into an interruptable sleep and we increment a sleep count, we make sure
that we are the thread that will decrement the count when we wakeup.
Otherwise, what happens is that if we get interrupted (signal) and we
have to wake up, but before we get our mutex, some thread that wants
to wake us up detects that the count is non-zero and so enters wakeup_one(),
but there's nothing on the sleep queue and so we don't get woken up. The
thread will still decrement the sleep count, which is bad because we will
also decrement it again later (as we got interrupted) and are already off
the sleep queue.
an IP header with ip_len in network byte order. For certain
values of ip_len, this could cause icmp_error() to write
beyond the end of an mbuf, causing mbuf free-list corruption.
This problem was observed during generation of ICMP redirects.
We now make quite sure that the copy of the IP header kept
for icmp_error() is stored in a non-shared mbuf header so
that it will not be modified by ip_output().
Also:
- Calculate the correct number of bytes that need to be
retained for icmp_error(), instead of assuming that 64
is enough (it's not).
- In icmp_error(), use m_copydata instead of bcopy() to
copy from the supplied mbuf chain, in case the first 8
bytes of IP payload are not stored directly after the IP
header.
- Sanity-check ip_len in icmp_error(), and panic if it is
less than sizeof(struct ip). Incoming packets with bad
ip_len values are discarded in ip_input(), so this should
only be triggered by bugs in the code, not by bad packets.
This patch results from code and suggestions from Ruslan, Bosko,
Jonathan Lemon and Matt Dillon, with important testing by Mike
Tancsa, who could reproduce this problem at will.
Reported by: Mike Tancsa <mike@sentex.net>
Reviewed by: ru, bmilekic, jlemon, dillon
Since the compiler lays out the stuct so that pointers are naturally
(8-byte) aligned aligned, adding the int ki_layout didn't change the size of
the stuct; it just converted the alignment padding to a usable struct
field.
more robust. They would correctly return ENOMEM for the first time when
the buffer was exhausted, but subsequent calls in this case could cause
writes ouside of the buffer bounds.
Approved by: rwatson
in vr_init(). The VIA Rhine chip happens to be able to automatically
read its station address from the EEPROM automatically when reset,
so you don't need to program the filter if you want to keep using the
factory default address, but if you want to change it with "ifconfig vr0
ether xx:xx:xx:xx:xx:xx" then we need to manually set it in the init
routine.
sys/contrib/dev/acpica/Subsystem/Hardware/Attic/hwxface.c to the proper
location after AcpiEnterSleepState().
- Wait for the WAK_STS bit
- Evaluate the _WAK method and check result code
structure rather than assuming that the device vnode would reside
in the FFS filesystem (which is obviously a broken assumption with
the device filesystem).
in the hopes that they will actually *read* the comment above
it and *follow* the instructions so as to cause all the rest
of us less a lot less grief.
- Don't try to grab Giant before postsig() in userret() as it is no longer
needed.
- Don't grab Giant before psignal() in ast() but get the proc lock instead.
proctree lock and the process lock are held when updating p_pptr and
p_oppid. When we are just reaading p_pptr we only need the proc lock and
not a proctree lock as well.
Giant. The only exception is the CANSIGNAL() macro. Unlocking the proc
lock around sendsig() in trapsignal() is also questionable. Note that
the functions sigexit(), psignal(), and issignal() must be called with
the proc lock of the process in question held. postsig() and
trapsignal() should not be called with the proc lock held, but they
also do not require Giant anymore either.
- Remove spl's that are now no longer needed as they are fully replaced.
don't end up back at ourselves which would indicate deadlock.
- Add the proc lock to the witness dup_list as we may hold more than one
process lock at a time.
- Don't assert a mutex is owned in _mtx_unlock_sleep() as that is too late.
We do the checks in the macros instead.
mutex operations in kthread_create().
- Lock a kthread's proc before changing its parent via proc_reparent().
- Test P_KTHREAD not P_SYSTEM in kthread_suspend() and kthread_resume().
P_SYSTEM just means that the process shouldn't be swapped and is used
for vinum's daemon for example.
- Lock all the signal state used for suspending and resuming kthreads with
the proc lock.
- Add proc locking to fork1(). Always lock the child procoess (new
process) first when both processes need to be locked at the same
time.
- Remove unneeded spl()'s as the data they protected is now locked.
- Ensure that the proctree is exclusively locked and the new process is
locked when setting up the parent process pointer.
- Lock the check for P_KTHREAD in p_flag in fork_exit().
possible for us to see a process in the early stages of fork before p_fd
has been initialized. Ideally, we wouldn't stick a process on the allproc
list until it was fully created however.
than dinking around in the process lists explicitly.
- Hold both the proctree lock and proc lock of the child process when
reparenting a process via proc_reparent.
- Lock processes while sending them signals.
- Miscellaenous proc locking.
- proc_reparent() now asserts that the child is locked in addition to an
exclusive proctree lock.
- Move the _mtx_assert() prototype up to the top of the file with the rest
of the function prototypes.
- Define all the mtx_foo() macros in terms of mtx_foo_flags().
- Add a KASSERT() to check for invalid options in mtx_lock_flags().
- Move the mtx_assert() to ensure a mutex is owned before releasing it
in front of WITNESS_EXIT() in all the mtx_unlock_* macros.
- Change the MPASS* macros to be on #ifdef INVARIANTS, not just #ifdef
MUTEX_DEBUG since most of them check to see that the mutex functions are
called properly. Define MPASS4() in terms of KASSERT() to do this.
- Define MPASS{,[23]} in terms of MPASS4() to simplify things and avoid
code duplication.
that write access to a member requires both locks and read access only
requires one of the given locks. Convert instances of '(c+)' to
'(c + k)' as a result.
- Change p_pptr from (e) to (c + e).
- Change p_oppid from (c) to (c + e).
- Change p_args from (b?) to (c + k).
- Move the actual work of STOPEVENT, PHOLD, and PRELE to _STOPEVENT,
_PHOLD, and _PRELE. The new macros do not acquire the proc lock and
simply assert that it is held. The non _ prefixed macros acquire the
proc lock and then call the _ prefixed macros.
- Add a PROC_LOCK_NOSWITCH() macro to be used when releasing the proc lock
while already holding a spin lock (usually sched_lock).
- Add a PROC_LOCK_ASSERT() macro to be used to make assertions about the
proc lock. It takes the usual mtx_assert() macro arguments as its
second argument.
INVARIANTS case, define the actual KASSERT() in _SX_ASSERT_[SX]LOCKED
macros that are used in the sx code itself and convert the
SX_ASSERT_[SX]LOCKED macros to simple wrappers that grab the mutex for the
duration of the check.
