vmspace_exitfree() and vmspace_free() which could result in the same
vmspace being freed twice.
Factor out part of exit1() into new function vmspace_exit(). Attach
to vmspace0 to allow old vmspace to be freed earlier.
Add new function, vmspace_acquire_ref(), for obtaining a vmspace
reference for a vmspace belonging to another process. Avoid changing
vmspace refcount from 0 to 1 since that could also lead to the same
vmspace being freed twice.
Change vmtotal() and swapout_procs() to use vmspace_acquire_ref().
- When setting up a packet for transmit, if we the tx ring is over half
full, kick the binary blob to force it to complete any pending tx
completions.
- In the watchdog routine, poke the binary blob to force it to flush any
pending tx completions and only reset the chip if the blob doesn't
complete any of them.
Correct a bug in the handling of backslash characters in smbfs which can
allow an attacker to escape from a chroot(2). [2]
Security: FreeBSD-SA-06:15.ypserv [1]
Security: FreeBSD-SA-06:16.smbfs [2]
mimicing the NFS reference implementation.
NFS over TCP does not need fast retransmit timeouts, since network loss
and congestion are managed by the transport (TCP), unlike with NFS over
UDP. A long timeout prevents the unnecessary retransmission of non-
idempotent NFS requests.
Reviewed by: mohans, silby, rees?
Sponsored by: Network Appliance, Incorporated
the estimator to be more easily tuned and maintained.
There should be no functional change except there is now a lower limit
on the retransmit timeout to prevent the client from retransmitting
faster than the server's disks can fill requests, and an upper limit
to prevent the estimator from taking too long to retransmit during a
server outage.
Reviewed by: mohan, kris, silby
Sponsored by: Network Appliance, Incorporated
for nfsclient and nfs4client in order to prevent local root users
from panicing the system.
MFC of nfs4client/nfs4_dev.c revision 1.9.
PR: kern/77463
Submitted by: Wojciech A. Koszek
Reviewed by: cel, rees
Security: Local root users can panic the system at will
Sponsored by: Network Appliance, Incorporated
In devfs_first(), set mp->mnt_opt to a valid empty list of mount options
instead of leaving it NULL. This eliminates a kernel panic
when trying to do a mount -o update of /dev.
Noticed by: cjsp
Reviewed by: phk
I encountered repeatable Unaligned access panics similar to:
fatal kernel trap:
trap entry = 0x4 (unaligned access fault)
cpuid = 0
faulting va = 0xfffffc0000fae1c2
opcode = 0x28
register = 0x1
pc = 0xfffffc00004d07dc
ra = 0xfffffc00004d0a1c
sp = 0xfffffe0031875bc0
curthread = 0xfffffc007da237a0
pid = 2, comm = g_event
These occur when a floppy or a CD (the 6.1R install CD will do in most
cases) is in the drive during boot. A floppy or CD inserted *after*
the system was booted did not give me this problem. Interestingly
enough booting from the 6.1-R install CD sometimes caused the crash,
sometimes it did not. When it did not panic an installation of 6.1-R
was possible without any incidents. A subsequent boot from HD with
the CD still present sometimes(...) worked fine, sometimes paniced.
Taking GEOM_GPT out of the kernel config file allows booting without
incidents. We do not need GPT on Alpha, so this is the easy way out.
Discussed with: phk
: /usr/src/sys/i386/acpica/acpi_wakecode.S:35:19: assym.s: No such file or directory
: /usr/src/sys/i386/acpica/acpi_wakecode.S: Assembler messages:
: /usr/src/sys/i386/acpica/acpi_wakecode.S:103: Error: suffix or operands invalid for `ljmp'
Reported by: many
Add new SIOC_HCI_RAW_NODE_LIST_NAMES ioctl. User-space applications can
use this ioctl to obtain the list of HCI nodes. User-space application
is expected to preallocate 'ng_btsocket_hci_raw_node_list_names' structure
and set limit in 'num_nodes' field. The 'nodes' field should be allocated
as well and it should have space for at least 'num_nodes' elements.
The SIOC_HCI_RAW_NODE_LIST_NAMES should be issued on bound raw HCI socket.
It does not really really matter what HCI name the socket is bound to, as
long as it is not empty.
date: 2006/04/10 14:07:28; author: csjp; state: Exp; lines: +0 -2
Kill the last Giant acquisition in the exit(2) code. This Giant acquisition
doesn't appear to be protecting anything. Most of consumers funsetownlst(9)
do not appear to be picking up Giant anywhere. This was originally a part
of my Giant exit(2) clean up revision 1.272 but I thought it was a good idea
to leave it out until we were able to analyze it better.
Add kqueue(2) support on if_tap(4) interfaces. While I'm here, replace
K&R style function declarations with ANSI style. Also fix endian bugs
accessing ioctl arguments that are passed by value.
Do not call knlist_destroy() in tapclose(). Instead call it when device is
actually destroyed. Also move call to knlist_init() into tapcreate(). This
should fix panic described in kern/95357.
PR: kern/93897, kern/95357
Submitted by: Vilmos Nebehaj < vili at huwico dot hu >
Fix the interrupt handler to do the mandatory PCI flush before looking at
DMA memory. The could contribute towards missed link state changes under
heavy bus load.
- i915 attachment and running fixed
- i915 vblank support
- Radeon's new memory map support, which should fix a host of stability issues
when combined with new userland.
- ATI PCI/PCIE GART fix.
- r300 fixes
Also adds a hack to the radeon module Makefile to quiet gcc's fatal warnings
about inlines in this contrib code.
date: 2006/03/03 09:12:21; author: thompsa; state: Exp; lines: +22 -7
Since we are using random ethernet addresses for the bridge, it is possible
that we might have address collisions, so make sure that this hardware address
isn't already in use on another bridge.
Slightly re-worked bpf(4) code associated with bridging: if we have a
destination interface as a member of our bridge or this is a unicast packet,
push it through the bpf(4) machinery.
For broadcast or multicast packets, don't bother with the bpf(4) because it will
be re-injected into ether_input. We do this before we pass the packets through
the pfil(9) framework, as it is possible that pfil(9) will drop the packet or
possibly modify it, making it very difficult to debug firewall issues on the
bridge.
Further, implemented IFF_MONITOR for bridge interfaces. This does much the same
thing that it does for regular network interfaces: it pushes the packet to any
bpf(4) peers and then returns. This bypasses all of the bridge machinery,
saving mutex acquisitions, list traversals, and other operations performed by
the bridging code.
This change to the bridging code is useful in situations where individuals use a
bridge to multiplex RX/TX signals from two interfaces, as is required by some
network taps for de-multiplexing links and transmitting the RX/TX signals
out through two separate interfaces. This behaviour is quite common for network
taps monitoring links, especially for certain manufacturers.
Unbreak byte counters when network interfaces are in monitor mode by
re-organizing the monitor return logic. We perform interface monitoring
checks after we have determined if the CRC is still on the packet, if
it is, m_adj() is called which will adjust the packet length. This
ensures that we are not including CRC lengths in the byte counters for
each packet.
Pickup locks for the BPF interface structure. It's quite possible that
bpf(4) descriptors can be added and removed on this interface while we
are processing stats.
