by using a dynamic stack as well. Reorder arguments for the internalizer
as the iteration is always present and should go before possibly
NULL arguments.
Reviewed by mjf@ and adrianp@
in its own header file to be included by dkio.h. Fixes breakage due to
pollution from proplib.h in programs which include ioctl.h. Tested and OK
by dogcow@.
userland, deeply nested arrays and dictionaries can easily overflow
the kernel stack and thereby force a panic.
Fix the internalizer and prop_object_release to use a separate call
stack and alter the dictionary and array handling to not recurse on
the C stack. The default stack has an inline depth of 16 elements,
which should keep the overhead reasonable.
This issue was found by Pavel Cahyna and Jachym Holecek.
Additionally add a limit for prop_object_copyin_ioctl to prevent user
programs from temporary allocating unbound amount of kernel memory.
Allow malloc to fail so that tight loops of userland processes can't
force panics by exhausting the kernel map.
Tested with the sample exploit of Jachym, his test suite and reviewed
by himself (initial patch), Christos Zoulas and Jason Thorpe.
as the data pointer to RMD160_Update doesn't have to be aligned.
In SHA256_Update and SHA512_Update, only operate directly on the passed
in data if no left-over in the context exists and the data is correctly
aligned. The problem was exposed by the audit-packages rewrite in C
and reported for the libnbcompat version in PR pkg/36662.
This prevents a possible prefetch past the end of the source buffer.
Note that the semantics of the pld instruction mean that it is unlikely
that this would have caused any problems except in very specific
circumstances in some types of device drivers.
used by uvm_mmap() as a hint for the virtual address to map memory to. As
a consequence, it tended to fail a lot on some architectures.
We cannot use 0, so instead use the value that would have been used if we
were calling mmap(2) with 0 as the first argument.
Fixes PR#34639 by xtraeme@.
To avoid code duplication, move strsep.c to the kernel/userland
common files.
Soon I will commit source-address selection (options IPSELSRC).
It will use strsep(3).
keys and returns them in an array. This effectively allows a caller
to mutate a dictionary while iterating over it (really, you iterate
over the array of keys instead of the dictionary itself).
- Add a slew of utility functions that make it more convenient (in some
circumstances, anyway) to get/set values in a dictionary.
definition of struct rb_ndoe on the endianess is the only explanation I have
why nobody complained about this on i386 - I don't understand why it makes a
difference for gcc though)
the data structure is internally consistent in the face of multiple threads
accessing it concurrently. This is not designed to provide application-
level semantic consistency; applications are responsible for that locking
protocol should it be necessary.
- Rename _PROP_MUTEX_DECL() to _PROP_MUTEX_DECL_STATIC().
plist-based messages and to eliminate looping previously required to
receive a plist from the kernel:
- prop_dictionary_copyin_ioctl() and prop_dictionary_copyout_ioctl()
now take the cmd argument rather than the file open flag. The
read-ness or write-ness of an ioctl command is checked by these
routines to ensure that information is being passed to/from the
userland component properly.
- prop_dictionary_copyout_ioctl() now allocates the memory for the
XML plist on behalf of the userland component by way of uvm_mmap().
The XML plist is copied out to the newly-mapped anonymous region,
and the pointer returned via the plistref.
- prop_dictionary_recv_ioctl() is responsible for munmap()'ing the
region after parsing the XML plist into internal represenatation.
- A new prop_dictionary_sendrecv_ioctl() is added, allowing user space
code to send a dictionary to the kernel and receive one back as a
reply.
Update users of prop_kern for the API changes (Bluetooth).
This constitutes an ABI / protocol change -- but this will also be put
into NetBSD 4.0 so that the first proplib release will implement the new
scheme.
has a significant code size savings over <sys/tree.h>.
Also change prop_number_t to store all number objects in an r-b tree,
only ever allocating one object for any given number (we can do this
because numbers are immutable). This results in significant run-time
memory savings.
so that apps can use this construct safely:
obj = prop_dictionary_get(dict, "value");
if (! prop_number_equals_integer(obj, 5)) {
...
}
Suggested by Iain Hibbert.
- Arrays can now be externalized and internalized in the same way
dictionaries can.
- Add new "externalize to file" and "internalize from file" functions
to make reading a property list from a file and writing a property
list to a file more convenient.
- Many assertions in the object implementations are gone. Instead,
calling an accessor for one object type with a different object type
as an argument will return a suitable "invalid" value.
- prop_object_type() now returns a new PROP_TYPE_UNKNOWN value if called
with a NULL object.
- Externalized property lists now contain a reference to the Apple XML
plist DTD.
- Add a new prop_ingest(3) facility, which provides a convenient way to
translate a dictionary into an arbitrary binary representation.
adavantage of the immutability of these objects:
Statically allocate a TRUE object and a FALSE object, and simply return
references to those objects for create and copy operations.
prop_dictionary_keysym_equals(), and prop_object_equals() functions.
- Use realloc() where it makes sense. There will be more changes in this
area.
- Add a _prop_object_type structure that is used internally to keep
information about the object types. Decreases the footprint of the
objects slightly by replacing several pointers with just one.
instead of leaving random garbage in there.
Should we just use "memset(pd, 0, sizeof(*pd));" instead?
Fixes boot problems on evbppc/WALNUT with new proplib.
kernel behavior before src/common where 0 was a valid dest addr.
This should fix the macppc (and other OEA ppc) silent-death-on-DIAGNOSTIC
issue, and possibly other DIAGNOSTIC failures.
XXX it might be worth thinking about an API where 0 is allowed in
documented cases and not allowed otherwise.
I'm not sure if idempotent versions need to be defined for big endian,
as the man page says in that case they are defined idempotent macros.
PR port-arm/32734
and multiply functions from the old libkern. The m68010 versions
are only compiled when __mc68010__ is defined, presently that's
only done when building for sun2.
Reviewed by christos.
Some Makefiles for standalone programs already have it.
XXX Old src/sys/lib/libkern/arch/mips/memcpy.S had some #ifdef MIPS3_5900
XXX which added some extra nops, but this new common bcopy.S doesn't.