for possible buffer overflow problems. Replaced most sprintf()'s
with snprintf(); for others cases, added terminating NUL bytes where
appropriate, replaced constants like "16" with sizeof(), etc.
These changes include several bug fixes, but most changes are for
maintainability's sake. Any instance where it wasn't "immediately
obvious" that a buffer overflow could not occur was made safer.
Reviewed by: Bruce Evans <bde@zeta.org.au>
Reviewed by: Matthew Dillon <dillon@apollo.backplane.com>
Reviewed by: Mike Spengler <mks@networkcs.com>
during a trek through RCS. The Macronix 98713 and 98713A both have the
same PCI device ID but different revision numbers, and we need to be
able to tell one from the other. The 98715 and 98715A chips have the
same device ID as the 98725 chip but different revision numbers, however
we lump them into the same category except when identifying them during
the PCI probe output.
The main reason we need tell the chips apart is that the Macronix app
notes say you have to write a special magic number into one of the
registers in order to put the chip in normal operating mode. The 98713
requires one magic value, while all the others require a different one.
PCI fast ethernet adapters, plus man pages.
if_pn.c: Netgear FA310TX model D1, LinkSys LNE100TX, Matrox FastNIC 10/100,
various other PNIC devices
if_mx.c: NDC Communications SOHOware SFA100 (Macronix 98713A), various
other boards based on the Macronix 98713, 98713A, 98715, 98715A
and 98725 chips
if_vr.c: D-Link DFE530-TX, other boards based on the VIA Rhine and
Rhine II chips (note: the D-Link and certain other cards
that actually use a Rhine II chip still return the PCI
device ID of the Rhine I. I don't know why, and it doesn't
really matter since the driver treats both chips the same
anyway.)
if_wb.c: Trendware TE100-PCIE and various other cards based on the
Winbond W89C840F chip (the Trendware card is identical to
the sample boards Winbond sent me, so who knows how many
clones there are running around)
All drivers include support for ifmedia, BPF and hardware multicast
filtering.
Also updated GENERIC, LINT, RELNOTES.TXT, userconfig and
sysinstall device list.
I also have a driver for the ASIX AX88140A in the works.
alpha, operations involving non-finite numbers or denormalised numbers
or operations which should generate such numbers will cause an arithmetic
exception. For programs which follow some strict code generation rules,
the kernel trap handler can then 'complete' the operation by emulating
the faulting instruction.
To use software completion, a program must be compiled with the arguments
'-mtrap-precision=i' and '-mfp-trap-mode=su' or '-mfp-trap-mode=sui'.
Programs compiled in this way can use non-finite and denormalised numbers
at the expense of slightly less efficient code generation of floating
point instructions. Programs not compiled with these options will receive
a SIGFPE signal when non-finite or denormalised numbers are used or
generated.
Reviewed by: John Polstra <jdp@polstra.com>
option not defined the sysctl int value is set to -1 and read-only.
#ifdef KERNEL's added appropriately to wall off visibility of kernel
routines from user code.
Add ICMP_BANDLIM option and 'net.inet.icmp.icmplim' sysctl. If option
is specified in kernel config, icmplim defaults to 100 pps. Setting it
to 0 will disable the feature. This feature limits ICMP error responses
for packets sent to bad tcp or udp ports, which does a lot to help the
machine handle network D.O.S. attacks.
The kernel will report packet rates that exceed the limit at a rate of
one kernel printf per second. There is one issue in regards to the
'tail end' of an attack... the kernel will not output the last report
until some unrelated and valid icmp error packet is return at some
point after the attack is over. This is a minor reporting issue only.
not like the 6-byte read and write commands! It returns illegal request,
with the field pointer pointing to byte 9 of a 6 byte CDB.
In any case, the work around is to put in a quirk mechanism that makes sure
that we don't send 6-byte reads or writes to this device. It's rather sad
that this is necessary. You'd think that they would be able to get
something that basic to work right in their firmware...
Reviewed by: gibbs
Reported by: Adam McDougall <bsdx@spawnet.com>
problem is worked around by using an interrupt gate for the page
fault handler. This code was originally made for NetBSD/pc98 by
Naofumi Honda <honda@kururu.math.sci.hokudai.ac.jp> and has already
been in PC98 tree. Because of this bug, trap_fatal cannot show
correct page fault address if %cr2 is obtained in this function.
Therefore, trap_fatal uses the value from trap() function.
- The trap handler always enables interruption when buggy application
or kernel code has disabled interrupts and then trapped. This code
was prepared by Bruce Evans <bde@FreeBSD.org>.
Submitted by: Bruce Evans <bde@FreeBSD.org>
Naofumi Honda <honda@kururu.math.sci.hokudai.ac.jp>
going to want a major number from that list instead. Also use the
same preallocated local range (500-600) for blkdevs as well as cdevs,
just to be orthogonal. The latter was for Brian, who has a *lot*
of local device drivers and needs more than just a single reserved
number.
can set if your hw/sw produces the "calcru negative..." message.
Setting the alternate method (sysctl -w kern.timecounter.method=1)
makes the the get{nano|micro}*() functions call the real thing at
resulting in a measurable but minor overhead.
I decided to NOT have the "calcru" change the method automatically
because you should be aware of this problem if you have it.
The problems currently seen, related to usleep and a few other corners
are fixed for both methods.
is completely empty. There is an interrupt for output completion. It
is painful to use, but polling method used in the corresponding fix in
sio.c (rev.1.152) can't be used because there is no status bit for
transmitter-empty. Now ttywait() works right.
Reminded by: NIST-PCTS
Don't call timeout() for DTR wakeup if the relevant timeout is already
active. This fixes "timeout table full" panics when sufficiently many
cyopen()s are interrupted while they are sleeping waiting for the
timeout to expire.
install all those images at all (nor to install them under /usr/mdec), given
the high degree of customization this Makefile needs in order to get images
that are actually useful for some NIC.
Submitted by: John Hay <jhay@mikom.csir.co.za>,
Paul Allenby <pallenby@mikom.csir.co.za>
runtime. p_runtime is unsigned while p_cpulimit is not, so this avoids the
nasty side effect of the process getting killed when the runtime comes up
"negative" due to other bugs.
cards. My machine didn't tickle this problem, so I can't tell if
it fixed anything or not. However, it didn't break my already working
1542-{B,C,CF,CP} probes.
o Minor comment correction
o Minor correction in printf
were half of their physical offsets for ISA and 1/4 of their physical
offsets for PCI, while all other Cyclades offsets were physical/1 for
ISA and physical/2 for PCI. Logically wrong macros were used to scale
CY16_RESET and CY_CLEAR_INTR to the correct physical offsets.
Fixed some style bugs (mostly long lines).
out interrupts for too long. If you still see the "calcru: negative
time..." message you can increase NTIMECOUNTER (see LINT).
Sideeffect is that a timecounter is required to not wrap around in
less than (1 + delta) seconds instead of the (1/hz + delta) required
until now.
Many thanks to: msmith, wpaul, wosch & bde
use a 256 entry ring buffer of descriptersfor this purpose. This allows
the use of a simple 8bit counter in the sequencer code for tracking start
location.
Entries in the ring buffer now contain a "cmd_valid" byte at their tail.
As an entry is serviced, this byte is cleared by the kernel and set by
the sequencer during its dma of a new entry. Since this byte is the last
portion of the command touched during a dma, the kernel can use this
byte to ensure the command it processes is completely valid.
The new command format requires a fixed sized DMA from the controller
to deliver which allowed for additional simplification of the sequencer
code. The hack that required 1 SCB slot to be stolen for incoming
command delivery notification is also gone.
from an interrupt context and fsetown() wants to peek at curproc, call
malloc(..., M_WAITOK), and fiddle with various unprotected data structures.
The fix is to move the code that duplicates the F_SETOWN/FIOSETOWN state
of the original socket to the new socket from sonewconn() to accept1(),
since accept1() runs in the correct context. Deferring this until the
process calls accept() is harmless since the process can't do anything
useful with SIGIO on the new socket until it has the descriptor for that
socket.
One could make the case for not bothering to duplicate the
F_SETOWN/FIOSETOWN state and requiring the process to explicitly make the
fcntl() or ioctl() call on the new socket, but this would be incompatible
with the previous implementation and might break programs which rely on
the old semantics.
This bug was discovered by Andrew Gallatin <gallatin@cs.duke.edu>.
other problem.
- Hold onto splsoftcam() in the peripheral driver open routines until we
have locked the periph. This eliminates a race condition.
- Disallow opening the pass driver when securelevel > 1.
- If a user tries to open the pass driver with O_NONBLOCK set, return
EINVAL instead of ENODEV. (noticed by gibbs)
interrupt handlers. Instead, load and use it atomically as necessary.
This reduces mode switching overhead for "polled" mode interrupt handling
from 5 i/o's to 3 (per service type, per port) so that polled mode is only
slightly more inefficient than "interrupt" mode.
UARTs when their divisor latch registers are selected while they are
doing output. Waiting for (some) output to drain is not permitted for
the TCSANOW case of tcsetattr(). NIST-PCTS easily detects bugs like
this by testing at at speeds that no one would want to use (50 bps).
Deleted stale comments related to flushing i/o. Flushing works properly
for 16550s according to NIST-PCTS (it can't work properly for 16450s).
This finishes fixing all sio(16550)-related bugs found by NIST-PCTS.
Many (mostly machine-dependent ones) are still missing. NIST-PCTS found
this bug for all the ioctls used to implement the POSIX tc* functions
(TIOCCBRK, TIOCDRAIN, TIOCSPGRP, TIOCSBRK, TIOCSTART and TIOCSTOP), and
I found FIOASYNC, TIOCCONS, TIOCEXCL, TIOCHPCL, TIOCNXCL, TIOCSCTTY and
TIOCSDRAINWAIT by inspection. TIOCSPGRP was ifdefed out for some reason.
Handle tcsetattr()'s historical speed conversions correctly and more
centrally:
- don't store speeds of 0 in the final termios struct. Drivers can now
depend on tp->t_ispeed and tp->t_ospeed giving the actual speed.
Applications can now depend on tcgetattr() being POSIX.1 conformant.
- convert from a proposed input speed of 0 to the proposed output speed
(except if that is 0, convert to the current output speed). Drivers
can now depend on the proposed input speed being nonzero.
- don't reject negative speeds. Negative speeds can't happen now that
speed_t is unsigned, and rejecting invalid speeds is a bug - tcsetattr()
is supposed to succeed if it can "perform any of the requested actions",
so it shouldn't fail in practice.
keyboard/mouse/display switch products (console switches). Some
products claim they emulate the PS/2 mouse when the host computer
talks to the mouse while the mouse is actually routed to another
host.
flags 0x200 Do not try to identify the mouse model. All
mice will be recognized as "generic PS/2".
0x400 Do not reset the mouse. Some switches' response
to the reset command is too slow and the psm
will timeout.
0x1000 Relax error checking when probing the mouse
port.
- Added another flag for pad devices.
flags 0x800 Assume the pad behaves like ALPS GlidePoint
when the user `taps' the surface of the pad;
it will be reported as the fourth button.
# `moused' is getting too over-loaded now. If we want something
# more than simple mouse emulation for tablets or remote devices,
# we should start writing a separate daemon...
Submitted by: luigi
the first time block 0 is read. This fix initialises the block
numbers to -1 which isn't the most correct thing for a daddr_t but
it isn't likely to cause a problem in the boot blocks and it could
do with a more thought out fix later.
The bug is probably benign on the i386 but on the alpha it can
cause initial file opens to fail. This is the cause of the "can't
open /boot/boot.conf" errors.
It appears on the alpha because of a number of combining factors.
On the alpha the LABELSECTOR is 0 so block 0 needs to be read in
from the media. The first time this happens you get a false hit
because the bc_blkno field is zero initially. Also, the timestamp
check against this cache hit succeeds because on the alpha a hacked
getsecs() function can return 0 when it starts counting so that
the zero initial timestamp + BCACHE_TIMEOUT is greater than the
current time until getsecs() has counted passed BCACHE_TIMEOUT.
The overall effect is that the first open() that occurs gets a
false cache hit and returns garbage to the bd_strategy() function
which then fails the open() call. This false hit then stays in the
cache until BCACHE_TIMEOUT getsecs() ticks have passed; all open()
calls during this time fail.
This explains why you can generally access the media by the time
you get to interp() and start issuing commands but the earlier
attempts to run the boot scripts are failing.
It's possible that this is causing the problem switching to the
mfsroot floppy as well but I haven't confirmed that.
almost always causes this panic for the curproc != pageproc case.
This case apparently doesn't happen in normal operation, but it
happens when vm_page_alloc_contig() is called when there is a memory
hogging application that hasn't already been paged out.
PR: 8632
Reviewed by: info@opensound.com (Dev Mazumdar), dg
Broken in: rev.1.89 (1998/02/23)
structure for the alpha. These give extra information about some
signals (such as SIGSEGV) and should be compatible with Digital Unix.
Submitted by: jdp
which is either a RealTek 8139 in disguise or a RealTek workalike.
This commit fixes the PCI vendor/device ID for this device
and updates the description string to reflect the actual identity
of the device.
I also changed the transmit encapsulation routine to always to
buffer copies on transmit. We end up doing this 99% of the time
anyway. I also tweaked the code that pads packets out to the minimum
length (60) bytes. I was fixing up the m_pkthdr.len value but not
m_len. I don't think this makes that much difference in the grand
scheme of things, but it makes me feel better.
bio interrupts, and a truncated file that along with the precise alignment
of the planets could result in a page being freed multiple times or a
just-freed page being put onto the inactive queue.
system, the mapping from logical to physical block number may be lost.
Hence we have to check for a reconstituted buffer and redo the call to
VOP_BMAP if the physical block number has been lost.
devstat_end_transaction error message that gets printed whenever the
busy count is < 0.
This will help catch drivers that improperly implement devstat(9) support.
when a TCP "stealth" scan is directed at a *BSD box by ensuring the window
is 0 for all RST packets generated through tcp_respond()
Reviewed by: Don Lewis <Don.Lewis@tsc.tdk.com>
Obtained from: Bugtraq (from: Darren Reed <avalon@COOMBS.ANU.EDU.AU>)
cache. If the cached result lets us say "yes", then go with that. If
we're not sure, or we think the answer might be "no", go to the wire to be
certain. This avoids all of the possible false veto cases, and allows us
to key the cached value with just the UID for which the cached value holds,
reducing the bloat of the nfsnode structure from 104 bytes to just 12 bytes.
Since the "yes" case is by far the most common, this should still provide
a substantial performance improvement. Also default the cache to on, with
a conservative timeout (2 seconds). This improves performance if NFS is
loaded as a KLD module, as there's not (yet) code to parse an option out
of the module arguments to set it, and sysctl doesn't work (yet) for OIDs
in modules.
The 'accelerator' mode was suggested by Bjoern Groenvall (bg@sics.se)
Feedback on this would be appreciated as testing has been necessarily
limited by Comdex, and it would be valuable to have this in 2.2.8.
* Update drivers to the latest version of the bus interface.
The ISA drivers' use of the new resource api is minimal. Garrett has
some much cleaner drivers which should be more easily shared between
i386 and alpha. This has only been tested on cia based machines. It
should work on lca and apecs but I might have broken something.
warnings for the recent change of the type of a module event handler.
Fixed a rotted comment (numeric types of filesystems are not listed here).
Made the function protototype in VFS_SET() more like the corresponding
function definition (don't use extern for prototypes).
Enforce a semicolon after the LKM case of VFS_SET().
MALLOC_DEFINE() and MALLOC_DEFINE() is needed by the recently
reenabled "reallocblks" code, but <sys/kernel.h> was only included
if CLUSTERDEBUG was defined. This was too harmless. gcc only
warns about garbage like `SYSINIT(blech);' at file scope ...
devstart_start_transaction() call is misplaced - it is after the
wdustart() call that queues the transaction on the controller queue.
Normally this doesn't matter because we're running at splbio() so
nothing will look at the controller queue. However, obsolescent
code for syncing labels sometimes slept after the transaction was
started, so the transaction sometimes completed before it was
[recorded as] started. This code was misplaced even for syncing
labels. Move it to the right place. It should go away, but
something may depend on its side effects.
- Interface wth the new resource manager.
- Allow for multiple drivers implementing a single devclass.
- Remove ordering dependencies between header files.
- Style cleanup.
- Add DEVICE_SUSPEND and DEVICE_RESUME methods.
- Move to a single-phase interrupt setup scheme.
Kernel builds on the Alpha are brken until Doug gets a chance to incorporate
these changes on that side.
Agreed to in principle by: dfr
This avoids the fsck-on-reboot symptoms if you're shutting down with a
hung or unreachable NFS server mounted. Also remove non-local
filesystems from the mount list to prevent the system hanging when it tries
to unmount them (for the same reason).
Drew points out that there's a good argument for forcibly removing all
"non syncable" filesystems from the mount list (eg. NFS mounts, disks
that aren't responding, etc.) as this then allows you to sync and
cleanly unmount their parents. No such change is included in this
patch.
Submitted by: Andrew Gallatin <gallatin@cs.duke.edu>
pid space somewhat more sparse which improves the performance of finding
an unused pid on systems with large numbers of processes. The new value
was chosen so that it doesn't overflow the 5 digit pid fields in various
programs.
This yields startling performance increases for NFS clients for many
access profiles, due to the fact that ACCESS results are persistently
cached in the namecache in many cases.
Note that the code is somewhat conservative in that it requires an
exact credential match for a cache hit. This bloats the nfsnode
structure by sizeof(struct ucred) (96 bytes). Any less conservative
approach opens the possibility for a false veto in eg. setuid
applications. Alternative suggestions would be welcomed.
The cache is normally disabled, to activate set the sysctl variable
vfs.nfs.access_cache_timeout to a nonzero value. This is the time in
seconds that a cached entry will be considered valid; useful values appear
to be 2-10 seconds. Performance of the cache can be monitored with the
vfs.nfs.access_cache_hits and vfs.nfs.access_cache_hits variables.
basically do a on-the-fly defragmentation of the FFS filesystem, changing
file block allocations to make them contiguous. Thanks to Kirk McKusick
for providing hints on what needed to be done to get this working.