would cause syslogd to eventually kill innocent processes in the
system over time (note: not `could' but `would'). Many thanks to my
colleague Mirko for digging into the kernel structures and providing
me with the debugging framework to find out about the nature of this
bug (and to isolate that syslogd was the culprit) in a rather large
set of distributed machines at client sites where this happened
occasionally.
Whenever a child process was no longer responsive, or when syslogd
receives a SIGHUP so it closes all its logging file descriptors, for
any descriptor that refers to a pipe syslogd enters the data about the
old logging child process into a `dead queue', where it is being
removed from (and the status of the dead kitten being fetched) upon
receipt of a SIGCHLD. However, there's a high probability that the
SIGCHLD already arrives before the child's data are actually entered
into the dead queue inside the SIGHUP handler, so the SIGCHLD handler
has nothing to fetch and remove and simply continues. Whenever this
happens, the process'es data remain on the dead queue forever, and
since domark() tried to get rid of totally unresponsive children by
first sending a SIGTERM and later a SIGKILL, it was only a matter of
time until the system had recycled enough PIDs so an innocent process
got shot to death.
Fix the race by masking SIGHUP and SIGCHLD from both handlers mutually.
Add additional bandaids ``just in case'', i. e. don't enter a process
into the dead queue if we can't signal it (this should only happen in
case it is already dead by that time so we can fetch the status
immediately instead of deferring this to the SIGCHLD handler); for the
kill(2) inside domark(), check for an error status (/* Can't happen */
:) and remove it from the dead queue in this case (which if it would
have been there in the first place would have reduced the problem to a
statistically minimal likelihood so i certainly would never have
noticed the bug at all :).
Mirko also reviewed the fix in priciple (mutual blocking of both
signals inside the handlers), but not the actual code.
Reviewed by: Mirko Kaffka <mirko@interface-business.de>
Approved by: jkh
This
This feature allows you to specify if mmap'd data is included in
an application's corefile.
Change the type of eflags in struct vm_map_entry from u_char to
vm_eflags_t (an unsigned int).
Reviewed by: dillon,jdp,alfred
Approved by: jkh
Added receive code and support for Webgear encapsulation.
More debugging macros/functions.
conditionalised timeout for start/join network
conditonalised attribute/common memory hacks
identified tracking code with XXX_TRACK
sorted out initialistion of instance structure to some extent
finished docuementing the start/join sequence
Also enable some standard IPv6 apps by default.
These entries will be simply ignored on systems with no INET6 defined.
Approved by: jkh
Suggested by: peter
Jordan OK'ed it, i think it's a nice one for those who need it. I
once mentioned in Usenet that i've hacked morse(6) so it can control
an external device like a tone generator or even a ham radio
transceiver, so you could actually use that `game' for really
transmitting morse code through the air. A couple of people then
bugged be to send them my hack (which it was by that time).
So i've now finally found some hours to clean it up (like freaking out
with the transmitter no longer keyed in case someone ^c's out of the
program...), and to write the man page addition.
While i was at it, i also cleaned up some minor nits in Lyndon's
/dev/speaker code, mainly #ifdef related stuff like handling getopt()
if SPEAKER is not defined etc.
enjoy & 73
Approved by: jkh, the restless...
operands. Can _YOU_ tell skip= and seek= apart with 100% accuracy
every time?
This also seems to make us option-for-option compatible with the
Solaris dd(1).
Approved by: jkh
Suggested by: peter
Improve compatibility with BSD/OS, and also more accurately reflect that
IP aliases aren't really any different than the primary IP address on an
interface.
Reviewed by: dcs
Approved by: jkh
The code doesn't compile (I'll do that in a minute), but functionally
it gets to receveing the interrupt from the start or join net command.
There is a lot of code to deal with the limitations of the PCCard memory
mapping code - I'm changing some of it hence the check in to preserve something
that worked.
Reorganize and unify libcrypto's interface so that the RSA implementation
is chosen at runtime via dlopen().
This is a checkpoint and may require more tweaks still.
Reorganize and unify libcrypto's interface so that the RSA implementation
is chosen at runtime via dlopen().
This is a checkpoint and may require more tweaks still.
the rsa stubs for libcrypto. libcrypto.so now uses dlopen() to
implement the backends for either the native or rsaref implemented
RSA code.
This involves:
- unifying the libcrypto and openssl(1) source so there is no
#ifdef RSAref variations.
- using weak symbols and dlopen()/dlsym() routines to access the
rsa method vectors.
Releases will enable the user to choose International, US (rsaref) or
no RSA code at install time.
'make world' will DTRT depending on whether you have the international
or US source. For US users, you must either install rsaref (the port
or package) or (if you don't fear RSA Inc) use the (superior)
International rsa_eay.c code.
This has been discussed at great length by the affected folks and even
we have a great deal of confusion. This is a checkpoint so we can tune
the results. This works for me in all permutations I can think of and
should result in a CD/ftp 'release' just about doing the right thing now.