| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Fix multiple portsnap vulnerabilities. [SA-16:30]
Fix multiple libarchive vulnerabilities. [SA-16:31]
Approved by: so
|
| |
|
|
|
|
|
|
|
|
| |
Fix performance regression in libc hash(3). [EN-16:06]
Fix excessive latency in x86 IPI delivery. [EN-16:07]
Fix memory leak in ZFS. [EN-16:08]
Approved by: so
|
| |
|
|
| |
Approved by: re (implicit)
|
| |
|
|
|
|
|
|
|
|
| |
MFH (r296633): upgrade to 7.2p2 (fixes xauth command injection bug)
MFH (r296634): re-add aes-cbc to server-side default cipher list
MFH (r296651, r296657): fix gcc build of pam_ssh
PR: 207679
Security: CVE-2016-3115
Approved by: re (marius)
|
| |
|
|
|
|
|
|
|
| |
r295924: Make sure that hash-based db files fsync befor closing/syncing.
r295925: We no longer need O_SYNC pwd_mkd
r295465: We no longer need O_SYNC on services_mkdb
r295800: We no longer need O_SYNC on cap_mkdb
Approved by: re (marius)
|
| |
|
|
|
| |
PR: 193871
Approved by: re (gjb)
|
| |
|
|
|
|
| |
PR: 206774
Submitted by: Christian Heckendorf <heckendorfc@gmail.com>
Approved by: re (glebius)
|
| |
|
|
|
| |
Approved by: re (glebius)
Relnotes: yes
|
| |
|
|
|
|
|
| |
- Note that devctl(8) will appear in 10.3 first.
- Add missing devctl_set_driver entry to namelist in devlist(3).
Approved by: re (gjb)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix corruption of coredumps due to procstat notes changing size during
coredump generation. The changes in r287442 required some reworking
since the 'fo_fill_kinfo' file op does not exist in stable/10.
287442:
Detect badly behaved coredump note helpers
Coredump notes depend on being able to invoke dump routines twice; once
in a dry-run mode to get the size of the note, and another to actually
emit the note to the corefile.
When a note helper emits a different length section the second time
around than the length it requested the first time, the kernel produces
a corrupt coredump.
NT_PROCSTAT_FILES output length, when packing kinfo structs, is tied to
the length of filenames corresponding to vnodes in the process' fd table
via vn_fullpath. As vnodes may move around during dump, this is racy.
So:
- Detect badly behaved notes in putnote() and pad underfilled notes.
- Add a fail point, debug.fail_point.fill_kinfo_vnode__random_path to
exercise the NT_PROCSTAT_FILES corruption. It simply picks random
lengths to expand or truncate paths to in fo_fill_kinfo_vnode().
- Add a sysctl, kern.coredump_pack_fileinfo, to allow users to
disable kinfo packing for PROCSTAT_FILES notes. This should avoid
both FILES note corruption and truncation, even if filenames change,
at the cost of about 1 kiB in padding bloat per open fd. Document
the new sysctl in core.5.
- Fix note_procstat_files to self-limit in the 2nd pass. Since
sometimes this will result in a short write, pad up to our advertised
size. This addresses note corruption, at the risk of sometimes
truncating the last several fd info entries.
- Fix NT_PROCSTAT_FILES consumers libutil and libprocstat to grok the
zero padding.
287537:
Follow-up to r287442: Move sysctl to compiled-once file
Avoid duplicate sysctl nodes.
288944:
Fix core corruption caused by race in note_procstat_vmmap
This fix is spiritually similar to r287442 and was discovered thanks to
the KASSERT added in that revision.
NT_PROCSTAT_VMMAP output length, when packing kinfo structs, is tied to
the length of filenames corresponding to vnodes in the process' vm map
via vn_fullpath. As vnodes may move during coredump, this is racy.
We do not remove the race, only prevent it from causing coredump
corruption.
- Add a sysctl, kern.coredump_pack_vmmapinfo, to allow users to disable
kinfo packing for PROCSTAT_VMMAP notes. This avoids VMMAP corruption
and truncation, even if names change, at the cost of up to PATH_MAX
bytes per mapped object. The new sysctl is documented in core.5.
- Fix note_procstat_vmmap to self-limit in the second pass. This
addresses corruption, at the cost of sometimes producing a truncated
result.
- Fix PROCSTAT_VMMAP consumers libutil (and libprocstat, via copy-paste)
to grok the new zero padding.
Approved by: re (gjb)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MFH (r285975, r287143): register mergeinfo for security fixes
MFH (r294497, r294498, r295139): internal documentation
MFH (r294328): upgrade to openssh 6.7p1, re-add libwrap
MFH (r294332): upgrade to openssh 6.8p1
MFH (r294367): update pam_ssh for api changes
MFH (r294909): switch usedns back on
MFH (r294336): upgrade to openssh 6.9p1
MFH (r294495): re-enable dsa keys
MFH (r294464): upgrade to openssh 7.0p1
MFH (r294496): upgrade to openssh 7.1p2
Approved by: re (gjb)
Relnotes: yes
|
| |
|
|
|
|
| |
Add a standards compliance note for strtok_r
Approved by: re (marius@)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add devctl(8): a utility for manipulating new-bus devices. Note that
this version does not include the 'suspend' and 'resume' commands
present in HEAD as those depend on larger changes to the suspend and
resume code in the kernel.
278320:
Add a new device control utility for new-bus devices called devctl. This
allows the user to request administrative changes to individual devices
such as attach or detaching drivers or disabling and re-enabling devices.
- Add a new /dev/devctl2 character device which uses ioctls for device
requests. The ioctls use a common 'struct devreq' which is somewhat
similar to 'struct ifreq'.
- The ioctls identify the device to operate on via a string. This
string can either by the device's name, or it can be a bus-specific
address. (For unattached devices, a bus address is the only way to
locate a device.) Bus drivers register an eventhandler to claim
unrecognized device names that the driver recognizes as a valid address.
Two buses currently support addresses: ACPI recognizes any device
in the ACPI namespace via its full path starting with "\" and
the PCI bus driver recognizes an address specification of
'pci[<domain>:]<bus>:<slot>:<func>' (identical to the PCI selector
strings supported by pciconf).
- To make it easier to cut and paste, change the PnP location string
in the PCI bus driver to output a full PCI selector string rather
than 'slot=<slot> function=<func>'.
- Add a devctl(3) interface in libdevctl which provides a wrapper around
the ioctls and is the preferred interface for other userland code.
- Add a devctl(8) program which is a simple wrapper around the requests
supported by devctl(3).
- Add a resource_unset_value() function that can be used to remove a
hint from the kernel environment. This is used to clear a
hint.<driver>.<unit>.disabled hint when re-enabling a boot-time
disabled device.
278336:
Unbreak the build (memchr is explicitly required by devctl(9) after r278320)
278830:
install the man page...
285621:
Fix formatting.
Approved by: re (marius)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r286837, r286838, r288470, r288522, r288524, r288826,
r289001
Pull in bhyve bug fixes and changes to allow UEFI booting.
This provides Windows support.
Tested on Intel and AMD with:
- Arch Linux i386+amd64 (kernel 4.3.3)
- Ubuntu 15.10 server 64-bit
- FreeBSD-CURRENT/amd64 20160127 snap
- FreeBSD 10.2 i386+amd64
- OpenBSD 5.8 i386+amd64
- SmartOS latest
- Windows 10 build 1511'
Huge thanks to Yamagi Burmeister who submitted the patch
and did the majority of the testing.
r284539 - bootrom mem allocation support
r284630 - Add SO_REUSEADDR when starting debug port
r284688 - Fix a regression in "movs" emulation
r284877 - verify_gla() non-zero segment base fix
r285217 - Always assert DCD and DSR in the uart
r285218 - devmem nodes moved to /dev/vmm.io/
r286837 - Add define for SATA Check-Power-Mode
r286838 - Add simple (no-op) SATA cmd emulations
r288470 - Increase virtio-blk indirect descs
r288522 - Firmware guest query interface
r288524 - Fix post-test typo
r288826 - Clean up SATA unimplemented cmd msg
r289001 - Add -l option to specify userboot path
Submitted by: Yamagi Burmeister
Approved by: re (kib)
|
| |
|
|
|
|
|
|
|
|
| |
r294860: Add keep_tite configuration option
r294862: Bump copyrights
r294892: Remove unused function prototype
r294893: Fix a crash if `-D' is used without `-t title'
r294922: Fix fatal warn when compiling under GCC 5.2.0
Approved by: re (marius)
|
| |
|
|
|
|
| |
Fix readpassphrase(3) when it's called with stdin being closed.
Approved by: re (delphij)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the implementations of PSEUDO_NOERROR and PSEUDO.
The PSEUDO* macros should not declare <syscall>, only _<syscall> and
__sys_<syscall>. This was causing the interposing C wrappers to be
ignored due to link order.
Reviewed by: kib
Obtained from: CheriBSD (4e8e13c90fc6a80e1520de44a6864cfd78b3b56d)
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D4097
|
| |
|
|
|
|
|
|
|
|
|
| |
fails.
This bug could be reproduced easily by calling sem_open() with O_CREAT |
O_EXCL on a semaphore that is already open in the process. The struct
sem_nameinfo would be freed while still in sem_list and later calls to
sem_open() or sem_close() could access freed memory.
PR: 206396
|
| |
|
|
| |
sctp_sendx() needs to provide the assoc_id back.
|
| |
|
|
| |
sctp_sendv() needs to fill in the association id on return.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
tdelete(3): don't delete the node we are about to return.
The original change, from NetBSD, was bogus; introduced a memory
leak and and broke POSIX. By reverting we actually match NetBSD's
latest revision.
This is a direct commit to 10 since this function was rewritten
in 11-current.
Reported by: Markiyan Kushnir
Obtained from: NetBSD (CVS rev. 1.7, 1.8)
|
| |
|
|
|
|
|
|
|
| |
libthr: const-ify two variables
Make the default umutex and urwlock initializers const,
because they can be, and as a microoptimization.
Sponsored by: Dell Inc.
|
| | |
|
| |
|
|
|
| |
of the MFC done in r294342, but since ia64 is gone in -current this is a
direct commit to 10-stable to add the functions.
|
| |
|
|
|
|
|
|
|
|
|
| |
Avoid reading pass the end of the source buffer when it is not NUL
terminated.
If this buffer is adjacent to an unmapped page or a version of C with
bounds checked is used this may result in a crash.
PR: 206178
Submitted by: Alexander Cherepanov <cherepan@mccme.ru>
|
| |
|
|
|
|
|
|
|
|
|
| |
Avoid reading pass the end of the source buffer when it is not NUL
terminated.
If this buffer is adjacent to an unmapped page or a version of C with
bounds checked is used this may result in a crash.
PR: 206177
Submitted by: Alexander Cherepanov <cherepan@mccme.ru>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Build mount_smbfs for arm. Also sort the subdirs.
Avoid unaligned memory accesses when encoding netbios names in libsmb.
The current code for encoding a netbios name converts each byte to a 16-bit
value and stores the result by casting a char* to u_short*, resulting in
alignment faults on strict-alignment platforms.
This change reimplements the encoding routine using only byte accesses to
memory. There is no particular reason to work with 16-bit values just
because the encoding process creates two bytes of output for every byte of
input. Working a byte at at time also avoids endian problems for big-endian
platforms.
Make the building of libsmb and mount_smbfs unconditional, now that r292552
has eliminated alignment and endian problems that were making it fail on
some platforms.
PR: 180438
PR: 189415
Relnotes: Yes
|
| |
|
|
|
|
|
|
|
|
|
|
| |
`gen_ether_subr`.
__MAKE_SHELL is only defined when installworld is run on stable/10,
which breaks workflows dealing with source trees mounted with noexec [*]
This is a direct commit to stable/10
Reported by: Mark Martinec <Mark.Martinec+freebsd@ijs.si>
Sponsored by: EMC / Isilon Storage Division
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow dhcp/bootp server-provided values to be overriden from environment
variables in loader(8) and other libstand applications.
Sometimes a dhcp server provides incorrect information along with the IP
address. It would be useful to have a way to override this with
locally-supplied information, such as command line parameters passed from a
prior-stage bootloader. This change allows pre-existing env vars to take
precedence over values delivered by the dhcp or bootp server.
The bootp/dhcp code in libstand automatically creates environment variables
from the data provided by the server (dhcp.root-path, dhcp.domain-name,
etc). It also transcribes the values to some global variables such as
'rootpath' and 'hostname'.
This change does two things:
When adding dhcp.* vars to the environment, don't replace existing
vars/values.
When setting the global vars rootpath and hostname, use the
dhcp.root-path and dhcp.host-name env var values if they exist.
This allows the platform-specific part of loader(8) to obtain override
values in some platform-specific way and store them in the environment
before opening the network device. The set of values that can be overriden
is currently limited to just string options. The values that are delivered
as binary data are things that probably shouldn't be overridden (IP,
netmask, gateway, etc).
The original patch this evolved from was submitted by martymac@
PR: 202098
Relnotes: Yes
|
| |
|
|
| |
Add strlcat() and strlcpy() to libstand and libstand32.
|
| |
|
|
|
|
|
|
|
|
| |
Fix a mismerge from NetBSD in r162194 with `xdr_rpcb_entry_list_ptr(..)`
This fixes the potential NULL pointer dereference properly, and also fixes
memory leaks encountered in the process of iterating through `*rp`.
Found by: Valgrind
Submitted by: Miles Ohlrich <miles.ohlrich@isilon.com>
|
| |
|
|
|
| |
Integrate the remaining tools/regression/lib/msun testcases into the
FreeBSD test suite under lib/msun/tests
|
| |
|
|
|
|
|
|
|
| |
Similar to r293704, fix theoretical leak of netconfig(3) resources in
__rpcbind_is_up(..) if getnetconfig(3) is partly successful in allocating
resources, but not completely successful by moving the endnetconfig(3) call
up before we return from the function if nconf == NULL.
Submitted by: Miles Ohlrich <miles.ohlrich@isilon.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fix theoretical leak of netconfig(3) resources in svcunix_create(..)
In the event that the getconfig(3) call in svcunix_create is partly successful,
some of the netconfig(3) resources allocated might be leaked if the call returns
NULL as endnetconfig(3) wasn't called explicitly in that case. Ensure that the
resources are fully cleaned up by going to the `done` label, which will call
endnetconfig(3) for us.
Submitted by: Miles Ohlrich <miles.ohlrich@isilon.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
MFH (r285141): remove unused variable
MFH (r288217): correctly check return value from getaddrinfo(3)
MFH (r289419): fix bugs in HTTPS tunnelling
MFH (r289420): use fopen()'s "e" mode instead of fcntl for close-on-exec
MFH (r291453, r291461): use .netrc for http servers and proxies
MFH (r292330, r292332): reset bufpos to 0 after refilling in chunked mode
PR: 194483 199801 193740 204771
|
| |
|
|
|
|
|
|
|
| |
MFH (r271614): remove incorrect svn properties
MFH (r274145): cast-qual bugs in tests
MFH (r288070): restore correct module search path semantics
Also merge upstream r854, committed to head as part of r280031, which
fixes cast-qual bugs in libpam itself.
|
| |
|
|
|
|
|
|
|
| |
Zero out a local variable also when PURIFY is not defined.
This silence a warning brought up by valgrind whenever if_nametoindex
is used. This was already discussed in PR 166483, but the code
committed in r234329 guards the initilization with #ifdef PURIFY.
Therefore, valgrind still complains. Since this code is not performance
critical, always zero out the local variable to silence valgrind.
|
| |
|
|
|
|
|
|
|
| |
Update the __FreeBSD_version check in lib/libc/sys/futimens.c and
lib/libc/sys/utimensat.c. Before this, fallback code using
futimes/futimesat/lutimes was used except when running on a sufficiently
recent 11-current kernel.
Also, update the history section in the man page.
|
| |
|
|
|
|
|
|
|
| |
marking the official start of the code slush.
Set the default mdoc(7) version to 10.3, and update the
clang(1) TARGET_TRIPLE and BUILD_TRIPLE to reflect 10.3.
Approved by: re (implicit)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix hwpmc "stalled" behavior
Currently, there is a single pm_stalled flag that tracks whether a
performance monitor was "stalled" due to insufficent ring buffer
space for samples. However, because the same performance monitor
can run on multiple processes or threads at the same time, a single
pm_stalled flag that impacts them all seems insufficient.
In particular, you can hit corner cases where the code fails to stop
performance monitors during a context switch out, because it thinks
the performance monitor is already stopped. However, in reality,
it may be that only the monitor running on a different CPU was stalled.
This patch attempts to fix that behavior by tracking on a per-CPU basis
whether a PM desires to run and whether it is "stalled". This lets the
code make better decisions about when to stop PMs and when to try to
restart them. Ideally, we should avoid the case where the code fails
to stop a PM during a context switch out.
MFC r290813:
Optimizations to the way hwpmc gathers user callchains
Changes to the code to gather user stacks:
* Delay setting pmc_cpumask until we actually have the stack.
* When recording user stack traces, only walk the portion of the ring
that should have samples for us.
MFC r290929:
Change the driver stats to what they really are: unsigned values.
When pmcstat exits after some samples were dropped, give the user an
idea of how many were lost. (Granted, these are global numbers, but
they may still help quantify the scope of the loss.)
MFC r290930:
Improve accuracy of PMC sampling frequency
The code tracks a counter which is the number of events until the next
sample. On context switch in, it loads the saved counter. On context
switch out, it tries to calculate a new saved counter.
Problems:
1. The saved counter was shared by all threads in a process. However, this
means that all threads would be initially loaded with the same saved
counter. However, that could result in sampling more often than once every
X number of events.
2. The calculation to determine a new saved counter was backwards. It
added when it should have subtracted, and subtracted when it should have
added. Assume a single-threaded process with a reload count of 1000
events. Assuming the counter on context switch in was 100 and the counter
on context switch out was 50 (meaning the thread has "consumed" 50 more
events), the code would calculate a new saved counter of 150 (instead of
the proper 50).
Fix:
1. As soon as the saved counter is used to initialize a monitor for a
thread on context switch in, set the saved counter to the reload count.
That way, subsequent threads to use the saved counter will get the full
reload count, assuring we sample at least once every X number of events
(across all threads).
2. Change the calculation of the saved counter. Due to the change to the
saved counter in #1, we simply need to add (modulo the reload count) the
remaining counter time we retrieve from the CPU when a thread is context
switched out.
MFC r291016:
Support a wider history counter in pmcstat(8) gmon output
pmcstat(8) contains an option to output sampling data in a gmon format
compatible with gprof(1). Currently, it uses the default histcounter,
which is an (unsigned short). With large sets of sampling data, it
is possible to overflow the maximum value provided by an (unsigned
short).
This change adds the -e argument to pmcstat. If -e and -g are both
specified, pmcstat will use a histcounter type of uint64_t.
MFC r291017:
Fix the date on the pmcstat(8) man page from r291016.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Kernel part of reroot support - a way to change rootfs without reboot.
Note that the mountlist manipulations are somewhat fragile, and not very
pretty. The reason for this is to avoid changing vfs_mountroot(), which
is (obviously) rather mission-critical, but not very well documented,
and thus hard to test properly. It might be possible to rework it to use
its own simple root mount mechanism instead of vfs_mountroot().
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D2698
|
| |
|
|
|
|
|
| |
Remove reboot.S (part of libc). It's not needed and was actually
broken - returning 0 from reboot(2) resulted in SIGBUS.
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
r293340: Increase maximum buffer size for `-x cmd' value
r293379: Bump copyright
|
| | |
|
| |
|
|
| |
Add futimens and utimensat system calls.
|
| |
|
|
|
|
|
|
| |
Move fdopen() up near other resource allocation like malloc(); do proper
deallocation on failure later on in the function.
Approved by: jhb
Sponsored by: Panasas, Inc.
|
| | |
|
| |
|
|
| |
Replace unneeded manual dependency on header by adding it to SRCS.
|
