| created | 2024-03-10T03:45:16Z |
|---|---|
| begin | 2024-03-05T00:00:00Z |
| end | 2024-03-06T00:00:00Z |
| path | src/sys |
| commits | 4 |
| date | 2024-03-05T09:45:13Z | |||
|---|---|---|---|---|
| author | bluhm | |||
| files | src/sys/netinet/ip_divert.c | log | diff | annotate |
| src/sys/netinet/ip_var.h | log | diff | annotate | |
| src/sys/netinet/raw_ip.c | log | diff | annotate | |
| message |
Validate IPv4 packet options in divert output. When sending raw packets over divert socket, IP options were not validated. Fragment code tries to copy them and crashes. Raw IP output has a similar feature, but uses rip_chkhdr() to prevent invalid packets from userland. Call this funtion also from divert_output() for strict user input validation. Reported-by: [email protected] OK dlg@ deraadt@ mvs@ |
|||
| date | 2024-03-05T17:48:01Z | |||
|---|---|---|---|---|
| author | mvs | |||
| files | src/sys/net/if_wg.c | log | diff | annotate |
| src/sys/net/wg_noise.c | log | diff | annotate | |
| src/sys/net/wg_noise.h | log | diff | annotate | |
| message |
Convert `t_lock', `r_keypair_lock' and `c_lock' rwlock(9)s to corresponding mutex(9)es. ifq_start() and following wg_qstart() could be called from software interrupt context if bandwidth control is enabled in pf.conf(5). Remove sleep points provided by rwlock(9)s from wg(4) output start routine. looks ok claudio |
|||
| date | 2024-03-05T18:42:20Z | |||
|---|---|---|---|---|
| author | kettenis | |||
| files | src/sys/arch/arm64/arm64/cpu.c | log | diff | annotate |
| src/sys/arch/arm64/include/armreg.h | log | diff | annotate | |
| message |
Tighten up BTCFI by flipping the bits that make PACIASP and PACIBSP behave like BTI c instead of BTI jc. ok deraadt@, tobhe@ |
|||
| date | 2024-03-05T18:52:41Z | |||
|---|---|---|---|---|
| author | bluhm | |||
| files | src/sys/kern/uipc_mbuf.c | log | diff | annotate |
| message |
Revert m_defrag() mbuf alignment to IP header. m_defrag() is intended as last resort to make DMA transfers to the hardware. Therefore page alingment is more important than IP header alignment. The reason, why the mbuf returned by m_defrag() was switched to IP header alingment, was that ether_extract_headers() failed in em(4) driver with TSO on sparc64. This has been fixed by using memcpy(). The alignment change in m_defrag() is too late in the 7.5 relaese process. It may affect several drivers on different architectures. Bus dmamap for ixl(4) on sun4v expects page alignment. Such alignment issues and TSO mbuf mapping for IOMMU need more thought. OK deraadt@ |
|||