1. Data written beyond end of pipe buffer, causing kernel memory corruption.
- Check that space is still valid after obtaining the pipe lock.
- Defer the calculation of transfer size until the pipe
lock has been obtained.
- Update the pipe buffer pointers while holding the pipe lock.
2. Writes of size <= PIPE_BUF not always atomic.
- Allow an internal write to span two contiguous segments,
so writes of size <= PIPE_BUF can be kept atomic
when wrapping around from the end to the start of the
pipe buffer.
PR: 15235
Reviewed by: Matt Dillon <dillon@FreeBSD.org>
are configured, and/or associated with a parent device. If you
receive a frame for a VLAN that's not in the list, you walk off
the end of the list. Boom.
Submitted by: C. Stephen Gunn <csg@waterspout.com>
PR: 15291
vlan interfaces it manages. This prevents the interface from
actually sending or receiving data.
Submitted by: C. Stephen Gunn <csg@waterspout.com>
PR: 15290
to print out protocol specific pcb info.
A patch submitted by guido@gvr.org, and asmodai@wxs.nl also reported
the problem.
Thanks and sorry for your troubles.
Submitted by: guido@gvr.org
Reviewed by: shin
o Don't set CFLAGS in the bootstrap env. It is very likely to be
overridden my any CFLAGS setting in /etc/make.conf. Setting it
here is almost useless. So far, it doesn't seem necessary.
needed for ages, but keeps getting cut/pasted into new Makefiles.
(Once apon a time it was used to activate mount arguments in
<sys/mount.h>, but that was killed with extreme prejudice long ago)
we use. The .c half is statically compiled into the kernel. It's kinda
silly to generate a .h file on the fly that has inlines to call the
.c stuff when the .c code is fixed.
Also, zap the special treatment for VFS_KLD modules. This treatment
applies to lots of things, not just VFS's.
the kernel while the vnode_if.h header is a bunch of inlines to call the
code that is in the kernel. Generating the .h file on the fly is kinda
bogus because it has to match the one compiled into the kernel.
IMHO we should have kern/vnode_if.c and sys/vnode_if.h committed in the
tree but that's another battle.
used to edit the old-style isa_devtab config tables to insert a mapping
for a pci device into the isa tables so that the wdc driver could probe
it later. This has been #if 0'd since April.
differences between the VFS interface between FreeBSD and NetBSD make
it easier to pick up the Linux one than to continue development with the
NetBSD port.
This patch fixes a bug which caused duplicate filenames to be seen by
callers to svr4_sys_getdents64(), leading to malformed directory listings
from Solaris client programs.
Obtained from: The Linuxulator, with a pointer from marcel
NFS packets, mainly initializing structure pointers to NULL which
are conditionally freed prior to return.
PR: kern/15249
Submitted by: Ian Dowse <iedowse@maths.tcd.ie>
blocks of zeros could wind up in a file written to over NFS by a client.
The problem only occurs a few times per several gigabytes of data. This
problem turned out to be bug #3 below.
bug #1:
B_CLUSTEROK must be cleared when an NFS buffer is reverted from
stage 2 (ready for commit rpc) to stage 1 (ready for write).
Reversions can occur when a dirty NFS buffer is redirtied with new
data.
Otherwise the VFS/BIO system may end up thinking that a stage 1
NFS buffer is clusterable. Stage 1 NFS buffers are not clusterable.
bug #2:
B_CLUSTEROK was inappropriately set for a 'short' NFS buffer (short
buffers only occur near the EOF of the file). Change to only set
when the buffer is a full biosize (usually 8K). This bug has no
effect but should be fixed in -current anyway. It need not be
backported.
bug #3:
B_NEEDCOMMIT was inappropriately set in nfs_flush() (which is
typically only called by the update daemon). nfs_flush()
does a multi-pass loop but due to the lack of vnode locking it
is possible for new buffers to be added to the dirtyblkhd list
while a flush operation is going on. This may result in nfs_flush()
setting B_NEEDCOMMIT on a buffer which has *NOT* yet gone through its
stage 1 write, causing only the commit rpc to be made and thus
causing the contents of the buffer to be thrown away (never sent to
the server).
The patch also contains some cleanup, which only applies to the commit
into -current.
Reviewed by: dg, julian
Originally Reported by: Dan Nelson <dnelson@emsphone.com>