| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
First we check for running out of processes (nprocs variable) before we
continue with the fork, then we do various calls that might sleep (and
allow other forks to start and pass that check), then we increase that
variable. This could allow processes to be created past the limit.
Second is that we don't decrease the the process count for this uid
if the stack allocation fails. So a user could run out of processes
he's allowed to run without actually having them.
miod@ ok
|
|
|
|
|
|
gcc has the nice feature of optimizing various common constructs into
more optimal ones, inlining various calls, etc. The problem with that
is that it assumes that we have a proper libc backing us. We really
don't want to loose all those features by defining -ffreestanding and
right now there is no way to just disable some of them, so we have to
make the kernel more libc-like in some aspects to make it work with
newer gcc.
rename putchar to kputchar because it was nothing like libc putchar (and
only internal to this function). Implement dummy putchar and puts (not
prototyped outside this file).
|
|
give us pages. PR_NOWAIT most likely means "hey, we're coming from an
interrupt, don't mess with stuff that doesn't have proper protection".
- pool_allocator_free is called in too many places so I don't feel
comfortable without that added protection from splvm (and besides,
pool_allocator_free is rarely called anyway, so the extra spl will be
unnoticeable). It shouldn't matter when fiddling with those flags, but
you never know.
- Remove a wakeup without a matching tsleep. It's a left-over from
some other code path that I've been investigating when reworking the
pool a while ago and it should have been removed before that commit.
deraadt@ ok
|
|
|
|
Diff generated by Chris Kuethe.
|
|
|
|
the order doesn't matter at this moment but could be problematic
if 2 tags of the same type are ever added.
ok jason@, dhartmei@, angelos@
|
|
It triggers on ppc and while the check itself is correct, it's better to
fix the bug before breaking peoples systems.
|
|
|
|
|
|
|
|
ok deraadt@ and art@
|
|
|
|
Prevent two localhost crashes with proc filters.
- don't send NOTE_SIGNAL to exiting processes.
- null dereference on error condition.
from Peter Werner <peterw at ifost.org.au>
deraadt@ ok
|
|
- don't send NOTE_SIGNAL to exiting processes.
- null dereference on error condition.
from Peter Werner <peterw at ifost.org.au>
deraadt@ ok
|
|
|
|
You mark one section with VMCMD_BASE and the rest are marked RELATIVE.
Use that to load ELF interpreter correctly in all cases.
Inspired by NetBSD. Great debugging help from drahn@
deraadt@ ok
|
|
ok deraadt@ art@
|
|
Make sure that we don't free random memory when that happens.
From <j at pureftpd.org>
deraadt@ ok
|
|
noted by tdeval@
|
|
|
|
Bug report from Alistair Kerr, tested miod@, inspected art@, ok provos@
|
|
with not refing it.
Eyeballed by lurene@daemonkitty.net, fries@, nordin@ and fries@
Some additional cleanups by nordin@
|
|
on the returned file, do the FREF inside getvnode so that people can't
get away with avoiding FREF and FRELE.
Eyeballed by various people.
|
|
|
|
|
|
the time.
This could lead to problems when a process wants to do an exec on the same
vnode it's being run from and needs to copy in arguments from an uncached
page in the data segment. When that happens uvm detects a vnode deadlock
and returns an error causing execve() return EFAULT.
This fixes the regress test in regress/sys/kern/exec_self
Also, initialize scriptvp early in exec_script because it could be
used uninitialized in a failure case.
|
|
|
|
Found by aaron@
NOTE - I think we need a mount-point iterator just like we have
NOTE - vfs_mount_foreach_vnode. (btw. why don't we use foreach_vnode in here?)
|
|
|
|
|
|
|
|
Make insertion of data into socket buffers O(C):
* Keep pointers to the first and last mbufs of the last record in the
socket buffer.
* Use the sb_lastrecord pointer in the sbappend*() family of functions
to avoid traversing the packet chain to find the last record.
* Add a new sbappend_stream() function for stream protocols which
guarantee that there will never be more than one record in the
socket buffer. This function uses the sb_mbtail pointer to perform
the data insertion. Make TCP use sbappend_stream(). On a profiling
run, this makes sbappend of a TCP transmission using
a 1M socket buffer go from 50% of the time to .02% of the time. Thanks
to Bill Sommerfeld and YAMAMOTO Takashi for their debugging
assistance!
|
|
|
|
Not that it will help much, but what the hell.
noticed by: tedu <grendel@zeitbombe.org>
|
|
last page of DATA, and still have executability unless we can find a
resolution to the GOT/PLT issues in a.out)
|
|
|
|
|
|
|
|
|
|
Just because the pool allocates from intrsafe memory doesn't mean that the
pool has to be protected by splvm. We can have an intrsafe pools at splbio
or splsoftnet.
pool_page_alloc and pool_page_free must du their own splvm protection.
|
|
When trying the drain hook just in pool_allocator_alloc, don't leak memory
when the drain succeeds and don't avoid draining other pools if this
pool doesn't have a drain hook.
|
|
doesn't do anything since no pmap implements exec protection yet.
|
|
an uvm aobj, copy out the signal trampoline into it and share that page
among all processes for the same emulation.
This also requires us to actually be able to tell signal code where the
trampoline is located, so introduce a new field in struct proc - p_sigcode
that is a pointer to sigcode. This allows us to remove all the ugly
calculations of the signal trampoline address done in every sendsig
function in the tree (that's why so many files are changed).
Tested by various people. ok deraadt@
|
|
|
|
|
