| Age | Commit message (Collapse) | Author |
|---|
|
From mpi@'s netlock diff; OK mikeb@
|
|
set variables that will be later used as the size argument to
free(NULL calls. This should be harmless as free returns early if the
address is NULL without checking the size. Initialise these variables
before the call to ensure they are never passed to another function
uninitialised.
ok tedu@ millert@ deraadt@
|
|
Use a local variable struct process *pr to simplify expressions
ok deraadt@
|
|
ok mpi@ mikeb@
|
|
as noted by haesbaert, this is necessary to avoid deadlocks because
the scheduler can call back into the timeout subsystem while its
holding its own locks.
this happened in two places. firstly, in softclock() it would take
timeout_mutex to find pending work. if that pending work needs a
process context, it would queue the work for the thread and call
wakeup, which enters the scheduler locks. if another cpu is trying
to tsleep (or msleep) with a timeout specified, the sleep code would
be holding the sched lock and call timeout_add, which takes
timeout_mutex.
this is solved by deferring the wakeup to after timeout_mutex is
left. this also has the benefit of mitigating the number of wakeups
done per softclock tick.
secondly, the timeout worker thread takes timeout_mutex and calls
msleep when there's no work to do (ie, the queue is empty). msleep
will take the sched locks. again, if another cpu does a tsleep
with a timeout, you get a deadlock.
to solve this im using sleep_setup and sleep_finish to sleep on an
empty queue, which is safe to do outside the lock as it is comparisons
of the queue head pointers, not derefs of the contents of the queue.
as long as the sleeps and wakeups are ordered correctly with the
enqueue and dequeue operations under the mutex, this all works.
you can think of the queue as a single descriptor ring, and the
wakeup as an interrupt.
the second deadlock was identified by guenther@
ok tedu@ mpi@
|
|
from Sebastien Marie
|
|
|
|
Years ago Theo made read(2) return 0 on directories, instead of dumping
the directory content. Another behavior is allowed as an extension by
POSIX, returning an EISDIR error, as used on a few other systems. This
behavior is deemed more useful as it helps spotting errors. This
implies that it might break some setups.
Ports bulk builds by ajacoutot@ and naddy@, ok millert@ bluhm@ naddy@
deraadt@
|
|
the comparison is always true.
ok jca@, tedu@
|
|
|
|
|
|
|
|
Add sysctl kern.allowkmem (default 0) which controls the ability to open
/dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99%
of utilities in the tree to operate on sysctl-nodes (either by themselves
or via code hiding in the guts of -lkvm).
pstat -d and -v & procmap are affected and continued use of them will
require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's
buddy sendbug) are affected, but we'll work out a solution soon.
There will be some impact in ports.
ok kettenis guenther
|
|
ok guenther
|
|
ok guenther
|
|
callbacks needing a process context.
The function timeout_set_proc(9) has to be used instead of timeout_set(9)
when a timeout callback needs a process context.
Note that if such a timeout is waiting, understand sleeping, for a non
negligible amount of time it might delay other timeouts needing a process
context.
dlg@ agrees with this as a temporary solution.
Manpage tweaks from jmc@
ok kettenis@, bluhm@, mikeb@
|
|
paths of libevent). This interface was the first generation of what
eventually became getentropy(2) and arc4random(3) -- june 1997!
Ports scan by sthen, general agreement guenther
|
|
we enter networking code. Fixes an splassert() found by David Hill.
OK mikeb@
|
|
places for the upcoming network lock. This might trigger some
asserts, but we have to find the missing code paths.
OK mpi@
|
|
|
|
|
|
this was part of the larger diff that was ok guenther@ mpi@, somehow I forgot
to commit this particular piece.
|
|
going on more clearly
ok beck@ tedu@
|
|
ok deraadt
|
|
i had to shuffle the includes a bit. all the knowledge of the RB
tree is now inside vfs_cache.c, and all accesses are via cache_*
functions.
|
|
i had to shuffle the order of some header bits cos RBT_PROTOTYPE
needs to see what RBT_HEAD produces.
|
|
vm_page structs go into three trees, uvm_objtree, uvm_pmr_addr, and
uvm_pmr_size. all these have been moved to RBT code.
this should give us a decent chunk of code space back.
|
|
i mustnt have cleaned this up properly when i copied the tree.h code
from Ilya Kaliman
|
|
this seems like a better way forward than simply removing the
poisoning that uvm does.
|
|
|
|
|
|
the ioff argument to pool_init() is unused and has been for many
years, so this replaces it with an ipl argument. because the ipl
will be set on init we no longer need pool_setipl.
most of these changes have been done with coccinelle using the spatch
below. cocci sucks at formatting code though, so i fixed that by hand.
the manpage and subr_pool.c bits i did myself.
ok tedu@ jmatthew@
@ipl@
expression pp;
expression ipl;
expression s, a, o, f, m, p;
@@
-pool_init(pp, s, a, o, f, m, p);
-pool_setipl(pp, ipl);
+pool_init(pp, s, a, ipl, f, m, p);
|
|
this is half way to recovering the space used by the subr_tree code.
|
|
cos m_copym only does shallow copies, we can make the code do them
unconditionally.
for millert@
|
|
ok millert@ mpi@ henning@ claudio@ markus@
|
|
with m_makespace(4) from freebsd; ok mpi@, bluhm@, mikeb@, dlg@
|
|
by a write lock.
ok guenther@, vgross@
|
|
This is not an issue right now, but it will become one when an non
recursive lock will be used.
ok claudio@
|
|
file system mounted without MNT_WXALLOWED, fail with EACCES rather
than with ENOEXEC, to discourage the shell from trying to run the
file as a shell script.
OK deraadt@ millert@; tedu@ and halex@ agreed with the general direction.
|
|
without root privileges. This is only the kernel/mount flag; additional
work in the build Makefile's will be necessary such that the files in
$DESTDIR are created with correct permissions.
tedu couldn't find anything wrong with it in a quick review
idea & ok deraadt
|
|
|
|
add a comment to this effect, and explain the intention.
|
|
Committing for guenther@ because he is on United and apparently
they break ssh (as well as guitars)
ok deraadt@ in the car from cambridge
|
|
needed. All callers using the protosw pr_ctlinput pointer do a NULL check
before so there is no need to provide the function.
|
|
itll go in again when i dont break userland.
|
|
ok tedu@
|
|
|
|
ok deraadt@
|
|
ok deraadt@ guenther@
|
|
profiling framework.
Code patching is used to enable probes when entering functions. The
probes will call a mcount()-like function to match the behavior of a
GPROF kernel.
Currently only available on amd64 and guarded under DDBPROF. Support
for other archs will follow soon.
A new sysctl knob, ddb.console, need to be set to 1 in securelevel 0
to be able to use this feature.
Inputs and ok guenther@
|
