42911 Commits

Author SHA1 Message Date
tjr
f2b3ceb410 Fix some security bugs in the SVR4 emulator:
- Return NULL instead of returning memory outside of the stackgap
  in stackgap_alloc() (FreeBSD-SA-00:42.linux)
- Check for stackgap_alloc() returning NULL in svr4_emul_find(),
  and clean_pipe().
- Avoid integer overflow on large nfds argument in svr4_sys_poll()
- Reject negative nbytes argument in svr4_sys_getdents()
- Don't copy out past the end of the struct componentname
  pathname buffer in svr4_sys_resolvepath()
- Reject out-of-range signal numbers in svr4_sys_sigaction(),
  svr4_sys_signal(), and svr4_sys_kill().
- Don't malloc() user-specified lengths in show_ioc() and
  show_strbuf(), place arbitrary limits instead.
- Range-check lengths in si_listen(), ti_getinfo(), ti_bind(),
  svr4_do_putmsg(), svr4_do_getmsg(), svr4_stream_ti_ioctl().

Some fixes obtain from OpenBSD.
2003-10-20 10:38:48 +00:00
sos
82da7f6b49 We dont support CDROMREADAUDIO anymore. 2003-10-20 09:51:00 +00:00
sos
e5803507e0 Remove no longer existant CDIOCREADAUDIO ioctl. 2003-10-20 09:29:40 +00:00
phk
c096f8aa94 When a driver successfully created a device on demand, we can directly
pick up the DEVFS inode number from the dev_t and find our directory
entry from that, we don't need to scan the directory to find it.

This also solves an issue with on-demand devices in subdirectories.

Submitted by:	cognet
2003-10-20 07:04:09 +00:00
alc
ba669f6199 - Synchronize access to a vm page's valid field using the containing
vm object's lock.
2003-10-20 05:57:55 +00:00
marcel
87282b0dcb Put the RSE backing store at a fixed address. This change is triggered
by libguile that needs to know the base of the RSE backing store. We
currently do not export the fixed address to userland by means of a
sysctl so user code needs to hardcode it for now. This will be revisited
later.

The RSE backing store is now at the bottom of region 4. The memory stack
is at the top of region 4. This means that the whole region is usable
for the stacks, giving a 61-bit stack space.

Port: lang/guile (depended of x11/gnome2)
2003-10-20 05:34:10 +00:00
alc
d681abd0f8 - Remove comments referring to functions that no longer exist. 2003-10-20 05:16:27 +00:00
cognet
18fc7b26c7 Various style and type fixes in my last commit.
Suggested by:	mux
2003-10-20 04:10:20 +00:00
alc
9167e4667d - Hold the vm object's lock around calls to vm_page_set_validclean(). 2003-10-20 04:05:24 +00:00
silby
4c4e7a9593 Fix m_head handling in sis_encap so that the correct mbuf is always handed
to BPF_MTAP.
2003-10-19 23:28:02 +00:00
silby
fc5724e28c Fix a problem where m_defrag would allocate a new mbuf to replace the
chain passed into dc_encap, which dc_start was unaware of.  This caused
the old (now invalid) mbuf to be passed to BPF_MTAP.

Spotted by:	Kenjiro Cho <kjc@csl.sony.co.jp>
2003-10-19 23:05:19 +00:00
silby
4add8d9302 Add a new macro M_ASSERTVALID which ensures that the mbuf in question
is non-free.  (More checks can/should be added in the future.)

Use M_ASSERTVALID in BPF_MTAP so that we catch when freed mbufs are
passed in, even if no bpf listeners are active.

Inspired by a bug in if_dc caught by Kenjiro Cho.
2003-10-19 22:33:41 +00:00
phk
9f420bf43d Add a testcase which validates that the same buffer can be passed to
rijndael_blockDecrypt() as both input and output.

This property is important because inside rijndael we can get away
with allocating just a 16 byte "work" buffer on the stack (which
is very cheap), whereas the calling code would need to allocate the
full sized buffer, and in all likelyhood would have to do so with
an expensive malloc(9).
2003-10-19 22:12:23 +00:00
ume
8ff2c775d4 - revert to old rijndael code. new rijndael code broke gbde.
- since aes-xcbc-mac and aes-ctr require functions in new
  rijndael code, aes-xcbc-mac and aes-ctr are disabled for now.
2003-10-19 21:28:34 +00:00
dwmalone
be405a4cbd falloc allocates a file structure and adds it to the file descriptor
table, acquiring the necessary locks as it works. It usually returns
two references to the new descriptor: one in the descriptor table
and one via a pointer argument.

As falloc releases the FILEDESC lock before returning, there is a
potential for a process to close the reference in the file descriptor
table before falloc's caller gets to use the file. I don't think this
can happen in practice at the moment, because Giant indirectly protects
closes.

To stop the file being completly closed in this situation, this change
makes falloc set the refcount to two when both references are returned.
This makes life easier for several of falloc's callers, because the
first thing they previously did was grab an extra reference on the
file.

Reviewed by:	iedowse
Idea run past:	jhb
2003-10-19 20:41:07 +00:00
alc
676085d671 - Add vm object locking to vfs_clean_pages() and vfs_bio_set_validclean().
This is to synchronize access to the vm page's valid field by
   vm_page_set_validclean().
2003-10-19 20:39:06 +00:00
phk
b7c9250fa7 Remove KASSERT check for negative bio_offsets, add "normal" EIO
error return for same.
2003-10-19 19:06:54 +00:00
imp
92be84c4b4 Finish the removal of the bst/bsh confusion. 2003-10-19 17:38:04 +00:00
mux
d16b904dfe Remove debug printf(). 2003-10-19 14:33:00 +00:00
cognet
82c805f917 Implement partially /proc/<pid>/maps.
It looks enough to make SImics run.

Reviewed by:	des
2003-10-19 14:13:51 +00:00
nyan
eb1cd59204 MFi386: revision 1.577. 2003-10-19 11:35:44 +00:00
bms
6360d0a43d Fix LINT build by correcting a missed change. 2003-10-19 09:31:07 +00:00
njl
432ff6a541 Disable irqs before entering the power-off state. This is not known
to fix any problems but is similar to how Linux implements this
function.
2003-10-19 05:56:59 +00:00
peter
7b3a8f1308 Tidy up loose ends in the idle process. Call the MI cpu_idle() function
for all platforms now.

XXX alpha/sparc64/powerpc should fill in the function.

Submitted by:  bde
2003-10-19 02:43:57 +00:00
peter
05de20ae7a Add a stub cpu_idle() function for sparc64, alpha, powerpc. This is a
MI declared function so it should be everywhere.
2003-10-19 02:36:07 +00:00
davidxu
f2c5a17d79 Use npxdrop in cpu_thread_exit to save some cycles.
Clear FPU pcb flags for new upcall thread, these flags needn't
be inherited, the new thread should start from clean FPU status.
2003-10-19 00:57:10 +00:00
imp
61abce2611 Don't confuse tags and handles. 2003-10-19 00:03:10 +00:00
alc
cc2c1485cf - Synchronize access to a vm page's valid field using the containing
vm object's lock.
 - Reduce the scope of the vm page queues lock in two places.
2003-10-19 00:01:56 +00:00
njl
8689796a4b Add the cpu_idle_hook() function pointer so that other idlers can be
hooked at runtime.  Make C1 sleep (e.g., HLT) be the default.  This
prepares the way for further ACPI sleep states.
2003-10-18 22:25:07 +00:00
alc
fb13ea0aa9 - Synchronize access to the page's valid field in
vnode_pager_generic_getpages() using the containing object's lock.
2003-10-18 21:30:29 +00:00
alc
bccf1d15ab - Increase the object lock's scope in vm_contig_launder() so that access
to the object's type field and the call to vm_pageout_flush() are
   synchronized.
 - The above change allows for the eliminaton of the last parameter
   to vm_pageout_flush().
 - Synchronize access to the page's valid field in vm_pageout_flush()
   using the containing object's lock.
2003-10-18 21:09:21 +00:00
bms
39bde695bf Fix a typo. The module has the EISA front-end commented out, therefore the
error may not have been picked up right away.

Reviewed by:	mdodd
Submitted by:	Stuart Walsh
2003-10-18 20:44:23 +00:00
phk
50ecf36141 Initialize b_iooffset before calling VOP_[SPEC]STRATEGY 2003-10-18 19:49:46 +00:00
phk
4b7ade98cd Initialize b_iooffset before calling strategy 2003-10-18 19:48:21 +00:00
alc
d9e9583e64 Corrections to revision 1.305
- Specifying VM_MAP_WIRE_HOLESOK should not assume that the start
   address is the beginning of the map.  Instead, move to the first
   entry after the start address.
 - The implementation of VM_MAP_WIRE_HOLESOK was incomplete.  This
   caused the failure of mlockall(2) in some circumstances.
2003-10-18 18:48:17 +00:00
phk
ba114823c5 Retire b_pblkno which was an alias for a bio field which is for
device drivers only.
2003-10-18 18:17:55 +00:00
phk
80b79c02da Don't report b_pblkno, it is going away. 2003-10-18 17:59:02 +00:00
phk
36a05b5ad5 Do not initialize bp->b_pblkno, it is going away. 2003-10-18 17:57:48 +00:00
phk
b3eb57c5d4 Retire bio_blkno entirely.
bio_offset is the field drivers should use.
bio_pblkno remains as a convenient place to store the number of
the device drivers.
2003-10-18 17:53:34 +00:00
phk
5a1c5c9c13 Eliminate use bio_blkno. 2003-10-18 17:51:26 +00:00
ume
42120d22ea rtfree() must be called in lock context.
Reported by:	jhay
2003-10-18 17:46:23 +00:00
phk
313310b9a6 Discontinue bio_blkno usage. 2003-10-18 17:45:45 +00:00
phk
583ddf14d7 Discontinue bio_blkno, use bio_offset instead. 2003-10-18 17:44:01 +00:00
phk
8714e3267f Eliminate reporting of bio_blkno. 2003-10-18 17:28:36 +00:00
phk
adc5cdd07a Report bio_pblkbo instead of bio_blkno. 2003-10-18 17:27:10 +00:00
phk
94a1f5bcd6 Use bio_offset instead of bio_blkno 2003-10-18 17:26:13 +00:00
phk
466d3b80d8 No need to initialize bio_pblkno from bio_blkno, disksort uses bio_offset. 2003-10-18 17:24:51 +00:00
phk
b60969a35e Make bioq_disksort() sort on the bio_offset field instead of bio_pblkno. 2003-10-18 15:50:56 +00:00
imp
cec43b43e0 Transition to using bus_space macros rather than the inb/outb/etc.
Use EP_{READ,WRITE}{,_MULTI}_{1,2,4} instead.  I've had several people
submit patches like this over the years of varying qualities, markm
being the last.  The names were chosen in consulation with mdodd on
irc.

I've tested this with only PCMCIA cards: 3CCE589EC and 3CCSH572BT.
I've not tried with my more extensive ISA, EISA and cbus collection.

Reviewed by: mdodd
2003-10-18 15:22:43 +00:00
phk
4c2cb3f397 DuH!
bp->b_iooffset (the spot on the disk), not bp->b_offset (the offset in
the file)
2003-10-18 14:10:28 +00:00