CVS commit: [netbsd-7-1] src/doc

2019-11-25 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Mon Nov 25 15:48:04 UTC 2019

Modified Files:
src/doc [netbsd-7-1]: CHANGES-7.1.3

Log Message:
Ticket #1714


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.61 -r1.1.2.62 src/doc/CHANGES-7.1.3

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7-1] src/doc

2019-11-25 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Mon Nov 25 15:48:04 UTC 2019

Modified Files:
src/doc [netbsd-7-1]: CHANGES-7.1.3

Log Message:
Ticket #1714


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.61 -r1.1.2.62 src/doc/CHANGES-7.1.3

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-7.1.3
diff -u src/doc/CHANGES-7.1.3:1.1.2.61 src/doc/CHANGES-7.1.3:1.1.2.62
--- src/doc/CHANGES-7.1.3:1.1.2.61	Thu Oct 31 01:54:21 2019
+++ src/doc/CHANGES-7.1.3	Mon Nov 25 15:48:04 2019
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-7.1.3,v 1.1.2.61 2019/10/31 01:54:21 martin Exp $
+# $NetBSD: CHANGES-7.1.3,v 1.1.2.62 2019/11/25 15:48:04 martin Exp $
 
 A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3
 release:
@@ -607,3 +607,8 @@ sys/modules/filemon/Makefile			1.4 (manu
 	Do not install the filemon module.
 	[maya, ticket #1710]
 
+sys/kern/subr_cprng.c1.33
+
+	Use cprng_strong, not cprng_fast, for sysctl kern.arnd.
+	[riastradh, ticket #1714]
+



CVS commit: [netbsd-7-1] src/sys/kern

2019-11-25 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Mon Nov 25 15:47:44 UTC 2019

Modified Files:
src/sys/kern [netbsd-7-1]: subr_cprng.c

Log Message:
Pull up following revision(s) (requested by riastradh in ticket #1714):

sys/kern/subr_cprng.c: revision 1.33

Use cprng_strong, not cprng_fast, for sysctl kern.arnd.


To generate a diff of this commit:
cvs rdiff -u -r1.24.2.1.6.1 -r1.24.2.1.6.2 src/sys/kern/subr_cprng.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/kern/subr_cprng.c
diff -u src/sys/kern/subr_cprng.c:1.24.2.1.6.1 src/sys/kern/subr_cprng.c:1.24.2.1.6.2
--- src/sys/kern/subr_cprng.c:1.24.2.1.6.1	Tue Sep  3 12:28:31 2019
+++ src/sys/kern/subr_cprng.c	Mon Nov 25 15:47:44 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: subr_cprng.c,v 1.24.2.1.6.1 2019/09/03 12:28:31 martin Exp $ */
+/*	$NetBSD: subr_cprng.c,v 1.24.2.1.6.2 2019/11/25 15:47:44 martin Exp $ */
 
 /*-
  * Copyright (c) 2011-2013 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: subr_cprng.c,v 1.24.2.1.6.1 2019/09/03 12:28:31 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_cprng.c,v 1.24.2.1.6.2 2019/11/25 15:47:44 martin Exp $");
 
 #include 
 #include 
@@ -508,6 +508,7 @@ cprng_strong_rndsink_callback(void *cont
 	mutex_exit(&cprng->cs_lock);
 }
 
+static ONCE_DECL(sysctl_prng_once);
 static cprng_strong_t *sysctl_prng;
 
 static int
@@ -527,10 +528,9 @@ makeprng(void)
 static int
 sysctl_kern_urnd(SYSCTLFN_ARGS)
 {
-	static ONCE_DECL(control);
 	int v, rv;
 
-	RUN_ONCE(&control, makeprng);
+	RUN_ONCE(&sysctl_prng_once, makeprng);
 	rv = cprng_strong(sysctl_prng, &v, sizeof(v), 0);
 	if (rv == sizeof(v)) {
 		struct sysctlnode node = *rnode;
@@ -559,6 +559,7 @@ sysctl_kern_arnd(SYSCTLFN_ARGS)
 	int error;
 	void *v;
 	struct sysctlnode node = *rnode;
+	size_t n __diagused;
 
 	switch (*oldlenp) {
 	case 0:
@@ -567,8 +568,10 @@ sysctl_kern_arnd(SYSCTLFN_ARGS)
 		if (*oldlenp > 256) {
 			return E2BIG;
 		}
+		RUN_ONCE(&sysctl_prng_once, makeprng);
 		v = kmem_alloc(*oldlenp, KM_SLEEP);
-		cprng_fast(v, *oldlenp);
+		n = cprng_strong(sysctl_prng, v, *oldlenp, 0);
+		KASSERT(n == *oldlenp);
 		node.sysctl_data = v;
 		node.sysctl_size = *oldlenp;
 		error = sysctl_lookup(SYSCTLFN_CALL(&node));



CVS commit: [netbsd-7-1] src/sys/kern

2019-11-25 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Mon Nov 25 15:47:44 UTC 2019

Modified Files:
src/sys/kern [netbsd-7-1]: subr_cprng.c

Log Message:
Pull up following revision(s) (requested by riastradh in ticket #1714):

sys/kern/subr_cprng.c: revision 1.33

Use cprng_strong, not cprng_fast, for sysctl kern.arnd.


To generate a diff of this commit:
cvs rdiff -u -r1.24.2.1.6.1 -r1.24.2.1.6.2 src/sys/kern/subr_cprng.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7-1] src

2019-10-30 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Thu Oct 31 01:54:21 UTC 2019

Modified Files:
src/distrib/sets/lists/modules [netbsd-7-1]: md.amd64 md.evbppc.powerpc
md.i386
src/doc [netbsd-7-1]: CHANGES-7.1.3

Log Message:
Fix set lists for ticket #1710


To generate a diff of this commit:
cvs rdiff -u -r1.41.2.3 -r1.41.2.3.6.1 \
src/distrib/sets/lists/modules/md.amd64
cvs rdiff -u -r1.3.4.1 -r1.3.4.1.6.1 \
src/distrib/sets/lists/modules/md.evbppc.powerpc
cvs rdiff -u -r1.46.2.2 -r1.46.2.2.6.1 src/distrib/sets/lists/modules/md.i386
cvs rdiff -u -r1.1.2.60 -r1.1.2.61 src/doc/CHANGES-7.1.3

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7-1] src

2019-10-30 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Thu Oct 31 01:54:21 UTC 2019

Modified Files:
src/distrib/sets/lists/modules [netbsd-7-1]: md.amd64 md.evbppc.powerpc
md.i386
src/doc [netbsd-7-1]: CHANGES-7.1.3

Log Message:
Fix set lists for ticket #1710


To generate a diff of this commit:
cvs rdiff -u -r1.41.2.3 -r1.41.2.3.6.1 \
src/distrib/sets/lists/modules/md.amd64
cvs rdiff -u -r1.3.4.1 -r1.3.4.1.6.1 \
src/distrib/sets/lists/modules/md.evbppc.powerpc
cvs rdiff -u -r1.46.2.2 -r1.46.2.2.6.1 src/distrib/sets/lists/modules/md.i386
cvs rdiff -u -r1.1.2.60 -r1.1.2.61 src/doc/CHANGES-7.1.3

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/distrib/sets/lists/modules/md.amd64
diff -u src/distrib/sets/lists/modules/md.amd64:1.41.2.3 src/distrib/sets/lists/modules/md.amd64:1.41.2.3.6.1
--- src/distrib/sets/lists/modules/md.amd64:1.41.2.3	Sat Mar 21 17:11:35 2015
+++ src/distrib/sets/lists/modules/md.amd64	Thu Oct 31 01:54:21 2019
@@ -1,4 +1,4 @@
-# $NetBSD: md.amd64,v 1.41.2.3 2015/03/21 17:11:35 snj Exp $
+# $NetBSD: md.amd64,v 1.41.2.3.6.1 2019/10/31 01:54:21 martin Exp $
 #
 # NOTE that there are two sets of files here:
 # @MODULEDIR@ and amd64-xen
@@ -292,8 +292,8 @@
 ./stand/amd64-xen/@OSRELEASE@/modules/ffs/ffs.kmod			base-kernel-modules	kmod,compatmodules
 ./stand/amd64-xen/@OSRELEASE@/modules/filecorebase-kernel-modules	kmod,compatmodules
 ./stand/amd64-xen/@OSRELEASE@/modules/filecore/filecore.kmod		base-kernel-modules	kmod,compatmodules
-./stand/amd64-xen/@OSRELEASE@/modules/filemonbase-kernel-modules	kmod,compatmodules
-./stand/amd64-xen/@OSRELEASE@/modules/filemon/filemon.kmod		base-kernel-modules	kmod,compatmodules
+./stand/amd64-xen/@OSRELEASE@/modules/filemonbase-obsolete		obsolete
+./stand/amd64-xen/@OSRELEASE@/modules/filemon/filemon.kmod		base-obsolete		obsolete
 ./stand/amd64-xen/@OSRELEASE@/modules/finsiobase-kernel-modules	kmod,compatmodules
 ./stand/amd64-xen/@OSRELEASE@/modules/finsio/finsio.kmod		base-kernel-modules	kmod,compatmodules
 ./stand/amd64-xen/@OSRELEASE@/modules/flashbase-kernel-modules	kmod,compatmodules

Index: src/distrib/sets/lists/modules/md.evbppc.powerpc
diff -u src/distrib/sets/lists/modules/md.evbppc.powerpc:1.3.4.1 src/distrib/sets/lists/modules/md.evbppc.powerpc:1.3.4.1.6.1
--- src/distrib/sets/lists/modules/md.evbppc.powerpc:1.3.4.1	Sat Mar 21 17:11:35 2015
+++ src/distrib/sets/lists/modules/md.evbppc.powerpc	Thu Oct 31 01:54:21 2019
@@ -1,4 +1,4 @@
-# $NetBSD: md.evbppc.powerpc,v 1.3.4.1 2015/03/21 17:11:35 snj Exp $
+# $NetBSD: md.evbppc.powerpc,v 1.3.4.1.6.1 2019/10/31 01:54:21 martin Exp $
 ./stand/powerpc-4xx			base-kernel-modules	kmod,compatmodules
 ./stand/powerpc-4xx/@OSRELEASE@		base-kernel-modules	kmod,compatmodules
 ./stand/powerpc-4xx/@OSRELEASE@/modules	base-kernel-modules	kmod,compatmodules
@@ -70,8 +70,8 @@
 ./stand/powerpc-4xx/@OSRELEASE@/modules/ffs/ffs.kmod			base-kernel-modules	kmod,compatmodules
 ./stand/powerpc-4xx/@OSRELEASE@/modules/filecore			base-kernel-modules	kmod,compatmodules
 ./stand/powerpc-4xx/@OSRELEASE@/modules/filecore/filecore.kmod		base-kernel-modules	kmod,compatmodules
-./stand/powerpc-4xx/@OSRELEASE@/modules/filemonbase-kernel-modules	kmod,compatmodules
-./stand/powerpc-4xx/@OSRELEASE@/modules/filemon/filemon.kmod		base-kernel-modules	kmod,compatmodules
+./stand/powerpc-4xx/@OSRELEASE@/modules/filemonbase-obsolete		obsolete
+./stand/powerpc-4xx/@OSRELEASE@/modules/filemon/filemon.kmod		base-obsolete		obsolete
 ./stand/powerpc-4xx/@OSRELEASE@/modules/flashbase-kernel-modules	kmod,compatmodules
 ./stand/powerpc-4xx/@OSRELEASE@/modules/flash/flash.kmod		base-kernel-modules	kmod,compatmodules
 ./stand/powerpc-4xx/@OSRELEASE@/modules/fssbase-kernel-modules	kmod,compatmodules
@@ -307,8 +307,8 @@
 ./stand/powerpc-booke/@OSRELEASE@/modules/ffs/ffs.kmod			base-kernel-modules	kmod,compatmodules
 ./stand/powerpc-booke/@OSRELEASE@/modules/filecorebase-kernel-modules	kmod,compatmodules
 ./stand/powerpc-booke/@OSRELEASE@/modules/filecore/filecore.kmod		base-kernel-modules	kmod,compatmodules
-./stand/powerpc-booke/@OSRELEASE@/modules/filemonbase-kernel-modules	kmod,compatmodules
-./stand/powerpc-booke/@OSRELEASE@/modules/filemon/filemon.kmod		base-kernel-modules	kmod,compatmodules
+./stand/powerpc-booke/@OSRELEASE@/modules/filemonbase-obsolete		obsolete
+./stand/powerpc-booke/@OSRELEASE@/modules/filemon/filemon.kmod		base-obsolete		obsolete
 ./stand/powerpc-booke/@OSRELEASE@/modules/flashbase-kernel-modules	kmod,compatmodules
 ./stand/powerpc-booke/@OSRELEASE@/modules/flash/flash.kmod			base-kernel-modules	kmod,compatmodules
 ./stand/powerpc-booke/@OSRELEASE@/modules/fssbase-kernel-modules	kmod,compatmodules

Index: src/distrib/sets/lists/modules/md.i386
diff -u src/distrib/sets/lists/modules/md.i386:1.46.2.2 src/distrib/sets/lists/modules

CVS commit: [netbsd-7-1] src/doc

2019-10-28 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Mon Oct 28 18:05:34 UTC 2019

Modified Files:
src/doc [netbsd-7-1]: CHANGES-7.1.3

Log Message:
Ticket #1710


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.59 -r1.1.2.60 src/doc/CHANGES-7.1.3

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-7.1.3
diff -u src/doc/CHANGES-7.1.3:1.1.2.59 src/doc/CHANGES-7.1.3:1.1.2.60
--- src/doc/CHANGES-7.1.3:1.1.2.59	Sat Sep 28 07:51:31 2019
+++ src/doc/CHANGES-7.1.3	Mon Oct 28 18:05:34 2019
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-7.1.3,v 1.1.2.59 2019/09/28 07:51:31 martin Exp $
+# $NetBSD: CHANGES-7.1.3,v 1.1.2.60 2019/10/28 18:05:34 martin Exp $
 
 A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3
 release:
@@ -597,3 +597,10 @@ sys/netbt/hci_event.c1.26
 	CVE-2019-9506.
 	[plunky, ticket #1709]
 
+distrib/sets/lists/modules/mi			1.127
+sys/modules/Makefile1.229,1.230
+sys/modules/filemon/Makefile			1.4 (manually adjusted)
+
+	Do not install the filemon module.
+	[maya, ticket #1710]
+



CVS commit: [netbsd-7-1] src/doc

2019-10-28 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Mon Oct 28 18:05:34 UTC 2019

Modified Files:
src/doc [netbsd-7-1]: CHANGES-7.1.3

Log Message:
Ticket #1710


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.59 -r1.1.2.60 src/doc/CHANGES-7.1.3

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7-1] src

2019-10-28 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Mon Oct 28 18:05:08 UTC 2019

Modified Files:
src/distrib/sets/lists/modules [netbsd-7-1]: mi
src/sys/modules/filemon [netbsd-7-1]: Makefile

Log Message:
Pull up following revision(s) (requested by maya in ticket #1710):

distrib/sets/lists/modules/mi: revision 1.127
sys/modules/Makefile: revision 1.230
sys/modules/filemon/Makefile: revision 1.4 (manually adjusted)
sys/modules/Makefile: revision 1.229

Disable filemon.

It isn't suited for general use (that is, it poses security risks),
but the existence of the module means it is auto-loaded when /dev/filemon
is opened, which can be done by any user.

Thanks Ilja van Sprundel for the heads up.

 -

Continue to build the filemon module, but don't install it.  Hopefully
this will help us detect any additional bit-rot that might occur.

XXX It might be a good idea to modify the file permissions on /dev/filemon
XXX to prevent auto-loading of the driver module by non-privileged users.


To generate a diff of this commit:
cvs rdiff -u -r1.69.2.1 -r1.69.2.1.6.1 src/distrib/sets/lists/modules/mi
cvs rdiff -u -r1.1 -r1.1.48.1 src/sys/modules/filemon/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/distrib/sets/lists/modules/mi
diff -u src/distrib/sets/lists/modules/mi:1.69.2.1 src/distrib/sets/lists/modules/mi:1.69.2.1.6.1
--- src/distrib/sets/lists/modules/mi:1.69.2.1	Sat Mar 21 17:11:35 2015
+++ src/distrib/sets/lists/modules/mi	Mon Oct 28 18:05:07 2019
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.69.2.1 2015/03/21 17:11:35 snj Exp $
+# $NetBSD: mi,v 1.69.2.1.6.1 2019/10/28 18:05:07 martin Exp $
 #
 # Note: don't delete entries from here - mark them as "obsolete" instead.
 #
@@ -76,8 +76,8 @@
 ./@MODULEDIR@/ffs/ffs.kmod			base-kernel-modules	kmod
 ./@MODULEDIR@/filecorebase-kernel-modules	kmod
 ./@MODULEDIR@/filecore/filecore.kmod		base-kernel-modules	kmod
-./@MODULEDIR@/filemonbase-kernel-modules	kmod
-./@MODULEDIR@/filemon/filemon.kmod		base-kernel-modules	kmod
+./@MODULEDIR@/filemonbase-obsolete		obsolete
+./@MODULEDIR@/filemon/filemon.kmod		base-obsolete		obsolete
 ./@MODULEDIR@/flashbase-kernel-modules	kmod
 ./@MODULEDIR@/flash/flash.kmod			base-kernel-modules	kmod
 ./@MODULEDIR@/fssbase-kernel-modules	kmod

Index: src/sys/modules/filemon/Makefile
diff -u src/sys/modules/filemon/Makefile:1.1 src/sys/modules/filemon/Makefile:1.1.48.1
--- src/sys/modules/filemon/Makefile:1.1	Thu Sep  9 00:10:16 2010
+++ src/sys/modules/filemon/Makefile	Mon Oct 28 18:05:07 2019
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.1 2010/09/09 00:10:16 sjg Exp $
+# $NetBSD: Makefile,v 1.1.48.1 2019/10/28 18:05:07 martin Exp $
 
 .include "../Makefile.inc"
 
@@ -8,4 +8,10 @@ KMOD = filemon
 SRCS = filemon.c filemon_wrapper.c
 NOMAN = no
 
+# Due to security concerns, we don't install the filemon module.  We
+# do, however, want to keep building it to prevent bit-rot.  Define
+# an empty install target for this.
+
+kmodinstall:
+
 .include 



CVS commit: [netbsd-7-1] src

2019-10-28 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Mon Oct 28 18:05:08 UTC 2019

Modified Files:
src/distrib/sets/lists/modules [netbsd-7-1]: mi
src/sys/modules/filemon [netbsd-7-1]: Makefile

Log Message:
Pull up following revision(s) (requested by maya in ticket #1710):

distrib/sets/lists/modules/mi: revision 1.127
sys/modules/Makefile: revision 1.230
sys/modules/filemon/Makefile: revision 1.4 (manually adjusted)
sys/modules/Makefile: revision 1.229

Disable filemon.

It isn't suited for general use (that is, it poses security risks),
but the existence of the module means it is auto-loaded when /dev/filemon
is opened, which can be done by any user.

Thanks Ilja van Sprundel for the heads up.

 -

Continue to build the filemon module, but don't install it.  Hopefully
this will help us detect any additional bit-rot that might occur.

XXX It might be a good idea to modify the file permissions on /dev/filemon
XXX to prevent auto-loading of the driver module by non-privileged users.


To generate a diff of this commit:
cvs rdiff -u -r1.69.2.1 -r1.69.2.1.6.1 src/distrib/sets/lists/modules/mi
cvs rdiff -u -r1.1 -r1.1.48.1 src/sys/modules/filemon/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7-1] src/doc

2019-09-28 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Sat Sep 28 07:51:32 UTC 2019

Modified Files:
src/doc [netbsd-7-1]: CHANGES-7.1.3

Log Message:
Ticket #1709


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.58 -r1.1.2.59 src/doc/CHANGES-7.1.3

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7-1] src/doc

2019-09-28 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Sat Sep 28 07:51:32 UTC 2019

Modified Files:
src/doc [netbsd-7-1]: CHANGES-7.1.3

Log Message:
Ticket #1709


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.58 -r1.1.2.59 src/doc/CHANGES-7.1.3

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-7.1.3
diff -u src/doc/CHANGES-7.1.3:1.1.2.58 src/doc/CHANGES-7.1.3:1.1.2.59
--- src/doc/CHANGES-7.1.3:1.1.2.58	Tue Sep 17 18:08:59 2019
+++ src/doc/CHANGES-7.1.3	Sat Sep 28 07:51:31 2019
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-7.1.3,v 1.1.2.58 2019/09/17 18:08:59 martin Exp $
+# $NetBSD: CHANGES-7.1.3,v 1.1.2.59 2019/09/28 07:51:31 martin Exp $
 
 A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3
 release:
@@ -588,3 +588,12 @@ sys/netinet6/ip6_input.c			1.209 (patch)
 	m_pullup() when needed.
 	[bouyer, ticket #1708]
 
+sys/netbt/hci.h	1.46
+sys/netbt/hci_event.c1.26
+
+	When encrypted connections are configured, verify that the encryption
+	key length has a minimum size when the adaptor supports that.
+	This addresses the 'Key Negotiation of Bluetooth' attack,
+	CVE-2019-9506.
+	[plunky, ticket #1709]
+



CVS commit: [netbsd-7-1] src/sys/netbt

2019-09-28 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Sat Sep 28 07:51:11 UTC 2019

Modified Files:
src/sys/netbt [netbsd-7-1]: hci.h hci_event.c

Log Message:
Pull up following revision(s) (requested by plunky in ticket #1709):

sys/netbt/hci_event.c: revision 1.26
sys/netbt/hci.h: revision 1.46

When encrypted connections are configured, verify that the encryption
key length has a minimum size when the adaptor supports that.

This addresses the 'Key Negotiation of Bluetooth' attack, CVE-2019-9506
https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/


To generate a diff of this commit:
cvs rdiff -u -r1.39 -r1.39.10.1 src/sys/netbt/hci.h
cvs rdiff -u -r1.23 -r1.23.36.1 src/sys/netbt/hci_event.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netbt/hci.h
diff -u src/sys/netbt/hci.h:1.39 src/sys/netbt/hci.h:1.39.10.1
--- src/sys/netbt/hci.h:1.39	Tue Jul  1 05:49:18 2014
+++ src/sys/netbt/hci.h	Sat Sep 28 07:51:11 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: hci.h,v 1.39 2014/07/01 05:49:18 rtr Exp $	*/
+/*	$NetBSD: hci.h,v 1.39.10.1 2019/09/28 07:51:11 martin Exp $	*/
 
 /*-
  * Copyright (c) 2005 Iain Hibbert.
@@ -54,7 +54,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: hci.h,v 1.39 2014/07/01 05:49:18 rtr Exp $
+ * $Id: hci.h,v 1.39.10.1 2019/09/28 07:51:11 martin Exp $
  * $FreeBSD: src/sys/netgraph/bluetooth/include/ng_hci.h,v 1.6 2005/01/07 01:45:43 imp Exp $
  */
 
@@ -1786,6 +1786,17 @@ typedef struct {
 	uint16_t	accuracy;	/* clock accuracy */
 } __packed hci_read_clock_rp;
 
+#define HCI_OCF_READ_ENCRYPTION_KEY_SIZE		0x0008
+#define HCI_CMD_READ_ENCRYPTION_KEY_SIZE		0x1408
+typedef struct {
+	uint16_t	con_handle;	/* connection handle */
+} __packed hci_read_encryption_key_size_cp;
+
+typedef struct {
+	uint8_t		status;		/* 0x00 - success */
+	uint16_t	con_handle;	/* connection handle */
+	uint8_t		size;		/* key size */
+} __packed hci_read_encryption_key_size_rp;
 
 /**
  **

Index: src/sys/netbt/hci_event.c
diff -u src/sys/netbt/hci_event.c:1.23 src/sys/netbt/hci_event.c:1.23.36.1
--- src/sys/netbt/hci_event.c:1.23	Wed Jul 27 10:25:09 2011
+++ src/sys/netbt/hci_event.c	Sat Sep 28 07:51:11 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: hci_event.c,v 1.23 2011/07/27 10:25:09 plunky Exp $	*/
+/*	$NetBSD: hci_event.c,v 1.23.36.1 2019/09/28 07:51:11 martin Exp $	*/
 
 /*-
  * Copyright (c) 2005 Iain Hibbert.
@@ -31,7 +31,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: hci_event.c,v 1.23 2011/07/27 10:25:09 plunky Exp $");
+__KERNEL_RCSID(0, "$NetBSD: hci_event.c,v 1.23.36.1 2019/09/28 07:51:11 martin Exp $");
 
 #include 
 #include 
@@ -63,6 +63,7 @@ static void hci_cmd_read_local_features(
 static void hci_cmd_read_local_extended_features(struct hci_unit *, struct mbuf *);
 static void hci_cmd_read_local_ver(struct hci_unit *, struct mbuf *);
 static void hci_cmd_read_local_commands(struct hci_unit *, struct mbuf *);
+static void hci_cmd_read_encryption_key_size(struct hci_unit *, struct mbuf *);
 static void hci_cmd_reset(struct hci_unit *, struct mbuf *);
 static void hci_cmd_create_con(struct hci_unit *unit, uint8_t status);
 
@@ -351,6 +352,10 @@ hci_event_command_compl(struct hci_unit 
 		hci_cmd_read_local_commands(unit, m);
 		break;
 
+	case HCI_CMD_READ_ENCRYPTION_KEY_SIZE:
+		hci_cmd_read_encryption_key_size(unit, m);
+		break;
+
 	case HCI_CMD_RESET:
 		hci_cmd_reset(unit, m);
 		break;
@@ -618,10 +623,11 @@ hci_event_con_compl(struct hci_unit *uni
 		return;
 	}
 
-	/* XXX could check auth_enable here */
-
-	if (ep.encryption_mode)
-		link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT);
+	/*
+	 * We purposefully ignore ep.encryption_mode here - if that is set then
+	 * the link will be authenticated and encrypted, but we still want to
+	 * verify the key size and setmode sets the right flags
+	 */
 
 	link->hl_state = HCI_LINK_OPEN;
 	link->hl_handle = HCI_CON_HANDLE(le16toh(ep.con_handle));
@@ -772,17 +778,16 @@ hci_event_auth_compl(struct hci_unit *un
 /*
  * Encryption Change
  *
- * The encryption status has changed. Basically, we note the change
- * then notify the upper layer protocol unless further mode changes
- * are pending.
- * Note that if encryption gets disabled when it has been requested,
- * we will attempt to enable it again.. (its a feature not a bug :)
+ * The encryption status has changed. Make a note if disabled, or
+ * check the key size if possible before allowing it is enabled.
+ * (checking of key size was enabled in 3.0 spec)
  */
 static void
 hci_event_encryption_change(struct hci_unit *unit, struct mbuf *m)
 {
 	hci_encryption_change_ep ep;
 	struct hci_link *link;
+	uint16_t con_handle;
 	int err;
 
 	if (m->m_pkthdr.len < sizeof(ep

CVS commit: [netbsd-7-1] src/sys/netbt

2019-09-28 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Sat Sep 28 07:51:11 UTC 2019

Modified Files:
src/sys/netbt [netbsd-7-1]: hci.h hci_event.c

Log Message:
Pull up following revision(s) (requested by plunky in ticket #1709):

sys/netbt/hci_event.c: revision 1.26
sys/netbt/hci.h: revision 1.46

When encrypted connections are configured, verify that the encryption
key length has a minimum size when the adaptor supports that.

This addresses the 'Key Negotiation of Bluetooth' attack, CVE-2019-9506
https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/


To generate a diff of this commit:
cvs rdiff -u -r1.39 -r1.39.10.1 src/sys/netbt/hci.h
cvs rdiff -u -r1.23 -r1.23.36.1 src/sys/netbt/hci_event.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7-1] src/doc

2019-09-17 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Tue Sep 17 18:08:59 UTC 2019

Modified Files:
src/doc [netbsd-7-1]: CHANGES-7.1.3

Log Message:
Ticket #1708


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.57 -r1.1.2.58 src/doc/CHANGES-7.1.3

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7-1] src/doc

2019-09-17 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Tue Sep 17 18:08:59 UTC 2019

Modified Files:
src/doc [netbsd-7-1]: CHANGES-7.1.3

Log Message:
Ticket #1708


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.57 -r1.1.2.58 src/doc/CHANGES-7.1.3

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-7.1.3
diff -u src/doc/CHANGES-7.1.3:1.1.2.57 src/doc/CHANGES-7.1.3:1.1.2.58
--- src/doc/CHANGES-7.1.3:1.1.2.57	Fri Sep  6 13:52:36 2019
+++ src/doc/CHANGES-7.1.3	Tue Sep 17 18:08:59 2019
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-7.1.3,v 1.1.2.57 2019/09/06 13:52:36 martin Exp $
+# $NetBSD: CHANGES-7.1.3,v 1.1.2.58 2019/09/17 18:08:59 martin Exp $
 
 A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3
 release:
@@ -581,3 +581,10 @@ lib/libc/nameser/ns_name.c			1.12
 	Fix buffer overrun.
 	[maya, ticket #1706]
 
+sys/netinet/ip_input.c1.390 (patch)
+sys/netinet6/ip6_input.c			1.209 (patch)
+
+	Packet filters can return an mbuf chain with fragmented headers, so
+	m_pullup() when needed.
+	[bouyer, ticket #1708]
+



CVS commit: [netbsd-7-1] src/sys

2019-09-17 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Tue Sep 17 18:08:14 UTC 2019

Modified Files:
src/sys/netinet [netbsd-7-1]: ip_input.c
src/sys/netinet6 [netbsd-7-1]: ip6_input.c

Log Message:
Pull up following revision(s) (requested by bouyer in ticket #1708):

sys/netinet6/ip6_input.c: revision 1.209 via patch
sys/netinet/ip_input.c: revision 1.390 via patch

Packet filters can return an mbuf chain with fragmented headers, so
m_pullup() it if needed and remove the KASSERT()s.


To generate a diff of this commit:
cvs rdiff -u -r1.319.10.1 -r1.319.10.2 src/sys/netinet/ip_input.c
cvs rdiff -u -r1.149.2.1.6.2 -r1.149.2.1.6.3 src/sys/netinet6/ip6_input.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet/ip_input.c
diff -u src/sys/netinet/ip_input.c:1.319.10.1 src/sys/netinet/ip_input.c:1.319.10.2
--- src/sys/netinet/ip_input.c:1.319.10.1	Fri Feb  9 14:05:29 2018
+++ src/sys/netinet/ip_input.c	Tue Sep 17 18:08:13 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip_input.c,v 1.319.10.1 2018/02/09 14:05:29 martin Exp $	*/
+/*	$NetBSD: ip_input.c,v 1.319.10.2 2019/09/17 18:08:13 martin Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.319.10.1 2018/02/09 14:05:29 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.319.10.2 2019/09/17 18:08:13 martin Exp $");
 
 #include "opt_inet.h"
 #include "opt_compat_netbsd.h"
@@ -526,8 +526,25 @@ ip_input(struct mbuf *m)
 		if (freed || m == NULL) {
 			return;
 		}
+		if (__predict_false(m->m_len < sizeof (struct ip))) {
+			if ((m = m_pullup(m, sizeof (struct ip))) == NULL) {
+IP_STATINC(IP_STAT_TOOSMALL);
+return;
+			}
+		}
 		ip = mtod(m, struct ip *);
 		hlen = ip->ip_hl << 2;
+		if (hlen < sizeof(struct ip)) {	/* minimum header length */
+			IP_STATINC(IP_STAT_BADHLEN);
+			goto bad;
+		}
+		if (hlen > m->m_len) {
+			if ((m = m_pullup(m, hlen)) == NULL) {
+IP_STATINC(IP_STAT_BADHLEN);
+return;
+			}
+			ip = mtod(m, struct ip *);
+		}
 
 		/*
 		 * XXX The setting of "srcrt" here is to prevent ip_forward()

Index: src/sys/netinet6/ip6_input.c
diff -u src/sys/netinet6/ip6_input.c:1.149.2.1.6.2 src/sys/netinet6/ip6_input.c:1.149.2.1.6.3
--- src/sys/netinet6/ip6_input.c:1.149.2.1.6.2	Sun Feb 25 23:17:37 2018
+++ src/sys/netinet6/ip6_input.c	Tue Sep 17 18:08:13 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip6_input.c,v 1.149.2.1.6.2 2018/02/25 23:17:37 snj Exp $	*/
+/*	$NetBSD: ip6_input.c,v 1.149.2.1.6.3 2019/09/17 18:08:13 martin Exp $	*/
 /*	$KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $	*/
 
 /*
@@ -62,7 +62,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.149.2.1.6.2 2018/02/25 23:17:37 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.149.2.1.6.3 2019/09/17 18:08:13 martin Exp $");
 
 #include "opt_gateway.h"
 #include "opt_inet.h"
@@ -352,6 +352,14 @@ ip6_input(struct mbuf *m)
 			return;
 		if (m == NULL)
 			return;
+		if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) {
+			struct ifnet *inifp = m->m_pkthdr.rcvif;
+			if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {
+IP6_STATINC(IP6_STAT_TOOSMALL);
+in6_ifstat_inc(inifp, ifs6_in_hdrerr);
+return;
+			}
+		}
 		ip6 = mtod(m, struct ip6_hdr *);
 		srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst);
 	}



CVS commit: [netbsd-7-1] src/sys

2019-09-17 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Tue Sep 17 18:08:14 UTC 2019

Modified Files:
src/sys/netinet [netbsd-7-1]: ip_input.c
src/sys/netinet6 [netbsd-7-1]: ip6_input.c

Log Message:
Pull up following revision(s) (requested by bouyer in ticket #1708):

sys/netinet6/ip6_input.c: revision 1.209 via patch
sys/netinet/ip_input.c: revision 1.390 via patch

Packet filters can return an mbuf chain with fragmented headers, so
m_pullup() it if needed and remove the KASSERT()s.


To generate a diff of this commit:
cvs rdiff -u -r1.319.10.1 -r1.319.10.2 src/sys/netinet/ip_input.c
cvs rdiff -u -r1.149.2.1.6.2 -r1.149.2.1.6.3 src/sys/netinet6/ip6_input.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7-1] src/doc

2019-09-06 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Fri Sep  6 13:52:36 UTC 2019

Modified Files:
src/doc [netbsd-7-1]: CHANGES-7.1.3

Log Message:
Ticket #1706


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.56 -r1.1.2.57 src/doc/CHANGES-7.1.3

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7-1] src/doc

2019-09-06 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Fri Sep  6 13:52:36 UTC 2019

Modified Files:
src/doc [netbsd-7-1]: CHANGES-7.1.3

Log Message:
Ticket #1706


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.56 -r1.1.2.57 src/doc/CHANGES-7.1.3

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-7.1.3
diff -u src/doc/CHANGES-7.1.3:1.1.2.56 src/doc/CHANGES-7.1.3:1.1.2.57
--- src/doc/CHANGES-7.1.3:1.1.2.56	Tue Sep  3 12:29:08 2019
+++ src/doc/CHANGES-7.1.3	Fri Sep  6 13:52:36 2019
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-7.1.3,v 1.1.2.56 2019/09/03 12:29:08 martin Exp $
+# $NetBSD: CHANGES-7.1.3,v 1.1.2.57 2019/09/06 13:52:36 martin Exp $
 
 A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3
 release:
@@ -576,3 +576,8 @@ sys/sys/cprng.h	1.13-1.15
 	Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256.
 	[riastradh, ticket #1705]
 
+lib/libc/nameser/ns_name.c			1.12
+
+	Fix buffer overrun.
+	[maya, ticket #1706]
+



CVS commit: [netbsd-7-1] src/lib/libc/nameser

2019-09-06 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Fri Sep  6 13:51:20 UTC 2019

Modified Files:
src/lib/libc/nameser [netbsd-7-1]: ns_name.c

Log Message:
Pull up following revision(s) (requested by maya in ticket #1706):

lib/libc/nameser/ns_name.c: revision 1.12

Since we advance cp after the bounds check, we need to test for bounds
again before using it. Discovered via fuzzing, reported by enh at google, via:

https://android-review.googlesource.com/c/platform/bionic/+/1093130


To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.11.14.1 src/lib/libc/nameser/ns_name.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7-1] src/lib/libc/nameser

2019-09-06 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Fri Sep  6 13:51:20 UTC 2019

Modified Files:
src/lib/libc/nameser [netbsd-7-1]: ns_name.c

Log Message:
Pull up following revision(s) (requested by maya in ticket #1706):

lib/libc/nameser/ns_name.c: revision 1.12

Since we advance cp after the bounds check, we need to test for bounds
again before using it. Discovered via fuzzing, reported by enh at google, via:

https://android-review.googlesource.com/c/platform/bionic/+/1093130


To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.11.14.1 src/lib/libc/nameser/ns_name.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/lib/libc/nameser/ns_name.c
diff -u src/lib/libc/nameser/ns_name.c:1.11 src/lib/libc/nameser/ns_name.c:1.11.14.1
--- src/lib/libc/nameser/ns_name.c:1.11	Fri Mar  7 01:07:01 2014
+++ src/lib/libc/nameser/ns_name.c	Fri Sep  6 13:51:20 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: ns_name.c,v 1.11 2014/03/07 01:07:01 christos Exp $	*/
+/*	$NetBSD: ns_name.c,v 1.11.14.1 2019/09/06 13:51:20 martin Exp $	*/
 
 /*
  * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
@@ -22,7 +22,7 @@
 #ifdef notdef
 static const char rcsid[] = "Id: ns_name.c,v 1.11 2009/01/23 19:59:16 each Exp";
 #else
-__RCSID("$NetBSD: ns_name.c,v 1.11 2014/03/07 01:07:01 christos Exp $");
+__RCSID("$NetBSD: ns_name.c,v 1.11.14.1 2019/09/06 13:51:20 martin Exp $");
 #endif
 #endif
 
@@ -696,7 +696,7 @@ ns_name_skip(const u_char **ptrptr, cons
 {
 	const u_char *cp;
 	u_int n;
-	int l;
+	int l = 0;
 
 	cp = *ptrptr;
 	while (cp < eom && (n = *cp++) != 0) {
@@ -706,7 +706,7 @@ ns_name_skip(const u_char **ptrptr, cons
 			cp += n;
 			continue;
 		case NS_TYPE_ELT: /*%< EDNS0 extended label */
-			if ((l = labellen(cp - 1)) < 0) {
+			if (cp < eom && (l = labellen(cp - 1)) < 0) {
 errno = EMSGSIZE; /*%< XXX */
 return (-1);
 			}



CVS commit: [netbsd-7-1] src/doc

2019-09-03 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Tue Sep  3 12:29:08 UTC 2019

Modified Files:
src/doc [netbsd-7-1]: CHANGES-7.1.3

Log Message:
Ticket #1705


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.55 -r1.1.2.56 src/doc/CHANGES-7.1.3

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-7.1.3
diff -u src/doc/CHANGES-7.1.3:1.1.2.55 src/doc/CHANGES-7.1.3:1.1.2.56
--- src/doc/CHANGES-7.1.3:1.1.2.55	Thu Aug 29 16:15:06 2019
+++ src/doc/CHANGES-7.1.3	Tue Sep  3 12:29:08 2019
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-7.1.3,v 1.1.2.55 2019/08/29 16:15:06 martin Exp $
+# $NetBSD: CHANGES-7.1.3,v 1.1.2.56 2019/09/03 12:29:08 martin Exp $
 
 A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3
 release:
@@ -553,3 +553,26 @@ sys/miscfs/procfs/procfs_vnops.c		1.207
 	Add missing operation VOP_GETPAGES() returning EFAULT.
 	[hannken, ticket #1703]
 
+sys/conf/files	1.1238
+sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg	delete
+sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h delete
+sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c	delete
+sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h	delete
+sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h	delete
+sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h	delete
+sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h	delete
+sys/crypto/nist_hash_drbg/files.nist_hash_drbg	1.1
+sys/crypto/nist_hash_drbg/nist_hash_drbg.c	1.1
+sys/crypto/nist_hash_drbg/nist_hash_drbg.h	1.1
+sys/dev/rndpseudo.c1.38
+sys/kern/subr_cprng.c1.31
+sys/rump/kern/lib/libcrypto/Makefile		1.5
+sys/rump/librump/rumpkern/Makefile.rumpkern	1.176
+sys/sys/cprng.h	1.13-1.15
+
+	cprng.h: use static __inline for consistency with other include
+	headers and remove an unused function.
+
+	Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256.
+	[riastradh, ticket #1705]
+



CVS commit: [netbsd-7-1] src/sys

2019-09-03 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Tue Sep  3 12:28:31 UTC 2019

Modified Files:
src/sys/conf [netbsd-7-1]: files
src/sys/dev [netbsd-7-1]: rndpseudo.c
src/sys/kern [netbsd-7-1]: subr_cprng.c
src/sys/rump/kern/lib/libcrypto [netbsd-7-1]: Makefile
src/sys/rump/librump/rumpkern [netbsd-7-1]: Makefile.rumpkern
src/sys/sys [netbsd-7-1]: cprng.h
Added Files:
src/sys/crypto/nist_hash_drbg [netbsd-7-1]: files.nist_hash_drbg
nist_hash_drbg.c nist_hash_drbg.h
Removed Files:
src/sys/crypto/nist_ctr_drbg [netbsd-7-1]: files.nist_ctr_drbg
nist_ctr_aes_rijndael.h nist_ctr_drbg.c nist_ctr_drbg.h
nist_ctr_drbg_aes128.h nist_ctr_drbg_aes256.h
nist_ctr_drbg_config.h

Log Message:
Pull up following revision(s) (requested by riastradh in ticket #1705):

sys/crypto/nist_hash_drbg/nist_hash_drbg.c: revision 1.1
sys/crypto/nist_hash_drbg/nist_hash_drbg.h: revision 1.1
sys/rump/kern/lib/libcrypto/Makefile: revision 1.5
sys/crypto/nist_hash_drbg/files.nist_hash_drbg: revision 1.1
sys/rump/librump/rumpkern/Makefile.rumpkern: revision 1.176
sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h: file removal
sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h: file removal
sys/conf/files: revision 1.1238
sys/dev/rndpseudo.c: revision 1.38
sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c: file removal
sys/sys/cprng.h: revision 1.13 - 1.15
sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h: file removal
sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h: file removal
sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg: file removal
sys/kern/subr_cprng.c: revision 1.31
sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h: file removal

cprng.h: use static __inline for consistency with other include
headers and remove an unused function.

 -

Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256.

Benefits:
- larger seeds -- a 128-bit key alone is not enough for `128-bit security'
- better resistance to timing side channels than AES
- a better-understood security story (https://eprint.iacr.org/2018/349";>https://eprint.iacr.org/2018/349)
- no loss in compliance with US government standards that nobody ever
  got fired for choosing, at least in the US-dominated western world
- no dirty endianness tricks
- self-tests

Drawbacks:
- performance hit: throughput is reduced to about 1/3 in naive measurements
  => possible to mitigate by using hardware SHA-256 instructions
  => all you really need is 32 bytes to seed a userland PRNG anyway
  => if we just used ChaCha this would go away...


To generate a diff of this commit:
cvs rdiff -u -r1.1096.2.8 -r1.1096.2.8.2.1 src/sys/conf/files
cvs rdiff -u -r1.1 -r0 src/sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg \
src/sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h \
src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c \
src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h
cvs rdiff -u -r1.2 -r0 src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h \
src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h \
src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h
cvs rdiff -u -r0 -r1.1.8.2 src/sys/crypto/nist_hash_drbg/files.nist_hash_drbg \
src/sys/crypto/nist_hash_drbg/nist_hash_drbg.c \
src/sys/crypto/nist_hash_drbg/nist_hash_drbg.h
cvs rdiff -u -r1.21.2.1 -r1.21.2.1.6.1 src/sys/dev/rndpseudo.c
cvs rdiff -u -r1.24.2.1 -r1.24.2.1.6.1 src/sys/kern/subr_cprng.c
cvs rdiff -u -r1.3 -r1.3.12.1 src/sys/rump/kern/lib/libcrypto/Makefile
cvs rdiff -u -r1.148 -r1.148.8.1 \
src/sys/rump/librump/rumpkern/Makefile.rumpkern
cvs rdiff -u -r1.10 -r1.10.10.1 src/sys/sys/cprng.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/conf/files
diff -u src/sys/conf/files:1.1096.2.8 src/sys/conf/files:1.1096.2.8.2.1
--- src/sys/conf/files:1.1096.2.8	Sun Nov 13 07:27:22 2016
+++ src/sys/conf/files	Tue Sep  3 12:28:31 2019
@@ -1,4 +1,4 @@
-#	$NetBSD: files,v 1.1096.2.8 2016/11/13 07:27:22 snj Exp $
+#	$NetBSD: files,v 1.1096.2.8.2.1 2019/09/03 12:28:31 martin Exp $
 #	@(#)files.newconf	7.5 (Berkeley) 5/10/93
 
 version 	20100430
@@ -167,8 +167,8 @@ include "crypto/camellia/files.camellia"
 # General-purpose crypto processing framework.
 include "opencrypto/files.opencrypto"
 
-# NIST SP800.90 CTR DRBG
-include "crypto/nist_ctr_drbg/files.nist_ctr_drbg"
+# NIST SP800-90A Hash_DRBG
+include "crypto/nist_hash_drbg/files.nist_hash_drbg"
 
 # ChaCha-based fast PRNG
 include "crypto/cprng_fast/files.cprng_fast"

Index: src/sys/dev/rndpseudo.c
diff -u src/sys/dev/rndpseudo.c:1.21.2.1 src/sys/dev/rndpseudo.c:1.21.2.1.6.1
--- src/sys/dev/rndpseudo.c:1.21.2.1	Sun Nov  2 09:47:04 2014
+++ src/sys/dev/rndpseudo.c	Tue Sep  3 12:28:31 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: rndpseudo.c,v 1.21.2.1 2014/11/02 09:47:04

CVS commit: [netbsd-7-1] src/doc

2019-09-03 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Tue Sep  3 12:29:08 UTC 2019

Modified Files:
src/doc [netbsd-7-1]: CHANGES-7.1.3

Log Message:
Ticket #1705


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.55 -r1.1.2.56 src/doc/CHANGES-7.1.3

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7-1] src/sys

2019-09-03 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Tue Sep  3 12:28:31 UTC 2019

Modified Files:
src/sys/conf [netbsd-7-1]: files
src/sys/dev [netbsd-7-1]: rndpseudo.c
src/sys/kern [netbsd-7-1]: subr_cprng.c
src/sys/rump/kern/lib/libcrypto [netbsd-7-1]: Makefile
src/sys/rump/librump/rumpkern [netbsd-7-1]: Makefile.rumpkern
src/sys/sys [netbsd-7-1]: cprng.h
Added Files:
src/sys/crypto/nist_hash_drbg [netbsd-7-1]: files.nist_hash_drbg
nist_hash_drbg.c nist_hash_drbg.h
Removed Files:
src/sys/crypto/nist_ctr_drbg [netbsd-7-1]: files.nist_ctr_drbg
nist_ctr_aes_rijndael.h nist_ctr_drbg.c nist_ctr_drbg.h
nist_ctr_drbg_aes128.h nist_ctr_drbg_aes256.h
nist_ctr_drbg_config.h

Log Message:
Pull up following revision(s) (requested by riastradh in ticket #1705):

sys/crypto/nist_hash_drbg/nist_hash_drbg.c: revision 1.1
sys/crypto/nist_hash_drbg/nist_hash_drbg.h: revision 1.1
sys/rump/kern/lib/libcrypto/Makefile: revision 1.5
sys/crypto/nist_hash_drbg/files.nist_hash_drbg: revision 1.1
sys/rump/librump/rumpkern/Makefile.rumpkern: revision 1.176
sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h: file removal
sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h: file removal
sys/conf/files: revision 1.1238
sys/dev/rndpseudo.c: revision 1.38
sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c: file removal
sys/sys/cprng.h: revision 1.13 - 1.15
sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h: file removal
sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h: file removal
sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg: file removal
sys/kern/subr_cprng.c: revision 1.31
sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h: file removal

cprng.h: use static __inline for consistency with other include
headers and remove an unused function.

 -

Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256.

Benefits:
- larger seeds -- a 128-bit key alone is not enough for `128-bit security'
- better resistance to timing side channels than AES
- a better-understood security story (https://eprint.iacr.org/2018/349";>https://eprint.iacr.org/2018/349)
- no loss in compliance with US government standards that nobody ever
  got fired for choosing, at least in the US-dominated western world
- no dirty endianness tricks
- self-tests

Drawbacks:
- performance hit: throughput is reduced to about 1/3 in naive measurements
  => possible to mitigate by using hardware SHA-256 instructions
  => all you really need is 32 bytes to seed a userland PRNG anyway
  => if we just used ChaCha this would go away...


To generate a diff of this commit:
cvs rdiff -u -r1.1096.2.8 -r1.1096.2.8.2.1 src/sys/conf/files
cvs rdiff -u -r1.1 -r0 src/sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg \
src/sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h \
src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c \
src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h
cvs rdiff -u -r1.2 -r0 src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h \
src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h \
src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h
cvs rdiff -u -r0 -r1.1.8.2 src/sys/crypto/nist_hash_drbg/files.nist_hash_drbg \
src/sys/crypto/nist_hash_drbg/nist_hash_drbg.c \
src/sys/crypto/nist_hash_drbg/nist_hash_drbg.h
cvs rdiff -u -r1.21.2.1 -r1.21.2.1.6.1 src/sys/dev/rndpseudo.c
cvs rdiff -u -r1.24.2.1 -r1.24.2.1.6.1 src/sys/kern/subr_cprng.c
cvs rdiff -u -r1.3 -r1.3.12.1 src/sys/rump/kern/lib/libcrypto/Makefile
cvs rdiff -u -r1.148 -r1.148.8.1 \
src/sys/rump/librump/rumpkern/Makefile.rumpkern
cvs rdiff -u -r1.10 -r1.10.10.1 src/sys/sys/cprng.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7-1] src/doc

2019-08-29 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Thu Aug 29 16:15:06 UTC 2019

Modified Files:
src/doc [netbsd-7-1]: CHANGES-7.1.3

Log Message:
Ticket #1703


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.54 -r1.1.2.55 src/doc/CHANGES-7.1.3

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-7.1.3
diff -u src/doc/CHANGES-7.1.3:1.1.2.54 src/doc/CHANGES-7.1.3:1.1.2.55
--- src/doc/CHANGES-7.1.3:1.1.2.54	Sat Jun 15 15:59:55 2019
+++ src/doc/CHANGES-7.1.3	Thu Aug 29 16:15:06 2019
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-7.1.3,v 1.1.2.54 2019/06/15 15:59:55 martin Exp $
+# $NetBSD: CHANGES-7.1.3,v 1.1.2.55 2019/08/29 16:15:06 martin Exp $
 
 A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3
 release:
@@ -547,3 +547,9 @@ libexec/httpd/testsuite/test-simple		1.6
 	Avoid an assertion failure when using cgihandler (-C option).
 	[mrg, ticket #1699]
 
+sys/miscfs/kernfs/kernfs_vnops.c		1.161
+sys/miscfs/procfs/procfs_vnops.c		1.207
+
+	Add missing operation VOP_GETPAGES() returning EFAULT.
+	[hannken, ticket #1703]
+



CVS commit: [netbsd-7-1] src/doc

2019-08-29 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Thu Aug 29 16:15:06 UTC 2019

Modified Files:
src/doc [netbsd-7-1]: CHANGES-7.1.3

Log Message:
Ticket #1703


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.54 -r1.1.2.55 src/doc/CHANGES-7.1.3

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7-1] src/sys/miscfs

2019-08-29 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Thu Aug 29 16:14:37 UTC 2019

Modified Files:
src/sys/miscfs/kernfs [netbsd-7-1]: kernfs_vnops.c
src/sys/miscfs/procfs [netbsd-7-1]: procfs_vnops.c

Log Message:
Pull up following revision(s) (requested by hannken in ticket #1703):

sys/miscfs/kernfs/kernfs_vnops.c: revision 1.161
sys/miscfs/procfs/procfs_vnops.c: revision 1.207

Add missing operation VOP_GETPAGES() returning EFAULT.

Without this operation posix_fadvise(..., POSIX_FADV_WILLNEED)
would leave the v_interlock held.

Observed by maxv@


To generate a diff of this commit:
cvs rdiff -u -r1.154 -r1.154.10.1 src/sys/miscfs/kernfs/kernfs_vnops.c
cvs rdiff -u -r1.191 -r1.191.8.1 src/sys/miscfs/procfs/procfs_vnops.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7-1] src/sys/miscfs

2019-08-29 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Thu Aug 29 16:14:37 UTC 2019

Modified Files:
src/sys/miscfs/kernfs [netbsd-7-1]: kernfs_vnops.c
src/sys/miscfs/procfs [netbsd-7-1]: procfs_vnops.c

Log Message:
Pull up following revision(s) (requested by hannken in ticket #1703):

sys/miscfs/kernfs/kernfs_vnops.c: revision 1.161
sys/miscfs/procfs/procfs_vnops.c: revision 1.207

Add missing operation VOP_GETPAGES() returning EFAULT.

Without this operation posix_fadvise(..., POSIX_FADV_WILLNEED)
would leave the v_interlock held.

Observed by maxv@


To generate a diff of this commit:
cvs rdiff -u -r1.154 -r1.154.10.1 src/sys/miscfs/kernfs/kernfs_vnops.c
cvs rdiff -u -r1.191 -r1.191.8.1 src/sys/miscfs/procfs/procfs_vnops.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/miscfs/kernfs/kernfs_vnops.c
diff -u src/sys/miscfs/kernfs/kernfs_vnops.c:1.154 src/sys/miscfs/kernfs/kernfs_vnops.c:1.154.10.1
--- src/sys/miscfs/kernfs/kernfs_vnops.c:1.154	Fri Jul 25 08:20:52 2014
+++ src/sys/miscfs/kernfs/kernfs_vnops.c	Thu Aug 29 16:14:37 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: kernfs_vnops.c,v 1.154 2014/07/25 08:20:52 dholland Exp $	*/
+/*	$NetBSD: kernfs_vnops.c,v 1.154.10.1 2019/08/29 16:14:37 martin Exp $	*/
 
 /*
  * Copyright (c) 1992, 1993
@@ -39,7 +39,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: kernfs_vnops.c,v 1.154 2014/07/25 08:20:52 dholland Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kernfs_vnops.c,v 1.154.10.1 2019/08/29 16:14:37 martin Exp $");
 
 #include 
 #include 
@@ -172,6 +172,7 @@ int	kernfs_print(void *);
 int	kernfs_pathconf(void *);
 #define	kernfs_advlock	genfs_einval
 #define	kernfs_bwrite	genfs_eopnotsupp
+int	kernfs_getpages(void *);
 #define	kernfs_putpages	genfs_putpages
 
 static int	kernfs_xread(struct kernfs_node *, int, char **,
@@ -219,6 +220,7 @@ const struct vnodeopv_entry_desc kernfs_
 	{ &vop_pathconf_desc, kernfs_pathconf },	/* pathconf */
 	{ &vop_advlock_desc, kernfs_advlock },		/* advlock */
 	{ &vop_bwrite_desc, kernfs_bwrite },		/* bwrite */
+	{ &vop_getpages_desc, kernfs_getpages },	/* getpages */
 	{ &vop_putpages_desc, kernfs_putpages },	/* putpages */
 	{ NULL, NULL }
 };
@@ -1171,3 +1173,23 @@ kernfs_symlink(void *v)
 	VOP_ABORTOP(ap->a_dvp, ap->a_cnp);
 	return (EROFS);
 }
+ 
+int
+kernfs_getpages(void *v)
+{
+	struct vop_getpages_args /* {
+		struct vnode *a_vp;
+		voff_t a_offset;
+		struct vm_page **a_m;
+		int *a_count;
+		int a_centeridx;
+		vm_prot_t a_access_type;
+		int a_advice;
+		int a_flags;
+	} */ *ap = v;
+
+	if ((ap->a_flags & PGO_LOCKED) == 0)
+		mutex_exit(ap->a_vp->v_interlock);
+
+	return (EFAULT);
+}

Index: src/sys/miscfs/procfs/procfs_vnops.c
diff -u src/sys/miscfs/procfs/procfs_vnops.c:1.191 src/sys/miscfs/procfs/procfs_vnops.c:1.191.8.1
--- src/sys/miscfs/procfs/procfs_vnops.c:1.191	Sun Jul 27 16:47:26 2014
+++ src/sys/miscfs/procfs/procfs_vnops.c	Thu Aug 29 16:14:37 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: procfs_vnops.c,v 1.191 2014/07/27 16:47:26 hannken Exp $	*/
+/*	$NetBSD: procfs_vnops.c,v 1.191.8.1 2019/08/29 16:14:37 martin Exp $	*/
 
 /*-
  * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc.
@@ -105,7 +105,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: procfs_vnops.c,v 1.191 2014/07/27 16:47:26 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: procfs_vnops.c,v 1.191.8.1 2019/08/29 16:14:37 martin Exp $");
 
 #include 
 #include 
@@ -239,6 +239,7 @@ int	procfs_pathconf(void *);
 #define	procfs_islocked	genfs_islocked
 #define	procfs_advlock	genfs_einval
 #define	procfs_bwrite	genfs_eopnotsupp
+int	procfs_getpages(void *);
 #define procfs_putpages	genfs_null_putpages
 
 static int atoi(const char *, size_t);
@@ -286,6 +287,7 @@ const struct vnodeopv_entry_desc procfs_
 	{ &vop_islocked_desc, procfs_islocked },	/* islocked */
 	{ &vop_pathconf_desc, procfs_pathconf },	/* pathconf */
 	{ &vop_advlock_desc, procfs_advlock },		/* advlock */
+	{ &vop_getpages_desc, procfs_getpages },	/* getpages */
 	{ &vop_putpages_desc, procfs_putpages },	/* putpages */
 	{ NULL, NULL }
 };
@@ -1709,6 +1711,26 @@ procfs_readlink(void *v)
 	return error;
 }
 
+int
+procfs_getpages(void *v)
+{
+	struct vop_getpages_args /* {
+		struct vnode *a_vp;
+		voff_t a_offset;
+		struct vm_page **a_m;
+		int *a_count;
+		int a_centeridx;
+		vm_prot_t a_access_type;
+		int a_advice;
+		int a_flags;
+	} */ *ap = v;
+
+	if ((ap->a_flags & PGO_LOCKED) == 0)
+		mutex_exit(ap->a_vp->v_interlock);
+
+	return (EFAULT);
+}
+
 /*
  * convert decimal ascii to int
  */



CVS commit: [netbsd-7-1] src/doc

2019-06-15 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Sat Jun 15 15:59:55 UTC 2019

Modified Files:
src/doc [netbsd-7-1]: CHANGES-7.1.3

Log Message:
Fix typo in last entry


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.53 -r1.1.2.54 src/doc/CHANGES-7.1.3

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7-1] src/doc

2019-06-15 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Sat Jun 15 15:59:55 UTC 2019

Modified Files:
src/doc [netbsd-7-1]: CHANGES-7.1.3

Log Message:
Fix typo in last entry


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.53 -r1.1.2.54 src/doc/CHANGES-7.1.3

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-7.1.3
diff -u src/doc/CHANGES-7.1.3:1.1.2.53 src/doc/CHANGES-7.1.3:1.1.2.54
--- src/doc/CHANGES-7.1.3:1.1.2.53	Sat Jun 15 15:56:50 2019
+++ src/doc/CHANGES-7.1.3	Sat Jun 15 15:59:55 2019
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-7.1.3,v 1.1.2.53 2019/06/15 15:56:50 martin Exp $
+# $NetBSD: CHANGES-7.1.3,v 1.1.2.54 2019/06/15 15:59:55 martin Exp $
 
 A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3
 release:
@@ -545,5 +545,5 @@ libexec/httpd/testsuite/test-simple		1.6
 	in the slashdir too.
 	Avoid possible NULL dereference when sending a big request that timeout.
 	Avoid an assertion failure when using cgihandler (-C option).
-	[mrg, ticket #1699}
+	[mrg, ticket #1699]
 



CVS commit: [netbsd-7-1] src/doc

2019-06-15 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Sat Jun 15 15:56:50 UTC 2019

Modified Files:
src/doc [netbsd-7-1]: CHANGES-7.1.3

Log Message:
Ticket #1699


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.52 -r1.1.2.53 src/doc/CHANGES-7.1.3

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7-1] src/doc

2019-06-15 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Sat Jun 15 15:56:50 UTC 2019

Modified Files:
src/doc [netbsd-7-1]: CHANGES-7.1.3

Log Message:
Ticket #1699


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.52 -r1.1.2.53 src/doc/CHANGES-7.1.3

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-7.1.3
diff -u src/doc/CHANGES-7.1.3:1.1.2.52 src/doc/CHANGES-7.1.3:1.1.2.53
--- src/doc/CHANGES-7.1.3:1.1.2.52	Fri May 31 08:15:11 2019
+++ src/doc/CHANGES-7.1.3	Sat Jun 15 15:56:50 2019
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-7.1.3,v 1.1.2.52 2019/05/31 08:15:11 martin Exp $
+# $NetBSD: CHANGES-7.1.3,v 1.1.2.53 2019/06/15 15:56:50 martin Exp $
 
 A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3
 release:
@@ -517,3 +517,33 @@ sys/dev/scsipi/scsipi_ioctl.c			1.72 (pa
 	Use correct size when copying outgoing sense data.
 	[mlelstv, ticket #1698]
 
+libexec/httpd/CHANGES1.31-1.40
+libexec/httpd/Makefile1.28
+libexec/httpd/auth-bozo.c			1.23-1.24
+libexec/httpd/bozohttpd.8			1.75-1.79
+libexec/httpd/bozohttpd.c			1.100-1.113
+libexec/httpd/bozohttpd.h			1.58-1.60
+libexec/httpd/cgi-bozo.c			1.46-1.48
+libexec/httpd/daemon-bozo.c			1.20-1.21
+libexec/httpd/dir-index-bozo.c			1.29-1.32
+libexec/httpd/ssl-bozo.c			1.26
+libexec/httpd/testsuite/Makefile		1.12-1.13
+libexec/httpd/testsuite/t11.out			1.2
+libexec/httpd/testsuite/test-bigfile		1.6
+libexec/httpd/testsuite/test-simple		1.6
+
+	Don't display special files in the directory index.
+	Use html tables for directory index.
+	Don't include "index.html" in html headers.
+	Fix CGI '+' param and error handling.
+	Remove unused parameter to daemon_poll_err().
+	Avoid sign extension in % handling
+	Fix a few problems pointed out by clang static analyzer.
+	Add ssl specific timeout value (30s).---
+	Fix handling of bozo_set_timeout() timeouts (and `-T' option parsing).
+	Avoid .htpasswd exposure to authenticated users when .htpasswd is
+	in the slashdir too.
+	Avoid possible NULL dereference when sending a big request that timeout.
+	Avoid an assertion failure when using cgihandler (-C option).
+	[mrg, ticket #1699}
+



CVS commit: [netbsd-7-1] src/libexec/httpd

2019-06-15 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Sat Jun 15 15:56:22 UTC 2019

Modified Files:
src/libexec/httpd [netbsd-7-1]: CHANGES Makefile auth-bozo.c
bozohttpd.8 bozohttpd.c bozohttpd.h cgi-bozo.c daemon-bozo.c
dir-index-bozo.c ssl-bozo.c
src/libexec/httpd/testsuite [netbsd-7-1]: Makefile t11.out test-bigfile
test-simple

Log Message:
Pull up the following revisions (via patch) requested by mrg in ticket #1699:

libexec/httpd/CHANGES   1.31-1.40
libexec/httpd/Makefile  1.28
libexec/httpd/auth-bozo.c   1.23-1.24
libexec/httpd/bozohttpd.8   1.75-1.79
libexec/httpd/bozohttpd.c   1.100-1.113
libexec/httpd/bozohttpd.h   1.58-1.60
libexec/httpd/cgi-bozo.c1.46-1.48
libexec/httpd/daemon-bozo.c 1.20-1.21
libexec/httpd/dir-index-bozo.c  1.29-1.32
libexec/httpd/ssl-bozo.c1.26
libexec/httpd/testsuite/Makefile1.12-1.13
libexec/httpd/testsuite/t11.out 1.2
libexec/httpd/testsuite/test-bigfile1.6
libexec/httpd/testsuite/test-simple 1.6

Don't display special files in the directory index.  They aren't
served, but links to them are generated.
---
All from "Rajeev V. Pillai" :
- use html tables for directory index.
- don't include "index.html" in html headers
- additional escaping of names
- re-add top/bottom borders
- adds an aquamarine table header
- Zebra-stripes table rows using CSS instead of code
- fix CGI '+' param and error handling.
- remove unused parameter to daemon_poll_err().
- avoid sign extension in % handling
fix a few problems pointed out by clang static analyzer:
- bozostrnsep() may return with "in = NULL", so check for it.
- nul terminating in bozo_escape_rfc3986() can be simpler
- don't use uniinit variables in check_remap()
- don't use re-used freed data in check_virtual().
- fix bozoprefs->size setting when increasing the size (new total was
  being added to the prior total.)
  however, bozostrdup() may reference request->hr_file.
---
Add ssl specific timeout value (30s).  If SSL_accept() doesn't
work with in this timeout value, ssl setup now fails.
---
Fix handling of bozo_set_timeout() timeouts (and `-T' option parsing)
---
Avoid .htpasswd exposure to authenticated users when .htpasswd is
in the slashdir too.
---
Avoid possible NULL dereference when sending a big request that timeout.
---
Use strings.h for strcasecmp (on linux)
---
Account for cgihandler being set when counting the number of CGI environment
headers we are about to set. Avoids an assertion failure (and overruninng
the array) later.


To generate a diff of this commit:
cvs rdiff -u -r1.19.2.5.2.2 -r1.19.2.5.2.3 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.22.2.2.4.1 -r1.22.2.2.4.2 src/libexec/httpd/Makefile
cvs rdiff -u -r1.13.2.2.4.1 -r1.13.2.2.4.2 src/libexec/httpd/auth-bozo.c
cvs rdiff -u -r1.46.4.8.2.1 -r1.46.4.8.2.2 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.56.2.8.2.2 -r1.56.2.8.2.3 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.33.2.6.2.2 -r1.33.2.6.2.3 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.25.2.7.2.3 -r1.25.2.7.2.4 src/libexec/httpd/cgi-bozo.c
cvs rdiff -u -r1.16.4.1.4.1 -r1.16.4.1.4.2 src/libexec/httpd/daemon-bozo.c
cvs rdiff -u -r1.19.4.2.4.1 -r1.19.4.2.4.2 src/libexec/httpd/dir-index-bozo.c
cvs rdiff -u -r1.18.2.1.4.1 -r1.18.2.1.4.2 src/libexec/httpd/ssl-bozo.c
cvs rdiff -u -r1.4.24.3.2.1 -r1.4.24.3.2.2 \
src/libexec/httpd/testsuite/Makefile
cvs rdiff -u -r1.1.4.2 -r1.1.4.2.2.1 src/libexec/httpd/testsuite/t11.out
cvs rdiff -u -r1.1.1.1.30.3.2.1 -r1.1.1.1.30.3.2.2 \
src/libexec/httpd/testsuite/test-bigfile
cvs rdiff -u -r1.2.4.3.2.1 -r1.2.4.3.2.2 \
src/libexec/httpd/testsuite/test-simple

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7-1] src/libexec/httpd

2019-06-15 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Sat Jun 15 15:56:22 UTC 2019

Modified Files:
src/libexec/httpd [netbsd-7-1]: CHANGES Makefile auth-bozo.c
bozohttpd.8 bozohttpd.c bozohttpd.h cgi-bozo.c daemon-bozo.c
dir-index-bozo.c ssl-bozo.c
src/libexec/httpd/testsuite [netbsd-7-1]: Makefile t11.out test-bigfile
test-simple

Log Message:
Pull up the following revisions (via patch) requested by mrg in ticket #1699:

libexec/httpd/CHANGES   1.31-1.40
libexec/httpd/Makefile  1.28
libexec/httpd/auth-bozo.c   1.23-1.24
libexec/httpd/bozohttpd.8   1.75-1.79
libexec/httpd/bozohttpd.c   1.100-1.113
libexec/httpd/bozohttpd.h   1.58-1.60
libexec/httpd/cgi-bozo.c1.46-1.48
libexec/httpd/daemon-bozo.c 1.20-1.21
libexec/httpd/dir-index-bozo.c  1.29-1.32
libexec/httpd/ssl-bozo.c1.26
libexec/httpd/testsuite/Makefile1.12-1.13
libexec/httpd/testsuite/t11.out 1.2
libexec/httpd/testsuite/test-bigfile1.6
libexec/httpd/testsuite/test-simple 1.6

Don't display special files in the directory index.  They aren't
served, but links to them are generated.
---
All from "Rajeev V. Pillai" :
- use html tables for directory index.
- don't include "index.html" in html headers
- additional escaping of names
- re-add top/bottom borders
- adds an aquamarine table header
- Zebra-stripes table rows using CSS instead of code
- fix CGI '+' param and error handling.
- remove unused parameter to daemon_poll_err().
- avoid sign extension in % handling
fix a few problems pointed out by clang static analyzer:
- bozostrnsep() may return with "in = NULL", so check for it.
- nul terminating in bozo_escape_rfc3986() can be simpler
- don't use uniinit variables in check_remap()
- don't use re-used freed data in check_virtual().
- fix bozoprefs->size setting when increasing the size (new total was
  being added to the prior total.)
  however, bozostrdup() may reference request->hr_file.
---
Add ssl specific timeout value (30s).  If SSL_accept() doesn't
work with in this timeout value, ssl setup now fails.
---
Fix handling of bozo_set_timeout() timeouts (and `-T' option parsing)
---
Avoid .htpasswd exposure to authenticated users when .htpasswd is
in the slashdir too.
---
Avoid possible NULL dereference when sending a big request that timeout.
---
Use strings.h for strcasecmp (on linux)
---
Account for cgihandler being set when counting the number of CGI environment
headers we are about to set. Avoids an assertion failure (and overruninng
the array) later.


To generate a diff of this commit:
cvs rdiff -u -r1.19.2.5.2.2 -r1.19.2.5.2.3 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.22.2.2.4.1 -r1.22.2.2.4.2 src/libexec/httpd/Makefile
cvs rdiff -u -r1.13.2.2.4.1 -r1.13.2.2.4.2 src/libexec/httpd/auth-bozo.c
cvs rdiff -u -r1.46.4.8.2.1 -r1.46.4.8.2.2 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.56.2.8.2.2 -r1.56.2.8.2.3 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.33.2.6.2.2 -r1.33.2.6.2.3 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.25.2.7.2.3 -r1.25.2.7.2.4 src/libexec/httpd/cgi-bozo.c
cvs rdiff -u -r1.16.4.1.4.1 -r1.16.4.1.4.2 src/libexec/httpd/daemon-bozo.c
cvs rdiff -u -r1.19.4.2.4.1 -r1.19.4.2.4.2 src/libexec/httpd/dir-index-bozo.c
cvs rdiff -u -r1.18.2.1.4.1 -r1.18.2.1.4.2 src/libexec/httpd/ssl-bozo.c
cvs rdiff -u -r1.4.24.3.2.1 -r1.4.24.3.2.2 \
src/libexec/httpd/testsuite/Makefile
cvs rdiff -u -r1.1.4.2 -r1.1.4.2.2.1 src/libexec/httpd/testsuite/t11.out
cvs rdiff -u -r1.1.1.1.30.3.2.1 -r1.1.1.1.30.3.2.2 \
src/libexec/httpd/testsuite/test-bigfile
cvs rdiff -u -r1.2.4.3.2.1 -r1.2.4.3.2.2 \
src/libexec/httpd/testsuite/test-simple

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.19.2.5.2.2 src/libexec/httpd/CHANGES:1.19.2.5.2.3
--- src/libexec/httpd/CHANGES:1.19.2.5.2.2	Wed Nov 28 19:56:09 2018
+++ src/libexec/httpd/CHANGES	Sat Jun 15 15:56:21 2019
@@ -1,4 +1,24 @@
-$NetBSD: CHANGES,v 1.19.2.5.2.2 2018/11/28 19:56:09 martin Exp $
+$NetBSD: CHANGES,v 1.19.2.5.2.3 2019/06/15 15:56:21 martin Exp $
+
+changes in bozohttpd 20190228:
+	o  extend timeout facility to ssl and stop servers hanging forever
+	   if the client never sends anything.  reported by Steffen in netbsd
+	   PR#50655.
+	o  don't display special files in the directory index.  they aren't
+	   served, but links to them are generated.
+	o  fix CGI '+' parameter handling, some error checking, and a double
+	   free.  from rajeev_v_pil...@yahoo.com
+	o  more directory indexing clean up.  from rajeev_v_pil...@yahoo.com
+
+changes in bozohttpd 20181215:
+	o  fix .htpasswd bypass for authenticated users.  reported b

CVS commit: [netbsd-7-1] src/doc

2019-05-31 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Fri May 31 08:15:11 UTC 2019

Modified Files:
src/doc [netbsd-7-1]: CHANGES-7.1.3

Log Message:
Ticket #1698


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.51 -r1.1.2.52 src/doc/CHANGES-7.1.3

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-7.1.3
diff -u src/doc/CHANGES-7.1.3:1.1.2.51 src/doc/CHANGES-7.1.3:1.1.2.52
--- src/doc/CHANGES-7.1.3:1.1.2.51	Wed May 29 15:54:58 2019
+++ src/doc/CHANGES-7.1.3	Fri May 31 08:15:11 2019
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-7.1.3,v 1.1.2.51 2019/05/29 15:54:58 martin Exp $
+# $NetBSD: CHANGES-7.1.3,v 1.1.2.52 2019/05/31 08:15:11 martin Exp $
 
 A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3
 release:
@@ -512,3 +512,8 @@ sys/ufs/ffs/ffs_alloc.c1.164
 	Fix rare allocation botch in ffs_nodealloccg().
 	[kardel, ticket #1697]
 
+sys/dev/scsipi/scsipi_ioctl.c			1.72 (patch)
+
+	Use correct size when copying outgoing sense data.
+	[mlelstv, ticket #1698]
+



CVS commit: [netbsd-7-1] src/doc

2019-05-31 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Fri May 31 08:15:11 UTC 2019

Modified Files:
src/doc [netbsd-7-1]: CHANGES-7.1.3

Log Message:
Ticket #1698


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.51 -r1.1.2.52 src/doc/CHANGES-7.1.3

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7-1] src/sys/dev/scsipi

2019-05-31 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Fri May 31 08:14:50 UTC 2019

Modified Files:
src/sys/dev/scsipi [netbsd-7-1]: scsipi_ioctl.c

Log Message:
Pull up following revision(s) (requested by mlelstv in ticket #1698):

sys/dev/scsipi/scsipi_ioctl.c: revision 1.72 (via patch)

use correct size when copying outgoing sense data.


To generate a diff of this commit:
cvs rdiff -u -r1.67 -r1.67.22.1 src/sys/dev/scsipi/scsipi_ioctl.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/dev/scsipi/scsipi_ioctl.c
diff -u src/sys/dev/scsipi/scsipi_ioctl.c:1.67 src/sys/dev/scsipi/scsipi_ioctl.c:1.67.22.1
--- src/sys/dev/scsipi/scsipi_ioctl.c:1.67	Thu Apr 19 17:45:20 2012
+++ src/sys/dev/scsipi/scsipi_ioctl.c	Fri May 31 08:14:50 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: scsipi_ioctl.c,v 1.67 2012/04/19 17:45:20 bouyer Exp $	*/
+/*	$NetBSD: scsipi_ioctl.c,v 1.67.22.1 2019/05/31 08:14:50 martin Exp $	*/
 
 /*-
  * Copyright (c) 1998, 2004 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: scsipi_ioctl.c,v 1.67 2012/04/19 17:45:20 bouyer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: scsipi_ioctl.c,v 1.67.22.1 2019/05/31 08:14:50 martin Exp $");
 
 #include "opt_compat_freebsd.h"
 #include "opt_compat_netbsd.h"
@@ -162,14 +162,16 @@ scsipi_user_done(struct scsipi_xfer *xs)
 		SC_DEBUG(periph, SCSIPI_DB3, ("have sense\n"));
 		screq->senselen_used = min(sizeof(xs->sense.scsi_sense),
 		SENSEBUFLEN);
-		memcpy(screq->sense, &xs->sense.scsi_sense, screq->senselen);
+		memcpy(screq->sense, &xs->sense.scsi_sense,
+		screq->senselen_used);
 		screq->retsts = SCCMD_SENSE;
 		break;
 	case XS_SHORTSENSE:
 		SC_DEBUG(periph, SCSIPI_DB3, ("have short sense\n"));
 		screq->senselen_used = min(sizeof(xs->sense.atapi_sense),
 		SENSEBUFLEN);
-		memcpy(screq->sense, &xs->sense.scsi_sense, screq->senselen);
+		memcpy(screq->sense, &xs->sense.atapi_sense,
+		screq->senselen_used);
 		screq->retsts = SCCMD_UNKNOWN; /* XXX need a shortsense here */
 		break;
 	case XS_DRIVER_STUFFUP:



CVS commit: [netbsd-7-1] src/sys/dev/scsipi

2019-05-31 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Fri May 31 08:14:50 UTC 2019

Modified Files:
src/sys/dev/scsipi [netbsd-7-1]: scsipi_ioctl.c

Log Message:
Pull up following revision(s) (requested by mlelstv in ticket #1698):

sys/dev/scsipi/scsipi_ioctl.c: revision 1.72 (via patch)

use correct size when copying outgoing sense data.


To generate a diff of this commit:
cvs rdiff -u -r1.67 -r1.67.22.1 src/sys/dev/scsipi/scsipi_ioctl.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7-1] src/doc

2019-05-29 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Wed May 29 15:54:58 UTC 2019

Modified Files:
src/doc [netbsd-7-1]: CHANGES-7.1.3

Log Message:
Ticket #1697


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.50 -r1.1.2.51 src/doc/CHANGES-7.1.3

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-7.1.3
diff -u src/doc/CHANGES-7.1.3:1.1.2.50 src/doc/CHANGES-7.1.3:1.1.2.51
--- src/doc/CHANGES-7.1.3:1.1.2.50	Tue May  7 18:55:20 2019
+++ src/doc/CHANGES-7.1.3	Wed May 29 15:54:58 2019
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-7.1.3,v 1.1.2.50 2019/05/07 18:55:20 martin Exp $
+# $NetBSD: CHANGES-7.1.3,v 1.1.2.51 2019/05/29 15:54:58 martin Exp $
 
 A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3
 release:
@@ -506,3 +506,9 @@ sys/netsmb/smb_conn.c1.30
 	defined.
 	[christos, ticket #1696]
 
+sys/ufs/ffs/ffs_alloc.c1.164
+
+	PR 53990, PR 52380, PR 52102:
+	Fix rare allocation botch in ffs_nodealloccg().
+	[kardel, ticket #1697]
+



CVS commit: [netbsd-7-1] src/doc

2019-05-29 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Wed May 29 15:54:58 UTC 2019

Modified Files:
src/doc [netbsd-7-1]: CHANGES-7.1.3

Log Message:
Ticket #1697


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.50 -r1.1.2.51 src/doc/CHANGES-7.1.3

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7-1] src/sys/ufs/ffs

2019-05-29 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Wed May 29 15:54:31 UTC 2019

Modified Files:
src/sys/ufs/ffs [netbsd-7-1]: ffs_alloc.c

Log Message:
Pull up following revision(s) (requested by kardel in ticket #1697):

sys/ufs/ffs/ffs_alloc.c: revision 1.164

PR/53990, PR/52380, PR/52102: UFS2 cylinder group inode allocation botch

Fix rare allocation botch in ffs_nodealloccg().

Conditions:
a) less than
 #_of_initialized_inodes(cg->cg_initediblk)
 - inodes_per_filesystem_block
   are allocated in the cylinder group
b) cg->cg_irotor points to a uninterupted run of
   allocated inodes in the inode bitmap up to the
   end of dynamically initialized inodes
   (cg->cg_initediblk)

In this case the next inode after this run was returned
without initializing the respective inode block. As the
block is not initialized these inodes could trigger panics
on inode consistency due to old (uninitialized) disk data.

In very rare cases data loss could occur when
the uninitialized inode block is initialized via the
normal mechanism.

Further conditions to occur after the above:
c) no panic
d) no (forced) fsck
e) and more than cg->cg_initediblk - inodes_per_filesystem_block
   allocated inodes.

Fix:

Always insure allocation always in initialized inode range
extending the initialized inode range as needed.

Add KASSERTMSG() safeguards.

ok hannken@


To generate a diff of this commit:
cvs rdiff -u -r1.146.2.1 -r1.146.2.1.6.1 src/sys/ufs/ffs/ffs_alloc.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7-1] src/sys/ufs/ffs

2019-05-29 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Wed May 29 15:54:31 UTC 2019

Modified Files:
src/sys/ufs/ffs [netbsd-7-1]: ffs_alloc.c

Log Message:
Pull up following revision(s) (requested by kardel in ticket #1697):

sys/ufs/ffs/ffs_alloc.c: revision 1.164

PR/53990, PR/52380, PR/52102: UFS2 cylinder group inode allocation botch

Fix rare allocation botch in ffs_nodealloccg().

Conditions:
a) less than
 #_of_initialized_inodes(cg->cg_initediblk)
 - inodes_per_filesystem_block
   are allocated in the cylinder group
b) cg->cg_irotor points to a uninterupted run of
   allocated inodes in the inode bitmap up to the
   end of dynamically initialized inodes
   (cg->cg_initediblk)

In this case the next inode after this run was returned
without initializing the respective inode block. As the
block is not initialized these inodes could trigger panics
on inode consistency due to old (uninitialized) disk data.

In very rare cases data loss could occur when
the uninitialized inode block is initialized via the
normal mechanism.

Further conditions to occur after the above:
c) no panic
d) no (forced) fsck
e) and more than cg->cg_initediblk - inodes_per_filesystem_block
   allocated inodes.

Fix:

Always insure allocation always in initialized inode range
extending the initialized inode range as needed.

Add KASSERTMSG() safeguards.

ok hannken@


To generate a diff of this commit:
cvs rdiff -u -r1.146.2.1 -r1.146.2.1.6.1 src/sys/ufs/ffs/ffs_alloc.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/ufs/ffs/ffs_alloc.c
diff -u src/sys/ufs/ffs/ffs_alloc.c:1.146.2.1 src/sys/ufs/ffs/ffs_alloc.c:1.146.2.1.6.1
--- src/sys/ufs/ffs/ffs_alloc.c:1.146.2.1	Fri Aug 14 05:29:14 2015
+++ src/sys/ufs/ffs/ffs_alloc.c	Wed May 29 15:54:30 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: ffs_alloc.c,v 1.146.2.1 2015/08/14 05:29:14 msaitoh Exp $	*/
+/*	$NetBSD: ffs_alloc.c,v 1.146.2.1.6.1 2019/05/29 15:54:30 martin Exp $	*/
 
 /*-
  * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -70,7 +70,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ffs_alloc.c,v 1.146.2.1 2015/08/14 05:29:14 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ffs_alloc.c,v 1.146.2.1.6.1 2019/05/29 15:54:30 martin Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_ffs.h"
@@ -1283,7 +1283,7 @@ ffs_nodealloccg(struct inode *ip, int cg
 	struct buf *bp, *ibp;
 	u_int8_t *inosused;
 	int error, start, len, loc, map, i;
-	int32_t initediblk;
+	int32_t initediblk, maxiblk, irotor;
 	daddr_t nalloc;
 	struct ufs2_dinode *dp2;
 	const int needswap = UFS_FSNEEDSWAP(fs);
@@ -1295,7 +1295,13 @@ ffs_nodealloccg(struct inode *ip, int cg
 		return (0);
 	mutex_exit(&ump->um_lock);
 	ibp = NULL;
-	initediblk = -1;
+	if (fs->fs_magic == FS_UFS2_MAGIC) {
+		initediblk = -1;
+	} else {
+		initediblk = fs->fs_ipg;
+	}
+	maxiblk = initediblk;
+
 retry:
 	error = bread(ip->i_devvp, FFS_FSBTODB(fs, cgtod(fs, cg)),
 		(int)fs->fs_cgsize, NOCRED, B_MODIFY, &bp);
@@ -1315,7 +1321,8 @@ retry:
 	 * Check to see if we need to initialize more inodes.
 	 */
 	if (fs->fs_magic == FS_UFS2_MAGIC && ibp == NULL) {
-		initediblk = ufs_rw32(cgp->cg_initediblk, needswap);
+	initediblk = ufs_rw32(cgp->cg_initediblk, needswap);
+		maxiblk = initediblk;
 		nalloc = fs->fs_ipg - ufs_rw32(cgp->cg_cs.cs_nifree, needswap);
 		if (nalloc + FFS_INOPB(fs) > initediblk &&
 		initediblk < ufs_rw32(cgp->cg_niblk, needswap)) {
@@ -1331,6 +1338,9 @@ retry:
 			FFS_NOBLK, fs->fs_bsize, false, &ibp);
 			if (error)
 goto fail;
+
+			maxiblk += FFS_INOPB(fs);
+			
 			goto retry;
 		}
 	}
@@ -1340,14 +1350,22 @@ retry:
 	(fs->fs_old_flags & FS_FLAGS_UPDATED))
 		cgp->cg_time = ufs_rw64(time_second, needswap);
 	inosused = cg_inosused(cgp, needswap);
+	
 	if (ipref) {
 		ipref %= fs->fs_ipg;
-		if (isclr(inosused, ipref))
+		/* safeguard to stay in (to be) allocated range */
+		if (ipref < maxiblk && isclr(inosused, ipref))
 			goto gotit;
 	}
-	start = ufs_rw32(cgp->cg_irotor, needswap) / NBBY;
-	len = howmany(fs->fs_ipg - ufs_rw32(cgp->cg_irotor, needswap),
-		NBBY);
+
+	irotor = ufs_rw32(cgp->cg_irotor, needswap); 
+
+	KASSERTMSG(irotor < initediblk, "%s: allocation botch: cg=%d, irotor %d"
+		   " out of bounds, initediblk=%d",
+		   __func__, cg, irotor, initediblk);
+
+	start = irotor / NBBY;
+	len = howmany(maxiblk - irotor, NBBY);
 	loc = skpc(0xff, len, &inosused[start]);
 	if (loc == 0) {
 		len = start + 1;
@@ -1367,9 +1385,17 @@ retry:
 		printf("fs = %s\n", fs->fs_fsmnt);
 		panic("ffs_nodealloccg: block not in map");
 	}
+	
 	ipref = i * NBBY + ffs(map) - 1;
+
 	cgp->cg_irotor = ufs_rw32(ipref, needswap);
+
 gotit:
+	KASSERTMSG(ipref < maxiblk, "%s: allocation botch: cg=%d attempt to "
+		   "allocate inode index %d beyond max allocated index %d"
+		   " of %d inodes/cg",
+		   __func__, cg, (int)ipref, maxiblk, cg