In case of AF_LINK, which the kernel still returns for an RTAX_GATEWAY
as an empty sockaddr_dl in the classic tun<n> case:
copying the address into the message payload, but not the RTA_GATEWAY
flag results in rt_xaddrs() in the kernel tripping over that and parsing
the next attribute set with a flag, i.e. RTA_NETMASK, with the gateway
address, resulting in bogus route entry.
For reasons of stack alignment, it does not appear that this is exploitable
on any systems FreeBSD runs on, so this will not be getting a security
advisory.
Prevent atkbd(4) interrupt handler from calling keyboard callback function
when polled mode is enabled. This should help with duplicated/missing
characters problem at mountroot, geli, etc. prompts on multi CPU systems
while kbdmux(4) is enabled.
marius [Fri, 17 Apr 2009 23:22:06 +0000 (23:22 +0000)]
MFC: r191076
- Remove the second license as I'm also fine with the first one.
- Remove redundant softc members for RIDs.
- Change some softc members to be unsigned where more appropriate.
- Add some missing const.
- Remove support for mmap(2)'ing VGA I/O as it was broken [1] and
not required by X.Org anyway.
- Fix some confusion between bus, physical and virtual addresses
which mostly consisted in using members of struct video_adapter
inappropriately but wasn't fatal except for the regular framebuffer
mmap(2)'ing.
- Remove redundant bzero(9)'ing of the softc.
- Don't map the framebuffer twice in case the firmware has already
mapped it as besides wasting resources this isn't possible with
all MMUs. This is a bit tricky as a) just because the firmware
provides a property with a virtual address doesn't mean it's
actually mapped (but typically is when the framebuffer is the
console) and b) the firmware doesn't necessarily map it with
the same byteorder as we do. This makes machfb(4) work on machines
with cheetah-class MMUs (including X.Org).
Reported by: Michael Plass [1]
Approved by: re (kib)
Merge r190708 from HEAD to releng/7.2:
Fix KBI breakage by r190520 which affects older linux.ko binaries:
1) Move the new field (brand_note) to the end of the Brandinfo structure.
2) Add a new flag BI_BRAND_NOTE that indicates that the brand_note pointer
is valid.
3) Use the brand_note field if the flag BI_BRAND_NOTE is set and as old
modules won't have the flag set, so the new field brand_note would be
ignored.
MFC r175055
Defer setting either PG_CACHED or PG_FREE until after the free page
queues lock is acquired. Otherwise, the state of a reservation's
pages' flags and its population count can be inconsistent. That could
result in a page being freed twice.
(This change should have been included in the MFC of the superpages
support.)