OpenGrok
| Home | Sort by: relevance | last modified time | path |
Searched hist:1.384 (Results 1 -
25 of 90) sorted by relevancy
Completed in 554 milliseconds
| /src/sys/arch/x86/include/ | |
| sysarch.h | 1.7.10.1 Sat Apr 04 17:39:09 UTC 2009 snj Pull up following revision(s) (requested by ad in ticket #656): sys/arch/amd64/amd64/gdt.c: revision 1.21 via patch sys/arch/amd64/amd64/machdep.c: revision 1.129 via patch sys/arch/i386/i386/gdt.c: revision 1.47 via patch sys/arch/i386/i386/kvm86.c: revision 1.17 via patch sys/arch/i386/i386/locore.S: revision 1.85 via patch sys/arch/i386/i386/machdep.c: revision 1.666 via patch sys/arch/i386/i386/vector.S: revision 1.45 via patch sys/arch/i386/include/pcb.h: revision 1.47 via patch sys/arch/x86/include/pmap.h: revision 1.22 via patch sys/arch/x86/include/sysarch.h: revision 1.8 via patch sys/arch/x86/x86/pmap.c: revision 1.80 via patch sys/arch/x86/x86/sys_machdep.c: revision 1.17 via patch sys/compat/linux/arch/i386/linux_machdep.c: revision 1.143 via patch sys/kern/init_main.c: revision 1.384 via patch PR port-i386/40143 Viewing an mpeg transport stream with mplayer causes crash Fix numerous problems: 1. LDT updates are not atomic. 2. Number of processes running with private LDTs and/or I/O bitmaps is not capped. System with high maxprocs can be paniced. 3. LDTR can be leaked over context switch. 4. GDT slot allocations can race, giving the same LDT slot to two procs. 5. Incomplete interrupt/trap frames can be stacked. 6. In some rare cases segment faults are not handled correctly. |
| /src/sys/kern/ | |
| subr_exec_fd.c | 1.8.4.1 Wed Nov 20 14:01:59 UTC 2024 martin Pull up following revision(s) (requested by riastradh in ticket #1921): sys/kern/kern_event.c: revision 1.106 sys/kern/sys_select.c: revision 1.51 sys/kern/subr_exec_fd.c: revision 1.10 sys/kern/sys_aio.c: revision 1.46 sys/kern/kern_descrip.c: revision 1.244 sys/kern/kern_descrip.c: revision 1.245 sys/ddb/db_xxx.c: revision 1.72 sys/ddb/db_xxx.c: revision 1.73 sys/miscfs/fdesc/fdesc_vnops.c: revision 1.132 sys/kern/uipc_usrreq.c: revision 1.195 sys/kern/sys_descrip.c: revision 1.36 sys/kern/uipc_usrreq.c: revision 1.196 sys/kern/uipc_socket2.c: revision 1.135 sys/kern/uipc_socket2.c: revision 1.136 sys/kern/kern_sig.c: revision 1.383 sys/kern/kern_sig.c: revision 1.384 sys/compat/netbsd32/netbsd32_ioctl.c: revision 1.107 sys/miscfs/procfs/procfs_vnops.c: revision 1.208 sys/kern/subr_exec_fd.c: revision 1.9 sys/kern/kern_descrip.c: revision 1.252 (all via patch) Load struct filedesc::fd_dt with atomic_load_consume. Exceptions: when fd_refcnt <= 1, or when holding fd_lock. While here: - Restore KASSERT(mutex_owned(&fdp->fd_lock)) in fd_unused. => This is used only in fd_close and fd_abort, where it holds. - Move bounds check assertion in fd_putfile to where it matters. - Store fd_dt with atomic_store_release. - Move load of fd_dt under lock in knote_fdclose. - Omit membar_consumer in fdesc_readdir. => atomic_load_consume serves the same purpose now. => Was needed only on alpha anyway. Load struct fdfile::ff_file with atomic_load_consume. Exceptions: when we're only testing whether it's there, not about to dereference it. Note: We do not use atomic_store_release to set it because the preceding mutex_exit should be enough. (That said, it's not clear the mutex_enter/exit is needed unless refcnt > 0 already, in which case maybe it would be a win to switch from the membar implied by mutex_enter to the membar implied by atomic_store_release -- which I would generally expect to be much cheaper. And a little clearer without a long comment.) kern_descrip.c: Fix membars around reference count decrement. In general, the `last one out hit the lights' style of reference counting (as opposed to the `whoever's destroying must wait for pending users to finish' style) requires memory barriers like so: ... usage of resources associated with object ... membar_release(); if (atomic_dec_uint_nv(&obj->refcnt) != 0) return; membar_acquire(); ... freeing of resources associated with object ... This way, all usage happens-before all freeing. This fixes several errors: - fd_close failed to ensure whatever its caller did would happen-before the freeing, in the case where another thread is concurrently trying to close the fd (ff->ff_file == NULL). Fix: Add membar_release before atomic_dec_uint(&ff->ff_refcnt) in that branch. - fd_close failed to ensure all loads its caller had issued will have happened-before the freeing, in the case where the fd is still in use by another thread (fdp->fd_refcnt > 1 and ff->ff_refcnt-- > 0). Fix: Change membar_producer to membar_release before atomic_dec_uint(&ff->ff_refcnt). - fd_close failed to ensure that any usage of fp by other callers would happen-before any freeing it does. Fix: Add membar_acquire after atomic_dec_uint_nv(&ff->ff_refcnt). - fd_free failed to ensure that any usage of fdp by other callers would happen-before any freeing it does. Fix: Add membar_acquire after atomic_dec_uint_nv(&fdp->fd_refcnt). While here, change membar_exit -> membar_release. No semantic change, just updating away from the legacy API. |
| sys_aio.c | 1.44.4.1 Wed Nov 20 14:01:59 UTC 2024 martin Pull up following revision(s) (requested by riastradh in ticket #1921): sys/kern/kern_event.c: revision 1.106 sys/kern/sys_select.c: revision 1.51 sys/kern/subr_exec_fd.c: revision 1.10 sys/kern/sys_aio.c: revision 1.46 sys/kern/kern_descrip.c: revision 1.244 sys/kern/kern_descrip.c: revision 1.245 sys/ddb/db_xxx.c: revision 1.72 sys/ddb/db_xxx.c: revision 1.73 sys/miscfs/fdesc/fdesc_vnops.c: revision 1.132 sys/kern/uipc_usrreq.c: revision 1.195 sys/kern/sys_descrip.c: revision 1.36 sys/kern/uipc_usrreq.c: revision 1.196 sys/kern/uipc_socket2.c: revision 1.135 sys/kern/uipc_socket2.c: revision 1.136 sys/kern/kern_sig.c: revision 1.383 sys/kern/kern_sig.c: revision 1.384 sys/compat/netbsd32/netbsd32_ioctl.c: revision 1.107 sys/miscfs/procfs/procfs_vnops.c: revision 1.208 sys/kern/subr_exec_fd.c: revision 1.9 sys/kern/kern_descrip.c: revision 1.252 (all via patch) Load struct filedesc::fd_dt with atomic_load_consume. Exceptions: when fd_refcnt <= 1, or when holding fd_lock. While here: - Restore KASSERT(mutex_owned(&fdp->fd_lock)) in fd_unused. => This is used only in fd_close and fd_abort, where it holds. - Move bounds check assertion in fd_putfile to where it matters. - Store fd_dt with atomic_store_release. - Move load of fd_dt under lock in knote_fdclose. - Omit membar_consumer in fdesc_readdir. => atomic_load_consume serves the same purpose now. => Was needed only on alpha anyway. Load struct fdfile::ff_file with atomic_load_consume. Exceptions: when we're only testing whether it's there, not about to dereference it. Note: We do not use atomic_store_release to set it because the preceding mutex_exit should be enough. (That said, it's not clear the mutex_enter/exit is needed unless refcnt > 0 already, in which case maybe it would be a win to switch from the membar implied by mutex_enter to the membar implied by atomic_store_release -- which I would generally expect to be much cheaper. And a little clearer without a long comment.) kern_descrip.c: Fix membars around reference count decrement. In general, the `last one out hit the lights' style of reference counting (as opposed to the `whoever's destroying must wait for pending users to finish' style) requires memory barriers like so: ... usage of resources associated with object ... membar_release(); if (atomic_dec_uint_nv(&obj->refcnt) != 0) return; membar_acquire(); ... freeing of resources associated with object ... This way, all usage happens-before all freeing. This fixes several errors: - fd_close failed to ensure whatever its caller did would happen-before the freeing, in the case where another thread is concurrently trying to close the fd (ff->ff_file == NULL). Fix: Add membar_release before atomic_dec_uint(&ff->ff_refcnt) in that branch. - fd_close failed to ensure all loads its caller had issued will have happened-before the freeing, in the case where the fd is still in use by another thread (fdp->fd_refcnt > 1 and ff->ff_refcnt-- > 0). Fix: Change membar_producer to membar_release before atomic_dec_uint(&ff->ff_refcnt). - fd_close failed to ensure that any usage of fp by other callers would happen-before any freeing it does. Fix: Add membar_acquire after atomic_dec_uint_nv(&ff->ff_refcnt). - fd_free failed to ensure that any usage of fdp by other callers would happen-before any freeing it does. Fix: Add membar_acquire after atomic_dec_uint_nv(&fdp->fd_refcnt). While here, change membar_exit -> membar_release. No semantic change, just updating away from the legacy API. |
| sys_descrip.c | 1.33.2.1 Wed Nov 20 14:01:59 UTC 2024 martin Pull up following revision(s) (requested by riastradh in ticket #1921): sys/kern/kern_event.c: revision 1.106 sys/kern/sys_select.c: revision 1.51 sys/kern/subr_exec_fd.c: revision 1.10 sys/kern/sys_aio.c: revision 1.46 sys/kern/kern_descrip.c: revision 1.244 sys/kern/kern_descrip.c: revision 1.245 sys/ddb/db_xxx.c: revision 1.72 sys/ddb/db_xxx.c: revision 1.73 sys/miscfs/fdesc/fdesc_vnops.c: revision 1.132 sys/kern/uipc_usrreq.c: revision 1.195 sys/kern/sys_descrip.c: revision 1.36 sys/kern/uipc_usrreq.c: revision 1.196 sys/kern/uipc_socket2.c: revision 1.135 sys/kern/uipc_socket2.c: revision 1.136 sys/kern/kern_sig.c: revision 1.383 sys/kern/kern_sig.c: revision 1.384 sys/compat/netbsd32/netbsd32_ioctl.c: revision 1.107 sys/miscfs/procfs/procfs_vnops.c: revision 1.208 sys/kern/subr_exec_fd.c: revision 1.9 sys/kern/kern_descrip.c: revision 1.252 (all via patch) Load struct filedesc::fd_dt with atomic_load_consume. Exceptions: when fd_refcnt <= 1, or when holding fd_lock. While here: - Restore KASSERT(mutex_owned(&fdp->fd_lock)) in fd_unused. => This is used only in fd_close and fd_abort, where it holds. - Move bounds check assertion in fd_putfile to where it matters. - Store fd_dt with atomic_store_release. - Move load of fd_dt under lock in knote_fdclose. - Omit membar_consumer in fdesc_readdir. => atomic_load_consume serves the same purpose now. => Was needed only on alpha anyway. Load struct fdfile::ff_file with atomic_load_consume. Exceptions: when we're only testing whether it's there, not about to dereference it. Note: We do not use atomic_store_release to set it because the preceding mutex_exit should be enough. (That said, it's not clear the mutex_enter/exit is needed unless refcnt > 0 already, in which case maybe it would be a win to switch from the membar implied by mutex_enter to the membar implied by atomic_store_release -- which I would generally expect to be much cheaper. And a little clearer without a long comment.) kern_descrip.c: Fix membars around reference count decrement. In general, the `last one out hit the lights' style of reference counting (as opposed to the `whoever's destroying must wait for pending users to finish' style) requires memory barriers like so: ... usage of resources associated with object ... membar_release(); if (atomic_dec_uint_nv(&obj->refcnt) != 0) return; membar_acquire(); ... freeing of resources associated with object ... This way, all usage happens-before all freeing. This fixes several errors: - fd_close failed to ensure whatever its caller did would happen-before the freeing, in the case where another thread is concurrently trying to close the fd (ff->ff_file == NULL). Fix: Add membar_release before atomic_dec_uint(&ff->ff_refcnt) in that branch. - fd_close failed to ensure all loads its caller had issued will have happened-before the freeing, in the case where the fd is still in use by another thread (fdp->fd_refcnt > 1 and ff->ff_refcnt-- > 0). Fix: Change membar_producer to membar_release before atomic_dec_uint(&ff->ff_refcnt). - fd_close failed to ensure that any usage of fp by other callers would happen-before any freeing it does. Fix: Add membar_acquire after atomic_dec_uint_nv(&ff->ff_refcnt). - fd_free failed to ensure that any usage of fdp by other callers would happen-before any freeing it does. Fix: Add membar_acquire after atomic_dec_uint_nv(&fdp->fd_refcnt). While here, change membar_exit -> membar_release. No semantic change, just updating away from the legacy API. |
| sys_select.c | 1.46.2.1 Wed Nov 20 14:01:59 UTC 2024 martin Pull up following revision(s) (requested by riastradh in ticket #1921): sys/kern/kern_event.c: revision 1.106 sys/kern/sys_select.c: revision 1.51 sys/kern/subr_exec_fd.c: revision 1.10 sys/kern/sys_aio.c: revision 1.46 sys/kern/kern_descrip.c: revision 1.244 sys/kern/kern_descrip.c: revision 1.245 sys/ddb/db_xxx.c: revision 1.72 sys/ddb/db_xxx.c: revision 1.73 sys/miscfs/fdesc/fdesc_vnops.c: revision 1.132 sys/kern/uipc_usrreq.c: revision 1.195 sys/kern/sys_descrip.c: revision 1.36 sys/kern/uipc_usrreq.c: revision 1.196 sys/kern/uipc_socket2.c: revision 1.135 sys/kern/uipc_socket2.c: revision 1.136 sys/kern/kern_sig.c: revision 1.383 sys/kern/kern_sig.c: revision 1.384 sys/compat/netbsd32/netbsd32_ioctl.c: revision 1.107 sys/miscfs/procfs/procfs_vnops.c: revision 1.208 sys/kern/subr_exec_fd.c: revision 1.9 sys/kern/kern_descrip.c: revision 1.252 (all via patch) Load struct filedesc::fd_dt with atomic_load_consume. Exceptions: when fd_refcnt <= 1, or when holding fd_lock. While here: - Restore KASSERT(mutex_owned(&fdp->fd_lock)) in fd_unused. => This is used only in fd_close and fd_abort, where it holds. - Move bounds check assertion in fd_putfile to where it matters. - Store fd_dt with atomic_store_release. - Move load of fd_dt under lock in knote_fdclose. - Omit membar_consumer in fdesc_readdir. => atomic_load_consume serves the same purpose now. => Was needed only on alpha anyway. Load struct fdfile::ff_file with atomic_load_consume. Exceptions: when we're only testing whether it's there, not about to dereference it. Note: We do not use atomic_store_release to set it because the preceding mutex_exit should be enough. (That said, it's not clear the mutex_enter/exit is needed unless refcnt > 0 already, in which case maybe it would be a win to switch from the membar implied by mutex_enter to the membar implied by atomic_store_release -- which I would generally expect to be much cheaper. And a little clearer without a long comment.) kern_descrip.c: Fix membars around reference count decrement. In general, the `last one out hit the lights' style of reference counting (as opposed to the `whoever's destroying must wait for pending users to finish' style) requires memory barriers like so: ... usage of resources associated with object ... membar_release(); if (atomic_dec_uint_nv(&obj->refcnt) != 0) return; membar_acquire(); ... freeing of resources associated with object ... This way, all usage happens-before all freeing. This fixes several errors: - fd_close failed to ensure whatever its caller did would happen-before the freeing, in the case where another thread is concurrently trying to close the fd (ff->ff_file == NULL). Fix: Add membar_release before atomic_dec_uint(&ff->ff_refcnt) in that branch. - fd_close failed to ensure all loads its caller had issued will have happened-before the freeing, in the case where the fd is still in use by another thread (fdp->fd_refcnt > 1 and ff->ff_refcnt-- > 0). Fix: Change membar_producer to membar_release before atomic_dec_uint(&ff->ff_refcnt). - fd_close failed to ensure that any usage of fp by other callers would happen-before any freeing it does. Fix: Add membar_acquire after atomic_dec_uint_nv(&ff->ff_refcnt). - fd_free failed to ensure that any usage of fdp by other callers would happen-before any freeing it does. Fix: Add membar_acquire after atomic_dec_uint_nv(&fdp->fd_refcnt). While here, change membar_exit -> membar_release. No semantic change, just updating away from the legacy API. |
| uipc_socket2.c | 1.134.2.3 Wed Nov 20 14:01:59 UTC 2024 martin Pull up following revision(s) (requested by riastradh in ticket #1921): sys/kern/kern_event.c: revision 1.106 sys/kern/sys_select.c: revision 1.51 sys/kern/subr_exec_fd.c: revision 1.10 sys/kern/sys_aio.c: revision 1.46 sys/kern/kern_descrip.c: revision 1.244 sys/kern/kern_descrip.c: revision 1.245 sys/ddb/db_xxx.c: revision 1.72 sys/ddb/db_xxx.c: revision 1.73 sys/miscfs/fdesc/fdesc_vnops.c: revision 1.132 sys/kern/uipc_usrreq.c: revision 1.195 sys/kern/sys_descrip.c: revision 1.36 sys/kern/uipc_usrreq.c: revision 1.196 sys/kern/uipc_socket2.c: revision 1.135 sys/kern/uipc_socket2.c: revision 1.136 sys/kern/kern_sig.c: revision 1.383 sys/kern/kern_sig.c: revision 1.384 sys/compat/netbsd32/netbsd32_ioctl.c: revision 1.107 sys/miscfs/procfs/procfs_vnops.c: revision 1.208 sys/kern/subr_exec_fd.c: revision 1.9 sys/kern/kern_descrip.c: revision 1.252 (all via patch) Load struct filedesc::fd_dt with atomic_load_consume. Exceptions: when fd_refcnt <= 1, or when holding fd_lock. While here: - Restore KASSERT(mutex_owned(&fdp->fd_lock)) in fd_unused. => This is used only in fd_close and fd_abort, where it holds. - Move bounds check assertion in fd_putfile to where it matters. - Store fd_dt with atomic_store_release. - Move load of fd_dt under lock in knote_fdclose. - Omit membar_consumer in fdesc_readdir. => atomic_load_consume serves the same purpose now. => Was needed only on alpha anyway. Load struct fdfile::ff_file with atomic_load_consume. Exceptions: when we're only testing whether it's there, not about to dereference it. Note: We do not use atomic_store_release to set it because the preceding mutex_exit should be enough. (That said, it's not clear the mutex_enter/exit is needed unless refcnt > 0 already, in which case maybe it would be a win to switch from the membar implied by mutex_enter to the membar implied by atomic_store_release -- which I would generally expect to be much cheaper. And a little clearer without a long comment.) kern_descrip.c: Fix membars around reference count decrement. In general, the `last one out hit the lights' style of reference counting (as opposed to the `whoever's destroying must wait for pending users to finish' style) requires memory barriers like so: ... usage of resources associated with object ... membar_release(); if (atomic_dec_uint_nv(&obj->refcnt) != 0) return; membar_acquire(); ... freeing of resources associated with object ... This way, all usage happens-before all freeing. This fixes several errors: - fd_close failed to ensure whatever its caller did would happen-before the freeing, in the case where another thread is concurrently trying to close the fd (ff->ff_file == NULL). Fix: Add membar_release before atomic_dec_uint(&ff->ff_refcnt) in that branch. - fd_close failed to ensure all loads its caller had issued will have happened-before the freeing, in the case where the fd is still in use by another thread (fdp->fd_refcnt > 1 and ff->ff_refcnt-- > 0). Fix: Change membar_producer to membar_release before atomic_dec_uint(&ff->ff_refcnt). - fd_close failed to ensure that any usage of fp by other callers would happen-before any freeing it does. Fix: Add membar_acquire after atomic_dec_uint_nv(&ff->ff_refcnt). - fd_free failed to ensure that any usage of fdp by other callers would happen-before any freeing it does. Fix: Add membar_acquire after atomic_dec_uint_nv(&fdp->fd_refcnt). While here, change membar_exit -> membar_release. No semantic change, just updating away from the legacy API. |
| /src/sys/ufs/ffs/ | |
| ffs_wapbl.c | 1.44.4.1 Tue Jan 07 16:16:50 UTC 2025 martin Pull up following revision(s) (requested by hannken in ticket #1934): sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.228 sys/ufs/lfs/lfs_vfsops.c: revision 1.383 sys/ufs/ffs/ffs_wapbl.c: revision 1.50 sys/ufs/ffs/ffs_vfsops.c: revision 1.383 (patch) sys/ufs/ffs/ffs_vfsops.c: revision 1.384 (patch) Remove comment "we are always called with the filesystem marked `MPBUSY'." above some xxx_sync() operations. These operations get called without any exclusive lock. This comment appeared with "add quota support" on 1990-05-02. On 1998/02/18 MNT_MPBUSY disappeared when vfs_busy() was changed from an exclusive lock to a shared lock. PR kern/58837 "ffs: Missing locking around fs_fmod/time" Protect test/clear fs->fs_fmod with um_lock like it is already protected in ffs_alloc.c. When writing to disk protect moving superblock to buffer with um_lock. Set/clear fs->fmod while mounting, updating a mount or unmounting is safe as these operations run exclusive, either mounting creates a new file system or the file system is suspended. Assert suspension for update and unmount. PR kern/58837 "ffs: Missing locking around fs_fmod/time" 1.48.4.1 Tue Jan 07 16:13:35 UTC 2025 martin Pull up following revision(s) (requested by hannken in ticket #1037): sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.228 sys/ufs/lfs/lfs_vfsops.c: revision 1.383 sys/ufs/ffs/ffs_wapbl.c: revision 1.50 sys/ufs/ffs/ffs_vfsops.c: revision 1.383 sys/ufs/ffs/ffs_vfsops.c: revision 1.384 Remove comment "we are always called with the filesystem marked `MPBUSY'." above some xxx_sync() operations. These operations get called without any exclusive lock. This comment appeared with "add quota support" on 1990-05-02. On 1998/02/18 MNT_MPBUSY disappeared when vfs_busy() was changed from an exclusive lock to a shared lock. PR kern/58837 "ffs: Missing locking around fs_fmod/time" Protect test/clear fs->fs_fmod with um_lock like it is already protected in ffs_alloc.c. When writing to disk protect moving superblock to buffer with um_lock. Set/clear fs->fmod while mounting, updating a mount or unmounting is safe as these operations run exclusive, either mounting creates a new file system or the file system is suspended. Assert suspension for update and unmount. PR kern/58837 "ffs: Missing locking around fs_fmod/time" |
| ffs_vfsops.c | 1.384 Mon Dec 30 09:03:07 UTC 2024 hannken Protect test/clear fs->fs_fmod with um_lock like it is already protected in ffs_alloc.c. When writing to disk protect moving superblock to buffer with um_lock. Set/clear fs->fmod while mounting, updating a mount or unmounting is safe as these operations run exclusive, either mounting creates a new file system or the file system is suspended. Assert suspension for update and unmount. PR kern/58837 "ffs: Missing locking around fs_fmod/time" 1.362.2.2 Tue Jan 07 16:16:50 UTC 2025 martin Pull up following revision(s) (requested by hannken in ticket #1934): sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.228 sys/ufs/lfs/lfs_vfsops.c: revision 1.383 sys/ufs/ffs/ffs_wapbl.c: revision 1.50 sys/ufs/ffs/ffs_vfsops.c: revision 1.383 (patch) sys/ufs/ffs/ffs_vfsops.c: revision 1.384 (patch) Remove comment "we are always called with the filesystem marked `MPBUSY'." above some xxx_sync() operations. These operations get called without any exclusive lock. This comment appeared with "add quota support" on 1990-05-02. On 1998/02/18 MNT_MPBUSY disappeared when vfs_busy() was changed from an exclusive lock to a shared lock. PR kern/58837 "ffs: Missing locking around fs_fmod/time" Protect test/clear fs->fs_fmod with um_lock like it is already protected in ffs_alloc.c. When writing to disk protect moving superblock to buffer with um_lock. Set/clear fs->fmod while mounting, updating a mount or unmounting is safe as these operations run exclusive, either mounting creates a new file system or the file system is suspended. Assert suspension for update and unmount. PR kern/58837 "ffs: Missing locking around fs_fmod/time" 1.378.2.4 Tue Jan 07 16:13:35 UTC 2025 martin Pull up following revision(s) (requested by hannken in ticket #1037): sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.228 sys/ufs/lfs/lfs_vfsops.c: revision 1.383 sys/ufs/ffs/ffs_wapbl.c: revision 1.50 sys/ufs/ffs/ffs_vfsops.c: revision 1.383 sys/ufs/ffs/ffs_vfsops.c: revision 1.384 Remove comment "we are always called with the filesystem marked `MPBUSY'." above some xxx_sync() operations. These operations get called without any exclusive lock. This comment appeared with "add quota support" on 1990-05-02. On 1998/02/18 MNT_MPBUSY disappeared when vfs_busy() was changed from an exclusive lock to a shared lock. PR kern/58837 "ffs: Missing locking around fs_fmod/time" Protect test/clear fs->fs_fmod with um_lock like it is already protected in ffs_alloc.c. When writing to disk protect moving superblock to buffer with um_lock. Set/clear fs->fmod while mounting, updating a mount or unmounting is safe as these operations run exclusive, either mounting creates a new file system or the file system is suspended. Assert suspension for update and unmount. PR kern/58837 "ffs: Missing locking around fs_fmod/time" |
| /src/sys/arch/amd64/amd64/ | |
| gdt.c | 1.19.8.1 Sat Apr 04 17:39:09 UTC 2009 snj Pull up following revision(s) (requested by ad in ticket #656): sys/arch/amd64/amd64/gdt.c: revision 1.21 via patch sys/arch/amd64/amd64/machdep.c: revision 1.129 via patch sys/arch/i386/i386/gdt.c: revision 1.47 via patch sys/arch/i386/i386/kvm86.c: revision 1.17 via patch sys/arch/i386/i386/locore.S: revision 1.85 via patch sys/arch/i386/i386/machdep.c: revision 1.666 via patch sys/arch/i386/i386/vector.S: revision 1.45 via patch sys/arch/i386/include/pcb.h: revision 1.47 via patch sys/arch/x86/include/pmap.h: revision 1.22 via patch sys/arch/x86/include/sysarch.h: revision 1.8 via patch sys/arch/x86/x86/pmap.c: revision 1.80 via patch sys/arch/x86/x86/sys_machdep.c: revision 1.17 via patch sys/compat/linux/arch/i386/linux_machdep.c: revision 1.143 via patch sys/kern/init_main.c: revision 1.384 via patch PR port-i386/40143 Viewing an mpeg transport stream with mplayer causes crash Fix numerous problems: 1. LDT updates are not atomic. 2. Number of processes running with private LDTs and/or I/O bitmaps is not capped. System with high maxprocs can be paniced. 3. LDTR can be leaked over context switch. 4. GDT slot allocations can race, giving the same LDT slot to two procs. 5. Incomplete interrupt/trap frames can be stacked. 6. In some rare cases segment faults are not handled correctly. |
| /src/sys/arch/i386/i386/ | |
| gdt.c | 1.45.10.1 Sat Apr 04 17:39:09 UTC 2009 snj Pull up following revision(s) (requested by ad in ticket #656): sys/arch/amd64/amd64/gdt.c: revision 1.21 via patch sys/arch/amd64/amd64/machdep.c: revision 1.129 via patch sys/arch/i386/i386/gdt.c: revision 1.47 via patch sys/arch/i386/i386/kvm86.c: revision 1.17 via patch sys/arch/i386/i386/locore.S: revision 1.85 via patch sys/arch/i386/i386/machdep.c: revision 1.666 via patch sys/arch/i386/i386/vector.S: revision 1.45 via patch sys/arch/i386/include/pcb.h: revision 1.47 via patch sys/arch/x86/include/pmap.h: revision 1.22 via patch sys/arch/x86/include/sysarch.h: revision 1.8 via patch sys/arch/x86/x86/pmap.c: revision 1.80 via patch sys/arch/x86/x86/sys_machdep.c: revision 1.17 via patch sys/compat/linux/arch/i386/linux_machdep.c: revision 1.143 via patch sys/kern/init_main.c: revision 1.384 via patch PR port-i386/40143 Viewing an mpeg transport stream with mplayer causes crash Fix numerous problems: 1. LDT updates are not atomic. 2. Number of processes running with private LDTs and/or I/O bitmaps is not capped. System with high maxprocs can be paniced. 3. LDTR can be leaked over context switch. 4. GDT slot allocations can race, giving the same LDT slot to two procs. 5. Incomplete interrupt/trap frames can be stacked. 6. In some rare cases segment faults are not handled correctly. |
| vector.S | 1.42.6.2 Sat Apr 04 17:39:09 UTC 2009 snj branches: 1.42.6.2.2; 1.42.6.2.4; Pull up following revision(s) (requested by ad in ticket #656): sys/arch/amd64/amd64/gdt.c: revision 1.21 via patch sys/arch/amd64/amd64/machdep.c: revision 1.129 via patch sys/arch/i386/i386/gdt.c: revision 1.47 via patch sys/arch/i386/i386/kvm86.c: revision 1.17 via patch sys/arch/i386/i386/locore.S: revision 1.85 via patch sys/arch/i386/i386/machdep.c: revision 1.666 via patch sys/arch/i386/i386/vector.S: revision 1.45 via patch sys/arch/i386/include/pcb.h: revision 1.47 via patch sys/arch/x86/include/pmap.h: revision 1.22 via patch sys/arch/x86/include/sysarch.h: revision 1.8 via patch sys/arch/x86/x86/pmap.c: revision 1.80 via patch sys/arch/x86/x86/sys_machdep.c: revision 1.17 via patch sys/compat/linux/arch/i386/linux_machdep.c: revision 1.143 via patch sys/kern/init_main.c: revision 1.384 via patch PR port-i386/40143 Viewing an mpeg transport stream with mplayer causes crash Fix numerous problems: 1. LDT updates are not atomic. 2. Number of processes running with private LDTs and/or I/O bitmaps is not capped. System with high maxprocs can be paniced. 3. LDTR can be leaked over context switch. 4. GDT slot allocations can race, giving the same LDT slot to two procs. 5. Incomplete interrupt/trap frames can be stacked. 6. In some rare cases segment faults are not handled correctly. |
| /src/sys/arch/i386/include/ | |
| pcb.h | 1.46.4.1 Sat Apr 04 17:39:09 UTC 2009 snj Pull up following revision(s) (requested by ad in ticket #656): sys/arch/amd64/amd64/gdt.c: revision 1.21 via patch sys/arch/amd64/amd64/machdep.c: revision 1.129 via patch sys/arch/i386/i386/gdt.c: revision 1.47 via patch sys/arch/i386/i386/kvm86.c: revision 1.17 via patch sys/arch/i386/i386/locore.S: revision 1.85 via patch sys/arch/i386/i386/machdep.c: revision 1.666 via patch sys/arch/i386/i386/vector.S: revision 1.45 via patch sys/arch/i386/include/pcb.h: revision 1.47 via patch sys/arch/x86/include/pmap.h: revision 1.22 via patch sys/arch/x86/include/sysarch.h: revision 1.8 via patch sys/arch/x86/x86/pmap.c: revision 1.80 via patch sys/arch/x86/x86/sys_machdep.c: revision 1.17 via patch sys/compat/linux/arch/i386/linux_machdep.c: revision 1.143 via patch sys/kern/init_main.c: revision 1.384 via patch PR port-i386/40143 Viewing an mpeg transport stream with mplayer causes crash Fix numerous problems: 1. LDT updates are not atomic. 2. Number of processes running with private LDTs and/or I/O bitmaps is not capped. System with high maxprocs can be paniced. 3. LDTR can be leaked over context switch. 4. GDT slot allocations can race, giving the same LDT slot to two procs. 5. Incomplete interrupt/trap frames can be stacked. 6. In some rare cases segment faults are not handled correctly. |
| /src/sys/arch/x86/x86/ | |
| sys_machdep.c | 1.15.8.1 Sat Apr 04 17:39:09 UTC 2009 snj Pull up following revision(s) (requested by ad in ticket #656): sys/arch/amd64/amd64/gdt.c: revision 1.21 via patch sys/arch/amd64/amd64/machdep.c: revision 1.129 via patch sys/arch/i386/i386/gdt.c: revision 1.47 via patch sys/arch/i386/i386/kvm86.c: revision 1.17 via patch sys/arch/i386/i386/locore.S: revision 1.85 via patch sys/arch/i386/i386/machdep.c: revision 1.666 via patch sys/arch/i386/i386/vector.S: revision 1.45 via patch sys/arch/i386/include/pcb.h: revision 1.47 via patch sys/arch/x86/include/pmap.h: revision 1.22 via patch sys/arch/x86/include/sysarch.h: revision 1.8 via patch sys/arch/x86/x86/pmap.c: revision 1.80 via patch sys/arch/x86/x86/sys_machdep.c: revision 1.17 via patch sys/compat/linux/arch/i386/linux_machdep.c: revision 1.143 via patch sys/kern/init_main.c: revision 1.384 via patch PR port-i386/40143 Viewing an mpeg transport stream with mplayer causes crash Fix numerous problems: 1. LDT updates are not atomic. 2. Number of processes running with private LDTs and/or I/O bitmaps is not capped. System with high maxprocs can be paniced. 3. LDTR can be leaked over context switch. 4. GDT slot allocations can race, giving the same LDT slot to two procs. 5. Incomplete interrupt/trap frames can be stacked. 6. In some rare cases segment faults are not handled correctly. |
| pmap.c | 1.384 Tue Apr 28 21:35:35 UTC 2020 jmcneill Detect PAT on the boot processor before cpu0 attaches so the early genfb attach code can map the framebuffer with write combining. 1.74.4.1 Sat Apr 04 17:39:09 UTC 2009 snj branches: 1.74.4.1.2; 1.74.4.1.4; Pull up following revision(s) (requested by ad in ticket #656): sys/arch/amd64/amd64/gdt.c: revision 1.21 via patch sys/arch/amd64/amd64/machdep.c: revision 1.129 via patch sys/arch/i386/i386/gdt.c: revision 1.47 via patch sys/arch/i386/i386/kvm86.c: revision 1.17 via patch sys/arch/i386/i386/locore.S: revision 1.85 via patch sys/arch/i386/i386/machdep.c: revision 1.666 via patch sys/arch/i386/i386/vector.S: revision 1.45 via patch sys/arch/i386/include/pcb.h: revision 1.47 via patch sys/arch/x86/include/pmap.h: revision 1.22 via patch sys/arch/x86/include/sysarch.h: revision 1.8 via patch sys/arch/x86/x86/pmap.c: revision 1.80 via patch sys/arch/x86/x86/sys_machdep.c: revision 1.17 via patch sys/compat/linux/arch/i386/linux_machdep.c: revision 1.143 via patch sys/kern/init_main.c: revision 1.384 via patch PR port-i386/40143 Viewing an mpeg transport stream with mplayer causes crash Fix numerous problems: 1. LDT updates are not atomic. 2. Number of processes running with private LDTs and/or I/O bitmaps is not capped. System with high maxprocs can be paniced. 3. LDTR can be leaked over context switch. 4. GDT slot allocations can race, giving the same LDT slot to two procs. 5. Incomplete interrupt/trap frames can be stacked. 6. In some rare cases segment faults are not handled correctly. 1.334.2.1 Wed Apr 29 13:39:23 UTC 2020 martin Pull up following revision(s) (requested by jmcneill in ticket #868): sys/arch/x86/x86/pmap.c: revision 1.384 sys/arch/amd64/amd64/machdep.c: revision 1.349 Detect PAT on the boot processor before cpu0 attaches so the early genfb attach code can map the framebuffer with write combining. |
| /src/sys/ddb/ | |
| db_xxx.c | 1.71.22.1 Wed Nov 20 14:01:59 UTC 2024 martin Pull up following revision(s) (requested by riastradh in ticket #1921): sys/kern/kern_event.c: revision 1.106 sys/kern/sys_select.c: revision 1.51 sys/kern/subr_exec_fd.c: revision 1.10 sys/kern/sys_aio.c: revision 1.46 sys/kern/kern_descrip.c: revision 1.244 sys/kern/kern_descrip.c: revision 1.245 sys/ddb/db_xxx.c: revision 1.72 sys/ddb/db_xxx.c: revision 1.73 sys/miscfs/fdesc/fdesc_vnops.c: revision 1.132 sys/kern/uipc_usrreq.c: revision 1.195 sys/kern/sys_descrip.c: revision 1.36 sys/kern/uipc_usrreq.c: revision 1.196 sys/kern/uipc_socket2.c: revision 1.135 sys/kern/uipc_socket2.c: revision 1.136 sys/kern/kern_sig.c: revision 1.383 sys/kern/kern_sig.c: revision 1.384 sys/compat/netbsd32/netbsd32_ioctl.c: revision 1.107 sys/miscfs/procfs/procfs_vnops.c: revision 1.208 sys/kern/subr_exec_fd.c: revision 1.9 sys/kern/kern_descrip.c: revision 1.252 (all via patch) Load struct filedesc::fd_dt with atomic_load_consume. Exceptions: when fd_refcnt <= 1, or when holding fd_lock. While here: - Restore KASSERT(mutex_owned(&fdp->fd_lock)) in fd_unused. => This is used only in fd_close and fd_abort, where it holds. - Move bounds check assertion in fd_putfile to where it matters. - Store fd_dt with atomic_store_release. - Move load of fd_dt under lock in knote_fdclose. - Omit membar_consumer in fdesc_readdir. => atomic_load_consume serves the same purpose now. => Was needed only on alpha anyway. Load struct fdfile::ff_file with atomic_load_consume. Exceptions: when we're only testing whether it's there, not about to dereference it. Note: We do not use atomic_store_release to set it because the preceding mutex_exit should be enough. (That said, it's not clear the mutex_enter/exit is needed unless refcnt > 0 already, in which case maybe it would be a win to switch from the membar implied by mutex_enter to the membar implied by atomic_store_release -- which I would generally expect to be much cheaper. And a little clearer without a long comment.) kern_descrip.c: Fix membars around reference count decrement. In general, the `last one out hit the lights' style of reference counting (as opposed to the `whoever's destroying must wait for pending users to finish' style) requires memory barriers like so: ... usage of resources associated with object ... membar_release(); if (atomic_dec_uint_nv(&obj->refcnt) != 0) return; membar_acquire(); ... freeing of resources associated with object ... This way, all usage happens-before all freeing. This fixes several errors: - fd_close failed to ensure whatever its caller did would happen-before the freeing, in the case where another thread is concurrently trying to close the fd (ff->ff_file == NULL). Fix: Add membar_release before atomic_dec_uint(&ff->ff_refcnt) in that branch. - fd_close failed to ensure all loads its caller had issued will have happened-before the freeing, in the case where the fd is still in use by another thread (fdp->fd_refcnt > 1 and ff->ff_refcnt-- > 0). Fix: Change membar_producer to membar_release before atomic_dec_uint(&ff->ff_refcnt). - fd_close failed to ensure that any usage of fp by other callers would happen-before any freeing it does. Fix: Add membar_acquire after atomic_dec_uint_nv(&ff->ff_refcnt). - fd_free failed to ensure that any usage of fdp by other callers would happen-before any freeing it does. Fix: Add membar_acquire after atomic_dec_uint_nv(&fdp->fd_refcnt). While here, change membar_exit -> membar_release. No semantic change, just updating away from the legacy API. |
| /src/sys/dev/ic/ | |
| com.c | 1.384 Tue Apr 11 13:01:41 UTC 2023 riastradh branches: 1.384.6; com(4): Note ttylock in comment, not tty_lock. Tue Apr 11 13:01:41 UTC 2023 riastradh branches: 1.384.6; com(4): Note ttylock in comment, not tty_lock. 1.384.6.1 Sat Aug 02 05:56:41 UTC 2025 perseant Sync with HEAD |
| /src/ | |
| build.sh | 1.384 Fri Dec 20 14:31:49 UTC 2024 martin Fix typo in previous 1.333.2.6 Tue Dec 31 01:07:43 UTC 2024 snj Pull up following revision(s) (requested by martin in ticket #1931): build.sh: 1.383, 1.384, 1.388 via patch Add a new operation "show-revisionid" that extracts a marker usable to recreate the source (depending on the revision control system in use). Fix typo in previous build.sh: fix spelling and grammar in a help string 1.365.2.4 Tue Dec 31 01:23:17 UTC 2024 snj Pull up following revision(s) (requested by martin in ticket #1031): build.sh: 1.383, 1.384, 1.388 Add a new operation "show-revisionid" that extracts a marker usable to recreate the source (depending on the revision control system in use). Fix typo in previous build.sh: fix spelling and grammar in a help string |
| /src/sys/compat/netbsd32/ | |
| netbsd32_ioctl.c | 1.103.2.3 Wed Nov 20 14:01:59 UTC 2024 martin Pull up following revision(s) (requested by riastradh in ticket #1921): sys/kern/kern_event.c: revision 1.106 sys/kern/sys_select.c: revision 1.51 sys/kern/subr_exec_fd.c: revision 1.10 sys/kern/sys_aio.c: revision 1.46 sys/kern/kern_descrip.c: revision 1.244 sys/kern/kern_descrip.c: revision 1.245 sys/ddb/db_xxx.c: revision 1.72 sys/ddb/db_xxx.c: revision 1.73 sys/miscfs/fdesc/fdesc_vnops.c: revision 1.132 sys/kern/uipc_usrreq.c: revision 1.195 sys/kern/sys_descrip.c: revision 1.36 sys/kern/uipc_usrreq.c: revision 1.196 sys/kern/uipc_socket2.c: revision 1.135 sys/kern/uipc_socket2.c: revision 1.136 sys/kern/kern_sig.c: revision 1.383 sys/kern/kern_sig.c: revision 1.384 sys/compat/netbsd32/netbsd32_ioctl.c: revision 1.107 sys/miscfs/procfs/procfs_vnops.c: revision 1.208 sys/kern/subr_exec_fd.c: revision 1.9 sys/kern/kern_descrip.c: revision 1.252 (all via patch) Load struct filedesc::fd_dt with atomic_load_consume. Exceptions: when fd_refcnt <= 1, or when holding fd_lock. While here: - Restore KASSERT(mutex_owned(&fdp->fd_lock)) in fd_unused. => This is used only in fd_close and fd_abort, where it holds. - Move bounds check assertion in fd_putfile to where it matters. - Store fd_dt with atomic_store_release. - Move load of fd_dt under lock in knote_fdclose. - Omit membar_consumer in fdesc_readdir. => atomic_load_consume serves the same purpose now. => Was needed only on alpha anyway. Load struct fdfile::ff_file with atomic_load_consume. Exceptions: when we're only testing whether it's there, not about to dereference it. Note: We do not use atomic_store_release to set it because the preceding mutex_exit should be enough. (That said, it's not clear the mutex_enter/exit is needed unless refcnt > 0 already, in which case maybe it would be a win to switch from the membar implied by mutex_enter to the membar implied by atomic_store_release -- which I would generally expect to be much cheaper. And a little clearer without a long comment.) kern_descrip.c: Fix membars around reference count decrement. In general, the `last one out hit the lights' style of reference counting (as opposed to the `whoever's destroying must wait for pending users to finish' style) requires memory barriers like so: ... usage of resources associated with object ... membar_release(); if (atomic_dec_uint_nv(&obj->refcnt) != 0) return; membar_acquire(); ... freeing of resources associated with object ... This way, all usage happens-before all freeing. This fixes several errors: - fd_close failed to ensure whatever its caller did would happen-before the freeing, in the case where another thread is concurrently trying to close the fd (ff->ff_file == NULL). Fix: Add membar_release before atomic_dec_uint(&ff->ff_refcnt) in that branch. - fd_close failed to ensure all loads its caller had issued will have happened-before the freeing, in the case where the fd is still in use by another thread (fdp->fd_refcnt > 1 and ff->ff_refcnt-- > 0). Fix: Change membar_producer to membar_release before atomic_dec_uint(&ff->ff_refcnt). - fd_close failed to ensure that any usage of fp by other callers would happen-before any freeing it does. Fix: Add membar_acquire after atomic_dec_uint_nv(&ff->ff_refcnt). - fd_free failed to ensure that any usage of fdp by other callers would happen-before any freeing it does. Fix: Add membar_acquire after atomic_dec_uint_nv(&fdp->fd_refcnt). While here, change membar_exit -> membar_release. No semantic change, just updating away from the legacy API. |
| /src/sys/netinet/ | |
| ip_input.c | 1.384 Thu May 17 11:59:36 UTC 2018 maxv branches: 1.384.2; Add KASSERTs, related to PR/39794. Thu May 17 11:59:36 UTC 2018 maxv branches: 1.384.2; Add KASSERTs, related to PR/39794. 1.384.2.2 Mon Apr 13 08:05:16 UTC 2020 martin Mostly merge changes from HEAD upto 20200411 1.384.2.1 Mon Jun 10 22:09:47 UTC 2019 christos Sync with HEAD |
| /src/sys/ufs/ext2fs/ | |
| ext2fs_vfsops.c | 1.214.2.1 Tue Jan 07 16:16:50 UTC 2025 martin Pull up following revision(s) (requested by hannken in ticket #1934): sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.228 sys/ufs/lfs/lfs_vfsops.c: revision 1.383 sys/ufs/ffs/ffs_wapbl.c: revision 1.50 sys/ufs/ffs/ffs_vfsops.c: revision 1.383 (patch) sys/ufs/ffs/ffs_vfsops.c: revision 1.384 (patch) Remove comment "we are always called with the filesystem marked `MPBUSY'." above some xxx_sync() operations. These operations get called without any exclusive lock. This comment appeared with "add quota support" on 1990-05-02. On 1998/02/18 MNT_MPBUSY disappeared when vfs_busy() was changed from an exclusive lock to a shared lock. PR kern/58837 "ffs: Missing locking around fs_fmod/time" Protect test/clear fs->fs_fmod with um_lock like it is already protected in ffs_alloc.c. When writing to disk protect moving superblock to buffer with um_lock. Set/clear fs->fmod while mounting, updating a mount or unmounting is safe as these operations run exclusive, either mounting creates a new file system or the file system is suspended. Assert suspension for update and unmount. PR kern/58837 "ffs: Missing locking around fs_fmod/time" 1.221.4.1 Tue Jan 07 16:13:34 UTC 2025 martin Pull up following revision(s) (requested by hannken in ticket #1037): sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.228 sys/ufs/lfs/lfs_vfsops.c: revision 1.383 sys/ufs/ffs/ffs_wapbl.c: revision 1.50 sys/ufs/ffs/ffs_vfsops.c: revision 1.383 sys/ufs/ffs/ffs_vfsops.c: revision 1.384 Remove comment "we are always called with the filesystem marked `MPBUSY'." above some xxx_sync() operations. These operations get called without any exclusive lock. This comment appeared with "add quota support" on 1990-05-02. On 1998/02/18 MNT_MPBUSY disappeared when vfs_busy() was changed from an exclusive lock to a shared lock. PR kern/58837 "ffs: Missing locking around fs_fmod/time" Protect test/clear fs->fs_fmod with um_lock like it is already protected in ffs_alloc.c. When writing to disk protect moving superblock to buffer with um_lock. Set/clear fs->fmod while mounting, updating a mount or unmounting is safe as these operations run exclusive, either mounting creates a new file system or the file system is suspended. Assert suspension for update and unmount. PR kern/58837 "ffs: Missing locking around fs_fmod/time" |
| /src/etc/ | |
| Makefile | 1.384 Mon Dec 27 03:38:52 UTC 2010 christos branches: 1.384.2; `` -> $() Mon Dec 27 03:38:52 UTC 2010 christos branches: 1.384.2; `` -> $() 1.384.2.1 Thu Feb 17 11:57:24 UTC 2011 bouyer Sync with HEAD |
| /src/sys/dev/ata/ | |
| wd.c | 1.384 Wed Feb 24 22:37:57 UTC 2010 dyoung branches: 1.384.2; A pointer typedef entails trading too much flexibility to declare const and non-const types, and the kernel uses both const and non-const PMF qualifiers and device suspensors, so change the pmf_qual_t and device_suspensor_t typedefs from "pointers to const" to non-pointer, non-const types. Wed Feb 24 22:37:57 UTC 2010 dyoung branches: 1.384.2; A pointer typedef entails trading too much flexibility to declare const and non-const types, and the kernel uses both const and non-const PMF qualifiers and device suspensors, so change the pmf_qual_t and device_suspensor_t typedefs from "pointers to const" to non-pointer, non-const types. 1.384.2.1 Sat Mar 05 20:53:06 UTC 2011 rmind sync with head |
| /src/sys/compat/linux/arch/i386/ | |
| linux_machdep.c | 1.141.4.1 Sat Apr 04 17:39:09 UTC 2009 snj Pull up following revision(s) (requested by ad in ticket #656): sys/arch/amd64/amd64/gdt.c: revision 1.21 via patch sys/arch/amd64/amd64/machdep.c: revision 1.129 via patch sys/arch/i386/i386/gdt.c: revision 1.47 via patch sys/arch/i386/i386/kvm86.c: revision 1.17 via patch sys/arch/i386/i386/locore.S: revision 1.85 via patch sys/arch/i386/i386/machdep.c: revision 1.666 via patch sys/arch/i386/i386/vector.S: revision 1.45 via patch sys/arch/i386/include/pcb.h: revision 1.47 via patch sys/arch/x86/include/pmap.h: revision 1.22 via patch sys/arch/x86/include/sysarch.h: revision 1.8 via patch sys/arch/x86/x86/pmap.c: revision 1.80 via patch sys/arch/x86/x86/sys_machdep.c: revision 1.17 via patch sys/compat/linux/arch/i386/linux_machdep.c: revision 1.143 via patch sys/kern/init_main.c: revision 1.384 via patch PR port-i386/40143 Viewing an mpeg transport stream with mplayer causes crash Fix numerous problems: 1. LDT updates are not atomic. 2. Number of processes running with private LDTs and/or I/O bitmaps is not capped. System with high maxprocs can be paniced. 3. LDTR can be leaked over context switch. 4. GDT slot allocations can race, giving the same LDT slot to two procs. 5. Incomplete interrupt/trap frames can be stacked. 6. In some rare cases segment faults are not handled correctly. |
| /src/sys/miscfs/fdesc/ | |
| fdesc_vnops.c | 1.130.4.2 Wed Nov 20 14:01:59 UTC 2024 martin Pull up following revision(s) (requested by riastradh in ticket #1921): sys/kern/kern_event.c: revision 1.106 sys/kern/sys_select.c: revision 1.51 sys/kern/subr_exec_fd.c: revision 1.10 sys/kern/sys_aio.c: revision 1.46 sys/kern/kern_descrip.c: revision 1.244 sys/kern/kern_descrip.c: revision 1.245 sys/ddb/db_xxx.c: revision 1.72 sys/ddb/db_xxx.c: revision 1.73 sys/miscfs/fdesc/fdesc_vnops.c: revision 1.132 sys/kern/uipc_usrreq.c: revision 1.195 sys/kern/sys_descrip.c: revision 1.36 sys/kern/uipc_usrreq.c: revision 1.196 sys/kern/uipc_socket2.c: revision 1.135 sys/kern/uipc_socket2.c: revision 1.136 sys/kern/kern_sig.c: revision 1.383 sys/kern/kern_sig.c: revision 1.384 sys/compat/netbsd32/netbsd32_ioctl.c: revision 1.107 sys/miscfs/procfs/procfs_vnops.c: revision 1.208 sys/kern/subr_exec_fd.c: revision 1.9 sys/kern/kern_descrip.c: revision 1.252 (all via patch) Load struct filedesc::fd_dt with atomic_load_consume. Exceptions: when fd_refcnt <= 1, or when holding fd_lock. While here: - Restore KASSERT(mutex_owned(&fdp->fd_lock)) in fd_unused. => This is used only in fd_close and fd_abort, where it holds. - Move bounds check assertion in fd_putfile to where it matters. - Store fd_dt with atomic_store_release. - Move load of fd_dt under lock in knote_fdclose. - Omit membar_consumer in fdesc_readdir. => atomic_load_consume serves the same purpose now. => Was needed only on alpha anyway. Load struct fdfile::ff_file with atomic_load_consume. Exceptions: when we're only testing whether it's there, not about to dereference it. Note: We do not use atomic_store_release to set it because the preceding mutex_exit should be enough. (That said, it's not clear the mutex_enter/exit is needed unless refcnt > 0 already, in which case maybe it would be a win to switch from the membar implied by mutex_enter to the membar implied by atomic_store_release -- which I would generally expect to be much cheaper. And a little clearer without a long comment.) kern_descrip.c: Fix membars around reference count decrement. In general, the `last one out hit the lights' style of reference counting (as opposed to the `whoever's destroying must wait for pending users to finish' style) requires memory barriers like so: ... usage of resources associated with object ... membar_release(); if (atomic_dec_uint_nv(&obj->refcnt) != 0) return; membar_acquire(); ... freeing of resources associated with object ... This way, all usage happens-before all freeing. This fixes several errors: - fd_close failed to ensure whatever its caller did would happen-before the freeing, in the case where another thread is concurrently trying to close the fd (ff->ff_file == NULL). Fix: Add membar_release before atomic_dec_uint(&ff->ff_refcnt) in that branch. - fd_close failed to ensure all loads its caller had issued will have happened-before the freeing, in the case where the fd is still in use by another thread (fdp->fd_refcnt > 1 and ff->ff_refcnt-- > 0). Fix: Change membar_producer to membar_release before atomic_dec_uint(&ff->ff_refcnt). - fd_close failed to ensure that any usage of fp by other callers would happen-before any freeing it does. Fix: Add membar_acquire after atomic_dec_uint_nv(&ff->ff_refcnt). - fd_free failed to ensure that any usage of fdp by other callers would happen-before any freeing it does. Fix: Add membar_acquire after atomic_dec_uint_nv(&fdp->fd_refcnt). While here, change membar_exit -> membar_release. No semantic change, just updating away from the legacy API. |
| /src/share/misc/ | |
| acronyms.comp | 1.384 Tue Dec 19 15:01:23 UTC 2023 jschauma +NVD national vulnerability database |
Completed in 554 milliseconds
Indexes created Wed Apr 01 00:32:07 UTC 2026