From 143cc14e17b26a90f1f4060725df7ea635161581 Mon Sep 17 00:00:00 2001 From: Apple Date: Tue, 12 Aug 2003 20:29:23 +0000 Subject: [PATCH] xnu-344.2.tar.gz --- bsd/conf/version.minor | 2 +- bsd/netinet/tcp_input.c | 5 +- bsd/netinet6/esp_input.c | 8 ++ bsd/vfs/vfs_cluster.c | 11 ++- iokit/KernelConfigTables.cpp | 10 +- iokit/conf/version.minor | 2 +- libkern/conf/version.minor | 2 +- libsa/conf/version.minor | 2 +- osfmk/conf/kernelversion.minor | 2 +- osfmk/conf/version.minor | 2 +- osfmk/vm/vm_fault.c | 168 +++++++++++++++++++-------------- pexpert/conf/version.minor | 2 +- 12 files changed, 125 insertions(+), 91 deletions(-) diff --git a/bsd/conf/version.minor b/bsd/conf/version.minor index 573541ac9..d00491fd7 100644 --- a/bsd/conf/version.minor +++ b/bsd/conf/version.minor @@ -1 +1 @@ -0 +1 diff --git a/bsd/netinet/tcp_input.c b/bsd/netinet/tcp_input.c index 2e14bc577..eb294a6a2 100644 --- a/bsd/netinet/tcp_input.c +++ b/bsd/netinet/tcp_input.c @@ -1046,7 +1046,7 @@ findpcb: tp->snd_nxt = tp->snd_max; tp->t_badrxtwin = 0; } - if ((to.to_flag & TOF_TS) != 0) + if (((to.to_flag & TOF_TS) != 0) && (to.to_tsecr != 0)) /* Makes sure we already have a TS */ tcp_xmit_timer(tp, tcp_now - to.to_tsecr + 1); else if (tp->t_rtttime && @@ -2060,8 +2060,9 @@ process_ACK: * Since we now have an rtt measurement, cancel the * timer backoff (cf., Phil Karn's retransmit alg.). * Recompute the initial retransmit timer. + * Also makes sure we have a valid time stamp in hand */ - if (to.to_flag & TOF_TS) + if (((to.to_flag & TOF_TS) != 0) && (to.to_tsecr != 0)) tcp_xmit_timer(tp, tcp_now - to.to_tsecr + 1); else if (tp->t_rtttime && SEQ_GT(th->th_ack, tp->t_rtseq)) tcp_xmit_timer(tp, tp->t_rtttime); diff --git a/bsd/netinet6/esp_input.c b/bsd/netinet6/esp_input.c index 3d5e88900..549b37d41 100644 --- a/bsd/netinet6/esp_input.c +++ b/bsd/netinet6/esp_input.c @@ -214,6 +214,10 @@ esp4_input(m, off) if (!sumalgo) goto noreplaycheck; siz = (((*sumalgo->sumsiz)(sav) + 3) & ~(4 - 1)); + if (m->m_pkthdr.len < off + ESPMAXLEN + siz) { + ipsecstat.in_inval++; + goto bad; + } if (AH_MAXSUMSIZE < siz) { ipseclog((LOG_DEBUG, "internal error: AH_MAXSUMSIZE must be larger than %lu\n", @@ -581,6 +585,10 @@ esp6_input(mp, offp, proto) if (!sumalgo) goto noreplaycheck; siz = (((*sumalgo->sumsiz)(sav) + 3) & ~(4 - 1)); + if (m->m_pkthdr.len < off + ESPMAXLEN + siz) { + ipsecstat.in_inval++; + goto bad; + } if (AH_MAXSUMSIZE < siz) { ipseclog((LOG_DEBUG, "internal error: AH_MAXSUMSIZE must be larger than %lu\n", diff --git a/bsd/vfs/vfs_cluster.c b/bsd/vfs/vfs_cluster.c index fc7004638..df2e73751 100644 --- a/bsd/vfs/vfs_cluster.c +++ b/bsd/vfs/vfs_cluster.c @@ -94,7 +94,7 @@ static int cluster_nocopy_write(struct vnode *vp, struct uio *uio, off_t newEOF, int devblocksize, int flags); static int cluster_phys_read(struct vnode *vp, struct uio *uio, off_t filesize); -static int cluster_phys_write(struct vnode *vp, struct uio *uio); +static int cluster_phys_write(struct vnode *vp, struct uio *uio, off_t newEOF); static int cluster_push_x(struct vnode *vp, off_t EOF, daddr_t first, daddr_t last, int can_delay); static int cluster_try_push(struct vnode *vp, off_t newEOF, int can_delay, int push_all); @@ -1090,7 +1090,7 @@ cluster_write(vp, uio, oldEOF, newEOF, headOff, tailOff, devblocksize, flags) return(retval); } - retval = cluster_phys_write(vp, uio); + retval = cluster_phys_write(vp, uio, newEOF); if (uio->uio_resid == 0 && (flags & IO_TAILZEROFILL)) { @@ -1206,6 +1206,7 @@ cluster_nocopy_write(vp, uio, newEOF, devblocksize, flags) * -- the resid is a page multiple * -- the resid will not exceed iov_len */ + cluster_try_push(vp, newEOF, 0, 1); iov = uio->uio_iov; @@ -1361,9 +1362,10 @@ cluster_nocopy_write(vp, uio, newEOF, devblocksize, flags) } static int -cluster_phys_write(vp, uio) +cluster_phys_write(vp, uio, newEOF) struct vnode *vp; struct uio *uio; + off_t newEOF; { upl_t upl; vm_offset_t upl_offset; @@ -1381,6 +1383,7 @@ cluster_phys_write(vp, uio) * -- the resid will not exceed iov_len * -- the vector target address is physcially contiguous */ + cluster_try_push(vp, newEOF, 0, 1); iov = uio->uio_iov; io_size = iov->iov_len; @@ -1907,7 +1910,7 @@ cluster_write_x(vp, uio, oldEOF, newEOF, headOff, tailOff, devblocksize, flags) else can_delay = 1; - if (cluster_try_push(vp, newEOF, can_delay, 0) == 0) { + if (cluster_try_push(vp, newEOF, 0, 0) == 0) { vp->v_flag |= VHASDIRTY; goto delay_io; } diff --git a/iokit/KernelConfigTables.cpp b/iokit/KernelConfigTables.cpp index da3600617..ff0b955c9 100644 --- a/iokit/KernelConfigTables.cpp +++ b/iokit/KernelConfigTables.cpp @@ -28,11 +28,11 @@ */ const char * gIOKernelKmods = "{ - 'com.apple.kernel' = '6.0'; - 'com.apple.kernel.bsd' = '6.0'; - 'com.apple.kernel.iokit' = '6.0'; - 'com.apple.kernel.libkern' = '6.0'; - 'com.apple.kernel.mach' = '6.0'; + 'com.apple.kernel' = '6.1'; + 'com.apple.kernel.bsd' = '6.1'; + 'com.apple.kernel.iokit' = '6.1'; + 'com.apple.kernel.libkern' = '6.1'; + 'com.apple.kernel.mach' = '6.1'; 'com.apple.iokit.IOADBFamily' = '1.1'; 'com.apple.iokit.IONVRAMFamily' = '1.1'; 'com.apple.iokit.IOSystemManagementFamily' = '1.1'; diff --git a/iokit/conf/version.minor b/iokit/conf/version.minor index 573541ac9..d00491fd7 100644 --- a/iokit/conf/version.minor +++ b/iokit/conf/version.minor @@ -1 +1 @@ -0 +1 diff --git a/libkern/conf/version.minor b/libkern/conf/version.minor index 573541ac9..d00491fd7 100644 --- a/libkern/conf/version.minor +++ b/libkern/conf/version.minor @@ -1 +1 @@ -0 +1 diff --git a/libsa/conf/version.minor b/libsa/conf/version.minor index 573541ac9..d00491fd7 100644 --- a/libsa/conf/version.minor +++ b/libsa/conf/version.minor @@ -1 +1 @@ -0 +1 diff --git a/osfmk/conf/kernelversion.minor b/osfmk/conf/kernelversion.minor index 573541ac9..d00491fd7 100644 --- a/osfmk/conf/kernelversion.minor +++ b/osfmk/conf/kernelversion.minor @@ -1 +1 @@ -0 +1 diff --git a/osfmk/conf/version.minor b/osfmk/conf/version.minor index 573541ac9..d00491fd7 100644 --- a/osfmk/conf/version.minor +++ b/osfmk/conf/version.minor @@ -1 +1 @@ -0 +1 diff --git a/osfmk/vm/vm_fault.c b/osfmk/vm/vm_fault.c index 6d907567a..14c503dbb 100644 --- a/osfmk/vm/vm_fault.c +++ b/osfmk/vm/vm_fault.c @@ -1,3 +1,4 @@ + /* * Copyright (c) 2000 Apple Computer, Inc. All rights reserved. * @@ -1834,6 +1835,7 @@ vm_fault( vm_prot_t full_fault_type; + KERNEL_DEBUG_CONSTANT((MACHDBG_CODE(DBG_MACH_VM, 0)) | DBG_FUNC_START, vaddr, 0, @@ -1953,13 +1955,39 @@ vm_fault( while (TRUE) { m = vm_page_lookup(cur_object, cur_offset); if (m != VM_PAGE_NULL) { - if (m->busy) - break; + if (m->busy) { + wait_result_t result; + + if (object != cur_object) + vm_object_unlock(object); + + vm_map_unlock_read(map); + if (pmap_map != map) + vm_map_unlock(pmap_map); + +#if !VM_FAULT_STATIC_CONFIG + if (!vm_fault_interruptible) + interruptible = THREAD_UNINT; +#endif + result = PAGE_ASSERT_WAIT(m, interruptible); + vm_object_unlock(cur_object); + + if (result == THREAD_WAITING) { + result = thread_block(THREAD_CONTINUE_NULL); + + counter(c_vm_fault_page_block_busy_kernel++); + } + if (result == THREAD_AWAKENED || result == THREAD_RESTART) + goto RetryFault; + + kr = KERN_ABORTED; + goto done; + } if (m->unusual && (m->error || m->restart || m->private || m->absent || (fault_type & m->page_lock))) { - /* + /* * Unusual case. Give up. */ break; @@ -1995,7 +2023,6 @@ FastMapInFault: m->busy = TRUE; vm_object_paging_begin(object); - vm_object_unlock(object); FastPmapEnter: /* @@ -2017,8 +2044,10 @@ FastPmapEnter: prot &= ~VM_PROT_WRITE; #endif /* MACH_KDB */ #endif /* STATIC_CONFIG */ - if (m->no_isync == TRUE) + if (m->no_isync == TRUE) { pmap_sync_caches_phys(m->phys_addr); + m->no_isync = FALSE; + } cache_attr = ((unsigned int)m->object->wimg_bits) & VM_WIMG_MASK; if(caller_pmap) { @@ -2029,51 +2058,9 @@ FastPmapEnter: PMAP_ENTER(pmap, vaddr, m, prot, cache_attr, wired); } - { - tws_hash_line_t line; - task_t task; - task = current_task(); - if((map != NULL) && - (task->dynamic_working_set != 0) && - !(object->private)) { - kern_return_t kr; - vm_object_t base_object; - vm_object_offset_t base_offset; - base_object = object; - base_offset = cur_offset; - while(base_object->shadow) { - base_offset += - base_object->shadow_offset; - base_object = - base_object->shadow; - } - kr = tws_lookup((tws_hash_t) - task->dynamic_working_set, - base_offset, base_object, - &line); - if(kr == KERN_OPERATION_TIMED_OUT){ - write_startup_file = 1; - } else if (kr != KERN_SUCCESS) { - kr = tws_insert((tws_hash_t) - task->dynamic_working_set, - base_offset, base_object, - vaddr, pmap_map); - if(kr == KERN_NO_SPACE) { - tws_expand_working_set( - task->dynamic_working_set, - TWS_HASH_LINE_COUNT, - FALSE); - } - if(kr == - KERN_OPERATION_TIMED_OUT) { - write_startup_file = 1; - } - } - } - } /* - * Grab the object lock to manipulate + * Grab the queues lock to manipulate * the page queues. Change wiring * case is obvious. In soft ref bits * case activate page only if it fell @@ -2084,21 +2071,12 @@ FastPmapEnter: * move active page to back of active * queue. This code doesn't. */ - vm_object_lock(object); vm_page_lock_queues(); if (m->clustered) { vm_pagein_cluster_used++; m->clustered = FALSE; } - /* - * we did the isync above (if needed)... we're clearing - * the flag here to avoid holding a lock - * while calling pmap functions, however - * we need hold the object lock before - * we can modify the flag - */ - m->no_isync = FALSE; m->reference = TRUE; if (change_wiring) { @@ -2128,7 +2106,56 @@ FastPmapEnter: */ PAGE_WAKEUP_DONE(m); vm_object_paging_end(object); + + { + tws_hash_line_t line; + task_t task; + + task = current_task(); + if((map != NULL) && + (task->dynamic_working_set != 0) && + !(object->private)) { + kern_return_t kr; + vm_object_t base_object; + vm_object_offset_t base_offset; + base_object = object; + base_offset = cur_offset; + while(base_object->shadow) { + base_offset += + base_object->shadow_offset; + base_object = + base_object->shadow; + } + kr = tws_lookup((tws_hash_t) + task->dynamic_working_set, + base_offset, base_object, + &line); + if(kr == KERN_OPERATION_TIMED_OUT){ + write_startup_file = 1; + } else if (kr != KERN_SUCCESS) { + kr = tws_insert((tws_hash_t) + task->dynamic_working_set, + base_offset, base_object, + vaddr, pmap_map); + if(kr == KERN_NO_SPACE) { + vm_object_unlock(object); + + tws_expand_working_set( + task->dynamic_working_set, + TWS_HASH_LINE_COUNT, + FALSE); + + vm_object_lock(object); + } + if(kr == + KERN_OPERATION_TIMED_OUT) { + write_startup_file = 1; + } + } + } + } vm_object_unlock(object); + vm_map_unlock_read(map); if(pmap_map != map) vm_map_unlock(pmap_map); @@ -2136,18 +2163,19 @@ FastPmapEnter: if(write_startup_file) tws_send_startup_info(current_task()); - if (funnel_set) { + if (funnel_set) thread_funnel_set( curflock, TRUE); - funnel_set = FALSE; - } + thread_interrupt_level(interruptible_state); + KERNEL_DEBUG_CONSTANT((MACHDBG_CODE(DBG_MACH_VM, 0)) | DBG_FUNC_END, vaddr, type_of_fault & 0xff, KERN_SUCCESS, type_of_fault >> 8, 0); + return KERN_SUCCESS; } @@ -2161,7 +2189,6 @@ FastPmapEnter: if (cur_object == object) break; - /* * This is now a shadow based copy on write * fault -- it requires a copy up the shadow @@ -2177,7 +2204,6 @@ FastPmapEnter: if (m == VM_PAGE_NULL) { break; } - /* * Now do the copy. Mark the source busy * and take out paging references on both @@ -2226,7 +2252,6 @@ FastPmapEnter: vm_object_paging_end(object); vm_object_collapse(object); vm_object_paging_begin(object); - vm_object_unlock(object); goto FastPmapEnter; } @@ -2241,7 +2266,6 @@ FastPmapEnter: /* * Have to talk to the pager. Give up. */ - break; } @@ -2346,6 +2370,8 @@ FastPmapEnter: m->inactive = TRUE; vm_page_inactive_count++; vm_page_unlock_queues(); + vm_object_lock(object); + goto FastPmapEnter; } @@ -2373,6 +2399,7 @@ FastPmapEnter: vm_object_unlock(cur_object); } vm_map_unlock_read(map); + if(pmap_map != map) vm_map_unlock(pmap_map); @@ -2522,7 +2549,6 @@ FastPmapEnter: if(m != VM_PAGE_NULL) { old_copy_object = m->object->copy; - vm_object_unlock(m->object); } else { old_copy_object = VM_OBJECT_NULL; @@ -2643,7 +2669,6 @@ FastPmapEnter: } cache_attr = ((unsigned int)m->object->wimg_bits) & VM_WIMG_MASK; - vm_object_unlock(m->object); if(caller_pmap) { PMAP_ENTER(caller_pmap, @@ -2687,10 +2712,12 @@ FastPmapEnter: base_offset, base_object, vaddr, pmap_map); if(kr == KERN_NO_SPACE) { + vm_object_unlock(m->object); tws_expand_working_set( task->dynamic_working_set, TWS_HASH_LINE_COUNT, FALSE); + vm_object_lock(m->object); } if(kr == KERN_OPERATION_TIMED_OUT) { write_startup_file = 1; @@ -2706,6 +2733,7 @@ FastPmapEnter: vm_map_entry_t entry; vm_offset_t laddr; vm_offset_t ldelta, hdelta; + /* * do a pmap block mapping from the physical address * in the object @@ -2820,7 +2848,6 @@ FastPmapEnter: * pageout daemon can find it. */ if(m != VM_PAGE_NULL) { - vm_object_lock(m->object); vm_page_lock_queues(); if (change_wiring) { @@ -2881,6 +2908,7 @@ FastPmapEnter: kr, type_of_fault >> 8, 0); + return(kr); } @@ -3207,15 +3235,9 @@ vm_fault_wire_fast( } cache_attr = ((unsigned int)m->object->wimg_bits) & VM_WIMG_MASK; - vm_object_unlock(object); PMAP_ENTER(pmap, pmap_addr, m, prot, cache_attr, TRUE); - /* - * Must relock object so that paging_in_progress can be cleared. - */ - vm_object_lock(object); - /* * Unlock everything, and return */ diff --git a/pexpert/conf/version.minor b/pexpert/conf/version.minor index 573541ac9..d00491fd7 100644 --- a/pexpert/conf/version.minor +++ b/pexpert/conf/version.minor @@ -1 +1 @@ -0 +1 -- 2.45.2