When there's an error, we don't want to free the children, since it
will be stack garbage. While we did fail to dereference it by setting
devs to 0, we didn't fail to call free. We never failed to fail, it
was the easiest thing to do.
(1) Abstract interpreter vnode labeling in execve(2) and mac_execve(2)
so that the general exec code isn't aware of the details of
allocating, copying, and freeing labels, rather, simply passes in
a void pointer to start and stop functions that will be used by
the framework. This change will be MFC'd.
(2) Introduce a new flags field to the MAC_POLICY_SET(9) interface
allowing policies to declare which types of objects require label
allocation, initialization, and destruction, and define a set of
flags covering various supported object types (MPC_OBJECT_PROC,
MPC_OBJECT_VNODE, MPC_OBJECT_INPCB, ...). This change reduces the
overhead of compiling the MAC Framework into the kernel if policies
aren't loaded, or if policies require labels on only a small number
or even no object types. Each time a policy is loaded or unloaded,
we recalculate a mask of labeled object types across all policies
present in the system. Eliminate MAC_ALWAYS_LABEL_MBUF option as it
is no longer required.
MFC after: 1 week ((1) only)
Reviewed by: csjp
Obtained from: TrustedBSD Project
Sponsored by: Apple, Inc.
not in the namecache when shared lookups are enabled (vfs.lookup_shared=1,
it is currently off by default) and the filesystem supports shared lookups
(e.g. NFS client). Specifically, if multiple concurrent LOOKUPs both miss
in the name cache in parallel, each of the lookups may each end up adding an
entry to the namecache resulting in duplicate entries in the namecache
for the same pathname. A subsequent removal of the mapping of that
pathname to that vnode (via remove or rename) would only evict one of the
entries from the name cache. As a result, subseqent lookups for that
pathname would still return the old vnode.
This race was observed with shared lookups over NFS where a file was updated
by writing a new file out to a temporary file name and then renaming that
temporary file to the "real" file to effect atomic updates of a file. Other
processes on the same client that were periodically reading the file would
occasionally receive an ESTALE error from open(2) because the VOP_GETATTR()
in nfs_open() would receive that error when given the stale vnode.
The fix here is to check for duplicates in cache_enter() and just return
if an entry for this same directory and leaf file name for this vnode is
already in the cache. The check for duplicates is done by walking the
per-vnode list of name cache entries. It is expected that this list should
be very small in the common case (usually 0 or 1 entries during a
cache_enter() since most files only have 1 "leaf" name).
Reviewed by: ups, scottl
MFC after: 2 months
PHY only and not also in the case of an external PHY currently
doing full duplex, which accidentally got broken in r172334.
It's still not clear to me why we need to enable the buffer for
an internal PHY though.
- Count excess and late collisions as output errors. [1]
- Count receive errors as input errors. [1]
Obtained from: NetBSD [1]
MFC after: 3 days
space provided by its argument structure, return EOVERFLOW instead of
E2BIG. The latter is documented in Solaris's man page, but the
former is implemented. In either case, the caller should use
getaudit_addr(2) to return the IPv6 address.
Submitted by: sson
Obtained from: Apple, Inc.
MFC after: 3 days
Because we now use pts(4)-style PTY's exclusively, there is no use for
these entries in /etc/ttys. Right now the pts(4) entries only go from 0
to 255. Because we're going to touch these files anyway, increase the
number to 511.
Discussed with: philip (ex-mentor)
on the presence of fhc(4) instead; we by far don't support all of
the functionality provide by the clock board but in general it's
an integral part of FireHose-based systems which shouldn't be
possible to omit.
we can be sure that it's valid.
In case we abort early free it again else put it into the syncache.
We need the cred in the syncache to be able to restrict what will be
exportet by the sysctl helper function syncache_pcblist() (to netstat)
within jails.
PR: kern/126493
Reviewed by: rwatson (earlier versions)
MFC after: 3 days
ukbd(4) does and that emulation was enabled by default, all three of
them work together with kbdmux(4) out of the box just fine.
- Fix some whitespace bugs.
MFC after: 3 days
When my earlier MPSAFE TTY prototypes still implemented line
disciplines, we needed a mechanism to abort read()'s on PTY master
devices when inside the line discipline. Because this is no longer the
case, these checks have become unneeded.
After the MPSAFE TTY import, we have support for the TAB0 and TAB3 flags
to handle tab expansion, while we only used to support OXTABS. Switch
stty(1) to use tab0 and tab3 to print whether tab expansion is turned on
or off. Implement the oxtabs and tabs switches by setting the
appropriate TABx value.
Even though POSIX only lists this as being XSI, we'd better follow it.
tables, then attempt to build a simple list containing just the high and
low frequencies based on the current CPU frequency calculated during boot
and the contents of the MSR.
MFC after: 1 month
timer. Previously, the various divisors were fixed which meant that while
it gave somewhat reasonable stathz, etc. at hz=1000, it went off the rails
with any other hz value. With these changes, we now pick a lapic timer hz
based on the value of hz. If hz is >= 1500, then the lapic timer runs at
hz. If 1500 hz >= 750, we run the lapic timer at hz * 2. If hz < 750, we
run at hz * 4. We compute a divider at runtime to make stathz run as close
to 128 as we can since stathz really wants to be run at something close to
that frequency. Profiling just runs on every clock tick. So some examples:
With hz = 100, the lapic timer now runs at 400 instead of 2000. stathz
will be 133, and profhz = 400. With hz = 1000 (default), the lapic timer
is still at 2000 (as it is now), stathz is at 133 (as it is now), and
profhz will be 2000 (previously 666).
MFC after: 2 weeks
only in low memory situations, so the error fork of these fixes is
lightly tested, but they should do the least-wrong thing...
Submitted by: Hans Petter Selasky
userspace to kernel via nmount(), pass in the strings
"update", "snapshot", "reload".
We want to move away from passing MNT_ flags from userspace -> kernel
via nmount(), and instead favor passing the string options.
set the MNT_FORCE flag, but do not persist "force"
in the options list, since it is a command, not a persistent property
of a mount.
Similarly, when we see "reload", set MNT_RELOAD,
but delete "reload" from the options list.
MFC after: 1 week
- According to POSIX, tcsetattr() must not fail when any of the bits in
the structure are unsupported, but it must leave the unsupported flags
alone.
- The CIGNORE flag (set by TCSASOFT, extension) was not cleared from
c_cflag, which means using it would cause it to be applied during its
entire lifespan. Eventually make sure we clear the flag.
I don't really like CIGNORE, but I think we must keep it alive right
now. With our new TTY layer, we don't actually need this mechanism,
because if you leave c_cflag, c_ispeed and c_ospeed alone, we won't make
a call into the device driver anyway.
Reported by: naddy
Tested by: naddy
thread_unsuspend_one() needs to optionally wakeup the swapper. Since we
hold the thread lock for that entire function, however, we have to push
that requirement up into the caller.
Found by: rwatson
sntp includes a copy of libopts in itself in vendor code, rewrite the
Makefile to compile and use only one copy. It is an internal library, not
installed.
MFC after: 2 weeks
Unlike pre-MPSAFE TTY, the pts(4) driver always returned ENXIO when a
read() or write() was performed on a pseudo-terminal master device when
the slave device was not opened. The old implementation had different
semantics:
- When the slave device had not been opened yet, read() and write() just
blocked.
- When the slave device had been closed, a read() call would return 0
bytes length.
- When the slave device had been closed, a write() call would return
EIO.
Change the new implementation to return 0 and EIO as well. We don't
implement the first rule, but I suspect this is not needed, because
routines like openpty() also open the slave device node. posix_openpt()
users also do similar things.
Reported by: rink
Tested by: rink
