From owner-freebsd-bugs@freebsd.org  Sun Jan 24 00:13:59 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 21E2DA8FEAB
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 00:13:59 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id ED0CD1FBB
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 00:13:58 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0O0DwGU028444
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 00:13:58 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206551] Integer overflow in iconv kernel module
Date: Sun, 24 Jan 2016 00:13:59 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ertl.chris@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-206551-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 00:13:59 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206551

            Bug ID: 206551
           Summary: Integer overflow in iconv kernel module
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: ertl.chris@gmail.com

After loading the iconv kernel module, a new sysctl name, "kern.iconv.add" =
is
accessible for `root` user.

This is handled with the following code:

    static int
    iconv_sysctl_add(SYSCTL_HANDLER_ARGS)
    {
        ...
        if (din.ia_datalen > ICONV_CSMAXDATALEN)
            return EINVAL;
        ...
        if (din.ia_datalen) {
            csp->cp_data =3D malloc(din.ia_datalen, M_ICONVDATA, M_WAITOK);
            error =3D copyin(din.ia_data, csp->cp_data, din.ia_datalen);
            if (error)
                goto bad;
        }
        ...
    }

Since the `ia_datalen` member of `struct iconv_add_in` is signed:

    struct iconv_add_in {
        int     ia_version;
        char    ia_converter[ICONV_CNVNMAXLEN];
        char    ia_to[ICONV_CSNMAXLEN];
        char    ia_from[ICONV_CSNMAXLEN];
        int     ia_datalen;
        const void *ia_data;
    };

The check on user supplied `din.ia_datalen` is insufficient. If a negative
value is passed, it will bypass the check, and then wraparound to a huge va=
lue
when converted to an `unsigned` type to be passed to `malloc` and `copyin`.=
 For
example, passing `-1` will bypass the check, and then attempt to allocate a=
nd
copy to a buffer of size `0xffffffff`.

The impact of this is low, since it is only triggerable as `root`, and coul=
d at
most result in DoS.

The solution is to replace this check:

    if (din.ia_datalen > ICONV_CSMAXDATALEN)

With this:

    if (din.ia_datalen > ICONV_CSMAXDATALEN || din.ia_datalen < 0)

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 00:31:56 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8C768A8497C
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 00:31:56 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 7AE501D2E
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 00:31:56 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0O0Vus8062635
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 00:31:56 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206551] Integer overflow in iconv kernel module
Date: Sun, 24 Jan 2016 00:31:56 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: op@freebsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable10?
X-Bugzilla-Changed-Fields: flagtypes.name
Message-ID: <bug-206551-8-h3tkp3cJJW@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206551-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206551-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 00:31:56 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206551

Oliver Pinter <op@freebsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|                            |mfc-stable10?

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 00:39:01 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 80873A84B1D
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 00:39:01 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 713671ED1
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 00:39:01 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0O0d1fw075794
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 00:39:01 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206551] Integer overflow in iconv kernel module
Date: Sun, 24 Jan 2016 00:39:01 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ertl.chris@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable10?
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206551-8-i5XrX6ExyO@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206551-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206551-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 00:39:01 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206551

--- Comment #1 from CTurt <ertl.chris@gmail.com> ---
Sorry, made a mistake in my report.

Supplying a size of `-1` actually passes `0xffffffffffffffff` to `malloc` a=
nd
`copyin`.

However, since `malloc` truncates sizes to 32bit (at least version 9.0 did),
this will result in an allocation of `0xffffffff`, but copy length of
`0xffffffffffffffff`.

If there is enough memory for this allocation to succeed, a heap overflow w=
ill
occur.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 00:42:54 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 29288A84DBA
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 00:42:54 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 1794111D3
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 00:42:54 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0O0grqH086912
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 00:42:53 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206551] Heap overflow in iconv kernel module
Date: Sun, 24 Jan 2016 00:42:54 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ertl.chris@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable10?
X-Bugzilla-Changed-Fields: short_desc
Message-ID: <bug-206551-8-W2chDL2wEw@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206551-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206551-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 00:42:54 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206551

CTurt <ertl.chris@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|Integer overflow in iconv   |Heap overflow in iconv
                   |kernel module               |kernel module

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 01:20:14 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 23D5CA8E8AB
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 01:20:14 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id EE1AD1EE2
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 01:20:13 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0O1KDZJ088961
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 01:20:13 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206552] [libc] Possible buffer overflow after flushing
 line-buffered files when only partial data was written
Date: Sun, 24 Jan 2016 01:20:13 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: mccoy@doctor.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
 attachments.created
Message-ID: <bug-206552-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 01:20:14 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206552

            Bug ID: 206552
           Summary: [libc] Possible buffer overflow after flushing
                    line-buffered files when only partial data was written
           Product: Base System
           Version: 10.2-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: mccoy@doctor.com

Created attachment 166034
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D166034&action=
=3Dedit
A test program that demonstrates the buffer overflow

Please see attached file evil.c for a possible scenario where it's possible=
 to
trigger buffer overflow.

It uses a somewhat contrived example of non-blocking pipes as an underlying
file descriptor, mainly because it's easy to trigger (partially) failed wri=
tes.

The defect can be located in the code /usr/src/lib/libc/stdio/fflush.c and
function __sflush. Line-buffered files where write(s) has partially succeed=
ed
will have their internal write pointer increased, but not getting a
corresponding write space decrease.

(so, the defect is: if fp is a FILE *, then fp->_p is increased but fp->_w =
is
NOT decreased in this situation)

Sample output on my FREEBSD 10.2-RELEASE-p7 amd64 machine:

zsh 1311 % cc evil.c -o evil && ./evil
rc from fread(1): 1
rc from fwrite(1): 1
rc from fwrite(1021): 1021
rc from fflush: -1
rc from fwrite(1): 1
rc from fwrite(4): 4
Canary overwritten: 97 65 98 66

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 09:39:30 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2EFF57393
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 09:39:30 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 1F6A5A8E
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 09:39:30 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0O9dTLr025279
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 09:39:29 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206551] Heap overflow in iconv kernel module
Date: Sun, 24 Jan 2016 09:39:29 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ecturt@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable10?
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206551-8-S0P8GGMmic@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206551-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206551-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 09:39:30 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206551

--- Comment #2 from CTurt <ecturt@gmail.com> ---
It's worth noting that the minimum size which can be passed for a signed 32=
bit
integer is `-0x7fffffff`, which wraps around to `0xffffffff80000001`.

If on FreeBSD 9, when this size goes through `malloc` it will eventually be
passed down to `uma_large_malloc`, which treats size as `vm_size_t`, a type=
def
for a 32bit unsigned integer, this means the size will truncate to `0x80000=
001`
(just over 2GB).

An allocation of 2GB is much more likely to succeed. And once it has succee=
ded,
`copyin` will attempt to copy `0xffffffff80000001` bytes from userland into
this allocation, which will clearly result in a heap overflow.

The size of this heap overflow could be controlled by unmapping the page af=
ter
the userland mapping, resulting in the function returning `EFAULT` once it =
has
reached the end of the userland mapping. With a heap overflow of controllab=
le
size and contents, this bug shouldn't be difficult to exploit. I've
demonstrated a similar exploit for PS4 kernel using `kevent` for heap layout
manipulation primitives.

Fortunately, for later versions of FreeBSD, the inner calls of `malloc`
correctly handle `size` as 64bit types, which means the worst that can happ=
en
is the thread locking up whilst trying to allocate `0xffffffff80000001` byt=
es
(because `M_WAITOK` is passed).

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 09:41:16 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0FB657506
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 09:41:16 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id EAEF7C7F
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 09:41:15 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0O9fFov029470
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 09:41:15 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206516] [patch] Teach ofw_bus_parse_xref_list_alloc to be able
 to return the length of the parsed list
Date: Sun, 24 Jan 2016 09:41:15 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: patch
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: sgalabov@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206516-8-sGWpEVrSZX@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206516-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206516-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 09:41:16 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206516

--- Comment #1 from Stanislav Galabov <sgalabov@gmail.com> ---
This bug is now followed at:
https://reviews.freebsd.org/D5043

Will continue work there.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 09:42:05 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 343367561
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 09:42:05 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 24A2DD76
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 09:42:05 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0O9g5Xl034044
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 09:42:05 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206536] Warnings during buildworld possibly affecting build of
 up-to-date make
Date: Sun, 24 Jan 2016 09:42:05 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: dave.evans55@googlemail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206536-8-rlKdzYeerE@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206536-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206536-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 09:42:05 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206536

--- Comment #2 from Dave Evans <dave.evans55@googlemail.com> ---
The host I was building on was FreeBSD 11.0-CURRENT #3 r294529 amd64 which I
built about 3 days ago.

The target I was building for was  stable/9 i386

svn info reports in my src directory:

Revision: 294529

Last Changed Rev: 294457

Last Changed Date: 2016-01-20 19:56:43 +0000 (Wed, 20 Jan 2016)

I also tried an amd64 build with the same results. This is the one I report=
ed
about.

The i386 build has successfully completed.  I stopped the amd64 build after=
 a
couple of minutes once it had logged the warnings.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 10:12:27 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5D7B57D5A
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 10:12:27 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4D7D4A05
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 10:12:27 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OACQiW028585
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 10:12:27 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206551] Heap overflow in iconv kernel module
Date: Sun, 24 Jan 2016 10:12:26 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-patch, needs-qa, security
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: koobs@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: keywords flagtypes.name
Message-ID: <bug-206551-8-TPmTGV1dJ8@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206551-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206551-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 10:12:27 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206551

Kubilay Kocak <koobs@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |needs-patch, needs-qa,
                   |                            |security
              Flags|                            |mfc-stable9?

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 10:34:02 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 11CD27493
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 10:34:02 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 02224828
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 10:34:02 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OAY11D070703
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 10:34:01 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206551] Heap overflow in iconv kernel module
Date: Sun, 24 Jan 2016 10:34:02 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-patch, needs-qa, security
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ecturt@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206551-8-PudB7tcGIy@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206551-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206551-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 10:34:02 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206551

--- Comment #3 from CTurt <ecturt@gmail.com> ---
In the disassembly of `libiconv.so`, the check is performed on an `unsigned
int` for some reason:

    unsigned int v24;
    ...
    && v24 <=3D 0x41000

I'm not sure why this is, considering the type of `ia_data` is `int`, which
should imply `signed` by default.

However, this means that it's not actually triggerable; `EINVAL` is returned
for an `ia_data` of `-1`. I've tested on FreeBSD 9.0, and 10.2

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 11:41:30 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id AD8FA7D75
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 11:41:30 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9E914EC9
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 11:41:30 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OBfUaX069264
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 11:41:30 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206528] Emulex LPe 16002 FC HBA Not Recognized by oce(4) driver
Date: Sun, 24 Jan 2016 11:41:30 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-RELEASE
X-Bugzilla-Keywords: feature, needs-patch, needs-qa
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: ohauer@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable10?
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-206528-8-PTaxboC2Kq@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206528-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206528-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 11:41:30 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206528

Olli Hauer <ohauer@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ohauer@FreeBSD.org

--- Comment #1 from Olli Hauer <ohauer@FreeBSD.org> ---
Hm, looking man(4) oce there is a hint to address such issues to emulex.
I was myself looking the last days for an LPe12000 (FC) driver (no luck) but
there is one for the LPe16000 on the emulex site
http://www.emulex.com/downloads/emulex/drivers/freebsd/freebsd-10/drivers/

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 12:34:54 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9218799985E
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 12:34:54 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 835733AB
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 12:34:54 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OCYsPa072920
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 12:34:54 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206567] [msk] msk0: watchdog timeout - 88E8053 on i386
Date: Sun, 24 Jan 2016 12:34:54 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 9.3-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: bugs.freebsd.org@cmb.ch
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter cc
Message-ID: <bug-206567-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 12:34:54 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206567

            Bug ID: 206567
           Summary: [msk] msk0: watchdog timeout - 88E8053 on i386
           Product: Base System
           Version: 9.3-STABLE
          Hardware: i386
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: bugs.freebsd.org@cmb.ch
                CC: freebsd-i386@FreeBSD.org
                CC: freebsd-i386@FreeBSD.org

On my MacMini (Late 2006, Macmini1,1, MA607*/A), the msk0 interface shows
usually this:
Jan  1 22:29:17 beastli kernel: msk0: watchdog timeout
Jan  1 22:29:17 beastli kernel: msk0: link state changed to DOWN
Jan  1 22:29:20 beastli kernel: msk0: link state changed to UP

and thereafter the interface won't transport any data anymore. Only a reboot
helps. This is since 9.2 (for over a year).
I have looked at patches found in this bug forum but it didn't help.

This happens when quite some traffic goes oer the interface, I presume. It
happens either once a week or every 30 minutes...

Anything I can switch on/off to configure?
Or anything I can do to circumvent the reboot? (as kernel module could be a
way) as read in #150257 ?

Thanks
Christian

Platform info:

PF firewall confugured

FreeBSD 9.3-RELEASE-p33 #0: Thu Jan 14 00:48:15 UTC 2016

mskc0: <Marvell Yukon 88E8053 Gigabit Ethernet> mem 0x90200000-0x90203fff i=
rq
16 at device 0.0 on pci1
msk0: <Marvell Technology Group Ltd. Yukon EC Id 0xb6 Rev 0x02> on mskc0
msk0: Ethernet address: 00:16:xx:yy:aa:qq
miibus0: <MII bus> on msk0
e1000phy0: <Marvell 88E1111 Gigabit PHY> PHY 0 on miibus0
e1000phy0:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT,
1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto, auto-flow

root@beastli:~ # pciconf -lbceVv @pci0:1:0:0:
mskc0@pci0:1:0:0:       class=3D0x020000 card=3D0x532111ab chip=3D0x436211a=
b rev=3D0x22
hdr=3D0x00
    vendor     =3D 'Marvell Technology Group Ltd.'
    device     =3D '88E8053 PCI-E Gigabit Ethernet Controller'
    class      =3D network
    subclass   =3D ethernet
    bar   [10] =3D type Memory, range 64, base 0x90200000, size 16384, enab=
led
    bar   [18] =3D type I/O Port, range 32, base 0x1000, size 256, disabled
    cap 01[48] =3D powerspec 2  supports D0 D1 D2 D3  current D0
    cap 03[50] =3D VPD
    cap 05[5c] =3D MSI supports 2 messages, 64 bit enabled with 1 message
    cap 10[e0] =3D PCI-Express 1 legacy endpoint max data 128(128) link x1(=
x1)
                 speed 2.5(2.5) ASPM disabled(L0s)
ecap 0001[100] =3D AER 1 0 fatal 0 non-fatal 1 corrected
  PCI-e errors =3D Correctable Error Detected
                 Non-Fatal Error Detected
                 Unsupported Request Detected
     Corrected =3D Receiver Error
    VPD ident  =3D 'Marvell Yukon 88E8053 Gigabit Ethernet Controller'
    VPD ro PN  =3D 'Yukon 88E8053'
    VPD ro EC  =3D 'Rev. 2.2'
    VPD ro MN  =3D 'Marvell'
    VPD ro SN  =3D 'AbCdEfG334455'
    VPD ro CP  =3D ID 01 in map 0x50[0x3cc]
    VPD rw VE  =3D '00'

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 12:35:02 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 08B1399989F
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 12:35:02 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id EDD165E3
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 12:35:01 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OCZ1rg075303
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 12:35:01 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206528] Emulex LPe 16002 FC HBA Not Recognized by oce(4) driver
Date: Sun, 24 Jan 2016 12:35:02 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-RELEASE
X-Bugzilla-Keywords: feature, needs-patch, needs-qa
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: ronald.valente@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable10?
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206528-8-10hgMVl5mA@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206528-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206528-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 12:35:02 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206528

--- Comment #2 from Ron <ronald.valente@gmail.com> ---
I looked there before opening the case, for me I just see this under downlo=
ad:
"Ethernet Driver - Use inbox driver"

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 13:44:32 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 229719C2008
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 13:44:32 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 13900C32
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 13:44:32 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0ODiVNK017933
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 13:44:31 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206573] Improper userland pointer handling in aacraid
Date: Sun, 24 Jan 2016 13:44:32 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: misc
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: ecturt@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-206573-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 13:44:32 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206573

            Bug ID: 206573
           Summary: Improper userland pointer handling in aacraid
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: misc
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: ecturt@gmail.com

The `aac_ioctl_send_raw_srb` function can be reached by supplying the
`FSACTL_LNX_SEND_RAW_SRB` command to `aac_ioctl`. This code path dereferenc=
es a
user supplied pointer directly:

static int
aac_ioctl_send_raw_srb(struct aac_softc *sc, caddr_t arg)
{
        struct aac_srb *user_srb =3D (struct aac_srb *)arg;

        ...

        if ((error =3D copyin((void *)user_srb, srbcmd, fibsize) !=3D 0))=20
                goto out;

        ...

        struct aac_sg_entry *sgp =3D srbcmd->sg_map.SgEntry;

        ...

        srb_sg_bytecount =3D sgp->SgByteCount;

        ...
}

`srbcmd` has user controlled contents (after `copyin` from `user_srb`).

`sgp` is set to a user controlled address (`srbcmd->sg_map.SgEntry`).

`sgp` is then dereferenced numerous times (`sgp->SgByteCount`).

One impact of this improper handling is that `sgp` could be `NULL`, which w=
ould
result in a `NULL` dereference, and panic.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 13:50:06 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 20DEC9C21D7
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 13:50:06 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 11C17CE8
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 13:50:06 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0ODo5MZ025964
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 13:50:05 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206573] Improper userland pointer handling in aacraid
Date: Sun, 24 Jan 2016 13:50:06 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: misc
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: ecturt@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206573-8-9jNghzTL0c@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206573-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206573-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 13:50:06 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206573

--- Comment #1 from CTurt <ecturt@gmail.com> ---
I've committed a patch to HardenedBSD:
https://github.com/HardenedBSD/hardenedBSD-playground/commit/48d6f11271b93a=
265184de813e32dba8f5cf76f9

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 13:59:35 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1ACAB9C26AA
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 13:59:35 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 0B44893A
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 13:59:35 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0ODxYZh046005
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 13:59:34 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206573] Improper userland pointer handling in aacraid
Date: Sun, 24 Jan 2016 13:59:35 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: misc
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-qa, patch
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: koobs@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: keywords bug_file_loc
Message-ID: <bug-206573-8-xNrihYck6H@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206573-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206573-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 13:59:35 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206573

Kubilay Kocak <koobs@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |needs-qa, patch
                URL|                            |https://github.com/Hardened
                   |                            |BSD/hardenedBSD-playground/
                   |                            |commit/48d6f11271b93a265184
                   |                            |de813e32dba8f5cf76f9

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 15:51:03 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3DAA09D9206
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 15:51:03 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 1453A1166
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 15:51:03 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OFp2QO093850
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 15:51:02 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206579] Multiple vulnerabilities in AMR ioctl handler
Date: Sun, 24 Jan 2016 15:51:03 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ecturt@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-206579-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 15:51:03 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206579

            Bug ID: 206579
           Summary: Multiple vulnerabilities in AMR ioctl handler
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: ecturt@gmail.com

The `amr_ioctl` handler contains userland dereferences, and no bound checks=
 on
user supplied sizes.

The only time where the `addr` is correctly accessed by `copyin` is in the
Linux emulation commands, like `0xc06e6d00`:

    error =3D copyin(addr, &ali, sizeof(ali));

The rest of the commands use a union called `arg` is setup to make incorrec=
tly
dealing with `addr` easier:

    union {
        void                    *_p;
        struct amr_user_ioctl   *au;
    #ifdef AMR_IO_COMMAND32
        struct amr_user_ioctl32 *au32;
    #endif
        int                     *result;
    } arg;

    ...

    arg._p =3D (void *)addr;

The most serious issue is the `AMR_IO_VERSION` command, writing its output
directly without using `copyout`:

case AMR_IO_VERSION:
        debug(1, "AMR_IO_VERSION");
        *arg.result =3D AMR_IO_VERSION_NUMBER;
        return(0);

The address of this write is completely user controlled, and can be used to
write arbitrary kernel memory.

Another issue stems from supplying the `AMR_IO_COMMAND` command. A user
supplied size will be fetched (without `copyin`):

    au_length =3D arg.au->au_length;

Which is then used by `malloc` and `copyin` without any boundary checks:

/* handle inbound data buffer */
real_length =3D amr_ioctl_buffer_length(au_length);
dp =3D malloc(real_length, M_AMR, M_WAITOK|M_ZERO);
if (au_length !=3D 0 && au_cmd[0] !=3D 0x06) {
        if ((error =3D copyin(au_buffer, dp, au_length)) !=3D 0) {
                free(dp, M_AMR);
                return (error);
        }
        debug(2, "copyin %ld bytes from %p -> %p", au_length, au_buffer, dp=
);
}

On FreeBSD 9, we could abuse the 32bit size truncation in `uma_large_malloc=
` to
get a heap overflow from this. On later versions, allocating large sizes can
probably only be used to DoS the system.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 15:52:48 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0D3869D9313
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 15:52:48 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id F192413CF
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 15:52:47 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OFqlsE099249
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 15:52:47 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206528] Emulex LPe 16002 FC HBA Not Recognized by oce(4) driver
Date: Sun, 24 Jan 2016 15:52:48 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-RELEASE
X-Bugzilla-Keywords: feature, needs-patch, needs-qa
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: ohauer@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable10?
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206528-8-SAMK70yIHu@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206528-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206528-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 15:52:48 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206528

--- Comment #3 from Olli Hauer <ohauer@FreeBSD.org> ---
Hi Ron,
you are right no download for 10.x, but there is a driver for 9.3 in the old
pkg format.
I'm not sure if it will work on 10.x and for FC but maybe give it a try.

Perhaps Koobs or another Bugzilla admin can add the Emulex contact email
address freebsd-drivers@emulex.com to the PR (does not exist until now so I
cannot add the address to the CC list)

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 16:07:04 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A8F8D9D999A
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 16:07:04 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 99C401CC2
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 16:07:04 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OG74YH058939
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 16:07:04 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206579] Multiple vulnerabilities in AMR ioctl handler
Date: Sun, 24 Jan 2016 16:07:04 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ecturt@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206579-8-kbmYlb1pUG@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206579-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206579-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 16:07:04 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206579

--- Comment #1 from CTurt <ecturt@gmail.com> ---
Forgot to mention, the file is `sys/dev/amr/amr.c`.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 16:15:07 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id F21499D9E07
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 16:15:07 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id E25706E5
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 16:15:07 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OGF7W1075920
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 16:15:07 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206528] Emulex LPe 16002 FC HBA Not Recognized by oce(4) driver
Date: Sun, 24 Jan 2016 16:15:08 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-RELEASE
X-Bugzilla-Keywords: feature, needs-patch, needs-qa
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: ronald.valente@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable10?
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206528-8-cqhziLFL2Q@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206528-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206528-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 16:15:08 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206528

--- Comment #4 from Ron <ronald.valente@gmail.com> ---
I will give it a shot shortly, last time I tried this I had failures due to=
 the
change from gcc to clang. Will report back shortly.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 16:26:59 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 14268716B
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 16:26:59 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 0446ADBE
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 16:26:59 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OGQwBU097740
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 16:26:58 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206528] Emulex LPe 16002 FC HBA Not Recognized by oce(4) driver
Date: Sun, 24 Jan 2016 16:26:58 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-RELEASE
X-Bugzilla-Keywords: feature, needs-patch, needs-qa
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: ohauer@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable10?
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206528-8-aGgYiS5gTr@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206528-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206528-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 16:26:59 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206528

--- Comment #5 from Olli Hauer <ohauer@FreeBSD.org> ---
I forgot the change from gcc to clang already.
oce.ko is a static module, and even it works I wouldn't trust in production
without a vendor statement.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 16:31:43 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id DD13472D6
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 16:31:43 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id B3E56FB4
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 16:31:43 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OGVhjh008002
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 16:31:43 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206581] bxe_ioctl_nvram handler is faulty
Date: Sun, 24 Jan 2016 16:31:43 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ecturt@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-206581-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 16:31:44 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206581

            Bug ID: 206581
           Summary: bxe_ioctl_nvram handler is faulty
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: ecturt@gmail.com

Take a look at the start of `bxe_ioctl_nvram` from `sys/dev/bxe/bxe.c`:

static int
bxe_ioctl_nvram(struct bxe_softc *sc,
                uint32_t         priv_op,
                struct ifreq     *ifr)
{
    struct bxe_nvram_data nvdata_base;
    struct bxe_nvram_data *nvdata;
    int len;
    int error =3D 0;

    copyin(ifr->ifr_data, &nvdata_base, sizeof(nvdata_base));

    len =3D (sizeof(struct bxe_nvram_data) +
           nvdata_base.len -
           sizeof(uint32_t));

    if (len > sizeof(struct bxe_nvram_data)) {
        if ((nvdata =3D (struct bxe_nvram_data *)
                 malloc(len, M_DEVBUF,
                        (M_NOWAIT | M_ZERO))) =3D=3D NULL) {
            BLOGE(sc, "BXE_IOC_RD_NVRAM malloc failed\n");
            return (1);
        }
        memcpy(nvdata, &nvdata_base, sizeof(struct bxe_nvram_data));
    } else {
        nvdata =3D &nvdata_base;
    }

    ...
}

Firstly, the result from `copyin` isn't even checked here...

Secondly, no bound checks on user supplied `nvdata_base.len`, means we can =
get
`len` to overflow (since it is a `signed int`). For example, give an input
length of `0x80000000 + sizeof(uint32_t)) - (sizeof(struct bxe_nvram_data)`=
 to
get an allocation of 0 bytes, and then boom, we have heap overflow straight
after:

    memcpy(nvdata, &nvdata_base, sizeof(struct bxe_nvram_data));

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 16:32:47 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 51FA47464
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 16:32:47 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4224F1FD
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 16:32:47 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OGWkFH011955
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 16:32:47 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206528] Emulex LPe 16002 FC HBA Not Recognized by oce(4) driver
Date: Sun, 24 Jan 2016 16:32:47 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-RELEASE
X-Bugzilla-Keywords: feature, needs-patch, needs-qa
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: koobs@FreeBSD.org
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable10?
X-Bugzilla-Changed-Fields: bug_status
Message-ID: <bug-206528-8-jO4zrlQFqi@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206528-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206528-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 16:32:47 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206528

Kubilay Kocak <koobs@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|New                         |Open

--- Comment #6 from Kubilay Kocak <koobs@FreeBSD.org> ---
(In reply to Olli Hauer from comment #3)

I don't think it's appropriate to create user accounts (to be CC'd on thing=
s)
without asking, but if you could send them an email to create an account th=
at
would be great :)

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 16:37:28 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B7BBF76DD
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 16:37:28 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id A8A957F4
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 16:37:28 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OGbS0w018449
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 16:37:28 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206581] bxe_ioctl_nvram handler is faulty
Date: Sun, 24 Jan 2016 16:37:28 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ecturt@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206581-8-N0rAHxgWyl@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206581-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206581-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 16:37:28 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206581

--- Comment #1 from CTurt <ecturt@gmail.com> ---
Sorry, forgot about the check:

    if (len > sizeof(struct bxe_nvram_data)) {

So, the example I suggested wouldn't work.

But the lack of `copyin` being checked, is still valid. And there probably
should be some bound checks anyway.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 16:53:18 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B5B177C0F
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 16:53:18 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id A67D3DE6
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 16:53:18 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OGrIwV053629
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 16:53:18 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206583] Unable to load ip_mroute kernel module if VIMAGE is
 enabled in kernel
Date: Sun, 24 Jan 2016 16:53:18 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: woodsb02@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-206583-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 16:53:18 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206583

            Bug ID: 206583
           Summary: Unable to load ip_mroute kernel module if VIMAGE is
                    enabled in kernel
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: woodsb02@gmail.com

When running a kernel with VIMAGE support, loading the ip_mroute kernel mod=
ule
will fail.

% sudo kldload -v ip_mroute
kldload: an error occurred while loading the module. Please check dmesg(8) =
for
more details.
% dmesg
linker_load_file: Unsupported file type
% uname -a
FreeBSD sparticus.woods.am 11.0-CURRENT FreeBSD 11.0-CURRENT #1 r294463: Sun
Jan 24 17:17:25 CET 2016=20=20=20=20
root@freenas.woods.am:/usr/obj/usr/src/sys/GENERIC-NODEBUG-VIMAGE  amd64


If I recompile the kernel with the same sources, with the only change being=
 to
disable VIMAGE (in this case using the GENERIC-NODEBUG kernel), then after
reboot I am able to load the ip_mroute kernel option successfully.

Expected result: ip_mroute kernel module should be able to load regardless =
of
whether VIMAGE support is enabled in the kernel or not.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 16:53:55 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 266DB7C77
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 16:53:55 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 16948EF4
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 16:53:55 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OGrsQ6054493
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 16:53:54 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206581] bxe_ioctl_nvram handler is faulty
Date: Sun, 24 Jan 2016 16:53:55 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-patch, needs-qa, security
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: koobs@FreeBSD.org
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: priority bug_status keywords flagtypes.name
Message-ID: <bug-206581-8-2d47e2Qr1f@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206581-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206581-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 16:53:55 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206581

Kubilay Kocak <koobs@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|---                         |Normal
             Status|New                         |Open
           Keywords|                            |needs-patch, needs-qa,
                   |                            |security
              Flags|                            |mfc-stable9?, mfc-stable10?

--- Comment #2 from Kubilay Kocak <koobs@FreeBSD.org> ---
Thanks for your submission CTurt.

Please feel to to attach a proposed change to resolve

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 16:55:08 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6B5FF7D85
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 16:55:08 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 5B1D8E9
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 16:55:08 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OGt8dF056587
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 16:55:08 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206579] arm(4): Multiple vulnerabilities in AMR ioctl handler
Date: Sun, 24 Jan 2016 16:55:08 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-patch, needs-qa, security
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: koobs@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: bug_severity short_desc keywords priority
 flagtypes.name
Message-ID: <bug-206579-8-46NaKjdzq1@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206579-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206579-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 16:55:08 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206579

Kubilay Kocak <koobs@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Severity|Affects Only Me             |Affects Some People
            Summary|Multiple vulnerabilities in |arm(4): Multiple
                   |AMR ioctl handler           |vulnerabilities in AMR
                   |                            |ioctl handler
           Keywords|                            |needs-patch, needs-qa,
                   |                            |security
           Priority|---                         |Normal
              Flags|                            |mfc-stable9?, mfc-stable10?

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 16:59:00 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6FD0C7E3C
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 16:59:00 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 5BF6D1C7
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 16:59:00 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OGx04b062305
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 16:59:00 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206551] Heap overflow in iconv kernel module
Date: Sun, 24 Jan 2016 16:59:00 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-patch, needs-qa, security
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: koobs@FreeBSD.org
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: bug_status
Message-ID: <bug-206551-8-MH5NSxuhco@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206551-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206551-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 16:59:00 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206551

Kubilay Kocak <koobs@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|New                         |Open

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 16:59:22 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 19A717E85
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 16:59:22 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 09BAB23F
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 16:59:22 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OGxLTI062881
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 16:59:21 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206573] Improper userland pointer handling in aacraid
Date: Sun, 24 Jan 2016 16:59:22 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: misc
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-qa, patch, security
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: koobs@FreeBSD.org
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: priority bug_status keywords flagtypes.name
Message-ID: <bug-206573-8-mzRwKK714b@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206573-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206573-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 16:59:22 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206573

Kubilay Kocak <koobs@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|---                         |Normal
             Status|New                         |Open
           Keywords|                            |security
              Flags|                            |mfc-stable9?, mfc-stable10?

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 16:59:31 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id F22B47EB2
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 16:59:31 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id E25382B6
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 16:59:31 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OGxVKc063095
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 16:59:31 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206579] arm(4): Multiple vulnerabilities in AMR ioctl handler
Date: Sun, 24 Jan 2016 16:59:32 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-patch, needs-qa, security
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: koobs@FreeBSD.org
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: bug_status
Message-ID: <bug-206579-8-mRf4FFAytU@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206579-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206579-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 16:59:32 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206579

Kubilay Kocak <koobs@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|New                         |Open

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 17:11:20 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7954AA1D4CB
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 17:11:20 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 6A448CC2
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 17:11:20 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OHBKU4022775
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 17:11:20 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206584] Possible integer overflow in update_intel
Date: Sun, 24 Jan 2016 17:11:20 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ecturt@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-206584-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 17:11:20 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206584

            Bug ID: 206584
           Summary: Possible integer overflow in update_intel
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: ecturt@gmail.com

Code path `cpuctl_ioctl` -> `cpuctl_do_update` -> `update_intel`:

        /*
         * 16 byte alignment required.  Rely on the fact that
         * malloc(9) always returns the pointer aligned at least on
         * the size of the allocation.
         */
        ptr =3D malloc(args->size + 16, M_CPUCTL, M_WAITOK);
        if (copyin(args->data, ptr, args->size) !=3D 0) {

If `args->size` is user controlled, it could be prepared to overflow when
adding 16, resulting in an allocation of 0 - 15 bytes or so, and a huge buf=
fer
overflow from the `copyin` call.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 17:13:14 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 89F11A1D636
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 17:13:14 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 7A3D5DDB
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 17:13:14 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OHDEZp030018
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 17:13:14 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206584] Possible integer overflow in update_intel
Date: Sun, 24 Jan 2016 17:13:14 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-qa, security
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: koobs@FreeBSD.org
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc bug_status keywords
Message-ID: <bug-206584-8-lNHGzWJG9Q@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206584-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206584-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 17:13:14 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206584

Kubilay Kocak <koobs@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |secteam@FreeBSD.org
             Status|New                         |Open
           Keywords|                            |needs-qa, security

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 17:13:50 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 213EFA1D673
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 17:13:50 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 11B37E32
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 17:13:50 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OHDn1i030843
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 17:13:49 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206584] Possible integer overflow in update_intel
Date: Sun, 24 Jan 2016 17:13:50 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-qa, security
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: koobs@FreeBSD.org
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: flagtypes.name
Message-ID: <bug-206584-8-9fTqhjkZ0Y@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206584-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206584-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 17:13:50 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206584

Kubilay Kocak <koobs@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|                            |mfc-stable9?, mfc-stable10?

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 17:16:20 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 70D79A1D74D
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 17:16:20 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 61652FED
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 17:16:20 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OHGK3m034980
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 17:16:20 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206584] Possible integer overflow in update_intel
Date: Sun, 24 Jan 2016 17:16:20 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-qa, security
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ecturt@gmail.com
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206584-8-IFTT092eky@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206584-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206584-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 17:16:20 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206584

--- Comment #1 from CTurt <ecturt@gmail.com> ---
Sorry, my bad.

It is checked right here:

    if (args->size > UCODE_SIZE_MAX) {

I'll spend more time analysing before reporting in the future.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 17:16:48 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 54E71A1D78B
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 17:16:48 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4571FD4
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 17:16:48 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OHGmFm035598
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 17:16:48 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206583] Unable to load ip_mroute kernel module if VIMAGE is
 enabled in kernel
Date: Sun, 24 Jan 2016 17:16:48 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: woodsb02@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206583-8-V42KYzV7u8@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206583-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206583-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 17:16:48 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206583

--- Comment #1 from Ben Woods <woodsb02@gmail.com> ---
Some information provided by Marko Zec on the freebsd-net@freebsd.org maili=
ng
list:
https://lists.freebsd.org/pipermail/freebsd-net/2016-January/044447.html

In this particular case the problem is that ip_mroute demands more
space for "virtualized global" variables than what kernel linker has
put aside for each vnet.

Bumping VNET_MODMIN to 24 should circumvent the issue that Ben is
observing.  A more vnet-friendly fix would require refactoring
ip_mroute's arrays so that they get malloc()ed / free()d from SYSINIT
handlers instead of being declared "virtualized global".

Marko

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- vnet.c      (revision 294659)
+++ vnet.c      (working copy)
@@ -170,7 +170,7 @@
  * we want the virtualized global variable space to be page-sized, we
may
  * have more space than that in practice.
  */
-#define        VNET_MODMIN     8192
+#define        VNET_MODMIN     3 * 8192
 #define        VNET_SIZE       roundup2(VNET_BYTES, PAGE_SIZE)
 #define        VNET_MODSIZE    (VNET_SIZE - (VNET_BYTES - VNET_MODMIN))

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 17:18:18 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 84DD3A1D84C
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 17:18:18 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 74B6E1A2
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 17:18:18 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OHIHfg037862
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 17:18:18 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 204097] witness_initialize() does not perform bound checking of
 witness_count
Date: Sun, 24 Jan 2016 17:18:18 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-patch, needs-qa, patch, security
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: koobs@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: keywords flagtypes.name cc
Message-ID: <bug-204097-8-w0Fs1mfdui@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-204097-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-204097-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 17:18:18 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D204097

Kubilay Kocak <koobs@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |needs-patch, needs-qa,
                   |                            |security
              Flags|                            |mfc-stable9?, mfc-stable10?
                 CC|                            |secteam@FreeBSD.org

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 17:18:57 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 62164A1D88B
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 17:18:57 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 527BD1F9
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 17:18:57 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OHIvhg038782
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 17:18:57 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206583] Unable to load ip_mroute kernel module if VIMAGE is
 enabled in kernel
Date: Sun, 24 Jan 2016 17:18:57 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: woodsb02@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206583-8-ss3rN9heUA@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206583-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206583-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 17:18:57 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206583

--- Comment #2 from Ben Woods <woodsb02@gmail.com> ---
It is worth noting that building a kernel with VIMAGE and MROUTING both ena=
bled
seems to work fine. This problem only appears when multicast routing is not
built into the kernel with the MROUTING option, but VIMAGE support is - in =
this
case attempting to load the ip_mroute kernel module fails.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 17:24:17 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C195FA1DB0D
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 17:24:17 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id B14B66CD
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 17:24:17 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OHOHUX052624
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 17:24:17 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206583] Unable to load ip_mroute kernel module if VIMAGE is
 enabled in kernel
Date: Sun, 24 Jan 2016 17:24:17 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: zec@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: zec@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: assigned_to cc attachments.created
Message-ID: <bug-206583-8-0uf4sC7CrV@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206583-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206583-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 17:24:17 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206583

Marko Zec <zec@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|freebsd-bugs@FreeBSD.org    |zec@FreeBSD.org
                 CC|                            |zec@FreeBSD.org

--- Comment #3 from Marko Zec <zec@FreeBSD.org> ---
Created attachment 166069
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D166069&action=
=3Dedit
malloc() array space to unbreak kldloading on VNET kernels

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 17:26:32 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id AB842A1DC0D
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 17:26:32 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9B5708BA
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 17:26:32 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OHQWPb056019
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 17:26:32 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206584] Possible integer overflow in update_intel
Date: Sun, 24 Jan 2016 17:26:32 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-qa, security
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: kib@FreeBSD.org
X-Bugzilla-Status: Closed
X-Bugzilla-Resolution: Works As Intended
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: cc bug_status resolution
Message-ID: <bug-206584-8-8LB7Yrr8HV@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206584-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206584-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 17:26:32 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206584

Konstantin Belousov <kib@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kib@FreeBSD.org
             Status|Open                        |Closed
         Resolution|---                         |Works As Intended

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 17:57:25 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 292DD754D
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 17:57:25 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 19FB4260
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 17:57:25 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OHvO1R019215
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 17:57:24 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206585] hpt_set_info possible buffer overflow
Date: Sun, 24 Jan 2016 17:57:25 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ecturt@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-206585-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 17:57:25 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206585

            Bug ID: 206585
           Summary: hpt_set_info possible buffer overflow
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: ecturt@gmail.com

In `hpt_status` -> `hpt_set_info`, `nOutBufferSize` and `nInBufferSize` are
checked at the same time, but not individually:

if (piop->nInBufferSize+piop->nOutBufferSize > PAGE_SIZE) {
        KdPrintE(("User buffer too large\n"));
        return -EINVAL;
}

Before performing a kernel allocation:

ke_area =3D malloc(piop->nInBufferSize+piop->nOutBufferSize, M_DEVBUF, M_NO=
WAIT);

However, the sizes are later used individually for some copies:

if (piop->nInBufferSize)
        copyin((void*)(ULONG_PTR)piop->lpInBuffer, ke_area,
piop->nInBufferSize);

...

if (piop->nOutBufferSize)
        copyout(ke_area + piop->nInBufferSize,
(void*)(ULONG_PTR)piop->lpOutBuffer, piop->nOutBufferSize);

It might be possible for `nInBufferSize`, or `outBufferSize`, or both, to be
large enough for `piop->nInBufferSize+piop->nOutBufferSize` to overflow and=
 be
less than `PAGE_SIZE`.

In this situation the copy calls would result in a heap overflow.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 18:01:42 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 362937731
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 18:01:42 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 25D3C6DF
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 18:01:42 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OI1fvF098349
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 18:01:42 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206585] hpt_set_info possible buffer overflow
Date: Sun, 24 Jan 2016 18:01:42 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-qa, security
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: koobs@FreeBSD.org
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: keywords bug_status cc flagtypes.name
Message-ID: <bug-206585-8-UN04iVNPDY@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206585-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206585-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 18:01:42 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206585

Kubilay Kocak <koobs@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |needs-qa, security
             Status|New                         |Open
                 CC|                            |secteam@FreeBSD.org
              Flags|                            |mfc-stable9?, mfc-stable10?

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 20:24:49 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 90ACAA1DBC6
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 20:24:49 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 81779C77
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 20:24:49 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OKOndR067184
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 20:24:49 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206551] Heap overflow in iconv kernel module
Date: Sun, 24 Jan 2016 20:24:49 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-patch, needs-qa, security
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ecturt@gmail.com
X-Bugzilla-Status: Closed
X-Bugzilla-Resolution: Not A Bug
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: resolution bug_status
Message-ID: <bug-206551-8-tHl7KQhlcI@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206551-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206551-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 20:24:49 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206551

CTurt <ecturt@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |Not A Bug
             Status|Open                        |Closed

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 21:01:06 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7D08A7B24
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 21:01:06 +0000 (UTC)
 (envelope-from bugzilla-noreply@FreeBSD.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 7471E1F54
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 21:01:06 +0000 (UTC)
 (envelope-from bugzilla-noreply@FreeBSD.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OL01h7036435
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 21:01:06 GMT
 (envelope-from bugzilla-noreply@FreeBSD.org)
Message-Id: <201601242101.u0OL01h7036435@kenobi.freebsd.org>
From: bugzilla-noreply@FreeBSD.org
To: freebsd-bugs@FreeBSD.org
Subject: Problem reports for freebsd-bugs@FreeBSD.org that need special
 attention
Date: Sun, 24 Jan 2016 21:01:06 +0000
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 21:01:06 -0000

To view an individual PR, use:
  https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id).

The following is a listing of current problems submitted by FreeBSD users,
which need special attention. These represent problem reports covering
all versions including experimental development code and obsolete releases.

Status      |    Bug Id | Description
------------+-----------+---------------------------------------------------
In Progress |    183618 | [panic] Dell PowerEdge R620 -- PERC H710 Mini (mf 
In Progress |    196973 | sh(1) broken UTF-8 input                          
New         |    197876 | [devfs] an error in devfs leads to data loss and  
New         |    198797 | [PATCH] Added an option to install BSDstats to bs 
New         |    202290 | /usr/bin/vi conversion error on valid character   
New         |    202362 | ntp: restore refclocks selection (10.2-RELEASE re 
New         |    202740 | vi/ex string substitution problem when there is m 
New         |    204115 | freebsd-update: Add support for better user messa 
New         |    204545 | Adding quirk entry for some (Acer C720P Chromeboo 
New         |    205598 | [patch] sbin/md5.c param -c, convert to lowercase 
New         |    205690 | [psm] [patch]: support for Elantech trackpads     
Open        |    183817 | [patch] [mac] [panic] kernel compiled with option 
Open        |    204121 | numa(4) is broken: "vm_page_alloc: missing page"  
In Progress |    191348 | [mps] LSI2308 with WD3000FYYZ drives disappears a 
New         |    202316 | Add IANA vxlan port to /etc/services              

15 problems total for which you should take action.

From owner-freebsd-bugs@freebsd.org  Sun Jan 24 22:57:00 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C8272A3169A
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jan 2016 22:57:00 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id BA879926
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 22:57:00 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0OMv0vQ078230
 for <freebsd-bugs@FreeBSD.org>; Sun, 24 Jan 2016 22:57:00 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206551] Heap overflow in iconv kernel module
Date: Sun, 24 Jan 2016 22:57:00 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-patch, needs-qa, security
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: jilles@FreeBSD.org
X-Bugzilla-Status: Closed
X-Bugzilla-Resolution: Not A Bug
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-206551-8-WBcwm5xR1g@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206551-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206551-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 22:57:00 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206551

Jilles Tjoelker <jilles@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jilles@FreeBSD.org

--- Comment #4 from Jilles Tjoelker <jilles@FreeBSD.org> ---
The explanation why there is no triggerable problem is that the
ICONV_CSMAXDATALEN expression is of type size_t, an unsigned type. Then,
comparing an int and a size_t, the int is converted to size_t, converting
negative values to very large positive values.

This is fragile (changing ICONV_CSMAXDATALEN to a plain number like 266240 =
will
make it vulnerable) and causes compiler warnings with -Wsign-compare, but is
not an immediate bug.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Mon Jan 25 07:23:54 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id AAAEAA45882
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 25 Jan 2016 07:23:54 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9AFDFE30
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 07:23:54 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0P7Nsec006208
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 07:23:54 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206579] arm(4): Multiple vulnerabilities in AMR ioctl handler
Date: Mon, 25 Jan 2016 07:23:54 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-patch, needs-qa, security
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: ecturt@gmail.com
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206579-8-jZHunPS2Z9@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206579-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206579-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 07:23:54 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206579

--- Comment #2 from CTurt <ecturt@gmail.com> ---
This code could be explained if `addr` can be either a user or kernel point=
er
depending on `cmd`, but I'd like this to be confirmed.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Mon Jan 25 07:39:04 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E4B99A45C19
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 25 Jan 2016 07:39:04 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id D5980360
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 07:39:04 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0P7d4Ko032831
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 07:39:04 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206585] hpt_set_info possible buffer overflow
Date: Mon, 25 Jan 2016 07:39:05 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-qa, security
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ecturt@gmail.com
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206585-8-WaDQ6O47Hf@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206585-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206585-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 07:39:05 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206585

--- Comment #1 from CTurt <ecturt@gmail.com> ---
These sizes are defined as `DWORD`, a `typedef` for `unsigned int`, rather =
than
a 64bit type like `size_t`, so getting the sum of both sizes to overflow
doesn't seem possible.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Mon Jan 25 07:40:43 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 20C6FA45CD8
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 25 Jan 2016 07:40:43 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 117995DF
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 07:40:43 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0P7egsL035738
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 07:40:42 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206585] hpt_set_info possible buffer overflow
Date: Mon, 25 Jan 2016 07:40:43 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-qa, security
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ecturt@gmail.com
X-Bugzilla-Status: Closed
X-Bugzilla-Resolution: Not A Bug
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: bug_status resolution
Message-ID: <bug-206585-8-Owjnw5UMuZ@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206585-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206585-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 07:40:43 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206585

CTurt <ecturt@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Open                        |Closed
         Resolution|---                         |Not A Bug

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Mon Jan 25 08:21:51 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 219A2A45F4E
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 25 Jan 2016 08:21:51 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 1235DE62
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 08:21:51 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0P8Lo8X056930
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 08:21:50 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206579] amr(4): Multiple vulnerabilities in AMR ioctl handler
Date: Mon, 25 Jan 2016 08:21:51 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-patch, needs-qa, security
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: linimon@FreeBSD.org
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: short_desc
Message-ID: <bug-206579-8-xKk1UPnTXA@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206579-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206579-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 08:21:51 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206579

Mark Linimon <linimon@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|arm(4): Multiple            |amr(4): Multiple
                   |vulnerabilities in AMR      |vulnerabilities in AMR
                   |ioctl handler               |ioctl handler

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Mon Jan 25 08:22:31 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A4984701A
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 25 Jan 2016 08:22:31 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9604FFD2
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 08:22:31 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0P8MV5X059615
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 08:22:31 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206567] [msk] msk0: watchdog timeout - 88E8053 on i386
Date: Mon, 25 Jan 2016 08:22:31 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 9.3-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: linimon@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: assigned_to
Message-ID: <bug-206567-8-IteTjz1h7M@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206567-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206567-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 08:22:31 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206567

Mark Linimon <linimon@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|freebsd-bugs@FreeBSD.org    |freebsd-net@FreeBSD.org

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Mon Jan 25 08:24:52 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2C003727E
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 25 Jan 2016 08:24:52 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 1CB7B36F
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 08:24:52 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0P8OpPH063333
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 08:24:51 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206533] Missing Intel I219-V support in 10-STABLE and 11-CURRENT
Date: Mon, 25 Jan 2016 08:24:52 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-STABLE
X-Bugzilla-Keywords: IntelNetworking
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: linimon@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org
X-Bugzilla-Flags: maintainer-feedback? mfc-stable10?
X-Bugzilla-Changed-Fields: assigned_to
Message-ID: <bug-206533-8-t5wRCC0zxh@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206533-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206533-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 08:24:52 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206533

Mark Linimon <linimon@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|freebsd-bugs@FreeBSD.org    |freebsd-net@FreeBSD.org

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Mon Jan 25 08:26:20 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7DCB77372
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 25 Jan 2016 08:26:20 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 6EF2A6C3
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 08:26:20 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0P8QJfM065786
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 08:26:20 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206521] Can't decrypt disks on ZFS+Geli installation after
 order of devices changed
Date: Mon, 25 Jan 2016 08:26:19 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 10.2-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: linimon@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-fs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: assigned_to
Message-ID: <bug-206521-8-hXuCmvaaO9@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206521-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206521-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 08:26:20 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206521

Mark Linimon <linimon@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|freebsd-bugs@FreeBSD.org    |freebsd-fs@FreeBSD.org

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Mon Jan 25 08:26:59 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9A71C741F
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 25 Jan 2016 08:26:59 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 8BA907F1
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 08:26:59 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0P8Qx5m067025
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 08:26:59 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206494] lock order reversal (sleepable after non-sleepable) in
 in_mcast.c/bxe.c
Date: Mon, 25 Jan 2016 08:26:59 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: linimon@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: assigned_to
Message-ID: <bug-206494-8-QUXPt0hrSG@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206494-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206494-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 08:26:59 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206494

Mark Linimon <linimon@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|freebsd-bugs@FreeBSD.org    |freebsd-net@FreeBSD.org

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Mon Jan 25 11:08:26 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8604EA45199
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 25 Jan 2016 11:08:26 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 5EB4D30A
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 11:08:26 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0PB8QJU047044
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 11:08:26 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206599] Geli restore from backuped geli-metadata is not possible
Date: Mon, 25 Jan 2016 11:08:26 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: marc.arnold.bach@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter cc
Message-ID: <bug-206599-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 11:08:26 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206599

            Bug ID: 206599
           Summary: Geli restore from backuped geli-metadata is not
                    possible
           Product: Base System
           Version: 10.2-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: marc.arnold.bach@gmail.com
                CC: freebsd-amd64@FreeBSD.org
                CC: freebsd-amd64@FreeBSD.org

Hello,

Setup:
- I installed a freebsd in a vmware from using "auto zfs root" option.
- The zroot pool is located on /dev/da0p4.eli after installation.=20
- Rebooting works, even if keyboardlayout during boot is US not selected...
(this is a simple setting..)

Symptom:
Restoring a metadata from file is rejected by geli

Procedure to reproduce this:

root# geli backup /dev/da0p4 /root/backupme
root# geli restore /root/backupme /dev/da0p4
geli: Cannot write metadata to /dev/da0p4: Operation not permitted


Some tests I did:
a)
file backupme is existing and has size 512byte... For testing I tried to
restore it to the created blockdevice da0p4.eli. The application rejects du=
e to
size, what makes sense as this is the inner container, not the partition
itself.
=3D> file seems to contain valid data

b) I tried to force restoring to /dev/da0p4, even if partition was never
modified.. same result: Operation not permitted...

The zpool was not exported, nor the cryptodevice detached as it is the
rootpool. However it is never mentioned that restore works only in detached,
offline blockdevices... it is just a block of data at the end with same
masterpwd...

Regards Marc

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Mon Jan 25 11:38:28 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id EC2C7A45C47
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 25 Jan 2016 11:38:28 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id C358C2F0
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 11:38:28 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0PBcSZN008388
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 11:38:28 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206600] geli with new "setkey -n 1" pwd is rejecting pwd 3
 times, than ascing for gpt/zfs0.eli pwd
Date: Mon, 25 Jan 2016 11:38:28 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: marc.arnold.bach@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter cc
Message-ID: <bug-206600-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 11:38:29 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206600

            Bug ID: 206600
           Summary: geli with new "setkey -n 1" pwd is rejecting pwd 3
                    times, than ascing for gpt/zfs0.eli pwd
           Product: Base System
           Version: 10.2-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: marc.arnold.bach@gmail.com
                CC: freebsd-amd64@FreeBSD.org
                CC: freebsd-amd64@FreeBSD.org

Hello,
I have a test installation in a vmware and  zpool status shows a root-pool =
in
/dev/da0p4.eli =3D> encrypted blockdevice
Its result of bsd's  "auto zfs root" installation with encryption flag set =
to
"yes"


Symptom:
System reboots and is rejecting the new pwd (which very short and simple and
very independent from keyboardlayout =3D> asdfg)
It asks first generically for geli pwd... later 3 times explicitly for
/dev/da0pa while counting down "free tries". At the end it asks for
/gpz/zfs0.eli pwd and is booting with asdfg string as pwd

After reboot zpool status shows the rootpool to be located at gpt/zfs0.eli =
not
dev/da0p4 anymore=20

Steps to reproduce this:
- Adding a new password in slot 1 is succesfull with=20
root# geli setkey -n 1 /dev/da0p4
[...blabla] may exist old metadata in /var/backups [...blabla]=20
root# reboot


Some tests I made:
- Using initial pwd from init "qwert" works still fine and I can start syst=
em
with one keyboard action qwert-Enter

- Using setkey -n 0 will overwrite first key succesfully but will end up in
rejecting pwd 4 times later again.

- By the way I opened another ticket because restoring the metadata to a
working pwd is "not permitted" as well.


Regards Marc

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Mon Jan 25 11:39:01 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 78E10A45CD9
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 25 Jan 2016 11:39:01 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 69CC2357
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 11:39:01 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0PBd1Nm009293
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 11:39:01 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206600] geli with new "setkey -n 1" pwd is rejecting pwd 3
 times, than asking for gpt/zfs0.eli pwd
Date: Mon, 25 Jan 2016 11:39:01 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: marc.arnold.bach@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: short_desc
Message-ID: <bug-206600-8-xR9xNGKf7d@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206600-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206600-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 11:39:01 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206600

Bachmarc <marc.arnold.bach@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|geli with new "setkey -n 1" |geli with new "setkey -n 1"
                   |pwd is rejecting pwd 3      |pwd is rejecting pwd 3
                   |times, than ascing for      |times, than asking for
                   |gpt/zfs0.eli pwd            |gpt/zfs0.eli pwd

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Mon Jan 25 12:50:55 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 422CFA454B5
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 25 Jan 2016 12:50:55 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 326DAB24
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 12:50:55 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0PCott1000117
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 12:50:55 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206600] geli with new "setkey -n 1" pwd is rejecting pwd 3
 times, than asking for gpt/zfs0.eli pwd
Date: Mon, 25 Jan 2016 12:50:55 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: marc.arnold.bach@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206600-8-d4eyChs5yc@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206600-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206600-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 12:50:55 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206600

--- Comment #1 from Bachmarc <marc.arnold.bach@gmail.com> ---
OK,
I tested it in a booted system and attached a new virtual disk.

In a shell I can=20
create a new eli device,=20
deploy a zpool,=20
change eli pwd in slot 1
export zpool=20
detach eli device
attach eli device with NEW password at first try
import zpool


by the way restoring the metadada is still possible

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Mon Jan 25 15:31:32 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E85C6A45F78
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 25 Jan 2016 15:31:32 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id CD2A47F9
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 15:31:32 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0PFVWkd074769
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 15:31:32 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206613] dhcpcd 6.10.1 crashes the 10.2-RELEASE kernel.
Date: Mon, 25 Jan 2016 15:31:32 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: g_amanakis@yahoo.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter cc
Message-ID: <bug-206613-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 15:31:33 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206613

            Bug ID: 206613
           Summary: dhcpcd 6.10.1 crashes the 10.2-RELEASE kernel.
           Product: Base System
           Version: 10.2-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: g_amanakis@yahoo.com
                CC: freebsd-amd64@FreeBSD.org
                CC: freebsd-amd64@FreeBSD.org

dhcpcd 6.10.1 and more specifically [6b2a5402c4] causes a kernel panic on
FreeBSD 10.2 when starting a VNET iocage jail. The system runs a GENERIC ke=
rnel
with VIMAGE and IPSEC enabled. Reverting this resolves the problem.=20

/var/log/messsages:
  3 Jan 24 19:30:42 x3200 kernel: vnet0:1: link state changed to DOWN
  4 Jan 24 19:30:42 x3200 kernel: vnet0: link state changed to DOWN
  5 Jan 24 19:30:42 x3200 kernel: bridge1: link state changed to DOWN
  6 Jan 24 19:30:42 x3200 kernel: ifa_del_loopback_route: deletion failed: =
48
  7 Jan 24 19:30:42 x3200 kernel: Freed UMA keg (udp_inpcb) was not empty (=
60
items).  Lost 6 pages of memory.
  8 Jan 24 19:30:42 x3200 kernel: Freed UMA keg (udpcb) was not empty (668
items).  Lost 4 pages of memory.
  9 Jan 24 19:30:42 x3200 kernel: Freed UMA keg (tcp_inpcb) was not empty (=
60
items).  Lost 6 pages of memory.
 10 Jan 24 19:30:42 x3200 kernel: Freed UMA keg (tcpcb) was not empty (18
items).  Lost 6 pages of memory.
 11 Jan 24 19:30:42 x3200 kernel: Freed UMA keg (ripcb) was not empty (60
items).  Lost 6 pages of memory.
 12 Jan 24 19:30:42 x3200 kernel: hhook_vnet_uninit: hhook_head type=3D1, i=
d=3D1
cleanup required
 13 Jan 24 19:30:42 x3200 kernel: hhook_vnet_uninit: hhook_head type=3D1, i=
d=3D0
cleanup required
 14 Jan 24 19:31:05 x3200 devd: Executing '/etc/pccard_ether epair0a start'
 15 Jan 24 19:31:05 x3200 kernel: epair0a:
 16 Jan 24 19:31:05 x3200 kernel:
 17 Jan 24 19:31:05 x3200 kernel: Fatal trap 12: page fault while in kernel
mode
 18 Jan 24 19:31:05 x3200 kernel: cpuid =3D 1; apic id =3D 02
 19 Jan 24 19:31:05 x3200 kernel: Ethernet address: 02:ff:20:00:09:0a
 20 Jan 24 19:31:05 x3200 kernel: fault virtual address     =3D 0x0
 21 Jan 24 19:31:05 x3200 kernel: fault code                =3D supervisor =
read
instruction, page not present
 22 Jan 24 19:31:05 x3200 kernel: instruction pointer       =3D 0x20:0x0
 23 Jan 24 19:31:05 x3200 kernel: stack pointer             =3D
0x28:0xfffffe04691ca720
 24 Jan 24 19:31:05 x3200 kernel: frame pointer             =3D
0x28:0xfffffe04691ca770
 25 Jan 24 19:31:05 x3200 kernel: epair0b: code segment             =3D bas=
e 0x0,
limit 0xfffff, type 0x1b
 26 Jan 24 19:31:05 x3200 kernel: =3D DPL 0, pres 1, long 1, def32 0, gran 1
 27 Jan 24 19:31:05 x3200 kernel: Ethernet address: 02:ff:70:00:0a:0b
 28 Jan 24 19:31:05 x3200 kernel: processor eflags  =3D interrupt enabled,
 29 Jan 24 19:31:05 x3200 kernel: epair0a: link state changed to UP
 30 Jan 24 19:33:13 x3200 syslogd: kernel boot file is /boot/kernel/kernel
 31 Jan 24 19:33:13 x3200 kernel: epair0b: link state changed to UP
 32 Jan 24 19:33:13 x3200 kernel: resume, IOPL =3D 0
 33 Jan 24 19:33:13 x3200 kernel: current process           =3D 10817 (dhcp=
cd)
 34 Jan 24 19:33:13 x3200 kernel: trap number               =3D 12
 35 Jan 24 19:33:13 x3200 kernel: panic: page fault
 36 Jan 24 19:33:13 x3200 kernel: cpuid =3D 1
 37 Jan 24 19:33:13 x3200 kernel: KDB: stack backtrace:
 38 Jan 24 19:33:13 x3200 kernel: #0 0xffffffff809442a0 at kdb_backtrace+0x=
60
 39 Jan 24 19:33:13 x3200 kernel: #1 0xffffffff80907a06 at vpanic+0x126
 40 Jan 24 19:33:13 x3200 kernel: #2 0xffffffff809078d3 at panic+0x43
 41 Jan 24 19:33:13 x3200 kernel: #3 0xffffffff80cd178b at trap_fatal+0x36b
 42 Jan 24 19:33:13 x3200 kernel: #4 0xffffffff80cd1a8d at trap_pfault+0x2ed
 43 Jan 24 19:33:13 x3200 kernel: #5 0xffffffff80cd112a at trap+0x47a
 44 Jan 24 19:33:13 x3200 kernel: #6 0xffffffff80cb74a2 at calltrap+0x8
 45 Jan 24 19:33:13 x3200 kernel: #7 0xffffffff809ca1cb at ifioctl+0x11eb
 46 Jan 24 19:33:13 x3200 kernel: #8 0xffffffff8095c195 at kern_ioctl+0x255
 47 Jan 24 19:33:13 x3200 kernel: #9 0xffffffff8095be90 at sys_ioctl+0x140
 48 Jan 24 19:33:13 x3200 kernel: #10 0xffffffff80cd20a7 at amd64_syscall+0=
x357
 49 Jan 24 19:33:13 x3200 kernel: #11 0xffffffff80cb778b at Xfast_syscall+0=
xfb
 50 Jan 24 19:33:13 x3200 kernel: Uptime: 30m59s

See http://roy.marples.name/projects/dhcpcd/tktview?name=3D3a1e57157d.
Expected behaviour: A userland app should not crash the kernel.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Mon Jan 25 15:45:49 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 502F2A4657A
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 25 Jan 2016 15:45:49 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4177B6CE
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 15:45:49 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0PFjmUB005719
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 15:45:49 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206613] dhcpcd 6.10.1 crashes the 10.2-RELEASE kernel.
Date: Mon, 25 Jan 2016 15:45:48 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: koobs@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: see_also
Message-ID: <bug-206613-8-x6ZZzOP3lQ@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206613-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206613-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 15:45:49 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206613

Kubilay Kocak <koobs@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           See Also|                            |https://bugs.freebsd.org/bu
                   |                            |gzilla/show_bug.cgi?id=3D2=
066
                   |                            |14

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Mon Jan 25 15:47:17 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C7861A46670
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 25 Jan 2016 15:47:17 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id B8A6C899
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 15:47:17 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0PFlHxX008464
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 15:47:17 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206613] dhcpcd 6.10.1 crashes the 10.2-RELEASE kernel.
Date: Mon, 25 Jan 2016 15:47:17 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: koobs@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: blocked see_also
Message-ID: <bug-206613-8-6FBx6XSgyZ@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206613-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206613-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 15:47:17 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206613

Kubilay Kocak <koobs@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |206614
           See Also|https://bugs.freebsd.org/bu |
                   |gzilla/show_bug.cgi?id=3D2066 |
                   |14                          |


Referenced Bugs:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206614
[Bug 206614] net/dhcpcd: Crashes the kernel when a VNET jail starts.
--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Mon Jan 25 15:47:56 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0D279A466ED
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 25 Jan 2016 15:47:56 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id F18B795F
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 15:47:55 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0PFltN8009484
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 15:47:55 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206613] dhcpcd 6.10.1 crashes the 10.2-RELEASE kernel.
Date: Mon, 25 Jan 2016 15:47:56 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-RELEASE
X-Bugzilla-Keywords: crash, needs-patch, needs-qa
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: koobs@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: priority flagtypes.name keywords bug_severity
Message-ID: <bug-206613-8-u4hM3GbEHp@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206613-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206613-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 15:47:56 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206613

Kubilay Kocak <koobs@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|---                         |Normal
              Flags|                            |mfc-stable9?, mfc-stable10?
           Keywords|                            |crash, needs-patch,
                   |                            |needs-qa
           Severity|Affects Only Me             |Affects Some People

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Mon Jan 25 15:49:37 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 62D9DA467BD
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 25 Jan 2016 15:49:37 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 533FBAF0
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 15:49:37 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0PFnbX2012259
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 15:49:37 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206613] dhcpcd 6.10.1 crashes the 10.2-RELEASE kernel.
Date: Mon, 25 Jan 2016 15:49:37 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-RELEASE
X-Bugzilla-Keywords: crash, needs-patch, needs-qa
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: koobs@FreeBSD.org
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: bug_file_loc bug_status cc
Message-ID: <bug-206613-8-GpLYZbH0i5@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206613-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206613-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 15:49:37 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206613

Kubilay Kocak <koobs@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                URL|                            |http://roy.marples.name/pro
                   |                            |jects/dhcpcd/info/6b2a5402c
                   |                            |4
             Status|New                         |Open
                 CC|                            |koobs@FreeBSD.org

--- Comment #1 from Kubilay Kocak <koobs@FreeBSD.org> ---
Add link to dhcpd commit that causes panic.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Mon Jan 25 16:22:16 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6C2E8A45437
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 25 Jan 2016 16:22:16 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4452E115
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 16:22:16 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0PGMGcf018172
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 16:22:16 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206585] hpt_set_info possible buffer overflow
Date: Mon, 25 Jan 2016 16:22:16 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-qa, security
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ecturt@gmail.com
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: resolution bug_status
Message-ID: <bug-206585-8-WpxfVWMrp3@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206585-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206585-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 16:22:16 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206585

CTurt <ecturt@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|Not A Bug                   |---
             Status|Closed                      |Open

--- Comment #2 from CTurt <ecturt@gmail.com> ---
Not sure what I was talking about earlier, but I've decompiled the module to
produce more easily analysable code:

if ( (unsigned int)(*((_DWORD *)&hptproc_buffer + 4) + *((_DWORD
*)&hptproc_buffer + 7)) <=3D 0x1000 )
  {
    ptr =3D malloc((unsigned int)(*((_DWORD *)&hptproc_buffer + 4) + *((_DW=
ORD
*)&hptproc_buffer + 7)));
    if ( ptr )
    {
      if ( *((_DWORD *)&hptproc_buffer + 4) )
        copyin(*((_QWORD *)&hptproc_buffer + 1), ptr, *((_DWORD
*)&hptproc_buffer + 4));

Now it's clear that the comparison on the sum of the two sizes is treated as
`unsigned int`.

So, theoretically:

`nInBufferSize` of `0xffffffff`,

`nOutBufferSize` of `1`,

The sum of these two sizes will overflow to `0`, so the check will pass:

if ( (unsigned int)(*((_DWORD *)&hptproc_buffer + 4) + *((_DWORD
*)&hptproc_buffer + 7)) <=3D 0x1000 )

The size passed to `malloc` will also be `0`.

However, `copyin` will copy from `nInBufferSize` of `0xffffffff`.

To exploit this, the size of the allocation could be controlled to manipula=
te
the heap layout to reliably target the overflow.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Mon Jan 25 16:43:19 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4B952A45D77
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 25 Jan 2016 16:43:19 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 3CA6EE91
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 16:43:19 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0PGhJR2061520
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 16:43:19 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206585] hpt_set_info possible buffer overflow
Date: Mon, 25 Jan 2016 16:43:19 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-qa, security
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ecturt@gmail.com
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206585-8-Z1jVLu8q5j@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206585-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206585-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 16:43:19 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206585

--- Comment #3 from CTurt <ecturt@gmail.com> ---
PoC code from the above explanation, which results in panic:

https://gist.github.com/CTurt/696a34664bc8d4f4e905

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Mon Jan 25 16:56:37 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 84BB3A4631D
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 25 Jan 2016 16:56:37 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 76015B75
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 16:56:37 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0PGubYw087762
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 16:56:37 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206536] Warnings during buildworld possibly affecting build of
 up-to-date make
Date: Mon, 25 Jan 2016 16:56:37 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: bdrewery@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: bdrewery@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: assigned_to
Message-ID: <bug-206536-8-KPeZw0yQTW@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206536-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206536-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 16:56:37 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206536

Bryan Drewery <bdrewery@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|freebsd-bugs@FreeBSD.org    |bdrewery@FreeBSD.org

--- Comment #3 from Bryan Drewery <bdrewery@FreeBSD.org> ---
Oh boy, it's building fmake while reading /usr/share/mk. It needs to only be
reading
from the src tree's share/mk at this point.

I'll take this.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Mon Jan 25 19:38:35 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 759F7A4682F
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 25 Jan 2016 19:38:35 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4C8A5DE8
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 19:38:35 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0PJcZuk065049
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 19:38:35 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206585] hpt_set_info possible buffer overflow
Date: Mon, 25 Jan 2016 19:38:35 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-qa, security
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ecturt@gmail.com
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206585-8-5zQ7GO3tO2@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206585-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206585-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 19:38:35 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206585

--- Comment #4 from CTurt <ecturt@gmail.com> ---
Supplying the `HPT_IOCTL_GET_EVENT` command will ensure that
`Kernel_DeviceIoControl` function instantly returns, resulting in
`hpt_set_info` returning straight after doing the `malloc`, `copyin`, and
`free`:

        case HPT_IOCTL_GET_EVENT:
                {
                        PHPT_EVENT pInfo;

                        if (nInBufferSize!=3D0) return -1;

I've also refined the `size` related parameters needed to fully control the
heap overflow:

        params.dwIoControlCode =3D HPT_IOCTL_GET_EVENT;
        params.lpInBuffer =3D mapping;
        params.nInBufferSize =3D bufferSize + overflowSize;
        params.lpOutBuffer =3D NULL;
        params.nOutBufferSize =3D -overflowSize;
        params.lpBytesReturned =3D &bytesReturned;

        printf("  [+] nInBufferSize (size copied in): %08x\n",
params.nInBufferSize);
        printf("  [+] nOutBufferSize: %08x\n", params.nOutBufferSize);
        printf("  [+] Sum (allocation size): %08x\n", params.nInBufferSize +
params.nOutBufferSize);
        printf("  [+] Will be accepted: %d\n", (params.nInBufferSize +
params.nOutBufferSize) <=3D PAGE_SIZE);

You can get very manageable sizes from this, for example, allocated
`bufferSize` of `0x500`, and copy size of `0x1000`.

I'll try to get around to writing a full exploit for this soon, but won't be
very useful since the vulnerability is only triggerable as `root` anyway.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Mon Jan 25 21:29:31 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id ACB58A46F1B
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 25 Jan 2016 21:29:31 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9DE11BC0
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 21:29:31 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0PLTV39002454
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 21:29:31 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206622] make delete-old and WITHOUT_BSNMP=true misses links to
 dynamic libs
Date: Mon, 25 Jan 2016 21:29:31 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: misc
X-Bugzilla-Version: 10.2-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: philippe.michel7@sfr.fr
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
 attachments.created
Message-ID: <bug-206622-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 21:29:31 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206622

            Bug ID: 206622
           Summary: make delete-old and WITHOUT_BSNMP=3Dtrue misses links to
                    dynamic libs
           Product: Base System
           Version: 10.2-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: misc
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: philippe.michel7@sfr.fr

Created attachment 166115
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D166115&action=
=3Dedit
patch to OptionalObsoleteFiles.inc

If WITHOUT_BSNMP is set to true, make delete-old doesn't delete the links to
dynamic libraries.

The attached patch allowed it to clean them up on my system. I'm not sure if
there is something to do for the other .so files (snmp_lm75, snmp_hast). Th=
ey
were not on my system, but the left over links and my switch to WITHOUT_BSN=
MP
were quite old ; maybe these libraries were added later.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Mon Jan 25 21:40:59 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2F1D5A4541F
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 25 Jan 2016 21:40:59 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 2036FF9F
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 21:40:59 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0PLewiv026235
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 21:40:59 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206613] dhcpcd 6.10.1 crashes the 10.2-RELEASE kernel.
Date: Mon, 25 Jan 2016 21:40:59 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-RELEASE
X-Bugzilla-Keywords: crash, needs-patch, needs-qa
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: g_amanakis@yahoo.com
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206613-8-6wtgjSQEAo@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206613-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206613-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 21:40:59 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206613

--- Comment #2 from g_amanakis@yahoo.com ---
It suffices to run on the host:
ifconfig epair create
and the kernel panics in presence of dhcpcd. The error produced is exactly =
the
same. This is also run by iocage when VNET jails are started.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Mon Jan 25 21:46:06 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4098CA4568F
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 25 Jan 2016 21:46:06 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 322A762B
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 21:46:06 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0PLk5Rf037740
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 21:46:06 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206622] make delete-old and WITHOUT_BSNMP=true misses links to
 dynamic libs
Date: Mon, 25 Jan 2016 21:46:05 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: misc
X-Bugzilla-Version: 10.2-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ngie@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: ngie@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc assigned_to
Message-ID: <bug-206622-8-T5LITeQxe8@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206622-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206622-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 21:46:06 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206622

NGie Cooper <ngie@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ngie@FreeBSD.org
           Assignee|freebsd-bugs@FreeBSD.org    |ngie@FreeBSD.org

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Mon Jan 25 22:29:48 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 68335A465D3
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 25 Jan 2016 22:29:48 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 21939E34
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 22:29:48 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0PMTlYi056390
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 22:29:47 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206579] amr(4): Multiple vulnerabilities in AMR ioctl handler
Date: Mon, 25 Jan 2016 22:29:48 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-patch, needs-qa, security
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: ecturt@gmail.com
X-Bugzilla-Status: Closed
X-Bugzilla-Resolution: Not A Bug
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: bug_status resolution
Message-ID: <bug-206579-8-167JOoBgpT@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206579-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206579-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 22:29:48 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206579

CTurt <ecturt@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Open                        |Closed
         Resolution|---                         |Not A Bug

--- Comment #3 from CTurt <ecturt@gmail.com> ---
There are similarities in other drivers, like the `mfi` code.

For Linux commands, like `MFI_LINUX_CMD_2`, `copyin` is used:

    error =3D copyin(arg, &l_ioc, sizeof(l_ioc));

But for FreeBSD commands, such as `MFIIO_QUERY_DISK`, `arg` is directly
dereferenced:

    qd =3D (struct mfi_query_disk *)arg;
    qd->present =3D 1;

Since both drivers seem to follow this same pattern, I believe the handling=
 of
`addr` is probably correct.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Mon Jan 25 23:15:21 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id CF11CA4651A
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 25 Jan 2016 23:15:21 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id B4D44953
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 23:15:21 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0PNFLxx085458
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 23:15:21 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206624] igb(4) fails at fragmented mbufs
Date: Mon, 25 Jan 2016 23:15:21 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: glebius@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-206624-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 23:15:21 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206624

            Bug ID: 206624
           Summary: igb(4) fails at fragmented mbufs
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: glebius@FreeBSD.org

Hi!

There are at least two evindences that igb(4) fails to transmit fragmented
mbufs. Of course, fragmented mbufs degrade performance and their appearance=
 in
the stack should be avoided, but still drivers must be capable to transmit
packets, instead of failing them silently.

1) First evidence came in with some restructuring to the ARP code. It bite =
me,
and I didn't have time to investigate, quickly fixed on the ARP side.

------------------------------------------------------------------------
r288991 | glebius | 2015-10-07 06:10:26 -0700 (=D1=81=D1=80, 07 =D0=BE=D0=
=BA=D1=82. 2015) | 10 lines

Fix regression from r287779, that bite me. If we call m_pullup()
unconditionally, we end up with an mbuf chain of two mbufs, which
later in in_arpreply() is rewritten from ARP request to ARP reply
and is sent out. Looks like igb(4) (at least mine, and at least
at my network) fails on such mbuf chain, so ARP reply doesn't go
out wire. Thus, make the m_pullup() call conditional, as it is
everywhere. Of course, the bug in igb(?) should be investigated,
but better first fix the head. And unconditional m_pullup() was
suboptimal, anyway.

------------------------------------------------------------------------

2) Second evidence involves libalias(3). Let me quote Karim:

"I've hit a very interesting problem with ipfw-nat and local TCP traffic th=
at
has enough TCP options to hit a special case in m_megapullup(). Here is the
story:

I am using the following NIC:

igb0@pci0:4:0:0:        class=3D0x020000 card=3D0x00008086 chip=3D0x150e808=
6 rev=3D0x01
hdr=3D0x00

And when I do ipfw nat to locally emitted packets I see packets not being
processed in the igb driver for HW checksum. Now a quick search for m_pullu=
p in
the igb driver code will show that our igb driver expects a contiguous ethe=
rnet
+ ip header in igb_tx_ctx_setup(). Now the friendly m_megapullup() in alias=
.c
doesn't reserve any space before the ip header for the ethernet header after
its call to m_getcl like tcp_output.c (see m->m_data +=3D max_linkhdr in
tcp_output.c).

So the call to M_PREPEND() in ether_output() is forced to prepend a new mbuf
for the ethernet header, leading to a non contiguous ether + ip. This in tu=
rn
leads to a failure to properly read the IP protocol in the igb driver and a=
pply
the proper HW checksum function. Particularly this call in igb_tcp_ctx_setu=
p():
ip =3D (struct ip *)(mp->m_data + ehdrlen);

To reproduce the issue I simply create a NAT rule for an igb interface and
initiate a TCP connection locally going out through that interface (it shou=
ld
go through NAT obviously) something like:

ipfw nat 1 config igb0 reset
ipfw add 10 nat 1 via igb0

 Although you need to make sure you fill enough of the SYN packet to trigger
the allocation of new memory in m_megapullup. You can do this by using enou=
gh
TCP options so its filling up almost all of the 256 mbuf or make RESERVE
something like 300 bytes in alias.c.

The fix I propose is very simple and faster for all drivers, including the =
ones
that do perform a check for ether + ip to be contiguous upon accessing the =
IP
header. If the leading space is available it doesn't allocate any extra spa=
ce
(as it should for most cases) but if for some reason the mbuf used doesn't =
have
100 bytes (RESERVE in megapullup) of free space it will reserve some at the
front too. If the leading space isn't necessary then it won't cause any har=
m.


-Subproject commit cfe39807fe9b1a23c13f73aabde302046736fa1c
+Subproject commit cfe39807fe9b1a23c13f73aabde302046736fa1c-dirty
diff --git a/freebsd/sys/netinet/libalias/alias.c
b/freebsd/sys/netinet/libalias/alias.c
index 876e958..dc424a6 100644
--- a/freebsd/sys/netinet/libalias/alias.c
+++ b/freebsd/sys/netinet/libalias/alias.c
@@ -1757,7 +1757,8 @@ m_megapullup(struct mbuf *m, int len) {
         * writable and has some extra space for expansion.
         * XXX: Constant 100bytes is completely empirical. */
 #define        RESERVE 100
-   if (m->m_next =3D=3D NULL && M_WRITABLE(m) && M_TRAILINGSPACE(m) >=3D R=
ESERVE)
+ if (m->m_next =3D=3D NULL && M_WRITABLE(m) &&
+                 M_TRAILINGSPACE(m) >=3D RESERVE && M_LEADINGSPACE(m) >=3D
max_linkhdr)
                return (m);

        if (len <=3D MCLBYTES - RESERVE) {
@@ -1779,6 +1780,7 @@ m_megapullup(struct mbuf *m, int len) {
                goto bad;

        m_move_pkthdr(mcl, m);
+ mcl->m_data +=3D max_linkhdr;
        m_copydata(m, 0, len, mtod(mcl, caddr_t));
        mcl->m_len =3D mcl->m_pkthdr.len =3D len;
        m_freem(m);

It would be nice if some FBSD comitter could review and hopefully add this
patch to FBSD."

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Mon Jan 25 23:15:59 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B95CDA46571
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 25 Jan 2016 23:15:59 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id ABCA99B2
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 23:15:59 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0PNFxKn086388
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 23:15:59 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206624] igb(4) fails at fragmented mbufs
Date: Mon, 25 Jan 2016 23:15:59 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: glebius@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: erj@freebsd.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: assigned_to cc
Message-ID: <bug-206624-8-F4QeXyH0Cz@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206624-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206624-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 23:15:59 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206624

Gleb Smirnoff <glebius@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|freebsd-bugs@FreeBSD.org    |erj@freebsd.org
                 CC|                            |fodillemlinkarim@gmail.com,
                   |                            |glebius@FreeBSD.org

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Mon Jan 25 23:58:10 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1BAE6A458F5
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 25 Jan 2016 23:58:10 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 0DEAEF44
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 23:58:10 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0PNw9Ge069505
 for <freebsd-bugs@FreeBSD.org>; Mon, 25 Jan 2016 23:58:09 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206626] Integer overflow in nfssvc system call
Date: Mon, 25 Jan 2016 23:58:10 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: ecturt@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-206626-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 23:58:10 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206626

            Bug ID: 206626
           Summary: Integer overflow in nfssvc system call
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: ecturt@gmail.com

The system call `sys_nfssvc` calls `nfssvc_call`, which copies in some user
data, and calls `nfssvc_idname`:

        if (uap->flag & NFSSVC_IDNAME) {
                if ((uap->flag & NFSSVC_NEWSTRUCT) !=3D 0)
                        error =3D copyin(uap->argp, &nid, sizeof(nid));
                else {
                        error =3D copyin(uap->argp, &onid, sizeof(onid));
                        if (error =3D=3D 0) {
                                nid.nid_flag =3D onid.nid_flag;
                                nid.nid_uid =3D onid.nid_uid;
                                nid.nid_gid =3D onid.nid_gid;
                                nid.nid_usermax =3D onid.nid_usermax;
                                nid.nid_usertimeout =3D onid.nid_usertimeou=
t;
                                nid.nid_name =3D onid.nid_name;
                                nid.nid_namelen =3D onid.nid_namelen;
                                nid.nid_ngroup =3D 0;
                                nid.nid_grps =3D NULL;
                        }
                }
                if (error)
                        goto out;
                error =3D nfssvc_idname(&nid);
                goto out;

In `nfssvc_idname`, `nidp->nid_namelen` is user controllable, and is used
without any bound checks:

/*
 * This function is called from the nfssvc(2) system call, to update the
 * kernel user/group name list(s) for the V4 owner and ownergroup attribute=
s.
 */
APPLESTATIC int
nfssvc_idname(struct nfsd_idargs *nidp)
{
        ...

        if (nidp->nid_flag & NFSID_INITIALIZE) {
                cp =3D malloc(nidp->nid_namelen + 1, M_NFSSTRING, M_WAITOK);
                error =3D copyin(CAST_USER_ADDR_T(nidp->nid_name), cp,
                    nidp->nid_namelen);
                if (error !=3D 0) {
                        free(cp, M_NFSSTRING);
                        goto out;
                }

        ...
}

Let's look at the disassembly of how `malloc` is called:

.text:FFFFFFFF807651AD                 mov     edi, [rdi+20h]
.text:FFFFFFFF807651B0                 mov     edx, 2
.text:FFFFFFFF807651B5                 mov     rsi, offset M_NEWNFSSTRING
.text:FFFFFFFF807651BC                 add     edi, 1
.text:FFFFFFFF807651BF                 movsxd  rdi, edi
.text:FFFFFFFF807651C2                 call    malloc

If a `nid_namelen` of `0xffffffff` is supplied, an allocation size of `0` b=
ytes
will be passed to `malloc`.

We then have `copyin` of `0xffffffff` bytes on this allocation of size `0`.

The bug is only triggerable as `root`, and I couldn't get any way to panic =
from
writing to allocation of 0 bytes.

Code to play with if anyone is interested in exploring its potential furthe=
r:
https://gist.github.com/CTurt/957360482a4dc453f6a4

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Tue Jan 26 01:18:25 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E4D9DA46594
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Tue, 26 Jan 2016 01:18:25 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id D5570B19
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 01:18:25 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0Q1IP9V045569
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 01:18:25 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206613] dhcpcd 6.10.1 crashes the 10.2-RELEASE kernel.
Date: Tue, 26 Jan 2016 01:18:25 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-RELEASE
X-Bugzilla-Keywords: crash, needs-patch, needs-qa
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: g_amanakis@yahoo.com
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206613-8-WGbTlFKdQL@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206613-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206613-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2016 01:18:26 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206613

--- Comment #3 from g_amanakis@yahoo.com ---
I can reproduce this on a GENERIC 10.2-RELEASE kernel by running only "ifco=
nfig
epair create".

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Tue Jan 26 01:19:10 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 215DAA46618
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Tue, 26 Jan 2016 01:19:10 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 123F0BAA
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 01:19:10 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0Q1J9uj046580
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 01:19:09 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206626] Integer overflow in nfssvc system call
Date: Tue, 26 Jan 2016 01:19:10 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: security
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: op@freebsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: flagtypes.name cc keywords
Message-ID: <bug-206626-8-8u8TImDwRH@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206626-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206626-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2016 01:19:10 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206626

Oliver Pinter <op@freebsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|                            |mfc-stable9?, mfc-stable10?
                 CC|                            |op@freebsd.org,
                   |                            |secteam@FreeBSD.org
           Keywords|                            |security

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Tue Jan 26 02:10:10 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 59D16A46742
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Tue, 26 Jan 2016 02:10:10 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 49E4D30E
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 02:10:10 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0Q2AAq9089173
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 02:10:10 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206630] [Hyper-V]FreeBSD 10.2 on Windows 10 & 2016 server may
 not boot due to multiple invalid disks issue
Date: Tue, 26 Jan 2016 02:10:10 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: honzhan@microsoft.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter cc
Message-ID: <bug-206630-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2016 02:10:10 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206630

            Bug ID: 206630
           Summary: [Hyper-V]FreeBSD 10.2 on Windows 10 & 2016 server may
                    not boot due to multiple invalid disks issue
           Product: Base System
           Version: 10.2-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: honzhan@microsoft.com
                CC: freebsd-amd64@FreeBSD.org
                CC: freebsd-amd64@FreeBSD.org

The problem can be reproduced for FreeBSD 10.2 installed on windows 10 and =
2016
server.

The valid disk was randomly switched with invalid disk. For example, from d=
a0
to da1 when restarting the VM. As a result, the boot process will hang beca=
use
system wants to load ufs on /dev/da0p2, but in fact it locates in an invalid
disk.

Both "camcontrol" and "dmesg" can be used to check whether this issue exist.

camcontrol command lists 16 disk, but only one is valid. See the output of
'camcontrol devlist' on windows 10.

root@honzhan-dev2:/usr/src # camcontrol devlist
 <Msft Virtual CD/ROM 1.0> at scbus0 target 0 lun 0 (cd0,pass0)
 <Msft Virtual Disk 1.0> at scbus1 target 0 lun 0 (da1,pass2)
 < > at scbus1 target 1 lun 1 (da0,pass1)
 < > at scbus2 target 0 lun 1 (da2,pass3)
 < > at scbus2 target 0 lun 2 (da4,pass5)
 < > at scbus2 target 0 lun 3 (da6,pass7)
 < > at scbus2 target 0 lun 4 (da8,pass9)
 < > at scbus2 target 0 lun 5 (da10,pass11)
 < > at scbus2 target 0 lun 6 (da12,pass13)
 < > at scbus2 target 0 lun 7 (da14,pass15)
 < > at scbus2 target 1 lun 1 (da3,pass4)
 < > at scbus2 target 1 lun 2 (da5,pass6)
 < > at scbus2 target 1 lun 3 (da7,pass8)
 < > at scbus2 target 1 lun 4 (da9,pass10)
 < > at scbus2 target 1 lun 5 (da11,pass12)
 < > at scbus2 target 1 lun 6 (da13,pass14)
 < > at scbus2 target 1 lun 7 (da15,pass16)

dmesg also shows us the similar information:

dmesg

da0 at blkvsc0 bus 0 scbus1 target 1 lun 1
 da0: < > Fixed Direct Access SCSI device
 da0: 300.000MB/s transfers
 da0: 0MB (0 512 byte sectors: 0H 0S/T 0C)
 da0: Delete methods: <NONE(*)>
 da1 at blkvsc0 bus 0 scbus1 target 0 lun 0
 da1: <Msft Virtual Disk 1.0> Fixed Direct Access SPC-3 SCSI device
 da1: 300.000MB/s transfers
 da1: 20480MB (41943040 512 byte sectors: 255H 63S/T 2610C)
 da2: < > Fixed Direct Access SCSI device
 da2: 300.000MB/s transfers
 da2: 0MB (0 512 byte sectors: 0H 0S/T 0C)
 da2: Delete methods: <NONE(*)>
 da3 at storvsc1 bus 0 scbus2 target 1 lun 1
 da3: < > Fixed Direct Access SCSI device
 da3: 300.000MB/s transfers
 da3: 0MB (0 512 byte sectors: 0H 0S/T 0C)
 da3: Delete methods: <NONE(*)>
 da5: < > Fixed Direct Access SCSI device
 da5: 300.000MB/s transfers
 da5: 0MB (0 512 byte sectors: 0H 0S/T 0C)
 da5: Delete methods: <NONE(*)>
 da4: < > Fixed Direct Access SCSI device
 da4: 300.000MB/s transfers
 da4: 0MB (0 512 byte sectors: 0H 0S/T 0C)
 da4: Delete methods: <NONE(*)>

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Tue Jan 26 02:13:57 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E4117A46965
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Tue, 26 Jan 2016 02:13:57 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id D445180E
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 02:13:57 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0Q2Dv3A067985
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 02:13:57 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206630] [Hyper-V]FreeBSD 10.2 on Windows 10 & 2016 server may
 not boot due to multiple invalid disks issue
Date: Tue, 26 Jan 2016 02:13:58 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: honzhan@microsoft.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206630-8-ARJWyPxmyn@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206630-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206630-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2016 02:13:58 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206630

--- Comment #1 from Hongjiang <honzhan@microsoft.com> ---
The fix of this issue has already been committed to head. The code review f=
or
it is https://reviews.freebsd.org/D4928.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Tue Jan 26 02:15:13 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8322CA46A27
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Tue, 26 Jan 2016 02:15:13 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 72FF4878
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 02:15:13 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0Q2FDlA024229
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 02:15:13 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206630] [Hyper-V]FreeBSD 10.2 on Windows 10 & 2016 server may
 not boot due to multiple invalid disks issue
Date: Tue, 26 Jan 2016 02:15:13 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: honzhan@microsoft.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: attachments.created
Message-ID: <bug-206630-8-shyYL0rWOO@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206630-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206630-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2016 02:15:13 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206630

--- Comment #2 from Hongjiang <honzhan@microsoft.com> ---
Created attachment 166126
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D166126&action=
=3Dedit
The patch to fix multiple disk issues on windows 10 & 2016 server

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Tue Jan 26 04:02:54 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 215B9A46F1B
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Tue, 26 Jan 2016 04:02:54 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 1199A1F82
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 04:02:54 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0Q42raB082151
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 04:02:53 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 205256] Segmentation fault with mount_smbfs
Date: Tue, 26 Jan 2016 04:02:54 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Ports & Packages
X-Bugzilla-Component: Individual Port(s)
X-Bugzilla-Version: Latest
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: vas@mpeks.tomsk.su
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-205256-8-PxaXrwWBEb@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-205256-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-205256-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2016 04:02:54 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D205256

--- Comment #4 from vas@mpeks.tomsk.su ---
I have reproduced on 9.3-RELEASE-p33 and libiconv-1.14_9.

# mount_smbfs -E koi8-r:cp866 -W sibptus //scanserver@FS03-SIBPTUS/PUB /mnt2
Segmentation fault (core dumped)


Need a fix ASAP.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Tue Jan 26 05:01:13 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 43C72A460F5
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Tue, 26 Jan 2016 05:01:13 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 322891BF0
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 05:01:13 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0Q51Cea048715
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 05:01:13 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 205256] Segmentation fault with mount_smbfs
Date: Tue, 26 Jan 2016 05:01:13 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Ports & Packages
X-Bugzilla-Component: Individual Port(s)
X-Bugzilla-Version: Latest
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: vas@mpeks.tomsk.su
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-205256-8-ivsp0yPYRt@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-205256-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-205256-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2016 05:01:13 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D205256

--- Comment #5 from vas@mpeks.tomsk.su ---
I had to force-install libiconv-1.14_8.txz (which I had obtained from a tape
dump) and this worked around the problem.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Tue Jan 26 05:27:03 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 32215A4684D
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Tue, 26 Jan 2016 05:27:03 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 0853A856
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 05:27:03 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0Q5R2G3019655
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 05:27:02 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206634] panic: ncllock1 after NFSv4 server was taken offline
 and brought back to life; lots of spam about
Date: Tue, 26 Jan 2016 05:27:03 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ngie@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
 attachments.created
Message-ID: <bug-206634-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2016 05:27:03 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206634

            Bug ID: 206634
           Summary: panic: ncllock1 after NFSv4 server was taken offline
                    and brought back to life; lots of spam about
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: ngie@FreeBSD.org

Created attachment 166130
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D166130&action=
=3Dedit
Panic screenshot from IPMI

A FreeBSD 11.0-CURRENT NFSv4 client with a GENERIC-NODEBUG kernel panicked =
with
`panic: ncllock1` after the NFSv4 server it was connected to was brought
offline, then brought back to life.

I've attached some screenshots. Unfortunately I can't get a dump because my
swap device is too small :(...

The last built kernel/world was from this github revision:

commit ec77f0bef381d18a7cb6847d3e0f02c0f4087f05
Author: imp <imp@FreeBSD.org>
Date:   Tue Jan 5 21:20:47 2016 +0000

    Use the more proper -f. Leave /bin/rm in place since that's what
    other rc scripts have, though it isn't strictly necessary.

Notes:
    svn path=3D/head/; revision=3D293227

The machine's still up -- please let me know if there's anything I can grab=
 to
help with debugging this issue.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Tue Jan 26 05:27:50 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id BAB03A468A4
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Tue, 26 Jan 2016 05:27:50 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id A9B438AF
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 05:27:50 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0Q5RobT020735
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 05:27:50 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206634] panic: ncllock1 after NFSv4 server was taken offline
 and brought back to life; lots of spam about "protocol prob err=10006"
Date: Tue, 26 Jan 2016 05:27:50 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ngie@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: short_desc cc
Message-ID: <bug-206634-8-szS0OQ8l2r@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206634-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206634-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2016 05:27:50 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206634

NGie Cooper <ngie@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|panic: ncllock1 after NFSv4 |panic: ncllock1 after NFSv4
                   |server was taken offline    |server was taken offline
                   |and brought back to life;   |and brought back to life;
                   |lots of spam about          |lots of spam about
                   |                            |"protocol prob err=3D10006"
                 CC|                            |rmacklem@FreeBSD.org

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Tue Jan 26 05:28:13 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id DA8AAA468E5
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Tue, 26 Jan 2016 05:28:13 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id C9EFD91C
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 05:28:13 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0Q5SDRB021281
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 05:28:13 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206634] "panic: ncllock1" from FreeBSD client after NFSv4
 server was taken offline and brought back to life; lots of spam about
 "protocol prob err=10006"
Date: Tue, 26 Jan 2016 05:28:13 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ngie@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: short_desc
Message-ID: <bug-206634-8-efj4sM3MPj@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206634-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206634-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2016 05:28:13 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206634

NGie Cooper <ngie@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|panic: ncllock1 after NFSv4 |"panic: ncllock1" from
                   |server was taken offline    |FreeBSD client after NFSv4
                   |and brought back to life;   |server was taken offline
                   |lots of spam about          |and brought back to life;
                   |"protocol prob err=3D10006"   |lots of spam about
                   |                            |"protocol prob err=3D10006"

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Tue Jan 26 06:09:05 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 80C18A468EE
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Tue, 26 Jan 2016 06:09:05 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 70901BD0
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 06:09:05 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0Q695e0087962
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 06:09:05 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206634] "panic: ncllock1" from FreeBSD client after NFSv4
 server was taken offline and brought back to life; lots of spam about
 "protocol prob err=10006"
Date: Tue, 26 Jan 2016 06:09:05 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: linimon@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-fs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: assigned_to
Message-ID: <bug-206634-8-SB6FHk0yda@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206634-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206634-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2016 06:09:05 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206634

Mark Linimon <linimon@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|freebsd-bugs@FreeBSD.org    |freebsd-fs@FreeBSD.org

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Tue Jan 26 06:09:35 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B5265A46976
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Tue, 26 Jan 2016 06:09:35 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id A5932CA8
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 06:09:35 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0Q69ZbO006855
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 06:09:35 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206600] geli with new "setkey -n 1" pwd is rejecting pwd 3
 times, than asking for gpt/zfs0.eli pwd
Date: Tue, 26 Jan 2016 06:09:35 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: linimon@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-geom@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: assigned_to
Message-ID: <bug-206600-8-sGv2AEmbL9@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206600-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206600-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2016 06:09:35 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206600

Mark Linimon <linimon@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|freebsd-bugs@FreeBSD.org    |freebsd-geom@FreeBSD.org

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Tue Jan 26 06:09:44 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id CF9F4A469D9
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Tue, 26 Jan 2016 06:09:44 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id C0949D2A
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 06:09:44 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0Q69iL9012984
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 06:09:44 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206599] Geli restore from backuped geli-metadata is not possible
Date: Tue, 26 Jan 2016 06:09:44 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: linimon@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-geom@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: assigned_to
Message-ID: <bug-206599-8-mZH7KOJIhF@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206599-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206599-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2016 06:09:44 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206599

Mark Linimon <linimon@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|freebsd-bugs@FreeBSD.org    |freebsd-geom@FreeBSD.org

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Tue Jan 26 06:11:00 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2DAC1A46ADA
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Tue, 26 Jan 2016 06:11:00 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 1E14EE10
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 06:11:00 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0Q6AxnI057657
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 06:10:59 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206630] [Hyper-V]FreeBSD 10.2 on Windows 10 & 2016 server may
 not boot due to multiple invalid disks issue
Date: Tue, 26 Jan 2016 06:10:59 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-STABLE
X-Bugzilla-Keywords: patch
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: linimon@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: emulation@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: keywords assigned_to
Message-ID: <bug-206630-8-sKXQkV3Yaa@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206630-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206630-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2016 06:11:00 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206630

Mark Linimon <linimon@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |patch
           Assignee|freebsd-bugs@FreeBSD.org    |emulation@FreeBSD.org

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Tue Jan 26 15:31:31 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9C2BBA6E913
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Tue, 26 Jan 2016 15:31:31 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 843F61323
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 15:31:31 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0QFVVJD060780
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 15:31:31 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206647] incomplete output in mtree output message
Date: Tue, 26 Jan 2016 15:31:31 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 10.2-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: olgeni@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-206647-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2016 15:31:31 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206647

            Bug ID: 206647
           Summary: incomplete output in mtree output message
           Product: Base System
           Version: 10.2-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: olgeni@FreeBSD.org

Trivial but true :)

When running mtree, sometimes the console output may be incomplete.

You can trick it this way:

# chflags schg /var/empty
# mtree -deU -f /etc/mtree/BSD.var.dist -p /var
empty:  flags ("schg" is not "schg,uarch", modified to "none")
# mtree -deU -f /etc/mtree/BSD.var.dist -p /var
empty:  flags ("schg" is not "none"

The last message is also missing the "\n" at the end.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Tue Jan 26 17:29:06 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4A67EA46F06
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Tue, 26 Jan 2016 17:29:06 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 315AB1C9E
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 17:29:06 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0QHT6Bv071834
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 17:29:06 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206648] Fix double strlen in ktrstruct
Date: Tue, 26 Jan 2016 17:29:06 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: ecturt@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-206648-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2016 17:29:06 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206648

            Bug ID: 206648
           Summary: Fix double strlen in ktrstruct
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: ecturt@gmail.com

The `ktrstruct` function from `sys/kern/kern_ktrace.c` was calling `strlen`=
 on
`name` twice, which could have lead to a race attack (contents of `name`
changed between these two calls). I've verified that this wasn't previously
optimised into a single call to `strlen` in a compiled kernel.

There is no way to exploit this bug since it is only used by macros which p=
ass
strings with static contents:

#define ktrsockaddr(s) \
 ktrstruct("sockaddr", (s), ((struct sockaddr *)(s))->sa_len)
#define ktrstat(s) \
 ktrstruct("stat", (s), sizeof(struct stat))

However, this situation is fragile, and should be patched to prevent the
possibility of being exploited in the future if ever `ktrstruct` is passed a
non-static name. At the very least, this patch will also be a very minor
optimisation.

Current:

void
ktrstruct(name, data, datalen)
        const char *name;
        void *data;
        size_t datalen;
{
        struct ktr_request *req;
        char *buf =3D NULL;
        size_t buflen;

        if (!data)
                datalen =3D 0;
        buflen =3D strlen(name) + 1 + datalen;
        buf =3D malloc(buflen, M_KTRACE, M_WAITOK);
        strcpy(buf, name);
        bcopy(data, buf + strlen(name) + 1, datalen);
        if ((req =3D ktr_getrequest(KTR_STRUCT)) =3D=3D NULL) {
                free(buf, M_KTRACE);
                return;
        }
        req->ktr_buffer =3D buf;
        req->ktr_header.ktr_len =3D buflen;
        ktr_submitrequest(curthread, req);
}

Patched:

void
ktrstruct(name, data, datalen)
        const char *name;
        void *data;
        size_t datalen;
{
        struct ktr_request *req;
        char *buf =3D NULL;
        size_t namelen;
        size_t buflen;

        if (!data)
                datalen =3D 0;

        namelen =3D strlen(name);

        buflen =3D namelen + 1 + datalen;
        buf =3D malloc(buflen, M_KTRACE, M_WAITOK);
        strcpy(buf, name);
        bcopy(data, buf + namelen + 1, datalen);
        if ((req =3D ktr_getrequest(KTR_STRUCT)) =3D=3D NULL) {
                free(buf, M_KTRACE);
                return;
        }
        req->ktr_buffer =3D buf;
        req->ktr_header.ktr_len =3D buflen;
        ktr_submitrequest(curthread, req);
}

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Tue Jan 26 17:32:15 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8AD5BA6E1CB
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Tue, 26 Jan 2016 17:32:15 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 7CD601F0E
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 17:32:15 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0QHWFwQ082108
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 17:32:15 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206648] Fix double strlen in ktrstruct
Date: Tue, 26 Jan 2016 17:32:15 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: ecturt@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206648-8-9HjyhWoRd6@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206648-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206648-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2016 17:32:15 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206648

--- Comment #1 from CTurt <ecturt@gmail.com> ---
Here's the commit which introduced the bug:

http://lists.freebsd.org/pipermail/svn-src-head/2010-July/018600.html

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Tue Jan 26 17:45:35 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5FB04A6E69C
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Tue, 26 Jan 2016 17:45:35 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 339A7664
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 17:45:35 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0QHjZTD006775
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 17:45:35 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206648] Fix double strlen in ktrstruct
Date: Tue, 26 Jan 2016 17:45:35 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: mjg@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-206648-8-KCzfgzcM8G@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206648-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206648-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2016 17:45:35 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206648

Mateusz Guzik <mjg@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mjg@FreeBSD.org

--- Comment #2 from Mateusz Guzik <mjg@FreeBSD.org> ---
The code is fine correctness-wise, although indeed could be improved by get=
ting
rid of double strlen, I'll maybe commit that later.

If you make changes you would like to submit, please make actual patches (d=
iff
-u, svn diff, git diff, whatever).

Now to the point:
buflen =3D strlen(name) + 1 datalen;=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20
buf =3D malloc(buflen, M_KTRACE, M_WAITOK);
strcpy(buf, name);
bcopy(data, buf + strlen(name) + 1, datalen);

The claim is that calling strlen twice would be problematic if the string c=
ould
change.

First of all, if that was really the case, we would run into trouble with
strcpy. Further, if it could change, maybe it also could be freed?

Clearly, the kernel code needs to ensure the stability of the string. If it=
 is
assumed the string is not going to change, the code is perfectly fine, alth=
ough
somewhat inefficient.

If the string is in kernel memory and can change, appropriate locks need to=
 be
held across the call. If it is in user memory, it has to be brought in with
things like copyin().

Regardless, I see no bug nor an insecure practice here. If one was to not t=
rust
anything, it would be impossible to implement stuff.

That said thanks for bringing this up, that strlen would really use getting=
 rid
of, but there is nothing to fix correctness-wise or even in the spirit of
defensive programming. One could consider adding an assertion the buffer
belongs to the kernel, but then why would this function be special.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Tue Jan 26 18:10:38 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 942DAA6EE80
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Tue, 26 Jan 2016 18:10:38 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 8604C1241
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 18:10:38 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0QIAcVx014912
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 18:10:38 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206648] Fix double strlen in ktrstruct
Date: Tue, 26 Jan 2016 18:10:38 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: mjg@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206648-8-LxXNl5R4rc@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206648-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206648-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2016 18:10:38 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206648

--- Comment #3 from Mateusz Guzik <mjg@FreeBSD.org> ---
Maybe it should be noted that even with all callers behaving as they should,
there indeed could be a problem here. If there was a bug elsewhere in the
kernel allowing someone to modify the passed string they could indeed try to
trick the kernel into overflowing the buffer by moving the null terminator
before strcpy is called.

However, I consider trying to fight these kind of problems in this way to b=
e a
non-starter.

That said, the code is somewhat weaker than it could be, but changing this
place while there are zilions other places with similar kind of issues is n=
ot
the way to go. Same thing applies to kernels from other projects.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Tue Jan 26 18:41:31 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8D140A46CFA
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Tue, 26 Jan 2016 18:41:31 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 7E67A1E1
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 18:41:31 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0QIfV2r092757
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 18:41:31 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206649] [cyapa][patch] common touchpad gestures
Date: Tue, 26 Jan 2016 18:41:31 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: patch
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: alexander.m.mishurov@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status keywords bug_severity priority component assigned_to
 reporter attachments.created
Message-ID: <bug-206649-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2016 18:41:31 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206649

            Bug ID: 206649
           Summary: [cyapa][patch] common touchpad gestures
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Many People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: alexander.m.mishurov@gmail.com
          Keywords: patch

Created attachment 166152
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D166152&action=
=3Dedit
Add two touchpad gestures

Commonly used gestures for Cypress i2c touchpad.
* Two finger tap for right click.
* Tap and drag gesture: hold on the second tap to drag.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Tue Jan 26 19:22:03 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3A32AA6EC6C
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Tue, 26 Jan 2016 19:22:03 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 11174E06
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 19:22:03 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0QJM2QC005046
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 19:22:02 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206652] [ext2fs][patch] EXT4: sparse file fixes and mmap
 optimizations
Date: Tue, 26 Jan 2016 19:22:03 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: patch
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: damjan.jov@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status keywords bug_severity priority component assigned_to
 reporter cc attachments.created
Message-ID: <bug-206652-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2016 19:22:03 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206652

            Bug ID: 206652
           Summary: [ext2fs][patch] EXT4: sparse file fixes and mmap
                    optimizations
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: damjan.jov@gmail.com
                CC: freebsd-fs@FreeBSD.org

Created attachment 166156
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D166156&action=
=3Dedit
fix handling files with sparse blocks before extent's index, and implement =
runb
in mmap

It turns out that the ei_blk on the first struct ext4_extent_index in an EX=
T4
file's root extent isn't 0 if the file starts with sparse blocks. This will
cause ext4_ext_binsearch_index() to keep passing the "if (lbn < m->ei_blk)"
test, moving r to the left, until r < l, then set "path->ep_index =3D l - 1=
;"
resulting in garbage data being read from wrong disk blocks since
path->ep_index is pointing to before the first element of the array.

I've attached a patch that keeps track of the first and last block in each
extent as it descends down the extent tree, thus being able to work out that
some blocks are sparse earlier, preventing the previous out of range proble=
m.
Tracking the first and last block in each extent also lets us calculate whe=
re
sparse extents end better, passing larger values to read ahead in mmap.

In ext4_bmapext() I've also started supporting the runb parameter (which is
apparently the number of adjacent blocks prior to the block being converted=
 in
the same way that runp is the number of blocks after), which has sped up ra=
ndom
access to mmaped files.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Tue Jan 26 23:30:24 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A0D4DA6F655
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Tue, 26 Jan 2016 23:30:24 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 92B5E17C5
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 23:30:24 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0QNUOou063264
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 23:30:24 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206613] dhcpcd 6.10.1 crashes the 10.2-RELEASE kernel.
Date: Tue, 26 Jan 2016 23:30:24 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-RELEASE
X-Bugzilla-Keywords: crash, needs-patch, needs-qa
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: g_amanakis@yahoo.com
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206613-8-AULTxtaDBm@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206613-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206613-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2016 23:30:24 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206613

--- Comment #4 from g_amanakis@yahoo.com ---
I tried my dhcpcd.conf configuration on a vanilla usb install of
"FreeBSD-10.2-RELEASE-amd64-uefi-memstick.img" and I can reproduce the issu=
e.
This was on bare metal hardware.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Tue Jan 26 23:31:14 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id BB92DA6F6DC
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Tue, 26 Jan 2016 23:31:14 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id ACE381A81
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 23:31:14 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0QNVEYV065829
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 23:31:14 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206613] dhcpcd 6.10.1 crashes the 10.2-RELEASE kernel.
Date: Tue, 26 Jan 2016 23:31:14 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-RELEASE
X-Bugzilla-Keywords: crash, needs-patch, needs-qa
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: g_amanakis@yahoo.com
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: attachments.created
Message-ID: <bug-206613-8-yDDZCLL2yp@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206613-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206613-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2016 23:31:14 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206613

--- Comment #5 from g_amanakis@yahoo.com ---
Created attachment 166164
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D166164&action=
=3Dedit
dhcpcd.conf

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 02:53:50 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8C777A6F414
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 02:53:50 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 7D7121FFD
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 02:53:50 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0R2ro1D016149
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 02:53:50 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 205256] Segmentation fault with mount_smbfs
Date: Wed, 27 Jan 2016 02:53:50 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Ports & Packages
X-Bugzilla-Component: Individual Port(s)
X-Bugzilla-Version: Latest
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: vas@mpeks.tomsk.su
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-205256-8-eLcYiN2OcO@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-205256-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-205256-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 02:53:50 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D205256

--- Comment #6 from vas@mpeks.tomsk.su ---
Why is libkiconv from the base system affected in any way by
/usr/local/lib/libiconv from ports? Shouldn't we reclassify this bug into a
more serious category?

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 03:00:32 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 97F85A6F5D0
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 03:00:32 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 88EFE320
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 03:00:32 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0R30WBH090179
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 03:00:32 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206659] r294822: bad gptzfsboot?
Date: Wed, 27 Jan 2016 03:00:32 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ler@lerctr.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
 attachments.created
Message-ID: <bug-206659-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 03:00:32 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206659

            Bug ID: 206659
           Summary: r294822: bad gptzfsboot?
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: ler@lerctr.org

Created attachment 166168
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D166168&action=
=3Dedit
my script to update the boot blocks

I updated to r294822 today, and did my usual make -DNO_CLEAN -j 20 buildwor=
ld
buildkernel, and when done, make installworld installkernel && etcupdate &&
~ler/bin/update_boot.sh (which I'll attach).=20

When I rebooted, I came home to find it at an OK prompt, because it couldn't
find /boot/kernel.=20

Rebooting, it didn't use the ZFS enabled loader.=20

I got the current memstick image snapshot from 1/21/2016, and replaced the
gptzfsboot with that one, and we boot fine.=20

Ideas?

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 03:01:05 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 12CCCA6F6D2
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 03:01:05 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 040FC87B
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 03:01:05 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0R3148h022702
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 03:01:04 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206659] r294822: bad gptzfsboot?
Date: Wed, 27 Jan 2016 03:01:04 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ler@lerctr.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: attachments.created
Message-ID: <bug-206659-8-O76gWf33r7@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206659-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206659-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 03:01:05 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206659

--- Comment #1 from Larry Rosenman <ler@lerctr.org> ---
Created attachment 166169
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D166169&action=
=3Dedit
GOOD gptzfsboot from the snapshot

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 03:01:34 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 85054A6F722
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 03:01:34 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 76152A1C
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 03:01:34 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0R31YXu056312
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 03:01:34 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206659] r294822: bad gptzfsboot?
Date: Wed, 27 Jan 2016 03:01:34 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ler@lerctr.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: attachments.created
Message-ID: <bug-206659-8-x9MucvbFQS@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206659-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206659-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 03:01:34 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206659

--- Comment #2 from Larry Rosenman <ler@lerctr.org> ---
Created attachment 166170
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D166170&action=
=3Dedit
BAD gptzfsboot from buildworld

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 03:04:56 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A1C3FA6F877
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 03:04:56 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 92EC3CC2
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 03:04:56 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0R34uvA034143
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 03:04:56 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206659] r294822: bad gptzfsboot?
Date: Wed, 27 Jan 2016 03:04:56 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ler@lerctr.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206659-8-IBfvX8U88y@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206659-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206659-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 03:04:56 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206659

--- Comment #3 from Larry Rosenman <ler@lerctr.org> ---
previous build was r294058

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 05:01:09 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id CBCABA6FFE2
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 05:01:09 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id BA2EDA29
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 05:01:09 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0R519gw088898
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 05:01:09 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 132112] [patch] devd(8) unnecessarily reconfigures carp(4)
 interfaces
Date: Wed, 27 Jan 2016 05:01:10 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: unspecified
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: cmb@pfsense.org
X-Bugzilla-Status: In Progress
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-132112-8-57Vx5Wr3pv@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-132112-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-132112-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 05:01:09 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D132112

cmb@pfsense.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |cmb@pfsense.org

--- Comment #1 from cmb@pfsense.org ---
carp(4) interfaces no longer exist in FreeBSD 10.x and newer, hence this is=
 no
longer an issue and can be closed.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 09:42:26 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 025D5A6F616
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 09:42:26 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id EA644197C
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 09:42:25 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0R9gP1j029845
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 09:42:25 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206667] svn: E175012: Connection timed out
Date: Wed, 27 Jan 2016 09:42:26 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: tps@vr-web.de
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-206667-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 09:42:26 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206667

            Bug ID: 206667
           Summary: svn: E175012: Connection timed out
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: tps@vr-web.de

"svn: E175012: Connection timed out" this is found while checking out sourc=
es
or ports for all versions:

- 11-current
- 10.2-stable
- 10.2-release
- 10.1-stable
- 10.1-release
- 10.0-stable
- 10.0-release
- 9.3-stable
- 9.3-release
- 9.2-stable
- 9.2-release
- 9.1-stable
- 9.1-release
- 8.4-stable
- 8.4-release

on all servers:
- https://svn0.us-east.freebsd.org
- https://svn0.us-west.freebsd.org
- https://svn.freebsd.org

It takes multiple trials to check out once completely. From time to time it
doesn't work at all.

* subversion-1.9.2_1
* serf-1.3.8_1

proxy use doesn't matter. Timeouts occure even if the svn server is local,
standing right beside of the system checking out and the client is the only
system accessing the server.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 14:56:45 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id AAEC5A6FAA9
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 14:56:45 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9C1051E1A
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 14:56:45 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0REujoD041876
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 14:56:45 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206659] r294822: bad gptzfsboot?
Date: Wed, 27 Jan 2016 14:56:45 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: zeising@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_severity cc
Message-ID: <bug-206659-8-tdqKtxzcCM@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206659-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206659-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 14:56:45 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206659

Niclas Zeising <zeising@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Severity|Affects Only Me             |Affects Many People
                 CC|                            |zeising@FreeBSD.org

--- Comment #4 from Niclas Zeising <zeising@FreeBSD.org> ---
I can confirm.  Latest snapshot, r294499 works fine, however, r294908 does =
not.
 I haven't had time to minimize the window further yet.

The loader can't find the kernel.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 15:05:42 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 957EDA700DC
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 15:05:42 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 6CC201AD0
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 15:05:42 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0RF5gWR062892
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 15:05:42 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206678] OGIO_KEYMAP command does not restore priority level
Date: Wed, 27 Jan 2016 15:05:42 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ecturt@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-206678-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 15:05:42 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206678

            Bug ID: 206678
           Summary: OGIO_KEYMAP command does not restore priority level
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: ecturt@gmail.com

`genkbd_commonioctl` function from `sys/dev/kbd/kbd.c` begins by calling
`spltty()` to block hard interrupts from TTY:

int
genkbd_commonioctl(keyboard_t *kbd, u_long cmd, caddr_t arg)
{
        keymap_t *mapp;
        okeymap_t *omapp;
        keyarg_t *keyp;
        fkeyarg_t *fkeyp;splx
        int s;
        int i, j;
        int error;

        s =3D spltty();
        switch (cmd) {

It should always restore the original priority level using the `splx` funct=
ion
before returning. For example at the end of the function:

        splx(s);
        return (0);
}

And for any commands which need to return early:

        case GIO_KEYMAP:        /* get keyboard translation table */
                error =3D copyout(kbd->kb_keymap, *(void **)arg,
                    sizeof(keymap_t));
                splx(s);
                return (error);

The problem is that for the `OGIO_KEYMAP` command, this does not happen:

        case OGIO_KEYMAP:       /* get keyboard translation table (compat) =
*/
                mapp =3D kbd->kb_keymap;
                omapp =3D (okeymap_t *)arg;
                omapp->n_keys =3D mapp->n_keys;
                for (i =3D 0; i < NUM_KEYS; i++) {
                        for (j =3D 0; j < NUM_STATES; j++)
                                omapp->key[i].map[j] =3D
                                    mapp->key[i].map[j];
                        omapp->key[i].spcl =3D mapp->key[i].spcl;
                        omapp->key[i].flgs =3D mapp->key[i].flgs;
                }
                return (0);

My guess is that since this is a compatibility command, it was copied into =
here
from somewhere else, which is why the call to `splx` is missing.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 15:15:10 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A9FDDA70455
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 15:15:10 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9B2C01004
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 15:15:10 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0RFFAKr063160
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 15:15:10 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206659] r294822: bad gptzfsboot?
Date: Wed, 27 Jan 2016 15:15:10 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: zeising@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-206659-8-mKQoRn4Gvk@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206659-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206659-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 15:15:10 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206659

Niclas Zeising <zeising@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |imp@FreeBSD.org

--- Comment #5 from Niclas Zeising <zeising@FreeBSD.org> ---
I did a quick bisect of the change, r294750 still works, however r294770 is
broken.  imp@ did a series of commits, r294765 - r294769 that's most likely=
 the
culprit, although I haven't tried to narrow down exactly which commit.

I

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 15:16:09 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 735FEA704A5
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 15:16:09 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 64CFA1085
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 15:16:09 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0RFG9qC065146
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 15:16:09 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206659] r294822: bad gptzfsboot?
Date: Wed, 27 Jan 2016 15:16:09 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: zeising@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206659-8-SDVChycqV8@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206659-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206659-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 15:16:09 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206659

--- Comment #6 from Niclas Zeising <zeising@FreeBSD.org> ---
(In reply to Niclas Zeising from comment #5)


That's what I get for pressing save too soon...
I added imp@ to the CC list of this PR, hopefully he'll see this.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 15:29:21 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5A25BA709AE
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 15:29:21 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4B4611D49
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 15:29:21 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0RFTLYw091675
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 15:29:21 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206678] OGIO_KEYMAP command does not restore priority level
Date: Wed, 27 Jan 2016 15:29:21 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ecturt@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206678-8-1YUGkp24MQ@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206678-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206678-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 15:29:21 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206678

--- Comment #1 from CTurt <ecturt@gmail.com> ---
The solution is to replace the `return` with `break`:

https://github.com/HardenedBSD/hardenedBSD-playground/commit/9962f56bb8f942=
cf03a65b46e96ef26369571dec

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 15:30:33 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B158FA70A9B
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 15:30:33 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id A2C451E9D
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 15:30:33 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0RFUXNh093829
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 15:30:33 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206659] r294822: bad gptzfsboot?
Date: Wed, 27 Jan 2016 15:30:33 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: smh@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-206659-8-ydd2YhGnJo@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206659-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206659-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 15:30:33 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206659

Steven Hartland <smh@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |smh@FreeBSD.org

--- Comment #7 from Steven Hartland <smh@FreeBSD.org> ---
It would be really useful if you could narrow down which of these causes the
issue.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 15:36:18 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 68F8DA70D5A
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 15:36:18 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 5A42115B3
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 15:36:18 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0RFaHE1008502
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 15:36:18 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206659] r294822: bad gptzfsboot?
Date: Wed, 27 Jan 2016 15:36:18 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: allanjude@FreeBSD.org
X-Bugzilla-Status: In Progress
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_status cc
Message-ID: <bug-206659-8-BgCKGS8Kxf@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206659-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206659-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 15:36:18 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206659

Allan Jude <allanjude@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|New                         |In Progress
                 CC|                            |allanjude@FreeBSD.org

--- Comment #8 from Allan Jude <allanjude@FreeBSD.org> ---
The problem appears to be that in r294765 a common paths.h was introduced, =
and
it accidentally set the loader to be used to /boot/loader instead of
/boot/zfsloader

It is being fixed now.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 15:38:09 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2030FA70DF9
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 15:38:09 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 1138617E2
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 15:38:09 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0RFc8eo011329
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 15:38:08 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206659] r294822: bad gptzfsboot?
Date: Wed, 27 Jan 2016 15:38:08 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: zeising@FreeBSD.org
X-Bugzilla-Status: In Progress
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206659-8-PUAYrbG3oc@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206659-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206659-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 15:38:09 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206659

--- Comment #9 from Niclas Zeising <zeising@FreeBSD.org> ---
Sounds good.  I didn't have time to narrow it further, I'm afraid.  I will
continue with the bisection later unless the issue is already fixed.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 15:45:10 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7CFD2A6F03E
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 15:45:10 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 617961B2D
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 15:45:10 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0RFjA48028423
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 15:45:10 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206680] kbd race attacks
Date: Wed, 27 Jan 2016 15:45:10 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: cturt@hardenedbsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-206680-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 15:45:10 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206680

            Bug ID: 206680
           Summary: kbd race attacks
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: cturt@hardenedbsd.org

Whilst analysing my previous bug about the missing `splx` call in one of the
code paths for `genkbd_commonioctl`
(https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206678), I decided to =
look
at the declaration for the macro itself, in `sys/sys/systm.h`:

/* Stubs for obsolete functions that used to be for interrupt management */
static __inline intrmask_t      splbio(void)            { return 0; }
static __inline intrmask_t      splcam(void)            { return 0; }
static __inline intrmask_t      splclock(void)          { return 0; }
static __inline intrmask_t      splhigh(void)           { return 0; }
static __inline intrmask_t      splimp(void)            { return 0; }
static __inline intrmask_t      splnet(void)            { return 0; }
static __inline intrmask_t      spltty(void)            { return 0; }
static __inline void            splx(intrmask_t ipl __unused)   { return; }

Since these functions have been removed, but kbd has not been updated to
account for this, it means that none of the kbd code is thread safe.

For example, `kbd_realloc_array` contains a lovely, possible race attack:

        s =3D spltty();
        newsize =3D ((keyboards + ARRAY_DELTA)/ARRAY_DELTA)*ARRAY_DELTA;
        new_kbd =3D malloc(sizeof(*new_kbd)*newsize, M_DEVBUF, M_NOWAIT|M_Z=
ERO);
        if (new_kbd =3D=3D NULL) {
                splx(s);
                return (ENOMEM);
        }
        new_kbdsw =3D malloc(sizeof(*new_kbdsw)*newsize, M_DEVBUF,
                            M_NOWAIT|M_ZERO);
        if (new_kbdsw =3D=3D NULL) {
                free(new_kbd, M_DEVBUF);
                splx(s);
                return (ENOMEM);
        }
        bcopy(keyboard, new_kbd, sizeof(*keyboard)*keyboards);
        bcopy(kbdsw, new_kbdsw, sizeof(*kbdsw)*keyboards);
        if (keyboards > 1) {
                free(keyboard, M_DEVBUF);
                free(kbdsw, M_DEVBUF);
        }
        keyboard =3D new_kbd;
        kbdsw =3D new_kbdsw;
        keyboards =3D newsize;
        splx(s);

This code would have been safe because of the `spltty`, and `splx` locks, b=
ut
since these functions no longer do anything, we have a very brief window wh=
ere
the buffers have been freed, but have not been set to the new allocations. =
If
the thread were to be preempted at this point, and another thread attempted=
 to
use the buffers, a use after free would occur.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 15:46:26 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 02147A6F0A3
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 15:46:26 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id E76221BCE
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 15:46:25 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0RFkPSu030543
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 15:46:25 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206678] OGIO_KEYMAP command does not restore priority level
Date: Wed, 27 Jan 2016 15:46:26 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: cturt@hardenedbsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206678-8-biAD3c13Kv@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206678-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206678-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 15:46:26 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206678

--- Comment #2 from CTurt <cturt@hardenedbsd.org> ---
Related: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206680

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 16:16:33 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C99E1A6FBCB
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 16:16:33 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id BAD111B88
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 16:16:33 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0RGGXl7029258
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 16:16:33 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206678] OGIO_KEYMAP command does not restore priority level
Date: Wed, 27 Jan 2016 16:16:33 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: mokhi64@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc see_also
Message-ID: <bug-206678-8-G3zTMV6VAo@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206678-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206678-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 16:16:33 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206678

Mahdi Mokhtari <mokhi64@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mokhi64@gmail.com
           See Also|                            |https://bugs.freebsd.org/bu
                   |                            |gzilla/show_bug.cgi?id=3D2=
066
                   |                            |80

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 16:16:34 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3D824A6FBCD
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 16:16:34 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 2EFAE1B8D
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 16:16:34 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0RGGXlD029258
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 16:16:34 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206680] kbd race attacks
Date: Wed, 27 Jan 2016 16:16:33 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: mokhi64@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: see_also
Message-ID: <bug-206680-8-6KxydzI9mz@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206680-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206680-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 16:16:34 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206680

Mahdi Mokhtari <mokhi64@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           See Also|                            |https://bugs.freebsd.org/bu
                   |                            |gzilla/show_bug.cgi?id=3D2=
066
                   |                            |78

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 16:19:33 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1B6D4A6FDAB
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 16:19:33 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 0C7191ED2
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 16:19:33 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0RGJWrp033556
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 16:19:32 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206678] OGIO_KEYMAP command does not restore priority level
Date: Wed, 27 Jan 2016 16:19:33 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: dogfood, patch, security
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: mokhi64@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: mokhi64@gmail.com
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: keywords assigned_to
Message-ID: <bug-206678-8-D6azPgXm0e@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206678-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206678-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 16:19:33 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206678

Mahdi Mokhtari <mokhi64@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |dogfood, patch, security
           Assignee|freebsd-bugs@FreeBSD.org    |mokhi64@gmail.com

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 16:30:49 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 39416A70170
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 16:30:49 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 2ADAA150F
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 16:30:49 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0RGUmac057685
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 16:30:49 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206659] r294822: bad gptzfsboot?
Date: Wed, 27 Jan 2016 16:30:49 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: imp@FreeBSD.org
X-Bugzilla-Status: In Progress
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206659-8-uARY9IpW02@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206659-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206659-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 16:30:49 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206659

--- Comment #10 from Warner Losh <imp@FreeBSD.org> ---
Just about to push a fix.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 16:36:22 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id ABE4BA70398
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 16:36:22 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9D376187B
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 16:36:22 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0RGaMQu071929
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 16:36:22 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206659] r294822: bad gptzfsboot?
Date: Wed, 27 Jan 2016 16:36:22 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: commit-hook@freebsd.org
X-Bugzilla-Status: In Progress
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206659-8-7eBjYbweY6@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206659-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206659-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 16:36:22 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206659

--- Comment #11 from commit-hook@freebsd.org ---
A commit references this bug:

Author: imp
Date: Wed Jan 27 16:36:19 UTC 2016
New revision: 294925
URL: https://svnweb.freebsd.org/changeset/base/294925

Log:
  Fix mistake when transitioning to the new defines with ZFS loader. I
  hate adding yet another define, but it is the lessor of the evil
  choices available. Kill another evil by removing PATH_BOOT3 and
  replacing it with PATH_LOADER or PATH_LOADER_ZFS as appropriate.

  PR: 206659

Changes:
  head/sys/boot/common/paths.h
  head/sys/boot/i386/boot2/boot2.c
  head/sys/boot/i386/gptboot/gptboot.c
  head/sys/boot/i386/zfsboot/zfsboot.c
  head/sys/boot/mips/beri/boot2/boot2.c
  head/sys/boot/pc98/boot2/boot2.c

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 18:43:02 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 03D5AA6E32D
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 18:43:02 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id E9C991234
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 18:43:01 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0RIh1hk048941
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 18:43:01 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206680] kbd race attacks
Date: Wed, 27 Jan 2016 18:43:02 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: mokhi64@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206680-8-8nqf7HPSAI@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206680-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206680-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 18:43:02 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206680

--- Comment #1 from Mahdi Mokhtari <mokhi64@gmail.com> ---
(In reply to CTurt from comment #0)
So you think we should have locks for ensuring 'new_kbd', 'keyboard' and
'kbdsw' are being used thread-safe, yes?

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 18:45:21 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7A95AA6E3CD
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 18:45:21 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 6C26912D7
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 18:45:21 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0RIjLFM052508
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 18:45:21 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206680] kbd race attacks
Date: Wed, 27 Jan 2016 18:45:21 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-patch, security
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: mokhi64@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: keywords
Message-ID: <bug-206680-8-BhNtGljYsh@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206680-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206680-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 18:45:21 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206680

Mahdi Mokhtari <mokhi64@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |needs-patch, security

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 18:49:25 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 574E6A6E57F
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 18:49:25 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 48D0E157C
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 18:49:25 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0RInOch058197
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 18:49:25 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206680] kbd race attacks
Date: Wed, 27 Jan 2016 18:49:25 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-patch, security
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: cturt@hardenedbsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206680-8-RM6UUad2Gx@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206680-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206680-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 18:49:25 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206680

--- Comment #2 from CTurt <cturt@hardenedbsd.org> ---
Correct.

I cited `kbd_realloc_array` in my comment because it is the most blatant
example of code which is no longer thread safe, following the removal of
`spltty` and `splx`.

However, it is not just `kbd_realloc_array` which needs to be sorted. The w=
hole
of this source file seems to rely on using `spltty` to prevent race attacks,
which means multiple locks will probably need to be used.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 18:52:13 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E6CE2A6E7BD
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 18:52:13 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id D88B71984
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 18:52:13 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0RIqDAc066686
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 18:52:13 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206680] kbd race attacks
Date: Wed, 27 Jan 2016 18:52:14 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-patch, security
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: mokhi64@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206680-8-jupjNdVmhL@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206680-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206680-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 18:52:14 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206680

--- Comment #3 from Mahdi Mokhtari <mokhi64@gmail.com> ---
(In reply to CTurt from comment #2)
Okay, got it :D
Thanks for your clear comments, sure it'll help us to make this file
thread-safe again.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 18:52:54 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0A0B4A6E806
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 18:52:54 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id EFBCB1A21
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 18:52:53 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0RIqrVw069324
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 18:52:53 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206680] kbd race attacks
Date: Wed, 27 Jan 2016 18:52:54 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-patch, security
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: mokhi64@gmail.com
X-Bugzilla-Status: In Progress
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: mokhi64@gmail.com
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: assigned_to bug_status
Message-ID: <bug-206680-8-ELxrDgS5hh@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206680-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206680-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 18:52:54 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206680

Mahdi Mokhtari <mokhi64@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|freebsd-bugs@FreeBSD.org    |mokhi64@gmail.com
             Status|New                         |In Progress

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 19:53:30 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4C4C4A70210
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 19:53:30 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 3DBE5136F
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 19:53:30 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0RJrTZl028187
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 19:53:30 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206659] r294822: bad gptzfsboot?
Date: Wed, 27 Jan 2016 19:53:30 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: ler@lerctr.org
X-Bugzilla-Status: In Progress
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206659-8-uhzLAL5xwx@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206659-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206659-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 19:53:30 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206659

--- Comment #12 from Larry Rosenman <ler@lerctr.org> ---
confirmed good at r294926

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 19:55:48 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 58DA9A702D8
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 19:55:48 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4A62215DA
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 19:55:48 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0RJtmlH031627
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 19:55:48 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206648] Fix double strlen in ktrstruct
Date: Wed, 27 Jan 2016 19:55:48 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: commit-hook@freebsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206648-8-68easQ5jT1@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206648-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206648-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 19:55:48 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206648

--- Comment #4 from commit-hook@freebsd.org ---
A commit references this bug:

Author: mjg
Date: Wed Jan 27 19:55:03 UTC 2016
New revision: 294934
URL: https://svnweb.freebsd.org/changeset/base/294934

Log:
  ktrace: tidy up ktrstruct

  - minor style fixes
  - avoid doing strlen twice [1]

  PR:           206648
  Submitted by: C Turt <ecturt gmail.com> (original version) [1]

Changes:
  head/sys/kern/kern_ktrace.c

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 19:57:25 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id DCCD5A70376
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 19:57:25 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id CE2C51820
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 19:57:25 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0RJvP2E034084
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 19:57:25 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206648] Fix double strlen in ktrstruct
Date: Wed, 27 Jan 2016 19:57:25 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: mjg@FreeBSD.org
X-Bugzilla-Status: Closed
X-Bugzilla-Resolution: FIXED
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: resolution bug_status
Message-ID: <bug-206648-8-TCP6tJFZUP@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206648-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206648-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 19:57:26 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206648

Mateusz Guzik <mjg@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|New                         |Closed

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 20:34:26 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0BB3DA6F003
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 20:34:26 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id F0FA0117E
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 20:34:25 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0RKYPBR049605
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 20:34:25 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206381] gnu/lib/libgcc builds without debug info
Date: Wed, 27 Jan 2016 20:34:26 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: misc
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: emaste@freebsd.org
X-Bugzilla-Status: In Progress
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_status
Message-ID: <bug-206381-8-3LuMS8BLxQ@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206381-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206381-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 20:34:26 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206381

Ed Maste <emaste@freebsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|New                         |In Progress

--- Comment #5 from Ed Maste <emaste@freebsd.org> ---
kan fixed the C source in r294935
https://svnweb.freebsd.org/changeset/base/294935

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 20:35:10 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 84BB3A6F0AA
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 20:35:10 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 7593E121C
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 20:35:10 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0RKZA3j050744
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 20:35:10 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206381] gnu/lib/libgcc builds without debug info
Date: Wed, 27 Jan 2016 20:35:10 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: misc
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: emaste@freebsd.org
X-Bugzilla-Status: In Progress
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: flagtypes.name cc
Message-ID: <bug-206381-8-C71gWmlWz9@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206381-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206381-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 20:35:10 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206381

Ed Maste <emaste@freebsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|                            |mfc-stable9?, mfc-stable10?
                 CC|                            |kan@FreeBSD.org

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 22:50:21 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 222A6A700DF
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 22:50:21 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 13C7D6C7
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 22:50:21 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0RMoKXO049697
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 22:50:20 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 176407] [puc] SIIG Cyber S2P1 has speed problems with puc driver
Date: Wed, 27 Jan 2016 22:50:21 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: unspecified
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: commit-hook@freebsd.org
X-Bugzilla-Status: In Progress
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-176407-8-ehQMCijEri@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-176407-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-176407-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 22:50:21 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D176407

--- Comment #2 from commit-hook@freebsd.org ---
A commit references this bug:

Author: marius
Date: Wed Jan 27 22:50:05 UTC 2016
New revision: 294961
URL: https://svnweb.freebsd.org/changeset/base/294961

Log:
  - Add an entry for the SIIG Cyber 2SP1 PCIe adapter, which is based
    on an Oxford Semiconductor OX16PCI954 but uses only two ports and
    a non-default clock rate. [1]
  - Add entries for the more prominent members of the Digi International
    Neo series, which are based on Exar PCI chips.
    Tested by: Patrick Powell
  - Mark some unused parameters as such.
  - Fix style/whitespace

  PR:           176407 [1]

Changes:
_U  stable/10/
  stable/10/sys/dev/puc/pucdata.c

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Wed Jan 27 22:51:33 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 959D7A701FA
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 22:51:33 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 874518B8
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 22:51:33 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0RMpXZP055701
 for <freebsd-bugs@FreeBSD.org>; Wed, 27 Jan 2016 22:51:33 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206648] Fix double strlen in ktrstruct
Date: Wed, 27 Jan 2016 22:51:33 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: op@hardenedbsd.org
X-Bugzilla-Status: Closed
X-Bugzilla-Resolution: FIXED
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable10?
X-Bugzilla-Changed-Fields: cc flagtypes.name
Message-ID: <bug-206648-8-BvMDU1rABh@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206648-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206648-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 22:51:33 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206648

op@hardenedbsd.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |op@hardenedbsd.org
              Flags|                            |mfc-stable10?

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Thu Jan 28 01:33:25 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9136FA70ACC
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Thu, 28 Jan 2016 01:33:25 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 82A3E152C
 for <freebsd-bugs@FreeBSD.org>; Thu, 28 Jan 2016 01:33:25 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0S1XPBh027668
 for <freebsd-bugs@FreeBSD.org>; Thu, 28 Jan 2016 01:33:25 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206699] [Hyper-V]FreeBSD potential NULL pointer dereference in
 storage bounce buffer
Date: Thu, 28 Jan 2016 01:33:25 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: honzhan@microsoft.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
 attachments.created
Message-ID: <bug-206699-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jan 2016 01:33:25 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206699

            Bug ID: 206699
           Summary: [Hyper-V]FreeBSD potential NULL pointer dereference in
                    storage bounce buffer
           Product: Base System
           Version: 10.2-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: honzhan@microsoft.com

Created attachment 166215
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D166215&action=
=3Dedit
Patch to fix the NULL pointer dereference

This bug is reported from NetApp:
--------------
We found, what we believe to be, a bug in storvsc_create_bounce_buffer and
storvsc_destroy_bounce_buffer.

http://fxr.watson.org/fxr/source/dev/hyperv/storvsc/hv_storvsc_drv_freebsd.=
c?v=3DFREEBSD10#L1529

A panic was hit when the g_hv_sgl_page_pool.in_use_sgl_list list is empty. =
 The
remove of a NULL sgl_node causes a page fault.

To address this (and the same code in create_bounce_buffer), we added a
LIST_EMPTY check prior to calling LIST_FIRST and LIST_REMOVE.
--------------

This bug cannot be easily reproduced. It may be triggered in some corner ca=
se.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Thu Jan 28 02:07:20 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B9638A6F6B9
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Thu, 28 Jan 2016 02:07:20 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id AA5FC145B
 for <freebsd-bugs@FreeBSD.org>; Thu, 28 Jan 2016 02:07:20 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0S27Kd5063043
 for <freebsd-bugs@FreeBSD.org>; Thu, 28 Jan 2016 02:07:20 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206386] vendor/libarchive: directory traversal
 vulnerability/local denial of services
Date: Thu, 28 Jan 2016 02:07:20 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: patch, patch-ready, security
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: junovitch@freebsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-206386-8-QyAsEFwLS8@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206386-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206386-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jan 2016 02:07:20 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206386

Jason Unovitch <junovitch@freebsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |delphij@FreeBSD.org

--- Comment #6 from Jason Unovitch <junovitch@freebsd.org> ---
Add to CC; are we going to look at lumping this in with the pre-announced
OpenSSL security releases tomorrow?

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Thu Jan 28 10:18:02 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0F3A0A7078E
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Thu, 28 Jan 2016 10:18:02 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 0195D1E07
 for <freebsd-bugs@FreeBSD.org>; Thu, 28 Jan 2016 10:18:02 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0SAI1YX083927
 for <freebsd-bugs@FreeBSD.org>; Thu, 28 Jan 2016 10:18:01 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206699] [Hyper-V]FreeBSD potential NULL pointer dereference in
 storage bounce buffer
Date: Thu, 28 Jan 2016 10:18:01 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: royger@freebsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206699-8-IrPktjacUq@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206699-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206699-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jan 2016 10:18:02 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206699

--- Comment #1 from Roger Pau Monn=C3=83=C2=A9 <royger@freebsd.org> ---
I've already told Wei that creating your own bounce buffer is a bad idea.
Instead you should use the BUSDMA API and let it take care of the bouncing =
when
necessary:

https://reviews.freebsd.org/D1964

IIRC something was missing in BUSDMA so that the HyperV storage driver could
use it, we should look into adding what's needed and then removing this cus=
tom
bounce buffering.

Please upload the patch to the review system.

Roger.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Thu Jan 28 10:40:01 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9C3CDA70E57
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Thu, 28 Jan 2016 10:40:01 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 8E6631633
 for <freebsd-bugs@FreeBSD.org>; Thu, 28 Jan 2016 10:40:01 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0SAe1jB034631
 for <freebsd-bugs@FreeBSD.org>; Thu, 28 Jan 2016 10:40:01 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206699] [Hyper-V]FreeBSD potential NULL pointer dereference in
 storage bounce buffer
Date: Thu, 28 Jan 2016 10:40:01 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: honzhan@microsoft.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206699-8-HWon9NhW5V@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206699-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206699-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jan 2016 10:40:01 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206699

--- Comment #2 from Hongjiang <honzhan@microsoft.com> ---
Yes, the final fix should be using BUSDMA. Temporarily we still used the
customized bounce buffer.
The code review for this patch: https://reviews.freebsd.org/D5097

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Thu Jan 28 12:54:11 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 06EEFA71EA7
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Thu, 28 Jan 2016 12:54:11 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id EC49D1029
 for <freebsd-bugs@FreeBSD.org>; Thu, 28 Jan 2016 12:54:10 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0SCsAmO017460
 for <freebsd-bugs@FreeBSD.org>; Thu, 28 Jan 2016 12:54:10 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 205256] Segmentation fault with mount_smbfs
Date: Thu, 28 Jan 2016 12:54:11 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Ports & Packages
X-Bugzilla-Component: Individual Port(s)
X-Bugzilla-Version: Latest
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: dohzono@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-205256-8-ZLerErmG49@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-205256-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-205256-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jan 2016 12:54:11 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D205256

--- Comment #7 from dohzono@gmail.com ---
This may be a fix for 10/stable of this issue.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D183153

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Thu Jan 28 13:45:01 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C34ECA6F38B
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Thu, 28 Jan 2016 13:45:01 +0000 (UTC)
 (envelope-from mkeithk@hotmail.com)
Received: from COL004-OMC4S13.hotmail.com (col004-omc4s13.hotmail.com
 [65.55.34.215])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
 (Client CN "*.outlook.com", Issuer "MSIT Machine Auth CA 2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 9316C1A37
 for <freebsd-bugs@freebsd.org>; Thu, 28 Jan 2016 13:45:01 +0000 (UTC)
 (envelope-from mkeithk@hotmail.com)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com ([65.55.34.201])
 by COL004-OMC4S13.hotmail.com over TLS secured channel with Microsoft
 SMTPSVC(7.5.7601.23008); Thu, 28 Jan 2016 05:43:54 -0800
Received: from BL2NAM02FT061.eop-nam02.prod.protection.outlook.com
 (10.152.76.57) by BL2NAM02HT201.eop-nam02.prod.protection.outlook.com
 (10.152.76.251) with Microsoft SMTP Server (TLS) id 15.1.355.15; Thu, 28 Jan
 2016 13:43:54 +0000
Received: from DM3PR12MB0843.namprd12.prod.outlook.com (10.152.76.54) by
 BL2NAM02FT061.mail.protection.outlook.com (10.152.77.7) with Microsoft SMTP
 Server (TLS) id 15.1.355.15 via Frontend Transport; Thu, 28 Jan 2016 13:43:53
 +0000
Received: from DM3PR12MB0843.namprd12.prod.outlook.com ([10.164.7.29]) by
 DM3PR12MB0843.namprd12.prod.outlook.com ([10.164.7.29]) with mapi id
 15.01.0390.013; Thu, 28 Jan 2016 13:43:52 +0000
From: Matthew Kirkham <mkeithk@hotmail.com>
To: "freebsd-bugs@freebsd.org" <freebsd-bugs@freebsd.org>
Subject: Re: [Bug 193445] New: [nis] ypserv(8) and ypbind(8) lack IPv6 RPC
 support
Thread-Topic: [Bug 193445] New: [nis] ypserv(8) and ypbind(8) lack IPv6 RPC
 support
Thread-Index: AQHRWdHsc5/owF8S50uGhwy9XxZUNg==
Date: Thu, 28 Jan 2016 13:43:52 +0000
Message-ID: <DM3PR12MB08437AF45D2CA8C127A5EE52B2DA0@DM3PR12MB0843.namprd12.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=softfail (sender IP is 25.152.76.54)
 smtp.mailfrom=hotmail.com; freebsd.org; dkim=none (message not signed)
 header.d=none;freebsd.org; dmarc=fail action=none header.from=hotmail.com;
received-spf: SoftFail (protection.outlook.com: domain of transitioning
 hotmail.com discourages use of 25.152.76.54 as permitted sender)
x-ms-exchange-messagesentrepresentingtype: 1
x-tmn: [/ikUsg5RJzFc6TFqq42+hnZzL32S5G0e7zNIbqBey6Q=]
x-eopattributedmessage: 0
x-forefront-antispam-report: CIP:25.152.76.54; CTRY:GB; IPV:NLI; EFV:NLI;
 SFV:NSPM; SFS:(10019020)(98900002); DIR:OUT; SFP:1102; SCL:1;
 SRVR:BL2NAM02HT201; H:DM3PR12MB0843.namprd12.prod.outlook.com; FPR:; SPF:None;
 LANG:en; 
x-ms-office365-filtering-correlation-id: 2d33ce57-a289-425b-624b-08d327e90f31
x-exchange-antispam-report-test: UriScan:; BCL:0; PCL:0;
 RULEID:(5061506196)(5061507196); SRVR:BL2NAM02HT201; 
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(432015012)(82015046);
 SRVR:BL2NAM02HT201; BCL:0; PCL:0; RULEID:; SRVR:BL2NAM02HT201; 
x-forefront-prvs: 083526BF8A
Content-Type: text/plain; charset="us-ascii"
Content-ID: <5044A319ED29EF44A5C787768884B1D6@sct-15-1-318-9-msonline-outlook-a15a4.templateTenant>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: hotmail.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Jan 2016 13:43:52.3567 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL2NAM02HT201
X-OriginalArrivalTime: 28 Jan 2016 13:43:54.0910 (UTC)
 FILETIME=[EE2823E0:01D159D1]
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jan 2016 13:45:01 -0000






From owner-freebsd-bugs@freebsd.org  Thu Jan 28 13:54:29 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A097BA6F7CD
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Thu, 28 Jan 2016 13:54:29 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 76D141F95
 for <freebsd-bugs@FreeBSD.org>; Thu, 28 Jan 2016 13:54:29 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0SDsSR3079108
 for <freebsd-bugs@FreeBSD.org>; Thu, 28 Jan 2016 13:54:29 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206711] Export linux_ioctl_{,un}register_handler from linux64
 for x11/nvidia-driver
Date: Thu, 28 Jan 2016 13:54:28 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: jbeich@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter cc
 attachments.created
Message-ID: <bug-206711-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jan 2016 13:54:29 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206711

            Bug ID: 206711
           Summary: Export linux_ioctl_{,un}register_handler from linux64
                    for x11/nvidia-driver
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: jbeich@FreeBSD.org
                CC: Ultima1252@gmail.com, danfe@FreeBSD.org,
                    dchagin@FreeBSD.org, ohartman@zedat.fu-berlin.de

Created attachment 166235
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D166235&action=
=3Dedit
[workaround] nvidia linux_ioctl global handler (for both linux and linux64)

(In reply to ohartman from bug 201340 comment #17)
> on CURRENT amd64 I would at least expect linux64.ko

nvidia-driver requires kernel to provide linux_ioctl_{,un}register_handler =
to
allow linux userland access /dev/nvidia*. According to
/sys/modules/linux/Makefile the symbol is only exported for 32bit version.
Obviously, linux64 needs to export 64bit symbol. And its not possible to ex=
port
by building into kernel: option COMPAT_LINUX doesn't exist on amd64.

How to make 64bit OpenGL apps work with nvidia & linuxulator:
1. Switch to 64bit linux_base or populate manually (I've used CentOS 7)
2. Apply *attached* patch and rebuild kernel or just linux* modules
3. Disable linux_ioctl handler in nvidia-driver (i.e. rebuild with LINUX=3D=
off)
4. Install 64bit linux driver under /compat/linux
5. Remove sbin/nvidia-modprobe binary to enable userland fallback (as used =
by
FreeBSD driver)

CUDA 64bit may still not work e.g.,

  $ export PATH=3D/compat/linux/bin:/usr/local/cuda/bin:$PATH
  $ nvcc -o foo -m32 -lcuda a.c
  $ nvcc -o bar -lcuda a.c

  $ ./foo
  $ ./bar
  cuInit failed: 999

  $ cat a.c
  #include <cuda.h>
  #include <stdio.h>

  int main()
  {
      CUresult r =3D cuInit(0);
      if (r !=3D CUDA_SUCCESS) {
          printf("cuInit failed: %d\n", r);
          return 1;
      }
      return 0;
  }

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Thu Jan 28 14:45:51 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E5B5AA70BAA
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Thu, 28 Jan 2016 14:45:51 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id D50021958
 for <freebsd-bugs@FreeBSD.org>; Thu, 28 Jan 2016 14:45:51 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0SEjphh028035
 for <freebsd-bugs@FreeBSD.org>; Thu, 28 Jan 2016 14:45:51 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206711] Export linux_ioctl_{,un}register_handler from linux64
 for x11/nvidia-driver
Date: Thu, 28 Jan 2016 14:45:51 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-patch, needs-qa
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: jbeich@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: emulation@FreeBSD.org
X-Bugzilla-Flags: maintainer-feedback?
X-Bugzilla-Changed-Fields: assigned_to keywords cc flagtypes.name
Message-ID: <bug-206711-8-PASTOXEYIs@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206711-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206711-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jan 2016 14:45:52 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206711

Jan Beich <jbeich@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|freebsd-bugs@FreeBSD.org    |emulation@FreeBSD.org
           Keywords|                            |needs-patch, needs-qa
                 CC|                            |emulation@FreeBSD.org
              Flags|                            |maintainer-feedback?(emulat
                   |                            |ion@FreeBSD.org)

--- Comment #1 from Jan Beich <jbeich@FreeBSD.org> ---
Move to canonical assignee.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Thu Jan 28 19:22:22 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 96E73A7162B
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Thu, 28 Jan 2016 19:22:22 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 8775618C4
 for <freebsd-bugs@FreeBSD.org>; Thu, 28 Jan 2016 19:22:22 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0SJMMgl075655
 for <freebsd-bugs@FreeBSD.org>; Thu, 28 Jan 2016 19:22:22 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206716] HPN-SSH: getsockopt(SO_SNDBUF) returns high watermark,
 not setsockopt(SO_SNDBUF)
Date: Thu, 28 Jan 2016 19:22:22 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 10.1-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: chris-freebsd-bugs@stankevitz.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter cc
Message-ID: <bug-206716-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jan 2016 19:22:22 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206716

            Bug ID: 206716
           Summary: HPN-SSH: getsockopt(SO_SNDBUF) returns high watermark,
                    not setsockopt(SO_SNDBUF)
           Product: Base System
           Version: 10.1-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: chris-freebsd-bugs@stankevitz.com
                CC: freebsd-amd64@FreeBSD.org
                CC: freebsd-amd64@FreeBSD.org

getsockopt(SO_SNDBUF) does not return the value set by getsockopt(SO_SNDBUF=
).

HPN-SSH would like to determine the value set by setsockopt(SO_SNDBUF) so t=
hat
it can fill it up.  This helps to use more bandwidth on a high BDP link.

HPN-SSH  tries to determine this value by periodically calling
getsockopt(SO_SNDBUF) at [1]. However, on FreeBSD, getsockopt(SO_SNDBUF) do=
es
not return the value set by setsockopt(SO_SNDBUF).  Rather it returns the "=
high
watermark".

The net result is that on high BDP links, HPN-SSH does nothing to increase
bytes-in-flight.

[1] /usr/src/crypto/openssh/roaming_common.c line 59 in get_snd_buf_size:
getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &optval, &optvallen)

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Fri Jan 29 00:42:59 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 30546A71097
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Fri, 29 Jan 2016 00:42:59 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 212281C86
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 00:42:59 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0T0gwpS082755
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 00:42:59 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206716] HPN-SSH: getsockopt(SO_SNDBUF) returns high watermark,
 not setsockopt(SO_SNDBUF)
Date: Fri, 29 Jan 2016 00:42:59 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 10.1-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: chris-freebsd-bugs@stankevitz.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206716-8-5z7yHcZFmb@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206716-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206716-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 00:42:59 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206716

--- Comment #1 from Chris Stankevitz <chris-freebsd-bugs@stankevitz.com> ---
Typo on the first line of comment #0: get->set

getsockopt(SO_SNDBUF) does not return the value set by setsockopt(SO_SNDBUF=
).

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Fri Jan 29 01:30:35 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C8123A7230F
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Fri, 29 Jan 2016 01:30:35 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id B93EA15B4
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 01:30:35 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0T1UZY8006851
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 01:30:35 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206659] r294822: bad gptzfsboot?
Date: Fri, 29 Jan 2016 01:30:35 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: ler@lerctr.org
X-Bugzilla-Status: Closed
X-Bugzilla-Resolution: FIXED
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_status resolution
Message-ID: <bug-206659-8-5SDahdEm0f@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206659-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206659-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 01:30:35 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206659

Larry Rosenman <ler@lerctr.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|In Progress                 |Closed
         Resolution|---                         |FIXED

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Fri Jan 29 03:35:08 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6E57DA71CAD
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Fri, 29 Jan 2016 03:35:08 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 45BC61118
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 03:35:08 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0T3Z8KG034151
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 03:35:08 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206721] FreeBSDs DHCP client(dhclient) does not support the
 interface-mtu option(option 26).
Date: Fri, 29 Jan 2016 03:35:08 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: jlpetz@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-206721-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 03:35:08 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206721

            Bug ID: 206721
           Summary: FreeBSDs DHCP client(dhclient) does not support the
                    interface-mtu option(option 26).
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: jlpetz@gmail.com

After getting the Intel ixv driver working for AWS instances. I noticed the=
re
was some severe packet loss in iPerf tests. Looking at ifconfig I suspected
there was an MTU blackhole between the virtual ethernet interface(ixv) with=
 MTU
of 1500 and the physical card MTU 9001. Confirmed by manually changing it a=
nd a
few ping tests with 'Don't fragment' flags set.

Changing the MTU manually corrected the packet loss. But then I was wonderi=
ng
why this wasn't automatically done like it is for other operating systems w=
hich
I have run on AWS EC2.

Turn out it looks like EC2 sends the MTU which should be configured for the
interface as part of the DHCP response and FreeBSDs default client.
1. Doesn't request the interface-mtu option(option 26). Needed for it to be=
 in
the response
2. Even if it did request it this option and got it in the response. I don't
think it would process it and configure the MTU on the NIC. Based on the so=
urce
code I looked at.

I was able to work around this by using the isc-dhcp43-client-4.3.3
package/port. But am logging this as a bug/feature-request as I feel this
should be part of the base system. MTU blackholes are quite common when usi=
ng
jumbo frame(~9000 MTU) systems and this seems like a good way of avoiding t=
hem
which a lot of other operating systems are doing by default.

More details about this are in the phabricator review which has my testing
details(Link below). Make sure you click on the "Show Older Changes" to see=
 all
the text on the page below.
https://reviews.freebsd.org/D4788

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Fri Jan 29 03:50:07 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6F86DA721B0
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Fri, 29 Jan 2016 03:50:07 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 46D5A1A92
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 03:50:07 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0T3o6HN005963
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 03:50:07 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 187015] [panic] make_dev_credv: bad si_name (error=17,
 si_name=agpgart)
Date: Fri, 29 Jan 2016 03:50:06 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.0-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: tookmund@gmail.com
X-Bugzilla-Status: In Progress
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-187015-8-WPxzpyLRyj@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-187015-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-187015-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 03:50:07 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D187015

tookmund@gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |tookmund@gmail.com

--- Comment #8 from tookmund@gmail.com ---
I appear to have been bitten by the same bug in 10.2-RELEASE
Interestingly it did not happen in 10.1-STABLE but occurs in 10.2 RELEASE a=
nd
10.3 at least up to Revision 294986 (what I tested today)
Putting this line (as suggested below) in loader.conf worked:

hint.agp.1.disabled=3D1

The backtrace:
agp1: <Intel 82855GME (855GME GMCH) SVGA controller> on vgapci1
panic: make_dev_sv: bad si_name (error=3D17, si_name=3Dagpgart)
cpuid =3D 0
KDB: stack backtrace:
#0  0xc0b79682 at kdb_backtrace+0x52
#1  0xc0b3a1ab at vpanic+0x11b
#2  0xc0b3a08b at panic0x1b
#3  0xc0adf593 at make_dev_sv+0x2f3
#4  0xc0adf61a at make_dev+0x7a
#5  0xc0571514 at agp_generic_attach+0x124
#6  0xc0f573eb at agp_i810_attach+0x7b
#7  0xc0b6fd94 at device_attach+0x474
#8  0xc0b70e2b at bus_generic_attach+0x2b
#9  0xc08669ca at vga_pci_attach+0x4a
#10 0xc0b6fd94 at device_attach+0x474
#11 0xc0b70e2b at bus_generic_attach+0x2b
#12 0xc055175b at acpi_pci_attach+0x18b
#13 0xc0b6fd94 at device_attach+0x474
#14 0xc0b70e2b at bus_generic_attach+0x2b
#15 0xc05543dc at acpi_pcib_attach+0x25c
#16 0xc05543dc at acpi_pcib_acpi_attach+0x2ec
#17 0xc0b6fd94 at device_attach+0x474

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Fri Jan 29 04:40:40 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 45F21A70088
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Fri, 29 Jan 2016 04:40:40 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 374D81DC2
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 04:40:40 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0T4edoJ088394
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 04:40:40 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 187015] [panic] make_dev_credv: bad si_name (error=17,
 si_name=agpgart)
Date: Fri, 29 Jan 2016 04:40:40 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.0-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: tookmund@gmail.com
X-Bugzilla-Status: In Progress
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-187015-8-xeGbyJLueD@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-187015-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-187015-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 04:40:40 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D187015

--- Comment #9 from tookmund@gmail.com ---
(In reply to tookmund from comment #8)
I forgot to add that I am using a Thinkpad R51

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Fri Jan 29 05:04:18 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5FA53A70B1C
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Fri, 29 Jan 2016 05:04:18 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 50C051723
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 05:04:18 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0T54HSY075568
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 05:04:18 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206716] HPN-SSH: getsockopt(SO_SNDBUF) returns high watermark,
 not setsockopt(SO_SNDBUF)
Date: Fri, 29 Jan 2016 05:04:17 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 10.1-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: linimon@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-206716-8-SzPP5PGDaS@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206716-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206716-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 05:04:18 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206716

Mark Linimon <linimon@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |des@FreeBSD.org

--- Comment #2 from Mark Linimon <linimon@FreeBSD.org> ---
des@, is this of interest?

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Fri Jan 29 05:05:49 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 26459A70C06
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Fri, 29 Jan 2016 05:05:49 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 1724317EB
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 05:05:49 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0T55mvm077738
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 05:05:48 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206699] [Hyper-V]FreeBSD potential NULL pointer dereference in
 storage bounce buffer
Date: Fri, 29 Jan 2016 05:05:48 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.2-STABLE
X-Bugzilla-Keywords: patch
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: linimon@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-virtualization@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: keywords assigned_to
Message-ID: <bug-206699-8-eIGpT5mBWW@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206699-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206699-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 05:05:49 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206699

Mark Linimon <linimon@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |patch
           Assignee|freebsd-bugs@FreeBSD.org    |freebsd-virtualization@Free
                   |                            |BSD.org

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Fri Jan 29 05:12:21 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E4656A70F91
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Fri, 29 Jan 2016 05:12:21 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id D59AB1CF4
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 05:12:21 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0T5CLQA092345
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 05:12:21 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206652] [ext2fs][patch] EXT4: sparse file fixes and mmap
 optimizations
Date: Fri, 29 Jan 2016 05:12:21 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: patch
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: linimon@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-fs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: assigned_to
Message-ID: <bug-206652-8-bQ4zTkQ6Yl@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206652-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206652-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 05:12:22 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206652

Mark Linimon <linimon@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|freebsd-bugs@FreeBSD.org    |freebsd-fs@FreeBSD.org

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Fri Jan 29 05:21:16 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 22588A71295
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Fri, 29 Jan 2016 05:21:16 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 12ECD1FB4
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 05:21:16 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0T5LFHa008723
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 05:21:15 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 132112] [patch] devd(8) unnecessarily reconfigures carp(4)
 interfaces
Date: Fri, 29 Jan 2016 05:21:15 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: unspecified
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: linimon@FreeBSD.org
X-Bugzilla-Status: Closed
X-Bugzilla-Resolution: Overcome By Events
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: linimon@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: resolution bug_status assigned_to
Message-ID: <bug-132112-8-GRE247sXqW@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-132112-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-132112-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 05:21:16 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D132112

Mark Linimon <linimon@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |Overcome By Events
             Status|In Progress                 |Closed
           Assignee|freebsd-bugs@FreeBSD.org    |linimon@FreeBSD.org

--- Comment #2 from Mark Linimon <linimon@FreeBSD.org> ---
Unfortunately this PR was never addressed, and is now obsoleted by events.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Fri Jan 29 08:29:42 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 73795A72B9C
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Fri, 29 Jan 2016 08:29:42 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 63C0F1C05
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 08:29:42 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0T8Tgbt050514
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 08:29:42 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206716] HPN-SSH: getsockopt(SO_SNDBUF) returns high watermark,
 not setsockopt(SO_SNDBUF)
Date: Fri, 29 Jan 2016 08:29:42 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 10.1-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: des@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-206716-8-rrZBuokumv@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206716-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206716-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 08:29:42 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206716

Dag-Erling Sm=C3=83=C2=B8rgrav <des@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|des@FreeBSD.org             |

--- Comment #3 from Dag-Erling Sm=C3=83=C2=B8rgrav <des@FreeBSD.org> ---
No, this is a kernel issue.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Fri Jan 29 17:42:10 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6FADDA72878
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Fri, 29 Jan 2016 17:42:10 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 46A6615F4
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 17:42:10 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0THgAnk013366
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 17:42:10 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206740] There is no check for iconv* functions in the
 dynamically loaded libiconv library
Date: Fri, 29 Jan 2016 17:42:10 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 9.3-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: fbsd@any.com.ru
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
 attachments.created
Message-ID: <bug-206740-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 17:42:10 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206740

            Bug ID: 206740
           Summary: There is no check for iconv* functions in the
                    dynamically loaded libiconv library
           Product: Base System
           Version: 9.3-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: fbsd@any.com.ru

Created attachment 166274
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D166274&action=
=3Dedit
fixup using iconv* functions from library loaded by dlopen.

When the world is compiled without iconv support in libc, some code in the =
base
system tries to use the iconv* functions from the external library (usually
converters/libiconv port). For now, the code in libkiconv and libsmb doesn't
check the presence of iconv* functions in the loaded library. Starting with
libiconv-1.14_9 iconv* rymbols are not exported from libiconv.so. As a resu=
lt,
there is a segmentation faults in the code that uses libkiconv and libsmb.

A set of patches for libkiconv, libsmb and csh fixes some issues when use
iconv* functions from libiconv loaded by dlopen(3):
1. allows to load alternative libiconv library using LIBICONV environment
variable.
2. tries fallback to iconv_open, iconv and iconv_close functions when
libiconv_open, libiconv and libiconv_close symbols are not exported from lo=
aded
library.
3. an error will be returned when any functions are missing in the library.

This should fix at least
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D205256 and segfaults in
mount_msdosfs.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Fri Jan 29 17:47:58 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3CA0CA72C39
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Fri, 29 Jan 2016 17:47:58 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 2D6C81E0F
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 17:47:58 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0THlwCX022862
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 17:47:58 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206740] There is no check for iconv* functions in the
 dynamically loaded libiconv library
Date: Fri, 29 Jan 2016 17:47:58 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 9.3-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: fbsd@any.com.ru
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: attachments.description
Message-ID: <bug-206740-8-rtV7cmdUDJ@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206740-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206740-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 17:47:58 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206740

Iouri V. Ivliev <fbsd@any.com.ru> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #166274|fixup using iconv*          |fies use of iconv*
        description|functions from library      |functions from library
                   |loaded by dlopen.           |loaded by dlopen.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Fri Jan 29 17:48:55 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id CDF56A72D00
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Fri, 29 Jan 2016 17:48:55 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id BEAB31F1D
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 17:48:55 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0THmtp3024151
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 17:48:55 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206740] There is no check for iconv* functions in the
 dynamically loaded libiconv library
Date: Fri, 29 Jan 2016 17:48:55 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 9.3-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: fbsd@any.com.ru
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: attachments.description
Message-ID: <bug-206740-8-gqxxi2zuBL@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206740-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206740-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 17:48:55 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206740

Iouri V. Ivliev <fbsd@any.com.ru> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #166274|fies use of iconv*          |fixes use of iconv*
        description|functions from library      |functions from library
                   |loaded by dlopen.           |loaded by dlopen.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Fri Jan 29 17:50:42 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 31AD0A72DC4
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Fri, 29 Jan 2016 17:50:42 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 224421FE8
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 17:50:42 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0THog16026617
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 17:50:42 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206740] There is no check for iconv* functions for the
 dynamically loaded libiconv library
Date: Fri, 29 Jan 2016 17:50:42 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 9.3-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: fbsd@any.com.ru
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: short_desc
Message-ID: <bug-206740-8-YqwYJs4JVR@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206740-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206740-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 17:50:42 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206740

Iouri V. Ivliev <fbsd@any.com.ru> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|There is no check for       |There is no check for
                   |iconv* functions in the     |iconv* functions for the
                   |dynamically loaded libiconv |dynamically loaded libiconv
                   |library                     |library

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Fri Jan 29 17:52:19 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id EE6D4A72F34
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Fri, 29 Jan 2016 17:52:19 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id DF0FB1230
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 17:52:19 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0THqJlf034346
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 17:52:19 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206740] There is no check for iconv* functions for the
 dynamically loaded libiconv library
Date: Fri, 29 Jan 2016 17:52:20 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 9.3-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: fbsd@any.com.ru
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: attachments.mimetype attachments.ispatch
Message-ID: <bug-206740-8-XjID7ORHOA@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206740-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206740-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 17:52:20 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206740

Iouri V. Ivliev <fbsd@any.com.ru> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #166274|text/plain                  |application/x-gzip
          mime type|                            |
 Attachment #166274|1                           |0
           is patch|                            |

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Fri Jan 29 17:56:54 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id CDA49A7138F
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Fri, 29 Jan 2016 17:56:54 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id BE59F162D
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 17:56:54 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0THusUt041132
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 17:56:54 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206740] There is no check for iconv* functions when the
 libiconv library loaded by dlopen
Date: Fri, 29 Jan 2016 17:56:55 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 9.3-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: fbsd@any.com.ru
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: short_desc
Message-ID: <bug-206740-8-Qchz7fiDsB@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206740-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206740-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 17:56:54 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206740

Iouri V. Ivliev <fbsd@any.com.ru> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|There is no check for       |There is no check for
                   |iconv* functions for the    |iconv* functions when the
                   |dynamically loaded libiconv |libiconv library loaded by
                   |library                     |dlopen

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Fri Jan 29 19:26:51 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6CB93A726DF
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Fri, 29 Jan 2016 19:26:51 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 59C401839
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 19:26:51 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0TJQp3a037991
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 19:26:51 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206649] [cyapa][patch] common touchpad gestures
Date: Fri, 29 Jan 2016 19:26:51 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: patch
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: alexander.m.mishurov@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: maintainer-feedback+
X-Bugzilla-Changed-Fields: flagtypes.name
Message-ID: <bug-206649-8-PqzrLfhI0G@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206649-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206649-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 19:26:51 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206649

Alexander Mishurov <alexander.m.mishurov@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|                            |maintainer-feedback+

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Fri Jan 29 19:29:55 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id EEBA9A727A3
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Fri, 29 Jan 2016 19:29:55 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id DFEE218F8
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 19:29:55 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0TJTtpg041814
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 19:29:55 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206649] [PATCH] Common gestures for Cypress i2c touchpad
Date: Fri, 29 Jan 2016 19:29:56 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: patch
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: alexander.m.mishurov@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: maintainer-feedback+
X-Bugzilla-Changed-Fields: short_desc
Message-ID: <bug-206649-8-BYNzhmlbYh@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206649-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206649-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 19:29:56 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206649

Alexander Mishurov <alexander.m.mishurov@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|[cyapa][patch] common       |[PATCH] Common gestures for
                   |touchpad gestures           |Cypress i2c touchpad

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Fri Jan 29 21:51:31 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 56DE0A73AA6
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Fri, 29 Jan 2016 21:51:31 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 3D5D81F3F
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 21:51:31 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0TLpV8Z042255
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 21:51:31 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206749] Lack of checks on values in ELF headers in kernel linker
Date: Fri, 29 Jan 2016 21:51:31 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: cturt@hardenedbsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-206749-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 21:51:31 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206749

            Bug ID: 206749
           Summary: Lack of checks on values in ELF headers in kernel
                    linker
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: cturt@hardenedbsd.org

There are a lack of checks performed on the `e_shnum` and `e_shentsize` val=
ues
read from input files in the kernel's ELF handling code.

For example, in `link_elf_ctf_get`:

static int
link_elf_ctf_get(linker_file_t lf, linker_ctf_t *lc)
{
        ...
        int nbytes;

        ...

        /* Allocate memory for the FLF header. */
        if ((hdr =3D malloc(sizeof(*hdr), M_LINKER, M_WAITOK)) =3D=3D NULL)=
 {
                error =3D ENOMEM;
                goto out;
        }

        /* Read the ELF header. */
        if ((error =3D vn_rdwr(UIO_READ, nd.ni_vp, hdr, sizeof(*hdr),
            0, UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, NOCRED, &resid,
            td)) !=3D 0)
                goto out;

        /* Sanity check. */
        if (!IS_ELF(*hdr)) {
                error =3D ENOEXEC;
                goto out;
        }

        nbytes =3D hdr->e_shnum * hdr->e_shentsize;
        if (nbytes =3D=3D 0 || hdr->e_shoff =3D=3D 0 ||
            hdr->e_shentsize !=3D sizeof(Elf_Shdr)) {
                error =3D ENOEXEC;
                goto out;
        }

        /* Allocate memory for all the section headers */
        if ((shdr =3D malloc(nbytes, M_LINKER, M_WAITOK)) =3D=3D NULL) {
                error =3D ENOMEM;
                goto out;
        }

        ...
}

The `e_shnum` and `e_shentsize` fields are declared as `Elf32_Half` (a
`typedef` for `uint16_t`) in the `Elf_Ehdr` structure (`sys/sys/elf32.h`):

           typedef struct {
                   unsigned char   e_ident[EI_NIDENT];
                   Elf32_Half      e_type;
                   Elf32_Half      e_machine;
                   Elf32_Word      e_version;
                   Elf32_Addr      e_entry;
                   Elf32_Off       e_phoff;
                   Elf32_Off       e_shoff;
                   Elf32_Word      e_flags;
                   Elf32_Half      e_ehsize;
                   Elf32_Half      e_phentsize;
                   Elf32_Half      e_phnum;
                   Elf32_Half      e_shentsize;
                   Elf32_Half      e_shnum;
                   Elf32_Half      e_shstrndx;
           } Elf32_Ehdr;

So consider if `0xffff` and `0x8001` are supplied for `e_shentsize` and
`e_shnum`:

    nbytes =3D hdr->e_shnum * hdr->e_shentsize;
    nbytes =3D 0xffff * 0x8001 =3D 0x80007FFF;

Since `nbytes` is `signed`, this will of course wrap around to `-0x7FFF8001=
`.

When `-0x7FFF8001` is passed to `malloc` it will be converted to an unsigned
64bit integer, giving an oversized allocation of `0xFFFFFFFF80007FFF`.

This poses no immediate security threat since the result from `malloc` is
checked, and will return `ENOMEM` for an overflown size.

This bug only applies to the `e_shnum` and `e_shentsize` members; the `e_ph=
num`
and `e_phentsize` members are correctly checked multiple times before use:

        if (!((hdr->e_phentsize =3D=3D sizeof(Elf_Phdr)) &&
              (hdr->e_phoff + hdr->e_phnum*sizeof(Elf_Phdr) <=3D PAGE_SIZE)=
 &&
              (hdr->e_phoff + hdr->e_phnum*sizeof(Elf_Phdr) <=3D nbytes)))
                link_elf_error(filename, "Unreadable program headers");

        ...

        /*    (multiplication of two Elf_Half fields will not overflow) */
        if ((hdr->e_phoff > PAGE_SIZE) ||
            (hdr->e_phentsize * hdr->e_phnum) > PAGE_SIZE - hdr->e_phoff) {
                error =3D ENOEXEC;
                goto fail;
        }

However, the same code to handle `e_shnum` and `e_shentsize` is reused mult=
iple
times, and so multiple functions have the same bug, for example
`link_elf_load_file` in `sys/kern/link_elf.c`:

static int
link_elf_load_file(linker_class_t cls, const char* filename,
    linker_file_t* result)
{
        ...
        int nbytes;

        ...

        /*
         * Read the elf header from the file.
         */
        firstpage =3D malloc(PAGE_SIZE, M_LINKER, M_WAITOK);
        hdr =3D (Elf_Ehdr *)firstpage;
        error =3D vn_rdwr(UIO_READ, nd.ni_vp, firstpage, PAGE_SIZE, 0,
            UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, NOCRED,
            &resid, td);

        ...

        /*
         * Try and load the symbol table if it's present.  (you can
         * strip it!)
         */
        nbytes =3D hdr->e_shnum * hdr->e_shentsize;
        if (nbytes =3D=3D 0 || hdr->e_shoff =3D=3D 0)
                goto nosyms;
        shdr =3D malloc(nbytes, M_LINKER, M_WAITOK | Me_shnum_ZERO);
        error =3D vn_rdwr(UIO_READ, nd.ni_vp,
            (caddr_t)shdr, nbytes, hdr->e_shoff,
            UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, NOCRED,
            &resid, td);
        if (error !=3D 0)
                goto out;
        symtabindex =3D -1;
        symstrindex =3D -1;
        for (i =3D 0; i < hdr->e_shnum; i++) {
                if (shdr[i].sh_type =3D=3D SHT_SYMTAB) {
                        symtabindex =3D i;
                        symstrindex =3D shdr[i].sh_link;
                }
        }e_shnum

        ...
}

And `link_elf_load_file` from `sys/kern/link_elf_obj.c`.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Fri Jan 29 22:05:55 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B6332A73FB3
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Fri, 29 Jan 2016 22:05:55 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id A48DD1637
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 22:05:55 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0TM5tVr007082
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 22:05:55 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206749] Lack of checks on values in ELF headers in kernel linker
Date: Fri, 29 Jan 2016 22:05:55 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: cturt@hardenedbsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206749-8-jRULIV1Mem@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206749-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206749-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 22:05:55 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206749

--- Comment #1 from CTurt <cturt@hardenedbsd.org> ---
Actually, since `M_WAITOK` is specified for the allocations, the current th=
read
would theoretically sleep forever, whilst waiting for enough memory for the
allocation.

>From the man page (https://www.freebsd.org/cgi/man.cgi?query=3Dmalloc&sekti=
on=3D9):

"The malloc(), realloc(), and reallocf() functions cannot return NULL if
M_WAITOK is specified."

So the check for this allocation being NULL is not needed:

        if ((shdr =3D malloc(nbytes, M_LINKER, M_WAITOK)) =3D=3D NULL) {
                error =3D ENOMEM;
                goto out;
        }

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Fri Jan 29 22:39:31 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D6FD8A72A6F
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Fri, 29 Jan 2016 22:39:31 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id C7FA01546
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 22:39:31 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0TMdVb2069560
 for <freebsd-bugs@FreeBSD.org>; Fri, 29 Jan 2016 22:39:31 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206581] bxe_ioctl_nvram handler is faulty
Date: Fri, 29 Jan 2016 22:39:31 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-patch, needs-qa, security
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: cturt@hardenedbsd.org
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206581-8-Sr7aFsF2u6@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206581-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206581-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 22:39:31 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206581

--- Comment #3 from CTurt <cturt@hardenedbsd.org> ---
To clarify my original post, the bound check is fine.

However, there is a problem that multiple parts of this code use `copyin`
without checking the result, which could possibly lead to the use of
uninitialised stack data if the `copyin` calls fail.

`bxe_ioctl_nvram`:

    copyin(ifr->ifr_data, &nvdata_base, sizeof(nvdata_base));

    ...

        copyin(ifr->ifr_data, nvdata, len);
        error =3D bxe_nvram_write(sc,
                                nvdata->offset,
                                (uint8_t *)nvdata->value,
                                nvdata->len);

`bxe_ioctl`:

    copyin(ifr->ifr_data, &priv_op, sizeof(priv_op));

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sat Jan 30 00:42:02 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A7433A728C4
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 30 Jan 2016 00:42:02 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9883EE2D
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 00:42:02 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0U0g2lG024941
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 00:42:02 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206752] [patch] /bin/date format conversion bug
Date: Sat, 30 Jan 2016 00:42:02 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: patch
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: jrm@ftfl.ca
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status keywords bug_severity priority component assigned_to
 reporter attachments.created
Message-ID: <bug-206752-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2016 00:42:02 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206752

            Bug ID: 206752
           Summary: [patch] /bin/date format conversion bug
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: jrm@ftfl.ca
          Keywords: patch

Created attachment 166294
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D166294&action=
=3Dedit
svn diff

% date -j -f %Y-%m 2015-02 '+%B %Y'
March 2015

In the code, a tm structure is initially created with the current time.  If
input_fmt and new_date are supplied, then the appropriate values in that tm
structure are overwritten.  The problem is that this can lead to invalid da=
tes
when only a partial input_fmt/new_date are supplied like above.  In the exa=
mple
above, the tm_mday is left as is (today is the 29th day of the month), but =
the
tm_mon is overwritten with 01 (February) leading to an invalid date.

The attached patch fixes the above issue by setting the default tm_mday to =
1,
when an input_fmt is supplied.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sat Jan 30 08:02:14 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 643C9A734FF
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 30 Jan 2016 08:02:14 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 547BC160D
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 08:02:14 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0U82EIB002897
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 08:02:14 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206749] Lack of checks on values in ELF headers in kernel linker
Date: Sat, 30 Jan 2016 08:02:14 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: cturt@hardenedbsd.org
X-Bugzilla-Status: Closed
X-Bugzilla-Resolution: Not A Bug
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: resolution bug_status
Message-ID: <bug-206749-8-eg5cs687tO@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206749-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206749-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2016 08:02:14 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206749

CTurt <cturt@hardenedbsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |Not A Bug
             Status|New                         |Closed

--- Comment #2 from CTurt <cturt@hardenedbsd.org> ---
Sorry, made a little mistake in my report, in `link_elf_ctf_get` and
`link_elf_ctf_get` the `e_shentsize` member is checked:

    hdr->e_shentsize !=3D sizeof(Elf_Shdr);

It doesn't matter than `e_shnum` isn't checked because it is impossible to =
get
`nlen` to overflow with this small `e_shentsize`.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sat Jan 30 08:17:32 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 11F82A73943
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 30 Jan 2016 08:17:32 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 0221E1EDE
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 08:17:32 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0U8HUYi031027
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 08:17:31 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206740] There is no check for iconv* functions when the
 libiconv library loaded by dlopen
Date: Sat, 30 Jan 2016 08:17:30 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 9.3-STABLE
X-Bugzilla-Keywords: patch
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: linimon@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: keywords
Message-ID: <bug-206740-8-PThmTpijv9@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206740-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206740-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2016 08:17:32 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206740

Mark Linimon <linimon@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |patch

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sat Jan 30 08:48:45 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 51EAFA72359
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 30 Jan 2016 08:48:45 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 41A2DFCA
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 08:48:45 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0U8mjJ3093106
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 08:48:45 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206585] hpt_set_info possible buffer overflow
Date: Sat, 30 Jan 2016 08:48:45 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-qa, security
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: cturt@hardenedbsd.org
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206585-8-pYMEPSIxyX@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206585-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206585-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2016 08:48:45 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206585

--- Comment #5 from CTurt <cturt@hardenedbsd.org> ---
I'd also like to add that the result of `copyin` isn't checked here, which =
can
lead to use of initialised heap buffer (it is not allocated with `M_ZERO`).

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sat Jan 30 09:33:55 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A0F4CA73571
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 30 Jan 2016 09:33:55 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 7768434D
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 09:33:55 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0U9XtlA025125
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 09:33:55 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206754] Out of bounds negative array index in iicrdwr
Date: Sat, 30 Jan 2016 09:33:55 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: cturt@hardenedbsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-206754-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2016 09:33:55 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206754

            Bug ID: 206754
           Summary: Out of bounds negative array index in iicrdwr
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: cturt@hardenedbsd.org

`iicrdwr` in `/sys/dev/iicbus/iic.c` incorrectly handles iteration over buf=
fer.

Firstly, no bound checks are supplied on the user controlled `d->nmsgs`.

This field is declared as type `uint32_t`, in `struct iic_rdwr_data`
(`sys/dev/iicbus/iic.h`):

struct iic_rdwr_data {
        struct iic_msg *msgs;
        uint32_t nmsgs;
};

However, the `i` variable in this function is declared as a `signed int`:

int error, i;

When `i` iterates over buffers, since it is `signed`, it can wrap around to=
 a
negative value, for example here:

        for (i =3D 0; i < d->nmsgs; i++) {
                m =3D &(buf[i]);
                usrbufs[i] =3D m->buf;

And here:

        for (i =3D 0; i < d->nmsgs; i++) {
                m =3D &(buf[i]);
                if ((error =3D=3D 0) && (m->flags & IIC_M_RD))
                        error =3D copyout(m->buf, usrbufs[i], m->len);
                free(m->buf, M_IIC);
        }

`i` will be converted to `unsigned` type for the conversion, however, will
still be `signed` when indexing `buf`. This would result in a read out of
bounds of the `buf` allocation.

This situation seems unlikely to be triggerable, because the code would wait
for `buf` allocation to succeed (`M_WAITOK`):

buf =3D malloc(sizeof(*d->msgs) * d->nmsgs, M_IIC, M_WAITOK);

Which would be unlikely to succeed if `d->nmsgs` is something like
`0x80000001`.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sat Jan 30 09:36:46 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3B2A6A73604
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 30 Jan 2016 09:36:46 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 274A240E
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 09:36:46 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0U9akTK028809
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 09:36:46 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206754] Out of bounds negative array index in iicrdwr
Date: Sat, 30 Jan 2016 09:36:46 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: cturt@hardenedbsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206754-8-Fo4ViSTgQq@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206754-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206754-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2016 09:36:46 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206754

--- Comment #1 from CTurt <cturt@hardenedbsd.org> ---
Potential patch is to change the type of `i` from `int` to `uint32_t` to ma=
tch
that of `d->nmsgs`:

https://github.com/HardenedBSD/hardenedBSD-playground/commit/4cf6de4b16eda7=
1c4ae3cbec24cf6ef054351b7b.patch

However, some bound checks might be a cleaner solution.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sat Jan 30 09:53:38 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C39B5A73A04
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 30 Jan 2016 09:53:38 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9A1F5B09
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 09:53:38 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0U9rcm9063808
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 09:53:38 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206755] Use of initialised stack variables in tdfx_query_update
Date: Sat, 30 Jan 2016 09:53:38 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: cturt@hardenedbsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-206755-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2016 09:53:38 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206755

            Bug ID: 206755
           Summary: Use of initialised stack variables in
                    tdfx_query_update
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: cturt@hardenedbsd.org

`tdfx_query_update` in `sys/dev/tdfx/tdfx_pci.c` doesn't check the result of
`copyin` calls:

static int
tdfx_query_update(u_int cmd, struct tdfx_pio_data *piod)
{
        /* XXX Comment this later, after careful inspection and spring clea=
ning
:) */
        /* Return vals */
        u_int8_t  ret_byte;
        u_int16_t ret_word;
        u_int32_t ret_dword;

        ...

        switch (piod->size) {
                case 1:
                        copyin(piod->value, &ret_byte, 1);
                        preval =3D ret_byte << (8 * (piod->port & 0x3));
                        mask =3D 0xff << (8 * (piod->port & 0x3));
                        break;
                case 2:
                        copyin(piod->value, &ret_word, 2);
                        preval =3D ret_word << (8 * (piod->port & 0x3));
                        mask =3D 0xffff << (8 * (piod->port & 0x3));
                        break;
                case 4:
                        copyin(piod->value, &ret_dword, 4);
                        preval =3D ret_dword;
                        mask =3D ~0;
                        break;
                default:
                        return -EINVAL;
        }
        /* Finally, combine the values and write it to the port */
        retval =3D (retval & ~mask) | preval;
        pci_write_config(tdfx_info->dev, piod->port & ~3, retval, 4);

If the user supplies a bad pointer, so that the `copyin` calls fail,
`pci_write_config` will be passed an uninitialised stack value.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sat Jan 30 09:58:59 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E3538A73ADD
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 30 Jan 2016 09:58:59 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id CFD54BD1
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 09:58:59 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0U9wxn2071179
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 09:58:59 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206755] Use of initialised stack variables in tdfx_query_update
Date: Sat, 30 Jan 2016 09:59:00 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: cturt@hardenedbsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206755-8-P9jc8yHNgc@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206755-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206755-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2016 09:59:00 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206755

--- Comment #1 from CTurt <cturt@hardenedbsd.org> ---
Patch:
https://github.com/HardenedBSD/hardenedBSD-playground/commit/e6beb7b2374ec4=
eb98e503890c4b38cda51a1844.patch

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sat Jan 30 10:06:12 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 70611A73DEB
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 30 Jan 2016 10:06:12 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 60C8FF98
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 10:06:12 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0UA6CPO020785
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 10:06:12 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206755] Use of initialised stack variables in tdfx_query_update
Date: Sat, 30 Jan 2016 10:06:12 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: cturt@hardenedbsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206755-8-t9wCI7TqID@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206755-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206755-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2016 10:06:12 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206755

--- Comment #2 from CTurt <cturt@hardenedbsd.org> ---
Missed one of the `copyin` calls in my original patch, an additional one is
needed as well:
https://github.com/HardenedBSD/hardenedBSD-playground/commit/ccf98fe9312539=
aca1154a9462d611d8fdc4f5fa.patch

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sat Jan 30 13:10:33 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 42C5AA726A6
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 30 Jan 2016 13:10:33 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 34FE6681
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 13:10:33 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0UDAWxN001145
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 13:10:33 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206758] [PATCH] Uninitalized variable in atrun
Date: Sat, 30 Jan 2016 13:10:33 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 10.2-RELEASE
X-Bugzilla-Keywords: patch
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: public2016@hauptsignal.at
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status keywords bug_severity priority component assigned_to
 reporter cc attachments.created
Message-ID: <bug-206758-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2016 13:10:33 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206758

            Bug ID: 206758
           Summary: [PATCH] Uninitalized variable in atrun
           Product: Base System
           Version: 10.2-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Some People
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: public2016@hauptsignal.at
                CC: freebsd-amd64@FreeBSD.org
                CC: freebsd-amd64@FreeBSD.org
          Keywords: patch

Created attachment 166300
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D166300&action=
=3Dedit
Patch for the atrun source

The atrun utility needs the number of CPUs for calculating the load limit. =
If
the average load is lower than that limit the next pending batch job is
started.

The number of CPUs is retrieved with an call to 'sysctlbyname'. This subrou=
tine
writes the number (which is an integer) to the "ncpu" variable. The variable
ist defined as size_t, which is an unsigned integer but is never initalized=
. So
the result of this operation is undefined.

The value of ncpu after calling sysctlbyname:
current version: 34359738369
patched version: 1

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sat Jan 30 14:22:35 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8571FA73E0D
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 30 Jan 2016 14:22:35 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 77116750
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 14:22:35 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0UEMZML075519
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 14:22:35 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206755] Use of initialised stack variables in tdfx_query_update
Date: Sat, 30 Jan 2016 14:22:35 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: mokhi64@gmail.com
X-Bugzilla-Status: In Progress
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: mokhi64@gmail.com
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc assigned_to bug_file_loc bug_status
Message-ID: <bug-206755-8-Kky2DJ3rKl@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206755-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206755-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2016 14:22:35 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206755

Mahdi Mokhtari <mokhi64@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mokhi64@gmail.com
           Assignee|freebsd-bugs@FreeBSD.org    |mokhi64@gmail.com
                URL|                            |https://reviews.freebsd.org
                   |                            |/D5132
             Status|New                         |In Progress

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sat Jan 30 14:23:00 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B86C2A73E4B
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 30 Jan 2016 14:23:00 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id A9F397BB
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 14:23:00 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0UEN0UA075995
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 14:23:00 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206754] Out of bounds negative array index in iicrdwr
Date: Sat, 30 Jan 2016 14:23:00 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: mokhi64@gmail.com
X-Bugzilla-Status: In Progress
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: mokhi64@gmail.com
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc assigned_to bug_file_loc bug_status
Message-ID: <bug-206754-8-8Y8DgjL0w3@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206754-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206754-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2016 14:23:00 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206754

Mahdi Mokhtari <mokhi64@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mokhi64@gmail.com
           Assignee|freebsd-bugs@FreeBSD.org    |mokhi64@gmail.com
                URL|                            |https://reviews.freebsd.org
                   |                            |/D5132
             Status|New                         |In Progress

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sat Jan 30 15:23:48 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9818FA731B6
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 30 Jan 2016 15:23:48 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 8957F1E49
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 15:23:48 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0UFNlIS069525
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 15:23:48 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206758] [PATCH] Uninitalized variable in atrun
Date: Sat, 30 Jan 2016 15:23:48 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 10.2-RELEASE
X-Bugzilla-Keywords: patch
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: kib@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc attachments.created
Message-ID: <bug-206758-8-rSsY7h954G@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206758-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206758-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2016 15:23:48 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206758

Konstantin Belousov <kib@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kib@FreeBSD.org

--- Comment #1 from Konstantin Belousov <kib@FreeBSD.org> ---
Created attachment 166306
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D166306&action=
=3Dedit
Fix ncpu type

I believe that you found the issue, but your fix is not right.  E.g., the
problem of invalid ncpu value would be still present on the big-endian LP64
machines.

The fix is to use int type, consistent with the type expected by the hw.ncpu
MIB.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sat Jan 30 16:38:27 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E31FBA728D4
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 30 Jan 2016 16:38:26 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id D38E21C4F
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 16:38:26 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0UGcQmD043573
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 16:38:26 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206761] Kernel stack overflow in sysctl handler for
 kern.binmisc.add
Date: Sat, 30 Jan 2016 16:38:26 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: cturt@hardenedbsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-206761-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2016 16:38:27 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206761

            Bug ID: 206761
           Summary: Kernel stack overflow in sysctl handler for
                    kern.binmisc.add
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: cturt@hardenedbsd.org

There is a stack overflow in the `sysctl_kern_binmisc` code path from
`sys/kern/imgact_binmisc.c`:

        switch(arg2) {
        case IBC_ADD:
                /* Add an entry. Limited to IBE_MAX_ENTRIES. */
                error =3D SYSCTL_IN(req, &xbe, sizeof(xbe));
                if (error)
                        return (error);
                if (IBE_VERSION !=3D xbe.xbe_version)
                        return (EINVAL);
                if (interp_list_entry_count =3D=3D IBE_MAX_ENTRIES)
                        return (ENOSPC);
                error =3D imgact_binmisc_add_entry(&xbe);
                break;

Notice that contents of `xbe` are user controlled, with just a check on the
`xbe_version` member before calling `imgact_binmisc_add_entry`:

static int
imgact_binmisc_add_entry(ximgact_binmisc_entry_t *xbe)
{
        imgact_binmisc_entry_t *ibe;
        char *p;

        if (xbe->xbe_msize > IBE_MAGIC_MAX)
                return (EINVAL);

        for(p =3D xbe->xbe_name; *p !=3D 0; p++)
                if (!isascii((int)*p))
                        return (EINVAL);

        for(p =3D xbe->xbe_interpreter; *p !=3D 0; p++)
                if (!isascii((int)*p))
                        return (EINVAL);

Notice that already 2 out of bounds reads are possible. Since these strings
come from userland, there is no guarantee that they are NULL truncated.
Limiting the contentents of `sb_interpreter` to ASCII characters only is a
minor annoyance, but let's continue:

        /* Make sure we don't have any invalid #'s. */
        p =3D xbe->xbe_interpreter;
        while (1) {
                p =3D strchr(p, '#');
                if (!p)
                        break;

                p++;
                switch(*p) {
                case ISM_POUND:
                        /* "##" */
                        p++;
                        break;

                case ISM_OLD_ARGV0:
                        /* "#a" */
                        p++;
                        break;

                case 0:
                default:
                        /* Anything besides the above is invalid. */
                        return (EINVAL);
                }
        }

        sx_xlock(&interp_list_sx);
        if (imgact_binmisc_find_entry(xbe->xbe_name) !=3D NULL) {
                sx_xunlock(&interp_list_sx);
                return (EEXIST);
        }

        /* Preallocate a new entry. */
        ibe =3D imgact_binmisc_new_entry(xbe);
        if (!ibe)
                return (ENOMEM);

        SLIST_INSERT_HEAD(&interpreter_list, ibe, link);
        interp_list_entry_count++;
        sx_xunlock(&interp_list_sx);

        return (0);
}

Basically, some more checks on the contents, but nothing limiting the size.
Moving onto the `imgact_binmisc_new_entry` call:

static imgact_binmisc_entry_t *
imgact_binmisc_new_entry(ximgact_binmisc_entry_t *xbe)
{
        imgact_binmisc_entry_t *ibe =3D NULL;
        size_t namesz =3D min(strlen(xbe->xbe_name) + 1, IBE_NAME_MAX);

        ibe =3D malloc(sizeof(*ibe), M_BINMISC, M_WAITOK|M_ZERO);

        ibe->ibe_name =3D malloc(namesz, M_BINMISC, M_WAITOK|M_ZERO);
        strlcpy(ibe->ibe_name, xbe->xbe_name, namesz);

        imgact_binmisc_populate_interp(xbe->xbe_interpreter, ibe);

The important thing here is that `xbe->xbe_name` is limited to `IBE_NAME_MA=
X`,
but there is no check on the size of `xbe->xbe_interpreter` string, it is
passed directly to `imgact_binmisc_populate_interp`:

static void
imgact_binmisc_populate_interp(char *str, imgact_binmisc_entry_t *ibe)
{
        uint32_t len =3D 0, argc =3D 1;
        char t[IBE_INTERP_LEN_MAX];
        char *sp, *tp;

        memset(t, 0, sizeof(t));

        /*
         * Normalize interpreter string. Replace white space between args w=
ith
         * single space.
         */
        sp =3D str; tp =3D t;
        while (*sp !=3D '\0') {
                if (*sp =3D=3D ' ' || *sp =3D=3D '\t') {
                        if (++len > IBE_INTERP_LEN_MAX)
                                break;
                        *tp++ =3D ' ';
                        argc++;
                        while (*sp =3D=3D ' ' || *sp =3D=3D '\t')
                                sp++;
                        continue;
                } else {
                        *tp++ =3D *sp++;
                        len++;
                }
        }
        *tp =3D '\0';
        len++;

        ibe->ibe_interpreter =3D malloc(len, M_BINMISC, M_WAITOK|M_ZERO);

        /* Populate all the ibe fields for the interpreter. */
        memcpy(ibe->ibe_interpreter, t, len);
        ibe->ibe_interp_argcnt =3D argc;
        ibe->ibe_interp_length =3D len;
}

Clearly, it is not safe to use this function on a user supplied string!

The characters of the input string (`str`) are iterated over without any ch=
eck
on size:

    while (*sp !=3D '\0') {

There is a check on the `len` value, but only when the string reaches
whitespace:

                if (*sp =3D=3D ' ' || *sp =3D=3D '\t') {
                        if (++len > IBE_INTERP_LEN_MAX)
                                break;

If the string consists of no whitespace we can increase `tp`, `sp`, and `le=
n`
freely (beyond the `IBE_INTERP_LEN_MAX` limit):

                } else {
                        *tp++ =3D *sp++;
                        len++;
                }

We then have a write from `tp`:

    *tp =3D '\0';

And also a `malloc` and `copyin` with `len`:

        ibe->ibe_interpreter =3D malloc(len, M_BINMISC, M_WAITOK|M_ZERO);

        /* Populate all the ibe fields for the interpreter. */
        memcpy(ibe->ibe_interpreter, t, len);

Remember that `t` is a fixed stack buffer:

    char t[IBE_INTERP_LEN_MAX];

So, when `len` exceeds `IBE_INTERP_LEN_MAX`, we have an out of bounds stack
read here, and an out of bounds stack write from `*tp =3D '\0'`.

But the most exploitable thing is the `*tp++ =3D *sp++;` copy; we can use it
write past the `t` buffer on the stack.

Here's the `ximgact_binmisc_entry` struct from `/sys/sys/imgact_binmisc.h`:

typedef struct ximgact_binmisc_entry {
        uint32_t xbe_version;   /* Struct version(IBE_VERSION) */
        uint32_t xbe_flags;     /* Entry flags (IBF_*) */
        uint32_t xbe_moffset;   /* Magic offset in header */
        uint32_t xbe_msize;     /* Magic size */
        uint32_t spare[3];      /* Spare fields for future use */
        char xbe_name[IBE_NAME_MAX];    /* Unique interpreter name */
        char xbe_interpreter[IBE_INTERP_LEN_MAX]; /* Interpreter path + arg=
s */
        uint8_t xbe_magic[IBE_MAGIC_MAX]; /* Header Magic */
        uint8_t xbe_mask[IBE_MAGIC_MAX]; /* Magic Mask */
} ximgact_binmisc_entry_t;

If we make `xbe_interpreter` non-terminated, the following fields, `xbe_mag=
ic`
and `xbe_mask`, will be read from.

Let's look at these some `define`s to get an idea of the sizes:

#define MAXPATHLEN 1024
#define IBE_ARG_LEN_MAX 256
#define IBE_INTERP_LEN_MAX      (MAXPATHLEN + IBE_ARG_LEN_MAX)
#define IBE_MAGIC_MAX   256

`xbe_interpreter` is 1280 bytes.
`xbe_magic` is 256 bytes.
`xbe_mask` is 256 bytes.

Now that we know we control the 512 bytes after the designated area for
`xbe_interpreter`, let's go back to the target code:

        char t[IBE_INTERP_LEN_MAX];
        ...
        sp =3D str; tp =3D t;
        while (*sp !=3D '\0') {
                if (*sp =3D=3D ' ' || *sp =3D=3D '\t') {
                        if (++len > IBE_INTERP_LEN_MAX)
                                break;
                        *tp++ =3D ' ';
                        argc++;
                        while (*sp =3D=3D ' ' || *sp =3D=3D '\t')
                                sp++;
                        continue;
                } else {
                        *tp++ =3D *sp++;
                        len++;
                }
        }
        *tp =3D '\0';

We fill our `xbe_interpreter` (`str`) with non-whitespace, ASCII bytes, 'a'=
 for
example so that the following code happens 1280 times:

    *tp++ =3D *sp++;

We then have stack overflow past `t` from user controlled contents `xbe_mag=
ic`
and `xbe_mask` (ASCII values only) for any desired size up to the next 512
bytes (just place a 0 byte to end the overflow); we can use this to overflow
return addresses on the stack to get kernel to jump anywhere we want as soo=
n as
this function returns, but only addresses with all ASCII bytes (but this is=
n't
a problem).

Unfortunately, the sysctl node, `kern.binmisc.add` is only accessible as ro=
ot.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sat Jan 30 17:15:23 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D02C4A73451
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 30 Jan 2016 17:15:23 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id C0969104B
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 17:15:23 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0UHFNe2051138
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 17:15:23 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206761] Kernel stack overflow in sysctl handler for
 kern.binmisc.add
Date: Sat, 30 Jan 2016 17:15:24 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: cturt@hardenedbsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206761-8-D0RujZzddf@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206761-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206761-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2016 17:15:23 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206761

--- Comment #1 from CTurt <cturt@hardenedbsd.org> ---
PoC which causes panic:

https://gist.github.com/CTurt/ddcda1a5ff4a3a38cad2

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sat Jan 30 17:18:36 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8AB50A73538
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 30 Jan 2016 17:18:36 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 7B28010D4
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 17:18:36 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0UHIa2Y055213
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 17:18:36 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206761] Kernel stack overflow in sysctl handler for
 kern.binmisc.add
Date: Sat, 30 Jan 2016 17:18:36 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: shawn.webb@hardenedbsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-206761-8-laTvPWLS6I@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206761-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206761-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2016 17:18:36 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206761

Shawn Webb <shawn.webb@hardenedbsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |shawn.webb@hardenedbsd.org

--- Comment #2 from Shawn Webb <shawn.webb@hardenedbsd.org> ---
Please attribute any code fix to "CTurt from HardenedBSD"

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sat Jan 30 17:23:35 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id BED8EA736FE
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 30 Jan 2016 17:23:35 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id AE7021336
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 17:23:35 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0UHNZN0067904
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 17:23:35 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206761] Kernel stack overflow in sysctl handler for
 kern.binmisc.add
Date: Sat, 30 Jan 2016 17:23:35 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: shawn.webb@hardenedbsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206761-8-oqRMQJhuc7@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206761-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206761-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2016 17:23:35 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206761

--- Comment #3 from Shawn Webb <shawn.webb@hardenedbsd.org> ---
Does a CVE need to be issued for this vulnerability?

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sat Jan 30 17:25:49 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 70137A737C7
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 30 Jan 2016 17:25:49 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 603CB13CB
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 17:25:49 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0UHPnRJ070867
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 17:25:49 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206761] Kernel stack overflow in sysctl handler for
 kern.binmisc.add
Date: Sat, 30 Jan 2016 17:25:49 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: cturt@hardenedbsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206761-8-viEpzergMj@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206761-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206761-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2016 17:25:49 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206761

--- Comment #4 from CTurt <cturt@hardenedbsd.org> ---
No need, I'll write a patch later. I'm busy with other potential bugs at the
moment though.

I don't think a CVE is needed, since it is only triggerable as root (every =
time
I find a bug, ffs).

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sat Jan 30 17:36:29 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 853DAA73BD7
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 30 Jan 2016 17:36:29 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 754EC1B99
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 17:36:29 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0UHaTxZ090997
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 17:36:29 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206761] Kernel stack overflow in sysctl handler for
 kern.binmisc.add
Date: Sat, 30 Jan 2016 17:36:29 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: needs-patch, needs-qa, security
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: koobs@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: keywords cc
Message-ID: <bug-206761-8-0f1DkYhQxu@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206761-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206761-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2016 17:36:29 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206761

Kubilay Kocak <koobs@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |needs-patch, needs-qa,
                   |                            |security
                 CC|                            |freebsd-security@FreeBSD.or
                   |                            |g

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sat Jan 30 17:54:57 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A5CE6A720F5
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 30 Jan 2016 17:54:57 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 958FC616
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 17:54:57 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0UHsv1m027307
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 17:54:57 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206758] [PATCH] Uninitalized variable in atrun
Date: Sat, 30 Jan 2016 17:54:57 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 10.2-RELEASE
X-Bugzilla-Keywords: patch
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: commit-hook@freebsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206758-8-JFeFGnWoCD@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206758-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206758-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2016 17:54:57 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206758

--- Comment #2 from commit-hook@freebsd.org ---
A commit references this bug:

Author: ngie
Date: Sat Jan 30 17:54:18 UTC 2016
New revision: 295079
URL: https://svnweb.freebsd.org/changeset/base/295079

Log:
  Fix the type for hw.ncpu, so sysctlbyname doesn't consistently fail on
  64-bit architectures where sizeof(int) !=3D sizeof(size_t).

  MFC after: 1 week
  PR: 206758
  Reported by: Christoph Sch?nweiler <public2016@hauptsignal.at>
  Submitted by: kib
  Sponsored by: EMC / Isilon Storage Division

Changes:
  head/libexec/atrun/atrun.c

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sat Jan 30 17:55:42 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id AEF7AA721A4
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 30 Jan 2016 17:55:42 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9ECA1686
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 17:55:42 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0UHtgkU028361
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 17:55:42 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206758] [PATCH] Uninitalized variable in atrun
Date: Sat, 30 Jan 2016 17:55:42 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 10.2-RELEASE
X-Bugzilla-Keywords: patch
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: ngie@FreeBSD.org
X-Bugzilla-Status: In Progress
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: flagtypes.name cc bug_status
Message-ID: <bug-206758-8-OklWQzR6fF@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206758-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206758-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2016 17:55:42 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206758

NGie Cooper <ngie@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|                            |mfc-stable9?, mfc-stable10?
                 CC|                            |ngie@FreeBSD.org
             Status|New                         |In Progress

--- Comment #3 from NGie Cooper <ngie@FreeBSD.org> ---
Thank you for the submission/patch. I proved that it was doing the wrong th=
ing
by adding a printf(3) after the sysctlbyname call on my amd64 VM.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sat Jan 30 17:56:08 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 32ED7A72220
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 30 Jan 2016 17:56:08 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 22F5F6E1
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 17:56:08 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0UHu7md028903
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 17:56:08 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206758] [PATCH] Uninitalized variable in atrun
Date: Sat, 30 Jan 2016 17:56:08 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 10.2-RELEASE
X-Bugzilla-Keywords: patch
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: ngie@FreeBSD.org
X-Bugzilla-Status: In Progress
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: ngie@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields: assigned_to
Message-ID: <bug-206758-8-dKR4oEiTm2@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206758-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206758-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2016 17:56:08 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206758

NGie Cooper <ngie@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|freebsd-bugs@FreeBSD.org    |ngie@FreeBSD.org

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sat Jan 30 19:08:23 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1055DA73CFB
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 30 Jan 2016 19:08:23 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id E85FE1219
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 19:08:22 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0UJ8MvK081585
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 19:08:22 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206762] -Wtautilogical-pointer-compare issues with drm(4) code
Date: Sat, 30 Jan 2016 19:08:23 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: ngie@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-206762-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2016 19:08:23 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206762

            Bug ID: 206762
           Summary: -Wtautilogical-pointer-compare issues with drm(4) code
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: ngie@FreeBSD.org

Ran into these issues on amd64 with buildkernel:

$ svnversion
295081
$ env SRCCONF=3D/dev/null make tinderbox KERNCONF=3DLINT -j4
...
--- all_subdir_i915kms ---^M
/usr/src/svn/sys/modules/drm2/i915kms/../../../dev/drm2/i915/i915_gem.c:680=
:12:
warning: comparison of address of 'obj->base' equal to a null pointer is al=
ways
false [-Wtautological-pointer-compare]^M
        if (&obj->base =3D=3D NULL) {^M
             ~~~~~^~~~    ~~~~^M
/usr/src/svn/sys/modules/drm2/i915kms/../../../dev/drm2/i915/i915_gem.c:104=
0:12:
warning: comparison of address of 'obj->base' equal to a null pointer is al=
ways
false [-Wtautological-pointer-compare]^M
        if (&obj->base =3D=3D NULL) {^M
             ~~~~~^~~~    ~~~~^M
/usr/src/svn/sys/modules/drm2/i915kms/../../../dev/drm2/i915/i915_gem.c:125=
9:12:
warning: comparison of address of 'obj->base' equal to a null pointer is al=
ways
false [-Wtautological-pointer-compare]^M
        if (&obj->base =3D=3D NULL) {^M
             ~~~~~^~~~    ~~~~^M
/usr/src/svn/sys/modules/drm2/i915kms/../../../dev/drm2/i915/i915_gem.c:129=
9:12:
warning: comparison of address of 'obj->base' equal to a null pointer is al=
ways
false [-Wtautological-pointer-compare]^M
        if (&obj->base =3D=3D NULL) {^M
             ~~~~~^~~~    ~~~~^M
/usr/src/svn/sys/modules/drm2/i915kms/../../../dev/drm2/i915/i915_gem.c:172=
5:12:
warning: comparison of address of 'obj->base' equal to a null pointer is al=
ways
false [-Wtautological-pointer-compare]^M
        if (&obj->base =3D=3D NULL) {^M
             ~~~~~^~~~    ~~~~^M
/usr/src/svn/sys/modules/drm2/i915kms/../../../dev/drm2/i915/i915_gem.c:359=
5:12:
warning: comparison of address of 'obj->base' equal to a null pointer is al=
ways
false [-Wtautological-pointer-compare]^M
        if (&obj->base =3D=3D NULL) {^M
             ~~~~~^~~~    ~~~~^M
--- all_subdir_drm ---^M
--- drm.ko ---^M
ld -d -warn-common -r -d -o drm.ko ati_pcigart.o drm_agpsupport.o drm_auth.o
drm_bufs.o drm_context.o drm_dma.o drm_drawable.o drm_drv.o drm_fops.o
drm_hashtab.o drm_ioctl.o drm_irq.o drm_lock.o drm_memory.o drm_mm.o drm_pc=
i.o
drm_scatter.o drm_sman.o drm_sysctl.o drm_vm.o^M
--- all_subdir_drm2 ---^M
/usr/src/svn/sys/modules/drm2/i915kms/../../../dev/drm2/i915/i915_gem.c:363=
2:12:
warning: comparison of address of 'obj->base' equal to a null pointer is al=
ways
false [-Wtautological-pointer-compare]^M
        if (&obj->base =3D=3D NULL) {^M
             ~~~~~^~~~    ~~~~^M
/usr/src/svn/sys/modules/drm2/i915kms/../../../dev/drm2/i915/i915_gem.c:368=
5:12:
warning: comparison of address of 'obj->base' equal to a null pointer is al=
ways
false [-Wtautological-pointer-compare]^M
        if (&obj->base =3D=3D NULL) {^M
             ~~~~~^~~~    ~~~~^M
--- all_subdir_drm ---^M
--- all_subdir_i915kms ---^M
/usr/src/svn/sys/modules/drm2/i915kms/../../../dev/drm2/i915/i915_gem_execb=
uffer.c:798:13:
warning: comparison of address of 'obj->base' equal to a null pointer is al=
ways
false [-Wtautological-pointer-compare]^M
                if (&obj->base =3D=3D NULL) {^M
                     ~~~~~^~~~    ~~~~^M
--- all_subdir_i915kms ---^M
/usr/src/svn/sys/modules/drm2/i915kms/../../../dev/drm2/i915/i915_gem_execb=
uffer.c:1275:13:
warning: comparison of address of 'obj->base' equal to a null pointer is al=
ways
false [-Wtautological-pointer-compare]^M
                if (&obj->base =3D=3D NULL) {^M
                     ~~~~~^~~~    ~~~~^M
--- all_subdir_i915kms ---^M
/usr/src/svn/sys/modules/drm2/i915kms/../../../dev/drm2/i915/i915_gem_tilin=
g.c:311:12:
warning: comparison of address of 'obj->base' equal to a null pointer is al=
ways
false [-Wtautological-pointer-compare]^M
        if (&obj->base =3D=3D NULL)^M
             ~~~~~^~~~    ~~~~^M
/usr/src/svn/sys/modules/drm2/i915kms/../../../dev/drm2/i915/i915_gem_tilin=
g.c:418:12:
warning: comparison of address of 'obj->base' equal to a null pointer is al=
ways
false [-Wtautological-pointer-compare]^M
        if (&obj->base =3D=3D NULL)^M
             ~~~~~^~~~    ~~~~^M
/usr/src/svn/sys/modules/drm2/i915kms/../../../dev/drm2/i915/intel_display.=
c:5161:12:
warning: comparison of address of 'obj->base' equal to a null pointer is al=
ways
false [-Wtautological-pointer-compare]^M
        if (&obj->base =3D=3D NULL)^M
             ~~~~~^~~~    ~~~~^M
/usr/src/svn/sys/modules/drm2/i915kms/../../../dev/drm2/i915/intel_display.=
c:6731:12:
warning: comparison of address of 'obj->base' equal to a null pointer is al=
ways
false [-Wtautological-pointer-compare]^M
        if (&obj->base =3D=3D NULL)^M
             ~~~~~^~~~    ~~~~^M
--- all_subdir_drm2 ---^M
/usr/src/svn/sys/modules/drm2/i915kms/../../../dev/drm2/i915/intel_overlay.=
c:1153:15:
warning: comparison of address of 'new_bo->base' equal to a null pointer is
always false [-Wtautological-pointer-compare]^M
        if (&new_bo->base =3D=3D NULL) {^M
             ~~~~~~~~^~~~    ~~~~^M

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sat Jan 30 19:49:53 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 171A2A72D65
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 30 Jan 2016 19:49:53 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 0809E942
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 19:49:53 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0UJnqwl065140
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 19:49:52 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206763] extattr_namespace_to_string in libutil.h but not in
 libutil.
Date: Sat, 30 Jan 2016 19:49:53 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: misc
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ruben@rubenkerkhof.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-206763-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2016 19:49:53 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206763

            Bug ID: 206763
           Summary: extattr_namespace_to_string in libutil.h but not in
                    libutil.
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: misc
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: ruben@rubenkerkhof.com

I've been porting Burp (a backup program) to FreeBSD.

Looking at the various configure checks for detecting extended attribute
support, I noticed that the declarations for extattr_namespace_to_string and
extattr_string_to_namespace are in libutil.h. The functions themselves move=
d to
libc from libutil about 10 years ago.

NetBSD has these prototypes in sys/extattr.h. Would it make sense to move t=
hem
there as well?

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sat Jan 30 20:31:41 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E3337A73A0F
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 30 Jan 2016 20:31:41 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id D48EF1D01
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 20:31:41 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0UKVfSS084704
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 20:31:41 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206762] -Wtautilogical-pointer-compare issues with drm(4) code
Date: Sat, 30 Jan 2016 20:31:41 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: ngie@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-206762-8-KAP9QuCygP@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206762-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206762-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2016 20:31:42 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206762

NGie Cooper <ngie@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |bapt@FreeBSD.org,
                   |                            |royger@freebsd.org

--- Comment #1 from NGie Cooper <ngie@FreeBSD.org> ---
Uh... hmmm...

 800 /** driver private structure attached to each drm_gem_object */
 801 struct drm_i915_gem_object {
 802         struct drm_gem_object base;
 803

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sat Jan 30 23:40:33 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id F2F6BA72461
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 30 Jan 2016 23:40:33 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id E43B2F1A
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 23:40:33 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0UNeXE1002169
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 23:40:33 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206752] [patch] /bin/date format conversion bug
Date: Sat, 30 Jan 2016 23:40:34 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: patch
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: jilles@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-206752-8-zjH6QWSazK@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206752-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206752-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2016 23:40:34 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206752

Jilles Tjoelker <jilles@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jilles@FreeBSD.org

--- Comment #1 from Jilles Tjoelker <jilles@FreeBSD.org> ---
The behaviour is indeed strange, but I don't think resetting the day of the
month to 1 whenever -j and -f are used together is correct. Commands like d=
ate
-j -f %H:%M:%S 00:00:00 should still print midnight of the current day, not=
 of
the first of the month. Likewise, the date(1) man page (by referring to
strftime(3)) seems to suggest that nonexistent days like 30 February are
converted to something in March.

You can specify the day of the month (%d) as 1 in your script.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-bugs@freebsd.org  Sat Jan 30 23:49:26 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5F95AA72726
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 30 Jan 2016 23:49:26 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 513561247
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 23:49:26 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0UNnQ2w020078
 for <freebsd-bugs@FreeBSD.org>; Sat, 30 Jan 2016 23:49:26 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206752] [patch] /bin/date format conversion bug
Date: Sat, 30 Jan 2016 23:49:26 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: patch
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: jrm@ftfl.ca
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206752-8-j4gqxM0vqq@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206752-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206752-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2016 23:49:26 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206752

--- Comment #2 from Joseph Mingrone <jrm@ftfl.ca> ---
(In reply to Jilles Tjoelker from comment #1)

The fixed first day of the month should only have an effect if the user doe=
sn't
specify a day.  I don't think this is any less arbitrary than using the cur=
rent
day of the month when the user doesn't specify one.  The only difference is
that using the first day doesn't produce the strange behaviour.

--=20
You are receiving this mail because:
You are the assignee for the bug.=