| Age | Commit message (Collapse) | Author |
|---|
|
* boot/Makefile (COMMON-OBJS): Do not build server stubs for the
bootstrap protocol.
Remove all UX-related variables and targets.
* boot/boot.c: Remove all UX-related definitions and includes.
* boot/frank1.ld: Delete file.
* boot/frankemul.ld: Likewise.
* boot/mach-crt0.c: Likewise.
* boot/sigvec.S: Likewise.
* boot/syscall.S: Likewise.
* boot/ux.c: Likewise.
* boot/ux.h: Likewise.
|
|
* NEWS: Update.
* boot/Makefile (MIGSTUBS): Build stubs for the new kernel interfaces.
(MIGSFLAGS): Include mutation file.
(HURDLIBS): Link against libihash.
* boot/boot.c (privileged, want_privileged): New variables.
(pseudo_privileged_host_port): New variable.
(pseudo_pset, pseudo_kernel): Likewise.
(task_notification_port): Likewise.
(dead_task_notification_port): Likewise.
(boot_demuxer): Handle new protocols.
(OPT_PRIVILEGED): New macro.
(options): Add flag '--privileged' to enable the old mode.
(parse_opt): Handle new flag.
(allocate_pseudo_ports): New function.
(main): Handle new flag. If not running privileged, allocate more
pseudo ports to hand out in place of privileged kernel ports, create a
task namespace, and a task that the Subhurd can frob instead of the
real kernel task.
(do_mach_notify_dead_name): Handle dying tasks.
(S_vm_set_default_memory_manager): New function.
(S_host_reboot): Likewise.
(S_host_processor_set_priv): Likewise.
(S_register_new_task_notification): Likewise.
(task_ihash_cleanup): Likewise.
(task_ihash): New variable.
(task_died): New function.
(S_mach_notify_new_task): Likewise.
(S_processor_set_tasks): Likewise.
* boot/mig-decls.h: New file.
* boot/mig-mutate.h: Likewise.
|
|
* boot/boot.c (host_exit): Make it a function and restore the terminal state.
|
|
|
|
* proc/mgt.c (S_mach_notify_new_task): Fix receiver handling, fix port
leak.
* proc/mig-mutate.h: Mutate the task notification protocol.
|
|
* boot/boot.c (main): Ignore EINTR in the loop processing stdin.
|
|
* libports/manage-multithread.c (adjust_priorities): Avoid displaying
error messages if we do not have the privileged processor set port by
treating this error condition like EPERM.
* proc/main.c (increase_priority, main): Likewise.
|
|
* procfs/rootdir.c (rootdir_gc_meminfo): Just omit the swap
information if the default pager is unreachable.
|
|
by fixing the subsystem name into containing _request.
* hurd/auth_request.defs: Set subsystem name to auth_request.
* hurd/io_request.defs: Set subsystem name to io_request.
* hurd/process_request.defs: Set subsystem name to process_request.
|
|
* libfshelp/fetch-control.c (fshelp_fetch_control): Check if the
control port is still alive, or deallocate the dead name, record the
fact in the transbox, and return MACH_PORT_NULL.
|
|
* console-client/trans.c (console_setup_node): Remove 'bootstrap'.
|
|
* ext2fs/ext2fs.h (disk_cache_block_deref): Replace with a macro that
NULLs the given pointer.
(dino_deref): Likewise.
* ext2fs/pager.c (disk_cache_block_deref): Rename.
* ext2fs/pokel.c (pokel_add): Adapt.
(pokel_exec): Likewise.
|
|
* ext2fs/ext2fs.h (sync_global_pointer): Rename 'bptr' so that it
doesn't collide with the macro 'bptr'.
|
|
* trans/crash.c (corefile_template_lock): New variable.
(S_crash_dump_task): Serialize access to 'corefile_template'.
(parse_opt): Likewise. Also strdup the template.
(trivfs_append_args): Serialize access to 'corefile_template'.
|
|
* trans/crash.c (parse_opt): Use empty core file templates to disable
the feature.
|
|
* trans/crash.c (parse_opt): Avoid 'error' in favor of the appropriate
argp error reporting mechanism.
* trans/remap.c (parse_opt): Likewise.
* utils/msgids.c (parse_opt): Likewise.
|
|
* ext2fs/ext2fs.c (options): Disable '--sblock', this has never been
implemented.
(parse_opt): Likewise.
|
|
* libdiskfs/file-set-trans.c (diskfs_S_file_set_translator): When
setting a short-circuited translator, clear the translator record
first. Improve error handling.
This notably fixes a crash in ext2fs when setting a symlink on a node
with an existing translator record.
|
|
* utils/fakeroot.sh (FAKED_MODE): Set to unknown-is-root.
|
|
* random/gnupg-random.c (mix_pool): Store the first hash at the end of
the pool.
--
This fixes a long standing bug (since 1998) in Libgcrypt and GnuPG.
An attacker who obtains 580 bytes of the random number from the
standard RNG can trivially predict the next 20 bytes of output.
The bug was found and reported by Felix Dörre and Vladimir Klebanov,
Karlsruhe Institute of Technology. A paper describing the problem in
detail will shortly be published.
This is a port of c6dbfe89 from the GnuPG classic branch.
CVE-id: CVE-2016-6313
|
|
* init/init.c (main): Run /libexec/runsystem.hurd instead of
/etc/hurd/runsystem.hurd.
|
|
* daemons/runsystem.hurd: Rename to daemons/runsystem.hurd.sh
* daemons/Makefile (targets): Add runsystem.hurd
(special-targets): Likewise.
(runsystem.hurd): New rule, simply depends on runsystem.hurd.sh
|
|
* libfshelp/translator-list.c (translator_ihash_cleanup): Release reference.
(fshelp_set_active_translator): Acquire reference
|
|
* startup/startup.c (launch_something): Always increment TRY even on
success, so that if runsystem unexpectedly returns, we get to try a shell
instead.
|
|
Thanks Brent W. Baccala for the report.
* starpu/startup.c (launch_something): Always increment TRY while looping
over runsystem possibilities.
|
|
Falling back from the io_map method needs to handle the "anywhere" flag too
by updating MAPSTART.
* exec/exec.c (write_to_task): Turn MAPSTART parameter into a reference to
the address. Fix usage accordingly.
(load_section): Pass address of MAPSTART to write_to_task so it can update
it.
|
|
It is just a warning, not a fatal error.
* libdiskfs/init-startup.c (_diskfs_init_completed): Prefix warning about
requesting shutdown nofication with "warning:".
* random/random.c (main): Likewise.
|
|
or called with a small array.
This notably happens when using a sub-exec, see BZ #48919.
* exec/hashexec.c (check_hashbang): Check std_nports before accessing
std_ports.
|
|
|
|
* trans/remap.c (parse_opt): Error out if some path is not absolute.
|
|
It happens that the link script for ld.so contains a hole, which might thus
leave an empty page between the text and the data. When loading a small pic
program, its text would then fit in there, and loading the data right after
it would fail. We here rather force all pic loads to be mapped
contiguously, starting from the place that was allocated for the first pic
load.
* exec/exec.c (load_section): Return the address of the end of the section.
(load): Take the address to be used for loading pic objects as parameter,
force pic objects there if it is not zero, and compute and return the
address to be used for the next pic object.
(do_exec): Pass addresses for pic loads between calls to load().
|
|
This will now display the 'argv: data_t' argument of file_exec
as e.g. "who\0am\0i\0" rather than just "who". In contrast,
the 'file_name: string_t' argument of dir_lookup will still be
truncated at the first null character.
The previous implementation might crash if an out-of-line
char array exactly fills a page and does not contain any
null characters.
* utils/rpctrace.c (print_data): On MACH_MSG_TYPE_STRING and
MACH_MSG_TYPE_CHAR, check for end of buffer before checking for a null
character. On MACH_MSG_TYPE_CHAR only, continue printing past null
characters.
|
|
* mach-defpager/default_pager.c (destroy_paging_partition): Add missing
unlock when destroying partition fails.
|
|
* mach-defpager/default_pager.c (pager_dealloc_page, pager_read_offset,
pager_write_offset, default_read, default_write, destroy_paging_partition,
seqnos_memory_object_terminate, seqnos_memory_object_data_request,
seqnos_memory_object_data_initialize): Fix debugging prints formats.
|
|
It was used long ago, poses problems to readline, and currently conflicts
with TAB1
Thanks Kalle Olavi Niemitalo for the report and rationale
* term/munge.c (output_character): Do not handle OTILDE.
(output_width): Likewise.
* term/term.h (OTILDE): Drop macro definition.
* term/users.c (open_hook): Do not check OTILDE flag.
|
|
Add an option to specify a template used to construct core file names.
This way core files can be collected at a predictable central
location.
* hurd/crash.defs (crash_dump_task): Return EEXIST if the core file
has been written elsewhere.
* trans/crash.c (corefile_template): New variable.
(template_valid): New function.
(template_make_file_name): Likewise.
(S_crash_dump_task): Use the template to construct a name, open the
file, and write the core dump there instead of the handle provided by
the caller.
(argp_option): New option.
(doc): Document the format.
(parse_opt): Handle new option
(trivfs_append_args): Likewise.
|
|
* pflocal/socket.c (S_socket_send): Also test for MSG_DONTWAIT in `flags'
for the `noblock' parameter of pipe_send call.
(S_socket_recv): Likewise for pipe_recv call.
|
|
* sutils/Makefile (progs): Add 'bless'.
* sutils/bless.c: New file.
|
|
* proc/mgt.c (S_proc_mark_important): Fix checking whether the
receiver is a child of startup.
|
|
* startup/startup.c (frob_kernel_process): Make the kernel a child of
startup, improve error reporting.
|
|
Add a variant to 'pager_create' that allocates memory for the user
hook next to the pager data increasing locality.
* console/pager.c (pager_clear_user_data): Fix type of 'idx', do not
free 'upi'.
(user_pager_create): Use the new function.
* doc/hurd.texi: Document new function.
* ext2fs/pager.c (pager_clear_user_data): Don't free 'upi'.
(diskfs_get_filemap): Use the new function.
* fatfs/pager.c (pager_clear_user_data): Don't free 'upi'.
(diskfs_get_filemap): Use the new function.
* isofs/pager.c (pager_clear_user_data): Don't free 'upi'.
(diskfs_get_filemap): Use the new function.
* libpager/pager-create.c (_pager_create): New generic allocation
function.
(pager_create): Use the new generic function.
(pager_create_alloc): New function.
* libpager/pager.h (pager_create_alloc): New prototype.
|
|
* proc/main.c: Fix references to the startup server in code and
comments.
* proc/mgt.c: Likewise.
* proc/msg.c: Likewise.
* proc/proc.h: Likewise.
|
|
* pfinet/socket-ops.c (S_socket_recv): Unmap data on error.
|
|
* trans/crash.c (S_crash_dump_task): Fix error handling.
|
|
The descriptor is valid, it is just the mode which is not available.
* console-client/kbd-repeat.c (repeater_select): Drop SELECT_URG flag from
`type'. Return 0 instead of EINVAL if `type' contains SELECT_WRITE.
* console-client/pc-mouse (repeater_select): Likewise.
* trans/mtab.c (trivfs_S_io_select): Return 0 instead of EBADF when the
openmodes do not match the requested modes in `type'.
* trans/new-fifo.c (io_select_common): Likewise.
* trans/fifo.c (io_select_common): Likewise.
* trans/null.c (trivfs_S_io_select): Likewise.
* trans/streamio.c (io_select_common): Likewise.
|
|
Previously, 'task', 'core_file', and 'ctty_id' were not deallocated if
crash was configured to write core files, and 'ctty_id' was leaked if
the crashing task was suspended. This lead to resources not being
released in the kernel, the filesystem, and the terminal subsystem,
and could very well be responsible for making the Debian/Hurd shutdown
hang.
* trans/crash.c (S_crash_dump_task): Properly deallocate 'task',
'core_file', and 'ctty_id'.
|
|
* nfs/cache.c (netfs_node_norefs): Do not re-acquire a reference to
np. This worked previously, but the new reference counting primitives
consider this a use after free. A reference is really not necessary
here, we are about to deallocate np anyway.
Amends 5eef605e.
|
|
* libpipe/pipe.c (pipe_send): Set value pointed to by amount to 0 if
if nothing is written.
|
|
* mach-defpager/kalloc.c (realloc_hook, memalign_hook): New functions.
(init_hook): Set __realloc_hook to realloc_hook and __memalign_hook to
memalign_hook.
|
|
This reverts commit 8c49801c8f7e3f800cabedf8fca8ccec3cf35a22.
The malloc hook is needed for calloc.
|
