udp6 fix for possible memory corruption
Hi,
From NetBSD:
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/udp6_output.c?rev=1.41content-type=text/x-cvsweb-markuponly_with_tag=MAIN
Under some circumstances, udp6_output() would call ip6_clearpktopts()
with an uninitialized struct ip6_pktopts on the stack, opt.
ip6_clearpktopts(opt, ...) could dereference dangling pointers,
leading to memory corruption or a crash. Now, udp6_output() calls
ip6_clearpktopts(opt, ...) only if opt was initialized. Thanks to
Clement LECIGNE for reporting this bug.
I checked openbsd source code and it seems that the issue is present
as well.
Tentative diff:
Index: udp6_output.c
===
RCS file: /cvs/src/sys/netinet6/udp6_output.c,v
retrieving revision 1.19
diff -u -p -r1.19 udp6_output.c
--- udp6_output.c 28 Mar 2013 16:45:16 - 1.19
+++ udp6_output.c 23 Aug 2013 19:30:36 -
@@ -119,7 +119,8 @@ udp6_output(struct in6pcb *in6p, struct
struct in6_addr *laddr, *faddr;
u_short fport;
int error = 0;
- struct ip6_pktopts *optp, opt;
+ struct ip6_pktopts *optp = NULL;
+ struct ip6_pktopts opt;
int priv;
int af, hlen;
int flags;
@@ -284,7 +285,8 @@ release:
releaseopt:
if (control) {
- ip6_clearpktopts(opt, -1);
+ if (optp == opt)
+ ip6_clearpktopts(opt, -1);
m_freem(control);
}
return (error);
bge: call if_link_state_change when state is actually different
hi,
bge(4) is the last driver in the tree that is willing to call
if_link_state_change whenever, while others do so only when
the link state does change.
there should be no real change in functionality. ok?
diff --git sys/dev/pci/if_bge.c sys/dev/pci/if_bge.c
index 5cd56e2..233ccab 100644
--- sys/dev/pci/if_bge.c
+++ sys/dev/pci/if_bge.c
@@ -4512,22 +4512,27 @@ bge_link_upd(struct bge_softc *sc)
if (BGE_ASICREV(sc-bge_chipid) ==
BGE_ASICREV_BCM5704)
BGE_CLRBIT(sc, BGE_MAC_MODE,
BGE_MACMODE_TBI_SEND_CFGS);
CSR_WRITE_4(sc, BGE_MAC_STS, 0x);
status = CSR_READ_4(sc, BGE_MAC_MODE);
- ifp-if_link_state =
- (status BGE_MACMODE_HALF_DUPLEX) ?
+ link = (status BGE_MACMODE_HALF_DUPLEX) ?
LINK_STATE_HALF_DUPLEX :
LINK_STATE_FULL_DUPLEX;
- if_link_state_change(ifp);
ifp-if_baudrate = IF_Gbps(1);
+ if (ifp-if_link_state != link) {
+ ifp-if_link_state = link;
+ if_link_state_change(ifp);
+ }
}
} else if (BGE_STS_BIT(sc, BGE_STS_LINK)) {
BGE_STS_CLRBIT(sc, BGE_STS_LINK);
- ifp-if_link_state = LINK_STATE_DOWN;
- if_link_state_change(ifp);
+ link = LINK_STATE_DOWN;
ifp-if_baudrate = 0;
+ if (ifp-if_link_state != link) {
+ ifp-if_link_state = link;
+ if_link_state_change(ifp);
+ }
}
} else if (BGE_STS_BIT(sc, BGE_STS_AUTOPOLL)) {
/*
* Some broken BCM chips have BGE_STATFLAG_LINKSTATE_CHANGED bit
* in status word always set. Workaround this bug by reading
Re: Small binutils tweak
On Sun, Apr 21, 2013 at 10:42:09AM -0400, Brian Callahan wrote: On 04/21/13 03:21, Jonathan Gray wrote: On Sat, Mar 02, 2013 at 10:36:50AM -0500, Brian Callahan wrote: Hi tech -- While doing some ports testing with clang, I came across the binutils bug mentioned here: http://lists.gnu.org/archive/html/bug-binutils/2004-07/msg0.html Below is a backport of the commit mentioned later in the thread. It fixes the issue. I was able to rebuild working kernels and do a full 'make build' on amd64, loongson, and macppc with this patch. But since it affects all archs, testing on the archs I don't have access to will be needed. OK? This patch does not apply, it seems your mail client is wrapping lines. Below. Also attached as a tarball, in case Thunderbird really just hates me. miod told me about a month and a half ago to focus on moving to binutils-2.17 and not backport things to 2.15 so I never bothered to ping this. Bringing this back , since i'm facing issues with mozilla / icu linking with ld/building with clang. In my limited testing, instead of the big patch you were referring to, just using elflink.c r1.76 was enough to fix my issue. See https://bugzilla.mozilla.org/show_bug.cgi?id=908080 for the whole story, and http://www.sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/elflink.c.diff?cvsroot=srcr1=1.75r2=1.76 for the much smaller fix. Whatever was the reason for backing this out (iirc, xenocara blowed on ppc), this needs to be reconsidered, since we're not going to move to binutils 2.17 right now. Landry
OpenBSD on a Nokia IP380
I've been trying to get a more modern OS to run on an ancient Nokia firewall by loading an OS on the drive in a Dell D610 and moving the drive to the IP380. So far, I've had little success. I can get FreeBSD 8.1 to work if I disable USB support. That's the only OS I've been able to get to boot somewhat normally and I'm able to login with it. All of the NIC cards have all FFs for the MAC address though. SO, I decided to try OpenBSD 5.3 RELEASE and I've been unable to get it to boot. Below is the output. I tried disabling ACPI in a similar fashion to FreeBSD and found that didn't work. I guess removing ACPI and USB from a pre-built kernel is the next step. Other than giving up and tossing the ancient firewall on the recycle pile, does anyone have any ideas on how to get OpenBSD to work on the IP380? Or what's causing it to crash? Stan +--+ | System BIOS Configuration, (C) 2000 General Software, Inc. | +---+--+ | System CPU : Pentium III| Low Memory : 637KB | | Coprocessor : Enabled| Extended Memory : 1023MB | | Floppy 0 Type: Not installed | Serial Ports 1-2 : 03F8 02F8 | | Floppy 1 Type: Not installed | Serial Ports 3-4 : | | Ide 0 Type : 3 | Parallel Ports : | | Ide 1 Type : 0 | ROM Shadowing: Enabled | | Embedded BIOS Date : 04/30/04 | Manufacturing Mode : Disabled | +---+--+ Using drive 0, partition 3. Loading. probing: pc0 com0 com1 pci mem[637K 1023M 1023M a20=on] disk: hd0+ OpenBSD/i386 BOOT 3.21 switching console to com0 OpenBSD/i386 BOOT 3.21 boot: illegal argument acpi boot boot booting hd0a:/bsd: 8404228+1102404 [52+381152+367486]=0x9c7d50 entry point at 0x200120 WARNING: CAN'T ALLOCATE RAM (10-4000) FROM IOMEM EXTENT MAP! [ using 749064 bytes of bsd ELF symbol table ] Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2013 OpenBSD. All rights reserved. http://www.OpenBSD.org kernel: page fault trap, code=0 Stopped at pmap_alloc_pvpage+0x2d: movl%ecx,0(%eax) pmap_alloc_pvpage(d0a7f580,0,6d54000,0,0) at pmap_alloc_pvpage+0x2d pmap_enter(d0a7f580,d6d54000,3ffdb000,7,13) at pmap_enter+0x340 uvm_km_alloc1(d0a2dd40,1,0,1,2) at uvm_km_alloc1+0xd2 kmeminit(d2d53000,ffc0,bebc9f28,bca000,bc8000) at kmeminit+0x95 uvm_init(d08d6b00,d08d8f40,c0,d0bc9f4c,3) at uvm_init+0x51 main(d02004f6,d02004fe,0,0,0) at main+0x53 ddb trace pmap_alloc_pvpage(d0a7f580,0,6d54000,0,0) at pmap_alloc_pvpage+0x2d pmap_enter(d0a7f580,d6d54000,3ffdb000,7,13) at pmap_enter+0x340 uvm_km_alloc1(d0a2dd40,1,0,1,2) at uvm_km_alloc1+0xd2 kmeminit(d2d53000,ffc0,bebc9f28,bca000,bc8000) at kmeminit+0x95 uvm_init(d08d6b00,d08d8f40,c0,d0bc9f4c,3) at uvm_init+0x51 main(d02004f6,d02004fe,0,0,0) at main+0x53
Re: OpenBSD on a Nokia IP380
Having worked for Check Point/Nokia. They wine to great lengths to only make that hardware work with their Free based OS. I wish you luck but realistically it's not likely. OpenBSD works just fine on the newer Check Point boxes. They're far less locked down. On Aug 23, 2013, at 17:30, s_gamm...@charter.net wrote: I've been trying to get a more modern OS to run on an ancient Nokia firewall by loading an OS on the drive in a Dell D610 and moving the drive to the IP380. So far, I've had little success. I can get FreeBSD 8.1 to work if I disable USB support. That's the only OS I've been able to get to boot somewhat normally and I'm able to login with it. All of the NIC cards have all FFs for the MAC address though. SO, I decided to try OpenBSD 5.3 RELEASE and I've been unable to get it to boot. Below is the output. I tried disabling ACPI in a similar fashion to FreeBSD and found that didn't work. I guess removing ACPI and USB from a pre-built kernel is the next step. Other than giving up and tossing the ancient firewall on the recycle pile, does anyone have any ideas on how to get OpenBSD to work on the IP380? Or what's causing it to crash? Stan +--+ | System BIOS Configuration, (C) 2000 General Software, Inc. | +---+--+ | System CPU : Pentium III| Low Memory : 637KB | | Coprocessor : Enabled| Extended Memory : 1023MB | | Floppy 0 Type: Not installed | Serial Ports 1-2 : 03F8 02F8 | | Floppy 1 Type: Not installed | Serial Ports 3-4 : | | Ide 0 Type : 3 | Parallel Ports : | | Ide 1 Type : 0 | ROM Shadowing: Enabled | | Embedded BIOS Date : 04/30/04 | Manufacturing Mode : Disabled | +---+--+ Using drive 0, partition 3. Loading. probing: pc0 com0 com1 pci mem[637K 1023M 1023M a20=on] disk: hd0+ OpenBSD/i386 BOOT 3.21 switching console to com0 OpenBSD/i386 BOOT 3.21 boot: illegal argument acpi boot boot booting hd0a:/bsd: 8404228+1102404 [52+381152+367486]=0x9c7d50 entry point at 0x200120 WARNING: CAN'T ALLOCATE RAM (10-4000) FROM IOMEM EXTENT MAP! [ using 749064 bytes of bsd ELF symbol table ] Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2013 OpenBSD. All rights reserved. http://www.OpenBSD.org kernel: page fault trap, code=0 Stopped at pmap_alloc_pvpage+0x2d: movl%ecx,0(%eax) pmap_alloc_pvpage(d0a7f580,0,6d54000,0,0) at pmap_alloc_pvpage+0x2d pmap_enter(d0a7f580,d6d54000,3ffdb000,7,13) at pmap_enter+0x340 uvm_km_alloc1(d0a2dd40,1,0,1,2) at uvm_km_alloc1+0xd2 kmeminit(d2d53000,ffc0,bebc9f28,bca000,bc8000) at kmeminit+0x95 uvm_init(d08d6b00,d08d8f40,c0,d0bc9f4c,3) at uvm_init+0x51 main(d02004f6,d02004fe,0,0,0) at main+0x53 ddb trace pmap_alloc_pvpage(d0a7f580,0,6d54000,0,0) at pmap_alloc_pvpage+0x2d pmap_enter(d0a7f580,d6d54000,3ffdb000,7,13) at pmap_enter+0x340 uvm_km_alloc1(d0a2dd40,1,0,1,2) at uvm_km_alloc1+0xd2 kmeminit(d2d53000,ffc0,bebc9f28,bca000,bc8000) at kmeminit+0x95 uvm_init(d08d6b00,d08d8f40,c0,d0bc9f4c,3) at uvm_init+0x51 main(d02004f6,d02004fe,0,0,0) at main+0x53
Re: OpenBSD on a Nokia IP380
On Fri, Aug 23, 2013 at 6:04 PM, Ray Percival wrote: Having worked for Check Point/Nokia. They wine to great lengths to only make that hardware work with their Free based OS. I wish you luck but realistically it's not likely. OpenBSD works just fine on the newer Check Point boxes. They're far less locked down. Hi Ray, I was afraid of that. I've yet to figure out why FreeBSD 8.1 will somewhat work but nothing newer works. Anything newer crashes. I've had limited success with Fedora 19 too. It just takes forever to build a custom Linux kernel on the machine I'm building it on. Building a BSD kernel takes about 30 minutes on that machine. Perhaps you have the answer to something I suspect is the case. I'm guessing the MAC address on the system board is the starting MAC address and the MAC addresses for the NICs are assigned during boot based on the starting address? Thanks for the reply. Stan
Re: OpenBSD on a Nokia IP380
On Fri, Aug 23, 2013 at 06:30:25PM -0400, s_gamm...@charter.net wrote: I've been trying to get a more modern OS to run on an ancient Nokia firewall by loading an OS on the drive in a Dell D610 and moving the drive to the IP380. So far, I've had little success. I can get FreeBSD 8.1 to work if I disable USB support. That's the only OS I've been able to get to boot somewhat normally and I'm able to login with it. All of the NIC cards have all FFs for the MAC address though. SO, I decided to try OpenBSD 5.3 RELEASE and I've been unable to get it to boot. Below is the output. I tried disabling ACPI in a similar fashion to FreeBSD and found that didn't work. I guess removing ACPI and USB from a pre-built kernel is the next step. Other than giving up and tossing the ancient firewall on the recycle pile, does anyone have any ideas on how to get OpenBSD to work on the IP380? Or what's causing it to crash? Stan At the boot prompt, what does mach mem show? -ml +--+ | System BIOS Configuration, (C) 2000 General Software, Inc. | +---+--+ | System CPU : Pentium III| Low Memory : 637KB | | Coprocessor : Enabled| Extended Memory : 1023MB | | Floppy 0 Type: Not installed | Serial Ports 1-2 : 03F8 02F8 | | Floppy 1 Type: Not installed | Serial Ports 3-4 : | | Ide 0 Type : 3 | Parallel Ports : | | Ide 1 Type : 0 | ROM Shadowing: Enabled | | Embedded BIOS Date : 04/30/04 | Manufacturing Mode : Disabled | +---+--+ Using drive 0, partition 3. Loading. probing: pc0 com0 com1 pci mem[637K 1023M 1023M a20=on] disk: hd0+ OpenBSD/i386 BOOT 3.21 switching console to com0 OpenBSD/i386 BOOT 3.21 boot: illegal argument acpi boot boot booting hd0a:/bsd: 8404228+1102404 [52+381152+367486]=0x9c7d50 entry point at 0x200120 WARNING: CAN'T ALLOCATE RAM (10-4000) FROM IOMEM EXTENT MAP! [ using 749064 bytes of bsd ELF symbol table ] Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2013 OpenBSD. All rights reserved. http://www.OpenBSD.org kernel: page fault trap, code=0 Stopped at pmap_alloc_pvpage+0x2d: movl%ecx,0(%eax) pmap_alloc_pvpage(d0a7f580,0,6d54000,0,0) at pmap_alloc_pvpage+0x2d pmap_enter(d0a7f580,d6d54000,3ffdb000,7,13) at pmap_enter+0x340 uvm_km_alloc1(d0a2dd40,1,0,1,2) at uvm_km_alloc1+0xd2 kmeminit(d2d53000,ffc0,bebc9f28,bca000,bc8000) at kmeminit+0x95 uvm_init(d08d6b00,d08d8f40,c0,d0bc9f4c,3) at uvm_init+0x51 main(d02004f6,d02004fe,0,0,0) at main+0x53 ddb trace pmap_alloc_pvpage(d0a7f580,0,6d54000,0,0) at pmap_alloc_pvpage+0x2d pmap_enter(d0a7f580,d6d54000,3ffdb000,7,13) at pmap_enter+0x340 uvm_km_alloc1(d0a2dd40,1,0,1,2) at uvm_km_alloc1+0xd2 kmeminit(d2d53000,ffc0,bebc9f28,bca000,bc8000) at kmeminit+0x95 uvm_init(d08d6b00,d08d8f40,c0,d0bc9f4c,3) at uvm_init+0x51 main(d02004f6,d02004fe,0,0,0) at main+0x53
