The devtoname() name is strcpyed into a small stack buffer. Sure, we always
expect the name to be ttyXX (or ptyXX). If that's the case, strlcpy() doesn't
hurt.
Reported by: Coverity
CID: 1006768
Sponsored by: EMC / Isilon Storage Division
'buf.value' was previously treated as a nul-terminated string, but only
allocated with strlen() space. Rectify this.
Reported by: Coverity
CID: 1007639
Sponsored by: EMC / Isilon Storage Division
rctl_string_to_rule could previously index below the zeroth element of
racct_types via the macro. Maybe it shouldn't use the macro on
RACCT_UNDEFINED. But given every other RACCT_ definition is non-negative, it
seems pretty easy to foot-shoot this one without the check.
Reported by: Coverity
CID: 1305574
Sponsored by: EMC / Isilon Storage Division
The local of the same name would alias the global, but we didn't even include
the header that defines tsc_freq. Include it and rename the local.
Reported by: Coverity
CID: 1331559
Sponsored by: EMC / Isilon Storage Division
Ordinarily, rctl_write_outbuf frees 'sb'. However, if we are in low memory
conditions we skip past the rctl_write_outbuf. In that case, free 'sb'.
Reported by: Coverity
CID: 1338539
Sponsored by: EMC / Isilon Storage Division
R_Zalloc is essentially a malloc(M_NOWAIT) wrapper. It is possible that 'rnh'
failed to allocate, but 'rmh' succeeds. In that case, we bail out of
rn_inithead() but previously did not free 'rmh'.
Introduced in r287073 (projects/routing) / MFP r294706.
Reported by: Coverity
CID: 1350258
Sponsored by: EMC / Isilon Storage Division
'lst' is allocated with 'n1' members. 'n' indexes 'lst'. So 'n == n1' is an
invalid 'lst' index. This is a follow-up to r296009.
Reported by: Coverity
CID: 1352743
Sponsored by: EMC / Isilon Storage Division
This driver thinks that the NCT_MAX_PIN index is a valid index in a few places
(nct_attach() for-loop, as well as NCT_IS_VALID_PIN()). Allocate room for
NCT_MAX_PIN as an index, that is, NCT_MAX_PIN + 1 elements.
Reported by: Coverity
CIDs: 1353806, 1353807, 1353808, 1353809, 1353810
Sponsored by: EMC / Isilon Storage Division
If we reached MAXMEMDOM, we would previously try to insert an additional
element and only detect overflow after causing (probably trivial) memory
overflow. Instead, detect the ndomain > MAXMEMDOM case before we write past
the end.
Reported by: Coverity
CID: 1354783
Sponsored by: EMC / Isilon Storage Division
Also, call endfsent after calling getfsent (i.e. when not explicitly called
with a swap device) for code cleanliness
CID: 1354785
Differential Revision: https://reviews.freebsd.org/D6014
X-MFC with: r298076
Reported by: Coverity
Reviewed by: cem
Sponsored by: EMC / Isilon Storage Division
No functional change, only trivial cases are done in this sweep,
Drivers that can get further enhancements will be done independently.
Discussed in: freebsd-current
- Always munmap memory regions after mmap'ing them.
- Make sure getpagesize() returns a value greater than 0 and use a
cached value instead of always calling getpagesize(3).
- Remove intermediate variable for assigning from $TMPDIR if set in the
environment to eliminate warnings about pointer conversions with "/tmp",
and to mute an invalid buffer overflow concern from Coverity
(snprintf and tacking on a NUL terminator was alleviating that concern
before).
- Remove useless self-test of psize before it's initialized.
- Check the return values of getrlimit/setrlimit.
Cosmetic changes:
- Replace a `(void*)0` with NULL.
- Do some minor whitespace clean up.
- Remove an unnecessary cast to mmap.
- Make all munmap calls use ATF_REQUIRE_MSG instead of using the:
> if (munmap(..) == -1)
> atf_tc_fail(..)
idiom. Employ the new idiom consistently when calling munmap.
CID: 1331351, 1331382-1331386, 1331513, 1331514, 1331565, 1331583, 1331694
Differential Revision: https://reviews.freebsd.org/D6012
MFC after: 2 weeks
Reported by: Coverity
Reviewed by: markj
Sponsored by: EMC / Isilon Storage Division
- close file descriptors after use.
- Always munmap memory regions after mmap'ing them.
- Make sure getpagesize() returns a value greater than 0 and use a
cached value instead of always calling getpagesize(3).
CID: 1331374-1331377, 1331653-1331662
Differential Revision: https://reviews.freebsd.org/D6011
MFC after: 2 weeks
Reported by: Coverity
Reviewed by: cem
Sponsored by: EMC / Isilon Storage Division
Previously, many errors (such as the PCI device not being attached
to the ppt(4) driver) resulted in bhyve silently exiting without
starting the virtual machine. Now any errors encountered when
configuring a virtual slot for a PCI passthru device should be noted
on stderr.
Reviewed by: neel
Differential Revision: https://reviews.freebsd.org/D5990
and freed on as needed basis.
2. grcdump can be taken at failure points by invoking bxe_grc_dump()
when trigger_grcdump sysctl flag is set. When grcdump is taken
grcdump_done sysctl flag is set.
3. grcdump_done can be monitored by the user to retrieve the grcdump.
Submitted by:vaishali.kulkarni@qlogic.com
anything janky from a user. (cturt)
aac(4): landergriffith+freebsdbugzilla@gmail.com pointed out that aacraid(4)
had the same issue and handling of pointers, so let's change that too.
PR: 206573
Submitted by: cturt@hardenedbsd.org
Obtained from: HardenedBSD
MFC after: 1 week
This add a bhnd device table mechanism that standardizes matching of
devices on the bhnd(4) bus, discovery of device quirk flags, and should
be pluggable into the new PNPINFO machinery.
Submitted by: Landon Fuller <landonf@landonf.org>
Differential Revision: https://reviews.freebsd.org/D5759
To facilitate use by SoC implementors working with bhnd-inheriting fdt/nexus
drivers:
* Splits bhnd_bus method implementations into generic bus implementations
(bhnd_bus_generic) and generic bhnd(4) driver implementations (bhnd_generic)
* Simplifies bhnd resource handling, allowing bhnd bus implementations to
support bhnd resource activation by implementing the standard BUS_*
resource APIs and BHND_BUS_ACTIVATE_RESOURCE().
Submitted by: Landon Fuller <landonf@landonf.org>
Differential Revision: https://reviews.freebsd.org/D5758
This adds support for specifying the address space used by a bridge child;
this will either be the bridged SoC address space, or the host address space
required by children that map non SoC-address ranges from the PCI BAR.
This is necessary to support SROM/OTP child devices that live directly
beneath the bhndb device and require access to host resources, instead
of the standard behavior of delegating access to the bridged SoC address
space.
Submitted by: Landon Fuller <landonf@landonf.org>
Differential Revision: https://reviews.freebsd.org/D5757