aboutsummaryrefslogtreecommitdiff
path: root/sys/kern
Commit message (Collapse)AuthorAgeFilesLines
* MFC r197711 (partial) to 6.x and 7.x:Simon L. B. Nielsen2009-10-024-44/+126
| | | | | | | | | | | | | | | | | | | | | | | - Add no zero mapping feature, disabled by default. [EN-09:05] MFC 178913,178914,179242,179243,180336,180340 to 6.x: - Fix kqueue pipe race conditions. [SA-09:13] MFC r192301 to 7.x; 6.x has slightly different fix: - Fix devfs / VFS NULL pointer race condition. [SA-09:14] Security: FreeBSD-SA-09:13.pipe Security: FreeBSD-SA-09:14.devfs Errata: FreeBSD-EN-09:05.null Submitted by: kib [SA-09:13] [SA-09:14] Submitted by: bz [EN-09:05] In collaboration with: jhb, kib, alc [EN-09:05] Approved by: so (simon) Notes: svn path=/releng/6.3/; revision=197715
* Prevent integer overflow in direct pipe write code from circumventingColin Percival2009-06-101-0/+2
| | | | | | | | | | | | | | | | | virtual-to-physical page lookups. [09:09] Add missing permissions check for SIOCSIFINFO_IN6 ioctl. [09:10] Fix buffer overflow in "autokey" negotiation in ntpd(8). [09:11] Approved by: so (cperciva) Approved by: re (not really, but SVN wants this...) Security: FreeBSD-SA-09:09.pipe Security: FreeBSD-SA-09:10.ipv6 Security: FreeBSD-SA-09:11.ntpd Notes: svn path=/releng/6.3/; revision=193893
* Prevent cross-site forgery attacks on ftpd(8) due to splittingColin Percival2008-12-231-0/+5
| | | | | | | | | | | | | | | | long commands into multiple requests. [08:12] Avoid calling uninitialized function pointers in protocol switch code. [08:13] Merry Christmas everybody... Approved by: so (cperciva) Approved by: re (kensmith) Security: FreeBSD-SA-08:12.ftpd, FreeBSD-SA-08:13.protosw Notes: svn path=/releng/6.3/; revision=186405
* Fix sendfile(2) write-only file permission bypass.Simon L. B. Nielsen2008-02-142-15/+18
| | | | | | | | Security: FreeBSD-SA-08:03.sendfile Approved by: so (simon) Notes: svn path=/releng/6.3/; revision=176272
* MFC rev. 1.181:Konstantin Belousov2007-12-071-3/+10
| | | | | | | | | | | Check for the program headers alignment of the ELF images before dereferencing. Unaligned access could cause panic on strict alignment architectures. Approved by: re (kensmith) Notes: svn path=/releng/6.3/; revision=174408
* MFC r1.209Andrew Thompson2007-12-071-0/+2
| | | | | | | | | | Apply a workaround for the unkillable jail problem where some devices created within the jail are never freed. Approved by: re (kensmith) Notes: svn path=/releng/6.3/; revision=174389
* Merge kern_mbuf.c:1.9.2.10 from RELENG_6 to RELENG_6_3:Robert Watson2007-12-051-0/+2
| | | | | | | | | | | | | | | | | Call NET_LOCK_GIANT/NET_UNLOCK_GIANT around calls to protocol drain methods in mb_reclaim(). This is not an MFC, as debug.mpsafenet is not present in 7.x or 8.x. In practice, this likely resulted in instability only on kernels with INVARIANTS, as the protocol drain paths are generally MPSAFE. PR: 116034 Reported by: Dan Lukes <dan@obluda.cz> Discussed with: kmacy, alc Approved by: re (kensmith) Tested by: Eugene Grosbein <eugen at grosbein dot pp dot ru> Notes: svn path=/releng/6.3/; revision=174279
* MFC: Bump up the number of ttys supported by pty(4) to 512.John Baldwin2007-11-271-3/+3
| | | | | | | Approved by: re (kensmith) Notes: svn path=/releng/6.3/; revision=173992
* MFC 1.193:Jean-Sébastien Pédron2007-11-251-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | The kernel uses two ways to write data on a pipe: o buffered write, for chunks smaller than PIPE_MINDIRECT bytes o direct write, for everything else A call to writev(2) may receive struct iov of various size and the kernel may have to switch from one solution to the other. Before doing this, it must wake reader processes and any select/poll/kqueue up. This commit fixes a bug where select/poll/kqueue are not triggered when switching from buffered write to direct write. It adds calls to pipeselwakeup(). I give more details on freebsd-arch@: http://lists.freebsd.org/pipermail/freebsd-arch/2007-September/006790.html This should fix issues with Erlang (lang/erlang) and kqueue. Reported by: Rickard Green (Erlang) Approved by: re (kensmith) Notes: svn path=/releng/6.3/; revision=173908
* Merge kern_proc.c:1.255 from HEAD to RELENG_6:Robert Watson2007-11-241-0/+5
| | | | | | | | | | | | Test that p_textvp is non-NULL be dereferencing, as no executable vnode is set for kernel processes. Reported by: Skip Ford <skip at menantico dot com> Approved by: re (kensmith) Notes: svn path=/stable/6/; revision=173885
* MFC Add pathname to the linker_file structure.John Birrell2007-11-181-2/+22
| | | | Notes: svn path=/stable/6/; revision=173713
* MFC: Make it easier to add more ptys to the pty(4) driver.John Baldwin2007-11-151-20/+13
| | | | | | | Approved by: re (kensmith) Notes: svn path=/stable/6/; revision=173656
* MFC of un-neede singl-threading code.Julian Elischer2007-11-061-42/+0
| | | | Notes: svn path=/stable/6/; revision=173383
* MFC:Poul-Henning Kamp2007-11-051-0/+33
| | | | | | | bus_alloc_resources() convenience API Notes: svn path=/stable/6/; revision=173363
* MFC revision 1.350, move where we audit the PID to ensure that it getsChristian S.J. Peron2007-11-041-1/+1
| | | | | | | audited even if it's invalid. Notes: svn path=/stable/6/; revision=173333
* MFC 1.55: Fix another edge case in rman_manage_region() that could resultJohn Baldwin2007-11-021-6/+7
| | | | | | | in the the resource list getting missorted. Notes: svn path=/stable/6/; revision=173288
* MFC to RELENG_6 part of kern_intr.c revision 1.142:Ed Maste2007-10-291-1/+2
| | | | | | | | - Don't do the interrupt storm protection stuff for software interrupt handlers. Notes: svn path=/stable/6/; revision=173156
* Oops. Remove a debug printf.Olivier Houchard2007-10-161-1/+0
| | | | | | | Spotted out by: delphij Notes: svn path=/stable/6/; revision=172717
* Use 16 - 1 instead of 16 as the align argument of uma_zcreate(), as it'sOlivier Houchard2007-10-161-2/+3
| | | | | | | what is expected. Notes: svn path=/stable/6/; revision=172714
* MFC: Always use an exclusive lock on the leaf vnode during an open() whenJohn Baldwin2007-10-032-3/+3
| | | | | | | | | shared lookups are enabled. This closes a few races including a race where concurrent opens of a fifo could result in different v_fifoinfo structures in different threads. Notes: svn path=/stable/6/; revision=172428
* Remove the *_queue() variants of various sleepq and turnstile functionsJohn Baldwin2007-09-277-41/+42
| | | | | | | | | | | and always require the queue to be specified to reduce diffs with HEAD. These APIs are internal APIs only used to implement higher level primitives such as locks and condition variables. Approved by: alfred Notes: svn path=/stable/6/; revision=172355
* MFC some comment updates to account for multi-queue support missed earlierJohn Baldwin2007-09-271-38/+40
| | | | | | | | as well as a few other changes (whitespace, style, etc.) to reduce diffs with HEAD. Notes: svn path=/stable/6/; revision=172352
* - Remove some debugging nits in the MFC of rwlocks that looked for casesJohn Baldwin2007-09-271-17/+14
| | | | | | | | | | | | | | where a reader blocked on a lock with no owner and just assert that it never happens like HEAD. - Actually set td->td_tsqueue to the sub-queue of a turnstile that a thread is actually enqueued to. Otherwise, the kernel would always think that threads were on the queue for exclusive (write) waiters (queue 0). Thus, if the priority of a thread waiting on a read lock was adjusted while it was waiting it could result in corrupting the queue of waiting threads. Notes: svn path=/stable/6/; revision=172351
* MFC 1.167: Use a UMA zone to handle the turnstile objects rather thanJohn Baldwin2007-09-271-20/+54
| | | | | | | malloc(9). Notes: svn path=/stable/6/; revision=172350
* Make td_sqqueue a char and move it into a pre-existing "hole" fromJohn Baldwin2007-09-271-1/+1
| | | | | | | alignment padding to restore the ABI of 'struct thread' in 6.x. Notes: svn path=/stable/6/; revision=172349
* - Restore the 'show sleepq' DDB command.John Baldwin2007-09-271-5/+62
| | | | | | | - Trim some extra includes. Notes: svn path=/stable/6/; revision=172348
* Use lock_init() and lock_destroy().John Baldwin2007-09-271-13/+2
| | | | Notes: svn path=/stable/6/; revision=172347
* A few tweaks to reduce diffs with HEAD including using lock_init() andJohn Baldwin2007-09-271-12/+5
| | | | | | | | lock_destroy() and adding a missing #include so that NO_ADAPTIVE_RWLOCKS is honored. Notes: svn path=/stable/6/; revision=172346
* MFC: new kernel config option, VERBOSE_SYSINIT.David E. O'Brien2007-09-141-0/+45
| | | | | | | (kern/init_main.c rev. 1.263) Notes: svn path=/stable/6/; revision=172171
* FreeBSD 7 has a macro that converts calls to sx_init -> sx_init_flags,Alfred Perlstein2007-09-101-0/+7
| | | | | | | | | however FreeBSD 6 needs this as a function to preserve binary compat. Pointed out by: kmacy Notes: svn path=/stable/6/; revision=172140
* Remove/refactor calls to turnstile_release() as it turns out thatAlfred Perlstein2007-09-051-5/+4
| | | | | | | | | | | turnstile_unpend_queue() drops the lock that turnstile_release() does. This was triggering a mtx_unlock() of an already unlocked mutex panic. Obtained from: Juniper Networks Notes: svn path=/stable/6/; revision=172059
* Unbreak "options DDB" breakage from previous commit.Alfred Perlstein2007-09-052-3/+6
| | | | Notes: svn path=/stable/6/; revision=172051
* Backport of optimized sx locks and rwlocks from FreeBSD 7.0.Alfred Perlstein2007-09-046-462/+1080
| | | | | | | | Reviewed by: attilio, jhb Obtained from: Juniper Networks Notes: svn path=/stable/6/; revision=172047
* MFC:JINMEI Tatuya2007-08-231-2/+2
| | | | | | | | | | | | | | | Fix a kernel panic based on receiving an ICMPv6 Packet too Big message. (MFC was planned but has been missed) PR: 99779 Submitted by: Jinmei Tatuya Reviewed by: clement, rwatson Approved by: gnn (mentor) src/sys/kern/uipc_socket.c: 1.280 Notes: svn path=/stable/6/; revision=171938
* MFC 1.26 and 1.27: use proper loop variables and sched_bind() behaviorNate Lawson2007-08-221-29/+19
| | | | Notes: svn path=/stable/6/; revision=171915
* This commit was manufactured by cvs2svn to create branch 'RELENG_6'.cvs2svn2007-08-181-0/+991
| | | | Notes: svn path=/stable/6/; revision=171882
* MFC 1.87: Avoid manipulating semu_list outside of the scope ofJohn Baldwin2007-08-081-2/+5
| | | | | | | | SEMUNDO_LOCK(). This would lead to an occasional hang with a cycle in semu_list. Notes: svn path=/stable/6/; revision=171789
* MFC rev. 1.273, submitted by peter:Konstantin Belousov2007-08-031-7/+17
| | | | | | | | | | | Change kn_hook value from cdev to struct tty to avoid dereferencing freed cdev. In ttygone(), wake up select(), sigio and kevent() users in addition to the queue sleepers. Return EV_EOF from kevent filters if TS_GONE is set. Notes: svn path=/stable/6/; revision=171708
* MFC: Close race conditions between fork() and [sg]etpriority()'sJohn Baldwin2007-07-192-5/+17
| | | | | | | PRIO_USER case, and possibly also other places that deference p_ucred. Notes: svn path=/stable/6/; revision=171504
* MFC (3 of X):Alexander Leidinger2007-07-081-2/+10
| | | | | | | | | | | | | - In preparation of further linuxulator fixes MFC kern_descrip.c rev 1.296 and syscallsubr.h rev 1.41 by jhb: Add a kern_close() so that the ABIs can close a file descriptor w/o having to populate a close_args struct and change some of the places that do. Tested by: scf (i386, as part of a mega-MFC-patch), Arno J. Klaassen <arno@heho.snv.jussieu.fr> (amd64) Notes: svn path=/stable/6/; revision=171300
* MFC 1.306: Conditionally acquire Giant when dropping a reference on theJohn Baldwin2007-06-251-1/+6
| | | | | | | ktrace vnode during execve(). Notes: svn path=/stable/6/; revision=171035
* MFC compat32 argument to do_wait() to make it use fuword32() for readlingEd Maste2007-06-231-4/+8
| | | | | | | | | longs from 32 bit processes. Submitted by: jhb Notes: svn path=/stable/6/; revision=171012
* MFC: Support for running 32-bit multithreaded binaries using libthr onJohn Baldwin2007-06-182-23/+351
| | | | | | | | | | | | | | | | amd64 including: - Add 32-bit wrappers for thr_new(), thr_suspend(), and the umtx system calls. - Add support to amd64 for constructing thread upcalls for 32-bit processes. - Leave %fs and %gs alone in the signal trampoline for 32-bit processes on amd64. - Add 'casuword32()' to amd64 and ia64. Tested by: emaste Notes: svn path=/stable/6/; revision=170945
* MFCKonstantin Belousov2007-06-111-2/+4
| | | | | | | | | | rev. 1.521 of src/sys/kern/vfs_bio.c rev. 1.477 of src/sys/sys/proc.h Disable nesting of BOP_BDFLUSH(). Notes: svn path=/stable/6/; revision=170555
* MFC:Konstantin Belousov2007-06-111-42/+51
| | | | | | | | | | | | | | | | | | | | | | | | | | | rev. 1.11 of src/sys/geom/geom_vfs.c rev. 1.516 of src/sys/kern/vfs_bio.c rev. 1.35 of src/sys/nfs4client/nfs4_vnops.c rev. 1.272 of src/sys/nfsclient/nfs_vnops.c rev. 1.195 of src/sys/sys/buf.h rev. 1.18 of src/sys/sys/bufobj.h rev. 1.73 of src/sys/ufs/ffs/ffs_extern.h rev. 1.133 of src/sys/ufs/ffs/ffs_snapshot.c rev. 1.324 of src/sys/ufs/ffs/ffs_vfsops.c Avoid dealing with buffers in bdwrite() that are from other side of snaplock divisor in the lock order then the buffer being written. Add new BOP, bop_bdwrite(), to do dirty buffer flushing for same vnode in the bdwrite(). Default implementation, bufbdflush(), refactors the code from bdwrite(). For ffs device buffers, specialized implementation is used. This commit changes KPI/KBI, thus recompilation of out of tree kernel modules is required. Approved by: re (kensmith) Notes: svn path=/stable/6/; revision=170553
* MFC: Add support for kernel modules with a single PT_LOAD section.John Baldwin2007-06-061-6/+9
| | | | Notes: svn path=/stable/6/; revision=170383
* MFC 1.176: Add vm map and object locking to each_writable_segment().John Baldwin2007-06-061-10/+15
| | | | Notes: svn path=/stable/6/; revision=170382
* MFC rev. 1.309 of sys/kern/kern_descrip.c,Konstantin Belousov2007-05-292-3/+19
| | | | | | | | | | | | | | rev. 1.438 of sys/kern/vfs_syscalls.c, rev. 1.77 of sys/sys/filedesc.h: Mark the filedescriptor table entries with VOP_OPEN being performed for them as UF_OPENING. Disable closing of that entries. This should fix the crashes caused by devfs_open() (and fifo_open()) dereferencing struct file * by index, while the filedescriptor is closed by parallel thread. RELENG_6 testing by: Mark Kane <mark at mkproductions org> Notes: svn path=/stable/6/; revision=170092
* MFC: expose vdropl()Dag-Erling Smørgrav2007-05-241-2/+1
| | | | Notes: svn path=/stable/6/; revision=169940
* MFC 1.308: Use kern_open() to open /dev/null in fdcheckstd().John Baldwin2007-05-231-42/+9
| | | | Notes: svn path=/stable/6/; revision=169917
generated by cgit v1.3 (git 2.53.0) at 2026-05-12 01:32:04 +0000