Fix a use after free panic in ipfilter's fragment processing.
Memory is malloc'd, then a search for a match in the fragment table
is made and if the fragment matches, the wrong fragment table is
freed, causing a use after free panic. This commit fixes this.
A symptom of the problem is a kernel page fault in bcopy() called by
ipf_frag_lookup() at line 715 in ip_frag.c. Another symptom is a
kernel page fault in ipf_frag_delete() when called by ipf_frag_expire()
via ipf_slowtimer().
r308569:
Always call PHYS_TO_VM_PAGE() in is_managed(). Fast road for addresses
under first_page cannot be taken as this variable is connected only to
vm_page_array segment. There could be more segments in system like the ones
for various fictitious page ranges. These can be situated under
vm_page_array segment and so, they could be skipped before this fix.
However, as far as I know, there is no report associated with it.
r308570:
The return type of is_managed() was changed from boolean_t to bool type in
r308569. Now, propagate this change further for consistency sake.
andrew [Wed, 19 Apr 2017 15:59:16 +0000 (15:59 +0000)]
MFC 313772:
Load the new sp_el0 with interrupts disabled in fork_trampoline. If an
interrupt arrives in fork_trampoline after sp_el0 was written we may then
switch to a new thread, enter userland so change this stack pointer, then
return to this code with the wrong value. This fixes this case by moving
the load of sp_el0 until after interrupts have been disabled.
andrew [Wed, 19 Apr 2017 15:46:34 +0000 (15:46 +0000)]
MFC 305355:
Explicitly include all .rodata.* sections in the kernel .rodata. This
helps link the kernel with lld as it will then put all these into a single
.rodata section.
MFC r303442, r305343: remove CONSTRUCTORS from linker scripts
r303442: remove CONSTRUCTORS from kernel linker scripts
r305343: remove CONSTRUCTORS from MIPS uboot linker script
The linker script CONSTRUCTORS keyword is only meaningful "when linking
object file formats which do not support arbitrary sections, such as
ECOFF and XCOFF"[1] and is ignored for other object file formats.
LLVM's lld does not yet accept (and ignore) CONSTRUCTORS, so just remove
CONSTRUCTORS from the linker script as it has no effect.
andrew [Wed, 19 Apr 2017 14:07:35 +0000 (14:07 +0000)]
Fix the arm64 userland building with lld:
MFC 308124:
On arm64 build the efi loader with -fPIC. Without this clang 3.9 will
generate relocation in the self relocation code.
MFC 316608:
Add -fPIC to the standalone build flags on arm64. This is needed as
loader.efi is position independend, however we were not building it as
such causing a build failure when building with lld.
MFC 315452:
Mark the EFI PE header as allocated. While ld.bfd doesn't seem to care
about not having this flag ld.lld fails to link without it.
MFC r316720
Fix defects reported by Coverity
1. Deadcode in ecore_init_cache_line_size(), qlnx_ioctl() and
qlnx_clean_filters()
2. ARRAY_VS_SINGLETON issue in qlnx_remove_all_mcast_mac() and
qlnx_update_rx_prod()
MFC r316310
Update man page for commit r316309 "Add support for optional Soft LRO".
The driver provides the ability to select either HW or Software LRO, when
LRO is enabled (default HW LRO).
MFC r316716:
Inherit IPv6 checksum offloading flags to vlan interfaces.
if_vlan(4) interfaces inherit IPv4 checksum offloading flags from the
parent when VLAN_HWCSUM and VLAN_HWTAGGING flags are present on the
parent interface. Do the same for IPv6 checksum offloading flags.
r315458:
Constrain IPv6 routes to single FIBs when net.add_addr_allfibs=0
sys/netinet6/icmp6.c
Use the interface's FIB for source address selection in ICMPv6 error
responses.
sys/netinet6/in6.c
In in6_newaddrmsg, announce arrival of local addresses on the
interface's FIB only. In in6_lltable_rtcheck, use a per-fib ND6
cache instead of a single cache.
sys/netinet6/in6_src.c
In in6_selectsrc, use the caller's fib instead of the default fib.
In in6_selectsrc_socket, remove a superfluous check.
sys/netinet6/nd6.c
In nd6_lle_event, use the interface's fib for routing socket
messages. In nd6_is_new_addr_neighbor, check all FIBs when trying
to determine whether an address is a neighbor. Also, simplify the
code for point to point interfaces.
sys/netinet6/nd6.h
sys/netinet6/nd6.c
sys/netinet6/nd6_rtr.c
Make defrouter_select fib-aware, and make all of its callers pass in
the interface fib.
sys/netinet6/nd6_nbr.c
When inputting a Neighbor Solicitation packet, consider the
interface fib instead of the default fib for DAD. Output NS and
Neighbor Advertisement packets on the correct fib.
sys/netinet6/nd6_rtr.c
Allow installing the same host route on different interfaces in
different FIBs. If rt_add_addr_allfibs=0, only install or delete
the prefix route on the interface fib.
tests/sys/netinet/fibs_test.sh
Clear some expected failures, but add a skip for the newly revealed
BUG217871.
r315656:
Fix back-to-back runs of sys/netinet/fibs_test;slaac_on_nondefault_fib6
This test was failing if run twice because rtadvd takes too long to die.
The rtadvd process from the first run was still running when the
second run created its interfaces. The solution is to use SIGKILL during
the cleanup instead of SIGTERM so rtadvd will die faster.
While I'm here, randomize the addresses used for the test, which makes bugs
like this easier to spot, and fix the cleanup order to be the opposite of
the setup order
The module is designed for modification of a packets of any protocols.
For now it implements only TCP MSS modification. It adds the external
action handler for "tcp-setmss" action.
A rule with tcp-setmss action does additional check for protocol and
TCP flags. If SYN flag is present, it parses TCP options and modifies
MSS option if its value is greater than configured value in the rule.
Then it adjustes TCP checksum if needed. After handling the search
continues with the next rule.
This opcode can be used to attach some data to external action opcode.
And unlike to O_EXTERNAL_INSTANCE opcode, this opcode does not require
creating of named instance to pass configuration arguments to external
action handler. The data is coming just next to O_EXTERNAL_ACTION opcode.
The userlevel part currenly supports formatting for opcode with ipfw_insn
size, by default it expects u16 numeric value in the arg1.
Fixes for NVIDIA Tegra124 clocks:
- EMC clock have standard peripheral clock block. Use it. - Implement full
frequency set method for PLLD2. This PLL
is used as HDMI pixel clock so we must be able to set it to wide range of
frequencies, within 5% tolerance allowed by HDMI specification. Due to
this, full state space search (over m, n, p fields) is necessary.
r308286:
TEGRA: Add basic driver for memory controller. For now, it only reports
memory and SMMU access errors.
r308287:
TEGRA: Fix numerous issues in clock code. Define and export clocks related
to XUSB driver.
r310593:
Fix late monitor hotplug event. If system starts without attached monitor,
DRM create framebuffer for VT console. Later, when monitor is attached, the
hotplug event must issue full modeset procedure to setup CRTC. In original
code, this was done in drm_fb_helper_set_par(), but we don't have this
function implemented yet. Use unrolled version of drm_fb_helper_set_par()
to ensure same functionality.
r310599:
Import drm_patform.c, an implementation of non-PCI based attachment for
graphics drivers. It will be used in upcoming driver for Nvidia Tegra
boards.
r309532:
Add IDs for HDA codecs found on Nvidia Tegra SoCs.
r310674:
Limit number of stripes supported by HDA codec to maximum number announced
by HDA controller. Incorrectly implermented HDA codec may report support
for more stripes that HDA controller already have. Due to this, always
limit number of enabled stripes by global controller maximum.
r308612:
Allow DRM2 code to be built on platforms without AGP. This patch is taken
from original drm-3.8 code.
r308614:
Allow embeding DRM2 code into kernel. It's usefull for development (for
netboot) and it also helps to boot FreeBSD on some embeded platforms (where
we must boot kernel directly, without standard boot loader).
ARM: Disconnect elf_trampoline.c from ARMv6 build. The trampoline code never
functioned properly for Cortex CPUs, and its functionality is already
provided by ubldr.
r306442:
TEGRA: Add support for MULTIDELAY option.
r306444:
TEGRA: Don't include files already included by system or arch configs.
r306445:
TEGRA: Return back kern_clocksource.c into tegra config file. It was
removed in r306444 by mistake.
r306550:
TEGRA: Extend timeout for PLLs lock to 5 ms. Real lock time for PLLA has
been very near to old limit.
r315900:
Cleanup structures related to VFP and/or mcontext_t. - in mcontext_t,
rename newer used 'union __vfp' to equaly sized 'mc_spare'.
Space allocated by 'union __vfp' is too small and cannot hold full VFP
context.
- move structures defined in fp.h to more appropriate headers. - remove
all unused VFP structures.
r315973:
Save VFP state on fork(). Update the copy of VFP state in PCB before it is
cloned for new process.
r315974:
Preserve VFP state across signal delivery.
r303261:
Add more UEFI/e820 memory types from latest specifications.
r315059:
Split overbloated machep.c to multiple files and do basic cleanup of these
fragments.
r306631:
Use C99 designated initializers to create the armv6 cpu_functions structs.
This will help with a later cleanup of what functions we implement.
r306640:
Only define the CF_* macros on ARMv4/v5. They are unused on armv6.
r306641:
Remove the parts of cpu_functions from armv6 that are unused on that
architecture.
r306650:
Add the Cortex-A{53,57,72} ID register values. These can all run 32-bit
code so could run a 32-bit kernel.
r306656:
Use the cortex functions when booting on one of the Cortex-A ARMv8 CPUs.
This list is incomplete, however we don't have the ID values for the
missing Cortex-A32 or A35.
r313823:
Pull in r285478 from upstream compiler-rt trunk (by Saleem Abdulrasool):
r313866:
Publish __aeabi_uidiv and __aeabi_idiv as compatible symbols from libc.
As noted by bde@ negative tv_sec values are not checked for overflow,
so overflow can still occur. Fix that. Also remove the extra check for
tv_sec size as under COMPAT_LINUX32 it is always true.
Reduce code duplication between MD Linux code by moving SYSV IPC 64-bit
related struct definitions out into the MI path.
Invert the native ipc structs to the Linux ipc structs convesion logic.
Since 64-bit variant of ipc structs has more precision convert native ipc
structs to the 64-bit Linux ipc structs and then truncate 64-bit values
into the non 64-bit if needed. Unlike Linux, return EOVERFLOW if the
values do not fit.
Fix SYSV IPC for 64-bit Linuxulator which never sets IPC_64 bit.
Remove attribute __packed from some IPC struct definition since
Linuxulator is x86 only.
The only notable differences in algnment for an LP64 64-bit system
when compared to a 32-bit system is an eight or large byte types
alignment.
Trying to be more compatible with Linux if.h definitions:
- renaming l_ifreq::ifru_metric to l_ifreq::ifru_ivalue;
- adding a definition for ifr_ifindex which points to l_ifreq::ifru_ivalue.
A quick search indicates that Linux already got the above changes since 2.1.14.
Point out that -F probably does not do what the user expects.
Users attempting to create images from mtree METALOG files created by
installworld often use -F when they should be passing the METALOG file
in place of a directory. This is often produces difficult to debug
error reports.
Temporarily revert r315602.
Bring back the definition for the GCC __nonnull() attribute.
Old versions of GCC, including the version installed the latest 11-stable
snapshot with pkg(8), still carry the old attributes.
The issue is easily fixed by rebuilding GCC but there is no need to cause
havoc in our user base. The definition by itself is harmless but it should
be removed again in the near future.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed by: Paul Dagnelie <pcd@delphix.com>
Approved by: Robert Mustacchi <rm@joyent.com>
Author: Pedro Giffuni <pfg@freebsd.org>
MFC r316524:
Use int instead of boolean_t for flags argument type in
vnode_pager_generic_putpages() prototype; change the argument name to
reflect that it is flags.