Date: Thu, 5 May 2016 01:00:40 +1000 (EST) From: Bruce Evans <brde@optusnet.com.au> To: =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= <royger@freebsd.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r299064 - head/sys/kern Message-ID: <20160505001048.I2920@besplex.bde.org> In-Reply-To: <201605041348.u44Dmxd0092688@repo.freebsd.org> References: <201605041348.u44Dmxd0092688@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 4 May 2016, [UTF-8] Roger Pau Monn=C3=A9 wrote:
> Log:
> rtc: fix inverted resolution check
>
> The current code in clock_register checks if the newly added clock has a
> resolution value higher than the current one in order to make it the
> default, which is wrong. Clocks with a lower resolution value should be
> better than ones with a higher resolution value, in fact with the curren=
t
> code FreeBSD is always selecting the worse clock.
> ...
> Modified: head/sys/kern/subr_rtc.c
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D
> --- head/sys/kern/subr_rtc.c=09Wed May 4 12:51:27 2016=09(r299063)
> +++ head/sys/kern/subr_rtc.c=09Wed May 4 13:48:59 2016=09(r299064)
> @@ -84,7 +84,7 @@ clock_register(device_t dev, long res)=09/
> {
>
> =09if (clock_dev !=3D NULL) {
> -=09=09if (clock_res > res) {
> +=09=09if (clock_res <=3D res) {
> =09=09=09if (bootverbose)
> =09=09=09=09device_printf(dev, "not installed as "
> =09=09=09=09 "time-of-day clock: clock %s has higher "
This and the next message are still sort of backwards, and have an off-by-1
error. It is not incorrect for them to say that the current clock has
higher resolution, except for the off-by-1 error. Higher resolution means
numerically lower and this now matches the code. But it is confusing. It
is better to say that the current clock has finer resolution. The off by
1 error is that the current clock is actually also preferred if it has
the same resolution. The wording "finer or equal" is not so good, and
neither is "not coarser"
Other bugs in these messages:
- the first 2 are are obfuscated by splitting them across 3 lines; the
third one is only across 2 lines
- I think they are misformatted (too long) in the output too
- the first message says "not installed", but this function is named
clock_register() and third message says it registers, not installs
- "removed" in the second message is inconsistent with both "registered"
and "installed".
Other bugs in the printf()s:
- tv_nsec has type long. %09ld format handles this perfectly, but %09jd
is used. This requires more verboseness to cast to intmax_t
- though %09ld handles nanoseconds perfectly, it is a bogus format since
the resolution is only microseconds.
- casting tv_sec to intmax_t to print it is excessive. long works on
general time_t values until 2038 and is used a lot elsewhere in kern,
and here the value is an adjustment that is known to be small. In
fact it is 'long res' divided by 2 million, so it is at least 2
million times smaller than needed to print it using %ld.
Bruce
From owner-svn-src-all@freebsd.org Wed May 4 15:25:49 2016
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 53B46B2D956;
Wed, 4 May 2016 15:25:49 +0000 (UTC)
(envelope-from delphij@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 2F15D104D;
Wed, 4 May 2016 15:25:49 +0000 (UTC)
(envelope-from delphij@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u44FPmVB022763;
Wed, 4 May 2016 15:25:48 GMT (envelope-from delphij@FreeBSD.org)
Received: (from delphij@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id u44FPlIo022751;
Wed, 4 May 2016 15:25:47 GMT (envelope-from delphij@FreeBSD.org)
Message-Id: <201605041525.u44FPlIo022751@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: delphij set sender to
delphij@FreeBSD.org using -f
From: Xin LI <delphij@FreeBSD.org>
Date: Wed, 4 May 2016 15:25:47 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
svn-src-releng@freebsd.org
Subject: svn commit: r299066 - in releng/10.3: . crypto/openssl/crypto/asn1
crypto/openssl/crypto/evp crypto/openssl/crypto/x509 lib/libc/db/hash
sys/cddl/compat/opensolaris/kern sys/conf sys/x86/x86
X-SVN-Group: releng
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for "
user" and " projects" \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
<mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>;
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
<mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 04 May 2016 15:25:49 -0000
Author: delphij
Date: Wed May 4 15:25:47 2016
New Revision: 299066
URL: https://svnweb.freebsd.org/changeset/base/299066
Log:
Fix multiple OpenSSL vulnerabilitites. [SA-16:17]
Fix performance regression in libc hash(3). [EN-16:06]
Fix excessive latency in x86 IPI delivery. [EN-16:07]
Fix memory leak in ZFS. [EN-16:08]
Approved by: so
Modified:
releng/10.3/UPDATING
releng/10.3/crypto/openssl/crypto/asn1/a_type.c
releng/10.3/crypto/openssl/crypto/asn1/tasn_dec.c
releng/10.3/crypto/openssl/crypto/asn1/tasn_enc.c
releng/10.3/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
releng/10.3/crypto/openssl/crypto/evp/encode.c
releng/10.3/crypto/openssl/crypto/evp/evp_enc.c
releng/10.3/crypto/openssl/crypto/x509/x509_obj.c
releng/10.3/lib/libc/db/hash/hash.c
releng/10.3/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c
releng/10.3/sys/conf/newvers.sh
releng/10.3/sys/x86/x86/local_apic.c
Modified: releng/10.3/UPDATING
==============================================================================
--- releng/10.3/UPDATING Wed May 4 13:49:59 2016 (r299065)
+++ releng/10.3/UPDATING Wed May 4 15:25:47 2016 (r299066)
@@ -16,7 +16,20 @@ from older versions of FreeBSD, try WITH
stable/10, and then rebuild without this option. The bootstrap process from
older version of current is a bit fragile.
-20150429 p1 FreeBSD-SA-16:16.ntp
+20160504 p2 FreeBSD-SA-16:17.openssl
+ FreeBSD-EN-16:06.libc
+ FreeBSD-EN-16:07.ipi
+ FreeBSD-EN-16:08.zfs
+
+ Fix multiple OpenSSL vulnerabilitites. [SA-16:17]
+
+ Fix performance regression in libc hash(3). [EN-16:06]
+
+ Fix excessive latency in x86 IPI delivery. [EN-16:07]
+
+ Fix memory leak in ZFS. [EN-16:08]
+
+20160429 p1 FreeBSD-SA-16:16.ntp
Fix multiple vulnerabilities of ntp.
Modified: releng/10.3/crypto/openssl/crypto/asn1/a_type.c
==============================================================================
--- releng/10.3/crypto/openssl/crypto/asn1/a_type.c Wed May 4 13:49:59 2016 (r299065)
+++ releng/10.3/crypto/openssl/crypto/asn1/a_type.c Wed May 4 15:25:47 2016 (r299066)
@@ -126,9 +126,7 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, co
result = 0; /* They do not have content. */
break;
case V_ASN1_INTEGER:
- case V_ASN1_NEG_INTEGER:
case V_ASN1_ENUMERATED:
- case V_ASN1_NEG_ENUMERATED:
case V_ASN1_BIT_STRING:
case V_ASN1_OCTET_STRING:
case V_ASN1_SEQUENCE:
Modified: releng/10.3/crypto/openssl/crypto/asn1/tasn_dec.c
==============================================================================
--- releng/10.3/crypto/openssl/crypto/asn1/tasn_dec.c Wed May 4 13:49:59 2016 (r299065)
+++ releng/10.3/crypto/openssl/crypto/asn1/tasn_dec.c Wed May 4 15:25:47 2016 (r299066)
@@ -903,9 +903,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const
break;
case V_ASN1_INTEGER:
- case V_ASN1_NEG_INTEGER:
case V_ASN1_ENUMERATED:
- case V_ASN1_NEG_ENUMERATED:
tint = (ASN1_INTEGER **)pval;
if (!c2i_ASN1_INTEGER(tint, &cont, len))
goto err;
Modified: releng/10.3/crypto/openssl/crypto/asn1/tasn_enc.c
==============================================================================
--- releng/10.3/crypto/openssl/crypto/asn1/tasn_enc.c Wed May 4 13:49:59 2016 (r299065)
+++ releng/10.3/crypto/openssl/crypto/asn1/tasn_enc.c Wed May 4 15:25:47 2016 (r299066)
@@ -611,9 +611,7 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsig
break;
case V_ASN1_INTEGER:
- case V_ASN1_NEG_INTEGER:
case V_ASN1_ENUMERATED:
- case V_ASN1_NEG_ENUMERATED:
/*
* These are all have the same content format as ASN1_INTEGER
*/
Modified: releng/10.3/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
==============================================================================
--- releng/10.3/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c Wed May 4 13:49:59 2016 (r299065)
+++ releng/10.3/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c Wed May 4 15:25:47 2016 (r299066)
@@ -59,6 +59,7 @@
# include <openssl/aes.h>
# include <openssl/sha.h>
# include "evp_locl.h"
+# include "constant_time_locl.h"
# ifndef EVP_CIPH_FLAG_AEAD_CIPHER
# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000
@@ -286,6 +287,8 @@ static int aesni_cbc_hmac_sha1_cipher(EV
maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
maxpad &= 255;
+ ret &= constant_time_ge(maxpad, pad);
+
inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
inp_len &= mask;
Modified: releng/10.3/crypto/openssl/crypto/evp/encode.c
==============================================================================
--- releng/10.3/crypto/openssl/crypto/evp/encode.c Wed May 4 13:49:59 2016 (r299065)
+++ releng/10.3/crypto/openssl/crypto/evp/encode.c Wed May 4 15:25:47 2016 (r299066)
@@ -57,6 +57,7 @@
*/
#include <stdio.h>
+#include <limits.h>
#include "cryptlib.h"
#include <openssl/evp.h>
@@ -151,13 +152,13 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ct
const unsigned char *in, int inl)
{
int i, j;
- unsigned int total = 0;
+ size_t total = 0;
*outl = 0;
if (inl <= 0)
return;
OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
- if ((ctx->num + inl) < ctx->length) {
+ if (ctx->length - ctx->num > inl) {
memcpy(&(ctx->enc_data[ctx->num]), in, inl);
ctx->num += inl;
return;
@@ -174,7 +175,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ct
*out = '\0';
total = j + 1;
}
- while (inl >= ctx->length) {
+ while (inl >= ctx->length && total <= INT_MAX) {
j = EVP_EncodeBlock(out, in, ctx->length);
in += ctx->length;
inl -= ctx->length;
@@ -183,6 +184,11 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ct
*out = '\0';
total += j + 1;
}
+ if (total > INT_MAX) {
+ /* Too much output data! */
+ *outl = 0;
+ return;
+ }
if (inl != 0)
memcpy(&(ctx->enc_data[0]), in, inl);
ctx->num = inl;
Modified: releng/10.3/crypto/openssl/crypto/evp/evp_enc.c
==============================================================================
--- releng/10.3/crypto/openssl/crypto/evp/evp_enc.c Wed May 4 13:49:59 2016 (r299065)
+++ releng/10.3/crypto/openssl/crypto/evp/evp_enc.c Wed May 4 15:25:47 2016 (r299066)
@@ -334,7 +334,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ct
bl = ctx->cipher->block_size;
OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
if (i != 0) {
- if (i + inl < bl) {
+ if (bl - i > inl) {
memcpy(&(ctx->buf[i]), in, inl);
ctx->buf_len += inl;
*outl = 0;
Modified: releng/10.3/crypto/openssl/crypto/x509/x509_obj.c
==============================================================================
--- releng/10.3/crypto/openssl/crypto/x509/x509_obj.c Wed May 4 13:49:59 2016 (r299065)
+++ releng/10.3/crypto/openssl/crypto/x509/x509_obj.c Wed May 4 15:25:47 2016 (r299066)
@@ -117,8 +117,9 @@ char *X509_NAME_oneline(X509_NAME *a, ch
type == V_ASN1_PRINTABLESTRING ||
type == V_ASN1_TELETEXSTRING ||
type == V_ASN1_VISIBLESTRING || type == V_ASN1_IA5STRING) {
- ascii2ebcdic(ebcdic_buf, q, (num > sizeof ebcdic_buf)
- ? sizeof ebcdic_buf : num);
+ if (num > (int)sizeof(ebcdic_buf))
+ num = sizeof(ebcdic_buf);
+ ascii2ebcdic(ebcdic_buf, q, num);
q = ebcdic_buf;
}
#endif
Modified: releng/10.3/lib/libc/db/hash/hash.c
==============================================================================
--- releng/10.3/lib/libc/db/hash/hash.c Wed May 4 13:49:59 2016 (r299065)
+++ releng/10.3/lib/libc/db/hash/hash.c Wed May 4 15:25:47 2016 (r299066)
@@ -423,7 +423,8 @@ hdestroy(HTAB *hashp)
free(hashp->tmp_buf);
if (hashp->fp != -1) {
- (void)_fsync(hashp->fp);
+ if (hashp->save_file)
+ (void)_fsync(hashp->fp);
(void)_close(hashp->fp);
}
Modified: releng/10.3/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c
==============================================================================
--- releng/10.3/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c Wed May 4 13:49:59 2016 (r299065)
+++ releng/10.3/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c Wed May 4 15:25:47 2016 (r299066)
@@ -196,6 +196,7 @@ mount_snapshot(kthread_t *td, vnode_t **
VI_UNLOCK(vp);
vrele(vp);
vfs_unbusy(mp);
+ vfs_freeopts(mp->mnt_optnew);
vfs_mount_destroy(mp);
*vpp = NULL;
return (error);
Modified: releng/10.3/sys/conf/newvers.sh
==============================================================================
--- releng/10.3/sys/conf/newvers.sh Wed May 4 13:49:59 2016 (r299065)
+++ releng/10.3/sys/conf/newvers.sh Wed May 4 15:25:47 2016 (r299066)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="10.3"
-BRANCH="RELEASE-p1"
+BRANCH="RELEASE-p2"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
Modified: releng/10.3/sys/x86/x86/local_apic.c
==============================================================================
--- releng/10.3/sys/x86/x86/local_apic.c Wed May 4 13:49:59 2016 (r299065)
+++ releng/10.3/sys/x86/x86/local_apic.c Wed May 4 15:25:47 2016 (r299066)
@@ -56,6 +56,7 @@ __FBSDID("$FreeBSD$");
#include <vm/pmap.h>
#include <x86/apicreg.h>
+#include <machine/clock.h>
#include <machine/cputypes.h>
#include <machine/frame.h>
#include <machine/intr_machdep.h>
@@ -158,6 +159,9 @@ volatile lapic_t *lapic;
vm_paddr_t lapic_paddr;
static u_long lapic_timer_divisor;
static struct eventtimer lapic_et;
+#ifdef SMP
+static uint64_t lapic_ipi_wait_mult;
+#endif
static void lapic_enable(void);
static void lapic_resume(struct pic *pic, bool suspend_cancelled);
@@ -221,6 +225,9 @@ lvt_mode(struct lapic *la, u_int pin, ui
void
lapic_init(vm_paddr_t addr)
{
+#ifdef SMP
+ uint64_t r, r1, r2, rx;
+#endif
u_int regs[4];
int i, arat;
@@ -275,6 +282,38 @@ lapic_init(vm_paddr_t addr)
lapic_et.et_priv = NULL;
et_register(&lapic_et);
}
+
+#ifdef SMP
+#define LOOPS 1000000
+ /*
+ * Calibrate the busy loop waiting for IPI ack in xAPIC mode.
+ * lapic_ipi_wait_mult contains the number of iterations which
+ * approximately delay execution for 1 microsecond (the
+ * argument to native_lapic_ipi_wait() is in microseconds).
+ *
+ * We assume that TSC is present and already measured.
+ * Possible TSC frequency jumps are irrelevant to the
+ * calibration loop below, the CPU clock management code is
+ * not yet started, and we do not enter sleep states.
+ */
+ KASSERT((cpu_feature & CPUID_TSC) != 0 && tsc_freq != 0,
+ ("TSC not initialized"));
+ r = rdtsc();
+ for (rx = 0; rx < LOOPS; rx++) {
+ (void)lapic->icr_lo;
+ ia32_pause();
+ }
+ r = rdtsc() - r;
+ r1 = tsc_freq * LOOPS;
+ r2 = r * 1000000;
+ lapic_ipi_wait_mult = r1 >= r2 ? r1 / r2 : 1;
+ if (bootverbose) {
+ printf("LAPIC: ipi_wait() us multiplier %ju (r %ju tsc %ju)\n",
+ (uintmax_t)lapic_ipi_wait_mult, (uintmax_t)r,
+ (uintmax_t)tsc_freq);
+ }
+#undef LOOPS
+#endif /* SMP */
}
/*
@@ -1381,25 +1420,20 @@ SYSINIT(apic_setup_io, SI_SUB_INTR, SI_O
* private to the MD code. The public interface for the rest of the
* kernel is defined in mp_machdep.c.
*/
+
+/*
+ * Wait delay microseconds for IPI to be sent. If delay is -1, we
+ * wait forever.
+ */
int
lapic_ipi_wait(int delay)
{
- int x;
-
- /*
- * Wait delay microseconds for IPI to be sent. If delay is
- * -1, we wait forever.
- */
- if (delay == -1) {
- while ((lapic->icr_lo & APIC_DELSTAT_MASK) != APIC_DELSTAT_IDLE)
- ia32_pause();
- return (1);
- }
+ uint64_t rx;
- for (x = 0; x < delay; x += 5) {
+ for (rx = 0; delay == -1 || rx < lapic_ipi_wait_mult * delay; rx++) {
if ((lapic->icr_lo & APIC_DELSTAT_MASK) == APIC_DELSTAT_IDLE)
return (1);
- DELAY(5);
+ ia32_pause();
}
return (0);
}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160505001048.I2920>