Commit Graph

210944 Commits

Author SHA1 Message Date
Conrad Meyer
b51230b720 pty(4): Use strlcpy to guarantee destination buffer isn't overrun
The devtoname() name is strcpyed into a small stack buffer.  Sure, we always
expect the name to be ttyXX (or ptyXX).  If that's the case, strlcpy() doesn't
hurt.

Reported by:	Coverity
CID:		1006768
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 04:50:33 +00:00
Conrad Meyer
e3081f7e3e kgssapi(4): Fix string overrun in Kerberos principal construction
'buf.value' was previously treated as a nul-terminated string, but only
allocated with strlen() space.  Rectify this.

Reported by:	Coverity
CID:		1007639
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 04:45:23 +00:00
Conrad Meyer
1a7dfcc5a3 i915kms: Fix memory leak if a CRT is detected
Reported by:	Coverity
CID:		1090729
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 03:48:57 +00:00
Conrad Meyer
1940692911 drm2(4): Fix double-free in low-memory error path
Reallocf frees 'block'; don't attempt to free it again.

Reported by:	Coverity
CID:		1091165
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 03:45:45 +00:00
Conrad Meyer
8691cc73d1 Make Racct macro slightly more gracious given RACCT_UNDEFINED
rctl_string_to_rule could previously index below the zeroth element of
racct_types via the macro.  Maybe it shouldn't use the macro on
RACCT_UNDEFINED.  But given every other RACCT_ definition is non-negative, it
seems pretty easy to foot-shoot this one without the check.

Reported by:	Coverity
CID:		1305574
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 03:24:59 +00:00
Conrad Meyer
c564824193 aesni(4): Initialize error before use
Reported by:	Coverity
CID:		1331554
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 03:05:32 +00:00
Conrad Meyer
cd1cdbb58b i915kms intel_pm: Read from actual tsc_freq instead of uninitialized local
The local of the same name would alias the global, but we didn't even include
the header that defines tsc_freq.  Include it and rename the local.

Reported by:	Coverity
CID:		1331559
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 02:58:22 +00:00
Conrad Meyer
b483e111c4 kern_rctl: Fix resource leak in error path
Ordinarily, rctl_write_outbuf frees 'sb'.  However, if we are in low memory
conditions we skip past the rctl_write_outbuf.  In that case, free 'sb'.

Reported by:	Coverity
CID:		1338539
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 02:09:38 +00:00
Conrad Meyer
856d8ddbb3 radix rn_inithead: Fix minor leak in low memory conditions
R_Zalloc is essentially a malloc(M_NOWAIT) wrapper.  It is possible that 'rnh'
failed to allocate, but 'rmh' succeeds.  In that case, we bail out of
rn_inithead() but previously did not free 'rmh'.

Introduced in r287073 (projects/routing) / MFP r294706.

Reported by:	Coverity
CID:		1350258
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 02:01:45 +00:00
Conrad Meyer
5412ec6e3f bpf_getdltlist: Don't overrun 'lst'
'lst' is allocated with 'n1' members.  'n' indexes 'lst'.  So 'n == n1' is an
invalid 'lst' index.  This is a follow-up to r296009.

Reported by:	Coverity
CID:		1352743
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 01:39:31 +00:00
Marcelo Araujo
6b1c46441c Partially revert the change on r298325 where there is an
(-1) casted to a pointer.

Submitted by:	pfg
MFC after:	2 weeks.
2016-04-20 01:38:54 +00:00
Marcelo Araujo
974482aa61 Re-ident lines.
Requested by:	pfg
MFC after:	2 weeks.
2016-04-20 01:35:09 +00:00
Marcelo Araujo
b4b3d271de Use NULL instead of 0 for pointers.
Small cosmetic change.

MFC after:	2 weeks.
2016-04-20 01:28:31 +00:00
Marcelo Araujo
61c2ed541d Use NULL instead of 0 for pointers.
gethostbyname(3) will return NULL for error status.

MFC after:	2 weeks.
2016-04-20 01:26:03 +00:00
Pedro F. Giffuni
75a5de5a40 libc: use our roundup2/rounddown2() macros when param.h is available.
rounddown2 tends to produce longer lines than the original code but
still it makes the code more readable.
2016-04-20 01:21:39 +00:00
Conrad Meyer
523af57ea2 nctgpio(4): Don't index past the end of sc->pins array
This driver thinks that the NCT_MAX_PIN index is a valid index in a few places
(nct_attach() for-loop, as well as NCT_IS_VALID_PIN()).  Allocate room for
NCT_MAX_PIN as an index, that is, NCT_MAX_PIN + 1 elements.

Reported by:	Coverity
CIDs:		1353806, 1353807, 1353808, 1353809, 1353810
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 01:17:18 +00:00
Conrad Meyer
3765b80993 SRAT: Don't overflow domain_pxm table
If we reached MAXMEMDOM, we would previously try to insert an additional
element and only detect overflow after causing (probably trivial) memory
overflow.  Instead, detect the ndomain > MAXMEMDOM case before we write past
the end.

Reported by:	Coverity
CID:		1354783
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 01:10:07 +00:00
Marcelo Araujo
fb4e4bd7f9 Use nitems() from sys/param.h.
MFC after:	2 weeks.
2016-04-20 01:05:54 +00:00
Conrad Meyer
8d340432aa linprocfs_doproclimits: Initialize error return before use
Reported by:	Coverity
CID:		1354623
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 01:03:06 +00:00
Conrad Meyer
e78adba3fe linprocfs: Don't print uninitialized values
Reported by:	Coverity
CID:		1354624
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 01:00:13 +00:00
Marcelo Araujo
46df5db84e Use nitems() from sys/param.h.
MFC after:	2 weeks.
2016-04-20 00:55:35 +00:00
Enji Cooper
3ae587fde4 Don't leak fd on sectorsize malloc failure
Also, call endfsent after calling getfsent (i.e. when not explicitly called
with a swap device) for code cleanliness

CID: 1354785
Differential Revision: https://reviews.freebsd.org/D6014
X-MFC with: r298076
Reported by: Coverity
Reviewed by: cem
Sponsored by: EMC / Isilon Storage Division
2016-04-20 00:49:49 +00:00
Enji Cooper
7661ad590f Fix double fclose of fp1 when freopen fails
freopen handles closing file descriptors on error, with the exception of
fdopen'ed descriptors, so closing an already fclose'd file descriptor is
incorrect

CID: 1338525
Differential Revision: https://reviews.freebsd.org/D6013
MFC after: 2 weeks
Reported by: Coverity
Sponsored by: EMC / Isilon Storage Division
2016-04-20 00:19:04 +00:00
Enji Cooper
c1755e5189 Make sure fmemopen succeeds in :test_append_binary_pos before calling ftell
on the FILE object

This fixes potential null pointer dereferences on failure

CID: 1254952
MFC after: 2 weeks
Reported by: Coverity
Sponsored by: EMC / Isilon Storage Division
2016-04-19 23:59:10 +00:00
Pedro F. Giffuni
02abd40029 kernel: use our nitems() macro when it is available through param.h.
No functional change, only trivial cases are done in this sweep,

Discussed in:	freebsd-current
2016-04-19 23:48:27 +00:00
Pedro F. Giffuni
2464bbf05a sys/boot: use our nitems() macro when it is available through param.h.
No functional change, only trivial cases are done in this sweep,

Discussed in:	freebsd-current
2016-04-19 23:44:33 +00:00
Pedro F. Giffuni
ea24b0561f X86: use our nitems() macro when it is avaliable through param.h.
No functional change, only trivial cases are done in this sweep,

Discussed in:	freebsd-current
2016-04-19 23:41:46 +00:00
Pedro F. Giffuni
73a1170a8c sys/dev: use our nitems() macro when it is avaliable through param.h.
No functional change, only trivial cases are done in this sweep,
Drivers that can get further enhancements will be done independently.

Discussed in:	freebsd-current
2016-04-19 23:37:24 +00:00
Pedro F. Giffuni
4ec642f1d6 dev/agp: use our nitems() macro when it is avaliable through param.h.
Consistently capitalize the macros used in the driver.

No functional change.
2016-04-19 23:31:35 +00:00
Oleksandr Tymoshenko
e4ad736f4d Fix build for Pi kernels with syscons enabled 2016-04-19 23:30:22 +00:00
Enji Cooper
94ebd6f5b4 Fix issues identified by Coverity
- Always munmap memory regions after mmap'ing them.
- Make sure getpagesize() returns a value greater than 0 and use a
  cached value instead of always calling getpagesize(3).
- Remove intermediate variable for assigning from $TMPDIR if set in the
  environment to eliminate warnings about pointer conversions with "/tmp",
  and to mute an invalid buffer overflow concern from Coverity
  (snprintf and tacking on a NUL terminator was alleviating that concern
  before).
- Remove useless self-test of psize before it's initialized.
- Check the return values of getrlimit/setrlimit.

Cosmetic changes:
- Replace a `(void*)0` with NULL.
- Do some minor whitespace clean up.
- Remove an unnecessary cast to mmap.
- Make all munmap calls use ATF_REQUIRE_MSG instead of using the:

  > if (munmap(..) == -1)
  >    atf_tc_fail(..)

  idiom. Employ the new idiom consistently when calling munmap.

CID: 1331351, 1331382-1331386, 1331513, 1331514, 1331565, 1331583, 1331694
Differential Revision: https://reviews.freebsd.org/D6012
MFC after: 2 weeks
Reported by: Coverity
Reviewed by: markj
Sponsored by: EMC / Isilon Storage Division
2016-04-19 23:15:47 +00:00
Enji Cooper
6ea709b588 Remove trailing whitespace and use nitems(mib) instead of 2 when
calling sysctl(3)

MFC after: 3 days
Sponsored by: EMC / Isilon Storage Division
2016-04-19 22:59:21 +00:00
Enji Cooper
410757a4f4 Fix leaks and test for getpagesize() returning == -1
- close file descriptors after use.
- Always munmap memory regions after mmap'ing them.
- Make sure getpagesize() returns a value greater than 0 and use a
  cached value instead of always calling getpagesize(3).

CID: 1331374-1331377, 1331653-1331662
Differential Revision: https://reviews.freebsd.org/D6011
MFC after: 2 weeks
Reported by: Coverity
Reviewed by: cem
Sponsored by: EMC / Isilon Storage Division
2016-04-19 22:25:14 +00:00
Pedro F. Giffuni
432157dc67 dev/usb: use our nitems() macro when param.h is available.
Reviewed by: hselasky
2016-04-19 22:07:36 +00:00
Allan Jude
3db33b0a8c Link bcache into userboot.so, was not added in r298230
This should help speed up bhyve boots too

Reviewed by:	olivier
2016-04-19 20:56:45 +00:00
Pedro F. Giffuni
05cfc40ab0 restore: use our roundup2/rounddown2() macros when param.h is available.
While here cleanup a little a malloc call.
2016-04-19 20:47:14 +00:00
John Baldwin
cff92ffd4d Always emit an error message on passthru configuration errors.
Previously, many errors (such as the PCI device not being attached
to the ppt(4) driver) resulted in bhyve silently exiting without
starting the virtual machine.  Now any errors encountered when
configuring a virtual slot for a PCI passthru device should be noted
on stderr.

Reviewed by:	neel
Differential Revision:	https://reviews.freebsd.org/D5990
2016-04-19 20:43:05 +00:00
David C Somayajulu
6f39c760f8 1. modify fwdump (a.k.a grcdump) so that grcdump memory is allocated
and freed on as needed basis.
2. grcdump can be taken at failure points by invoking bxe_grc_dump()
   when trigger_grcdump sysctl flag is set. When grcdump is taken
   grcdump_done sysctl flag is set.
3. grcdump_done can be monitored by the user to retrieve the grcdump.

Submitted by:vaishali.kulkarni@qlogic.com
2016-04-19 20:28:30 +00:00
Andriy Voskoboinyk
2cd9502778 net80211: do not reschedule scan_curchan_task() if the scan was canceled.
This should fix possible use-after-free in the scheduled task.

PR:		208605
2016-04-19 20:19:21 +00:00
Pedro F. Giffuni
260111ffce rtld-elf: use our roundup2() macro when param.h is available. 2016-04-19 20:12:46 +00:00
Pedro F. Giffuni
4c8762f037 dump: use NULL instead of zero for pointers.
Clean out the casts from calloc(3) while here.
2016-04-19 19:13:33 +00:00
Pedro F. Giffuni
f3858ada3e fsck_msdosfs: use NULL instead of zero for pointers. 2016-04-19 19:08:37 +00:00
Pedro F. Giffuni
a5d5e8dd7c rtld-elf: use NULL instead of zero for pointers. 2016-04-19 19:03:55 +00:00
Sean Bruno
f4a18258b0 aacraid(4): Sanely copyin userland pointers and ensure that we don't get
anything janky from a user. (cturt)

aac(4): landergriffith+freebsdbugzilla@gmail.com pointed out that aacraid(4)
had the same issue and handling of pointers, so let's change that too.

PR:		206573
Submitted by:	cturt@hardenedbsd.org
Obtained from:	HardenedBSD
MFC after:	1 week
2016-04-19 18:27:28 +00:00
Sean Bruno
bbea316cc8 Plug memory leak in ctl(4) when ctl_copyin_args() is called with a non-
null terminated ASCII string.

PR:		207626
Submitted by:	cturt@hardenedbsd.org
MFC after:	2 days
2016-04-19 16:48:14 +00:00
Adrian Chadd
36e4410ab0 [bhnd] Standardize bhnd device tables and quirk matching.
This add a bhnd device table mechanism that standardizes matching of
devices on the bhnd(4) bus, discovery of device quirk flags, and should
be pluggable into the new PNPINFO machinery.

Submitted by:	Landon Fuller <landonf@landonf.org>
Differential Revision:	https://reviews.freebsd.org/D5759
2016-04-19 15:56:39 +00:00
Adrian Chadd
386fb140a6 [bhnd] Clean up bhnd resource handling and inherited bus methods
To facilitate use by SoC implementors working with bhnd-inheriting fdt/nexus
drivers:

* Splits bhnd_bus method implementations into generic bus implementations
  (bhnd_bus_generic) and generic bhnd(4) driver implementations (bhnd_generic)
* Simplifies bhnd resource handling, allowing bhnd bus implementations to
  support bhnd resource activation by implementing the standard BUS_*
  resource APIs and BHND_BUS_ACTIVATE_RESOURCE().

Submitted by:	Landon Fuller <landonf@landonf.org>
Differential Revision:	https://reviews.freebsd.org/D5758
2016-04-19 15:53:57 +00:00
Adrian Chadd
e9378f456a [bhnd] Add support for specifying the address space used by bhndb children
This adds support for specifying the address space used by a bridge child;
this will either be the bridged SoC address space, or the host address space
required by children that map non SoC-address ranges from the PCI BAR.

This is necessary to support SROM/OTP child devices that live directly
beneath the bhndb device and require access to host resources, instead
of the standard behavior of delegating access to the bridged SoC address
space.

Submitted by:	Landon Fuller <landonf@landonf.org>
Differential Revision:	https://reviews.freebsd.org/D5757
2016-04-19 15:52:55 +00:00
Allan Jude
cad5a2e468 Fix pc98 build error introduced in r298230
Submitted by:	Toomas Soome <tsoome@me.com>
Spotted by:	bz
Differential Revision:	https://reviews.freebsd.org/D6002
2016-04-19 15:46:21 +00:00
Ruslan Bukin
a0814c1586 Revert r298268 (Add optional chip_select/deselect methods).
None of supported hardware do require that.
2016-04-19 15:39:46 +00:00