FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=release%2F12.3.0 2018-01-02T18:31:32Z 2018-01-02T18:31:32Z Ed Maste emaste@FreeBSD.org 2018-01-02T18:31:32Z urn:sha1:5d8501f487e973d6ab6a368360c9dcb101fd08e9 The hpt{nr,rr} ioctl handler allocates a buffer without M_ZERO and calls hpt_do_ioctl(), which might not overwrite the entire buffer. Also zero bytesReturned in case it is not written by hpt_do_ioctl(). The hpt27{nr,rr} device has permissions only for root so this is not urgent, and the fix can be MFCd and considered for a future EN. The same issue was reported in the hpt27xx driver by Ilja Van Sprundel. Reviewed by: jhb, kib MFC after: 3 days Sponsored by: The FreeBSD Foundation 2017-11-27T14:52:40Z Pedro F. Giffuni pfg@FreeBSD.org 2017-11-27T14:52:40Z urn:sha1:718cf2ccb9956613756ab15d7a0e28f2c8e91cab Mainly focus on files that use BSD 2-Clause license, however the tool I was using misidentified many licenses so this was mostly a manual - error prone - task. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. 2017-02-10T15:18:41Z Pedro F. Giffuni pfg@FreeBSD.org 2017-02-10T15:18:41Z urn:sha1:a0dedc30343e57b09ec6bf5fd38657a1e939c064 The hpt27xx(4), hptnr(4), and hptrr(4) drivers declare MIN() and MAX() internally which match the macros from sys/param.h. MIN() is not used, MAX is only used once and can be replaced with the max() version in libkern.h which operates on u_ints. MFC after: 2 weeks 2017-01-04T20:26:42Z Alan Somers asomers@FreeBSD.org 2017-01-04T20:26:42Z urn:sha1:4195c7de2471d6212744bcbf128d659e94801d17 The sim_vid, hba_vid, and dev_name fields of struct ccb_pathinq are fixed-length strings. AFAICT the only place they're read is in sbin/camcontrol/camcontrol.c, which assumes they'll be null-terminated. However, the kernel doesn't null-terminate them. A bunch of copy-pasted code uses strncpy to write them, and doesn't guarantee null-termination. For at least 4 drivers (mpr, mps, ciss, and hyperv), the hba_vid field actually overflows. You can see the result by doing "camcontrol negotiate da0 -v". This change null-terminates those fields everywhere they're set in the kernel. It also shortens a few strings to ensure they'll fit within the 16-character field. PR: 215474 Reported by: Coverity CID: 1009997 1010000 1010001 1010002 1010003 1010004 1010005 CID: 1331519 1010006 1215097 1010007 1288967 1010008 1306000 CID: 1211924 1010009 1010010 1010011 1010012 1010013 1010014 CID: 1147190 1010017 1010016 1010018 1216435 1010020 1010021 CID: 1010022 1009666 1018185 1010023 1010025 1010026 1010027 CID: 1010028 1010029 1010030 1010031 1010033 1018186 1018187 CID: 1010035 1010036 1010042 1010041 1010040 1010039 Reviewed by: imp, sephe, slm MFC after: 4 weeks Sponsored by: Spectra Logic Corp Differential Revision: https://reviews.freebsd.org/D9037 Differential Revision: https://reviews.freebsd.org/D9038 2016-05-03T03:41:25Z Pedro F. Giffuni pfg@FreeBSD.org 2016-05-03T03:41:25Z urn:sha1:453130d9bfc1c6d68b366dfcb041689d69f81295 Most affect comments, very few have user-visible effects. 2016-02-27T03:34:01Z Justin Hibbits jhibbits@FreeBSD.org 2016-02-27T03:34:01Z urn:sha1:eff83876b694c469eb9385a3bc106c8f66c72e75 Most of these are BARs, and we allocate them in their entirety. The one outlier in this is amdsbwd, which calls bus_set_resource() prior. Reviewed by: jhb Differential Revision: https://reviews.freebsd.org/D5370 (partial) 2016-02-19T03:37:56Z Justin Hibbits jhibbits@FreeBSD.org 2016-02-19T03:37:56Z urn:sha1:43cd61606b6bfae52bb09856277751103bfa28fd Since these calls only use default arguments, bus_alloc_resource_any() is the right call. Differential Revision: https://reviews.freebsd.org/D5306 2014-11-21T21:01:24Z Steven Hartland smh@FreeBSD.org 2014-11-21T21:01:24Z urn:sha1:85c9dd9d895261632d58cf98da6608b93dd5d7f8 Previously, any timeout value for which (timeout * hz) will overflow the signed integer, will give weird results, since callout(9) routines will convert negative values of ticks to '1'. For unsigned integer overflow we will get sufficiently smaller timeout values than expected. Switch from callout_reset, which requires conversion to int based ticks to callout_reset_sbt to avoid this. Also correct isci to correctly resolve ccb timeout. This was based on the original work done by Eygene Ryabinkin <rea@freebsd.org> back in 5 Aug 2011 which used a macro to help avoid the overlow. Differential Revision: https://reviews.freebsd.org/D1157 Reviewed by: mav, davide MFC after: 1 month Sponsored by: Multiplay 2014-08-05T23:47:26Z John Baldwin jhb@FreeBSD.org 2014-08-05T23:47:26Z urn:sha1:04584935bc98dced6fb5c7785082ca6a94f4c8a8 - Use the existing vbus locks instead of Giant for the CAM sim lock. - Use callout(9) instead of timeout(9). - Mark the interrupt handler MPSAFE. - Don't attempt to pass data in the softc from probe() to attach(). - Remove compat shims for FreeBSD versions older than 8.0. Reviewed by: Steve Chang <ychang@highpoint-tech.com> 2014-06-11T18:24:51Z Xin LI delphij@FreeBSD.org 2014-06-11T18:24:51Z urn:sha1:7634a04b303e1cae94847f2eee892e0a07b6c978 - Don't call xpt_free_path() in os_query_remove_device() and always return TRUE. - Update os_buildsgl() to support build logical SG table which will be used by lower RAID module. - Return CAM_SEL_TIMEOUTstatus for SCSIcommand failed as target missing. Many thanks to HighPoint for providing this driver update. Submitted by: Steve Chang Reviewed by: mav MFC after: 3 days