diff options
author | delphij <delphij@FreeBSD.org> | 2017-08-10 06:59:07 +0000 |
---|---|---|
committer | delphij <delphij@FreeBSD.org> | 2017-08-10 06:59:07 +0000 |
commit | 91baad1bb58bfa59793d9421521a9faf7df0edca (patch) | |
tree | 42938bf2e6e785a0b129322177b5ff0a1ddeeba9 /sys | |
parent | 2f4b735c66deb54490042a818e8fd26fa46818f1 (diff) | |
download | FreeBSD-src-releng/11.1.zip FreeBSD-src-releng/11.1.tar.gz |
Fix OpenSSH Denial of Service vulnerability. [SA-17:06]releng/11.1
Fix VNET kernel panic with asynchronous I/O. [EN-17:07]
Fix pf(4) housekeeping thread causes kernel panic. [EN-17:08]
Approved by: so
Diffstat (limited to 'sys')
-rw-r--r-- | sys/conf/newvers.sh | 2 | ||||
-rw-r--r-- | sys/kern/sys_socket.c | 2 | ||||
-rw-r--r-- | sys/netpfil/pf/pf.c | 8 |
3 files changed, 11 insertions, 1 deletions
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index ec9e129..5ba2ab2 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -44,7 +44,7 @@ TYPE="FreeBSD" REVISION="11.1" -BRANCH="RELEASE" +BRANCH="RELEASE-p1" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi diff --git a/sys/kern/sys_socket.c b/sys/kern/sys_socket.c index da5f8e8..edc64aa 100644 --- a/sys/kern/sys_socket.c +++ b/sys/kern/sys_socket.c @@ -675,6 +675,7 @@ soaio_process_sb(struct socket *so, struct sockbuf *sb) { struct kaiocb *job; + CURVNET_SET(so->so_vnet); SOCKBUF_LOCK(sb); while (!TAILQ_EMPTY(&sb->sb_aiojobq) && soaio_ready(so, sb)) { job = TAILQ_FIRST(&sb->sb_aiojobq); @@ -698,6 +699,7 @@ soaio_process_sb(struct socket *so, struct sockbuf *sb) ACCEPT_LOCK(); SOCK_LOCK(so); sorele(so); + CURVNET_RESTORE(); } void diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 8dc89a8..1fa0b7a 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -129,6 +129,8 @@ VNET_DEFINE(int, pf_tcp_secret_init); #define V_pf_tcp_secret_init VNET(pf_tcp_secret_init) VNET_DEFINE(int, pf_tcp_iss_off); #define V_pf_tcp_iss_off VNET(pf_tcp_iss_off) +VNET_DECLARE(int, pf_vnet_active); +#define V_pf_vnet_active VNET(pf_vnet_active) /* * Queue for pf_intr() sends. @@ -1441,6 +1443,12 @@ pf_purge_thread(void *unused __unused) kproc_exit(0); } + /* Wait while V_pf_default_rule.timeout is initialized. */ + if (V_pf_vnet_active == 0) { + CURVNET_RESTORE(); + continue; + } + /* Process 1/interval fraction of the state table every run. */ idx = pf_purge_expired_states(idx, pf_hashmask / (V_pf_default_rule.timeout[PFTM_INTERVAL] * 10)); |