| created | 2019-12-16T18:04:57Z |
|---|---|
| begin | 2019-12-04T00:00:00Z |
| end | 2019-12-05T00:00:00Z |
| path | src/sys |
| commits | 4 |
| date | 2019-12-04T08:17:30Z | |||
|---|---|---|---|---|
| author | mlarkin | |||
| files | src/sys/arch/amd64/amd64/vmm.c | log | diff | annotate |
| message |
Fix uvm_unmap_remove panic when tearing down VMs. Type confusion when tearing down a vmm(4) VM's vm_map led UVM to interpret the vm_map as a struct uvmspace, and occasionally fail. stefan@ pointed out the root cause a while back but I never had time to look at this until now. Syzkaller also found a reproducer for this, so the "Reported by" line below is a clue to let it know to close that bug. idea by, and ok stefan@ also ok anton@ Reported-by: [email protected] |
|||
| date | 2019-12-04T08:28:29Z | |||
|---|---|---|---|---|
| author | mlarkin | |||
| files | src/sys/uvm/uvm_map.c | log | diff | annotate |
| message |
Fix a bad offset calculation in uvm_share. Syzkaller found a bug in uvm_share when using a vmd(8) mmap region with an offset that ended up making an overlap with a previous vmm(4) uvm_map range. This diff reworks the range and offset calculation in uvm_share. Only vmm(4) uses this, so there should be no visible effects outside vmm(4) environments. Syzkaller also went sorta crazy on this one, finding multiple reproducers for the same bug with just slightly different parameters, thus the multiple "Reported-by" lines below. ok stefan@, anton@ Reported-by: [email protected] Reported-by: [email protected] Reported-by: [email protected] Reported-by: [email protected] |
|||
| date | 2019-12-04T10:22:05Z | |||
|---|---|---|---|---|
| author | mpi | |||
| files | src/sys/scsi/scsi_base.c | log | diff | annotate |
| message |
Convert infinite sleeps to {m,t}sleep_nsec(9). ok krw@, jca@ |
|||
| date | 2019-12-04T20:21:35Z | |||
|---|---|---|---|---|
| author | fcambus | |||
| files | src/sys/dev/pci/autri.c | log | diff | annotate |
| message |
Add sizes for free() in autri(4). OK mpi@ |
|||