FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=releng%2F7.3 2011-09-28T08:47:17Z 2011-09-28T08:47:17Z Bjoern A. Zeeb bz@FreeBSD.org 2011-09-28T08:47:17Z urn:sha1:e7bf24ad0eb1f7725507c8d2ecf856ca1f4e0239 Add missing length checks on unix socket addresses. [11:05] Approved by: so (cperciva) Approved by: re (kensmith) Security: FreeBSD-SA-11:04.compress Security: CVE-2011-2895 [11:04] Security: FreeBSD-SA-11:05.unix 2010-07-13T02:45:17Z Colin Percival cperciva@FreeBSD.org 2010-07-13T02:45:17Z urn:sha1:3e4fe68b17667d142097294cc1f00416a4e5ad2e to an mbuf external buffer. Approved by: so (cperciva) Approved by: re (kensmith) Security: FreeBSD-SA-10:07.mbuf 2010-02-17T10:21:00Z Konstantin Belousov kib@FreeBSD.org 2010-02-17T10:21:00Z urn:sha1:9814250d3008861ee17c445823c09ed3eed8778a Do not leak process lock when current thread is not allowed to see target. Approved by: re (bz) 2010-02-09T14:56:10Z Attilio Rao attilio@FreeBSD.org 2010-02-09T14:56:10Z urn:sha1:2b0ebd550afb38a37b5eb77ab4067e071bd965ff - Fix a race in sched_switch() of sched_4bsd. Block the td_lock when acquiring explicitly sched_lock in order to prevent races with other td_lock contenders. - Merge the ULE's internal function thread_block_switch() into the global thread_lock_block() and make the former semantic as the default for thread_lock_block(). - Split out an invariant in order to have better checks. Tested by: Giovanni Trematerra <giovanni dot trematerra at gmail dot com> Approved by: re (kib) 2010-02-09T01:19:10Z David Xu davidxu@FreeBSD.org 2010-02-09T01:19:10Z urn:sha1:eb3f7c0c720e63fa2490e08d907365908d971dd5 After busied the lock, re-read state word before checking waiters flag, otherwise, the waiters bit may not be set and a wakeup is lost. Approved by: re (kib) 2010-01-25T23:48:47Z Colin Percival cperciva@FreeBSD.org 2010-01-25T23:48:47Z urn:sha1:04368fba20168cca086a263d64d6b399a41a13a2 to HEAD in r185029; but this is an "inspired by" commit rather than a literal merge, since this region of code in HEAD has other non-MFCable changes. The namei lookups this unbreaks are required for ZFS extended attributes; prior to this commit, an attempt to look up (list, read, write, delete) extended attributes would be handled as an attempt to look up a file in the current directory if an extended attribute directory existed ("at vp" was mishandled as "right here"). Reviewed by: jhb Approved by: re (kib) Found by: Henrik Wiest & libarchive 2010-01-24T14:05:56Z Bjoern A. Zeeb bz@FreeBSD.org 2010-01-24T14:05:56Z urn:sha1:dd997f0430d5e15eeb8ce7e1eb9f420e16f5825e Add security.jail.ip4_saddrsel/ip6_nosaddrsel sysctls to control whether to use source address selection (default) or the primary jail address for unbound outgoing connections. This is intended to be used by people upgrading from single-IP jails to multi-IP jails but not having to change firewall rules, application ACLs, ... but to force their connections (unless otherwise changed) to the primry jail IP they had been used for years, as well as for people prefering to implement similar policies. Note that for IPv6, if configured incorrectly, this might lead to scope violations, which single-IPv6 jails could as well, as by the design of jails. [1] Note that in contrast to FreeBSD 8.x and newer, where we have per-jail options, the sysctls are global for all jails. Reviewed by: jamie, hrs (ipv6 part) [for HEAD] Pointed out by: hrs [1] Tested by: Jase Thew (bazerka beardz.net) (IPv4) Approved by: re (kib) 2010-01-23T22:37:34Z Konstantin Belousov kib@FreeBSD.org 2010-01-23T22:37:34Z urn:sha1:6c004380497892cf9efb62210c79254f1bf5931c Reported by: Michael Butler <imb protected-networks net> Approved by: re (bz) 2010-01-23T19:01:25Z Konstantin Belousov kib@FreeBSD.org 2010-01-23T19:01:25Z urn:sha1:bcd9c86bcc780b72459ff7c6dcf2a71bfb41dbfe The quotactl, statfs and fstatfs syscall implementations may dereference NULL pointer to struct mount if the looked up vnode is reclaimed. Also, these syscalls only mnt_ref() the mp, still allowing it to be unmounted; only struct mount memory is kept from being reused. Lock the vnode when doing name lookup, then reference its mount point, unlock the vnode and vfs_busy the mountpoint. This sequence shall take care of both races. MFC r188141 (by trasz): In some situations, mnt_lockref could go negative due to vfs_unbusy() being called without calling vfs_busy() first. This made umount(8) hang waiting for mnt_lockref to become zero, which would never happen. MFC r196887: In fhopen, vfs_ref() the mount point while vnode is unlocked, to prevent vn_start_write(NULL, &mp) from operating on potentially freed or reused struct mount *. Remove unmatched vfs_rel() in cleanup. Approved by: re (bz) 2010-01-22T17:08:05Z Christian Brueffer brueffer@FreeBSD.org 2010-01-22T17:08:05Z urn:sha1:a172f16fe6c4bd3d87be98065d641ccc86dbef7e Free allocated sbufs before returning ENOMEM.