PERFORCE change 38317 for review
Marcel Moolenaar
marcel at FreeBSD.org
Fri Sep 19 21:44:42 PDT 2003
http://perforce.freebsd.org/chv.cgi?CH=38317
Change 38317 by marcel at marcel_nfs on 2003/09/19 21:44:25
IFC @38316
Affected files ...
.. //depot/projects/ia64/release/doc/en_US.ISO8859-1/errata/article.sgml#27 integrate
.. //depot/projects/ia64/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#127 integrate
.. //depot/projects/ia64/share/man/man4/uart.4#3 integrate
.. //depot/projects/ia64/sys/kern/sched_ule.c#25 integrate
.. //depot/projects/ia64/sys/kern/vfs_subr.c#55 integrate
Differences ...
==== //depot/projects/ia64/release/doc/en_US.ISO8859-1/errata/article.sgml#27 (text+ko) ====
@@ -38,7 +38,7 @@
The &os; Project
</corpauthor>
- <pubdate>$FreeBSD: src/release/doc/en_US.ISO8859-1/errata/article.sgml,v 1.49 2003/09/16 23:25:48 bmah Exp $</pubdate>
+ <pubdate>$FreeBSD: src/release/doc/en_US.ISO8859-1/errata/article.sgml,v 1.50 2003/09/20 00:17:52 bmah Exp $</pubdate>
<copyright>
<year>2000</year>
@@ -157,6 +157,15 @@
security fix branch. For more details, refer to security
advisory
<ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:12.openssh.asc">FreeBSD-SA-03:12</ulink>.</para>
+
+ <para><application>sendmail</application> contains a
+ remotely-exploitable buffer overflow. This bug has been fixed
+ via a new version import on the &release.branch; development
+ branch and via a vendor-supplied patch on the &release.prev;
+ security fix branch. More details can be found in security
+ advisory
+ <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:13.sendmail.asc">FreeBSD-SA-03:13</ulink>.</para>
+
]]>
</sect1>
==== //depot/projects/ia64/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#127 (text+ko) ====
@@ -3,7 +3,7 @@
<corpauthor>The FreeBSD Project</corpauthor>
- <pubdate>$FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 1.625 2003/09/19 23:23:55 gshapiro Exp $</pubdate>
+ <pubdate>$FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 1.626 2003/09/20 00:01:29 bmah Exp $</pubdate>
<copyright>
<year>2000</year>
@@ -141,6 +141,11 @@
security advisory
<ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:12.openssh.asc">FreeBSD-SA-03:12</ulink>. &merged;</para>
+ <para>A buffer overflow in <application>sendmail</application> has
+ been fixed. More information can be found in security advisory
+ <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:13.sendmail.asc">FreeBSD-SA-03:13</ulink>.
+ &merged;</para>
+
</sect2>
<sect2 id="kernel">
@@ -569,10 +574,10 @@
architectures.</para>
<para>The supported release of <application>GNOME</application> has
- been updated from 2.2.1 to 2.2.2. &merged;</para>
+ been updated from 2.2.1 to 2.4. &merged;</para>
<para>The supported release of <application>KDE</application> has
- been updated from 3.1.2 to 3.1.3. &merged;</para>
+ been updated from 3.1.2 to 3.1.4. &merged;</para>
</sect2>
==== //depot/projects/ia64/share/man/man4/uart.4#3 (text+ko) ====
@@ -23,7 +23,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $FreeBSD: src/share/man/man4/uart.4,v 1.3 2003/09/07 16:34:03 hmp Exp $
+.\" $FreeBSD: src/share/man/man4/uart.4,v 1.4 2003/09/20 04:13:16 marcel Exp $
.\"
.Dd August 25, 2003
.Dt UART 4
@@ -114,4 +114,4 @@
.Fx 5.2 .
.Sh AUTHORS
This manual page was written by
-.An Marcel Molenaar Aq marcel at FreeBSD.ORG .
+.An Marcel Moolenaar Aq marcel at xcllnt.net .
==== //depot/projects/ia64/sys/kern/sched_ule.c#25 (text+ko) ====
@@ -25,7 +25,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/kern/sched_ule.c,v 1.55 2003/08/26 11:33:15 davidxu Exp $");
+__FBSDID("$FreeBSD: src/sys/kern/sched_ule.c,v 1.56 2003/09/20 02:05:58 jeff Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -718,15 +718,17 @@
/*
* Adjust counters and watermark for pctcpu calc.
*/
-
- /*
- * Shift the tick count out so that the divide doesn't round away
- * our results.
- */
- ke->ke_ticks <<= 10;
- ke->ke_ticks = (ke->ke_ticks / (ke->ke_ltick - ke->ke_ftick)) *
- SCHED_CPU_TICKS;
- ke->ke_ticks >>= 10;
+ if (ke->ke_ltick > ticks - SCHED_CPU_TICKS) {
+ /*
+ * Shift the tick count out so that the divide doesn't
+ * round away our results.
+ */
+ ke->ke_ticks <<= 10;
+ ke->ke_ticks = (ke->ke_ticks / (ticks - ke->ke_ftick)) *
+ SCHED_CPU_TICKS;
+ ke->ke_ticks >>= 10;
+ } else
+ ke->ke_ticks = 0;
ke->ke_ltick = ticks;
ke->ke_ftick = ke->ke_ltick - SCHED_CPU_TICKS;
}
@@ -1307,7 +1309,6 @@
*/
if (ke->ke_ltick < (ticks - (hz / 2)))
sched_pctcpu_update(ke);
-
/* How many rtick per second ? */
rtick = min(ke->ke_ticks / SCHED_CPU_TIME, SCHED_CPU_TICKS);
pctcpu = (FSCALE * ((FSCALE * rtick)/realstathz)) >> FSHIFT;
==== //depot/projects/ia64/sys/kern/vfs_subr.c#55 (text+ko) ====
@@ -43,7 +43,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/kern/vfs_subr.c,v 1.456 2003/09/19 19:13:54 kan Exp $");
+__FBSDID("$FreeBSD: src/sys/kern/vfs_subr.c,v 1.458 2003/09/20 00:21:48 jeff Exp $");
#include "opt_ddb.h"
#include "opt_mac.h"
@@ -744,7 +744,6 @@
vnlru_proc(void)
{
struct mount *mp, *nmp;
- int s;
int done;
struct proc *p = vnlruproc;
struct thread *td = FIRST_THREAD_IN_PROC(p); /* XXXKSE */
@@ -754,7 +753,6 @@
EVENTHANDLER_REGISTER(shutdown_pre_sync, kproc_shutdown, p,
SHUTDOWN_PRI_FIRST);
- s = splbio();
for (;;) {
kthread_suspend_check(p);
mtx_lock(&vnode_free_list_mtx);
@@ -791,7 +789,6 @@
tsleep(vnlruproc, PPAUSE, "vlrup", hz * 3);
}
}
- splx(s);
}
static struct kproc_desc vnlru_kp = {
@@ -1107,7 +1104,7 @@
int slpflag, slptimeo;
{
struct buf *blist;
- int s, error;
+ int error;
vm_object_t object;
GIANT_REQUIRED;
@@ -1116,19 +1113,16 @@
VI_LOCK(vp);
if (flags & V_SAVE) {
- s = splbio();
while (vp->v_numoutput) {
vp->v_iflag |= VI_BWAIT;
error = msleep(&vp->v_numoutput, VI_MTX(vp),
slpflag | (PRIBIO + 1), "vinvlbuf", slptimeo);
if (error) {
VI_UNLOCK(vp);
- splx(s);
return (error);
}
}
if (!TAILQ_EMPTY(&vp->v_dirtyblkhd)) {
- splx(s);
VI_UNLOCK(vp);
if ((error = VOP_FSYNC(vp, cred, MNT_WAIT, td)) != 0)
return (error);
@@ -1137,14 +1131,11 @@
* enabled under INVARIANTS
*/
VI_LOCK(vp);
- s = splbio();
if (vp->v_numoutput > 0 ||
!TAILQ_EMPTY(&vp->v_dirtyblkhd))
panic("vinvalbuf: dirty bufs");
}
- splx(s);
}
- s = splbio();
/*
* If you alter this loop please notice that interlock is dropped and
* reacquired in flushbuflist. Special care is needed to ensure that
@@ -1166,7 +1157,6 @@
break;
}
if (error) {
- splx(s);
VI_UNLOCK(vp);
return (error);
}
@@ -1191,8 +1181,6 @@
} while (vp->v_numoutput > 0);
VI_UNLOCK(vp);
- splx(s);
-
/*
* Destroy the copy in the VM cache, too.
*/
@@ -1298,7 +1286,7 @@
{
register struct buf *bp;
struct buf *nbp;
- int s, anyfreed;
+ int anyfreed;
int trunclbn;
/*
@@ -1306,7 +1294,6 @@
*/
trunclbn = (length + blksize - 1) / blksize;
- s = splbio();
ASSERT_VOP_LOCKED(vp, "vtruncbuf");
restart:
VI_LOCK(vp);
@@ -1390,8 +1377,6 @@
msleep(&vp->v_numoutput, VI_MTX(vp), PVM, "vbtrunc", 0);
}
VI_UNLOCK(vp);
- splx(s);
-
vnode_pager_setsize(vp, length);
return (0);
@@ -1616,8 +1601,6 @@
register struct vnode *vp;
register struct buf *bp;
{
- int s;
-
KASSERT(bp->b_vp == NULL, ("bgetvp: not free"));
KASSERT((bp->b_xflags & (BX_VNDIRTY|BX_VNCLEAN)) == 0,
@@ -1630,9 +1613,7 @@
/*
* Insert onto list for new vnode.
*/
- s = splbio();
buf_vlist_add(bp, vp, BX_VNCLEAN);
- splx(s);
}
/*
@@ -1643,7 +1624,6 @@
register struct buf *bp;
{
struct vnode *vp;
- int s;
KASSERT(bp->b_vp != NULL, ("brelvp: NULL"));
@@ -1651,7 +1631,6 @@
* Delete from old vnode list, if on one.
*/
vp = bp->b_vp;
- s = splbio();
VI_LOCK(vp);
if (bp->b_xflags & (BX_VNDIRTY | BX_VNCLEAN))
buf_vlist_remove(bp);
@@ -1662,11 +1641,10 @@
mtx_unlock(&sync_mtx);
}
vdropl(vp);
- VI_UNLOCK(vp);
bp->b_vp = (struct vnode *) 0;
if (bp->b_object)
bp->b_object = NULL;
- splx(s);
+ VI_UNLOCK(vp);
}
/*
@@ -1675,9 +1653,8 @@
static void
vn_syncer_add_to_worklist(struct vnode *vp, int delay)
{
- int s, slot;
+ int slot;
- s = splbio();
ASSERT_VI_LOCKED(vp, "vn_syncer_add_to_worklist");
mtx_lock(&sync_mtx);
@@ -1692,8 +1669,6 @@
LIST_INSERT_HEAD(&syncer_workitem_pending[slot], vp, v_synclist);
mtx_unlock(&sync_mtx);
-
- splx(s);
}
struct proc *updateproc;
@@ -1715,7 +1690,6 @@
struct vnode *vp;
struct mount *mp;
long starttime;
- int s;
struct thread *td = FIRST_THREAD_IN_PROC(updateproc); /* XXXKSE */
mtx_lock(&Giant);
@@ -1732,13 +1706,11 @@
* Push files whose dirty time has expired. Be careful
* of interrupt race on slp queue.
*/
- s = splbio();
mtx_lock(&sync_mtx);
slp = &syncer_workitem_pending[syncer_delayno];
syncer_delayno += 1;
if (syncer_delayno == syncer_maxdelay)
syncer_delayno = 0;
- splx(s);
while ((vp = LIST_FIRST(slp)) != NULL) {
mtx_unlock(&sync_mtx);
@@ -1749,7 +1721,6 @@
VOP_UNLOCK(vp, 0, td);
vn_finished_write(mp);
}
- s = splbio();
mtx_lock(&sync_mtx);
if (LIST_FIRST(slp) == vp) {
mtx_unlock(&sync_mtx);
@@ -1775,7 +1746,6 @@
VI_UNLOCK(vp);
mtx_lock(&sync_mtx);
}
- splx(s);
}
mtx_unlock(&sync_mtx);
@@ -1899,13 +1869,14 @@
register struct buf *bp;
register struct vnode *newvp;
{
+ struct vnode *vp;
int delay;
- int s;
if (newvp == NULL) {
printf("reassignbuf: NULL");
return;
}
+ vp = bp->b_vp;
++reassignbufcalls;
/*
@@ -1915,24 +1886,25 @@
if (bp->b_flags & B_PAGING)
panic("cannot reassign paging buffer");
- s = splbio();
/*
* Delete from old vnode list, if on one.
*/
- VI_LOCK(bp->b_vp);
+ VI_LOCK(vp);
if (bp->b_xflags & (BX_VNDIRTY | BX_VNCLEAN)) {
buf_vlist_remove(bp);
- if (bp->b_vp != newvp) {
+ if (vp != newvp) {
vdropl(bp->b_vp);
bp->b_vp = NULL; /* for clarification */
}
}
- VI_UNLOCK(bp->b_vp);
+ if (vp != newvp) {
+ VI_UNLOCK(vp);
+ VI_LOCK(newvp);
+ }
/*
* If dirty, put on list of dirty buffers; otherwise insert onto list
* of clean buffers.
*/
- VI_LOCK(newvp);
if (bp->b_flags & B_DELWRI) {
if ((newvp->v_iflag & VI_ONWORKLST) == 0) {
switch (newvp->v_type) {
@@ -1967,7 +1939,6 @@
vholdl(bp->b_vp);
}
VI_UNLOCK(newvp);
- splx(s);
}
/*
@@ -2306,13 +2277,9 @@
vholdl(vp)
register struct vnode *vp;
{
- int s;
-
- s = splbio();
vp->v_holdcnt++;
if (VSHOULDBUSY(vp))
vbusy(vp);
- splx(s);
}
/*
@@ -2331,9 +2298,6 @@
vdropl(vp)
register struct vnode *vp;
{
- int s;
-
- s = splbio();
if (vp->v_holdcnt <= 0)
panic("vdrop: holdcnt");
vp->v_holdcnt--;
@@ -2341,7 +2305,6 @@
vfree(vp);
else
vlruvp(vp);
- splx(s);
}
/*
@@ -2621,13 +2584,14 @@
VI_LOCK(vp);
v_incr_usecount(vp, -1);
if (vp->v_usecount <= 0) {
-#ifdef DIAGNOSTIC
+#ifdef INVARIANTS
if (vp->v_usecount < 0 || vp->v_writecount != 0) {
vprint("vclean: bad ref count", vp);
panic("vclean: ref cnt");
}
#endif
- vfree(vp);
+ if (VSHOULDFREE(vp))
+ vfree(vp);
}
VI_UNLOCK(vp);
}
@@ -2741,8 +2705,6 @@
struct vnode *vp;
struct thread *td;
{
- int s;
-
/*
* If a vgone (or vclean) is already in progress,
* wait until it is done and return.
@@ -2791,7 +2753,6 @@
*/
VI_LOCK(vp);
if (vp->v_usecount == 0 && !(vp->v_iflag & VI_DOOMED)) {
- s = splbio();
mtx_lock(&vnode_free_list_mtx);
if (vp->v_iflag & VI_FREE) {
TAILQ_REMOVE(&vnode_free_list, vp, v_freelist);
@@ -2801,7 +2762,6 @@
}
TAILQ_INSERT_HEAD(&vnode_free_list, vp, v_freelist);
mtx_unlock(&vnode_free_list_mtx);
- splx(s);
}
vp->v_type = VBAD;
@@ -3288,10 +3248,7 @@
vfree(vp)
struct vnode *vp;
{
- int s;
-
ASSERT_VI_LOCKED(vp, "vfree");
- s = splbio();
mtx_lock(&vnode_free_list_mtx);
KASSERT((vp->v_iflag & VI_FREE) == 0, ("vnode already free"));
if (vp->v_iflag & VI_AGE) {
@@ -3303,7 +3260,6 @@
mtx_unlock(&vnode_free_list_mtx);
vp->v_iflag &= ~VI_AGE;
vp->v_iflag |= VI_FREE;
- splx(s);
}
/*
@@ -3313,9 +3269,6 @@
vbusy(vp)
struct vnode *vp;
{
- int s;
-
- s = splbio();
ASSERT_VI_LOCKED(vp, "vbusy");
KASSERT((vp->v_iflag & VI_FREE) != 0, ("vnode not free"));
@@ -3325,7 +3278,6 @@
mtx_unlock(&vnode_free_list_mtx);
vp->v_iflag &= ~(VI_FREE|VI_AGE);
- splx(s);
}
/*
@@ -3559,7 +3511,7 @@
/*
* The syncer vnode is no longer needed and is being decommissioned.
*
- * Modifications to the worklist must be protected at splbio().
+ * Modifications to the worklist must be protected by sync_mtx.
*/
static int
sync_reclaim(ap)
@@ -3568,11 +3520,9 @@
} */ *ap;
{
struct vnode *vp = ap->a_vp;
- int s;
- s = splbio();
+ VI_LOCK(vp);
vp->v_mount->mnt_syncer = NULL;
- VI_LOCK(vp);
if (vp->v_iflag & VI_ONWORKLST) {
mtx_lock(&sync_mtx);
LIST_REMOVE(vp, v_synclist);
@@ -3580,7 +3530,6 @@
vp->v_iflag &= ~VI_ONWORKLST;
}
VI_UNLOCK(vp);
- splx(s);
return (0);
}
More information about the p4-projects
mailing list