Delay revmoing the last jail reference in prison_proc_free, and instead
put it off into the pr_task. This is similar to prison_free, and in fact
uses the same task even though they do something slightly different.
This resolves a LOR between the process lock and allprison_lock, which
came about in r298565.
The facility_initialized and facility arrays are the same size and were
intended to be indexed the same. I believe this mismatch was just a
typo/braino in r208731.
- Factor out common part to zynq-7000.dtsi
- Fix problem with Zynq interrupts by using interrupt "triples"
in .dtsi file to differentiate between edge-triggered and
level-triggered interrupts
- cgem driver now recognizes "status" property
Submitted by: Thomas Skibo <thomasskibo@yahoo.com>
Differential Revision: https://reviews.freebsd.org/D6095
cem [Tue, 26 Apr 2016 23:02:18 +0000 (23:02 +0000)]
tcp_usrreq: Free allocated buffer in relock case
The disgusting macro INP_WLOCK_RECHECK may early-return. In
tcp_default_ctloutput() the TCP_CCALGOOPT case allocates memory before invoking
this macro, which may leak memory.
Add a _CLEANUP variant that takes a code argument to perform variable cleanup
in the early return path. Use it to free the 'pbuf' allocated in
tcp_default_ctloutput().
I am not especially happy with this macro, but I reckon it's not any worse than
INP_WLOCK_RECHECK already was.
cem [Tue, 26 Apr 2016 22:30:54 +0000 (22:30 +0000)]
g_part_bsd64: Check for valid on-disk npartitions value
This value is u32 on disk, but assigned to an int in memory. After we do the
implicit conversion via assignment, check that the result is at least one[1]
(non-negative[2]).
1. The subsequent for-loop iterates from gpt_entries minus one, down, until
reaching zero. A negative or zero initial index results in undefined signed
integer overflow.
2. It is also used to index into arrays later.
In practice, we expected non-malicious disks to contain small positive values.
cem [Tue, 26 Apr 2016 22:01:07 +0000 (22:01 +0000)]
ciss(4): Fix overrun of array
The softc member 'ciss_logical' is an array of 'ciss_max_logical_bus' members.
Most of the time it is iterated correctly. This patch fixes the two instances
where the driver iterated off the end of the array.
ism_stop() already destroys and frees 'sp', including a call to ic_destroy().
Don't dereference 'sp' after ism_stop() and don't invoke ic_destroy() on the
freed memory either.
Add dtb/zynq to generate dtb files for Zynq-based boards
It seems that the only way to supply dtb to loader on Zynq-based
SoCs is to manually generate dtb and place it to pre-defined location
on SD card or TFTP server where loader can pick it up. More modern
approach is to add modules/dtb/%soc% module and let installworld
target generate dtb and copy them to /boot/dtb/ where they can be
loaded by ubldr
cem [Tue, 26 Apr 2016 20:59:21 +0000 (20:59 +0000)]
aacraid(4): Fix some mostly trivial buffer overruns
strcpy(3) emits a trailing nul byte, trampling fields after the intended
destination. Instead, use strncpy(3), intentionally leaving these fields
not nul-terminated.
msdosfs: Prevent buffer overflow when expanding win95 names
In win2unixfn() we expand Windows 95 style long names. In some cases that
requires moving the data in the nbp->nb_buf buffer backwards to make room. That
code failed to check for overflows, leading to a stack overflow in win2unixfn().
We now check for this event, and mark the entire conversion as failed in that
case. This means we present the 8 character, dos style, name instead.
cem [Tue, 26 Apr 2016 20:27:17 +0000 (20:27 +0000)]
radix_mpath: Don't derefence a NULL pointer in for loop iteration
It seems rn_dupedkey may be NULL, because of the NULL check inside the loop.
(Also, the rt gets assigned from rn_dupedkey and NULL checked at top of loop.)
However, the for-loop update condition happens before the top-of-loop check and
dereferences 'rt' unconditionally.
Instead, NULL-check before dereferencing.
If rn_dupedkey cannot in fact be NULL, or something else protects this, feel
free to revert this and add an ASSERT of some kind instead.
This was introduced in r191080 (2009) and moved around slightly in r293657.
cem [Tue, 26 Apr 2016 19:57:35 +0000 (19:57 +0000)]
osd(9): Change array pointer to array pointer type from void*
This is a minor follow-up to r297422, prompted by a Coverity warning. (It's
not a real defect, just a code smell.) OSD slot array reservations are an
array of pointers (void **) but were cast to void* and back unnecessarily.
Keep the correct type from reservation to use.
osd.9 is updated to match, along with a few trivial igor fixes.
WITH_META_MODE: Allow buildkernel to create .meta files with curdir==objdir.
Without this the incremental build was broken since .depend.* are not
generated with .MAKE.MODE=meta and .meta files were not created to
track dependencies. Typically meta mode does not create .meta files
when building with curdir==objdir but the kernel build is special.
andrew [Tue, 26 Apr 2016 14:21:39 +0000 (14:21 +0000)]
Disable ACPI on arm64 ad it has only had minimal testing and is causing
boot issues when booting with FDT. It is planned to re-enable this at a
later date.
Obtained from: ABT Systems Ltd
Sponsored by: The FreeBSD Foundation
Set MMC_CAP_4_BIT_DATA and MMC_CAP_8_BIT_DATA based on the "bus-width"
DT property and reduce maximum bus frequency from 52MHz to 50MHz to match
the capabilities of the clock provider.
andrew [Tue, 26 Apr 2016 11:39:32 +0000 (11:39 +0000)]
Stop using sbrk in csh. This is a legacy interface and its use within csh
is invalid. It is used to find the size of allocated memory. As malloc may
allocate memory with mmap it will fail to take this memory into account.
ed [Tue, 26 Apr 2016 10:04:06 +0000 (10:04 +0000)]
Remove unportable calls to basename().
The POSIX version of basename() doesn't use a 'const char *' argument;
the function may overwrite its input buffer. Instead of copying the
input string, let's just simplify this code by using our getprogname()
function that already returns the name of the application in the right
format.
adrian [Tue, 26 Apr 2016 03:24:28 +0000 (03:24 +0000)]
[iwm] add extra transmit setup/completion logging so I can see what's going on.
I'm seeing 5GHz association work but data not work until the rate drops,
so I need way more information about what's being programmed into the
transmit descriptors.
adrian [Tue, 26 Apr 2016 01:29:03 +0000 (01:29 +0000)]
[net80211] add STBC capability flags to iv_flags_ht.
This is in preparation for exposing configuring STBC flags up to ifconfig
so STBC TX/RX can be configured at runtime.
* Set the FHT_STBC flags for TX/RX if the HT capabilitiex exist
* Clear the RX STBC HT capability flag when creating a HTCAP IE, so
we only announce it if it's configured in the FHT flags.
Remove a variable and three lines of code which I should have removed as
part of revision 98776 back on June 24/2002. Noticed by pfg@ trying
coccinelle for checking code.
This allows for the long function components encountered in www/firefox.
This constant is part of DTrace's userland ABI, so this change may not be
MFC'ed.
Allow DOF sections with excessively long probe function components.
Without this change, DTrace will refuse to load a DOF section if the
function component of any of its probes exceeds DTRACE_FUNCNAMELEN (128).
Probes in C++ programs can have very long function components. Rather than
rejecting all probes if a single probe exceeds the limit, simply skip the
invalid probe and emit a warning. This ensures that valid probes are
instantiated.