Mon, 14 May 2018 17:34:26 +0000 Merge ipsec4_input and ipsec6_input into ipsec_ip_input. Make the argument trunk
maxv <maxv@NetBSD.org> [Mon, 14 May 2018 17:34:26 +0000] rev 319046
Merge ipsec4_input and ipsec6_input into ipsec_ip_input. Make the argument a bool for clarity. Optimize the function: if M_CANFASTFWD is not there (because already removed by the firewall) leave now. Makes it easier to see that M_CANFASTFWD is not removed on IPv6.
Mon, 14 May 2018 17:26:16 +0000 Don't crash if there is no inner IP header. trunk
maxv <maxv@NetBSD.org> [Mon, 14 May 2018 17:26:16 +0000] rev 319045
Don't crash if there is no inner IP header.
Mon, 14 May 2018 17:15:54 +0000 Workaround A-008585 errata in GTMR. trunk
joerg <joerg@NetBSD.org> [Mon, 14 May 2018 17:15:54 +0000] rev 319044
Workaround A-008585 errata in GTMR. Register reads and writes may provide unstable results if the counter hardware is active at the same time. This results in non-monotonic counters seen by both the gtmr interrupt and time counter. The loops are currently applied unconditionally, restricting them to appropiate FDT markers can be applied later.
Mon, 14 May 2018 17:11:38 +0000 Remove a number of debug #if 0s. trunk
joerg <joerg@NetBSD.org> [Mon, 14 May 2018 17:11:38 +0000] rev 319043
Remove a number of debug #if 0s.
Mon, 14 May 2018 17:09:41 +0000 Remove unused gtmr_bootdelay. trunk
joerg <joerg@NetBSD.org> [Mon, 14 May 2018 17:09:41 +0000] rev 319042
Remove unused gtmr_bootdelay.
Mon, 14 May 2018 16:20:55 +0000 Ticket #1605 netbsd-7-0
martin <martin@NetBSD.org> [Mon, 14 May 2018 16:20:55 +0000] rev 319041
Ticket #1605
Mon, 14 May 2018 16:21:13 +0000 Ticket #1605 netbsd-7-1
martin <martin@NetBSD.org> [Mon, 14 May 2018 16:21:13 +0000] rev 319040
Ticket #1605
Mon, 14 May 2018 16:17:19 +0000 Pull up following revision(s) (requested by maxv in ticket #1605): netbsd-7-1
martin <martin@NetBSD.org> [Mon, 14 May 2018 16:17:19 +0000] rev 319039
Pull up following revision(s) (requested by maxv in ticket #1605): sys/net/npf/npf_inet.c: revision 1.45 sys/net/npf/npf_alg_icmp.c: revision 1.27-1.29 Fix use-after-free. The nbuf can be reallocated as a result of caching 'enpc', so it is necessary to recache 'npc', otherwise it contains pointers to the freed mbuf - pointers which are then used in the ruleset machinery. We recache 'npc' when we are sure we won't use 'enpc' anymore, because 'enpc' can be clobbered as a result of caching 'npc' (in other words, only one of the two can be cached at the same time). Also, we recache 'npc' unconditionally, because there is no way to know whether the nbuf got clobbered relatively to it. We can't use the NBUF_DATAREF_RESET flag, because it is stored in the nbuf and not in the cache. Discussed with rmind@. Change npf_cache_all so that it ensures the potential ICMP Query Id is in the nbuf. In such a way that we don't need to ensure that later. Change npfa_icmp4_inspect and npfa_icmp6_inspect so that they touch neither the nbuf nor npc. Adapt their callers accordingly. In the end, if a packet has a Query Id, we set NPC_ICMP_ID in npc and leave right away, without recaching npc (not needed since we didn't touch the nbuf). This fixes the handling of Query Id packets (that I broke in my previous commit), and also fixes another possible use-after-free. Ah, fix compilation. I tested my previous change by loading the kernel module from the filesystem, but the Makefile didn't have DIAGNOSTIC enabled, and the two KASSERTs I added did not compile properly.
Mon, 14 May 2018 16:21:48 +0000 Tickets #1604 and #1605 netbsd-7
martin <martin@NetBSD.org> [Mon, 14 May 2018 16:21:48 +0000] rev 319038
Tickets #1604 and #1605
Mon, 14 May 2018 16:16:04 +0000 Pull up following revision(s) (requested by maxv in ticket #1605): netbsd-7
martin <martin@NetBSD.org> [Mon, 14 May 2018 16:16:04 +0000] rev 319037
Pull up following revision(s) (requested by maxv in ticket #1605): sys/net/npf/npf_inet.c: revision 1.45 sys/net/npf/npf_alg_icmp.c: revision 1.27-1.29 Fix use-after-free. The nbuf can be reallocated as a result of caching 'enpc', so it is necessary to recache 'npc', otherwise it contains pointers to the freed mbuf - pointers which are then used in the ruleset machinery. We recache 'npc' when we are sure we won't use 'enpc' anymore, because 'enpc' can be clobbered as a result of caching 'npc' (in other words, only one of the two can be cached at the same time). Also, we recache 'npc' unconditionally, because there is no way to know whether the nbuf got clobbered relatively to it. We can't use the NBUF_DATAREF_RESET flag, because it is stored in the nbuf and not in the cache. Discussed with rmind@. Change npf_cache_all so that it ensures the potential ICMP Query Id is in the nbuf. In such a way that we don't need to ensure that later. Change npfa_icmp4_inspect and npfa_icmp6_inspect so that they touch neither the nbuf nor npc. Adapt their callers accordingly. In the end, if a packet has a Query Id, we set NPC_ICMP_ID in npc and leave right away, without recaching npc (not needed since we didn't touch the nbuf). This fixes the handling of Query Id packets (that I broke in my previous commit), and also fixes another possible use-after-free. Ah, fix compilation. I tested my previous change by loading the kernel module from the filesystem, but the Makefile didn't have DIAGNOSTIC enabled, and the two KASSERTs I added did not compile properly.
(0) -300000 -100000 -30000 -10000 -3000 -1000 -300 -100 -10 +10 +100 +300 +1000 +3000 +10000 +30000 +100000 tip