Module Name:src
Committed By: maxv
Date: Mon Nov 11 09:50:11 UTC 2019
Modified Files:
src/sys/kern: subr_xcall.c
Log Message:
Remove lockless reads of 'xc_donep'. This is an uint64_t, and we cannot
expect the accesses to be MP-safe on 32bit arches.
Found by KCSAN.
To ge
Module Name:src
Committed By: maxv
Date: Tue Nov 12 08:11:55 UTC 2019
Modified Files:
src/sys/netinet6: ip6_input.c
Log Message:
Add more checks in ip6_pullexthdr, to prevent a panic in m_copydata. The
Rip6 entry point could see a garbage Hop6 option.
Not a big issue, sin
Module Name:src
Committed By: maxv
Date: Tue Nov 12 08:11:55 UTC 2019
Modified Files:
src/sys/netinet6: ip6_input.c
Log Message:
Add more checks in ip6_pullexthdr, to prevent a panic in m_copydata. The
Rip6 entry point could see a garbage Hop6 option.
Not a big issue, sin
Le 11/11/2019 à 23:45, Joerg Sonnenberger a écrit :
Module Name:src
Committed By: joerg
Date: Mon Nov 11 22:45:32 UTC 2019
[...]
Log Message:
Update LLVM to 10.0.0git (01f3a59fb3e2542fce74c768718f594d0debd0da)
Since this change, I cannot cross-compile GENERIC amd64 from Linux:
Le 12/11/2019 à 14:37, Joerg Sonnenberger a écrit :
On Tue, Nov 12, 2019 at 11:39:09AM +0100, Maxime Villard wrote:
Le 11/11/2019 à 23:45, Joerg Sonnenberger a écrit :
Module Name:src
Committed By: joerg
Date: Mon Nov 11 22:45:32 UTC 2019
[...]
Log Message:
Update LLVM to
Le 12/11/2019 à 16:06, Maxime Villard a écrit :
Le 12/11/2019 à 14:37, Joerg Sonnenberger a écrit :
On Tue, Nov 12, 2019 at 11:39:09AM +0100, Maxime Villard wrote:
Le 11/11/2019 à 23:45, Joerg Sonnenberger a écrit :
Module Name: src
Committed By: joerg
Date: Mon Nov 11 22:45:32
Module Name:src
Committed By: maxv
Date: Tue Nov 12 18:00:13 UTC 2019
Modified Files:
src/sys/arch/x86/include: specialreg.h
src/sys/arch/x86/x86: spectre.c
Log Message:
Mitigation for CVE-2019-11135: TSX Asynchronous Abort (TAA).
Two sysctls are added:
m
Module Name:src
Committed By: maxv
Date: Tue Nov 12 18:00:13 UTC 2019
Modified Files:
src/sys/arch/x86/include: specialreg.h
src/sys/arch/x86/x86: spectre.c
Log Message:
Mitigation for CVE-2019-11135: TSX Asynchronous Abort (TAA).
Two sysctls are added:
m
Module Name:src
Committed By: maxv
Date: Wed Nov 13 09:47:37 UTC 2019
Modified Files:
src/sys/arch/usermode/usermode: db_memrw.c
Log Message:
Switch to the new PTE naming.
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/sys/arch/usermode/usermode/db_memrw
Module Name:src
Committed By: maxv
Date: Wed Nov 13 09:47:37 UTC 2019
Modified Files:
src/sys/arch/usermode/usermode: db_memrw.c
Log Message:
Switch to the new PTE naming.
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/sys/arch/usermode/usermode/db_memrw
Le 12/11/2019 à 23:10, Joerg Sonnenberger a écrit :
On Tue, Nov 12, 2019 at 04:31:00PM +0100, Maxime Villard wrote:
Le 12/11/2019 à 16:06, Maxime Villard a écrit :
Le 12/11/2019 à 14:37, Joerg Sonnenberger a écrit :
On Tue, Nov 12, 2019 at 11:39:09AM +0100, Maxime Villard wrote:
Le 11/11
Module Name:src
Committed By: maxv
Date: Wed Nov 13 10:13:41 UTC 2019
Modified Files:
src/external/cddl/osnet/dev/fbt/x86: fbt_isa.c
Log Message:
Use x86_patch_window_{open,close}. This also fixes a bug: the CR0/PSL
reloads were inverted.
To generate a diff of this commi
Module Name:src
Committed By: maxv
Date: Wed Nov 13 10:13:41 UTC 2019
Modified Files:
src/external/cddl/osnet/dev/fbt/x86: fbt_isa.c
Log Message:
Use x86_patch_window_{open,close}. This also fixes a bug: the CR0/PSL
reloads were inverted.
To generate a diff of this commi
Module Name:src
Committed By: maxv
Date: Sat Jun 1 06:54:28 UTC 2019
Modified Files:
src/sys/arch/x86/x86: spectre.c
Log Message:
Mmh, check the highest leaf before calling x86_cpuid(), otherwise on old
CPUs we might be getting garbage. While here fix a typo.
Likely fixe
Module Name:src
Committed By: maxv
Date: Sat Jun 1 06:54:28 UTC 2019
Modified Files:
src/sys/arch/x86/x86: spectre.c
Log Message:
Mmh, check the highest leaf before calling x86_cpuid(), otherwise on old
CPUs we might be getting garbage. While here fix a typo.
Likely fixe
Module Name:src
Committed By: maxv
Date: Sat Jun 1 08:12:26 UTC 2019
Modified Files:
src/sys/arch/x86/x86: pmap.c
Log Message:
Fix two bugs in pmap_write_protect():
* The mask should be ~PAGE_MASK, not PTE_FRAME. PTE_FRAME eliminates the
higher bits, and that's not w
Module Name:src
Committed By: maxv
Date: Sat Jun 1 08:12:26 UTC 2019
Modified Files:
src/sys/arch/x86/x86: pmap.c
Log Message:
Fix two bugs in pmap_write_protect():
* The mask should be ~PAGE_MASK, not PTE_FRAME. PTE_FRAME eliminates the
higher bits, and that's not w
Module Name:src
Committed By: maxv
Date: Sat Jun 1 12:42:28 UTC 2019
Modified Files:
src/common/lib/libc/arch/riscv/atomic: Makefile.inc
src/sys/arch/riscv/conf: GENERIC Makefile.riscv files.riscv
src/sys/arch/riscv/include: cpu.h elf_machdep.h mutex.h para
Module Name:src
Committed By: maxv
Date: Sat Jun 1 12:42:28 UTC 2019
Modified Files:
src/common/lib/libc/arch/riscv/atomic: Makefile.inc
src/sys/arch/riscv/conf: GENERIC Makefile.riscv files.riscv
src/sys/arch/riscv/include: cpu.h elf_machdep.h mutex.h para
Module Name:src
Committed By: maxv
Date: Sat Jun 1 15:20:52 UTC 2019
Modified Files:
src/sys/kern: uipc_socket.c
Log Message:
Add XXXs for SCTP bugs.
To generate a diff of this commit:
cvs rdiff -u -r1.279 -r1.280 src/sys/kern/uipc_socket.c
Please note that diffs are n
Module Name:src
Committed By: maxv
Date: Sat Jun 1 15:20:52 UTC 2019
Modified Files:
src/sys/kern: uipc_socket.c
Log Message:
Add XXXs for SCTP bugs.
To generate a diff of this commit:
cvs rdiff -u -r1.279 -r1.280 src/sys/kern/uipc_socket.c
Please note that diffs are n
Module Name:src
Committed By: maxv
Date: Sat Jun 8 07:27:44 UTC 2019
Modified Files:
src/lib/libnvmm: libnvmm.3 libnvmm.c libnvmm_x86.c nvmm.h
src/tests/lib/libnvmm: h_io_assist.c h_mem_assist.c
Log Message:
Change the NVMM API to reduce data movements. Sent to te
Module Name:src
Committed By: maxv
Date: Sat Jun 8 07:27:44 UTC 2019
Modified Files:
src/lib/libnvmm: libnvmm.3 libnvmm.c libnvmm_x86.c nvmm.h
src/tests/lib/libnvmm: h_io_assist.c h_mem_assist.c
Log Message:
Change the NVMM API to reduce data movements. Sent to te
Module Name:src
Committed By: maxv
Date: Thu Jun 13 17:20:25 UTC 2019
Modified Files:
src/sys/dev/pci: ehci_pci.c
src/sys/dev/usb: ehci.c
Log Message:
Random style in ehci, also KM_SLEEP does not fail.
To generate a diff of this commit:
cvs rdiff -u -r1.68 -r1.69
Module Name:src
Committed By: maxv
Date: Thu Jun 13 17:20:25 UTC 2019
Modified Files:
src/sys/dev/pci: ehci_pci.c
src/sys/dev/usb: ehci.c
Log Message:
Random style in ehci, also KM_SLEEP does not fail.
To generate a diff of this commit:
cvs rdiff -u -r1.68 -r1.69
Module Name:src
Committed By: maxv
Date: Thu Jun 13 17:33:34 UTC 2019
Modified Files:
src/sys/dev/pci: ehci_pci.c
Log Message:
Fix the error handling in ehci_pci_attach(): if we got a USB<2 device we
won't call ehci_init(), so don't call ehci_detach() in ehci_pci_detach().
Module Name:src
Committed By: maxv
Date: Thu Jun 13 17:33:34 UTC 2019
Modified Files:
src/sys/dev/pci: ehci_pci.c
Log Message:
Fix the error handling in ehci_pci_attach(): if we got a USB<2 device we
won't call ehci_init(), so don't call ehci_detach() in ehci_pci_detach().
Module Name:src
Committed By: maxv
Date: Sat Jun 15 06:40:34 UTC 2019
Modified Files:
src/sys/arch/amd64/conf: GENERIC
src/sys/arch/evbarm/conf: GENERIC64
src/sys/conf: files
src/sys/kern: subr_asan.c
Log Message:
Add KASAN_PANIC, an option to turn
Module Name:src
Committed By: maxv
Date: Sat Jun 15 06:40:34 UTC 2019
Modified Files:
src/sys/arch/amd64/conf: GENERIC
src/sys/arch/evbarm/conf: GENERIC64
src/sys/conf: files
src/sys/kern: subr_asan.c
Log Message:
Add KASAN_PANIC, an option to turn
Module Name:src
Committed By: maxv
Date: Sun Jun 16 07:42:52 UTC 2019
Modified Files:
src/sys/arch/riscv/conf: Makefile.riscv files.riscv kern.ldscript
src/sys/arch/riscv/include: pmap.h pte.h sysreg.h
src/sys/arch/riscv/riscv: db_machdep.c genassym.cf locor
dation, Inc.
* All rights reserved.
*
* This code is derived from software contributed to The NetBSD Foundation
- * by Matt Thomas of 3am Software Foundry.
+ * by Matt Thomas (of 3am Software Foundry) and Maxime Villard.
*
* Redistribution and use in source and binary forms, with or without
Module Name:src
Committed By: maxv
Date: Sun Jun 16 18:30:31 UTC 2019
Modified Files:
src/sys/dev/nvmm/x86: nvmm_x86_vmx.c
Log Message:
Make sure VMX-outside-SMX is allowed. It may not be if the BIOS decided to
disable VMX. Seen on an HP laptop, where NVMM would panic beca
Module Name:src
Committed By: maxv
Date: Sun Jun 16 18:30:31 UTC 2019
Modified Files:
src/sys/dev/nvmm/x86: nvmm_x86_vmx.c
Log Message:
Make sure VMX-outside-SMX is allowed. It may not be if the BIOS decided to
disable VMX. Seen on an HP laptop, where NVMM would panic beca
Module Name:src
Committed By: maxv
Date: Thu Jun 20 17:33:31 UTC 2019
Modified Files:
src/doc: TODO.kaslr
src/sys/arch/i386/stand/efiboot: boot.c
src/sys/arch/i386/stand/lib: exec.c
src/sys/lib/libsa: loadfile_elf32.c
Log Message:
Add KASLR support
Module Name:src
Committed By: maxv
Date: Thu Jun 20 17:33:31 UTC 2019
Modified Files:
src/doc: TODO.kaslr
src/sys/arch/i386/stand/efiboot: boot.c
src/sys/arch/i386/stand/lib: exec.c
src/sys/lib/libsa: loadfile_elf32.c
Log Message:
Add KASLR support
Module Name:src
Committed By: maxv
Date: Sat Jun 22 06:45:47 UTC 2019
Modified Files:
src/sys/dev/dkwedge: dkwedge_gpt.c
Log Message:
Fix buffer overflow. Triggerable by plugging a specially-crafted USB key
in the machine (the kernel automatically tries to parse its GPT he
Module Name:src
Committed By: maxv
Date: Sat Jun 22 06:45:47 UTC 2019
Modified Files:
src/sys/dev/dkwedge: dkwedge_gpt.c
Log Message:
Fix buffer overflow. Triggerable by plugging a specially-crafted USB key
in the machine (the kernel automatically tries to parse its GPT he
Module Name:src
Committed By: maxv
Date: Sat Jun 22 12:39:40 UTC 2019
Modified Files:
src/usr.sbin/acpitools/acpidump: acpi.c acpidump.8
Log Message:
Dump TPM2.
To generate a diff of this commit:
cvs rdiff -u -r1.45 -r1.46 src/usr.sbin/acpitools/acpidump/acpi.c
cvs rdiff
Module Name:src
Committed By: maxv
Date: Sat Jun 22 12:39:40 UTC 2019
Modified Files:
src/usr.sbin/acpitools/acpidump: acpi.c acpidump.8
Log Message:
Dump TPM2.
To generate a diff of this commit:
cvs rdiff -u -r1.45 -r1.46 src/usr.sbin/acpitools/acpidump/acpi.c
cvs rdiff
0 maxv Exp $ */
-/*-
- * Copyright (c) 2012 The NetBSD Foundation, Inc.
+/*
+ * Copyright (c) 2012, 2019 The NetBSD Foundation, Inc.
* All rights reserved.
*
* This code is derived from software contributed to The NetBSD Foundation
- * by Christos Zoulas.
+ * by Christos Zoulas and Maxi
Module Name:src
Committed By: maxv
Date: Sat Jun 22 12:57:41 UTC 2019
Modified Files:
src/sys/dev/acpi: tpm_acpi.c
src/sys/dev/ic: tpm.c tpmreg.h tpmvar.h
src/sys/dev/isa: tpm_isa.c
Log Message:
Revamp the TPM driver
* Fix several bugs, and clean up.
* D
Module Name:src
Committed By: maxv
Date: Tue Jun 25 16:58:02 UTC 2019
Modified Files:
src/sys/kern: kern_exec.c
Log Message:
Fix buffer overflow. It seems that some people need to go back to the
basics of C programming.
Reported-by: syzbot+8665827f389a9fac5...@syzkaller.a
Module Name:src
Committed By: maxv
Date: Tue Jun 25 16:58:02 UTC 2019
Modified Files:
src/sys/kern: kern_exec.c
Log Message:
Fix buffer overflow. It seems that some people need to go back to the
basics of C programming.
Reported-by: syzbot+8665827f389a9fac5...@syzkaller.a
Le 25/06/2019 à 20:06, Christos Zoulas a écrit :
Module Name:src
Committed By: christos
Date: Tue Jun 25 18:06:29 UTC 2019
Modified Files:
src/sys/kern: kern_exec.c
Log Message:
add a comment explaining what this does.
To generate a diff of this commit:
cvs rdiff -u -r
Module Name:src
Committed By: maxv
Date: Wed Jun 26 20:28:59 UTC 2019
Modified Files:
src/sys/kern: kern_exec.c
Log Message:
Remove useless debugging messages which achieved nothing but hiding bugs.
To generate a diff of this commit:
cvs rdiff -u -r1.473 -r1.474 src/sys/
Module Name:src
Committed By: maxv
Date: Wed Jun 26 20:28:59 UTC 2019
Modified Files:
src/sys/kern: kern_exec.c
Log Message:
Remove useless debugging messages which achieved nothing but hiding bugs.
To generate a diff of this commit:
cvs rdiff -u -r1.473 -r1.474 src/sys/
Le 25/06/2019 à 23:32, Christos Zoulas a écrit :
Module Name:src
Committed By: christos
Date: Tue Jun 25 21:32:58 UTC 2019
Modified Files:
src/sys/kern: kern_exec.c
Log Message:
Fail if getcwd fails. Pointed out by maxv@
To generate a diff of this commit:
cvs rdiff -u
Le 26/06/2019 à 22:33, Christos Zoulas a écrit :
On Jun 26, 10:30pm, m...@m00nbsd.net (Maxime Villard) wrote:
-- Subject: Re: CVS commit: src/sys/kern
| Le 25/06/2019 à 23:32, Christos Zoulas a écrit :
| > Module Name: src
| > Committed By:christos
| > Date:Tue
Le 27/06/2019 à 04:00, Christos Zoulas a écrit :
Module Name:src
Committed By: christos
Date: Thu Jun 27 02:00:31 UTC 2019
Modified Files:
src/sys/arch/amd64/amd64: machdep.c
Log Message:
Although this is correct, I will let maxv commit it. Still waiting.
To generate a
Le 26/06/2019 à 23:21, Christos Zoulas a écrit :
In article <20190626202859.b5ccef...@cvs.netbsd.org>,
Maxime Villard wrote:
-=-=-=-=-=-
Module Name:src
Committed By: maxv
Date: Wed Jun 26 20:28:59 UTC 2019
Modified Files:
src/sys/kern: kern_exec.c
Log M
Le 27/06/2019 à 19:07, Christos Zoulas a écrit :
Module Name:src
Committed By: christos
Date: Thu Jun 27 17:07:51 UTC 2019
Modified Files:
src/sys/kern: kern_exec.c
Log Message:
Return an error if the path was too long. Pointed out by maxv
To generate a diff of this co
Module Name:src
Committed By: maxv
Date: Thu Jun 27 19:56:10 UTC 2019
Modified Files:
src/sys/kern: kern_exec.c
Log Message:
Fix this fucking shit once and for all, for fuck's sake.
To generate a diff of this commit:
cvs rdiff -u -r1.476 -r1.477 src/sys/kern/kern_exec.c
Module Name:src
Committed By: maxv
Date: Thu Jun 27 19:56:10 UTC 2019
Modified Files:
src/sys/kern: kern_exec.c
Log Message:
Fix this fucking shit once and for all, for fuck's sake.
To generate a diff of this commit:
cvs rdiff -u -r1.476 -r1.477 src/sys/kern/kern_exec.c
Le 27/06/2019 à 21:56, Maxime Villard a écrit :
Module Name:src
Committed By: maxv
Date: Thu Jun 27 19:56:10 UTC 2019
Modified Files:
src/sys/kern: kern_exec.c
Log Message:
Fix this fucking shit once and for all, for fuck's sake.
To generate a diff of this commit
Le 27/06/2019 à 20:56, Christos Zoulas a écrit :
On Jun 27, 8:30pm, m...@m00nbsd.net (Maxime Villard) wrote:
-- Subject: Re: CVS commit: src/sys/kern
| Le 27/06/2019 à 19:07, Christos Zoulas a écrit :
| > Module Name: src
| > Committed By:christos
| > Date:Thu
Module Name:src
Committed By: maxv
Date: Sat Jun 29 11:13:23 UTC 2019
Modified Files:
src/sys/kern: subr_pool.c
Log Message:
The big pool allocators use pool_page_alloc(), which allocates page-aligned
storage. So if we switch to a big pool, set PR_NOALIGN, because the addr
Module Name:src
Committed By: maxv
Date: Sat Jun 29 11:13:23 UTC 2019
Modified Files:
src/sys/kern: subr_pool.c
Log Message:
The big pool allocators use pool_page_alloc(), which allocates page-aligned
storage. So if we switch to a big pool, set PR_NOALIGN, because the addr
Module Name:src
Committed By: maxv
Date: Sat Jun 29 11:37:17 UTC 2019
Modified Files:
src/sys/kern: sys_ptrace_common.c
Log Message:
Fix bug, don't release the reflock if we didn't take it in the first place.
Looks like there are other locking issues in here.
Reported-by:
Module Name:src
Committed By: maxv
Date: Sat Jun 29 11:37:17 UTC 2019
Modified Files:
src/sys/kern: sys_ptrace_common.c
Log Message:
Fix bug, don't release the reflock if we didn't take it in the first place.
Looks like there are other locking issues in here.
Reported-by:
Le 29/06/2019 à 02:12, Hisashi T Fujinaka a écrit :
On Thu, 27 Jun 2019, Maxime Villard wrote:
Le 27/06/2019 ? 20:56, Christos Zoulas a ?crit :
On Jun 27, 8:30pm, m...@m00nbsd.net (Maxime Villard) wrote:
-- Subject: Re: CVS commit: src/sys/kern
| Le 27/06/2019 ? 19:07, Christos Zoulas a
Module Name:src
Committed By: maxv
Date: Mon Jul 1 17:15:43 UTC 2019
Modified Files:
src/sys/kern: sys_lwp.c
Log Message:
Restrict the size given to copyoutstr. It is safer to do that; even if
there is no actual bug here, since the buffer is guaranteed to be NUL
terminate
Module Name:src
Committed By: maxv
Date: Mon Jul 1 17:15:43 UTC 2019
Modified Files:
src/sys/kern: sys_lwp.c
Log Message:
Restrict the size given to copyoutstr. It is safer to do that; even if
there is no actual bug here, since the buffer is guaranteed to be NUL
terminate
Module Name:src
Committed By: maxv
Date: Wed Jul 3 17:24:37 UTC 2019
Modified Files:
src/sys/arch/amd64/amd64: cpufunc.S
src/sys/arch/i386/i386: cpufunc.S
src/sys/arch/x86/include: cpufunc.h
Log Message:
Inline x86_cpuid2(), prerequisite for future changes
Module Name:src
Committed By: maxv
Date: Wed Jul 3 17:24:37 UTC 2019
Modified Files:
src/sys/arch/amd64/amd64: cpufunc.S
src/sys/arch/i386/i386: cpufunc.S
src/sys/arch/x86/include: cpufunc.h
Log Message:
Inline x86_cpuid2(), prerequisite for future changes
Module Name:src
Committed By: maxv
Date: Wed Jul 3 17:31:32 UTC 2019
Modified Files:
src/sys/kern: kern_sysctl.c
Log Message:
Invert two conditions, to fix uninitialized memory access. If the node is
an immediate, then the 64 bits of nnode.sysctl_data may not all be
initi
Module Name:src
Committed By: maxv
Date: Wed Jul 3 17:31:32 UTC 2019
Modified Files:
src/sys/kern: kern_sysctl.c
Log Message:
Invert two conditions, to fix uninitialized memory access. If the node is
an immediate, then the 64 bits of nnode.sysctl_data may not all be
initi
Module Name:src
Committed By: maxv
Date: Wed Jul 3 17:40:30 UTC 2019
Modified Files:
src/sys/dev/mii: makphy.c
Log Message:
Check the return value of PHY_READ(). Because, if it fails, 'reg' is not
initialized. On Qemu, this read systematically fails.
Print an error in th
Module Name:src
Committed By: maxv
Date: Wed Jul 3 17:40:30 UTC 2019
Modified Files:
src/sys/dev/mii: makphy.c
Log Message:
Check the return value of PHY_READ(). Because, if it fails, 'reg' is not
initialized. On Qemu, this read systematically fails.
Print an error in th
Module Name:src
Committed By: maxv
Date: Fri Jul 5 17:08:56 UTC 2019
Modified Files:
src/sys/arch/amd64/amd64: cpufunc.S
src/sys/arch/i386/i386: cpufunc.S
src/sys/arch/x86/include: cpufunc.h
src/sys/arch/x86/x86: fpu.c
Log Message:
More inlines, pr
Module Name:src
Committed By: maxv
Date: Fri Jul 5 17:08:56 UTC 2019
Modified Files:
src/sys/arch/amd64/amd64: cpufunc.S
src/sys/arch/i386/i386: cpufunc.S
src/sys/arch/x86/include: cpufunc.h
src/sys/arch/x86/x86: fpu.c
Log Message:
More inlines, pr
Module Name:src
Committed By: maxv
Date: Fri Jul 5 17:14:48 UTC 2019
Modified Files:
src/sys/kern: kern_exec.c
Log Message:
Fix info leak. The padding of 'sigact' is not initialized, it gets copied
in the proc, and can later be obtained by userland.
To generate a diff o
Module Name:src
Committed By: maxv
Date: Fri Jul 5 17:14:48 UTC 2019
Modified Files:
src/sys/kern: kern_exec.c
Log Message:
Fix info leak. The padding of 'sigact' is not initialized, it gets copied
in the proc, and can later be obtained by userland.
To generate a diff o
Module Name:src
Committed By: maxv
Date: Sat Jul 6 05:05:53 UTC 2019
Modified Files:
src/sys/dev/usb: usb_subr.c
Log Message:
Fix two length checks, otherwise a malicious USB key plugged in the
system could trigger overflows, seen with KASAN.
To generate a diff of this
Module Name:src
Committed By: maxv
Date: Sat Jul 6 05:05:53 UTC 2019
Modified Files:
src/sys/dev/usb: usb_subr.c
Log Message:
Fix two length checks, otherwise a malicious USB key plugged in the
system could trigger overflows, seen with KASAN.
To generate a diff of this
Module Name:src
Committed By: maxv
Date: Sat Jul 6 05:13:11 UTC 2019
Modified Files:
src/sys/dev/nvmm: nvmm.c nvmm_internal.h
Log Message:
Localify two functions that are no longer used outside. Also return the
error from the *_vcpu_run() functions, now that we commit the
Module Name:src
Committed By: maxv
Date: Sat Jul 6 05:13:11 UTC 2019
Modified Files:
src/sys/dev/nvmm: nvmm.c nvmm_internal.h
Log Message:
Localify two functions that are no longer used outside. Also return the
error from the *_vcpu_run() functions, now that we commit the
Module Name:src
Committed By: maxv
Date: Sat Jul 6 05:41:23 UTC 2019
Modified Files:
src/sys/dev/dkwedge: dkwedge_apple.c
Log Message:
Add a condition in the loop. Otherwise there could be an infinite loop,
and we could also be wrongfully adding more wedges than necessary
Module Name:src
Committed By: maxv
Date: Sat Jul 6 05:41:23 UTC 2019
Modified Files:
src/sys/dev/dkwedge: dkwedge_apple.c
Log Message:
Add a condition in the loop. Otherwise there could be an infinite loop,
and we could also be wrongfully adding more wedges than necessary
Module Name:src
Committed By: maxv
Date: Sat Jul 6 08:00:19 UTC 2019
Modified Files:
src/sys/dev/usb: usb_subr.c
Log Message:
Revert previous, for now.
To generate a diff of this commit:
cvs rdiff -u -r1.231 -r1.232 src/sys/dev/usb/usb_subr.c
Please note that diffs are
Module Name:src
Committed By: maxv
Date: Sat Jul 6 08:00:19 UTC 2019
Modified Files:
src/sys/dev/usb: usb_subr.c
Log Message:
Revert previous, for now.
To generate a diff of this commit:
cvs rdiff -u -r1.231 -r1.232 src/sys/dev/usb/usb_subr.c
Please note that diffs are
Mmh no I see, the min descriptor length check we should add is 3 bytes, and my
check should be moved below in the idesc branch. I'll re-fix that next week.
Le 06/07/2019 à 10:04, Maxime Villard a écrit :
Can you add printfs in these two functions to dump 'bLength'?
I've
Module Name:src
Committed By: maxv
Date: Sat Jul 6 14:27:39 UTC 2019
Modified Files:
src/sys/kern: vfs_lookup.c
Log Message:
Fix (harmless) uninitialized variable. In the path
namei_tryemulroot -> namei_oneroot-> namei_start
There was a branch where 'ndp->ni_ero
Module Name:src
Committed By: maxv
Date: Sat Jul 6 14:27:39 UTC 2019
Modified Files:
src/sys/kern: vfs_lookup.c
Log Message:
Fix (harmless) uninitialized variable. In the path
namei_tryemulroot -> namei_oneroot-> namei_start
There was a branch where 'ndp->ni_ero
Module Name:src
Committed By: maxv
Date: Sat Jul 6 14:37:24 UTC 2019
Modified Files:
src/sys/kern: vfs_syscalls.c
Log Message:
Fix bug: if seg == UIO_SYSSPACE, tv[] is not initialized. The branches
should depend on tptr[] instead.
To generate a diff of this commit:
cvs
Module Name:src
Committed By: maxv
Date: Sat Jul 6 14:37:24 UTC 2019
Modified Files:
src/sys/kern: vfs_syscalls.c
Log Message:
Fix bug: if seg == UIO_SYSSPACE, tv[] is not initialized. The branches
should depend on tptr[] instead.
To generate a diff of this commit:
cvs
em, disabling port 1
Thomas
On Sat, Jul 06, 2019 at 05:05:54AM +, Maxime Villard wrote:
Module Name:src
Committed By: maxv
Date: Sat Jul 6 05:05:53 UTC 2019
Modified Files:
src/sys/dev/usb: usb_subr.c
Log Message:
Fix two length checks, otherwise a malicious USB k
Module Name:src
Committed By: maxv
Date: Sun Jul 7 15:12:59 UTC 2019
Modified Files:
src/sys/kern: kern_todr.c
Log Message:
The whole 'tv' structure gets added to the RND pool, so clear it first,
otherwise each random buffer gets tainted by uninitialized bytes from the
pa
Module Name:src
Committed By: maxv
Date: Sun Jul 7 15:12:59 UTC 2019
Modified Files:
src/sys/kern: kern_todr.c
Log Message:
The whole 'tv' structure gets added to the RND pool, so clear it first,
otherwise each random buffer gets tainted by uninitialized bytes from the
pa
Module Name:src
Committed By: maxv
Date: Tue Jul 9 16:56:24 UTC 2019
Modified Files:
src/sys/netipsec: ipsec.c
Log Message:
Fix uninitialized variable: in ipsec_checkpcbcache(), spidx.dir is not
initialized, and the padding of the spidx structure is not initialized
either
Module Name:src
Committed By: maxv
Date: Tue Jul 9 16:56:24 UTC 2019
Modified Files:
src/sys/netipsec: ipsec.c
Log Message:
Fix uninitialized variable: in ipsec_checkpcbcache(), spidx.dir is not
initialized, and the padding of the spidx structure is not initialized
either
Module Name:src
Committed By: maxv
Date: Tue Jul 9 17:06:46 UTC 2019
Modified Files:
src/sys/dev/dkwedge: dkwedge_apple.c dkwedge_bsdlabel.c dkwedge_gpt.c
dkwedge_mbr.c dkwedge_rdb.c
Log Message:
Fix info leak: always clear 'dkw', because some of its (otherwis
Module Name:src
Committed By: maxv
Date: Tue Jul 9 17:06:46 UTC 2019
Modified Files:
src/sys/dev/dkwedge: dkwedge_apple.c dkwedge_bsdlabel.c dkwedge_gpt.c
dkwedge_mbr.c dkwedge_rdb.c
Log Message:
Fix info leak: always clear 'dkw', because some of its (otherwis
Module Name:src
Committed By: maxv
Date: Wed Jul 10 17:32:38 UTC 2019
Modified Files:
src/sys/kern: subr_cprng.c
Log Message:
Zero out 'cprng->cs_name' entirely. Otherwise the RND pool gets polluted
by uninitialized bits from the end of the string.
To generate a diff of
Module Name:src
Committed By: maxv
Date: Wed Jul 10 17:32:38 UTC 2019
Modified Files:
src/sys/kern: subr_cprng.c
Log Message:
Zero out 'cprng->cs_name' entirely. Otherwise the RND pool gets polluted
by uninitialized bits from the end of the string.
To generate a diff of
Module Name:src
Committed By: maxv
Date: Wed Jul 10 17:52:22 UTC 2019
Modified Files:
src/sys/kern: sys_lwp.c
Log Message:
Fix info leak: instead of using SS_INIT as a literal compound, use a global
variable from rodata. The compound gets pushed on the stack, the padding
o
Module Name:src
Committed By: maxv
Date: Wed Jul 10 17:52:22 UTC 2019
Modified Files:
src/sys/kern: sys_lwp.c
Log Message:
Fix info leak: instead of using SS_INIT as a literal compound, use a global
variable from rodata. The compound gets pushed on the stack, the padding
o
Module Name:src
Committed By: maxv
Date: Wed Jul 10 17:55:33 UTC 2019
Modified Files:
src/sys/net: bpf.c
Log Message:
Fix info leak: use kmem_zalloc, because we align the buffers, and the
otherwise uninitialized padding bytes get copied to userland in bpf_read().
To gene
Module Name:src
Committed By: maxv
Date: Wed Jul 10 17:55:33 UTC 2019
Modified Files:
src/sys/net: bpf.c
Log Message:
Fix info leak: use kmem_zalloc, because we align the buffers, and the
otherwise uninitialized padding bytes get copied to userland in bpf_read().
To gene
Module Name:src
Committed By: maxv
Date: Thu Jul 11 16:59:14 UTC 2019
Modified Files:
src/sys/miscfs/genfs: genfs_io.c
Log Message:
Fix (harmless) uninitialized variable: 'pg' could be 'endm', in which case
'pg->uobject' would not be initialized. Just invert the two last c
Module Name:src
Committed By: maxv
Date: Thu Jul 11 16:59:14 UTC 2019
Modified Files:
src/sys/miscfs/genfs: genfs_io.c
Log Message:
Fix (harmless) uninitialized variable: 'pg' could be 'endm', in which case
'pg->uobject' would not be initialized. Just invert the two last c
701 - 800 of 812 matches
Mail list logo