| created | 2024-04-20T21:35:08Z |
|---|---|
| begin | 2024-04-16T00:00:00Z |
| end | 2024-04-17T00:00:00Z |
| path | src/sys |
| commits | 7 |
| date | 2024-04-16T08:53:02Z | |||
|---|---|---|---|---|
| author | mpi | |||
| files | src/sys/uvm/uvm_amap.c | log | diff | annotate |
| message |
Prevent a NULL dereference in error code path. Under memory pressure allocating an amap chunk can fail. In such case it is not possible to call amap_wipeout() because the newly allocated amap isn't yet on the global list. Issue reported by bluhm@, ok jsg@ |
|||
| date | 2024-04-16T10:04:41Z | |||
|---|---|---|---|---|
| author | claudio | |||
| files | src/sys/ufs/mfs/mfs_vnops.c | log | diff | annotate |
| message |
Call bufq_destroy() in mfs_reclaim() before freeing the mfsnode. This fixes a use-after-free bug in bufq_quiesce() once a mfs partition was unmounted. OK mpi@ deraadt@ |
|||
| date | 2024-04-16T10:06:37Z | |||
|---|---|---|---|---|
| author | claudio | |||
| files | src/sys/uvm/uvm_swap.c | log | diff | annotate |
| message |
Call bufq_destroy() in swap_off for the VREG case since swap_on() called bufq_init(). Similar issue as the use-after-free in mfs. Missing call noticed by jsg@ OK deraadt@ mpi@ |
|||
| date | 2024-04-16T12:40:40Z | |||
|---|---|---|---|---|
| author | bluhm | |||
| files | src/sys/netinet6/in6_proto.c | log | diff | annotate |
| src/sys/netinet6/raw_ip6.c | log | diff | annotate | |
| message |
Run raw IPv6 input in parallel. Get rip6_input() in the same shape as rip_input(). Call soisdisconnected() from rip6_disconnect(). This means that the raw IP socket cannot be reconnected later. Now raw IPv6 behaves like IPv4 in this regard, KAME code is quite inconsistent here. Also make sure that there is no race between disconnect, input and wakeup. The inpcb fileds inp_icmp6filt and inp_cksum6 are protected by exclusive net lock in icmp6_ctloutput(). With all that, mark raw IPv6 sockets to handle input in parallel. OK mvs@ |
|||
| date | 2024-04-16T12:56:39Z | |||
|---|---|---|---|---|
| author | bluhm | |||
| files | src/sys/netinet/ip_input.c | log | diff | annotate |
| src/sys/netinet/ip_var.h | log | diff | annotate | |
| src/sys/netinet6/ip6_forward.c | log | diff | annotate | |
| src/sys/netinet6/ip6_input.c | log | diff | annotate | |
| src/sys/netinet6/ip6_output.c | log | diff | annotate | |
| src/sys/netinet6/ip6_var.h | log | diff | annotate | |
| message |
Use route cache function in IP input. Instaed of passing a struct rtentry from ip_input() to ip_forward() and then embed it into a struct route for ip_output(), start with struct route and pass it along. Then the route cache is used consistently. Also the route cache hit and missed counters should reflect reality after this commit. There is a small difference in the code. in_ouraddr() checks for NULL and not rtisvalid(). Previous discussion showed that the route RTF_UP flag should only be considered for multipath routing. Otherwise it does not mean anything. Especially the local and broadcast check in in_ouraddr() should not be affected by interface link status. When doing cache lookups, route must be valid, but after rtalloc_mpath() lookup, use any route that route_mpath() returns. OK claudio@ |
|||
| date | 2024-04-16T14:37:49Z | |||
|---|---|---|---|---|
| author | florian | |||
| files | src/sys/netinet6/in6.c | log | diff | annotate |
| message |
Destination addresses make no sense on loopback interfaces. While here use (variable & FLAG) or !(variable & FLAG) consistently in in6_update_ifa(). Discussed with claudio OK denis |
|||
| date | 2024-04-16T17:15:15Z | |||
|---|---|---|---|---|
| author | fcambus | |||
| files | src/sys/dev/wsfont/spleen32x64.h | log | diff | annotate |
| message |
Update Spleen kernel fonts to version 2.1.0, bringing the following improvements: - Fix latin small letter 'u' smoothing in the 32x64 version |
|||