Upstream fixes for issues found with afl (Issue #417).
- Fix length checking.
Check both the captured length and the on-the-wire length (the latter
*should* be greater than or equal to the former, but that's not
guaranteed).
Add some additional length checks, so neither caplen nor length
underflow.
If we stop dissecting because the packet is too short, return 1, not 0,
as we've "dissected" what we can; 0 means "this is LLC+SNAP with an OUI
of 0 and an unknown Ethertype".
commit: 743bcecdc92f88b118ec7aac4f68b606601205cc
- Clean up length checks.
Check only the amount of length that matters at any given point; yes,
this means we do multiple checks, but so it goes.
We don't need to check for LLC+SNAP - llc_print() does that for us. We
do, however, need to check to make sure we can safely skip the Fore
header.
commit: 5c65e7532fa16308e01299988852b0dc5b027559
- Fix length checking.
Check both the captured length and the on-the-wire length (the latter
*should* be greater than or equal to the former, but that's not
guaranteed).
Add some additional length checks, so neither caplen nor length
underflow.
If we stop dissecting because the packet is too short, return 1, not 0,
as we've "dissected" what we can; 0 means "this is LLC+SNAP with an OUI
of 0 and an unknown Ethertype".
commit: 743bcecdc92f88b118ec7aac4f68b606601205cc
- Clean up length checks.
Check only the amount of length that matters at any given point; yes,
this means we do multiple checks, but so it goes.
We don't need to check for LLC+SNAP - llc_print() does that for us. We
do, however, need to check to make sure we can safely skip the Fore
header.
commit: 5c65e7532fa16308e01299988852b0dc5b027559
controller.
The gpiobus is responsible to keep track of the used pins and serialize
the access to pins.
Some of these features are important to devices that do not descend
directly from gpiobus and as such cannot make use of its features (one
classic example is gpioc that is attached to the GPIO controller and could
not, until now, make use of the gpiobus locking).
subverted by userspace into cycle. Both umtx_propagate_priority() and
umtx_repropagate_priority() would then loop infinitely, owning the
spinlock.
Check for the cycle using standard Floyd' algorithm before doing the
pass in the affected functions. Add simple check for condition of
tricking the thread into a wait for itself, which could be easily
simulated by usermode without race.
Found by: Eric van Gyzen <eric@vangyzen.net>
In collaboration with: Eric van Gyzen <eric@vangyzen.net>
Tested by: pho
MFC after: 1 week
modification and last file status change timestamps of the file".
Currently, tmpfs only modifies ctime when file was extended. Since
r277828 followed tmpfs_write(), mmaped writes also do not modify
ctime.
Fix this, by updating both ctime and mtime for writes to tmpfs files.
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
this codepath.)
(1<<30) is documented as BLM_PCH_OVERRIDE_ENABLE, which the current
i915 driver in Linux only sets for broadwell chips.
This fixes the backlight control on the Lenovo X230.
Approved by: kib
Obtained from: Linux 7aa1e7f06d6ea1bce3b27630d50769d13da28b1a
assume that GPT means UEFI boot, resulting in the installation of
uninstallable systems. This needs a little more work before MFC, in
particular based on disk size (> 2 TB + BIOS + MBR is not workable). That
will come soon.
Motivation is to introduce BIOS specific quirks early in the boot
process. smbios_match can be called before malloc is avaible, that's
why parts of smbios_detect have been moved into a separate function
smbios_probe that will be called by smbios_detect as well as
smbios_match.
Reviewed by: jhb
Approved by: jhb
Differential Revision: https://reviews.freebsd.org/D1679
This fixes evaluation of exceptional values in scalblnl().
While here, simplify the code as suggested by Bruce Evans.
Reported by: clang static analyzer
MFC after: 1 week
In UEFI it appears all available NICS are present to pass network traffic.
This gives the capability to load the loader.efi from disk then set
currdev="net3:" and then all I/O will over over the 2nd NIC. On this
machine is appears the first handle is the first NIC in IPv4 mode and
then the 2nd handle is the first NIC in IPv6 mode. The 3rd handle is
the 2nd NIC in IPv4 mode. The fix is to index into the handle based
on the unit cached from boot device passed into the loader.
Some testing info from a test boot via kenv:
currdev="net3:"
loaddev="net3:"
boot.netif.name="igb1"
Allocate all four, we will use them soon.
Simplificate the allocation of memory and interrupt resources with a single
bus_alloc_resources() call instead of doing them separately.
Destroy the mutex in case of errors.
This fixes what seems like a simple oversight when the function was added in
r253210.
Reported by: Daniel Borkmann <dborkman@redhat.com>
Florian Westphal <fw@strlen.de>
Differential Revision: https://reviews.freebsd.org/D1628
Reviewed by: gnn
MFC after: 1 month
Sponsored by: Limelight Networks
With this change, it is now possible to verify the pin function and level
of reserved pins (but not set them).
The use of reserved pins on Raspberry pi can lead to short circuits and
real damage to the SoC.
While here, remove duplicated code, make use of OF_getencprop_alloc()
instead of using fixed sized variables and reduce the dmesg spam by
printing reserved pin ranges (when possible) instead of printing each pin
in the range.
thread started and incremented the stat_flush_threads [1].
Unconditionally wakeup softdep_flush threads when needed, do not try
to check wchan, which is racy and breaks abstraction.
Reported by and discussed with: glebius, neel
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
descriptor or free the memory before returning.
Submitted by: Mariusz Zaborski <oshogbo@FreeBSD.org>
While here, protect errno, so it won't be overwritted by close(2) or free(3).
sys/cam/scsi/scsi_all.h:
In struct scsi_extended_inquiry_data:
- Increase the length field to 2 bytes, as it is 2 bytes in SPC-4.
- Add bit definitions for the various Activiate Microcode actions.
- Add the Sequential Access Logical Block Protection support bit,
since we need that in the sa(4) driver. (For modifications
that will come later.)
- Add definitions for the various Multi I_T Nexus Microcode
Download modes.
sys/cam/ctl/ctl.c:
As of SPC-4, a single report of "REPORTED LUNS DATA HAS CHANGED"
is to be given per I_T nexus. Once it is reported, the unit
attention condition should be cleared for all LUNS attached to
an I_T nexus.
Previously that only happened when a REPORT LUNS command was
processed.
This behavior may be different (according to SAM-5) when the
UA_INTLCK_CTRL bits are non-zero in the control mode page but
CTL does not currently support that.
So, in view of the spec, whenever we report a LUN inventory
change unit attention, clear it on all LUNs for that
particular I_T nexus.
Add a new function, ctl_clear_ua() that will clear a unit
attention on all LUNs for the given I_T nexus.
One field in the extended inquiry data that we could potentially
report at some point is the maximum supported sense data length.
To do that, we would the SIM to report (via path inquiry
perhaps) how much sense data it is able to send.
Add comments to explain some of the bits that are set in the
Extended Inquiry VPD page.
Add a few comments to make it more clear which functions handle
various VPD pages.
Sponsored by: Spectra Logic
MFC after: 1 week
