We cannot use lock() from screenputs() because lock calls
lockloop(), which would try to print() which on very slow
output (such as qemu) can cause kernel stack overflow.
It got triggered by noam with his rube-goldberg qemu setup:
lock 0xffffffff8058bbe0 loop key 0xdeaddead pc 0xffffffff80111114 held by pc 0xffffffff80111114 proc 339
panic: kenter: -40 stack bytes left, up 0xffffffff80bdfd00 ureg 0xffffffff80bddcd8 at pc 0xffffffff80231597
dumpstack
ktrace /kernel/path 0xffffffff80117679 0xffffffff80bddae0 <<EOF
We might want move this locking logic outside of screenputs()
in the future. It is very similar to what iprint() does.
git/save gets a list of paths (added or removed)
passed to it, and we have to ALWAYS stat the
file in the working directory to determine the
effective file-type.
There was a bug in the "skip children paths"
loop that would compare the next path element
instead of the full path prefix including
the next element.
reproducer:
git/init
touch a
git/add a
git/commit -m 'add a' a
rm a
mkdir a
touch a/b
git/add a/b
git/commit -m 'switch to folder' a a/b
For handling route invalidations, we have to allow
short bursts of traffic. Therefore we keep track
of the number of ra's received in the ra interal
and only start dropping packets when reaching 100
packets.
No idea who committed this in 2022 as its "glenda@9front.local",
but as qid.vers is incremented for each write and we definitely
should not use it as the cache tag.
Also, the initial code was stolen from du.c as the comment says,
and that one does the right thing.
We want to run test before we do the installation
into the system.
So do a temporary install into test/$cputype.git/
direcotry and bind it on /bin/git, that way,
all the scripts run the local source version.
When skipping objects, we need to process the full queue,
because some of the objects in the queue may have already
been painted with keep. This can cost a small amount of time,
but should not need to advance the frontier by more than
one object, so the additional time should be proportional
to the spread of the graph.
the previous bug wasn't a missing clamp, but a
mishandling of the 1-based closed intervals that
we were genrating internally, and some asserts
that assumed open intervals.
Before we would refuse to recurse, but would still give
a response with hints back. Some nefarious clients will interpret the
lack of a Refused response code as us being an open resolver.
When clunking a Fid while the file-system is read
only, dont just free the Amsg, but also drop the
references to dent and mnt.
Make clunkfid() nil fid->rclose, so no reuse
after free is possible.
Make clunkfid() always set the return pointer,
avoid missing prior initialization.
Do not abuse fidtab lock for serializing
clunking.
The clunk should serialize on Fid.Lock
instead, so add a canlock check here.
The lock order is strictly:
Fid.Lock > Conn.fidtab[x].Lock
The AuthRpc was attached to the Fid, but this doesnt
work as it does not handle dupfid() properly.
Instead attach the AuthRpc to the directory entry,
which is refcounted.
The dupfid() function retuns the new Fid* struct with
an extra reference. If we don't use it, we have to
putfid() it.
Use ainc()/adec() consistently and dont mix it with
agetl().
Before, we would just leak all the "Conn"
structures.
fshangup() could cause problems as it just
forcefully closes the file descriptors,
not considering someone else going to
write them afterwards.
Instead, we add a "hangup" flag to Conn,
which readers and writers check before
attempting i/o.
And we only close the file-descriptors
when the last reader/writer drops the
connection. (Make it ref-counted).
For faster teardown, also preserve the
"ctl" file descriptor from listen()
amd use it to kill the connection quickly
when fshangup() is called.
When at the task of decomposing a rune into its
"button" and "rune", also consider the keyboard
map table with the escaped scancodes.
This fixes Shift + left/right combinations in
drawterm.
For each connection, remember if authentication
protocol ran successfully and only then, allow
attach as 'none' user.
This prevents anonymous remote mounts of none.
The 'none' user also shouldnt attach to the dump
file system.
The Tauth for "none" should always fail,
but Tattach should only succeed when
the channel ran a successfull authentication
before.
Also, prevent "none" from attaching "dump".
We want to implement "none" attaches for hjfs,
but only if the 9p-"channel" ran a successfull
authentication before, to prevent anonymous
remote mounts as "none".
Add a flag to the Srv struct for this.
Before this it was possible to Tauth and Tattach with one
user name and then authenticate with factotum using a different
user name. To fix this we now ensure that the uname matches the returned
cuid from AuthInfo.
This security bug is still pending a cute mascot and theme song.
