MFC r344063:
Sync libarchive with vendor.
Relevant vendor changes:
PR #1085: Fix a null pointer dereference bug in zip writer
PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2
decopmpression
PR #1116: Add support for 64-bit ar format
PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2]
PR #1125: RAR5 reader - fix an invalid read and a memory leak
PR #1131: POSIX reader - do not fail when tree_current_lstat() fails
due to ENOENT [3]
PR #1134: Delete unnecessary null pointer checks before calls of free()
OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy.
OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader
MFC r344088:
archive_read_disk_posix.c: initialize delayed_errno
PR: 233006 [3]
Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2]
CID 1332000: Logically dead code in sys/dev/pms/RefTisa/tisa/sassata/sas/ini/itdio.c
A pointer is first tested for NULL. If non-NULL, another pointer is
set equal to the first. The second pointer is then checked for NULL
and an error path taken if so. This second test and the associated
path is dead code as the pointer value, having just been checked for
NULL, cannot be NULL at this point. Remove the dead code.
Sponsored by: Dell EMC Isilon
CID 1009492: Logically dead code in sys/cam/scsi/scsi_xpt.c
In `probedone()`, for the `PROBE_REPORT_LUNS` case, all paths that
fall to the bottom of the case set `lp` to `NULL`, so the test for a
non-NULL value of `lp` and call to `free()` if true is dead code as
the test can never be true. Fix by eliminating the whole if
statement. To guard against a possible future change that accidentally
violates this assumption, use a `KASSERT()` to catch if `lp` is
non-NULL.
Sponsored by: Dell EMC Isilon
newkey(8): fix 'tmpname' memory leak (always) and input file descriptor leak
when output file cannot be opened
PR: 201732
Reported by: David Binderman <dcb314@hotmail.com>
Improve Bluetooth device discovery support for Android and Microsoft devices.
Tested using the virtual_bt_speaker(8) tool from the virtual_oss(8)
project at github.com.
PR: 210089
Sponsored by: Mellanox Technologies
Do not obtain an already held read lock. This causes a witness panic when
ipfs is invoked. This is the second of two panics resolving PR 235110.
PR: 235110
Reported by: David.Boyd49@twc.com
recoverdisk(1): fclose() file supplied via '-r readlist' parameter when
it's no longer needed
PR: 204952
Reported by: David Binderman <dcb314@hotmail.com>
ifconfig(8): display management / multicast wlan(4) rates properly
For 11n / 11ac we are still using non-11n rates for management and
multicast traffic by default; check 'MCS rate' bit to determine how
to print them correctly.
PR: 161035
Add support for Audio Sink and Audio Source profiles to sdpd(8).
This allows user-space programs like virtual_oss(8) to act
as a Bluetooth speaker device.
Sponsored by: Mellanox Technologies
Fix compilation with 'option NDISAPI + device ndis' and
without 'device pccard' in the kernel config file.
PR: 171532
Reported by: Robert Bonomi <bonomi@host128.r-bonomi.com>
net80211(4): fix rate check when 'roaming' ifconfig(8) option is set to 'auto'
Do not try to clear 'basic rate' bit from roamRate; it cannot be here and,
actually, this operation clears 'MCS rate' bit instead, breaking comparison
for 11n / 11ac modes.
geom_uzip(4): move NULL pointer KASSERT check before it is dereferenced
PR: 203499
Submitted by: <chadf@triularity.org>
MFC r343475:
geom_uzip(4): set 'gp != NULL' assertion on top of the function
There was yet another access to this variable in g_trace() few
lines upper.
PR: 203499
Reported by: cem
o Don't allocate resources for SDMA in sdhci(4) if the controller or the
front-end doesn't support SDMA or the latter implements a platform-
specific transfer method instead. While at it, factor out allocation
and freeing of SDMA resources to sdhci_dma_{alloc,free}() in order to
keep the code more readable when adding support for ADMA variants.
o Base the size of the SDMA bounce buffer on MAXPHYS up to the maximum
of 512 KiB instead of using a fixed 4-KiB-buffer. With the default
MAXPHYS of 128 KiB and depending on the controller and medium, this
reduces the number of SDHCI interrupts by a factor of ~16 to ~32 on
sequential reads while an increase of throughput of up to ~84 % was
seen.
Front-ends for broken controllers that only support an SDMA buffer
boundary of a specific size may set SDHCI_QUIRK_BROKEN_SDMA_BOUNDARY
and supply a size via struct sdhci_slot. According to Linux, only -
unsupported in stable/10 anyway - Qualcomm MSM-type SDHCI controllers
are affected by this, though.
Requested by: Shreyank Amartya (unconditional bump to 512 KiB)
o Introduce a SDHCI_DEPEND macro for specifying the dependency of the
front-end modules on the sdhci(4) one and bump the module version
of sdhci(4) to 2 via an also newly introduced SDHCI_VERSION in order
to ensure that all components are in sync WRT struct sdhci_slot.
o In sdhci(4):
- Make pointers const were applicable, and
- replace a few device_printf(9) calls with slot_printf() for
consistency.
net80211: drop m_pullup call from ieee80211_crypto_decap.
For most wireless drivers Rx mbuf is allocated as one
contiguous chunk; only few are using chains for allocations -
but even then at least MCLBYTES (minus Rx descriptor size) is
available in the first mbuf.
In addition to the above, m_pullup was never called here - otherwise,
reallocation will break post-crypto_decap logic (ieee80211_decap,
ieee80211_deliver_data...), so just remove it; length check is left
in case if some truncated frame appears here.
PR: 234241
Add notes to each of these that specifically state that results are
undefined if the strings overlap. In the case of memcpy, we document
the overlapping behavior on FreeBSD (pre-existing). For str*, it is
left unspecified, however, since the default (and x86) implementations
do not handle overlapping strings properly.
PR: 223653
Approved by: phk (mentor)
Fix loopback traffic when using non-lo0 link local IPv6 addresses.
The loopback interface can only receive packets with a single scope ID,
namely the scope ID of the loopback interface itself. To mitigate this
packets which use the scope ID are appearing as received by the real
network interface, see "origifp" in the patch. The current code would
drop packets which are designated for loopback which use a link-local
scope ID in the destination address or source address, because they
won't match the lo0's scope ID. To fix this restore the network
interface pointer from the scope ID in the destination address for
the problematic cases. See comments added in patch for a more detailed
description.
This issue was introduced with route caching by karels@ .
Reviewed by: bz (network)
Differential Revision: https://reviews.freebsd.org/D18769
Sponsored by: Mellanox Technologies
Reduce timeout for reading the USB HUB port status to 1000ms and try to filter
out dead USB HUB devices by implementing an error counter, so that the USB
enumeration thread does not spend all its time reading from non-responding
devices, blocking user-space access in the end.
Tested by: Matthias Apitz <guru@unixarea.de>
Sponsored by: Mellanox Technologies
Improve USB generic debug messages. Print process ID and name when opening
and closing usb/ugenX.Y character device nodes.
Sponsored by: Mellanox Technologies
net80211: fix possible panic for some drivers after r342465
Check if rate control structures were allocated before trying to
access them in various places; this was possible before on
allocation failure (unlikely), but was revealed after r342211
where allocation was deferred.
The patch was adjusted a bit since file contents are different enough
since r306591.
Also, 'rate_stats' sysctl is not available here, so the panic is
unlikely to happen here even without this patch.
powerd(8): allow to force a method of battery state query
This change allows to determine power source via sysctl or /dev/apm
when devd(8) is running (used by default).
Based on patch from PR; other changes on top of it:
- '-f' (force) -> '-s' (source) parameter renaming;
- allow 'apm' -> 'devd' transition when '-s devd' is set
(if APM is enabled);
- man page update.
PR: 125707
Submitted by: Konstantin Stepanov <milezv@yandex.ru>
Reviewed by: bcr, imp
Differential Revision: https://reviews.freebsd.org/D18742
TCP_PAWS_IDLE is does not exist in NetBSD and illumos. In FreeBSD
TCP_PAWS_IDLE is defined in netinet/tcp_seq.h, however this header
isn't included explicitly or implicitly at this point therefore
as far ipfilter is concerned TCP_PAWS_IDLE is not defined. Remove
the #ifdef and include netinet/tcp.h unconditionally.
- Or in the DMA coalescing Rx threshold so the other bits set in E1000_DMACR
remain intact as intended in igb_init_dmac(). [1]
- Fix igb corrupting checksums with BPF and VLAN
In stable/11, this merely syncs the code with head as the problem was
introduced with r311849 in the latter and then fixed by r339207 with
a different approach than the code used pre-r311849 and in stable/11.
- Use mbuf defines to construct csum offload masks rather than literals
MF11: r340148
Don't use 9k jumbo clusters
Reported by: Coverity
CID: 1304929 [1]
