a5ac8272 mjg Nov. 22, 2018, 9:29 p.m.
We don't have to access the process after making it runnable, so there
is no need to hold it either.

Sponsored by:	The FreeBSD Foundation
cgit ViewVC
b00b27e9 mjg Nov. 22, 2018, 9:08 p.m.
The pointer to the child is stored without any reference held. Then it is
blindly used to wait until P_PPWAIT is cleared. However, if the child is
autoreaped it could have exited and get freed before the parent started
waiting.

Use the existing hold mechanism to mitigate the problem. Most common case
of doing exec remains unchanged. The corner case of doing exit performs
wake up before waiting for holds to clear.

Reviewed by:	kib
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D18295
cgit ViewVC
79db6fe7 markj Nov. 22, 2018, 8:49 p.m.
Various network protocol sysctl handlers were not zero-filling their
output buffers and thus would export uninitialized stack memory to
userland.  Fix a number of such handlers.

Reported by:	Thomas Barabosch, Fraunhofer FKIE
Reviewed by:	tuexen
MFC after:	3 days
Security:	kernel memory disclosure
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D18301
cgit ViewVC
ad2be389 tuexen Nov. 22, 2018, 8:05 p.m.
segment in the SYN-SENT state as stated in Section 3.9 of RFC 793,
page 66. Ensure this is also done by the TCP RACK stack.

Reviewed by:		rrs@
MFC after:		1 week
Sponsored by:		Netflix, Inc.
Differential Revision:	https://reviews.freebsd.org/D18034
cgit ViewVC
fef56019 tuexen Nov. 22, 2018, 8:02 p.m.
net.inet.tcp.drop_synfin sysctl-variable.

Reviewed by:		rrs@
MFC after:		1 week
Sponsored by:		Netflix, Inc.
Differential Revision:	https://reviews.freebsd.org/D18033
cgit ViewVC
7e729f07 tuexen Nov. 22, 2018, 7:56 p.m.
the TCP connection was initiated using the RACK stack, but the
peer does not support the TCP RACK extension.

This ensures that the TCP behaviour on the wire is the same if
the TCP connection is initated using the RACK stack or the default
stack.

Reviewed by:		rrs@
MFC after:		1 week
Sponsored by:		Netflix, Inc.
Differential Revision:	https://reviews.freebsd.org/D18032
cgit ViewVC
79410718 tuexen Nov. 22, 2018, 7:49 p.m.
zero. This was already done when sending them via tcp_respond().

Reviewed by:		rrs@
MFC after:		1 week
Sponsored by:		Netflix, Inc.
Differential Revision:	https://reviews.freebsd.org/D17949
cgit ViewVC
2910a161 markj Nov. 22, 2018, 5:51 p.m.
Mirror the fix for the native i386 implementation from r218327.  This
code is compiled only when the non-default COMPAT_43 option is
configured.

Reported by:	Ilja Van Sprundel <ivansprundel@ioactive.com>
Reviewed by:	kib
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D18298
cgit ViewVC
dc9874ea emaste Nov. 22, 2018, 4:55 p.m.
C Turt reports that the driver is not thread safe and may have
exploitable races.

Note that the proto device is intended for prototyping and development,
and is not for use on production systems.  From the man page:

SECURITY CONSIDERATIONS
     Because programs have direct access to the hardware, the proto
     driver is inherently insecure.  It is not advisable to use this
     driver on a production machine.

The proto device is not included in any of FreeBSD's kernel config files
(although the module is built).

The issues in the proto device still need to be fixed, and the device is
inherently (and intentionally) insecure, but it might as well be limited
to root only.

admbugs:	782
Reported by:	C Turt <ecturt@gmail.com>
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
cgit ViewVC
d343a7f4 arybchik Nov. 22, 2018, 4:15 p.m.
Queues with 4096 descriptors are not supported as the top bit is used for vfifo
stuffing.

Submitted by:   Mark Spender <mspender at solarflare.com>
Reviewed by:    gnn
Sponsored by:   Solarflare Communications, Inc.
MFC after:      2 days
Differential Revision:  https://reviews.freebsd.org/D8948
cgit ViewVC
8e0c4827 arybchik Nov. 22, 2018, 2:31 p.m.
Submitted by:   Artem V. Andreev <Artem.Andreev@oktetlabs.ru>
Sponsored by:   Solarflare Communications, Inc.
Differential Revision:  https://reviews.freebsd.org/D18022
cgit ViewVC
621cf621 arybchik Nov. 22, 2018, 2:10 p.m.
Due to incorrect merge the piece of code was put in incorrect
place and diverge from libefx in other locations.

Sponsored by:   Solarflare Communications, Inc.
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D18024
cgit ViewVC
d19c1c8e cy Nov. 22, 2018, 4:48 a.m.
(or other special cases) and when ipfilter is disabled in rc.conf but
started by other means.

MFC after:	1 week
cgit ViewVC
248b5d08 mjg Nov. 21, 2018, 10:37 p.m.
Discussed with:	oshogbo
Sponsored by:	The FreeBSD Foundation
cgit ViewVC
f218ac50 mjg Nov. 21, 2018, 10:25 p.m.
The code was incrementing a global variable in an unsafe manner.
Two different threads stating two different sockets could have resulted
in the same inode numbers assigned to both.

Creation is protected with a global lock, move the assigment there.
Since inode numbers are 64-bit now drop the check for overflows.

Sponsored by:	The FreeBSD Foundation
cgit ViewVC