freebsd-skq/sys/kern
Dag-Erling Smørgrav 1a05c762b9 Fix the length calculation for the final block of a sendfile(2)
transmission which could be tricked into rounding up to the nearest
page size, leaking up to a page of kernel memory.  [13:11]

In IPv6 and NetATM, stop SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR
and SIOCSIFNETMASK at the socket layer rather than pass them on to the
link layer without validation or credential checks.  [SA-13:12]

Prevent cross-mount hardlinks between different nullfs mounts of the
same underlying filesystem.  [SA-13:13]

Security:	CVE-2013-5666
Security:	FreeBSD-SA-13:11.sendfile
Security:	CVE-2013-5691
Security:	FreeBSD-SA-13:12.ifioctl
Security:	CVE-2013-5710
Security:	FreeBSD-SA-13:13.nullfs
Approved by:	re
2013-09-10 10:05:59 +00:00
..
bus_if.m
capabilities.conf Sort properly. 2013-09-07 19:16:02 +00:00
clock_if.m
cpufreq_if.m
device_if.m
dtio_kdtrace.c
genassym.sh
imgact_aout.c
imgact_elf32.c
imgact_elf64.c
imgact_elf.c Add a mmap flag (MAP_32BIT) on 64-bit platforms to request that a mapping use 2013-09-09 18:11:59 +00:00
imgact_gzip.c Add a mmap flag (MAP_32BIT) on 64-bit platforms to request that a mapping use 2013-09-09 18:11:59 +00:00
imgact_shell.c
inflate.c
init_main.c Add a mmap flag (MAP_32BIT) on 64-bit platforms to request that a mapping use 2013-09-09 18:11:59 +00:00
init_sysent.c Regenerate after r255219. 2013-09-05 00:11:59 +00:00
kern_acct.c acct: create a special plimit object and set it for exiting processes 2013-06-30 19:08:06 +00:00
kern_alq.c The fix committed in r250951 replaced the reported panic with a deadlock... gold 2013-06-17 09:49:07 +00:00
kern_clock.c Correct a bug that prevented deadlkres from (almost) ever firing. 2013-06-28 15:55:30 +00:00
kern_clocksource.c - Make callout(9) tickless, relying on eventtimers(4) as backend for 2013-03-04 11:09:56 +00:00
kern_condvar.c MFcalloutng: 2013-03-04 12:20:48 +00:00
kern_conf.c Reject spaces and double quotation marks in device names. devctl(4) 2012-12-22 13:33:28 +00:00
kern_cons.c
kern_context.c
kern_cpu.c
kern_cpuset.c Several improvements to rmlock(9). Many of these are based on patches 2013-06-25 18:44:15 +00:00
kern_ctf.c
kern_descrip.c Handle cases where capability rights are not provided. 2013-09-05 11:58:12 +00:00
kern_dtrace.c
kern_environment.c r249408 and r249436 cause a NULL pointer dereference on the CUBIEBOARD 2013-04-16 22:09:08 +00:00
kern_et.c Fix incorrect assertion that caused panic when periodic-only timers used. 2013-03-13 06:42:01 +00:00
kern_event.c Change the cap_rights_t type from uint64_t to a structure that we can extend 2013-09-05 00:09:56 +00:00
kern_exec.c Change the cap_rights_t type from uint64_t to a structure that we can extend 2013-09-05 00:09:56 +00:00
kern_exit.c Specify SDT probe argument types in the probe definition itself rather than 2013-08-15 04:08:55 +00:00
kern_fail.c
kern_ffclock.c
kern_fork.c Specify SDT probe argument types in the probe definition itself rather than 2013-08-15 04:08:55 +00:00
kern_gzio.c
kern_hhook.c Move hhook's per-vnet initialisation to an earlier SYSINIT SI_SUB stage to 2013-06-15 10:08:34 +00:00
kern_idle.c
kern_intr.c Snapshot; Do some running repairs on entropy harvesting. More needs to follow. 2013-08-26 18:35:21 +00:00
kern_jail.c Keep PRIV_KMEM_READ permitted inside jails as it is on the outside. 2013-09-06 17:32:29 +00:00
kern_khelp.c Cleanup and simplification in khelp_{register|deregister}_helper(). No 2013-06-15 06:45:17 +00:00
kern_kthread.c Do not use potentially stale thread in kthread_add() 2013-08-17 17:02:43 +00:00
kern_ktr.c ktr: correctly handle possible wrap-around in the boot buffer 2013-02-08 07:29:07 +00:00
kern_ktrace.c Change the cap_rights_t type from uint64_t to a structure that we can extend 2013-09-05 00:09:56 +00:00
kern_linker.c Rename the kld_unload event handler to kld_unload_try, and add a new 2013-08-24 21:13:38 +00:00
kern_lock.c A few mostly cosmetic nits to aid in debugging: 2013-06-25 20:23:08 +00:00
kern_lockf.c
kern_lockstat.c
kern_loginclass.c
kern_malloc.c - Disable quantum caches on the kmem_arena. This can make fragmentation 2013-08-13 22:41:24 +00:00
kern_mbuf.c Fixing a small typo. 2013-09-05 18:18:23 +00:00
kern_mib.c fix some fat-fingering in r246246 2013-02-02 14:19:50 +00:00
kern_module.c
kern_mtxpool.c
kern_mutex.c Give mutex(9) the ability to recurse on a per-instance basis. 2013-08-09 11:24:29 +00:00
kern_ntptime.c rename scheduler->swapper and SI_SUB_RUN_SCHEDULER->SI_SUB_LAST 2013-07-24 09:45:31 +00:00
kern_osd.c
kern_physio.c Fix some issues in change 254760 pointed out by Bruce Evans: 2013-08-29 16:41:40 +00:00
kern_pmc.c
kern_poll.c Remove unsigned comparison < 0 2013-08-07 07:22:56 +00:00
kern_priv.c Make the comments a little more clear about PRIV_KMEM_*, explicitly 2013-07-06 00:10:52 +00:00
kern_proc.c Add the ability to display the default FIB number for a process to the 2013-08-26 23:48:21 +00:00
kern_prot.c
kern_racct.c Accessing td_state requires thread lock to be held. 2013-03-14 23:20:18 +00:00
kern_rangelock.c Change the queue of locks in kern_rangelock.c from holding lock requests in 2013-08-15 20:19:17 +00:00
kern_rctl.c
kern_resource.c Call sched_prio() to immediately change the priority of the thread in 2013-03-07 02:53:29 +00:00
kern_rmlock.c Fix build with INVARIANT_SUPPORT enabled but not INVARIANTS. 2013-07-08 21:17:20 +00:00
kern_rwlock.c A few mostly cosmetic nits to aid in debugging: 2013-06-25 20:23:08 +00:00
kern_sdt.c FreeBSD's DTrace implementation has a few problems with respect to handling 2013-08-13 03:10:39 +00:00
kern_sema.c
kern_sharedpage.c Remove the deprecated VM_ALLOC_RETRY flag for the vm_page_grab(9). 2013-08-22 07:39:53 +00:00
kern_shutdown.c Switch the vm_object mutex to be a rwlock. This will enable in the 2013-03-09 02:32:23 +00:00
kern_sig.c Change the cap_rights_t type from uint64_t to a structure that we can extend 2013-09-05 00:09:56 +00:00
kern_switch.c Add a comment on why inlining critical_enter() may not be a good idea 2012-12-09 04:54:22 +00:00
kern_sx.c A few mostly cosmetic nits to aid in debugging: 2013-06-25 20:23:08 +00:00
kern_synch.c Simplify pause_sbt() logic. Don't call DELAY() if remainder is less 2013-08-30 10:39:56 +00:00
kern_syscalls.c
kern_sysctl.c Add a helpful message that can help point to why a sysctl tree removal failed 2013-08-09 01:04:44 +00:00
kern_tc.c - Make callout(9) tickless, relying on eventtimers(4) as backend for 2013-03-04 11:09:56 +00:00
kern_thr.c
kern_thread.c Another NFS SIGSTOP related fix: Ignore thread suspend requests due to 2013-03-21 14:06:27 +00:00
kern_time.c Implement compat32 wrappers for the ktimer_* syscalls. 2013-07-21 19:43:52 +00:00
kern_timeout.c Specify SDT probe argument types in the probe definition itself rather than 2013-08-15 04:08:55 +00:00
kern_umtx.c Fix two issues with the spin loops in the umtx(2) implementation. 2013-06-13 09:33:22 +00:00
kern_uuid.c Further restrict the MAC addresses that we use for UUID generation 2013-07-24 18:13:43 +00:00
kern_xxx.c
ksched.c
link_elf_obj.c Add a mmap flag (MAP_32BIT) on 64-bit platforms to request that a mapping use 2013-09-09 18:11:59 +00:00
link_elf.c Add a mmap flag (MAP_32BIT) on 64-bit platforms to request that a mapping use 2013-09-09 18:11:59 +00:00
linker_if.m
Make.tags.inc - Trim an unused and bogus Makefile for mount_smbfs. 2013-06-28 21:00:08 +00:00
Makefile
makesyscalls.sh
md4c.c
md5c.c
p1003_1b.c
posix4_mib.c
sched_4bsd.c rename scheduler->swapper and SI_SUB_RUN_SCHEDULER->SI_SUB_LAST 2013-07-24 09:45:31 +00:00
sched_ule.c Micro-optimize cpu_search(), allowing compiler to use more efficient inline 2013-09-07 15:16:30 +00:00
serdev_if.m
stack_protector.c
subr_acl_nfs4.c
subr_acl_posix1e.c
subr_autoconf.c
subr_blist.c Remove reference to the rlist code from comments, and fix a typo visible 2013-02-05 20:08:33 +00:00
subr_bufring.c
subr_bus_dma.c Move an assertion to the right spot; only bus_dmamap_load_mbuf(9) 2013-06-01 11:42:47 +00:00
subr_bus.c Allow drivers to return BUS_PROBE_NOWILDCARD from their attach routine to 2013-08-08 19:30:49 +00:00
subr_busdma_bufalloc.c Replace kernel virtual address space allocation with vmem. This provides 2013-08-07 06:21:20 +00:00
subr_capability.c Fix panic in cap_rights_is_valid() when invalid rights are provided - 2013-09-07 19:03:16 +00:00
subr_clock.c
subr_counter.c Revert r249590 and in case if mp_ncpus isn't initialized use MAXCPU. This 2013-07-23 11:16:40 +00:00
subr_devstat.c
subr_disk.c
subr_dummy_vdso_tc.c
subr_eventhandler.c
subr_fattime.c
subr_firmware.c
subr_hash.c
subr_hints.c
subr_kdb.c
subr_kobj.c
subr_lock.c Several improvements to rmlock(9). Many of these are based on patches 2013-06-25 18:44:15 +00:00
subr_log.c MFcalloutng (r244255 by mav, with minor changes): 2013-03-04 16:07:55 +00:00
subr_mbpool.c Give (*ext_free) an int return value allowing for very sophisticated 2013-08-25 10:57:09 +00:00
subr_mchain.c Mechanically substitute flags from historic mbuf allocator with 2012-12-05 08:04:20 +00:00
subr_module.c
subr_msgbuf.c
subr_param.c Implement the concept of the unmapped VMIO buffers, i.e. buffers which 2013-03-19 14:13:12 +00:00
subr_pcpu.c
subr_pctrie.c - Add a new general purpose path-compressed radix trie which can be used 2013-05-12 04:05:01 +00:00
subr_power.c
subr_prf.c Add a vtprintf. It is to tprintf what vprintf is to printf. 2013-09-07 07:53:21 +00:00
subr_prof.c
subr_rman.c
subr_rtc.c
subr_sbuf.c A library function shall not set errno to 0. 2013-05-16 18:13:10 +00:00
subr_scanf.c
subr_sglist.c
subr_sleepqueue.c Partially revert r195702. Deferring stops is now implemented via a set of 2013-03-18 17:23:58 +00:00
subr_smp.c - Correctly handle EWOULDBLOCK in quiesce_cpus 2012-12-19 20:08:06 +00:00
subr_stack.c
subr_syscall.c Fix build on ARM (and probably other platforms) 2012-12-28 06:52:53 +00:00
subr_taskqueue.c MFprojects/camlock r254460: 2013-08-24 14:41:49 +00:00
subr_trap.c Partially revert r195702. Deferring stops is now implemented via a set of 2013-03-18 17:23:58 +00:00
subr_turnstile.c Update the comment: we do show the backtrace of misbehaving thread. 2013-02-17 21:37:32 +00:00
subr_uio.c On all the architectures, avoid to preallocate the physical memory 2013-08-09 11:28:55 +00:00
subr_unit.c Move the definition of the struct unrhdr into a separate header file, 2013-08-30 07:37:45 +00:00
subr_vmem.c Added sysctl to turn off calls to vmem_check(). 2013-08-20 11:06:56 +00:00
subr_witness.c Trim a couple of panic messages. 2013-09-04 11:52:28 +00:00
sys_capability.c This looks like a typo that breaks the build. Yell at me if this isn't the 2013-09-05 03:36:57 +00:00
sys_generic.c Restore builds on architectures that don't support CAPABILITIES (mips). 2013-09-05 03:46:44 +00:00
sys_pipe.c Add a mmap flag (MAP_32BIT) on 64-bit platforms to request that a mapping use 2013-09-09 18:11:59 +00:00
sys_procdesc.c Change the cap_rights_t type from uint64_t to a structure that we can extend 2013-09-05 00:09:56 +00:00
sys_process.c Revert r253939: 2013-08-05 08:55:35 +00:00
sys_socket.c Make sendfile() a method in the struct fileops. Currently only 2013-08-15 07:54:31 +00:00
syscalls.c Regenerate after r255219. 2013-09-05 00:11:59 +00:00
syscalls.master Change the cap_rights_t type from uint64_t to a structure that we can extend 2013-09-05 00:09:56 +00:00
systrace_args.c Regenerate after r255219. 2013-09-05 00:11:59 +00:00
sysv_ipc.c
sysv_msg.c
sysv_sem.c
sysv_shm.c Add a mmap flag (MAP_32BIT) on 64-bit platforms to request that a mapping use 2013-09-09 18:11:59 +00:00
tty_compat.c
tty_info.c
tty_inq.c
tty_outq.c
tty_pts.c Make sendfile() a method in the struct fileops. Currently only 2013-08-15 07:54:31 +00:00
tty_tty.c
tty_ttydisc.c
tty.c Change the cap_rights_t type from uint64_t to a structure that we can extend 2013-09-05 00:09:56 +00:00
uipc_accf.c
uipc_cow.c Give (*ext_free) an int return value allowing for very sophisticated 2013-08-25 10:57:09 +00:00
uipc_debug.c Fix socket buffer timeouts precision using the new sbintime_t KPI instead 2013-09-01 23:34:53 +00:00
uipc_domain.c - Implement two new system calls: 2013-03-02 21:11:30 +00:00
uipc_mbuf2.c Mechanically substitute flags from historic mbuf allocator with 2012-12-05 08:04:20 +00:00
uipc_mbuf.c Pad m_hdr on 32bit architectures to to prevent alignment and padding 2013-08-27 20:52:02 +00:00
uipc_mqueue.c Fix !CAPABILITIES build. 2013-09-05 10:24:09 +00:00
uipc_sem.c Change the cap_rights_t type from uint64_t to a structure that we can extend 2013-09-05 00:09:56 +00:00
uipc_shm.c Add a mmap flag (MAP_32BIT) on 64-bit platforms to request that a mapping use 2013-09-09 18:11:59 +00:00
uipc_sockbuf.c Fix socket buffer timeouts precision using the new sbintime_t KPI instead 2013-09-01 23:34:53 +00:00
uipc_socket.c Fix socket buffer timeouts precision using the new sbintime_t KPI instead 2013-09-01 23:34:53 +00:00
uipc_syscalls.c Fix the length calculation for the final block of a sendfile(2) 2013-09-10 10:05:59 +00:00
uipc_usrreq.c Change the cap_rights_t type from uint64_t to a structure that we can extend 2013-09-05 00:09:56 +00:00
vfs_acl.c Change the cap_rights_t type from uint64_t to a structure that we can extend 2013-09-05 00:09:56 +00:00
vfs_aio.c The fget() function now takes pointer to cap_rights_t, so change 0 to NULL. 2013-09-05 11:59:23 +00:00
vfs_bio.c Drain for the xbusy state for two places which potentially do 2013-09-08 17:51:22 +00:00
vfs_cache.c namecache sdt: freebsd doesn't support structured characters yet 2013-07-09 08:58:34 +00:00
vfs_cluster.c When allocating a pbuf for the cluster write, do not sleep waiting 2013-08-27 01:31:12 +00:00
vfs_default.c - Convert the bufobj lock to rwlock. 2013-05-31 00:43:41 +00:00
vfs_export.c Further refine the handling of stop signals in the NFS client. The 2013-02-21 19:02:50 +00:00
vfs_extattr.c Change the cap_rights_t type from uint64_t to a structure that we can extend 2013-09-05 00:09:56 +00:00
vfs_hash.c Add exported vfs_hash_index() function, which calculates the canonical 2013-01-14 05:41:40 +00:00
vfs_init.c Revert accidental commit. 2013-06-29 05:05:57 +00:00
vfs_lookup.c Change the cap_rights_t type from uint64_t to a structure that we can extend 2013-09-05 00:09:56 +00:00
vfs_mount.c Forced dismounts of NFS mounts can fail when thread(s) are stuck 2013-09-01 23:02:59 +00:00
vfs_mountroot.c In r243868, the error message buffer errmsg have been changed from 2013-09-09 05:01:18 +00:00
vfs_subr.c In r114945 the line 'nmp = TAILQ_NEXT(mp, mnt_list);' was duplicated. 2013-08-17 14:13:45 +00:00
vfs_syscalls.c Correct the logic broken in my last commit. 2013-09-05 09:36:19 +00:00
vfs_vnops.c Make the seek a method of the struct fileops. 2013-08-21 17:36:01 +00:00
vnode_if.src