to an integer divide by zero panic in the kernel, if the kernel was
run with hz<1000.
Neither i386, pc98, amd64 or sparc64 are affected in the currently
supported branches and default configuration.
Submitted by: Miikka Saukko, Ossi Herrala and Jukka Taimisto from
the CROSS project at Codenomicon Ltd. via CERT-FI.
Reviewed by: bz, rwatson
Security: CVE-2008-2464
MFC after: 8 hours
at least pass muster with the loader on 3.0.3
Note that this doesn't actually make it work as Xen 3.0.3
appears to disallow recursive mappings on the page directory
sizes (and running at different frequencies) so move the cacheinfo
to the PCPU data. While at it, remove some redundant and/or unused
members from struct cacheinfo.
- In sparc64_init don't assume the first CPU node we find in the OFW
device tree is the BSP.
in order to avoid the invasive probes done by identify-routines of
ISA drivers, which may access unassigned addresses or those of
unrelated devices and thus in turn can trigger master/target aborts
as revealed by r182108 and ahc(4). I think that this is also the
cause of the hang previously seen on B100 blades during boot.
Bypassing isa_probe_children(9) also avoids adding ISA hints, which
just can be wrong for sparc64.
Reported by: gavin
processes, clear PCB_32BIT and PCB_GS32BIT bits [1].
- Reread the fs and gs bases from the msr unconditionally, not believing
the values in pcb_fsbase and pcb_gsbase, since usermode may reload
segment registers, invalidating the cache. [2].
Both problems resulted in the wrong fs base, causing wrong tls pointer
be dereferenced in the usermode.
Reported and tested by: Vyacheslav Bocharov <adeepv at gmail com> [1]
Reported by: Bernd Walter <ticsoat cicely7 cicely de>,
Artem Belevich <fbsdlist at src cx>[2]
Reviewed by: peter
MFC after: 3 days
The ttydisc_getc() routine obtains a read length from ttyoutq_read().
For no valid reason, the current code stores this value in an int, and
returns a size_t. There is no need to perform this useless conversion.
Obtained from: //depot/projects/mpsafetty/...
The D_NEEDMINOR flag was introduced for drivers that do not actually
depend on storing a device unit/minor number, but require the ability to
address the cdevs by this number, which is used by clone_create().
The cpuctl(4) driver sets D_NEEDMINOR, even though it doesn't use the
clone_create() API. Remove the flag, because maybe we want to get rid of
it somewhere in the far future.
replaced by file relative sector numbers as the buffer block number when
zero-padding a file during extension. Revert the change, it causes wrong
blocks filled with zeroes on seeking beyond end of file.
PR: kern/47628
Submitted by: tegge
MFC after: 3 days
The syscons code disabled scroll lock inside sc_cnputs() if it's going
to print a system message. The code currently wants to process any TTY
output data as well, but we cannot do this, because the TTY lock is a
sleep mutex, while cnputs() picks up a spin mutex.
Disable the code for now. It solves a panic when a console message is
printed while scroll lock is enabled. One solution would be to
initialize a task structure here.
Reported by: Paul B. Mahol <onemda gmail com>
from umodem and ufoma.
With these changes, umodem kinda works for me now. It certainly gets
past the "tip" bug that I found earlier where 115200 wasn't a valid
baud rate. This was "broken" in the mpsafetty commit, but in reality,
umodem was always broken.
translation. It turns out this is useful for applications which require
source port randomization for security (i.e. dns servers).
Discussed with: secteam
Requested by: mlaier
MFC after: 2 weeks
errata of USIII and beyond (USIII erratum #19, USIII+ erratum #1,
USIIIi erratum #1).
- Use the cheetah PA mask in {d,i}tlb_va_to_pa_sun4u() for USIII
and beyond. This is done so that these functions will still mask
the debug bits of spitfire-class CPUs once we increase TD_PA_BITS
to match the number of bits used for the PA by cheetah-class CPUs.
- Change {d,i}tlb_enter_sun4u() to also set TLB_CTX_KERNEL as the
context of the mappings entered. This is more or less cosmetic as
TLB_CTX_KERNEL is 0.
- Now that we have to distinguish between different sun4u CPUs in
the loader anyway, no longer do trial and error when reading the
portid property.
