trashed after being freed. This has caused several panics including
kern/42277 related to soft updates. Jim Kuhn tracked the problem
down to ipfw limit rule processing. In the expiry of dynamic rules,
it is possible for an O_LIMIT_PARENT rule to be removed when it still
has live children. When the children eventually do expire, a pointer
to the (long gone) parent is dereferenced and a count decremented.
Since this memory can, and is, allocated for other purposes (in the
case of kern/42277 an inodedep structure), chaos ensues. The offset
in question in inodedep is the offset of the 16 bit count field in
the ipfw2 ipfw_dyn_rule.
Submitted by: Jim Kuhn <jkuhn@sandvine.com>
Reviewed by: "Evgueni V. Gavrilov" <aquatique@rusunix.org>
Reviewed by: Ben Pfountz <netprince@vt.edu>
MFC after: 1 week
passes the fdidx from VOP_OPEN down.
This is for all I know the final API for this functionality, but
the locking semantics for messing with the filedescriptor from
the device driver are not settled at this time.
Discussed in from [FreeBSD-tech-jp 3396] to [FreeBSD-tech-jp 3407]
at FreeBSD-tech-jp@jp.freebsd.org.
NOTE: We must put ed_probe_SIC() function into if_ed_isa.c because
this is a bus dependent code. But the ed driver code is not
separated explicitly whether it is bus dependent or independent
now.
Refer to: http://plaza17.mbn.or.jp/~chi/myprog/FreeBSD/sicat.html
Submitted by: chi@bd.mbn.or.jp (Chiharu Shibata)
every page. If the source entry was read-only, one or more wired pages
could be in backing objects.
- vm_fault_copy_entry() should not set the PG_WRITEABLE flag on the page
unless the destination entry is, in fact, writeable.
elevated either due to priority propagation or because we're in the
kernel in either case, put us on the current queue so that we dont
stop others from using important resources. At some point the priority
elevations from sleeping in the kernel should go away.
- Remove an optimization in sched_userret(). Before we would only set
NEEDRESCHED if there was something of a higher priority available. This
is a trivial optimization and it breaks priority propagation because it
doesn't take threads which we may be blocking into account. Notice that
the thread which is blocking others gets up to one tick of cpu time before
we honor this NEEDRESCHED in sched_clock().
lock around a call to the original function. Make the timeout
function in callout_reset() use the wrapped function to avoid a
lock assertion panic.
Reviewed by: sam
Reported by: cgiordano@ids.net
sigreturn() ABI and the signal context on the stack.
Make the trapframe (and its shadows in the ucontext and sigframe etc)
8 bytes larger in order to preserve 16 byte stack alignment for the
following C code calls. I could have done some padding after the
trapframe was saved, but some of the C code still expects an argument of
'struct trapframe'. Anyway, this gives me a spare field that can be used
to store things like 'partial trapframe' status or something else in
the future.
The runtime impact is fairly small, *except* for threaded apps and things
that decode contexts and the signal stack (eg: cvsup binary). Signal
delivery isn't too badly affected because the kernel generates the
sigframe that sigreturn uses after the handler has been called.
The size of mcontext_t and struct sigframe hasn't changed. Only
the last few fields (sc_eip etc) got moved a little and I eliminated
a spare field. mc_len/sc_len did change location though so the
sanity checks there will still trap it.
- Make multicast work
- Fix (some of) the watchdog timeouts after card reset
- Add support for CE2, CEM28 and CEM33 cards
- General code cleanup
Any card that worked previously should still work, as well as a lot that
didn't.
The driver is not yet style(9) compliant; those changes are forthcoming,
once the functional changes are done.
PR: kern/50644
Reviewed by: imp
Approved by: imp
I changed. That is never a good sign.
1) only map 1 page at address zero, not 4096 pages
2) page 1 starts at address 4096 (PAGE_SIZE) not 4095 (PAGE_MASK). I
don't even want to think what the pte's looked like.
3) subtract the r/o page group start address from the end before
converting it to a count. Otherwise an extra page is mapped.
If you were affected by this, the symptoms of this was a hang at boot
after the spinner. Sorry folks. :-(
"You broke my laptop!" by: sam
accesses softc after it is freed. Use a different malloc type for
softc than the rest of the bus code to make it more clear when these
things happen that it is the driver that's at fault, not the bus code.
Suggested by: sam and/or phk (I think)
timeout would continue to happen: boom! Fix this[*] by timing out earlier.
[*] almost fixes the race on unload: wi_inquire could be running when
untimeout is called, and there's no way to know when it has actually
returned. This race is very rare and hard to lose.
Submitted by: scottl
FreeBSD supports. None of them support an alternate formats, except
the alpha (which prints extra register information).
# if we get a mips port, we can put the mips case back to document the
# actual behavior.
porting this stuff back.
* Test /etc/motd for writability before trying to update it. This is
especially useful when /etc/ is mounted ro, like on a diskless boot.
(Thanks to phk for the idea on this one.)
* Make the "updating" message reflect what actually happens.
