Don't zero unused pointer members again.
Per discussion with secteam we are not issuing an advisory for this
issue as we have no current evidence it leaks exploitable information.
Reviewed by: rwatson, glebius, delphij
MFC after: 1 day
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D10227
Invalid expressions with an ultimate compiled pattern length of 0 (e.g.,
"grep -E {") were not taken into account and caused a segfault while trying
to fill in the good suffix table.
Submitted by: Kyle Evans <kevans91 at ksu.edu>
Reviewed by: me
Differential Revision: https://reviews.freebsd.org/D10113
xmalloc was a debug malloc implementation, but the x{malloc,calloc,free}
functions default to calling the malloc(3) equivalents.
Instead of relying on this malloc shim, we can devise better ways to debug
malloc issues that aren't misleading upon initial inspection. (I.e., using
jemalloc's various built-in debugging capabilities.)
Submitted by: Kyle Evans <kevans91 at ksu.edu>
Reviewed by: emaste, cem
Differential Revision: https://reviews.freebsd.org/D10269
r316477 changed the color output to match exactly the in-tree GNU grep,
but introduces unnecessary escape sequences.
Submitted by: Kyle Evans <kevans91 at ksu.edu>
Reported by: ache
MFC after: 1 month
MFC with: r316477
destination addresses. Previous code has used only destination address
for lookup. But for inbound packets the source address was used as SA
destination address. Thus only outbound SA were used for both directions.
Now we use addresses from a packet as is, thus SAs for both directions are
needed.
Reported by: Mike Tancsa
MFC after: 1 week
Create a convenience rgrep link for bsdgrep(1) that observes 'grep -r'
behavior.
A follow-up to r316473.
Submitted by: Kyle Evans <kevans91 at ksu.edu>
Reviewed by: emaste (earlier version), cem
Differential Revision: https://reviews.freebsd.org/D10109
The header was added by the recent keybuf feature (r316343)
MODINFOMD_KEYBUF originally resided here, but was moved to linker.h
This change fixes the build on risc-5 which doesn't have a metadata.h
Detected by Jenkins: https://ci.freebsd.org/job/FreeBSD-head-riscv64-build/1167/console
Reported by: lwhsu
The tsec_error_intr_locked() is called with the global lock owned (e.g.
the transmit and the receive lock are both owned). We must not call
tsec_receive_intr_locked() while owning the transmit lock. The normal
receive interrupt takes care that frames are received, this is none of
the business of the error interrupt.
Submitted by: Sebastian Huber <sebastian.huber_AT_embedded-brains.de>
Use a method similar to the if_dwc driver. Use a wmb() before the flags of the
first transmit buffer of a frame are written.
Group transmit/receive structure members for better cache efficiency.
Tested on P1020RDB. TCP transmit throughput increases from 60MiB/s to
90MiB/s.
Submitted by: Sebastian Huber <sebastian.huber_AT_embedded-brains.de>
Timeout is now effectively a boolean rather than a time-remaining. This was
missed in r316478, but included in the original patch (mis-merged with a manual
merge).
The status indicators are not set immediatly after a command. Discard
the first value.
Unlock the PHY mutex after a timeout in tsec_init_locked().
Tested on the P1020RDB.
Submitted by: Sebastian Huber <sebastian_DOT_huber_AT_embedded-brains_DOT_de>
- Set REG_NOTBOL if we've already matched beginning of line and we're
examining later parts
- For each pattern we examine, apply it to the remaining bits of the
line rather than (potentially) smaller subsets
- Check for REG_NOSUB after we've looked at all patterns initially
matching the line
- Keep track of the last match we made to later determine if we're
simply not matching any longer or if we need to proceed another byte
because we hit a zero-length match
- Match the earliest and longest bit of each line before moving the
beginning of what we match to further in the line, past the end of the
longest match; this generally matches how gnugrep(1) seems to behave,
and seems like pretty good behavior to me
- Finally, bail out of printing any matches if we were set to print all
(empty pattern) but -o (output matches) was set
PR: 195763, 180990, 197555, 197531, 181263, 209116
Submitted by: "Kyle Evans" <kevans91@ksu.edu>
Reviewed by: cem
MFC after: 1 month
Relnotes: Yes
Differential Revision: https://reviews.freebsd.org/D10104
using "-width". The http://mdocml.bsd.lv/mdoc/details/width.html
says: "Do not use macros in the argument specifying the width,
that's not portable. While GNU troff can handle it, mandoc cannot."
The same problem seems to exist in many other man pages.
Reviewed by: bapt, vangyzen
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D10238
was the first release of an OS to ship with it.
Heads up by Ingo Schwarze.
Approved by: bcr (mentor)
MFC after: 5 days
Differential Revision: https://reviews.freebsd.org/D10209
Make PFIL's lock global and use it for this purpose.
This reduces the number of locks needed to acquire for each packet.
Obtained from: Yandex LLC
MFC after: 2 weeks
Sponsored by: Yandex LLC
No objection from: #network
Differential Revision: https://reviews.freebsd.org/D10154
When a member of a RAIDZ has been replaced with a device smaller than the
original, then the top level vdev can report its expand size as 16.0E.
The reduced child asize causes the RAIDZ to have a vdev_asize lower than its
vdev_max_asize which then results in an underflow during the calculation of
the parents expand size.
Fix this by updating the vdev_asize if it shrinks, which is already
protected by a check against vdev_min_asize so should always be safe.
Also for RAIDZ vdevs, ensure that the sum of their child vdev_min_asize is
always greater than the parents vdev_min_size.
Fixes: https://www.illumos.org/issues/7885
MFC after: 2 weeks
Sponsored by: Multiplay
Vendor changes (FreeBSD-related):
Report which extended attributes could not be restored
Update archive_read_disk.3 and archive_write_disk.3 manual pages
Plug memory leaks in xattr tests.
MFC after: 1 week
This variable was used 4 times in 1 function and all uses were wrong.
The 4 uses were in he test_frame() (show) function, to try to restore
4 colors, 2 unnecessarily and these 2 now broken. This was wrong
because it is the previous colors that must be restored, but the global
holds the original colors. Excessive setting of colors at the end
restored the previous colors correctly in most cases, but I removed
this a couple of revisions ago.
Originally, this variable had 1 correct use, to test for being on a vty
as a side effect of initializing it. This is now down in init(), and
init() also leaves a better-named global with the same contents.
Fix this by reading the current console info into a local variable in
test_frame(), as is done for several other functions. Fix style bugs
in this reading for all callers:
- extra blank lines
- all error messages different. The first one now in init() is not as
specific as the old one, but it is after a different specific one for
another ioctl and is unlikely to be reached when the first ioctl
succeeds. Ones after the first are to repeat the ioctl, so are even
more likely to be reached. The correctness of full removal of the
old global depends on the error handling for failure to initialize
it being unreachable.
- err() instead of warn() for failure in load_font(). This is almost
unreachable, and it makes no sense to continue after undoing previous
changes with revert().
- unreachable return after err() for failure in dump_screen().
Undo large renaming of local variables from the good name 'info' to the
bad name _info, which was done to protect the buggy global's bad name
from -Wshadow warnings.
retaining various utility functions used during BSM generation,
and a second (audit_bsm_db.c) that contains the various in-kernel
databases supporting various audit activities (the class and
event-name tables).
(No functional change is intended.)
Obtained from: TrustedBSD Project
MFC after: 3 weeks
Sponsored by: DARPA, AFRL
Change 25 uses of errc() to err(). 2 of these were correct. 23 used
errno for the arg so were just a verbose spelling of err(). 5 of these
were just style bugs, and 18 depended on revert() saving errno.
1 warn() also depended on revert() saving errno.
Remove 2 warnx()'s that duplicate the message from a later errx().
These used to be before returns, and should have reported errno in
some cases. errno is also not reported for for openguess() failures.
Only "restore" the video mode in revert() if the mode was just set
(necessarily partially). Setting the mode to its current setting
doesn't "restore" it, but resets it, with the least harmful change
being to clear the screen. revert() is called even for some harmless
syntax errors and usually did nothing except reset the mode. Now it
usually does nothing. The only things that it tries to restore apart
from the mode are the active vty number, the screen map, 2 colors that
only need to be restored (only after a mode change) to fix kernel bugs,
and 3 colors that can't be restored due to kernel bugs. (This is
mostly for sc, since vt doesn't support mode changes.)
revert() is not called for syntax and setting errors after [mode], so
the mode reset is only done for failures to set raster mode after
setting graphics mode. normal colors can only be set after [mode],
and that is why reverting them should be unnecessary.
r146736 added an undocumented syntax and many bugs handling it. The
documented syntax is "... [mode] [fg [bg]] [show]", where it is critical
for reducing ambiguity and keeping things simple that the mode is
parsed first. r146736 added buggy support for "... [mode] [fg [bg]]
[show] [mode] [fg [bg]]". One error was that after for failing to set
a partially-supported graphics mode, argv[optind] remains pointing to
the mode so doesn't match the first [fg [bg]], so the setting is
attempted again, with slightly worse error handling.
Fix this by removing it (support for the trailing '[mode] [fg [bg]]')
and cleaning up. The cleanups are mostly to remove convolutions and
bugs that didn't work to handle the ambiguous syntax '[fg [bg]] [fg [bg]]'
when [mode] and [show] are not present. Globals were set to allow
repeating the color settings at the end. The functions that set the
colors earlier were misnamed from set* to get*. All that they "got" is
is settings from argv. They applied the settings to the kernel and
the globals.
Fix restoration of colors in revert() by restoring 2 after the mode
change. Colors should not need to be restored, but a bug in scteken
clobbers them on any mode change, including ones for restoration. Don't
move the restoration of the other 3. Teken doesn't clobber them on
mode changes because it doesn't support them at all (sc still supports
the border color, but only using a non-teken ioctl).
Add restoration of colors after a successful mode change to work around
the scteken bug there too. The bug was previously masked by the general
setting of colors at the end.
Fix a longstanding parsing/error handling bug by exiting almost immediately
after matching the [mode] arg but failing to set the mode. Just revert
if necessary. Don't return to continue parsing but do it wrong. This
bug caused spamming the output with a usage() message and exiting with
status 1 whenever [mode] is not present bug [fg [bg]] or [show]. The
exit code 1 was actualy an ambiguous internal code for failure to match
[mode] or failure to set [mode]. This 1 was obfuscated by spelling it
EXIT_FAILURE, but actual exit codes spell EXIT_FAILURE as 1. Remove
another global which could have been used to disambiguate this but was
only used to micro-optimize the (unnecessary except for other bugs)
setting of colors at the end.
The module is designed for modification of a packets of any protocols.
For now it implements only TCP MSS modification. It adds the external
action handler for "tcp-setmss" action.
A rule with tcp-setmss action does additional check for protocol and
TCP flags. If SYN flag is present, it parses TCP options and modifies
MSS option if its value is greater than configured value in the rule.
Then it adjustes TCP checksum if needed. After handling the search
continues with the next rule.
Obtained from: Yandex LLC
MFC after: 2 weeks
Relnotes: yes
Sponsored by: Yandex LLC
No objection from: #network
Differential Revision: https://reviews.freebsd.org/D10150
This opcode can be used to attach some data to external action opcode.
And unlike to O_EXTERNAL_INSTANCE opcode, this opcode does not require
creating of named instance to pass configuration arguments to external
action handler. The data is coming just next to O_EXTERNAL_ACTION opcode.
The userlevel part currenly supports formatting for opcode with ipfw_insn
size, by default it expects u16 numeric value in the arg1.
Obtained from: Yandex LLC
MFC after: 2 weeks
Sponsored by: Yandex LLC
