Commit Graph

210801 Commits

Author SHA1 Message Date
Andrew Turner
be95c24986 Group the ThunderX PCIe PEM newbus methods to help find them.
Obtained from:	ABT Systems Ltd
Sponsored by:	The FreeBSD Foundation
2016-04-20 14:12:40 +00:00
Andrew Turner
cf9c1ecfd2 Pull out the MSI/MSI-X handling calls to simplify future intrng
integration.

Obtained from:	ABT Systems Ltd
Sponsored by:	The FreeBSD Foundation
2016-04-20 13:23:06 +00:00
Hans Petter Selasky
03815ec1db Fix inverted priv check calls. Priv check returns zero on success and
an error code on failure. Refer to man 9 priv_check .

Sponsored by:	Mellanox Technologies
MFC after:	1 week
2016-04-20 07:44:50 +00:00
Roman Bogorodskiy
c2202d41f9 Update the bhyve(8) man page:
- Document powering off by sending SIGTERM signal
 - Document exit codes

Reviewed by:		wblock, neel
Approved by:		wblock
Differential Revision:	D5982
2016-04-20 06:29:03 +00:00
Conrad Meyer
26b5a97a27 sym(4): Don't double-free 'sim' in failure case
Reported by:	Coverity
CID:		1006106
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 05:13:36 +00:00
Conrad Meyer
115b4b9421 sound(4): Don't use-after-free in midi module unload
Also, use ANSI function parameter definitions (void) while here.

Reported by:	Coverity
CID:		1006107
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 05:11:00 +00:00
Conrad Meyer
9d77679a40 kgssapi(4): Don't allow user-provided arguments to overrun stack buffer
An over-long path argument to gssd_syscall could overrun the stack sockaddr_un
buffer.  Fix gssd_syscall to not permit that.

If an over-long path is provided, gssd_syscall now returns EINVAL.

It looks like PRIV_NFS_DAEMON isn't granted anywhere, so my best guess is that
this is likely only triggerable by root.

Reported by:	Coverity
CID:		1006751
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 05:02:13 +00:00
Conrad Meyer
b51230b720 pty(4): Use strlcpy to guarantee destination buffer isn't overrun
The devtoname() name is strcpyed into a small stack buffer.  Sure, we always
expect the name to be ttyXX (or ptyXX).  If that's the case, strlcpy() doesn't
hurt.

Reported by:	Coverity
CID:		1006768
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 04:50:33 +00:00
Conrad Meyer
e3081f7e3e kgssapi(4): Fix string overrun in Kerberos principal construction
'buf.value' was previously treated as a nul-terminated string, but only
allocated with strlen() space.  Rectify this.

Reported by:	Coverity
CID:		1007639
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 04:45:23 +00:00
Conrad Meyer
1a7dfcc5a3 i915kms: Fix memory leak if a CRT is detected
Reported by:	Coverity
CID:		1090729
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 03:48:57 +00:00
Conrad Meyer
1940692911 drm2(4): Fix double-free in low-memory error path
Reallocf frees 'block'; don't attempt to free it again.

Reported by:	Coverity
CID:		1091165
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 03:45:45 +00:00
Conrad Meyer
8691cc73d1 Make Racct macro slightly more gracious given RACCT_UNDEFINED
rctl_string_to_rule could previously index below the zeroth element of
racct_types via the macro.  Maybe it shouldn't use the macro on
RACCT_UNDEFINED.  But given every other RACCT_ definition is non-negative, it
seems pretty easy to foot-shoot this one without the check.

Reported by:	Coverity
CID:		1305574
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 03:24:59 +00:00
Conrad Meyer
c564824193 aesni(4): Initialize error before use
Reported by:	Coverity
CID:		1331554
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 03:05:32 +00:00
Conrad Meyer
cd1cdbb58b i915kms intel_pm: Read from actual tsc_freq instead of uninitialized local
The local of the same name would alias the global, but we didn't even include
the header that defines tsc_freq.  Include it and rename the local.

Reported by:	Coverity
CID:		1331559
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 02:58:22 +00:00
Conrad Meyer
b483e111c4 kern_rctl: Fix resource leak in error path
Ordinarily, rctl_write_outbuf frees 'sb'.  However, if we are in low memory
conditions we skip past the rctl_write_outbuf.  In that case, free 'sb'.

Reported by:	Coverity
CID:		1338539
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 02:09:38 +00:00
Conrad Meyer
856d8ddbb3 radix rn_inithead: Fix minor leak in low memory conditions
R_Zalloc is essentially a malloc(M_NOWAIT) wrapper.  It is possible that 'rnh'
failed to allocate, but 'rmh' succeeds.  In that case, we bail out of
rn_inithead() but previously did not free 'rmh'.

Introduced in r287073 (projects/routing) / MFP r294706.

Reported by:	Coverity
CID:		1350258
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 02:01:45 +00:00
Conrad Meyer
5412ec6e3f bpf_getdltlist: Don't overrun 'lst'
'lst' is allocated with 'n1' members.  'n' indexes 'lst'.  So 'n == n1' is an
invalid 'lst' index.  This is a follow-up to r296009.

Reported by:	Coverity
CID:		1352743
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 01:39:31 +00:00
Marcelo Araujo
6b1c46441c Partially revert the change on r298325 where there is an
(-1) casted to a pointer.

Submitted by:	pfg
MFC after:	2 weeks.
2016-04-20 01:38:54 +00:00
Marcelo Araujo
974482aa61 Re-ident lines.
Requested by:	pfg
MFC after:	2 weeks.
2016-04-20 01:35:09 +00:00
Marcelo Araujo
b4b3d271de Use NULL instead of 0 for pointers.
Small cosmetic change.

MFC after:	2 weeks.
2016-04-20 01:28:31 +00:00
Marcelo Araujo
61c2ed541d Use NULL instead of 0 for pointers.
gethostbyname(3) will return NULL for error status.

MFC after:	2 weeks.
2016-04-20 01:26:03 +00:00
Pedro F. Giffuni
75a5de5a40 libc: use our roundup2/rounddown2() macros when param.h is available.
rounddown2 tends to produce longer lines than the original code but
still it makes the code more readable.
2016-04-20 01:21:39 +00:00
Conrad Meyer
523af57ea2 nctgpio(4): Don't index past the end of sc->pins array
This driver thinks that the NCT_MAX_PIN index is a valid index in a few places
(nct_attach() for-loop, as well as NCT_IS_VALID_PIN()).  Allocate room for
NCT_MAX_PIN as an index, that is, NCT_MAX_PIN + 1 elements.

Reported by:	Coverity
CIDs:		1353806, 1353807, 1353808, 1353809, 1353810
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 01:17:18 +00:00
Conrad Meyer
3765b80993 SRAT: Don't overflow domain_pxm table
If we reached MAXMEMDOM, we would previously try to insert an additional
element and only detect overflow after causing (probably trivial) memory
overflow.  Instead, detect the ndomain > MAXMEMDOM case before we write past
the end.

Reported by:	Coverity
CID:		1354783
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 01:10:07 +00:00
Marcelo Araujo
fb4e4bd7f9 Use nitems() from sys/param.h.
MFC after:	2 weeks.
2016-04-20 01:05:54 +00:00
Conrad Meyer
8d340432aa linprocfs_doproclimits: Initialize error return before use
Reported by:	Coverity
CID:		1354623
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 01:03:06 +00:00
Conrad Meyer
e78adba3fe linprocfs: Don't print uninitialized values
Reported by:	Coverity
CID:		1354624
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 01:00:13 +00:00
Marcelo Araujo
46df5db84e Use nitems() from sys/param.h.
MFC after:	2 weeks.
2016-04-20 00:55:35 +00:00
Enji Cooper
3ae587fde4 Don't leak fd on sectorsize malloc failure
Also, call endfsent after calling getfsent (i.e. when not explicitly called
with a swap device) for code cleanliness

CID: 1354785
Differential Revision: https://reviews.freebsd.org/D6014
X-MFC with: r298076
Reported by: Coverity
Reviewed by: cem
Sponsored by: EMC / Isilon Storage Division
2016-04-20 00:49:49 +00:00
Enji Cooper
7661ad590f Fix double fclose of fp1 when freopen fails
freopen handles closing file descriptors on error, with the exception of
fdopen'ed descriptors, so closing an already fclose'd file descriptor is
incorrect

CID: 1338525
Differential Revision: https://reviews.freebsd.org/D6013
MFC after: 2 weeks
Reported by: Coverity
Sponsored by: EMC / Isilon Storage Division
2016-04-20 00:19:04 +00:00
Enji Cooper
c1755e5189 Make sure fmemopen succeeds in :test_append_binary_pos before calling ftell
on the FILE object

This fixes potential null pointer dereferences on failure

CID: 1254952
MFC after: 2 weeks
Reported by: Coverity
Sponsored by: EMC / Isilon Storage Division
2016-04-19 23:59:10 +00:00
Pedro F. Giffuni
02abd40029 kernel: use our nitems() macro when it is available through param.h.
No functional change, only trivial cases are done in this sweep,

Discussed in:	freebsd-current
2016-04-19 23:48:27 +00:00
Pedro F. Giffuni
2464bbf05a sys/boot: use our nitems() macro when it is available through param.h.
No functional change, only trivial cases are done in this sweep,

Discussed in:	freebsd-current
2016-04-19 23:44:33 +00:00
Pedro F. Giffuni
ea24b0561f X86: use our nitems() macro when it is avaliable through param.h.
No functional change, only trivial cases are done in this sweep,

Discussed in:	freebsd-current
2016-04-19 23:41:46 +00:00
Pedro F. Giffuni
73a1170a8c sys/dev: use our nitems() macro when it is avaliable through param.h.
No functional change, only trivial cases are done in this sweep,
Drivers that can get further enhancements will be done independently.

Discussed in:	freebsd-current
2016-04-19 23:37:24 +00:00
Pedro F. Giffuni
4ec642f1d6 dev/agp: use our nitems() macro when it is avaliable through param.h.
Consistently capitalize the macros used in the driver.

No functional change.
2016-04-19 23:31:35 +00:00
Oleksandr Tymoshenko
e4ad736f4d Fix build for Pi kernels with syscons enabled 2016-04-19 23:30:22 +00:00
Enji Cooper
94ebd6f5b4 Fix issues identified by Coverity
- Always munmap memory regions after mmap'ing them.
- Make sure getpagesize() returns a value greater than 0 and use a
  cached value instead of always calling getpagesize(3).
- Remove intermediate variable for assigning from $TMPDIR if set in the
  environment to eliminate warnings about pointer conversions with "/tmp",
  and to mute an invalid buffer overflow concern from Coverity
  (snprintf and tacking on a NUL terminator was alleviating that concern
  before).
- Remove useless self-test of psize before it's initialized.
- Check the return values of getrlimit/setrlimit.

Cosmetic changes:
- Replace a `(void*)0` with NULL.
- Do some minor whitespace clean up.
- Remove an unnecessary cast to mmap.
- Make all munmap calls use ATF_REQUIRE_MSG instead of using the:

  > if (munmap(..) == -1)
  >    atf_tc_fail(..)

  idiom. Employ the new idiom consistently when calling munmap.

CID: 1331351, 1331382-1331386, 1331513, 1331514, 1331565, 1331583, 1331694
Differential Revision: https://reviews.freebsd.org/D6012
MFC after: 2 weeks
Reported by: Coverity
Reviewed by: markj
Sponsored by: EMC / Isilon Storage Division
2016-04-19 23:15:47 +00:00
Enji Cooper
6ea709b588 Remove trailing whitespace and use nitems(mib) instead of 2 when
calling sysctl(3)

MFC after: 3 days
Sponsored by: EMC / Isilon Storage Division
2016-04-19 22:59:21 +00:00
Enji Cooper
410757a4f4 Fix leaks and test for getpagesize() returning == -1
- close file descriptors after use.
- Always munmap memory regions after mmap'ing them.
- Make sure getpagesize() returns a value greater than 0 and use a
  cached value instead of always calling getpagesize(3).

CID: 1331374-1331377, 1331653-1331662
Differential Revision: https://reviews.freebsd.org/D6011
MFC after: 2 weeks
Reported by: Coverity
Reviewed by: cem
Sponsored by: EMC / Isilon Storage Division
2016-04-19 22:25:14 +00:00
Pedro F. Giffuni
432157dc67 dev/usb: use our nitems() macro when param.h is available.
Reviewed by: hselasky
2016-04-19 22:07:36 +00:00
Allan Jude
3db33b0a8c Link bcache into userboot.so, was not added in r298230
This should help speed up bhyve boots too

Reviewed by:	olivier
2016-04-19 20:56:45 +00:00
Pedro F. Giffuni
05cfc40ab0 restore: use our roundup2/rounddown2() macros when param.h is available.
While here cleanup a little a malloc call.
2016-04-19 20:47:14 +00:00
John Baldwin
cff92ffd4d Always emit an error message on passthru configuration errors.
Previously, many errors (such as the PCI device not being attached
to the ppt(4) driver) resulted in bhyve silently exiting without
starting the virtual machine.  Now any errors encountered when
configuring a virtual slot for a PCI passthru device should be noted
on stderr.

Reviewed by:	neel
Differential Revision:	https://reviews.freebsd.org/D5990
2016-04-19 20:43:05 +00:00
David C Somayajulu
6f39c760f8 1. modify fwdump (a.k.a grcdump) so that grcdump memory is allocated
and freed on as needed basis.
2. grcdump can be taken at failure points by invoking bxe_grc_dump()
   when trigger_grcdump sysctl flag is set. When grcdump is taken
   grcdump_done sysctl flag is set.
3. grcdump_done can be monitored by the user to retrieve the grcdump.

Submitted by:vaishali.kulkarni@qlogic.com
2016-04-19 20:28:30 +00:00
Andriy Voskoboinyk
2cd9502778 net80211: do not reschedule scan_curchan_task() if the scan was canceled.
This should fix possible use-after-free in the scheduled task.

PR:		208605
2016-04-19 20:19:21 +00:00
Pedro F. Giffuni
260111ffce rtld-elf: use our roundup2() macro when param.h is available. 2016-04-19 20:12:46 +00:00
Pedro F. Giffuni
4c8762f037 dump: use NULL instead of zero for pointers.
Clean out the casts from calloc(3) while here.
2016-04-19 19:13:33 +00:00
Pedro F. Giffuni
f3858ada3e fsck_msdosfs: use NULL instead of zero for pointers. 2016-04-19 19:08:37 +00:00
Pedro F. Giffuni
a5d5e8dd7c rtld-elf: use NULL instead of zero for pointers. 2016-04-19 19:03:55 +00:00