src

Clone Tools
  • last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Callouts may be bound to a specific CPU, in which case that CPU is responsible for raising the timer interrupt which schedules execution of the callout.

A kernel thread may attempt to stop a callout while it is actively executing,

in which case the thread goes to sleep until execution has completed. In the

meantime the callout may be re-scheduled and re-executed on a different CPU.

In this scenario, when the sleeping thread finally completes removal of the

callout from some internal data structures, it may modify the wrong CPU's

data structures and thus leave them in an invalid state.

Obtained from: FreeBSD

Two bugs exist in rtsold(8)'s RDNSS and DNSSL option handling. First, rtsold(8) failed to perform sufficient bounds checking on the extent of the option. In particular, it does not verify that the option does not extend past the end of the received packet before processing its contents. The kernel currently ignores such malformed packets but still passes them to userspace programs.

Second, when processing a DNSSL option, rtsold(8) decodes domain name labels

per an encoding specified in RFC 1035 in which the first octet of each label

contains the label's length. rtsold(8) did not validate label lengths

correctly and could overflow the destination buffer.

Obtained from: FreeBSD

When an ICMPv6 error message is received, the BSD ICMPv6 stack may extract information from the message to hand to upper-layer protocols. As a part of this operation, it may parse IPv6 header options from a packet embedded in the ICMPv6 message.

The handler for a routing option caches a pointer into the packet buffer

holding the ICMPv6 message. However, when processing subsequent options the

packet buffer may be freed, rendering the cached pointer invalid. The

network stack may later dereference the pointer, potentially triggering a

use-after-free.

Obtained from: FreeBSD

When an ICMPv6 error message is received, the BSD ICMPv6 stack may extract information from the message to hand to upper-layer protocols. As a part of this operation, it may parse IPv6 header options from a packet embedded in the ICMPv6 message.

The handler for a routing option caches a pointer into the packet buffer

holding the ICMPv6 message. However, when processing subsequent options the

packet buffer may be freed, rendering the cached pointer invalid. The

network stack may later dereference the pointer, potentially triggering a

use-after-free.

Obtained from: FreeBSD

initialize vars in ipfw

initialize vars in ipfw

tzdata 2020d

  1. … 4 more files in changeset.
tzdata 2020d

  1. … 4 more files in changeset.
fix msg

fix msg

unbreak matching with big table type flow on ipfw

Fix O_IP_FLOW_LOOKUP opcode handling.

Do not check table value matching when table lookup failed.

fix return type

Introduce lib/libgcc_eh and lib/libgcc_s for LLVM's implementation

Move llvm-objdump from CLANG_EXTRAS to installed by default

Add a callout_func_t typedef for functions used with callout_*().

psm(4): Fix wrong key-release event occuring after trackpoint use.

revert

revert

pf: Improve input validation

Add support for hypervisor check on x86

loader: --gc-sections needs sections to work with

Fully reset terminal settings

Make menu customizations easier by naming the entries

The color change should have reset sequence, not switch to white.

Loader optimizations

Obtained from: FreeBSD

mlinks

Merge branch 'master' of ssh://github.com/midnightbsd/src into master

cleanup

This fixes the amount of memory displayed in the UiApp to be the same as passed on the bhyve command line. Otherwise, 8GB gets displayed as 4, 32GB as 28 etc.

Obtained from bcran, freebsd https://reviews.freebsd.org/D27348