rmacklem [Wed, 1 Jun 2016 20:30:31 +0000 (20:30 +0000)]
MFC: r300169
If a local (AF_LOCAL, AF_UNIX) socket creation (bind) is attempted
on a fuse mounted file system, it will crash. Although it may be
possible to make this work correctly, this patch avoids the crash
in the meantime.
I removed the MPASS(), since panicing for the FIFO case didn't make
a lot of sense when it returns an error for the others.
There is no need to to call strdup() on the value returned by fmt().
The latter calls fmt_argv() which always returns a dynamically
allocated string, and calling strdup() on that leaks the memory
allocated by fmt_argv(). Wave some const magic on ki_args and
ki_env to make the direct assignment happy. This requires a tweak
to the asprintf() case to avoid a const vs. non-const mismatch.
Allow setextattr(8) to take attribute values from stdin
Add the -i option to setextattr. This option allow extended attribute data
to be provided via stdin. Add a -qq option to getextattr, which omits the
trailing newline. Together these options can be used to work with extended
attributes whose values are large and/or binary.
usr.sbin/extattr/Makefile:
Link against libsbuf which is used for processing stdin data.
usr.sbin/extattr/rmextattr.8:
Document setextattr's -i option, getextattr's -qq option, and remove
the BUG about setextattr only being useful for strings.
usr.sbin/extattr/rmextattr.c:
For setextattr operations, buffer attribute data in an sbuf. If -i
is specified, pull the data from stdin, otherwise from the
appropriate argurment.
Update usage text and argument validation code for setextattr's -i
option.
usr.sbin/extattr/tests/extattr_test.sh
Add tests for -q and -i.
Add PACKAGE fields to usr.sbin/extattr/tests/Makefile
usr.sbin/extattr/tests/Makefile
Add boiler plate required by 298107 but omitted by 298483. These
two changes passed through CR in parallel. I think this should get
the full test suite running in Jenkins again.
truckman [Wed, 1 Jun 2016 17:16:35 +0000 (17:16 +0000)]
MFC r300633
Fix acpidb CIDs 1011279 (Buffer not null terminated) and 978405 and 1199380 (Resource leak).
load_dsdt() calls strncpy() to copy a filename and Coverity warns
that the destination buffer may not be NUL terminated. Fix this
by using strlcpy() instead. If silent truncation occurs, then the
filename was not valid anyway.
load_dsdt() leaks an fd (CID 978405) and a memory region allocated
using mmap() (CID 1199380) when it returns. Fix these by calling
close() and munmap() as appropriate.
Don't bother fixing the minor memory leak "list", allocated by
AcGetAllTablesFromFile() (CID 1355191).
Check for truncation when creating the temp file name.
Set a flag to indicate that the temp file should be unlinked.
Relying on a strcmp() test could delete the input file in contrived
cases.
truckman [Wed, 1 Jun 2016 17:13:43 +0000 (17:13 +0000)]
MFC r300632
Fix acpidump CID 1011278 (Buffer not null terminated) and other issues
Coverity reports that a buffer used for temporary file generation
might not be NUL terminated by strncpy(). This is probably not
true because the input gets passed through realpath(), but if the
path name is sufficiently long the name could be truncated and cause
other problems. The code for generating the temp file names is
also overly complex. Instead of a bunch of calls to strncpy() and
and strncat(), simplify the code by using snprintf() and add checks
for unexpected truncation.
The output file created by iasl -d is predictable. Fix this by
using mkdtemp() to create a directory to hold the iasl input and
output files.
truckman [Wed, 1 Jun 2016 17:09:50 +0000 (17:09 +0000)]
MFC r300442
Hopefully fix Coverity CID 1008328 (Out-of-bounds write) in /bin/sh.
Replace the magic constant 127 in the loop interation count with
"PROMPTLEN - 1".
gethostname() is not guaranteed to NUL terminate the destination
string if it is too short. Decrease the length passed to gethostname()
by one, and add a NUL at the end of the buffer to make sure the
following loop to find the end of the name properly terminates.
The default: case is the likely cause of Coverity CID 1008328. If
i is 126 at the top of the loop interation where the default case
is triggered, i will be incremented to 127 by the default case,
then incremented to 128 at the top of the loop before being compared
to 127 (PROMPTLENT - 1) and terminating the loop. Then the NUL
termination code after the loop will write to ps[128]. Fix by
checking for overflow before incrementing the index and storing the
second character in the buffer.
These fixes are not guaranteed to satisfy Coverity. The code that
increments i in the 'h'/'H' and 'w'/'W' cases may be beyond its
capability to analyze, but the code appears to be safe.
kib [Wed, 1 Jun 2016 04:01:48 +0000 (04:01 +0000)]
MFC r300596:
In vm_page_alloc_contig(), on vm_page_insert() failure, mark each
freed page as VPO_UNMANAGED. Otherwise vm_pge_free_toq() insists on
owning the page lock.
ian [Tue, 31 May 2016 17:15:57 +0000 (17:15 +0000)]
MFC r297323,r297324, r297325, r297326:
Set only one default route for nfsroot mount, the one associated with the
interface that will be used to mount the rootfs (and never a self-ip proxy
arp route). Made up of the following related changes...
Set ifctx->gotrootpath=1 only when the root path came from the dhcp/bootp
server (and not when it came from a fallback method such as the ROOTDEVNAME
option). This makes the code in bootpc_init() choose the first interface
that provided a rootpath name. Previously it was choosing the first
interface that got an IP address, which could be on a different and
potentially unreachable subnet than the server providing the rootfs.
If the rootpath name actually does come from a fallback source, then the
code continues to use the first interface in the list that got configured.
Note that this wasn't directly reported in the PR cited below, but was
discovered while working on that PR.
Switch bootpc_adjust_interface() from returning int to void. Its one caller
doesn't check for errors, and all the errors that can happen result in it
calling panic anyway, except for one that's really more of a warning (and
is going to disappear on an upcoming commit anyway).
Stop setting the default route to the IP of the interface itself when the
bootp/dhcp server doesn't provide a router option. Doing so prevents
setting defaultrouter=<ip> in rc.conf (it fails because there's already
a bogus default route installed by bootpc_init).
When an admin wants to use this style of proxy arp on an interface, the
proper mechanism is to set the "use-lease-addr-for-default-route" flag
in the dhcp server config. That causes the lease address to be delivered
in the routers option, and the normal handling of the routers option will
then install the self-ip as the default route.
Do not try to install a default route for each interface found, because
only the first one will actually work and all the others just result in
errors (which would get printed but otherwise ignored).
Instead, wait until we make a choice of which interface will be used to
mount the rootfs, and install the default route associated with it (if any).
After doing the md_mount() call to obtain the needed info, remove the
default route again, and transcribe the route info into the nfs_diskless
structure. If the system eventually chooses to mount the nfs rootfs, the
default route will be installed again when the nfs_diskless code
re-initializes the interface.
ian [Tue, 31 May 2016 17:01:54 +0000 (17:01 +0000)]
MFC r297147, r297148, r297149, r297150, r297151:
Make both the loader and kernel use the interface-mtu option if the
dhcp server provides it. Made up of these (semi-)related changes...
[kernel...] If the dhcp server provides an interface-mtu option, parse
the value and set that mtu on the interface.
[libstand...]
Garbage collect the bswap routines from libstand, use sys/endian.h.
If the dhcp server delivers an interface-mtu option, parse it and store
the value in a new global intf_mtu for use by the application.
[loader...]
If the dhcp server provided an interface-mtu option, transcribe the value
to the boot.netif.mtu env var, which will be picked up by pre-existing code
in nfs_mountroot() and used to configure the interface accordingly.
rmacklem [Sun, 29 May 2016 23:30:36 +0000 (23:30 +0000)]
MFC: r299872
Fix fuse for "cp" of a mode 0444 file to the file system.
When "cp" of a file with read-only (mode 0444) to a fuse mounted
file system was attempted it would fail with EACCES. This was because
fuse would attempt to open the file WRONLY and the open would fail.
This patch changes the fuse_vnop_open() to test for an extant read-write
open and use that, if it is available.
This makes the "cp" of a read-only file to the fuse mounted file system
work ok.
There are simpler ways to fix this than adding the fuse_filehandle_validrw()
function, but this function is useful for future patches related to
exporting a fuse filesystem via NFS.
rmacklem [Sun, 29 May 2016 23:05:14 +0000 (23:05 +0000)]
MFC: r299816
Fix fuse so that stale buffer cache data isn't read.
When I/O on a file under fuse is switched from buffered to DIRECT_IO,
it was possible to read stale (before a recent modification) data from
the buffer cache. This patch invalidates the buffer cache for the
file to fix this.
pfg [Sun, 29 May 2016 16:32:21 +0000 (16:32 +0000)]
MFC r300378:
libc/regex: fix two buffer underruns.
Fix some rather complex regex issues found on OpenBSD as part of some
ongoing work to fix a sed(1) bug.
Curiously the OpenBSD tests don't trigger segfaults on FreeBSD but the
bugs were confirmed by running a port of FreeBSD's regex under OpenBSD's
malloc. Huge thanks to Ingo for confirming the behavior.
jah [Sun, 29 May 2016 07:14:51 +0000 (07:14 +0000)]
MFC r300258:
iic_rdwr_data->nmsgs is uint32_t, so limit the allowable number of messages to
prevent memory exhaustion and short allocations on 32-bit systems. Since
iicrdwr is intended to be a workalike of a Linux i2c-dev call, use the same
limit of 42 that Linux uses.
Also check the return value of copyin(9) to prevent unnecessary allocation in
the failure case.
ache [Sun, 29 May 2016 06:46:17 +0000 (06:46 +0000)]
MFC: r300397
1) POSIX prohibits printing errors to stderr here and require
returning NULL:
"Upon successful completion, initstate() and setstate() shall return a
pointer to the previous state array; otherwise, a null pointer shall
be returned.
Although some implementations of random() have written messages to
standard error, such implementations do not conform to POSIX.1-2008."
2) Move error detections earlier to prevent state modifying.
rmacklem [Sat, 28 May 2016 22:42:56 +0000 (22:42 +0000)]
MFC: r299753
Fix fuse to use DIRECT_IO when required.
When a file is opened write-only and a partial block was written,
buffered I/O would try and read the whole block in. This would
result in a hung thread, since there was no open (fuse filehandle)
that allowed reading. This patch avoids the problem by forcing
DIRECT_IO for this case.
It also sets DIRECT_IO when the file system specifies the FN_DIRECTIO
flag in its reply to the open.
kadesai [Thu, 26 May 2016 12:00:14 +0000 (12:00 +0000)]
MFC r299666 - r299672
r299666: Takes care of any firmware command timeout scenarios by initiating OCR.
r299667: Similar to RAID map for Logical Drives, now JBOD map has been introduced
r299668: This patch implements driver support for 1MB IO size.
r299669: Implemented interrupt Config Hook in mrsas(4) to defer some of the tasks, like:
registering AEN, creating cdev.
r299670: Added support for Avago Intruder controller.
r299671: bugs fixed as part of this patch in kdump and some NULL pointer dereference
r299672: Version update patch.
ken [Wed, 25 May 2016 15:10:07 +0000 (15:10 +0000)]
MFC r300327:
------------------------------------------------------------------------
r300327 | ken | 2016-05-20 13:30:52 -0600 (Fri, 20 May 2016) | 11 lines
Add the density code for LTO-7 to libmt and the mt(1) man page.
The density code and bits per mm values were obtained from an
actual drive density report.
The number of tracks were obtained from an LTO-7 hardware
announcement on IBM's web site.
------------------------------------------------------------------------
Sponsored by: Spectra Logic
ken [Wed, 25 May 2016 14:30:33 +0000 (14:30 +0000)]
MFC r300224:
------------------------------------------------------------------------
r300224 | ken | 2016-05-19 13:13:43 -0600 (Thu, 19 May 2016) | 12 lines
Adjust a couple of error cases in camdd(8).
usr.sbin/camdd/camdd.c:
In camdd_probe_file(), fix an error case after fstat where
we were bailing out and leaving two lines of cleanup code
unexecuted. Instead, just goto bailout_error.
In camdd_probe_pass(), fail if the sector size is 0.
------------------------------------------------------------------------
jhb [Tue, 24 May 2016 23:04:16 +0000 (23:04 +0000)]
MFC 299310:
Don't store generated firmware object files in the source directory.
Trim the leading directory of a firmware source file from the resulting
target object file name so the object file is stored in the object
directory. Previously, using 'FIRMWS= /path/to/fw.bin:fw.bin' would
store the generated 'fw.bin.fwo' file in the /path/to directory. Now
it stores it in the object directory of the kernel module being built.
kib [Tue, 24 May 2016 10:46:23 +0000 (10:46 +0000)]
MFC r300084:
Do enable io accounting for read-only mounts and mounts which are
remounted to writeable after initial read-only. Assign to
dev->si_mountpt earlier to account the accesses done at the mount
time.
mav [Tue, 24 May 2016 07:21:23 +0000 (07:21 +0000)]
MFC r299373: Allow sleepable allocations in enclosure daemon threads.
There were at least two places where M_NOWAIT was used without NULL check.
This change should fix NULL-dereference panic there and possibly improve
operation in other ways under memory pressure.
Use the size of the destination buffer, not the source buffer.
Technically this is a no-op, but mute the clang warning in case the malloc call
above for fstring ever changes in the future
r299765:
Fix theoretical buffer overflow issues in snmp_oid2asn_oid
Increase the size of `string` by 1 to account for the '\0' terminator. In the event
that `str` doesn't contain any non-alpha chars, i would be set to MAXSTR, and
the subsequent strlcpy call would overflow by a character.
Remove unnecessary `string[i] = '\0'` -- this is already handled by strlcpy.
r299767:
Mute sign compare warning by casting rc to u_int to match nbindings' type
rc cannot be negative -- that was already tested for earlier on in
the function
r299769:
Use the size of the destination buffer instead of the malloc size, repeated, in order
to mute a -Wstrlcpy-strlcat-size warning
r299770:
Fix up r299764
I meant to use nitems, not sizeof(..) with the destination buffer. Using sizeof(..)
on a pointer will always truncate the output in the destination buffer incorrectly
Pointyhat to: ngie
r299774:
Do minimal work necessary to cure a -Wunused-but-set-variable warning from gcc
How errno is saved before and restored after strtoul calls needs a rethink
r299802:
Fix up both r299764 and r299770
nitems was wrong too, as it was being tested against a pointer instead of a buffer on
the stack.
Since the old code was just doing malloc, then strlcpy'ing the contents of the source
buffer into the destination buffer, replace it all with a call to strdup..
Supersized Duncecap to: ngie
r299803:
Replace malloc + memset(.., 0, ..) with calloc calls
r299805:
Fix up r299769
Similar to r299802, it was noted that using nitems on scalar pointers is
invalid.
Use strdup instead of malloc + strlcpy (which is what the old code was doing
anyhow).
Pointyhat to: ngie
r299814:
Replace malloc + memset(.., 0, ..) with calloc calls
pfg [Tue, 24 May 2016 03:08:32 +0000 (03:08 +0000)]
sed: rewrite the main loop.
Rewrite the main loop of the "sed s/..." command, shortening it by ten
lines and simplifying it by removing the switch statement implementing
/g, /1, and /2 separately and repetitively.
This will be needed to bring a fix from OpenBSD later.
ngie [Mon, 23 May 2016 06:01:04 +0000 (06:01 +0000)]
MFC r299710,r299711,r299763,r299783,r299811:
r299710:
Staticize global variables only used in bsnmpimport.c to fix
-Wmissing-variable-declarations warnings
r299711:
Fold two malloc + memset(.., 0, ..) calls into equivalent calloc calls
r299763:
Mute -Wstrlcpy-strlcat-size warning by using nitems with the size of the buffer
This is a no-op as the malloc above set the size of the buffer to the size used
below, but this keeps things consistent in case the malloc call changes somehow.
r299783:
Convert tok from enum tok to int32_t in function calls
get_token(..) returns int32_t, not enum tok, and in many cases tests for items
not in enum tok (e.g. '('). Make the typing consistent with get_token, which
includes a domino effect of changing enum tok to int32_t.
ngie [Mon, 23 May 2016 05:41:53 +0000 (05:41 +0000)]
MFC r299712,r299759,r299760,r299761,r299762:
r299712:
Fix some trivial clang/gcc warnings in bsnmptc.c
- By definition, `enum snmp_tc` can't be false (the implied starting sequence
index for the enum is 0). Don't test for it being < 0.
- Staticize `struct snmp_text_conv` to mute a -Wmissing-variable-declarations
warning from clang.
- Remove set but unused variable, ptr, in parse_bridge_id(..) and
parse_bport_id(..) to mute warning from gcc 4.9+.
- Mark value and string unused in snmp_inetaddr2oct(..) and parse_inetaddr(..)
as they're just stub functions.
r299759:
Use calloc instead of memset(.., 0, ..) + malloc
r299760:
Sort variables in parse_ascii(..) per style(9)
r299761:
parse_ascii: make count size_t to mute a -Wsign-compare issue
count is always unsigned.
r299762:
Mark snmptoolctx unused in parse_authentication(..), parse_privacy(..),
parse_context(..), and parse_user_security(..).
truckman [Mon, 23 May 2016 05:38:40 +0000 (05:38 +0000)]
MFC r299988
Set ai2 to NULL in in find_host() before the loop and after calling
freeaddrinfo() on it to indicate that it doesn't point to a valid
addrinfo list. This fixes this Coverity issues: 1006368 Uninitialized pointer read 1018506 Double free 1305590 Resource leak
that can be triggered in the hp->hostname[0] != '\0' case.
Don't treat a character as a boolean.
Fix these Coverity issues: 1009293 Unchecked return value from library 1194246 Wrong size argument
by tweaking the status file extend code.
truckman [Mon, 23 May 2016 05:27:31 +0000 (05:27 +0000)]
MFC r299986
Actually use the loop interation limit so carefully computed on the
previous line to prevent buffer overflow. This turns out to not be
important because the upstream xdr code already capped the object
size at the proper value. Using the correct limit here looks a lot
less scary and should please Coverity.
projects / FreeBSD / stable / 10.git / log