| created | 2021-05-23T13:28:52Z |
|---|---|
| begin | 2021-05-17T00:00:00Z |
| end | 2021-05-18T00:00:00Z |
| path | src/sys |
| commits | 14 |
| date | 2021-05-17T00:17:26Z | |||
|---|---|---|---|---|
| author | jsg | |||
| files | src/sys/dev/pci/drm/include/linux/workqueue.h | log | diff | annotate |
| message |
return early if work is cancelled before being scheduled cheloha@ noticed that task_del(9) was being called with a NULL taskq from inteldrm(4), which was not noticed as the function returns early from testing a flag in the task. This situation occurs when work is cancelled before it is scheduled. ok kettenis@ cheloha@ |
|||
| date | 2021-05-17T02:18:07Z | |||
|---|---|---|---|---|
| author | jsg | |||
| files | src/sys/dev/pci/drm/radeon/radeon_kms.c | log | diff | annotate |
| message |
drm/radeon: fix copy of uninitialized variable back to userspace From Colin Ian King 8dbc2ccac5a65c5b57e3070e36a3dc97c7970d96 in mainline linux |
|||
| date | 2021-05-17T08:02:20Z | |||
|---|---|---|---|---|
| author | stsp | |||
| files | src/sys/net80211/ieee80211_input.c | log | diff | annotate |
| message |
Prevent frame injection via forged 802.11n A-MSDUs. This mitigates an attack where a single 802.11 frame is interpreted as an A-MSDU because of a forged AMSDU-present bit in the 802.11 QoS frame header. See https://papers.mathyvanhoef.com/usenix2021.pdf section 3.2. MAC address validation is added as an additional measure to prevent hostap clients from sending A-MSDU subframes with a spoofed source address. An earlier version of this patch was reviewed by Mathy Vanhoef, who spotted a bug in my original attempt at preventing spoofed addresses. ok mpi@ |
|||
| date | 2021-05-17T10:09:53Z | |||
|---|---|---|---|---|
| author | claudio | |||
| files | src/sys/netinet6/ip6_input.c | log | diff | annotate |
| message |
Stop setting IPV6_MINMTU in ip6_send() which is used by the ICMP code. Because of this large ping packets where fragmented even if the MTU did not indicate the need for it. This causes some trouble when system do not expect to receive a fragmented answer from a system. One such case is the automated link test from google routers before allowing to establish a BGP peering session with them. In general PMTU problems should be an issue from the past and if not it may be better to also break on ping packets and not only for UDP and TCP. ICMP ping is normaly the first tool in the admins toolbox to figure out network issues. OK phessler@ florian@ bluhm@ |
|||
| date | 2021-05-17T11:44:22Z | |||
|---|---|---|---|---|
| author | stsp | |||
| files | src/sys/net80211/ieee80211_input.c | log | diff | annotate |
| src/sys/net80211/ieee80211_var.h | log | diff | annotate | |
| message | put unused 802.11 fragmentation support code under #ifdef notyet | |||
| date | 2021-05-17T11:59:53Z | |||
|---|---|---|---|---|
| author | visa | |||
| files | src/sys/dev/ic/re.c | log | diff | annotate |
| message |
Fix mbuf leaks after reception error in re_rxeof(). Also, increment the error counter when an unexpected fragment is seen. OK claudio@ |
|||
| date | 2021-05-17T17:06:51Z | |||
|---|---|---|---|---|
| author | claudio | |||
| files | src/sys/kern/uipc_domain.c | log | diff | annotate |
| src/sys/kern/uipc_usrreq.c | log | diff | annotate | |
| src/sys/net/rtsock.c | log | diff | annotate | |
| message |
Increase the default buffer space using on PF_UNIX sockets to 8k. Additionally make the values tuneable via sysctl. OK deraadt@ mvs@ |
|||
| date | 2021-05-17T17:25:13Z | |||
|---|---|---|---|---|
| author | kettenis | |||
| files | src/sys/arch/arm64/arm64/acpi_machdep.c | log | diff | annotate |
| src/sys/arch/arm64/arm64/intr.c | log | diff | annotate | |
| src/sys/arch/arm64/dev/acpipci.c | log | diff | annotate | |
| src/sys/arch/arm64/dev/aplpcie.c | log | diff | annotate | |
| src/sys/arch/arm64/dev/Attic/pciecam.c | log | diff | annotate | |
| src/sys/arch/arm64/include/intr.h | log | diff | annotate | |
| src/sys/arch/arm64/include/pci_machdep.h | log | diff | annotate | |
| src/sys/dev/fdt/bcm2711_pcie.c | log | diff | annotate | |
| src/sys/dev/fdt/dwpcie.c | log | diff | annotate | |
| src/sys/dev/fdt/mvgicp.c | log | diff | annotate | |
| src/sys/dev/fdt/mvicu.c | log | diff | annotate | |
| src/sys/dev/fdt/mvkpcie.c | log | diff | annotate | |
| src/sys/dev/fdt/rkpcie.c | log | diff | annotate | |
| message |
Rename some MD structs by giving them an architecture-neutral name in preparation for sharing PCIe host bridge drivers between arm64 and riscv64. ok mpi@, mlarkin@, patrick@ |
|||
| date | 2021-05-17T17:54:31Z | |||
|---|---|---|---|---|
| author | claudio | |||
| files | src/sys/sys/socket.h | log | diff | annotate |
| src/sys/sys/sysctl.h | log | diff | annotate | |
| message |
Forgot this directory in last commit for the UNIX-domain socket buffer change. |
|||
| date | 2021-05-17T17:58:35Z | |||
|---|---|---|---|---|
| author | claudio | |||
| files | src/sys/net/rtsock.c | log | diff | annotate |
| message | Revert. Last change should not have been committed. | |||
| date | 2021-05-17T19:43:37Z | |||
|---|---|---|---|---|
| author | kettenis | |||
| files | src/sys/dev/fdt/files.fdt | log | diff | annotate |
| src/sys/dev/fdt/pciecam.c | log | diff | annotate | |
| message |
Move pciecam.c to dev/fdt/. ok deraadt@ |
|||
| date | 2021-05-17T19:43:38Z | |||
|---|---|---|---|---|
| author | kettenis | |||
| files | src/sys/arch/arm64/conf/files.arm64 | log | diff | annotate |
| src/sys/arch/arm64/dev/Attic/pciecam.c | log | diff | annotate | |
| message |
Move pciecam.c to dev/fdt/. ok deraadt@ |
|||
| date | 2021-05-17T23:01:26Z | |||
|---|---|---|---|---|
| author | sashan | |||
| files | src/sys/net/pf.c | log | diff | annotate |
| message |
fix state key reference underflow, when sk == skrev the bug has been reported by Sebastien and Olivier Cherrier. it has turned out the pf_state_key_link_reverse() does not grab enough references when both state keys (sk and skrev) are identical. This makes pf to trip assert later, when references are being dropped: panic(ffffffff81dfbc8e) at panic+0x11d __assert(ffffffff81e64b54,ffffffff81e0a6ee,33a,ffffffff81e03b7f) refcnt_rele(fffffd810bf02458) at refcnt_rele+0x6f pf_state_key_unref(fffffd810bf023f0) at pf_state_key_unref+0x21 pf_remove_state(fffffd810c0c4578) at pf_remove_state+0x1fa pf_purge_expired_states(2) at pf_purge_expired_states+0x232 pf_purge(ffffffff82236a30) at pf_purge+0x33 taskq_thread(ffff800000032080) at taskq_thread+0x81 fixed tested by Olivier Cherrier and semarie@ OK semarie@ |
|||
| date | 2021-05-17T23:36:40Z | |||
|---|---|---|---|---|
| author | dv | |||
| files | src/sys/arch/amd64/amd64/vmm.c | log | diff | annotate |
| message |
vmm(4): fix race condition related to incorrect physical cpu tracking The race condition results in vmread errors when disabling interrupt window exiting. The vmd(8) guest gets an EINVAL response to it's VMM_IOC_RUN ioctl and aborts, sending the guest to an abrupt end. Similarly to the recent SVM commit, this changes the vcpu run loop logic to check for resuming on a different cpu. If so, the VMCS is loaded onto the new cpu. Instead of using just a "resume" flag, the real reason (other than cpu switch) that would require reloading the VMCS is vmm may have cleared the VMCS before yielding to the scheduler. The "resume" flag is still used in vmx_enter_guest to toggle between vmlaunch/vmresume calls, but is no longer the arbiter of if vmm reloads the VMCS or not. A more subtle race condition still exists related to clearing the VMCS on the previous cpu, but that's for a future commit. OK mlarkin@ |
|||