instead of the whole ds structure.
besides triggering a recently added assert in netbsd32, this stops
exposing kernel addresses.
copy the mode clamping to 0777 from sem to shm and msg.
while here, make sure that the compat callers to sysv_ipc clear
the contents of the compat structure before setting the result
members to ensure padding bytes are cleared.
don't set/copy _sem_base, _msg_first, _msg_last or _shm_internal.
even if used, which seems very dodgy, they leak KVAs as well.
possibly this may affect linux binaries, in particular, the
comments around _shm_internal ("XXX Oh well.") may mean apps
rely upon these but hopefully not -- the comments date back to
rev 1.1 in 1995.
the _key, _seq and _msg_cbytes members are exported as before as
i found multiple consumers of these (no less than ipcs(1), and
they appear to be useful for debugging and more.
XXX: the naming of compat functions have too many styles. there
are at least 3 different ones changed here.
These functions are defined on unsigned int. The generic name
min/max should not silently truncate to 32 bits on 64-bit systems.
This is purely a name change -- no functional change intended.
HOWEVER! Some subsystems have
#define min(a, b) ((a) < (b) ? (a) : (b))
#define max(a, b) ((a) > (b) ? (a) : (b))
even though our standard name for that is MIN/MAX. Although these
may invite multiple evaluation bugs, these do _not_ cause integer
truncation.
To avoid `fixing' these cases, I first changed the name in libkern,
and then compile-tested every file where min/max occurred in order to
confirm that it failed -- and thus confirm that nothing shadowed
min/max -- before changing it.
I have left a handful of bootloaders that are too annoying to
compile-test, and some dead code:
cobalt ews4800mips hp300 hppa ia64 luna68k vax
acorn32/if_ie.c (not included in any kernels)
macppc/if_gm.c (superseded by gem(4))
It should be easy to fix the fallout once identified -- this way of
doing things fails safe, and the goal here, after all, is to _avoid_
silent integer truncations, not introduce them.
Maybe one day we can reintroduce min/max as type-generic things that
never silently truncate. But we should avoid doing that for a while,
so that existing code has a chance to be detected by the compiler for
conversion to uimin/uimax without changing the semantics until we can
properly audit it all. (Who knows, maybe in some cases integer
truncation is actually intended!)
- Remove unused *_NAMES macros for sysctl.
- Remove unused *_MAXID for sysctls.
- Move CTL_MACHDEP sysctl definitions for m68k into m68k/include/cpu.h and
use them on all m68k machines.
entry-point is either sys_nomodule or sys_nosys. Update the
makesyscalls.sh script to create a const array of bits to allow
syscall_disestablish() to properly restore the original entry-point.
Update all the initializers of struct emul to initialize the pointer
to the bit array struct emul.
XXX Regen of all files created by makesyscalls.sh will come soon,
XXX followed by a kernel version bump (since struct emul is being
XXX modified).
This commit should address PR kern/45781 and also removes the need
for the work-around for that PR in file
sys/arch/usermode/modules/syscallemu/syscallemu.c
e_tracesig used to be implemented for Darwin compat. Nowadays the Darwin
compatiblity layer is gone and there are no other users.
This functionality isn't used where it shall be used in the existing
codebase.
If we want to emulate debugging interfaces in compat layers we would need
to implement that from scratch anyway. We would need to be bug compatible
with other OSes too.
Proposed on tech-kern@.
Welcome to NetBSD 8.99.16!
Sponsored by <The NetBSD Foundation>
sys_pipe2() returns two integers (values), the 2nd one is a copy of the 2nd
file descriptor that lands in fildes[2]. This is a side effect of reusing
the code for sys_pipe() (SYS_pipe) and not cleaning it up.
The first returned value is (on success) 0.
Introduced a small refactoring in pipe1() that it does not operate over
retval[], but on an array int[2]. A user sets retval[] for pipe() when
desired and needed.
This refactoring touches compat code: netbsd32, linux, linux32.
Before the changes on NetBSD/amd64:
$ ktruss -i ./a.out
[...]
15131 1 a.out pipe2(0x7f7fff2e62b8, 0) = 0, 4
[...]
After the changes:
$ ktruss -i ./a.out
[...]
782 1 a.out pipe2(0x7f7fff97e850, 0) = 0
[...]
There should not be a visible change for current users.
Sponsored by <The NetBSD Foundation>
zero is hugely flawed. It is easy to demonstrate that one can trick UVM
into chosing a NULL hint after the user_va0_disable check from uvm_map.
Such a bypass allows kernel NULL pointer dereferences to be exploitable on
architectures with a shared userland<->kernel VA, like amd64.
Fix this by increasing the limit of the vm space made available for
userland processes. This way, UVM will never chose a NULL hint, since it
would be outside of the vm space.
The user_va0_disable sysctl still controls this feature.
This change makes struct ifaddr and its variants (in_ifaddr and in6_ifaddr)
MP-safe by using pserialize and psref. At this moment, pserialize_perform
and psref_target_destroy are disabled because (1) we don't need them
because of softnet_lock (2) they cause a deadlock because of softnet_lock.
So we'll enable them when we remove softnet_lock in the future.
The change ensures that ifnet objects in the ifnet list aren't freed during
list iterations by using pserialize(9) and psref(9).
Note that the change adds a pslist(9) for ifnet but doesn't remove the
original ifnet list (ifnet_list) to avoid breaking kvm(3) users. We
shouldn't use the original list in the kernel anymore.
exec_elf32 works on 32bit systems only, and will crash 32bit binaries on
64bit systems.
2) Now that exec_elf32 is dormant, we can give the native ELF loaders the
highest priority.
Binaries will load faster now (system boot, compilation, etc.).
With the help of njloy@. Discussed a bit on tech-kern@, no disagreement.
add comments and KASSERTs to make sure people don't forget to increase
XX_AUX_ENTRIES's when adding vectors.
Reported by martin@ (CV), with suggestions from chs@.
ok martin@ chs@
mrg