CVS commit: src/sys/arch/amd64/amd64

2019-08-21 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Wed Aug 21 12:46:56 UTC 2019 Modified Files: src/sys/arch/amd64/amd64: netbsd32_machdep.c Log Message: Style and remove dead stuff. To generate a diff of this commit: cvs rdiff -u -r1.126 -r1.127 src/sys/arch/amd64/amd64/netbsd32_

CVS commit: src/sys/arch/amd64/amd64

2019-08-21 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Wed Aug 21 12:46:56 UTC 2019 Modified Files: src/sys/arch/amd64/amd64: netbsd32_machdep.c Log Message: Style and remove dead stuff. To generate a diff of this commit: cvs rdiff -u -r1.126 -r1.127 src/sys/arch/amd64/amd64/netbsd32_

CVS commit: src/sys/arch/amd64/amd64

2019-08-21 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Wed Aug 21 12:33:12 UTC 2019 Modified Files: src/sys/arch/amd64/amd64: netbsd32_machdep.c Log Message: Don't depend on #ifdef USER_LDT in cpu_mcontext32_validate(), but rather on whether the proc uses a user-set LDT. Same as check_s

CVS commit: src/sys/arch/amd64/amd64

2019-08-21 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Wed Aug 21 12:33:12 UTC 2019 Modified Files: src/sys/arch/amd64/amd64: netbsd32_machdep.c Log Message: Don't depend on #ifdef USER_LDT in cpu_mcontext32_validate(), but rather on whether the proc uses a user-set LDT. Same as check_s

CVS commit: src/sys/arch

2019-08-21 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Wed Aug 21 12:16:07 UTC 2019 Modified Files: src/sys/arch/amd64/conf: XEN3_DOM0 XEN3_DOMU XEN3_PVHVM src/sys/arch/i386/conf: XEN3PAE_DOM0 XEN3PAE_DOMU XEN3PAE_PVHVM Log Message: No USER_LDT on Xen. To generate a diff of th

CVS commit: src/sys/arch

2019-08-21 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Wed Aug 21 12:16:07 UTC 2019 Modified Files: src/sys/arch/amd64/conf: XEN3_DOM0 XEN3_DOMU XEN3_PVHVM src/sys/arch/i386/conf: XEN3PAE_DOM0 XEN3PAE_DOMU XEN3PAE_PVHVM Log Message: No USER_LDT on Xen. To generate a diff of th

CVS commit: src/sys/dev/sysmon

2019-08-20 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Tue Aug 20 18:43:57 UTC 2019 Modified Files: src/sys/dev/sysmon: sysmon_power.c Log Message: Fix info leak, not all of 'pev' is initialized. To generate a diff of this commit: cvs rdiff -u -r1.60 -r1.61 src/sys/dev/sysmon/sysmon_p

CVS commit: src/sys/dev/sysmon

2019-08-20 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Tue Aug 20 18:43:57 UTC 2019 Modified Files: src/sys/dev/sysmon: sysmon_power.c Log Message: Fix info leak, not all of 'pev' is initialized. To generate a diff of this commit: cvs rdiff -u -r1.60 -r1.61 src/sys/dev/sysmon/sysmon_p

Re: CVS commit: src/sys/compat/netbsd32

2019-08-20 Thread Maxime Villard
Le 20/08/2019 à 11:32, Christos Zoulas a écrit : Module Name:src Committed By: christos Date: Tue Aug 20 09:32:21 UTC 2019 Modified Files: src/sys/compat/netbsd32: files.netbsd32 netbsd32_ioctl.c netbsd32_ioctl.h Added Files: src/sys/compat/netbsd32: n

CVS commit: src/sys

2019-08-20 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Tue Aug 20 12:25:41 UTC 2019 Modified Files: src/sys/compat/netbsd32: files.netbsd32 src/sys/modules/compat_netbsd32: Makefile Log Message: Disable netbsd32_drm.c until it receives proper review. To generate a diff of this

CVS commit: src/sys

2019-08-20 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Tue Aug 20 12:25:41 UTC 2019 Modified Files: src/sys/compat/netbsd32: files.netbsd32 src/sys/modules/compat_netbsd32: Makefile Log Message: Disable netbsd32_drm.c until it receives proper review. To generate a diff of this

CVS commit: src/sys/kern

2019-08-17 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Sat Aug 17 12:37:49 UTC 2019 Modified Files: src/sys/kern: subr_pool.c Log Message: Kernel Heap Hardening: use bitmaps on all off-page pools. This migrates 29 MI pools on amd64 from linked lists to bitmaps, which have higher securit

CVS commit: src/sys/kern

2019-08-17 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Sat Aug 17 12:37:49 UTC 2019 Modified Files: src/sys/kern: subr_pool.c Log Message: Kernel Heap Hardening: use bitmaps on all off-page pools. This migrates 29 MI pools on amd64 from linked lists to bitmaps, which have higher securit

CVS commit: src/sys/kern

2019-08-16 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Fri Aug 16 10:41:35 UTC 2019 Modified Files: src/sys/kern: subr_pool.c Log Message: Initialize pp->pr_redzone to false. For some reason with KUBSAN GCC does not eliminate the unused branch in pr_item_linkedlist_put(), and this leads

CVS commit: src/sys/kern

2019-08-16 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Fri Aug 16 10:41:35 UTC 2019 Modified Files: src/sys/kern: subr_pool.c Log Message: Initialize pp->pr_redzone to false. For some reason with KUBSAN GCC does not eliminate the unused branch in pr_item_linkedlist_put(), and this leads

Re: CVS commit: src/sys/kern

2019-08-16 Thread Maxime Villard
Le 16/08/2019 à 00:05, matthew green a écrit : KMEM_GUARD is useful for platforms that don't have kasan yet. Verily it was not. 1) The place where diagnostic/debug features should be implemented is pool(9), not kmem(9). Pools represent all of the dynamic system memory, kmem only a sma

CVS commit: src

2019-08-15 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Thu Aug 15 12:24:09 UTC 2019 Modified Files: src/share/man/man9: kmem.9 src/sys/arch/mips/mips: pmap_machdep.c src/sys/kern: files.kern Log Message: Unlink KMEM_GUARD leftovers. To generate a diff of this commit: c

CVS commit: src

2019-08-15 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Thu Aug 15 12:24:09 UTC 2019 Modified Files: src/share/man/man9: kmem.9 src/sys/arch/mips/mips: pmap_machdep.c src/sys/kern: files.kern Log Message: Unlink KMEM_GUARD leftovers. To generate a diff of this commit: c

CVS commit: src/sys/kern

2019-08-15 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Thu Aug 15 12:06:42 UTC 2019 Modified Files: src/sys/kern: subr_kmem.c Log Message: Retire KMEM_GUARD. It has been superseded by kASan, which is much more powerful, has much more coverage - far beyond just kmem(9) -, and also consum

CVS commit: src/sys/kern

2019-08-15 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Thu Aug 15 12:06:42 UTC 2019 Modified Files: src/sys/kern: subr_kmem.c Log Message: Retire KMEM_GUARD. It has been superseded by kASan, which is much more powerful, has much more coverage - far beyond just kmem(9) -, and also consum

CVS commit: src

2019-08-13 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Tue Aug 13 09:48:24 UTC 2019 Modified Files: src/dist/pf/usr.sbin/ftp-proxy: npf.c src/usr.sbin/pf/ftp-proxy: Makefile Log Message: sync with reality To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/dist/pf/

CVS commit: src

2019-08-13 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Tue Aug 13 09:48:24 UTC 2019 Modified Files: src/dist/pf/usr.sbin/ftp-proxy: npf.c src/usr.sbin/pf/ftp-proxy: Makefile Log Message: sync with reality To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/dist/pf/

CVS commit: src/sys/dev

2019-08-07 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Wed Aug 7 10:36:19 UTC 2019 Modified Files: src/sys/dev: fss.c Log Message: Check fc_type before fc_cluster, because the latter may not be initialized. This is harmless because fc_type is always initialized properly, so the next br

CVS commit: src/sys/dev

2019-08-07 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Wed Aug 7 10:36:19 UTC 2019 Modified Files: src/sys/dev: fss.c Log Message: Check fc_type before fc_cluster, because the latter may not be initialized. This is harmless because fc_type is always initialized properly, so the next br

CVS commit: src/sys/dev/usb

2019-08-07 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Wed Aug 7 08:47:09 UTC 2019 Modified Files: src/sys/dev/usb: usb.h usb_subr.c Log Message: Introduce USB_DESCRIPTOR_SIZE (3), and fix two bugs: 1) In usbd_find_idesc(), make sure the tables we're reading fit in the allocated

CVS commit: src/sys/dev/usb

2019-08-07 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Wed Aug 7 08:47:09 UTC 2019 Modified Files: src/sys/dev/usb: usb.h usb_subr.c Log Message: Introduce USB_DESCRIPTOR_SIZE (3), and fix two bugs: 1) In usbd_find_idesc(), make sure the tables we're reading fit in the allocated

CVS commit: src/sys/arch/amd64/conf

2019-08-06 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Wed Aug 7 06:28:03 UTC 2019 Modified Files: src/sys/arch/amd64/conf: GENERIC Log Message: Sync with reality. To generate a diff of this commit: cvs rdiff -u -r1.532 -r1.533 src/sys/arch/amd64/conf/GENERIC Please note that diffs

CVS commit: src/sys/arch/amd64/conf

2019-08-06 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Wed Aug 7 06:28:03 UTC 2019 Modified Files: src/sys/arch/amd64/conf: GENERIC Log Message: Sync with reality. To generate a diff of this commit: cvs rdiff -u -r1.532 -r1.533 src/sys/arch/amd64/conf/GENERIC Please note that diffs

CVS commit: src/sys/arch

2019-08-06 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Wed Aug 7 06:23:48 UTC 2019 Modified Files: src/sys/arch/amd64/include: pmap.h src/sys/arch/x86/include: cpu.h pmap.h src/sys/arch/x86/x86: pmap.c svs.c Log Message: Add support for USER_LDT in SVS. This allows us t

CVS commit: src/sys/arch

2019-08-06 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Wed Aug 7 06:23:48 UTC 2019 Modified Files: src/sys/arch/amd64/include: pmap.h src/sys/arch/x86/include: cpu.h pmap.h src/sys/arch/x86/x86: pmap.c svs.c Log Message: Add support for USER_LDT in SVS. This allows us t

Re: CVS commit: src/sys/net/npf

2019-08-06 Thread Maxime Villard
should understand that rmind is ok with this change right? christos On Aug 6, 2019, at 1:26 PM, Maxime Villard wrote: Le 06/08/2019 à 12:25, Christos Zoulas a écrit : Module Name:src Committed By: christos Date: Tue Aug 6 10:25:13 UTC 2019 Modified Files: src/sys/net

Re: CVS commit: src/sys/net/npf

2019-08-06 Thread Maxime Villard
Le 06/08/2019 à 12:25, Christos Zoulas a écrit : Module Name:src Committed By: christos Date: Tue Aug 6 10:25:13 UTC 2019 Modified Files: src/sys/net/npf: npf_conn.c Log Message: Introduce an npf_conn_destroy_idx() that can handle partially constructed conn structures.

CVS commit: src/sys/uvm

2019-08-06 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Tue Aug 6 08:10:27 UTC 2019 Modified Files: src/sys/uvm: uvm_mmap.c Log Message: Change 'npgs' from int to size_t. Otherwise the 64bit->32bit conversion could lead to npgs=0, which is not expected. It later triggers a panic in uvm_

CVS commit: src/sys/uvm

2019-08-06 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Tue Aug 6 08:10:27 UTC 2019 Modified Files: src/sys/uvm: uvm_mmap.c Log Message: Change 'npgs' from int to size_t. Otherwise the 64bit->32bit conversion could lead to npgs=0, which is not expected. It later triggers a panic in uvm_

CVS commit: src/sys/netipsec

2019-08-04 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Sun Aug 4 14:30:36 UTC 2019 Modified Files: src/sys/netipsec: key.c Log Message: Fix info leaks. To generate a diff of this commit: cvs rdiff -u -r1.265 -r1.266 src/sys/netipsec/key.c Please note that diffs are not public domain

CVS commit: src/sys/netipsec

2019-08-04 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Sun Aug 4 14:30:36 UTC 2019 Modified Files: src/sys/netipsec: key.c Log Message: Fix info leaks. To generate a diff of this commit: cvs rdiff -u -r1.265 -r1.266 src/sys/netipsec/key.c Please note that diffs are not public domain

CVS commit: src/sys/kern

2019-08-03 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Sat Aug 3 09:31:07 UTC 2019 Modified Files: src/sys/kern: subr_pool.c Log Message: Replace || by && in KASAN, to increase the pool coverage. Strictly speaking, what we want to avoid is poisoning buffers that were referenced in a g

CVS commit: src/sys/kern

2019-08-03 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Sat Aug 3 09:31:07 UTC 2019 Modified Files: src/sys/kern: subr_pool.c Log Message: Replace || by && in KASAN, to increase the pool coverage. Strictly speaking, what we want to avoid is poisoning buffers that were referenced in a g

CVS commit: src/sys/kern

2019-08-01 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Fri Aug 2 05:22:14 UTC 2019 Modified Files: src/sys/kern: subr_pool.c Log Message: Kernel Heap Hardening: perform certain sanity checks on the pool caches directly, to immediately detect certain bugs that would otherwise have been

CVS commit: src/sys/kern

2019-08-01 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Fri Aug 2 05:22:14 UTC 2019 Modified Files: src/sys/kern: subr_pool.c Log Message: Kernel Heap Hardening: perform certain sanity checks on the pool caches directly, to immediately detect certain bugs that would otherwise have been

CVS commit: src/sys/dev/usb

2019-07-31 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Wed Jul 31 19:40:59 UTC 2019 Modified Files: src/sys/dev/usb: usb_subr.c usbdi_util.c Log Message: 1) Make sure we have a complete endpoint descriptor header, otherwise small overflow. 2) Make sure the total length of the bos

CVS commit: src/sys/dev/usb

2019-07-31 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Wed Jul 31 19:40:59 UTC 2019 Modified Files: src/sys/dev/usb: usb_subr.c usbdi_util.c Log Message: 1) Make sure we have a complete endpoint descriptor header, otherwise small overflow. 2) Make sure the total length of the bos

CVS commit: src/sys/kern

2019-07-29 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Mon Jul 29 09:42:17 UTC 2019 Modified Files: src/sys/kern: uipc_usrreq.c Log Message: Fix info leak: the padding after the header causes uninitialized heap memory to be copied to userland in sys_recvmsg(). To generate a diff of th

CVS commit: src/sys/kern

2019-07-29 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Mon Jul 29 09:42:17 UTC 2019 Modified Files: src/sys/kern: uipc_usrreq.c Log Message: Fix info leak: the padding after the header causes uninitialized heap memory to be copied to userland in sys_recvmsg(). To generate a diff of th

CVS commit: src/sys/dev/usb

2019-07-23 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Tue Jul 23 17:21:33 UTC 2019 Modified Files: src/sys/dev/usb: usb_subr.c Log Message: 1) If the descriptor length is bigger than the USB string descriptor itself, error out. Otherwise there is a small overflow (seen on KASAN,

CVS commit: src/sys/dev/usb

2019-07-23 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Tue Jul 23 17:21:33 UTC 2019 Modified Files: src/sys/dev/usb: usb_subr.c Log Message: 1) If the descriptor length is bigger than the USB string descriptor itself, error out. Otherwise there is a small overflow (seen on KASAN,

CVS commit: src/sys/fs/tmpfs

2019-07-13 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Sun Jul 14 05:58:44 UTC 2019 Modified Files: src/sys/fs/tmpfs: tmpfs_rename.c Log Message: Fix uninitialized variable: if 'tvp' is NULL, '*tdep' is not initialized. This could have caused the KASSERT to wrongfully fire. ok riastrad

CVS commit: src/sys/fs/tmpfs

2019-07-13 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Sun Jul 14 05:58:44 UTC 2019 Modified Files: src/sys/fs/tmpfs: tmpfs_rename.c Log Message: Fix uninitialized variable: if 'tvp' is NULL, '*tdep' is not initialized. This could have caused the KASSERT to wrongfully fire. ok riastrad

CVS commit: src/sys/fs/tmpfs

2019-07-13 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Sat Jul 13 14:24:37 UTC 2019 Modified Files: src/sys/fs/tmpfs: tmpfs_mem.c Log Message: Remove the roundups, they are incorrect and cause memcmp to wrongfully fail because of uninitialized bytes at the end of the buffers. ok rmind@

CVS commit: src/sys/fs/tmpfs

2019-07-13 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Sat Jul 13 14:24:37 UTC 2019 Modified Files: src/sys/fs/tmpfs: tmpfs_mem.c Log Message: Remove the roundups, they are incorrect and cause memcmp to wrongfully fail because of uninitialized bytes at the end of the buffers. ok rmind@

CVS commit: src/sys/fs/cd9660

2019-07-12 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Fri Jul 12 17:18:30 UTC 2019 Modified Files: src/sys/fs/cd9660: cd9660_vnops.c Log Message: Fix info leak: zero out the buffer, because it is not entirely filled, and the uninitialized bytes get copied to userland in sys___getdens30

CVS commit: src/sys/fs/cd9660

2019-07-12 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Fri Jul 12 17:18:30 UTC 2019 Modified Files: src/sys/fs/cd9660: cd9660_vnops.c Log Message: Fix info leak: zero out the buffer, because it is not entirely filled, and the uninitialized bytes get copied to userland in sys___getdens30

CVS commit: src/sys/kern

2019-07-11 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Thu Jul 11 17:30:44 UTC 2019 Modified Files: src/sys/kern: uipc_socket2.c Log Message: Fix info leaks: the alignment of the structures causes uninitialized heap memory to be copied to userland in sys_recvmsg(). To generate a diff

CVS commit: src/sys/kern

2019-07-11 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Thu Jul 11 17:30:44 UTC 2019 Modified Files: src/sys/kern: uipc_socket2.c Log Message: Fix info leaks: the alignment of the structures causes uninitialized heap memory to be copied to userland in sys_recvmsg(). To generate a diff

CVS commit: src/sys/uvm

2019-07-11 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Thu Jul 11 17:07:10 UTC 2019 Modified Files: src/sys/uvm: uvm_map.c Log Message: Fix info leak: 'map_attrib' is not used in UVM, and contains uninitialized heap garbage. Return zero. Maybe we should remove the field completely. To

CVS commit: src/sys/uvm

2019-07-11 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Thu Jul 11 17:07:10 UTC 2019 Modified Files: src/sys/uvm: uvm_map.c Log Message: Fix info leak: 'map_attrib' is not used in UVM, and contains uninitialized heap garbage. Return zero. Maybe we should remove the field completely. To

CVS commit: src/sys/miscfs/genfs

2019-07-11 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Thu Jul 11 16:59:14 UTC 2019 Modified Files: src/sys/miscfs/genfs: genfs_io.c Log Message: Fix (harmless) uninitialized variable: 'pg' could be 'endm', in which case 'pg->uobject' would not be initialized. Just invert the two last c

CVS commit: src/sys/miscfs/genfs

2019-07-11 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Thu Jul 11 16:59:14 UTC 2019 Modified Files: src/sys/miscfs/genfs: genfs_io.c Log Message: Fix (harmless) uninitialized variable: 'pg' could be 'endm', in which case 'pg->uobject' would not be initialized. Just invert the two last c

CVS commit: src/sys/net

2019-07-10 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Wed Jul 10 17:55:33 UTC 2019 Modified Files: src/sys/net: bpf.c Log Message: Fix info leak: use kmem_zalloc, because we align the buffers, and the otherwise uninitialized padding bytes get copied to userland in bpf_read(). To gene

CVS commit: src/sys/net

2019-07-10 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Wed Jul 10 17:55:33 UTC 2019 Modified Files: src/sys/net: bpf.c Log Message: Fix info leak: use kmem_zalloc, because we align the buffers, and the otherwise uninitialized padding bytes get copied to userland in bpf_read(). To gene

CVS commit: src/sys/kern

2019-07-10 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Wed Jul 10 17:52:22 UTC 2019 Modified Files: src/sys/kern: sys_lwp.c Log Message: Fix info leak: instead of using SS_INIT as a literal compound, use a global variable from rodata. The compound gets pushed on the stack, the padding o

CVS commit: src/sys/kern

2019-07-10 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Wed Jul 10 17:52:22 UTC 2019 Modified Files: src/sys/kern: sys_lwp.c Log Message: Fix info leak: instead of using SS_INIT as a literal compound, use a global variable from rodata. The compound gets pushed on the stack, the padding o

CVS commit: src/sys/kern

2019-07-10 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Wed Jul 10 17:32:38 UTC 2019 Modified Files: src/sys/kern: subr_cprng.c Log Message: Zero out 'cprng->cs_name' entirely. Otherwise the RND pool gets polluted by uninitialized bits from the end of the string. To generate a diff of

CVS commit: src/sys/kern

2019-07-10 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Wed Jul 10 17:32:38 UTC 2019 Modified Files: src/sys/kern: subr_cprng.c Log Message: Zero out 'cprng->cs_name' entirely. Otherwise the RND pool gets polluted by uninitialized bits from the end of the string. To generate a diff of

CVS commit: src/sys/dev/dkwedge

2019-07-09 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Tue Jul 9 17:06:46 UTC 2019 Modified Files: src/sys/dev/dkwedge: dkwedge_apple.c dkwedge_bsdlabel.c dkwedge_gpt.c dkwedge_mbr.c dkwedge_rdb.c Log Message: Fix info leak: always clear 'dkw', because some of its (otherwis

CVS commit: src/sys/dev/dkwedge

2019-07-09 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Tue Jul 9 17:06:46 UTC 2019 Modified Files: src/sys/dev/dkwedge: dkwedge_apple.c dkwedge_bsdlabel.c dkwedge_gpt.c dkwedge_mbr.c dkwedge_rdb.c Log Message: Fix info leak: always clear 'dkw', because some of its (otherwis

CVS commit: src/sys/netipsec

2019-07-09 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Tue Jul 9 16:56:24 UTC 2019 Modified Files: src/sys/netipsec: ipsec.c Log Message: Fix uninitialized variable: in ipsec_checkpcbcache(), spidx.dir is not initialized, and the padding of the spidx structure is not initialized either

CVS commit: src/sys/netipsec

2019-07-09 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Tue Jul 9 16:56:24 UTC 2019 Modified Files: src/sys/netipsec: ipsec.c Log Message: Fix uninitialized variable: in ipsec_checkpcbcache(), spidx.dir is not initialized, and the padding of the spidx structure is not initialized either

CVS commit: src/sys/kern

2019-07-07 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Sun Jul 7 15:12:59 UTC 2019 Modified Files: src/sys/kern: kern_todr.c Log Message: The whole 'tv' structure gets added to the RND pool, so clear it first, otherwise each random buffer gets tainted by uninitialized bytes from the pa

CVS commit: src/sys/kern

2019-07-07 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Sun Jul 7 15:12:59 UTC 2019 Modified Files: src/sys/kern: kern_todr.c Log Message: The whole 'tv' structure gets added to the RND pool, so clear it first, otherwise each random buffer gets tainted by uninitialized bytes from the pa

Re: CVS commit: src/sys/dev/usb

2019-07-06 Thread Maxime Villard
em, disabling port 1 Thomas On Sat, Jul 06, 2019 at 05:05:54AM +, Maxime Villard wrote: Module Name:src Committed By: maxv Date: Sat Jul 6 05:05:53 UTC 2019 Modified Files: src/sys/dev/usb: usb_subr.c Log Message: Fix two length checks, otherwise a malicious USB k

CVS commit: src/sys/kern

2019-07-06 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Sat Jul 6 14:37:24 UTC 2019 Modified Files: src/sys/kern: vfs_syscalls.c Log Message: Fix bug: if seg == UIO_SYSSPACE, tv[] is not initialized. The branches should depend on tptr[] instead. To generate a diff of this commit: cvs

CVS commit: src/sys/kern

2019-07-06 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Sat Jul 6 14:37:24 UTC 2019 Modified Files: src/sys/kern: vfs_syscalls.c Log Message: Fix bug: if seg == UIO_SYSSPACE, tv[] is not initialized. The branches should depend on tptr[] instead. To generate a diff of this commit: cvs

CVS commit: src/sys/kern

2019-07-06 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Sat Jul 6 14:27:39 UTC 2019 Modified Files: src/sys/kern: vfs_lookup.c Log Message: Fix (harmless) uninitialized variable. In the path namei_tryemulroot -> namei_oneroot-> namei_start There was a branch where 'ndp->ni_ero

CVS commit: src/sys/kern

2019-07-06 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Sat Jul 6 14:27:39 UTC 2019 Modified Files: src/sys/kern: vfs_lookup.c Log Message: Fix (harmless) uninitialized variable. In the path namei_tryemulroot -> namei_oneroot-> namei_start There was a branch where 'ndp->ni_ero

Re: CVS commit: src/sys/dev/usb

2019-07-06 Thread Maxime Villard
Mmh no I see, the min descriptor length check we should add is 3 bytes, and my check should be moved below in the idesc branch. I'll re-fix that next week. Le 06/07/2019 à 10:04, Maxime Villard a écrit : Can you add printfs in these two functions to dump 'bLength'? I've

CVS commit: src/sys/dev/usb

2019-07-06 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Sat Jul 6 08:00:19 UTC 2019 Modified Files: src/sys/dev/usb: usb_subr.c Log Message: Revert previous, for now. To generate a diff of this commit: cvs rdiff -u -r1.231 -r1.232 src/sys/dev/usb/usb_subr.c Please note that diffs are

CVS commit: src/sys/dev/usb

2019-07-06 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Sat Jul 6 08:00:19 UTC 2019 Modified Files: src/sys/dev/usb: usb_subr.c Log Message: Revert previous, for now. To generate a diff of this commit: cvs rdiff -u -r1.231 -r1.232 src/sys/dev/usb/usb_subr.c Please note that diffs are

CVS commit: src/sys/dev/dkwedge

2019-07-05 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Sat Jul 6 05:41:23 UTC 2019 Modified Files: src/sys/dev/dkwedge: dkwedge_apple.c Log Message: Add a condition in the loop. Otherwise there could be an infinite loop, and we could also be wrongfully adding more wedges than necessary

CVS commit: src/sys/dev/dkwedge

2019-07-05 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Sat Jul 6 05:41:23 UTC 2019 Modified Files: src/sys/dev/dkwedge: dkwedge_apple.c Log Message: Add a condition in the loop. Otherwise there could be an infinite loop, and we could also be wrongfully adding more wedges than necessary

CVS commit: src/sys/dev/nvmm

2019-07-05 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Sat Jul 6 05:13:11 UTC 2019 Modified Files: src/sys/dev/nvmm: nvmm.c nvmm_internal.h Log Message: Localify two functions that are no longer used outside. Also return the error from the *_vcpu_run() functions, now that we commit the

CVS commit: src/sys/dev/nvmm

2019-07-05 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Sat Jul 6 05:13:11 UTC 2019 Modified Files: src/sys/dev/nvmm: nvmm.c nvmm_internal.h Log Message: Localify two functions that are no longer used outside. Also return the error from the *_vcpu_run() functions, now that we commit the

CVS commit: src/sys/dev/usb

2019-07-05 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Sat Jul 6 05:05:53 UTC 2019 Modified Files: src/sys/dev/usb: usb_subr.c Log Message: Fix two length checks, otherwise a malicious USB key plugged in the system could trigger overflows, seen with KASAN. To generate a diff of this

CVS commit: src/sys/dev/usb

2019-07-05 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Sat Jul 6 05:05:53 UTC 2019 Modified Files: src/sys/dev/usb: usb_subr.c Log Message: Fix two length checks, otherwise a malicious USB key plugged in the system could trigger overflows, seen with KASAN. To generate a diff of this

CVS commit: src/sys/kern

2019-07-05 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Fri Jul 5 17:14:48 UTC 2019 Modified Files: src/sys/kern: kern_exec.c Log Message: Fix info leak. The padding of 'sigact' is not initialized, it gets copied in the proc, and can later be obtained by userland. To generate a diff o

CVS commit: src/sys/kern

2019-07-05 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Fri Jul 5 17:14:48 UTC 2019 Modified Files: src/sys/kern: kern_exec.c Log Message: Fix info leak. The padding of 'sigact' is not initialized, it gets copied in the proc, and can later be obtained by userland. To generate a diff o

CVS commit: src/sys/arch

2019-07-05 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Fri Jul 5 17:08:56 UTC 2019 Modified Files: src/sys/arch/amd64/amd64: cpufunc.S src/sys/arch/i386/i386: cpufunc.S src/sys/arch/x86/include: cpufunc.h src/sys/arch/x86/x86: fpu.c Log Message: More inlines, pr

CVS commit: src/sys/arch

2019-07-05 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Fri Jul 5 17:08:56 UTC 2019 Modified Files: src/sys/arch/amd64/amd64: cpufunc.S src/sys/arch/i386/i386: cpufunc.S src/sys/arch/x86/include: cpufunc.h src/sys/arch/x86/x86: fpu.c Log Message: More inlines, pr

CVS commit: src/sys/dev/mii

2019-07-03 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Wed Jul 3 17:40:30 UTC 2019 Modified Files: src/sys/dev/mii: makphy.c Log Message: Check the return value of PHY_READ(). Because, if it fails, 'reg' is not initialized. On Qemu, this read systematically fails. Print an error in th

CVS commit: src/sys/dev/mii

2019-07-03 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Wed Jul 3 17:40:30 UTC 2019 Modified Files: src/sys/dev/mii: makphy.c Log Message: Check the return value of PHY_READ(). Because, if it fails, 'reg' is not initialized. On Qemu, this read systematically fails. Print an error in th

CVS commit: src/sys/kern

2019-07-03 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Wed Jul 3 17:31:32 UTC 2019 Modified Files: src/sys/kern: kern_sysctl.c Log Message: Invert two conditions, to fix uninitialized memory access. If the node is an immediate, then the 64 bits of nnode.sysctl_data may not all be initi

CVS commit: src/sys/kern

2019-07-03 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Wed Jul 3 17:31:32 UTC 2019 Modified Files: src/sys/kern: kern_sysctl.c Log Message: Invert two conditions, to fix uninitialized memory access. If the node is an immediate, then the 64 bits of nnode.sysctl_data may not all be initi

CVS commit: src/sys/arch

2019-07-03 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Wed Jul 3 17:24:37 UTC 2019 Modified Files: src/sys/arch/amd64/amd64: cpufunc.S src/sys/arch/i386/i386: cpufunc.S src/sys/arch/x86/include: cpufunc.h Log Message: Inline x86_cpuid2(), prerequisite for future changes

CVS commit: src/sys/arch

2019-07-03 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Wed Jul 3 17:24:37 UTC 2019 Modified Files: src/sys/arch/amd64/amd64: cpufunc.S src/sys/arch/i386/i386: cpufunc.S src/sys/arch/x86/include: cpufunc.h Log Message: Inline x86_cpuid2(), prerequisite for future changes

CVS commit: src/sys/kern

2019-07-01 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Mon Jul 1 17:15:43 UTC 2019 Modified Files: src/sys/kern: sys_lwp.c Log Message: Restrict the size given to copyoutstr. It is safer to do that; even if there is no actual bug here, since the buffer is guaranteed to be NUL terminate

CVS commit: src/sys/kern

2019-07-01 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Mon Jul 1 17:15:43 UTC 2019 Modified Files: src/sys/kern: sys_lwp.c Log Message: Restrict the size given to copyoutstr. It is safer to do that; even if there is no actual bug here, since the buffer is guaranteed to be NUL terminate

Re: CVS commit: src/sys/kern

2019-06-29 Thread Maxime Villard
Le 29/06/2019 à 02:12, Hisashi T Fujinaka a écrit : On Thu, 27 Jun 2019, Maxime Villard wrote: Le 27/06/2019 ? 20:56, Christos Zoulas a ?crit : On Jun 27,  8:30pm, m...@m00nbsd.net (Maxime Villard) wrote: -- Subject: Re: CVS commit: src/sys/kern | Le 27/06/2019 ?  19:07, Christos Zoulas a

CVS commit: src/sys/kern

2019-06-29 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Sat Jun 29 11:37:17 UTC 2019 Modified Files: src/sys/kern: sys_ptrace_common.c Log Message: Fix bug, don't release the reflock if we didn't take it in the first place. Looks like there are other locking issues in here. Reported-by:

CVS commit: src/sys/kern

2019-06-29 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Sat Jun 29 11:37:17 UTC 2019 Modified Files: src/sys/kern: sys_ptrace_common.c Log Message: Fix bug, don't release the reflock if we didn't take it in the first place. Looks like there are other locking issues in here. Reported-by:

CVS commit: src/sys/kern

2019-06-29 Thread Maxime Villard
Module Name:src Committed By: maxv Date: Sat Jun 29 11:13:23 UTC 2019 Modified Files: src/sys/kern: subr_pool.c Log Message: The big pool allocators use pool_page_alloc(), which allocates page-aligned storage. So if we switch to a big pool, set PR_NOALIGN, because the addr

<    1   2   3   4   5   6   7   8   9   >