1199380 (Resource leak).
load_dsdt() calls strncpy() to copy a filename and Coverity warns
that the destination buffer may not be NUL terminated. Fix this
by using strlcpy() instead. If silent truncation occurs, then the
filename was not valid anyway.
load_dsdt() leaks an fd (CID 978405) and a memory region allocated
using mmap() (CID 1199380) when it returns. Fix these by calling
close() and munmap() as appropriate.
Don't bother fixing the minor memory leak "list", allocated by
AcGetAllTablesFromFile() (CID 1355191).
Check for truncation when creating the temp file name.
Set a flag to indicate that the temp file should be unlinked.
Relying on a strcmp() test could delete the input file in contrived
cases.
Reported by: Coverity
CID: 1011279, 978405, 1199380
Reviewed by: jkim
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D6368
Coverity reports that a buffer used for temporary file generation
might not be NUL terminated by strncpy(). This is probably not
true because the input gets passed through realpath(), but if the
path name is sufficiently long the name could be truncated and cause
other problems. The code for generating the temp file names is
also overly complex. Instead of a bunch of calls to strncpy() and
and strncat(), simplify the code by using snprintf() and add checks
for unexpected truncation.
The output file created by iasl -d is predictable. Fix this by
using mkdtemp() to create a directory to hold the iasl input and
output files.
Check the return values of more syscalls.
Reported by: Coverity
CID: 1011278
Reviewed by: jkim
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D6360
This unifies handling of core, chip, and board-level device
matching, and adds support for matching device drivers
against the bus attach type (e.g. SoC vs WiFi adapter).
Core-level quirks on Broadcom's chipsets generally are specific
to some combination of chip model, core revision, chip
package (e.g. 12x9 SMT package), SROM revision, etc.
Unifying the match APIs for all three attribute types (core, chip,
board/srom) allows defining a single device quirk table that
matches across all of those attributes.
Submitted by: Landon Fuller <landonf@landonf.org>
Differential Revision: https://reviews.freebsd.org/D6515
After the previous changes to fix requests on blocking sockets to complete
across multiple operations, an edge case exists where a request can be
cancelled after it has partially completed. POSIX doesn't appear to
dictate exactly how to handle this case, but in general I feel that
aio_cancel() should arrange to cancel any request it can, but that any
partially completed requests should return a partial completion rather
than ECANCELED. To that end, fix the socket AIO cancellation routine to
return a short read/write if a partially completed request is cancelled
rather than ECANCELED.
Sponsored by: Chelsio Communications
The mem_alloc macro calls calloc (userspace) / malloc(.., M_WAITOK|M_ZERO)
under the covers, so zeroing out memory is already handled by the underlying
calls
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
I accidentally glossed over the fact that tmp is manipulated via strchr, so
if we tried to free `tmp` after r300385, it would have crashed.
Create a separate pointer (tmp2) to track the original allocation of `tmp`,
and free `tmp2` if `p->nc_lookups` can't be malloced
MFC after: 4 days
X-MFC with: r300385
Reported by: Coverity
CID: 1356026
Sponsored by: EMC / Isilon Storage Division
for empty page cache when the object type if OBJT_VNODE.
Reported and tested by: pho
Reviewed by: alc
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
The previous code overwrote outbuf_pmap's memory with malloc once per
loop iteration, which leaked its memory; use reallocf instead to ensure
that memory is properly free'd each loop iteration.
Add a outbuf_pmap = NULL in the failure case to avoid a double-free
at the bottom of the function.
Differential Revision: https://reviews.freebsd.org/D6495
MFC after: 1 week
Reported by: Coverity
CID: 1038776
Reviewed by: markj, pfgj
Sponsored by: EMC / Isilon Storage Division
(the value we had before supervisor exception occurred).
This helps consumers (e.g. DTrace) to not proceed additional calculations.
Sponsored by: DARPA, AFRL
Sponsored by: HEIF5
than sc->areq. This is a bounds check to ensure we're not just cramming
arbitrarily sized nonsense into the driver and overflowing the heap.
PR: 209545
Submitted by: cturt@hardenedbsd.org
MFC after: 2 weeks
Option EFSYS_OPT_ALLOW_UNCONFIGURED_NIC disables check that the adapter
MAC address is not a local address (beginning 02).
Submitted by: Laurence Evans <levans at solarflare.com>
Reviewed by: gnn
Sponsored by: Solarflare Communications, Inc.
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D6508
We may enable interrupts from within the callback, e.g. in a data abort
during copyin. If we receive an interrupt at that time pmc_hook will be
called again and, as it is handling userspace stack tracing, will hit a
KASSERT as it checks if the trapframe is from userland.
With this I can run hwpmc with intrng on a ThunderX and have it trace all
CPUs.
Obtained from: ABT Systems Ltd
Sponsored by: The FreeBSD Foundation
changing the type on the mtu field in struct tuninfo from short to
unsigned short.
This is used, for example, by packetdrill to test with MTUs up to the
maximum value.
Differential Revision: 6452
freed page as VPO_UNMANAGED. Otherwise vm_pge_free_toq() insists on
owning the page lock.
Previously, VPO_UNMANAGED was only set up to the last processed page.
Reviewed by: alc
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Existing issue of not protecting pager_object_list iteration in
vm_pager_object_lookup() by sw_alloc_mtx is not affected by Giant
removal.
Reviewed by: alc
Sponsored by: The FreeBSD Foundation
And
- Move message and event flags to vmbus_softc per-cpu data.
- Get rid of hv_setup_arg, which serves no purpose now.
MFC after: 1 week
Sponsored by: Microsoft OSTC
Differential Revision: https://reviews.freebsd.org/D6502
The length of the name returned from the $LOGNAME and $USER can be
very long and it was being concatenated to a fixed length buffer
with no bounds checking. Fix this problem by limiting the length
of the name copied.
Additionally, this name is actually used to create a format string
to be used in adding log file entries so embedded % characters in
the name could confuse *printf(), and embedded whitespace could
confuse a log file parser. Handle the former by escaping each %
with an additional %, and handle the latter by simply stripping it
out.
Clean up the code by moving the variable declarations to the top
of the function, formatting them to conform with style, and moving
intialization elsewhere.
Reduce code indentation by returning early in a couple of places.
Reported by: Coverity
CID: 1006692
Reviewed by: markj (previous version)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D6490
* convert phy_getinfo() to take a "gmode" flag, rather than the siba
TGSHIGH flags and then check for 2GHz. This should ensure that
gmode is set correctly even on DUALPHY NICs.
* move the siba_powerup() call and the TGSHIGH decoding into a
call to bwn_is_bus_siba(), and return an error if it's called
on anything else. We don't yet do anything else, but when we do..
Tested:
* BCM4322, 11a STA
