Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
272,916 Commits 606 Branches 0 Tags 3.1 GiB
b01e228efb
Commit Graph

5333 Commits

Author SHA1 Message Date
maxv
f76a68287e Localify, constify. 2020-01-07 06:42:26 +00:00
msaitoh
9ffb315967 Fix a bug that IFF_ALLMULTI is almost always set. 2020-01-06 15:19:00 +00:00
mlelstv
90e85cec6c Avoid race condition. Patch from bouyer@ 2020-01-04 22:30:06 +00:00
jmcneill
c47914cb8a Add a quirk for the HAILUCK USB keyboard / touchpad device with product 1e. 
The keyboard does not function properly unless the touchpad's intr endpoint
is active.
 2020-01-03 12:39:39 +00:00
jmcneill
7ee1f951f1 regen 2020-01-03 12:35:57 +00:00
jmcneill
f0cf68d29b Add HAILUCK keyboard (product 1e) 2020-01-03 12:35:33 +00:00
maxv
56fc3d1e80 Remove the call to KERNEL_UNLOCK_ONE(), it was forgotten when the biglock 
was dropped in rev1.63. Found via vHCI.
 2020-01-02 08:08:30 +00:00
maxv
e85888420e Fix buffer overflows: validate the lengths at attach time, given that they 
are apparently not supposed to be variable. Drop sc_ilen since it is
unused.
 2020-01-01 09:08:28 +00:00
maxv
64d3794063 Fix buffer overflows. Also add missing mutex_exit. 2020-01-01 09:05:03 +00:00
maxv
8fdfc138ab Fix buffer overflows. sc_{o,f}len are controlled by the USB device. By 
crafting the former the device can leak stack data. By crafting the latter
the device can overwrite the stack. The combination of the two means the
device can ROP the kernel and obtain code execution (demonstrated with an
actual exploit over vHCI).

Truncate the lengths to the size of the buffers, and also drop sc_ilen
since it is unused. Patch tested with vHCI+kASan.
 2020-01-01 09:03:00 +00:00
skrll
f9e25f1249 Remove a stray ' 2019-12-31 18:11:18 +00:00
skrll
112deea71c Acquire bus lock (if not polling) when changing xfer status, resetting 
the timeout and ringing the doorbell in the start methods.
 2019-12-29 09:17:51 +00:00
msaitoh
a0403cde04 s/transfered/transferred/ 2019-12-27 09:41:48 +00:00
msaitoh
65ac1eace8 URL_TCR_IFG0 is not bit 4 but bit3. From OpenBSD. 2019-12-27 08:53:30 +00:00
msaitoh
e1ca6a8735 s/recive/receive/ in comment. 2019-12-27 08:22:49 +00:00
thorpej
601e178380 Cleanup i2c bus acquire / release, centralizing all of the logic into 
iic_acquire_bus() / iic_release_bus().  "acquire" and "release" hooks
no longer need to be provided by back-end controller drivers (only if
they need special handling, e.g. powering on the i2c controller).
This results in the removal of a bunch of rendundant code from each
back-end controller driver.

Assert that we are not in hard interrupt context in iic_acquire_bus(),
iic_exec(), and iic_release_bus().
 2019-12-22 23:23:29 +00:00
gson
52f0ad4e7d Code that's #if'ed out still ought to compile. 2019-12-19 15:17:30 +00:00
christos
edc0c34588 Protect network ioctls from non-authorized users. (Ilja Van Sprundel) 2019-12-17 04:54:36 +00:00
tsutsui
1e72df6a03 Remove clause 3 and 4 leftovers from TNF licenses in more sources. 
Confirmed by martin@ in PR/54760.
 2019-12-15 16:48:25 +00:00
maya
3029dd4875 Don't assume mii is not null here. Some drivers like urndis don't use 
mii, so they always have mii == NULL.

ok riastradh. fixes PR kern/54762
 2019-12-14 15:40:43 +00:00
maxv
954f6141d7 Fix gross use-after-free. Found by a custom query on LGTM. 2019-12-13 14:10:32 +00:00
bouyer
79dd41fe30 reading usbdi.c it looks like usbd_get_config_descriptor() can actually 
return NULL, so check for this.
I got NULL pointer dereference here with a device showing:
[   303.732632] ugen0: autoconfiguration error: setting configuration index 0 failed
 2019-12-11 11:54:23 +00:00
maxv
8d129e6ebf localify 2019-12-06 07:12:38 +00:00
msaitoh
4f6b47a515 Remove SIOC[GS]IFMEDIA because ieee80211_ioctl() does the same thing. 2019-12-05 03:11:40 +00:00
riastradh
2a8e1ccd61 Fix inequality for refcnt drain: -1 here means all refs gone. 2019-12-03 05:01:58 +00:00
riastradh
ccd4e40866 Fix order of nulling un->un_pri->unp_ec.ec_mii. 
Can't null it until after if_detach prevents further use.

While here, fix conditionals in usbnet_tick_task to use the unp_dying
flag, not the nullness of mii (or of ifp, which never null because
it's an embedded member).
 2019-12-03 05:01:45 +00:00
mlelstv
b9aa28ee06 Don't deregister twice with pmf. 2019-12-01 21:02:09 +00:00
mlelstv
b9245c5465 Reset MCU ready status before resetting the MCU. 
Fixes PR kern/54728
 2019-12-01 21:01:19 +00:00
maxv
43e684e6ce minor adjustments, to avoid warnings on debug builds 2019-12-01 12:47:10 +00:00
maxv
97b908dcc6 localify 2019-12-01 08:23:09 +00:00
gson
3286e5198c Preserve the toggleCarry bit in the Endpoint Descriptor in 
ohci_abort_xfer().  Fixes the OHCI part of PR kern/50278.
 2019-11-29 14:15:41 +00:00
gson
1488c5045a Preserve the toggleCarry bit in the Endpoint Descriptor when handling 
a DataUnderrun condition.  Fixes PR kern/54070.
 2019-11-29 14:13:04 +00:00
maxv
28885f8e61 localify 2019-11-28 17:09:10 +00:00
gson
8b9242afb5 Change 0x%jx -> %#jx as suggested by christos. 2019-11-26 10:34:16 +00:00
gson
88b2e353f0 Convert debug printfs to usbhist. 2019-11-26 10:24:17 +00:00
maxv
0fd9b2db93 Not a bug strictly speaking, but compute the address only after the length 
checks, for clarity and to appease kUBSan.
 2019-11-17 11:28:48 +00:00
chs
d47bcd296c in many device attach paths, allocate memory with M_WAITOK instead of M_NOWAIT 
and remove code to handle failures that can no longer happen.
 2019-11-10 21:16:21 +00:00
mrg
3d9ffcffd7 add a note about ifnet lock vs usbnet locks. 2019-11-06 07:30:59 +00:00
isaki
3477e919b3 Use kmem_zalloc() instead of kmem_alloc() to initialize structure. 
struct audio_format added a member since isaki-audio2.
Fix PR kern/54662 "uaudio sometimes not recognized".
 2019-11-04 05:46:39 +00:00
maya
c52ff42a4c check if buf/bufsz are non-NULL before freeing. 
not all control messages that can be received result in buf being
initialized, we might get a spurious different control message

seen in practice when swapping modes a few times on a urndis device

urndis0: SAMSUNG ...
autoconfiguration error: urndis0: invalid address
panic: kernel diagnostic assertion "p != NULL" failed: file "/cvs/src/sys/kern/subr_kmem.c", line 263
cpu0: Begin traceback...
vpanic() at netbsd:vpanic+0x178
kern_assert() at netbsd:kern_assert+0x48
kmem_intr_free() at netbsd:kmem_intr_free+0xca
urndis_attach() at netbsd:urndis_attach+0x4c2
 2019-10-31 11:59:40 +00:00
maya
ac76aef9cb we want to check that the allocation is going to be zero, not whether 
some pointer is NULL (oops).

Should be the right version this time!
 2019-10-23 01:30:54 +00:00
maya
4ab0974ee9 Check if size is zero, too. 
PR kern/53734
 2019-10-23 01:03:36 +00:00
maya
0555c41502 Avoid kmem_alloc(0,..), which hits an assertion. 
PR kern/53734: Prevent kernel panic during Wide Vision FHD Camera detection
 2019-10-23 00:52:39 +00:00
bad
580b92a46f allocate a random mac address if on-chip mac is all zeroes. 
helps ure(4) on NanoPi R1.

partly from ganbold@freebsd r346052.

XXX pullup-9
 2019-10-16 13:11:16 +00:00
bad
8197ba699a read mac address of ure version 4c10 from URE_PLA_IDR, save as 4c00. 
from ganbold@freebsd r346052.

XXX pullup-9
 2019-10-16 13:02:51 +00:00
bad
6e08bf3e28 use ether_snprintf instead of open coding it. 2019-10-10 23:30:02 +00:00
mlelstv
d164e220a0 Merge more changes from FreeBSD/OpenBSD. My two run(4) devices now work 
again.
 2019-10-08 07:30:58 +00:00
skrll
dd2790e42c Avoid a warning 2019-10-07 09:37:16 +00:00
martin
6bac96dfb5 Regen 2019-10-06 17:23:05 +00:00
martin
d0ba02edad Add a few TP-Link "Archer" wlan devices 2019-10-06 17:22:29 +00:00