From nobody Mon Jan 12 00:46:19 2026
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dqDGL04QKz6NmHP
	for <dev-commits-src-all@mlmmj.nyi.freebsd.org>; Mon, 12 Jan 2026 00:46:34 +0000 (UTC)
	(envelope-from wlosh@bsdimp.com)
Received: from mail-pl1-x62f.google.com (mail-pl1-x62f.google.com [IPv6:2607:f8b0:4864:20::62f])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4dqDGK2sv4z4Kgc
	for <dev-commits-src-all@freebsd.org>; Mon, 12 Jan 2026 00:46:33 +0000 (UTC)
	(envelope-from wlosh@bsdimp.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-pl1-x62f.google.com with SMTP id d9443c01a7336-2a3e76d0f64so21653735ad.1
        for <dev-commits-src-all@freebsd.org>; Sun, 11 Jan 2026 16:46:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=bsdimp-com.20230601.gappssmtp.com; s=20230601; t=1768178791; x=1768783591; darn=freebsd.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=jUoUM5skIsc/QJGQoCeDGWoWMMRfyOMqWD6dFB5pg50=;
        b=ttgMPRhz6jwbK8UssLRLviEndFvkHitwZnimWVuzW+dqUwKYc24Xm5AoJ5W90h/wm2
         lkC7QUX8WkRWyo1kdRYpN1ioswY5vrtRd5ovj6Mf4DeHEQQUO1XLrJP04rqQJDRo3wum
         ofeU91BX6QnFuTPnQOSXspVeQcdfp6TaxTa8tuxYAe1wwn6OhhYi+6RB+zyqGzbFaaMW
         2crKblS5dqnStcCJZTVCN1XoK19jbwqcgn4drVT6K6IsTfe25yYx3RbvUSN2DP/XyYoC
         TQn+hlzMI8OMrb04g7F+UyOctgCNzWq1uDpYWGUuHYblc/v5hvSzZm6LdyZGIFc62KVK
         g7lA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768178791; x=1768783591;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=jUoUM5skIsc/QJGQoCeDGWoWMMRfyOMqWD6dFB5pg50=;
        b=cS/KFYdxaAd5pRfGAYgxSR3/nvIw7Hdl/tYKzW6ekw7MPMoEzYYvOJskuGiHi37/s0
         uciBpeD0k4io0wz0VbvKLnjWmNYcO/8/sW1aMWTHUfjHHFR7XNYDnuw+n9dRLt7Vsfck
         O+7sOJhuyigzP4Kv+m6o7UaEPqBWOND5XzE/+HyXRU/33Dk+qphovbEnMX6VFuO+2pAs
         0TjOeHCubbb32g+yt4EcXm2CWo9TaDmYSsUpUNe/bH4eahI74ZNGES57dwOHwVhfDnB+
         fUExSVJfGlKCJBoufF4dMTr+8TqT6OXIKE4rmLIsu9D+Ry2wmHinbXnqYvD58Ae4KATA
         p5dA==
X-Forwarded-Encrypted: i=1; AJvYcCUpXhNVv3B+IMkOC7E22jUoOMl2Lb0o3ve9anLj8jDPQLrSHgfttAU4Z4GHzJNurXuxIlq+XZ1zrqPC7uX3DYfPOeb2@freebsd.org
X-Gm-Message-State: AOJu0YzhRbTM+00tTuUDBBpaVsvbX5/TyGli61J1liP6aCDZWzBeMloA
	i0gioWMEF9qNEnoJju5NRGSzUH7uih3a/znll6PRmsM8S3u74O8vvyC+Ik0m5cNYECCWSGSkcTW
	6WpsT90Vp3+Pj9rP+Q8sGfSH+vesGIpCE4FyafymlLQ==
X-Gm-Gg: AY/fxX4nK6PZYb7VfvZOUdweKNngfRSauN71jQe+TyjezOUPJPa7o9vGqOI5bNwJbn2
	LawflMXjUkyWtnof8bTEYNf84qVhQKk7iZ3Mo4lE4wRPWiK5fiBu+qNBLv9fuJiuFcnclKrrw8K
	2XiwcoJic7taibAZVz+hI0EAa0ZqdQ9PudmqpY+KgN9RayC3DYOXoc8ZeYLxCYhDvCb23He3Evr
	5a4Al463xVuULObGOu0wdIMPNPKZB7uDpDCZdiUJKV5uaGl0TcXU8rM7gskZKFcgMxme+M=
X-Google-Smtp-Source: AGHT+IEnsIRKYp5poZHn6jwWZ7SwhtJnacqj9MPGYNLzYM4lfEYYDpeXZGbqTLWxcqztfRCsyEZ3Ow7Zw7y1KgS6kbQ=
X-Received: by 2002:a17:903:189:b0:2a0:89c6:1824 with SMTP id
 d9443c01a7336-2a3e3991076mr188205195ad.8.1768178790611; Sun, 11 Jan 2026
 16:46:30 -0800 (PST)
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
References: <69616257.8255.cd9e3ac@gitrepo.freebsd.org> <CAKAYmMJEoHjNF-EsL72ThJyDRRqyfri7j06bpuwamY9Ae9r+Fg@mail.gmail.com>
In-Reply-To: <CAKAYmMJEoHjNF-EsL72ThJyDRRqyfri7j06bpuwamY9Ae9r+Fg@mail.gmail.com>
From: Warner Losh <imp@bsdimp.com>
Date: Sun, 11 Jan 2026 17:46:19 -0700
X-Gm-Features: AZwV_QgG0CtWFmfKe8rHE7kssVn228u_rw7Bk-XucK21LaLMNtIQMoF4x4it3zA
Message-ID: <CANCZdfpSgUwyRFWeYdgJduQ0MOb9a3ZkSE8NaJy6pRMaBiz0aQ@mail.gmail.com>
Subject: Re: git: 763179042246 - main - Fix NULL deref segfault in bhyve's usb_mouse.c
To: Chuck Tuffli <chuck@freebsd.org>
Cc: Warner Losh <imp@freebsd.org>, src-committers@freebsd.org, 
	dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org, 
	Jack Bendtsen <jackdbendtsen@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000b6cd01064826348f"
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Rspamd-Queue-Id: 4dqDGK2sv4z4Kgc

--000000000000b6cd01064826348f
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Sun, Jan 11, 2026 at 4:18=E2=80=AFPM Chuck Tuffli <chuck@freebsd.org> wr=
ote:

> On Fri, Jan 9, 2026 at 12:18=E2=80=AFPM Warner Losh <imp@freebsd.org> wro=
te:
> >
> > The branch main has been updated by imp:
> >
> > URL:
> https://cgit.FreeBSD.org/src/commit/?id=3D7631790422464de1aec309018e2c444=
defe5f629
> >
> > commit 7631790422464de1aec309018e2c444defe5f629
> > Author:     Jack Bendtsen <jackdbendtsen@gmail.com>
> > AuthorDate: 2025-06-19 07:40:31 +0000
> > Commit:     Warner Losh <imp@FreeBSD.org>
> > CommitDate: 2026-01-09 20:17:13 +0000
> >
> >     Fix NULL deref segfault in bhyve's usb_mouse.c
> >
> >     Some of the cases inside umouse_request()
> (usr.sbin/bhyve/usb_mouse.c)
> >     use the data component of an event, while only partially checking i=
f
> >     it's NULL. 'data' has a NULL check, but then 'data' is immediately
> >     deferenced anyway after the check regardless of if it's NULL or not=
.
>
> The SmartOS/Illumos folks ran into this issue a bit ago and fixed
> their version of bhyve differently
> (https://www.illumos.org/issues/17784). This has been on my to-do
> list, but it didn't make it to the top before this (point hat:
> chuck@). Any concerns or objections to my committing
> https://reviews.freebsd.org/D54661 to minimize our diffs with
> SmartOS/illumos?
>

That's fine. Documented such on the review.

Wraner

--000000000000b6cd01064826348f
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote g=
mail_quote_container"><div dir=3D"ltr" class=3D"gmail_attr">On Sun, Jan 11,=
 2026 at 4:18=E2=80=AFPM Chuck Tuffli &lt;<a href=3D"mailto:chuck@freebsd.o=
rg">chuck@freebsd.org</a>&gt; wrote:<br></div><blockquote class=3D"gmail_qu=
ote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,20=
4);padding-left:1ex">On Fri, Jan 9, 2026 at 12:18=E2=80=AFPM Warner Losh &l=
t;<a href=3D"mailto:imp@freebsd.org" target=3D"_blank">imp@freebsd.org</a>&=
gt; wrote:<br>
&gt;<br>
&gt; The branch main has been updated by imp:<br>
&gt;<br>
&gt; URL: <a href=3D"https://cgit.FreeBSD.org/src/commit/?id=3D763179042246=
4de1aec309018e2c444defe5f629" rel=3D"noreferrer" target=3D"_blank">https://=
cgit.FreeBSD.org/src/commit/?id=3D7631790422464de1aec309018e2c444defe5f629<=
/a><br>
&gt;<br>
&gt; commit 7631790422464de1aec309018e2c444defe5f629<br>
&gt; Author:=C2=A0 =C2=A0 =C2=A0Jack Bendtsen &lt;<a href=3D"mailto:jackdbe=
ndtsen@gmail.com" target=3D"_blank">jackdbendtsen@gmail.com</a>&gt;<br>
&gt; AuthorDate: 2025-06-19 07:40:31 +0000<br>
&gt; Commit:=C2=A0 =C2=A0 =C2=A0Warner Losh &lt;imp@FreeBSD.org&gt;<br>
&gt; CommitDate: 2026-01-09 20:17:13 +0000<br>
&gt;<br>
&gt;=C2=A0 =C2=A0 =C2=A0Fix NULL deref segfault in bhyve&#39;s usb_mouse.c<=
br>
&gt;<br>
&gt;=C2=A0 =C2=A0 =C2=A0Some of the cases inside umouse_request() (usr.sbin=
/bhyve/usb_mouse.c)<br>
&gt;=C2=A0 =C2=A0 =C2=A0use the data component of an event, while only part=
ially checking if<br>
&gt;=C2=A0 =C2=A0 =C2=A0it&#39;s NULL. &#39;data&#39; has a NULL check, but=
 then &#39;data&#39; is immediately<br>
&gt;=C2=A0 =C2=A0 =C2=A0deferenced anyway after the check regardless of if =
it&#39;s NULL or not.<br>
<br>
The SmartOS/Illumos folks ran into this issue a bit ago and fixed<br>
their version of bhyve differently<br>
(<a href=3D"https://www.illumos.org/issues/17784" rel=3D"noreferrer" target=
=3D"_blank">https://www.illumos.org/issues/17784</a>). This has been on my =
to-do<br>
list, but it didn&#39;t make it to the top before this (point hat:<br>
chuck@). Any concerns or objections to my committing<br>
<a href=3D"https://reviews.freebsd.org/D54661" rel=3D"noreferrer" target=3D=
"_blank">https://reviews.freebsd.org/D54661</a> to minimize our diffs with<=
br>
SmartOS/illumos?<br></blockquote><div><br></div><div>That&#39;s fine. Docum=
ented such on the review.</div><div><br></div><div>Wraner</div><div>=C2=A0<=
/div></div></div>

--000000000000b6cd01064826348f--