Commit Graph

221118 Commits

Author SHA1 Message Date
cem
97f5dee540 rpcgen(1): Tag crash() routine as __dead2 for static analyzers
Suggested by:	Coverity
CID:		1305464
Sponsored by:	EMC / Isilon Storage Division
2016-05-12 03:49:05 +00:00
cem
2274d498f7 kern_descrip_test: Fix trivial buffer overrun with readlink(2)
Reported by:	Coverity
CID:		1229965, 1229972
Sponsored by:	EMC / Isilon Storage Division
2016-05-12 03:44:29 +00:00
cem
201cd226c8 rtadvd(8): Fix a typo in full msg receive logic
Check against the size of the struct, not the pointer.  Previously, a message
with a cm_len between 9 and 23 (inclusive) could cause int msglen to underflow
and read(2) to be invoked with msglen size (implicitly cast to signed),
overrunning the caller-provided buffer.

All users of cm_recv() supply a stack buffer.

On the other hand, the rtadvd control socket appears to only be writable by the
owner, who is probably root.

While here, correct some types to be size_t or ssize_t.

Reported by:	Coverity
CID:		1008477
Security:	unix socket remotes may overflow stack in rtadvd
Sponsored by:	EMC / Isilon Storage Division
2016-05-12 03:37:17 +00:00
sephe
e82ec31211 mxge: Setup mbuf flowid before calling tcp_lro_rx().
Reviewed by:	gallatin
MFC after:	1 week
Sponsored by:	Microsoft OSTC
Differential Revision:	https://reviews.freebsd.org/D6320
2016-05-12 03:36:49 +00:00
sephe
5e72012d2e hyperv/stor: Enable INQUIRY result check only on WIN10 like host systems
On WIN8 like host systems, when rescan happens, the already installed
disks seem to return random invalid results for INQUIRY.

More investigation is under way to figure out why random invalid INQUIRY
results are delivered to VM on WIN8 like host systems.

Submitted by:	Hongjiang Zhang <honzhan microsoft com>
Reviewed by:	sephe
MFC after:	1 week
Sponsored by:	Microsoft OSTC
Differential Revision:	https://reviews.freebsd.org/D6316
2016-05-12 03:29:29 +00:00
cem
c0f51615c6 snd_hda(4): Don't pass bogus sizeof()s to unused sysctl arg2 parameter (again)
More of the same sort of issue as r299503, just missed some sysctls added in a
different place than the others.

Reported by:	Coverity
CIDs:		1007692, 1009677, 1009678
Sponsored by:	EMC / Isilon Storage Division
2016-05-12 02:46:29 +00:00
cem
9a6293febf snd_hda(4): Don't pass bogus sizeof()s to unused sysctl arg2 parameter
None of the sysctl handlers in hdaa use the arg2 parameter, so just pass zero
instead.  Additionally, the sizes being passed in were suspect (size of the
pointer rather than the value).

Reported by:	Coverity
CIDs:		1007694, 1009679
Sponsored by:	EMC / Isilon Storage Division
2016-05-12 02:41:38 +00:00
cem
c0a49a2265 nss/gethostby_test: fix broken vector iteration of gethostbyaddr h_aliases
h_aliases is a NULL-terminated rather than fixed-length array.  nitems() is not
a valid way to determine its end; instead, check for NULL.

Reported by:	Coverity
CID:		1346578
Sponsored by:	EMC / Isilon Storage Division
2016-05-12 02:32:23 +00:00
pfg
b3857d7c40 traceroute6(8): use NULL instead of zero for initializing a pointer. 2016-05-12 02:05:50 +00:00
pfg
fbf894cd86 chat(8): use NULL instead of zero for initializing a pointer. 2016-05-12 02:02:16 +00:00
pfg
c0395e345d sys/boot/common: use of spaces vs. TAB.
No functional change.
2016-05-12 01:19:11 +00:00
cem
b085e42af0 atf map: Fix double-free in low memory error path
If atf_list_append(, X, ) fails, X is freed.  Don't free it again.

If anyone wants to walk this patch upstream, be my guest.  I literally cannot
upstream it myself due to Google's stupid CLA.

Reported by:	Coverity
CID:		979936
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 23:39:39 +00:00
cem
2bcae162c5 libkrb5: Fix potential double-free
If krb5_make_principal fails, tmp_creds.server may remain a pointer to freed
memory and then be double-freed.  After freeing it the first time, initialize
it to NULL, which causes subsequent krb5_free_principal calls to do the right
thing.

Reported by:	Coverity
CID:		1273430
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 23:25:59 +00:00
cem
493fc2338c subr_vmem: Fix double-free in error case of vmem_create
If vmem_init() fails, 'vm' is already destroyed and freed.  Don't free it
again.

Reported by:	Coverity
CID:		1042110
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 23:16:11 +00:00
cem
086931ed3b Revert r299467 to fix the kernel build.
$ svn merge -c -299467 .

Approved by:	build being broken for six hours
2016-05-11 23:00:12 +00:00
skreuzer
94e04cec90 Document r298695, ntp updated to 4.2.8p7.
Approved by:	gjb@ (implicit with re@ hat on)
2016-05-11 22:44:00 +00:00
cem
3fa2461dde route6d(8): Fix potential double-free
In the case that the subsequent sysctl(3) call failed, 'buf' could be free(3)ed
repeatedly.  It isn't clear to me that that case is possible, but be clear and
do the right thing in case it is.

Reported by:	Coverity
CID:		272537
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 22:33:20 +00:00
cem
4c080eaa62 camcontrol(8): Fix another trivial double-free
Reported by:	Coverity
CID:		1331222
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 22:25:14 +00:00
cem
32fca307a1 camcontrol(8): Fix trival double-free
Reported by:	Coverity
CID:		1331223
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 22:22:49 +00:00
cem
e002a9eee2 random(6): Fix double-close
In the case where a file lacks a trailing newline, there is some "evil" code to
reverse goto the tokenizing code ("make_token") for the final token in the
file.  In this case, 'fd' is closed more than once.  Use a negative sentinel
value to guard close(2), preventing the double close.

Ideally, this code would be restructured to avoid this ugly construction.

Reported by:	Coverity
CID:		1006123
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 22:04:28 +00:00
emaste
7c4ffc6797 exec.h: Move PS_STRINGS define to kernel-only section
The kern.ps_strings sysctl was introduced in r103767 and the last
use of PS_STRINGS in userspace code was removed in r297888.

PR:		208760 [exp-run]
Reviewed by:	kib
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D5933
2016-05-11 21:14:36 +00:00
jkim
d433e59a4d Regen x86 assembly files for r299480. 2016-05-11 20:11:21 +00:00
jkim
36da606d58 Set CC environment variable for Perl scripts. This is for detecting
assembler/compiler capabilities, e.g., AVX instructions.
2016-05-11 20:06:23 +00:00
jkim
7ff185b500 Refine comments to add its origin. 2016-05-11 19:59:05 +00:00
andrew
8c3616af7a Call busdma_swi from swi_vm as is done from other architectures.
Obtained from:	ABT Systems Ltd
Sponsored by:	The FreeBSD Foundation
2016-05-11 18:48:47 +00:00
gonzo
23a2d5f593 Add OF_prop_free function as a counterpart for OF_*prop_alloc
- Introduce new OF API function OF_prop_free to free memory allocated by
  OF_getprop_alloc and OF_getencprop_alloc. Current code just calls free(9)
  with M_OFWPROP memory class which assumes knowledge about OF_*prop_alloc
  functions' internals and leads to unneccessary code coupling

- Convert some of the free(..., M_OFWPROP) instances to OF_prop_free

Files affected by this commit are the ones I was able to test on real
hardware. The rest of free(..., M_OFWPROP) instances will be handled with
idividual maintainers

Reviewed by:	andrew
Differential Revision:	https://reviews.freebsd.org/D6315
2016-05-11 18:20:02 +00:00
cem
8093b741c7 whois(1): Fix potential double-close and logic mistakes
Close the fd the poll error was detected on, rather than the last opened fd, to
fix the double-close.

Use -1 to make it explict which int variables no longer own socket file
descriptors.

Actually shrink, rather than grow, the poll timeout to match comment.

Reported by:	Coverity
CID:		1304860, 1305616
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 18:03:51 +00:00
gonzo
abcd904de9 Add gpiokeys driver
gpiokey driver implements functional subset of gpiokeys device-tree bindings:
https://www.kernel.org/doc/Documentation/devicetree/bindings/input/gpio-keys.txt

It acts as a virtual keyboard, so keys are visible through kbdmux(4)

Driver maps linux scancodes for most common keys to FreeBSD scancodes and
also extends spec by introducing freebsd,code property to specify
FreeBSD-native scancodes.

Reviewed by:	mmel, jmcneill
Differential Revision:	https://reviews.freebsd.org/D6279
2016-05-11 17:57:26 +00:00
emaste
7c53dc625e Deorbit ALLOW_SHARED_TEXTREL
We want to avoid .text relocations in shared objects. libcrypto was the
only consumer and it is now fixed (as of r299389). Remove the now-unused
support for turning off the linker warning.

Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D6323
2016-05-11 17:55:09 +00:00
cem
56be1d347c whois(1): Pull out async multiple host connection code into a routine
This logic was added to the whois() function in r281959, but could easily be
its own routine.  In this case, I think the abstraction makes both functions
easier to reason about.

This precedes some Coverity-suggested cleanup.

Sponsored by:	EMC / Isilon Storage Division
2016-05-11 17:52:06 +00:00
bdrewery
8a99d06e03 DIRDEPS_BUILD: Exclude host tools for Makefile.depend.host as well.
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 17:40:51 +00:00
hselasky
49384bc9ea Resolve LINT linking issue by renaming ida_init() to ida_setup(). The
ida_init() symbol name is now taken for use by the LinuxKPI.

Reported by:	emaste @
Discussed with:	mav @
2016-05-11 17:38:09 +00:00
cem
edd8bad712 mixer(8): Style: Tag no-return usage() as __dead2
Coverity really should have figured this out from the exit(3) call at the end
of the routine, but just make it explicit.

No functional change.

Reported by:	Coverity
CID:		1304866 (false positive double-close of 'baz')
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 17:27:27 +00:00
hselasky
d41206de4f Match Linux behaviour and iterate the IDR tree unlocked. The caller is
responsible the IDR tree stays unmodified while iterating.

MFC after:	1 week
Sponsored by:	Mellanox Technologies
2016-05-11 17:20:20 +00:00
hselasky
fd168b7052 The idr_for_each() function is now part of the LinuxKPI. Use the
LinuxKPI's idr_for_each() function instead of the local one to avoid
compilation issues.

Discussed with:	np @
MFC after:	1 week
2016-05-11 17:17:48 +00:00
andrew
5685cc375d Add a new get_id interface to pci and pcib. This will allow us to both
detect failures, and get different PCI IDs.

For the former the interface returns an int to signal an error. The ID is
returned at a uintptr_t * argument.

For the latter there is a type argument that allows selecting the ID type.
This only specifies a single type, however a MSI type will be added
to handle the need to find the ID the hardware passes to the ARM GICv3
interrupt controller.

A follow up commit will be made to remove pci_get_rid.

Reviewed by:	jhb, rstone
Obtained from:	ABT Systems Ltd
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D6239
2016-05-11 17:07:29 +00:00
cem
3109740c43 bsnmpd: Fix size of trapsink::comm to match other community arrays
This fixes a number of possible strcpy() buffer overruns between the various
community strings in trap.c.

Reported by:	Coverity
CIDs:		1006820, 1006821, 1006822
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 17:06:03 +00:00
cem
61b729e84b bsnmp: Don't overrun privkey buffer by copying wrong size
The 'priv_key' array is SNMP_PRIV_KEY_SIZ bytes, not SNMP_AUTH_KEY_SIZ.

Reported by:	Coverity
CIDs:		1008326, 1009675
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 16:54:34 +00:00
emaste
a49d3e4c43 libcrypto: add "Do not modify" comment to generated source files
Reviewed by:	jkim
Differential Revision:	https://reviews.freebsd.org/D6237
2016-05-11 16:53:56 +00:00
andrew
4ec608a6fe On arm64 always create a bus_dmamap_t object. This will be use to hold the
list of memory that the kernel will need to sync when operating with a
non-cache coherent DMA engine.

Obtained from:	ABT Systems Ltd
Sponsored by:	The FreeBSD Foundation
2016-05-11 16:53:41 +00:00
jkim
027fd46f7c Enable linker error if libcrypto.so contains a relocation against text. It
is position independent on all platforms since r299389.

Submitted by:	kib
2016-05-11 16:45:58 +00:00
cem
b10d781534 ffs_bswap: Copy one UFS dinode member at a time
No functional change.

Reported by:	Coverity
CIDs:		974635, 974636, 977396, 977397, 977398, 977399
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 16:42:13 +00:00
cem
c33e0df5bb fsck_ffs: Don't overrun mount device buffer
Maybe this case is impossible.  Either way, when attempting to "/dev/"-prefix a
non-global device name, check that we do not overrun the f_mntfromname buffer.

In this case, truncating (with strlcpy or similar) would not be useful, since
the f_mntfromname result of getmntpt() is passed directly to open(2) later.

Reported by:	Coverity
CID:		1006789
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 16:20:23 +00:00
cem
64fd83451a compat/opensolaris: Don't redefined off64_t if already defined
A follow-up to r299456.

Reported by:	gjb
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 16:05:32 +00:00
cem
980da549c8 Fix buffer overrun in gcore(1) NT_PRPSINFO
Use size of destination buffer, rather than a constant that may or may not
correspond to the source buffer, to restrict the length of copied strings.  In
particular, pr_fname has 16+1 characters but MAXCOMLEN is 18+1.

Use strlcpy instead of strncpy to ensure the result is nul-terminated.  This
seems to be what is expected of these fields.

Reported by:	Coverity
CIDs:		1011302, 1011378
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 15:31:31 +00:00
andrew
c1c72529c8 Add data barriers to the arm64 bus_dmamap_sync function. We need these
to ensure ordering between the CPU and device. As the CPU and DMA target
may be in different shareability domains they need to be full system
barriers.

Obtained from:	ABT Systems Ltd
Sponsored by:	The FreeBSD Foundation
2016-05-11 14:59:54 +00:00
cem
97a44a849e libc: Add fopencookie(3) wrapper around funopen(3)
Reviewed by:	jhb, oshogbo
Sponsored by:	EMC / Isilon Storage Division
Differential Revision:	https://reviews.freebsd.org/D6282
2016-05-11 14:38:27 +00:00
pfg
d45728b896 librpcsec_gss: remove redundant code.
We have identical code no matter the expression behind the if.
Avoid the desision altogether and keep doing what is expected.

Reviewed by:	dfr
CID:		1305689
2016-05-11 14:37:33 +00:00
mav
5be2c009e5 MFV r299453: 6765 zfs_zaccess_delete() comments do not accurately reflect
delete permissions for ACLs

Reviewed by: Gordon Ross <gwr@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
Author: Kevin Crowe <kevin.crowe@nexenta.com>

openzfs/openzfs@a40149b935
2016-05-11 13:53:29 +00:00
mav
5406e47e28 MFV r299451: 6764 zfs issues with inheritance flags during chmod(2) with
aclmode=passthrough

Reviewed by: Gordon Ross <gwr@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
Author: Albert Lee <trisk@nexenta.com>

openzfs/openzfs@1bcf0d240b
2016-05-11 13:50:34 +00:00