From owner-svn-src-stable-9@FreeBSD.ORG Mon Dec 8 09:48:47 2014 Return-Path: Delivered-To: svn-src-stable-9@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3F6CC44E; Mon, 8 Dec 2014 09:48:47 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2BD07800; Mon, 8 Dec 2014 09:48:47 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id sB89ml6G003471; Mon, 8 Dec 2014 09:48:47 GMT (envelope-from mav@FreeBSD.org) Received: (from mav@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id sB89mlOW003470; Mon, 8 Dec 2014 09:48:47 GMT (envelope-from mav@FreeBSD.org) Message-Id: <201412080948.sB89mlOW003470@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: mav set sender to mav@FreeBSD.org using -f From: Alexander Motin Date: Mon, 8 Dec 2014 09:48:47 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r275604 - stable/9/sys/cam X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Dec 2014 09:48:47 -0000 Author: mav Date: Mon Dec 8 09:48:46 2014 New Revision: 275604 URL: https://svnweb.freebsd.org/changeset/base/275604 Log: MFC r275368: When passing LUN IDs through treat ASCII values as fixed-length, not interpreating NULLs as EOLs, but converting them to spaces. SPC-4 does not tell that T10-based IDs should be NULL-terminated/padded. And while it tells that it should include only ASCII chars (0x20-0x7F), there are some USB sticks (SanDisk Ultra Fit), that have NULLs inside the value. Treating NULLs as EOLs there made those LUN IDs non-unique. Modified: stable/9/sys/cam/cam_xpt.c Directory Properties: stable/9/ (props changed) stable/9/sys/ (props changed) Modified: stable/9/sys/cam/cam_xpt.c ============================================================================== --- stable/9/sys/cam/cam_xpt.c Mon Dec 8 09:47:49 2014 (r275603) +++ stable/9/sys/cam/cam_xpt.c Mon Dec 8 09:48:46 2014 (r275604) @@ -1158,8 +1158,15 @@ xpt_getattr(char *buf, size_t len, const if (idd == NULL) goto out; ret = 0; - if ((idd->proto_codeset & SVPD_ID_CODESET_MASK) == SVPD_ID_CODESET_ASCII || - (idd->proto_codeset & SVPD_ID_CODESET_MASK) == SVPD_ID_CODESET_UTF8) { + if ((idd->proto_codeset & SVPD_ID_CODESET_MASK) == SVPD_ID_CODESET_ASCII) { + if (idd->length < len) { + for (l = 0; l < idd->length; l++) + buf[l] = idd->identifier[l] ? + idd->identifier[l] : ' '; + buf[l] = 0; + } else + ret = EFAULT; + } else if ((idd->proto_codeset & SVPD_ID_CODESET_MASK) == SVPD_ID_CODESET_UTF8) { l = strnlen(idd->identifier, idd->length); if (l < len) { bcopy(idd->identifier, buf, l); From owner-svn-src-stable-9@FreeBSD.ORG Mon Dec 8 12:30:41 2014 Return-Path: Delivered-To: svn-src-stable-9@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1D592C13; Mon, 8 Dec 2014 12:30:41 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 08ECABFF; Mon, 8 Dec 2014 12:30:41 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id sB8CUewY079974; Mon, 8 Dec 2014 12:30:40 GMT (envelope-from melifaro@FreeBSD.org) Received: (from melifaro@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id sB8CUe8t079973; Mon, 8 Dec 2014 12:30:40 GMT (envelope-from melifaro@FreeBSD.org) Message-Id: <201412081230.sB8CUe8t079973@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: melifaro set sender to melifaro@FreeBSD.org using -f From: "Alexander V. Chernikov" Date: Mon, 8 Dec 2014 12:30:40 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r275608 - stable/9/sys/net X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Dec 2014 12:30:41 -0000 Author: melifaro Date: Mon Dec 8 12:30:40 2014 New Revision: 275608 URL: https://svnweb.freebsd.org/changeset/base/275608 Log: Merge r267361: Improve logic besides net.bpf.optimize_writers. Direct bpf(4) consumers should now work fine with this tunable turned on. In fact, the only case when optimized_writers can change program behavior is direct bpf(4) consumer setting its read filter to catch-all one. Sponsored by: Yandex LLC Modified: stable/9/sys/net/bpf.c Directory Properties: stable/9/sys/ (props changed) stable/9/sys/net/ (props changed) Modified: stable/9/sys/net/bpf.c ============================================================================== --- stable/9/sys/net/bpf.c Mon Dec 8 11:28:08 2014 (r275607) +++ stable/9/sys/net/bpf.c Mon Dec 8 12:30:40 2014 (r275608) @@ -659,6 +659,67 @@ bpf_attachd(struct bpf_d *d, struct bpf_ } /* + * Check if we need to upgrade our descriptor @d from write-only mode. + */ +static int +bpf_check_upgrade(u_long cmd, struct bpf_d *d, struct bpf_insn *fcode, int flen) +{ + int is_snap, need_upgrade; + + /* + * Check if we've already upgraded or new filter is empty. + */ + if (d->bd_writer == 0 || fcode == NULL) + return (0); + + need_upgrade = 0; + + /* + * Check if cmd looks like snaplen setting from + * pcap_bpf.c:pcap_open_live(). + * Note we're not checking .k value here: + * while pcap_open_live() definitely sets to to non-zero value, + * we'd prefer to treat k=0 (deny ALL) case the same way: e.g. + * do not consider upgrading immediately + */ + if (cmd == BIOCSETF && flen == 1 && fcode[0].code == (BPF_RET | BPF_K)) + is_snap = 1; + else + is_snap = 0; + + if (is_snap == 0) { + /* + * We're setting first filter and it doesn't look like + * setting snaplen. We're probably using bpf directly. + * Upgrade immediately. + */ + need_upgrade = 1; + } else { + /* + * Do not require upgrade by first BIOCSETF + * (used to set snaplen) by pcap_open_live(). + */ + + if (--d->bd_writer == 0) { + /* + * First snaplen filter has already + * been set. This is probably catch-all + * filter + */ + need_upgrade = 1; + } + } + + CTR5(KTR_NET, + "%s: filter function set by pid %d, " + "bd_writer counter %d, snap %d upgrade %d", + __func__, d->bd_pid, d->bd_writer, + is_snap, need_upgrade); + + return (need_upgrade); +} + +/* * Add d to the list of active bp filters. * Reuqires bpf_attachd() to be called before */ @@ -1818,17 +1879,7 @@ bpf_setf(struct bpf_d *d, struct bpf_pro if (cmd == BIOCSETF) reset_d(d); - if (fcode != NULL) { - /* - * Do not require upgrade by first BIOCSETF - * (used to set snaplen) by pcap_open_live(). - */ - if (d->bd_writer != 0 && --d->bd_writer == 0) - need_upgrade = 1; - CTR4(KTR_NET, "%s: filter function set by pid %d, " - "bd_writer counter %d, need_upgrade %d", - __func__, d->bd_pid, d->bd_writer, need_upgrade); - } + need_upgrade = bpf_check_upgrade(cmd, d, fcode, flen); } BPFD_UNLOCK(d); if (d->bd_bif != NULL) @@ -1841,7 +1892,7 @@ bpf_setf(struct bpf_d *d, struct bpf_pro #endif /* Move d to active readers list. */ - if (need_upgrade) + if (need_upgrade != 0) bpf_upgraded(d); BPF_UNLOCK(); From owner-svn-src-stable-9@FreeBSD.ORG Tue Dec 9 00:47:47 2014 Return-Path: Delivered-To: svn-src-stable-9@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 75630964; Tue, 9 Dec 2014 00:47:47 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 56457BE7; Tue, 9 Dec 2014 00:47:47 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id sB90llP7065424; Tue, 9 Dec 2014 00:47:47 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id sB90llHM065423; Tue, 9 Dec 2014 00:47:47 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201412090047.sB90llHM065423@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Tue, 9 Dec 2014 00:47:47 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r275627 - stable/9/lib/libc/gen X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Dec 2014 00:47:47 -0000 Author: delphij Date: Tue Dec 9 00:47:46 2014 New Revision: 275627 URL: https://svnweb.freebsd.org/changeset/base/275627 Log: MFC r275071: Reinstitate send() after syslogd restarts. In r228193 the test of CONNPRIV have been moved to before the _usleep and send in vsyslog(). When syslogd restarts, this would prevent the message being logged after the disconnect/connect dance for scenario #1. PR: 194751 Submitted by: Peter Creath Reviewed By: glebius Modified: stable/9/lib/libc/gen/syslog.c Directory Properties: stable/9/lib/libc/ (props changed) Modified: stable/9/lib/libc/gen/syslog.c ============================================================================== --- stable/9/lib/libc/gen/syslog.c Tue Dec 9 00:47:02 2014 (r275626) +++ stable/9/lib/libc/gen/syslog.c Tue Dec 9 00:47:46 2014 (r275627) @@ -261,26 +261,45 @@ vsyslog(int pri, const char *fmt, va_lis connectlog(); /* - * If the send() failed, there are two likely scenarios: + * If the send() fails, there are two likely scenarios: * 1) syslogd was restarted * 2) /var/run/log is out of socket buffer space, which * in most cases means local DoS. - * We attempt to reconnect to /var/run/log[priv] to take care of - * case #1 and keep send()ing data to cover case #2 - * to give syslogd a chance to empty its socket buffer. + * If the error does not indicate a full buffer, we address + * case #1 by attempting to reconnect to /var/run/log[priv] + * and resending the message once. * - * If we are working with a priveleged socket, then take - * only one attempt, because we don't want to freeze a + * If we are working with a privileged socket, the retry + * attempts end there, because we don't want to freeze a * critical application like su(1) or sshd(8). * + * Otherwise, we address case #2 by repeatedly retrying the + * send() to give syslogd a chance to empty its socket buffer. */ if (send(LogFile, tbuf, cnt, 0) < 0) { if (errno != ENOBUFS) { + /* + * Scenario 1: syslogd was restarted + * reconnect and resend once + */ disconnectlog(); connectlog(); + if (send(LogFile, tbuf, cnt, 0) >= 0) { + THREAD_UNLOCK(); + return; + } + /* + * if the resend failed, fall through to + * possible scenario 2 + */ } - do { + while (errno == ENOBUFS) { + /* + * Scenario 2: out of socket buffer space + * possible DoS, fail fast on a privileged + * socket + */ if (status == CONNPRIV) break; _usleep(1); @@ -288,7 +307,7 @@ vsyslog(int pri, const char *fmt, va_lis THREAD_UNLOCK(); return; } - } while (errno == ENOBUFS); + } } else { THREAD_UNLOCK(); return; @@ -350,7 +369,7 @@ connectlog(void) SyslogAddr.sun_family = AF_UNIX; /* - * First try priveleged socket. If no success, + * First try privileged socket. If no success, * then try default socket. */ (void)strncpy(SyslogAddr.sun_path, _PATH_LOG_PRIV, From owner-svn-src-stable-9@FreeBSD.ORG Tue Dec 9 07:19:25 2014 Return-Path: Delivered-To: svn-src-stable-9@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8FE37EC0; Tue, 9 Dec 2014 07:19:25 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7B7A683E; Tue, 9 Dec 2014 07:19:25 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id sB97JPEY071336; Tue, 9 Dec 2014 07:19:25 GMT (envelope-from dim@FreeBSD.org) Received: (from dim@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id sB97JO9F071332; Tue, 9 Dec 2014 07:19:24 GMT (envelope-from dim@FreeBSD.org) Message-Id: <201412090719.sB97JO9F071332@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: dim set sender to dim@FreeBSD.org using -f From: Dimitry Andric Date: Tue, 9 Dec 2014 07:19:24 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r275632 - in stable/9/contrib/binutils/bfd: . po X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Dec 2014 07:19:25 -0000 Author: dim Date: Tue Dec 9 07:19:24 2014 New Revision: 275632 URL: https://svnweb.freebsd.org/changeset/base/275632 Log: MFC r257302 (by rea): binutils/bfd: fix printf-like format strings for "bfd *" arguments There is a special format argument '%B' that directly handles values of type 'bfd *', they must be used instead of '%s'. Manifestations of this bug can be seen in ld(1) error messages, for example, http://lists.freebsd.org/pipermail/freebsd-current/2013-August/043580.html http://lists.freebsd.org/pipermail/freebsd-current/2013-October/045404.html Approved by: dim MFC r275386: Let GNU ld be less obscure about missing symbols and DSOs. If the BFD object looks like a typical shared library, suggest adding '-l', where has the 'lib' prefix and '.so' or '.a' suffix removed. Otherwise, suggest adding '-l:', where is the full DT_SONAME. Submitted by: Conrad Meyer Sponsored by: EMC / Isilon storage division Reviewed by: emaste PR: 194296 Differential Revision: https://reviews.freebsd.org/D1152 Modified: stable/9/contrib/binutils/bfd/elf32-score.c stable/9/contrib/binutils/bfd/elflink.c stable/9/contrib/binutils/bfd/po/bfd.pot Directory Properties: stable/9/contrib/binutils/ (props changed) Modified: stable/9/contrib/binutils/bfd/elf32-score.c ============================================================================== --- stable/9/contrib/binutils/bfd/elf32-score.c Tue Dec 9 07:15:53 2014 (r275631) +++ stable/9/contrib/binutils/bfd/elf32-score.c Tue Dec 9 07:19:24 2014 (r275632) @@ -2546,7 +2546,7 @@ _bfd_score_elf_check_relocs (bfd *abfd, } else if (r_symndx >= extsymoff + NUM_SHDR_ENTRIES (symtab_hdr)) { - (*_bfd_error_handler) (_("%s: Malformed reloc detected for section %s"), abfd, name); + (*_bfd_error_handler) (_("%B: Malformed reloc detected for section %s"), abfd, name); bfd_set_error (bfd_error_bad_value); return FALSE; } Modified: stable/9/contrib/binutils/bfd/elflink.c ============================================================================== --- stable/9/contrib/binutils/bfd/elflink.c Tue Dec 9 07:15:53 2014 (r275631) +++ stable/9/contrib/binutils/bfd/elflink.c Tue Dec 9 07:19:24 2014 (r275632) @@ -4356,9 +4356,38 @@ elf_link_add_object_symbols (bfd *abfd, --no-add-needed is used. */ if ((elf_dyn_lib_class (abfd) & DYN_NO_NEEDED) != 0) { + bfd_boolean looks_soish; + const char *print_name; + int print_len; + size_t len, lend = 0; + + looks_soish = FALSE; + print_name = soname; + print_len = strlen(soname); + if (strncmp(soname, "lib", 3) == 0) + { + len = print_len; + if (len > 5 && strcmp(soname + len - 2, ".a") == 0) + lend = len - 5; + else + { + while (len > 6 && (ISDIGIT(soname[len - 1]) || + soname[len - 1] == '.')) + len--; + if (strncmp(soname + len - 3, ".so", 3) == 0) + lend = len - 6; + } + if (lend != 0) + { + print_name = soname + 3; + print_len = lend; + looks_soish = TRUE; + } + } + (*_bfd_error_handler) - (_("%s: invalid DSO for symbol `%s' definition"), - abfd, name); + (_("undefined reference to symbol `%s' (try adding -l%s%.*s)"), + name, looks_soish? "" : ":", print_len, print_name); bfd_set_error (bfd_error_bad_value); goto error_free_vers; } Modified: stable/9/contrib/binutils/bfd/po/bfd.pot ============================================================================== --- stable/9/contrib/binutils/bfd/po/bfd.pot Tue Dec 9 07:15:53 2014 (r275631) +++ stable/9/contrib/binutils/bfd/po/bfd.pot Tue Dec 9 07:19:24 2014 (r275632) @@ -1572,7 +1572,7 @@ msgstr "" #: elf32-score.c:2549 #, c-format -msgid "%s: Malformed reloc detected for section %s" +msgid "%B: Malformed reloc detected for section %s" msgstr "" #: elf32-score.c:2600 @@ -2438,9 +2438,9 @@ msgstr "" msgid "Warning: size of symbol `%s' changed from %lu in %B to %lu in %B" msgstr "" -#: elflink.c:4309 +#: elflink.c:4389 #, c-format -msgid "%s: invalid DSO for symbol `%s' definition" +msgid "undefined reference to symbol `%s' (try adding -l%s%.*s)" msgstr "" #: elflink.c:5535 From owner-svn-src-stable-9@FreeBSD.ORG Wed Dec 10 08:31:45 2014 Return-Path: Delivered-To: svn-src-stable-9@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 79E92D4D; Wed, 10 Dec 2014 08:31:45 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 63185902; Wed, 10 Dec 2014 08:31:45 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id sBA8VjRF037673; Wed, 10 Dec 2014 08:31:45 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id sBA8Vg2B037657; Wed, 10 Dec 2014 08:31:42 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201412100831.sBA8Vg2B037657@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Wed, 10 Dec 2014 08:31:42 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r275669 - in stable: 8/contrib/bind9 8/contrib/bind9/bin/named 8/contrib/bind9/lib/dns 8/contrib/bind9/lib/dns/include/dns 8/contrib/bind9/lib/export/isc 8/contrib/bind9/lib/isc 8/contr... X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2014 08:31:45 -0000 Author: delphij Date: Wed Dec 10 08:31:41 2014 New Revision: 275669 URL: https://svnweb.freebsd.org/changeset/base/275669 Log: Fix multiple vulnerabilities in file(1) and libmagic(3). Security: FreeBSD-SA-14:28.file Security: CVE-2014-3710, CVE-2014-8116, CVE-2014-8117 Fix BIND remote denial of service vulnerability. Security: FreeBSD-SA-14:29.bind Security: CVE-2014-8500 Modified: stable/9/contrib/bind9/CHANGES stable/9/contrib/bind9/bin/named/config.c stable/9/contrib/bind9/bin/named/query.c stable/9/contrib/bind9/bin/named/server.c stable/9/contrib/bind9/lib/dns/adb.c stable/9/contrib/bind9/lib/dns/include/dns/adb.h stable/9/contrib/bind9/lib/dns/include/dns/resolver.h stable/9/contrib/bind9/lib/dns/resolver.c stable/9/contrib/bind9/lib/isccfg/namedconf.c stable/9/contrib/file/elfclass.h stable/9/contrib/file/readelf.c stable/9/contrib/file/softmagic.c Changes in other areas also in this revision: Added: stable/8/contrib/bind9/lib/isc/counter.c (contents, props changed) stable/8/contrib/bind9/lib/isc/include/isc/counter.h (contents, props changed) Modified: stable/8/contrib/bind9/CHANGES stable/8/contrib/bind9/bin/named/config.c stable/8/contrib/bind9/bin/named/query.c stable/8/contrib/bind9/bin/named/server.c stable/8/contrib/bind9/lib/dns/adb.c stable/8/contrib/bind9/lib/dns/include/dns/adb.h stable/8/contrib/bind9/lib/dns/include/dns/resolver.h stable/8/contrib/bind9/lib/dns/resolver.c stable/8/contrib/bind9/lib/export/isc/Makefile.in stable/8/contrib/bind9/lib/isc/Makefile.in stable/8/contrib/bind9/lib/isc/include/isc/Makefile.in stable/8/contrib/bind9/lib/isc/include/isc/types.h stable/8/contrib/bind9/lib/isccfg/namedconf.c stable/8/contrib/file/elfclass.h stable/8/contrib/file/readelf.c stable/8/contrib/file/softmagic.c stable/8/lib/bind/isc/Makefile Modified: stable/9/contrib/bind9/CHANGES ============================================================================== --- stable/9/contrib/bind9/CHANGES Wed Dec 10 08:26:53 2014 (r275668) +++ stable/9/contrib/bind9/CHANGES Wed Dec 10 08:31:41 2014 (r275669) @@ -1,3 +1,14 @@ +4006. [security] A flaw in delegation handling could be exploited + to put named into an infinite loop. This has + been addressed by placing limits on the number + of levels of recursion named will allow (default 7), + and the number of iterative queries that it will + send (default 50) before terminating a recursive + query (CVE-2014-8500). + + The recursion depth limit is configured via the + "max-recursion-depth" option. [RT #35780] + --- 9.9.5 released --- --- 9.9.5rc2 released --- Modified: stable/9/contrib/bind9/bin/named/config.c ============================================================================== --- stable/9/contrib/bind9/bin/named/config.c Wed Dec 10 08:26:53 2014 (r275668) +++ stable/9/contrib/bind9/bin/named/config.c Wed Dec 10 08:31:41 2014 (r275669) @@ -15,8 +15,6 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: config.c,v 1.123 2012/01/06 23:46:41 tbox Exp $ */ - /*! \file */ #include @@ -160,6 +158,7 @@ options {\n\ dnssec-accept-expired no;\n\ clients-per-query 10;\n\ max-clients-per-query 100;\n\ + max-recursion-depth 7;\n\ zero-no-soa-ttl-cache no;\n\ nsec3-test-zone no;\n\ allow-new-zones no;\n\ Modified: stable/9/contrib/bind9/bin/named/query.c ============================================================================== --- stable/9/contrib/bind9/bin/named/query.c Wed Dec 10 08:26:53 2014 (r275668) +++ stable/9/contrib/bind9/bin/named/query.c Wed Dec 10 08:31:41 2014 (r275669) @@ -3872,12 +3872,11 @@ query_recurse(ns_client_t *client, dns_r peeraddr = &client->peeraddr; else peeraddr = NULL; - result = dns_resolver_createfetch2(client->view->resolver, + result = dns_resolver_createfetch3(client->view->resolver, qname, qtype, qdomain, nameservers, NULL, peeraddr, client->message->id, - client->query.fetchoptions, - client->task, - query_resume, client, + client->query.fetchoptions, 0, + client->task, query_resume, client, rdataset, sigrdataset, &client->query.fetch); Modified: stable/9/contrib/bind9/bin/named/server.c ============================================================================== --- stable/9/contrib/bind9/bin/named/server.c Wed Dec 10 08:26:53 2014 (r275668) +++ stable/9/contrib/bind9/bin/named/server.c Wed Dec 10 08:31:41 2014 (r275669) @@ -3141,6 +3141,11 @@ configure_view(dns_view_t *view, cfg_obj cfg_obj_asuint32(obj), max_clients_per_query); + obj = NULL; + result = ns_config_get(maps, "max-recursion-depth", &obj); + INSIST(result == ISC_R_SUCCESS); + dns_resolver_setmaxdepth(view->resolver, cfg_obj_asuint32(obj)); + #ifdef ALLOW_FILTER_AAAA_ON_V4 obj = NULL; result = ns_config_get(maps, "filter-aaaa-on-v4", &obj); Modified: stable/9/contrib/bind9/lib/dns/adb.c ============================================================================== --- stable/9/contrib/bind9/lib/dns/adb.c Wed Dec 10 08:26:53 2014 (r275668) +++ stable/9/contrib/bind9/lib/dns/adb.c Wed Dec 10 08:31:41 2014 (r275669) @@ -201,6 +201,7 @@ struct dns_adbfetch { unsigned int magic; dns_fetch_t *fetch; dns_rdataset_t rdataset; + unsigned int depth; }; /*% @@ -301,7 +302,7 @@ static inline void violate_locking_hiera static isc_boolean_t clean_namehooks(dns_adb_t *, dns_adbnamehooklist_t *); static void clean_target(dns_adb_t *, dns_name_t *); static void clean_finds_at_name(dns_adbname_t *, isc_eventtype_t, - unsigned int); + isc_uint32_t, unsigned int); static isc_boolean_t check_expire_namehooks(dns_adbname_t *, isc_stdtime_t); static isc_boolean_t check_expire_entry(dns_adb_t *, dns_adbentry_t **, isc_stdtime_t); @@ -309,7 +310,7 @@ static void cancel_fetches_at_name(dns_a static isc_result_t dbfind_name(dns_adbname_t *, isc_stdtime_t, dns_rdatatype_t); static isc_result_t fetch_name(dns_adbname_t *, isc_boolean_t, - dns_rdatatype_t); + unsigned int, dns_rdatatype_t); static inline void check_exit(dns_adb_t *); static void destroy(dns_adb_t *); static isc_boolean_t shutdown_names(dns_adb_t *); @@ -982,7 +983,7 @@ kill_name(dns_adbname_t **n, isc_eventty * Clean up the name's various lists. These two are destructive * in that they will always empty the list. */ - clean_finds_at_name(name, ev, DNS_ADBFIND_ADDRESSMASK); + clean_finds_at_name(name, ev, 0, DNS_ADBFIND_ADDRESSMASK); result4 = clean_namehooks(adb, &name->v4); result6 = clean_namehooks(adb, &name->v6); clean_target(adb, &name->target); @@ -1407,7 +1408,7 @@ event_free(isc_event_t *event) { */ static void clean_finds_at_name(dns_adbname_t *name, isc_eventtype_t evtype, - unsigned int addrs) + isc_uint32_t qtotal, unsigned int addrs) { isc_event_t *ev; isc_task_t *task; @@ -1467,6 +1468,7 @@ clean_finds_at_name(dns_adbname_t *name, ev->ev_sender = find; find->result_v4 = find_err_map[name->fetch_err]; find->result_v6 = find_err_map[name->fetch6_err]; + find->qtotal += qtotal; ev->ev_type = evtype; ev->ev_destroy = event_free; ev->ev_destroy_arg = find; @@ -1821,6 +1823,7 @@ new_adbfind(dns_adb_t *adb) { h->flags = 0; h->result_v4 = ISC_R_UNEXPECTED; h->result_v6 = ISC_R_UNEXPECTED; + h->qtotal = 0; ISC_LINK_INIT(h, publink); ISC_LINK_INIT(h, plink); ISC_LIST_INIT(h->list); @@ -2770,6 +2773,19 @@ dns_adb_createfind(dns_adb_t *adb, isc_t isc_stdtime_t now, dns_name_t *target, in_port_t port, dns_adbfind_t **findp) { + return (dns_adb_createfind2(adb, task, action, arg, name, + qname, qtype, options, now, + target, port, 0, findp)); +} + +isc_result_t +dns_adb_createfind2(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, + void *arg, dns_name_t *name, dns_name_t *qname, + dns_rdatatype_t qtype, unsigned int options, + isc_stdtime_t now, dns_name_t *target, + in_port_t port, unsigned int depth, + dns_adbfind_t **findp) +{ dns_adbfind_t *find; dns_adbname_t *adbname; int bucket; @@ -3000,7 +3016,7 @@ dns_adb_createfind(dns_adb_t *adb, isc_t * Start V4. */ if (WANT_INET(wanted_fetches) && - fetch_name(adbname, start_at_zone, + fetch_name(adbname, start_at_zone, depth, dns_rdatatype_a) == ISC_R_SUCCESS) { DP(DEF_LEVEL, "dns_adb_createfind: started A fetch for name %p", @@ -3011,7 +3027,7 @@ dns_adb_createfind(dns_adb_t *adb, isc_t * Start V6. */ if (WANT_INET6(wanted_fetches) && - fetch_name(adbname, start_at_zone, + fetch_name(adbname, start_at_zone, depth, dns_rdatatype_aaaa) == ISC_R_SUCCESS) { DP(DEF_LEVEL, "dns_adb_createfind: " @@ -3627,6 +3643,7 @@ fetch_callback(isc_task_t *task, isc_eve isc_result_t result; unsigned int address_type; isc_boolean_t want_check_exit = ISC_FALSE; + isc_uint32_t qtotal = 0; UNUSED(task); @@ -3637,6 +3654,8 @@ fetch_callback(isc_task_t *task, isc_eve adb = name->adb; INSIST(DNS_ADB_VALID(adb)); + qtotal = dev->qtotal; + bucket = name->lock_bucket; LOCK(&adb->namelocks[bucket]); @@ -3754,6 +3773,12 @@ fetch_callback(isc_task_t *task, isc_eve DP(DEF_LEVEL, "adb: fetch of '%s' %s failed: %s", buf, address_type == DNS_ADBFIND_INET ? "A" : "AAAA", dns_result_totext(dev->result)); + /* + * Don't record a failure unless this is the initial + * fetch of a chain. + */ + if (fetch->depth > 1) + goto out; /* XXXMLG Don't pound on bad servers. */ if (address_type == DNS_ADBFIND_INET) { name->expire_v4 = ISC_MIN(name->expire_v4, now + 300); @@ -3785,15 +3810,14 @@ fetch_callback(isc_task_t *task, isc_eve free_adbfetch(adb, &fetch); isc_event_free(&ev); - clean_finds_at_name(name, ev_status, address_type); + clean_finds_at_name(name, ev_status, qtotal, address_type); UNLOCK(&adb->namelocks[bucket]); } static isc_result_t -fetch_name(dns_adbname_t *adbname, - isc_boolean_t start_at_zone, - dns_rdatatype_t type) +fetch_name(dns_adbname_t *adbname, isc_boolean_t start_at_zone, + unsigned int depth, dns_rdatatype_t type) { isc_result_t result; dns_adbfetch_t *fetch = NULL; @@ -3838,12 +3862,14 @@ fetch_name(dns_adbname_t *adbname, result = ISC_R_NOMEMORY; goto cleanup; } + fetch->depth = depth; - result = dns_resolver_createfetch(adb->view->resolver, &adbname->name, - type, name, nameservers, NULL, - options, adb->task, fetch_callback, - adbname, &fetch->rdataset, NULL, - &fetch->fetch); + result = dns_resolver_createfetch3(adb->view->resolver, &adbname->name, + type, name, nameservers, NULL, + NULL, 0, options, depth, adb->task, + fetch_callback, adbname, + &fetch->rdataset, NULL, + &fetch->fetch); if (result != ISC_R_SUCCESS) goto cleanup; Modified: stable/9/contrib/bind9/lib/dns/include/dns/adb.h ============================================================================== --- stable/9/contrib/bind9/lib/dns/include/dns/adb.h Wed Dec 10 08:26:53 2014 (r275668) +++ stable/9/contrib/bind9/lib/dns/include/dns/adb.h Wed Dec 10 08:31:41 2014 (r275669) @@ -118,6 +118,8 @@ struct dns_adbfind { isc_result_t result_v6; /*%< RO: v6 result */ ISC_LINK(dns_adbfind_t) publink; /*%< RW: client use */ + isc_uint32_t qtotal; + /* Private */ isc_mutex_t lock; /* locks all below */ in_port_t port; @@ -334,6 +336,12 @@ dns_adb_createfind(dns_adb_t *adb, isc_t dns_rdatatype_t qtype, unsigned int options, isc_stdtime_t now, dns_name_t *target, in_port_t port, dns_adbfind_t **find); +isc_result_t +dns_adb_createfind2(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, + void *arg, dns_name_t *name, dns_name_t *qname, + dns_rdatatype_t qtype, unsigned int options, + isc_stdtime_t now, dns_name_t *target, in_port_t port, + unsigned int depth, dns_adbfind_t **find); /*%< * Main interface for clients. The adb will look up the name given in * "name" and will build up a list of found addresses, and perhaps start Modified: stable/9/contrib/bind9/lib/dns/include/dns/resolver.h ============================================================================== --- stable/9/contrib/bind9/lib/dns/include/dns/resolver.h Wed Dec 10 08:26:53 2014 (r275668) +++ stable/9/contrib/bind9/lib/dns/include/dns/resolver.h Wed Dec 10 08:31:41 2014 (r275669) @@ -82,6 +82,7 @@ typedef struct dns_fetchevent { isc_sockaddr_t * client; dns_messageid_t id; isc_result_t vresult; + isc_uint32_t qtotal; } dns_fetchevent_t; /* @@ -274,6 +275,18 @@ dns_resolver_createfetch2(dns_resolver_t dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset, dns_fetch_t **fetchp); +isc_result_t +dns_resolver_createfetch3(dns_resolver_t *res, dns_name_t *name, + dns_rdatatype_t type, + dns_name_t *domain, dns_rdataset_t *nameservers, + dns_forwarders_t *forwarders, + isc_sockaddr_t *client, isc_uint16_t id, + unsigned int options, unsigned int depth, + isc_task_t *task, + isc_taskaction_t action, void *arg, + dns_rdataset_t *rdataset, + dns_rdataset_t *sigrdataset, + dns_fetch_t **fetchp); /*%< * Recurse to answer a question. * @@ -575,6 +588,18 @@ dns_resolver_printbadcache(dns_resolver_ * \li resolver to be valid. */ +void +dns_resolver_setmaxdepth(dns_resolver_t *resolver, unsigned int maxdepth); +unsigned int +dns_resolver_getmaxdepth(dns_resolver_t *resolver); +/*% + * Get and set how many NS indirections will be followed when looking for + * nameserver addresses. + * + * Requires: + * \li resolver to be valid. + */ + ISC_LANG_ENDDECLS #endif /* DNS_RESOLVER_H */ Modified: stable/9/contrib/bind9/lib/dns/resolver.c ============================================================================== --- stable/9/contrib/bind9/lib/dns/resolver.c Wed Dec 10 08:26:53 2014 (r275668) +++ stable/9/contrib/bind9/lib/dns/resolver.c Wed Dec 10 08:31:41 2014 (r275669) @@ -131,6 +131,16 @@ #define MAXIMUM_QUERY_TIMEOUT 30 /* The maximum time in seconds for the whole query to live. */ #endif +/* The default maximum number of recursions to follow before giving up. */ +#ifndef DEFAULT_RECURSION_DEPTH +#define DEFAULT_RECURSION_DEPTH 7 +#endif + +/* The default maximum number of iterative queries to allow before giving up. */ +#ifndef DEFAULT_MAX_QUERIES +#define DEFAULT_MAX_QUERIES 50 +#endif + /*% * Maximum EDNS0 input packet size. */ @@ -297,6 +307,7 @@ struct fetchctx { isc_uint64_t duration; isc_boolean_t logged; unsigned int querysent; + unsigned int totalqueries; unsigned int referrals; unsigned int lamecount; unsigned int neterr; @@ -307,6 +318,7 @@ struct fetchctx { isc_boolean_t timeout; dns_adbaddrinfo_t *addrinfo; isc_sockaddr_t *client; + unsigned int depth; }; #define FCTX_MAGIC ISC_MAGIC('F', '!', '!', '!') @@ -418,6 +430,7 @@ struct dns_resolver { isc_timer_t * spillattimer; isc_boolean_t zero_no_soa_ttl; unsigned int query_timeout; + unsigned int maxdepth; /* Locked by lock. */ unsigned int references; @@ -1093,6 +1106,7 @@ fctx_sendevents(fetchctx_t *fctx, isc_re event->result == DNS_R_NCACHENXRRSET); } + event->qtotal = fctx->totalqueries; isc_task_sendanddetach(&task, ISC_EVENT_PTR(&event)); count++; } @@ -1533,7 +1547,9 @@ fctx_query(fetchctx_t *fctx, dns_adbaddr if (result != ISC_R_SUCCESS) goto cleanup_dispatch; } + fctx->querysent++; + fctx->totalqueries++; ISC_LIST_APPEND(fctx->queries, query, link); query->fctx->nqueries++; @@ -2186,9 +2202,10 @@ fctx_finddone(isc_task_t *task, isc_even */ INSIST(!SHUTTINGDOWN(fctx)); fctx->attributes &= ~FCTX_ATTR_ADDRWAIT; - if (event->ev_type == DNS_EVENT_ADBMOREADDRESSES) + if (event->ev_type == DNS_EVENT_ADBMOREADDRESSES) { want_try = ISC_TRUE; - else { + fctx->totalqueries += find->qtotal; + } else { fctx->findfail++; if (fctx->pending == 0) { /* @@ -2471,12 +2488,13 @@ findname(fetchctx_t *fctx, dns_name_t *n * See what we know about this address. */ find = NULL; - result = dns_adb_createfind(fctx->adb, - res->buckets[fctx->bucketnum].task, - fctx_finddone, fctx, name, - &fctx->name, fctx->type, - options, now, NULL, - res->view->dstport, &find); + result = dns_adb_createfind2(fctx->adb, + res->buckets[fctx->bucketnum].task, + fctx_finddone, fctx, name, + &fctx->name, fctx->type, + options, now, NULL, + res->view->dstport, + fctx->depth + 1, &find); if (result != ISC_R_SUCCESS) { if (result == DNS_R_ALIAS) { /* @@ -2584,6 +2602,11 @@ fctx_getaddresses(fetchctx_t *fctx, isc_ res = fctx->res; + if (fctx->depth > res->maxdepth) { + FCTXTRACE("too much NS indirection"); + return (DNS_R_SERVFAIL); + } + /* * Forwarders. */ @@ -3022,6 +3045,9 @@ fctx_try(fetchctx_t *fctx, isc_boolean_t REQUIRE(!ADDRWAIT(fctx)); + if (fctx->totalqueries > DEFAULT_MAX_QUERIES) + fctx_done(fctx, DNS_R_SERVFAIL, __LINE__); + addrinfo = fctx_nextaddress(fctx); if (addrinfo == NULL) { /* @@ -3380,6 +3406,7 @@ fctx_start(isc_task_t *task, isc_event_t * Normal fctx startup. */ fctx->state = fetchstate_active; + fctx->totalqueries = 0; /* * Reset the control event for later use in shutting down * the fctx. @@ -3449,6 +3476,7 @@ fctx_join(fetchctx_t *fctx, isc_task_t * event->fetch = fetch; event->client = client; event->id = id; + event->qtotal = 0; dns_fixedname_init(&event->foundname); /* @@ -3485,7 +3513,8 @@ log_ns_ttl(fetchctx_t *fctx, const char static isc_result_t fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type, dns_name_t *domain, dns_rdataset_t *nameservers, - unsigned int options, unsigned int bucketnum, fetchctx_t **fctxp) + unsigned int options, unsigned int bucketnum, unsigned int depth, + fetchctx_t **fctxp) { fetchctx_t *fctx; isc_result_t result; @@ -3537,6 +3566,7 @@ fctx_create(dns_resolver_t *res, dns_nam fctx->state = fetchstate_init; fctx->want_shutdown = ISC_FALSE; fctx->cloned = ISC_FALSE; + fctx->depth = depth; ISC_LIST_INIT(fctx->queries); ISC_LIST_INIT(fctx->finds); ISC_LIST_INIT(fctx->altfinds); @@ -3555,6 +3585,7 @@ fctx_create(dns_resolver_t *res, dns_nam fctx->pending = 0; fctx->restarts = 0; fctx->querysent = 0; + fctx->totalqueries = 0; fctx->referrals = 0; TIME_NOW(&fctx->start); fctx->timeouts = 0; @@ -7731,6 +7762,7 @@ dns_resolver_create(dns_view_t *view, res->spillattimer = NULL; res->zero_no_soa_ttl = ISC_FALSE; res->query_timeout = DEFAULT_QUERY_TIMEOUT; + res->maxdepth = DEFAULT_RECURSION_DEPTH; res->nbuckets = ntasks; res->activebuckets = ntasks; res->buckets = isc_mem_get(view->mctx, @@ -8169,9 +8201,9 @@ dns_resolver_createfetch(dns_resolver_t dns_rdataset_t *sigrdataset, dns_fetch_t **fetchp) { - return (dns_resolver_createfetch2(res, name, type, domain, + return (dns_resolver_createfetch3(res, name, type, domain, nameservers, forwarders, NULL, 0, - options, task, action, arg, + options, 0, task, action, arg, rdataset, sigrdataset, fetchp)); } @@ -8187,6 +8219,25 @@ dns_resolver_createfetch2(dns_resolver_t dns_rdataset_t *sigrdataset, dns_fetch_t **fetchp) { + return (dns_resolver_createfetch3(res, name, type, domain, + nameservers, forwarders, client, id, + options, 0, task, action, arg, + rdataset, sigrdataset, fetchp)); +} + +isc_result_t +dns_resolver_createfetch3(dns_resolver_t *res, dns_name_t *name, + dns_rdatatype_t type, + dns_name_t *domain, dns_rdataset_t *nameservers, + dns_forwarders_t *forwarders, + isc_sockaddr_t *client, dns_messageid_t id, + unsigned int options, unsigned int depth, + isc_task_t *task, + isc_taskaction_t action, void *arg, + dns_rdataset_t *rdataset, + dns_rdataset_t *sigrdataset, + dns_fetch_t **fetchp) +{ dns_fetch_t *fetch; fetchctx_t *fctx = NULL; isc_result_t result = ISC_R_SUCCESS; @@ -8273,11 +8324,12 @@ dns_resolver_createfetch2(dns_resolver_t if (fctx == NULL) { result = fctx_create(res, name, type, domain, nameservers, - options, bucketnum, &fctx); + options, bucketnum, depth, &fctx); if (result != ISC_R_SUCCESS) goto unlock; new_fctx = ISC_TRUE; - } + } else if (fctx->depth > depth) + fctx->depth = depth; result = fctx_join(fctx, task, client, id, action, arg, rdataset, sigrdataset, fetch); @@ -9049,3 +9101,15 @@ dns_resolver_settimeout(dns_resolver_t * resolver->query_timeout = seconds; } + +void +dns_resolver_setmaxdepth(dns_resolver_t *resolver, unsigned int maxdepth) { + REQUIRE(VALID_RESOLVER(resolver)); + resolver->maxdepth = maxdepth; +} + +unsigned int +dns_resolver_getmaxdepth(dns_resolver_t *resolver) { + REQUIRE(VALID_RESOLVER(resolver)); + return (resolver->maxdepth); +} Modified: stable/9/contrib/bind9/lib/isccfg/namedconf.c ============================================================================== --- stable/9/contrib/bind9/lib/isccfg/namedconf.c Wed Dec 10 08:26:53 2014 (r275668) +++ stable/9/contrib/bind9/lib/isccfg/namedconf.c Wed Dec 10 08:31:41 2014 (r275669) @@ -1419,6 +1419,7 @@ view_clauses[] = { { "max-cache-ttl", &cfg_type_uint32, 0 }, { "max-clients-per-query", &cfg_type_uint32, 0 }, { "max-ncache-ttl", &cfg_type_uint32, 0 }, + { "max-recursion-depth", &cfg_type_uint32, 0 }, { "max-udp-size", &cfg_type_uint32, 0 }, { "min-roots", &cfg_type_uint32, CFG_CLAUSEFLAG_NOTIMP }, { "minimal-responses", &cfg_type_boolean, 0 }, Modified: stable/9/contrib/file/elfclass.h ============================================================================== --- stable/9/contrib/file/elfclass.h Wed Dec 10 08:26:53 2014 (r275668) +++ stable/9/contrib/file/elfclass.h Wed Dec 10 08:31:41 2014 (r275669) @@ -35,10 +35,12 @@ switch (type) { #ifdef ELFCORE case ET_CORE: + phnum = elf_getu16(swap, elfhdr.e_phnum); + if (phnum > MAX_PHNUM) + return toomany(ms, "program", phnum); flags |= FLAGS_IS_CORE; if (dophn_core(ms, clazz, swap, fd, - (off_t)elf_getu(swap, elfhdr.e_phoff), - elf_getu16(swap, elfhdr.e_phnum), + (off_t)elf_getu(swap, elfhdr.e_phoff), phnum, (size_t)elf_getu16(swap, elfhdr.e_phentsize), fsize, &flags) == -1) return -1; @@ -46,18 +48,24 @@ #endif case ET_EXEC: case ET_DYN: + phnum = elf_getu16(swap, elfhdr.e_phnum); + if (phnum > MAX_PHNUM) + return toomany(ms, "program", phnum); + shnum = elf_getu16(swap, elfhdr.e_shnum); + if (shnum > MAX_SHNUM) + return toomany(ms, "section", shnum); if (dophn_exec(ms, clazz, swap, fd, - (off_t)elf_getu(swap, elfhdr.e_phoff), - elf_getu16(swap, elfhdr.e_phnum), + (off_t)elf_getu(swap, elfhdr.e_phoff), phnum, (size_t)elf_getu16(swap, elfhdr.e_phentsize), - fsize, &flags, elf_getu16(swap, elfhdr.e_shnum)) - == -1) + fsize, &flags, shnum) == -1) return -1; /*FALLTHROUGH*/ case ET_REL: + shnum = elf_getu16(swap, elfhdr.e_shnum); + if (shnum > MAX_SHNUM) + return toomany(ms, "section", shnum); if (doshn(ms, clazz, swap, fd, - (off_t)elf_getu(swap, elfhdr.e_shoff), - elf_getu16(swap, elfhdr.e_shnum), + (off_t)elf_getu(swap, elfhdr.e_shoff), shnum, (size_t)elf_getu16(swap, elfhdr.e_shentsize), fsize, &flags, elf_getu16(swap, elfhdr.e_machine)) == -1) return -1; Modified: stable/9/contrib/file/readelf.c ============================================================================== --- stable/9/contrib/file/readelf.c Wed Dec 10 08:26:53 2014 (r275668) +++ stable/9/contrib/file/readelf.c Wed Dec 10 08:31:41 2014 (r275669) @@ -60,6 +60,18 @@ private uint16_t getu16(int, uint16_t); private uint32_t getu32(int, uint32_t); private uint64_t getu64(int, uint64_t); +#define MAX_PHNUM 256 +#define MAX_SHNUM 1024 + +private int +toomany(struct magic_set *ms, const char *name, uint16_t num) +{ + if (file_printf(ms, ", too many %s header sections (%u)", name, num + ) == -1) + return -1; + return 0; +} + private uint16_t getu16(int swap, uint16_t value) { @@ -384,13 +396,13 @@ donote(struct magic_set *ms, void *vbuf, if (namesz & 0x80000000) { (void)file_printf(ms, ", bad note name size 0x%lx", (unsigned long)namesz); - return offset; + return 0; } if (descsz & 0x80000000) { (void)file_printf(ms, ", bad note description size 0x%lx", (unsigned long)descsz); - return offset; + return 0; } @@ -847,6 +859,7 @@ doshn(struct magic_set *ms, int clazz, i Elf32_Shdr sh32; Elf64_Shdr sh64; int stripped = 1; + size_t nbadcap = 0; void *nbuf; off_t noff, coff; uint64_t cap_hw1 = 0; /* SunOS 5.x hardware capabilites */ @@ -919,6 +932,8 @@ doshn(struct magic_set *ms, int clazz, i free(nbuf); break; case SHT_SUNW_cap: + if (nbadcap > 5) + break; if (lseek(fd, (off_t)xsh_offset, SEEK_SET) == (off_t)-1) { file_badseek(ms); @@ -955,6 +970,8 @@ doshn(struct magic_set *ms, int clazz, i (unsigned long long)xcap_tag, (unsigned long long)xcap_val) == -1) return -1; + if (nbadcap++ > 2) + coff = xsh_size; break; } } @@ -1142,7 +1159,7 @@ file_tryelf(struct magic_set *ms, int fd int flags = 0; Elf32_Ehdr elf32hdr; Elf64_Ehdr elf64hdr; - uint16_t type; + uint16_t type, phnum, shnum; if (ms->flags & (MAGIC_MIME|MAGIC_APPLE)) return 0; Modified: stable/9/contrib/file/softmagic.c ============================================================================== --- stable/9/contrib/file/softmagic.c Wed Dec 10 08:26:53 2014 (r275668) +++ stable/9/contrib/file/softmagic.c Wed Dec 10 08:31:41 2014 (r275669) @@ -61,6 +61,9 @@ private void cvt_32(union VALUETYPE *, c private void cvt_64(union VALUETYPE *, const struct magic *); #define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o))) + +#define MAX_RECURSION_LEVEL 10 + /* * softmagic - lookup one file in parsed, in-memory copy of database * Passed the name and FILE * of one file to be typed. @@ -1027,7 +1030,7 @@ mget(struct magic_set *ms, const unsigne uint32_t count = m->str_range; union VALUETYPE *p = &ms->ms_value; - if (recursion_level >= 20) { + if (recursion_level >= MAX_RECURSION_LEVEL) { file_error(ms, 0, "recursion nesting exceeded"); return -1; } From owner-svn-src-stable-9@FreeBSD.ORG Thu Dec 11 08:06:00 2014 Return-Path: Delivered-To: svn-src-stable-9@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A64DF45F; Thu, 11 Dec 2014 08:06:00 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8FE726AC36; Thu, 11 Dec 2014 08:06:00 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id sBB860uS049168; Thu, 11 Dec 2014 08:06:00 GMT (envelope-from dim@FreeBSD.org) Received: (from dim@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id sBB860S0049165; Thu, 11 Dec 2014 08:06:00 GMT (envelope-from dim@FreeBSD.org) Message-Id: <201412110806.sBB860S0049165@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: dim set sender to dim@FreeBSD.org using -f From: Dimitry Andric Date: Thu, 11 Dec 2014 08:06:00 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r275699 - in stable: 10/contrib/gcc/cp 7/contrib/gcc/cp 8/contrib/gcc/cp 9/contrib/gcc/cp X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Dec 2014 08:06:00 -0000 Author: dim Date: Thu Dec 11 08:05:59 2014 New Revision: 275699 URL: https://svnweb.freebsd.org/changeset/base/275699 Log: MFC r275477: Pull in r174303 from upstream gcc trunk (by Jason Merrill): PR c++/48211 * name-lookup.h (cp_class_binding): Make base a pointer. * name-lookup.c (new_class_binding): Adjust. (poplevel_class): Adjust. This fixes a potential segfault when compiling gold, a part of the devel/binutils port, with gcc. See also the upstream bug report: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=48211 Thanks to Jason Merrill, Tom Callaway and Red Hat legal for approving the use of this patch under the GNU GPL, version 2 or later. Modified: stable/9/contrib/gcc/cp/name-lookup.c stable/9/contrib/gcc/cp/name-lookup.h Directory Properties: stable/9/contrib/gcc/ (props changed) Changes in other areas also in this revision: Modified: stable/10/contrib/gcc/cp/name-lookup.c stable/10/contrib/gcc/cp/name-lookup.h stable/7/contrib/gcc/cp/name-lookup.c stable/7/contrib/gcc/cp/name-lookup.h stable/8/contrib/gcc/cp/name-lookup.c stable/8/contrib/gcc/cp/name-lookup.h Directory Properties: stable/10/ (props changed) stable/7/contrib/gcc/ (props changed) stable/8/contrib/gcc/ (props changed) Modified: stable/9/contrib/gcc/cp/name-lookup.c ============================================================================== --- stable/9/contrib/gcc/cp/name-lookup.c Thu Dec 11 06:52:10 2014 (r275698) +++ stable/9/contrib/gcc/cp/name-lookup.c Thu Dec 11 08:05:59 2014 (r275699) @@ -301,35 +301,11 @@ new_class_binding (tree name, tree value cp_class_binding *cb; cxx_binding *binding; - if (VEC_length (cp_class_binding, scope->class_shadowed)) - { - cp_class_binding *old_base; - old_base = VEC_index (cp_class_binding, scope->class_shadowed, 0); - if (VEC_reserve (cp_class_binding, gc, scope->class_shadowed, 1)) - { - /* Fixup the current bindings, as they might have moved. */ - size_t i; - - for (i = 0; - VEC_iterate (cp_class_binding, scope->class_shadowed, i, cb); - i++) - { - cxx_binding **b; - b = &IDENTIFIER_BINDING (cb->identifier); - while (*b != &old_base[i].base) - b = &((*b)->previous); - *b = &cb->base; - } - } - cb = VEC_quick_push (cp_class_binding, scope->class_shadowed, NULL); - } - else cb = VEC_safe_push (cp_class_binding, gc, scope->class_shadowed, NULL); cb->identifier = name; - binding = &cb->base; + cb->base = binding = cxx_binding_make (value, type); binding->scope = scope; - cxx_binding_init (binding, value, type); return binding; } @@ -2479,7 +2455,10 @@ poplevel_class (void) for (i = 0; VEC_iterate (cp_class_binding, level->class_shadowed, i, cb); ++i) - IDENTIFIER_BINDING (cb->identifier) = cb->base.previous; + { + IDENTIFIER_BINDING (cb->identifier) = cb->base->previous; + cxx_binding_free (cb->base); + } ggc_free (level->class_shadowed); level->class_shadowed = NULL; } Modified: stable/9/contrib/gcc/cp/name-lookup.h ============================================================================== --- stable/9/contrib/gcc/cp/name-lookup.h Thu Dec 11 06:52:10 2014 (r275698) +++ stable/9/contrib/gcc/cp/name-lookup.h Thu Dec 11 08:05:59 2014 (r275699) @@ -142,7 +142,7 @@ typedef enum tag_scope { typedef struct cp_class_binding GTY(()) { - cxx_binding base; + cxx_binding *base; /* The bound name. */ tree identifier; } cp_class_binding; From owner-svn-src-stable-9@FreeBSD.ORG Fri Dec 12 07:42:07 2014 Return-Path: Delivered-To: svn-src-stable-9@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D267026A; Fri, 12 Dec 2014 07:42:07 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BDA80E6B; Fri, 12 Dec 2014 07:42:07 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id sBC7g7BV085882; Fri, 12 Dec 2014 07:42:07 GMT (envelope-from mav@FreeBSD.org) Received: (from mav@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id sBC7g76n085881; Fri, 12 Dec 2014 07:42:07 GMT (envelope-from mav@FreeBSD.org) Message-Id: <201412120742.sBC7g76n085881@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: mav set sender to mav@FreeBSD.org using -f From: Alexander Motin Date: Fri, 12 Dec 2014 07:42:07 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r275723 - stable/9/sys/cam/scsi X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2014 07:42:07 -0000 Author: mav Date: Fri Dec 12 07:42:06 2014 New Revision: 275723 URL: https://svnweb.freebsd.org/changeset/base/275723 Log: MFC r274411: Improve CAM's reaction on asymmetric access errors. Modified: stable/9/sys/cam/scsi/scsi_all.c Directory Properties: stable/9/ (props changed) stable/9/sys/ (props changed) Modified: stable/9/sys/cam/scsi/scsi_all.c ============================================================================== --- stable/9/sys/cam/scsi/scsi_all.c Fri Dec 12 07:41:08 2014 (r275722) +++ stable/9/sys/cam/scsi/scsi_all.c Fri Dec 12 07:42:06 2014 (r275723) @@ -1103,13 +1103,13 @@ static struct asc_table_entry asc_table[ { SST(0x04, 0x09, SS_RDEF, /* XXX TBD */ "Logical unit not ready, self-test in progress") }, /* DTLPWROMAEBKVF */ - { SST(0x04, 0x0A, SS_RDEF, /* XXX TBD */ + { SST(0x04, 0x0A, SS_TUR | SSQ_MANY | SSQ_DECREMENT_COUNT | ENXIO, "Logical unit not accessible, asymmetric access state transition")}, /* DTLPWROMAEBKVF */ - { SST(0x04, 0x0B, SS_RDEF, /* XXX TBD */ + { SST(0x04, 0x0B, SS_FATAL | ENXIO, "Logical unit not accessible, target port in standby state") }, /* DTLPWROMAEBKVF */ - { SST(0x04, 0x0C, SS_RDEF, /* XXX TBD */ + { SST(0x04, 0x0C, SS_FATAL | ENXIO, "Logical unit not accessible, target port in unavailable state") }, /* F */ { SST(0x04, 0x0D, SS_RDEF, /* XXX TBD */ From owner-svn-src-stable-9@FreeBSD.ORG Fri Dec 12 08:00:57 2014 Return-Path: Delivered-To: svn-src-stable-9@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 874D4783; Fri, 12 Dec 2014 08:00:57 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 725A48E; Fri, 12 Dec 2014 08:00:57 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id sBC80vYY093358; Fri, 12 Dec 2014 08:00:57 GMT (envelope-from hselasky@FreeBSD.org) Received: (from hselasky@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id sBC80vIb093357; Fri, 12 Dec 2014 08:00:57 GMT (envelope-from hselasky@FreeBSD.org) Message-Id: <201412120800.sBC80vIb093357@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: hselasky set sender to hselasky@FreeBSD.org using -f From: Hans Petter Selasky Date: Fri, 12 Dec 2014 08:00:57 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r275725 - stable/9/sys/ofed/include/linux X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2014 08:00:57 -0000 Author: hselasky Date: Fri Dec 12 08:00:56 2014 New Revision: 275725 URL: https://svnweb.freebsd.org/changeset/base/275725 Log: MFC r275636: Move OFED init a bit earlier so that PXE boot works. Sponsored by: Mellanox Technologies Modified: stable/9/sys/ofed/include/linux/module.h Directory Properties: stable/9/sys/ (props changed) Modified: stable/9/sys/ofed/include/linux/module.h ============================================================================== --- stable/9/sys/ofed/include/linux/module.h Fri Dec 12 07:59:05 2014 (r275724) +++ stable/9/sys/ofed/include/linux/module.h Fri Dec 12 08:00:56 2014 (r275725) @@ -49,9 +49,9 @@ #define EXPORT_SYMBOL_GPL(name) /* OFED pre-module initialization */ -#define SI_SUB_OFED_PREINIT (SI_SUB_KTHREAD_INIT - 2) +#define SI_SUB_OFED_PREINIT (SI_SUB_ROOT_CONF - 2) /* OFED default module initialization */ -#define SI_SUB_OFED_MODINIT (SI_SUB_KTHREAD_INIT - 1) +#define SI_SUB_OFED_MODINIT (SI_SUB_ROOT_CONF - 1) #include From owner-svn-src-stable-9@FreeBSD.ORG Sat Dec 13 04:50:15 2014 Return-Path: Delivered-To: svn-src-stable-9@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 63B84817; Sat, 13 Dec 2014 04:50:15 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3504A3E3; Sat, 13 Dec 2014 04:50:15 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id sBD4oFZI017597; Sat, 13 Dec 2014 04:50:15 GMT (envelope-from rodrigc@FreeBSD.org) Received: (from rodrigc@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id sBD4oFF5017596; Sat, 13 Dec 2014 04:50:15 GMT (envelope-from rodrigc@FreeBSD.org) Message-Id: <201412130450.sBD4oFF5017596@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: rodrigc set sender to rodrigc@FreeBSD.org using -f From: Craig Rodrigues Date: Sat, 13 Dec 2014 04:50:15 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r275741 - stable/9/sys/contrib/ipfilter/netinet X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Dec 2014 04:50:15 -0000 Author: rodrigc Date: Sat Dec 13 04:50:14 2014 New Revision: 275741 URL: https://svnweb.freebsd.org/changeset/base/275741 Log: Merge r275213. Set the current vnet inside the ioctl handler for ipfilter. Without this fix, the vnet was NULL and would crash. This fix is similar to what was done inside the ioctl handler for PF. Tested by: (1) Boot a kernel with "options VIMAGE" enabled (2) Type: echo "map lo0 from 10.0.0.0/24 to ! 10.0.0.0/24 -> 127.0.0.1/32" > /etc/ipnat.rules ; service ipnat onerestart PR: 176992 Differential Revision: https://reviews.freebsd.org/D1191 Modified: stable/9/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c Directory Properties: stable/9/ (props changed) stable/9/sys/ (props changed) Modified: stable/9/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c ============================================================================== --- stable/9/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c Sat Dec 13 02:08:18 2014 (r275740) +++ stable/9/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c Sat Dec 13 04:50:14 2014 (r275741) @@ -47,11 +47,12 @@ static const char rcsid[] = "@(#)$Id: ip #endif #include #include -#if (__FreeBSD_version >= 300000) # include -#else -# include +#if defined(__FreeBSD_version) && (__FreeBSD_version >= 800000) +#include #endif +# include +# include #if !defined(__hpux) # include #endif @@ -86,6 +87,12 @@ static const char rcsid[] = "@(#)$Id: ip #include #include #include +#if defined(__FreeBSD_version) && (__FreeBSD_version >= 800000) +#include +#else +#define CURVNET_SET(arg) +#define CURVNET_RESTORE() +#endif #if defined(__osf__) # include #endif @@ -362,7 +369,9 @@ int mode; SPL_NET(s); + CURVNET_SET(TD_TO_VNET(p)); error = fr_ioctlswitch(unit, data, cmd, mode, p->p_uid, p); + CURVNET_RESTORE(); if (error != -1) { SPL_X(s); return error; From owner-svn-src-stable-9@FreeBSD.ORG Sat Dec 13 12:14:28 2014 Return-Path: Delivered-To: svn-src-stable-9@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0BC2363A; Sat, 13 Dec 2014 12:14:28 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E113FA7; Sat, 13 Dec 2014 12:14:27 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id sBDCEROP033031; Sat, 13 Dec 2014 12:14:27 GMT (envelope-from dim@FreeBSD.org) Received: (from dim@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id sBDCERJT033028; Sat, 13 Dec 2014 12:14:27 GMT (envelope-from dim@FreeBSD.org) Message-Id: <201412131214.sBDCERJT033028@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: dim set sender to dim@FreeBSD.org using -f From: Dimitry Andric Date: Sat, 13 Dec 2014 12:14:27 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r275742 - in stable: 10/contrib/llvm/lib/Transforms/Vectorize 10/sys/sys 9/contrib/llvm/lib/Transforms/Vectorize 9/sys/sys X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Dec 2014 12:14:28 -0000 Author: dim Date: Sat Dec 13 12:14:26 2014 New Revision: 275742 URL: https://svnweb.freebsd.org/changeset/base/275742 Log: MFC r275633: Pull in r223171 from upstream llvm trunk (by Michael Zolotukhin): PR21302. Vectorize only bottom-tested loops. rdar://problem/18886083 This fixes a bug in the llvm vectorizer, which could sometimes cause vectorized loops to perform an additional iteration, leading to possible buffer overruns. Symptoms of this, which are usually segfaults, were first noticed when building gcc ports, here: https://lists.freebsd.org/pipermail/freebsd-ports/2014-September/095466.html https://lists.freebsd.org/pipermail/freebsd-toolchain/2014-September/001211.html Since this fix is very important for ports, bump __FreeBSD_version to make it easier for port maintainers to test whether the fix has been applied. Upstream PR: http://llvm.org/PR21302 Modified: stable/9/contrib/llvm/lib/Transforms/Vectorize/LoopVectorize.cpp stable/9/sys/sys/param.h Directory Properties: stable/9/contrib/llvm/ (props changed) stable/9/sys/ (props changed) Changes in other areas also in this revision: Modified: stable/10/contrib/llvm/lib/Transforms/Vectorize/LoopVectorize.cpp stable/10/sys/sys/param.h Directory Properties: stable/10/ (props changed) Modified: stable/9/contrib/llvm/lib/Transforms/Vectorize/LoopVectorize.cpp ============================================================================== --- stable/9/contrib/llvm/lib/Transforms/Vectorize/LoopVectorize.cpp Sat Dec 13 04:50:14 2014 (r275741) +++ stable/9/contrib/llvm/lib/Transforms/Vectorize/LoopVectorize.cpp Sat Dec 13 12:14:26 2014 (r275742) @@ -2864,6 +2864,14 @@ bool LoopVectorizationLegality::canVecto if (!TheLoop->getExitingBlock()) return false; + // We only handle bottom-tested loops, i.e. loop in which the condition is + // checked at the end of each iteration. With that we can assume that all + // instructions in the loop are executed the same number of times. + if (TheLoop->getExitingBlock() != TheLoop->getLoopLatch()) { + DEBUG(dbgs() << "LV: loop control flow is not understood by vectorizer\n"); + return false; + } + // We need to have a loop header. DEBUG(dbgs() << "LV: Found a loop: " << TheLoop->getHeader()->getName() << '\n'); Modified: stable/9/sys/sys/param.h ============================================================================== --- stable/9/sys/sys/param.h Sat Dec 13 04:50:14 2014 (r275741) +++ stable/9/sys/sys/param.h Sat Dec 13 12:14:26 2014 (r275742) @@ -58,7 +58,7 @@ * in the range 5 to 9. */ #undef __FreeBSD_version -#define __FreeBSD_version 903506 /* Master, propagated to newvers */ +#define __FreeBSD_version 903507 /* Master, propagated to newvers */ /* * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD,