lib/libcurses/newwin.c: revision 1.58
newwin - fix crash with negative ncols.
When support for negative nrows/ncols was added, one s/ncols/maxx/ was
missed so we ended up passing negative (i.e. huge unsigned) length
when hashing the line contents.
Reported by Naman Jain in PR lib/55484
sys/dev/usb/ualea.c: revision 1.12
Set up the USB xfer for every transfer, not just once in the attach
function. Caught by DIAGNOSTIC on a similar driver. Thanks to mrg@
for USB xfer clue and martin@ for testing.
sys/dev/pci/vioscsi.c: revision 1.22
Fix off-by-one SCSI target reporting
Use max_target as the controller ID instead of zero, so that the device
located at SCSI ID zero (e.g. a disk) is not obscured through not being
probed by scsi_probe_bus() (which skips the controller ID).
Copy the target requested onto the wire without decrementing it by one.
ok christos@
sys/dev/scsipi/scsiconf.c: revision 1.288
Continue scanning a SCSI bus when a LUN is reported not present
This fixes disk attachment under Qemu when there is no disk on LUN 0 on
a SCSI bus but there is a disk on LUN 1. The inquiry for LUN 0 returns
SID_QUAL_LU_NOTPRESENT & T_NODEVICE. Quirks are only checked if neither
one of those are set, so cannot use a quirk entry.
Use case 1: Proxmox 6 configures each disk on its own bus when using
the "Virtio SCSI single" SCSI controller. However, while the "scsi0"
disk is on LUN 0, the "scsi1" disk is on LUN 1.
Use case 2: A Linode boot profile with multiple disks results in
the first disk ("sda") on LUN 1, while the second disk ("sdb") is
on LUN 0, each on their own bus.
external/bsd/dhcpcd/dist/hooks/01-test (apply patch)
Fix dhcpcd test not to require /usr by syncing with the 01-test hook with
-current (which uses a newer dhcpcd version).
external/bsd/nvi/dist/vi/v_txt.c: revision 1.7
PR bin/55468
Fix crash due to out-of-bounds access with Ctrl-W.
PR is only for nottywerase, but also fix ttywerase case, taken from
OpenBSD via nvi2:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/vi/vi/v_txt.c#rev1.235d5365d358
Also, comment there is no worry for altwerase specific code, which
seems suspicious at a glance.
Reported by Azuma OKAMOTO.
Thanks for detailed explanation how to reproduce the problem!
sys/netinet/tcp_input.c: revision 1.418 (via patch)
- always set both ip and ip6, otherwise a kernel assertion can be triggered
- move alignment early so that we do less work
usr.bin/w/w.c: revision 1.86
usr.bin/w/w.c: revision 1.85
Compute a value for domain before comparing against it
Remove local domain always, not just when looking up addresses
sys/dev/acpi/acpi_display.c: revision 1.18
Only need to set brightness if reading the initial state fails
to sync firmware and the driver. Avoids black screen at boot time.
Thanks to jmcneill@
sys/arch/x86/x86/cpu_rng.c: revision 1.16
Use x86_read_psl/x86_disable_intr/x86_read_psl to defer interrupts.
Using x86_disable_intr/x86_enable_intr causes a bit of a snag when we
try it early at boot before we're ready to handle interrupts, because
it has the effect of enabling interrupts!
Fixes instant reset at boot on VIA CPUs. The instant reset on boot
is new since the entropy rework, which initialized the x86 CPU RNG
earlier than before, but in principle this could also cause other
problems while not early at boot too.
XXX pullup
sys/dev/usb/if_otus.c: revision 1.45 via patch
Stricter bounds check for some packet length we get from the usb chip,
to make sure we do not corrupt kernel memory.
Pointed out by Ilja Van Sprundel.
sys/arch/mac68k/dev/ams.c: revision 1.23
Fix inverted Y-axis value passed to wsmouse_input(9).
Note this is what src/sys/arch/macppc/dev/ams.c does as
"upward (moving the mouse forward) is positive" as noted in wsmouse(9):
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/arch/macppc/dev/ams.c#rev1.4
Reported and tested by @NonameInsect on his SE/30 and Xorg server.
Should be pulled up to netbsd-8 and netbsd-9.
sys/kern/subr_pcu.c: revision 1.22
Relax the KASSERT() in pcu_discard_all() to allow non-curlwp if it is
in LSIDL state, which can happen if the new LWP is exiting before it's
ever run, e.g. if an error occurs in _lwp_create(2).
sys/dev/sysmon/sysmon_envsys.c: revision 1.145
Don't queue sysmon refresh until the rndsource is attached.
Using the rndsource, as refreshing the sensors will do, is not
allowed until _after_ rnd_source_attach.
XXX pullup-7
XXX pullup-8
XXX pullup-9
sys/arch/powerpc/oea/pmap.c: revision 1.96
Stop returning while PMAP_LOCK() (= KERNEL_LOCK(1, NULL)) is held.
Kernel freeze with heavy load is significantly mitigated (fixed?),
in which I could not even enter DDB from console.
XXX
There is still inconsistency in usage of two PVO pools.
I will send-pr later.
XXX
pullup to netbsd-[987]
sys/dev/usb/usb.c: revision 1.187
Don't allow open of /dev/usb if there are no attached busses.
PR kern/55303 mutex_vector_enter,512: uninitialized lock
sys/netinet/igmp.c: revision 1.70
sys/kern/kern_time.c: revision 1.204
igmp_sendpkt() expects ip_output() to set 'imo.imo_multicast_ttl' into
'ip->ip_ttl'; but ip_output() won't if the target is not a multicast
address, meaning that the uninitialized 'ip->ip_ttl' byte gets sent to
the network. This leaks one byte of kernel heap.
Fix this by filling 'ip->ip_ttl' with a TTL of one.
Found by KMSAN.
-
Fix uninitialized memory access. Found by KMSAN.
bin/rcp/rcp.c: revision 1.50
In sink(), upon error, avoid multiple replies to the source as this
would lead to a desynchronization of the protocol and further files or
directories to be ignored or corrupted.
Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
games/fortune/strfile/strfile.c: revision 1.39
games/fortune/unstr/unstr.c: revision 1.15
strfile: Check that input/output filenames don't exceed the buffer size
unstr: Check that the input filename fits in the buffer.
sys/kern/subr_cprng.c: revision 1.34
Disable rngtest on output of cprng_strong.
We already do a self-test for correctenss of Hash_DRBG output;
applying rngtest to it does nothing but give everyone warning fatigue
about spurious rngtest failures.
sys/dev/dkwedge/dk.c: revision 1.98
Update sc->sc_parent->dk_rawvp while the lock named dk_rawlock held
to prevent a race condition
Fixes PR kern/55026
OKed by mlelstv@, thanks
sys/arch/hp300/hp300/machdep.c: revision 1.233
Fix garbages in dmesg caused by uninitialized variables slipped in r1.228.
Noticed in HP9000/362 dmesg:
https://dmesgd.nycbug.org/index.cgi?do=view&id=5459
Should be pulled up to netbsd-8 and netbsd-9.
martin