Avoid a possible heap overflow in our nlm code by limiting the number
of service to the arbitrary value of 256. Log an appropriate message
that indicates the hard limit.
cem [Wed, 20 Apr 2016 04:50:33 +0000 (04:50 +0000)]
pty(4): Use strlcpy to guarantee destination buffer isn't overrun
The devtoname() name is strcpyed into a small stack buffer. Sure, we always
expect the name to be ttyXX (or ptyXX). If that's the case, strlcpy() doesn't
hurt.
cem [Wed, 20 Apr 2016 03:24:59 +0000 (03:24 +0000)]
Make Racct macro slightly more gracious given RACCT_UNDEFINED
rctl_string_to_rule could previously index below the zeroth element of
racct_types via the macro. Maybe it shouldn't use the macro on
RACCT_UNDEFINED. But given every other RACCT_ definition is non-negative, it
seems pretty easy to foot-shoot this one without the check.
cem [Wed, 20 Apr 2016 02:01:45 +0000 (02:01 +0000)]
radix rn_inithead: Fix minor leak in low memory conditions
R_Zalloc is essentially a malloc(M_NOWAIT) wrapper. It is possible that 'rnh'
failed to allocate, but 'rmh' succeeds. In that case, we bail out of
rn_inithead() but previously did not free 'rmh'.
Introduced in r287073 (projects/routing) / MFP r294706.
cem [Wed, 20 Apr 2016 01:17:18 +0000 (01:17 +0000)]
nctgpio(4): Don't index past the end of sc->pins array
This driver thinks that the NCT_MAX_PIN index is a valid index in a few places
(nct_attach() for-loop, as well as NCT_IS_VALID_PIN()). Allocate room for
NCT_MAX_PIN as an index, that is, NCT_MAX_PIN + 1 elements.
cem [Wed, 20 Apr 2016 01:10:07 +0000 (01:10 +0000)]
SRAT: Don't overflow domain_pxm table
If we reached MAXMEMDOM, we would previously try to insert an additional
element and only detect overflow after causing (probably trivial) memory
overflow. Instead, detect the ndomain > MAXMEMDOM case before we write past
the end.
freopen handles closing file descriptors on error, with the exception of
fdopen'ed descriptors, so closing an already fclose'd file descriptor is
incorrect
- Always munmap memory regions after mmap'ing them.
- Make sure getpagesize() returns a value greater than 0 and use a
cached value instead of always calling getpagesize(3).
- Remove intermediate variable for assigning from $TMPDIR if set in the
environment to eliminate warnings about pointer conversions with "/tmp",
and to mute an invalid buffer overflow concern from Coverity
(snprintf and tacking on a NUL terminator was alleviating that concern
before).
- Remove useless self-test of psize before it's initialized.
- Check the return values of getrlimit/setrlimit.
Cosmetic changes:
- Replace a `(void*)0` with NULL.
- Do some minor whitespace clean up.
- Remove an unnecessary cast to mmap.
- Make all munmap calls use ATF_REQUIRE_MSG instead of using the:
> if (munmap(..) == -1)
> atf_tc_fail(..)
idiom. Employ the new idiom consistently when calling munmap.
Fix leaks and test for getpagesize() returning == -1
- close file descriptors after use.
- Always munmap memory regions after mmap'ing them.
- Make sure getpagesize() returns a value greater than 0 and use a
cached value instead of always calling getpagesize(3).
Always emit an error message on passthru configuration errors.
Previously, many errors (such as the PCI device not being attached
to the ppt(4) driver) resulted in bhyve silently exiting without
starting the virtual machine. Now any errors encountered when
configuring a virtual slot for a PCI passthru device should be noted
on stderr.
1. modify fwdump (a.k.a grcdump) so that grcdump memory is allocated
and freed on as needed basis.
2. grcdump can be taken at failure points by invoking bxe_grc_dump()
when trigger_grcdump sysctl flag is set. When grcdump is taken
grcdump_done sysctl flag is set.
3. grcdump_done can be monitored by the user to retrieve the grcdump.
adrian [Tue, 19 Apr 2016 15:56:39 +0000 (15:56 +0000)]
[bhnd] Standardize bhnd device tables and quirk matching.
This add a bhnd device table mechanism that standardizes matching of
devices on the bhnd(4) bus, discovery of device quirk flags, and should
be pluggable into the new PNPINFO machinery.
adrian [Tue, 19 Apr 2016 15:53:57 +0000 (15:53 +0000)]
[bhnd] Clean up bhnd resource handling and inherited bus methods
To facilitate use by SoC implementors working with bhnd-inheriting fdt/nexus
drivers:
* Splits bhnd_bus method implementations into generic bus implementations
(bhnd_bus_generic) and generic bhnd(4) driver implementations (bhnd_generic)
* Simplifies bhnd resource handling, allowing bhnd bus implementations to
support bhnd resource activation by implementing the standard BUS_*
resource APIs and BHND_BUS_ACTIVATE_RESOURCE().
adrian [Tue, 19 Apr 2016 15:52:55 +0000 (15:52 +0000)]
[bhnd] Add support for specifying the address space used by bhndb children
This adds support for specifying the address space used by a bridge child;
this will either be the bridged SoC address space, or the host address space
required by children that map non SoC-address ranges from the PCI BAR.
This is necessary to support SROM/OTP child devices that live directly
beneath the bhndb device and require access to host resources, instead
of the standard behavior of delegating access to the bridged SoC address
space.
Add a new installation type to bsdinstall/zfsboot: BIOS+UEFI
Installs both pmbr+gptzfsboot as well as boot1.efifat in separate partitions
The resulting system can be booted with either UEFI or BIOS/CSM.
Preference is controlled by the user's firmware boot settings.
Summary:
PowerPC Book-E SMP is currently broken for unknown reasons. Pull in
Semihalf changes made c2012 for e500mc/e5500, which enables booting SMP.
This eliminates the shared software TLB1 table, replacing it with
tlb1_read_entry() function.
This does not yet support ePAPR SMP booting, and doesn't handle resetting CPUs
already released (ePAPR boot releases APs to a spin loop waiting on a specific
address). This will be addressed in the near future by using the MPIC to reset
the AP into our own alternate boot address.
This does include a change to the dpaa/dtsec(4) driver, to mark the portals as
CPU-private.
Test Plan:
Tested on Amiga X5000/20 (P5020). Boots, prints the following
messages:
Adding CPU 0, pir=0, awake=1
Waking up CPU 1 (dev=1)
Adding CPU 1, pir=20, awake=1
SMP: AP CPU #1 launched