svn commit: r285942 - in stable: 10/sys/dev/cxgb/ulp/iw_cxgb 7/sys/dev/cxgb/ulp/iw_cxgb 8/sys/dev/cxgb/ulp/iw_cxgb 9/sys/dev/cxgb/ulp/iw_cxgb
Author: dim Date: Tue Jul 28 09:19:04 2015 New Revision: 285942 URL: https://svnweb.freebsd.org/changeset/base/285942 Log: MFC r285340: Fix swapped copyin(9) arguments in cxgb's iwch_arm_cq() function. Detected by clang 3.7.0 with the warning: sys/dev/cxgb/ulp/iw_cxgb/iw_cxgb_provider.c:309:18: error: variable 'rptr' is uninitialized when used here [-Werror,-Wuninitialized] chp-cq.rptr = rptr; ^~~~ Modified: stable/10/sys/dev/cxgb/ulp/iw_cxgb/iw_cxgb_provider.c Directory Properties: stable/10/ (props changed) Changes in other areas also in this revision: Modified: stable/7/sys/dev/cxgb/ulp/iw_cxgb/iw_cxgb_provider.c stable/8/sys/dev/cxgb/ulp/iw_cxgb/iw_cxgb_provider.c stable/9/sys/dev/cxgb/ulp/iw_cxgb/iw_cxgb_provider.c Directory Properties: stable/7/ (props changed) stable/7/sys/ (props changed) stable/8/ (props changed) stable/8/sys/ (props changed) stable/8/sys/dev/ (props changed) stable/8/sys/dev/cxgb/ (props changed) stable/9/ (props changed) stable/9/sys/ (props changed) stable/9/sys/dev/ (props changed) Modified: stable/10/sys/dev/cxgb/ulp/iw_cxgb/iw_cxgb_provider.c == --- stable/10/sys/dev/cxgb/ulp/iw_cxgb/iw_cxgb_provider.c Tue Jul 28 09:16:54 2015(r285941) +++ stable/10/sys/dev/cxgb/ulp/iw_cxgb/iw_cxgb_provider.c Tue Jul 28 09:19:04 2015(r285942) @@ -302,7 +302,7 @@ iwch_arm_cq(struct ib_cq *ibcq, enum ib_ else cq_op = CQ_ARM_AN; if (chp-user_rptr_addr) { - if (copyin(rptr, chp-user_rptr_addr, 4)) + if (copyin(chp-user_rptr_addr, rptr, sizeof(rptr))) return (-EFAULT); mtx_lock(chp-lock); chp-cq.rptr = rptr; ___ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org
svn commit: r285936 - stable/10/sbin/geom/class/part
Author: ae Date: Tue Jul 28 08:22:50 2015 New Revision: 285936 URL: https://svnweb.freebsd.org/changeset/base/285936 Log: MFC r285735: lseek() allows an offset to be set beyond the end of file. Using it to check that partition has enough space to write bootcode doesn't work. Use the known size of provider instead. PR: 201504 Modified: stable/10/sbin/geom/class/part/geom_part.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sbin/geom/class/part/geom_part.c == --- stable/10/sbin/geom/class/part/geom_part.c Tue Jul 28 07:30:07 2015 (r285935) +++ stable/10/sbin/geom/class/part/geom_part.c Tue Jul 28 08:22:50 2015 (r285936) @@ -1095,14 +1095,11 @@ gpart_write_partcode(struct ggeom *gp, i if (pp != NULL) { snprintf(dsf, sizeof(dsf), /dev/%s, pp-lg_name); + if (pp-lg_mediasize size) + errx(EXIT_FAILURE, %s: not enough space, dsf); fd = open(dsf, O_WRONLY); if (fd == -1) err(EXIT_FAILURE, %s, dsf); - if (lseek(fd, size, SEEK_SET) != size) - errx(EXIT_FAILURE, %s: not enough space, dsf); - if (lseek(fd, 0, SEEK_SET) != 0) - err(EXIT_FAILURE, %s, dsf); - /* * When writing to a disk device, the write must be * sector aligned and not write to any partial sectors, @@ -1141,11 +1138,11 @@ gpart_write_partcode_vtoc8(struct ggeom if (pp-lg_sectorsize != sizeof(struct vtoc8)) errx(EXIT_FAILURE, %s: unexpected sector size (%d)\n, dsf, pp-lg_sectorsize); + if (pp-lg_mediasize VTOC_BOOTSIZE) + continue; fd = open(dsf, O_WRONLY); if (fd == -1) err(EXIT_FAILURE, %s, dsf); - if (lseek(fd, VTOC_BOOTSIZE, SEEK_SET) != VTOC_BOOTSIZE) - continue; /* * We ignore the first VTOC_BOOTSIZE bytes of boot code in * order to avoid overwriting the label. ___ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org
svn commit: r285943 - stable/10/sys/netpfil/pf
Author: glebius Date: Tue Jul 28 09:21:19 2015 New Revision: 285943 URL: https://svnweb.freebsd.org/changeset/base/285943 Log: Merge r283106: During module unload unlock rules before destroying UMA zones, which may sleep in uma_drain(). It is safe to unlock here, since we are already dehooked from pfil(9) and all pf threads had quit. Modified: stable/10/sys/netpfil/pf/pf_ioctl.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netpfil/pf/pf_ioctl.c == --- stable/10/sys/netpfil/pf/pf_ioctl.c Tue Jul 28 09:19:04 2015 (r285942) +++ stable/10/sys/netpfil/pf/pf_ioctl.c Tue Jul 28 09:21:19 2015 (r285943) @@ -3750,6 +3750,7 @@ pf_unload(void) wakeup_one(pf_purge_thread); rw_sleep(pf_purge_thread, pf_rules_lock, 0, pftmo, 0); } + PF_RULES_WUNLOCK(); pf_normalize_cleanup(); pfi_cleanup(); pfr_cleanup(); @@ -3757,7 +3758,6 @@ pf_unload(void) pf_cleanup(); if (IS_DEFAULT_VNET(curvnet)) pf_mtag_cleanup(); - PF_RULES_WUNLOCK(); destroy_dev(pf_dev); rw_destroy(pf_rules_lock); sx_destroy(pf_ioctl_lock); ___ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org
svn commit: r285941 - stable/10/sys/netpfil/pf
Author: glebius Date: Tue Jul 28 09:16:54 2015 New Revision: 285941 URL: https://svnweb.freebsd.org/changeset/base/285941 Log: Merge r283061, r283063: don't dereference NULL is pf_get_mtag() fails. PR: 200222 Modified: stable/10/sys/netpfil/pf/pf.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netpfil/pf/pf.c == --- stable/10/sys/netpfil/pf/pf.c Tue Jul 28 09:13:55 2015 (r285940) +++ stable/10/sys/netpfil/pf/pf.c Tue Jul 28 09:16:54 2015 (r285941) @@ -5912,13 +5912,14 @@ done: ((pd.pf_mtag = pf_get_mtag(m)) == NULL)) { action = PF_DROP; REASON_SET(reason, PFRES_MEMORY); + } else { + if (pqid || (pd.tos IPTOS_LOWDELAY)) + pd.pf_mtag-qid = r-pqid; + else + pd.pf_mtag-qid = r-qid; + /* Add hints for ecn. */ + pd.pf_mtag-hdr = h; } - if (pqid || (pd.tos IPTOS_LOWDELAY)) - pd.pf_mtag-qid = r-pqid; - else - pd.pf_mtag-qid = r-qid; - /* add hints for ecn */ - pd.pf_mtag-hdr = h; } #endif /* ALTQ */ @@ -5957,9 +5958,11 @@ done: log = 1; DPFPRINTF(PF_DEBUG_MISC, (pf: failed to allocate tag\n)); + } else { + pd.pf_mtag-flags |= + PF_FASTFWD_OURS_PRESENT; + m-m_flags = ~M_FASTFWD_OURS; } - pd.pf_mtag-flags |= PF_FASTFWD_OURS_PRESENT; - m-m_flags = ~M_FASTFWD_OURS; } ip_divert_ptr(*m0, dir == PF_IN ? DIR_IN : DIR_OUT); *m0 = NULL; @@ -6341,13 +6344,14 @@ done: ((pd.pf_mtag = pf_get_mtag(m)) == NULL)) { action = PF_DROP; REASON_SET(reason, PFRES_MEMORY); + } else { + if (pd.tos IPTOS_LOWDELAY) + pd.pf_mtag-qid = r-pqid; + else + pd.pf_mtag-qid = r-qid; + /* Add hints for ecn. */ + pd.pf_mtag-hdr = h; } - if (pd.tos IPTOS_LOWDELAY) - pd.pf_mtag-qid = r-pqid; - else - pd.pf_mtag-qid = r-qid; - /* add hints for ecn */ - pd.pf_mtag-hdr = h; } #endif /* ALTQ */ ___ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org
svn commit: r285939 - stable/10/sys/netpfil/pf
Author: glebius Date: Tue Jul 28 09:09:01 2015 New Revision: 285939 URL: https://svnweb.freebsd.org/changeset/base/285939 Log: Merge r271458: - Provide a sleepable lock to protect against ioctl() vs ioctl() races. - Use the new lock to protect against simultaneous DIOCSTART and/or DIOCSTOP ioctls. Modified: stable/10/sys/netpfil/pf/pf_ioctl.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netpfil/pf/pf_ioctl.c == --- stable/10/sys/netpfil/pf/pf_ioctl.c Tue Jul 28 08:50:13 2015 (r285938) +++ stable/10/sys/netpfil/pf/pf_ioctl.c Tue Jul 28 09:09:01 2015 (r285939) @@ -188,6 +188,7 @@ static volatile VNET_DEFINE(int, pf_pfil VNET_DEFINE(int, pf_end_threads); struct rwlock pf_rules_lock; +struct sx pf_ioctl_lock; /* pfsync */ pfsync_state_import_t *pfsync_state_import_ptr = NULL; @@ -1090,20 +1091,18 @@ pfioctl(struct cdev *dev, u_long cmd, ca switch (cmd) { case DIOCSTART: - PF_RULES_WLOCK(); + sx_xlock(pf_ioctl_lock); if (V_pf_status.running) error = EEXIST; else { int cpu; - PF_RULES_WUNLOCK(); error = hook_pf(); if (error) { DPFPRINTF(PF_DEBUG_MISC, (pf: pfil registration failed\n)); break; } - PF_RULES_WLOCK(); V_pf_status.running = 1; V_pf_status.since = time_second; @@ -1112,27 +,23 @@ pfioctl(struct cdev *dev, u_long cmd, ca DPFPRINTF(PF_DEBUG_MISC, (pf: started\n)); } - PF_RULES_WUNLOCK(); break; case DIOCSTOP: - PF_RULES_WLOCK(); + sx_xlock(pf_ioctl_lock); if (!V_pf_status.running) error = ENOENT; else { V_pf_status.running = 0; - PF_RULES_WUNLOCK(); error = dehook_pf(); if (error) { V_pf_status.running = 1; DPFPRINTF(PF_DEBUG_MISC, (pf: pfil unregistration failed\n)); } - PF_RULES_WLOCK(); V_pf_status.since = time_second; DPFPRINTF(PF_DEBUG_MISC, (pf: stopped\n)); } - PF_RULES_WUNLOCK(); break; case DIOCADDRULE: { @@ -3256,6 +3251,8 @@ DIOCCHANGEADDR_error: break; } fail: + if (sx_xlocked(pf_ioctl_lock)) + sx_xunlock(pf_ioctl_lock); CURVNET_RESTORE(); return (error); @@ -3728,6 +3725,7 @@ pf_load(void) VNET_LIST_RUNLOCK(); rw_init(pf_rules_lock, pf rulesets); + sx_init(pf_ioctl_lock, pf ioctl); pf_dev = make_dev(pf_cdevsw, 0, 0, 0, 0600, PF_NAME); if ((error = pfattach()) != 0) @@ -3741,9 +3739,7 @@ pf_unload(void) { int error = 0; - PF_RULES_WLOCK(); V_pf_status.running = 0; - PF_RULES_WUNLOCK(); swi_remove(V_pf_swi_cookie); error = dehook_pf(); if (error) { @@ -3772,6 +3768,7 @@ pf_unload(void) PF_RULES_WUNLOCK(); destroy_dev(pf_dev); rw_destroy(pf_rules_lock); + sx_destroy(pf_ioctl_lock); return (error); } ___ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org
svn commit: r285940 - in stable/10/sys: net netpfil/pf
Author: glebius Date: Tue Jul 28 09:13:55 2015 New Revision: 285940 URL: https://svnweb.freebsd.org/changeset/base/285940 Log: Merge 280169: always lock the hash row of a source node when updating its 'states' counter. PR: 182401 Modified: stable/10/sys/net/pfvar.h stable/10/sys/netpfil/pf/pf.c stable/10/sys/netpfil/pf/pf_ioctl.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/net/pfvar.h == --- stable/10/sys/net/pfvar.h Tue Jul 28 09:09:01 2015(r285939) +++ stable/10/sys/net/pfvar.h Tue Jul 28 09:13:55 2015(r285940) @@ -1549,7 +1549,6 @@ extern struct pf_state*pf_find_state_a extern struct pf_src_node *pf_find_src_node(struct pf_addr *, struct pf_rule *, sa_family_t, int); extern void pf_unlink_src_node(struct pf_src_node *); -extern void pf_unlink_src_node_locked(struct pf_src_node *); extern u_intpf_free_src_nodes(struct pf_src_node_list *); extern void pf_print_state(struct pf_state *); extern void pf_print_flags(u_int8_t); Modified: stable/10/sys/netpfil/pf/pf.c == --- stable/10/sys/netpfil/pf/pf.c Tue Jul 28 09:09:01 2015 (r285939) +++ stable/10/sys/netpfil/pf/pf.c Tue Jul 28 09:13:55 2015 (r285940) @@ -655,7 +655,10 @@ pf_find_src_node(struct pf_addr *src, st ((af == AF_INET n-addr.v4.s_addr == src-v4.s_addr) || (af == AF_INET6 bcmp(n-addr, src, sizeof(*src)) == 0))) break; - if (n != NULL || returnlocked == 0) + if (n != NULL) { + n-states++; + PF_HASHROW_UNLOCK(sh); + } else if (returnlocked == 0) PF_HASHROW_UNLOCK(sh); return (n); @@ -699,6 +702,7 @@ pf_insert_src_node(struct pf_src_node ** LIST_INSERT_HEAD(sh-nodes, *sn, entry); (*sn)-creation = time_uptime; (*sn)-ruletype = rule-action; + (*sn)-states = 1; if ((*sn)-rule.ptr != NULL) counter_u64_add((*sn)-rule.ptr-src_nodes, 1); PF_HASHROW_UNLOCK(sh); @@ -715,37 +719,13 @@ pf_insert_src_node(struct pf_src_node ** } void -pf_unlink_src_node_locked(struct pf_src_node *src) +pf_unlink_src_node(struct pf_src_node *src) { -#ifdef INVARIANTS - struct pf_srchash *sh; - sh = V_pf_srchash[pf_hashsrc(src-addr, src-af)]; - PF_HASHROW_ASSERT(sh); -#endif + PF_HASHROW_ASSERT(V_pf_srchash[pf_hashsrc(src-addr, src-af)]); LIST_REMOVE(src, entry); if (src-rule.ptr) counter_u64_add(src-rule.ptr-src_nodes, -1); - counter_u64_add(V_pf_status.scounters[SCNT_SRC_NODE_REMOVALS], 1); -} - -void -pf_unlink_src_node(struct pf_src_node *src) -{ - struct pf_srchash *sh; - - sh = V_pf_srchash[pf_hashsrc(src-addr, src-af)]; - PF_HASHROW_LOCK(sh); - pf_unlink_src_node_locked(src); - PF_HASHROW_UNLOCK(sh); -} - -static void -pf_free_src_node(struct pf_src_node *sn) -{ - - KASSERT(sn-states == 0, (%s: %p has refs, __func__, sn)); - uma_zfree(V_pf_sources_z, sn); } u_int @@ -755,10 +735,12 @@ pf_free_src_nodes(struct pf_src_node_lis u_int count = 0; LIST_FOREACH_SAFE(sn, head, entry, tmp) { - pf_free_src_node(sn); + uma_zfree(V_pf_sources_z, sn); count++; } + counter_u64_add(V_pf_status.scounters[SCNT_SRC_NODE_REMOVALS], count); + return (count); } @@ -1550,7 +1532,7 @@ pf_purge_expired_src_nodes() PF_HASHROW_LOCK(sh); LIST_FOREACH_SAFE(cur, sh-nodes, entry, next) if (cur-states == 0 cur-expire = time_uptime) { - pf_unlink_src_node_locked(cur); + pf_unlink_src_node(cur); LIST_INSERT_HEAD(freelist, cur, entry); } else if (cur-rule.ptr != NULL) cur-rule.ptr-rule_flag |= PFRULE_REFS; @@ -1565,27 +1547,31 @@ pf_purge_expired_src_nodes() static void pf_src_tree_remove_state(struct pf_state *s) { - u_int32_t timeout; + struct pf_src_node *sn; + struct pf_srchash *sh; + uint32_t timeout; + + timeout = s-rule.ptr-timeout[PFTM_SRC_NODE] ? + s-rule.ptr-timeout[PFTM_SRC_NODE] : + V_pf_default_rule.timeout[PFTM_SRC_NODE]; if (s-src_node != NULL) { + sn = s-src_node; + sh = V_pf_srchash[pf_hashsrc(sn-addr, sn-af)]; + PF_HASHROW_LOCK(sh); if (s-src.tcp_est) - --s-src_node-conn; - if (--s-src_node-states == 0) { -
svn commit: r285950 - stable/10/usr.sbin/mfiutil
Author: emaste Date: Tue Jul 28 12:40:41 2015 New Revision: 285950 URL: https://svnweb.freebsd.org/changeset/base/285950 Log: MFC r201289: mfiutil: increase buffer size to accommodate sprintf string PR: 201289 Modified: stable/10/usr.sbin/mfiutil/mfi_foreign.c Directory Properties: stable/10/ (props changed) Modified: stable/10/usr.sbin/mfiutil/mfi_foreign.c == --- stable/10/usr.sbin/mfiutil/mfi_foreign.cTue Jul 28 12:40:09 2015 (r285949) +++ stable/10/usr.sbin/mfiutil/mfi_foreign.cTue Jul 28 12:40:41 2015 (r285950) @@ -110,7 +110,7 @@ static int foreign_show_cfg(int fd, uint32_t opcode, uint8_t cfgidx, int diagnostic) { struct mfi_config_data *config; - char prefix[26]; + char prefix[64]; int error; uint8_t mbox[4]; ___ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org
svn commit: r285952 - stable/10/usr.bin/clang/lldb
Author: emaste Date: Tue Jul 28 12:46:37 2015 New Revision: 285952 URL: https://svnweb.freebsd.org/changeset/base/285952 Log: MFC r285248: lldb: use .PATH to find man page instead of symlinking it Modified: stable/10/usr.bin/clang/lldb/Makefile Directory Properties: stable/10/ (props changed) Modified: stable/10/usr.bin/clang/lldb/Makefile == --- stable/10/usr.bin/clang/lldb/Makefile Tue Jul 28 12:45:08 2015 (r285951) +++ stable/10/usr.bin/clang/lldb/Makefile Tue Jul 28 12:46:37 2015 (r285952) @@ -13,8 +13,8 @@ SRCDIR= tools/lldb/tools/driver SRCS= Driver.cpp \ Platform.cpp -lldb.1: - ln -fs ${LLDB_SRCS}/docs/lldb.1 ${.TARGET} +# Man page directory +.PATH: ${LLDB_SRCS}/docs DPADD= ${LIBEDIT} ${LIBNCURSESW} ${LIBEXECINFO} ${LIBPANEL} LDADD= -ledit -lncursesw -lexecinfo -lpanel ___ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org
svn commit: r285966 - stable/10/sys/kern
Author: kib Date: Tue Jul 28 17:08:32 2015 New Revision: 285966 URL: https://svnweb.freebsd.org/changeset/base/285966 Log: MFC r285039: Remove asserts which might reference freed memory. Modified: stable/10/sys/kern/vfs_mount.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/kern/vfs_mount.c == --- stable/10/sys/kern/vfs_mount.c Tue Jul 28 17:06:13 2015 (r285965) +++ stable/10/sys/kern/vfs_mount.c Tue Jul 28 17:08:32 2015 (r285966) @@ -1108,9 +1108,6 @@ vfs_domount( } else error = vfs_domount_update(td, vp, fsflags, optlist); - ASSERT_VI_UNLOCKED(vp, __func__); - ASSERT_VOP_UNLOCKED(vp, __func__); - return (error); } ___ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org
svn commit: r285967 - stable/10/sys/kern
Author: kib Date: Tue Jul 28 17:12:41 2015 New Revision: 285967 URL: https://svnweb.freebsd.org/changeset/base/285967 Log: MFC r284956: Do not calculate the stack's bottom address twice. Modified: stable/10/sys/kern/kern_exec.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/kern/kern_exec.c == --- stable/10/sys/kern/kern_exec.c Tue Jul 28 17:08:32 2015 (r285966) +++ stable/10/sys/kern/kern_exec.c Tue Jul 28 17:12:41 2015 (r285967) @@ -1116,7 +1116,7 @@ exec_new_vmspace(imgp, sv) * process stack so we can check the stack rlimit. */ vmspace-vm_ssize = sgrowsiz PAGE_SHIFT; - vmspace-vm_maxsaddr = (char *)sv-sv_usrstack - ssiz; + vmspace-vm_maxsaddr = (char *)stack_addr; return (0); } ___ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org
svn commit: r285963 - stable/10/sys/kern
Author: kib Date: Tue Jul 28 16:39:36 2015 New Revision: 285963 URL: https://svnweb.freebsd.org/changeset/base/285963 Log: MFC r285134 (by mjg): fd: de-kr-ify functions + some whitespace fixes MFC r285269: Handle copyout for the fcntl(F_OGETLK) using oflock structure. Modified: stable/10/sys/kern/kern_descrip.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/kern/kern_descrip.c == --- stable/10/sys/kern/kern_descrip.c Tue Jul 28 15:05:19 2015 (r285962) +++ stable/10/sys/kern/kern_descrip.c Tue Jul 28 16:39:36 2015 (r285963) @@ -418,9 +418,10 @@ kern_fcntl_freebsd(struct thread *td, in struct flock fl; struct __oflock ofl; intptr_t arg1; - int error; + int error, newcmd; error = 0; + newcmd = cmd; switch (cmd) { case F_OGETLK: case F_OSETLK: @@ -438,31 +439,31 @@ kern_fcntl_freebsd(struct thread *td, in switch (cmd) { case F_OGETLK: - cmd = F_GETLK; - break; + newcmd = F_GETLK; + break; case F_OSETLK: - cmd = F_SETLK; - break; + newcmd = F_SETLK; + break; case F_OSETLKW: - cmd = F_SETLKW; - break; + newcmd = F_SETLKW; + break; } arg1 = (intptr_t)fl; break; -case F_GETLK: -case F_SETLK: -case F_SETLKW: + case F_GETLK: + case F_SETLK: + case F_SETLKW: case F_SETLK_REMOTE: -error = copyin((void *)(intptr_t)arg, fl, sizeof(fl)); -arg1 = (intptr_t)fl; -break; + error = copyin((void *)(intptr_t)arg, fl, sizeof(fl)); + arg1 = (intptr_t)fl; + break; default: arg1 = arg; break; } if (error) return (error); - error = kern_fcntl(td, fd, cmd, arg1); + error = kern_fcntl(td, fd, newcmd, arg1); if (error) return (error); if (cmd == F_OGETLK) { @@ -746,7 +747,7 @@ kern_fcntl(struct thread *td, int fd, in if ((flp-l_start 0 foffset OFF_MAX - flp-l_start) || (flp-l_start 0 -foffset OFF_MIN - flp-l_start)) { + foffset OFF_MIN - flp-l_start)) { FILEDESC_SUNLOCK(fdp); error = EOVERFLOW; fdrop(fp, td); @@ -954,13 +955,13 @@ funsetown(struct sigio **sigiop) struct pgrp *pg = (sigio)-sio_pgrp; PGRP_LOCK(pg); SLIST_REMOVE(sigio-sio_pgrp-pg_sigiolst, sigio, -sigio, sio_pgsigio); + sigio, sio_pgsigio); PGRP_UNLOCK(pg); } else { struct proc *p = (sigio)-sio_proc; PROC_LOCK(p); SLIST_REMOVE(sigio-sio_proc-p_sigiolst, sigio, -sigio, sio_pgsigio); + sigio, sio_pgsigio); PROC_UNLOCK(p); } SIGIO_UNLOCK(); @@ -1214,18 +1215,14 @@ struct close_args { #endif /* ARGSUSED */ int -sys_close(td, uap) - struct thread *td; - struct close_args *uap; +sys_close(struct thread *td, struct close_args *uap) { return (kern_close(td, uap-fd)); } int -kern_close(td, fd) - struct thread *td; - int fd; +kern_close(struct thread *td, int fd) { struct filedesc *fdp; struct file *fp; @@ -2312,10 +2309,10 @@ closef(struct file *fp, struct thread *t fdp = td-td_proc-p_fd; FILEDESC_XLOCK(fdp); for (fdtol = fdtol-fdl_next; -fdtol != td-td_proc-p_fdtol; -fdtol = fdtol-fdl_next) { + fdtol != td-td_proc-p_fdtol; + fdtol = fdtol-fdl_next) { if ((fdtol-fdl_leader-p_flag -P_ADVLOCK) == 0) + P_ADVLOCK) == 0) continue; fdtol-fdl_holdcount++; FILEDESC_XUNLOCK(fdp); @@ -2933,8 +2930,7 @@ filedesc_to_leader_alloc(struct filedesc struct filedesc_to_leader *fdtol; fdtol = malloc(sizeof(struct filedesc_to_leader), - M_FILEDESC_TO_LEADER, - M_WAITOK); + M_FILEDESC_TO_LEADER, M_WAITOK);
svn commit: r285971 - stable/10/sys/kern
Author: cem Date: Tue Jul 28 18:37:23 2015 New Revision: 285971 URL: https://svnweb.freebsd.org/changeset/base/285971 Log: MFC r285483: pipe_direct_write: Fix mismatched pipelock/unlock If a signal is caught in pipelock, causing it to fail, pipe_direct_write should not try to pipeunlock. Approved by: markj (mentor) Sponsored by: EMC / Isilon Storage Division Modified: stable/10/sys/kern/sys_pipe.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/kern/sys_pipe.c == --- stable/10/sys/kern/sys_pipe.c Tue Jul 28 17:48:34 2015 (r285970) +++ stable/10/sys/kern/sys_pipe.c Tue Jul 28 18:37:23 2015 (r285971) @@ -945,9 +945,10 @@ pipe_direct_write(wpipe, uio) retry: PIPE_LOCK_ASSERT(wpipe, MA_OWNED); error = pipelock(wpipe, 1); - if (wpipe-pipe_state PIPE_EOF) + if (error != 0) + goto error1; + if ((wpipe-pipe_state PIPE_EOF) != 0) { error = EPIPE; - if (error) { pipeunlock(wpipe); goto error1; } ___ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org
svn commit: r285976 - in stable/10: crypto/openssh sys/netinet usr.bin/patch
Author: delphij Date: Tue Jul 28 19:58:44 2015 New Revision: 285976 URL: https://svnweb.freebsd.org/changeset/base/285976 Log: Fix patch(1) shell injection vulnerability. [SA-15:14] Fix resource exhaustion in TCP reassembly. [SA-15:15] Fix OpenSSH multiple vulnerabilities. [SA-15:16] Modified: stable/10/crypto/openssh/auth2-chall.c stable/10/crypto/openssh/sshconnect.c stable/10/sys/netinet/tcp_reass.c stable/10/sys/netinet/tcp_subr.c stable/10/sys/netinet/tcp_var.h stable/10/usr.bin/patch/common.h stable/10/usr.bin/patch/inp.c Modified: stable/10/crypto/openssh/auth2-chall.c == --- stable/10/crypto/openssh/auth2-chall.c Tue Jul 28 19:58:38 2015 (r285975) +++ stable/10/crypto/openssh/auth2-chall.c Tue Jul 28 19:58:44 2015 (r285976) @@ -82,6 +82,7 @@ struct KbdintAuthctxt void *ctxt; KbdintDevice *device; u_int nreq; + u_int devices_done; }; #ifdef USE_PAM @@ -168,11 +169,15 @@ kbdint_next_device(Authctxt *authctxt, K if (len == 0) break; for (i = 0; devices[i]; i++) { - if (!auth2_method_allowed(authctxt, + if ((kbdintctxt-devices_done (1 i)) != 0 || + !auth2_method_allowed(authctxt, keyboard-interactive, devices[i]-name)) continue; - if (strncmp(kbdintctxt-devices, devices[i]-name, len) == 0) + if (strncmp(kbdintctxt-devices, devices[i]-name, + len) == 0) { kbdintctxt-device = devices[i]; + kbdintctxt-devices_done |= 1 i; + } } t = kbdintctxt-devices; kbdintctxt-devices = t[len] ? xstrdup(t+len+1) : NULL; Modified: stable/10/crypto/openssh/sshconnect.c == --- stable/10/crypto/openssh/sshconnect.c Tue Jul 28 19:58:38 2015 (r285975) +++ stable/10/crypto/openssh/sshconnect.c Tue Jul 28 19:58:44 2015 (r285976) @@ -1246,29 +1246,39 @@ verify_host_key(char *host, struct socka { int flags = 0; char *fp; + Key *plain = NULL; fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); debug(Server host key: %s %s, key_type(host_key), fp); free(fp); - /* XXX certs are not yet supported for DNS */ - if (!key_is_cert(host_key) options.verify_host_key_dns - verify_host_key_dns(host, hostaddr, host_key, flags) == 0) { - if (flags DNS_VERIFY_FOUND) { - - if (options.verify_host_key_dns == 1 - flags DNS_VERIFY_MATCH - flags DNS_VERIFY_SECURE) - return 0; - - if (flags DNS_VERIFY_MATCH) { - matching_host_key_dns = 1; - } else { - warn_changed_key(host_key); - error(Update the SSHFP RR in DNS with the new - host key to get rid of this message.); + if (options.verify_host_key_dns) { + /* +* XXX certs are not yet supported for DNS, so downgrade +* them and try the plain key. +*/ + plain = key_from_private(host_key); + if (key_is_cert(plain)) + key_drop_cert(plain); + if (verify_host_key_dns(host, hostaddr, plain, flags) == 0) { + if (flags DNS_VERIFY_FOUND) { + if (options.verify_host_key_dns == 1 + flags DNS_VERIFY_MATCH + flags DNS_VERIFY_SECURE) { + key_free(plain); + return 0; + } + if (flags DNS_VERIFY_MATCH) { + matching_host_key_dns = 1; + } else { + warn_changed_key(plain); + error(Update the SSHFP RR in DNS + with the new host key to get rid + of this message.); + } } } + key_free(plain); } return check_host_key(host, hostaddr, options.port, host_key, RDRW, Modified: stable/10/sys/netinet/tcp_reass.c == ---
svn commit: r285982 - in stable: 10/release/doc/share/xml 8/release/doc/share/xml 9/release/doc/share/xml
Author: gjb Date: Tue Jul 28 20:38:52 2015 New Revision: 285982 URL: https://svnweb.freebsd.org/changeset/base/285982 Log: Document SA-15:14 through SA-15:17. Sponsored by: The FreeBSD Foundation Modified: stable/10/release/doc/share/xml/security.xml Changes in other areas also in this revision: Modified: stable/8/release/doc/share/xml/security.xml stable/9/release/doc/share/xml/security.xml Modified: stable/10/release/doc/share/xml/security.xml == --- stable/10/release/doc/share/xml/security.xmlTue Jul 28 20:24:09 2015(r285981) +++ stable/10/release/doc/share/xml/security.xmlTue Jul 28 20:38:52 2015(r285982) @@ -133,6 +133,28 @@ entrypararesource exhaustion due to sessions stuck in literalLAST_ACK/literal state./para/entry /row + + row + entrylink + xlink:href=security.url;/FreeBSD-SA-15:14.bsdpatch.ascFreeBSD-SA-15:14.bsdpatch/link/entry + entry28nbsp;Julynbsp;2015/entry + entryparaShell injection vulnerability/para/entry + /row + + row + entrylink + xlink:href=security.url;/FreeBSD-SA-15:15.tcp.ascFreeBSD-SA-15:15.tcp/link/entry + entry28nbsp;Julynbsp;2015/entry + entrypararesource exhaustion in acronymTCP/acronym + reassembly/para/entry + /row + + row + entrylink + xlink:href=security.url;/FreeBSD-SA-15:16.openssh.ascFreeBSD-SA-15:16.openssh/link/entry + entry28nbsp;Julynbsp;2015/entry + entryparaMultiple vulnerabilities/para/entry + /row /tbody /tgroup /informaltable ___ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org