| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Deobfuscate cleanup path in clnt_bck_create(..)
Similar to r300836, cl and ct will always be non-NULL as they're allocated
using the mem_alloc routines, which always use `malloc(..., M_WAITOK)`.
Deobfuscating the cleanup path fixes a leak where if cl was NULL and
ct was not, ct would not be free'd, and also removes a duplicate test for
cl not being NULL.
CID: 1229999
|
| |
|
|
|
|
| |
Add debug output to aid in determining why `goodResult` != `result`
PR: 210619 (for diagnosis)
|
| |
|
|
|
|
|
|
|
| |
Revert r301707
getnetent_p doesn't return NULL like getnetent does. coccinelle got confused and
I didn't verify that it worked before committing the change
Pointyhat to: ngie
|
| |
|
|
|
|
|
| |
Use NULL instead of `0` in _ht_getnetbyname(..)
- getnetent returns NULL on completion/error.
- .h_aliases is NULL terminated.
|
| |
|
|
|
|
|
|
|
| |
Sync libarchive with vendor, bugfixes for tests:
- fix tests on filesystems without birthtime support, e.g. UFS1 (1)
- vendor issue #729: avoid use of C99 for-scope declarations in
test_write_format_gnutar_filenames.c
PR: 204157 (1)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a race condition between the main thread in aqm_pie_cleanup() and the
callout thread that can cause a kernel panic. Always do the final cleanup
in the callout thread by passing a separate callout function for that task
to callout_reset_sbt().
Protect the ref_count decrement in the callout with DN_BH_WLOCK(). All
other ref_count manipulation is protected with this lock.
There is still a tiny window between ref_count reaching zero and the end
of the callout function where it is unsafe to unload the module. Fixing
this would require the use of callout_drain(), but this can't be done
because dummynet holds a mutex and callout_drain() might sleep.
Remove the callout_pending(), callout_active(), and callout_deactivate()
calls from calculate_drop_prob(). They are not needed because this callout
uses callout_init_mtx().
Submitted by: Rasool Al-Saadi <ralsaadi@swin.edu.au>
Differential Revision: https://reviews.freebsd.org/D6928
|
| |
|
|
|
|
|
|
| |
Since VOP_INACTIVE() is not guaranteed to be called, all cleanups
executed by inactive methods, must be repeated on reclaim.
MFC r302210:
Clean other flags in ncl_inactive, only.
|
| | |
|
| |
|
|
| |
Remove dead code.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix multiple Coverity Out-of-bounds access false postive issues in CAM
The currently used idiom for clearing the part of a ccb after its
header generates one or two Coverity errors for each time it is
used. All instances generate an Out-of-bounds access (ARRAY_VS_SINGLETON)
error because of the treatment of the header as a two element array,
with a pointer to the non-existent second element being passed as
the starting address to bzero(). Some instances also alsp generate
Out-of-bounds access (OVERRUN) errors, probably because the space
being cleared is larger than the sizeofstruct ccb_hdr).
In addition, this idiom is difficult for humans to understand and
it is error prone. The user has to chose the proper struct ccb_*
type (which does not appear in the surrounding code) for the sizeof()
in the length calculation. I found several instances where the
length was incorrect, which could cause either an actual out of
bounds write, or incompletely clear the ccb.
A better way is to write the code to clear the ccb itself starting
at sizeof(ccb_hdr) bytes from the start of the ccb, and calculate
the length based on the specific type of struct ccb_* being cleared
as specified by the union ccb member being used. The latter can
normally be seen in the nearby code. This is friendlier for Coverity
and other static analysis tools because they will see that the
intent is to clear the trailing part of the ccb.
Wrap all of the boilerplate code in a convenient macro that only
requires a pointer to the desired union ccb member (or a pointer
to the union ccb itself) as an argument.
Reported by: Coverity
CID: 1007578, 1008684, 1009724, 1009773, 1011304, 1011306
CID: 1011307, 1011308, 1011309, 1011310, 1011311, 1011312
CID: 1011313, 1011314, 1011315, 1011316, 1011317, 1011318
CID: 1011319, 1011320, 1011321, 1011322, 1011324, 1011325
CID: 1011326, 1011327, 1011328, 1011329, 1011330, 1011374
CID: 1011390, 1011391, 1011392, 1011393, 1011394, 1011395
CID: 1011396, 1011397, 1011398, 1011399, 1011400, 1011401
CID: 1011402, 1011403, 1011404, 1011405, 1011406, 1011408
CID: 1011409, 1011410, 1011411, 1011412, 1011413, 1011414
CID: 1017461, 1018387, 1086860, 1086874, 1194257, 1229897
CID: 1229968, 1306229, 1306234, 1331282, 1331283, 1331294
CID: 1331295, 1331535, 1331536, 1331539, 1331540, 1341623
CID: 1341624, 1341637, 1341638, 1355264, 1355324
Reviewed by: scottl, ken, delphij, imp
MFH: 1 month
Differential Revision: https://reviews.freebsd.org/D6496
|
| |
|
|
|
|
|
|
|
| |
Add "camcontrol reprobe" subcommand, and implement it for da(4).
This makes it possible to manually force updating capacity data
after the disk got resized. Without it it might be neccessary to
reboot before FreeBSD notices updated disk size under eg VMWare.
Differential Revision: https://reviews.freebsd.org/D6108
|
| |
|
|
| |
Clarify the explanations for the hostname and FQDN entries.
|
| |
|
|
|
|
|
| |
read.
While reading the code, I noticed that shm_read() returns without unlocking
foffset and rangelock if mac_posixshm_check_read() rejects the read.
|
| |
|
|
|
|
|
|
|
|
|
| |
to 32 characters.
This is a direct commit to stable/10, as UEFI support natively
exists for 11.0-CURRENT and unsupported in 9-STABLE.
Submitted by: Rick Miller
PR: 210463
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update libarchive to 3.2.1 (bugfix and security fix release)
List of vendor fixes:
- fix exploitable heap overflow vulnerability in Rar decompression
(vendor issue 719, CVE-2016-4302, TALOS-2016-0154)
- fix exploitable stack based buffer overflow vulnebarility in mtree
parse_device functionality (vendor PR 715, CVE-2016-4301, TALOS-2016-0153)
- fix exploitable heap overflow vulnerability in 7-zip read_SubStreamsInfo
(vendor issue 718, CVE-2016-4300, TALOS-2016-152)
- fix integer overflow when computing location of volume descriptor
(vendor issue 717)
- fix buffer overflow when reading a crafred rar archive (vendor issue 521)
- fix possible buffer overflow when reading ISO9660 archives on machines
where sizeof(int) < sizeof(size_t) (vendor issue 711)
- tar and cpio should fail if an input file named on the command line is
missing (vendor issue 708)
- fix incorrect writing of gnutar filenames that are exactly 512 bytes
long (vendor issue 682)
- allow tests to be run from paths that are equal or longer than 128
characters (vendor issue 657)
- add memory allocation errors in archive_entry_xattr.c (vendor PR 603)
- remove dead code in archive_entry_xattr_add_entry() (vendor PR 716)
- fix broken decryption of ZIP files (vendor issue 553)
- manpage style, typo and description fixes
Post-3.2.1 vendor fixes:
- fix typo in cpio version reporting (Vendor PR 725, 726)
- fix argument range of ctype functions in libarchive_fe/passphrase.c
- fix ctype use and avoid empty loop bodies in WARC reader
Security: CVE-2016-4300, CVE-2016-4301, CVE-2016-4302
|
| |
|
|
|
|
|
| |
r302125 and r302171:
Added multiple new LibUSB v1.0 API functions.
Refer to the individual commits for more details.
|
| |
|
|
|
|
|
|
| |
Implement code to stop all USB endpoints before executing a USB device
reset command, alternate setting command or set configuration
command. Else LibUSB v1.0 will not re-open the endpoints which the
kernel closes and the USB application might wait infinitely for
transfers to complete.
|
| |
|
|
|
|
|
| |
Fallback to arc4rand() in the LinuxKPI when read_random() returns
zero. This can happen for virtual machines.
Sponsored by: Mellanox Technologies
|
| |
|
|
|
|
|
|
|
|
| |
Add SR-IOV guest support to the mlx5en driver.
This patch adds the missing pieces needed for device setup using the
mlx5en driver inside a virtual machine which is providing hardware
access through SR-IOV.
Sponsored by: Mellanox Technologies
|
| |
|
|
|
|
| |
Use correct Q-counter output array.
Sponsored by: Mellanox Technologies
|
| |
|
|
|
|
|
|
| |
Update the definition for number of scratch pages to match the latest
version of the XHCI specification. Make sure the code can handle the
maximum number of allowed scratch pages.
Submitted by: Shichun_Ma@Dell.com
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a bug introduced in r283433.
[1] Remove unneeded sockaddr conversion before kern_recvit() call as the from
argument is used to record result (the source address of the received message) only.
[2] In Linux the type of msg_namelen member of struct msghdr is signed but native
msg_namelen has a unsigned type (socklen_t). So use the proper storage to fetch fromlen
from userspace and than check the user supplied value and return EINVAL if it is less
than 0 as a Linux do.
Reported by: Thomas Mueller <tmueller at sysgo dot com> [1]
Tested by: Thomas Mueller <tmueller at sysgo dot com> [both]
Reviewed by: kib@
|
| |
|
|
|
|
|
|
|
|
|
| |
sed(1): convert sed to use REG_STARTEND more explicitly.
This is a followup to previous r302228, which only merged the
incomplete r300684 causing a regression.
Reported by: mi
PR: 209387
Taken from: openbsd-tech (Martijn van Duren)
|
| |
|
|
| |
Avoid the active object marking for vm.vmtotal sysctl.
|
| |
|
|
|
|
|
|
|
| |
r300809:
filemon exec: Use imgp->execpath rather than vn_fullpath(9).
r300890:
exec: Cease tracing if credentials will change with the new image.
r300891:
Write to the log using the tracer's credentials.
|
| |
|
|
| |
exec: Provide execpath in imgp for the process_exec hook.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
r300792:
exec: Add credential change information into imgp for process_exec hook.
r300851:
exec: get rid of one vnode lock/unlock pair in do_execve
r301580:
Old process credentials for setuid execve must not be dereferenced when the
process credentials were not changed. This can happen if an error occured
trying to activate the setuid binary. And on error, if new credentials
were not yet assigned, they must be freed to not create the leak.
|
| |
|
|
|
|
| |
Fix style issues around existing SDT probes.
** Changes to sys/netinet/in_kdtrace.c and sys/netinet/in_kdtrace.h skipped.
|
| |
|
|
| |
sys/kern: spelling fixes in comments.
|
| |
|
|
| |
Remove some NULL checks for M_WAITOK allocations.
|
| |
|
|
| |
exec: textvp -> oldtextvp; binvp -> newtextvp
|
| |
|
|
| |
exec plug a redundant vref + vrele of the image vnode
|
| |
|
|
| |
Plug unnecessary binvp NULL initialization and test.
|
| |
|
|
| |
cred: add proc_set_cred helper
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summarizing the findings in the OpenBSD list:
This solves a reproduceable issue with very recent Mesa where REG_NOTBOL
combined with a match at the begin of the string causes our regex library
to treat the word as not begin of word.
Bump __FreeBSD_version: JIC we hit the issue in recent Mesa ports.
PR: 209352, 209387 (exp-run)
Taken from: openbsd-tech (Martijn van Duren)
MFC after: 1 month
|
| |
|
|
| |
audit: fix cred assignment when A_SETPMASK is used
|
| |
|
|
| |
Correct a comment.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- No log bit in IOCStatus and endian-safe changes.
Use MPI2_IOCSTATUS_MASK when checking IOCStatus to mask off the log bit, and
make a few more things endian-safe.
- Fix possible use of invalid pointer.
It was possible to use an invalid pointer to get the target ID value. To fix
this, initialize a local Target ID variable to an invalid value and change that
variable to a valid value only if the pointer to the Target ID is not NULL.
- No need to set the MPSSAS_SHUTDOWN flag because it's never used.
- done_ccb pointer can be used if it is NULL.
To prevent this, move check for done_ccb == NULL to before done_ccb is used in
mpssas_stop_unit_done().
- Disks can go missing until a reboot is done in some cases.
This is due to the DevHandle not being released, which causes the Firmware to
not allow that disk to be re-added.
Approved by: ken, scottl, ambrisko (mentors)
|
| |
|
|
|
| |
Submitted by: Oliver Pinter <oliver.pinter hardenedbsd org>
Sponsored by: Microsoft OSTC
|
| |
|
|
| |
Handle EDEADLK and EINTR from local adv lock manager.
|
| |
|
|
| |
Do not access NFS data for reclaimed vnode.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Let l64a() properly null terminate its result.
Though the buffer used by l64a() is initialized with null bytes,
repetetive calls may end up having trailing garbage of previous
invocations because we don't end up terminating the string.
Instead of importing NetBSD's fix, use this opportunity to simplify this
function dramatically, for example by just storing the Base64 character
set in a string. There is also no need to do the bitmasking, as we can
just use the proper integer type from <stdint.h>.
|
| |
|
|
|
|
| |
After the vnode unlock, mount point might be destroyed immediately,
dropping the reference on mnt_cred. Prevent this by referencing the
temporal credentials before unlock.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
301483
hyperv: Move machine dependent bits into machine dependent files.
MFC after: 1 week
Sponsored by: Microsoft OSTC
Differential Revision: https://reviews.freebsd.org/D6701
301484
hyperv/vmbus: Define type for channel messages.
And fix message processing; only channel messages are supported.
MFC after: 1 week
Sponsored by: Microsoft OSTC
Differential Revision: https://reviews.freebsd.org/D6706
301487
hyperv/vmbus: Factor out channel message processing
This paves the way for further cleanup.
MFC after: 1 week
Sponsored by: Microsoft OSTC
Differential Revision: https://reviews.freebsd.org/D6707
301488
hyperv/vmbus: Constify channel message
MFC after: 1 week
Sponsored by: Microsoft OSTC
Differential Revision: https://reviews.freebsd.org/D6708
301583
hyperv/vmbus: Busdma-fy MNF and event flags.
MFC after: 1 week
Sponsored by: Microsoft OSTC
Differential Revision: https://reviews.freebsd.org/D6744
301588
hyperv/vmbus: Change tx_evtflags type to u_long to match vmbus_evtflags
MFC after: 1 week
Sponsored by: Microsoft OSTC
Differential Revision: https://reviews.freebsd.org/D6745
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libc: regexec(3) adjustment.
Change the behavior of when REG_STARTEND is combined with REG_NOTBOL.
From the original posting[1]:
"Enable the assumption that pmatch[0].rm_so is a continuation offset
to a string and allows us to do a proper assessment of the character
in regards to it's word position ('^' or '\<'), without risking going
into unallocated memory."
This change makes us similar to how glibc handles REG_STARTEND |
REG_NOTBOL, and is closely related to a soon-to-land fix to sed.
Special thanks to Martijn van Duren and Ingo Schwarze for working
out some consistent behaviour.
Differential Revision: https://reviews.freebsd.org/D6257
Taken from: openbsd-tech 2016-05-24 [1] (Martijn van Duren)
|
| |
|
|
|
|
|
| |
hyperv: Rename some cleaned up/almost cleaned up files
MFC after: 1 week
Sponsored by: Microsoft OSTC
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
301017
hyperv/vmbus: Indentation cleanup
No functional changes.
MFC after: 1 week
Sponsored by: Microsoft OSTC
Differential Revision: https://reviews.freebsd.org/D6602
301018
hyperv/vmbus: Move global vmbus id array to stack.
MFC after: 1 week
Sponsored by: Microsoft OSTC
Differential Revision: https://reviews.freebsd.org/D6603
301019
hyperv/vmbus: Redefine SynIC message.
- Avoid unnecessary indirection.
- Avoid bit fields.
- Use __packed.
Reviewed by: Jun Su <junsu microsoft com>
MFC after: 1 week
Sponsored by: Microsoft OSTC
Differential Revision: https://reviews.freebsd.org/D6636
301020
hyperv/vmbus: White space cleanup
No functional changes
MFC after: 1 week
Sponsored by: Microsoft OSTC
Differential Revision: https://reviews.freebsd.org/D6637
301021
hyperv: Move guid2str from vmbus file to hyperv file
- Use uint8_t for GUID byte array.
- Define GUID string length.
- Break long lines.
- Nuke unnecessary stack variable.
MFC after: 1 week
Sponsored by: Microsoft OSTC
Differential Revision: https://reviews.freebsd.org/D6640
301022
hyperv/kvp: Use if_xname.
MFC after: 1 week
Sponsored by: Microsoft OSTC
Differential Revision: https://reviews.freebsd.org/D6641
301106
hyperv/vmbus: Redefine event flags.
- Nuke unnecessary union.
- Avoid convoluted macro indirection.
MFC after: 1 week
Sponsored by: Microsoft OSTC
Differential Revision: https://reviews.freebsd.org/D6671
|
| |
|
|
|
|
|
|
| |
hyperv/vmbus: Rename ISR functions
MFC after: 1 week
Sponsored by: Microsoft OSTC
Differential Revision: https://reviews.freebsd.org/D6601
|
| |
|
|
| |
Return usual error indicator to shell.
|
| |
|
|
| |
Always allow loading of cpuctl(4).
|
