k0ga reports:
Hello,
While I was setting my pppoe conexion with my ISP
I discovered several problems in ip/pppoe. I used
the command line ip/pppoe -A '' ether0 and I got
this:
...
dropping unwanted pkt: wrong ac name
panic: D2B called on non-block dc10 (double-free?)
note rcved: sys: trap: fault read addr=0x0 pc=0x000066e1
pppoe 1013: suicide: sys: trap: fault read addr=0x0 pc=0x000066e1
cpu% acid 1013
/proc/1013/text:386 plan 9 executable
/sys/lib/acid/port
/sys/lib/acid/386
acid: stk()
abort()+0x0 /sys/src/libc/9sys/abort.c:6
ppanic(p=0xd1b8,fmt=0xc7f9)+0x146 /sys/src/libc/port/malloc.c:166
D2B(p=0xd1b8,v=0xdc10)+0x57 /sys/src/libc/port/pool.c:926
poolfreel(v=0xdc10,p=0xd1b8)+0x20 /sys/src/libc/port/pool.c:1152
poolfree(p=0xd1b8,v=0xdc10)+0x3b /sys/src/libc/port/pool.c:1287
free(v=0xdc18)+0x23 /sys/src/libc/port/malloc.c:250
clearstate()+0x1b /sys/src/cmd/ip/pppoe.c:328
pppoe(ether=0xdfffefc1)+0x123 /sys/src/cmd/ip/pppoe.c:426
main(argv=0xdfffefa0,argc=0x1)+0x89 /sys/src/cmd/ip/pppoe.c:100
_main+0x31 /sys/src/libc/386/main9.s:16
acid:
clearstate() is called in pppoe.c:424, and it frees acname and sets it
to nil. pktread() is called in pppoe.c:434 with parameter wantoffer,
which frees acname again in line pppoe.c:360 but doesn't set it to
nil, so clearstate() makes a double free in the next iteration.
this allows running kbdfs under kbdfs :-)
going use this in new drawterm. drawterm provides the initial
/dev/kbd, but only sends rune up/down messages (keeps it simple).
the servers kbdfs reads that and exports itself the full
set of files, similar to what we do in vncs. this also
provides note processing.
the dns file service can be restarted, which causes it to forget
all fid state. given the simple file system structure of the dns
service (just a single dns file), we can assume that rpcs
on a unknown fid refers to the root, so the mountpoint will stay
valid and /net/dns can be reopend avoiding the need for a remount
of the dns service after restart.
The execexec() function should never return, as it irreversably changes
the filedescriptor table for the new program. This means rc's internal
filedesciptors for reading the script get implicitely closed and we cannot
continue the rc interpreter when Execute() fails. So Execute() now sets the
error status, and execexec() runs Xexit() in case Execute() returns.
when we look up role=speakfor key and askforkeys is set, the
findkey() can return RpcNeedkey, which causes us to skip the
query for a role=client key. Instead, we now check for the
return value != RpcOk (and != RpcConfirm which we want to
handle the same for both queries).
we have to free the attribute lists when returning RpcConfirm.
the ini buffer was not reset when we got eof in the message
body read causing a endless loop. instead of defining our
own read9pmsg() function, just handle the first read specially
when we consumed the first 4 bytes for the "impo" protocol
escape check.
When a window is moved or reshaped, that implicitely tops
the window and makes it current. The conseqence of this
is that we always have to redraw the window as if it where
a current window in any case. This was handled for Reshaped
windows, but not when the window was just moved. We now
handle both cases the exact same way, getting rid of the
Moved wctl message.
the shared command language assumed 512 byte sectors, which is
not the case for fdisk as it uses cylinders for the block unit.
so we introduce an extra argument in the Edit structure and
parseexpr() function so byte sizes are properly converted to
the block unit when the K,M,G and T postfixes are used.
the pcap files produced by snoopy had the wrong timestamps because it expected:
/* magic=0xa1b2c3d4 */
ulong ts_sec; /* seconds*/
ulong ts_usec; /* microseconds */
but we wrote:
uvlong ts; /* nanoseconds */
now, we write:
/* magic=0xa1b23c4d */
ulong ts_sec; /* seconds */
ulong ts_nsec; /* nanoseconds */
as the generated parser intermixes lines from .y source
and the parser text, the line source/lineno for yyparse()
shows up wrong in the debugger. to make stack traces a
bit less crazy, put a #line 1 "/sys/lib/yaccpar" before
copying in the parser text.
when the "resize" wctl was used on a hidden window, the window
was put back on the screen, however, it was not removed from
the hidden[] array so trying to hide the window again failed
because whide() assumed it was already hidden.
the fix is to not unhide the window, but preserve the hidden
state, so windows can programmatically be reshaped and moved,
but will remain hidden unless explicitely unhidden.
