CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Mar 11 19:31:31 UTC 2024 Modified Files: src/sys/net [netbsd-8]: if_tun.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1946): sys/net/if_tun.c: revision 1.175 tun(4): Allow IPv6 packets with TUNSLMODE configured. PR kern/58013 To generate a diff of this commit: cvs rdiff -u -r1.139.2.4 -r1.139.2.5 src/sys/net/if_tun.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_tun.c diff -u src/sys/net/if_tun.c:1.139.2.4 src/sys/net/if_tun.c:1.139.2.5 --- src/sys/net/if_tun.c:1.139.2.4 Wed Aug 15 12:07:30 2018 +++ src/sys/net/if_tun.c Mon Mar 11 19:31:31 2024 @@ -1,4 +1,4 @@ -/* $NetBSD: if_tun.c,v 1.139.2.4 2018/08/15 12:07:30 martin Exp $ */ +/* $NetBSD: if_tun.c,v 1.139.2.5 2024/03/11 19:31:31 martin Exp $ */ /* * Copyright (c) 1988, Julian Onions @@ -19,7 +19,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_tun.c,v 1.139.2.4 2018/08/15 12:07:30 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_tun.c,v 1.139.2.5 2024/03/11 19:31:31 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -577,9 +577,7 @@ tun_output(struct ifnet *ifp, struct mbu goto out; } memcpy(mtod(m0, char *), dst, dst->sa_len); - } - - if (tp->tun_flags & TUN_IFHEAD) { + } else if (tp->tun_flags & TUN_IFHEAD) { /* Prepend the address family */ M_PREPEND(m0, sizeof(*af), M_DONTWAIT); if (m0 == NULL) {
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Mar 11 19:31:31 UTC 2024 Modified Files: src/sys/net [netbsd-8]: if_tun.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1946): sys/net/if_tun.c: revision 1.175 tun(4): Allow IPv6 packets with TUNSLMODE configured. PR kern/58013 To generate a diff of this commit: cvs rdiff -u -r1.139.2.4 -r1.139.2.5 src/sys/net/if_tun.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net/npf
Module Name:src Committed By: martin Date: Wed Aug 23 18:25:04 UTC 2023 Modified Files: src/sys/net/npf [netbsd-8]: npf_ruleset.c Log Message: Pull up following revision(s) (requested by kardel in ticket #1893): sys/net/npf/npf_ruleset.c: revision 1.52 The analysis documented in PR misc/56990 is correct. Fix by not returning when encountering a ruleset rule. The code up to now would stop at any group rule. ruleset rules are marked as group rule and a dynamic rule. processing is only finished when a result is present AND we are looking at a plain group rule. To generate a diff of this commit: cvs rdiff -u -r1.45 -r1.45.6.1 src/sys/net/npf/npf_ruleset.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/npf/npf_ruleset.c diff -u src/sys/net/npf/npf_ruleset.c:1.45 src/sys/net/npf/npf_ruleset.c:1.45.6.1 --- src/sys/net/npf/npf_ruleset.c:1.45 Sun Jan 29 00:15:54 2017 +++ src/sys/net/npf/npf_ruleset.c Wed Aug 23 18:25:04 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: npf_ruleset.c,v 1.45 2017/01/29 00:15:54 christos Exp $ */ +/* $NetBSD: npf_ruleset.c,v 1.45.6.1 2023/08/23 18:25:04 martin Exp $ */ /*- * Copyright (c) 2009-2015 The NetBSD Foundation, Inc. @@ -35,7 +35,7 @@ #ifdef _KERNEL #include -__KERNEL_RCSID(0, "$NetBSD: npf_ruleset.c,v 1.45 2017/01/29 00:15:54 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: npf_ruleset.c,v 1.45.6.1 2023/08/23 18:25:04 martin Exp $"); #include #include @@ -944,7 +944,7 @@ npf_ruleset_inspect(npf_cache_t *npc, co KASSERT(n < skip_to); /* Group is a barrier: return a matching if found any. */ - if ((attr & NPF_RULE_GROUP) != 0 && final_rl) { + if ((attr & NPF_DYNAMIC_GROUP) == NPF_RULE_GROUP && final_rl) { break; }
CVS commit: [netbsd-8] src/sys/net/npf
Module Name:src Committed By: martin Date: Wed Aug 23 18:25:04 UTC 2023 Modified Files: src/sys/net/npf [netbsd-8]: npf_ruleset.c Log Message: Pull up following revision(s) (requested by kardel in ticket #1893): sys/net/npf/npf_ruleset.c: revision 1.52 The analysis documented in PR misc/56990 is correct. Fix by not returning when encountering a ruleset rule. The code up to now would stop at any group rule. ruleset rules are marked as group rule and a dynamic rule. processing is only finished when a result is present AND we are looking at a plain group rule. To generate a diff of this commit: cvs rdiff -u -r1.45 -r1.45.6.1 src/sys/net/npf/npf_ruleset.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Fri Aug 4 15:00:28 UTC 2023 Modified Files: src/sys/net [netbsd-8]: bpf.c Log Message: Apply patch, requested by ozaki-r in ticket #1885: sys/net/bpf.c (apply patch) bpf: allow to read with no filter (regressed at revision 1.213, fixed differently in -current) To generate a diff of this commit: cvs rdiff -u -r1.216.6.8 -r1.216.6.9 src/sys/net/bpf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/bpf.c diff -u src/sys/net/bpf.c:1.216.6.8 src/sys/net/bpf.c:1.216.6.9 --- src/sys/net/bpf.c:1.216.6.8 Wed Feb 22 19:51:47 2023 +++ src/sys/net/bpf.c Fri Aug 4 15:00:28 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: bpf.c,v 1.216.6.8 2023/02/22 19:51:47 martin Exp $ */ +/* $NetBSD: bpf.c,v 1.216.6.9 2023/08/04 15:00:28 martin Exp $ */ /* * Copyright (c) 1990, 1991, 1993 @@ -39,7 +39,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.216.6.8 2023/02/22 19:51:47 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.216.6.9 2023/08/04 15:00:28 martin Exp $"); #if defined(_KERNEL_OPT) #include "opt_bpf.h" @@ -1605,6 +1605,8 @@ bpf_deliver(struct bpf_if *bp, void *(*c else slen = bpf_filter_ext(NULL, filter->bf_insn, ); + } else { + slen = (u_int)-1; /* No filter means accept all */ } if (!slen) {
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Fri Aug 4 15:00:28 UTC 2023 Modified Files: src/sys/net [netbsd-8]: bpf.c Log Message: Apply patch, requested by ozaki-r in ticket #1885: sys/net/bpf.c (apply patch) bpf: allow to read with no filter (regressed at revision 1.213, fixed differently in -current) To generate a diff of this commit: cvs rdiff -u -r1.216.6.8 -r1.216.6.9 src/sys/net/bpf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Jun 8 11:19:05 UTC 2023 Modified Files: src/sys/net [netbsd-8]: route.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1824): sys/net/route.c: revision 1.237 route: run workqueue kthreads with KERNEL_LOCK unless NET_MPSAFE Without KERNEL_LOCK, rt_timer_work and rt_free_work can run in parallel with other LWPs running in the network stack, which eventually results in say use-after-free of a deleted route. To generate a diff of this commit: cvs rdiff -u -r1.194.6.16 -r1.194.6.17 src/sys/net/route.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Jun 8 11:19:05 UTC 2023 Modified Files: src/sys/net [netbsd-8]: route.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1824): sys/net/route.c: revision 1.237 route: run workqueue kthreads with KERNEL_LOCK unless NET_MPSAFE Without KERNEL_LOCK, rt_timer_work and rt_free_work can run in parallel with other LWPs running in the network stack, which eventually results in say use-after-free of a deleted route. To generate a diff of this commit: cvs rdiff -u -r1.194.6.16 -r1.194.6.17 src/sys/net/route.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/route.c diff -u src/sys/net/route.c:1.194.6.16 src/sys/net/route.c:1.194.6.17 --- src/sys/net/route.c:1.194.6.16 Wed Feb 22 18:55:06 2023 +++ src/sys/net/route.c Thu Jun 8 11:19:05 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: route.c,v 1.194.6.16 2023/02/22 18:55:06 martin Exp $ */ +/* $NetBSD: route.c,v 1.194.6.17 2023/06/08 11:19:05 martin Exp $ */ /*- * Copyright (c) 1998, 2008 The NetBSD Foundation, Inc. @@ -97,7 +97,7 @@ #endif #include -__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.194.6.16 2023/02/22 18:55:06 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.194.6.17 2023/06/08 11:19:05 martin Exp $"); #include #ifdef RTFLUSH_DEBUG @@ -229,12 +229,14 @@ static krwlock_t rt_lock __cacheline_al #define RT_UNLOCK() rw_exit(_lock) #define RT_WLOCKED() rw_write_held(_lock) #define RT_ASSERT_WLOCK() KASSERT(rw_write_held(_lock)) +#define RT_WQ_FLAGS WQ_MPSAFE #else #define RT_RLOCK() do {} while (0) #define RT_WLOCK() do {} while (0) #define RT_UNLOCK() do {} while (0) #define RT_WLOCKED() true #define RT_ASSERT_WLOCK() do {} while (0) +#define RT_WQ_FLAGS 0 #endif static uint64_t rtcache_generation; @@ -479,7 +481,7 @@ rt_init(void) rt_psref_class = psref_class_create("rtentry", IPL_SOFTNET); error = workqueue_create(_free_global.wq, "rt_free", - rt_free_work, NULL, PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE); + rt_free_work, NULL, PRI_SOFTNET, IPL_SOFTNET, RT_WQ_FLAGS); if (error) panic("%s: workqueue_create failed (%d)\n", __func__, error); @@ -1802,7 +1804,7 @@ rt_timer_init(void) LIST_INIT(_queue_head); callout_init(_timer_ch, CALLOUT_MPSAFE); error = workqueue_create(_timer_wq, "rt_timer", - rt_timer_work, NULL, PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE); + rt_timer_work, NULL, PRI_SOFTNET, IPL_SOFTNET, RT_WQ_FLAGS); if (error) panic("%s: workqueue_create failed (%d)\n", __func__, error); callout_reset(_timer_ch, hz, rt_timer_timer, NULL);
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Feb 22 19:51:47 UTC 2023 Modified Files: src/sys/net [netbsd-8]: bpf.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1802): sys/net/bpf.c: revision 1.247 (manually merged) bpf(4): Reject bogus timeout values before arithmetic overflows. To generate a diff of this commit: cvs rdiff -u -r1.216.6.7 -r1.216.6.8 src/sys/net/bpf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Feb 22 19:51:47 UTC 2023 Modified Files: src/sys/net [netbsd-8]: bpf.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1802): sys/net/bpf.c: revision 1.247 (manually merged) bpf(4): Reject bogus timeout values before arithmetic overflows. To generate a diff of this commit: cvs rdiff -u -r1.216.6.7 -r1.216.6.8 src/sys/net/bpf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/bpf.c diff -u src/sys/net/bpf.c:1.216.6.7 src/sys/net/bpf.c:1.216.6.8 --- src/sys/net/bpf.c:1.216.6.7 Sun Aug 4 11:19:03 2019 +++ src/sys/net/bpf.c Wed Feb 22 19:51:47 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: bpf.c,v 1.216.6.7 2019/08/04 11:19:03 martin Exp $ */ +/* $NetBSD: bpf.c,v 1.216.6.8 2023/02/22 19:51:47 martin Exp $ */ /* * Copyright (c) 1990, 1991, 1993 @@ -39,7 +39,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.216.6.7 2019/08/04 11:19:03 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.216.6.8 2023/02/22 19:51:47 martin Exp $"); #if defined(_KERNEL_OPT) #include "opt_bpf.h" @@ -1091,7 +1091,16 @@ bpf_ioctl(struct file *fp, u_long cmd, v struct timeval *tv = addr; /* Compute number of ticks. */ - d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; + if (tv->tv_sec < 0 || + tv->tv_usec < 0 || tv->tv_usec >= 100) { +error = EINVAL; +break; + } else if (tv->tv_sec > INT_MAX/hz - 1) { + d->bd_rtout = INT_MAX; + } else { +d->bd_rtout = tv->tv_sec * hz ++ tv->tv_usec / tick; + } if ((d->bd_rtout == 0) && (tv->tv_usec != 0)) d->bd_rtout = 1; break; @@ -1120,7 +1129,16 @@ bpf_ioctl(struct file *fp, u_long cmd, v struct timeval50 *tv = addr; /* Compute number of ticks. */ - d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; + if (tv->tv_sec < 0 || + tv->tv_usec < 0 || tv->tv_usec >= 100) { +error = EINVAL; +break; + } else if (tv->tv_sec > INT_MAX/hz - 1) { + d->bd_rtout = INT_MAX; + } else { + d->bd_rtout = tv->tv_sec * hz ++ tv->tv_usec / tick; + } if ((d->bd_rtout == 0) && (tv->tv_usec != 0)) d->bd_rtout = 1; break;
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Feb 22 18:55:07 UTC 2023 Modified Files: src/sys/net [netbsd-8]: route.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1801): sys/net/route.c: revision 1.236 route(4): Work around deadlock in rt_free wait path. PR kern/56844 To generate a diff of this commit: cvs rdiff -u -r1.194.6.15 -r1.194.6.16 src/sys/net/route.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Feb 22 18:55:07 UTC 2023 Modified Files: src/sys/net [netbsd-8]: route.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1801): sys/net/route.c: revision 1.236 route(4): Work around deadlock in rt_free wait path. PR kern/56844 To generate a diff of this commit: cvs rdiff -u -r1.194.6.15 -r1.194.6.16 src/sys/net/route.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/route.c diff -u src/sys/net/route.c:1.194.6.15 src/sys/net/route.c:1.194.6.16 --- src/sys/net/route.c:1.194.6.15 Fri Oct 4 11:26:35 2019 +++ src/sys/net/route.c Wed Feb 22 18:55:06 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: route.c,v 1.194.6.15 2019/10/04 11:26:35 martin Exp $ */ +/* $NetBSD: route.c,v 1.194.6.16 2023/02/22 18:55:06 martin Exp $ */ /*- * Copyright (c) 1998, 2008 The NetBSD Foundation, Inc. @@ -97,7 +97,7 @@ #endif #include -__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.194.6.15 2019/10/04 11:26:35 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.194.6.16 2023/02/22 18:55:06 martin Exp $"); #include #ifdef RTFLUSH_DEBUG @@ -644,8 +644,17 @@ static bool rt_wait_ok(void) { + /* + * This originally returned !cpu_softintr_p(), but that doesn't + * work: the caller may hold a lock (probably softnet lock) + * that a softint is waiting for, in which case waiting here + * would cause a deadlock. See https://gnats.netbsd.org/56844 + * for details. For now, until the locking paths are sorted + * out, we just disable the waiting option altogether and + * always defer to workqueue. + */ KASSERT(!cpu_intr_p()); - return !cpu_softintr_p(); + return false; } void
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Oct 10 16:09:13 UTC 2022 Modified Files: src/sys/net [netbsd-8]: if_ethersubr.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #1770): sys/net/if_ethersubr.c: revision 1.254 Fix a bug in the VLAN path: there's an inverted logic, the mbuf needs to be bigger than struct ether_vlan_header, not smaller. Meanwhile add a KASSERT in the LLC path. To generate a diff of this commit: cvs rdiff -u -r1.242.6.9 -r1.242.6.10 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Oct 10 16:09:13 UTC 2022 Modified Files: src/sys/net [netbsd-8]: if_ethersubr.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #1770): sys/net/if_ethersubr.c: revision 1.254 Fix a bug in the VLAN path: there's an inverted logic, the mbuf needs to be bigger than struct ether_vlan_header, not smaller. Meanwhile add a KASSERT in the LLC path. To generate a diff of this commit: cvs rdiff -u -r1.242.6.9 -r1.242.6.10 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_ethersubr.c diff -u src/sys/net/if_ethersubr.c:1.242.6.9 src/sys/net/if_ethersubr.c:1.242.6.10 --- src/sys/net/if_ethersubr.c:1.242.6.9 Wed Oct 27 18:52:51 2021 +++ src/sys/net/if_ethersubr.c Mon Oct 10 16:09:12 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: if_ethersubr.c,v 1.242.6.9 2021/10/27 18:52:51 martin Exp $ */ +/* $NetBSD: if_ethersubr.c,v 1.242.6.10 2022/10/10 16:09:12 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.242.6.9 2021/10/27 18:52:51 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.242.6.10 2022/10/10 16:09:12 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -706,7 +706,7 @@ ether_input(struct ifnet *ifp, struct mb * just being used to store the priority. Extract the ether * type, and if IP or IPV6, let them deal with it. */ - if (m->m_len <= sizeof(*evl) + if (m->m_len >= sizeof(*evl) && EVL_VLANOFTAG((ntohs(evl->evl_tag))) == 0) { etype = ntohs(evl->evl_proto); ehlen = sizeof(*evl); @@ -841,11 +841,13 @@ ether_input(struct ifnet *ifp, struct mb return; } } else { + KASSERT(ehlen == sizeof(*eh)); #if defined (LLC) || defined (NETATALK) - if (m->m_len < ehlen + sizeof(struct llc)) { + if (m->m_len < sizeof(*eh) + sizeof(struct llc)) { goto dropanyway; } l = (struct llc *)(eh+1); + switch (l->llc_dsap) { #ifdef NETATALK case LLC_SNAP_LSAP: @@ -871,10 +873,10 @@ ether_input(struct ifnet *ifp, struct mb sizeof(aarp_org_code)) == 0 && ntohs(l->llc_snap_ether_type) == ETHERTYPE_AARP) { - m_adj( m, sizeof(struct ether_header) + m_adj(m, sizeof(struct ether_header) + sizeof(struct llc)); aarpinput(ifp, m); /* XXX */ -return; + return; } default:
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: sborrill Date: Wed May 4 15:36:35 UTC 2022 Modified Files: src/sys/net [netbsd-8]: if_pppoe.c Log Message: Pull up the following revisions(s) (requested by martin in ticket #1740): sys/net/if_pppoe.c: revision 1.179 pppoe(4): fix CVE-2022-29867 - discovery phase local network mbuf corruption. To generate a diff of this commit: cvs rdiff -u -r1.125.6.10 -r1.125.6.11 src/sys/net/if_pppoe.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_pppoe.c diff -u src/sys/net/if_pppoe.c:1.125.6.10 src/sys/net/if_pppoe.c:1.125.6.11 --- src/sys/net/if_pppoe.c:1.125.6.10 Thu Feb 13 19:37:39 2020 +++ src/sys/net/if_pppoe.c Wed May 4 15:36:35 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: if_pppoe.c,v 1.125.6.10 2020/02/13 19:37:39 martin Exp $ */ +/* $NetBSD: if_pppoe.c,v 1.125.6.11 2022/05/04 15:36:35 sborrill Exp $ */ /*- * Copyright (c) 2002, 2008 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.125.6.10 2020/02/13 19:37:39 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.125.6.11 2022/05/04 15:36:35 sborrill Exp $"); #ifdef _KERNEL_OPT #include "pppoe.h" @@ -871,6 +871,10 @@ breakbreak:; } sc->sc_ac_cookie_len = ac_cookie_len; memcpy(sc->sc_ac_cookie, ac_cookie, ac_cookie_len); + } else if (sc->sc_ac_cookie) { + free(sc->sc_ac_cookie, M_DEVBUF); + sc->sc_ac_cookie = NULL; + sc->sc_ac_cookie_len = 0; } if (relay_sid) { if (sc->sc_relay_sid) @@ -886,6 +890,10 @@ breakbreak:; } sc->sc_relay_sid_len = relay_sid_len; memcpy(sc->sc_relay_sid, relay_sid, relay_sid_len); + } else if (sc->sc_relay_sid) { + free(sc->sc_relay_sid, M_DEVBUF); + sc->sc_relay_sid = NULL; + sc->sc_relay_sid_len = 0; } memcpy(>sc_dest, eh->ether_shost, sizeof sc->sc_dest); callout_stop(>sc_timeout); @@ -1313,6 +1321,9 @@ pppoe_get_mbuf(size_t len) { struct mbuf *m; + if (len + sizeof(struct ether_header) > MCLBYTES) + return NULL; + MGETHDR(m, M_DONTWAIT, MT_DATA); if (m == NULL) return NULL;
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: sborrill Date: Wed May 4 15:36:35 UTC 2022 Modified Files: src/sys/net [netbsd-8]: if_pppoe.c Log Message: Pull up the following revisions(s) (requested by martin in ticket #1740): sys/net/if_pppoe.c: revision 1.179 pppoe(4): fix CVE-2022-29867 - discovery phase local network mbuf corruption. To generate a diff of this commit: cvs rdiff -u -r1.125.6.10 -r1.125.6.11 src/sys/net/if_pppoe.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Sat Jan 29 17:05:45 UTC 2022 Modified Files: src/sys/net [netbsd-8]: ppp_tty.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #1727): sys/net/ppp_tty.c: revision 1.68 sys/net/ppp_tty.c: revision 1.69 Use unsigned to avoid undefined behavior in pppasyncstart(). Use unsigned to avoid undefined behavior. Found by kUBSan. To generate a diff of this commit: cvs rdiff -u -r1.63 -r1.63.8.1 src/sys/net/ppp_tty.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Sat Jan 29 17:05:45 UTC 2022 Modified Files: src/sys/net [netbsd-8]: ppp_tty.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #1727): sys/net/ppp_tty.c: revision 1.68 sys/net/ppp_tty.c: revision 1.69 Use unsigned to avoid undefined behavior in pppasyncstart(). Use unsigned to avoid undefined behavior. Found by kUBSan. To generate a diff of this commit: cvs rdiff -u -r1.63 -r1.63.8.1 src/sys/net/ppp_tty.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/ppp_tty.c diff -u src/sys/net/ppp_tty.c:1.63 src/sys/net/ppp_tty.c:1.63.8.1 --- src/sys/net/ppp_tty.c:1.63 Sun Oct 2 14:17:07 2016 +++ src/sys/net/ppp_tty.c Sat Jan 29 17:05:44 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: ppp_tty.c,v 1.63 2016/10/02 14:17:07 christos Exp $ */ +/* $NetBSD: ppp_tty.c,v 1.63.8.1 2022/01/29 17:05:44 martin Exp $ */ /* Id: ppp_tty.c,v 1.3 1996/07/01 01:04:11 paulus Exp */ /* @@ -93,7 +93,7 @@ /* from NetBSD: if_ppp.c,v 1.15.2.2 1994/07/28 05:17:58 cgd Exp */ #include -__KERNEL_RCSID(0, "$NetBSD: ppp_tty.c,v 1.63 2016/10/02 14:17:07 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ppp_tty.c,v 1.63.8.1 2022/01/29 17:05:44 martin Exp $"); #ifdef _KERNEL_OPT #include "ppp.h" @@ -181,7 +181,7 @@ static void pppdumpframe(struct ppp_soft /* * Does c need to be escaped? */ -#define ESCAPE_P(c) (sc->sc_asyncmap[(c) >> 5] & (1 << ((c) & 0x1F))) +#define ESCAPE_P(c) (sc->sc_asyncmap[(c) >> 5] & (1U << ((c) & 0x1F))) /* * Procedures for using an async tty interface for PPP. @@ -1012,7 +1012,7 @@ pppinput(int c, struct tty *tp) sc->sc_flags |= SC_RCV_B7_1; else sc->sc_flags |= SC_RCV_B7_0; -if (paritytab[c >> 5] & (1 << (c & 0x1F))) +if (paritytab[c >> 5] & (1U << (c & 0x1F))) sc->sc_flags |= SC_RCV_ODDP; else sc->sc_flags |= SC_RCV_EVNP; @@ -1093,7 +1093,7 @@ pppinput(int c, struct tty *tp) return 0; } -if (c < 0x20 && (sc->sc_rasyncmap & (1 << c))) +if (c < 0x20 && (sc->sc_rasyncmap & (1U << c))) return 0; s = spltty();
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Oct 27 18:52:51 UTC 2021 Modified Files: src/sys/net [netbsd-8]: if_ethersubr.c Log Message: Fix merge mishap from previous (ticket #1704) To generate a diff of this commit: cvs rdiff -u -r1.242.6.8 -r1.242.6.9 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Oct 27 18:52:51 UTC 2021 Modified Files: src/sys/net [netbsd-8]: if_ethersubr.c Log Message: Fix merge mishap from previous (ticket #1704) To generate a diff of this commit: cvs rdiff -u -r1.242.6.8 -r1.242.6.9 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_ethersubr.c diff -u src/sys/net/if_ethersubr.c:1.242.6.8 src/sys/net/if_ethersubr.c:1.242.6.9 --- src/sys/net/if_ethersubr.c:1.242.6.8 Mon Oct 25 18:16:07 2021 +++ src/sys/net/if_ethersubr.c Wed Oct 27 18:52:51 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: if_ethersubr.c,v 1.242.6.8 2021/10/25 18:16:07 martin Exp $ */ +/* $NetBSD: if_ethersubr.c,v 1.242.6.9 2021/10/27 18:52:51 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.242.6.8 2021/10/25 18:16:07 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.242.6.9 2021/10/27 18:52:51 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -707,7 +707,7 @@ ether_input(struct ifnet *ifp, struct mb * type, and if IP or IPV6, let them deal with it. */ if (m->m_len <= sizeof(*evl) - && EVL_VLANOFTAG((ntohs(evl->evl_tag)) == 0) { + && EVL_VLANOFTAG((ntohs(evl->evl_tag))) == 0) { etype = ntohs(evl->evl_proto); ehlen = sizeof(*evl); if ((m->m_flags & M_PROMISC) == 0
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Oct 25 18:16:07 UTC 2021 Modified Files: src/sys/net [netbsd-8]: if_ethersubr.c Log Message: Pull up following revision(s) (requested by ryo in ticket #1704): sys/net/if_ethersubr.c: revision 1.302 frame's vlan tag must be ntohs()'ed. VLAN 0 Priority tag was misrecognized on non vlan-hwtagging interfaces. To generate a diff of this commit: cvs rdiff -u -r1.242.6.7 -r1.242.6.8 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_ethersubr.c diff -u src/sys/net/if_ethersubr.c:1.242.6.7 src/sys/net/if_ethersubr.c:1.242.6.8 --- src/sys/net/if_ethersubr.c:1.242.6.7 Tue Oct 8 18:12:44 2019 +++ src/sys/net/if_ethersubr.c Mon Oct 25 18:16:07 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: if_ethersubr.c,v 1.242.6.7 2019/10/08 18:12:44 martin Exp $ */ +/* $NetBSD: if_ethersubr.c,v 1.242.6.8 2021/10/25 18:16:07 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.242.6.7 2019/10/08 18:12:44 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.242.6.8 2021/10/25 18:16:07 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -707,7 +707,7 @@ ether_input(struct ifnet *ifp, struct mb * type, and if IP or IPV6, let them deal with it. */ if (m->m_len <= sizeof(*evl) - && EVL_VLANOFTAG(evl->evl_tag) == 0) { + && EVL_VLANOFTAG((ntohs(evl->evl_tag)) == 0) { etype = ntohs(evl->evl_proto); ehlen = sizeof(*evl); if ((m->m_flags & M_PROMISC) == 0
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Oct 25 18:16:07 UTC 2021 Modified Files: src/sys/net [netbsd-8]: if_ethersubr.c Log Message: Pull up following revision(s) (requested by ryo in ticket #1704): sys/net/if_ethersubr.c: revision 1.302 frame's vlan tag must be ntohs()'ed. VLAN 0 Priority tag was misrecognized on non vlan-hwtagging interfaces. To generate a diff of this commit: cvs rdiff -u -r1.242.6.7 -r1.242.6.8 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Nov 14 16:00:51 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_loop.c Log Message: Pull up the following revisions, requested by msaitoh in ticket #1438: sys/net/if_loop.c 1.108-1.109 via patch Fix a bug that an IP broadcast packet back to myself is dropped as bad checksum when an interface's checksum offload is set. To generate a diff of this commit: cvs rdiff -u -r1.94.6.4 -r1.94.6.5 src/sys/net/if_loop.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_loop.c diff -u src/sys/net/if_loop.c:1.94.6.4 src/sys/net/if_loop.c:1.94.6.5 --- src/sys/net/if_loop.c:1.94.6.4 Tue Jan 2 10:20:33 2018 +++ src/sys/net/if_loop.c Thu Nov 14 16:00:51 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: if_loop.c,v 1.94.6.4 2018/01/02 10:20:33 snj Exp $ */ +/* $NetBSD: if_loop.c,v 1.94.6.5 2019/11/14 16:00:51 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -65,7 +65,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_loop.c,v 1.94.6.4 2018/01/02 10:20:33 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_loop.c,v 1.94.6.5 2019/11/14 16:00:51 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -320,8 +320,13 @@ looutput(struct ifnet *ifp, struct mbuf KASSERT((csum_flags & ~(M_CSUM_IPv4|M_CSUM_UDPv4)) == 0); if (csum_flags != 0 && IN_LOOPBACK_NEED_CHECKSUM(csum_flags)) { ip_undefer_csum(m, 0, csum_flags); + m->m_pkthdr.csum_flags = 0; + } else { + /* + * Do nothing. Pass M_CSUM_IPv4 and M_CSUM_UDPv4 as + * they are to tell those are calculated and good. + */ } - m->m_pkthdr.csum_flags = 0; pktq = ip_pktq; break; #endif @@ -332,8 +337,13 @@ looutput(struct ifnet *ifp, struct mbuf if (csum_flags != 0 && IN6_LOOPBACK_NEED_CHECKSUM(csum_flags)) { ip6_undefer_csum(m, 0, csum_flags); + m->m_pkthdr.csum_flags = 0; + } else { + /* + * Do nothing. Pass M_CSUM_UDPv6 as + * they are to tell those are calculated and good. + */ } - m->m_pkthdr.csum_flags = 0; m->m_flags |= M_LOOP; pktq = ip6_pktq; break;
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Nov 14 16:00:51 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_loop.c Log Message: Pull up the following revisions, requested by msaitoh in ticket #1438: sys/net/if_loop.c 1.108-1.109 via patch Fix a bug that an IP broadcast packet back to myself is dropped as bad checksum when an interface's checksum offload is set. To generate a diff of this commit: cvs rdiff -u -r1.94.6.4 -r1.94.6.5 src/sys/net/if_loop.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Nov 13 12:53:35 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_vlan.c Log Message: Pull up following revision(s) (requested by yamaguchi in ticket #1434): sys/net/if_vlan.c: revision 1.148 Fix a bug that vlan(4) fragments IPv6 packets even the MTU > packet length. The bug is appeared when the mtu is increased on SIOCSETVLAN. >From t-kusaba@IIJ To generate a diff of this commit: cvs rdiff -u -r1.97.2.17 -r1.97.2.18 src/sys/net/if_vlan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_vlan.c diff -u src/sys/net/if_vlan.c:1.97.2.17 src/sys/net/if_vlan.c:1.97.2.18 --- src/sys/net/if_vlan.c:1.97.2.17 Thu Oct 24 15:48:37 2019 +++ src/sys/net/if_vlan.c Wed Nov 13 12:53:34 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: if_vlan.c,v 1.97.2.17 2019/10/24 15:48:37 martin Exp $ */ +/* $NetBSD: if_vlan.c,v 1.97.2.18 2019/11/13 12:53:34 martin Exp $ */ /*- * Copyright (c) 2000, 2001 The NetBSD Foundation, Inc. @@ -78,7 +78,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_vlan.c,v 1.97.2.17 2019/10/24 15:48:37 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_vlan.c,v 1.97.2.18 2019/11/13 12:53:34 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -119,6 +119,7 @@ __KERNEL_RCSID(0, "$NetBSD: if_vlan.c,v #ifdef INET6 #include #include +#include #endif #include "ioconf.h" @@ -520,6 +521,12 @@ vlan_config(struct ifvlan *ifv, struct i nmib->ifvm_p = p; nmib->ifvm_tag = vid; ifv->ifv_if.if_mtu = p->if_mtu - nmib->ifvm_mtufudge; +#ifdef INET6 + KERNEL_LOCK_UNLESS_NET_MPSAFE(); + if (in6_present) + nd6_setmtu(ifp); + KERNEL_UNLOCK_UNLESS_NET_MPSAFE(); +#endif ifv->ifv_if.if_flags = p->if_flags & (IFF_UP | IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST);
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Nov 13 12:53:35 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_vlan.c Log Message: Pull up following revision(s) (requested by yamaguchi in ticket #1434): sys/net/if_vlan.c: revision 1.148 Fix a bug that vlan(4) fragments IPv6 packets even the MTU > packet length. The bug is appeared when the mtu is increased on SIOCSETVLAN. >From t-kusaba@IIJ To generate a diff of this commit: cvs rdiff -u -r1.97.2.17 -r1.97.2.18 src/sys/net/if_vlan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Oct 24 15:48:37 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_vlan.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1411): sys/net/if_vlan.c: revision 1.147 vlan: get rid of unnecessary if_ipackets++ in vlan_input It's done by if_input() below now. Pointed out by msaitoh@ To generate a diff of this commit: cvs rdiff -u -r1.97.2.16 -r1.97.2.17 src/sys/net/if_vlan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Oct 24 15:48:37 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_vlan.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1411): sys/net/if_vlan.c: revision 1.147 vlan: get rid of unnecessary if_ipackets++ in vlan_input It's done by if_input() below now. Pointed out by msaitoh@ To generate a diff of this commit: cvs rdiff -u -r1.97.2.16 -r1.97.2.17 src/sys/net/if_vlan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_vlan.c diff -u src/sys/net/if_vlan.c:1.97.2.16 src/sys/net/if_vlan.c:1.97.2.17 --- src/sys/net/if_vlan.c:1.97.2.16 Mon Oct 22 07:41:12 2018 +++ src/sys/net/if_vlan.c Thu Oct 24 15:48:37 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: if_vlan.c,v 1.97.2.16 2018/10/22 07:41:12 martin Exp $ */ +/* $NetBSD: if_vlan.c,v 1.97.2.17 2019/10/24 15:48:37 martin Exp $ */ /*- * Copyright (c) 2000, 2001 The NetBSD Foundation, Inc. @@ -78,7 +78,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_vlan.c,v 1.97.2.16 2018/10/22 07:41:12 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_vlan.c,v 1.97.2.17 2019/10/24 15:48:37 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1622,7 +1622,6 @@ vlan_input(struct ifnet *ifp, struct mbu } m_set_rcvif(m, >ifv_if); - ifv->ifv_if.if_ipackets++; if (pfil_run_hooks(ifp->if_pfil, , ifp, PFIL_IN) != 0) goto out;
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Tue Oct 8 18:12:44 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_ethersubr.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #1402): sys/net/if_ethersubr.c: revision 1.277 Increment if_iqdrops when dropping an oversized frame. To generate a diff of this commit: cvs rdiff -u -r1.242.6.6 -r1.242.6.7 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Tue Oct 8 18:12:44 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_ethersubr.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #1402): sys/net/if_ethersubr.c: revision 1.277 Increment if_iqdrops when dropping an oversized frame. To generate a diff of this commit: cvs rdiff -u -r1.242.6.6 -r1.242.6.7 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_ethersubr.c diff -u src/sys/net/if_ethersubr.c:1.242.6.6 src/sys/net/if_ethersubr.c:1.242.6.7 --- src/sys/net/if_ethersubr.c:1.242.6.6 Tue Oct 8 18:09:41 2019 +++ src/sys/net/if_ethersubr.c Tue Oct 8 18:12:44 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: if_ethersubr.c,v 1.242.6.6 2019/10/08 18:09:41 martin Exp $ */ +/* $NetBSD: if_ethersubr.c,v 1.242.6.7 2019/10/08 18:12:44 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.242.6.6 2019/10/08 18:09:41 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.242.6.7 2019/10/08 18:12:44 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -603,6 +603,7 @@ ether_input(struct ifnet *ifp, struct mb ifp->if_xname, m->m_pkthdr.len); } mutex_exit(_lock); + ifp->if_iqdrops++; m_freem(m); return; }
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Tue Oct 8 18:09:41 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_ethersubr.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1401): sys/net/if_ethersubr.c: revision 1.255 Fix two bugs in altq_etherclassify. When scanning the mbuf chain we need to make sure that m_next is not NULL, otherwise NULL deref. After that, we must not touch m->m_pkthdr, given that 'm' may not be the first mbuf of the chain anymore. Declare mtop, and add a KASSERT to make sure it has M_PKTHDR set. To generate a diff of this commit: cvs rdiff -u -r1.242.6.5 -r1.242.6.6 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_ethersubr.c diff -u src/sys/net/if_ethersubr.c:1.242.6.5 src/sys/net/if_ethersubr.c:1.242.6.6 --- src/sys/net/if_ethersubr.c:1.242.6.5 Tue Mar 13 15:40:25 2018 +++ src/sys/net/if_ethersubr.c Tue Oct 8 18:09:41 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: if_ethersubr.c,v 1.242.6.5 2018/03/13 15:40:25 martin Exp $ */ +/* $NetBSD: if_ethersubr.c,v 1.242.6.6 2019/10/08 18:09:41 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.242.6.5 2018/03/13 15:40:25 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.242.6.6 2019/10/08 18:09:41 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -463,10 +463,13 @@ void altq_etherclassify(struct ifaltq *ifq, struct mbuf *m) { struct ether_header *eh; + struct mbuf *mtop = m; uint16_t ether_type; int hlen, af, hdrsize; void *hdr; + KASSERT((mtop->m_flags & M_PKTHDR) != 0); + hlen = ETHER_HDR_LEN; eh = mtod(m, struct ether_header *); @@ -508,7 +511,10 @@ altq_etherclassify(struct ifaltq *ifq, s while (m->m_len <= hlen) { hlen -= m->m_len; m = m->m_next; + if (m == NULL) + goto bad; } + if (m->m_len < (hlen + hdrsize)) { /* * protocol header not in a single mbuf. @@ -527,11 +533,12 @@ altq_etherclassify(struct ifaltq *ifq, s hdr = mtod(m, void *); - if (ALTQ_NEEDS_CLASSIFY(ifq)) - m->m_pkthdr.pattr_class = + if (ALTQ_NEEDS_CLASSIFY(ifq)) { + mtop->m_pkthdr.pattr_class = (*ifq->altq_classify)(ifq->altq_clfier, m, af); - m->m_pkthdr.pattr_af = af; - m->m_pkthdr.pattr_hdr = hdr; + } + mtop->m_pkthdr.pattr_af = af; + mtop->m_pkthdr.pattr_hdr = hdr; m->m_data -= hlen; m->m_len += hlen; @@ -539,9 +546,9 @@ altq_etherclassify(struct ifaltq *ifq, s return; bad: - m->m_pkthdr.pattr_class = NULL; - m->m_pkthdr.pattr_hdr = NULL; - m->m_pkthdr.pattr_af = AF_UNSPEC; + mtop->m_pkthdr.pattr_class = NULL; + mtop->m_pkthdr.pattr_hdr = NULL; + mtop->m_pkthdr.pattr_af = AF_UNSPEC; } #endif /* ALTQ */
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Fri Oct 4 11:26:35 UTC 2019 Modified Files: src/sys/net [netbsd-8]: route.c Log Message: Pull up following revision(s) (requested by rin in ticket #1398): sys/net/route.c: revision 1.222 Stop passing a large const structure by value, in order to avoid possible kernel stack overflow; const pointer is suffice here. Pointed out by the lgtm bot and kamil. OK ozaki-r XXX pullup to netbsd-9 To generate a diff of this commit: cvs rdiff -u -r1.194.6.14 -r1.194.6.15 src/sys/net/route.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/route.c diff -u src/sys/net/route.c:1.194.6.14 src/sys/net/route.c:1.194.6.15 --- src/sys/net/route.c:1.194.6.14 Tue Sep 24 18:27:09 2019 +++ src/sys/net/route.c Fri Oct 4 11:26:35 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: route.c,v 1.194.6.14 2019/09/24 18:27:09 martin Exp $ */ +/* $NetBSD: route.c,v 1.194.6.15 2019/10/04 11:26:35 martin Exp $ */ /*- * Copyright (c) 1998, 2008 The NetBSD Foundation, Inc. @@ -97,7 +97,7 @@ #endif #include -__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.194.6.14 2019/09/24 18:27:09 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.194.6.15 2019/10/04 11:26:35 martin Exp $"); #include #ifdef RTFLUSH_DEBUG @@ -1387,47 +1387,48 @@ rt_setgate(struct rtentry *rt, const str } static struct ifaddr * -rt_update_get_ifa(const struct rt_addrinfo info, const struct rtentry *rt, +rt_update_get_ifa(const struct rt_addrinfo *info, const struct rtentry *rt, struct ifnet **ifp, struct psref *psref_ifp, struct psref *psref) { struct ifaddr *ifa = NULL; *ifp = NULL; - if (info.rti_info[RTAX_IFP] != NULL) { - ifa = ifa_ifwithnet_psref(info.rti_info[RTAX_IFP], psref); + if (info->rti_info[RTAX_IFP] != NULL) { + ifa = ifa_ifwithnet_psref(info->rti_info[RTAX_IFP], psref); if (ifa == NULL) goto next; *ifp = ifa->ifa_ifp; if_acquire(*ifp, psref_ifp); - if (info.rti_info[RTAX_IFA] == NULL && - info.rti_info[RTAX_GATEWAY] == NULL) + if (info->rti_info[RTAX_IFA] == NULL && + info->rti_info[RTAX_GATEWAY] == NULL) goto next; ifa_release(ifa, psref); - if (info.rti_info[RTAX_IFA] == NULL) { + if (info->rti_info[RTAX_IFA] == NULL) { /* route change -ifp */ - ifa = ifaof_ifpforaddr_psref(info.rti_info[RTAX_GATEWAY], - *ifp, psref); + ifa = ifaof_ifpforaddr_psref( + info->rti_info[RTAX_GATEWAY], *ifp, psref); } else { /* route change -ifp -ifa */ - ifa = ifa_ifwithaddr_psref(info.rti_info[RTAX_IFA], psref); + ifa = ifa_ifwithaddr_psref(info->rti_info[RTAX_IFA], + psref); if (ifa != NULL) goto out; - ifa = ifaof_ifpforaddr_psref(info.rti_info[RTAX_IFA], + ifa = ifaof_ifpforaddr_psref(info->rti_info[RTAX_IFA], *ifp, psref); } goto out; } next: - if (info.rti_info[RTAX_IFA] != NULL) { + if (info->rti_info[RTAX_IFA] != NULL) { /* route change -ifa */ - ifa = ifa_ifwithaddr_psref(info.rti_info[RTAX_IFA], psref); + ifa = ifa_ifwithaddr_psref(info->rti_info[RTAX_IFA], psref); if (ifa != NULL) goto out; } - if (info.rti_info[RTAX_GATEWAY] != NULL) { + if (info->rti_info[RTAX_GATEWAY] != NULL) { /* route change */ ifa = ifa_ifwithroute_psref(rt->rt_flags, rt_getkey(rt), - info.rti_info[RTAX_GATEWAY], psref); + info->rti_info[RTAX_GATEWAY], psref); } out: if (ifa != NULL && *ifp == NULL) { @@ -1487,7 +1488,7 @@ rt_update(struct rtentry *rt, struct rt_ * flags may also be different; ifp may be specified * by ll sockaddr when protocol address is ambiguous */ - new_ifa = rt_update_get_ifa(*info, rt, _ifp, _new_ifp, + new_ifa = rt_update_get_ifa(info, rt, _ifp, _new_ifp, _new_ifa); if (new_ifa != NULL) { ifa_release(ifa, _ifa);
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Fri Oct 4 11:26:35 UTC 2019 Modified Files: src/sys/net [netbsd-8]: route.c Log Message: Pull up following revision(s) (requested by rin in ticket #1398): sys/net/route.c: revision 1.222 Stop passing a large const structure by value, in order to avoid possible kernel stack overflow; const pointer is suffice here. Pointed out by the lgtm bot and kamil. OK ozaki-r XXX pullup to netbsd-9 To generate a diff of this commit: cvs rdiff -u -r1.194.6.14 -r1.194.6.15 src/sys/net/route.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Sun Aug 4 11:19:03 UTC 2019 Modified Files: src/sys/net [netbsd-8]: bpf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1323): sys/net/bpf.c: revision 1.229 Fix info leak: use kmem_zalloc, because we align the buffers, and the otherwise uninitialized padding bytes get copied to userland in bpf_read(). To generate a diff of this commit: cvs rdiff -u -r1.216.6.6 -r1.216.6.7 src/sys/net/bpf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/bpf.c diff -u src/sys/net/bpf.c:1.216.6.6 src/sys/net/bpf.c:1.216.6.7 --- src/sys/net/bpf.c:1.216.6.6 Tue May 15 13:48:37 2018 +++ src/sys/net/bpf.c Sun Aug 4 11:19:03 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: bpf.c,v 1.216.6.6 2018/05/15 13:48:37 martin Exp $ */ +/* $NetBSD: bpf.c,v 1.216.6.7 2019/08/04 11:19:03 martin Exp $ */ /* * Copyright (c) 1990, 1991, 1993 @@ -39,7 +39,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.216.6.6 2018/05/15 13:48:37 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.216.6.7 2019/08/04 11:19:03 martin Exp $"); #if defined(_KERNEL_OPT) #include "opt_bpf.h" @@ -1969,10 +1969,10 @@ static int bpf_allocbufs(struct bpf_d *d) { - d->bd_fbuf = kmem_alloc(d->bd_bufsize, KM_NOSLEEP); + d->bd_fbuf = kmem_zalloc(d->bd_bufsize, KM_NOSLEEP); if (!d->bd_fbuf) return (ENOBUFS); - d->bd_sbuf = kmem_alloc(d->bd_bufsize, KM_NOSLEEP); + d->bd_sbuf = kmem_zalloc(d->bd_bufsize, KM_NOSLEEP); if (!d->bd_sbuf) { kmem_free(d->bd_fbuf, d->bd_bufsize); return (ENOBUFS);
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Sun Aug 4 11:19:03 UTC 2019 Modified Files: src/sys/net [netbsd-8]: bpf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1323): sys/net/bpf.c: revision 1.229 Fix info leak: use kmem_zalloc, because we align the buffers, and the otherwise uninitialized padding bytes get copied to userland in bpf_read(). To generate a diff of this commit: cvs rdiff -u -r1.216.6.6 -r1.216.6.7 src/sys/net/bpf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Sun Aug 4 11:01:22 UTC 2019 Modified Files: src/sys/net [netbsd-8]: raw_usrreq.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1318): sys/net/raw_usrreq.c: revision 1.63 sys/net/raw_usrreq.c: revision 1.64 Fix typo (s/m_free/m_freem/) This fixes PR kern/54419 "mbuf leak when deleting route" from sc dying. - Fix typo (s/m_free/m_freem/) (one more) To generate a diff of this commit: cvs rdiff -u -r1.56.4.2 -r1.56.4.3 src/sys/net/raw_usrreq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Sun Aug 4 11:01:22 UTC 2019 Modified Files: src/sys/net [netbsd-8]: raw_usrreq.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1318): sys/net/raw_usrreq.c: revision 1.63 sys/net/raw_usrreq.c: revision 1.64 Fix typo (s/m_free/m_freem/) This fixes PR kern/54419 "mbuf leak when deleting route" from sc dying. - Fix typo (s/m_free/m_freem/) (one more) To generate a diff of this commit: cvs rdiff -u -r1.56.4.2 -r1.56.4.3 src/sys/net/raw_usrreq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/raw_usrreq.c diff -u src/sys/net/raw_usrreq.c:1.56.4.2 src/sys/net/raw_usrreq.c:1.56.4.3 --- src/sys/net/raw_usrreq.c:1.56.4.2 Mon Apr 9 13:34:10 2018 +++ src/sys/net/raw_usrreq.c Sun Aug 4 11:01:22 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: raw_usrreq.c,v 1.56.4.2 2018/04/09 13:34:10 bouyer Exp $ */ +/* $NetBSD: raw_usrreq.c,v 1.56.4.3 2019/08/04 11:01:22 martin Exp $ */ /* * Copyright (c) 1980, 1986, 1993 @@ -36,7 +36,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: raw_usrreq.c,v 1.56.4.2 2018/04/09 13:34:10 bouyer Exp $"); +__KERNEL_RCSID(0, "$NetBSD: raw_usrreq.c,v 1.56.4.3 2019/08/04 11:01:22 martin Exp $"); #include #include @@ -120,12 +120,12 @@ raw_input(struct mbuf *m0, ...) } if (last != NULL) { if (sbappendaddr(>so_rcv, src, m, NULL) == 0) { - m_free(m); + m_freem(m); soroverflow(last); } else sorwakeup(last); } else { - m_free(m); + m_freem(m); } }
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed May 29 16:01:51 UTC 2019 Modified Files: src/sys/net [netbsd-8]: rtsock.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1276): sys/net/rtsock.c: revision 1.250 Don't take softnet_lock in sysctl_rtable Taking softnet_lock there can cause a deadlock with nfs sosend, so we don't. Having only KERNEL_LOCK is enough because now the routing table is protected by KERNEL_LOCK that was introduced by the fix for PR 53043. PR kern/54227 from Paul Ripke To generate a diff of this commit: cvs rdiff -u -r1.213.2.12 -r1.213.2.13 src/sys/net/rtsock.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed May 29 16:01:51 UTC 2019 Modified Files: src/sys/net [netbsd-8]: rtsock.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1276): sys/net/rtsock.c: revision 1.250 Don't take softnet_lock in sysctl_rtable Taking softnet_lock there can cause a deadlock with nfs sosend, so we don't. Having only KERNEL_LOCK is enough because now the routing table is protected by KERNEL_LOCK that was introduced by the fix for PR 53043. PR kern/54227 from Paul Ripke To generate a diff of this commit: cvs rdiff -u -r1.213.2.12 -r1.213.2.13 src/sys/net/rtsock.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/rtsock.c diff -u src/sys/net/rtsock.c:1.213.2.12 src/sys/net/rtsock.c:1.213.2.13 --- src/sys/net/rtsock.c:1.213.2.12 Thu Mar 7 16:59:10 2019 +++ src/sys/net/rtsock.c Wed May 29 16:01:51 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: rtsock.c,v 1.213.2.12 2019/03/07 16:59:10 martin Exp $ */ +/* $NetBSD: rtsock.c,v 1.213.2.13 2019/05/29 16:01:51 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: rtsock.c,v 1.213.2.12 2019/03/07 16:59:10 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: rtsock.c,v 1.213.2.13 2019/05/29 16:01:51 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1873,7 +1873,7 @@ again: w.w_needed = 0 - w.w_given; w.w_where = where; - SOFTNET_KERNEL_LOCK_UNLESS_NET_MPSAFE(); + KERNEL_LOCK_UNLESS_NET_MPSAFE(); s = splsoftnet(); switch (w.w_op) { @@ -1932,7 +1932,7 @@ again: break; } splx(s); - SOFTNET_KERNEL_UNLOCK_UNLESS_NET_MPSAFE(); + KERNEL_UNLOCK_UNLESS_NET_MPSAFE(); /* check to see if we couldn't allocate memory with NOWAIT */ if (error == ENOBUFS && w.w_tmem == 0 && w.w_tmemneeded)
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Tue May 14 11:37:13 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_media.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #1266): sys/net/if_media.c: revision 1.42 (via patch) Add missing error check. To generate a diff of this commit: cvs rdiff -u -r1.32.6.2 -r1.32.6.3 src/sys/net/if_media.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_media.c diff -u src/sys/net/if_media.c:1.32.6.2 src/sys/net/if_media.c:1.32.6.3 --- src/sys/net/if_media.c:1.32.6.2 Tue Jan 2 10:20:33 2018 +++ src/sys/net/if_media.c Tue May 14 11:37:12 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: if_media.c,v 1.32.6.2 2018/01/02 10:20:33 snj Exp $ */ +/* $NetBSD: if_media.c,v 1.32.6.3 2019/05/14 11:37:12 martin Exp $ */ /*- * Copyright (c) 1998 The NetBSD Foundation, Inc. @@ -76,7 +76,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_media.c,v 1.32.6.2 2018/01/02 10:20:33 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_media.c,v 1.32.6.3 2019/05/14 11:37:12 martin Exp $"); #include #include @@ -335,6 +335,9 @@ _ifmedia_ioctl(struct ifnet *ifp, struct : nwords; int *kptr = (int *)malloc(minwords * sizeof(int), M_TEMP, M_WAITOK); + + if (kptr == NULL) +return ENOMEM; /* * Get the media words from the interface's list. */
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Tue May 14 11:37:13 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_media.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #1266): sys/net/if_media.c: revision 1.42 (via patch) Add missing error check. To generate a diff of this commit: cvs rdiff -u -r1.32.6.2 -r1.32.6.3 src/sys/net/if_media.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Re: CVS commit: [netbsd-8] src/sys/net
I think you forgot something: Index: sys/net/if_vlan.c === RCS file: /cvsroot/src/sys/net/if_vlan.c,v retrieving revision 1.97.2.15 diff -u -r1.97.2.15 if_vlan.c --- sys/net/if_vlan.c 21 Oct 2018 11:55:54 - 1.97.2.15 +++ sys/net/if_vlan.c 21 Oct 2018 18:36:20 - @@ -161,6 +161,7 @@ * instead of direct dereference */ kmutex_t ifv_lock; /* writer lock for ifv_mib */ + pserialize_t ifv_psz; LIST_HEAD(__vlan_mchead, vlan_mc_entry) ifv_mc_listhead; LIST_ENTRY(ifvlan) ifv_list; -- Hisashi T Fujinaka - ht...@twofifty.com BSEE + BSChem + BAEnglish + MSCS + $2.50 = coffee