- the major number wasn't checked, so accesses beyond the end of bdevsw[]
were possible. Bogus major numbers are easy to get because `sysctl -w'
doesn't handle dev_t's reasonably - it doesn't convert names to dev_t's
and it converts the number 1025 to the dev_t 0x35323031.
- Driver d_psize() functions return -1 to indicate error ENXIO or ENODEV
(the interface is too braindamaged to say which). -1 was interpreted
as a size and resulted in the bogus error ENOSPC.
- it was possible to set the dumpdev for devices without a d_psize()
function. This is equivalent to setting the dumpdev to NODEV except
it confuses sysctl.
- change a 512 to DEV_BSIZE. There is an official macro dtoc() for
converting "pages" to disk blocks but it is never used in /usr/src/sys.
There is much confusion between PAGE_SIZE sized pages and NBPG sized
pages. Maxmem consists of both.
Not fixed:
- there is nothing to invalidate the dumpdev if the media goes away.
This reduces the benefits of the early calculation of dumplo. Bounds
checking in the dump routines is relied on to reduce the risk of
damage and little would be lost by relying on the dump routines to
calculate dumplo.
- no attempt is made to stay away from the start of the device to
avoid clobbering labels.
Fix wrong && anachronistic comment about the type of bootdev.
Reviewed by: davidg
Submitted by: Bruce Evans
handled correctly. This would manifest itself as "object deallocated too
many times" panics and perhaps other strange inconsistencies on NFS servers.
Reviewed by: me, of course
Submitted by: John Dyson
LINT talks about about 2.1. I changed that to 2.0.5,
and clarified why certain devices need "at scbus?".
There is still a crazy "PCVT=210" which shouldn't be there,
but corrected comment as it is needed for 2.0.5.
for broadcasts if point-to-point links shared the same IP address as
the ethernet. The fix must be enabled with P2P_LOCALADDR_SHARE option
in the kernel config file. This will someday likely be standard, but
there isn't sufficient time before release to determine if there are
any interoperability problems with routed and/or gated.
Reviewed by: Garrett Wollman, and me
Submitted by: Peter Wemm
- option DODUMP no longer exists (remove all references to it).
- directive `swap on' is now a no-op (don't bother documenting it; remove
comment to match code).
- directive `dumps on' still works (restore code to match comment; deprecate
it in comment).
Reviewed by: Poul-Henning Kamp, and me
Submitted by: Bruce Evans
etc.). The tulip_start routine was rewritten to use less stack space (I've
been having problems with wcarchive overflowing the stack and this should
help a little). This version also has preliminary NetBSD support.
Rod Grimes helped in testing this version of the driver. Thanks Rod. It's
additionally been extensively tested here and on wcarchive.
Submitted by: Matt Thomas
in machdep.c (it should use the global nmbclusters). Moved the calculation
of nmbclusters into conf/param.c (same place where nmbclusters has always
been assigned), and made the calculation include an extra amount based
on "maxusers". NMBCLUSTERS can still be overrided in the kernel config
file as always, but this change will make that generally unnecessary. This
fixes the "bug" reports from people who have misconfigured kernels seeing
the network hang when the mbuf cluster pool runs out.
Reviewed by: John Dyson
in machdep.c (it should use the global nmbclusters). Moved the calculation
of nmbclusters into conf/param.c (same place where nmbclusters has always
been assigned), and made the calculation include an extra amount based
on "maxusers". NMBCLUSTERS can still be overrided in the kernel config
file as always, but this change will make that generally unnecessary. This
fixes the "bug" reports from people who have misconfigured kernels seeing
the network "hang" when the mbuf cluster pool runs out.
Reviewed by: John Dyson
regular user could panic the machine with a simple "tail /proc/curproc/mem"
command. The problem was twofold: both kernfs and procfs didn't fill in
the mnt_stat statfs struct (which would later lead to an integer divide
fault in the vnode pager), and kernfs bogusly paniced if a bmap was
attempted.
Reviewed by: John Dyson
device.
v_numoutput wasn't incremented to match the b_iodone nesting. It's still
fishy that vwakeup() clears B_WRITEINPROG before biodone() has finished;
however, B_WRITEINPROG seems to be never used.
Submitted by: Bruce Evans
the National Semiconductor InfoMover PCMCIA cards also. In tests on a
NE4100 on Jordan's laptop here, the ze driver works fine with that
card.
Reviewed by: Jordan Hubbard, Rod Grimes, and me
Submitted by: Gary Palmer
to most users (the wrong length is passed to ether_input). The
second is more serious. The multicast hash algorithm uses the wrong
(low) bits instead of the right (high) bits. This is only an issue
if you use >12 multicast addresses but if you are using IP multicast
then it might affect you...
Submitted by: Matt Thomas
thrown out if bpfilter support and no BPF listener. (submitted by Bill
Fenner)
Removed unused variable and changed another from a stack variable to a
static - the variable was a rather large array of structs that consumed
a lot of stack space. (me)
1) Files weren't properly synced on filesystems other than UFS. In some
cases, this lead to lost data. Most likely would be noticed on NFS.
The fix is to make the VM page sync/object_clean general rather than
in each filesystem.
2) Mixing regular and mmaped file I/O on NFS was very broken. It caused
chunks of files to end up as zeroes rather than the intended contents.
The fix was to fix several race conditions and to kludge up the
"b_dirtyoff" and "b_dirtyend" that NFS relies upon - paying attention
to page modifications that occurred via the mmapping.
Reviewed by: David Greenman
Submitted by: John Dyson
These changes solve the problem in a general way by moving the
initialization out of the individual fs_mountroot's and into swaponvp().
Submitted by: Poul-Henning Kamp
changes. The check for nswap was bogus, but the code was so convoluted
that it was difficult to tell. It's better now. :-)
Reviewed by: David Greenman (extensively), and John Dyson
Submitted by: Poul-Henning Kamp, w/tweaks by me.
inconsistencies in the VM system that eventually lead to a panic. These
changes fix the behavior to conform to the behavior in SunOS, which is
to deny faults to pages beyond the EOF (returning SIGBUS). Internally,
this is implemented by requiring faults to be within the object size
boundaries. These changes exposed another bug, namely that passing in
an offset to mmap when trying to map an unnamed anonymous region also
results in internal inconsistencies. In this case, the offset is forced
to zero.
Reviewed by: John Dyson and others
serial_putchar() always hung if it was called and the serial port existed,
so booting with -h hung when the above bug was fixed. Previously, setting
-h did nothing but -h was sometimes the default due to the stack garbage
bug.
Submitted by: DI. Christian Gusenbauer <cg@scotty.edvz.uni-linz.ac.at>
The `howto' arg to boot() was not supplied, so it was stack garbage (actually
the return address in the boot program). I didn't use the submitted fix.
1) If a target initiated a sync negotiation with us and happened to chose a
value above 15, the old code inadvertantly truncated it with an "& 0x0f".
If the periferal picked something really bad like 0x32, you'd end up with
an offset of 2 which would hang the drive since it didn't expect to ever
get something so low. We now do a MIN(maxoffset, given_offset).
2) In the case of Wide cards, we were turning on sync transfers after a
sucessfull wide negotiation. Now we leave the offset alone in the per
target scratch space (which implies asyncronous transfers since we initialize
it that way) until a syncronous negotation occurs.
3) We were advertizing a max offset of 15 instead of 8 for wide devices.
4) If the upper level SCSI code sent down a "SCSI_RESET", it would hang the
system because we would end up sending a null command to the sequencer. Now
we handle SCSI_RESET correctly by having the sequencer interrupt us when it
is about to fill the message buffer so that we can fill it in ourselves.
The sequencer will also "simulate" a command complete for these "message only"
SCBs so that the kernel driver can finish up properly. The cdplay utility
will send a "SCSI_REST" to the cdplayer if you use the reset command.
5) The code that handles SCSIINTs was broken in that if more than one type
of error was true at once, we'd do outbs without the card being paused.
The else clause after the busfree case was also an accident waiting to
happen. I've now turned this into an if, else if, else type of thing, since
in most cases when we handle one type of error, it should be okay to ignore
the rest (ie if we have a SELTO, who cares if there was a parity error on
the transaction?), but the section should really be rewritten after 2.0.5.
This fix was the least obtrusive way to patch the problem.
6) Only tag either SDTR or WDTR negotiation on an SCB. The real problem is
that I don't account for the case when an SCB that is tagged to do a particular
type of negotiation completes or SELTOs (selection timeout) without the
negotiation taking place, so the accounting of sdtrpending and wdtrpending
gets screwed up. In the wide case, if we tag it to do both wdtr and sdtr,
it only performs wdtr (since wdtr must occur first and we spread out the
negotiation over two commands) so we always have sdtrpending set for that
target and we never do a real SDTR. I fill properly fix the accounting
after 2.0.5 goes out the door, but this works (as confirmed by Dan) on
wide targets.
Other stuff that is also included:
1) Don't do a bzero when recycling SCBs. The only thing that must explicitly
be set to zero is the scb control byte which is done in ahc_get_scb. We also
need to set the SG_list_pointer and SG_list_count to 0 for commands that do
not transfer data.
2) Mask the interrupt type printout for the aic7870 case. The bit we were
using to determine interrupt type is only valid for the aic7770.
Submitted by: Justin Gibbs
IGMPv2 spec. This fixes the following bugs:
o ntohs() on a char provides silly results
o timer needs to be scaled to units of PR_FASTHZ; this was being done
inconsistenly so now it gets done when it is initialized.
Reviewed by: Garrett Wollman
Submitted by: Bill Fenner <fenner@parc.xerox.com>
when the single user shell was terminated. These changes disallow mounting
or R/W upgrading filesystems that are dirty unless "-f" (force) option
is used with mount. /etc/rc has been modified to abort the startup if
one or more non-nfs partitions fail to mount.
Reviewed by: Poul-Henning Kamp, Rod Grimes
I ran into another manifestation of the problem reported in PR 211 and
fixed it. Try this:
as non-root:
cd /tmp; mkdir x y x/z
as root:
chown root /tmp/x/z
as non-root:
cd /tmp/x; mv z ../y # EACCES as expected
as root:
cd /tmp/x; mv z ../y # EINVAL NOT as expected
This is because ufs_rename() sets IN_RENAME and fails to clear it.
Reviewed by: davidg
Submitted by: bde
the 802.3 frames generated by the DC21040 (which does automatic padding
of less-than-minimum frames) and the frames generated by the 'ed'
driver, I've found that there is indeed a bug in the size of "ETHER_MIN_LEN"
as reported by several people, John Hay being the most recent. The driver
was actually setting the length to 6+6+2+50 (64 bytes), which when adding
in the CRC (which is automatically appended to the frame and not included
in the length), the minimum frame is 4 bytes larger than it is supposed to
be. All of this is confirmed by tcpdump showing 50 bytes of data for
minimum frames from the 'ed' cards and 46 bytes from 'de' cards. This
analysis has also revealed that there is garbage in the un-filled in
portion at the end of the minimum frames from the 'ed' driver; I don't
plan to fix this.
