CVS commit: src/sys/kern
Module Name:src Committed By: maxv Date: Thu Apr 19 05:16:02 UTC 2018 Modified Files: src/sys/kern: uipc_mbuf.c Log Message: The mbuf length is allowed to be zero. To generate a diff of this commit: cvs rdiff -u -r1.191 -r1.192 src/sys/kern/uipc_mbuf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/kern
Module Name:src Committed By: maxv Date: Thu Apr 19 05:16:02 UTC 2018 Modified Files: src/sys/kern: uipc_mbuf.c Log Message: The mbuf length is allowed to be zero. To generate a diff of this commit: cvs rdiff -u -r1.191 -r1.192 src/sys/kern/uipc_mbuf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/uipc_mbuf.c diff -u src/sys/kern/uipc_mbuf.c:1.191 src/sys/kern/uipc_mbuf.c:1.192 --- src/sys/kern/uipc_mbuf.c:1.191 Tue Apr 17 07:58:31 2018 +++ src/sys/kern/uipc_mbuf.c Thu Apr 19 05:16:02 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_mbuf.c,v 1.191 2018/04/17 07:58:31 maxv Exp $ */ +/* $NetBSD: uipc_mbuf.c,v 1.192 2018/04/19 05:16:02 maxv Exp $ */ /* * Copyright (c) 1999, 2001 The NetBSD Foundation, Inc. @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: uipc_mbuf.c,v 1.191 2018/04/17 07:58:31 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: uipc_mbuf.c,v 1.192 2018/04/19 05:16:02 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_mbuftrace.h" @@ -1940,7 +1940,7 @@ m_verify_packet(struct mbuf *m) low = n->m_dat; high = low + MLEN; } - if (__predict_false(dat + len <= dat)) { + if (__predict_false(dat + len < dat)) { panic("%s: incorrect length (len = %d)", __func__, len); } if (__predict_false((dat < low) || (dat + len > high))) {
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Wed Apr 18 17:58:07 UTC 2018 Modified Files: src/sys/netipsec: xform_ah.c Log Message: Simplify the IPv4 parser. Get the option length in 'optlen', and sanitize it earlier. A new check is added (off + optlen > skip). In the IPv6 parser we reuse 'optlen', and remove 'ad' as a result. To generate a diff of this commit: cvs rdiff -u -r1.89 -r1.90 src/sys/netipsec/xform_ah.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netipsec/xform_ah.c diff -u src/sys/netipsec/xform_ah.c:1.89 src/sys/netipsec/xform_ah.c:1.90 --- src/sys/netipsec/xform_ah.c:1.89 Mon Apr 16 17:32:34 2018 +++ src/sys/netipsec/xform_ah.c Wed Apr 18 17:58:07 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_ah.c,v 1.89 2018/04/16 17:32:34 maxv Exp $ */ +/* $NetBSD: xform_ah.c,v 1.90 2018/04/18 17:58:07 maxv Exp $ */ /* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */ /* @@ -39,7 +39,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.89 2018/04/16 17:32:34 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.90 2018/04/18 17:58:07 maxv Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -266,7 +266,7 @@ ah_massage_headers(struct mbuf **m0, int { struct mbuf *m = *m0; unsigned char *ptr; - int off, count; + int off, count, optlen; #ifdef INET struct ip *ip; #endif @@ -274,7 +274,7 @@ ah_massage_headers(struct mbuf **m0, int struct ip6_ext *ip6e; struct ip6_hdr ip6; struct ip6_rthdr *rh; - int alloc, ad, nxt; + int alloc, nxt; #endif switch (proto) { @@ -308,56 +308,32 @@ ah_massage_headers(struct mbuf **m0, int /* IPv4 option processing */ for (off = sizeof(struct ip); off < skip;) { - if (ptr[off] == IPOPT_EOL || ptr[off] == IPOPT_NOP || - off + 1 < skip) -; - else { -DPRINTF(("%s: illegal IPv4 option length for " -"option %d\n", __func__, ptr[off])); - + if (ptr[off] == IPOPT_EOL) { +break; + } else if (ptr[off] == IPOPT_NOP) { +optlen = 1; + } else if (off + 1 < skip) { +optlen = ptr[off + 1]; +if (optlen < 2 || off + optlen > skip) { + m_freem(m); + return EINVAL; +} + } else { m_freem(m); return EINVAL; } switch (ptr[off]) { - case IPOPT_EOL: -off = skip; /* End the loop. */ -break; - case IPOPT_NOP: -off++; -break; - - case IPOPT_SECURITY: /* 0x82 */ + case IPOPT_SECURITY: case 0x85: /* Extended security. */ case 0x86: /* Commercial security. */ case 0x94: /* Router alert */ case 0x95: /* RFC1770 */ -/* Sanity check for option length. */ -if (ptr[off + 1] < 2) { - DPRINTF(("%s: illegal IPv4 option " - "length for option %d\n", __func__, - ptr[off])); - - m_freem(m); - return EINVAL; -} - -off += ptr[off + 1]; break; case IPOPT_LSRR: case IPOPT_SSRR: -/* Sanity check for option length. */ -if (ptr[off + 1] < 2) { - DPRINTF(("%s: illegal IPv4 option " - "length for option %d\n", __func__, - ptr[off])); - - m_freem(m); - return EINVAL; -} - /* * On output, if we have either of the * source routing options, we should @@ -369,32 +345,21 @@ ah_massage_headers(struct mbuf **m0, int */ if (out) memcpy(>ip_dst, - ptr + off + ptr[off + 1] - + ptr + off + optlen - sizeof(struct in_addr), sizeof(struct in_addr)); +/* FALLTHROUGH */ -/* Fall through */ default: -/* Sanity check for option length. */ -if (ptr[off + 1] < 2) { - DPRINTF(("%s: illegal IPv4 option " - "length for option %d\n", __func__, - ptr[off])); - m_freem(m); - return EINVAL; -} - /* Zeroize all other options. */ -count = ptr[off + 1]; -memcpy(ptr + off, ipseczeroes, count); -off += count; +memcpy(ptr + off, ipseczeroes, optlen); break; } + off += optlen; + /* Sanity check. */ if (off > skip) { -DPRINTF(("%s: malformed IPv4 options header\n", - __func__)); m_freem(m); return EINVAL; } @@ -487,17 +452,17 @@ ah_massage_headers(struct mbuf **m0, int if (count + 1 >= noff) { goto error6; } - ad = ptr[count + 1] + 2; + optlen = ptr[count + 1] + 2; - if (count + ad > noff) { + if (count + optlen > noff) { goto error6; } if (ptr[count] & IP6OPT_MUTABLE) { - memset(ptr + count, 0, ad); + memset(ptr + count, 0, optlen); } - count += ad; + count += optlen; } if (count != noff) {
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Wed Apr 18 17:58:07 UTC 2018 Modified Files: src/sys/netipsec: xform_ah.c Log Message: Simplify the IPv4 parser. Get the option length in 'optlen', and sanitize it earlier. A new check is added (off + optlen > skip). In the IPv6 parser we reuse 'optlen', and remove 'ad' as a result. To generate a diff of this commit: cvs rdiff -u -r1.89 -r1.90 src/sys/netipsec/xform_ah.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Wed Apr 18 17:34:54 UTC 2018 Modified Files: src/sys/netipsec: ipsec_mbuf.c Log Message: Remove unused includes, remove misleading comments, and style. To generate a diff of this commit: cvs rdiff -u -r1.24 -r1.25 src/sys/netipsec/ipsec_mbuf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netipsec/ipsec_mbuf.c diff -u src/sys/netipsec/ipsec_mbuf.c:1.24 src/sys/netipsec/ipsec_mbuf.c:1.25 --- src/sys/netipsec/ipsec_mbuf.c:1.24 Tue Apr 17 09:06:33 2018 +++ src/sys/netipsec/ipsec_mbuf.c Wed Apr 18 17:34:54 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec_mbuf.c,v 1.24 2018/04/17 09:06:33 maxv Exp $ */ +/* $NetBSD: ipsec_mbuf.c,v 1.25 2018/04/18 17:34:54 maxv Exp $ */ /* * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting @@ -29,7 +29,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.24 2018/04/17 09:06:33 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.25 2018/04/18 17:34:54 maxv Exp $"); /* * IPsec-specific mbuf routines. @@ -38,10 +38,6 @@ __KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c #include #include #include -#include - -#include -#include #include #include @@ -94,11 +90,9 @@ m_clone(struct mbuf *m0) } continue; } + /* - * Writable mbufs are left alone (for now). Note - * that for 4.x systems it's not possible to identify - * whether or not mbufs with external buffers are - * writable unless they use clusters. + * Writable mbufs are left alone (for now). */ if (M_EXT_WRITABLE(m)) { mprev = m; @@ -128,7 +122,6 @@ m_clone(struct mbuf *m0) /* * Allocate new space to hold the copy... */ - /* XXX why can M_PKTHDR be set past the first mbuf? */ if (mprev == NULL && (m->m_flags & M_PKTHDR)) { /* * NB: if a packet header is present we must @@ -139,22 +132,23 @@ m_clone(struct mbuf *m0) MGETHDR(n, M_DONTWAIT, m->m_type); if (n == NULL) { m_freem(m0); -return (NULL); +return NULL; } M_MOVE_PKTHDR(n, m); MCLGET(n, M_DONTWAIT); if ((n->m_flags & M_EXT) == 0) { m_free(n); m_freem(m0); -return (NULL); +return NULL; } } else { n = m_getcl(M_DONTWAIT, m->m_type, m->m_flags); if (n == NULL) { m_freem(m0); -return (NULL); +return NULL; } } + /* * ... and copy the data. We deal with jumbo mbufs * (i.e. m_len > MCLBYTES) by splitting them into @@ -185,7 +179,7 @@ m_clone(struct mbuf *m0) if (n == NULL) { m_freem(mfirst); m_freem(m0); -return (NULL); +return NULL; } } n->m_next = m->m_next; @@ -196,7 +190,8 @@ m_clone(struct mbuf *m0) m_free(m); /* release old mbuf */ mprev = mfirst; } - return (m0); + + return m0; } /* @@ -220,7 +215,8 @@ m_makespace(struct mbuf *m0, int skip, i for (m = m0; m && skip > m->m_len; m = m->m_next) skip -= m->m_len; if (m == NULL) - return (NULL); + return NULL; + /* * At this point skip is the offset into the mbuf m * where the new header should be placed. Figure out @@ -302,6 +298,7 @@ m_makespace(struct mbuf *m0, int skip, i m->m_len += hlen; *off = skip; } + m0->m_pkthdr.len += hlen; /* adjust packet length */ return m; } @@ -393,7 +390,7 @@ m_striphdr(struct mbuf *m, int skip, int /* Find beginning of header */ m1 = m_getptr(m, skip, ); if (m1 == NULL) - return (EINVAL); + return EINVAL; /* Remove the header and associated data from the mbuf. */ if (roff == 0) { @@ -446,5 +443,6 @@ m_striphdr(struct mbuf *m, int skip, int m1->m_len -= hlen; m->m_pkthdr.len -= hlen; } - return (0); + + return 0; }
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Wed Apr 18 17:34:54 UTC 2018 Modified Files: src/sys/netipsec: ipsec_mbuf.c Log Message: Remove unused includes, remove misleading comments, and style. To generate a diff of this commit: cvs rdiff -u -r1.24 -r1.25 src/sys/netipsec/ipsec_mbuf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/dev/usb
Module Name:src Committed By: maxv Date: Wed Apr 18 15:01:03 UTC 2018 Modified Files: src/sys/dev/usb: ubt.c Log Message: m_free -> m_freem, m_copyback could have added mbufs in the chain To generate a diff of this commit: cvs rdiff -u -r1.60 -r1.61 src/sys/dev/usb/ubt.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dev/usb/ubt.c diff -u src/sys/dev/usb/ubt.c:1.60 src/sys/dev/usb/ubt.c:1.61 --- src/sys/dev/usb/ubt.c:1.60 Sun Jan 21 13:57:12 2018 +++ src/sys/dev/usb/ubt.c Wed Apr 18 15:01:03 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ubt.c,v 1.60 2018/01/21 13:57:12 skrll Exp $ */ +/* $NetBSD: ubt.c,v 1.61 2018/04/18 15:01:03 maxv Exp $ */ /*- * Copyright (c) 2006 Itronix Inc. @@ -67,7 +67,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ubt.c,v 1.60 2018/01/21 13:57:12 skrll Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ubt.c,v 1.61 2018/04/18 15:01:03 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_usb.h" @@ -1528,7 +1528,7 @@ ubt_mbufload(uint8_t *buf, int count, ui m->m_pkthdr.len = m->m_len = MHLEN; m_copyback(m, 1, count, buf); // (extends if necessary) if (m->m_pkthdr.len != MAX(MHLEN, count + 1)) { - m_free(m); + m_freem(m); return NULL; }
CVS commit: src/sys/dev/usb
Module Name:src Committed By: maxv Date: Wed Apr 18 15:01:03 UTC 2018 Modified Files: src/sys/dev/usb: ubt.c Log Message: m_free -> m_freem, m_copyback could have added mbufs in the chain To generate a diff of this commit: cvs rdiff -u -r1.60 -r1.61 src/sys/dev/usb/ubt.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/dev/sdmmc
Module Name:src Committed By: maxv Date: Wed Apr 18 14:56:35 UTC 2018 Modified Files: src/sys/dev/sdmmc: sbt.c Log Message: m_free -> m_freem, m_copyback could have added mbufs in the chain To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/sys/dev/sdmmc/sbt.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/dev/sdmmc
Module Name:src Committed By: maxv Date: Wed Apr 18 14:56:35 UTC 2018 Modified Files: src/sys/dev/sdmmc: sbt.c Log Message: m_free -> m_freem, m_copyback could have added mbufs in the chain To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/sys/dev/sdmmc/sbt.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dev/sdmmc/sbt.c diff -u src/sys/dev/sdmmc/sbt.c:1.5 src/sys/dev/sdmmc/sbt.c:1.6 --- src/sys/dev/sdmmc/sbt.c:1.5 Thu Jul 14 04:00:46 2016 +++ src/sys/dev/sdmmc/sbt.c Wed Apr 18 14:56:35 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: sbt.c,v 1.5 2016/07/14 04:00:46 msaitoh Exp $ */ +/* $NetBSD: sbt.c,v 1.6 2018/04/18 14:56:35 maxv Exp $ */ /* $OpenBSD: sbt.c,v 1.9 2007/06/19 07:59:57 uwe Exp $ */ /* @@ -20,7 +20,7 @@ /* Driver for Type-A/B SDIO Bluetooth cards */ #include -__KERNEL_RCSID(0, "$NetBSD: sbt.c,v 1.5 2016/07/14 04:00:46 msaitoh Exp $"); +__KERNEL_RCSID(0, "$NetBSD: sbt.c,v 1.6 2018/04/18 14:56:35 maxv Exp $"); #include #include @@ -357,7 +357,7 @@ sbt_intr(void *arg) m->m_len = MIN(MHLEN, m->m_pkthdr.len); } else { DPRINTF(("%s: sbt_intr: m_copyback failed\n", DEVNAME(sc))); - m_free(m); + m_freem(m); m = NULL; } @@ -383,7 +383,7 @@ eoi: DPRINTF(("%s: recv 0x%x packet (%d bytes)\n", DEVNAME(sc), sc->sc_buf[0], m->m_pkthdr.len)); sc->sc_stats.err_rx++; - m_free(m); + m_freem(m); break; } } else
CVS commit: [netbsd-8] src/doc
Module Name:src Committed By: martin Date: Wed Apr 18 14:50:39 UTC 2018 Modified Files: src/doc [netbsd-8]: CHANGES-8.0 Log Message: Tickets #774 - #780, and #60. To generate a diff of this commit: cvs rdiff -u -r1.1.2.186 -r1.1.2.187 src/doc/CHANGES-8.0 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/doc
Module Name:src Committed By: martin Date: Wed Apr 18 14:50:39 UTC 2018 Modified Files: src/doc [netbsd-8]: CHANGES-8.0 Log Message: Tickets #774 - #780, and #60. To generate a diff of this commit: cvs rdiff -u -r1.1.2.186 -r1.1.2.187 src/doc/CHANGES-8.0 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-8.0 diff -u src/doc/CHANGES-8.0:1.1.2.186 src/doc/CHANGES-8.0:1.1.2.187 --- src/doc/CHANGES-8.0:1.1.2.186 Tue Apr 17 16:03:36 2018 +++ src/doc/CHANGES-8.0 Wed Apr 18 14:50:39 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-8.0,v 1.1.2.186 2018/04/17 16:03:36 martin Exp $ +# $NetBSD: CHANGES-8.0,v 1.1.2.187 2018/04/18 14:50:39 martin Exp $ A complete list of changes from the initial NetBSD 8.0 branch on 2017-06-04 until the 8.0 release: @@ -13019,4 +13019,88 @@ sys/netipsec/ipsec_mbuf.c 1.23,1.24 Fix a pretty bad mistake (IPsec DoS). [maxv, ticket #773] +crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h (patch) +crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c (patch) +crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c (patch) +crypto/external/bsd/openssl/dist/crypto/bn/asm/rsaz-avx2.pl (patch) +crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-mont5.pl (patch) +crypto/external/bsd/openssl/dist/crypto/rsa/rsa_gen.c 1.2 (patch) +crypto/external/bsd/openssl/dist/crypto/x509v3/v3_addr.c (patch) +crypto/external/bsd/openssl/dist/ssl/ssl.h (patch) +crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/rsaz-avx2.S (regen) +crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/x86_64-mont5.S (regen) + + Apply upstream fixes for CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, + CVE-2017-3738, CVE-2018-0737, CVE-2018-0739. + [christos, ticket #774] + +external/gpl3/gcc/dist/gcc/genattrtab.c 1.2 +tools/Makefile.gnuhost1.46-1.48 + + Remove hack previously needed to build gcc/arm with clang. + Apply upstream fix to not generate too many superflous + paranthesis, gcc/arm exceeds the clang limit. + [maya, ticket #775] + +sys/netipsec/key.c1.251-1.253 +sys/netipsec/keydb.h1.22 + + Improve the lookup of IPsec SAs. + [yamaguchi, ticket #776] + +sys/net/if_bridge.c1.150-1.154 +sys/net/if_bridgevar.h1.32 +tests/net/if_bridge/t_rtable.sh 1.3 + + Remove obsolete NULL checks. + Simplify bridge_rtnode_insert. + Use pslist(9) for rtlist and rthash. + Add a test that checks if brconfig flush surely removes all entries. + Add missing PSLIST_ENTRY_INIT and PSLIST_ENTRY_DESTROY. + [ozaki-r, ticket #777] + +sys/arch/x86/include/specialreg.h 1.118,1.119 + + From the latest Intel SDM: + - Add Intel Fn_0006 %eax new bit 14-20 (HWP stuff). + - Intel Fn_0007 %ecx bit 22 is for both RDPID and IA32_TSC_AUX. + Add Some bit definitions of AMD Fn8001 %edx: + - MMX + - FXSR + [msaitoh, ticket #778] + +sys/net/if_pppoe.c1.135,1.136 + + Sysctl net.pppoe.term_unknown can be written safely now. + Fix sending PADT to unexpected hosts when net.pppoe.term_unknown + is enabled. + [knakahara, ticket #779] + +sys/dev/pci/pcidevs1.1328-1.1330 +sys/dev/pci/pcidevs.h(regen) +sys/dev/pci/pcidevs_data.h (regen) + + Add some 8th Generation Intel Core Processor devices. + Add Intel SSD 760p. + Add some NVMe devices. + [nonaka, ticket #780] + +sys/arch/amd64/conf/GENERIC +sys/arch/amd64/conf/XEN3_DOM0 +sys/arch/amd64/conf/XEN3_DOMU +sys/arch/cobalt/conf/GENERIC +sys/arch/evbarm/conf/BEAGLEBONE +sys/arch/evbarm/conf/BEAGLEBOARD +sys/arch/evbarm/conf/BEAGLEBOARDXM +sys/arch/evbarm/conf/GENERIC.common +sys/arch/i386/conf/GENERIC +sys/arch/i386/conf/XEN3_DOM0 +sys/arch/i386/conf/XEN3_DOMU +sys/arch/mvmeppc/conf/GENERIC +sys/arch/shark/conf/GENERIC +sys/arch/sparc64/conf/GENERIC +sys/arch/zaurus/conf/GENERIC + + Remove options DIAGNOSTIC again. + [snj, ticket #60]
CVS commit: src/doc
Module Name:src Committed By: maxv Date: Wed Apr 18 14:47:12 UTC 2018 Modified Files: src/doc: CHANGES.prev Log Message: mention SVS, retpoline, SMAP To generate a diff of this commit: cvs rdiff -u -r1.138 -r1.139 src/doc/CHANGES.prev Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/doc
Module Name:src Committed By: maxv Date: Wed Apr 18 14:47:12 UTC 2018 Modified Files: src/doc: CHANGES.prev Log Message: mention SVS, retpoline, SMAP To generate a diff of this commit: cvs rdiff -u -r1.138 -r1.139 src/doc/CHANGES.prev Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES.prev diff -u src/doc/CHANGES.prev:1.138 src/doc/CHANGES.prev:1.139 --- src/doc/CHANGES.prev:1.138 Mon Mar 5 11:24:35 2018 +++ src/doc/CHANGES.prev Wed Apr 18 14:47:11 2018 @@ -1,4 +1,4 @@ -LIST OF CHANGES FROM PREVIOUS RELEASES: <$Revision: 1.138 $> +LIST OF CHANGES FROM PREVIOUS RELEASES: <$Revision: 1.139 $> Changes from 386bsd 0.1 + patchkit 0.2.2 to NetBSD 0.8: @@ -12226,3 +12226,6 @@ Changes from NetBSD 7.0 to NetBSD 8.0: opencrypto(9): Complete MP-ification [knakahara 20170731] ipsec(4): Make it MP-safe [ozaki-r 20170809] evbmips: Merge sbmips port into evbmips. [mrg 20170815] + amd64: Backport SVS (Meltdown mitigation). [maxv 20180404] + x86: Backport retpoline (SpectreV2 mitigation). [mrg 20180411] + amd64: Backport SMAP. [maxv 20180414]
CVS commit: [netbsd-8] src/sys/arch
Module Name:src Committed By: martin Date: Wed Apr 18 14:45:09 UTC 2018 Modified Files: src/sys/arch/amd64/conf [netbsd-8]: GENERIC XEN3_DOM0 XEN3_DOMU src/sys/arch/cobalt/conf [netbsd-8]: GENERIC src/sys/arch/evbarm/conf [netbsd-8]: BEAGLEBOARD BEAGLEBOARDXM BEAGLEBONE GENERIC.common src/sys/arch/i386/conf [netbsd-8]: GENERIC XEN3_DOM0 XEN3_DOMU src/sys/arch/mvmeppc/conf [netbsd-8]: GENERIC src/sys/arch/shark/conf [netbsd-8]: GENERIC src/sys/arch/sparc64/conf [netbsd-8]: GENERIC src/sys/arch/zaurus/conf [netbsd-8]: GENERIC Log Message: Requested by skrll in ticket #60: sys/arch/amd64/conf/GENERIC sys/arch/amd64/conf/XEN3_DOM0 sys/arch/amd64/conf/XEN3_DOMU sys/arch/cobalt/conf/GENERIC sys/arch/evbarm/conf/BEAGLEBONE sys/arch/evbarm/conf/BEAGLEBOARD sys/arch/evbarm/conf/BEAGLEBOARDXM sys/arch/evbarm/conf/GENERIC.common sys/arch/i386/conf/GENERIC sys/arch/i386/conf/XEN3_DOM0 sys/arch/i386/conf/XEN3_DOMU sys/arch/mvmeppc/conf/GENERIC sys/arch/shark/conf/GENERIC sys/arch/sparc64/conf/GENERIC sys/arch/zaurus/conf/GENERIC Remove option DIAGNOSTIC. To generate a diff of this commit: cvs rdiff -u -r1.459.2.8 -r1.459.2.9 src/sys/arch/amd64/conf/GENERIC cvs rdiff -u -r1.135.4.6 -r1.135.4.7 src/sys/arch/amd64/conf/XEN3_DOM0 cvs rdiff -u -r1.75.2.3 -r1.75.2.4 src/sys/arch/amd64/conf/XEN3_DOMU cvs rdiff -u -r1.151.8.3 -r1.151.8.4 src/sys/arch/cobalt/conf/GENERIC cvs rdiff -u -r1.61.6.2 -r1.61.6.3 src/sys/arch/evbarm/conf/BEAGLEBOARD cvs rdiff -u -r1.23.6.3 -r1.23.6.4 src/sys/arch/evbarm/conf/BEAGLEBOARDXM cvs rdiff -u -r1.42.2.3 -r1.42.2.4 src/sys/arch/evbarm/conf/BEAGLEBONE cvs rdiff -u -r1.18.6.3 -r1.18.6.4 src/sys/arch/evbarm/conf/GENERIC.common cvs rdiff -u -r1.1156.2.8 -r1.1156.2.9 src/sys/arch/i386/conf/GENERIC cvs rdiff -u -r1.112.4.7 -r1.112.4.8 src/sys/arch/i386/conf/XEN3_DOM0 cvs rdiff -u -r1.77.2.5 -r1.77.2.6 src/sys/arch/i386/conf/XEN3_DOMU cvs rdiff -u -r1.27.6.2 -r1.27.6.3 src/sys/arch/mvmeppc/conf/GENERIC cvs rdiff -u -r1.127.6.2 -r1.127.6.3 src/sys/arch/shark/conf/GENERIC cvs rdiff -u -r1.198.6.4 -r1.198.6.5 src/sys/arch/sparc64/conf/GENERIC cvs rdiff -u -r1.73.6.2 -r1.73.6.3 src/sys/arch/zaurus/conf/GENERIC Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/amd64/conf/GENERIC diff -u src/sys/arch/amd64/conf/GENERIC:1.459.2.8 src/sys/arch/amd64/conf/GENERIC:1.459.2.9 --- src/sys/arch/amd64/conf/GENERIC:1.459.2.8 Wed Apr 11 14:23:30 2018 +++ src/sys/arch/amd64/conf/GENERIC Wed Apr 18 14:45:08 2018 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.459.2.8 2018/04/11 14:23:30 martin Exp $ +# $NetBSD: GENERIC,v 1.459.2.9 2018/04/18 14:45:08 martin Exp $ # # GENERIC machine description file # @@ -22,7 +22,7 @@ include "arch/amd64/conf/std.amd64" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.459.2.8 $" +#ident "GENERIC-$Revision: 1.459.2.9 $" maxusers 64 # estimated number of users @@ -94,7 +94,7 @@ options PMC # performance-monitoring c options BUFQ_PRIOCSCAN # Diagnostic/debugging support options -options DIAGNOSTIC # inexpensive kernel consistency checks +#options DIAGNOSTIC # inexpensive kernel consistency checks # XXX to be commented out on release branch #options DEBUG # expensive debugging checks/support #options LOCKDEBUG # expensive locking checks/support Index: src/sys/arch/amd64/conf/XEN3_DOM0 diff -u src/sys/arch/amd64/conf/XEN3_DOM0:1.135.4.6 src/sys/arch/amd64/conf/XEN3_DOM0:1.135.4.7 --- src/sys/arch/amd64/conf/XEN3_DOM0:1.135.4.6 Mon Feb 5 15:14:00 2018 +++ src/sys/arch/amd64/conf/XEN3_DOM0 Wed Apr 18 14:45:08 2018 @@ -1,4 +1,4 @@ -# $NetBSD: XEN3_DOM0,v 1.135.4.6 2018/02/05 15:14:00 martin Exp $ +# $NetBSD: XEN3_DOM0,v 1.135.4.7 2018/04/18 14:45:08 martin Exp $ include "arch/amd64/conf/std.xen" @@ -52,7 +52,7 @@ options SYSCTL_INCLUDE_DESCR # Include options BUFQ_PRIOCSCAN # Diagnostic/debugging support options -options DIAGNOSTIC # inexpensive kernel consistency checks +#options DIAGNOSTIC # inexpensive kernel consistency checks #options DEBUG # expensive debugging checks/support options DDB # in-kernel debugger options DDB_ONPANIC=1 # see also sysctl(7): `ddb.onpanic' Index: src/sys/arch/amd64/conf/XEN3_DOMU diff -u src/sys/arch/amd64/conf/XEN3_DOMU:1.75.2.3 src/sys/arch/amd64/conf/XEN3_DOMU:1.75.2.4 --- src/sys/arch/amd64/conf/XEN3_DOMU:1.75.2.3 Fri Jan 26 14:28:15 2018 +++ src/sys/arch/amd64/conf/XEN3_DOMU Wed Apr 18 14:45:08 2018 @@ -1,4 +1,4 @@ -# $NetBSD: XEN3_DOMU,v 1.75.2.3 2018/01/26 14:28:15 martin Exp $ +# $NetBSD: XEN3_DOMU,v 1.75.2.4 2018/04/18 14:45:08 martin Exp $ include "arch/amd64/conf/std.xen" @@ -44,7 +44,7 @@ options SYSCTL_INCLUDE_DESCR # Include
CVS commit: [netbsd-8] src/sys/arch
Module Name:src Committed By: martin Date: Wed Apr 18 14:45:09 UTC 2018 Modified Files: src/sys/arch/amd64/conf [netbsd-8]: GENERIC XEN3_DOM0 XEN3_DOMU src/sys/arch/cobalt/conf [netbsd-8]: GENERIC src/sys/arch/evbarm/conf [netbsd-8]: BEAGLEBOARD BEAGLEBOARDXM BEAGLEBONE GENERIC.common src/sys/arch/i386/conf [netbsd-8]: GENERIC XEN3_DOM0 XEN3_DOMU src/sys/arch/mvmeppc/conf [netbsd-8]: GENERIC src/sys/arch/shark/conf [netbsd-8]: GENERIC src/sys/arch/sparc64/conf [netbsd-8]: GENERIC src/sys/arch/zaurus/conf [netbsd-8]: GENERIC Log Message: Requested by skrll in ticket #60: sys/arch/amd64/conf/GENERIC sys/arch/amd64/conf/XEN3_DOM0 sys/arch/amd64/conf/XEN3_DOMU sys/arch/cobalt/conf/GENERIC sys/arch/evbarm/conf/BEAGLEBONE sys/arch/evbarm/conf/BEAGLEBOARD sys/arch/evbarm/conf/BEAGLEBOARDXM sys/arch/evbarm/conf/GENERIC.common sys/arch/i386/conf/GENERIC sys/arch/i386/conf/XEN3_DOM0 sys/arch/i386/conf/XEN3_DOMU sys/arch/mvmeppc/conf/GENERIC sys/arch/shark/conf/GENERIC sys/arch/sparc64/conf/GENERIC sys/arch/zaurus/conf/GENERIC Remove option DIAGNOSTIC. To generate a diff of this commit: cvs rdiff -u -r1.459.2.8 -r1.459.2.9 src/sys/arch/amd64/conf/GENERIC cvs rdiff -u -r1.135.4.6 -r1.135.4.7 src/sys/arch/amd64/conf/XEN3_DOM0 cvs rdiff -u -r1.75.2.3 -r1.75.2.4 src/sys/arch/amd64/conf/XEN3_DOMU cvs rdiff -u -r1.151.8.3 -r1.151.8.4 src/sys/arch/cobalt/conf/GENERIC cvs rdiff -u -r1.61.6.2 -r1.61.6.3 src/sys/arch/evbarm/conf/BEAGLEBOARD cvs rdiff -u -r1.23.6.3 -r1.23.6.4 src/sys/arch/evbarm/conf/BEAGLEBOARDXM cvs rdiff -u -r1.42.2.3 -r1.42.2.4 src/sys/arch/evbarm/conf/BEAGLEBONE cvs rdiff -u -r1.18.6.3 -r1.18.6.4 src/sys/arch/evbarm/conf/GENERIC.common cvs rdiff -u -r1.1156.2.8 -r1.1156.2.9 src/sys/arch/i386/conf/GENERIC cvs rdiff -u -r1.112.4.7 -r1.112.4.8 src/sys/arch/i386/conf/XEN3_DOM0 cvs rdiff -u -r1.77.2.5 -r1.77.2.6 src/sys/arch/i386/conf/XEN3_DOMU cvs rdiff -u -r1.27.6.2 -r1.27.6.3 src/sys/arch/mvmeppc/conf/GENERIC cvs rdiff -u -r1.127.6.2 -r1.127.6.3 src/sys/arch/shark/conf/GENERIC cvs rdiff -u -r1.198.6.4 -r1.198.6.5 src/sys/arch/sparc64/conf/GENERIC cvs rdiff -u -r1.73.6.2 -r1.73.6.3 src/sys/arch/zaurus/conf/GENERIC Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/doc
Module Name:src Committed By: maxv Date: Wed Apr 18 14:42:16 UTC 2018 Modified Files: src/doc: CHANGES Log Message: mention meltdown/spectre fixes To generate a diff of this commit: cvs rdiff -u -r1.2381 -r1.2382 src/doc/CHANGES Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES diff -u src/doc/CHANGES:1.2381 src/doc/CHANGES:1.2382 --- src/doc/CHANGES:1.2381 Sun Apr 15 19:48:44 2018 +++ src/doc/CHANGES Wed Apr 18 14:42:16 2018 @@ -1,4 +1,4 @@ -# LIST OF CHANGES FROM LAST RELEASE: <$Revision: 1.2381 $> +# LIST OF CHANGES FROM LAST RELEASE: <$Revision: 1.2382 $> # # # [Note: This file does not mention every change made to the NetBSD source tree. @@ -122,6 +122,7 @@ Changes from NetBSD 8.0 to NetBSD 9.0: mdnsd(8), dns-sd(1), libdns_sd: import mDNSResponder 878.30.4 [christos 20180225] macppc: Remove macofcons(4). [sevan 20180226] + amd64: Add SVS (Meltdown mitigation). [maxv 20180226] imcsmb(4): For amd64 and i386 on Intel {Ivy,Sandy}bridge and {Broad,Has}well CPUs, enable access to Integrated Memory Controller-based SMBus [pgoyette 20170228] @@ -132,6 +133,8 @@ Changes from NetBSD 8.0 to NetBSD 9.0: tzdata: updated to 2017d [kre 20180324] dhcpcd: Import 7.0.2. [roy 20180327] aarch64: Add initial support for aarch64. [ryo 20180401] + amd64: Add SpectreV2 mitigations, based on IBRS and the DIS_IND + bit. [maxv 20180404] dhcpcd: Import 7.0.3. [roy 20180406] OpenSSH: Imported 7.7. [christos 20180406] OpenSSL: Imported 1.1.0h. [christos 20180406] @@ -139,6 +142,7 @@ Changes from NetBSD 8.0 to NetBSD 9.0: acpi(4): Updated ACPICA to 20180313. [christos 20180407] dhcp: Import version 4.4.1 (move to MPL). [christos 20180407] bind: Import version 9.10.7. [christos 20180407] + x86: Enable retpoline by default (SpectreV2 mitigation). [mrg 20180408] ichsmb(4): Add Intel 300 series chipset support. [msaitoh 20180409] wm(4): Enable I219 support. [msaitoh 20180413] puc(4): Add Intel 300 series chipset support. [msaitoh 20180413]
CVS commit: src/doc
Module Name:src Committed By: maxv Date: Wed Apr 18 14:42:16 UTC 2018 Modified Files: src/doc: CHANGES Log Message: mention meltdown/spectre fixes To generate a diff of this commit: cvs rdiff -u -r1.2381 -r1.2382 src/doc/CHANGES Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/dev/pci
Module Name:src Committed By: martin Date: Wed Apr 18 14:21:50 UTC 2018 Modified Files: src/sys/dev/pci [netbsd-8]: pcidevs.h pcidevs_data.h Log Message: regen for ticket #780 To generate a diff of this commit: cvs rdiff -u -r1.1281.2.5 -r1.1281.2.6 src/sys/dev/pci/pcidevs.h cvs rdiff -u -r1.1280.2.5 -r1.1280.2.6 src/sys/dev/pci/pcidevs_data.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. diffs are larger than 1MB and have been omitted
CVS commit: [netbsd-8] src/sys/dev/pci
Module Name:src Committed By: martin Date: Wed Apr 18 14:21:50 UTC 2018 Modified Files: src/sys/dev/pci [netbsd-8]: pcidevs.h pcidevs_data.h Log Message: regen for ticket #780 To generate a diff of this commit: cvs rdiff -u -r1.1281.2.5 -r1.1281.2.6 src/sys/dev/pci/pcidevs.h cvs rdiff -u -r1.1280.2.5 -r1.1280.2.6 src/sys/dev/pci/pcidevs_data.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/dev/pci
Module Name:src Committed By: martin Date: Wed Apr 18 14:20:26 UTC 2018 Modified Files: src/sys/dev/pci [netbsd-8]: pcidevs Log Message: Pull up following revision(s) (requested by nonaka in ticket #780): sys/dev/pci/pcidevs: revision 1.1328-1.1330 Add some 8th Generation Intel Core Processor devices. Add Intel SSD 760p. Added some NVMe devices. To generate a diff of this commit: cvs rdiff -u -r1.1289.2.5 -r1.1289.2.6 src/sys/dev/pci/pcidevs Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/dev/pci
Module Name:src Committed By: martin Date: Wed Apr 18 14:20:26 UTC 2018 Modified Files: src/sys/dev/pci [netbsd-8]: pcidevs Log Message: Pull up following revision(s) (requested by nonaka in ticket #780): sys/dev/pci/pcidevs: revision 1.1328-1.1330 Add some 8th Generation Intel Core Processor devices. Add Intel SSD 760p. Added some NVMe devices. To generate a diff of this commit: cvs rdiff -u -r1.1289.2.5 -r1.1289.2.6 src/sys/dev/pci/pcidevs Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dev/pci/pcidevs diff -u src/sys/dev/pci/pcidevs:1.1289.2.5 src/sys/dev/pci/pcidevs:1.1289.2.6 --- src/sys/dev/pci/pcidevs:1.1289.2.5 Sat Apr 14 10:32:05 2018 +++ src/sys/dev/pci/pcidevs Wed Apr 18 14:20:25 2018 @@ -1,4 +1,4 @@ -$NetBSD: pcidevs,v 1.1289.2.5 2018/04/14 10:32:05 martin Exp $ +$NetBSD: pcidevs,v 1.1289.2.6 2018/04/18 14:20:25 martin Exp $ /* * Copyright (c) 1995, 1996 Christopher G. Demetriou @@ -645,6 +645,8 @@ vendor MARVELL2 0x1b4b Marvell vendor FRESCO 0x1b73 Fresco Logic vendor QINHENG2 0x1c00 Nanjing QinHeng Electronics (PCIe) vendor SYMPHONY2 0x1c1c Symphony Labs (2nd PCI Vendor ID) +vendor HGST 0x1c58 HGST, Inc. +vendor BEIJING_MEMBLAZE 0x1c5f Beijing Memblaze Technology Co. Ltd. vendor TEKRAM2 0x1de1 Tekram Technology (2nd PCI Vendor ID) vendor SUNIX2 0x1fd4 SUNIX Co vendor HINT 0x3388 HiNT @@ -1742,6 +1744,9 @@ product BBELEC ISOLATED_2_PORT 0x4212 d product BBELEC ISOLATED_4_PORT 0x4214 quad-channel Isolated RS-485 PCI UART product BBELEC ISOLATED_8_PORT 0x4218 octal-channel Isolated RS-485 PCI UART +/* Beijing Memblaze Technology Co. Ltd. products */ +product BEIJING_MEMBLAZE PBLAZE4 0x0540 PBlaze4 NVMe SSD + /* Belkin products */ product BELKIN F5D6001 0x6001 F5D6001 product BELKIN F5D6020V3 0x6020 F5D6020v3 802.11b @@ -2631,6 +2636,10 @@ product HP ILO3_SLAVE 0x3306 iLO3 Slave product HP ILO3_MGMT 0x3307 iLO3 Management product HP RS780_PPB_GFX 0x9602 (AMD) RS780 PCI-PCI Bridge (int gfx) +/* HGST Inc. products */ +product HGST SN100 0x0003 Ultrastar SN100 Series NVMe SSD +product HGST SN200 0x0023 Ultrastar SN200 Series NVMe SSD + /* Hifn products */ product HIFN 7751 0x0005 7751 product HIFN 6500 0x0006 6500 @@ -4469,6 +4478,11 @@ product INTEL E5_UNICAST 0x3ce8 E5 Unica product INTEL E5_SAD_1 0x3cf4 E5 SAD product INTEL E5_BROADCAST 0x3cf5 E5 Broadcast product INTEL E5_SAD_2 0x3cf6 E5 SAD +product INTEL CORE8G_S_HOST_DRAM_4C 0x3e1f Core 8G (S) Host Bridge, DRAM +product INTEL CORE8G_S_HOST_DRAM_6C 0x3ec2 Core 8G (S) Host Bridge, DRAM +product INTEL CORE8G_PCIE_X16 0x3e81 Core 8G (S) PCIe x16 +product INTEL CORE8G_PCIE_X8 0x3e85 Core 8G (S) PCIe x16 +product INTEL CORE8G_PCIE_X4 0x3e89 Core 8G (S) PCIe x16 product INTEL COFLK_IGD_1 0x3e90 UHD Graphics 610 product INTEL COFLK_IGD_2 0x3e91 UHD Graphics 630 product INTEL COFLK_IGD_3 0x3e92 UHD Graphics 630 @@ -5286,6 +5300,7 @@ product INTEL CP_SS_REGS 0xd156 Core Pro product INTEL CP_SCS_REGS 0xd157 Core Processor System Control and Status Registers product INTEL CP_MISC_REGS 0xd158 Core Processor Miscellaneous Registers product INTEL HANKSVILLE 0xf0fe HANKSVILLE LAN Controller +product INTEL SSD_760P 0xf1a6 SSD 760p /* Intergraph products */ product INTERGRAPH 4D60T 0x00e3 Powerstorm 4D60T @@ -6610,6 +6625,8 @@ product SAFENET SAFEXCEL 0x1141 SafeXcel product SAMSUNGELEC3 XP941 0xa800 XP941 M.2 SSD product SAMSUNGELEC3 SM951 0xa801 SM951 M.2 SSD product SAMSUNGELEC3 SM951_NVME 0xa802 SM951 M.2 NVMe SSD +product SAMSUNGELEC3 172X 0xa821 NVMe SSD Controller 172X +product SAMSUNGELEC3 172XAB 0xa822 NVMe SSD Controller 172Xa/172Xb /* Samsung Semiconductor products */ product SAMSUNGSEMI KS8920 0x8920 KS8920 10/100 Ethernet
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Apr 18 14:16:57 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_pppoe.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #779): sys/net/if_pppoe.c: revision 1.135,1.136 net.pppoe.term_unknown can be written safely now. Fix sending PADT to unexpected hosts when net.pppoe.term_unknown is enabled. To generate a diff of this commit: cvs rdiff -u -r1.125.6.6 -r1.125.6.7 src/sys/net/if_pppoe.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Apr 18 14:16:57 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_pppoe.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #779): sys/net/if_pppoe.c: revision 1.135,1.136 net.pppoe.term_unknown can be written safely now. Fix sending PADT to unexpected hosts when net.pppoe.term_unknown is enabled. To generate a diff of this commit: cvs rdiff -u -r1.125.6.6 -r1.125.6.7 src/sys/net/if_pppoe.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_pppoe.c diff -u src/sys/net/if_pppoe.c:1.125.6.6 src/sys/net/if_pppoe.c:1.125.6.7 --- src/sys/net/if_pppoe.c:1.125.6.6 Thu Mar 8 13:22:25 2018 +++ src/sys/net/if_pppoe.c Wed Apr 18 14:16:57 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_pppoe.c,v 1.125.6.6 2018/03/08 13:22:25 martin Exp $ */ +/* $NetBSD: if_pppoe.c,v 1.125.6.7 2018/04/18 14:16:57 martin Exp $ */ /*- * Copyright (c) 2002, 2008 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.125.6.6 2018/03/08 13:22:25 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.125.6.7 2018/04/18 14:16:57 martin Exp $"); #ifdef _KERNEL_OPT #include "pppoe.h" @@ -63,6 +63,7 @@ __KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v #include #include #include +#include #include @@ -236,6 +237,7 @@ static int pppoe_clone_create(struct if_ static int pppoe_clone_destroy(struct ifnet *); static bool pppoe_term_unknown = false; +static int pppoe_term_unknown_pps = 1; static struct sysctllog *pppoe_sysctl_clog; static void sysctl_net_pppoe_setup(struct sysctllog **); @@ -951,6 +953,16 @@ pppoe_disc_input(struct mbuf *m) m_freem(m); } +static bool +pppoe_is_my_frame(uint8_t *dhost, struct ifnet *rcvif) +{ + + if (memcmp(CLLADDR(rcvif->if_sadl), dhost, ETHER_ADDR_LEN) == 0) + return true; + + return false; +} + static void pppoe_data_input(struct mbuf *m) { @@ -960,12 +972,17 @@ pppoe_data_input(struct mbuf *m) struct ifnet *rcvif; struct psref psref; uint8_t shost[ETHER_ADDR_LEN]; + uint8_t dhost[ETHER_ADDR_LEN]; + bool term_unknown = pppoe_term_unknown; KASSERT(m->m_flags & M_PKTHDR); - if (pppoe_term_unknown) + if (term_unknown) { memcpy(shost, mtod(m, struct ether_header*)->ether_shost, ETHER_ADDR_LEN); + memcpy(dhost, mtod(m, struct ether_header*)->ether_dhost, + ETHER_ADDR_LEN); + } m_adj(m, sizeof(struct ether_header)); if (m->m_pkthdr.len <= PPPOE_HEADERLEN) { printf("pppoe (data): dropping too short packet: %d bytes\n", @@ -996,10 +1013,21 @@ pppoe_data_input(struct mbuf *m) goto drop; sc = pppoe_find_softc_by_session(session, rcvif, RW_READER); if (sc == NULL) { - if (pppoe_term_unknown) { - printf("pppoe: input for unknown session %#x, " - "sending PADT\n", session); - pppoe_send_padt(rcvif, session, shost); + if (term_unknown) { + static struct timeval lasttime = {0, 0}; + static int curpps = 0; + /* + * avoid to send wrong PADT which is response from + * session stage pakcets for other hosts when parent + * ethernet is promiscuous mode. + */ + if (pppoe_is_my_frame(dhost, rcvif) + && ppsratecheck(, , +pppoe_term_unknown_pps)) { +printf("pppoe: input for unknown session %#x, " +"sending PADT\n", session); +pppoe_send_padt(rcvif, session, shost); + } } m_put_rcvif_psref(rcvif, ); goto drop; @@ -1941,7 +1969,7 @@ sysctl_net_pppoe_setup(struct sysctllog return; sysctl_createv(clog, 0, , NULL, - CTLFLAG_PERMANENT | CTLFLAG_READONLY, + CTLFLAG_PERMANENT | CTLFLAG_READWRITE, CTLTYPE_BOOL, "term_unknown", SYSCTL_DESCR("Terminate unknown sessions"), NULL, 0, _term_unknown, sizeof(pppoe_term_unknown),
CVS commit: [netbsd-8] src/sys/arch/x86/include
Module Name:src Committed By: martin Date: Wed Apr 18 14:14:17 UTC 2018 Modified Files: src/sys/arch/x86/include [netbsd-8]: specialreg.h Log Message: Pull up following revision(s) (requested by msaitoh in ticket #778): sys/arch/x86/include/specialreg.h: revision 1.118,1.119 From the latest Intel SDM: - Add Intel Fn_0006 %eax new bit 14-20 (HWP stuff). - Intel Fn_0007 %ecx bit 22 is for both RDPID and IA32_TSC_AUX. Add Some bit definitions of AMD Fn8001 %edx: - MMX - FXSR To generate a diff of this commit: cvs rdiff -u -r1.98.2.3 -r1.98.2.4 src/sys/arch/x86/include/specialreg.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/x86/include/specialreg.h diff -u src/sys/arch/x86/include/specialreg.h:1.98.2.3 src/sys/arch/x86/include/specialreg.h:1.98.2.4 --- src/sys/arch/x86/include/specialreg.h:1.98.2.3 Sat Mar 31 10:51:05 2018 +++ src/sys/arch/x86/include/specialreg.h Wed Apr 18 14:14:17 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: specialreg.h,v 1.98.2.3 2018/03/31 10:51:05 martin Exp $ */ +/* $NetBSD: specialreg.h,v 1.98.2.4 2018/04/18 14:14:17 martin Exp $ */ /*- * Copyright (c) 1991 The Regents of the University of California. @@ -300,12 +300,19 @@ #define CPUID_DSPM_HWP_PLR __BIT(11) /* HWP Package Level Request */ #define CPUID_DSPM_HDC __BIT(13) /* Hardware Duty Cycling */ #define CPUID_DSPM_TBMT3 __BIT(14) /* Turbo Boost Max Technology 3.0 */ +#define CPUID_DSPM_HWP_CAP__BIT(15) /* HWP Capabilities */ +#define CPUID_DSPM_HWP_PECI __BIT(16) /* HWP PECI override */ +#define CPUID_DSPM_HWP_FLEX __BIT(17) /* Flexible HWP */ +#define CPUID_DSPM_HWP_FAST __BIT(18) /* Fast access for IA32_HWP_REQUEST */ +#define CPUID_DSPM_HWP_IGNIDL __BIT(20) /* Ignore Idle Logical Processor HWP */ #define CPUID_DSPM_FLAGS "\20" \ "\1" "DTS" "\2" "IDA" "\3" "ARAT" \ "\5" "PLN" "\6" "ECMD" "\7" "PTM" "\10" "HWP" \ "\11" "HWP_NOTIFY" "\12" "HWP_ACTWIN" "\13" "HWP_EPP" "\14" "HWP_PLR" \ - "\16" "HDC" "\17" "TBM3" + "\16" "HDC" "\17" "TBM3" "\20" "HWP_CAP" \ + "\21" "HWP_PECI" "\22" "HWP_FLEX" "\23" "HWP_FAST" \ + "25" "HWP_IGNIDL" /* * Intel Digital Thermal Sensor and @@ -381,7 +388,7 @@ #define CPUID_SEF_AVX512_VNNI __BIT(11) /* Vector neural Network Instruction */ #define CPUID_SEF_AVX512_BITALG __BIT(12) #define CPUID_SEF_AVX512_VPOPCNTDQ __BIT(14) -#define CPUID_SEF_RDPID __BIT(22) /* ReaD Processor ID */ +#define CPUID_SEF_RDPID __BIT(22) /* RDPID and IA32_TSC_AUX */ #define CPUID_SEF_SGXLC __BIT(30) /* SGX Launch Configuration */ #define CPUID_SEF_FLAGS1 "\20" \ @@ -491,6 +498,8 @@ #define CPUID_MPC 0x0008 /* Multiprocessing Capable */ #define CPUID_NOX 0x0010 /* No Execute Page Protection */ #define CPUID_MMXX 0x0040 /* AMD MMX Extensions */ +/* CPUID_MMX MMX supported */ +/* CPUID_FXSR fast FP/MMX save/restore */ #define CPUID_FFXSR 0x0200 /* FXSAVE/FXSTOR Extensions */ /* CPUID_P1GB 1GB Large Page Support */ /* CPUID_RDTSCP Read TSC Pair Instruction */ @@ -499,9 +508,11 @@ #define CPUID_3DNOW 0x8000 /* 3DNow! Instructions */ #define CPUID_EXT_FLAGS "\20" \ - "\14" "SYSCALL/SYSRET" "\24" "MPC" "\25" "NOX" \ - "\27" "MMXX" "\32" "FFXSR" "\33" "P1GB" "\34" "RDTSCP" \ - "\36" "LONG" "\37" "3DNOW2" "\40" "3DNOW" + "\14" "SYSCALL/SYSRET" \ + "\24" "MPC" \ + "\25" "NOX" "\27" "MMXX" "\30" "MMX" \ + "\31" "FXSR" "\32" "FFXSR" "\33" "P1GB" "\34" "RDTSCP" \ + "\36" "LONG" "\37" "3DNOW2" "\40" "3DNOW" /* AMD Fn8001 extended features - %ecx */ /* CPUID_LAHF LAHF/SAHF instruction */
CVS commit: [netbsd-8] src/sys/arch/x86/include
Module Name:src Committed By: martin Date: Wed Apr 18 14:14:17 UTC 2018 Modified Files: src/sys/arch/x86/include [netbsd-8]: specialreg.h Log Message: Pull up following revision(s) (requested by msaitoh in ticket #778): sys/arch/x86/include/specialreg.h: revision 1.118,1.119 From the latest Intel SDM: - Add Intel Fn_0006 %eax new bit 14-20 (HWP stuff). - Intel Fn_0007 %ecx bit 22 is for both RDPID and IA32_TSC_AUX. Add Some bit definitions of AMD Fn8001 %edx: - MMX - FXSR To generate a diff of this commit: cvs rdiff -u -r1.98.2.3 -r1.98.2.4 src/sys/arch/x86/include/specialreg.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src
Module Name:src Committed By: martin Date: Wed Apr 18 14:11:43 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_bridge.c if_bridgevar.h src/tests/net/if_bridge [netbsd-8]: t_rtable.sh Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #777): tests/net/if_bridge/t_rtable.sh: revision 1.3 sys/net/if_bridge.c: revision 1.150-1.154 sys/net/if_bridgevar.h: revision 1.32 Remove obsolete NULL checks Simplify bridge_rtnode_insert (NFC) bridge: use pslist(9) for rtlist and rthash The change fixes race conditions on list operations. One example is that a reader may see invalid pointers on a looking item in a list due to lack of membar_producer. Add a test that checks if brconfig flush surely removes all entries Get rid of a unnecessary semicolon Pointed out by kamil@ Add missing PSLIST_ENTRY_INIT and PSLIST_ENTRY_DESTROY To generate a diff of this commit: cvs rdiff -u -r1.134.6.8 -r1.134.6.9 src/sys/net/if_bridge.c cvs rdiff -u -r1.31 -r1.31.10.1 src/sys/net/if_bridgevar.h cvs rdiff -u -r1.1.8.1 -r1.1.8.2 src/tests/net/if_bridge/t_rtable.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_bridge.c diff -u src/sys/net/if_bridge.c:1.134.6.8 src/sys/net/if_bridge.c:1.134.6.9 --- src/sys/net/if_bridge.c:1.134.6.8 Tue Apr 10 11:48:29 2018 +++ src/sys/net/if_bridge.c Wed Apr 18 14:11:42 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_bridge.c,v 1.134.6.8 2018/04/10 11:48:29 martin Exp $ */ +/* $NetBSD: if_bridge.c,v 1.134.6.9 2018/04/18 14:11:42 martin Exp $ */ /* * Copyright 2001 Wasabi Systems, Inc. @@ -80,7 +80,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_bridge.c,v 1.134.6.8 2018/04/10 11:48:29 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_bridge.c,v 1.134.6.9 2018/04/18 14:11:42 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_bridge_ipf.h" @@ -181,20 +181,39 @@ __CTASSERT(offsetof(struct ifbifconf, if #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60) #endif -#define BRIDGE_RT_LOCK(_sc) if ((_sc)->sc_rtlist_lock) \ - mutex_enter((_sc)->sc_rtlist_lock) -#define BRIDGE_RT_UNLOCK(_sc) if ((_sc)->sc_rtlist_lock) \ - mutex_exit((_sc)->sc_rtlist_lock) -#define BRIDGE_RT_LOCKED(_sc) (!(_sc)->sc_rtlist_lock || \ - mutex_owned((_sc)->sc_rtlist_lock)) +#define BRIDGE_RT_LOCK(_sc) mutex_enter((_sc)->sc_rtlist_lock) +#define BRIDGE_RT_UNLOCK(_sc) mutex_exit((_sc)->sc_rtlist_lock) +#define BRIDGE_RT_LOCKED(_sc) mutex_owned((_sc)->sc_rtlist_lock) #define BRIDGE_RT_PSZ_PERFORM(_sc) \ -if ((_sc)->sc_rtlist_psz != NULL) \ - pserialize_perform((_sc)->sc_rtlist_psz); +pserialize_perform((_sc)->sc_rtlist_psz) #define BRIDGE_RT_RENTER(__s) do { __s = pserialize_read_enter(); } while (0) #define BRIDGE_RT_REXIT(__s) do { pserialize_read_exit(__s); } while (0) +#define BRIDGE_RTLIST_READER_FOREACH(_brt, _sc) \ + PSLIST_READER_FOREACH((_brt), &((_sc)->sc_rtlist), \ + struct bridge_rtnode, brt_list) +#define BRIDGE_RTLIST_WRITER_FOREACH(_brt, _sc) \ + PSLIST_WRITER_FOREACH((_brt), &((_sc)->sc_rtlist), \ + struct bridge_rtnode, brt_list) +#define BRIDGE_RTLIST_WRITER_INSERT_HEAD(_sc, _brt) \ + PSLIST_WRITER_INSERT_HEAD(&(_sc)->sc_rtlist, brt, brt_list) +#define BRIDGE_RTLIST_WRITER_REMOVE(_brt)\ + PSLIST_WRITER_REMOVE((_brt), brt_list) + +#define BRIDGE_RTHASH_READER_FOREACH(_brt, _sc, _hash) \ + PSLIST_READER_FOREACH((_brt), &(_sc)->sc_rthash[(_hash)], \ + struct bridge_rtnode, brt_hash) +#define BRIDGE_RTHASH_WRITER_FOREACH(_brt, _sc, _hash) \ + PSLIST_WRITER_FOREACH((_brt), &(_sc)->sc_rthash[(_hash)], \ + struct bridge_rtnode, brt_hash) +#define BRIDGE_RTHASH_WRITER_INSERT_HEAD(_sc, _hash, _brt) \ + PSLIST_WRITER_INSERT_HEAD(&(_sc)->sc_rthash[(_hash)], brt, brt_hash) +#define BRIDGE_RTHASH_WRITER_INSERT_AFTER(_brt, _new) \ + PSLIST_WRITER_INSERT_AFTER((_brt), (_new), brt_hash) +#define BRIDGE_RTHASH_WRITER_REMOVE(_brt)\ + PSLIST_WRITER_REMOVE((_brt), brt_hash) #ifdef NET_MPSAFE #define DECLARE_LOCK_VARIABLE @@ -1043,7 +1062,7 @@ bridge_ioctl_rts(struct bridge_softc *sc BRIDGE_RT_LOCK(sc); len = bac->ifbac_len; - LIST_FOREACH(brt, >sc_rtlist, brt_list) { + BRIDGE_RTLIST_WRITER_FOREACH(brt, sc) { if (len < sizeof(bareq)) goto out; memset(, 0, sizeof(bareq)); @@ -2013,6 +2032,8 @@ bridge_rtalloc(struct bridge_softc *sc, brt->brt_expire = time_uptime + sc->sc_brttimeout; brt->brt_flags = IFBAF_DYNAMIC; memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN); + PSLIST_ENTRY_INIT(brt, brt_list); + PSLIST_ENTRY_INIT(brt, brt_hash); BRIDGE_RT_LOCK(sc); error = bridge_rtnode_insert(sc, brt); @@ -2109,7 +2130,7 @@ typedef bool (*bridge_iterate_cb_t) static void bridge_rtlist_iterate_remove(struct bridge_softc *sc, bridge_iterate_cb_t func, void *arg) { - struct bridge_rtnode *brt, *nbrt; + struct bridge_rtnode *brt; struct bridge_rtnode **brt_list;
CVS commit: [netbsd-8] src
Module Name:src Committed By: martin Date: Wed Apr 18 14:11:43 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_bridge.c if_bridgevar.h src/tests/net/if_bridge [netbsd-8]: t_rtable.sh Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #777): tests/net/if_bridge/t_rtable.sh: revision 1.3 sys/net/if_bridge.c: revision 1.150-1.154 sys/net/if_bridgevar.h: revision 1.32 Remove obsolete NULL checks Simplify bridge_rtnode_insert (NFC) bridge: use pslist(9) for rtlist and rthash The change fixes race conditions on list operations. One example is that a reader may see invalid pointers on a looking item in a list due to lack of membar_producer. Add a test that checks if brconfig flush surely removes all entries Get rid of a unnecessary semicolon Pointed out by kamil@ Add missing PSLIST_ENTRY_INIT and PSLIST_ENTRY_DESTROY To generate a diff of this commit: cvs rdiff -u -r1.134.6.8 -r1.134.6.9 src/sys/net/if_bridge.c cvs rdiff -u -r1.31 -r1.31.10.1 src/sys/net/if_bridgevar.h cvs rdiff -u -r1.1.8.1 -r1.1.8.2 src/tests/net/if_bridge/t_rtable.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/netipsec
Module Name:src Committed By: martin Date: Wed Apr 18 14:06:24 UTC 2018 Modified Files: src/sys/netipsec [netbsd-8]: key.c keydb.h Log Message: Pull up following revision(s) (requested by yamaguchi in ticket #776): sys/netipsec/key.c: revision 1.251-1.253 sys/netipsec/keydb.h: revision 1.22 Introduced a hash table to sahlist An saidx of sah included in the list is unique so that the search can use a hash list whose hash is calculated by the saidx to find an sah quickly. The hash list of the sahlits is used in FreeBSD, too. reviewed by ozaki-r@n.o, thanks. Added a lookup table to find an sav quickly key_sad.sahlists doesn't work well for inbound packets because its key includes source address. For the reason, the look-up-table for the inbound packets is newly added. The table has all sav whose state is MATURE or DYING and uses a key calculated by destination address, protocol, and spi instead of saidx. reviewd ozaki-r@n.o, thanks. Fix panic of SADB when the state of sav is changed in timeout pointed out by ozaki-r@n.o, thanks To generate a diff of this commit: cvs rdiff -u -r1.163.2.8 -r1.163.2.9 src/sys/netipsec/key.c cvs rdiff -u -r1.15.2.2 -r1.15.2.3 src/sys/netipsec/keydb.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netipsec/key.c diff -u src/sys/netipsec/key.c:1.163.2.8 src/sys/netipsec/key.c:1.163.2.9 --- src/sys/netipsec/key.c:1.163.2.8 Mon Apr 16 14:31:44 2018 +++ src/sys/netipsec/key.c Wed Apr 18 14:06:24 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: key.c,v 1.163.2.8 2018/04/16 14:31:44 martin Exp $ */ +/* $NetBSD: key.c,v 1.163.2.9 2018/04/18 14:06:24 martin Exp $ */ /* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */ /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ @@ -32,7 +32,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.163.2.8 2018/04/16 14:31:44 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.163.2.9 2018/04/18 14:06:24 martin Exp $"); /* * This code is referred to RFC 2367 @@ -72,6 +72,7 @@ __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.16 #include #include #include +#include #include #include @@ -122,6 +123,14 @@ __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.16 #define PORT_LOOSE 1 #define PORT_STRICT 2 +#ifndef SAHHASH_NHASH +#define SAHHASH_NHASH 128 +#endif + +#ifndef SAVLUT_NHASH +#define SAVLUT_NHASH 128 +#endif + percpu_t *pfkeystat_percpu; /* @@ -204,20 +213,23 @@ static u_int32_t acq_seq = 0; /* * Locking notes on SAD: * - Data structures - * - SAs are managed by the list called key_sad.sahlist and sav lists of sah - * entries + * - SAs are managed by the list called key_sad.sahlists and sav lists of + * sah entries * - An sav is supposed to be an SA from a viewpoint of users * - A sah has sav lists for each SA state - * - Multiple sahs with the same saidx can exist + * - Multiple saves with the same saidx can exist * - Only one entry has MATURE state and others should be DEAD * - DEAD entries are just ignored from searching - * - Modifications to the key_sad.sahlist and sah.savlist must be done with - * holding key_sad.lock which is a adaptive mutex - * - Read accesses to the key_sad.sahlist and sah.savlist must be in - * pserialize(9) read sections + * - All sav whose state is MATURE or DYING are registered to the lookup + * table called key_sad.savlut in addition to the savlists. + * - The table is used to search an sav without use of saidx. + * - Modifications to the key_sad.sahlists, sah.savlist and key_sad.savlut + * must be done with holding key_sad.lock which is a adaptive mutex + * - Read accesses to the key_sad.sahlists, sah.savlist and key_sad.savlut + * must be in pserialize(9) read sections * - sah's lifetime is managed by localcount(9) * - Getting an sah entry - * - We get an sah from the key_sad.sahlist + * - We get an sah from the key_sad.sahlists * - Must iterate the list and increment the reference count of a found sah * (by key_sah_ref) in a pserialize read section * - A gotten sah must be released after use by key_sah_unref @@ -261,7 +273,10 @@ static struct { static struct { kmutex_t lock; kcondvar_t cv_lc; - struct pslist_head sahlist; + struct pslist_head *sahlists; + u_long sahlistmask; + struct pslist_head *savlut; + u_long savlutmask; pserialize_t psz; kcondvar_t cv_psz; @@ -341,13 +356,23 @@ static struct { #define SAHLIST_WRITER_REMOVE(sah) \ PSLIST_WRITER_REMOVE((sah), pslist_entry) #define SAHLIST_READER_FOREACH(sah) \ - PSLIST_READER_FOREACH((sah), _sad.sahlist, struct secashead,\ - pslist_entry) + for(int _i_sah = 0; _i_sah <= key_sad.sahlistmask; _i_sah++) \ + PSLIST_READER_FOREACH((sah), _sad.sahlists[_i_sah], \ + struct secashead, pslist_entry) +#define
CVS commit: [netbsd-8] src/sys/netipsec
Module Name:src Committed By: martin Date: Wed Apr 18 14:06:24 UTC 2018 Modified Files: src/sys/netipsec [netbsd-8]: key.c keydb.h Log Message: Pull up following revision(s) (requested by yamaguchi in ticket #776): sys/netipsec/key.c: revision 1.251-1.253 sys/netipsec/keydb.h: revision 1.22 Introduced a hash table to sahlist An saidx of sah included in the list is unique so that the search can use a hash list whose hash is calculated by the saidx to find an sah quickly. The hash list of the sahlits is used in FreeBSD, too. reviewed by ozaki-r@n.o, thanks. Added a lookup table to find an sav quickly key_sad.sahlists doesn't work well for inbound packets because its key includes source address. For the reason, the look-up-table for the inbound packets is newly added. The table has all sav whose state is MATURE or DYING and uses a key calculated by destination address, protocol, and spi instead of saidx. reviewd ozaki-r@n.o, thanks. Fix panic of SADB when the state of sav is changed in timeout pointed out by ozaki-r@n.o, thanks To generate a diff of this commit: cvs rdiff -u -r1.163.2.8 -r1.163.2.9 src/sys/netipsec/key.c cvs rdiff -u -r1.15.2.2 -r1.15.2.3 src/sys/netipsec/keydb.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src
Module Name:src Committed By: martin Date: Wed Apr 18 14:01:16 UTC 2018 Modified Files: src/external/gpl3/gcc/dist/gcc [netbsd-8]: genattrtab.c src/tools [netbsd-8]: Makefile.gnuhost Log Message: Pull up following revision(s) (requested by maya in ticket #775): tools/Makefile.gnuhost: revision 1.46-1.48 external/gpl3/gcc/dist/gcc/genattrtab.c: revision 1.2 do the bracket nesting only for clang for now. Use the __clang__ preprocessor symbol to check for clang, since --version might barf. From joerg@ Apply upstream commit: From: ppalkaDate: Wed, 27 Apr 2016 21:18:05 + Subject: [PATCH] Reduce nesting of parentheses in conditionals generated by genattrtab gcc/ChangeLog: * genattrtab.c (write_test_expr): New parameter EMIT_PARENS which defaults to true. Emit an outer pair of parentheses only if EMIT_PARENS. When continuing a chain of && or || (or & or |), don't emit parentheses for the right-hand operand. git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@235536 gcc/arm generates so many parens it hits a bracket depth limited which is enforced by clang. This reduces the number of parens generated and avoids the need to increase bracket depth. Fixes PR toolchain/53178 properly. Remove hack previously needed to build gcc/arm with clang. genattrtab.c:1.2 makes this unnecessary. Tested by thorpej. To generate a diff of this commit: cvs rdiff -u -r1.1.1.3 -r1.1.1.3.8.1 \ src/external/gpl3/gcc/dist/gcc/genattrtab.c cvs rdiff -u -r1.44.8.1 -r1.44.8.2 src/tools/Makefile.gnuhost Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/gpl3/gcc/dist/gcc/genattrtab.c diff -u src/external/gpl3/gcc/dist/gcc/genattrtab.c:1.1.1.3 src/external/gpl3/gcc/dist/gcc/genattrtab.c:1.1.1.3.8.1 --- src/external/gpl3/gcc/dist/gcc/genattrtab.c:1.1.1.3 Sun Jan 24 06:06:07 2016 +++ src/external/gpl3/gcc/dist/gcc/genattrtab.c Wed Apr 18 14:01:16 2018 @@ -3424,7 +3424,10 @@ find_attrs_to_cache (rtx exp, bool creat /* Given a piece of RTX, print a C expression to test its truth value to OUTF. We use AND and IOR both for logical and bit-wise operations, so - interpret them as logical unless they are inside a comparison expression. */ + interpret them as logical unless they are inside a comparison expression. + + An outermost pair of parentheses is emitted around this C expression unless + EMIT_PARENS is false. */ /* Interpret AND/IOR as bit-wise operations instead of logical. */ #define FLG_BITWISE 1 @@ -3440,16 +3443,16 @@ find_attrs_to_cache (rtx exp, bool creat #define FLG_OUTSIDE_AND 8 static unsigned int -write_test_expr (FILE *outf, rtx exp, unsigned int attrs_cached, int flags) +write_test_expr (FILE *outf, rtx exp, unsigned int attrs_cached, int flags, + bool emit_parens = true) { int comparison_operator = 0; RTX_CODE code; struct attr_desc *attr; - /* In order not to worry about operator precedence, surround our part of - the expression with parentheses. */ + if (emit_parens) +fprintf (outf, "("); - fprintf (outf, "("); code = GET_CODE (exp); switch (code) { @@ -3583,8 +3586,18 @@ write_test_expr (FILE *outf, rtx exp, un || GET_CODE (XEXP (exp, 1)) == EQ_ATTR || (GET_CODE (XEXP (exp, 1)) == NOT && GET_CODE (XEXP (XEXP (exp, 1), 0)) == EQ_ATTR))) - attrs_cached - = write_test_expr (outf, XEXP (exp, 1), attrs_cached, flags); + { + bool need_parens = true; + + /* No need to emit parentheses around the right-hand operand if we are + continuing a chain of && or || (or & or |). */ + if (GET_CODE (XEXP (exp, 1)) == code) + need_parens = false; + + attrs_cached + = write_test_expr (outf, XEXP (exp, 1), attrs_cached, flags, + need_parens); + } else write_test_expr (outf, XEXP (exp, 1), attrs_cached, flags | comparison_operator); @@ -3802,7 +3815,9 @@ write_test_expr (FILE *outf, rtx exp, un GET_RTX_NAME (code)); } - fprintf (outf, ")"); + if (emit_parens) +fprintf (outf, ")"); + return attrs_cached; } Index: src/tools/Makefile.gnuhost diff -u src/tools/Makefile.gnuhost:1.44.8.1 src/tools/Makefile.gnuhost:1.44.8.2 --- src/tools/Makefile.gnuhost:1.44.8.1 Sat Apr 14 10:44:56 2018 +++ src/tools/Makefile.gnuhost Wed Apr 18 14:01:16 2018 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.gnuhost,v 1.44.8.1 2018/04/14 10:44:56 martin Exp $ +# $NetBSD: Makefile.gnuhost,v 1.44.8.2 2018/04/18 14:01:16 martin Exp $ # # Rules used when building a GNU host package. Expects MODULE to be set. # @@ -18,13 +18,11 @@ .include # Disable use of pre-compiled headers on Darwin. -# GCC build exceeds the macOS clang default bracket nesting level of 256. BUILD_OSTYPE!= uname -s .if ${BUILD_OSTYPE} == "Darwin" HOST_CFLAGS+=-O2 -no-cpp-precomp -HOST_CFLAGS+=-O2
CVS commit: [netbsd-8] src
Module Name:src Committed By: martin Date: Wed Apr 18 14:01:16 UTC 2018 Modified Files: src/external/gpl3/gcc/dist/gcc [netbsd-8]: genattrtab.c src/tools [netbsd-8]: Makefile.gnuhost Log Message: Pull up following revision(s) (requested by maya in ticket #775): tools/Makefile.gnuhost: revision 1.46-1.48 external/gpl3/gcc/dist/gcc/genattrtab.c: revision 1.2 do the bracket nesting only for clang for now. Use the __clang__ preprocessor symbol to check for clang, since --version might barf. From joerg@ Apply upstream commit: From: ppalkaDate: Wed, 27 Apr 2016 21:18:05 + Subject: [PATCH] Reduce nesting of parentheses in conditionals generated by genattrtab gcc/ChangeLog: * genattrtab.c (write_test_expr): New parameter EMIT_PARENS which defaults to true. Emit an outer pair of parentheses only if EMIT_PARENS. When continuing a chain of && or || (or & or |), don't emit parentheses for the right-hand operand. git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@235536 gcc/arm generates so many parens it hits a bracket depth limited which is enforced by clang. This reduces the number of parens generated and avoids the need to increase bracket depth. Fixes PR toolchain/53178 properly. Remove hack previously needed to build gcc/arm with clang. genattrtab.c:1.2 makes this unnecessary. Tested by thorpej. To generate a diff of this commit: cvs rdiff -u -r1.1.1.3 -r1.1.1.3.8.1 \ src/external/gpl3/gcc/dist/gcc/genattrtab.c cvs rdiff -u -r1.44.8.1 -r1.44.8.2 src/tools/Makefile.gnuhost Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/crypto/external/bsd/openssl
Module Name:src Committed By: martin Date: Wed Apr 18 13:51:36 UTC 2018 Modified Files: src/crypto/external/bsd/openssl/dist/crypto/asn1 [netbsd-8]: asn1.h asn1_err.c tasn_dec.c src/crypto/external/bsd/openssl/dist/crypto/bn/asm [netbsd-8]: rsaz-avx2.pl x86_64-mont5.pl src/crypto/external/bsd/openssl/dist/crypto/rsa [netbsd-8]: rsa_gen.c src/crypto/external/bsd/openssl/dist/crypto/x509v3 [netbsd-8]: v3_addr.c src/crypto/external/bsd/openssl/dist/ssl [netbsd-8]: ssl.h src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64 [netbsd-8]: rsaz-avx2.S x86_64-mont5.S Log Message: Apply upstream fixes for CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738, CVE-2018-0737, CVE-2018-0739. Regen. Requested by christos in ticket #774. To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.2.6.1 \ src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h cvs rdiff -u -r1.1.1.7 -r1.1.1.7.8.1 \ src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c cvs rdiff -u -r1.6 -r1.6.6.1 \ src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c cvs rdiff -u -r1.1.1.1 -r1.1.1.1.8.1 \ src/crypto/external/bsd/openssl/dist/crypto/bn/asm/rsaz-avx2.pl cvs rdiff -u -r1.1.1.7 -r1.1.1.7.4.1 \ src/crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-mont5.pl cvs rdiff -u -r1.1.1.6 -r1.1.1.6.4.1 \ src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_gen.c cvs rdiff -u -r1.5 -r1.5.6.1 \ src/crypto/external/bsd/openssl/dist/crypto/x509v3/v3_addr.c cvs rdiff -u -r1.16 -r1.16.6.1 src/crypto/external/bsd/openssl/dist/ssl/ssl.h cvs rdiff -u -r1.2 -r1.2.6.1 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/rsaz-avx2.S cvs rdiff -u -r1.5 -r1.5.4.1 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/x86_64-mont5.S Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h diff -u src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h:1.2 src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h:1.2.6.1 --- src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h:1.2 Fri Oct 14 16:23:18 2016 +++ src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h Wed Apr 18 13:51:35 2018 @@ -1365,6 +1365,7 @@ void ERR_load_ASN1_strings(void); # define ASN1_R_MSTRING_NOT_UNIVERSAL 139 # define ASN1_R_MSTRING_WRONG_TAG 140 # define ASN1_R_NESTED_ASN1_STRING197 +# define ASN1_R_NESTED_TOO_DEEP 219 # define ASN1_R_NON_HEX_CHARACTERS141 # define ASN1_R_NOT_ASCII_FORMAT 190 # define ASN1_R_NOT_ENOUGH_DATA 142 Index: src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c diff -u src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c:1.1.1.7 src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c:1.1.1.7.8.1 --- src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c:1.1.1.7 Mon Mar 23 08:28:38 2015 +++ src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c Wed Apr 18 13:51:35 2018 @@ -1,6 +1,6 @@ /* crypto/asn1/asn1_err.c */ /* - * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -279,6 +279,7 @@ static ERR_STRING_DATA ASN1_str_reasons[ {ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"}, {ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"}, {ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"}, +{ERR_REASON(ASN1_R_NESTED_TOO_DEEP), "nested too deep"}, {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"}, {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"}, {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"}, Index: src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c diff -u src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c:1.6 src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c:1.6.6.1 --- src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c:1.6 Fri Oct 14 16:23:18 2016 +++ src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c Wed Apr 18 13:51:35 2018 @@ -65,6 +65,14 @@ #include #include +/* + * Constructed types with a recursive definition (such as can be found in PKCS7) + * could eventually exceed the stack given malicious input with excessive + * recursion. Therefore we limit the stack depth. This is the maximum number of + * recursive invocations of asn1_item_embed_d2i(). + */ +#define ASN1_MAX_CONSTRUCTED_NEST 30 + static
CVS commit: [netbsd-8] src/crypto/external/bsd/openssl
Module Name:src Committed By: martin Date: Wed Apr 18 13:51:36 UTC 2018 Modified Files: src/crypto/external/bsd/openssl/dist/crypto/asn1 [netbsd-8]: asn1.h asn1_err.c tasn_dec.c src/crypto/external/bsd/openssl/dist/crypto/bn/asm [netbsd-8]: rsaz-avx2.pl x86_64-mont5.pl src/crypto/external/bsd/openssl/dist/crypto/rsa [netbsd-8]: rsa_gen.c src/crypto/external/bsd/openssl/dist/crypto/x509v3 [netbsd-8]: v3_addr.c src/crypto/external/bsd/openssl/dist/ssl [netbsd-8]: ssl.h src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64 [netbsd-8]: rsaz-avx2.S x86_64-mont5.S Log Message: Apply upstream fixes for CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738, CVE-2018-0737, CVE-2018-0739. Regen. Requested by christos in ticket #774. To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.2.6.1 \ src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h cvs rdiff -u -r1.1.1.7 -r1.1.1.7.8.1 \ src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c cvs rdiff -u -r1.6 -r1.6.6.1 \ src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c cvs rdiff -u -r1.1.1.1 -r1.1.1.1.8.1 \ src/crypto/external/bsd/openssl/dist/crypto/bn/asm/rsaz-avx2.pl cvs rdiff -u -r1.1.1.7 -r1.1.1.7.4.1 \ src/crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-mont5.pl cvs rdiff -u -r1.1.1.6 -r1.1.1.6.4.1 \ src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_gen.c cvs rdiff -u -r1.5 -r1.5.6.1 \ src/crypto/external/bsd/openssl/dist/crypto/x509v3/v3_addr.c cvs rdiff -u -r1.16 -r1.16.6.1 src/crypto/external/bsd/openssl/dist/ssl/ssl.h cvs rdiff -u -r1.2 -r1.2.6.1 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/rsaz-avx2.S cvs rdiff -u -r1.5 -r1.5.4.1 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/x86_64-mont5.S Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/i386/conf
Module Name:src Committed By: martin Date: Wed Apr 18 10:40:22 UTC 2018 Modified Files: src/sys/arch/i386/conf: Makefile.i386 Log Message: Make SPECTRE_V2_GCC_MITIGATION overridable at the make command line. To generate a diff of this commit: cvs rdiff -u -r1.190 -r1.191 src/sys/arch/i386/conf/Makefile.i386 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/i386/conf
Module Name:src Committed By: martin Date: Wed Apr 18 10:40:22 UTC 2018 Modified Files: src/sys/arch/i386/conf: Makefile.i386 Log Message: Make SPECTRE_V2_GCC_MITIGATION overridable at the make command line. To generate a diff of this commit: cvs rdiff -u -r1.190 -r1.191 src/sys/arch/i386/conf/Makefile.i386 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/i386/conf/Makefile.i386 diff -u src/sys/arch/i386/conf/Makefile.i386:1.190 src/sys/arch/i386/conf/Makefile.i386:1.191 --- src/sys/arch/i386/conf/Makefile.i386:1.190 Sat Apr 7 19:38:06 2018 +++ src/sys/arch/i386/conf/Makefile.i386 Wed Apr 18 10:40:22 2018 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.i386,v 1.190 2018/04/07 19:38:06 mrg Exp $ +# $NetBSD: Makefile.i386,v 1.191 2018/04/18 10:40:22 martin Exp $ # Makefile for NetBSD # @@ -39,7 +39,7 @@ CFLAGS+= -msoft-float ## no-sse implies no-sse2 but not no-avx CFLAGS+= -mno-mmx -mno-sse -mno-avx -.if !empty(SPECTRE_V2_GCC_MITIGATION) && ${HAVE_GCC:U0} > 0 +.if ${SPECTRE_V2_GCC_MITIGATION:U0} > 0 && ${HAVE_GCC:U0} > 0 CFLAGS+= -mindirect-branch=thunk CFLAGS+= -mindirect-branch-register .endif
CVS commit: src/sys/arch/amd64/conf
Module Name:src Committed By: martin Date: Wed Apr 18 10:38:47 UTC 2018 Modified Files: src/sys/arch/amd64/conf: Makefile.amd64 Log Message: Simplify previous, pointed out by mrg. To generate a diff of this commit: cvs rdiff -u -r1.69 -r1.70 src/sys/arch/amd64/conf/Makefile.amd64 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/amd64/conf
Module Name:src Committed By: martin Date: Wed Apr 18 10:38:47 UTC 2018 Modified Files: src/sys/arch/amd64/conf: Makefile.amd64 Log Message: Simplify previous, pointed out by mrg. To generate a diff of this commit: cvs rdiff -u -r1.69 -r1.70 src/sys/arch/amd64/conf/Makefile.amd64 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/amd64/conf/Makefile.amd64 diff -u src/sys/arch/amd64/conf/Makefile.amd64:1.69 src/sys/arch/amd64/conf/Makefile.amd64:1.70 --- src/sys/arch/amd64/conf/Makefile.amd64:1.69 Wed Apr 18 09:29:35 2018 +++ src/sys/arch/amd64/conf/Makefile.amd64 Wed Apr 18 10:38:47 2018 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.amd64,v 1.69 2018/04/18 09:29:35 martin Exp $ +# $NetBSD: Makefile.amd64,v 1.70 2018/04/18 10:38:47 martin Exp $ # Makefile for NetBSD # @@ -43,8 +43,7 @@ CFLAGS+= -msoft-float # For gcc we might need this, but other compilers barf # CFLAGS+= -mno-fp-ret-in-387 -.if !empty(SPECTRE_V2_GCC_MITIGATION) && ${SPECTRE_V2_GCC_MITIGATION:U0} > 0 \ - && ${HAVE_GCC:U0} > 0 +.if ${SPECTRE_V2_GCC_MITIGATION:U0} > 0 && ${HAVE_GCC:U0} > 0 CFLAGS+= -mindirect-branch=thunk-inline CFLAGS+= -mindirect-branch-register .endif
CVS commit: src/sbin/nvmectl
Module Name:src Committed By: nonaka Date: Wed Apr 18 10:17:54 UTC 2018 Modified Files: src/sbin/nvmectl: nvmectl.8 Log Message: nvmectl(8): Remove some wdc subcommands from man page. - wdc drive-log - wdc get-crash-dump - wdc purge - wdc purge-monitor To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/sbin/nvmectl/nvmectl.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/nvmectl/nvmectl.8 diff -u src/sbin/nvmectl/nvmectl.8:1.4 src/sbin/nvmectl/nvmectl.8:1.5 --- src/sbin/nvmectl/nvmectl.8:1.4 Sun Apr 30 15:59:18 2017 +++ src/sbin/nvmectl/nvmectl.8 Wed Apr 18 10:17:54 2018 @@ -1,4 +1,4 @@ -.\" $NetBSD: nvmectl.8,v 1.4 2017/04/30 15:59:18 wiz Exp $ +.\" $NetBSD: nvmectl.8,v 1.5 2018/04/18 10:17:54 nonaka Exp $ .\" .\" Copyright (c) 2012 Intel Corporation .\" All rights reserved. @@ -54,10 +54,10 @@ .\".Aq Fl o Ar read|write .\".Aq Fl s Ar size_in_bytes .\".Aq Fl t Ar time_in_sec -.\".Aq namespace id +.\".Aq namespace_id .\".Nm .\".Ic reset -.\".Aq controller id +.\".Aq controller_id .Nm .Ic logpage .Op Fl x @@ -80,21 +80,7 @@ .Nm .Ic wdc cap-diag .Op Fl o path_template -.Ar device id -.Nm -.Ic wdc drive-log -.Op Fl o path_template -.Ar device id -.Nm -.Ic wdc get-crash-dump -.Op Fl o path_template -.Ar device id -.\" .Nm -.\" .Ic wdc purge -.\" .Aq device id -.\" .Nm -.\" .Ic wdc purge-monitor -.\" .Aq device id +.Ar device_id .Sh DESCRIPTION NVM Express (NVMe) is a storage protocol standard, for SSDs and other high-speed storage devices over PCI Express.
CVS commit: src/sbin/nvmectl
Module Name:src Committed By: nonaka Date: Wed Apr 18 10:17:54 UTC 2018 Modified Files: src/sbin/nvmectl: nvmectl.8 Log Message: nvmectl(8): Remove some wdc subcommands from man page. - wdc drive-log - wdc get-crash-dump - wdc purge - wdc purge-monitor To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/sbin/nvmectl/nvmectl.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sbin/nvmectl
Module Name:src Committed By: nonaka Date: Wed Apr 18 10:16:22 UTC 2018 Modified Files: src/sbin/nvmectl: nvmectl.h Log Message: nvmectl(8): fix subcommand usage. To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.8 src/sbin/nvmectl/nvmectl.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sbin/nvmectl
Module Name:src Committed By: nonaka Date: Wed Apr 18 10:16:22 UTC 2018 Modified Files: src/sbin/nvmectl: nvmectl.h Log Message: nvmectl(8): fix subcommand usage. To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.8 src/sbin/nvmectl/nvmectl.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/nvmectl/nvmectl.h diff -u src/sbin/nvmectl/nvmectl.h:1.7 src/sbin/nvmectl/nvmectl.h:1.8 --- src/sbin/nvmectl/nvmectl.h:1.7 Tue Apr 17 15:31:00 2018 +++ src/sbin/nvmectl/nvmectl.h Wed Apr 18 10:16:22 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: nvmectl.h,v 1.7 2018/04/17 15:31:00 nonaka Exp $ */ +/* $NetBSD: nvmectl.h,v 1.8 2018/04/18 10:16:22 nonaka Exp $ */ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD @@ -53,14 +53,14 @@ struct nvme_function { "devlist\n" #define IDENTIFY_USAGE \ -"identify [-x [-v]] \n" +"identify [-x [-v]]\n" #ifdef ENABLE_PREFTEST #define PERFTEST_USAGE \ -"perftest <-n num_threads> <-o read|write>\n" \ +"perftest <-n num_threads> <-o read|write>\n" \ "<-s size_in_bytes> <-t time_in_seconds>\n" \ "<-i intr|wait> [-f refthread] [-p]\n" \ -"\n" +"\n" #endif #ifdef ENABLE_RESET @@ -69,16 +69,16 @@ struct nvme_function { #endif #define LOGPAGE_USAGE \ -"logpage <-p page_id> [-b] [-v vendor] [-x] " \ -"\n" +"logpage <-p page_id> [-b] [-v vendor] [-x] " \ +" \n" #ifdef ENABLE_FIRMWARE #define FIRMWARE_USAGE \ -"firmware [-s slot] [-f path_to_firmware] [-a] \n" +"firmware [-s slot] [-f path_to_firmware] [-a] \n" #endif #define POWER_USAGE \ -"power [-l] [-p new-state [-w workload-hint]] \n" +"power [-l] [-p new-state [-w workload-hint]] \n" #define WDC_USAGE \ "wdc cap-diag [-o path-templete]\n"
CVS commit: src
Module Name:src Committed By: nonaka Date: Wed Apr 18 10:11:45 UTC 2018 Modified Files: src/sbin/nvmectl: devlist.c firmware.c identify.c logpage.c nvme.h nvmectl.c perftest.c power.c util.c wdc.c src/sys/dev/ic: ld_nvme.c nvme.c nvmeio.h Log Message: nvmectl(8): Add big-endian support. from FreeBSD nvmecontolr(8) r329824. To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/sbin/nvmectl/devlist.c \ src/sbin/nvmectl/identify.c src/sbin/nvmectl/perftest.c cvs rdiff -u -r1.3 -r1.4 src/sbin/nvmectl/firmware.c src/sbin/nvmectl/power.c \ src/sbin/nvmectl/wdc.c cvs rdiff -u -r1.6 -r1.7 src/sbin/nvmectl/logpage.c \ src/sbin/nvmectl/nvmectl.c cvs rdiff -u -r1.2 -r1.3 src/sbin/nvmectl/nvme.h cvs rdiff -u -r1.1 -r1.2 src/sbin/nvmectl/util.c cvs rdiff -u -r1.19 -r1.20 src/sys/dev/ic/ld_nvme.c cvs rdiff -u -r1.38 -r1.39 src/sys/dev/ic/nvme.c cvs rdiff -u -r1.1 -r1.2 src/sys/dev/ic/nvmeio.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/nvmectl/devlist.c diff -u src/sbin/nvmectl/devlist.c:1.4 src/sbin/nvmectl/devlist.c:1.5 --- src/sbin/nvmectl/devlist.c:1.4 Tue Apr 17 08:54:35 2018 +++ src/sbin/nvmectl/devlist.c Wed Apr 18 10:11:44 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: devlist.c,v 1.4 2018/04/17 08:54:35 nonaka Exp $ */ +/* $NetBSD: devlist.c,v 1.5 2018/04/18 10:11:44 nonaka Exp $ */ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD @@ -30,9 +30,9 @@ #include #ifndef lint -__RCSID("$NetBSD: devlist.c,v 1.4 2018/04/17 08:54:35 nonaka Exp $"); +__RCSID("$NetBSD: devlist.c,v 1.5 2018/04/18 10:11:44 nonaka Exp $"); #if 0 -__FBSDID("$FreeBSD: head/sbin/nvmecontrol/devlist.c 326276 2017-11-27 15:37:16Z pfg $"); +__FBSDID("$FreeBSD: head/sbin/nvmecontrol/devlist.c 329824 2018-02-22 13:32:31Z wma $"); #endif #endif Index: src/sbin/nvmectl/identify.c diff -u src/sbin/nvmectl/identify.c:1.4 src/sbin/nvmectl/identify.c:1.5 --- src/sbin/nvmectl/identify.c:1.4 Tue Apr 17 08:54:35 2018 +++ src/sbin/nvmectl/identify.c Wed Apr 18 10:11:44 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: identify.c,v 1.4 2018/04/17 08:54:35 nonaka Exp $ */ +/* $NetBSD: identify.c,v 1.5 2018/04/18 10:11:44 nonaka Exp $ */ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD @@ -30,9 +30,9 @@ #include #ifndef lint -__RCSID("$NetBSD: identify.c,v 1.4 2018/04/17 08:54:35 nonaka Exp $"); +__RCSID("$NetBSD: identify.c,v 1.5 2018/04/18 10:11:44 nonaka Exp $"); #if 0 -__FBSDID("$FreeBSD: head/sbin/nvmecontrol/identify.c 326276 2017-11-27 15:37:16Z pfg $"); +__FBSDID("$FreeBSD: head/sbin/nvmecontrol/identify.c 329824 2018-02-22 13:32:31Z wma $"); #endif #endif Index: src/sbin/nvmectl/perftest.c diff -u src/sbin/nvmectl/perftest.c:1.4 src/sbin/nvmectl/perftest.c:1.5 --- src/sbin/nvmectl/perftest.c:1.4 Tue Apr 17 08:54:35 2018 +++ src/sbin/nvmectl/perftest.c Wed Apr 18 10:11:44 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: perftest.c,v 1.4 2018/04/17 08:54:35 nonaka Exp $ */ +/* $NetBSD: perftest.c,v 1.5 2018/04/18 10:11:44 nonaka Exp $ */ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD @@ -30,9 +30,9 @@ #include #ifndef lint -__RCSID("$NetBSD: perftest.c,v 1.4 2018/04/17 08:54:35 nonaka Exp $"); +__RCSID("$NetBSD: perftest.c,v 1.5 2018/04/18 10:11:44 nonaka Exp $"); #if 0 -__FBSDID("$FreeBSD: head/sbin/nvmecontrol/perftest.c 326276 2017-11-27 15:37:16Z pfg $"); +__FBSDID("$FreeBSD: head/sbin/nvmecontrol/perftest.c 329824 2018-02-22 13:32:31Z wma $"); #endif #endif Index: src/sbin/nvmectl/firmware.c diff -u src/sbin/nvmectl/firmware.c:1.3 src/sbin/nvmectl/firmware.c:1.4 --- src/sbin/nvmectl/firmware.c:1.3 Tue Apr 17 08:54:35 2018 +++ src/sbin/nvmectl/firmware.c Wed Apr 18 10:11:44 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: firmware.c,v 1.3 2018/04/17 08:54:35 nonaka Exp $ */ +/* $NetBSD: firmware.c,v 1.4 2018/04/18 10:11:44 nonaka Exp $ */ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD @@ -33,9 +33,9 @@ #include #ifndef lint -__RCSID("$NetBSD: firmware.c,v 1.3 2018/04/17 08:54:35 nonaka Exp $"); +__RCSID("$NetBSD: firmware.c,v 1.4 2018/04/18 10:11:44 nonaka Exp $"); #if 0 -__FBSDID("$FreeBSD: head/sbin/nvmecontrol/firmware.c 326276 2017-11-27 15:37:16Z pfg $"); +__FBSDID("$FreeBSD: head/sbin/nvmecontrol/firmware.c 329824 2018-02-22 13:32:31Z wma $"); #endif #endif @@ -188,7 +188,7 @@ firmware(int argc, char *argv[]) intfd = -1; inta_flag, s_flag, f_flag; intcommit_action, reboot_required; - intch, + intch; char*p, *image = NULL; char*controller = NULL, prompt[64]; void*buf = NULL; Index: src/sbin/nvmectl/power.c diff -u src/sbin/nvmectl/power.c:1.3 src/sbin/nvmectl/power.c:1.4 --- src/sbin/nvmectl/power.c:1.3 Sat Mar 17 11:07:26 2018 +++ src/sbin/nvmectl/power.c Wed Apr 18 10:11:44 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: power.c,v 1.3 2018/03/17 11:07:26 jdolecek Exp $ */ +/* $NetBSD: power.c,v 1.4 2018/04/18 10:11:44 nonaka
CVS commit: src
Module Name:src Committed By: nonaka Date: Wed Apr 18 10:11:45 UTC 2018 Modified Files: src/sbin/nvmectl: devlist.c firmware.c identify.c logpage.c nvme.h nvmectl.c perftest.c power.c util.c wdc.c src/sys/dev/ic: ld_nvme.c nvme.c nvmeio.h Log Message: nvmectl(8): Add big-endian support. from FreeBSD nvmecontolr(8) r329824. To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/sbin/nvmectl/devlist.c \ src/sbin/nvmectl/identify.c src/sbin/nvmectl/perftest.c cvs rdiff -u -r1.3 -r1.4 src/sbin/nvmectl/firmware.c src/sbin/nvmectl/power.c \ src/sbin/nvmectl/wdc.c cvs rdiff -u -r1.6 -r1.7 src/sbin/nvmectl/logpage.c \ src/sbin/nvmectl/nvmectl.c cvs rdiff -u -r1.2 -r1.3 src/sbin/nvmectl/nvme.h cvs rdiff -u -r1.1 -r1.2 src/sbin/nvmectl/util.c cvs rdiff -u -r1.19 -r1.20 src/sys/dev/ic/ld_nvme.c cvs rdiff -u -r1.38 -r1.39 src/sys/dev/ic/nvme.c cvs rdiff -u -r1.1 -r1.2 src/sys/dev/ic/nvmeio.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/dev/ic
Module Name:src Committed By: nonaka Date: Wed Apr 18 10:10:26 UTC 2018 Modified Files: src/sys/dev/ic: nvmereg.h Log Message: Add some new structure fileds, opcodes and statuses from NVMe 1.3a. To generate a diff of this commit: cvs rdiff -u -r1.10 -r1.11 src/sys/dev/ic/nvmereg.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dev/ic/nvmereg.h diff -u src/sys/dev/ic/nvmereg.h:1.10 src/sys/dev/ic/nvmereg.h:1.11 --- src/sys/dev/ic/nvmereg.h:1.10 Tue Apr 17 08:54:35 2018 +++ src/sys/dev/ic/nvmereg.h Wed Apr 18 10:10:26 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: nvmereg.h,v 1.10 2018/04/17 08:54:35 nonaka Exp $ */ +/* $NetBSD: nvmereg.h,v 1.11 2018/04/18 10:10:26 nonaka Exp $ */ /* $OpenBSD: nvmereg.h,v 1.10 2016/04/14 11:18:32 dlg Exp $ */ /* @@ -318,13 +318,27 @@ NVME_CTASSERT(sizeof(struct nvme_cqe) == /* 0x0e-0x0f - reserved */ #define NVM_ADMIN_FW_COMMIT 0x10 /* Firmware Commit */ #define NVM_ADMIN_FW_DOWNLOAD 0x11 /* Firmware Image Download */ +#define NVM_ADMIN_DEV_SELFTEST 0x14 /* Device Self Test */ #define NVM_ADMIN_NS_ATTACHMENT 0x15 /* Namespace Attachment */ +#define NVM_ADMIN_KEEP_ALIVE 0x18 /* Keep Alive */ +#define NVM_ADMIN_DIRECTIVE_SND 0x19 /* Derective Send */ +#define NVM_ADMIN_DIRECTIVE_RCV 0x1a /* Derective Receive */ +#define NVM_ADMIN_VIRT_MGMT 0x1c /* Virtualization Management */ +#define NVM_ADMIN_NVME_MI_SEND 0x1d /* NVMe-MI Send */ +#define NVM_ADMIN_NVME_MI_RECV 0x1e /* NVMe-MI Receive */ +#define NVM_ADMIN_DOORBELL_BC 0x7c /* Doorbell Buffer Config */ +#define NVM_ADMIN_FORMAT_NVM 0x80 /* Format NVM */ +#define NVM_ADMIN_SECURITY_SND 0x81 /* Security Send */ +#define NVM_ADMIN_SECURITY_RCV 0x82 /* Security Receive */ +#define NVM_ADMIN_SANITIZE 0x84 /* Sanitize */ #define NVM_CMD_FLUSH 0x00 /* Flush */ #define NVM_CMD_WRITE 0x01 /* Write */ #define NVM_CMD_READ 0x02 /* Read */ #define NVM_CMD_WR_UNCOR 0x04 /* Write Uncorrectable */ #define NVM_CMD_COMPARE 0x05 /* Compare */ +/* 0x06-0x07 - reserved */ +#define NVM_CMD_WRITE_ZEROES 0x08 /* Write Zeroes */ #define NVM_CMD_DSM 0x09 /* Dataset Management */ /* Features for GET/SET FEATURES */ @@ -349,7 +363,10 @@ NVME_CTASSERT(sizeof(struct nvme_cqe) == /* 0x12-0x77 - reserved */ /* 0x78-0x7f - NVMe Management Interface */ #define NVM_FEAT_SOFTWARE_PROGRESS_MARKER 0x80 -/* 0x81-0xBF - command set specific (reserved) */ +#define NVM_FEAT_HOST_IDENTIFIER 0x81 +#define NVM_FEAT_RESERVATION_NOTIFICATION_MASK 0x82 +#define NVM_FEAT_RESERVATION_PERSISTANCE 0x83 +/* 0x84-0xBF - command set specific (reserved) */ /* 0xC0-0xFF - vendor specific */ /* Power State Descriptor Data */ @@ -421,6 +438,11 @@ struct nvm_identify_controller { /* Admin Command Set Attributes & Optional Controller Capabilities */ uint16_t oacs; /* Optional Admin Command Support */ +#define NVME_ID_CTRLR_OACS_DOORBELL_BC __BIT(8) +#define NVME_ID_CTRLR_OACS_VIRT_MGMT __BIT(7) +#define NVME_ID_CTRLR_OACS_NVME_MI __BIT(6) +#define NVME_ID_CTRLR_OACS_DIRECTIVES __BIT(5) +#define NVME_ID_CTRLR_OACS_DEV_SELFTEST __BIT(4) #define NVME_ID_CTRLR_OACS_NS __BIT(3) #define NVME_ID_CTRLR_OACS_FW __BIT(2) #define NVME_ID_CTRLR_OACS_FORMAT __BIT(1) @@ -501,11 +523,14 @@ struct nvm_identify_controller { uint16_t fuses; /* Fused Operation Support */ uint8_t fna; /* Format NVM Attributes */ +#define NVME_ID_CTRLR_FNA_CRYPTO_ERASE __BIT(2) +#define NVME_ID_CTRLR_FNA_ERASE_ALL __BIT(1) +#define NVME_ID_CTRLR_FNA_FORMAT_ALL __BIT(0) uint8_t vwc; /* Volatile Write Cache */ #define NVME_ID_CTRLR_VWC_PRESENT __BIT(0) uint16_t awun; /* Atomic Write Unit Normal */ - uint16_t awupf; /* Atomic Write Unit Power Fail */ + uint8_t nvscc; /* NVM Vendor Specific Command */ uint8_t _reserved4[1]; @@ -514,19 +539,17 @@ struct nvm_identify_controller { uint32_t sgls; /* SGL Support */ - uint8_t _reserved6[164]; + uint8_t _reserved6[228]; - /* I/O Command Set Attributes */ + uint8_t subnqn[256]; /* NVM Subsystem NVMe Qualified Name */ - uint8_t _reserved7[1344]; + uint8_t _reserved7[768]; - /* Power State Descriptors */ + uint8_t _reserved8[256]; /* NVMe over Fabrics specification */ struct nvm_identify_psd psd[32]; /* Power State Descriptors */ - /* Vendor Specific */ - - uint8_t _reserved8[1024]; + uint8_t vs[1024]; /* Vendor Specific */ } __packed __aligned(8); NVME_CTASSERT(sizeof(struct nvm_identify_controller) == 4096, "bad size for nvm_identify_controller"); @@ -555,9 +578,35 @@ struct nvm_identify_namespace { uint8_t mc; /* Metadata Capabilities */ uint8_t dpc; /* End-to-end Data Protection Capabilities */ - uint8_t dps; /* End-to-end Data Protection Type Settings */ + uint8_t dps; /* End-to-end Data Protection Type + Settings */ +#define NVME_ID_NS_DPS_MD_START __BIT(3) +#define NVME_ID_NS_DPS_PIT(_f) ((_f) & 0x7) + + uint8_t nmic; /* Namespace
CVS commit: src/sys/dev/ic
Module Name:src Committed By: nonaka Date: Wed Apr 18 10:10:26 UTC 2018 Modified Files: src/sys/dev/ic: nvmereg.h Log Message: Add some new structure fileds, opcodes and statuses from NVMe 1.3a. To generate a diff of this commit: cvs rdiff -u -r1.10 -r1.11 src/sys/dev/ic/nvmereg.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/dev
Module Name:src Committed By: nonaka Date: Wed Apr 18 10:05:59 UTC 2018 Modified Files: src/sys/dev/ic: nvme.c nvmevar.h src/sys/dev/pci: nvme_pci.c Log Message: nvme(4): Added some delay before check RDY bit quirk when disabling device. Pick from FreeBSD nvme(4) r326937. To generate a diff of this commit: cvs rdiff -u -r1.37 -r1.38 src/sys/dev/ic/nvme.c cvs rdiff -u -r1.15 -r1.16 src/sys/dev/ic/nvmevar.h cvs rdiff -u -r1.19 -r1.20 src/sys/dev/pci/nvme_pci.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dev/ic/nvme.c diff -u src/sys/dev/ic/nvme.c:1.37 src/sys/dev/ic/nvme.c:1.38 --- src/sys/dev/ic/nvme.c:1.37 Sat Mar 17 09:45:44 2018 +++ src/sys/dev/ic/nvme.c Wed Apr 18 10:05:59 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: nvme.c,v 1.37 2018/03/17 09:45:44 jdolecek Exp $ */ +/* $NetBSD: nvme.c,v 1.38 2018/04/18 10:05:59 nonaka Exp $ */ /* $OpenBSD: nvme.c,v 1.49 2016/04/18 05:59:50 dlg Exp $ */ /* @@ -18,7 +18,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: nvme.c,v 1.37 2018/03/17 09:45:44 jdolecek Exp $"); +__KERNEL_RCSID(0, "$NetBSD: nvme.c,v 1.38 2018/04/18 10:05:59 nonaka Exp $"); #include #include @@ -42,6 +42,8 @@ __KERNEL_RCSID(0, "$NetBSD: nvme.c,v 1.3 #include "ioconf.h" +#define B4_CHK_RDY_DELAY_MS 2300 /* workaround controller bug */ + int nvme_adminq_size = 32; int nvme_ioq_size = 1024; @@ -220,15 +222,6 @@ static int nvme_ready(struct nvme_softc *sc, uint32_t rdy) { u_int i = 0; - uint32_t cc; - - cc = nvme_read4(sc, NVME_CC); - if (((cc & NVME_CC_EN) != 0) != (rdy != 0)) { - aprint_error_dev(sc->sc_dev, - "controller enabled status expected %d, found to be %d\n", - (rdy != 0), ((cc & NVME_CC_EN) != 0)); - return ENXIO; - } while ((nvme_read4(sc, NVME_CSTS) & NVME_CSTS_RDY) != rdy) { if (i++ > sc->sc_rdy_to) @@ -245,17 +238,24 @@ static int nvme_enable(struct nvme_softc *sc, u_int mps) { uint32_t cc, csts; + int error; cc = nvme_read4(sc, NVME_CC); csts = nvme_read4(sc, NVME_CSTS); - - if (ISSET(cc, NVME_CC_EN)) { - aprint_error_dev(sc->sc_dev, "controller unexpectedly enabled, failed to stay disabled\n"); + /* + * See note in nvme_disable. Short circuit if we're already enabled. + */ + if (ISSET(cc, NVME_CC_EN)) { if (ISSET(csts, NVME_CSTS_RDY)) - return 1; + return 0; goto waitready; + } else { + /* EN == 0 already wait for RDY == 0 or fail */ + error = nvme_ready(sc, 0); + if (error) + return error; } nvme_write8(sc, NVME_ASQ, NVME_DMA_DVA(sc->sc_admin_q->q_sq_dmamem)); @@ -282,7 +282,6 @@ nvme_enable(struct nvme_softc *sc, u_int nvme_write4(sc, NVME_CC, cc); nvme_barrier(sc, 0, sc->sc_ios, BUS_SPACE_BARRIER_READ | BUS_SPACE_BARRIER_WRITE); - delay(5000); waitready: return nvme_ready(sc, NVME_CSTS_RDY); @@ -292,20 +291,44 @@ static int nvme_disable(struct nvme_softc *sc) { uint32_t cc, csts; + int error; cc = nvme_read4(sc, NVME_CC); csts = nvme_read4(sc, NVME_CSTS); - if (ISSET(cc, NVME_CC_EN) && !ISSET(csts, NVME_CSTS_RDY)) - nvme_ready(sc, NVME_CSTS_RDY); + /* + * Per 3.1.5 in NVME 1.3 spec, transitioning CC.EN from 0 to 1 + * when CSTS.RDY is 1 or transitioning CC.EN from 1 to 0 when + * CSTS.RDY is 0 "has undefined results" So make sure that CSTS.RDY + * isn't the desired value. Short circuit if we're already disabled. + */ + if (ISSET(cc, NVME_CC_EN)) { + if (!ISSET(csts, NVME_CSTS_RDY)) { + /* EN == 1, wait for RDY == 1 or fail */ + error = nvme_ready(sc, NVME_CSTS_RDY); + if (error) +return error; + } + } else { + /* EN == 0 already wait for RDY == 0 */ + if (!ISSET(csts, NVME_CSTS_RDY)) + return 0; - CLR(cc, NVME_CC_EN); + goto waitready; + } + CLR(cc, NVME_CC_EN); nvme_write4(sc, NVME_CC, cc); nvme_barrier(sc, 0, sc->sc_ios, BUS_SPACE_BARRIER_READ); - - delay(5000); + /* + * Some drives have issues with accessing the mmio after we disable, + * so delay for a bit after we write the bit to cope with these issues. + */ + if (ISSET(sc->sc_quirks, NVME_QUIRK_DELAY_B4_CHK_RDY)) + delay(B4_CHK_RDY_DELAY_MS); + +waitready: return nvme_ready(sc, 0); } Index: src/sys/dev/ic/nvmevar.h diff -u src/sys/dev/ic/nvmevar.h:1.15 src/sys/dev/ic/nvmevar.h:1.16 --- src/sys/dev/ic/nvmevar.h:1.15 Fri Mar 16 23:31:19 2018 +++ src/sys/dev/ic/nvmevar.h Wed Apr 18 10:05:59 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: nvmevar.h,v 1.15 2018/03/16 23:31:19 jdolecek Exp $ */ +/* $NetBSD: nvmevar.h,v 1.16 2018/04/18 10:05:59 nonaka Exp $ */ /* $OpenBSD: nvmevar.h,v 1.8 2016/04/14 11:18:32 dlg Exp $ */ /* @@ -136,6 +136,9 @@ struct nvme_softc { uint32_t sc_flags; #define NVME_F_ATTACHED __BIT(0) #define NVME_F_OPEN __BIT(1) + + uint32_t sc_quirks; +#define NVME_QUIRK_DELAY_B4_CHK_RDY __BIT(0) }; #define lemtoh16(p) le16toh(*((uint16_t *)(p))) Index: src/sys/dev/pci/nvme_pci.c diff -u src/sys/dev/pci/nvme_pci.c:1.19
CVS commit: src/sys/dev
Module Name:src Committed By: nonaka Date: Wed Apr 18 10:05:59 UTC 2018 Modified Files: src/sys/dev/ic: nvme.c nvmevar.h src/sys/dev/pci: nvme_pci.c Log Message: nvme(4): Added some delay before check RDY bit quirk when disabling device. Pick from FreeBSD nvme(4) r326937. To generate a diff of this commit: cvs rdiff -u -r1.37 -r1.38 src/sys/dev/ic/nvme.c cvs rdiff -u -r1.15 -r1.16 src/sys/dev/ic/nvmevar.h cvs rdiff -u -r1.19 -r1.20 src/sys/dev/pci/nvme_pci.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/amd64/conf
Module Name:src Committed By: martin Date: Wed Apr 18 09:29:36 UTC 2018 Modified Files: src/sys/arch/amd64/conf: Makefile.amd64 Log Message: Fix previous: HAVE_GCC needs to be checked in additon to SPECTRE_V2_GCC_MITIGATION, but SPECTRE_V2_GCC_MITIGATION being empty is not a good enough check as it can't be overwritte on the make command line. Now I can do: "make SPECTRE_V2_GCC_MITIGATION=0" (e.g. when my gcc is too old for having the indirect-branch options). To generate a diff of this commit: cvs rdiff -u -r1.68 -r1.69 src/sys/arch/amd64/conf/Makefile.amd64 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/amd64/conf/Makefile.amd64 diff -u src/sys/arch/amd64/conf/Makefile.amd64:1.68 src/sys/arch/amd64/conf/Makefile.amd64:1.69 --- src/sys/arch/amd64/conf/Makefile.amd64:1.68 Wed Apr 18 09:20:42 2018 +++ src/sys/arch/amd64/conf/Makefile.amd64 Wed Apr 18 09:29:35 2018 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.amd64,v 1.68 2018/04/18 09:20:42 martin Exp $ +# $NetBSD: Makefile.amd64,v 1.69 2018/04/18 09:29:35 martin Exp $ # Makefile for NetBSD # @@ -43,7 +43,8 @@ CFLAGS+= -msoft-float # For gcc we might need this, but other compilers barf # CFLAGS+= -mno-fp-ret-in-387 -.if !empty(SPECTRE_V2_GCC_MITIGATION) && ${SPECTRE_V2_GCC_MITIGATION:U0} > 0 +.if !empty(SPECTRE_V2_GCC_MITIGATION) && ${SPECTRE_V2_GCC_MITIGATION:U0} > 0 \ + && ${HAVE_GCC:U0} > 0 CFLAGS+= -mindirect-branch=thunk-inline CFLAGS+= -mindirect-branch-register .endif
CVS commit: src/sys/arch/amd64/conf
Module Name:src Committed By: martin Date: Wed Apr 18 09:29:36 UTC 2018 Modified Files: src/sys/arch/amd64/conf: Makefile.amd64 Log Message: Fix previous: HAVE_GCC needs to be checked in additon to SPECTRE_V2_GCC_MITIGATION, but SPECTRE_V2_GCC_MITIGATION being empty is not a good enough check as it can't be overwritte on the make command line. Now I can do: "make SPECTRE_V2_GCC_MITIGATION=0" (e.g. when my gcc is too old for having the indirect-branch options). To generate a diff of this commit: cvs rdiff -u -r1.68 -r1.69 src/sys/arch/amd64/conf/Makefile.amd64 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/amd64/conf
Module Name:src Committed By: martin Date: Wed Apr 18 09:20:42 UTC 2018 Modified Files: src/sys/arch/amd64/conf: Makefile.amd64 Log Message: Fix copy & pasto To generate a diff of this commit: cvs rdiff -u -r1.67 -r1.68 src/sys/arch/amd64/conf/Makefile.amd64 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/amd64/conf/Makefile.amd64 diff -u src/sys/arch/amd64/conf/Makefile.amd64:1.67 src/sys/arch/amd64/conf/Makefile.amd64:1.68 --- src/sys/arch/amd64/conf/Makefile.amd64:1.67 Sat Apr 7 19:38:06 2018 +++ src/sys/arch/amd64/conf/Makefile.amd64 Wed Apr 18 09:20:42 2018 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.amd64,v 1.67 2018/04/07 19:38:06 mrg Exp $ +# $NetBSD: Makefile.amd64,v 1.68 2018/04/18 09:20:42 martin Exp $ # Makefile for NetBSD # @@ -43,7 +43,7 @@ CFLAGS+= -msoft-float # For gcc we might need this, but other compilers barf # CFLAGS+= -mno-fp-ret-in-387 -.if !empty(SPECTRE_V2_GCC_MITIGATION) && ${HAVE_GCC:U0} > 0 +.if !empty(SPECTRE_V2_GCC_MITIGATION) && ${SPECTRE_V2_GCC_MITIGATION:U0} > 0 CFLAGS+= -mindirect-branch=thunk-inline CFLAGS+= -mindirect-branch-register .endif
CVS commit: src/sys/arch/amd64/conf
Module Name:src Committed By: martin Date: Wed Apr 18 09:20:42 UTC 2018 Modified Files: src/sys/arch/amd64/conf: Makefile.amd64 Log Message: Fix copy & pasto To generate a diff of this commit: cvs rdiff -u -r1.67 -r1.68 src/sys/arch/amd64/conf/Makefile.amd64 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src
Module Name:src Committed By: mlelstv Date: Wed Apr 18 08:58:42 UTC 2018 Modified Files: src/distrib/sets/lists/comp: mi src/sys/sys: Makefile Log Message: Make sys/pmf.h available to userland (again). The recently exposed device.h internals to _KMEMUSER also require exposing details about pmf. The current build works without this as the only user is crash(8) which partially uses kernel sources and is compiled with the additional kernel include path. To generate a diff of this commit: cvs rdiff -u -r1.2187 -r1.2188 src/distrib/sets/lists/comp/mi cvs rdiff -u -r1.164 -r1.165 src/sys/sys/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/distrib/sets/lists/comp/mi diff -u src/distrib/sets/lists/comp/mi:1.2187 src/distrib/sets/lists/comp/mi:1.2188 --- src/distrib/sets/lists/comp/mi:1.2187 Tue Apr 10 16:12:29 2018 +++ src/distrib/sets/lists/comp/mi Wed Apr 18 08:58:41 2018 @@ -1,4 +1,4 @@ -# $NetBSD: mi,v 1.2187 2018/04/10 16:12:29 maxv Exp $ +# $NetBSD: mi,v 1.2188 2018/04/18 08:58:41 mlelstv Exp $ # # Note: don't delete entries from here - mark them as "obsolete" instead. ./etc/mtree/set.compcomp-sys-root @@ -3002,7 +3002,7 @@ ./usr/include/sys/pcu.hcomp-c-include ./usr/include/sys/pipe.h comp-c-include ./usr/include/sys/pmc.hcomp-c-include -./usr/include/sys/pmf.hcomp-obsolete obsolete +./usr/include/sys/pmf.hcomp-c-include ./usr/include/sys/poll.h comp-c-include ./usr/include/sys/pool.h comp-c-include ./usr/include/sys/power.h comp-c-include Index: src/sys/sys/Makefile diff -u src/sys/sys/Makefile:1.164 src/sys/sys/Makefile:1.165 --- src/sys/sys/Makefile:1.164 Tue Dec 19 19:10:13 2017 +++ src/sys/sys/Makefile Wed Apr 18 08:58:41 2018 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.164 2017/12/19 19:10:13 kamil Exp $ +# $NetBSD: Makefile,v 1.165 2018/04/18 08:58:41 mlelstv Exp $ .include @@ -29,7 +29,7 @@ INCS= acct.h agpio.h aio.h ansi.h aout_m malloc.h mallocvar.h mbuf.h md4.h md5.h midiio.h \ mman.h module.h mount.h mqueue.h msg.h msgbuf.h mtio.h mutex.h \ namei.h null.h \ - param.h pcu.h pipe.h pmc.h poll.h pool.h power.h proc.h \ + param.h pcu.h pipe.h pmc.h pmf.h poll.h pool.h power.h proc.h \ protosw.h pset.h psref.h ptrace.h ptree.h \ queue.h quota.h quotactl.h \ ras.h rbtree.h reboot.h radioio.h resource.h resourcevar.h rmd160.h \
CVS commit: src
Module Name:src Committed By: mlelstv Date: Wed Apr 18 08:58:42 UTC 2018 Modified Files: src/distrib/sets/lists/comp: mi src/sys/sys: Makefile Log Message: Make sys/pmf.h available to userland (again). The recently exposed device.h internals to _KMEMUSER also require exposing details about pmf. The current build works without this as the only user is crash(8) which partially uses kernel sources and is compiled with the additional kernel include path. To generate a diff of this commit: cvs rdiff -u -r1.2187 -r1.2188 src/distrib/sets/lists/comp/mi cvs rdiff -u -r1.164 -r1.165 src/sys/sys/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/net
Module Name:src Committed By: knakahara Date: Wed Apr 18 07:40:40 UTC 2018 Modified Files: src/sys/net: if_pppoe.c Log Message: Fix sending PADT to unexpected hosts when net.pppoe.term_unknown is enabled. To generate a diff of this commit: cvs rdiff -u -r1.135 -r1.136 src/sys/net/if_pppoe.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_pppoe.c diff -u src/sys/net/if_pppoe.c:1.135 src/sys/net/if_pppoe.c:1.136 --- src/sys/net/if_pppoe.c:1.135 Wed Apr 18 07:36:26 2018 +++ src/sys/net/if_pppoe.c Wed Apr 18 07:40:40 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_pppoe.c,v 1.135 2018/04/18 07:36:26 knakahara Exp $ */ +/* $NetBSD: if_pppoe.c,v 1.136 2018/04/18 07:40:40 knakahara Exp $ */ /*- * Copyright (c) 2002, 2008 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.135 2018/04/18 07:36:26 knakahara Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.136 2018/04/18 07:40:40 knakahara Exp $"); #ifdef _KERNEL_OPT #include "pppoe.h" @@ -63,6 +63,7 @@ __KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v #include #include #include +#include #include @@ -236,6 +237,7 @@ static int pppoe_clone_create(struct if_ static int pppoe_clone_destroy(struct ifnet *); static bool pppoe_term_unknown = false; +static int pppoe_term_unknown_pps = 1; static struct sysctllog *pppoe_sysctl_clog; static void sysctl_net_pppoe_setup(struct sysctllog **); @@ -951,6 +953,16 @@ pppoe_disc_input(struct mbuf *m) m_freem(m); } +static bool +pppoe_is_my_frame(uint8_t *dhost, struct ifnet *rcvif) +{ + + if (memcmp(CLLADDR(rcvif->if_sadl), dhost, ETHER_ADDR_LEN) == 0) + return true; + + return false; +} + static void pppoe_data_input(struct mbuf *m) { @@ -960,13 +972,17 @@ pppoe_data_input(struct mbuf *m) struct ifnet *rcvif; struct psref psref; uint8_t shost[ETHER_ADDR_LEN]; + uint8_t dhost[ETHER_ADDR_LEN]; bool term_unknown = pppoe_term_unknown; KASSERT(m->m_flags & M_PKTHDR); - if (term_unknown) + if (term_unknown) { memcpy(shost, mtod(m, struct ether_header*)->ether_shost, ETHER_ADDR_LEN); + memcpy(dhost, mtod(m, struct ether_header*)->ether_dhost, + ETHER_ADDR_LEN); + } m_adj(m, sizeof(struct ether_header)); if (m->m_pkthdr.len <= PPPOE_HEADERLEN) { printf("pppoe (data): dropping too short packet: %d bytes\n", @@ -998,9 +1014,20 @@ pppoe_data_input(struct mbuf *m) sc = pppoe_find_softc_by_session(session, rcvif, RW_READER); if (sc == NULL) { if (term_unknown) { - printf("pppoe: input for unknown session %#x, " - "sending PADT\n", session); - pppoe_send_padt(rcvif, session, shost); + static struct timeval lasttime = {0, 0}; + static int curpps = 0; + /* + * avoid to send wrong PADT which is response from + * session stage pakcets for other hosts when parent + * ethernet is promiscuous mode. + */ + if (pppoe_is_my_frame(dhost, rcvif) + && ppsratecheck(, , +pppoe_term_unknown_pps)) { +printf("pppoe: input for unknown session %#x, " +"sending PADT\n", session); +pppoe_send_padt(rcvif, session, shost); + } } m_put_rcvif_psref(rcvif, ); goto drop;
CVS commit: src/sys/net
Module Name:src Committed By: knakahara Date: Wed Apr 18 07:40:40 UTC 2018 Modified Files: src/sys/net: if_pppoe.c Log Message: Fix sending PADT to unexpected hosts when net.pppoe.term_unknown is enabled. To generate a diff of this commit: cvs rdiff -u -r1.135 -r1.136 src/sys/net/if_pppoe.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Wed Apr 18 07:38:02 UTC 2018 Modified Files: src/sys/netipsec: ipsec_input.c ipsec_netbsd.c Log Message: Remove unused malloc.h include. To generate a diff of this commit: cvs rdiff -u -r1.64 -r1.65 src/sys/netipsec/ipsec_input.c cvs rdiff -u -r1.51 -r1.52 src/sys/netipsec/ipsec_netbsd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Wed Apr 18 07:38:02 UTC 2018 Modified Files: src/sys/netipsec: ipsec_input.c ipsec_netbsd.c Log Message: Remove unused malloc.h include. To generate a diff of this commit: cvs rdiff -u -r1.64 -r1.65 src/sys/netipsec/ipsec_input.c cvs rdiff -u -r1.51 -r1.52 src/sys/netipsec/ipsec_netbsd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netipsec/ipsec_input.c diff -u src/sys/netipsec/ipsec_input.c:1.64 src/sys/netipsec/ipsec_input.c:1.65 --- src/sys/netipsec/ipsec_input.c:1.64 Tue Apr 17 17:56:08 2018 +++ src/sys/netipsec/ipsec_input.c Wed Apr 18 07:38:02 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec_input.c,v 1.64 2018/04/17 17:56:08 maxv Exp $ */ +/* $NetBSD: ipsec_input.c,v 1.65 2018/04/18 07:38:02 maxv Exp $ */ /* $FreeBSD: src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $ */ /* $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $ */ @@ -39,7 +39,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.64 2018/04/17 17:56:08 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.65 2018/04/18 07:38:02 maxv Exp $"); /* * IPsec input processing. @@ -51,7 +51,6 @@ __KERNEL_RCSID(0, "$NetBSD: ipsec_input. #include #include -#include #include #include #include Index: src/sys/netipsec/ipsec_netbsd.c diff -u src/sys/netipsec/ipsec_netbsd.c:1.51 src/sys/netipsec/ipsec_netbsd.c:1.52 --- src/sys/netipsec/ipsec_netbsd.c:1.51 Wed Apr 18 06:22:47 2018 +++ src/sys/netipsec/ipsec_netbsd.c Wed Apr 18 07:38:02 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec_netbsd.c,v 1.51 2018/04/18 06:22:47 maxv Exp $ */ +/* $NetBSD: ipsec_netbsd.c,v 1.52 2018/04/18 07:38:02 maxv Exp $ */ /* $KAME: esp_input.c,v 1.60 2001/09/04 08:43:19 itojun Exp $ */ /* $KAME: ah_input.c,v 1.64 2001/09/04 08:43:19 itojun Exp $ */ @@ -32,7 +32,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.51 2018/04/18 06:22:47 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.52 2018/04/18 07:38:02 maxv Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -41,7 +41,6 @@ __KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd #include #include -#include #include #include #include
CVS commit: src/sys/net
Module Name:src Committed By: knakahara Date: Wed Apr 18 07:36:26 UTC 2018 Modified Files: src/sys/net: if_pppoe.c Log Message: net.pppoe.term_unknown can be written safely now. To generate a diff of this commit: cvs rdiff -u -r1.134 -r1.135 src/sys/net/if_pppoe.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/net
Module Name:src Committed By: knakahara Date: Wed Apr 18 07:36:26 UTC 2018 Modified Files: src/sys/net: if_pppoe.c Log Message: net.pppoe.term_unknown can be written safely now. To generate a diff of this commit: cvs rdiff -u -r1.134 -r1.135 src/sys/net/if_pppoe.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_pppoe.c diff -u src/sys/net/if_pppoe.c:1.134 src/sys/net/if_pppoe.c:1.135 --- src/sys/net/if_pppoe.c:1.134 Mon Feb 12 15:38:14 2018 +++ src/sys/net/if_pppoe.c Wed Apr 18 07:36:26 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_pppoe.c,v 1.134 2018/02/12 15:38:14 maxv Exp $ */ +/* $NetBSD: if_pppoe.c,v 1.135 2018/04/18 07:36:26 knakahara Exp $ */ /*- * Copyright (c) 2002, 2008 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.134 2018/02/12 15:38:14 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.135 2018/04/18 07:36:26 knakahara Exp $"); #ifdef _KERNEL_OPT #include "pppoe.h" @@ -960,10 +960,11 @@ pppoe_data_input(struct mbuf *m) struct ifnet *rcvif; struct psref psref; uint8_t shost[ETHER_ADDR_LEN]; + bool term_unknown = pppoe_term_unknown; KASSERT(m->m_flags & M_PKTHDR); - if (pppoe_term_unknown) + if (term_unknown) memcpy(shost, mtod(m, struct ether_header*)->ether_shost, ETHER_ADDR_LEN); m_adj(m, sizeof(struct ether_header)); @@ -996,7 +997,7 @@ pppoe_data_input(struct mbuf *m) goto drop; sc = pppoe_find_softc_by_session(session, rcvif, RW_READER); if (sc == NULL) { - if (pppoe_term_unknown) { + if (term_unknown) { printf("pppoe: input for unknown session %#x, " "sending PADT\n", session); pppoe_send_padt(rcvif, session, shost); @@ -1941,7 +1942,7 @@ sysctl_net_pppoe_setup(struct sysctllog return; sysctl_createv(clog, 0, , NULL, - CTLFLAG_PERMANENT | CTLFLAG_READONLY, + CTLFLAG_PERMANENT | CTLFLAG_READWRITE, CTLTYPE_BOOL, "term_unknown", SYSCTL_DESCR("Terminate unknown sessions"), NULL, 0, _term_unknown, sizeof(pppoe_term_unknown),
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Wed Apr 18 07:32:44 UTC 2018 Modified Files: src/sys/netipsec: key.h Log Message: Style, and remove unused MALLOC_DECLARE. To generate a diff of this commit: cvs rdiff -u -r1.34 -r1.35 src/sys/netipsec/key.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Wed Apr 18 07:32:44 UTC 2018 Modified Files: src/sys/netipsec: key.h Log Message: Style, and remove unused MALLOC_DECLARE. To generate a diff of this commit: cvs rdiff -u -r1.34 -r1.35 src/sys/netipsec/key.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netipsec/key.h diff -u src/sys/netipsec/key.h:1.34 src/sys/netipsec/key.h:1.35 --- src/sys/netipsec/key.h:1.34 Wed Jan 10 10:56:31 2018 +++ src/sys/netipsec/key.h Wed Apr 18 07:32:44 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: key.h,v 1.34 2018/01/10 10:56:31 knakahara Exp $ */ +/* $NetBSD: key.h,v 1.35 2018/04/18 07:32:44 maxv Exp $ */ /* $FreeBSD: src/sys/netipsec/key.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */ /* $KAME: key.h,v 1.21 2001/07/27 03:51:30 itojun Exp $ */ @@ -56,19 +56,19 @@ struct sadb_msghdr { int key_havesp(u_int dir); struct secpolicy *key_lookup_sp_byspidx(const struct secpolicyindex *, u_int, - const char*, int); +const char *, int); struct secpolicy *key_newsp(const char*, int); struct secpolicy *key_gettunnel(const struct sockaddr *, - const struct sockaddr *, const struct sockaddr *, - const struct sockaddr *, const char*, int); +const struct sockaddr *, const struct sockaddr *, +const struct sockaddr *, const char *, int); /* NB: prepend with _ for KAME IPv6 compatbility */ void key_init_sp(struct secpolicy *); void key_free_sp(struct secpolicy *); u_int key_sp_refcnt(const struct secpolicy *); -void key_sp_ref(struct secpolicy *, const char*, int); -void key_sp_unref(struct secpolicy *, const char*, int); -void key_sa_ref(struct secasvar *, const char*, int); -void key_sa_unref(struct secasvar *, const char*, int); +void key_sp_ref(struct secpolicy *, const char *, int); +void key_sp_unref(struct secpolicy *, const char *, int); +void key_sa_ref(struct secasvar *, const char *, int); +void key_sa_unref(struct secasvar *, const char *, int); u_int key_sa_refcnt(const struct secasvar *); void key_socksplist_add(struct secpolicy *); @@ -96,41 +96,37 @@ void key_socksplist_add(struct secpolicy key_sa_unref(*(psav), __func__, __LINE__) struct secasvar *key_lookup_sa(const union sockaddr_union *, - u_int, u_int32_t, u_int16_t, u_int16_t, const char*, int); -void key_freesav(struct secasvar **, const char*, int); +u_int, u_int32_t, u_int16_t, u_int16_t, const char *, int); +void key_freesav(struct secasvar **, const char *, int); struct secasvar *key_lookup_sa_bysaidx(const struct secasindex *); #define KEY_LOOKUP_SA(dst, proto, spi, sport, dport) \ key_lookup_sa(dst, proto, spi, sport, dport, __func__, __LINE__) -int key_checktunnelsanity (struct secasvar *, u_int, void *, void *); +int key_checktunnelsanity(struct secasvar *, u_int, void *, void *); int key_checkrequest(const struct ipsecrequest *, const struct secasindex *, struct secasvar **); -struct secpolicy *key_msg2sp (const struct sadb_x_policy *, size_t, int *); +struct secpolicy *key_msg2sp(const struct sadb_x_policy *, size_t, int *); struct mbuf *key_sp2msg(const struct secpolicy *, int); -int key_ismyaddr (const struct sockaddr *); -int key_spdacquire (const struct secpolicy *); -u_long key_random (void); -void key_randomfill (void *, size_t); -void key_freereg (struct socket *); -int key_parse (struct mbuf *, struct socket *); -void key_init (void); -void key_sa_recordxfer (struct secasvar *, struct mbuf *); -void key_sa_routechange (struct sockaddr *); +int key_ismyaddr(const struct sockaddr *); +int key_spdacquire(const struct secpolicy *); +u_long key_random(void); +void key_randomfill(void *, size_t); +void key_freereg(struct socket *); +int key_parse(struct mbuf *, struct socket *); +void key_init(void); +void key_sa_recordxfer(struct secasvar *, struct mbuf *); +void key_sa_routechange(struct sockaddr *); void key_update_used(void); int key_get_used(void); -u_int16_t key_portfromsaddr (const union sockaddr_union *); +u_int16_t key_portfromsaddr(const union sockaddr_union *); /* for ipsec(4) */ struct secpolicy *key_kpi_spdadd(struct mbuf *); int key_kpi_spddelete2(struct mbuf *); u_int16_t key_newreqid(void); -#ifdef MALLOC_DECLARE -MALLOC_DECLARE(M_SECA); -#endif /* MALLOC_DECLARE */ - #endif /* defined(_KERNEL) */ #endif /* !_NETIPSEC_KEY_H_ */
CVS commit: [netbsd-6-0] src/doc
Module Name:src Committed By: msaitoh Date: Wed Apr 18 07:20:17 UTC 2018 Modified Files: src/doc [netbsd-6-0]: CHANGES-6.0.7 Log Message: Ticket #1545 To generate a diff of this commit: cvs rdiff -u -r1.1.2.141 -r1.1.2.142 src/doc/CHANGES-6.0.7 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-6.0.7 diff -u src/doc/CHANGES-6.0.7:1.1.2.141 src/doc/CHANGES-6.0.7:1.1.2.142 --- src/doc/CHANGES-6.0.7:1.1.2.141 Tue Apr 10 17:44:58 2018 +++ src/doc/CHANGES-6.0.7 Wed Apr 18 07:20:17 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-6.0.7,v 1.1.2.141 2018/04/10 17:44:58 snj Exp $ +# $NetBSD: CHANGES-6.0.7,v 1.1.2.142 2018/04/18 07:20:17 msaitoh Exp $ A complete list of changes from the NetBSD 6.0.6 release to the NetBSD 6.0.7 release: @@ -15454,3 +15454,8 @@ usr.sbin/ypserv/ypserv/ypserv_proc.c 1. procs to avoid returning stale request data to the client. [christos, ticket #1528] +sys/netipsec/ipsec_mbuf.c 1.23-1.24 + + Don't assume M_PKTHDR is set only on the first mbuf of the chain. + Fix a pretty bad mistake (IPsec DoS). + [maxv, ticket #1545]
CVS commit: [netbsd-6-0] src/doc
Module Name:src Committed By: msaitoh Date: Wed Apr 18 07:20:17 UTC 2018 Modified Files: src/doc [netbsd-6-0]: CHANGES-6.0.7 Log Message: Ticket #1545 To generate a diff of this commit: cvs rdiff -u -r1.1.2.141 -r1.1.2.142 src/doc/CHANGES-6.0.7 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/doc
Module Name:src Committed By: msaitoh Date: Wed Apr 18 07:19:23 UTC 2018 Modified Files: src/doc [netbsd-6]: CHANGES-6.2 Log Message: Ticket #1545 To generate a diff of this commit: cvs rdiff -u -r1.1.2.334 -r1.1.2.335 src/doc/CHANGES-6.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6-1] src/doc
Module Name:src Committed By: msaitoh Date: Wed Apr 18 07:19:52 UTC 2018 Modified Files: src/doc [netbsd-6-1]: CHANGES-6.1.6 Log Message: Ticket #1545 To generate a diff of this commit: cvs rdiff -u -r1.1.2.138 -r1.1.2.139 src/doc/CHANGES-6.1.6 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6-1] src/doc
Module Name:src Committed By: msaitoh Date: Wed Apr 18 07:19:52 UTC 2018 Modified Files: src/doc [netbsd-6-1]: CHANGES-6.1.6 Log Message: Ticket #1545 To generate a diff of this commit: cvs rdiff -u -r1.1.2.138 -r1.1.2.139 src/doc/CHANGES-6.1.6 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-6.1.6 diff -u src/doc/CHANGES-6.1.6:1.1.2.138 src/doc/CHANGES-6.1.6:1.1.2.139 --- src/doc/CHANGES-6.1.6:1.1.2.138 Tue Apr 10 17:45:17 2018 +++ src/doc/CHANGES-6.1.6 Wed Apr 18 07:19:52 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-6.1.6,v 1.1.2.138 2018/04/10 17:45:17 snj Exp $ +# $NetBSD: CHANGES-6.1.6,v 1.1.2.139 2018/04/18 07:19:52 msaitoh Exp $ A complete list of changes from the NetBSD 6.1.5 release to the NetBSD 6.1.6 release: @@ -15123,3 +15123,8 @@ usr.sbin/ypserv/ypserv/ypserv_proc.c 1. procs to avoid returning stale request data to the client. [christos, ticket #1528] +sys/netipsec/ipsec_mbuf.c 1.23-1.24 + + Don't assume M_PKTHDR is set only on the first mbuf of the chain. + Fix a pretty bad mistake (IPsec DoS). + [maxv, ticket #1545]
CVS commit: [netbsd-6] src/doc
Module Name:src Committed By: msaitoh Date: Wed Apr 18 07:19:23 UTC 2018 Modified Files: src/doc [netbsd-6]: CHANGES-6.2 Log Message: Ticket #1545 To generate a diff of this commit: cvs rdiff -u -r1.1.2.334 -r1.1.2.335 src/doc/CHANGES-6.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-6.2 diff -u src/doc/CHANGES-6.2:1.1.2.334 src/doc/CHANGES-6.2:1.1.2.335 --- src/doc/CHANGES-6.2:1.1.2.334 Tue Apr 10 17:45:27 2018 +++ src/doc/CHANGES-6.2 Wed Apr 18 07:19:23 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-6.2,v 1.1.2.334 2018/04/10 17:45:27 snj Exp $ +# $NetBSD: CHANGES-6.2,v 1.1.2.335 2018/04/18 07:19:23 msaitoh Exp $ A complete list of changes from the 6.1 release until the 6.2 release: @@ -21228,3 +21228,8 @@ usr.sbin/ypserv/ypserv/ypserv_proc.c 1. procs to avoid returning stale request data to the client. [christos, ticket #1528] +sys/netipsec/ipsec_mbuf.c 1.23-1.24 + + Don't assume M_PKTHDR is set only on the first mbuf of the chain. + Fix a pretty bad mistake (IPsec DoS). + [maxv, ticket #1545]
CVS commit: src/sys
Module Name:src Committed By: maxv Date: Wed Apr 18 07:17:49 UTC 2018 Modified Files: src/sys/netinet: tcp_subr.c src/sys/netinet6: ip6_forward.c ip6_output.c Log Message: Remove unused netipsec/xform.h includes. To generate a diff of this commit: cvs rdiff -u -r1.277 -r1.278 src/sys/netinet/tcp_subr.c cvs rdiff -u -r1.92 -r1.93 src/sys/netinet6/ip6_forward.c cvs rdiff -u -r1.203 -r1.204 src/sys/netinet6/ip6_output.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_subr.c diff -u src/sys/netinet/tcp_subr.c:1.277 src/sys/netinet/tcp_subr.c:1.278 --- src/sys/netinet/tcp_subr.c:1.277 Wed Apr 18 06:17:43 2018 +++ src/sys/netinet/tcp_subr.c Wed Apr 18 07:17:49 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_subr.c,v 1.277 2018/04/18 06:17:43 maxv Exp $ */ +/* $NetBSD: tcp_subr.c,v 1.278 2018/04/18 07:17:49 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.277 2018/04/18 06:17:43 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.278 2018/04/18 07:17:49 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -147,7 +147,6 @@ __KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v #ifdef IPSEC #include -#include #ifdef INET6 #include #endif Index: src/sys/netinet6/ip6_forward.c diff -u src/sys/netinet6/ip6_forward.c:1.92 src/sys/netinet6/ip6_forward.c:1.93 --- src/sys/netinet6/ip6_forward.c:1.92 Mon Jan 29 08:17:18 2018 +++ src/sys/netinet6/ip6_forward.c Wed Apr 18 07:17:49 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_forward.c,v 1.92 2018/01/29 08:17:18 maxv Exp $ */ +/* $NetBSD: ip6_forward.c,v 1.93 2018/04/18 07:17:49 maxv Exp $ */ /* $KAME: ip6_forward.c,v 1.109 2002/09/11 08:10:17 sakane Exp $ */ /* @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.92 2018/01/29 08:17:18 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.93 2018/04/18 07:17:49 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_gateway.h" @@ -65,8 +65,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_forward. #include #include #include -#include -#endif /* IPSEC */ +#endif #include Index: src/sys/netinet6/ip6_output.c diff -u src/sys/netinet6/ip6_output.c:1.203 src/sys/netinet6/ip6_output.c:1.204 --- src/sys/netinet6/ip6_output.c:1.203 Tue Feb 27 15:01:30 2018 +++ src/sys/netinet6/ip6_output.c Wed Apr 18 07:17:49 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_output.c,v 1.203 2018/02/27 15:01:30 maxv Exp $ */ +/* $NetBSD: ip6_output.c,v 1.204 2018/04/18 07:17:49 maxv Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.203 2018/02/27 15:01:30 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.204 2018/04/18 07:17:49 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -104,7 +104,6 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_output.c #include #include #include -#include #endif
CVS commit: [netbsd-6-1] src/sys/netipsec
Module Name:src Committed By: msaitoh Date: Wed Apr 18 07:17:24 UTC 2018 Modified Files: src/sys/netipsec [netbsd-6-1]: ipsec_mbuf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1545): sys/netipsec/ipsec_mbuf.c: revision 1.23 sys/netipsec/ipsec_mbuf.c: revision 1.24 Don't assume M_PKTHDR is set only on the first mbuf of the chain. It should, but it looks like there are several places that can put M_PKTHDR on secondary mbufs (PR/53189), so drop this assumption right now to prevent further bugs. The check is replaced by (m1 != m), which is equivalent to the previous code: we want to modify m->m_pkthdr.len only when 'm' was not passed in m_adj(). Fix a pretty bad mistake, that has always been there. m_adj(m1, -(m1->m_len - roff)); if (m1 != m) m->m_pkthdr.len -= (m1->m_len - roff); This is wrong: m_adj will modify m1->m_len, so we're using a wrong value when manually adjusting m->m_pkthdr.len. Because of that, it is possible to exploit the attack I described in uipc_mbuf.c::rev1.182. The exploit is more complicated, but works 100% reliably. To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.12.24.1 src/sys/netipsec/ipsec_mbuf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netipsec/ipsec_mbuf.c diff -u src/sys/netipsec/ipsec_mbuf.c:1.12 src/sys/netipsec/ipsec_mbuf.c:1.12.24.1 --- src/sys/netipsec/ipsec_mbuf.c:1.12 Mon May 16 10:05:23 2011 +++ src/sys/netipsec/ipsec_mbuf.c Wed Apr 18 07:17:24 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec_mbuf.c,v 1.12 2011/05/16 10:05:23 drochner Exp $ */ +/* $NetBSD: ipsec_mbuf.c,v 1.12.24.1 2018/04/18 07:17:24 msaitoh Exp $ */ /*- * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting * All rights reserved. @@ -28,7 +28,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.12 2011/05/16 10:05:23 drochner Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.12.24.1 2018/04/18 07:17:24 msaitoh Exp $"); /* * IPsec-specific mbuf routines. @@ -407,10 +407,11 @@ m_striphdr(struct mbuf *m, int skip, int /* The header was at the beginning of the mbuf */ IPSEC_STATINC(IPSEC_STAT_INPUT_FRONT); m_adj(m1, hlen); - if ((m1->m_flags & M_PKTHDR) == 0) + if (m1 != m) m->m_pkthdr.len -= hlen; } else if (roff + hlen >= m1->m_len) { struct mbuf *mo; + int adjlen; /* * Part or all of the header is at the end of this mbuf, @@ -419,11 +420,13 @@ m_striphdr(struct mbuf *m, int skip, int */ IPSEC_STATINC(IPSEC_STAT_INPUT_END); if (roff + hlen > m1->m_len) { + adjlen = roff + hlen - m1->m_len; + /* Adjust the next mbuf by the remainder */ - m_adj(m1->m_next, roff + hlen - m1->m_len); + m_adj(m1->m_next, adjlen); /* The second mbuf is guaranteed not to have a pkthdr... */ - m->m_pkthdr.len -= (roff + hlen - m1->m_len); + m->m_pkthdr.len -= adjlen; } /* Now, let's unlink the mbuf chain for a second...*/ @@ -431,9 +434,10 @@ m_striphdr(struct mbuf *m, int skip, int m1->m_next = NULL; /* ...and trim the end of the first part of the chain...sick */ - m_adj(m1, -(m1->m_len - roff)); - if ((m1->m_flags & M_PKTHDR) == 0) - m->m_pkthdr.len -= (m1->m_len - roff); + adjlen = m1->m_len - roff; + m_adj(m1, -adjlen); + if (m1 != m) + m->m_pkthdr.len -= adjlen; /* Finally, let's relink */ m1->m_next = mo;
CVS commit: src/sys
Module Name:src Committed By: maxv Date: Wed Apr 18 07:17:49 UTC 2018 Modified Files: src/sys/netinet: tcp_subr.c src/sys/netinet6: ip6_forward.c ip6_output.c Log Message: Remove unused netipsec/xform.h includes. To generate a diff of this commit: cvs rdiff -u -r1.277 -r1.278 src/sys/netinet/tcp_subr.c cvs rdiff -u -r1.92 -r1.93 src/sys/netinet6/ip6_forward.c cvs rdiff -u -r1.203 -r1.204 src/sys/netinet6/ip6_output.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6-1] src/sys/netipsec
Module Name:src Committed By: msaitoh Date: Wed Apr 18 07:17:24 UTC 2018 Modified Files: src/sys/netipsec [netbsd-6-1]: ipsec_mbuf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1545): sys/netipsec/ipsec_mbuf.c: revision 1.23 sys/netipsec/ipsec_mbuf.c: revision 1.24 Don't assume M_PKTHDR is set only on the first mbuf of the chain. It should, but it looks like there are several places that can put M_PKTHDR on secondary mbufs (PR/53189), so drop this assumption right now to prevent further bugs. The check is replaced by (m1 != m), which is equivalent to the previous code: we want to modify m->m_pkthdr.len only when 'm' was not passed in m_adj(). Fix a pretty bad mistake, that has always been there. m_adj(m1, -(m1->m_len - roff)); if (m1 != m) m->m_pkthdr.len -= (m1->m_len - roff); This is wrong: m_adj will modify m1->m_len, so we're using a wrong value when manually adjusting m->m_pkthdr.len. Because of that, it is possible to exploit the attack I described in uipc_mbuf.c::rev1.182. The exploit is more complicated, but works 100% reliably. To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.12.24.1 src/sys/netipsec/ipsec_mbuf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6-0] src/sys/netipsec
Module Name:src Committed By: msaitoh Date: Wed Apr 18 07:17:48 UTC 2018 Modified Files: src/sys/netipsec [netbsd-6-0]: ipsec_mbuf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1545): sys/netipsec/ipsec_mbuf.c: revision 1.23 sys/netipsec/ipsec_mbuf.c: revision 1.24 Don't assume M_PKTHDR is set only on the first mbuf of the chain. It should, but it looks like there are several places that can put M_PKTHDR on secondary mbufs (PR/53189), so drop this assumption right now to prevent further bugs. The check is replaced by (m1 != m), which is equivalent to the previous code: we want to modify m->m_pkthdr.len only when 'm' was not passed in m_adj(). Fix a pretty bad mistake, that has always been there. m_adj(m1, -(m1->m_len - roff)); if (m1 != m) m->m_pkthdr.len -= (m1->m_len - roff); This is wrong: m_adj will modify m1->m_len, so we're using a wrong value when manually adjusting m->m_pkthdr.len. Because of that, it is possible to exploit the attack I described in uipc_mbuf.c::rev1.182. The exploit is more complicated, but works 100% reliably. To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.12.16.1 src/sys/netipsec/ipsec_mbuf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netipsec/ipsec_mbuf.c diff -u src/sys/netipsec/ipsec_mbuf.c:1.12 src/sys/netipsec/ipsec_mbuf.c:1.12.16.1 --- src/sys/netipsec/ipsec_mbuf.c:1.12 Mon May 16 10:05:23 2011 +++ src/sys/netipsec/ipsec_mbuf.c Wed Apr 18 07:17:48 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec_mbuf.c,v 1.12 2011/05/16 10:05:23 drochner Exp $ */ +/* $NetBSD: ipsec_mbuf.c,v 1.12.16.1 2018/04/18 07:17:48 msaitoh Exp $ */ /*- * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting * All rights reserved. @@ -28,7 +28,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.12 2011/05/16 10:05:23 drochner Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.12.16.1 2018/04/18 07:17:48 msaitoh Exp $"); /* * IPsec-specific mbuf routines. @@ -407,10 +407,11 @@ m_striphdr(struct mbuf *m, int skip, int /* The header was at the beginning of the mbuf */ IPSEC_STATINC(IPSEC_STAT_INPUT_FRONT); m_adj(m1, hlen); - if ((m1->m_flags & M_PKTHDR) == 0) + if (m1 != m) m->m_pkthdr.len -= hlen; } else if (roff + hlen >= m1->m_len) { struct mbuf *mo; + int adjlen; /* * Part or all of the header is at the end of this mbuf, @@ -419,11 +420,13 @@ m_striphdr(struct mbuf *m, int skip, int */ IPSEC_STATINC(IPSEC_STAT_INPUT_END); if (roff + hlen > m1->m_len) { + adjlen = roff + hlen - m1->m_len; + /* Adjust the next mbuf by the remainder */ - m_adj(m1->m_next, roff + hlen - m1->m_len); + m_adj(m1->m_next, adjlen); /* The second mbuf is guaranteed not to have a pkthdr... */ - m->m_pkthdr.len -= (roff + hlen - m1->m_len); + m->m_pkthdr.len -= adjlen; } /* Now, let's unlink the mbuf chain for a second...*/ @@ -431,9 +434,10 @@ m_striphdr(struct mbuf *m, int skip, int m1->m_next = NULL; /* ...and trim the end of the first part of the chain...sick */ - m_adj(m1, -(m1->m_len - roff)); - if ((m1->m_flags & M_PKTHDR) == 0) - m->m_pkthdr.len -= (m1->m_len - roff); + adjlen = m1->m_len - roff; + m_adj(m1, -adjlen); + if (m1 != m) + m->m_pkthdr.len -= adjlen; /* Finally, let's relink */ m1->m_next = mo;
CVS commit: [netbsd-6-0] src/sys/netipsec
Module Name:src Committed By: msaitoh Date: Wed Apr 18 07:17:48 UTC 2018 Modified Files: src/sys/netipsec [netbsd-6-0]: ipsec_mbuf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1545): sys/netipsec/ipsec_mbuf.c: revision 1.23 sys/netipsec/ipsec_mbuf.c: revision 1.24 Don't assume M_PKTHDR is set only on the first mbuf of the chain. It should, but it looks like there are several places that can put M_PKTHDR on secondary mbufs (PR/53189), so drop this assumption right now to prevent further bugs. The check is replaced by (m1 != m), which is equivalent to the previous code: we want to modify m->m_pkthdr.len only when 'm' was not passed in m_adj(). Fix a pretty bad mistake, that has always been there. m_adj(m1, -(m1->m_len - roff)); if (m1 != m) m->m_pkthdr.len -= (m1->m_len - roff); This is wrong: m_adj will modify m1->m_len, so we're using a wrong value when manually adjusting m->m_pkthdr.len. Because of that, it is possible to exploit the attack I described in uipc_mbuf.c::rev1.182. The exploit is more complicated, but works 100% reliably. To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.12.16.1 src/sys/netipsec/ipsec_mbuf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/netipsec
Module Name:src Committed By: msaitoh Date: Wed Apr 18 06:59:10 UTC 2018 Modified Files: src/sys/netipsec [netbsd-6]: ipsec_mbuf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1545): sys/netipsec/ipsec_mbuf.c: revision 1.23 sys/netipsec/ipsec_mbuf.c: revision 1.24 Don't assume M_PKTHDR is set only on the first mbuf of the chain. It should, but it looks like there are several places that can put M_PKTHDR on secondary mbufs (PR/53189), so drop this assumption right now to prevent further bugs. The check is replaced by (m1 != m), which is equivalent to the previous code: we want to modify m->m_pkthdr.len only when 'm' was not passed in m_adj(). Fix a pretty bad mistake, that has always been there. m_adj(m1, -(m1->m_len - roff)); if (m1 != m) m->m_pkthdr.len -= (m1->m_len - roff); This is wrong: m_adj will modify m1->m_len, so we're using a wrong value when manually adjusting m->m_pkthdr.len. Because of that, it is possible to exploit the attack I described in uipc_mbuf.c::rev1.182. The exploit is more complicated, but works 100% reliably. To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.12.10.1 src/sys/netipsec/ipsec_mbuf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/netipsec
Module Name:src Committed By: msaitoh Date: Wed Apr 18 06:59:10 UTC 2018 Modified Files: src/sys/netipsec [netbsd-6]: ipsec_mbuf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1545): sys/netipsec/ipsec_mbuf.c: revision 1.23 sys/netipsec/ipsec_mbuf.c: revision 1.24 Don't assume M_PKTHDR is set only on the first mbuf of the chain. It should, but it looks like there are several places that can put M_PKTHDR on secondary mbufs (PR/53189), so drop this assumption right now to prevent further bugs. The check is replaced by (m1 != m), which is equivalent to the previous code: we want to modify m->m_pkthdr.len only when 'm' was not passed in m_adj(). Fix a pretty bad mistake, that has always been there. m_adj(m1, -(m1->m_len - roff)); if (m1 != m) m->m_pkthdr.len -= (m1->m_len - roff); This is wrong: m_adj will modify m1->m_len, so we're using a wrong value when manually adjusting m->m_pkthdr.len. Because of that, it is possible to exploit the attack I described in uipc_mbuf.c::rev1.182. The exploit is more complicated, but works 100% reliably. To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.12.10.1 src/sys/netipsec/ipsec_mbuf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netipsec/ipsec_mbuf.c diff -u src/sys/netipsec/ipsec_mbuf.c:1.12 src/sys/netipsec/ipsec_mbuf.c:1.12.10.1 --- src/sys/netipsec/ipsec_mbuf.c:1.12 Mon May 16 10:05:23 2011 +++ src/sys/netipsec/ipsec_mbuf.c Wed Apr 18 06:59:10 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec_mbuf.c,v 1.12 2011/05/16 10:05:23 drochner Exp $ */ +/* $NetBSD: ipsec_mbuf.c,v 1.12.10.1 2018/04/18 06:59:10 msaitoh Exp $ */ /*- * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting * All rights reserved. @@ -28,7 +28,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.12 2011/05/16 10:05:23 drochner Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.12.10.1 2018/04/18 06:59:10 msaitoh Exp $"); /* * IPsec-specific mbuf routines. @@ -407,10 +407,11 @@ m_striphdr(struct mbuf *m, int skip, int /* The header was at the beginning of the mbuf */ IPSEC_STATINC(IPSEC_STAT_INPUT_FRONT); m_adj(m1, hlen); - if ((m1->m_flags & M_PKTHDR) == 0) + if (m1 != m) m->m_pkthdr.len -= hlen; } else if (roff + hlen >= m1->m_len) { struct mbuf *mo; + int adjlen; /* * Part or all of the header is at the end of this mbuf, @@ -419,11 +420,13 @@ m_striphdr(struct mbuf *m, int skip, int */ IPSEC_STATINC(IPSEC_STAT_INPUT_END); if (roff + hlen > m1->m_len) { + adjlen = roff + hlen - m1->m_len; + /* Adjust the next mbuf by the remainder */ - m_adj(m1->m_next, roff + hlen - m1->m_len); + m_adj(m1->m_next, adjlen); /* The second mbuf is guaranteed not to have a pkthdr... */ - m->m_pkthdr.len -= (roff + hlen - m1->m_len); + m->m_pkthdr.len -= adjlen; } /* Now, let's unlink the mbuf chain for a second...*/ @@ -431,9 +434,10 @@ m_striphdr(struct mbuf *m, int skip, int m1->m_next = NULL; /* ...and trim the end of the first part of the chain...sick */ - m_adj(m1, -(m1->m_len - roff)); - if ((m1->m_flags & M_PKTHDR) == 0) - m->m_pkthdr.len -= (m1->m_len - roff); + adjlen = m1->m_len - roff; + m_adj(m1, -adjlen); + if (m1 != m) + m->m_pkthdr.len -= adjlen; /* Finally, let's relink */ m1->m_next = mo;
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Wed Apr 18 06:57:39 UTC 2018 Modified Files: src/sys/netipsec: ipsec.c Log Message: Remove dead code. ok ozaki-r@ To generate a diff of this commit: cvs rdiff -u -r1.155 -r1.156 src/sys/netipsec/ipsec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Wed Apr 18 06:57:39 UTC 2018 Modified Files: src/sys/netipsec: ipsec.c Log Message: Remove dead code. ok ozaki-r@ To generate a diff of this commit: cvs rdiff -u -r1.155 -r1.156 src/sys/netipsec/ipsec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netipsec/ipsec.c diff -u src/sys/netipsec/ipsec.c:1.155 src/sys/netipsec/ipsec.c:1.156 --- src/sys/netipsec/ipsec.c:1.155 Tue Apr 17 17:47:05 2018 +++ src/sys/netipsec/ipsec.c Wed Apr 18 06:57:39 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec.c,v 1.155 2018/04/17 17:47:05 maxv Exp $ */ +/* $NetBSD: ipsec.c,v 1.156 2018/04/18 06:57:39 maxv Exp $ */ /* $FreeBSD: src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */ /* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */ @@ -32,7 +32,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.155 2018/04/17 17:47:05 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.156 2018/04/18 06:57:39 maxv Exp $"); /* * IPsec controller part. @@ -1269,9 +1269,6 @@ ipsec_get_policy(void *inp, const void * return ENOBUFS; } - /* XXX XXX XXX: What's the point? */ - (*mp)->m_type = MT_DATA; - if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DUMP)) { kdebug_mbuf(__func__, *mp); }
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Wed Apr 18 06:52:35 UTC 2018 Modified Files: src/sys/netipsec: ipsec_output.c Log Message: style To generate a diff of this commit: cvs rdiff -u -r1.71 -r1.72 src/sys/netipsec/ipsec_output.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netipsec/ipsec_output.c diff -u src/sys/netipsec/ipsec_output.c:1.71 src/sys/netipsec/ipsec_output.c:1.72 --- src/sys/netipsec/ipsec_output.c:1.71 Mon Mar 5 11:50:25 2018 +++ src/sys/netipsec/ipsec_output.c Wed Apr 18 06:52:35 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec_output.c,v 1.71 2018/03/05 11:50:25 maxv Exp $ */ +/* $NetBSD: ipsec_output.c,v 1.72 2018/04/18 06:52:35 maxv Exp $ */ /* * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting @@ -29,7 +29,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.71 2018/03/05 11:50:25 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.72 2018/04/18 06:52:35 maxv Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -89,7 +89,7 @@ static percpu_t *ipsec_rtcache_percpu __ * processed this packet. */ static int -ipsec_register_done(struct mbuf *m, int * error) +ipsec_register_done(struct mbuf *m, int *error) { struct m_tag *mtag; @@ -144,14 +144,14 @@ ipsec_process_done(struct mbuf *m, const struct secasindex *saidx; int error; #ifdef INET - struct ip * ip; + struct ip *ip; #endif #ifdef INET6 - struct ip6_hdr * ip6; + struct ip6_hdr *ip6; #endif - struct mbuf * mo; + struct mbuf *mo; struct udphdr *udp = NULL; - uint64_t * data = NULL; + uint64_t *data = NULL; int hlen, roff; IPSEC_SPLASSERT_SOFTNET("ipsec_process_done"); @@ -175,7 +175,7 @@ ipsec_process_done(struct mbuf *m, const IPSECLOG(LOG_DEBUG, "failed to inject %u byte UDP for SA %s/%08lx\n", hlen, ipsec_address(>dst, buf, sizeof(buf)), - (u_long) ntohl(sav->spi)); + (u_long)ntohl(sav->spi)); error = ENOBUFS; goto bad; } @@ -196,10 +196,12 @@ ipsec_process_done(struct mbuf *m, const udp->uh_ulen = htons(m->m_pkthdr.len - (ip->ip_hl << 2)); } + /* + * Fix the header length, for AH processing. + */ switch (saidx->dst.sa.sa_family) { #ifdef INET case AF_INET: - /* Fix the header length, for AH processing. */ ip = mtod(m, struct ip *); ip->ip_len = htons(m->m_pkthdr.len); if (sav->natt_type != 0) @@ -208,7 +210,6 @@ ipsec_process_done(struct mbuf *m, const #endif #ifdef INET6 case AF_INET6: - /* Fix the header length, for AH processing. */ if (m->m_pkthdr.len < sizeof(struct ip6_hdr)) { error = ENXIO; goto bad; @@ -260,9 +261,9 @@ ipsec_process_done(struct mbuf *m, const } /* - * We're done with IPsec processing, - * mark that we have already processed the packet - * transmit it packet using the appropriate network protocol (IP or IPv6). + * We're done with IPsec processing, mark the packet as processed, + * and transmit it using the appropriate network protocol + * (IPv4/IPv6). */ if (ipsec_register_done(m, ) < 0) @@ -412,8 +413,8 @@ again: ipsec_get_reqlevel(isr)); isr = isr->next; /* - * No more rules to apply, return NULL isr and no error - * It can happen when the last rules are USE rules + * No more rules to apply, return NULL isr and no error. + * It can happen when the last rules are USE rules. */ if (isr == NULL) { *ret = NULL;
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Wed Apr 18 06:52:35 UTC 2018 Modified Files: src/sys/netipsec: ipsec_output.c Log Message: style To generate a diff of this commit: cvs rdiff -u -r1.71 -r1.72 src/sys/netipsec/ipsec_output.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Wed Apr 18 06:43:10 UTC 2018 Modified Files: src/sys/netipsec: xform_ipip.c Log Message: style To generate a diff of this commit: cvs rdiff -u -r1.63 -r1.64 src/sys/netipsec/xform_ipip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netipsec/xform_ipip.c diff -u src/sys/netipsec/xform_ipip.c:1.63 src/sys/netipsec/xform_ipip.c:1.64 --- src/sys/netipsec/xform_ipip.c:1.63 Thu Feb 15 10:41:51 2018 +++ src/sys/netipsec/xform_ipip.c Wed Apr 18 06:43:10 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_ipip.c,v 1.63 2018/02/15 10:41:51 maxv Exp $ */ +/* $NetBSD: xform_ipip.c,v 1.64 2018/04/18 06:43:10 maxv Exp $ */ /* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */ @@ -39,7 +39,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.63 2018/02/15 10:41:51 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.64 2018/04/18 06:43:10 maxv Exp $"); /* * IP-inside-IP processing @@ -268,7 +268,7 @@ _ipip_input(struct mbuf *m, int iphlen, AF_INET) continue; - sin = (struct sockaddr_in *) ifa->ifa_addr; + sin = (struct sockaddr_in *)ifa->ifa_addr; if (sin->sin_addr.s_addr == ip4->ip_src.s_addr) { @@ -278,7 +278,7 @@ _ipip_input(struct mbuf *m, int iphlen, return; } } -#endif /* INET */ +#endif #ifdef INET6 if (ip6) { @@ -286,7 +286,7 @@ _ipip_input(struct mbuf *m, int iphlen, AF_INET6) continue; - sin6 = (struct sockaddr_in6 *) ifa->ifa_addr; + sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; if (IN6_ARE_ADDR_EQUAL(>sin6_addr, >ip6_src)) { pserialize_read_exit(s); @@ -296,7 +296,7 @@ _ipip_input(struct mbuf *m, int iphlen, } } -#endif /* INET6 */ +#endif } } pserialize_read_exit(s); @@ -355,7 +355,7 @@ ipip_output(struct mbuf *m, const struct DPRINTF(("%s: unspecified tunnel endpoint " "address in SA %s/%08lx\n", __func__, ipsec_address(>dst, buf, sizeof(buf)), - (u_long) ntohl(sav->spi))); + (u_long)ntohl(sav->spi))); IPIP_STATINC(IPIP_STAT_UNSPEC); error = EINVAL; goto bad; @@ -411,7 +411,7 @@ ipip_output(struct mbuf *m, const struct ipo->ip_p = IPPROTO_IPV6; ipo->ip_off = 0; } -#endif /* INET6 */ +#endif else { goto nofamily; } @@ -430,7 +430,7 @@ ipip_output(struct mbuf *m, const struct DPRINTF(("%s: unspecified tunnel endpoint " "address in SA %s/%08lx\n", __func__, ipsec_address(>dst, buf, sizeof(buf)), - (u_long) ntohl(sav->spi))); + (u_long)ntohl(sav->spi))); IPIP_STATINC(IPIP_STAT_UNSPEC); error = ENOBUFS; goto bad; @@ -479,7 +479,7 @@ ipip_output(struct mbuf *m, const struct /* This is really IPVERSION. */ ip6o->ip6_nxt = IPPROTO_IPIP; } else -#endif /* INET */ +#endif if (tp == (IPV6_VERSION >> 4)) { uint32_t itos32; @@ -496,7 +496,7 @@ ipip_output(struct mbuf *m, const struct otos = 0; ip_ecn_ingress(ECN_ALLOWED, , ); - ip6o->ip6_flow |= htonl((uint32_t) otos << 20); + ip6o->ip6_flow |= htonl((uint32_t)otos << 20); break; #endif /* INET6 */
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Wed Apr 18 06:43:10 UTC 2018 Modified Files: src/sys/netipsec: xform_ipip.c Log Message: style To generate a diff of this commit: cvs rdiff -u -r1.63 -r1.64 src/sys/netipsec/xform_ipip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/net
Module Name:src Committed By: ozaki-r Date: Wed Apr 18 06:37:18 UTC 2018 Modified Files: src/sys/net: if_bridge.c Log Message: Add missing PSLIST_ENTRY_INIT and PSLIST_ENTRY_DESTROY To generate a diff of this commit: cvs rdiff -u -r1.153 -r1.154 src/sys/net/if_bridge.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_bridge.c diff -u src/sys/net/if_bridge.c:1.153 src/sys/net/if_bridge.c:1.154 --- src/sys/net/if_bridge.c:1.153 Wed Apr 18 06:04:03 2018 +++ src/sys/net/if_bridge.c Wed Apr 18 06:37:17 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_bridge.c,v 1.153 2018/04/18 06:04:03 ozaki-r Exp $ */ +/* $NetBSD: if_bridge.c,v 1.154 2018/04/18 06:37:17 ozaki-r Exp $ */ /* * Copyright 2001 Wasabi Systems, Inc. @@ -80,7 +80,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_bridge.c,v 1.153 2018/04/18 06:04:03 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_bridge.c,v 1.154 2018/04/18 06:37:17 ozaki-r Exp $"); #ifdef _KERNEL_OPT #include "opt_bridge_ipf.h" @@ -2032,6 +2032,8 @@ bridge_rtalloc(struct bridge_softc *sc, brt->brt_expire = time_uptime + sc->sc_brttimeout; brt->brt_flags = IFBAF_DYNAMIC; memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN); + PSLIST_ENTRY_INIT(brt, brt_list); + PSLIST_ENTRY_INIT(brt, brt_hash); BRIDGE_RT_LOCK(sc); error = bridge_rtnode_insert(sc, brt); @@ -2500,6 +2502,8 @@ static void bridge_rtnode_destroy(struct bridge_rtnode *brt) { + PSLIST_ENTRY_DESTROY(brt, brt_list); + PSLIST_ENTRY_DESTROY(brt, brt_hash); pool_put(_rtnode_pool, brt); }
CVS commit: src/sys/net
Module Name:src Committed By: ozaki-r Date: Wed Apr 18 06:37:18 UTC 2018 Modified Files: src/sys/net: if_bridge.c Log Message: Add missing PSLIST_ENTRY_INIT and PSLIST_ENTRY_DESTROY To generate a diff of this commit: cvs rdiff -u -r1.153 -r1.154 src/sys/net/if_bridge.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Re: CVS commit: src/sys/sys
On Wed, Apr 18, 2018 at 07:51:01AM +0200, Kamil Rytarowski wrote: > > OK, so assuming that shall not be exposed to userland - I > propose this patch: > > http://netbsd.org/~kamil/patch-00047-pmf_h.txt It's all gross Exposing sys/pmf.h to userland is probably necessary. Greetings, -- Michael van Elst Internet: mlel...@serpens.de "A potential Snark may lurk in every tree."
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Wed Apr 18 06:22:47 UTC 2018 Modified Files: src/sys/netipsec: ipsec_netbsd.c Log Message: Style, and remove another misleading comment. To generate a diff of this commit: cvs rdiff -u -r1.50 -r1.51 src/sys/netipsec/ipsec_netbsd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netipsec/ipsec_netbsd.c diff -u src/sys/netipsec/ipsec_netbsd.c:1.50 src/sys/netipsec/ipsec_netbsd.c:1.51 --- src/sys/netipsec/ipsec_netbsd.c:1.50 Wed Apr 18 06:17:44 2018 +++ src/sys/netipsec/ipsec_netbsd.c Wed Apr 18 06:22:47 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec_netbsd.c,v 1.50 2018/04/18 06:17:44 maxv Exp $ */ +/* $NetBSD: ipsec_netbsd.c,v 1.51 2018/04/18 06:22:47 maxv Exp $ */ /* $KAME: esp_input.c,v 1.60 2001/09/04 08:43:19 itojun Exp $ */ /* $KAME: ah_input.c,v 1.64 2001/09/04 08:43:19 itojun Exp $ */ @@ -32,7 +32,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.50 2018/04/18 06:17:44 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.51 2018/04/18 06:22:47 maxv Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -223,7 +223,7 @@ ah6_ctlinput(int cmd, const struct socka * Check to see if we have a valid SA corresponding * to the address in the ICMP message payload. */ - sav = KEY_LOOKUP_SA((const union sockaddr_union*)sa, + sav = KEY_LOOKUP_SA((const union sockaddr_union *)sa, IPPROTO_AH, ahp->ah_spi, 0, 0); if (sav) { @@ -298,12 +298,6 @@ esp6_ctlinput(int cmd, const struct sock ip6cp1.ip6c_src = ip6cp->ip6c_src; pfctlinput2(cmd, sa, ); - /* - * Then go to special cases that need ESP header information. - * XXX: We assume that when ip6 is non NULL, - * M and OFF are valid. - */ - /* check if we can safely examine src and dst ports */ if (m->m_pkthdr.len < off + sizeof(esp)) return NULL; @@ -316,7 +310,7 @@ esp6_ctlinput(int cmd, const struct sock m_copydata(m, off, sizeof(esp), ); espp = } else - espp = (struct newesp*)(mtod(m, char *) + off); + espp = (struct newesp *)(mtod(m, char *) + off); if (cmd == PRC_MSGSIZE) { int valid = 0; @@ -326,7 +320,7 @@ esp6_ctlinput(int cmd, const struct sock * the address in the ICMP message payload. */ - sav = KEY_LOOKUP_SA((const union sockaddr_union*)sa, + sav = KEY_LOOKUP_SA((const union sockaddr_union *)sa, IPPROTO_ESP, espp->esp_spi, 0, 0); if (sav) { @@ -360,11 +354,11 @@ sysctl_ipsec(SYSCTLFN_ARGS) struct sysctlnode node; node = *rnode; - t = *(int*)rnode->sysctl_data; + t = *(int *)rnode->sysctl_data; node.sysctl_data = error = sysctl_lookup(SYSCTLFN_CALL()); if (error || newp == NULL) - return (error); + return error; switch (rnode->sysctl_num) { case IPSECCTL_DEF_ESP_TRANSLEV: @@ -373,22 +367,22 @@ sysctl_ipsec(SYSCTLFN_ARGS) case IPSECCTL_DEF_AH_NETLEV: if (t != IPSEC_LEVEL_USE && t != IPSEC_LEVEL_REQUIRE) - return (EINVAL); + return EINVAL; ipsec_invalpcbcacheall(); break; case IPSECCTL_DEF_POLICY: if (t != IPSEC_POLICY_DISCARD && t != IPSEC_POLICY_NONE) - return (EINVAL); + return EINVAL; ipsec_invalpcbcacheall(); break; default: - return (EINVAL); + return EINVAL; } - *(int*)rnode->sysctl_data = t; + *(int *)rnode->sysctl_data = t; - return (0); + return 0; } #ifdef IPSEC_DEBUG @@ -399,11 +393,11 @@ sysctl_ipsec_test(SYSCTLFN_ARGS) struct sysctlnode node; node = *rnode; - t = *(int*)rnode->sysctl_data; + t = *(int *)rnode->sysctl_data; node.sysctl_data = error = sysctl_lookup(SYSCTLFN_CALL()); if (error || newp == NULL) - return (error); + return error; if (t < 0 || t > 1) return EINVAL; @@ -415,7 +409,7 @@ sysctl_ipsec_test(SYSCTLFN_ARGS) printf("ipsec: HMAC corruption %s\n", (t == 0) ? "deactivated" : "activated"); - *(int*)rnode->sysctl_data = t; + *(int *)rnode->sysctl_data = t; return 0; }
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Wed Apr 18 06:22:47 UTC 2018 Modified Files: src/sys/netipsec: ipsec_netbsd.c Log Message: Style, and remove another misleading comment. To generate a diff of this commit: cvs rdiff -u -r1.50 -r1.51 src/sys/netipsec/ipsec_netbsd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys
Module Name:src Committed By: maxv Date: Wed Apr 18 06:17:44 UTC 2018 Modified Files: src/sys/netinet: tcp_subr.c src/sys/netinet6: udp6_usrreq.c src/sys/netipsec: ipsec_netbsd.c Log Message: Remove misleading comments. To generate a diff of this commit: cvs rdiff -u -r1.276 -r1.277 src/sys/netinet/tcp_subr.c cvs rdiff -u -r1.139 -r1.140 src/sys/netinet6/udp6_usrreq.c cvs rdiff -u -r1.49 -r1.50 src/sys/netipsec/ipsec_netbsd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys
Module Name:src Committed By: maxv Date: Wed Apr 18 06:17:44 UTC 2018 Modified Files: src/sys/netinet: tcp_subr.c src/sys/netinet6: udp6_usrreq.c src/sys/netipsec: ipsec_netbsd.c Log Message: Remove misleading comments. To generate a diff of this commit: cvs rdiff -u -r1.276 -r1.277 src/sys/netinet/tcp_subr.c cvs rdiff -u -r1.139 -r1.140 src/sys/netinet6/udp6_usrreq.c cvs rdiff -u -r1.49 -r1.50 src/sys/netipsec/ipsec_netbsd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_subr.c diff -u src/sys/netinet/tcp_subr.c:1.276 src/sys/netinet/tcp_subr.c:1.277 --- src/sys/netinet/tcp_subr.c:1.276 Thu Mar 29 18:54:48 2018 +++ src/sys/netinet/tcp_subr.c Wed Apr 18 06:17:43 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_subr.c,v 1.276 2018/03/29 18:54:48 maxv Exp $ */ +/* $NetBSD: tcp_subr.c,v 1.277 2018/04/18 06:17:43 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.276 2018/03/29 18:54:48 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.277 2018/04/18 06:17:43 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1423,11 +1423,6 @@ tcp6_ctlinput(int cmd, const struct sock } if (ip6) { - /* - * XXX: We assume that when ip6 is non NULL, - * M and OFF are valid. - */ - /* check if we can safely examine src and dst ports */ if (m->m_pkthdr.len < off + sizeof(th)) { if (cmd == PRC_MSGSIZE) Index: src/sys/netinet6/udp6_usrreq.c diff -u src/sys/netinet6/udp6_usrreq.c:1.139 src/sys/netinet6/udp6_usrreq.c:1.140 --- src/sys/netinet6/udp6_usrreq.c:1.139 Thu Apr 12 06:49:39 2018 +++ src/sys/netinet6/udp6_usrreq.c Wed Apr 18 06:17:44 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: udp6_usrreq.c,v 1.139 2018/04/12 06:49:39 maxv Exp $ */ +/* $NetBSD: udp6_usrreq.c,v 1.140 2018/04/18 06:17:44 maxv Exp $ */ /* $KAME: udp6_usrreq.c,v 1.86 2001/05/27 17:33:00 itojun Exp $ */ /* $KAME: udp6_output.c,v 1.43 2001/10/15 09:19:52 itojun Exp $ */ @@ -63,7 +63,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: udp6_usrreq.c,v 1.139 2018/04/12 06:49:39 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: udp6_usrreq.c,v 1.140 2018/04/18 06:17:44 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -230,11 +230,6 @@ udp6_ctlinput(int cmd, const struct sock } if (ip6) { - /* - * XXX: We assume that when IPV6 is non NULL, - * M and OFF are valid. - */ - /* check if we can safely examine src and dst ports */ if (m->m_pkthdr.len < off + sizeof(*uhp)) { if (cmd == PRC_MSGSIZE) Index: src/sys/netipsec/ipsec_netbsd.c diff -u src/sys/netipsec/ipsec_netbsd.c:1.49 src/sys/netipsec/ipsec_netbsd.c:1.50 --- src/sys/netipsec/ipsec_netbsd.c:1.49 Wed Apr 18 06:13:23 2018 +++ src/sys/netipsec/ipsec_netbsd.c Wed Apr 18 06:17:44 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec_netbsd.c,v 1.49 2018/04/18 06:13:23 maxv Exp $ */ +/* $NetBSD: ipsec_netbsd.c,v 1.50 2018/04/18 06:17:44 maxv Exp $ */ /* $KAME: esp_input.c,v 1.60 2001/09/04 08:43:19 itojun Exp $ */ /* $KAME: ah_input.c,v 1.64 2001/09/04 08:43:19 itojun Exp $ */ @@ -32,7 +32,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.49 2018/04/18 06:13:23 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.50 2018/04/18 06:17:44 maxv Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -202,11 +202,6 @@ ah6_ctlinput(int cmd, const struct socka } if (ip6) { - /* - * XXX: We assume that when ip6 is non NULL, - * M and OFF are valid. - */ - /* check if we can safely examine src and dst ports */ if (m->m_pkthdr.len < off + sizeof(ah)) return NULL;
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Wed Apr 18 06:13:23 UTC 2018 Modified Files: src/sys/netipsec: ipsec_netbsd.c Log Message: Remove the net.inet6.esp6 net.inet6.ipcomp6 net.inet6.ah6 subtrees. They are aliases to net.inet6.ipsec6, but they are not consistent with the original intended naming. (eg there was net.inet6.esp6.esp_trans_deflev instead of net.inet6.esp6.trans_deflev). To generate a diff of this commit: cvs rdiff -u -r1.48 -r1.49 src/sys/netipsec/ipsec_netbsd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Wed Apr 18 06:13:23 UTC 2018 Modified Files: src/sys/netipsec: ipsec_netbsd.c Log Message: Remove the net.inet6.esp6 net.inet6.ipcomp6 net.inet6.ah6 subtrees. They are aliases to net.inet6.ipsec6, but they are not consistent with the original intended naming. (eg there was net.inet6.esp6.esp_trans_deflev instead of net.inet6.esp6.trans_deflev). To generate a diff of this commit: cvs rdiff -u -r1.48 -r1.49 src/sys/netipsec/ipsec_netbsd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netipsec/ipsec_netbsd.c diff -u src/sys/netipsec/ipsec_netbsd.c:1.48 src/sys/netipsec/ipsec_netbsd.c:1.49 --- src/sys/netipsec/ipsec_netbsd.c:1.48 Wed Apr 18 06:03:36 2018 +++ src/sys/netipsec/ipsec_netbsd.c Wed Apr 18 06:13:23 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec_netbsd.c,v 1.48 2018/04/18 06:03:36 maxv Exp $ */ +/* $NetBSD: ipsec_netbsd.c,v 1.49 2018/04/18 06:13:23 maxv Exp $ */ /* $KAME: esp_input.c,v 1.60 2001/09/04 08:43:19 itojun Exp $ */ /* $KAME: ah_input.c,v 1.64 2001/09/04 08:43:19 itojun Exp $ */ @@ -32,7 +32,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.48 2018/04/18 06:03:36 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.49 2018/04/18 06:13:23 maxv Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -789,23 +789,5 @@ sysctl_net_inet6_ipsec6_setup(struct sys NULL, 0, _used, 0, CTL_NET, PF_INET6, IPPROTO_AH, CTL_CREATE, CTL_EOL); - /* - * "aliases" for the ipsec6 subtree - */ - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_ALIAS, - CTLTYPE_NODE, "esp6", NULL, - NULL, IPPROTO_AH, NULL, 0, - CTL_NET, PF_INET6, IPPROTO_ESP, CTL_EOL); - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_ALIAS, - CTLTYPE_NODE, "ipcomp6", NULL, - NULL, IPPROTO_AH, NULL, 0, - CTL_NET, PF_INET6, IPPROTO_IPCOMP, CTL_EOL); - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_ALIAS, - CTLTYPE_NODE, "ah6", NULL, - NULL, IPPROTO_AH, NULL, 0, - CTL_NET, PF_INET6, CTL_CREATE, CTL_EOL); } #endif /* INET6 */
CVS commit: src/sys/net
Module Name:src Committed By: ozaki-r Date: Wed Apr 18 06:04:03 UTC 2018 Modified Files: src/sys/net: if_bridge.c Log Message: Get rid of a unnecessary semicolon Pointed out by kamil@ To generate a diff of this commit: cvs rdiff -u -r1.152 -r1.153 src/sys/net/if_bridge.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/net
Module Name:src Committed By: ozaki-r Date: Wed Apr 18 06:04:03 UTC 2018 Modified Files: src/sys/net: if_bridge.c Log Message: Get rid of a unnecessary semicolon Pointed out by kamil@ To generate a diff of this commit: cvs rdiff -u -r1.152 -r1.153 src/sys/net/if_bridge.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_bridge.c diff -u src/sys/net/if_bridge.c:1.152 src/sys/net/if_bridge.c:1.153 --- src/sys/net/if_bridge.c:1.152 Wed Apr 18 04:01:58 2018 +++ src/sys/net/if_bridge.c Wed Apr 18 06:04:03 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_bridge.c,v 1.152 2018/04/18 04:01:58 ozaki-r Exp $ */ +/* $NetBSD: if_bridge.c,v 1.153 2018/04/18 06:04:03 ozaki-r Exp $ */ /* * Copyright 2001 Wasabi Systems, Inc. @@ -80,7 +80,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_bridge.c,v 1.152 2018/04/18 04:01:58 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_bridge.c,v 1.153 2018/04/18 06:04:03 ozaki-r Exp $"); #ifdef _KERNEL_OPT #include "opt_bridge_ipf.h" @@ -186,7 +186,7 @@ __CTASSERT(offsetof(struct ifbifconf, if #define BRIDGE_RT_LOCKED(_sc) mutex_owned((_sc)->sc_rtlist_lock) #define BRIDGE_RT_PSZ_PERFORM(_sc) \ -pserialize_perform((_sc)->sc_rtlist_psz); +pserialize_perform((_sc)->sc_rtlist_psz) #define BRIDGE_RT_RENTER(__s) do { __s = pserialize_read_enter(); } while (0) #define BRIDGE_RT_REXIT(__s) do { pserialize_read_exit(__s); } while (0)
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Wed Apr 18 06:03:37 UTC 2018 Modified Files: src/sys/netipsec: ipsec_netbsd.c Log Message: Remove duplicate sysctls: net.inet.esp.trans_deflev = net.inet.ipsec.esp_trans_deflev net.inet.esp.net_deflev = net.inet.ipsec.esp_net_deflev net.inet.ah.cleartos = net.inet.ipsec.ah_cleartos net.inet.ah.offsetmask= net.inet.ipsec.ah_offsetmask net.inet.ah.trans_deflev = net.inet.ipsec.ah_trans_deflev net.inet.ah.net_deflev= net.inet.ipsec.ah_net_deflev Use the convention on the right. Discussed a month ago on tech-net@. To generate a diff of this commit: cvs rdiff -u -r1.47 -r1.48 src/sys/netipsec/ipsec_netbsd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netipsec/ipsec_netbsd.c diff -u src/sys/netipsec/ipsec_netbsd.c:1.47 src/sys/netipsec/ipsec_netbsd.c:1.48 --- src/sys/netipsec/ipsec_netbsd.c:1.47 Mon Feb 26 06:17:01 2018 +++ src/sys/netipsec/ipsec_netbsd.c Wed Apr 18 06:03:36 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec_netbsd.c,v 1.47 2018/02/26 06:17:01 maxv Exp $ */ +/* $NetBSD: ipsec_netbsd.c,v 1.48 2018/04/18 06:03:36 maxv Exp $ */ /* $KAME: esp_input.c,v 1.60 2001/09/04 08:43:19 itojun Exp $ */ /* $KAME: ah_input.c,v 1.64 2001/09/04 08:43:19 itojun Exp $ */ @@ -32,7 +32,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.47 2018/02/26 06:17:01 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.48 2018/04/18 06:03:36 maxv Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -535,18 +535,6 @@ sysctl_net_inet_ipsec_setup(struct sysct NULL, 0, NULL, 0, CTL_NET, PF_INET, IPPROTO_ESP, CTL_EOL); sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_INT, "trans_deflev", NULL, - sysctl_ipsec, 0, _esp_trans_deflev, 0, - CTL_NET, PF_INET, IPPROTO_ESP, - IPSECCTL_DEF_ESP_TRANSLEV, CTL_EOL); - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_INT, "net_deflev", NULL, - sysctl_ipsec, 0, _esp_net_deflev, 0, - CTL_NET, PF_INET, IPPROTO_ESP, - IPSECCTL_DEF_ESP_NETLEV, CTL_EOL); - sysctl_createv(clog, 0, NULL, NULL, CTLFLAG_PERMANENT|CTLFLAG_READONLY, CTLTYPE_STRUCT, "esp_stats", NULL, sysctl_net_inet_esp_stats, 0, NULL, 0, @@ -560,30 +548,6 @@ sysctl_net_inet_ipsec_setup(struct sysct NULL, 0, NULL, 0, CTL_NET, PF_INET, IPPROTO_AH, CTL_EOL); sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_INT, "cleartos", NULL, - NULL, 0, _ah_cleartos, 0, - CTL_NET, PF_INET, IPPROTO_AH, - IPSECCTL_AH_CLEARTOS, CTL_EOL); - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_INT, "offsetmask", NULL, - NULL, 0, _ah_offsetmask, 0, - CTL_NET, PF_INET, IPPROTO_AH, - IPSECCTL_AH_OFFSETMASK, CTL_EOL); - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_INT, "trans_deflev", NULL, - sysctl_ipsec, 0, _ah_trans_deflev, 0, - CTL_NET, PF_INET, IPPROTO_AH, - IPSECCTL_DEF_AH_TRANSLEV, CTL_EOL); - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_INT, "net_deflev", NULL, - sysctl_ipsec, 0, _ah_net_deflev, 0, - CTL_NET, PF_INET, IPPROTO_AH, - IPSECCTL_DEF_AH_NETLEV, CTL_EOL); - sysctl_createv(clog, 0, NULL, NULL, CTLFLAG_PERMANENT|CTLFLAG_READONLY, CTLTYPE_STRUCT, "ah_stats", NULL, sysctl_net_inet_ah_stats, 0, NULL, 0,
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Wed Apr 18 06:03:37 UTC 2018 Modified Files: src/sys/netipsec: ipsec_netbsd.c Log Message: Remove duplicate sysctls: net.inet.esp.trans_deflev = net.inet.ipsec.esp_trans_deflev net.inet.esp.net_deflev = net.inet.ipsec.esp_net_deflev net.inet.ah.cleartos = net.inet.ipsec.ah_cleartos net.inet.ah.offsetmask= net.inet.ipsec.ah_offsetmask net.inet.ah.trans_deflev = net.inet.ipsec.ah_trans_deflev net.inet.ah.net_deflev= net.inet.ipsec.ah_net_deflev Use the convention on the right. Discussed a month ago on tech-net@. To generate a diff of this commit: cvs rdiff -u -r1.47 -r1.48 src/sys/netipsec/ipsec_netbsd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.