| Age | Commit message (Collapse) | Author |
|---|
|
socketpair. Do not wakeup receiver if there is no data available.
OK claudio@ anton@
|
|
OK claudio@ and jca@
|
|
usrreq functions move the mbuf m_freem() logic to the release block
instead of distributing it over the switch statement. Then the
goto release in the initial check, whether the pcb still exists,
will not free the mbuf for the PRU_RCVD, PRU_RVCOOB, PRU_SENSE
command.
OK claudio@ mpi@ visa@
Reported-by: syzbot+8e7997d4036ae523c79c@syzkaller.appspotmail.com
|
|
underflow in a later calcuation. Using the same CMSG_LEN(0) check
that other cmsghdr handlers implemented.
Probelm found by anton@
OK anton@, deraadt@, visa@
|
|
SCM_RIGHTS from being sent to the userland since they hold kernel internal
data and it does not make sense to externalize it.
OK deraadt@, guenther@, visa@
|
|
m_leadingspace() and m_trailingspace(). Convert all callers to call
directly the functions and remove the defines.
OK krw@, mpi@
|
|
OK henning@ benno@
|
|
instead of using a mutex for update serialization. Use a per-fdp mutex
to manage updating of file instance pointers in the `fd_ofiles' array
to let fd_getfile() acquire file references safely with concurrent file
reference releases.
OK mpi@
|
|
This prevents the array from being freed too early. In the function
unp_internalize(), the locking also ensures the per-fdp flags stay
coherent with the file instance.
OK mpi@
|
|
Rename the int array `fdp' to `fds', and use the name `fdp' for
a variable that points to the filedesc struct of the current process.
This use of `fdp' puts unp_externalize() in line with filesystem code.
OK millert@, kettenis@
|
|
These syscalls can now be executed w/o the KERNEL_LOCK() depending on
the kind of socket.
The current solution uses a single global mutex to serialize access to,
and reference count, 'struct file'.
ok visa@, kettenis@
|
|
Instead introduce two flags to deal with global lock recursion. This
is necessary until we get per-socket lock.
Req. by and ok visa@
|
|
unlocking the directory vnode.
OK mpi@, helg@
|
|
locking.
ok visa@, bluhm@
|
|
curproc that does the locking or unlocking, so the proc parameter
is pointless and can be dropped.
OK mpi@, deraadt@
|
|
ok visa@
|
|
ok millert@, visa@
|
|
ok visa@, claudio@
|
|
ok bluhm@
|
|
ok bluhm@
|
|
functions to pave way for more fine grained locking.
Suggested by, comments & OK mpi
|
|
in common checks for unix, inet, inet6 instead of partial checks
here and there. Some checks are already done at a higher layer,
but better be paranoid with user input.
OK claudio@ millert@
|
|
buffers.
This is one step towards unlocking TCP input path. Note that all the
functions asserting for the socket lock are not necessarilly MP-safe.
All the fields of 'struct socket' aren't protected.
Introduce a new kernel-only kqueue hint, NOTE_SUBMIT, to be able to
tell when a filter needs to lock the underlying data structures. Logic
and name taken from NetBSD.
Tested by Hrvoje Popovski.
ok claudio@, bluhm@, mikeb@
|
|
Attach is quite a different thing to the other PRU functions and
this should make locking a bit simpler. This also removes the ugly
hack on how proto was passed to the attach function.
OK bluhm@ and mpi@ on a previous version
|
|
unix domain sockets.
This should prevent the multiple deadlock related to unix domain sockets.
Inputs from millert@ and bluhm@, ok bluhm@
|
|
This makes a (wrong) assert disappear and makes sure we hack to avoid a
recursion in the upcall case still work.
The real solution to this problem is to not grab the NET_LOCK() before
entering uipc_usrreq().
Issue reported by dtucker@
|
|
found by dtucker@
|
|
passing is checked. As the data type has changed in unp_internalize(),
the calculation has to be adapted in sosend().
Found by relayd regress test on i386.
OK millert@
|
|
Recursions are currently known and marked a XXXSMP.
Please report any assert to bugs@
|
|
pledged process. dup(2) and recvmsg(2) retain UF_PLEDGED from the original fd.
In pledge "exec" circumstances, exceve clears UF_PLEDGED on all the process's
fds.
In a pledge'd process, ioctl(2) can use this additional information to grant
access to ioctl's which are more sensitive or dive deeply into the kernel.
Developers will be encouraged to open such sensitive resources before calling
pledge(2), rather than afterwards. That matches the heading of privsep
development practices.
Future changes will introduce those ioctl(2) changes.
Lots of discussions with semarie guenther and benno.
|
|
struct file *, and then externalizes back to fd upon delivery.
Convert storage to array of struct fdpass, containing struct file *
(and soon something else). memcpy originally intended for alignment
purposes can be removed because CMSG_ALIGN is _ALIGN.
There is some anxiety over changing this code, but it reads easier.
ok mpi guenther kettenis
|
|
splsoftnet()/splx() until the known issues are fixed.
In other words, stop using a rwlock since it creates a deadlock when
chrome is used.
Issue reported by Dimitris Papastamos and kettenis@
ok visa@
|
|
to hold it during VFS operations as NFS might try to grab it.
Problem also reported by Siegfried Rudzio on bugs@.
ok visa@
|
|
work without assert.
ok visa@, bluhm@
|
|
swakeup
sowakeup
sowwakeup
unp_connect2
unp_connect
uipc_usrreq
soconnect
sys_connect
reported by stsp@, tb@ and RT Thrush
|
|
sosend <- NET_LOCK()
nfs_send
nfs_request
nfs_lookup
VOP_LOOKUP
vfs_lookup
namei
unp_connect
uipc_usrreq
soconnect <- NET_LOCK()
sys_connect
OK bluhm@ mpi@
|
|
of the network stack that are not yet ready to be executed in parallel or
where new sleeping points are not possible.
This first pass replace all the entry points leading to ip_output(). This
is done to not introduce new sleeping points when trying to acquire ART's
write lock, needed when a new L2 entry is created via the RT_RESOLVE.
Inputs from and ok bluhm@, ok dlg@
|
|
NULL tests.
ok mpi@
|
|
not a pointer to it
|
|
in case sbappendcontrol() fails.
From Simon Mages; OK mikeb@
|
|
to the end of the defer structure. solves sizing and alignment concerns.
|
|
time investigating and arguing about whether a NULL fp is a bug or not,
but what has become clear is that NULL fps get passed to unp_discard
and have been for quite some time.
restore old accomodating behavior by checking for null in unp_gc.
ok deraadt kettenis
|
|
for chroot'd processes.
ok stefan semarie
|
|
|
|
torture tested on amd64, i386 and macppc
ok beck mpi stefan
"the change looks right" deraadt
|
|
|
|
|
|
pledgenote is used for annotate the policy for a namei context. So make it
tracking the nameidata.
It is expected for the caller to explicitly define the policy. It is a kernel
bug to not do so.
ok deraadt@
|
|
- rename _check function without suffix: a "pledge" function called from
anywhere is a "check" function.
- makes pledge_fail call the responsability to the _check function. remove it
from caller.
- make proper use of (potential) returned error of _check() functions.
- adds pledge_kill() and pledge_protexec()
with and OK deraadt@
|
|
|
