cinap_lenrek [Tue, 10 Mar 2015 17:16:08 +0000 (18:16 +0100)]
kernel: fix integer overflow in syssegflush(), segment code cleanup
mcountseg(), mfreeseg():
use Pte.first/last pointers when possible and avoid constructs
like s->map[i]->pages[j].
freepte():
do not zero entries in freepte(), the segment is going away and
here is no point in zeroing page pointers. hoist common code at
the top avoiding duplication.
segpage(), fixfault():
avoid load after store for Pte** pointer.
fixfault():
return -1 in default case to avoid the "used but not set" warning
for mmuphys and get rid of the useless initialization.
syssegflush():
due to len being unsigned, the pe = PGROUND(pe) can make "chunk"
bigger than len causing a overflow. rewrite the function and deal
with page alignment and errors at the beginning.
cinap_lenrek [Sat, 7 Mar 2015 17:59:06 +0000 (18:59 +0100)]
kernel: catch address overflow in syssegfree()
the "to" address can overflow in syssegfree() causing wrong
number of pages to be passed to mfreeseg(). with the current
implementation of mfreeseg() however, this doesnt cause any
data corruption but was just freeing an unexpected number of
pages.
this change checks for this condition in syssegfree() and
errors out instead. also mfreeseg() was changed to take
ulong argument for number of pages instead of int to keep
it consistent with other routines that work with page counts.
cinap_lenrek [Fri, 6 Mar 2015 15:16:45 +0000 (16:16 +0100)]
devsd: always page align sd buffers
sdbio() tests if it can pass the buffer pointer directly to
the driver when it is already in kernel memory. we also need
to check if the buffer is properly aligned but alignment
requirement is handled in system specific sdmalloc() and
was not known to devsd.
to solve this, we *always* page align sd buffers and get rid
of the system specific sdmalloc() macro (was only used in bcm
kernel).
cinap_lenrek [Wed, 4 Mar 2015 09:20:31 +0000 (10:20 +0100)]
libthread: get rid of chaninit() (thanks qrstuv)
chaninit() does not initialize Chan.qentry and Chan.nentry
and there is no way to get rid of such a channel. nobody is
using it, so removing the function to avoid confusion.
cinap_lenrek [Tue, 3 Mar 2015 12:08:29 +0000 (13:08 +0100)]
kernel: fix physical segment handling
ignore physical segments in mcountseg() and mfreeseg(). physical
segments are not backed by user pages, and doing putpage() on
physical segment pages in mfreeseg() is an error.
do now allow physical segemnts to be resized. the segment size
is only checked in segattach() to be within the physical segment!
ignore physical segments in portcountpagerefs() as pagenumber()
does not work on the malloced page structures of a physical segment.
get rid of Physseg.pgalloc() and Physseg.pgfree() indirection as
this was never used and if theres a need to do more efficient
allocation, it should be done in a portable way.
cinap_lenrek [Mon, 2 Mar 2015 10:01:12 +0000 (11:01 +0100)]
libdraw: font->display->defaultsubfont vs. display->defaultsubfont, dead code, malloc erros
it is possible to have fonts belong to different or no display, so the
check for defaultsubfont has to be against font->display, not the global
display variable.
remove unused freeup() routine.
handle strdup() error in allocsubfont() and realloc() error in buildfont().
cinap_lenrek [Sat, 28 Feb 2015 11:50:17 +0000 (12:50 +0100)]
libthread: use devdup instead of mounting pipe to /mnt/temp for close-on-exec in procexec()
the namespace might be shared by other processes. instead, we
create a anonymous pipe with pipe() and use devdup to open one
end close-on-exec. this is shorter and avoids the race condition.
do not touch Execargs after writing the error message as the
process might be gone after the write. this was to manually
close the fd which isnt neccesary as the kernel will do it
for us on the following exit.
cinap_lenrek [Thu, 19 Feb 2015 10:44:16 +0000 (11:44 +0100)]
gs: work arround broken xref table pdfs
rebuilding the xref table does not work for pdfs with
compressed object streams. as a work arround, we skip
xref table verification and ignore wrong xref gen #
for gen 0 objects.
cinap_lenrek [Tue, 17 Feb 2015 05:54:19 +0000 (06:54 +0100)]
tlssrv: fix this mess (thanks burnzez for reporting the issue)
tlsServer() closes the passed in fd, in our case fd=1 leaving it
with no std output which got occupied by pipe() filedescriptor
which it then closed after duping... a classic.
delete all this mess. theres no reason to fork() and copy traffic
on a pipe at all as tlsServer() gives us a perfectly valid filedescriptor.
just dup() and exec() and we'r done.
cinap_lenrek [Sun, 15 Feb 2015 05:22:19 +0000 (06:22 +0100)]
wc: bring back old wc but extended for 21 bit runes
the imported wc from sources is arround 8 times slower
than our old one. it is common to run wc on large log files
to count lines. so i think the implementation complexity
is justified. (just like with grep)
tdalloc() is used to allocate descriptors and the periodic
frame schedule array. on arm, this needs to return uncached
memory. tdalloc()ed memory is never freed.
dmaalloc()/dmafree() is used for io buffers. this can return
cached memory when when hardware maintains cache coherency (pc)
or dmaflush() is provided to flush/invalidate the cache (zynq),
otherwise needs to return uncached memory.
dmaflush() is used to flush/invalidate the cache. the first
argument tells us if we need to flush (non zero) or
invalidate (zero).
uncached.h is gone now. this change makes the handling explicit.
cinap_lenrek [Wed, 11 Feb 2015 22:54:28 +0000 (23:54 +0100)]
libc: check name in getvent()/putenv()
passing "", "." or ".." as name caused a crash in
getenv() as it would open the directory; then seek()
to determine the file size would fail and return -1.
now checking for these special names and set
error string when its bad.
doing a single read() will not work when /env has a
9p fileserver mounted onto it and the file size is bigger
than the i/o unit. so doing incremental reads until
we get eof.
stanley lieber [Sun, 8 Feb 2015 18:19:47 +0000 (13:19 -0500)]
mothra: add side scrolling, controlled by left and right buttons on the keyboard. if desired, x-scrollbar can be set visible via the visxbar variable in mothra.c. (thanks, jpm_)
stanley lieber [Sat, 7 Feb 2015 06:10:35 +0000 (01:10 -0500)]
vgadb: add vid=0x8086 did=0x2a02 for Intel GM965/GL960/X3100; comment recent igfx ctlr definitions with the names of specific chipsets instead of the model numbers of laptops they may ship in
cinap_lenrek [Mon, 2 Feb 2015 01:58:59 +0000 (02:58 +0100)]
aux/vga: use optional edid information to determine mode when vgadb fails
igfx and vesa can determine monitor timing information from ddc
and store the edid info for connected monitors in vga->edid[].
when monitor type cannot be found in vgadb, we consult the edid
information and make a mode based on the edid info.
this avoids having to maintain a vgadb entry for each monitor.
monitor can be set to "[width]x[height]@[freq]Hz" for a specific
edid setting. when not found, a mode is searched based on the
size.
so the following should work:
aux/vga -m 1366x768@60Hz -l 1366x768x32
aux/vga -m auto -l 1366x768x32
cinap_lenrek [Sun, 1 Feb 2015 18:28:24 +0000 (19:28 +0100)]
aux/vga: cleanup vesa code
dbvesamode() modified the passed in size string in the process
of option parsing. this is a no-go because the string might be
constant in the read only section. provide cracksize() function
for the parsing and make a static copy.
do the vendor specific monitor detection in vbesnarf() instead
of vbecheck(). vbecheck()'s purpose is to check if vesa bios
service is avialable, not snarf graphics card state.
nvidiascale() was a no-op because it missed the vbecall() at
the end of the function. this means it was never tested so i
add the missing vbecall(), but disable nvidiascale for now
until someone tests this.
keep fancy stuff out of the Vbe structure. it is just there for
making bios calls, not keep state about the graphics card.
cinap_lenrek [Fri, 30 Jan 2015 12:41:23 +0000 (13:41 +0100)]
wifi: fix recvbeacon()
we used to read beyond the boundaries of the becon because of
the end pointer was offset by the beacon header. this is
also what caused the double entries.
cinap_lenrek [Tue, 27 Jan 2015 21:14:26 +0000 (22:14 +0100)]
devmnt: handle rpc buffer exhaustion on mntflushalloc()
this bug happens when the kernel runs out of mount rpc
buffers when allocating a flush rpc. in this case, mntflushalloc()
will errorjump out of mountio() leaving the currently in
flight rpc in the mount. the caller of mountrpc()/mountio()
frees the rpc thats still queued in the mount leaving
to interesting results.
for the fix, we add a waserror() arround mntflushalloc() and
handle the error case like a mount rpc failure which will
properly dequeue the rpc's in flight.