388 Commits

Author SHA1 Message Date
Archie Cobbs
2127f26023 Examine all occurrences of sprintf(), strcat(), and str[n]cpy()
for possible buffer overflow problems. Replaced most sprintf()'s
with snprintf(); for others cases, added terminating NUL bytes where
appropriate, replaced constants like "16" with sizeof(), etc.

These changes include several bug fixes, but most changes are for
maintainability's sake. Any instance where it wasn't "immediately
obvious" that a buffer overflow could not occur was made safer.

Reviewed by:	Bruce Evans <bde@zeta.org.au>
Reviewed by:	Matthew Dillon <dillon@apollo.backplane.com>
Reviewed by:	Mike Spengler <mks@networkcs.com>
1998-12-04 22:54:57 +00:00
Bruce Evans
b54e74eb87 Fixed a misspelling of boolean true as MNT_WAIT. 1998-11-15 15:46:33 +00:00
Bruce Evans
c25ded316f Finished updating module event handlers to be compatible with
modeventhand_t.
1998-11-15 15:33:52 +00:00
Peter Wemm
1c5bb3eaa1 add #include <sys/kernel.h> where it's needed by MALLOC_DEFINE() 1998-11-10 09:16:29 +00:00
Peter Wemm
40c8cfe552 Use TAILQ macros for clean/dirty block list processing. Set b_xflags
rather than abusing the list next pointer with a magic number.
1998-10-31 15:31:29 +00:00
Peter Wemm
91ecc00e71 error return assignment was less than ideal. Fix the part that caused
warnings to be the same as the ffs code.  Previously, any error from
the UFS_UPDATE() call was lost (I think).
1998-10-29 09:44:12 +00:00
Peter Wemm
f6020599aa Use vtruncbuf() to clean out cached blocks on a file shorten rather than
the more expensive vinvalbuf(), based on the FFS version of the same
routine.  I don't have any ext2fs filesystems to test this on.
1998-10-29 09:30:52 +00:00
Bruce Evans
b5ee16407f Oops, the redundant tests for major numbers weren't redundant here.
They checked for the magic major number for the "device" behind mfs
mount points.  Use a more obvious check for this device.

Debugged by:		Andrew Gallatin <gallatin@cs.duke.edu>
1998-10-27 11:47:08 +00:00
Bruce Evans
569555b969 Removed redundant bitrotted checks for major numbers instead of updating
them.
1998-10-26 08:53:13 +00:00
Bruce Evans
65baf8f06b Don't follow null bdevsw pointers. The `major(dev) < nblkdev' test rotted
when bdevsw[] became sparse.  We still depend on magic to avoid having to
check that (v_rdev) device numbers in vnodes are not NODEV.
1998-10-25 19:26:18 +00:00
Peter Wemm
f62b74a04f Initialize earlier (ie: before npx) in case it makes any difference.
Print a message when it attaches to pmath_emulate if bootverbose so that
we can be sure it's online.
1998-10-18 07:44:33 +00:00
Peter Wemm
a19bc2b0fb OOPS!
Supply the moduledata handle rather than the event dispatcher function.
This should explain the panic on boot problem that's been discussed in
-current at the moment.  Both machines had GNU_MATH_EMULATE.
1998-10-18 04:36:58 +00:00
Peter Wemm
aa855a598d *gulp*. Jordan specifically OK'ed this..
This is the bulk of the support for doing kld modules.  Two linker_sets
were replaced by SYSINIT()'s.  VFS's and exec handlers are self registered.
kld is now a superset of lkm.  I have converted most of them, they will
follow as a seperate commit as samples.
This all still works as a static a.out kernel using LKM's.
1998-10-16 03:55:01 +00:00
Bruce Evans
d2165c2f7d Fixed bloatage of `struct inode'. We used 5 "spare" fields for ext2fs,
but when i_effnlink was added to support soft updates, there was only
room for 4 spares.  The number of spares was not reduced, so the inode
size became 260 (on i386's), or 512 after rounding up by malloc().
Use one spare field in `struct dinode' instead of the 5th spare field
in the inode and reduced to 4 spares in the inode so that the size is
256 again.

Changed the types of the spares in the inode from int to u_int32_t
so that the inode size has more chance of being <= 256 under other
arches, and downdated ext2fs to match (it was broken to use ints
before rev.1.1).
1998-10-13 15:45:43 +00:00
Bruce Evans
8f359bc68c Quick fix for not being able to sync all the buffers in boot() if
an ext2fs file system is mounted.  The soft update changes added
a check for B_DELWRI buffers.  This exposed the complete brokenness
of the previous quick fix for failing syncs (PR 3571, committed on
1997/08/04).  Use a new buffer flag B_DIRTY and don't abuse B_DELWRI.
B_DIRTY buffers are still written too late, as broken in the previous
fix.  This is fairly harmless, because B_DIRTY is only used for
bitmap buffers and fsck.ext2 can fix up the bitmaps perfectly.

Fixed a race in ULCK_BUF() (bremfree() was outside of the splbio()
section).
1998-10-03 16:19:28 +00:00
Bruce Evans
9702cd0422 Fixed initialization of new inodes. ext2fs doesn't clear inodes when
they are deleted, so inodes must be cleared when they are reused, but
we didn't clear the indirect blocks.  This caused serious filesystem
corruption.
1998-09-29 08:07:32 +00:00
Bruce Evans
6674be30f6 Updated ext2_reload() and ext2_sync(). Locking was broken, and MNT_LAZY
syncs weren't optimized properly (they probably still aren't, but are bug
for bug compatible with ffs).  These fixes are mostly academic, since
ext2fs is too broken to mount read-write (it apparently doesn't clear
indirect blocks).

Obtained from:	mostly from Lite2
1998-09-26 12:42:17 +00:00
Bruce Evans
7cff8977ca Fixed missing newlines in messages in ext2_check_descriptors().
Fixed vnode and memory leaks after an unlikely (?) error in
ext2_mountfs().

Fixed an unconditional memory leak in ext2_unmount().
1998-09-26 07:16:41 +00:00
Bruce Evans
a094db128f Fixed clean flag handling:
Fixes for bugs not shared with ffs:
- don't mount unclean filesystems rw unless forced to.
- accept EXT2_ERROR_FS (treat it like !EXT2_VALID_FS).  We still don't set
  this or honour the maximal mount count.
- don't attempt to print the name of the mount point when mounting an
  unclean file system, since the name of the previous mount point is
  unknown and the name of the current mount point is still "".

Fixes for bugs shared with ffs until recently:
- don't set the clean flag on unmount of an initially-unclean filesystem
  that was (forcibly) mounted rw.
- set the clean flag on rw -> ro update of a mounted initially-clean
  filesystem.
- fixed some style bugs (mostly long lines).

The fixes are slightly simpler than for ffs, because the relevant on-disk
state is not a simple boolean variable, and the superblock has a core-only
extension.

Obtained from:	parts from ffs_vfsops.c, parts from NetBSD
1998-09-26 06:18:59 +00:00
Bruce Evans
5d207357db Fixed the usual missing permissions checks in mount(). As for cd9660,
the damage was limited by the default of 0 for vfs.usermount.

Obtained from:	Lite2 via the -current ffs_vfsops.c
1998-09-09 20:21:18 +00:00
Bruce Evans
05d46b3cd6 Don't forget to initialize the inode lock. This bug caused
surprisingly few problems.  Most fields were initialized to the
correct values by bzero(), but lk_prio was 0 instead of PINOD (=8),
the lk_wmsg was NULL instead of "ext2in", and lk_lockholder was 0
instead of -1.

Obtained from:	Lite2 via the -current ffs_vfsops.c
1998-09-09 13:09:24 +00:00
Bruce Evans
d6c54caabe Support compiling with `gcc -pedantic' (don't use hard newlines in
(asm) string constants).
1998-09-09 12:22:17 +00:00
Bruce Evans
8994ca3ce9 Removed statically configured mount type numbers (MOUNT_*) and all
references to them.

The change a couple of days ago to ignore these numbers in statically
configured vfsconf structs was slightly premature because the cd9660,
cfs, devfs, ext2fs, nfs vfs's still used MOUNT_* instead of the number
in their vfsconf struct.
1998-09-07 13:17:06 +00:00
Bruce Evans
00671271c3 Fixed printf format errors. Only one left in LINT on i386's. 1998-08-24 02:28:16 +00:00
Bruce Evans
cf8c7b0963 Added D_TTY to the cdevswitch flags for all tty drivers. This is required
for the Lite2 fix for always returning EIO in dead_read().

Cleaned up the cdevswitch initializers for all tty drivers.

Removed explicit calls to ttsetwater() from all (tty) drivers.  ttsetwater()
is now called centrally for opens, not just for parameter changes.
1998-08-23 08:26:42 +00:00
Bruce Evans
1874ef935c Quick fix for breakage of read clustering on non-IDE drives. Read
clustering is obsolescent technology so hardly anyone noticed.  On
a DORS 32160 SCSI drive with 4 tags, read clustering makes very
little difference even for huge sequential reads.  However, on a
ZIP SCSI drive with 0 tags, the minimum overhead per block is about
40 msec, so very large clusters must be used to get anywhere near
the maximum transfer rate.  Using clusters consisting of 1 8K block
reduces the transfer rate to about 250K/sec.  Under msdosfs, missing
read clustering is normal and a cluster size of 1 512 byte block
reduces the transfer rate to about 25K/sec.

Broken in:	rev.1.18
1998-08-18 03:54:39 +00:00
Bruce Evans
86a14a7a0a Use [u]intptr_t instead of [u_]long for casts between pointers and
integers.  Don't forget to cast to (void *) as well.
1998-08-16 01:21:52 +00:00
Bruce Evans
8705accbe7 Use offsetof() to avoid some casts from pointers to integers (of a
possibly different size).
1998-08-15 21:36:16 +00:00
Brian Somers
28c1826359 Remove some #if 0'd and commented-out code.
Fix a COMPAT_43 type.
1998-08-12 23:44:22 +00:00
Mike Smith
f01beb610a "The releaseing of the reference and lock is not temporary and belongs
where it is.  The reference and lock(s) are acquired just above the
 code in VREF() and relookup()."

Submitted by:	Michael Hancock <michaelh@cet.co.jp>
1998-08-12 21:42:54 +00:00
Bruce Evans
78196aa2a6 Synced with dgb.c. Important changes from 1.29 (ioctl handling
was broken), 1.30 (COMPAT_43 option header was missing), 1.31 (DEVFS
option header was missing), 1.33 (garbage pointers were followed
in debugging code).  Cosmetic changes from 1.27, 1.32, 1.36, 1.37.

Of course, the DEVFS code didn't even compile.  Fixed.  Not tested.

Forgotten by: brian

This file should not exist.  It is the same as dgb.c except for lots of
renamed variables, about 250 lines removed, and only about 100 lines of
real differences.
1998-08-12 17:38:09 +00:00
Bruce Evans
296ea43c8c Fixed printf format errors.
This file is disgusting.
1998-08-12 16:16:10 +00:00
Brian Somers
30b32223e1 Add Id keyword 1998-08-05 20:19:04 +00:00
Brian Somers
33ca24de10 Add driver dgm - for the Digiboard PC/Xem
Submitted by:	"IBS / Andre Oppermann" <andre@pipeline.ch>
DEVFS additions: brian
1998-08-04 21:42:27 +00:00
Bruce Evans
85badd7eba Fixed printf format errors. 1998-07-30 17:12:39 +00:00
Julian Elischer
49cc016a39 add anti-panic workaround from chris radek (cradek@in221.inetnebr.com)
Not sure why this is needed but but does stop crashes.
1998-07-30 03:22:52 +00:00
Bruce Evans
ac1e407b32 Fixed printf format errors. 1998-07-11 07:46:16 +00:00
Julian Elischer
6deaf84b1f Catch a few corner cases where FreeBSD differs enough from BSD 4.4 to
confuse Soft updates..
Should solve several "dangling deps" panics.
1998-07-08 01:04:33 +00:00
Julian Elischer
fd5d1124e2 VOP_STRATEGY grows an (struct vnode *) argument
as the value in b_vp is often not really what you want.
(and needs to be frobbed). more cleanups will follow this.
Reviewed by: Bruce Evans <bde@freebsd.org>
1998-07-04 20:45:42 +00:00
Bruce Evans
3055187290 Sync timestamp changes for inodes of special files to disk as late
as possible (when the inode is reclaimed).  Temporarily only do
this if option UFS_LAZYMOD configured and softupdates aren't enabled.
UFS_LAZYMOD is intentionally left out of /sys/conf/options.

This is mainly to avoid almost useless disk i/o on battery powered
machines.  It's silly to write to disk (on the next sync or when the
inode becomes inactive) just because someone hit a key or something
wrote to the screen or /dev/null.

PR:		5577
Previous version reviewed by:	phk
1998-07-03 22:17:03 +00:00
Bruce Evans
33cc029eab Centralized in-core inode update. Update the in-core inode directly
in ufs_setattr() so that there is no need to pass timestamps to
UFS_UPDATE() (everything else just needs the current time).  Ignore
the passed-in timestamps in UFS_UPDATE() and always call ufs_itimes()
(was: itimes()) to do the update.  The timestamps are still passed
so that all the callers don't need to be changed yet.
1998-07-03 18:46:52 +00:00
Bruce Evans
add4ae9324 Fixed (?) races in mark_buffer_dirty(). We abuse the buffer cache
by hacking on locked buffers without getblk()ing them, and we didn't
even use splbio() to prevent biodone() changing the buffer underneath
use when a write completes.  I think there was no problem in practice
on i386's because the operations on b_flags and numdirtybufs happen to
be atomic.  We still depend on biodone()'s operations on b_flags not
interfering with ours.  I think there is only interference for B_ERROR,
and this is harmless because errors for async writes are ignored anyway.

Don't use mark_buffer_dirty() except for superblock-related metadata.
It was used in just one case where ordinary BSD buffering is more
natural.
1998-06-21 21:06:04 +00:00
Bruce Evans
9b7a8fb7d8 Removed unused function ll_w_block(). It has always had races due
to not using splbio(), and has rotted a little.  The races were
probably harmless in practice because this function was only used
for superblock updates, and separate superblock updates are probably
prevented from running into each other by doing part of the update
synchronously.
1998-06-21 19:56:31 +00:00
Bruce Evans
be160d60ab Removed unused includes. 1998-06-21 18:02:50 +00:00
Bruce Evans
e5b19842ef Removed unused includes. 1998-06-21 14:53:44 +00:00
Bruce Evans
4344f492c4 Added a missing options include. 1998-06-21 12:36:12 +00:00
Doug Rabson
ecbb00a262 This commit fixes various 64bit portability problems required for
FreeBSD/alpha.  The most significant item is to change the command
argument to ioctl functions from int to u_long.  This change brings us
inline with various other BSD versions.  Driver writers may like to
use (__FreeBSD_version == 300003) to detect this change.

The prototype FreeBSD/alpha machdep will follow in a couple of days
time.
1998-06-07 17:13:14 +00:00
Bruce Evans
dae50f6c50 Don't use "ffs" in an ext2fs sleep message string.
Don't forget to clear the inode hash lock before returning from ext2_vget()
after getnewvnode() fails.  Obtained from: rev.1.24 of ffs_vfsops.c (the
original patch for the getnewvnode() race).  Forgotten in: rev.1.4 here.

Removed a duplicate comment.  Duplicated in: rev.1.4 here.

Fixed the MALLOC() vs getnewvnode() race in ext2_vget().  Obtained from:
rev.1.39 of ffs_vfsops.c.
1998-05-16 17:47:44 +00:00
Bruce Evans
2c8838fec4 Abbreviate "ext2fs_fsync" as "e2fsyn" instead of as "extfsn" in a sleep
message string.
1998-05-16 16:52:20 +00:00
Mike Smith
7be2d30077 In the words of the submitter:
---------
Make callers of namei() responsible for releasing references or locks
instead of having the underlying filesystems do it.  This eliminates
redundancy in all terminal filesystems and makes it possible for stacked
transport layers such as umapfs or nullfs to operate correctly.

Quality testing was done with testvn, and lat_fs from the lmbench suite.

Some NFS client testing courtesy of Patrik Kudo.

vop_mknod and vop_symlink still release the returned vpp.  vop_rename
still releases 4 vnode arguments before it returns.  These remaining cases
will be corrected in the next set of patches.
---------

Submitted by:	Michael Hancock <michaelh@cet.co.jp>
1998-05-07 04:58:58 +00:00