to UFS, perform updates during syncer scans, which in particular means
that tmpfs now performs scan on sync. Also, this means that a mtime
update may be delayed up to 30 seconds after the write.
The vm_object' OBJ_TMPFS_DIRTY flag for tmpfs swap object is similar
to the OBJ_MIGHTBEDIRTY flag for the vnode object, it indicates that
object could have been dirtied. Adapt fast page fault handler and
vm_object_set_writeable_dirty() to handle OBJ_TMPFS_NODE same as
OBJT_VNODE.
Reported by: Ronald Klop <ronald-lists@klop.ws>
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
doesn't get truncated to 32 bits.
Without this, 3x3 NICs transmitting at an MCS rate whose rix (rate
index) in the rate table is > 31 end up returning errors, as the
sample rate code doesn't think the rate is set in the rate table.
Tested:
* AR9380, STA, speaking 3x3 to an AP
Without this change a local attacker could trigger a panic by
tricking the kernel into accessing undefined kernel memory.
We would like to acknowledge Francisco Falcon from CORE Security
Technologies who discovered the issue and reported to the
FreeBSD Security Team.
More information can be found at CORE Security's advisory at:
http://www.coresecurity.com/content/freebsd-kernel-multiple-vulnerabilities
This is an errata candidate for releng/10.1 and releng/9.3. Earlier
releases are not affected.
Reported by: Francisco Falcon from CORE Security Technologies
Security: CVE-2014-0998
Reviewed by: dumbbell
MFC after: 3 days
We would like to acknowledge Gerasimos Dimitriadis who reported
the issue and Michael Tuexen who analyzed and provided the
fix.
Security: FreeBSD-SA-15:03.sctp
Security: CVE-2014-8613
Submitted by: tuexen
We would like to acknowledge Clement LECIGNE from Google Security Team and
Francisco Falcon from Core Security Technologies who discovered the issue
independently and reported to the FreeBSD Security Team.
Security: FreeBSD-SA-15:02.kmem
Security: CVE-2014-8612
Submitted by: tuexen
- Add special test to detect the case of -1 * INTMAX_MIN
- Protect against elimination of the test division by the optimizer
Garrett Cooper noticed that the overflow checks were incomplete, and Bruce
Evans suggested the use of the "volatile" qualifier to counter the effect
of the undefined behaviour, when the prior multiplication caused overflow,
and he also suggested improvements to the comments.
Reviewed by: bde
MFC after: 1 week
Also, split power_suspend into power_suspend and power_suspend_early.
power_suspend_early is called before the userland is frozen.
power_suspend is called after the userland is frozen.
Currently only VT switching is hooked to power_suspend_early.
This is needed because switching away from X server requires its
cooperation, so obviously X server must not be frozen when that happens.
Freezing userland during ACPI suspend is useful because not all drivers
correctly handle suspension concurrent with other activity. This is
especially applicable to drivers ported from other operating systems
that suspend all software activity between placing drivers and hardware
into suspended state.
In particular drm2/radeon (radeonkms) depends on the described
procedure. The driver does not have any internal synchronization
between suspension activities and processing of userland requests.
Many thanks to kib for the code that allows to freeze and thaw all
userland threads.
Note that ideally we also need to park / inhibit (non-special) kernel
threads as well to ensure that they do not call into drivers.
MFC after: 17 days
suspend/resume
The goal is to avoid that the vt(4) resume happens before the video
display is resumed. The original patch was provided by Andriy Gapon.
This new patch registers the handlers in vt_upgrade(). This is done
once, thanks to the VDF_ASYNC flag. I abused this flag because it was
already abused by the keyboard allocation. The event handlers then call
the backend if it provides callbacks for suspend/resume.
Differential Revision: https://reviews.freebsd.org/D1004
On behalf of: dumbbell
MFC after: 2 weeks
support in QEMU. Each page of a many page mapping was getting mapped to
the same physical address, which is not the desired behavior.
MFC after: 1 week
Previously, the driver resets the device and abandon the requests that
are caught in flight when the dump was initiated. This was problematic
if the system is resumed after the dump is completed.
While that is probably not the typical action, it is simple to rework
the driver to very likely have the device usable after the dump without
making it more likely for the dump to fail. The in flight requests are
simply queued for completion once the dump is finished.
Requested by: markj
MFC after: 1 month
https://wiki.freebsd.org/ReproducibleBuilds
The contrib/sendmail change will be made in the upstream source for a
future sendmail release.
Reviewed by: des
MFC after: 3 days
Merge some cherry-picked fixes originating in OpenBSD
Check whether the version field is available before looking at it.
While we're at it, use ND_TCHECK(), rather than a hand-rolled check, to
check whether we have the full fixed-length portion of the IPv4 header.
commit c67afe913011138a2504ec4d3d423b48e73b12f3
Do more length checking. From OpenBSD.
commit d7516761f9c4877bcb05bb6543be3543e165249
Check whether the version field is available before looking at it.
While we're at it, use ND_TCHECK(), rather than a hand-rolled check, to
check whether we have the full fixed-length portion of the IPv4 header.
commit c67afe913011138a2504ec4d3d423b48e73b12f3
Do more length checking. From OpenBSD.
commit d7516761f9c4877bcb05bb6543be3543e165249
Allows Clang to use LLVM's fixes-x18 option
This patch allows clang to have llvm reserve the x18
platform register on AArch64. FreeBSD will use this in the kernel for
per-cpu data but has no need to reserve this register in userland so
will need this flag to reserve it.
This uses llvm r226664 to allow this register to be reserved.
Patch by Andrew Turner.
Requested by: andrew
AArch64: add backend option to reserve x18 (platform register)
AAPCS64 says that it's up to the platform to specify whether x18 is
reserved, and a first step on that way is to add a flag controlling
it.
From: Andrew Turner <andrew@fubar.geek.nz>
Requested by: andrew
uid and gid are never and should never be negative. The pw(8) manpage clearly
states the -u and -g arguments are for uids/gids, hence using negative values is
abusing a bug in former versions of pw(8)
the no-longer existant sb_cc sockbuf member.
- Use sbavail() instead of sbused() in t4_soreceive_ddp() to match the
usage in soreceive_stream() on which it is based.
Discussed with: glebius (2)
lock around the mapping and uiomove(). Before r277643, it was
partially protected by Giant (but potential sleeping in fault from
uiomove() would still allow other thread to reuse the mapping).
Noted by: ian
Reviewed by: alc, ian
Sponsored by: The FreeBSD Foundation
MFC after: 3 weeks
Current code requires that the first physical memory segment starts at 0,
but this is not really needed. We only need to make sure the bootstrap code
and page tables for APs are allocated below 4GB.
This patch removes this requirement and allows booting a Dell R710 from
UEFI, where the first physical memory segment starts at 0x10000.
Sponsored by: Citrix Systems R&D
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D1417