socket option to avoid exausting the passive port
space by TIME_WAIT'ing connections.
PR: bin/36955
Submitted by: Maxim Konovalov <maxim@FreeBSD.org>
MFC after: 2 weeks
write(2), and getipnodebyaddr(3) calls. Now all the above functions
accept "void *" in that arguments and have prototypes. Thus, the
casts are useless under the normal circumstances (and would be harmful
if the functions had no prototypes.)
MFC after: 2 weeks
o Always check a setsockopt(2) return value
o Use a consistent message format
o Don't abort if the failed setsockopt(2) was actually not vital
o Use LOG_WARNING, not LOG_ERR, in non-fatal cases
MFC after: 1 week
o "struct addrinfo" contains a pointer to "struct sockaddr,"
not "struct sockaddr" itself
o the function takes a pointer to "struct in*_addr", not to
"struct sockaddr," so the address length must be corresponding
MFC after: 1 week
Thus lines of any length can be handled, unlike before.
Don't assume that each line read from the files ends with a newline.
As a side effect in inithosts(), don't use automatic buffer at all,
utilize malloc(3) when getting local host name instead.
PR: misc/21494
Reviewed by: maxim, mikeh
MFC after: 1 month
comsat:
only send two bell charecters if S_IXGRP is set and S_IXUSR is not.
biff:
add new option 'b' to set S_IXGRP.
PR: 10931
Submitted by: Andrew J. Korty <ajk@purdue.edu>
Approved by: sheldonh (mentor)
MFC after: 1 month
They provided little benefit (if any) and they caused some problems
in OpenOffice, at least in post-KSE -current and perhaps in other
environments too. The nanosleep calls prevented the profiling timer
from advancing during the spinloops, thereby preventing the thread
scheduler from ever pre-empting the spinning thread. Alexander
Kabaev diagnosed this problem, Martin Blapp helped with testing,
and Matt Dillon provided some helpful suggestions.
This is a short-term fix for a larger problem. The use of spinlocking
isn't guaranteed to work in all cases. For example, if the spinning
thread has higher priority than all other threads, it may never be
pre-empted, and the thread holding the lock may never progress far
enough to release the lock. On the other hand, spinlocking is the
only locking that can work with an arbitrary unknown threads package.
I have some ideas for a much better fix in the longer term. It
would eliminate all locking inside the dynamic linker by making it
safe for symbol lookups and lazy binding to proceed in parallel
with a call to dlopen or dlclose. This means that the only mutual
exclusion needed would be to prevent multiple simultaneous calls
to dlopen and/or dlclose. That mutual exclusion could be put into
the native pthreads library. Applications using foreign threads
packages would have to make their own arrangements to ensure that
they did not have multiple threads in dlopen and/or dlclose -- a
reasonable requirement in my opinion.
MFC after: 3 days
of the remote host (or rather, the name as mangled by realhostname_sa())
so that the process can use it to behave differently depending on the
origin on the request. We use this to implement rudimentary visibility
control on our user information.
Make sure that the child process's standard error goes through the same
NVT-ASCII filter as is applied to the standard output.
Don't attempt to call logerr() from the child since stdio is not safe in
a vforked process. Just write a message to fd 2 instead. (Ideally, the
parent would open two pipes, and siphon off our stderr to some place less
public, but I have not attempted to do so in this implementation.)
matching constraints where appropriate. This makes the dynamic
linker buildable at -O0 again.
Thanks to Bruce Evans for identifying the cause of the build
problem.
MFC after: 1 week
Untested (testing request went unanswered), but sparc64 is not expected to
cause problems. IA64 is not expected to cause problems but the patch was
slightly more complex so the possibility exists.
Approved by: jdp
goto target was so the cache could be freed. So free the cache after
done: rather then before done: (!)
Submitted by: Gavin Atkinson <gavin@ury.york.ac.uk>
Martin Blapp determined that the elf dynamic loader was at fault. In
particular, the loader uses alloca() to allocate a symbol cache on the
stack. Normally this would work just fine, but if the loader is called
from a threaded program and the object being loaded is fairly large the
alloca() can blow away the thread stack and effect other nearby thread
stacks as well. My testing showed that the symbol cache can be as large
as 250KBytes during the openoffice port build and install sequence. Martin
was able to work around the problem by disabling the symbol cache
(cache = NULL;). However, this solution is not adequate for commit because
it can cause an enormous cpu burden for applications which do a lot of
dynamic loading (e.g. like konqueror).
The solution is to use anonymous mmap() to temporarily allocate space to
hold the symbol cache. In testing I found that replacing the alloca()
with mmap() has no observable degredation in performance.
It should be noted that this bug does not necessarily cause an immediate
crash but can instead result in long term corruption and instability in
applications that load modules from threads. The bug is almost certainly
responsible for some of the instabilities found in konqueror, for example,
and possibly netscape too.
Sleuthing work by: Martin Blapp <mb@imp.ch>
X-MFC after: Before or after the 4.6 release depending on the release engineers
can then end up not properly clearing wtmp/utmp entries.
PR: bin/37934
Submitted by: Sandeep Kumar <skumar@juniper.net>
Reviewed by: markm
MFC after: 2 weeks
o Set st_shndx for sym_zero to SHN_UNDEF instead of SHN_ABS.
This gives us something to reliably test against.
o For weak references to undefined sysmbols (as indicated by
having st_shndx equals SHN_UNDEF) in the context of OPDs,
the address of the OPD is to be zero, not the address of
the function it contains.
o For weak references to undefined symbols in all other cases
(only DIR64LSB at this time), the actual relocated value is
to be zero, not the value prior to relocating.
Roughly speaking, weak references to undefined symbols are no-ops.
Tested on: i386, ia64
relocation identifies the symbol to which we need to bind. This
solves a problem seen on ia64 where the symbol hash table does not
contain local symbols and thus resulted in unresolved symbols.
Tested on: alpha, i386, ia64
with a back off. This was discovered when Luigi sent me code to
handle this for Etherboot. The Etherboot patch worked okay but
FreeBSD's tftpd had trouble handling it and would fail to transfer
the file since it would abort on send and not retry.
Submitted by: luigi
MFC after: 1 week
objects were not being correctly set to zero. Instead, the function
descriptor pointer was set to the load address of the .so object. This
caused gcc generated binaries to segfault on exit when crtbegin.asm's
_fini code tested the __cxa_finalize() function pointer for zero.
This is a bit of a hack because of a problem nearby workaround for
find_symdef and its quirks (failures) for local symbols. This still
needs to be fixed.
returns off_t in yylval.u.o. REST is the only user of yylval.u.o at the
moment.
NB: seems lukemftpd has the same bug.
PR: misc/28629
Reviewed by: ru
Approved by: ru
MFC after: 1 month
deprecated in favor of the POSIX-defined lowercase variants.
o Change all occurrences of NTOHL() and associated marcros in the
source tree to use the lowercase function variants.
o Add missing license bits to sparc64's <machine/endian.h>.
Approved by: jake
o Clean up <machine/endian.h> files.
o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>.
o Remove prototypes for non-existent bswapXX() functions.
o Include <machine/endian.h> in <arpa/inet.h> to define the
POSIX-required ntohl() family of functions.
o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>,
and <sys/param.h>.
o Prepend underscores to the ntohl() family to help deal with
complexities associated with having MD (asm and inline) versions, and
having to prevent exposure of these functions in other headers that
happen to make use of endian-specific defines.
o Create weak aliases to the canonical function name to help deal with
third-party software forgetting to include an appropriate header.
o Remove some now unneeded pollution from <sys/types.h>.
o Add missing <arpa/inet.h> includes in userland.
Tested on: alpha, i386
Reviewed by: bde, jake, tmm
produced by ld(8) (ie: that _DYNAMIC immediately follows the _GOT).
The new binutils import changed that, and the intial GOT relocation
broke. Use a custom linker script to provide a real end-of-GOT symbol.
Update ld.so to deal with the new (faster) PLT format that gcc-3.1 and
binutils can produce.
This is probably incomplete, but appears to be working again.
Obtained from: NetBSD
(And a fix to a silly mistake that I made by: gallatin)
o Use new-style prototypes and function definitions.
o Fix timeout and justquit to have proper signatures for signal
handlers. Mark the args as __unused.
o remove register
o Use new-style prototypes exclusively rather than the old foo() style.
o Use new-style function definitions.
o remove register
o make functions passed to signal have the right signature.
o do minor const poisoning.
signal handlers. In this case, use _exit(2) instead, following
the call to shutdown(2).
This fixes rare telnetd hangs.
PR: misc/33672
Submitted by: Umesh Krishnaswamy <umesh@juniper.net>
MFC after: 1 month
handlers to set flags only (with exception for sigquit(),
which still seems to call some non-reentrant functions on
its way to _exit(2).) That must eliminate the possibility
of catching SIGSEGV from following non-reentrant paths from
signal handlers.
PR: bin/32740 bin/33846
Submitted by: Maxim Konovalov <maxim@macomnet.ru>
Obtained from: OpenBSD
and sbrk's prototype from char *sbrk(int) to void *sbrk(intptr_t).
This makes us more consistant with NetBSD and standards which include
these functions. Bruce pointed out that ptrdiff_t would probably
have been better than intptr_t, but this doesn't match other
implimentations.
Also remove local declarations of sbrk and unnecessary casting.
PR: 32296
Tested by: Harti Brandt <brandt@fokus.gmd.de>
MFC after: 1 month
is implemented in pam_opie module
For non-PAM variant rewrite empty password checking code to do the right thing
and not disallow empty passwords in all cases.
Hiroyuki YAMAMORI gave a patch for the EPRT command in the
PR below. Problems with the rest of the patch are my fault.
PR: 33268
Reviewed by: iedowse, sheldonh
handed a integer, not void).
- No need to set flags to zero when they already will be.
- It was also noted the manner in which the signal handling has changed
might possibly generate some problems (hangs possibly) -- these, while
remaining in the code, will be fixed shortly (within a day).
Submitted by: bde
negotiation rather than rejecting the request.
Apple OpenFirmware 3.0f3 (the version in my iMac) adds trailing garbage to the
end of an otherwise valid request. Without this change, the requests were
rejected which prevented me from booting.
Reviewed by: obrien
DoS bug that the select(2)/accept(2) pair is called on
a socket that is in the blocking I/O mode. The bug is
triggered if a selected connection dies before the accept(2)
leading to the accept(2) blocking virtually forever.
MFC after: 1 week
DT_INIT and DT_FINI tags pointed to fptr records. In 2.11.2, it points
to the actuall address of the function. On IA64 you cannot just take
an address of a function, store it in a function pointer variable and
call it.. the function pointers point to a fptr data block that has the
target gp and address in it. This is absolutely necessary for using
the in-tree binutils toolchain, but (unfortunately) will not work with
old shared libraries. Save your old ld-elf.so.1 if you want to use
old ones still. Do not mix-and-match.
This is a no-op change for i386 and alpha.
Reviewed by: dfr
for negotiation of timeout and file size to the tftp protocol. This
is required by some firmware like EFI boot managers (at least on
HP i2000 Itanium servers) in order to boot an image using tftp. The
attached patch implements the RFC, and in doing so also implements
RFC2347; a generic tftp option extension.
PR: 30710
Submitted by: Espen Skoglund <esk@ira.uka.de>
refers to the size of the whole ethernet packet, just the DHCP
message within the UDP payload, or something else. bootpd interpreted
it as a maximum UDP payload size, so it could end up sending
fragmented packets to clients (such as some versions of Etherboot)
that used different interpretations of the maximum message size.
Switch to the most conservative interpretation: ensure that the
ethernet packet containing the response is no larger than the
specified maximum message size. This matches the behaviour of
the ISC dhcpd.
MFC after: 1 week
in the SYNOPSIS and DESCRIPTION.
Note that -l remains an ugly exception, to which no known rules apply,
since the specification of a single option multiple times isn't normal
standards-compliant CLI behaviour.
While here, mark AF_INET* and LOG_* defined values up with Dv.
atoi -> strtoll
fseek -> fseeko
NOTE: that fseek not works for >long offsets per POSIX:
[EOVERFLOW] For fseek( ), the resulting file offset would be a value which
cannot be represented correctly in an object of type long.
Fix minor cast too.
-O, which limits the impact of the write-only restriction to guest
users.
*) The existing manual page's SYNOPSIS and option listing in the
DESCRIPTION are already horribly disordered. No attempt has been
made to fix this.
*) The existing source's getopt() optstring and option handling switch
are already horribly disordered. No attempt has been made to fix
this.
Discussed with: nik, -audit
long -> time_t
%ld -> %qd
fseek -> fseeko
NOTE: that fseek not works for >long offsets per POSIX:
[EOVERFLOW] For fseek( ), the resulting file offset would be a value which
cannot be represented correctly in an object of type long.
preventing anyone from downloading files. In conjunction with -A, and some
appropriate file permissions, this lets you create an anonymous FTP drop
box for people to upload files to.
The more obvious "-w" flag is already taken by NetBSD's ftpd. "-o" was
available as an option letter in all three BSDs.
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
Prevents simultaneous calls to updatestat() as function is not reentrant.
PR: bin/24857
Submitted by: Martin Butkus <mb@bagheera.thgwf.de>
MFC after: 1 month
with NetBSD and OpenBSD. glob(3) will now return GLOB_NOSPACE with
errno set to 0 instead of GLOB_LIMIT when we match more than `gl_matchc'
patterns. GLOB_MAXPATH has been left as an alias of GLOB_LIMIT to
maintain backwards compatibility.
Reviewed by: sheldonh, assar
Obtained from: NetBSD/OpenBSD
with the conversation function and challenges which needs to be
revisited, so in the interim a hack is introduced to provide
an OPIE challenge (which is random if OPIE does not apply)
at all non-anonymnous logins.
as the current time. It's nice to know whether the talk request you
see was sent just a few minutes ago (assuming you didn't hear the
bell), or if it's been decaying for days (weeks?).
particularly help programs which load many shared libraries with
a lot of relocations. Large C++ programs such as are found in KDE
are a prime example.
While relocating a shared object, maintain a vector of symbols
which have already been looked up, directly indexed by symbol
number. Typically, symbols which are referenced by a relocation
entry are referenced by many of them. This is the same optimization
I made to the a.out dynamic linker in 1995 (rtld.c revision 1.30).
Also, compare the first character of a sought-after symbol with its
symbol table entry before calling strcmp().
On a PII/400 these changes reduce the start-up time of a typical
KDE program from 833 msec (elapsed) to 370 msec.
MFC after: 5 days
longer includes machine/elf.h.
* consumers of elf.h now use the minimalist elf header possible.
This change is motivated by Binutils 2.11.0 and too much clashing over
our base elf headers and the Binutils elf headers.
There are protocol issues to deal with.
Bring back this routine (renamed to avoid a library conflict in libssh)
and overhaul it for more 21st Century style coding.
Pointed out by: bde
Limit the "pathname" glob to one item, as that is what all users of it
are expecting, except for LIST.
Always glob, instead of when the first character is a ~. For example,
if you had directories ~/x1, and ~/x2, then "cwd x[1]" would fail, but
"cwd ~/x[1]" would work since it was globbed due to the ~ character.
Also, "cwd ~/x[12]" used to arbitarily work as it used the first
expansion (ie: x1) without an error. Make it return '550 ambiguous'
instead of '550 not found' so that the user can see the difference.
For LIST, just use the user supplied string as the popen does the glob.
Problem noticed by: Ajay Mittal <amittal@iprg.nokia.com>
This allows you to determine if the file on the other side is the same
as the one you have without transferring the entire file to compare.
Needless to say, if the server end lies to you this check doesn't work,
but on the other hand, if it lies to you about the files checksum,
what can you trust from it ?
The PAM_FAIL_CHECK and PAM_END macros in su.c came from the util-linux
package's PAM patches to the BSD login.c
Submitted by: "David J. MacKenzie" <djm@web.us.uu.net>
The PR also included documentation for other options, but upon
inspection of the source these options aren't used.
PR: docs/24149
Submitted by: Jesse Monroy, Jr. <opentrax@email.com>
it at boot time closer to the way we want it to be in the final version.
* Move the default directory to /var/db/entropy
* Run the entropy saving cron job every 11 minutes. This seems
to be a better default, although still bikeshed material.
* Feed /dev/random some cheesy "entropy" from various commands
and files before the disks are mounted. This gives /dev/random
a better chance of running without blocking early.
* Move the reseeding with previously stored entropy to the point
immediately after the disks are mounted.
* Make the harvesting script a little safer in regards to the
possibility of accidentally overwriting something other
than a regular file.
it can be used to reseed at boot time. This will greatly increase
the chances that there will be sufficient entropy available at
boot time to prevent long delays.
For /etc/rc, remove the vmstat and iostat runs from the attempt
to provide some cheesy randomness if the files fail, since
those programs are dynamically linked, and ldd seems to want
some randomness to do its magic.
Guidance and parameters for this project were provided by
Mark Murray, based on the requirements of the Yarrow
algorithm. Some helpful suggestions for implementation
(including the tip about iostat and vmstat) were provided
by Sheldon Hearn. All blame for problems or mistakes is
mine of course.
PADI packet contains a NULL service. This is apparently the desired
behaviour in this case, though we only allow advertising one
service. You could run multiple pppoeds to advertise multiple services.
files. Mostly -I${.CURDIR} was needed -- especially for YACC generated
files as the new cpp does not look in the ultimate source file
(ie, the .y file)'s directory as told by the "#line" directive. Some were
misspellings of "-I${.CURDIR}" as "-I.".
The function's callers generate the error message when appropriate.
This eliminates the message ``Undefined symbol "__register_frame_info"''
which was bogusly returned by dlerror() in some cases.
with telnetd. This should really be done with a positive filter - i.e.
only allow through a configured list of variables.
Also do some buffer-safety cleanups while I'm here - I don't think these
are exploitable.
not allocate a pty(4) so it is not suitable at all for interactive
PAM modules. rlogind calls login(1) which is already PAM enabled.
Approved by: markm
used not to be necessary).
o Allow ``-n ngdebug'' to specify something to pass to NgSetDebug()
and redirect NgSetDebug() output to syslog(8) in daemon() mode.
o Xref ng_ether(8) and NgSetDebug(4).
o Correct the type of the response passed to NgRecvData.
Update documentation to reflect new option. Also fix documentation
style and add missing references.
PR: 21268
Submitted by: "Aleksandr A. Babaylov" <babolo@links.ru>
Reviewed by: imp
function, thus allowing a debugger or other trace tool
to easily grab the addresses of the needed structures
off the stack.
This change is transparent to gdb, which locates the
link_map list and transfers it to debugger memory
for comparison purposes.
A sample program will be committed showing how this can
be used.
Reviewed by: John Polstra <jdp@FreeBSD.org>
Beyond changes to the build system, this includes fixing up the sample
freebsd.mc configuration for changes in defaults and syntax, removing
outdated documentation, and updating the release notes.
has set pwok to a non-zero value.
Previously, the fact that skey.access(5) allowed UNIX passwords for
this connection attempt was ignored, even in the NOPAM case.
This only addresses the NOPAM case; when libpam is used, the problem
will persist.
PR: 20333
Formerly the init functions were called in the opposite of the
order in which libraries were loaded, and libraries were loaded
according to a breadth-first traversal of the dependency graph.
That ordering came from SVR4.0, and it was easy to implement but
not always sensible.
Now we do a depth-first walk over the dependency graph and call
the init functions in an order such that each shared object's needed
objects are initialized before the shared object itself. At the
same time we build a list of finalization (fini) functions in the
opposite order, to guarantee correct C++ destructor ordering whenever
possible. (It may not be possible if dlopen and dlclose are used
in strange ways, but we come as close as one can come.)
The need for this renovation has become apparent as more programs
have started using multithreading. The multithreaded C library
libc_r requires initialization, whereas the standard libc does not.
Since virtually every other object depends on the C library, it is
important that it get initialized first.
lock against themselves, causing infinite spinning. Brian Feldman
found this problem when testing with Mozilla and supplied the fix,
which I have revised slightly.
Here is the failure scenario. A thread calls dlopen() and acquires
the writer lock. While the thread still holds the lock, a signal
is delivered and caught. The signal handler tries to call a function
which hasn't been bound yet. It thus enters the dynamic linker
and tries to acquire the reader lock. Since the writer lock is
already held, it will spin forever in the signal handler. The
thread holding the lock won't be able to progress and release the
lock.
The solution is to block almost all signals while holding the
exclusive lock.
A similar problem could conceivably occur in the opposite order.
Namely, a thread is holding the reader lock and then a signal
handler calls dlopen() or dlclose() and spins waiting for the writer
lock. We deal with this administratively by proclaiming that signal
handlers aren't allowed to call dlopen() or dlclose(). Actually
we don't have to proclaim a thing, since signal handlers aren't
allowed to call any system functions except those which are explicitly
permitted.
Submitted by: Brian Fundakowski Feldman <green>
and for all (I hope). Packages such as wine, JDK, and linuxthreads
should no longer have any problems with re-entering the dynamic
linker.
This commit replaces the locking used in the dynamic linker with a
new spinlock-based reader/writer lock implementation. Brian
Fundakowski Feldman <green> argued for this from the very beginning,
but it took me a long time to come around to his point of view.
Spinlocks are the only kinds of locks that work with all thread
packages. But on uniprocessor systems they can be inefficient,
because while a contender for the lock is spinning the holder of the
lock cannot make any progress toward releasing it. To alleviate
this disadvantage I have borrowed a trick from Sleepycat's Berkeley
DB implementation. When spinning for a lock, the requester does a
nanosleep() call for 1 usec. each time around the loop. This will
generally yield the CPU to other threads, allowing the lock holder
to finish its business and release the lock. I chose 1 usec. as the
minimum sleep which would with reasonable certainty not be rounded
down to 0.
The formerly machine-independent file "lockdflt.c" has been moved
into the architecture-specific subdirectories by repository copy.
It now contains the machine-dependent spinlocking code. For the
spinlocks I used the very nifty "simple, non-scalable reader-preference
lock" which I found at
<http://www.cs.rochester.edu/u/scott/synchronization/pseudocode/rw.html>
on all CPUs except the 80386 (the specific CPU model, not the
architecture). The 80386 CPU doesn't support the necessary "cmpxchg"
instruction, so on that CPU a simple exclusive test-and-set lock
is used instead. 80386 CPUs are detected at initialization time by
trying to execute "cmpxchg" and catching the resulting SIGILL
signal.
To reduce contention for the locks, I have revamped a couple of
key data structures, permitting all common operations to be done
under non-exclusive (reader) locking. The only operations that
require exclusive locking now are the rare intrusive operations
such as dlopen() and dlclose().
The dllockinit() interface is now deprecated. It still exists,
but only as a do-nothing stub. I plan to remove it as soon as is
reasonably possible. (From the very beginning it was clearly
labeled as experimental and subject to change.) As far as I know,
only the linuxthreads port uses dllockinit(). This interface turned
out to have several problems. As one example, when the dynamic
linker called a client-supplied locking function, that function
sometimes needed lazy binding, causing re-entry into the dynamic
linker and a big looping mess. And in any case, it turned out to be
too burdensome to require threads packages to register themselves
with the dynamic linker.
"ld-elf.so.1.old". The dynamic linker is a critical component of
the system, and it is difficult to recover if it is damaged and
there isn't a working backup available. For instance, parts of
the toolchain such as the assembler are dynamically linked, making
it impossible to build a new dynamic linker if the installed one
doesn't work.
DWARF2 exception tables emitted by the compiler for C++ sources.
These tables are tightly packed, and they contain some relocated
addresses which are not well-aligned.
really used in bsd.man.mk).
Don't uselessly set MANSRC ("." is in the path by default, and there are
no ordering problems).
Fixed some other style bugs.
