LP64 machines with "MSIZE == 256", sparc64 for example.
wg_send_handshake_msg_init() tries to put 148 bytes into a buffer
of 144 bytes and overwrites 4 bytes following the mbuf. Check
for "sizeof() > MHLEN" and use a cluster in this case.
With help from Taylor R Campbell <riastradh@>
It looks like We tripped on the new assertion in entropy_account_cpu
when there was pending entropy on cpu0 running lwp0 when xc_broadcast
ran -- since xc_broadcast calls the function directly rather than
calling it through softint_schedule, it's not called via the softint
lwp which would satisfy the assertion.
5c44459c3b
This bug was reported by Danilo Ramos of Eideticom, Inc. It has
lain in wait 13 years before being found! The bug was introduced
in zlib 1.2.2.2, with the addition of the Z_FIXED option. That
option forces the use of fixed Huffman codes. For rare inputs with
a large number of distant matches, the pending buffer into which
the compressed data is written can overwrite the distance symbol
table which it overlays. That results in corrupted output due to
invalid distances, and can result in out-of-bound accesses,
crashing the application.
The fix here combines the distance buffer and literal/length
buffers into a single symbol buffer. Now three bytes of pending
buffer space are opened up for each literal or length/distance
pair consumed, instead of the previous two bytes. This assures
that the pending buffer cannot overwrite the symbol table, since
the maximum fixed code compressed length/distance is 31 bits, and
since there are four bytes of pending space for every three bytes
of symbol space.
Samples added to the entropy pool in hard interrupt context are only
buffered, never processed directly, and if they fill the buffer, the
sample is dropped -- this serves to encourage taking timing samples
in hard interrupt context because it's cheap, and we have no idea how
many samples we really need for full entropy so it's safer to err on
the side of `as many as we can get'.
But for viornd(4), we assume the host has full entropy so we only
need a single 32-byte sample, and we want to avoid dropping it so we
get full entropy ASAP. Entering the sample in a soft interrupt
rather than hard interrupt achieves this.
More fallout from the IPL_VM->IPL_SOFTSERIAL change.
In entropy_enter, there is a window when the lwp can be migrated to
another CPU:
ec = entropy_cpu_get();
...
pending = ec->ec_pending + ...;
...
entropy_cpu_put();
/* lwp migration possible here */
if (pending)
entropy_account_cpu(ec);
If this happens, we may trip over any of several problems in
entropy_account_cpu because it assumes ec is the current CPU's state
in order to decide whether we have anything to contribute from the
local pool to the global pool.
No need to do this in entropy_softintr because softints are bound to
the CPU anyway.
Changes to code
Fix bug when mktime gets confused by truncated TZif files with
unspecified local time. (Problem reported by Almaz Mingaleev.)
Fix bug when 32-bit time_t code reads malformed 64-bit TZif data.
(Problem reported by Christos Zoulas.)
When reading a version 2 or later TZif file, the TZif reader now
validates the version 1 header and data block only enough to skip
over them, as recommended by RFC 8536 section 4. Also, the TZif
reader no longer mistakenly attempts to parse a version 1 TZIf
file header as a TZ string.
zdump -v now outputs "(localtime failed)" and "(gmtime failed)"
when local time and UT cannot be determined for a timestamp.
Previously, we sampled the time of each _failed_ config_search. I'm
not sure why -- there was no explanation in the comment or the commit
message introducing this in rev. 1.230.2.1 on tls-earlyentropy.
With this change, we sample the time of _every_ search including the
successful ones -- and also measure the time to attach which often
includes things like probing device registers, triggering device
reset and waiting for it to post, &c.
The HD audio specification does not cover PCI config space, and this
driver was unconditionally writing to a vendor specific register. Reduce
scope of config space accesses based on PCI IDs.
With this cleaned up, add support for Intel PCH devices which require
some additional vendor specific configuration to bypass no snoop mode.
- For the main warning message, use less jargon, say `security', and
cite the entropy(7) man page for further reading. Document this in
rnd(4) and entropy(7).
- For the debug-only warning message, say `entropy' only once and omit
it from the rnd(4) man page -- it's not very important unless you're
debugging the kernel in which case you probably know what you're
doing enough to not need the text explained in the man page.
uwe