Fix va_list handling
- Add missing va_end's after corresponding va_start's to cleanup state
- Eliminate questionable bzero'ing of va_list passed in to
do_buff_decode(..) and do_encode(..) from buff_{de,en}code_visit(..)
and csio_{de,en}code_visit(..). Make va_list a pointer instead and
pass NULL into the underlying functions to handler this in a portable
way.
- Do some minor style(9) clean up in affected functions.
CID: 1018500-1018503
Simplify always evaluated branch (`e != NULL`)
- xalloc(..) ensures that e will be non-null via malloc + err.
- `e` is already dereferenced above, so logically it's impossible
to hit the lower test without crashing if it was indeed NULL.
CID: 1007408
r298311:
Make sure fmemopen succeeds in :test_append_binary_pos before calling ftell
on the FILE object
This fixes potential null pointer dereferences on failure
CID: 1254952
r298312:
Fix double fclose of `fp1` when freopen fails
freopen handles closing file descriptors on error, with the exception of
fdopen'ed descriptors, so closing an already fclose'd file descriptor is
incorrect
CID: 1338525
r298368:
Fix coverity issue with contrib/netbsd-tests/lib/libc/ssp/h_read.c
Ensure opening /dev/zero succeeds. Abort the test if it doesn't.
Also, use _PATH_DEVZERO instead of hardcoding "/dev/zero"
CID: 1251410
r298660:
Fix up r298368
Remove the semicolon accidentally added after the new conditional that tests
that /dev/zero is opened successfully.
CID: 1354980
r298448:
Don't leak `string` in parse_define(..) when a macro has been found
and the parser token != TOK_ASSIGN
CID: 1007187, 1007188
Obtained from: Isilon OneFS (part of r445479)
r298464:
Use `sizeof(*uuser)` instead of `sizeof(struct usm_user)` for consistency with
the rest of the users in the file
No functional change
r298451:
Don't use `entry` after free in the "already in lists" case
Return with 0 as it isn't an error.
CID: 1006085
Obtained from: Isilon OneFS (part of r493633)
r298452:
Don't try to free `string` (stack allocated char[])
Fix minor style with warnx call while in the neighborhood
CID: 1009683
r298507:
Fix looking for "UTC" at start of ptr by using strnmp instead of improperly
unrolled equivalent
CID: 1347118
r298750:
Use a better idiom for finding UTC prefixed timezones
Instead of copy-pasting the string literal for "UTC" 3 times and using
strlen, use a static char[3] buffer and sizeof(..).
ifconfig: prevent some improbable signed integer overflows.
ic_nchans, from struct:ieee80211req_chaninfo, is an unsigned int.
Use an unsigned index to prevent overflowing the index.
Adopt unsigned integers in other cases where it is useful
to be aware of the unsigned quantities and there is no
risk of the values being negative.
Since we no longer need additional buffers for request and response IOCBs,
we can increase receive space by 192 bytes, that is enough for fetching 48
more ports. The new limit is 1020 fabric ports per virtual port.
While the same update is also available for 24xx chips, it seems have
a problem with disabling virtual ports -- firmware handles the request,
but does not respong on it, causing timeout in driver.
This should close the race between request arriving on new target mode
virtual port and its scanner thread finally fetch its address for request
routing.
For some reason firmware sends Port Database Changed notifications in case
of explicit login requests from the driver when target port is unavailabe.
Those notifications don't give driver any new information, but only cause
infinite scan loop.
Previously we had to do it synchronously because we could not drop the lock
due to potential scratch memory use conflicts. Previous commits fixed that
collision, so here it goes -- slower and less reliable external requests
are executed asynchronously without spinning in tight loop and with more
safe timeout handling.
Usually IOCBs should be put on queue for asynchronous processing and should
not require additional DMA memory. But there are some cases like aborts and
resets that for external reasons has to be synchronous. Give those cases
separate 2*64 byte DMA area to decouple them from other DMA scratch area
users, using it for asynchronous requests.
This is cosmetics that simplifies identification of new ports on FC switch.
It would be good to use target name from CTL here instead of hostname, but
it is not passed here through CAM now.
There are bunch of reports that this check fails at least on Nuvoton
NCT6776 chips. I don't see why this check needed there, and Linux does
not have it either. So far this check only made watchdogd unstopable.
Add new rc.conf parameter "jail_reverse_stop"
When a user defines "jail_list" in rc.conf the jails are started in the
order defined. Currently the jails are not are stopped in reverse order
which may break dependencies between jails/services and prevent a clean
shutdown. The new parameter "jail_reverse_stop" will shutdown jails in
"jail_list" in reverse order when set to "YES".
Please note that this does not affect manual invocation of the jail rc
script. If a user runs the command
# service jail stop jail1 jail2 jail3
the jails will be stopped in exactly the order specified regardless of
jail_reverse_stop being defined in rc.conf.
MFC r295568:
Document the new jail_reverse_stop parameter
While here clean up the documentation for jail_list
PR: 196152
Submitted by: feld
sfxge(4): do not use RxQ index as label
Labels are limitted by 32 on EF10. It is not sufficient on powerful hosts.
Since only one RxQ is running over each EvQ, zero label may be used.
Reviewed by: gnn
Sponsored by: Solarflare Communications, Inc.
PR: 208267
Differential Revision: https://reviews.freebsd.org/D6121
Note the existence of module-specific jail paramters, starting with the
linux.* parameters when linux emulation is loaded.
MFC r298585:
Encapsulate SYSV IPC objects in jails. Define per-module parameters
sysvmsg, sysvsem, and sysvshm, with the following bahavior:
inherit: allow full access to the IPC primitives. This is the same as
the current setup with allow.sysvipc is on. Jails and the base system
can see (and moduly) each other's objects, which is generally considered
a bad thing (though may be useful in some circumstances).
disable: all no access, same as the current setup with allow.sysvipc off.
new: A jail may see use the IPC objects that it has created. It also
gets its own IPC key namespace, so different jails may have their own
objects using the same key value. The parent jail (or base system) can
see the jail's IPC objects, but not its keys.
PR: 48471
Move the various per-type arrays of OSD data into a single structure array.
MFC r297422:
Add osd_reserve() and osd_set_reserved(), which allow M_WAITOK allocation
of an OSD array.
Add a new jail OSD method, PR_METHOD_REMOVE. It's called when a jail is
removed from the user perspective, i.e. when the last pr_uref goes away,
even though the jail mail still exist in the dying state. It will also
be called if either PR_METHOD_CREATE or PR_METHOD_SET fail.
MFC r298683:
Delay removing the last jail reference in prison_proc_free, and instead
put it off into the pr_task. This is similar to prison_free, and in fact
uses the same task even though they do something slightly different.
MFC r298566:
Pass the current/new jail to PR_METHOD_CHECK, which pushes the call
until after the jail is found or created. This requires unlocking the
jail for the call and re-locking it afterward, but that works because
nothing in the jail has been changed yet, and other processes won't
change the important fields as long as allprison_lock remains held.
Keep better track of name vs namelc in kern_jail_set. Name should
always be the hierarchical name (relative to the caller), and namelc
the last component.
MFC r298668:
Use crcopysafe in jail_attach.
PR: 48471
Remove the PR_REMOVE flag, which was meant as a temporary marker for
a jail that might be seen mid-removal. It hasn't been doing the right
thing since at least the ability to resurrect dying jails, and such
resurrection also makes it unnecessary.
msdosfs: Prevent buffer overflow when expanding win95 names
In win2unixfn() we expand Windows 95 style long names. In some cases that
requires moving the data in the nbp->nb_buf buffer backwards to make room. That
code failed to check for overflows, leading to a stack overflow in win2unixfn().
We now check for this event, and mark the entire conversion as failed in that
case. This means we present the 8 character, dos style, name instead.
PR: 204643
Differential Revision: https://reviews.freebsd.org/D6015
Add missing set of the current VNET when inputting IP packets in IPoIB.
This fixes a kernel panic when using IPoIB with VIMAGE and infiniband.
PR: 208957
Sponsored by: Mellanox Technologies
Tested by: Justin Clift <justin@postgresql.org>
Ensure the received IP header gets 32-bits aligned.
The FreeBSD's TCP/IP stack assumes that the IP-header is 32-bits aligned
when decoding it. Else unaligned 32-bit memory access can happen, which
not all processor architectures support.
Sponsored by: Mellanox Technologies
Add missing port_up checks.
When downing a mlxen network adapter we need to check the port_up variable
to ensure we don't continue to transmit data or restart timers which can
reside in freed memory.
Sponsored by: Mellanox Technologies
fsck_ffs: use uint32_t for closedisk().
fs_ncg is of type uint32_t, and we were indexing it with an int.
Fixed this using an unsigned type.
Reviewed by: mckusick
Don't remove the /var/run/jail_name.id file if a jail fails to start.
This messes up ezjail (and possibly others), when attempting to start
a jail that already exists.
PR: 208806
Reviewed by: tj
regex: prevent two improbable signed integer overflows.
In matcher() we used an integer to index nsub of type size_t.
In print() we used an integer to index nstates of type sopno,
typedef'd long.
In both cases the indexes never take negative values.
Match the types to avoid any error.
