are not KEY_F1+11 and KEY_F1+12 as it is assumed in
runetokey(), which prevents these keystrokes from being used. rather than
change runetokey(), it seems better to just change the key definitions in
doomdef.h (the new values don't correspond to any other keys anyway).
F11 is the gamma correction key. to make gamma correction actually work,
i_video.c:I_SetPalette must also take into account usegamma (this was just
never ported). cf i_video.c:UploadNewPalette in source code release.
F12 is the spycam key. the spycam switches the renderview to a different player
during a coop game, or when watching a multiplayer demo. this feature only
changes the renderview; sounds, palette effects, status bar, etc. are still
from the first player's perspective.
a typo in st_stuff.c:ST_Responder prevents idclev (change level) cheat to work
in doom2 and final doom (gamemode == commercial): episode is set to 0, when
that's invalid, and ST_Responder just returns.
to test, while ingame type idclev, followed by:
. doom1: episode (1-3 or 1-4) then map number (1-9)
. doom2/final doom: map number (1-32)
incidentally, if the last digit typed is 1, the player's weapon will switch to
the fist, because of a different bug (basically kbdproc registering two events
when pressing a key, for 'c' and 'k' case).
this bug was introduced in the plan9 port, and since i_sound.c compiles with
no warning, it was never noticed. in effect, the statement between the
unterminated comment and the next is ignored. channelids[] is used in addsfx()
to avoid re-adding certain sounds if they are already playing. one of those is
sfx_sawful, and because of this bug, it is added again each tic during which
the player fires the chainsaw, rather than reset every tic.
compare firing the chainsaw continuously with and without the patch (without
hitting an enemy).
theres code that assumes one can dereference a char[] buffer on the stack
as a long (ghostscript gxblend.c), so make sure all automatics on the stack
are word aligned. this is not strictrly neccesary, but avoids some
trouble with unportable code.
buffers which still have requests queued on them are not free!
we cannot chanedev() a buffer while it has still requests queued on it
and we canot just queue our request (having different address) on the
buffer while there are other requests before it, otherwise we would
create artificial block dependency that can cause deadlock.
it is possible for another getbuf() on buffer b to come in
before undelayreq() calls givebuf() on a buffer again. then
givebuf() would find b already busy and abort().
instead, we now handle what getbuf() did in givebuf() and
consider the Buf* argument to givebuf() as a hint only for
the case when we have to actually flush/read a block from
disk.
when wunlock() was used by threads running within the same proc,
the wunlock() can deadlock as it keeps holding the RWLock.lock
spinlock while indirectly calling _threadrendezvous(). when
_threadrendezvous() switches to another thread in the same proc,
then that thread can hang at rlock()/wlock()/runlock() again
waiting for wunlock() to release the spinlock which will never
happen as lock() does not schedule threads.
wunlock() is changed to release the spinlock during rendezvous
wakeup of readers. note that this is a bit dangerous as more
readers might queue concurrently now which means that if
we cannot keep up with the wakeups, we might keep on waking
readers forever. that will be another patch for the future.
using "interrupt" ctl message directly doesnt work when the
process is doing libthread channel operations (threadrendezvous)
as it will just repeat a interrupted rendezvous(). threadint()
handles this for us.
threadint() is called to interrupt channel operation or a system call.
the kernel provides a new "interrupt" procctl message to interrupt a
process commited to or being in a blocking syscall, which is similar,
but not the same. the main difference is that "interrupt" condition
is not cleared before the process actually attempts to block. also
can be cleared with "nointerrupt" ctl message. see proc(3)
instead of ordering the source mount list, order the new destination
list which has the advantage that we do not need to wlock the source
namespace, so copying can be done in parallel and we do not need the
copy forward pointer in the Mount structure.
the Mhead back pointer in the Mount strcture was unused, removed.
there was a race between cunmount() and walk() on Mhead.from as Mhead.from was
unconditionally freed when we cunmount(), but findmount might have already
returned the Mhead in walk(). we have to ensure that Mhead.from is not freed
before the Mhead itself (now done in putmhead() once the reference count of the
Mhead drops to zero).
the Mhead struct contained two unused locks, removing.
no need to hold Pgrp.ns lock in closegrp() as nobody can get to it (refcount
droped to zero).
avoid cclose() and freemount() while holding Mhead.lock or Pgrp.ns locks as
it might block on a hung up fileserver.
remove the debug prints...
cleanup: use nil for pointers, remove redundant nil checks before putmhead().
we have to validaddr() and vmemchr() all argv[] elements a second
time when we copy to the new stack to deal with the fact that another
process can come in and modify the memory of the process doing the
exec. so the argv[] strings could have changed and increased in
length. we just make sure the data being copied will fit into the
new stack and error when we would overflow.
also make sure to free the ESEG in case the copy pass errors.
argv[] strings get copied to the new processes stack segment, which
has a maximum size of USTKSIZE, so limit the size of the strings to
that and check early for overflow.
this moves the name validation out of segattach() to syssegattach()
to make sure the segment name cannot be changed by the user while
segattach looks at it.
when executing a script, we did advance argp0 unconditionally
to replace argv[0] with the script name. this fails when
argv[] is empty, then we'd advance argp0 past the nil terminator.
the alternative would be to *not* advance if *argp0 == nil, but that
would require another validaddr() check for a case that is unlikely
to have been anticipated in most programs being invoked as
libc's ARGBEGIN macro assumes argv[0] being non-nil as it also
unconditionally advances the argv pointer.
to keep us sane, we now reject an empty argv[]. on entry, we
verify that argv[] is valid for at least two elements:
- the program name argv[0], has to be non-nil
- the first potential nil terminator in argv[1]
when argv[0] == nil, we throw Ebadarg "bad arg in system call"
this allows members of the -1 group to create new directories in /
without having to fiddle with the fileserver console. this also
makes it consistent to hjfs and cwfs.
this allows members of the -1 group to create new directories in /
without having to fiddle with the fileserver console. this also
makes it consistent to hjfs.
the psaux driver is not used in any kernel configuration and theres
no userspace mouse daemon. i8042auxcmds() is wrong as access
to the user buffer can fault and we are holding an ilocks.
little cleanups in devkbd.
on vmware, loading a new kernel sometimes reboots when
wiggling the mouse. disabling keyboard and mouse on
shutdown fixes the issue.
make sure ps2 mouse is disabled on init, will get re-enabled
in i8042auxenable().
keyboard isnt special anymore, we can just use the devreset
entry point in the device to do the keyboard initialization,
so kbdinit()/kbdenable() are not needed anymore.
the keyboard stops sending interrupts when its fifo gets full,
which can happen on boot when keys get mashed while interrupts
are still disabled. to work arround this, call the keyboard
interrupt handler when kbd.q is starved before blocking.
interpreting octal breaks parsing of decimal numbers with
leading zeros. the manpage listed this in the BUGS section,
so we'r going to fix it as this just causes confusion as
most callers of atoi() do not expect it.
add bootscreenconf(VGAscr *) function, that is called whenever
the framebuffer configuration is changed by devvga. that way, we
can pass the current setting of the framebuffer to the new
kernel when using /dev/reboot.
parsecookie() used to inplace modify the request path
for implicit path (to get the directory from path) and
also did it wrong. now have a static copy and do not
remove the last slash.
as usual, the dude with the hardware vanished so i cannot
develop this further. setting mode worked the last time
but only when using vesa before, so some bits are still
missing. commiting this as it is so i dont have to start
from scratch once we have hardware again.
basedefault[], the default path to the config file, is never set and remains
blank, unless -config %s is used (cd d_main.c). when games/doom attempts to
open the file, it silently fails and no config file is ever read or written.
this patch sets basedefault to a file in whatever directory a valid wad is
found in I_IdentifyWAD().
due to a typo in p_inter.c:P_TouchSpecialThing(), a message that is supposed
to show up when the player picks up a medikit while low on health (< 25), is
never displayed. the check for low health is done after the health is already
increased, so the condition is never true.
a cosmetic bug in all old doom executables that also seems interesting to fix.
to test: compare message displayed when picking up a medikit with and without
the patch
due to a typo in st_stuff.c:ST_updateFaceWidget(), doomguy mistakenly never
looks shocked when taking more than 20 damage, but rather when he gains more
than 20 health while being hit.
this is a cosmetic bug in all old versions of doom's executables, but it seems
appropriate to fix.
simple test: fire a rocket at a nearby wall, taking enough damage.
these emulate bugs present in select versions of the released doom executables.
they are required to correctly play demos recorded with these but affect the
gameplay, so should be otherwise disabled.
-nobounce: lost souls don't bounce off floors and ceilings like intended due
to a misplaced check; this is fixed from ultimate doom on, but doom and doom2
are still affected.
-noztele: in final doom 1.9, things' altitude was erroneously not set to the
floor's height after teleporting. this was fixed in later versions of the
executables.
examples of desyncing demos:
(plutonia.wad, without -noztele) http://doomedsda.us/lmps/946/2/30pl2646.zip
(doom2.wad, without -nobounce) http://doomedsda.us/lmps/945/3/30nm2939.zip
gamemode is set according to the name of the main wad (cf. d_main.c), i.e.:
- doom1.wad: (shareware doom1, ep1 only) gamemode == shareware
- doom.wad: (registered doom1, ep1-3) gamemode == registered
- doomu.wad: (ultimate doom, ep1-4) gamemode == retail
- doom2.wad, plutonia.wad, tnt.wad: gamemode == commercial
most doom.wad's distributed online are, in fact, ultimate doom.
if your ultimate doom wad is correctly named doomu.wad, some switches in
episodes 2-4 won't swap their texture when toggled, because
p_switch.c:P_InitSwitchList() is only checking for registered doom1.
easy way to test: demo2 in either registered or ultimate doom: the player flips
a switch right at the beginning of the demo; if the main wad is called
doomu.wad, the switch won't change its texture.
% games/doom -playdemo demo2
if you rename the wad to doom.wad or alter d_main.c:IdentifyVersion, the switch
will swap its texture like it should.
this function is used when playing demos from external lumps. the game just
exits without this patch.
to test this, download a demo lump from somewhere, and play it with -playdemo %s
where %s is the file's name, without the .lmp extension:
(note that this one is a doom 2 demo, so it requires doom2.wad)
% hget http://doomedsda.us/lmps/945/3/30nm2939.zip | unzip -sv
extracting 30nm2939.LMP
extracting 30nm2939.txt
% mv 30nm2939.LMP 30nm2939.lmp # checking for a lump filename is case sensitive
% games/doom -playdemo 30nm2939
the game exits when the demo ends. also, note that this demo will desync on
map06 (the crusher), because of an unrelated bug (that's another patch :>)
note: filelength() returns vlong, but file lengths for doom lumps are ints.
however, this might be used elsewhere (networking), so i'd leave it this way.
when cookie is domain=example.com, then we implicitely add
dot to the domain name, which made us reject the cookie as the
request domain "example.com" != ".example.com". fix by making
isdomainmatch() skip the implicit dot in pattern before string
comparsion.
when there where multiple syscalls returning out of order,
it would print blank lines between the exits. avoid this
by remembering if the last char written was a newline and
conditionally insert newline on out of order return.
sometimes, ratrace would return before all messages have
been printed. make the writer process the parent so ratrace
wont exit until all readers are finished avoiding the
problem.
we already export mntauth() and mntversion(), so why not stop
being sneaky and just export mntattach() so bindmount() and
devshr can just call it directly with proper arguments being
checked.
we can also avoid handling #M attach specially in namec()
by having the devmnt's attach function do error(Enoattach).
to avoid double caching, attachimage() and setswapchan() clear
the CCACHE flag on the channel but this keeps the read ahread
state of the cache arround (until the chan gets closed), so also
call cclunk() to detach the mcp and free the read ahead state.
avoid the call to cread() when CCACHE flag is clear.
use the actual iounit returned from Ropen/Rcreate to chunk reads and writes
instead of c->mux->msize-IOHDRSZ.
dont preallocate the rpc buffers to msize, most 9p requests are rather small
(except Twrite of course). so we allocate the buffer on demand in mountio()
with some rounding to avoid frequent reallocations.
avoid malloc()/free() while holding mntalloc lock.
this changes devmnt adding mntrahread() function and some helpers
for it to do pipelined sequential read ahead for the mount cache.
basically, cread() calls mntrahread() with Mntrah structure and it
figures out if we where reading sequentially and if thats the case
issues reads of c->iounit size in advance.
the read ahead state (Mntrah) is kept in the mount cache so we can
handle (read ahead) cache invalidation in the presence of writes.
Tflush handling was wrong, we cannot respond to the old
request if we have not actually removed the req from the
in progress block queue.
when reads are issued concurrently, we have to set b->len
before the block is inserted into the inprogress list.
otherwise findblock() is unable to find it and no requests
can be queued on the block. this caused the same offset
to be downloaded multiple times.
set the errstr in getrange() so in case of an error, we dont
get some random previous error string.
as the Fgrp can be shared with other processes, we have to
recheck the fd index after locking the Fgrp in fdclose()
to make sure not to read beyond the bounds of the fd array.
using the user buffer has a race where the user can modify
the buffer from another process before it is copied into the cache.
this allows poisoning the cache for every file where the user
has read access.
instead, we update the cache from kernel memory.
*after* writing, the directory tree gets alphabetically sorted for
path table. this causes data to not be in the same order as it was
written causing seeks when taring up the filesystem.
so instead write the files in alphabetical order as well to better
match the directory sorting.
data on the disk is layed out sequentially and directory information
is at the end of the disk. we want to keep data and metadata separated
so that reading large sequential files will not evict the directory
information from the cache causing long seeks.
for that, we tag the clusters (an 8th for metadata, and the rest
for data) and getbuf() will only evict clusters of the same tag.
doing tests taring up 9front.iso shows the following:
lowering the cluster size back to 128k avoids over half the
reads. 837888 sectors read for 512k vs. 347712 sectors with
128k cluster size.
foo.c includes bar/bar.h, which includes "baz.h"; it wants bar/baz.h
meanwhile, it also includes meh/quux.h, which includes "baz.h"; it wants meh/baz.h
Wnode gets two new counters: txcount and txerror
and actrate pointer that will be between minrate
and maxrate.
driver should use actrate instead of maxrate for
transmission when it can provide error feedback.
when a driver detects a transmission failed, it calls
wifitxfail() with the original packet. wifitxfail() then
reduces wn->actrate.
every 256th packet, we optimistically increase wn->actrate
before transmitting.
- reject files smaller or equal to two bytes, they are bogus
- fix out of bounds access in shargs() when n <= 2
- only copy the bytes read into line buffer
- use nil for pointers instead of 0
imagereclaim(), pagereclaim():
- move imagereclaim() and pagereclaim() declarations to portfns.h
- consistently use ulong type for page counts
- name number of pages to free "pages" instead of "min"
- check for pages == 0 on entry
freepages():
- move pagechaindone() call to wakeup newpage() consumers inside
palloc critical section.
putimage():
- use long type for refcount
- reduce delay for channel hop to 200ms
- use 1000ms timeout for auth response (dont hop channels while we wait)
- bunny hop sequence is mathematically prooven
addresses va's of 0 and -BY2PG cause trouble with some memmove()/memset()
implementations and possibly other code because of the nil pointer
and end pointers wrapping to zero.
unlock()/iunlock():
we need to place the coherence() *before* "l->key = 0", so that any
stores that where done while holding the lock become observable
*before* other processors see the lock released.
cas()/tas():
place memory barrier before successfull return to prevent reordering.
making sure to close the dot in every kproc appears repetitive,
so instead stop inheriting the dot in kproc() as this is usually
never what you wanted in the first place.
