Commit Graph

221127 Commits

Author SHA1 Message Date
arybchik
072c481881 sfxge(4): update multicast filter insertion algorithm
When the multicast filters we're allowed to insert are controlled by the
hypervisor, it may be that we can insert some but not others. So we need
to have fallbacks where we insert any filters we can without rolling back
when one fails to insert.

Submitted by:   Mark Spender <mspender at solarflare.com>
Sponsored by:   Solarflare Communications, Inc.
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D6318
2016-05-12 06:20:26 +00:00
arybchik
67fa27b15e sfxge(4): cleanup: constify common code method tables
Submitted by:   Andy Moreton <amoreton at solarflare.com>
Sponsored by:   Solarflare Communications, Inc.
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D6317
2016-05-12 06:19:06 +00:00
truckman
157633b369 Check for socket creation success before calling bind().
Reported by:	Coverity
CID:		1194209
2016-05-12 05:43:54 +00:00
cem
3571021d22 rtadvd(8): Fix use-after-close in cm_handler_client
cm_send() closes 'fd' on error.  In that case, bail out early without trying to
recv from or close 'fd' again.

Reported by:	Coverity
CID:		1006078
Sponsored by:	EMC / Isilon Storage Division
2016-05-12 05:12:24 +00:00
cem
5f28b4bf85 nfsd: Fix use-after-free in NFS4 lock test service
Trivial use-after-free where stp was freed too soon in the non-error path.
To fix, simply move its release to the end of the routine.

Reported by:	Coverity
CID:		1006105
Sponsored by:	EMC / Isilon Storage Division
2016-05-12 05:03:12 +00:00
cem
0bb2b5b11d rtadvd(8): Don't use-after-free
This whole block of code as committed fully formed in r224144.  I'm not really
sure what the intent was, but it seems plausible that !persist ifis could need
other member cleanup.  Don't free the object until after we've finished
cleaning its members.

Reported by:	Coverity
CID:		1006079
Sponsored by:	EMC / Isilon Storage Division
2016-05-12 04:54:32 +00:00
cem
7403ada3a6 dhclient: Fix some trivial buffer overruns
There was some confusion about how to limit a hardware address to at most 16
bytes.  In some cases it would overrun a byte off the end of the array.
Correct the types and rectify the overrun.

Reported by:	Coverity
CIDs:		1008682, 1305550
Sponsored by:	EMC / Isilon Storage Division
2016-05-12 04:28:22 +00:00
cem
9c418cf4a6 print_positional_test: Fix misuse of wchar APIs
These APIs take unit length, not byte length parameters.

Reported by:	Coverity
CIDs:		1338543, 1338544, 1338545
Sponsored by:	EMC / Isilon Storage Division
2016-05-12 04:08:45 +00:00
cem
3f6e1e85c8 libmp: Fix trivial buffer overrun
fgetln yields a non-NUL-terminated buffer and its length.  This routine
attempted to NUL-terminate it, but did not allocate space for the NUL.  So,
allocate space for the NUL.

Reported by:	Coverity
CID:		1017457
Sponsored by:	EMC / Isilon Storage Division
2016-05-12 03:53:20 +00:00
cem
97f5dee540 rpcgen(1): Tag crash() routine as __dead2 for static analyzers
Suggested by:	Coverity
CID:		1305464
Sponsored by:	EMC / Isilon Storage Division
2016-05-12 03:49:05 +00:00
cem
2274d498f7 kern_descrip_test: Fix trivial buffer overrun with readlink(2)
Reported by:	Coverity
CID:		1229965, 1229972
Sponsored by:	EMC / Isilon Storage Division
2016-05-12 03:44:29 +00:00
cem
201cd226c8 rtadvd(8): Fix a typo in full msg receive logic
Check against the size of the struct, not the pointer.  Previously, a message
with a cm_len between 9 and 23 (inclusive) could cause int msglen to underflow
and read(2) to be invoked with msglen size (implicitly cast to signed),
overrunning the caller-provided buffer.

All users of cm_recv() supply a stack buffer.

On the other hand, the rtadvd control socket appears to only be writable by the
owner, who is probably root.

While here, correct some types to be size_t or ssize_t.

Reported by:	Coverity
CID:		1008477
Security:	unix socket remotes may overflow stack in rtadvd
Sponsored by:	EMC / Isilon Storage Division
2016-05-12 03:37:17 +00:00
sephe
e82ec31211 mxge: Setup mbuf flowid before calling tcp_lro_rx().
Reviewed by:	gallatin
MFC after:	1 week
Sponsored by:	Microsoft OSTC
Differential Revision:	https://reviews.freebsd.org/D6320
2016-05-12 03:36:49 +00:00
sephe
5e72012d2e hyperv/stor: Enable INQUIRY result check only on WIN10 like host systems
On WIN8 like host systems, when rescan happens, the already installed
disks seem to return random invalid results for INQUIRY.

More investigation is under way to figure out why random invalid INQUIRY
results are delivered to VM on WIN8 like host systems.

Submitted by:	Hongjiang Zhang <honzhan microsoft com>
Reviewed by:	sephe
MFC after:	1 week
Sponsored by:	Microsoft OSTC
Differential Revision:	https://reviews.freebsd.org/D6316
2016-05-12 03:29:29 +00:00
cem
c0f51615c6 snd_hda(4): Don't pass bogus sizeof()s to unused sysctl arg2 parameter (again)
More of the same sort of issue as r299503, just missed some sysctls added in a
different place than the others.

Reported by:	Coverity
CIDs:		1007692, 1009677, 1009678
Sponsored by:	EMC / Isilon Storage Division
2016-05-12 02:46:29 +00:00
cem
9a6293febf snd_hda(4): Don't pass bogus sizeof()s to unused sysctl arg2 parameter
None of the sysctl handlers in hdaa use the arg2 parameter, so just pass zero
instead.  Additionally, the sizes being passed in were suspect (size of the
pointer rather than the value).

Reported by:	Coverity
CIDs:		1007694, 1009679
Sponsored by:	EMC / Isilon Storage Division
2016-05-12 02:41:38 +00:00
cem
c0a49a2265 nss/gethostby_test: fix broken vector iteration of gethostbyaddr h_aliases
h_aliases is a NULL-terminated rather than fixed-length array.  nitems() is not
a valid way to determine its end; instead, check for NULL.

Reported by:	Coverity
CID:		1346578
Sponsored by:	EMC / Isilon Storage Division
2016-05-12 02:32:23 +00:00
pfg
b3857d7c40 traceroute6(8): use NULL instead of zero for initializing a pointer. 2016-05-12 02:05:50 +00:00
pfg
fbf894cd86 chat(8): use NULL instead of zero for initializing a pointer. 2016-05-12 02:02:16 +00:00
pfg
c0395e345d sys/boot/common: use of spaces vs. TAB.
No functional change.
2016-05-12 01:19:11 +00:00
cem
b085e42af0 atf map: Fix double-free in low memory error path
If atf_list_append(, X, ) fails, X is freed.  Don't free it again.

If anyone wants to walk this patch upstream, be my guest.  I literally cannot
upstream it myself due to Google's stupid CLA.

Reported by:	Coverity
CID:		979936
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 23:39:39 +00:00
cem
2bcae162c5 libkrb5: Fix potential double-free
If krb5_make_principal fails, tmp_creds.server may remain a pointer to freed
memory and then be double-freed.  After freeing it the first time, initialize
it to NULL, which causes subsequent krb5_free_principal calls to do the right
thing.

Reported by:	Coverity
CID:		1273430
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 23:25:59 +00:00
cem
493fc2338c subr_vmem: Fix double-free in error case of vmem_create
If vmem_init() fails, 'vm' is already destroyed and freed.  Don't free it
again.

Reported by:	Coverity
CID:		1042110
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 23:16:11 +00:00
cem
086931ed3b Revert r299467 to fix the kernel build.
$ svn merge -c -299467 .

Approved by:	build being broken for six hours
2016-05-11 23:00:12 +00:00
skreuzer
94e04cec90 Document r298695, ntp updated to 4.2.8p7.
Approved by:	gjb@ (implicit with re@ hat on)
2016-05-11 22:44:00 +00:00
cem
3fa2461dde route6d(8): Fix potential double-free
In the case that the subsequent sysctl(3) call failed, 'buf' could be free(3)ed
repeatedly.  It isn't clear to me that that case is possible, but be clear and
do the right thing in case it is.

Reported by:	Coverity
CID:		272537
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 22:33:20 +00:00
cem
4c080eaa62 camcontrol(8): Fix another trivial double-free
Reported by:	Coverity
CID:		1331222
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 22:25:14 +00:00
cem
32fca307a1 camcontrol(8): Fix trival double-free
Reported by:	Coverity
CID:		1331223
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 22:22:49 +00:00
cem
e002a9eee2 random(6): Fix double-close
In the case where a file lacks a trailing newline, there is some "evil" code to
reverse goto the tokenizing code ("make_token") for the final token in the
file.  In this case, 'fd' is closed more than once.  Use a negative sentinel
value to guard close(2), preventing the double close.

Ideally, this code would be restructured to avoid this ugly construction.

Reported by:	Coverity
CID:		1006123
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 22:04:28 +00:00
emaste
7c4ffc6797 exec.h: Move PS_STRINGS define to kernel-only section
The kern.ps_strings sysctl was introduced in r103767 and the last
use of PS_STRINGS in userspace code was removed in r297888.

PR:		208760 [exp-run]
Reviewed by:	kib
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D5933
2016-05-11 21:14:36 +00:00
jkim
d433e59a4d Regen x86 assembly files for r299480. 2016-05-11 20:11:21 +00:00
jkim
36da606d58 Set CC environment variable for Perl scripts. This is for detecting
assembler/compiler capabilities, e.g., AVX instructions.
2016-05-11 20:06:23 +00:00
jkim
7ff185b500 Refine comments to add its origin. 2016-05-11 19:59:05 +00:00
andrew
8c3616af7a Call busdma_swi from swi_vm as is done from other architectures.
Obtained from:	ABT Systems Ltd
Sponsored by:	The FreeBSD Foundation
2016-05-11 18:48:47 +00:00
gonzo
23a2d5f593 Add OF_prop_free function as a counterpart for OF_*prop_alloc
- Introduce new OF API function OF_prop_free to free memory allocated by
  OF_getprop_alloc and OF_getencprop_alloc. Current code just calls free(9)
  with M_OFWPROP memory class which assumes knowledge about OF_*prop_alloc
  functions' internals and leads to unneccessary code coupling

- Convert some of the free(..., M_OFWPROP) instances to OF_prop_free

Files affected by this commit are the ones I was able to test on real
hardware. The rest of free(..., M_OFWPROP) instances will be handled with
idividual maintainers

Reviewed by:	andrew
Differential Revision:	https://reviews.freebsd.org/D6315
2016-05-11 18:20:02 +00:00
cem
8093b741c7 whois(1): Fix potential double-close and logic mistakes
Close the fd the poll error was detected on, rather than the last opened fd, to
fix the double-close.

Use -1 to make it explict which int variables no longer own socket file
descriptors.

Actually shrink, rather than grow, the poll timeout to match comment.

Reported by:	Coverity
CID:		1304860, 1305616
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 18:03:51 +00:00
gonzo
abcd904de9 Add gpiokeys driver
gpiokey driver implements functional subset of gpiokeys device-tree bindings:
https://www.kernel.org/doc/Documentation/devicetree/bindings/input/gpio-keys.txt

It acts as a virtual keyboard, so keys are visible through kbdmux(4)

Driver maps linux scancodes for most common keys to FreeBSD scancodes and
also extends spec by introducing freebsd,code property to specify
FreeBSD-native scancodes.

Reviewed by:	mmel, jmcneill
Differential Revision:	https://reviews.freebsd.org/D6279
2016-05-11 17:57:26 +00:00
emaste
7c53dc625e Deorbit ALLOW_SHARED_TEXTREL
We want to avoid .text relocations in shared objects. libcrypto was the
only consumer and it is now fixed (as of r299389). Remove the now-unused
support for turning off the linker warning.

Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D6323
2016-05-11 17:55:09 +00:00
cem
56be1d347c whois(1): Pull out async multiple host connection code into a routine
This logic was added to the whois() function in r281959, but could easily be
its own routine.  In this case, I think the abstraction makes both functions
easier to reason about.

This precedes some Coverity-suggested cleanup.

Sponsored by:	EMC / Isilon Storage Division
2016-05-11 17:52:06 +00:00
bdrewery
8a99d06e03 DIRDEPS_BUILD: Exclude host tools for Makefile.depend.host as well.
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 17:40:51 +00:00
hselasky
49384bc9ea Resolve LINT linking issue by renaming ida_init() to ida_setup(). The
ida_init() symbol name is now taken for use by the LinuxKPI.

Reported by:	emaste @
Discussed with:	mav @
2016-05-11 17:38:09 +00:00
cem
edd8bad712 mixer(8): Style: Tag no-return usage() as __dead2
Coverity really should have figured this out from the exit(3) call at the end
of the routine, but just make it explicit.

No functional change.

Reported by:	Coverity
CID:		1304866 (false positive double-close of 'baz')
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 17:27:27 +00:00
hselasky
d41206de4f Match Linux behaviour and iterate the IDR tree unlocked. The caller is
responsible the IDR tree stays unmodified while iterating.

MFC after:	1 week
Sponsored by:	Mellanox Technologies
2016-05-11 17:20:20 +00:00
hselasky
fd168b7052 The idr_for_each() function is now part of the LinuxKPI. Use the
LinuxKPI's idr_for_each() function instead of the local one to avoid
compilation issues.

Discussed with:	np @
MFC after:	1 week
2016-05-11 17:17:48 +00:00
andrew
5685cc375d Add a new get_id interface to pci and pcib. This will allow us to both
detect failures, and get different PCI IDs.

For the former the interface returns an int to signal an error. The ID is
returned at a uintptr_t * argument.

For the latter there is a type argument that allows selecting the ID type.
This only specifies a single type, however a MSI type will be added
to handle the need to find the ID the hardware passes to the ARM GICv3
interrupt controller.

A follow up commit will be made to remove pci_get_rid.

Reviewed by:	jhb, rstone
Obtained from:	ABT Systems Ltd
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D6239
2016-05-11 17:07:29 +00:00
cem
3109740c43 bsnmpd: Fix size of trapsink::comm to match other community arrays
This fixes a number of possible strcpy() buffer overruns between the various
community strings in trap.c.

Reported by:	Coverity
CIDs:		1006820, 1006821, 1006822
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 17:06:03 +00:00
cem
61b729e84b bsnmp: Don't overrun privkey buffer by copying wrong size
The 'priv_key' array is SNMP_PRIV_KEY_SIZ bytes, not SNMP_AUTH_KEY_SIZ.

Reported by:	Coverity
CIDs:		1008326, 1009675
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 16:54:34 +00:00
emaste
a49d3e4c43 libcrypto: add "Do not modify" comment to generated source files
Reviewed by:	jkim
Differential Revision:	https://reviews.freebsd.org/D6237
2016-05-11 16:53:56 +00:00
andrew
4ec608a6fe On arm64 always create a bus_dmamap_t object. This will be use to hold the
list of memory that the kernel will need to sync when operating with a
non-cache coherent DMA engine.

Obtained from:	ABT Systems Ltd
Sponsored by:	The FreeBSD Foundation
2016-05-11 16:53:41 +00:00
jkim
027fd46f7c Enable linker error if libcrypto.so contains a relocation against text. It
is position independent on all platforms since r299389.

Submitted by:	kib
2016-05-11 16:45:58 +00:00