| Age | Commit message (Collapse) | Author |
|---|
|
memory mappings so they cannot be changed by a later mmap(), mprotect(),
or munmap(), which will error with EPERM instead.
ok kettenis
|
|
malloc(9) or pool_get(9).
Pass down a wait flag to pru_attach(). During syscall socket(2)
it is ok to wait, this logic was missing for internet pcb. Pfkey
and route sockets were already waiting.
sonewconn() must not wait when called during TCP 3-way handshake.
This logic has been preserved. Unix domain stream socket connect(2)
can wait until the other side has created the socket to accept.
OK mvs@
|
|
symmetric to counters_read().
OK jmatthew@
|
|
in the past, but those compat layers are gone. Remove support for the
"config file"
ok miod millert
|
|
copyout and malloc. During a sleep another thread could delete the
semaphore (and possibly allocate another one at the same location
with different permissions) which would lead to an invalid access
after wake up. Therefore check the semaphore pointer, the sequence,
the permissions and some values in seminfo after each sleep.
OK bluhm@
Reported-by: syzbot+60ba811fe2e8a6b0f975@syzkaller.appspotmail.com
|
|
findblkname() and DISKUNIT(). Allows all block devices, not just
sd* and vnd* to generate useful names in DEBUG output.
Cluebat by deraadt@
|
|
ok bluhm@
|
|
Give the user a hint as to what happened if they boot up and the TSC
is not the active counter.
"sure" deraadt@
|
|
(and it may seem it should be "r" to get access to the file to collect
the underlying socket, which is fully r/w in a non-file way). But this
matches the POSIX spec that the file be 'writeable'. The regress test
and daemons have been updated for this behaviour.
Gap discovered by martijn, long discussions with benno
|
|
They are no longer needed.
OK bluhm@
|
|
again.
|
|
a file in the filesystem. Spotted by martijn. A review of AF_UNIX
binding programs has been done by benno, and we think it is worth commiting
this semantic change now and watching for fallout.
|
|
on pru_rcvd() return value.
Drop "pru_rcvd != NULL" check within pru_rcvd() wrapper. We only call it
if the socket's protocol have PR_WANTRCVD flag set. Such sockets are
route domain, tcp(4) and unix(4) sockets.
ok guenther@ bluhm@
|
|
to always be able to provide a duid, and keep ignoring whole zero duids.
This fixes a race in vnd setup where the disk_attach callback could run
before any I/O occurs on the vnd, thus not having a label available yet.
noticed by otto@ and kn@; ok kn@
|
|
and BOOTABLE, set BOOTABLE attribute bit instead of using the
incorrect GPTDOSACTIVE value, have 'fdisk -v' print out GPT
partition attributes if any of the 64 bits are set, don't spoof
any partition with REQUIRED bit set.
Prompted by kettenis@ stumbling across a machine with 40+ (!!)
REQUIRED GPT partitions.
Tested & ok kettenis@
|
|
counter parts. Input deraadt.
ok bluhm
|
|
provide locking of the PCB. If that is possible, use shared instead
of exclusive netlock in soreceive(). The PCB mutex provides a per
socket lock against multiple soreceive() running in parallel.
Release and regrab both locks in sosleep_nsec().
OK mvs@
|
|
checking socket type is not sufficient as it could splice together
unix and inet sockets resulting in crashes. As splicing is about
sending, the same send function looks like a good criteria.
Reported-by: syzbot+fc6901d63d858d5dd00a@syzkaller.appspotmail.com
Reported-by: syzbot+0e026f1bf8b259c6395e@syzkaller.appspotmail.com
OK gnezdo@
|
|
Introduce in{,6}_peeraddr() and use them for inet and inet6 sockets,
except tcp(4) case.
Also remove *_usrreq() handlers.
ok bluhm@
|
|
|
|
to int like other flag parameters, NetBSD uses unsigned int, FreeBSD
and Linux do int.
OK bluhm@
|
|
Introduce in{,6}_sockaddr() functions, and use them for all except tcp(4)
inet sockets. For tcp(4) sockets use tcp_sockaddr() to keep debug ability.
The key management and route domain sockets returns EINVAL error for
PRU_SOCKADDR request, so keep this behaviour for a while instead of make
pru_sockaddr handler optional and return EOPNOTSUPP.
ok bluhm@
|
|
|
|
The idea is that device drivers that can wake up the machine register
themselves by calling device_register_wakeup(). To prevent regressions
on amd64, we let acpi(4) register itself as a wakeup device if the AML
for the machine defines wakeup devices. This may be refined in the
future.
This diff will prevent people from suspending their arm64 SBCs without
having a way to wake them up. For now the only driver that registers
itself is axppmic(4), which means that at this moment only SBCs with
an allwinner A64 or H5 SoC will actually support suspend/resume.
ok mlarkin@, deraadt@
|
|
ok deraadt@
|
|
request splitting to (*pru_control)().
ok bluhm@
|
|
|
|
once. libc, man page, and regress parts to come.
With input from jca@, bluhm@.
OK bluhm@
|
|
ok mpi@ millert@
|
|
it extends beyond the edge of the disk the GPT currently
inhabits. We only care if enough of it is addressable that a
disklabel is accessible.
Brings GPT handling of 'OpenBSD partitions extending too far'
into line with the MBR handling of the same situation.
|
|
|
|
once. libc, man page, and regress parts to come.
With input from jca@, guenther@, bluhm@.
OK bluhm@
|
|
The 'proc *' arg is not used for PRU_CONTROL request, so remove it from
pru_control() wrapper.
Split out {tcp,udp}6_usrreqs from {tcp,udp}_usrreqs and use them for
inet6 case.
ok guenther@ bluhm@
|
|
|
|
LBA area (gh_lba_start == gh_lba_end) and allowing either or both
of gh_lba_start and gh_lba_end to exceed the size of the disk the
GPT currently inhabits.
Reduces false negatives and inappropriate fall through to MBR
spoofing and allows repair of otherwise valid GPT.
|
|
script symbols. This is needed since we don't have those symbols on all
archs where we want hibernate.
ok kettenis, and input and help from miod.
|
|
pair, and also provides their names. Internally, 3 NDINIT+namei operations
access /dev/[tp]ty[p-zP-T][0-9a-zA-Z], of these 2 followed unveil restrictions.
I argue if you unveil /dev/ptm, (and not the 372 other nodes), you still want
openpty() to provide you with working fd's, and the names, which the caller
will probably never open manually, because the fd's are given.
So change all NDINIT to use KERNELPATH, bypassing unveil.
ok semarie
|
|
|
|
ok bluhm@
|
|
any attention for some time.
ok otto@ as part of larger diff
|
|
PRU_SENDOOB request always consumes passed `top' and `control' mbufs. To
avoid dummy m_freem(9) handlers for all protocols release passed mbufs
in the pru_sendoob() EOPNOTSUPP error path.
Also fix `control' mbuf(9) leak in the tcp(4) PRU_SENDOOB error path.
ok bluhm@
|
|
way on alpha.
ok bluhm@ mvs@
|
|
before the SIGABRT kills the process. This clarifies the failure mode
(and resolution to take) when a dynamic executable is run while /usr
isn't mounted. ok miod kettenis
|
|
ok bluhm@
|
|
ok bluhm@
|
|
We abort only the sockets which are linked to `so_q' or `so_q0' queues of
listening socket. Such sockets have no corresponding file descriptor and
are not accessed from userland, so PRU_ABORT used to destroy them on
listening socket destruction.
Currently all our sockets support PRU_ABORT request, but actually it
required only for tcp(4) and unix(4) sockets, so i should be optional.
However, they will be removed with separate diff, and this time PRU_ABORT
requests were converted as is.
Also, the socket should be destroyed on PRU_ABORT request, but route and
key management sockets leave it alive. This was also converted as is,
because this wrong code never called.
ok bluhm@
|
|
sockets which could have NULL `so_pcb' and we handle this case within
tcp_rcvd() handler.
ok bluhm@
|
|
The former PRU_SEND error path of gre_usrreq() had `control' mbuf(9)
leak. It was fixed in new gre_send().
The former pfkeyv2_send() was renamed to pfkeyv2_dosend().
ok bluhm@
|
|
ok bluhm@
|
|
ok bluhm@
|
