return a 3-value enum from a function declared to return bool. This broke
the recurse case for prop_object_equals(). Instead, declare the object type
equals routine to return a _prop_object_equals_rv_t.
Give the same treatment to the object type free routines: declare them to
return a _prop_object_free_rv_t, and consistently check those return values
againt the enum type.
Tidy up some whitespace while we're here.
prop_dictionary_util.
From manual page
The prop_array_util family of functions are provided to make getting and
setting values in arrays more convenient in some applications.
OK by mjf@ and freza@.
and their associated changes, in particular, the following versions.
prop_array.c 1.13-1.16
prop_dictionary.c 1.25-1.28
prop_object_impl.h 1.21-1.25
ok'ed by core@.
acquiring the rwlock recursively in some paths.
Introduce _prop_rwlock_tryrdlock() and use it in these functions, so
that the rwlock is *always* acquired once, while here add some
_PROP_RWLOCK_OWNED asserts to verify.
This definitely fixes the "locking against myself" panics.
when prop_{array,dictionary}_copyout_ioctl() is called.
Introduce _PROP_RWLOCK_OWNED() which is a KASSERT(rw_lock_held(lock))
and use it in those two functions, also acquire the rwlock in other
places where it is required now.
This fixes a LOCKDEBUG panic "locking against myself", as reported by
Geoff C. Wing in current-users@.
by using a dynamic stack as well. Reorder arguments for the internalizer
as the iteration is always present and should go before possibly
NULL arguments.
Reviewed by mjf@ and adrianp@
userland, deeply nested arrays and dictionaries can easily overflow
the kernel stack and thereby force a panic.
Fix the internalizer and prop_object_release to use a separate call
stack and alter the dictionary and array handling to not recurse on
the C stack. The default stack has an inline depth of 16 elements,
which should keep the overhead reasonable.
This issue was found by Pavel Cahyna and Jachym Holecek.
Additionally add a limit for prop_object_copyin_ioctl to prevent user
programs from temporary allocating unbound amount of kernel memory.
Allow malloc to fail so that tight loops of userland processes can't
force panics by exhausting the kernel map.
Tested with the sample exploit of Jachym, his test suite and reviewed
by himself (initial patch), Christos Zoulas and Jason Thorpe.
used by uvm_mmap() as a hint for the virtual address to map memory to. As
a consequence, it tended to fail a lot on some architectures.
We cannot use 0, so instead use the value that would have been used if we
were calling mmap(2) with 0 as the first argument.
Fixes PR#34639 by xtraeme@.
keys and returns them in an array. This effectively allows a caller
to mutate a dictionary while iterating over it (really, you iterate
over the array of keys instead of the dictionary itself).
- Add a slew of utility functions that make it more convenient (in some
circumstances, anyway) to get/set values in a dictionary.
haad