cinap_lenrek [Thu, 11 Dec 2014 19:20:47 +0000 (20:20 +0100)]
acme: fix buffer overrun in xfidutfread() and xfidruneread(), cleanup
the utf8 buffers b1 where allocated from fbufalloc() which gives
us BUFSIZE bytes, but Xfid->count can be bigger than that. so just
emalloc() the requested number of bytes.
when converting from Runes to utf-8, we have to account for the
terminating '\0' byte snprint() places, so fix the maxrune number
calculation instead of using BUFSIZE+1 as buffer size.
A buffer can be overflowed in the init function of kbmap.c by using a filename of more than 112 characters.
sample output:
% cd /sys/lib/kbmap
% touch aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
% kbmap
kbmap 1974: suicide: sys: trap: fault write addr=0xa6a96510 pc=0x000011df
offending code is most likely the call to sprint in the init function of /sys/src/cmd/kbmap.c,
which in this case writes /sys/lib/kbmap/$file to a 128-bit buffer.
I'm willing to submit a patch for this myself along with a few minor improvements/fixes to kbmap
if I can figure out the nuances of doing so.
cinap_lenrek [Tue, 9 Dec 2014 21:26:30 +0000 (22:26 +0100)]
bootrc: do not pass authserver with -a flag to factotum, handle multiple secstore addresses
factotum is started in bootrc before the network is setup
(as we need it to negotiate wpa key for wifi). once, the network
is setup, the bootstrap authservers are passed in /net/ndb,
which factotum reads when doing bootstrap authdial. it does
this only when no authserver was specified earlier! but we
want net.rc to select the proper bootstrap authserver...
the $secstore variable takes precedence over $auth. as
there is no connection server yet, we have to select the set
of servers here and pass them to secstore with -s flag.
note that this will work if multiple addresses where
specified.
cinap_lenrek [Mon, 8 Dec 2014 18:19:53 +0000 (19:19 +0100)]
ethervirtio: feature negotiation, allow setting mac address, dont read isr from ifstatus, avoid indirection
- properly negotiate Fctrlrx feature bit for promisc and multicast.
- allow setting mac address with ea= option from plan9.ini
- dont read the isr register from ifstats() as it has the side effect of reseting isr status
- embedd the Vqueue array in the Ctlr structure avoiding indirection
- add a interrupt counter Vqueue.nintr for statistical purposes
- only read network status register if the feature has been negotiated
- change name to "virtio" as "ethervirtio" is kind of redundant
cinap_lenrek [Mon, 8 Dec 2014 00:26:07 +0000 (01:26 +0100)]
ndb/dns: ignore terminating authoritative flag for no-answer when more nameservers are provided
continue recursing when we get empty but non-negative answer
from a (claimed) authoritative nameserer that provides more
nameservers.
this fixes wordpress dns:
63766.3: sending to 192.0.80.93/ns1.wordpress.com bossypally.files.wordpress.com ip
63766: rcvd OK from 192.0.80.93 (authoritative)
Q: bossypally.files.wordpress.com ip
Auth: files.wordpress.com 5 min ns mdns1.wordpress.com
files.wordpress.com 5 min ns mdns2.wordpress.com
files.wordpress.com 5 min ns mdns3.wordpress.com
files.wordpress.com 5 min ns mdns4.wordpress.com
files.wordpress.com 5 min ns mdns5.wordpress.com
Hint: mdns1.wordpress.com 4 hr ip 192.0.75.7
mdns2.wordpress.com 4 hr ip 198.181.117.7
mdns3.wordpress.com 4 hr ip 198.181.116.7
mdns4.wordpress.com 4 hr ip 198.181.118.7
mdns5.wordpress.com 4 hr ip 192.0.74.7
63766.4: sending to 192.0.75.7/mdns1.wordpress.com bossypally.files.wordpress.com ip
63766: rcvd OK from 192.0.75.7 (authoritative)
Q: bossypally.files.wordpress.com ip
Ans: bossypally.files.wordpress.com 5 min ip 192.0.72.2
bossypally.files.wordpress.com 5 min ip 192.0.72.3
----------------------------
answer bossypally.files.wordpress.com 5 min ip 192.0.72.2
answer bossypally.files.wordpress.com 5 min ip 192.0.72.3
----------------------------
note the authoritative flag in the first response from ns1.wordpress.com that
would otherwise terminate the search.
cinap_lenrek [Sun, 7 Dec 2014 16:58:51 +0000 (17:58 +0100)]
ethervirtio: implement promisc and multicast mode, cleanup
add vctlcmd() function to setup and comlete control commands.
handle Vctlq and implement promiscuous and multicast mode commands.
remove Vqueue.block[] and Vqueue.header. these are not properties
of the queue (Vctlq as no block array).
the block[] array only needs to be half the queue size as we use
two descriptors per packet.
fix broken shutdown() and remove useless ctl() function.
cinap_lenrek [Sat, 22 Nov 2014 16:23:46 +0000 (17:23 +0100)]
pc, pc64: more conservative pcirouting
when we hit a conflict where the pci INTL register gives us
a different irq than we get from southbridge irq router, dont
just change the router setting to the bios assigned irq (that
was previously known as the BIOS workarround), but assume the
southbridge setting to be valid and change the pci INTL register
on the device to it.
only when the router link doesnt seem to be configured or
disabled, then program the router to the irq that bios asisgned
in the INTL register.
the reason is that changing the router setting changes the
irq routing for *all* devices on the same link and changing
it breaks previously checked and valid interrupt routings.
(so happend with virtualbox where the last device on the bus
is some powermanagement device that has wrong INTL setting
and changing the routing breaks the ethernet interrupts)
this change shouldnt affect modern machines which use ioapic
and mp tables or acpi for pci interrupt routing.
cinap_lenrek [Thu, 20 Nov 2014 18:05:43 +0000 (19:05 +0100)]
pc, pc64: preserve last KB of conventional memory (might contain bios tables)
we add new function convmemsize() that returns the size of
*usable* conventional memory that does some sanity checking
and reserves the last KB below the top of memory pointer.
this avoids lowraminit() overriding potential bios tables
and sigsearch() going off the rails looking for tables
at above 640K.
cinap_lenrek [Tue, 18 Nov 2014 15:07:34 +0000 (16:07 +0100)]
games/snes: flush screen in parallel to audio (fixes buffer underruns on x200s)
the x200s is too slow on a single core to keep up without
audio buffer underruns, so the idea is to flush screen
in parallel to witing audio samples in a separate process.
with the proc, we also can keep updating the screen on resize
when paused.
cinap_lenrek [Mon, 17 Nov 2014 09:12:29 +0000 (10:12 +0100)]
audiohda: add pci ids for Intel 8 Series Lynx Point (thanks quux)
Based on OpenBSD driver:
- /sys/dev/pci/azalia.c rev 1.209
- /sys/dev/pci/pcidevs rev 1.1689
- only tested on amd64; machine is an Acer V5-573G
exact model: V5-573G-74518G1Takk
cinap_lenrek [Sat, 15 Nov 2014 10:43:05 +0000 (11:43 +0100)]
pc64: get rid of fixed 8MB INIMAP and dynamically map KZERO-end in l.s
traditionally, the pc kernel mapped the first 8MB of physical
address space. when the kernel size grows beyond that memory mapping,
it will crash on boot and theres no checking in the build process
making sure it fits.
with the pc64 kernel, it is not hard to always map the whole
kernel memory image from KZERO to end[], so that the kernel will
always fit into the initial mapping.
cinap_lenrek [Mon, 10 Nov 2014 11:13:07 +0000 (12:13 +0100)]
ether8169: add support for RTL8411B (thanks quux)
from quux 9fans post:
- based on the following changes in FreeBSD/OpenBSD:
http://svnweb.freebsd.org/base?view=revision&revision=257305
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/dev/ic/re.c.diff?r1=1.144&r2=1.145&f=h
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/dev/ic/rtl81x9reg.h.diff?r1=1.76&r2=1.77&f=h
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/dev/ic/rtl81x9reg.h.diff?r1=1.83&r2=1.84&f=h
- sysinfo _with_ patch, on amd64 (please disregard non-working audio and iwl stuff):
http://sysinfo.9front.org/src/86/body
- tested only on amd64; machine is an Acer V5-573G (exact model: V5-573G-74518G1Takk)
cinap_lenrek [Fri, 7 Nov 2014 11:51:59 +0000 (12:51 +0100)]
fix dangerous werrstr() usages
werrstr() takes a format string as its first argument.
a common error is to pass user controlled string buffers
into werrstr() that might contain format string escapes
causing werrstr() to take bogus arguments from the stack
and crash.
so instead of doing:
werrstr(buf);
we want todo:
werrstr("%s", buf);
or if we have a local ERRMAX sized buffer that we can override:
errstr(buf, sizeof buf);
cinap_lenrek [Fri, 7 Nov 2014 07:42:19 +0000 (08:42 +0100)]
libc: import cleaned up syslog() function from sources
this fixes a potential format string problem where the
error string is passed to werrstr() as fmt. also, the
directory comparsion is simplified in this version using
a helper function.
cinap_lenrek [Fri, 7 Nov 2014 07:10:19 +0000 (08:10 +0100)]
libc: improve dial error handling
when dial is called with a generic dialstring, it will try
/net and /net.alt in sequence. error out if the /net dial
gets interrupted and do not continue dialing /net.alt.
reduce stack usage by using the swaping nature of errstr()
instead of keeping two error string buffers on the stack.
cinap_lenrek [Fri, 7 Nov 2014 04:21:42 +0000 (05:21 +0100)]
devproc: reset p->pdbg under p->debug qlock in procstopwait()
theres a race where procstopwait() is interrupted by a note,
setting p->pdbg to nil *before* acquiering the lock and
and pexit() and procctl() accessing it assuming it doesnt
change under them while they are holding the lock.
mischief [Thu, 6 Nov 2014 01:24:55 +0000 (17:24 -0800)]
libc: allow dial to be interrupted
previously, if dial was interrupted by an alarm or other note while connecting to a host that resolved to multiple ips, dial would ignore the interruption and try the next host. now dial properly returns with error when it is interrupted.
cinap_lenrek [Wed, 5 Nov 2014 19:42:47 +0000 (20:42 +0100)]
termrc: setup mouse when we have a framebuffer
previously, we setup mouse only when vgasize= was specifid in
plan9.ini. with efi systems, the framebuffer is already setup
for us and theres no requirement for going thru aux/vga setup,
but we still want to setup the mouse.
so do the mouseport= check once theres a framebuffer by testing
the existence of '#i/winname' (which fails when thers no
framebuffer).
cinap_lenrek [Tue, 4 Nov 2014 04:52:42 +0000 (05:52 +0100)]
pc: enable page size extension early in apbootstrap
vmware in efi mode brings application processors up
with CR4 = 0 (pse disabled) which makes us page fault
when accessing the ap's pdb which might be in a 4MB
mapping when the boot processor used pse to setup
page tables.
so we unconditionally enable pse in apbootstrap
(and disable pae in case of surprises).