svn commit: r308241 - stable/10/sys/fs/nfsserver
Author: rmacklem Date: Thu Nov 3 00:58:50 2016 New Revision: 308241 URL: https://svnweb.freebsd.org/changeset/base/308241 Log: MFC: r307694 A problem w.r.t. interoperation between the FreeBSD NFSv4.1 server with delegations enabled and the Linux NFSv4.1 client was reported in reviews.freebsd.org/D7891. I believe that the FreeBSD server behaviour conforms to the RFC and that the Linux client has a bug. Therefore, I do not think the proposed patch is appropriate. When nfsrv_writedelegifpos is non-zero, the FreeBSD server will issue a write delegation for a read open if possible. The Linux client then erroneously assumes that the credentials used for the read open can write the file. This patch reverses the default value for nfsrv_writedelegifpos to 0 so that the default behaviour is Linux compatible and adds a sysctl that can be used to set nfsrv_writedelegifpos. This change should only affect users that are mounting a FreeBSD server with delegations enabled (they are not enabled by default) with a Linux NFSv4.1 client mount. Modified: stable/10/sys/fs/nfsserver/nfs_nfsdstate.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/fs/nfsserver/nfs_nfsdstate.c == --- stable/10/sys/fs/nfsserver/nfs_nfsdstate.c Thu Nov 3 00:56:59 2016 (r308240) +++ stable/10/sys/fs/nfsserver/nfs_nfsdstate.c Thu Nov 3 00:58:50 2016 (r308241) @@ -75,6 +75,11 @@ SYSCTL_INT(_vfs_nfsd, OID_AUTO, v4statel _v4statelimit, 0, "High water limit for NFSv4 opens+locks+delegations"); +static int nfsrv_writedelegifpos = 0; +SYSCTL_INT(_vfs_nfsd, OID_AUTO, writedelegifpos, CTLFLAG_RW, +_writedelegifpos, 0, +"Issue a write delegation for read opens if possible"); + /* * Hash lists for nfs V4. */ @@ -85,7 +90,6 @@ struct nfssessionhash *nfssessionhash; static u_int32_t nfsrv_openpluslock = 0, nfsrv_delegatecnt = 0; static time_t nfsrvboottime; -static int nfsrv_writedelegifpos = 1; static int nfsrv_returnoldstateid = 0, nfsrv_clients = 0; static int nfsrv_clienthighwater = NFSRV_CLIENTHIGHWATER; static int nfsrv_nogsscallback = 0; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308240 - head/sys/dev/atkbdc
Author: gonzo Date: Thu Nov 3 00:56:59 2016 New Revision: 308240 URL: https://svnweb.freebsd.org/changeset/base/308240 Log: [evdev] Add evdev support to atkbd(4) driver To enable event sourcing from atkbd kern.evdev.rcpt_mask value should have bit 3 set. Submitted by: Vladimir KondratievMFC after:1 week Differential Revision:https://reviews.freebsd.org/D8381 Modified: head/sys/dev/atkbdc/atkbd.c head/sys/dev/atkbdc/atkbd_atkbdc.c Modified: head/sys/dev/atkbdc/atkbd.c == --- head/sys/dev/atkbdc/atkbd.c Thu Nov 3 00:50:20 2016(r308239) +++ head/sys/dev/atkbdc/atkbd.c Thu Nov 3 00:56:59 2016(r308240) @@ -31,6 +31,7 @@ __FBSDID("$FreeBSD$"); #include "opt_compat.h" #include "opt_kbd.h" #include "opt_atkbd.h" +#include "opt_evdev.h" #include #include @@ -49,6 +50,11 @@ __FBSDID("$FreeBSD$"); #include #include +#ifdef EVDEV_SUPPORT +#include +#include +#endif + typedef struct atkbd_state { KBDCkbdc; /* keyboard controller */ int ks_mode;/* input mode (K_XLATE,K_RAW,K_CODE) */ @@ -60,6 +66,10 @@ typedef struct atkbd_state { u_int ks_composed_char; /* composed char code (> 0) */ u_char ks_prefix; /* AT scan code prefix */ struct callout ks_timer; +#ifdef EVDEV_SUPPORT + struct evdev_dev *ks_evdev; + int ks_evdev_state; +#endif } atkbd_state_t; static voidatkbd_timeout(void *arg); @@ -72,6 +82,11 @@ static int atkbd_reset(KBDC kbdc, int f #define DEFAULT_DELAY 0x1 /* 500ms */ #define DEFAULT_RATE 0x10 /* 14Hz */ +#ifdef EVDEV_SUPPORT +#define PS2_KEYBOARD_VENDOR1 +#define PS2_KEYBOARD_PRODUCT 1 +#endif + int atkbd_probe_unit(device_t dev, int irq, int flags) { @@ -250,6 +265,12 @@ static int typematic(int delay, int rat static int typematic_delay(int delay); static int typematic_rate(int rate); +#ifdef EVDEV_SUPPORT +static const struct evdev_methods atkbd_evdev_methods = { + .ev_event = evdev_ev_kbd_event, +}; +#endif + /* local variables */ /* the initial key map, accent map and fkey strings */ @@ -352,6 +373,10 @@ atkbd_init(int unit, keyboard_t **kbdp, int delay[2]; int *data = (int *)arg; /* data[0]: controller, data[1]: irq */ int error, needfree; +#ifdef EVDEV_SUPPORT + struct evdev_dev *evdev; + char phys_loc[8]; +#endif /* XXX */ if (unit == ATKBD_DEFAULT) { @@ -436,6 +461,34 @@ atkbd_init(int unit, keyboard_t **kbdp, delay[0] = kbd->kb_delay1; delay[1] = kbd->kb_delay2; atkbd_ioctl(kbd, KDSETREPEAT, (caddr_t)delay); + +#ifdef EVDEV_SUPPORT + /* register as evdev provider on first init */ + if (state->ks_evdev == NULL) { + snprintf(phys_loc, sizeof(phys_loc), "atkbd%d", unit); + evdev = evdev_alloc(); + evdev_set_name(evdev, "AT keyboard"); + evdev_set_phys(evdev, phys_loc); + evdev_set_id(evdev, BUS_I8042, PS2_KEYBOARD_VENDOR, + PS2_KEYBOARD_PRODUCT, 0); + evdev_set_methods(evdev, kbd, _evdev_methods); + evdev_support_event(evdev, EV_SYN); + evdev_support_event(evdev, EV_KEY); + evdev_support_event(evdev, EV_LED); + evdev_support_event(evdev, EV_REP); + evdev_support_all_known_keys(evdev); + evdev_support_led(evdev, LED_NUML); + evdev_support_led(evdev, LED_CAPSL); + evdev_support_led(evdev, LED_SCROLLL); + + if (evdev_register(evdev)) + evdev_free(evdev); + else + state->ks_evdev = evdev; + state->ks_evdev_state = 0; + } +#endif + KBD_INIT_DONE(kbd); } if (!KBD_IS_CONFIGURED(kbd)) { @@ -620,6 +673,20 @@ next_code: printf("atkbd_read_char(): scancode:0x%x\n", scancode); #endif +#ifdef EVDEV_SUPPORT + /* push evdev event */ + if (evdev_rcpt_mask & EVDEV_RCPT_HW_KBD && state->ks_evdev != NULL) { + keycode = evdev_scancode2key(>ks_evdev_state, + scancode); + + if (keycode != KEY_RESERVED) { + evdev_push_event(state->ks_evdev, EV_KEY, + (uint16_t)keycode, scancode & 0x80 ? 0 : 1); + evdev_sync(state->ks_evdev); + } + } +#endif + /* return the byte as is for the K_RAW mode */ if (state->ks_mode == K_RAW)
svn commit: r308239 - stable/11/sys/fs/nfsserver
Author: rmacklem Date: Thu Nov 3 00:50:20 2016 New Revision: 308239 URL: https://svnweb.freebsd.org/changeset/base/308239 Log: MFC: r307694 A problem w.r.t. interoperation between the FreeBSD NFSv4.1 server with delegations enabled and the Linux NFSv4.1 client was reported in reviews.freebsd.org/D7891. I believe that the FreeBSD server behaviour conforms to the RFC and that the Linux client has a bug. Therefore, I do not think the proposed patch is appropriate. When nfsrv_writedelegifpos is non-zero, the FreeBSD server will issue a write delegation for a read open if possible. The Linux client then erroneously assumes that the credentials used for the read open can write the file. This patch reverses the default value for nfsrv_writedelegifpos to 0 so that the default behaviour is Linux compatible and adds a sysctl that can be used to set nfsrv_writedelegifpos. This change should only affect users that are mounting a FreeBSD server with delegations enabled (they are not enabled by default) with a Linux NFSv4.1 client mount. Modified: stable/11/sys/fs/nfsserver/nfs_nfsdstate.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/fs/nfsserver/nfs_nfsdstate.c == --- stable/11/sys/fs/nfsserver/nfs_nfsdstate.c Thu Nov 3 00:34:37 2016 (r308238) +++ stable/11/sys/fs/nfsserver/nfs_nfsdstate.c Thu Nov 3 00:50:20 2016 (r308239) @@ -70,6 +70,11 @@ SYSCTL_INT(_vfs_nfsd, OID_AUTO, v4statel _v4statelimit, 0, "High water limit for NFSv4 opens+locks+delegations"); +static int nfsrv_writedelegifpos = 0; +SYSCTL_INT(_vfs_nfsd, OID_AUTO, writedelegifpos, CTLFLAG_RW, +_writedelegifpos, 0, +"Issue a write delegation for read opens if possible"); + /* * Hash lists for nfs V4. */ @@ -80,7 +85,6 @@ struct nfssessionhash *nfssessionhash; static u_int32_t nfsrv_openpluslock = 0, nfsrv_delegatecnt = 0; static time_t nfsrvboottime; -static int nfsrv_writedelegifpos = 1; static int nfsrv_returnoldstateid = 0, nfsrv_clients = 0; static int nfsrv_clienthighwater = NFSRV_CLIENTHIGHWATER; static int nfsrv_nogsscallback = 0; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308238 - in stable/11: etc gnu/lib/libgcc share/examples usr.bin/calendar
Author: gjb Date: Thu Nov 3 00:34:37 2016 New Revision: 308238 URL: https://svnweb.freebsd.org/changeset/base/308238 Log: MFC r308148, r308150, r308156: r308148: Fix packaging calendar(1) files. r308150: Fix packaging /usr/share/examples/etc. r308156: Fix packaging /usr/lib{,32}/libgcc_eh{,_p}.a. Sponsored by: The FreeBSD Foundation Modified: stable/11/etc/Makefile stable/11/gnu/lib/libgcc/Makefile stable/11/share/examples/Makefile stable/11/usr.bin/calendar/Makefile Directory Properties: stable/11/ (props changed) Modified: stable/11/etc/Makefile == --- stable/11/etc/Makefile Thu Nov 3 00:26:58 2016(r308237) +++ stable/11/etc/Makefile Thu Nov 3 00:34:37 2016(r308238) @@ -459,7 +459,7 @@ distrib-dirs: ${MTREES:N/*} distrib-clea .endif etc-examples-install: ${META_DEPS} - cd ${.CURDIR}; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 444 \ + cd ${.CURDIR}; ${INSTALL} ${TAG_ARGS} -o ${BINOWN} -g ${BINGRP} -m 444 \ ${BIN1} ${BIN2} nsmb.conf opieaccess \ ${DESTDIR}${SHAREDIR}/examples/etc Modified: stable/11/gnu/lib/libgcc/Makefile == --- stable/11/gnu/lib/libgcc/Makefile Thu Nov 3 00:26:58 2016 (r308237) +++ stable/11/gnu/lib/libgcc/Makefile Thu Nov 3 00:34:37 2016 (r308238) @@ -393,11 +393,11 @@ _libinstall: _lib-eh-install _lib-eh-install: .if ${MK_INSTALLLIB} != "no" - ${INSTALL} -C -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} \ + ${INSTALL} ${TAG_ARGS} -C -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} \ ${_INSTALLFLAGS} libgcc_eh.a ${DESTDIR}${LIBDIR} .endif .if ${MK_PROFILE} != "no" - ${INSTALL} -C -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} \ + ${INSTALL} ${TAG_ARGS} -C -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} \ ${_INSTALLFLAGS} libgcc_eh_p.a ${DESTDIR}${LIBDIR} .endif Modified: stable/11/share/examples/Makefile == --- stable/11/share/examples/Makefile Thu Nov 3 00:26:58 2016 (r308237) +++ stable/11/share/examples/Makefile Thu Nov 3 00:34:37 2016 (r308238) @@ -250,7 +250,7 @@ copies: symlinks: .for i in ${LDIRS} rm -rf ${DESTDIR}${BINDIR}/$i - ln -s ${.CURDIR}/$i ${DESTDIR}${BINDIR}/$i + ${INSTALL} ${TAG_ARGS} -l s ${.CURDIR}/$i ${DESTDIR}${BINDIR}/$i .endfor etc-examples: Modified: stable/11/usr.bin/calendar/Makefile == --- stable/11/usr.bin/calendar/Makefile Thu Nov 3 00:26:58 2016 (r308237) +++ stable/11/usr.bin/calendar/Makefile Thu Nov 3 00:34:37 2016 (r308238) @@ -15,20 +15,22 @@ FR_LINKS= fr_FR.ISO8859-15 TEXTMODE?= 444 beforeinstall: - ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m ${TEXTMODE} \ + ${INSTALL} ${TAG_ARGS} -o ${BINOWN} -g ${BINGRP} -m ${TEXTMODE} \ ${.CURDIR}/calendars/calendar.* ${DESTDIR}${SHAREDIR}/calendar .for lang in ${INTER} - ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m ${TEXTMODE} \ + ${INSTALL} ${TAG_ARGS} -o ${BINOWN} -g ${BINGRP} -m ${TEXTMODE} \ ${.CURDIR}/calendars/${lang}/calendar.* \ ${DESTDIR}${SHAREDIR}/calendar/${lang} .endfor .for link in ${DE_LINKS} rm -rf ${DESTDIR}${SHAREDIR}/calendar/${link} - ln -s de_DE.ISO8859-1 ${DESTDIR}${SHAREDIR}/calendar/${link} + ${INSTALL} ${TAG_ARGS} -l s de_DE.ISO8859-1 \ + ${DESTDIR}${SHAREDIR}/calendar/${link} .endfor .for link in ${FR_LINKS} rm -rf ${DESTDIR}${SHAREDIR}/calendar/${link} - ln -s fr_FR.ISO8859-1 ${DESTDIR}${SHAREDIR}/calendar/${link} + ${INSTALL} ${TAG_ARGS} -l s fr_FR.ISO8859-1 \ + ${DESTDIR}${SHAREDIR}/calendar/${link} .endfor .if ${MK_TESTS} != "no" ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308237 - head/sys/netpfil/ipfw
Author: loos Date: Thu Nov 3 00:26:58 2016 New Revision: 308237 URL: https://svnweb.freebsd.org/changeset/base/308237 Log: Remove the mbuf tag after use (for reinjected packets). Fixes the packet processing in dummynet l2 rules. Obtained from:pfSense MFC after:2 weeks Sponsored by: Rubicon Communications, LLC (Netgate) Modified: head/sys/netpfil/ipfw/ip_fw_pfil.c Modified: head/sys/netpfil/ipfw/ip_fw_pfil.c == --- head/sys/netpfil/ipfw/ip_fw_pfil.c Wed Nov 2 23:58:10 2016 (r308236) +++ head/sys/netpfil/ipfw/ip_fw_pfil.c Thu Nov 3 00:26:58 2016 (r308237) @@ -315,20 +315,15 @@ ipfw_check_frame(void *arg, struct mbuf struct ip_fw_args args; struct m_tag *mtag; - /* fetch start point from rule, if any */ + /* fetch start point from rule, if any. remove the tag if present. */ mtag = m_tag_locate(*m0, MTAG_IPFW_RULE, 0, NULL); if (mtag == NULL) { args.rule.slot = 0; } else { - /* dummynet packet, already partially processed */ - struct ipfw_rule_ref *r; - - /* XXX can we free it after use ? */ - mtag->m_tag_id = PACKET_TAG_NONE; - r = (struct ipfw_rule_ref *)(mtag + 1); - if (r->info & IPFW_ONEPASS) + args.rule = *((struct ipfw_rule_ref *)(mtag+1)); + m_tag_delete(*m0, mtag); + if (args.rule.info & IPFW_ONEPASS) return (0); - args.rule = *r; } /* I need some amt of data to be contiguous */ ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r308200 - in stable: 10/crypto/openssl/ssl 9/crypto/openssl/ssl
In message, Oliver Pinter writes: > On 11/2/16, Cy Schubert wrote: > > In message <201611020709.ua279wm3070...@repo.freebsd.org>, Xin LI writes: > >> Author: delphij > >> Date: Wed Nov 2 07:09:31 2016 > >> New Revision: 308200 > >> URL: https://svnweb.freebsd.org/changeset/base/308200 > >> > >> Log: > >> Backport OpenSSL commit af58be768ebb690f78530f796e92b8ae5c9a4401: > >> > >> Don't allow too many consecutive warning alerts > >> > >> Certain warning alerts are ignored if they are received. This can mean > >> th > >> at > >> no progress will be made if one peer continually sends those warning > >> aler > >> ts. > >> Implement a count so that we abort the connection if we receive too > >> many. > >> > >> Issue reported by Shi Lei. > >> > >> This is a direct commit to stable/10 and stable/9. > >> > >> Security:CVE-2016-8610 > >> > >> Modified: > >> stable/10/crypto/openssl/ssl/d1_pkt.c > >> stable/10/crypto/openssl/ssl/s3_pkt.c > >> stable/10/crypto/openssl/ssl/ssl.h > >> stable/10/crypto/openssl/ssl/ssl3.h > >> stable/10/crypto/openssl/ssl/ssl_locl.h > >> > >> Changes in other areas also in this revision: > >> Modified: > >> stable/9/crypto/openssl/ssl/d1_pkt.c > >> stable/9/crypto/openssl/ssl/s3_pkt.c > >> stable/9/crypto/openssl/ssl/ssl.h > >> stable/9/crypto/openssl/ssl/ssl3.h > >> stable/9/crypto/openssl/ssl/ssl_locl.h > >> > >> Modified: stable/10/crypto/openssl/ssl/d1_pkt.c > >> == > === > >> = > >> --- stable/10/crypto/openssl/ssl/d1_pkt.c Wed Nov 2 06:58:47 2016 > >>(r308199) > >> +++ stable/10/crypto/openssl/ssl/d1_pkt.c Wed Nov 2 07:09:31 2016 > >>(r308200) > >> @@ -924,6 +924,13 @@ int dtls1_read_bytes(SSL *s, int type, u > >> goto start; > >> } > >> > >> +/* > >> + * Reset the count of consecutive warning alerts if we've got a > >> non-empt > >> y > >> + * record that isn't an alert. > >> + */ > >> +if (rr->type != SSL3_RT_ALERT && rr->length != 0) > >> +s->s3->alert_count = 0; > >> + > >> /* we now have a packet which can be read and processed */ > >> > >> if (s->s3->change_cipher_spec /* set when we receive > >> ChangeCipherSpec, > >> @@ -1190,6 +1197,14 @@ int dtls1_read_bytes(SSL *s, int type, u > >> > >> if (alert_level == SSL3_AL_WARNING) { > >> s->s3->warn_alert = alert_descr; > >> + > >> +s->s3->alert_count++; > >> +if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) { > >> +al = SSL_AD_UNEXPECTED_MESSAGE; > >> +SSLerr(SSL_F_DTLS1_READ_BYTES, > >> SSL_R_TOO_MANY_WARN_ALERTS); > >> +goto f_err; > >> +} > >> + > >> if (alert_descr == SSL_AD_CLOSE_NOTIFY) { > >> #ifndef OPENSSL_NO_SCTP > >> /* > >> > >> Modified: stable/10/crypto/openssl/ssl/s3_pkt.c > >> == > === > >> = > >> --- stable/10/crypto/openssl/ssl/s3_pkt.c Wed Nov 2 06:58:47 2016 > >>(r308199) > >> +++ stable/10/crypto/openssl/ssl/s3_pkt.c Wed Nov 2 07:09:31 2016 > >>(r308200) > >> @@ -1057,6 +1057,13 @@ int ssl3_read_bytes(SSL *s, int type, un > >> return (ret); > >> } > >> > >> +/* > >> + * Reset the count of consecutive warning alerts if we've got a > >> non-empt > >> y > >> + * record that isn't an alert. > >> + */ > >> +if (rr->type != SSL3_RT_ALERT && rr->length != 0) > >> +s->s3->alert_count = 0; > >> + > >> /* we now have a packet which can be read and processed */ > >> > >> if (s->s3->change_cipher_spec /* set when we receive > >> ChangeCipherSpec, > >> @@ -1271,6 +1278,14 @@ int ssl3_read_bytes(SSL *s, int type, un > >> > >> if (alert_level == SSL3_AL_WARNING) { > >> s->s3->warn_alert = alert_descr; > >> + > >> +s->s3->alert_count++; > >> +if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) { > >> +al = SSL_AD_UNEXPECTED_MESSAGE; > >> +SSLerr(SSL_F_SSL3_READ_BYTES, > >> SSL_R_TOO_MANY_WARN_ALERTS); > >> +goto f_err; > >> +} > >> + > >> if (alert_descr == SSL_AD_CLOSE_NOTIFY) { > >> s->shutdown |= SSL_RECEIVED_SHUTDOWN; > >> return (0); > >> > >> Modified: stable/10/crypto/openssl/ssl/ssl.h > >> == > === > >> = > >> --- stable/10/crypto/openssl/ssl/ssl.h Wed Nov 2 06:58:47 2016 > >>(r308199) > >> +++ stable/10/crypto/openssl/ssl/ssl.h Wed Nov 2 07:09:31 2016 > >>(r308200) > >> @@ -2717,6 +2717,7 @@ void ERR_load_SSL_strings(void); > >> # define SSL_R_TLS_HEARTBEAT_PENDING 366 > >> # define
svn commit: r308236 - head/sys/arm/allwinner
Author: jmcneill Date: Wed Nov 2 23:58:10 2016 New Revision: 308236 URL: https://svnweb.freebsd.org/changeset/base/308236 Log: Add support for the integrated DMA controller found in the Allwinner A31, A64, A83T, and H3 SoCs. Relnotes: yes Added: head/sys/arm/allwinner/a31_dmac.c (contents, props changed) Modified: head/sys/arm/allwinner/files.allwinner Added: head/sys/arm/allwinner/a31_dmac.c == --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sys/arm/allwinner/a31_dmac.c Wed Nov 2 23:58:10 2016 (r308236) @@ -0,0 +1,557 @@ +/*- + * Copyright (c) 2016 Jared D. McNeill+ * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + *notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + *notice, this list of conditions and the following disclaimer in the + *documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ + +/* + * Allwinner DMA controller + */ + +#include +__FBSDID("$FreeBSD$"); + +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include +#include + +#include +#include +#include + +#include "sunxi_dma_if.h" + +#defineDMA_IRQ_EN_REG0 0x00 +#defineDMA_IRQ_EN_REG1 0x04 +#defineDMA_IRQ_EN_REG(ch) (DMA_IRQ_EN_REG0 + ((ch) / 8) * 4) +#define DMA_PKG_IRQ_EN(ch) (1 << (((ch) % 8) * 4 + 1)) +#define DMA_PKG_IRQ_MASK 0xULL +#defineDMA_IRQ_PEND_REG0 0x10 +#defineDMA_IRQ_PEND_REG1 0x14 +#defineDMA_IRQ_PEND_REG(ch)(DMA_IRQ_PEND_REG0 + ((ch) / 8) * 4) +#defineDMA_STA_REG 0x30 +#defineDMA_EN_REG(n) (0x100 + (n) * 0x40 + 0x00) +#define DMA_EN (1 << 0) +#defineDMA_PAU_REG(n) (0x100 + (n) * 0x40 + 0x04) +#defineDMA_STAR_ADDR_REG(n)(0x100 + (n) * 0x40 + 0x08) +#defineDMA_CFG_REG(n) (0x100 + (n) * 0x40 + 0x0c) +#define DMA_DEST_DATA_WIDTH(0x3 << 25) +#define DMA_DEST_DATA_WIDTH_SHIFT 25 +#define DMA_DEST_BST_LEN (0x3 << 22) +#define DMA_DEST_BST_LEN_SHIFT 22 +#define DMA_DEST_ADDR_MODE (0x1 << 21) +#define DMA_DEST_ADDR_MODE_SHIFT 21 +#define DMA_DEST_DRQ_TYPE (0x1f << 16) +#define DMA_DEST_DRQ_TYPE_SHIFT16 +#define DMA_SRC_DATA_WIDTH (0x3 << 9) +#define DMA_SRC_DATA_WIDTH_SHIFT 9 +#define DMA_SRC_BST_LEN(0x3 << 6) +#define DMA_SRC_BST_LEN_SHIFT 6 +#define DMA_SRC_ADDR_MODE (0x1 << 5) +#define DMA_SRC_ADDR_MODE_SHIFT5 +#define DMA_SRC_DRQ_TYPE (0x1f << 0) +#define DMA_SRC_DRQ_TYPE_SHIFT 0 +#define DMA_DATA_WIDTH_8BIT0 +#define DMA_DATA_WIDTH_16BIT 1 +#define DMA_DATA_WIDTH_32BIT 2 +#define DMA_DATA_WIDTH_64BIT 3 +#define DMA_ADDR_MODE_LINEAR 0 +#define DMA_ADDR_MODE_IO 1 +#define DMA_BST_LEN_1 0 +#define DMA_BST_LEN_4 1 +#define DMA_BST_LEN_8 2 +#define DMA_BST_LEN_16 3 +#defineDMA_CUR_SRC_REG(n) (0x100 + (n) * 0x40 + 0x10) +#defineDMA_CUR_DEST_REG(n) (0x100 + (n) * 0x40 + 0x14) +#defineDMA_BCNT_LEFT_REG(n)(0x100 + (n) * 0x40 + 0x18) +#defineDMA_PARA_REG(n) (0x100 + (n) * 0x40 + 0x1c) +#define WAIT_CYC (0xff << 0) +#define WAIT_CYC_SHIFT 0 + +struct a31dmac_desc { + uint32_tconfig; + uint32_t
svn commit: r308235 - head/sys/arm/allwinner
Author: jmcneill Date: Wed Nov 2 23:53:47 2016 New Revision: 308235 URL: https://svnweb.freebsd.org/changeset/base/308235 Log: Register the device's xref handle at attach time. Modified: head/sys/arm/allwinner/a10_dmac.c Modified: head/sys/arm/allwinner/a10_dmac.c == --- head/sys/arm/allwinner/a10_dmac.c Wed Nov 2 23:49:57 2016 (r308234) +++ head/sys/arm/allwinner/a10_dmac.c Wed Nov 2 23:53:47 2016 (r308235) @@ -168,6 +168,7 @@ a10dmac_attach(device_t dev) return (ENXIO); } + OF_device_register_xref(OF_xref_from_node(ofw_bus_get_node(dev)), dev); return (0); } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308234 - head/sys/arm/allwinner/clk
Author: jmcneill Date: Wed Nov 2 23:49:57 2016 New Revision: 308234 URL: https://svnweb.freebsd.org/changeset/base/308234 Log: Add support for H3 PLL2 (PLL_Audio). Modified: head/sys/arm/allwinner/clk/aw_pll.c Modified: head/sys/arm/allwinner/clk/aw_pll.c == --- head/sys/arm/allwinner/clk/aw_pll.c Wed Nov 2 23:46:23 2016 (r308233) +++ head/sys/arm/allwinner/clk/aw_pll.c Wed Nov 2 23:49:57 2016 (r308234) @@ -171,6 +171,15 @@ __FBSDID("$FreeBSD$"); #defineA83T_PLLCPUX_POSTDIV_M (0x3 << 0) #defineA83T_PLLCPUX_POSTDIV_M_SHIFT0 +#defineH3_PLL2_LOCK(1 << 28) +#defineH3_PLL2_SDM_EN (1 << 24) +#defineH3_PLL2_POST_DIV(0xf << 16) +#defineH3_PLL2_POST_DIV_SHIFT 16 +#defineH3_PLL2_FACTOR_N(0x7f << 8) +#defineH3_PLL2_FACTOR_N_SHIFT 8 +#defineH3_PLL2_PRE_DIV (0x1f << 0) +#defineH3_PLL2_PRE_DIV_SHIFT 0 + #defineCLKID_A10_PLL3_1X 0 #defineCLKID_A10_PLL3_2X 1 @@ -278,6 +287,11 @@ static struct aw_pll_factor aw_a23_pll1_ PLLFACTOR(25, 2, 0, 0, 187200), }; +static struct aw_pll_factor aw_h3_pll2_factors[] = { + PLLFACTOR(13, 0, 0, 13, 24576000), + PLLFACTOR(6, 0, 0, 7, 22579200), +}; + enum aw_pll_type { AWPLL_A10_PLL1 = 1, AWPLL_A10_PLL2, @@ -292,6 +306,7 @@ enum aw_pll_type { AWPLL_A80_PLL4, AWPLL_A83T_PLLCPUX, AWPLL_H3_PLL1, + AWPLL_H3_PLL2, }; struct aw_pll_sc { @@ -698,6 +713,85 @@ a13_pll2_set_freq(struct aw_pll_sc *sc, } static int +h3_pll2_recalc(struct aw_pll_sc *sc, uint64_t *freq) +{ + uint32_t val, p, n, m; + + DEVICE_LOCK(sc); + PLL_READ(sc, ); + DEVICE_UNLOCK(sc); + + p = ((val & H3_PLL2_POST_DIV) >> H3_PLL2_POST_DIV_SHIFT) + 1; + n = ((val & H3_PLL2_FACTOR_N) >> H3_PLL2_FACTOR_N_SHIFT) + 1; + m = ((val & H3_PLL2_PRE_DIV) >> H3_PLL2_PRE_DIV_SHIFT) + 1; + + switch (sc->id) { + case SUN4I_A10_PLL2_1X: + *freq = (*freq * n) / (m * p); + break; + case SUN4I_A10_PLL2_2X: + *freq = (*freq * 2 * n) / m / 4; + break; + case SUN4I_A10_PLL2_4X: + *freq = (*freq * 2 * n) / m / 2; + break; + case SUN4I_A10_PLL2_8X: + *freq = (*freq * 2 * n) / m; + break; + default: + return (EINVAL); + } + + return (0); +} + +static int +h3_pll2_set_freq(struct aw_pll_sc *sc, uint64_t fin, uint64_t *fout, +int flags) +{ + struct aw_pll_factor *f; + uint32_t val; + int n, error, retry; + + if (sc->id != SUN4I_A10_PLL2_1X) + return (ENXIO); + + f = NULL; + for (n = 0; n < nitems(aw_h3_pll2_factors); n++) { + if (aw_h3_pll2_factors[n].freq == *fout) { + f = _h3_pll2_factors[n]; + break; + } + } + if (f == NULL) + return (EINVAL); + + DEVICE_LOCK(sc); + PLL_READ(sc, ); + val &= ~(H3_PLL2_POST_DIV|H3_PLL2_FACTOR_N|H3_PLL2_PRE_DIV); + val |= (f->p << H3_PLL2_POST_DIV_SHIFT); + val |= (f->n << H3_PLL2_FACTOR_N_SHIFT); + val |= (f->m << H3_PLL2_PRE_DIV_SHIFT); + val |= AW_PLL_ENABLE; + PLL_WRITE(sc, val); + + /* Wait for lock */ + error = 0; + for (retry = 0; retry < 1000; retry++) { + PLL_READ(sc, ); + if ((val & H3_PLL2_LOCK) != 0) + break; + DELAY(100); + } + if (retry == 0) + error = ETIMEDOUT; + + DEVICE_UNLOCK(sc); + + return (error); +} + +static int a23_pll1_set_freq(struct aw_pll_sc *sc, uint64_t fin, uint64_t *fout, int flags) { @@ -1006,6 +1100,7 @@ static struct aw_pll_funcs aw_pll_func[] PLL(AWPLL_A83T_PLLCPUX, a83t_pllcpux_recalc, a83t_pllcpux_set_freq, NULL), PLL(AWPLL_A64_PLLHSIC, a64_pllhsic_recalc, NULL, a64_pllhsic_init), PLL(AWPLL_H3_PLL1, a23_pll1_recalc, h3_pll1_set_freq, NULL), + PLL(AWPLL_H3_PLL2, h3_pll2_recalc, h3_pll2_set_freq, NULL), }; static struct ofw_compat_data compat_data[] = { @@ -1020,6 +1115,7 @@ static struct ofw_compat_data compat_dat { "allwinner,sun8i-a23-pll1-clk", AWPLL_A23_PLL1 }, { "allwinner,sun8i-a83t-pllcpux-clk", AWPLL_A83T_PLLCPUX }, { "allwinner,sun8i-h3-pll1-clk",AWPLL_H3_PLL1 }, + { "allwinner,sun8i-h3-pll2-clk",AWPLL_H3_PLL2 }, { "allwinner,sun9i-a80-pll4-clk", AWPLL_A80_PLL4 }, { "allwinner,sun50i-a64-pllhsic-clk", AWPLL_A64_PLLHSIC }, { NULL, 0 } ___
svn commit: r308233 - head/sys/arm/allwinner/clk
Author: jmcneill Date: Wed Nov 2 23:46:23 2016 New Revision: 308233 URL: https://svnweb.freebsd.org/changeset/base/308233 Log: The DTS may report fewer than 4 parents for a module clock. Avoid setting the module clock parent to an out-of-range index in these cases. Modified: head/sys/arm/allwinner/clk/aw_modclk.c Modified: head/sys/arm/allwinner/clk/aw_modclk.c == --- head/sys/arm/allwinner/clk/aw_modclk.c Wed Nov 2 23:44:30 2016 (r308232) +++ head/sys/arm/allwinner/clk/aw_modclk.c Wed Nov 2 23:46:23 2016 (r308233) @@ -53,7 +53,6 @@ __FBSDID("$FreeBSD$"); #defineSCLK_GATING (1 << 31) #defineCLK_SRC_SEL (0x3 << 24) #defineCLK_SRC_SEL_SHIFT 24 -#defineCLK_SRC_SEL_MAX 0x3 #defineCLK_RATIO_N (0x3 << 16) #defineCLK_RATIO_N_SHIFT 16 #defineCLK_RATIO_N_MAX 0x3 @@ -69,6 +68,7 @@ static struct ofw_compat_data compat_dat struct aw_modclk_sc { device_tclkdev; bus_addr_t reg; + u_int parent_cnt; }; #defineMODCLK_READ(sc, val)CLKDEV_READ_4((sc)->clkdev, (sc)->reg, (val)) @@ -102,7 +102,7 @@ aw_modclk_set_mux(struct clknode *clk, i sc = clknode_get_softc(clk); - if (index < 0 || index > CLK_SRC_SEL_MAX) + if (index < 0 || index >= sc->parent_cnt) return (ERANGE); DEVICE_LOCK(sc); @@ -170,7 +170,7 @@ aw_modclk_set_freq(struct clknode *clk, best_diff = (int64_t)*fout; best_src = 0; - for (src = 0; src < CLK_SRC_SEL_MAX; src++) { + for (src = 0; src < sc->parent_cnt; src++) { error = clknode_set_parent_by_idx(clk, src); if (error != 0) continue; @@ -299,6 +299,7 @@ aw_modclk_attach(device_t dev) sc = clknode_get_softc(clk); sc->reg = paddr; sc->clkdev = device_get_parent(dev); + sc->parent_cnt = def.parent_cnt; clknode_register(clkdom, clk); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308232 - head/sys/dev/sdhci
Author: jhibbits Date: Wed Nov 2 23:44:30 2016 New Revision: 308232 URL: https://svnweb.freebsd.org/changeset/base/308232 Log: Since it's no longer accessing a powerpc-specific register, drop the #ifdef. Modified: head/sys/dev/sdhci/fsl_sdhci.c Modified: head/sys/dev/sdhci/fsl_sdhci.c == --- head/sys/dev/sdhci/fsl_sdhci.c Wed Nov 2 23:43:18 2016 (r308231) +++ head/sys/dev/sdhci/fsl_sdhci.c Wed Nov 2 23:44:30 2016 (r308232) @@ -869,12 +869,10 @@ fsl_sdhci_attach(device_t dev) * * XXX need named constants for this stuff. */ -#ifdef __powerpc__ /* P1022 has the '*_BRST_LEN' fields as reserved, always reading 0x10 */ if (ofw_bus_is_compatible(dev, "fsl,p1022-esdhc")) WR4(sc, SDHC_WTMK_LVL, 0x10801080); else -#endif WR4(sc, SDHC_WTMK_LVL, 0x08800880); /* ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308231 - head/sys/dev/sdhci
Author: jhibbits Date: Wed Nov 2 23:43:18 2016 New Revision: 308231 URL: https://svnweb.freebsd.org/changeset/base/308231 Log: Fix the build. protctl is only used on powerpc. While here, remove the need to check the SVR SPR, as others may be compatible with the p1022-esdhc type. Replaced: head/sys/dev/sdhci/fsl_sdhci.c - copied, changed from r308095, head/sys/arm/freescale/imx/imx_sdhci.c Copied and modified: head/sys/dev/sdhci/fsl_sdhci.c (from r308095, head/sys/arm/freescale/imx/imx_sdhci.c) == --- head/sys/arm/freescale/imx/imx_sdhci.c Sat Oct 29 18:47:28 2016 (r308095, copy source) +++ head/sys/dev/sdhci/fsl_sdhci.c Wed Nov 2 23:43:18 2016 (r308231) @@ -28,7 +28,7 @@ __FBSDID("$FreeBSD$"); /* - * SDHCI driver glue for Freescale i.MX SoC family. + * SDHCI driver glue for Freescale i.MX SoC and QorIQ families. * * This supports both eSDHC (earlier SoCs) and uSDHC (more recent SoCs). */ @@ -38,6 +38,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include #include @@ -52,9 +53,11 @@ __FBSDID("$FreeBSD$"); #include #include +#ifdef __arm__ #include #include +#endif #include #include @@ -66,7 +69,7 @@ __FBSDID("$FreeBSD$"); #include #include "sdhci_if.h" -struct imx_sdhci_softc { +struct fsl_sdhci_softc { device_tdev; struct resource * mem_res; struct resource * irq_res; @@ -88,8 +91,8 @@ struct imx_sdhci_softc { #defineR1BFIX_AC12 2 /* Wait for busy after auto command 12. */ #defineHWTYPE_NONE 0 /* Hardware not recognized/supported. */ -#defineHWTYPE_ESDHC1 /* imx5x and earlier. */ -#defineHWTYPE_USDHC2 /* imx6. */ +#defineHWTYPE_ESDHC1 /* fsl5x and earlier. */ +#defineHWTYPE_USDHC2 /* fsl6. */ /* * Freescale-specific registers, or in some cases the layout of bits within the @@ -146,7 +149,6 @@ struct imx_sdhci_softc { #define SDHC_PROT_CDSS (1 << 7) #defineSDHC_SYS_CTRL 0x2c -#defineSDHC_INT_STATUS 0x30 /* * The clock enable bits exist in different registers for ESDHC vs USDHC, but @@ -169,31 +171,32 @@ static struct ofw_compat_data compat_dat {"fsl,imx6sl-usdhc",HWTYPE_USDHC}, {"fsl,imx53-esdhc", HWTYPE_ESDHC}, {"fsl,imx51-esdhc", HWTYPE_ESDHC}, + {"fsl,esdhc", HWTYPE_ESDHC}, {NULL, HWTYPE_NONE}, }; -static uint16_t imx_sdhc_get_clock(struct imx_sdhci_softc *sc); -static void imx_sdhc_set_clock(struct imx_sdhci_softc *sc, uint16_t val); -static void imx_sdhci_r1bfix_func(void *arg); +static uint16_t fsl_sdhc_get_clock(struct fsl_sdhci_softc *sc); +static void fsl_sdhc_set_clock(struct fsl_sdhci_softc *sc, uint16_t val); +static void fsl_sdhci_r1bfix_func(void *arg); static inline uint32_t -RD4(struct imx_sdhci_softc *sc, bus_size_t off) +RD4(struct fsl_sdhci_softc *sc, bus_size_t off) { return (bus_read_4(sc->mem_res, off)); } static inline void -WR4(struct imx_sdhci_softc *sc, bus_size_t off, uint32_t val) +WR4(struct fsl_sdhci_softc *sc, bus_size_t off, uint32_t val) { bus_write_4(sc->mem_res, off, val); } static uint8_t -imx_sdhci_read_1(device_t dev, struct sdhci_slot *slot, bus_size_t off) +fsl_sdhci_read_1(device_t dev, struct sdhci_slot *slot, bus_size_t off) { - struct imx_sdhci_softc *sc = device_get_softc(dev); + struct fsl_sdhci_softc *sc = device_get_softc(dev); uint32_t val32, wrk32; /* @@ -246,9 +249,9 @@ imx_sdhci_read_1(device_t dev, struct sd } static uint16_t -imx_sdhci_read_2(device_t dev, struct sdhci_slot *slot, bus_size_t off) +fsl_sdhci_read_2(device_t dev, struct sdhci_slot *slot, bus_size_t off) { - struct imx_sdhci_softc *sc = device_get_softc(dev); + struct fsl_sdhci_softc *sc = device_get_softc(dev); uint32_t val32; if (sc->hwtype == HWTYPE_USDHC) { @@ -297,16 +300,16 @@ imx_sdhci_read_2(device_t dev, struct sd * hardware type, complex enough to have their own function. */ if (off == SDHCI_CLOCK_CONTROL) { - return (imx_sdhc_get_clock(sc)); + return (fsl_sdhc_get_clock(sc)); } return ((RD4(sc, off & ~3) >> (off & 3) * 8) & 0x); } static uint32_t -imx_sdhci_read_4(device_t dev, struct sdhci_slot *slot, bus_size_t off) +fsl_sdhci_read_4(device_t dev, struct sdhci_slot *slot, bus_size_t off) { - struct imx_sdhci_softc *sc = device_get_softc(dev); + struct fsl_sdhci_softc *sc = device_get_softc(dev); uint32_t val32, wrk32; val32 = RD4(sc, off); @@ -348,7 +351,7 @@ imx_sdhci_read_4(device_t dev, struct sd } /* -* imx_sdhci_intr() can synthesize a
svn commit: r308230 - head/sys/dev/ioat
Author: cem Date: Wed Nov 2 23:18:16 2016 New Revision: 308230 URL: https://svnweb.freebsd.org/changeset/base/308230 Log: ioat(4): Read CHANSTS register for suspended/halted checks The device doesn't accurately update the CHANCMP address with the device state when the device is suspended or halted. So, read the CHANSTS register to check for those states. We still need to read the CHANCMP address for the last completed descriptor. Sponsored by: Dell EMC Isilon Modified: head/sys/dev/ioat/ioat.c Modified: head/sys/dev/ioat/ioat.c == --- head/sys/dev/ioat/ioat.cWed Nov 2 22:33:37 2016(r308229) +++ head/sys/dev/ioat/ioat.cWed Nov 2 23:18:16 2016(r308230) @@ -747,6 +747,12 @@ out: wakeup(>tail); } + /* +* The device doesn't seem to reliably push suspend/halt statuses to +* the channel completion memory address, so poll the device register +* here. +*/ + comp_update = ioat_get_chansts(ioat) & IOAT_CHANSTS_STATUS; if (!is_ioat_halted(comp_update) && !is_ioat_suspended(comp_update)) return; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308229 - head/bin/sh/tests/execution
Author: jilles Date: Wed Nov 2 22:33:37 2016 New Revision: 308229 URL: https://svnweb.freebsd.org/changeset/base/308229 Log: sh: Add simple test for 'set -C' (noclobber). To ensure fast test runs, race conditions are not tested. Added: head/bin/sh/tests/execution/set-C1.0 (contents, props changed) Modified: head/bin/sh/tests/execution/Makefile Modified: head/bin/sh/tests/execution/Makefile == --- head/bin/sh/tests/execution/MakefileWed Nov 2 20:57:20 2016 (r308228) +++ head/bin/sh/tests/execution/MakefileWed Nov 2 22:33:37 2016 (r308229) @@ -37,6 +37,7 @@ ${PACKAGE}FILES+= redir4.0 ${PACKAGE}FILES+= redir5.0 ${PACKAGE}FILES+= redir6.0 ${PACKAGE}FILES+= redir7.0 +${PACKAGE}FILES+= set-C1.0 ${PACKAGE}FILES+= set-n1.0 ${PACKAGE}FILES+= set-n2.0 ${PACKAGE}FILES+= set-n3.0 Added: head/bin/sh/tests/execution/set-C1.0 == --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/bin/sh/tests/execution/set-C1.0Wed Nov 2 22:33:37 2016 (r308229) @@ -0,0 +1,12 @@ +# $FreeBSD$ + +T=$(mktemp -d "${TMPDIR:-/tmp}/sh-test.") || exit +trap 'rm -rf "$T"' 0 + +set -C +echo . >"$T/a" && +[ -s "$T/a" ] && +{ ! true >"$T/a"; } 2>/dev/null && +[ -s "$T/a" ] && +ln -s /dev/null "$T/b" && +true >"$T/b" ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308228 - head/sys/kern
Author: kib Date: Wed Nov 2 20:57:20 2016 New Revision: 308228 URL: https://svnweb.freebsd.org/changeset/base/308228 Log: Remove remnants of the recursive sleep support. Instead assert that we never try to sleep while the thread is on a sleepqueue. Reviewed by: jhb Tested by:pho Sponsored by: The FreeBSD Foundation MFC after:1 week Differential revision:https://reviews.freebsd.org/D8422 Modified: head/sys/kern/kern_synch.c Modified: head/sys/kern/kern_synch.c == --- head/sys/kern/kern_synch.c Wed Nov 2 19:18:24 2016(r308227) +++ head/sys/kern/kern_synch.c Wed Nov 2 20:57:20 2016(r308228) @@ -170,13 +170,7 @@ _sleep(void *ident, struct lock_object * catch = priority & PCATCH; pri = priority & PRIMASK; - /* -* If we are already on a sleep queue, then remove us from that -* sleep queue first. We have to do this to handle recursive -* sleeps. -*/ - if (TD_ON_SLEEPQ(td)) - sleepq_remove(td, td->td_wchan); + KASSERT(!TD_ON_SLEEPQ(td), ("recursive sleep")); if ((uint8_t *)ident >= _wchan[0] && (uint8_t *)ident <= _wchan[MAXCPU - 1]) ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308226 - in stable: 10/release/doc/share/xml 11/release/doc/share/xml 9/release/doc/share/xml
Author: gjb Date: Wed Nov 2 18:11:06 2016 New Revision: 308226 URL: https://svnweb.freebsd.org/changeset/base/308226 Log: Document SA-16:33-35. Sponsored by: The FreeBSD Foundation Modified: stable/11/release/doc/share/xml/security.xml Changes in other areas also in this revision: Modified: stable/10/release/doc/share/xml/security.xml stable/9/release/doc/share/xml/security.xml Modified: stable/11/release/doc/share/xml/security.xml == --- stable/11/release/doc/share/xml/security.xmlWed Nov 2 17:47:19 2016(r308225) +++ stable/11/release/doc/share/xml/security.xmlWed Nov 2 18:11:06 2016(r308226) @@ -24,6 +24,14 @@ 25October2016 Privilege escalation vulnerability + + + FreeBSD-SA-16:33.openssh + 2November2016 + Remote Denial of Service + vulnerability + ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308226 - in stable: 10/release/doc/share/xml 11/release/doc/share/xml 9/release/doc/share/xml
Author: gjb Date: Wed Nov 2 18:11:06 2016 New Revision: 308226 URL: https://svnweb.freebsd.org/changeset/base/308226 Log: Document SA-16:33-35. Sponsored by: The FreeBSD Foundation Modified: stable/9/release/doc/share/xml/security.xml Changes in other areas also in this revision: Modified: stable/10/release/doc/share/xml/security.xml stable/11/release/doc/share/xml/security.xml Modified: stable/9/release/doc/share/xml/security.xml == --- stable/9/release/doc/share/xml/security.xml Wed Nov 2 17:47:19 2016 (r308225) +++ stable/9/release/doc/share/xml/security.xml Wed Nov 2 18:11:06 2016 (r308226) @@ -496,6 +496,22 @@ 10October2016 Multiple vulnerabilities + + + FreeBSD-SA-16:34.bind + 2November2016 + Remote Denial of Service + vulnerability + + + + FreeBSD-SA-16:35.openssl + 2November2016 + Remote Denial of Service + vulnerability + ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308226 - in stable: 10/release/doc/share/xml 11/release/doc/share/xml 9/release/doc/share/xml
Author: gjb Date: Wed Nov 2 18:11:06 2016 New Revision: 308226 URL: https://svnweb.freebsd.org/changeset/base/308226 Log: Document SA-16:33-35. Sponsored by: The FreeBSD Foundation Modified: stable/10/release/doc/share/xml/security.xml Changes in other areas also in this revision: Modified: stable/11/release/doc/share/xml/security.xml stable/9/release/doc/share/xml/security.xml Modified: stable/10/release/doc/share/xml/security.xml == --- stable/10/release/doc/share/xml/security.xmlWed Nov 2 17:47:19 2016(r308225) +++ stable/10/release/doc/share/xml/security.xmlWed Nov 2 18:11:06 2016(r308226) @@ -131,6 +131,22 @@ 10October2016 Multiple vulnerabilities + + + FreeBSD-SA-16:33.openssh + 2November2016 + Remote Denial of Service + vulnerability + + + + FreeBSD-SA-16:35.openssl + 2November2016 + Remote Denial of Service + vulnerability + ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308225 - head/sys/dev/cpuctl
Author: avg Date: Wed Nov 2 17:47:19 2016 New Revision: 308225 URL: https://svnweb.freebsd.org/changeset/base/308225 Log: dev/cpuctl: put debug output under CPUCTL_DEBUG rather than DEBUG DEBUG is a well-known flag. It doesn't imply that there is a particular interest in cpuctl. MFC after:1 week Modified: head/sys/dev/cpuctl/cpuctl.c Modified: head/sys/dev/cpuctl/cpuctl.c == --- head/sys/dev/cpuctl/cpuctl.cWed Nov 2 17:34:33 2016 (r308224) +++ head/sys/dev/cpuctl/cpuctl.cWed Nov 2 17:47:19 2016 (r308225) @@ -57,7 +57,7 @@ static d_ioctl_t cpuctl_ioctl; #defineCPUCTL_VERSION 1 -#ifdef DEBUG +#ifdef CPUCTL_DEBUG # define DPRINTF(format,...) printf(format, __VA_ARGS__); #else # define DPRINTF(...) ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308224 - vendor-sys/illumos/dist/common/nvpair
Author: avg Date: Wed Nov 2 17:34:33 2016 New Revision: 308224 URL: https://svnweb.freebsd.org/changeset/base/308224 Log: 5778 nvpair_type_is_array() does not recognize DATA_TYPE_INT8_ARRAY illumos/illumos-gate@bf4d553b8a4685dc5ba4549cc9ba6d94e9306a81 https://github.com/illumos/illumos-gate/commit/bf4d553b8a4685dc5ba4549cc9ba6d94e9306a81 https://www.illumos.org/issues/5778 DATA_TYPE_INT8_ARRAY is missing from the array check in nvpair_type_is_array() Reviewed by: Matthew AhrensReviewed by: Prakash Surya Approved by: Dan McDonald Author: Andriy Gapon Modified: vendor-sys/illumos/dist/common/nvpair/nvpair.c Modified: vendor-sys/illumos/dist/common/nvpair/nvpair.c == --- vendor-sys/illumos/dist/common/nvpair/nvpair.c Wed Nov 2 17:33:22 2016(r308223) +++ vendor-sys/illumos/dist/common/nvpair/nvpair.c Wed Nov 2 17:34:33 2016(r308224) @@ -1230,6 +1230,7 @@ nvpair_type_is_array(nvpair_t *nvp) data_type_t type = NVP_TYPE(nvp); if ((type == DATA_TYPE_BYTE_ARRAY) || + (type == DATA_TYPE_INT8_ARRAY) || (type == DATA_TYPE_UINT8_ARRAY) || (type == DATA_TYPE_INT16_ARRAY) || (type == DATA_TYPE_UINT16_ARRAY) || ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308223 - vendor/illumos/dist/lib/libnvpair
Author: avg Date: Wed Nov 2 17:33:22 2016 New Revision: 308223 URL: https://svnweb.freebsd.org/changeset/base/308223 Log: 5752 dump_nvlist() is not aware of boolean array illumos/illumos-gate@ee3c499ad1e4fc884a11b2bc6490787b788bf84a https://github.com/illumos/illumos-gate/commit/ee3c499ad1e4fc884a11b2bc6490787b788bf84a https://www.illumos.org/issues/5752 dump_nvlist() is not aware of the boolean array value type: bad config type 24 for "foobar" Reviewed by: Dan KimmelReviewed by: Matthew Ahrens Reviewed by: Will Andrews Approved by: Robert Mustacchi Author: Andriy Gapon Modified: vendor/illumos/dist/lib/libnvpair/libnvpair.c Modified: vendor/illumos/dist/lib/libnvpair/libnvpair.c == --- vendor/illumos/dist/lib/libnvpair/libnvpair.c Wed Nov 2 17:32:31 2016(r308222) +++ vendor/illumos/dist/lib/libnvpair/libnvpair.c Wed Nov 2 17:33:22 2016(r308223) @@ -794,6 +794,7 @@ dump_nvlist(nvlist_t *list, int indent) { nvpair_t*elem = NULL; boolean_t bool_value; + boolean_t *bool_array_value; nvlist_t*nvlist_value; nvlist_t**nvlist_array_value; uint_t i, count; @@ -854,6 +855,16 @@ dump_nvlist(nvlist_t *list, int indent) NVP(elem, string, char *, char *, "'%s'"); break; + case DATA_TYPE_BOOLEAN_ARRAY: + (void) nvpair_value_boolean_array(elem, + _array_value, ); + for (i = 0; i < count; i++) { + (void) printf("%*s%s[%d]: %s\n", indent, "", + nvpair_name(elem), i, + bool_array_value[i] ? "true" : "false"); + } + break; + case DATA_TYPE_BYTE_ARRAY: NVPA(elem, byte_array, uchar_t, int, "%u"); break; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308222 - vendor/illumos/dist/lib/libzfs_core/common
Author: avg Date: Wed Nov 2 17:32:31 2016 New Revision: 308222 URL: https://svnweb.freebsd.org/changeset/base/308222 Log: 6051 lzc_receive: allow the caller to read the begin record illumos/illumos-gate@620f322510b2d6433f7f6af60fa52380c07756ad https://github.com/illumos/illumos-gate/commit/620f322510b2d6433f7f6af60fa52380c07756ad https://www.illumos.org/issues/6051 Currently lzc_receive() requires that its snapname argument is a snapshot name (contains ''). @zfs receive allows to specify just a dataset name and would try to deduce the snapshot name from the stream. I propose to allow lzc_receive() to do the same. That seems to be quite easy to implement, it requires only a small amount of logic, it does not require any additional system calls or any additional data from the stream. The benefit is that the new behavior would allow to keep the snapshot names the same between the sender and receiver at zero cost, without a need to pass the names out of band. Reviewed by: Matthew AhrensReviewed by: Paul Dagnelie Approved by: Robert Mustacchi Author: Andriy Gapon Modified: vendor/illumos/dist/lib/libzfs_core/common/libzfs_core.c vendor/illumos/dist/lib/libzfs_core/common/libzfs_core.h Modified: vendor/illumos/dist/lib/libzfs_core/common/libzfs_core.c == --- vendor/illumos/dist/lib/libzfs_core/common/libzfs_core.cWed Nov 2 17:12:15 2016(r308221) +++ vendor/illumos/dist/lib/libzfs_core/common/libzfs_core.cWed Nov 2 17:32:31 2016(r308222) @@ -549,8 +549,9 @@ recv_read(int fd, void *buf, int ilen) } static int -lzc_receive_impl(const char *snapname, nvlist_t *props, const char *origin, -boolean_t force, boolean_t resumable, int fd) +recv_impl(const char *snapname, nvlist_t *props, const char *origin, +boolean_t force, boolean_t resumable, int fd, +const dmu_replay_record_t *begin_record) { /* * The receive ioctl is still legacy, so we need to construct our own @@ -595,9 +596,14 @@ lzc_receive_impl(const char *snapname, n (void) strlcpy(zc.zc_string, origin, sizeof (zc.zc_string)); /* zc_begin_record is non-byteswapped BEGIN record */ - error = recv_read(fd, _begin_record, sizeof (zc.zc_begin_record)); - if (error != 0) - goto out; + if (begin_record == NULL) { + error = recv_read(fd, _begin_record, + sizeof (zc.zc_begin_record)); + if (error != 0) + goto out; + } else { + zc.zc_begin_record = *begin_record; + } /* zc_cookie is fd to read from */ zc.zc_cookie = fd; @@ -638,7 +644,7 @@ int lzc_receive(const char *snapname, nvlist_t *props, const char *origin, boolean_t force, int fd) { - return (lzc_receive_impl(snapname, props, origin, force, B_FALSE, fd)); + return (recv_impl(snapname, props, origin, force, B_FALSE, fd, NULL)); } /* @@ -651,7 +657,29 @@ int lzc_receive_resumable(const char *snapname, nvlist_t *props, const char *origin, boolean_t force, int fd) { - return (lzc_receive_impl(snapname, props, origin, force, B_TRUE, fd)); + return (recv_impl(snapname, props, origin, force, B_TRUE, fd, NULL)); +} + +/* + * Like lzc_receive, but allows the caller to read the begin record and then to + * pass it in. That could be useful if the caller wants to derive, for example, + * the snapname or the origin parameters based on the information contained in + * the begin record. + * The begin record must be in its original form as read from the stream, + * in other words, it should not be byteswapped. + * + * The 'resumable' parameter allows to obtain the same behavior as with + * lzc_receive_resumable. + */ +int +lzc_receive_with_header(const char *snapname, nvlist_t *props, +const char *origin, boolean_t force, boolean_t resumable, int fd, +const dmu_replay_record_t *begin_record) +{ + if (begin_record == NULL) + return (EINVAL); + return (recv_impl(snapname, props, origin, force, resumable, fd, + begin_record)); } /* Modified: vendor/illumos/dist/lib/libzfs_core/common/libzfs_core.h == --- vendor/illumos/dist/lib/libzfs_core/common/libzfs_core.hWed Nov 2 17:12:15 2016(r308221) +++ vendor/illumos/dist/lib/libzfs_core/common/libzfs_core.hWed Nov 2 17:32:31 2016(r308222) @@ -68,10 +68,15 @@ enum lzc_send_flags { int lzc_send(const char *, const char *, int, enum lzc_send_flags); int lzc_send_resume(const char *, const char *, int, enum lzc_send_flags, uint64_t, uint64_t); +int lzc_send_space(const char *, const char *, uint64_t *); + +struct
svn commit: r308221 - head/sys/dev/ichiic
Author: avg Date: Wed Nov 2 17:12:15 2016 New Revision: 308221 URL: https://svnweb.freebsd.org/changeset/base/308221 Log: fix typo in a comment MFC after:5 weeks X-MFC with: r308219 Modified: head/sys/dev/ichiic/ig4_iic.c Modified: head/sys/dev/ichiic/ig4_iic.c == --- head/sys/dev/ichiic/ig4_iic.c Wed Nov 2 17:07:18 2016 (r308220) +++ head/sys/dev/ichiic/ig4_iic.c Wed Nov 2 17:12:15 2016 (r308221) @@ -37,7 +37,7 @@ __FBSDID("$FreeBSD$"); /* - * Intel fourth generation mobile cpus integrated I2C deviceer. + * Intel fourth generation mobile cpus integrated I2C device. * * See ig4_reg.h for datasheet reference and notes. * See ig4_var.h for locking semantics. ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308220 - head/sys/dev/smbus
Author: avg Date: Wed Nov 2 17:07:18 2016 New Revision: 308220 URL: https://svnweb.freebsd.org/changeset/base/308220 Log: smbus: remove the potentially very dangerous slave probing code MFC after:5 weeks Modified: head/sys/dev/smbus/smbus.c Modified: head/sys/dev/smbus/smbus.c == --- head/sys/dev/smbus/smbus.c Wed Nov 2 17:04:00 2016(r308219) +++ head/sys/dev/smbus/smbus.c Wed Nov 2 17:07:18 2016(r308220) @@ -50,7 +50,6 @@ struct smbus_ivar /* * Autoconfiguration and support routines for System Management bus */ -static void smbus_probe_device(device_t dev, u_char addr); static int smbus_probe(device_t dev) @@ -65,13 +64,9 @@ static int smbus_attach(device_t dev) { struct smbus_softc *sc = device_get_softc(dev); - unsigned char addr; mtx_init(>lock, device_get_nameunit(dev), "smbus", MTX_DEF); bus_generic_probe(dev); - for (addr = SMBUS_ADDR_MIN; addr < SMBUS_ADDR_MAX; ++addr) { - smbus_probe_device(dev, addr); - } bus_enumerate_hinted_children(dev); bus_generic_attach(dev); @@ -98,30 +93,6 @@ smbus_generic_intr(device_t dev, u_char { } -static void -smbus_probe_device(device_t dev, u_char addr) -{ - device_t child; - int error; - u_char cmd; - u_char buf[2]; - struct smbus_ivar *devi; - - cmd = 0x01; - error = smbus_trans(dev, addr, cmd, - SMB_TRANS_NOCNT | SMB_TRANS_NOREPORT, - NULL, 0, buf, 1, NULL); - if (error == 0) { - if (bootverbose) - device_printf(dev, "Probed address 0x%02x\n", addr); - child = BUS_ADD_CHILD(dev, SMBUS_ORDER_PNP, NULL, -1); - if (child == NULL) - return; - devi = device_get_ivars(child); - devi->addr = addr; - } -} - static device_t smbus_add_child(device_t dev, u_int order, const char *name, int unit) { ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308219 - head/sys/dev/ichiic
Author: avg Date: Wed Nov 2 17:04:00 2016 New Revision: 308219 URL: https://svnweb.freebsd.org/changeset/base/308219 Log: ichiic/ig4: completely disengage from smbus MFC after:5 weeks Modified: head/sys/dev/ichiic/ig4_iic.c head/sys/dev/ichiic/ig4_pci.c head/sys/dev/ichiic/ig4_reg.h head/sys/dev/ichiic/ig4_var.h Modified: head/sys/dev/ichiic/ig4_iic.c == --- head/sys/dev/ichiic/ig4_iic.c Wed Nov 2 16:15:49 2016 (r308218) +++ head/sys/dev/ichiic/ig4_iic.c Wed Nov 2 17:04:00 2016 (r308219) @@ -37,7 +37,7 @@ __FBSDID("$FreeBSD$"); /* - * Intel fourth generation mobile cpus integrated I2C device, smbus driver. + * Intel fourth generation mobile cpus integrated I2C deviceer. * * See ig4_reg.h for datasheet reference and notes. * See ig4_var.h for locking semantics. @@ -60,7 +60,6 @@ __FBSDID("$FreeBSD$"); #include #include -#include #include #include @@ -236,18 +235,13 @@ data_read(ig4iic_softc_t *sc) * the target address for when the controller later issues a START. */ static void -set_slave_addr(ig4iic_softc_t *sc, uint8_t slave, int trans_op) +set_slave_addr(ig4iic_softc_t *sc, uint8_t slave) { uint32_t tar; uint32_t ctl; int use_10bit; - use_10bit = sc->use_10bit; - if (trans_op & SMB_TRANS_7BIT) - use_10bit = 0; - if (trans_op & SMB_TRANS_10BIT) - use_10bit = 1; - + use_10bit = 0; if (sc->slave_valid && sc->last_slave == slave && sc->use_10bit == use_10bit) { return; @@ -291,208 +285,12 @@ set_slave_addr(ig4iic_softc_t *sc, uint8 } /* - * Issue START with byte command, possible count, and a variable length - * read or write buffer, then possible turn-around read. The read also - * has a possible count received. - * - * For SMBUS - - * - * Quick: START+ADDR+RD/WR STOP - * - * Normal: START+ADDR+WR CMD DATA..DATA STOP - * - * START+ADDR+RD CMD - * RESTART+ADDR RDATA..RDATA STOP - * (can also be used for I2C transactions) - * - * Process Call: START+ADDR+WR CMD DATAL DATAH - * RESTART+ADDR+RD RDATAL RDATAH STOP - * - * Block: START+ADDR+RD CMD - * RESTART+ADDR+RD RCOUNT DATA... STOP - * - * START+ADDR+WR CMD - * RESTART+ADDR+WR WCOUNT DATA... STOP - * - * For I2C - basically, no *COUNT fields, possibly no *CMD field. If the - * sender needs to issue a 2-byte command it will incorporate it - * into the write buffer and also set NOCMD. - * - * Generally speaking, the START+ADDR / RESTART+ADDR is handled automatically - * by the controller at the beginning of a command sequence or on a data - * direction turn-around, and we only need to tell it when to issue the STOP. - */ -static int -smb_transaction(ig4iic_softc_t *sc, char cmd, int op, - char *wbuf, int wcount, char *rbuf, int rcount, int *actualp) -{ - int error; - int unit; - uint32_t last; - - /* -* Debugging - dump registers -*/ - if (ig4_dump) { - unit = device_get_unit(sc->dev); - if (ig4_dump & (1 << unit)) { - ig4_dump &= ~(1 << unit); - ig4iic_dump(sc); - } - } - - /* -* Issue START or RESTART with next data byte, clear any previous -* abort condition that may have been holding the txfifo in reset. -*/ - last = IG4_DATA_RESTART; - reg_read(sc, IG4_REG_CLR_TX_ABORT); - if (actualp) - *actualp = 0; - - /* -* Issue command if not told otherwise (smbus). -*/ - if ((op & SMB_TRANS_NOCMD) == 0) { - error = wait_status(sc, IG4_STATUS_TX_NOTFULL); - if (error) - goto done; - last |= (u_char)cmd; - if (wcount == 0 && rcount == 0 && (op & SMB_TRANS_NOSTOP) == 0) - last |= IG4_DATA_STOP; - reg_write(sc, IG4_REG_DATA_CMD, last); - last = 0; - } - - /* -* Clean out any previously received data. -*/ - if (sc->rpos != sc->rnext && - (op & SMB_TRANS_NOREPORT) == 0) { - device_printf(sc->dev, - "discarding %d bytes of spurious data\n", - sc->rnext - sc->rpos); - } - sc->rpos = 0; - sc->rnext = 0; - - /* -* If writing and not told otherwise, issue the write count (smbus). -*/ - if (wcount && (op & SMB_TRANS_NOCNT) == 0) { - error = wait_status(sc, IG4_STATUS_TX_NOTFULL); - if (error) - goto done; - last |=
Re: svn commit: r308181 - in head: . share/mk
On Wed, Nov 02, 2016 at 04:55:22AM -0230, Jonathan Anderson wrote: > Hi, > > On 1 Nov 2016, at 21:10, Dimitry Andric wrote: > > > Please note, I reverted r307823 (which changed the suffixes from .bco > > and .llo to .bc and .ll) in r308003, since it caused a number of ports > > failures. These ports were already using .ll as a suffix for C++ lex > > scripts. > > The changes to bsd.suffixes-posix.mk (included by sys.mk) would have affected > anything compiled with bmake, and indeed, I'd imagine that adding a .c->.ll > rule alongside .c->.o could cause problems with C++ lex rules. In fact, part > of brooks' original motivation for introducing .llo suffixes was to avoid > name conflicts (although conflicts with program IR like we're introducing in > this commit). The changes in this commit should only be picked up by things > that explicit include bsd.{lib,prog}.mk, however, and they also have slightly > more esoteric names (e.g., progname.full.ll) that are less likely to cause a > conflict. Perhaps I ought to have done an exp-run, but I suspect that this > commit will cause much less / no fallout. I don't suppose you have a list of > the ports that failed after your r307823 change so that I could do spot > checks? As a bit of background, the original motivation for the .bco and .llo files what that I wanted to differentiate between IR files produced from single translation units (.c files) and IR files produced by llvm-link so I didn't have to worry about things like name space collisions in the case of transitions like: clang llvm-link opt ld (prog.c, utils.c) => (prog.llo, util.llo) => prog.ll => prog.o => prog Part of the fun is that you might instead want: clang opt ld (prog.c, utils.c) => (prog.llo, util.llo) => (prog.o, util.o) => prog and for extra fun you might insert instrumentation at any IR stage so yet more suffixes may be required if your tools don't fit neatly into clang, opt, etc plugins. Make is lousy at this stuff so a certain about of ugliness is likely to remain required. -- Brooks signature.asc Description: PGP signature
svn commit: r308218 - in head: sys/dev/cpuctl usr.sbin/cpucontrol
Author: avg Date: Wed Nov 2 16:15:49 2016 New Revision: 308218 URL: https://svnweb.freebsd.org/changeset/base/308218 Log: Add support for microcode update on newer AMD CPUs (10h+) This includes new code for parsing microcode files as well as the kernel-side change to apply the update on all processors at the same time. Developed with help from Borislav Petkov, formerly b...@amd64.org. Tested using Athlon II X2 processor on a system where BIOS does not have the latest microcode version: /boot/firmware/microcode_amd.bin: updating cpu /dev/cpuctl0 to revision 0x1c7... done. The microcode file is taken from here: https://web.archive.org/web/20160528230514/http://www.amd64.org/microcode.html (note that the original site seems to be down at the moment) It can also be found here: https://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/tree/amd-ucode Reviewed by: kib, stas MFC after:2 weeks Relnotes: maybe Differential Revision: https://reviews.freebsd.org/D8384 Added: head/usr.sbin/cpucontrol/amd10h.c (contents, props changed) Modified: head/sys/dev/cpuctl/cpuctl.c head/usr.sbin/cpucontrol/Makefile head/usr.sbin/cpucontrol/amd.h head/usr.sbin/cpucontrol/cpucontrol.c Modified: head/sys/dev/cpuctl/cpuctl.c == --- head/sys/dev/cpuctl/cpuctl.cWed Nov 2 15:13:25 2016 (r308217) +++ head/sys/dev/cpuctl/cpuctl.cWed Nov 2 16:15:49 2016 (r308218) @@ -377,13 +377,24 @@ fail: return (ret); } +/* + * NB: MSR 0xc0010020, MSR_K8_UCODE_UPDATE, is not documented by AMD. + * Coreboot, illumos and Linux source code was used to understand + * its workings. + */ +static void +amd_ucode_wrmsr(void *ucode_ptr) +{ + uint32_t tmp[4]; + + wrmsr_safe(MSR_K8_UCODE_UPDATE, (uintptr_t)ucode_ptr); + do_cpuid(0, tmp); +} + static int update_amd(int cpu, cpuctl_update_args_t *args, struct thread *td) { - void *ptr = NULL; - uint32_t tmp[4]; - int is_bound = 0; - int oldcpu; + void *ptr; int ret; if (args->size == 0 || args->data == NULL) { @@ -394,41 +405,23 @@ update_amd(int cpu, cpuctl_update_args_t DPRINTF("[cpuctl,%d]: firmware image too large", __LINE__); return (EINVAL); } + /* -* XXX Might not require contignous address space - needs check +* 16 byte alignment required. Rely on the fact that +* malloc(9) always returns the pointer aligned at least on +* the size of the allocation. */ - ptr = contigmalloc(args->size, M_CPUCTL, 0, 0, 0x, 16, 0); - if (ptr == NULL) { - DPRINTF("[cpuctl,%d]: cannot allocate %zd bytes of memory", - __LINE__, args->size); - return (ENOMEM); - } + ptr = malloc(args->size + 16, M_CPUCTL, M_ZERO | M_WAITOK); if (copyin(args->data, ptr, args->size) != 0) { DPRINTF("[cpuctl,%d]: copyin %p->%p of %zd bytes failed", __LINE__, args->data, ptr, args->size); ret = EFAULT; goto fail; } - oldcpu = td->td_oncpu; - is_bound = cpu_sched_is_bound(td); - set_cpu(cpu, td); - critical_enter(); - - /* -* Perform update. -*/ - wrmsr_safe(MSR_K8_UCODE_UPDATE, (uintptr_t)ptr); - - /* -* Serialize instruction flow. -*/ - do_cpuid(0, tmp); - critical_exit(); - restore_cpu(oldcpu, is_bound, td); + smp_rendezvous(NULL, amd_ucode_wrmsr, NULL, ptr); ret = 0; fail: - if (ptr != NULL) - contigfree(ptr, args->size, M_CPUCTL); + free(ptr, M_CPUCTL); return (ret); } Modified: head/usr.sbin/cpucontrol/Makefile == --- head/usr.sbin/cpucontrol/Makefile Wed Nov 2 15:13:25 2016 (r308217) +++ head/usr.sbin/cpucontrol/Makefile Wed Nov 2 16:15:49 2016 (r308218) @@ -2,7 +2,7 @@ PROG= cpucontrol MAN= cpucontrol.8 -SRCS= cpucontrol.c intel.c amd.c via.c +SRCS= cpucontrol.c intel.c amd.c amd10h.c via.c NO_WCAST_ALIGN= Modified: head/usr.sbin/cpucontrol/amd.h == --- head/usr.sbin/cpucontrol/amd.h Wed Nov 2 15:13:25 2016 (r308217) +++ head/usr.sbin/cpucontrol/amd.h Wed Nov 2 16:15:49 2016 (r308218) @@ -33,6 +33,8 @@ */ ucode_probe_t amd_probe; ucode_update_t amd_update; +ucode_probe_t amd10h_probe; +ucode_update_t amd10h_update; typedef struct amd_fw_header { uint32_tdate; /* Update creation date. */ @@ -46,4 +48,45 @@ typedef struct amd_fw_header { #defineAMD_MAGIC 0xaa +/* + * AMD family 10h and later. + */
svn commit: r308217 - in head/sys/dev: mpr mps
Author: scottl Date: Wed Nov 2 15:13:25 2016 New Revision: 308217 URL: https://svnweb.freebsd.org/changeset/base/308217 Log: Add a fallback to the device mapper logic. We've seen systems in the field that are apparently misconfigured by the manufacturer and cause the mapping logic to fail. The fallback allows drive numbers to be assigned based on the PHY number that they're attached to. Add sysctls and tunables to overrid this new behavior, but they should be considered only necessary for debugging. Reviewed by: imp, smh Obtained from:Netflix MFC after:3 days Sponsored by: D8403 Modified: head/sys/dev/mpr/mpr.c head/sys/dev/mpr/mpr_sas_lsi.c head/sys/dev/mpr/mprvar.h head/sys/dev/mps/mps.c head/sys/dev/mps/mps_sas_lsi.c head/sys/dev/mps/mpsvar.h Modified: head/sys/dev/mpr/mpr.c == --- head/sys/dev/mpr/mpr.c Wed Nov 2 15:11:23 2016(r308216) +++ head/sys/dev/mpr/mpr.c Wed Nov 2 15:13:25 2016(r308217) @@ -1376,6 +1376,7 @@ mpr_get_tunables(struct mpr_softc *sc) sc->max_io_pages = MPR_MAXIO_PAGES; sc->enable_ssu = MPR_SSU_ENABLE_SSD_DISABLE_HDD; sc->spinup_wait_time = DEFAULT_SPINUP_WAIT; + sc->use_phynum = 1; /* * Grab the global variables. @@ -1387,6 +1388,7 @@ mpr_get_tunables(struct mpr_softc *sc) TUNABLE_INT_FETCH("hw.mpr.max_io_pages", >max_io_pages); TUNABLE_INT_FETCH("hw.mpr.enable_ssu", >enable_ssu); TUNABLE_INT_FETCH("hw.mpr.spinup_wait_time", >spinup_wait_time); + TUNABLE_INT_FETCH("hw.mpr.use_phy_num", >use_phynum); /* Grab the unit-instance variables */ snprintf(tmpstr, sizeof(tmpstr), "dev.mpr.%d.debug_level", @@ -1421,6 +1423,10 @@ mpr_get_tunables(struct mpr_softc *sc) snprintf(tmpstr, sizeof(tmpstr), "dev.mpr.%d.spinup_wait_time", device_get_unit(sc->mpr_dev)); TUNABLE_INT_FETCH(tmpstr, >spinup_wait_time); + + snprintf(tmpstr, sizeof(tmpstr), "dev.mpr.%d.use_phy_num", + device_get_unit(sc->mpr_dev)); + TUNABLE_INT_FETCH(tmpstr, >use_phynum); } static void @@ -1510,6 +1516,10 @@ mpr_setup_sysctl(struct mpr_softc *sc) OID_AUTO, "spinup_wait_time", CTLFLAG_RD, >spinup_wait_time, DEFAULT_SPINUP_WAIT, "seconds to wait for " "spinup after SATA ID error"); + + SYSCTL_ADD_INT(sysctl_ctx, SYSCTL_CHILDREN(sysctl_tree), + OID_AUTO, "use_phy_num", CTLFLAG_RD, >use_phynum, 0, + "Use the phy number for enumeration"); } int Modified: head/sys/dev/mpr/mpr_sas_lsi.c == --- head/sys/dev/mpr/mpr_sas_lsi.c Wed Nov 2 15:11:23 2016 (r308216) +++ head/sys/dev/mpr/mpr_sas_lsi.c Wed Nov 2 15:13:25 2016 (r308217) @@ -757,13 +757,24 @@ mprsas_add_device(struct mpr_softc *sc, } } - id = mpr_mapping_get_sas_id(sc, sas_address, handle); + /* +* use_phynum: +* 1 - use the PhyNum field as a fallback to the mapping logic +* 0 - never use the PhyNum field +* -1 - only use the PhyNum field +*/ + id = MPR_MAP_BAD_ID; + if (sc->use_phynum != -1) + id = mpr_mapping_get_sas_id(sc, sas_address, handle); if (id == MPR_MAP_BAD_ID) { - printf("failure at %s:%d/%s()! Could not get ID for device " - "with handle 0x%04x\n", __FILE__, __LINE__, __func__, - handle); - error = ENXIO; - goto out; + if ((sc->use_phynum == 0) +|| ((id = config_page.PhyNum) > sassc->maxtargets)) { + mpr_dprint(sc, MPR_INFO, "failure at %s:%d/%s()! " + "Could not get ID for device with handle 0x%04x\n", + __FILE__, __LINE__, __func__, handle); + error = ENXIO; + goto out; + } } if (mprsas_check_id(sassc, id) != 0) { @@ -772,9 +783,16 @@ mprsas_add_device(struct mpr_softc *sc, goto out; } + targ = >targets[id]; + if (targ->handle != 0x0) { + mpr_dprint(sc, MPR_MAPPING, "Attempting to reuse target id " + "%d handle 0x%04x\n", id, targ->handle); + error = ENXIO; + goto out; + } + mpr_dprint(sc, MPR_MAPPING, "SAS Address from SAS device page0 = %jx\n", sas_address); - targ = >targets[id]; targ->devinfo = device_info; targ->devname = le32toh(config_page.DeviceName.High); targ->devname = (targ->devname << 32) | Modified: head/sys/dev/mpr/mprvar.h == --- head/sys/dev/mpr/mprvar.h Wed Nov 2 15:11:23
svn commit: r308216 - head/usr.sbin/rtadvd
Author: fabient Date: Wed Nov 2 15:11:23 2016 New Revision: 308216 URL: https://svnweb.freebsd.org/changeset/base/308216 Log: In rtadvd, interface lookup calls if_indextoname() many times in a loop, (it takes a long time on systems with many interfaces) without reason and without checking its return value. Reviewed by: cem Obtained from: Maryse LevavasseurMFC after: 1 month Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D6979 Modified: head/usr.sbin/rtadvd/if.c Modified: head/usr.sbin/rtadvd/if.c == --- head/usr.sbin/rtadvd/if.c Wed Nov 2 14:25:30 2016(r308215) +++ head/usr.sbin/rtadvd/if.c Wed Nov 2 15:11:23 2016(r308216) @@ -470,11 +470,18 @@ update_ifinfo(struct ifilist_head_t *ifi ifindex != ifm->ifm_index) continue; + /* ifname */ + if (if_indextoname(ifm->ifm_index, ifname) == NULL) { + syslog(LOG_WARNING, + "<%s> ifname not found (idx=%d)", + __func__, ifm->ifm_index); + continue; + } + /* lookup an entry with the same ifindex */ TAILQ_FOREACH(ifi, ifi_head, ifi_next) { if (ifm->ifm_index == ifi->ifi_ifindex) break; - if_indextoname(ifm->ifm_index, ifname); if (strncmp(ifname, ifi->ifi_ifname, sizeof(ifname)) == 0) break; @@ -493,15 +500,7 @@ update_ifinfo(struct ifilist_head_t *ifi ifi->ifi_ifindex = ifm->ifm_index; /* ifname */ - if_indextoname(ifm->ifm_index, ifi->ifi_ifname); - if (ifi->ifi_ifname == NULL) { - syslog(LOG_WARNING, - "<%s> ifname not found (idx=%d)", - __func__, ifm->ifm_index); - if (ifi_new) - free(ifi); - continue; - } + strlcpy(ifi->ifi_ifname, ifname, IFNAMSIZ); if ((s = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) { syslog(LOG_ERR, ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308215 - head/sys/dev/e1000
Author: sbruno Date: Wed Nov 2 14:25:30 2016 New Revision: 308215 URL: https://svnweb.freebsd.org/changeset/base/308215 Log: Removed unused M_TSO_LEN. MFC after:2 weeks Modified: head/sys/dev/e1000/if_em.c Modified: head/sys/dev/e1000/if_em.c == --- head/sys/dev/e1000/if_em.c Wed Nov 2 13:11:19 2016(r308214) +++ head/sys/dev/e1000/if_em.c Wed Nov 2 14:25:30 2016(r308215) @@ -365,7 +365,6 @@ MODULE_DEPEND(em, netmap, 1, 1, 1); #define EM_TICKS_TO_USECS(ticks) ((1024 * (ticks) + 500) / 1000) #define EM_USECS_TO_TICKS(usecs) ((1000 * (usecs) + 512) / 1024) -#define M_TSO_LEN 66 #define MAX_INTS_PER_SEC 8000 #define DEFAULT_ITR(10/(MAX_INTS_PER_SEC * 256)) ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r308181 - in head: . share/mk
On 2 Nov 2016, at 6:11, Antoine Brodin wrote: On Wed, Nov 2, 2016 at 7:53 AM, Dimitry Andricwrote: Hi Antoine, you pointed me at some of these port failures due to the .ll change, do you still have a list of them? The failures were: http://gohan2.ysv.freebsd.org/data/head-amd64-default-baseline/p424659_s307951/logs/super-smack-1.3_2.log http://gohan2.ysv.freebsd.org/data/head-amd64-default-baseline/p424659_s307951/logs/dprog-0.3.1_2.log http://gohan2.ysv.freebsd.org/data/head-amd64-default-baseline/p424659_s307951/logs/ebnf2yacc-0.1.1.log http://gohan2.ysv.freebsd.org/data/head-amd64-default-baseline/p424659_s307951/logs/gnuchess-6.2.3.log http://gohan2.ysv.freebsd.org/data/head-amd64-default-baseline/p424659_s307951/logs/bugle-0.0.20100508_2.log http://gohan2.ysv.freebsd.org/data/head-amd64-default-baseline/p424659_s307951/logs/hfst-3.8.2.log http://gohan2.ysv.freebsd.org/data/head-amd64-default-baseline/p424659_s307951/logs/grap-1.45.log http://gohan2.ysv.freebsd.org/data/head-amd64-default-baseline/p424659_s307951/logs/g-cows-1.12.log http://gohan2.ysv.freebsd.org/data/head-amd64-default-baseline/p424659_s307951/logs/worker-3.8.4.log Thanks very much for that list. I've checked all of these ports with the new IR binary and library changes, and they all build successfully. So, I propose that we keep the new use of .bc and .ll within bsd.{lib,prog}.mk, as those changes only affect consumers that explicitly include these makefiles (vs the sys.mk changes that affect everybody). Jon -- Jonathan Anderson jonat...@freebsd.org ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r308200 - in stable: 10/crypto/openssl/ssl 9/crypto/openssl/ssl
On 11/2/16, Cy Schubertwrote: > In message <201611020709.ua279wm3070...@repo.freebsd.org>, Xin LI writes: >> Author: delphij >> Date: Wed Nov 2 07:09:31 2016 >> New Revision: 308200 >> URL: https://svnweb.freebsd.org/changeset/base/308200 >> >> Log: >> Backport OpenSSL commit af58be768ebb690f78530f796e92b8ae5c9a4401: >> >> Don't allow too many consecutive warning alerts >> >> Certain warning alerts are ignored if they are received. This can mean >> th >> at >> no progress will be made if one peer continually sends those warning >> aler >> ts. >> Implement a count so that we abort the connection if we receive too >> many. >> >> Issue reported by Shi Lei. >> >> This is a direct commit to stable/10 and stable/9. >> >> Security: CVE-2016-8610 >> >> Modified: >> stable/10/crypto/openssl/ssl/d1_pkt.c >> stable/10/crypto/openssl/ssl/s3_pkt.c >> stable/10/crypto/openssl/ssl/ssl.h >> stable/10/crypto/openssl/ssl/ssl3.h >> stable/10/crypto/openssl/ssl/ssl_locl.h >> >> Changes in other areas also in this revision: >> Modified: >> stable/9/crypto/openssl/ssl/d1_pkt.c >> stable/9/crypto/openssl/ssl/s3_pkt.c >> stable/9/crypto/openssl/ssl/ssl.h >> stable/9/crypto/openssl/ssl/ssl3.h >> stable/9/crypto/openssl/ssl/ssl_locl.h >> >> Modified: stable/10/crypto/openssl/ssl/d1_pkt.c >> = >> = >> --- stable/10/crypto/openssl/ssl/d1_pkt.cWed Nov 2 06:58:47 2016 >> (r308199) >> +++ stable/10/crypto/openssl/ssl/d1_pkt.cWed Nov 2 07:09:31 2016 >> (r308200) >> @@ -924,6 +924,13 @@ int dtls1_read_bytes(SSL *s, int type, u >> goto start; >> } >> >> +/* >> + * Reset the count of consecutive warning alerts if we've got a >> non-empt >> y >> + * record that isn't an alert. >> + */ >> +if (rr->type != SSL3_RT_ALERT && rr->length != 0) >> +s->s3->alert_count = 0; >> + >> /* we now have a packet which can be read and processed */ >> >> if (s->s3->change_cipher_spec /* set when we receive >> ChangeCipherSpec, >> @@ -1190,6 +1197,14 @@ int dtls1_read_bytes(SSL *s, int type, u >> >> if (alert_level == SSL3_AL_WARNING) { >> s->s3->warn_alert = alert_descr; >> + >> +s->s3->alert_count++; >> +if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) { >> +al = SSL_AD_UNEXPECTED_MESSAGE; >> +SSLerr(SSL_F_DTLS1_READ_BYTES, >> SSL_R_TOO_MANY_WARN_ALERTS); >> +goto f_err; >> +} >> + >> if (alert_descr == SSL_AD_CLOSE_NOTIFY) { >> #ifndef OPENSSL_NO_SCTP >> /* >> >> Modified: stable/10/crypto/openssl/ssl/s3_pkt.c >> = >> = >> --- stable/10/crypto/openssl/ssl/s3_pkt.cWed Nov 2 06:58:47 2016 >> (r308199) >> +++ stable/10/crypto/openssl/ssl/s3_pkt.cWed Nov 2 07:09:31 2016 >> (r308200) >> @@ -1057,6 +1057,13 @@ int ssl3_read_bytes(SSL *s, int type, un >> return (ret); >> } >> >> +/* >> + * Reset the count of consecutive warning alerts if we've got a >> non-empt >> y >> + * record that isn't an alert. >> + */ >> +if (rr->type != SSL3_RT_ALERT && rr->length != 0) >> +s->s3->alert_count = 0; >> + >> /* we now have a packet which can be read and processed */ >> >> if (s->s3->change_cipher_spec /* set when we receive >> ChangeCipherSpec, >> @@ -1271,6 +1278,14 @@ int ssl3_read_bytes(SSL *s, int type, un >> >> if (alert_level == SSL3_AL_WARNING) { >> s->s3->warn_alert = alert_descr; >> + >> +s->s3->alert_count++; >> +if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) { >> +al = SSL_AD_UNEXPECTED_MESSAGE; >> +SSLerr(SSL_F_SSL3_READ_BYTES, >> SSL_R_TOO_MANY_WARN_ALERTS); >> +goto f_err; >> +} >> + >> if (alert_descr == SSL_AD_CLOSE_NOTIFY) { >> s->shutdown |= SSL_RECEIVED_SHUTDOWN; >> return (0); >> >> Modified: stable/10/crypto/openssl/ssl/ssl.h >> = >> = >> --- stable/10/crypto/openssl/ssl/ssl.h Wed Nov 2 06:58:47 2016 >> (r308199) >> +++ stable/10/crypto/openssl/ssl/ssl.h Wed Nov 2 07:09:31 2016 >> (r308200) >> @@ -2717,6 +2717,7 @@ void ERR_load_SSL_strings(void); >> # define SSL_R_TLS_HEARTBEAT_PENDING 366 >> # define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 >> # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 >> +# define SSL_R_TOO_MANY_WARN_ALERTS 409 >> # define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 >> # define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG234 >> # define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER
Re: svn commit: r308200 - in stable: 10/crypto/openssl/ssl 9/crypto/openssl/ssl
In message <201611020709.ua279wm3070...@repo.freebsd.org>, Xin LI writes: > Author: delphij > Date: Wed Nov 2 07:09:31 2016 > New Revision: 308200 > URL: https://svnweb.freebsd.org/changeset/base/308200 > > Log: > Backport OpenSSL commit af58be768ebb690f78530f796e92b8ae5c9a4401: > > Don't allow too many consecutive warning alerts > > Certain warning alerts are ignored if they are received. This can mean th > at > no progress will be made if one peer continually sends those warning aler > ts. > Implement a count so that we abort the connection if we receive too many. > > Issue reported by Shi Lei. > > This is a direct commit to stable/10 and stable/9. > > Security: CVE-2016-8610 > > Modified: > stable/10/crypto/openssl/ssl/d1_pkt.c > stable/10/crypto/openssl/ssl/s3_pkt.c > stable/10/crypto/openssl/ssl/ssl.h > stable/10/crypto/openssl/ssl/ssl3.h > stable/10/crypto/openssl/ssl/ssl_locl.h > > Changes in other areas also in this revision: > Modified: > stable/9/crypto/openssl/ssl/d1_pkt.c > stable/9/crypto/openssl/ssl/s3_pkt.c > stable/9/crypto/openssl/ssl/ssl.h > stable/9/crypto/openssl/ssl/ssl3.h > stable/9/crypto/openssl/ssl/ssl_locl.h > > Modified: stable/10/crypto/openssl/ssl/d1_pkt.c > = > = > --- stable/10/crypto/openssl/ssl/d1_pkt.c Wed Nov 2 06:58:47 2016 > (r308199) > +++ stable/10/crypto/openssl/ssl/d1_pkt.c Wed Nov 2 07:09:31 2016 > (r308200) > @@ -924,6 +924,13 @@ int dtls1_read_bytes(SSL *s, int type, u > goto start; > } > > +/* > + * Reset the count of consecutive warning alerts if we've got a non-empt > y > + * record that isn't an alert. > + */ > +if (rr->type != SSL3_RT_ALERT && rr->length != 0) > +s->s3->alert_count = 0; > + > /* we now have a packet which can be read and processed */ > > if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, > @@ -1190,6 +1197,14 @@ int dtls1_read_bytes(SSL *s, int type, u > > if (alert_level == SSL3_AL_WARNING) { > s->s3->warn_alert = alert_descr; > + > +s->s3->alert_count++; > +if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) { > +al = SSL_AD_UNEXPECTED_MESSAGE; > +SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS); > +goto f_err; > +} > + > if (alert_descr == SSL_AD_CLOSE_NOTIFY) { > #ifndef OPENSSL_NO_SCTP > /* > > Modified: stable/10/crypto/openssl/ssl/s3_pkt.c > = > = > --- stable/10/crypto/openssl/ssl/s3_pkt.c Wed Nov 2 06:58:47 2016 > (r308199) > +++ stable/10/crypto/openssl/ssl/s3_pkt.c Wed Nov 2 07:09:31 2016 > (r308200) > @@ -1057,6 +1057,13 @@ int ssl3_read_bytes(SSL *s, int type, un > return (ret); > } > > +/* > + * Reset the count of consecutive warning alerts if we've got a non-empt > y > + * record that isn't an alert. > + */ > +if (rr->type != SSL3_RT_ALERT && rr->length != 0) > +s->s3->alert_count = 0; > + > /* we now have a packet which can be read and processed */ > > if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, > @@ -1271,6 +1278,14 @@ int ssl3_read_bytes(SSL *s, int type, un > > if (alert_level == SSL3_AL_WARNING) { > s->s3->warn_alert = alert_descr; > + > +s->s3->alert_count++; > +if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) { > +al = SSL_AD_UNEXPECTED_MESSAGE; > +SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS); > +goto f_err; > +} > + > if (alert_descr == SSL_AD_CLOSE_NOTIFY) { > s->shutdown |= SSL_RECEIVED_SHUTDOWN; > return (0); > > Modified: stable/10/crypto/openssl/ssl/ssl.h > = > = > --- stable/10/crypto/openssl/ssl/ssl.hWed Nov 2 06:58:47 2016 > (r308199) > +++ stable/10/crypto/openssl/ssl/ssl.hWed Nov 2 07:09:31 2016 > (r308200) > @@ -2717,6 +2717,7 @@ void ERR_load_SSL_strings(void); > # define SSL_R_TLS_HEARTBEAT_PENDING 366 > # define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 > # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 > +# define SSL_R_TOO_MANY_WARN_ALERTS 409 > # define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 > # define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG234 > # define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER235 > > Modified: stable/10/crypto/openssl/ssl/ssl3.h > = > = > ---
svn commit: r308214 - head/sys/arm/conf
Author: andrew Date: Wed Nov 2 13:11:19 2016 New Revision: 308214 URL: https://svnweb.freebsd.org/changeset/base/308214 Log: Add BeagleBone Black support to GENERIC on armv6. Reviewed by: mmel, imp Relnotes: yes Sponsored by: ABT Systems Ltd Differential Revision:https://reviews.freebsd.org/D8335 Modified: head/sys/arm/conf/GENERIC Modified: head/sys/arm/conf/GENERIC == --- head/sys/arm/conf/GENERIC Wed Nov 2 13:10:08 2016(r308213) +++ head/sys/arm/conf/GENERIC Wed Nov 2 13:11:19 2016(r308214) @@ -21,6 +21,7 @@ ident GENERIC cpuCPU_CORTEXA_MP +cpuCPU_CORTEXA8 machinearm armv6 makeoptionsCONF_CFLAGS="-march=armv7a" @@ -37,6 +38,8 @@ files "../broadcom/bcm2835/files.bcm283 files "../broadcom/bcm2835/files.bcm283x" files "../nvidia/tegra124/files.tegra124" files "../qemu/files.qemu" +files "../ti/files.ti" +files "../ti/am335x/files.am335x" optionsSOC_ALLWINNER_A20 optionsSOC_ALLWINNER_A31 @@ -44,6 +47,7 @@ options SOC_ALLWINNER_A31S optionsSOC_ALLWINNER_A83T optionsSOC_ALLWINNER_H3 optionsSOC_BCM2836 +optionsSOC_TI_AM335X optionsSCHED_ULE # ULE scheduler optionsSMP # Enable multiple cores @@ -66,6 +70,9 @@ devicecpufreq optionsINTRNG device gic +# PMU support (for CCNT). +device pmu + # ARM Generic Timer device generic_timer @@ -113,9 +120,14 @@ device axp81x # AXP813/818 Power Mana device bcm2835_bsc device icee device sy8106a # SY8106A Buck Regulator +device ti_i2c +device am335x_pmic # AM335x Power Management IC (TPC65217) +device am335x_rtc # RTC support (power management only) +#defineam335x_dmtpps # Pulse Per Second capture driver # GPIO device gpio +device gpiobacklight device gpioled device gpioregulator @@ -128,6 +140,16 @@ device aw_cir # SPI device spibus device bcm2835_spi +device ti_spi + +# ADC support +device ti_adc + +# Watchdog support +# If we don't enable the watchdog driver, the BealeBone could potentially +# reboot automatically because the boot loader might have enabled the +# watchdog. +device ti_wdt device scbus # SCSI bus (required for ATA/SCSI) device da # Direct Access (disks) @@ -141,11 +163,16 @@ deviceusb device ohci device ehci device dwcotg # DWC OTG controller +device musb device umass # Disks/Mass storage - Requires scbus and da device uhid# "Human Interface Devices" device ukbd# Allow keyboard like HIDs to control console +# Device mode support and USFS template +device usb_template# Control of the gadget +device usfs + # Ethernet device loop device ether @@ -176,6 +203,12 @@ device vchiq # Pinmux device fdt_pinctrl +# TI Programmable Realtime Unit support +device ti_pruss + +# Mailbox support +device ti_mbox + # Extensible Firmware Interface optionsEFI ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308212 - in head/sys: fs/nfsserver kern sys
Author: kib Date: Wed Nov 2 12:43:15 2016 New Revision: 308212 URL: https://svnweb.freebsd.org/changeset/base/308212 Log: Allow some dotdot lookups in capability mode. If dotdot lookup does not escape from the file descriptor passed as the lookup root, we can allow the component traversal. Track the directories traversed, and check the result of dotdot lookup against the recorded list of the directory vnodes. Dotdot lookups are enabled by sysctl vfs.lookup_cap_dotdot, currently disabled by default until more verification of the approach is done. Disallow non-local filesystems for dotdot, since remote server might conspire with the local process to allow it to escape the namespace. This might be too cautious, provide the knob vfs.lookup_cap_dotdot_nonlocal to override as well. Idea by: rwatson Discussed with: emaste, jonathan, rwatson Reviewed by: mjg (previous version) Tested by:pho (previous version) Sponsored by: The FreeBSD Foundation MFC after:2 week Differential revision:https://reviews.freebsd.org/D8110 Modified: head/sys/fs/nfsserver/nfs_nfsdport.c head/sys/kern/vfs_lookup.c head/sys/kern/vfs_syscalls.c head/sys/sys/namei.h Modified: head/sys/fs/nfsserver/nfs_nfsdport.c == --- head/sys/fs/nfsserver/nfs_nfsdport.cWed Nov 2 12:10:39 2016 (r308211) +++ head/sys/fs/nfsserver/nfs_nfsdport.cWed Nov 2 12:43:15 2016 (r308212) @@ -350,7 +350,7 @@ nfsvno_namei(struct nfsrv_descript *nd, *retdirp = NULL; cnp->cn_nameptr = cnp->cn_pnbuf; - ndp->ni_strictrelative = 0; + ndp->ni_lcf = 0; /* * Extract and set starting directory. */ Modified: head/sys/kern/vfs_lookup.c == --- head/sys/kern/vfs_lookup.c Wed Nov 2 12:10:39 2016(r308211) +++ head/sys/kern/vfs_lookup.c Wed Nov 2 12:43:15 2016(r308212) @@ -79,12 +79,22 @@ uma_zone_t namei_zone; /* Placeholder vnode for mp traversal. */ static struct vnode *vp_crossmp; +struct nameicap_tracker { + struct vnode *dp; + TAILQ_ENTRY(nameicap_tracker) nm_link; +}; + +/* Zone for cap mode tracker elements used for dotdot capability checks. */ +static uma_zone_t nt_zone; + static void nameiinit(void *dummy __unused) { namei_zone = uma_zcreate("NAMEI", MAXPATHLEN, NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0); + nt_zone = uma_zcreate("rentr", sizeof(struct nameicap_tracker), + NULL, NULL, NULL, NULL, sizeof(void *), 0); getnewvnode("crossmp", NULL, _vnodeops, _crossmp); vn_lock(vp_crossmp, LK_EXCLUSIVE); VN_LOCK_ASHARE(vp_crossmp); @@ -96,6 +106,76 @@ static int lookup_shared = 1; SYSCTL_INT(_vfs, OID_AUTO, lookup_shared, CTLFLAG_RWTUN, _shared, 0, "enables shared locks for path name translation"); +/* + * Intent is that lookup_cap_dotdot becomes unconditionally enabled, + * but it defaults to the disabled state until verification efforts + * are complete. + */ +static int lookup_cap_dotdot = 0; +SYSCTL_INT(_vfs, OID_AUTO, lookup_cap_dotdot, CTLFLAG_RWTUN, +_cap_dotdot, 0, +"enables \"..\" components in path lookup in capability mode"); +static int lookup_cap_dotdot_nonlocal = 0; +SYSCTL_INT(_vfs, OID_AUTO, lookup_cap_dotdot_nonlocal, CTLFLAG_RWTUN, +_cap_dotdot_nonlocal, 0, +"enables \"..\" components in path lookup in capability mode " +"on non-local mount"); + +static void +nameicap_tracker_add(struct nameidata *ndp, struct vnode *dp) +{ + struct nameicap_tracker *nt; + + if ((ndp->ni_lcf & NI_LCF_CAP_DOTDOT) == 0 || dp->v_type != VDIR) + return; + nt = uma_zalloc(nt_zone, M_WAITOK); + vhold(dp); + nt->dp = dp; + TAILQ_INSERT_TAIL(>ni_cap_tracker, nt, nm_link); +} + +static void +nameicap_cleanup(struct nameidata *ndp) +{ + struct nameicap_tracker *nt, *nt1; + + KASSERT(TAILQ_EMPTY(>ni_cap_tracker) || + (ndp->ni_lcf & NI_LCF_CAP_DOTDOT) != 0, ("not strictrelative")); + TAILQ_FOREACH_SAFE(nt, >ni_cap_tracker, nm_link, nt1) { + TAILQ_REMOVE(>ni_cap_tracker, nt, nm_link); + vdrop(nt->dp); + uma_zfree(nt_zone, nt); + } +} + +/* + * For dotdot lookups in capability mode, only allow the component + * lookup to succeed if the resulting directory was already traversed + * during the operation. Also fail dotdot lookups for non-local + * filesystems, where external agents might assist local lookups to + * escape the compartment. + */ +static int +nameicap_check_dotdot(struct nameidata *ndp, struct vnode *dp) +{ + struct nameicap_tracker *nt; + struct mount *mp; + + if ((ndp->ni_lcf & NI_LCF_CAP_DOTDOT) == 0 || dp == NULL || + dp->v_type != VDIR) + return (0); + mp
svn commit: r308211 - head/sys/kern
Author: kib Date: Wed Nov 2 12:10:39 2016 New Revision: 308211 URL: https://svnweb.freebsd.org/changeset/base/308211 Log: Remove tautological casts. Sponsored by: The FreeBSD Foundation MFC after:1 week Modified: head/sys/kern/vfs_lookup.c Modified: head/sys/kern/vfs_lookup.c == --- head/sys/kern/vfs_lookup.c Wed Nov 2 12:02:31 2016(r308210) +++ head/sys/kern/vfs_lookup.c Wed Nov 2 12:10:39 2016(r308211) @@ -188,11 +188,11 @@ namei(struct nameidata *ndp) if ((cnp->cn_flags & HASBUF) == 0) cnp->cn_pnbuf = uma_zalloc(namei_zone, M_WAITOK); if (ndp->ni_segflg == UIO_SYSSPACE) - error = copystr(ndp->ni_dirp, cnp->cn_pnbuf, - MAXPATHLEN, (size_t *)>ni_pathlen); + error = copystr(ndp->ni_dirp, cnp->cn_pnbuf, MAXPATHLEN, + >ni_pathlen); else - error = copyinstr(ndp->ni_dirp, cnp->cn_pnbuf, - MAXPATHLEN, (size_t *)>ni_pathlen); + error = copyinstr(ndp->ni_dirp, cnp->cn_pnbuf, MAXPATHLEN, + >ni_pathlen); /* * Don't allow empty pathnames. ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308210 - head/sys/kern
Author: kib Date: Wed Nov 2 12:02:31 2016 New Revision: 308210 URL: https://svnweb.freebsd.org/changeset/base/308210 Log: Style fixes. Discussed with: emaste Sponsored by: The FreeBSD Foundation MFC after:1 week Modified: head/sys/kern/vfs_lookup.c Modified: head/sys/kern/vfs_lookup.c == --- head/sys/kern/vfs_lookup.c Wed Nov 2 09:43:19 2016(r308209) +++ head/sys/kern/vfs_lookup.c Wed Nov 2 12:02:31 2016(r308210) @@ -73,13 +73,10 @@ SDT_PROBE_DEFINE3(vfs, namei, lookup, en "unsigned long"); SDT_PROBE_DEFINE2(vfs, namei, lookup, return, "int", "struct vnode *"); -/* - * Allocation zone for namei - */ +/* Allocation zone for namei. */ uma_zone_t namei_zone; -/* - * Placeholder vnode for mp traversal - */ + +/* Placeholder vnode for mp traversal. */ static struct vnode *vp_crossmp; static void @@ -97,11 +94,12 @@ SYSINIT(vfs, SI_SUB_VFS, SI_ORDER_SECOND static int lookup_shared = 1; SYSCTL_INT(_vfs, OID_AUTO, lookup_shared, CTLFLAG_RWTUN, _shared, 0, -"Enables/Disables shared locks for path name translation"); +"enables shared locks for path name translation"); static void namei_cleanup_cnp(struct componentname *cnp) { + uma_zfree(namei_zone, cnp->cn_pnbuf); #ifdef DIAGNOSTIC cnp->cn_pnbuf = NULL; @@ -158,12 +156,16 @@ namei(struct nameidata *ndp) char *cp; /* pointer into pathname argument */ struct vnode *dp; /* the directory we are searching */ struct iovec aiov; /* uio for reading symbolic links */ + struct componentname *cnp; + struct thread *td; + struct proc *p; + cap_rights_t rights; struct uio auio; int error, linklen, startdir_used; - struct componentname *cnp = >ni_cnd; - struct thread *td = cnp->cn_thread; - struct proc *p = td->td_proc; + cnp = >ni_cnd; + td = cnp->cn_thread; + p = td->td_proc; ndp->ni_cnd.cn_cred = ndp->ni_cnd.cn_thread->td_ucred; KASSERT(cnp->cn_cred && p, ("namei: bad cred/proc")); KASSERT((cnp->cn_nameiop & (~OPMASK)) == 0, @@ -258,8 +260,6 @@ namei(struct nameidata *ndp) dp = fdp->fd_cdir; VREF(dp); } else { - cap_rights_t rights; - rights = ndp->ni_rightsneeded; cap_rights_set(, CAP_LOOKUP); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308209 - head/sys/kern
Author: trasz Date: Wed Nov 2 09:43:19 2016 New Revision: 308209 URL: https://svnweb.freebsd.org/changeset/base/308209 Log: Fix getfsstat(2) with MNT_WAIT to not skip filesystems that are in the process of being unmounted. Previously it would skip them, even if the unmount eventually failed eg due to the filesystem being busy. This behaviour broke autounmountd(8) - if you tried to manually unmount a mounted filesystem, using 'automount -u', and the autounmountd attempted to refresh the filesystem list in that very moment, it would conclude that the filesystem got unmounted and not try to unmount it afterwards. Reviewed by: kib@ Tested by:pho@ MFC after:1 month Differential Revision:https://reviews.freebsd.org/D8030 Modified: head/sys/kern/vfs_syscalls.c Modified: head/sys/kern/vfs_syscalls.c == --- head/sys/kern/vfs_syscalls.cWed Nov 2 08:46:04 2016 (r308208) +++ head/sys/kern/vfs_syscalls.cWed Nov 2 09:43:19 2016 (r308209) @@ -446,16 +446,19 @@ kern_getfsstat(struct thread *td, struct size_t *countp, enum uio_seg bufseg, int flags) { struct mount *mp, *nmp; - struct statfs *sfsp, *sp, sb; + struct statfs *sfsp, *sp, sb, *tofree; size_t count, maxcount; int error; +restart: maxcount = bufsize / sizeof(struct statfs); - if (bufsize == 0) + if (bufsize == 0) { sfsp = NULL; - else if (bufseg == UIO_USERSPACE) + tofree = NULL; + } else if (bufseg == UIO_USERSPACE) { sfsp = *buf; - else /* if (bufseg == UIO_SYSSPACE) */ { + tofree = NULL; + } else /* if (bufseg == UIO_SYSSPACE) */ { count = 0; mtx_lock(_mtx); TAILQ_FOREACH(mp, , mnt_list) { @@ -464,8 +467,8 @@ kern_getfsstat(struct thread *td, struct mtx_unlock(_mtx); if (maxcount > count) maxcount = count; - sfsp = *buf = malloc(maxcount * sizeof(struct statfs), M_TEMP, - M_WAITOK); + tofree = sfsp = *buf = malloc(maxcount * sizeof(struct statfs), + M_TEMP, M_WAITOK); } count = 0; mtx_lock(_mtx); @@ -480,9 +483,24 @@ kern_getfsstat(struct thread *td, struct continue; } #endif - if (vfs_busy(mp, MBF_NOWAIT | MBF_MNTLSTLOCK)) { - nmp = TAILQ_NEXT(mp, mnt_list); - continue; + if (flags == MNT_WAIT) { + if (vfs_busy(mp, MBF_MNTLSTLOCK) != 0) { + /* +* If vfs_busy() failed, and MBF_NOWAIT +* wasn't passed, then the mp is gone. +* Furthermore, because of MBF_MNTLSTLOCK, +* the mountlist_mtx was dropped. We have +* no other choice than to start over. +*/ + mtx_unlock(_mtx); + free(tofree, M_TEMP); + goto restart; + } + } else { + if (vfs_busy(mp, MBF_NOWAIT | MBF_MNTLSTLOCK) != 0) { + nmp = TAILQ_NEXT(mp, mnt_list); + continue; + } } if (sfsp && count < maxcount) { sp = >mnt_stat; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r308181 - in head: . share/mk
On Wed, Nov 2, 2016 at 7:53 AM, Dimitry Andricwrote: > On 02 Nov 2016, at 08:25, Jonathan Anderson wrote: >> >> On 1 Nov 2016, at 21:10, Dimitry Andric wrote: >> >>> Please note, I reverted r307823 (which changed the suffixes from .bco >>> and .llo to .bc and .ll) in r308003, since it caused a number of ports >>> failures. These ports were already using .ll as a suffix for C++ lex >>> scripts. >> >> The changes to bsd.suffixes-posix.mk (included by sys.mk) would have >> affected anything compiled with bmake, and indeed, I'd imagine that adding a >> .c->.ll rule alongside .c->.o could cause problems with C++ lex rules. In >> fact, part of brooks' original motivation for introducing .llo suffixes was >> to avoid name conflicts (although conflicts with program IR like we're >> introducing in this commit). The changes in this commit should only be >> picked up by things that explicit include bsd.{lib,prog}.mk, however, and >> they also have slightly more esoteric names (e.g., progname.full.ll) that >> are less likely to cause a conflict. Perhaps I ought to have done an >> exp-run, but I suspect that this commit will cause much less / no fallout. I >> don't suppose you have a list of the ports that failed after your r307823 >> change so that I could do spot checks? > > Hi Antoine, you pointed me at some of these port failures due to the .ll > change, do you still have a list of them? The failures were: http://gohan2.ysv.freebsd.org/data/head-amd64-default-baseline/p424659_s307951/logs/super-smack-1.3_2.log http://gohan2.ysv.freebsd.org/data/head-amd64-default-baseline/p424659_s307951/logs/dprog-0.3.1_2.log http://gohan2.ysv.freebsd.org/data/head-amd64-default-baseline/p424659_s307951/logs/ebnf2yacc-0.1.1.log http://gohan2.ysv.freebsd.org/data/head-amd64-default-baseline/p424659_s307951/logs/gnuchess-6.2.3.log http://gohan2.ysv.freebsd.org/data/head-amd64-default-baseline/p424659_s307951/logs/bugle-0.0.20100508_2.log http://gohan2.ysv.freebsd.org/data/head-amd64-default-baseline/p424659_s307951/logs/hfst-3.8.2.log http://gohan2.ysv.freebsd.org/data/head-amd64-default-baseline/p424659_s307951/logs/grap-1.45.log http://gohan2.ysv.freebsd.org/data/head-amd64-default-baseline/p424659_s307951/logs/g-cows-1.12.log http://gohan2.ysv.freebsd.org/data/head-amd64-default-baseline/p424659_s307951/logs/worker-3.8.4.log Antoine ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308208 - stable/11/sys/ufs/ffs
Author: kib Date: Wed Nov 2 08:46:04 2016 New Revision: 308208 URL: https://svnweb.freebsd.org/changeset/base/308208 Log: MFC r307626: Add FFS pager, which uses buffer cache read operation to validate pages. For now, the pager is disabled by default in the stable branch. Modified: stable/11/sys/ufs/ffs/ffs_vnops.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/ufs/ffs/ffs_vnops.c == --- stable/11/sys/ufs/ffs/ffs_vnops.c Wed Nov 2 08:41:01 2016 (r308207) +++ stable/11/sys/ufs/ffs/ffs_vnops.c Wed Nov 2 08:46:04 2016 (r308208) @@ -77,6 +77,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include @@ -86,6 +87,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include @@ -102,8 +104,9 @@ __FBSDID("$FreeBSD$"); #ifdef DIRECTIO extern int ffs_rawread(struct vnode *vp, struct uio *uio, int *workdone); #endif -static vop_fsync_t ffs_fsync; static vop_fdatasync_t ffs_fdatasync; +static vop_fsync_t ffs_fsync; +static vop_getpages_t ffs_getpages; static vop_lock1_t ffs_lock; static vop_read_t ffs_read; static vop_write_t ffs_write; @@ -119,13 +122,12 @@ static vop_openextattr_t ffs_openextattr static vop_setextattr_tffs_setextattr; static vop_vptofh_tffs_vptofh; - /* Global vfs data structures for ufs. */ struct vop_vector ffs_vnodeops1 = { .vop_default = _vnodeops, .vop_fsync =ffs_fsync, .vop_fdatasync =ffs_fdatasync, - .vop_getpages = vnode_pager_local_getpages, + .vop_getpages = ffs_getpages, .vop_getpages_async = vnode_pager_local_getpages_async, .vop_lock1 =ffs_lock, .vop_read = ffs_read, @@ -147,7 +149,7 @@ struct vop_vector ffs_vnodeops2 = { .vop_default = _vnodeops, .vop_fsync =ffs_fsync, .vop_fdatasync =ffs_fdatasync, - .vop_getpages = vnode_pager_local_getpages, + .vop_getpages = ffs_getpages, .vop_getpages_async = vnode_pager_local_getpages_async, .vop_lock1 =ffs_lock, .vop_read = ffs_read, @@ -1784,3 +1786,165 @@ vop_vptofh { ufhp->ufid_gen = ip->i_gen; return (0); } + +SYSCTL_DECL(_vfs_ffs); +static int use_buf_pager = 0; +SYSCTL_INT(_vfs_ffs, OID_AUTO, use_buf_pager, CTLFLAG_RWTUN, _buf_pager, 0, +"Always use buffer pager instead of bmap"); +static int buf_pager_relbuf; +SYSCTL_INT(_vfs_ffs, OID_AUTO, buf_pager_relbuf, CTLFLAG_RWTUN, +_pager_relbuf, 0, +"Make buffer pager release buffers after reading"); + +/* + * The FFS pager. It uses buffer reads to validate pages. + * + * In contrast to the generic local pager from vm/vnode_pager.c, this + * pager correctly and easily handles volumes where the underlying + * device block size is greater than the machine page size. The + * buffer cache transparently extends the requested page run to be + * aligned at the block boundary, and does the necessary bogus page + * replacements in the addends to avoid obliterating already valid + * pages. + * + * The only non-trivial issue is that the exclusive busy state for + * pages, which is assumed by the vm_pager_getpages() interface, is + * incompatible with the VMIO buffer cache's desire to share-busy the + * pages. This function performs a trivial downgrade of the pages' + * state before reading buffers, and a less trivial upgrade from the + * shared-busy to excl-busy state after the read. + */ +static int +ffs_getpages(struct vop_getpages_args *ap) +{ + struct vnode *vp; + vm_page_t *ma, m; + vm_object_t object; + struct buf *bp; + struct ufsmount *um; + ufs_lbn_t lbn, lbnp; + vm_ooffset_t la, lb; + long bsize; + int bo_bs, count, error, i; + bool redo, lpart; + + vp = ap->a_vp; + ma = ap->a_m; + count = ap->a_count; + + um = VFSTOUFS(ap->a_vp->v_mount); + bo_bs = um->um_devvp->v_bufobj.bo_bsize; + if (!use_buf_pager && bo_bs <= PAGE_SIZE) + return (vnode_pager_generic_getpages(vp, ma, count, + ap->a_rbehind, ap->a_rahead, NULL, NULL)); + + object = vp->v_object; + la = IDX_TO_OFF(ma[count - 1]->pindex); + if (la >= object->un_pager.vnp.vnp_size) + return (VM_PAGER_BAD); + lpart = la + PAGE_SIZE > object->un_pager.vnp.vnp_size; + if (ap->a_rbehind != NULL) { + lb = IDX_TO_OFF(ma[0]->pindex); + *ap->a_rbehind = OFF_TO_IDX(lb - rounddown2(lb, bo_bs)); + } + if (ap->a_rahead != NULL) { + *ap->a_rahead = OFF_TO_IDX(roundup2(la, bo_bs) - la); + if (la + IDX_TO_OFF(*ap->a_rahead) >= +
svn commit: r308207 - stable/11/sys/dev/e1000
Author: kib Date: Wed Nov 2 08:41:01 2016 New Revision: 308207 URL: https://svnweb.freebsd.org/changeset/base/308207 Log: MFC r307649: Partial workaround for Intel PCI adapters reading past the end of the host-programmed DMA regions. Modified: stable/11/sys/dev/e1000/if_lem.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/dev/e1000/if_lem.c == --- stable/11/sys/dev/e1000/if_lem.cWed Nov 2 08:12:37 2016 (r308206) +++ stable/11/sys/dev/e1000/if_lem.cWed Nov 2 08:41:01 2016 (r308207) @@ -591,8 +591,16 @@ lem_attach(device_t dev) } #endif /* NIC_PARAVIRT */ - tsize = roundup2(adapter->num_tx_desc * sizeof(struct e1000_tx_desc), - EM_DBA_ALIGN); + /* +* It seems that the descriptor DMA engine on some PCI cards +* fetches memory past the end of the last descriptor in the +* ring. These reads are problematic when VT-d (DMAR) busdma +* is used. Allocate the scratch space to avoid getting +* faults from DMAR, by requesting scratch memory for one more +* descriptor. +*/ + tsize = roundup2((adapter->num_tx_desc + 1) * + sizeof(struct e1000_tx_desc), EM_DBA_ALIGN); /* Allocate Transmit Descriptor ring */ if (lem_dma_malloc(adapter, tsize, >txdma, BUS_DMA_NOWAIT)) { @@ -603,8 +611,11 @@ lem_attach(device_t dev) adapter->tx_desc_base = (struct e1000_tx_desc *)adapter->txdma.dma_vaddr; - rsize = roundup2(adapter->num_rx_desc * sizeof(struct e1000_rx_desc), - EM_DBA_ALIGN); + /* +* See comment above txdma allocation for rationale behind +1. +*/ + rsize = roundup2((adapter->num_rx_desc + 1) * + sizeof(struct e1000_rx_desc), EM_DBA_ALIGN); /* Allocate Receive Descriptor ring */ if (lem_dma_malloc(adapter, rsize, >rxdma, BUS_DMA_NOWAIT)) { ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308206 - head/usr.sbin/autofs
Author: trasz Date: Wed Nov 2 08:12:37 2016 New Revision: 308206 URL: https://svnweb.freebsd.org/changeset/base/308206 Log: Make autounmountd(8) not die when traced with "truss -p". MFC after:1 month Modified: head/usr.sbin/autofs/autounmountd.c Modified: head/usr.sbin/autofs/autounmountd.c == --- head/usr.sbin/autofs/autounmountd.c Wed Nov 2 07:24:34 2016 (r308205) +++ head/usr.sbin/autofs/autounmountd.c Wed Nov 2 08:12:37 2016 (r308206) @@ -244,8 +244,11 @@ do_wait(int kq, double sleep_time) log_debugx("waiting for filesystem event"); nevents = kevent(kq, NULL, 0, , 1, NULL); } - if (nevents < 0) + if (nevents < 0) { + if (errno == EINTR) + return; log_err(1, "kevent"); + } if (nevents == 0) { log_debugx("timeout reached"); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r308181 - in head: . share/mk
On 02 Nov 2016, at 08:25, Jonathan Andersonwrote: > > On 1 Nov 2016, at 21:10, Dimitry Andric wrote: > >> Please note, I reverted r307823 (which changed the suffixes from .bco >> and .llo to .bc and .ll) in r308003, since it caused a number of ports >> failures. These ports were already using .ll as a suffix for C++ lex >> scripts. > > The changes to bsd.suffixes-posix.mk (included by sys.mk) would have affected > anything compiled with bmake, and indeed, I'd imagine that adding a .c->.ll > rule alongside .c->.o could cause problems with C++ lex rules. In fact, part > of brooks' original motivation for introducing .llo suffixes was to avoid > name conflicts (although conflicts with program IR like we're introducing in > this commit). The changes in this commit should only be picked up by things > that explicit include bsd.{lib,prog}.mk, however, and they also have slightly > more esoteric names (e.g., progname.full.ll) that are less likely to cause a > conflict. Perhaps I ought to have done an exp-run, but I suspect that this > commit will cause much less / no fallout. I don't suppose you have a list of > the ports that failed after your r307823 change so that I could do spot > checks? Hi Antoine, you pointed me at some of these port failures due to the .ll change, do you still have a list of them? -Dimitry signature.asc Description: Message signed with OpenPGP using GPGMail
svn commit: r308205 - in releng/9.3: . contrib/bind9/lib/dns crypto/openssl/ssl sys/conf
Author: delphij Date: Wed Nov 2 07:24:34 2016 New Revision: 308205 URL: https://svnweb.freebsd.org/changeset/base/308205 Log: Fix BIND remote Denial of Service vulnerability. [SA-16:34] Fix OpenSSL remote DoS vulnerability. [SA-16:35] Security: FreeBSD-SA-16:34.bind Security: FreeBSD-SA-16:35.openssl Approved by: so Modified: releng/9.3/UPDATING releng/9.3/contrib/bind9/lib/dns/resolver.c releng/9.3/crypto/openssl/ssl/d1_pkt.c releng/9.3/crypto/openssl/ssl/s3_pkt.c releng/9.3/crypto/openssl/ssl/ssl.h releng/9.3/crypto/openssl/ssl/ssl3.h releng/9.3/crypto/openssl/ssl/ssl_locl.h releng/9.3/sys/conf/newvers.sh Modified: releng/9.3/UPDATING == --- releng/9.3/UPDATING Wed Nov 2 07:24:14 2016(r308204) +++ releng/9.3/UPDATING Wed Nov 2 07:24:34 2016(r308205) @@ -11,6 +11,13 @@ handbook: Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20161102 p50 FreeBSD-SA-16:34.bind + FreeBSD-SA-16:35.openssl + + Fix BIND remote Denial of Service vulnerability. [SA-16:34] + + Fix OpenSSL remote DoS vulnerability. [SA-16:35] + 20161025 p49 FreeBSD-SA-16:15.sysarch [revised] Fix incorrect argument validation in sysarch(2). [SA-16:15] Modified: releng/9.3/contrib/bind9/lib/dns/resolver.c == --- releng/9.3/contrib/bind9/lib/dns/resolver.c Wed Nov 2 07:24:14 2016 (r308204) +++ releng/9.3/contrib/bind9/lib/dns/resolver.c Wed Nov 2 07:24:34 2016 (r308205) @@ -524,7 +524,9 @@ valcreate(fetchctx_t *fctx, dns_adbaddri valarg->addrinfo = addrinfo; if (!ISC_LIST_EMPTY(fctx->validators)) - INSIST((valoptions & DNS_VALIDATOR_DEFER) != 0); + valoptions |= DNS_VALIDATOR_DEFER; + else + valoptions &= ~DNS_VALIDATOR_DEFER; result = dns_validator_create(fctx->res->view, name, type, rdataset, sigrdataset, fctx->rmessage, @@ -4849,13 +4851,6 @@ cache_name(fetchctx_t *fctx, dns_name_t rdataset, sigrdataset, valoptions, task); - /* -* Defer any further validations. -* This prevents multiple validators -* from manipulating fctx->rmessage -* simultaneously. -*/ - valoptions |= DNS_VALIDATOR_DEFER; } } else if (CHAINING(rdataset)) { if (rdataset->type == dns_rdatatype_cname) @@ -4961,6 +4956,11 @@ cache_name(fetchctx_t *fctx, dns_name_t eresult == DNS_R_NCACHENXRRSET); } event->result = eresult; + if (adbp != NULL && *adbp != NULL) { + if (anodep != NULL && *anodep != NULL) + dns_db_detachnode(*adbp, anodep); + dns_db_detach(adbp); + } dns_db_attach(fctx->cache, adbp); dns_db_transfernode(fctx->cache, , anodep); clone_results(fctx); @@ -5208,6 +5208,11 @@ ncache_message(fetchctx_t *fctx, dns_adb fctx->attributes |= FCTX_ATTR_HAVEANSWER; if (event != NULL) { event->result = eresult; + if (adbp != NULL && *adbp != NULL) { + if (anodep != NULL && *anodep != NULL) + dns_db_detachnode(*adbp, anodep); + dns_db_detach(adbp); + } dns_db_attach(fctx->cache, adbp); dns_db_transfernode(fctx->cache, , anodep); clone_results(fctx); @@ -6016,13 +6021,15 @@ static isc_result_t answer_response(fetchctx_t *fctx) { isc_result_t result; dns_message_t *message; - dns_name_t *name, *dname = NULL, *qname, tname, *ns_name; + dns_name_t *name, *dname = NULL, *qname, *dqname, tname, *ns_name; + dns_name_t *cname = NULL; dns_rdataset_t *rdataset, *ns_rdataset; isc_boolean_t done, external, chaining, aa, found, want_chaining; - isc_boolean_t have_a
svn commit: r308204 - in releng: 10.1 10.1/crypto/openssl/ssl 10.1/sys/conf 10.2 10.2/crypto/openssl/ssl 10.2/sys/conf
Author: delphij Date: Wed Nov 2 07:24:14 2016 New Revision: 308204 URL: https://svnweb.freebsd.org/changeset/base/308204 Log: Fix OpenSSL remote DoS vulnerability. [SA-16:35] Security: FreeBSD-SA-16:35.openssl Approved by: so Modified: releng/10.1/UPDATING releng/10.1/crypto/openssl/ssl/d1_pkt.c releng/10.1/crypto/openssl/ssl/s3_pkt.c releng/10.1/crypto/openssl/ssl/ssl.h releng/10.1/crypto/openssl/ssl/ssl3.h releng/10.1/crypto/openssl/ssl/ssl_locl.h releng/10.1/sys/conf/newvers.sh releng/10.2/UPDATING releng/10.2/crypto/openssl/ssl/d1_pkt.c releng/10.2/crypto/openssl/ssl/s3_pkt.c releng/10.2/crypto/openssl/ssl/ssl.h releng/10.2/crypto/openssl/ssl/ssl3.h releng/10.2/crypto/openssl/ssl/ssl_locl.h releng/10.2/sys/conf/newvers.sh Modified: releng/10.1/UPDATING == --- releng/10.1/UPDATINGWed Nov 2 07:23:36 2016(r308203) +++ releng/10.1/UPDATINGWed Nov 2 07:24:14 2016(r308204) @@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITH stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20161102 p42 FreeBSD-SA-16:35.openssl + + Fix OpenSSL remote DoS vulnerability. [SA-16:35] + 20161025 p41 FreeBSD-SA-16:15.sysarch [revised] Fix incorrect argument validation in sysarch(2). [SA-16:15] Modified: releng/10.1/crypto/openssl/ssl/d1_pkt.c == --- releng/10.1/crypto/openssl/ssl/d1_pkt.c Wed Nov 2 07:23:36 2016 (r308203) +++ releng/10.1/crypto/openssl/ssl/d1_pkt.c Wed Nov 2 07:24:14 2016 (r308204) @@ -924,6 +924,13 @@ int dtls1_read_bytes(SSL *s, int type, u goto start; } +/* + * Reset the count of consecutive warning alerts if we've got a non-empty + * record that isn't an alert. + */ +if (rr->type != SSL3_RT_ALERT && rr->length != 0) +s->s3->alert_count = 0; + /* we now have a packet which can be read and processed */ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, @@ -1190,6 +1197,14 @@ int dtls1_read_bytes(SSL *s, int type, u if (alert_level == SSL3_AL_WARNING) { s->s3->warn_alert = alert_descr; + +s->s3->alert_count++; +if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) { +al = SSL_AD_UNEXPECTED_MESSAGE; +SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS); +goto f_err; +} + if (alert_descr == SSL_AD_CLOSE_NOTIFY) { #ifndef OPENSSL_NO_SCTP /* Modified: releng/10.1/crypto/openssl/ssl/s3_pkt.c == --- releng/10.1/crypto/openssl/ssl/s3_pkt.c Wed Nov 2 07:23:36 2016 (r308203) +++ releng/10.1/crypto/openssl/ssl/s3_pkt.c Wed Nov 2 07:24:14 2016 (r308204) @@ -1057,6 +1057,13 @@ int ssl3_read_bytes(SSL *s, int type, un return (ret); } +/* + * Reset the count of consecutive warning alerts if we've got a non-empty + * record that isn't an alert. + */ +if (rr->type != SSL3_RT_ALERT && rr->length != 0) +s->s3->alert_count = 0; + /* we now have a packet which can be read and processed */ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, @@ -1271,6 +1278,14 @@ int ssl3_read_bytes(SSL *s, int type, un if (alert_level == SSL3_AL_WARNING) { s->s3->warn_alert = alert_descr; + +s->s3->alert_count++; +if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) { +al = SSL_AD_UNEXPECTED_MESSAGE; +SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS); +goto f_err; +} + if (alert_descr == SSL_AD_CLOSE_NOTIFY) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; return (0); Modified: releng/10.1/crypto/openssl/ssl/ssl.h == --- releng/10.1/crypto/openssl/ssl/ssl.hWed Nov 2 07:23:36 2016 (r308203) +++ releng/10.1/crypto/openssl/ssl/ssl.hWed Nov 2 07:24:14 2016 (r308204) @@ -2713,6 +2713,7 @@ void ERR_load_SSL_strings(void); # define SSL_R_TLS_HEARTBEAT_PENDING 366 # define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 +# define SSL_R_TOO_MANY_WARN_ALERTS 409 # define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 # define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG234 # define SSL_R_TRIE
Re: svn commit: r308181 - in head: . share/mk
Hi, On 1 Nov 2016, at 21:10, Dimitry Andric wrote: > Please note, I reverted r307823 (which changed the suffixes from .bco > and .llo to .bc and .ll) in r308003, since it caused a number of ports > failures. These ports were already using .ll as a suffix for C++ lex > scripts. The changes to bsd.suffixes-posix.mk (included by sys.mk) would have affected anything compiled with bmake, and indeed, I'd imagine that adding a .c->.ll rule alongside .c->.o could cause problems with C++ lex rules. In fact, part of brooks' original motivation for introducing .llo suffixes was to avoid name conflicts (although conflicts with program IR like we're introducing in this commit). The changes in this commit should only be picked up by things that explicit include bsd.{lib,prog}.mk, however, and they also have slightly more esoteric names (e.g., progname.full.ll) that are less likely to cause a conflict. Perhaps I ought to have done an exp-run, but I suspect that this commit will cause much less / no fallout. I don't suppose you have a list of the ports that failed after your r307823 change so that I could do spot checks? >> # prefer .s to a .c, add .po, remove stuff not used in the BSD libraries >> # .pico used for PIC object files >> -.SUFFIXES: .out .o .po .pico .S .asm .s .c .cc .cpp .cxx .C .f .y .l .ln >> +.SUFFIXES: .out .o .bc .ll .po .pico .S .asm .s .c .cc .cpp .cxx .C .f .y >> .l .ln > > So here, please use .bco and .llo. The "o" in the suffix indicates that the file is analogous to an object file, which is not really the case with the rules added here in r308181. I'd be happy to consider a different suffix if we get ports fallout, but I'd like to wait for evidence of such fallout before renaming these suffixes away from upstream's usage. I think that we should stick with the upstream suffixes unless there's a good reason not to (such as collisions with lex things as affected r307823). >> @@ -199,6 +199,18 @@ lib${LIB_PRIVATE}${LIB}_p.a: ${POBJS} >> ${RANLIB} ${RANLIBFLAGS} ${.TARGET} >> .endif >> >> +.if defined(LLVM_LINK) >> +BCOBJS= ${OBJS:.o=.bco} ${STATICOBJS:.o=.bco} >> +LLOBJS= ${OBJS:.o=.llo} ${STATICOBJS:.o=.llo} > > But apparently you already used those suffixes here. Yup, because of the "object file" analogy. >> -.SUFFIXES: .out .o .c .cc .cpp .cxx .C .m .y .l .ln .s .S .asm >> +.SUFFIXES: .out .o .bc .c .cc .cpp .cxx .C .m .y .l .ll .ln .s .S .asm > > But not here, these should also be changed. Sorry for any confusion. The .bco and .llo suffixes should already be included because of bsd.suffixes-posix.mk (included from sys.mk). This SUFFIXES change, on the other hand, is to add the .ll and .bc suffixes for the final build products (IR "binaries" and "libraries"). I hope this clears up any confusion, Jon -- Jonathan Anderson jonat...@freebsd.org signature.asc Description: OpenPGP digital signature
svn commit: r308202 - in releng/11.0: . crypto/openssh sys/conf
Author: delphij Date: Wed Nov 2 07:23:19 2016 New Revision: 308202 URL: https://svnweb.freebsd.org/changeset/base/308202 Log: Fix Fix OpenSSH remote Denial of Service vulnerability. Security: FreeBSD-SA-16:33.openssh Approved by: so Modified: releng/11.0/UPDATING releng/11.0/crypto/openssh/kex.c releng/11.0/sys/conf/newvers.sh Modified: releng/11.0/UPDATING == --- releng/11.0/UPDATINGWed Nov 2 07:18:27 2016(r308201) +++ releng/11.0/UPDATINGWed Nov 2 07:23:19 2016(r308202) @@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITH the tip of head, and then rebuild without this option. The bootstrap process from older version of current across the gcc/clang cutover is a bit fragile. +20161102 p3 FreeBSD-SA-16:33.openssh + + Fix Fix OpenSSH remote Denial of Service vulnerability. + 20161025 p2 FreeBSD-SA-16:15.sysarch [revised] FreeBSD-SA-16:32.bhyve Modified: releng/11.0/crypto/openssh/kex.c == --- releng/11.0/crypto/openssh/kex.cWed Nov 2 07:18:27 2016 (r308201) +++ releng/11.0/crypto/openssh/kex.cWed Nov 2 07:23:19 2016 (r308202) @@ -468,6 +468,7 @@ kex_input_kexinit(int type, u_int32_t se if (kex == NULL) return SSH_ERR_INVALID_ARGUMENT; + ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL); ptr = sshpkt_ptr(ssh, ); if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0) return r; Modified: releng/11.0/sys/conf/newvers.sh == --- releng/11.0/sys/conf/newvers.sh Wed Nov 2 07:18:27 2016 (r308201) +++ releng/11.0/sys/conf/newvers.sh Wed Nov 2 07:23:19 2016 (r308202) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="11.0" -BRANCH="RELEASE-p2" +BRANCH="RELEASE-p3" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308203 - in releng/10.3: . crypto/openssh crypto/openssl/ssl sys/conf
Author: delphij Date: Wed Nov 2 07:23:36 2016 New Revision: 308203 URL: https://svnweb.freebsd.org/changeset/base/308203 Log: Fix OpenSSH remote Denial of Service vulnerability. [SA-16:33] Fix OpenSSL remote DoS vulnerability. [SA-16:35] Security: FreeBSD-SA-16:33.openssh Security: FreeBSD-SA-16:35.openssl Approved by: so Modified: releng/10.3/UPDATING releng/10.3/crypto/openssh/kex.c releng/10.3/crypto/openssl/ssl/d1_pkt.c releng/10.3/crypto/openssl/ssl/s3_pkt.c releng/10.3/crypto/openssl/ssl/ssl.h releng/10.3/crypto/openssl/ssl/ssl3.h releng/10.3/crypto/openssl/ssl/ssl_locl.h releng/10.3/sys/conf/newvers.sh Modified: releng/10.3/UPDATING == --- releng/10.3/UPDATINGWed Nov 2 07:23:19 2016(r308202) +++ releng/10.3/UPDATINGWed Nov 2 07:23:36 2016(r308203) @@ -16,6 +16,13 @@ from older versions of FreeBSD, try WITH stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20161102 p12 FreeBSD-SA-16:33.openssh + FreeBSD-SA-16:35.openssl + + Fix OpenSSH remote Denial of Service vulnerability. [SA-16:33] + + Fix OpenSSL remote DoS vulnerability. [SA-16:35] + 20161025 p11 FreeBSD-SA-16:15.sysarch [revised] FreeBSD-EN-16:17.vm Modified: releng/10.3/crypto/openssh/kex.c == --- releng/10.3/crypto/openssh/kex.cWed Nov 2 07:23:19 2016 (r308202) +++ releng/10.3/crypto/openssh/kex.cWed Nov 2 07:23:36 2016 (r308203) @@ -468,6 +468,7 @@ kex_input_kexinit(int type, u_int32_t se if (kex == NULL) return SSH_ERR_INVALID_ARGUMENT; + ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL); ptr = sshpkt_ptr(ssh, ); if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0) return r; Modified: releng/10.3/crypto/openssl/ssl/d1_pkt.c == --- releng/10.3/crypto/openssl/ssl/d1_pkt.c Wed Nov 2 07:23:19 2016 (r308202) +++ releng/10.3/crypto/openssl/ssl/d1_pkt.c Wed Nov 2 07:23:36 2016 (r308203) @@ -924,6 +924,13 @@ int dtls1_read_bytes(SSL *s, int type, u goto start; } +/* + * Reset the count of consecutive warning alerts if we've got a non-empty + * record that isn't an alert. + */ +if (rr->type != SSL3_RT_ALERT && rr->length != 0) +s->s3->alert_count = 0; + /* we now have a packet which can be read and processed */ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, @@ -1190,6 +1197,14 @@ int dtls1_read_bytes(SSL *s, int type, u if (alert_level == SSL3_AL_WARNING) { s->s3->warn_alert = alert_descr; + +s->s3->alert_count++; +if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) { +al = SSL_AD_UNEXPECTED_MESSAGE; +SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS); +goto f_err; +} + if (alert_descr == SSL_AD_CLOSE_NOTIFY) { #ifndef OPENSSL_NO_SCTP /* Modified: releng/10.3/crypto/openssl/ssl/s3_pkt.c == --- releng/10.3/crypto/openssl/ssl/s3_pkt.c Wed Nov 2 07:23:19 2016 (r308202) +++ releng/10.3/crypto/openssl/ssl/s3_pkt.c Wed Nov 2 07:23:36 2016 (r308203) @@ -1057,6 +1057,13 @@ int ssl3_read_bytes(SSL *s, int type, un return (ret); } +/* + * Reset the count of consecutive warning alerts if we've got a non-empty + * record that isn't an alert. + */ +if (rr->type != SSL3_RT_ALERT && rr->length != 0) +s->s3->alert_count = 0; + /* we now have a packet which can be read and processed */ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, @@ -1271,6 +1278,14 @@ int ssl3_read_bytes(SSL *s, int type, un if (alert_level == SSL3_AL_WARNING) { s->s3->warn_alert = alert_descr; + +s->s3->alert_count++; +if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) { +al = SSL_AD_UNEXPECTED_MESSAGE; +SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS); +goto f_err; +} + if (alert_descr == SSL_AD_CLOSE_NOTIFY) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; return (0); Modified: releng/10.3/crypto/openssl/ssl/ssl.h == --- releng/10.3/crypto/openssl/ssl/ssl.hWed Nov 2 07:23:19 2016 (r308
svn commit: r308201 - in head: contrib/hyperv/tools sys/dev/hyperv/utilities
Author: sephe Date: Wed Nov 2 07:18:27 2016 New Revision: 308201 URL: https://svnweb.freebsd.org/changeset/base/308201 Log: hyperv/kvp: Don't mix message status codes and function return values. While I'm here, move message status codes to hv_utilreg.h, since they will be used by the upcoming VSS stuffs. Submitted by: Hongjiang Zhang MFC after:1 week Sponsored by: Microsoft Differential Revision:https://reviews.freebsd.org/D8391 Modified: head/contrib/hyperv/tools/hv_kvp_daemon.c head/sys/dev/hyperv/utilities/hv_kvp.c head/sys/dev/hyperv/utilities/hv_kvp.h head/sys/dev/hyperv/utilities/hv_utilreg.h Modified: head/contrib/hyperv/tools/hv_kvp_daemon.c == --- head/contrib/hyperv/tools/hv_kvp_daemon.c Wed Nov 2 07:09:31 2016 (r308200) +++ head/contrib/hyperv/tools/hv_kvp_daemon.c Wed Nov 2 07:18:27 2016 (r308201) @@ -52,9 +52,10 @@ #include #include #include +#include #include "hv_kvp.h" - +#include "hv_utilreg.h" typedef uint8_t__u8; typedef uint16_t __u16; typedef uint32_t __u32; @@ -684,18 +685,16 @@ kvp_get_ipconfig_info(char *if_name, str */ kvp_process_ipconfig_file(cmd, (char *)buffer->gate_way, (MAX_GATEWAY_SIZE * 2), INET_ADDRSTRLEN, 0); - /* * Retrieve the IPV6 address of default gateway. */ - snprintf(cmd, sizeof(cmd), "netstat -rn inet6 | grep %s | awk '/default/ {print $2 }", if_name); + snprintf(cmd, sizeof(cmd), "netstat -rn inet6 | grep %s | awk '/default/ {print $2 }'", if_name); /* * Execute the command to gather gateway IPV6 info. */ kvp_process_ipconfig_file(cmd, (char *)buffer->gate_way, (MAX_GATEWAY_SIZE * 2), INET6_ADDRSTRLEN, 1); - /* * we just invoke an external script to get the DNS info. * @@ -782,11 +781,11 @@ kvp_process_ip_address(void *addrp, } if ((length - *offset) < addr_length + 1) { - return (HV_KVP_E_FAIL); + return (EINVAL); } if (str == NULL) { strlcpy(buffer, "inet_ntop failed\n", length); - return (HV_KVP_E_FAIL); + return (errno); } if (*offset == 0) { strlcpy(buffer, tmp, length); @@ -832,7 +831,7 @@ kvp_get_ip_info(int family, char *if_nam if (getifaddrs()) { strlcpy(buffer, "getifaddrs failed\n", buffer_length); - return (HV_KVP_E_FAIL); + return (errno); } curp = ifap; @@ -924,7 +923,6 @@ kvp_get_ip_info(int family, char *if_nam /* * Collect other ip configuration info. */ - kvp_get_ipconfig_info(if_name, ip_buffer); } @@ -954,7 +952,7 @@ kvp_write_file(FILE *f, const char *s1, ret = fprintf(f, "%s%s%s%s\n", s1, s2, "=", s3); if (ret < 0) { - return (HV_KVP_E_FAIL); + return (EIO); } return (0); @@ -979,7 +977,7 @@ kvp_set_ip_info(char *if_name, struct hv if (file == NULL) { KVP_LOG(LOG_ERR, "FreeBSD Failed to open config file\n"); - return (HV_KVP_E_FAIL); + return (errno); } /* @@ -988,7 +986,7 @@ kvp_set_ip_info(char *if_name, struct hv mac_addr = kvp_if_name_to_mac(if_name); if (mac_addr == NULL) { - error = HV_KVP_E_FAIL; + error = EINVAL; goto kvp_set_ip_info_error; } /* MAC Address */ @@ -1091,28 +1089,30 @@ kvp_op_getipinfo(struct hv_kvp_msg *op_m { struct hv_kvp_ipaddr_value *ip_val; char *if_name; + int error = 0; assert(op_msg != NULL); KVP_LOG(LOG_DEBUG, "In kvp_op_getipinfo.\n"); ip_val = _msg->body.kvp_ip_val; - op_msg->hdr.error = HV_KVP_S_OK; + op_msg->hdr.error = HV_S_OK; if_name = kvp_mac_to_if_name((char *)ip_val->adapter_id); if (if_name == NULL) { /* No interface found with the mac address. */ - op_msg->hdr.error = HV_KVP_E_FAIL; + op_msg->hdr.error = HV_E_FAIL; goto kvp_op_getipinfo_done; } - op_msg->hdr.error = kvp_get_ip_info(0, if_name, + error = kvp_get_ip_info(0, if_name, HV_KVP_OP_GET_IP_INFO, ip_val, (MAX_IP_ADDR_SIZE * 2)); - + if (error) + op_msg->hdr.error = HV_E_FAIL; free(if_name); kvp_op_getipinfo_done: - return(op_msg->hdr.error); + return (error); } @@ -1121,25 +1121,27 @@ kvp_op_setipinfo(struct hv_kvp_msg *op_m { struct hv_kvp_ipaddr_value *ip_val; char *if_name; + int error = 0; assert(op_msg != NULL);
svn commit: r308200 - in stable: 10/crypto/openssl/ssl 9/crypto/openssl/ssl
Author: delphij Date: Wed Nov 2 07:09:31 2016 New Revision: 308200 URL: https://svnweb.freebsd.org/changeset/base/308200 Log: Backport OpenSSL commit af58be768ebb690f78530f796e92b8ae5c9a4401: Don't allow too many consecutive warning alerts Certain warning alerts are ignored if they are received. This can mean that no progress will be made if one peer continually sends those warning alerts. Implement a count so that we abort the connection if we receive too many. Issue reported by Shi Lei. This is a direct commit to stable/10 and stable/9. Security: CVE-2016-8610 Modified: stable/9/crypto/openssl/ssl/d1_pkt.c stable/9/crypto/openssl/ssl/s3_pkt.c stable/9/crypto/openssl/ssl/ssl.h stable/9/crypto/openssl/ssl/ssl3.h stable/9/crypto/openssl/ssl/ssl_locl.h Changes in other areas also in this revision: Modified: stable/10/crypto/openssl/ssl/d1_pkt.c stable/10/crypto/openssl/ssl/s3_pkt.c stable/10/crypto/openssl/ssl/ssl.h stable/10/crypto/openssl/ssl/ssl3.h stable/10/crypto/openssl/ssl/ssl_locl.h Modified: stable/9/crypto/openssl/ssl/d1_pkt.c == --- stable/9/crypto/openssl/ssl/d1_pkt.cWed Nov 2 06:58:47 2016 (r308199) +++ stable/9/crypto/openssl/ssl/d1_pkt.cWed Nov 2 07:09:31 2016 (r308200) @@ -820,6 +820,13 @@ int dtls1_read_bytes(SSL *s, int type, u goto start; } +/* + * Reset the count of consecutive warning alerts if we've got a non-empty + * record that isn't an alert. + */ +if (rr->type != SSL3_RT_ALERT && rr->length != 0) +s->s3->alert_count = 0; + /* we now have a packet which can be read and processed */ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, @@ -1043,6 +1050,14 @@ int dtls1_read_bytes(SSL *s, int type, u if (alert_level == 1) { /* warning */ s->s3->warn_alert = alert_descr; + +s->s3->alert_count++; +if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) { +al = SSL_AD_UNEXPECTED_MESSAGE; +SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS); +goto f_err; +} + if (alert_descr == SSL_AD_CLOSE_NOTIFY) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; return (0); Modified: stable/9/crypto/openssl/ssl/s3_pkt.c == --- stable/9/crypto/openssl/ssl/s3_pkt.cWed Nov 2 06:58:47 2016 (r308199) +++ stable/9/crypto/openssl/ssl/s3_pkt.cWed Nov 2 07:09:31 2016 (r308200) @@ -922,6 +922,13 @@ int ssl3_read_bytes(SSL *s, int type, un return (ret); } +/* + * Reset the count of consecutive warning alerts if we've got a non-empty + * record that isn't an alert. + */ +if (rr->type != SSL3_RT_ALERT && rr->length != 0) +s->s3->alert_count = 0; + /* we now have a packet which can be read and processed */ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, @@ -1121,6 +1128,14 @@ int ssl3_read_bytes(SSL *s, int type, un if (alert_level == 1) { /* warning */ s->s3->warn_alert = alert_descr; + +s->s3->alert_count++; +if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) { +al = SSL_AD_UNEXPECTED_MESSAGE; +SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS); +goto f_err; +} + if (alert_descr == SSL_AD_CLOSE_NOTIFY) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; return (0); Modified: stable/9/crypto/openssl/ssl/ssl.h == --- stable/9/crypto/openssl/ssl/ssl.h Wed Nov 2 06:58:47 2016 (r308199) +++ stable/9/crypto/openssl/ssl/ssl.h Wed Nov 2 07:09:31 2016 (r308200) @@ -2195,6 +2195,7 @@ void ERR_load_SSL_strings(void); # define SSL_R_TLSV1_UNSUPPORTED_EXTENSION1110 # define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 227 +# define SSL_R_TOO_MANY_WARN_ALERTS 409 # define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 # define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG234 # define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER235 Modified: stable/9/crypto/openssl/ssl/ssl3.h == --- stable/9/crypto/openssl/ssl/ssl3.h Wed Nov 2 06:58:47 2016 (r308199) +++ stable/9/crypto/openssl/ssl/ssl3.h Wed Nov 2 07:09:31 2016 (r308200) @@ -491,6 +491,8 @@ typedef struct ssl3_state_st { char is_probably_safari; # endif/* !OPENSSL_NO_EC */ # endif
svn commit: r308200 - in stable: 10/crypto/openssl/ssl 9/crypto/openssl/ssl
Author: delphij Date: Wed Nov 2 07:09:31 2016 New Revision: 308200 URL: https://svnweb.freebsd.org/changeset/base/308200 Log: Backport OpenSSL commit af58be768ebb690f78530f796e92b8ae5c9a4401: Don't allow too many consecutive warning alerts Certain warning alerts are ignored if they are received. This can mean that no progress will be made if one peer continually sends those warning alerts. Implement a count so that we abort the connection if we receive too many. Issue reported by Shi Lei. This is a direct commit to stable/10 and stable/9. Security: CVE-2016-8610 Modified: stable/10/crypto/openssl/ssl/d1_pkt.c stable/10/crypto/openssl/ssl/s3_pkt.c stable/10/crypto/openssl/ssl/ssl.h stable/10/crypto/openssl/ssl/ssl3.h stable/10/crypto/openssl/ssl/ssl_locl.h Changes in other areas also in this revision: Modified: stable/9/crypto/openssl/ssl/d1_pkt.c stable/9/crypto/openssl/ssl/s3_pkt.c stable/9/crypto/openssl/ssl/ssl.h stable/9/crypto/openssl/ssl/ssl3.h stable/9/crypto/openssl/ssl/ssl_locl.h Modified: stable/10/crypto/openssl/ssl/d1_pkt.c == --- stable/10/crypto/openssl/ssl/d1_pkt.c Wed Nov 2 06:58:47 2016 (r308199) +++ stable/10/crypto/openssl/ssl/d1_pkt.c Wed Nov 2 07:09:31 2016 (r308200) @@ -924,6 +924,13 @@ int dtls1_read_bytes(SSL *s, int type, u goto start; } +/* + * Reset the count of consecutive warning alerts if we've got a non-empty + * record that isn't an alert. + */ +if (rr->type != SSL3_RT_ALERT && rr->length != 0) +s->s3->alert_count = 0; + /* we now have a packet which can be read and processed */ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, @@ -1190,6 +1197,14 @@ int dtls1_read_bytes(SSL *s, int type, u if (alert_level == SSL3_AL_WARNING) { s->s3->warn_alert = alert_descr; + +s->s3->alert_count++; +if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) { +al = SSL_AD_UNEXPECTED_MESSAGE; +SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS); +goto f_err; +} + if (alert_descr == SSL_AD_CLOSE_NOTIFY) { #ifndef OPENSSL_NO_SCTP /* Modified: stable/10/crypto/openssl/ssl/s3_pkt.c == --- stable/10/crypto/openssl/ssl/s3_pkt.c Wed Nov 2 06:58:47 2016 (r308199) +++ stable/10/crypto/openssl/ssl/s3_pkt.c Wed Nov 2 07:09:31 2016 (r308200) @@ -1057,6 +1057,13 @@ int ssl3_read_bytes(SSL *s, int type, un return (ret); } +/* + * Reset the count of consecutive warning alerts if we've got a non-empty + * record that isn't an alert. + */ +if (rr->type != SSL3_RT_ALERT && rr->length != 0) +s->s3->alert_count = 0; + /* we now have a packet which can be read and processed */ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, @@ -1271,6 +1278,14 @@ int ssl3_read_bytes(SSL *s, int type, un if (alert_level == SSL3_AL_WARNING) { s->s3->warn_alert = alert_descr; + +s->s3->alert_count++; +if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) { +al = SSL_AD_UNEXPECTED_MESSAGE; +SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS); +goto f_err; +} + if (alert_descr == SSL_AD_CLOSE_NOTIFY) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; return (0); Modified: stable/10/crypto/openssl/ssl/ssl.h == --- stable/10/crypto/openssl/ssl/ssl.h Wed Nov 2 06:58:47 2016 (r308199) +++ stable/10/crypto/openssl/ssl/ssl.h Wed Nov 2 07:09:31 2016 (r308200) @@ -2717,6 +2717,7 @@ void ERR_load_SSL_strings(void); # define SSL_R_TLS_HEARTBEAT_PENDING 366 # define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 +# define SSL_R_TOO_MANY_WARN_ALERTS 409 # define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 # define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG234 # define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER235 Modified: stable/10/crypto/openssl/ssl/ssl3.h == --- stable/10/crypto/openssl/ssl/ssl3.h Wed Nov 2 06:58:47 2016 (r308199) +++ stable/10/crypto/openssl/ssl/ssl3.h Wed Nov 2 07:09:31 2016 (r308200) @@ -587,6 +587,8 @@ typedef struct ssl3_state_st { char is_probably_safari; # endif /* !OPENSSL_NO_EC */ # endif/* !OPENSSL_NO_TLSEXT */ +/*
svn commit: r308199 - stable/10/crypto/openssh
Author: delphij Date: Wed Nov 2 06:58:47 2016 New Revision: 308199 URL: https://svnweb.freebsd.org/changeset/base/308199 Log: MFC r308197: MFV r308196: Fix OpenSSH remote Denial of Service vulnerability. Security: CVE-2016-8858 Modified: stable/10/crypto/openssh/kex.c Directory Properties: stable/10/ (props changed) Modified: stable/10/crypto/openssh/kex.c == --- stable/10/crypto/openssh/kex.c Wed Nov 2 06:56:35 2016 (r308198) +++ stable/10/crypto/openssh/kex.c Wed Nov 2 06:58:47 2016 (r308199) @@ -468,6 +468,7 @@ kex_input_kexinit(int type, u_int32_t se if (kex == NULL) return SSH_ERR_INVALID_ARGUMENT; + ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL); ptr = sshpkt_ptr(ssh, ); if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0) return r; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308198 - stable/11/crypto/openssh
Author: delphij Date: Wed Nov 2 06:56:35 2016 New Revision: 308198 URL: https://svnweb.freebsd.org/changeset/base/308198 Log: MFC r308197: MFV r308196: Fix OpenSSH remote Denial of Service vulnerability. Security: CVE-2016-8858 Modified: stable/11/crypto/openssh/kex.c Directory Properties: stable/11/ (props changed) Modified: stable/11/crypto/openssh/kex.c == --- stable/11/crypto/openssh/kex.c Wed Nov 2 06:49:25 2016 (r308197) +++ stable/11/crypto/openssh/kex.c Wed Nov 2 06:56:35 2016 (r308198) @@ -468,6 +468,7 @@ kex_input_kexinit(int type, u_int32_t se if (kex == NULL) return SSH_ERR_INVALID_ARGUMENT; + ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL); ptr = sshpkt_ptr(ssh, ); if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0) return r; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308197 - head/crypto/openssh
Author: delphij Date: Wed Nov 2 06:49:25 2016 New Revision: 308197 URL: https://svnweb.freebsd.org/changeset/base/308197 Log: MFV r308196: Fix OpenSSH remote Denial of Service vulnerability. Security: CVE-2016-8858 Modified: head/crypto/openssh/kex.c Directory Properties: head/crypto/openssh/ (props changed) Modified: head/crypto/openssh/kex.c == --- head/crypto/openssh/kex.c Wed Nov 2 06:43:20 2016(r308196) +++ head/crypto/openssh/kex.c Wed Nov 2 06:49:25 2016(r308197) @@ -468,6 +468,7 @@ kex_input_kexinit(int type, u_int32_t se if (kex == NULL) return SSH_ERR_INVALID_ARGUMENT; + ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL); ptr = sshpkt_ptr(ssh, ); if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0) return r; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308196 - vendor-crypto/openssh/dist
Author: delphij Date: Wed Nov 2 06:43:20 2016 New Revision: 308196 URL: https://svnweb.freebsd.org/changeset/base/308196 Log: Apply upstream fix for CVE-2016-8858: Unregister the KEXINIT handler after message has been received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause allocation of up to 128MB -- until the connection is closed. Reported by shilei-c at 360.cn Obtained from:OpenBSD Modified: vendor-crypto/openssh/dist/kex.c Modified: vendor-crypto/openssh/dist/kex.c == --- vendor-crypto/openssh/dist/kex.cWed Nov 2 06:37:35 2016 (r308195) +++ vendor-crypto/openssh/dist/kex.cWed Nov 2 06:43:20 2016 (r308196) @@ -468,6 +468,7 @@ kex_input_kexinit(int type, u_int32_t se if (kex == NULL) return SSH_ERR_INVALID_ARGUMENT; + ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL); ptr = sshpkt_ptr(ssh, ); if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0) return r; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308195 - head/sys/boot/efi/libefi
Author: tsoome Date: Wed Nov 2 06:37:35 2016 New Revision: 308195 URL: https://svnweb.freebsd.org/changeset/base/308195 Log: efinet_dev_print should honor verbose option. lsdev should display detailed information about net devices only with -v switch. This will make EFI and BIOS version of the loader to have the same behavior. Reviewed by: bapt, imp Approved by: imp (mentor) Differential Revision:https://reviews.freebsd.org/D8415 Modified: head/sys/boot/efi/libefi/efinet.c Modified: head/sys/boot/efi/libefi/efinet.c == --- head/sys/boot/efi/libefi/efinet.c Wed Nov 2 05:41:23 2016 (r308194) +++ head/sys/boot/efi/libefi/efinet.c Wed Nov 2 06:37:35 2016 (r308195) @@ -357,10 +357,12 @@ efinet_dev_print(int verbose) for (unit = 0, h = efi_find_handle(_dev, 0); h != NULL; h = efi_find_handle(_dev, ++unit)) { printf("%s%d:", efinet_dev.dv_name, unit); - text = efi_devpath_name(efi_lookup_devpath(h)); - if (text != NULL) { - printf("%S", text); - efi_free_devpath_name(text); + if (verbose) { + text = efi_devpath_name(efi_lookup_devpath(h)); + if (text != NULL) { + printf("%S", text); + efi_free_devpath_name(text); + } } if (pager_output("\n")) break; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"