114822 Commits

Author SHA1 Message Date
Simon L. B. Nielsen
31363b6067 Correct multiple security related errors: a buffer overflow, NULL
pointer dereferences, possible use of uninitialized variables, and
memory leaks.

Security:	CAN-2005-0753
Security:	FreeBSD-SA-05:05.cvs
Approved by:	peter
2005-04-22 17:58:25 +00:00
Ruslan Ermilov
de12942735 Ask that "make cleandepend" be run before "make depend", now that
we don't do this automatically.

Suggested by:	bde
2005-04-22 17:42:50 +00:00
Ruslan Ermilov
2bdb87fe2e Revert a mistake borrowed from kern.post.mk that has just been fixed. 2005-04-22 17:39:58 +00:00
Ruslan Ermilov
a13914f600 Fix "make depend" to not redundantly rebuild the .depend file.
Reviewed by:	bde (I think so)
2005-04-22 17:36:25 +00:00
Maxime Henrion
507feeafad Be more conservative when enabling extended features. There are fxp(4)
NICs out there that have an utterly bogus revision ID.

Reported by:	Denis Shaposhnikov <dsh@vlink.ru>
2005-04-22 13:05:53 +00:00
Stefan Farfeleder
8f58ab910f Use double additions to raise the inexact exception to work around problems
with long double addition on sparc64.
2005-04-22 09:57:55 +00:00
Gleb Smirnoff
2fa088e969 Fix error in synproxy connection completion. Source and
destination windows were confused, one instead of other.
This error was masked, because first segment of just
established connection is usually smaller than initially
announced window, and it was successfully passed. First
window reannouncement corrected erroneous 'seqhi' value.
The error showed up when client connected to synproxy
with zero initial window, and reannounced it after
session establishment.

In collaboration with:	dhartmei [we came to same patch independtly]
Reviewed by:		mlaier
Sponsored by:		Rambler
MFC after:		3 days
2005-04-22 09:53:46 +00:00
Ian Dowse
b8619d3608 Pick up the selectors to use for various kernel segments from assym.s
instead of assuming fixed offsets within the GDT. The hard-coded
values here have been incorrect since Peter's GDT rearranging around
10 days ago, causing ACPI resume problems.

Reviewed by:	peter
2005-04-22 09:53:04 +00:00
Ian Dowse
705d63cd9a Add rules for building assym.s. 2005-04-22 09:45:39 +00:00
Stefan Farfeleder
9eb30792de Fix raising the inexact exception (FE_INEXACT) if the result differs from the
argument.

Noticed by:	das
2005-04-22 08:30:33 +00:00
Warner Losh
c4bb0466ff Add sio and puc to i386 build.
Remove ray from ia64 build since it hasn't been tested there.
2005-04-22 07:59:50 +00:00
Warner Losh
8343165363 Sort Oxford Semi entires. Add entry for OXCB950, a PCI/CardBus
16C950.  Adding it here doesn't unlock any of the cool 16C950 features
(like the 128 byte fifo, the different prescalor, etc), but it does
seem to get it working for me in light testing.

Card Provided by: Ihsan Dogan
2005-04-22 07:49:35 +00:00
Warner Losh
40c949ffa4 Create a puc module. Not connected to the build until I can test it on
more machines.
2005-04-22 07:43:27 +00:00
Marcel Moolenaar
8773a80baf Sanity the RTC code:
o  Remove the clock interface. Not only does it conflict with the MI
   version when device genclock is added to the kernel, it was also
   not possible to have more than 1 clock device. This of course would
   have been a problem if we actually had more than 1 clock device.
   In short: we don't need a clock interface and if we do eventually,
   we should be using the MI one.
o  Rewrite inittodr() and resettodr() to take into account that:
   1)  We use the EFI interface directly.
   2)  time_t is 64-bit and we do need to make sure we can determine
       leap years from year 2100 and on. Add a nice explanation of
       where leap years come from and why.
   3)  This rewrite happened in 2005 so any date prior to 1/1/2005
       (either M/D/Y or D/M/Y) is bogus. Reprogram the EFI clock with
       1/1/2005 in that case.
   4)  The EFI clock has a high probability of being correct, so
       only (further) correct the EFI clock when the file system time
       is larger. That should never happen in a time-synchronised world.
       Complain when EFI lost 2 days or more.

Replace the copyright notice now that I (pretty much) rewrote all of
this file.
2005-04-22 05:04:58 +00:00
Scott Long
4bd55c43ea If we get interrupted during a data phase and the DMA engine is still
pumping data despite our scsi data counters being at 0, something has
gone massively wrong.  The consequence of happily ignoring this is more
DMA phase errors and a disk full of spammed sectors.  Instead, panic on
the first occurance to hopefully limit the damage.

MFC After: 3 days
2005-04-22 03:37:10 +00:00
Jeff Roberson
7d60dc524b - Disable code which allows getnewvnode() to fail. Many ffs_vget() callers
do not correctly deal with failures.  This presently risks deadlock
   problems if dependency processing is held up by failures to allocate
   a vnode, however, this is better than the situation with the failures.

Sponsored by:	Isilon Systems, Inc.
2005-04-22 00:57:05 +00:00
Jeff Roberson
0d12524bbf - Add two KASSERTs to prevent us from recycling a buf that is still on a
bufobj list.

Sponsored by:	Isilon Systems, Inc.
2005-04-22 00:53:20 +00:00
Alan Cox
c0862430d5 Eliminate an unpredictable branch from bcmp().
Reviewed by: bde
2005-04-21 23:07:20 +00:00
Paul Saab
91232d6ccc Remove some code that snuck in by accident.
Submitted by:	Mohan Srinivasan
2005-04-21 20:29:40 +00:00
Paul Saab
be3f3b5ead Fix for interaction problems between TCP SACK and TCP Signature.
If TCP Signatures are enabled, the maximum allowed sack blocks aren't
going to fit. The fix is to compute how many sack blocks fit and tack
these on last. Also on SYNs, defer padding until after the SACK
PERMITTED option has been added.

Found by:	Mohan Srinivasan.
Submitted by:	Mohan Srinivasan, Noritoshi Demizu.
Reviewed by:	Raja Mukerji.
2005-04-21 20:26:07 +00:00
Paul Saab
97b76190eb Undo rev 1.71 as it is the wrong change. 2005-04-21 20:24:43 +00:00
Paul Saab
a6235da61e - Make the sack scoreboard logic use the TAILQ macros. This improves
code readability and facilitates some anticipated optimizations in
  tcp_sack_option().
- Remove tcp_print_holes() and TCP_SACK_DEBUG.

Submitted by:	Raja Mukerji.
Reviewed by:	Mohan Srinivasan, Noritoshi Demizu.
2005-04-21 20:11:01 +00:00
Paul Saab
a3047bc036 Fix for 2 bugs related to TCP Signatures :
- If the peer sends the Signature option in the SYN, use of Timestamps
  and Window Scaling were disabled (even if the peer supports them).
- The sender must not disable signatures if the option is absent in
  the received SYN. (See comment in syncache_add()).

Found, Submitted by:	Noritoshi Demizu <demizu at dd dot ij4u dot or dot jp>.
Reviewed by:		Mohan Srinivasan <mohans at yahoo-inc dot com>.
2005-04-21 20:09:09 +00:00
Maxime Henrion
de57160389 Add a microcode to implement receive bundling for 82551 chipsets with
a revision ID of 0x0f (D102 E-step).

MFC after:	2 weeks
Tested by:	pav
2005-04-21 19:34:57 +00:00
Maxime Henrion
163609768e Fix printf() format string errors with 64-bit architectures.
Spotted by:	pav
2005-04-21 19:28:22 +00:00
Christian Brueffer
faa0a0aa88 Add the short but important word 'software' to the title. 2005-04-21 14:58:26 +00:00
Andre Oppermann
1aedbd9c80 Move Path MTU discovery ICMP processing from icmp_input() to
tcp_ctlinput() and subject it to active tcpcb and sequence
number checking.  Previously any ICMP unreachable/needfrag
message would cause an update to the TCP hostcache.  Now only
ICMP PMTU messages belonging to an active TCP session with
the correct src/dst/port and sequence number will update the
hostcache and complete the path MTU discovery process.

Note that we don't entirely implement the recommended counter
measures of Section 7.2 of the paper.  However we close down
the possible degradation vector from trivially easy to really
complex and resource intensive.  In addition we have limited
the smallest acceptable MTU with net.inet.tcp.minmss sysctl
for some time already, further reducing the effect of any
degradation due to an attack.

Security:	draft-gont-tcpm-icmp-attacks-03.txt Section 7.2
MFC after:	3 days
2005-04-21 14:29:34 +00:00
Maxime Henrion
647ec60cc7 Enable extended RFDs and TCBs, and thus checksum offloading, for
latest 82550 and 82551 chipsets (revision IDs 0x0e, 0x0f and 0x10).
We were only enabling it for revisions 0x0c and 0x0d, now it's
enabled for any 8255x NIC with a revision ID bigger than 0x0c.  It
should be safe, and this is what Intel does in their open source
driver.

MFC after:	2 weeks
Tested by:	Pavel Lobach lobach_pavel at mail dot ru
2005-04-21 13:27:38 +00:00
SUZUKI Shinsuke
bc24eee3ce FAITH's base spec has already been an RFC
Obtained from: KAME
MFC after: 1 day
2005-04-21 13:27:13 +00:00
SUZUKI Shinsuke
3b90d87b22 plugged memory leak
Obtained from: KAME
MFC after: 2 days
2005-04-21 13:21:48 +00:00
Alexander Kabaev
f2da7e0e49 Do not try to store 64 bits into 32 bit errno variable. With the changed libc
data layout, this was corrupting _PathLocale variable leading to programs
dumping core in non-default locales.
2005-04-21 12:47:08 +00:00
Andre Oppermann
1600372b6b Ignore ICMP Source Quench messages for TCP sessions. Source Quench is
ineffective, depreciated and can be abused to degrade the performance
of active TCP sessions if spoofed.

Replace a bogus call to tcp_quench() in tcp_output() with the direct
equivalent tcpcb variable assignment.

Security:	draft-gont-tcpm-icmp-attacks-03.txt Section 7.1
MFC after:	3 days
2005-04-21 12:37:12 +00:00
Søren Schmidt
1d968d225f Rehash the timeout code to make it more simple.
This also removes the warning timeout on the taskqueues stalling as
I'm tired of getting ATA error reports for problems in other parts ;)
Misc cosmetic and comment cleanups now we are here.
2005-04-21 11:13:39 +00:00
Andrey A. Chernov
7a21b1e996 Comments correction
Submitted by:   Yury Tarasievich <spytar@yahoo.com>
2005-04-21 09:15:19 +00:00
Nate Lawson
98cc161947 Add the tunable "debug.acpi.max_threads" to allow users to set the
number of task threads to start on boot.  Go back to a default of 3
threads to work around lost battery state problems.  Users that need
a setting of 1 can set this via the tunable.  I am investigating the
underlying issues and this tunable can be removed once they are solved.

MFC after:	2 days
2005-04-21 06:13:48 +00:00
Joseph Koshy
d56c5d4bec Add event aliases for P6 and K8 PMCs. 2005-04-21 05:50:25 +00:00
Marcel Moolenaar
d47cce3ec8 Revert previous commit: The hwpmc(4) driver compiles on all platforms. 2005-04-20 22:19:51 +00:00
Marcel Moolenaar
9c3a12812b Revert previous commit: build hwpmc(4) on all architectures.
Ok'd by: jkoshy@
2005-04-20 22:03:33 +00:00
Paul Saab
8cb038b4b2 Don't enter the debugger if KDB_UNATTENDED is set or if
debug.debugger_on_panic=0.

MFC after:	2 weeks
2005-04-20 20:52:46 +00:00
Marcel Moolenaar
cf7152ab4c Build pmccontrol(8) and pmcstat(8) on all architectures (FWIW :-)
Ok'd by: jkoshy@
2005-04-20 20:51:37 +00:00
Marcel Moolenaar
ca8cf1ec04 Build libpmc on all architectures (FWIW :-)
Ok'd by: jkoshy@
2005-04-20 20:50:32 +00:00
Marcel Moolenaar
04e9feb06c o Do not include <machine/pmc_mdep.h>. It's automaticly included for
us when <sys/pmc.h> is included.
o  Replace "#if __i386__" and "#if __amd64__" with the equivalent of
   "#ifdef __i386__" and "#ifdef __amd64__" (resp.) These tokens are
   not defined on all platforms.
o  Conditionally compile pmc_parse_mask() on i386 and amd64 only. It's
   only referenced there. This will change when support for other
   platforms is added, of course.

Ok'd by: jkoshy@
2005-04-20 20:48:24 +00:00
Marcel Moolenaar
1020bb9756 Do not conditionally compile the contents of this file upon whether
HWPMC_HOOKS is defined. The pmc_cpu_is_*() functions in this file
are referenced unconditionally by hwpmc(4).

This is mostly a stop-gap. The pmc_cpu_is*() function should
probably be declared inline in <sys/pmc.h> or <sys/pmckern.h> and
the function pointers with corresponding SX lock should probably
be moved to another file and compiled conditionally upon HWPMC_HOOKS.

Ok'd by: jkoshy@
2005-04-20 20:30:59 +00:00
Marcel Moolenaar
7ad17ef97e Include <sys/pmc.h> instead of <machine/pmc_mdep.h>. The MI header
includes the MD header for us. Do not include <machine/specialreg.h>
as it is not a header file that can be included from MI files. It
is included from <machine/pmc_mdep.h> if so needed and possible.

Ok'd: jkoshy@
2005-04-20 20:26:39 +00:00
Marcel Moolenaar
76b6d954f0 o Reverse the inclusion chain from MD->MI to MI->MD by removing the
inclusion of <sys/pmc.h> and depending on being included from
   that header file.
o  Include any MD specific header files that otherwise need to be
   included from MI files.

Ok'd: jkoshy@
2005-04-20 20:22:33 +00:00
Marcel Moolenaar
26a38a07e3 o Reverse the inclusion chain from MD->MI to MI->MD by including
<machine/pmc_mdep.h> here.
o  Remove the #error directive. There's no union md_pm referenced
   on (as of yet) unsupported platforms and will not be if there
   are no MD extensions for a particular platform.

Further cleanups can be expected.

Ok'd: jkoshy@
2005-04-20 20:19:24 +00:00
Gleb Smirnoff
f9e6931c3d Manpage for unit allocator functions.
Reviewed by:	phk
2005-04-20 19:11:05 +00:00
Marcel Moolenaar
ff7125a623 Add empty header (except of the multiple-inclusion protection) to
get hwpmc(4) to compile on this platform.
2005-04-20 18:44:53 +00:00
Gleb Smirnoff
15749e57aa - Initialize interface as UP when hook is connected.
- Call if_link_state_change() when netgraph flow control
  messages are received.

Sponsored by:	Rambler
2005-04-20 14:22:13 +00:00
Gleb Smirnoff
3b1c41c548 When netgraph flow control message comes from downstream, broadcast
it to all vlans.

Sponsored by:	Rambler
2005-04-20 14:19:20 +00:00