OpenGrok
| Home | Sort by: relevance | last modified time | path |
Searched hist:1.482 (Results 1 -
25 of 85) sorted by relevancy
Completed in 262 milliseconds
| /src/sys/arch/x86/pci/ | |
| amdsmn.h | 1.1.2.2 Mon Feb 05 13:06:55 UTC 2018 martin Pull up following revision(s) (requested by pgoyette in ticket #524): distrib/sets/lists/man/mi 1.1574 distrib/sets/lists/modules/md.amd64 1.73 distrib/sets/lists/modules/md.i386 1.76 share/man/man4/amdtemp.4 1.11 share/man/man4/man4.x86/Makefile 1.17 share/man/man4/man4.x86/amdsmn.4 1.1-1.3 share/man/man4/man4.x86/amdzentemp.4 1.1-1.6 sys/arch/amd64/conf/ALL 1.79,1.80 sys/arch/amd64/conf/GENERIC 1.482,1.484 sys/arch/amd64/conf/XEN3_DOM0 1.146,1.147 sys/arch/x86/pci/amdsmn.c 1.1-1.2 sys/arch/x86/pci/amdsmn.h 1.1 sys/arch/x86/pci/amdzentemp.c 1.1-1.7 sys/arch/x86/pci/files.pci 1.22,1.23 sys/modules/amdzentemp/amdzentemp.ioconf 1.2 Add amdzentemp from FreeBSD via Ian Clark. man pages for amdsmn and amdzentemp. Some clean-up on the HISTORY and AUTHORS sections, and addition of a BUGS section to document the fact that we don't yet handle the required temp offset, nor do we expose the available thermal-trip value. Add missing article 'a' KNF: Put back the blank line following the empty variable declarations Put back the variable declaration, too, and mark it __diagused Otherwise a DIAGNOSTIC kernel will complain about the variable being undeclared. Correct placement of __diagused attribute. Modularize the amdsmn(4) driver, and update dependency for amdzentemp(4), Create amdsmn(4) amd amdzentemp(4) modules for X86. |
| amdsmn.c | 1.3.2.2 Mon Feb 05 13:06:55 UTC 2018 martin Pull up following revision(s) (requested by pgoyette in ticket #524): distrib/sets/lists/man/mi 1.1574 distrib/sets/lists/modules/md.amd64 1.73 distrib/sets/lists/modules/md.i386 1.76 share/man/man4/amdtemp.4 1.11 share/man/man4/man4.x86/Makefile 1.17 share/man/man4/man4.x86/amdsmn.4 1.1-1.3 share/man/man4/man4.x86/amdzentemp.4 1.1-1.6 sys/arch/amd64/conf/ALL 1.79,1.80 sys/arch/amd64/conf/GENERIC 1.482,1.484 sys/arch/amd64/conf/XEN3_DOM0 1.146,1.147 sys/arch/x86/pci/amdsmn.c 1.1-1.2 sys/arch/x86/pci/amdsmn.h 1.1 sys/arch/x86/pci/amdzentemp.c 1.1-1.7 sys/arch/x86/pci/files.pci 1.22,1.23 sys/modules/amdzentemp/amdzentemp.ioconf 1.2 Add amdzentemp from FreeBSD via Ian Clark. man pages for amdsmn and amdzentemp. Some clean-up on the HISTORY and AUTHORS sections, and addition of a BUGS section to document the fact that we don't yet handle the required temp offset, nor do we expose the available thermal-trip value. Add missing article 'a' KNF: Put back the blank line following the empty variable declarations Put back the variable declaration, too, and mark it __diagused Otherwise a DIAGNOSTIC kernel will complain about the variable being undeclared. Correct placement of __diagused attribute. Modularize the amdsmn(4) driver, and update dependency for amdzentemp(4), Create amdsmn(4) amd amdzentemp(4) modules for X86. |
| amdzentemp.c | 1.7.2.2 Mon Feb 05 13:06:55 UTC 2018 martin Pull up following revision(s) (requested by pgoyette in ticket #524): distrib/sets/lists/man/mi 1.1574 distrib/sets/lists/modules/md.amd64 1.73 distrib/sets/lists/modules/md.i386 1.76 share/man/man4/amdtemp.4 1.11 share/man/man4/man4.x86/Makefile 1.17 share/man/man4/man4.x86/amdsmn.4 1.1-1.3 share/man/man4/man4.x86/amdzentemp.4 1.1-1.6 sys/arch/amd64/conf/ALL 1.79,1.80 sys/arch/amd64/conf/GENERIC 1.482,1.484 sys/arch/amd64/conf/XEN3_DOM0 1.146,1.147 sys/arch/x86/pci/amdsmn.c 1.1-1.2 sys/arch/x86/pci/amdsmn.h 1.1 sys/arch/x86/pci/amdzentemp.c 1.1-1.7 sys/arch/x86/pci/files.pci 1.22,1.23 sys/modules/amdzentemp/amdzentemp.ioconf 1.2 Add amdzentemp from FreeBSD via Ian Clark. man pages for amdsmn and amdzentemp. Some clean-up on the HISTORY and AUTHORS sections, and addition of a BUGS section to document the fact that we don't yet handle the required temp offset, nor do we expose the available thermal-trip value. Add missing article 'a' KNF: Put back the blank line following the empty variable declarations Put back the variable declaration, too, and mark it __diagused Otherwise a DIAGNOSTIC kernel will complain about the variable being undeclared. Correct placement of __diagused attribute. Modularize the amdsmn(4) driver, and update dependency for amdzentemp(4), Create amdsmn(4) amd amdzentemp(4) modules for X86. |
| files.pci | 1.20.10.1 Mon Feb 05 13:06:55 UTC 2018 martin Pull up following revision(s) (requested by pgoyette in ticket #524): distrib/sets/lists/man/mi 1.1574 distrib/sets/lists/modules/md.amd64 1.73 distrib/sets/lists/modules/md.i386 1.76 share/man/man4/amdtemp.4 1.11 share/man/man4/man4.x86/Makefile 1.17 share/man/man4/man4.x86/amdsmn.4 1.1-1.3 share/man/man4/man4.x86/amdzentemp.4 1.1-1.6 sys/arch/amd64/conf/ALL 1.79,1.80 sys/arch/amd64/conf/GENERIC 1.482,1.484 sys/arch/amd64/conf/XEN3_DOM0 1.146,1.147 sys/arch/x86/pci/amdsmn.c 1.1-1.2 sys/arch/x86/pci/amdsmn.h 1.1 sys/arch/x86/pci/amdzentemp.c 1.1-1.7 sys/arch/x86/pci/files.pci 1.22,1.23 sys/modules/amdzentemp/amdzentemp.ioconf 1.2 Add amdzentemp from FreeBSD via Ian Clark. man pages for amdsmn and amdzentemp. Some clean-up on the HISTORY and AUTHORS sections, and addition of a BUGS section to document the fact that we don't yet handle the required temp offset, nor do we expose the available thermal-trip value. Add missing article 'a' KNF: Put back the blank line following the empty variable declarations Put back the variable declaration, too, and mark it __diagused Otherwise a DIAGNOSTIC kernel will complain about the variable being undeclared. Correct placement of __diagused attribute. Modularize the amdsmn(4) driver, and update dependency for amdzentemp(4), Create amdsmn(4) amd amdzentemp(4) modules for X86. |
| /src/sys/modules/amdzentemp/ | |
| amdzentemp.ioconf | 1.2.2.2 Mon Feb 05 13:06:55 UTC 2018 martin Pull up following revision(s) (requested by pgoyette in ticket #524): distrib/sets/lists/man/mi 1.1574 distrib/sets/lists/modules/md.amd64 1.73 distrib/sets/lists/modules/md.i386 1.76 share/man/man4/amdtemp.4 1.11 share/man/man4/man4.x86/Makefile 1.17 share/man/man4/man4.x86/amdsmn.4 1.1-1.3 share/man/man4/man4.x86/amdzentemp.4 1.1-1.6 sys/arch/amd64/conf/ALL 1.79,1.80 sys/arch/amd64/conf/GENERIC 1.482,1.484 sys/arch/amd64/conf/XEN3_DOM0 1.146,1.147 sys/arch/x86/pci/amdsmn.c 1.1-1.2 sys/arch/x86/pci/amdsmn.h 1.1 sys/arch/x86/pci/amdzentemp.c 1.1-1.7 sys/arch/x86/pci/files.pci 1.22,1.23 sys/modules/amdzentemp/amdzentemp.ioconf 1.2 Add amdzentemp from FreeBSD via Ian Clark. man pages for amdsmn and amdzentemp. Some clean-up on the HISTORY and AUTHORS sections, and addition of a BUGS section to document the fact that we don't yet handle the required temp offset, nor do we expose the available thermal-trip value. Add missing article 'a' KNF: Put back the blank line following the empty variable declarations Put back the variable declaration, too, and mark it __diagused Otherwise a DIAGNOSTIC kernel will complain about the variable being undeclared. Correct placement of __diagused attribute. Modularize the amdsmn(4) driver, and update dependency for amdzentemp(4), Create amdsmn(4) amd amdzentemp(4) modules for X86. |
| /src/sys/fs/v7fs/ | |
| v7fs_vfsops.c | 1.5.6.2 Mon Apr 21 10:14:18 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). 1.5.6.1.6.1 Mon Apr 21 10:17:48 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). 1.5.6.1.4.1 Mon Apr 21 10:15:36 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). |
| /src/share/man/man4/ | |
| amdtemp.4 | 1.9.18.1 Mon Feb 05 13:06:55 UTC 2018 martin Pull up following revision(s) (requested by pgoyette in ticket #524): distrib/sets/lists/man/mi 1.1574 distrib/sets/lists/modules/md.amd64 1.73 distrib/sets/lists/modules/md.i386 1.76 share/man/man4/amdtemp.4 1.11 share/man/man4/man4.x86/Makefile 1.17 share/man/man4/man4.x86/amdsmn.4 1.1-1.3 share/man/man4/man4.x86/amdzentemp.4 1.1-1.6 sys/arch/amd64/conf/ALL 1.79,1.80 sys/arch/amd64/conf/GENERIC 1.482,1.484 sys/arch/amd64/conf/XEN3_DOM0 1.146,1.147 sys/arch/x86/pci/amdsmn.c 1.1-1.2 sys/arch/x86/pci/amdsmn.h 1.1 sys/arch/x86/pci/amdzentemp.c 1.1-1.7 sys/arch/x86/pci/files.pci 1.22,1.23 sys/modules/amdzentemp/amdzentemp.ioconf 1.2 Add amdzentemp from FreeBSD via Ian Clark. man pages for amdsmn and amdzentemp. Some clean-up on the HISTORY and AUTHORS sections, and addition of a BUGS section to document the fact that we don't yet handle the required temp offset, nor do we expose the available thermal-trip value. Add missing article 'a' KNF: Put back the blank line following the empty variable declarations Put back the variable declaration, too, and mark it __diagused Otherwise a DIAGNOSTIC kernel will complain about the variable being undeclared. Correct placement of __diagused attribute. Modularize the amdsmn(4) driver, and update dependency for amdzentemp(4), Create amdsmn(4) amd amdzentemp(4) modules for X86. |
| Makefile | 1.482 Wed Oct 29 17:26:57 UTC 2008 jkunz branches: 1.482.2; Ported alipm(4) and admtemp(4) from OpenBSD. Wed Oct 29 17:26:57 UTC 2008 jkunz branches: 1.482.2; Ported alipm(4) and admtemp(4) from OpenBSD. 1.482.2.13 Sun Jun 23 11:09:54 UTC 2013 bouyer Pull up following revision(s) (requested by mbalmer in ticket #1863): distrib/sets/lists/man/mi: revision 1.1411 share/man/man4/gpio.4: revision 1.24 sys/arch/i386/conf/ALL: revision 1.348 sys/arch/i386/conf/files.i386: revision 1.369 sys/dev/isa/ptcd.c: revision 1.1 share/man/man4/Makefile: revision 1.593 share/man/man4/ptcd.4: revision 1.1, 1.3, 1.4 ptcd(4) is a device driver for the cash drawer port found on Protech PS3100 point of sale terminals. It controls the cash drawer using a gpio(4) device that attaches at ptcd0: Pin 0 controls the drawer, pin 1 reports the current state. For details read the manual page. Mention ptcd(4) in the synopsis. 1.482.2.12 Fri Sep 28 10:58:15 UTC 2012 sborrill Pull up the following revisions(s) (requested by liamjfoy in ticket #1797): lib/libusbhid/usb_hid_usages: revision 1.5 via patch share/man/man4/Makefile: revision 1.578 via patch share/man/man4/uts.4: revision 1.1 share/man/man4/wsmouse.4: revision 1.19 via patch sys/arch/amd64/conf/GENERIC: revision 1.346-1.347 via patch sys/arch/i386/conf/GENERIC: revision 1.1078 via patch sys/dev/usb/FILES: revision 1.12 via patch sys/dev/usb/usbdevices.config: revision 1.12 via patch sys/dev/usb/files.usb: revision 1.119-1.120 via patch sys/dev/usb/usbhid.h: revision 1.14 via patch sys/dev/usb/uts.c: revision 1.1 distrib/sets/lists/man/mi: revision 1.1370 via patch Add uts(4) driver for USB touchscreens. 1.482.2.11 Wed Jan 25 21:18:16 UTC 2012 riz Pull up following revision(s) (requested by hannken in ticket #1715): - Be robust against an invalid timer period value. sys/dev/ic/hpetreg.h Rev. 1.4 sys/dev/ic/hpet.c Rev. 1.8 - Fix wrong definition of LAPIC_LEVEL_ASSERT / _MASK sys/arch/x86/include/i82489reg.h Rev. 1.11 - Add virtio driver - speed up disk and network access in virtual environments sys/arch/i386/conf/GENERIC Rev. 1.1055 sys/arch/i386/conf/ALL Rev. 1.325 sys/arch/amd64/conf/GENERIC Rev. 1.338 sys/dev/pci/files.pci Rev. 1.350 sys/dev/pci/if_vioif.c Rev. 0-1.2 sys/dev/pci/ld_virtio.c Rev. 0-1.4 sys/dev/pci/viomb.c Rev. 0-1.1 sys/dev/pci/virtio.c Rev. 0-1.3 sys/dev/pci/virtioreg.h Rev. 0-1.1 sys/dev/pci/virtiovar.h Rev. 0-1.1 distrib/sets/lists/man/mi Rev. 1.1352 and 1.1358 share/man/man4/Makefile Rev. 1.573 and 1.575 share/man/man4/ld.4 Rev. 1.19 share/man/man4/virtio.4 Rev. 0-1.4 share/man/man4/vioif.4 Rev. 0-1.2 share/man/man4/viomb.4 Rev. 0-1.2 Allow NetBSD to run unmodified under Linux/kvm. 1.482.2.10 Tue Mar 29 20:09:01 UTC 2011 riz Pull up following revision(s) (requested by fair in ticket #1584): share/man/man4/gtp.4: revision 1.1 share/man/man4/mr.4: file removal distrib/sets/lists/man/mi: revision 1.1304 distrib/sets/lists/man/mi: revision 1.1305 share/man/man4/Makefile: revision 1.556 The mr(4) driver was replaced by gtp(4) in 2002, but the documentation did not follow; fix PR kern/40070 I missed the .0 and .html changes for mr.4 replacement by gtp.4 in PR = kern/40070 Now corrected. 1.482.2.9 Sun Nov 21 03:05:10 UTC 2010 riz branches: 1.482.2.9.2; Pull up following revision(s) (requested by plunky in ticket #1407): sys/dev/bluetooth/btdev.h: revision 1.9 sys/arch/iyonix/conf/GENERIC: revision 1.60 sys/arch/sparc64/conf/GENERIC: revision 1.129 sys/dev/usb/hid.c: revision 1.30 sys/dev/usb/hid.h: revision 1.13 sys/arch/i386/conf/GENERIC: revision 1.983 usr.sbin/btdevctl/print.c: revision 1.10 sys/arch/evbarm/conf/MPCSA_GENERIC: revision 1.16 sys/arch/alpha/conf/GENERIC: revision 1.337 sys/dev/bluetooth/files.bluetooth: revision 1.14 sys/arch/evbarm/conf/GUMSTIX: revision 1.49 sys/dev/usb/usbdevs: revision 1.550 sys/arch/evbppc/conf/OPENBLOCKS266_OPT: revision 1.14 sys/arch/hpcsh/conf/GENERIC: revision 1.91 sys/dev/bluetooth/btmagic.c: revision 1.1 distrib/sets/lists/man/mi: revision 1.1210 sys/arch/amd64/conf/GENERIC: revision 1.279 sys/arch/i386/conf/ALL: revision 1.258 sys/arch/amd64/conf/XEN3_DOM0: revision 1.54 sys/arch/hpcarm/conf/JORNADA720: revision 1.78 sys/dev/usb/hid.c: revision 1.29 share/man/man4/btmagic.4: revision 1.1 hid_get_data() does not work if the size of data is less than a byte and crosses a byte boundary, and it always returns a sign-extended value. fix this by using the algorithm from libusbhid to read bytes, and provide a hid_get_udata() function to return unsigned data values. while here, const args update DPRINTF to reflect actual function name add Apple Magic Mouse product-id regen for Magic Mouse id allow for vendor-id and product-id properties, passing them through to child devices add Magic Mouse driver and manpage btmagic(4) additionally query the "PnP Information" service record to discover any USB Forum vendor-id and product-id values and store them in the property list if found. add btmagic(4) where other Bluetooth drivers are listed .2.9 Sun Nov 21 03:05:10 UTC 2010 riz branches: 1.482.2.9.2; Pull up following revision(s) (requested by plunky in ticket #1407): sys/dev/bluetooth/btdev.h: revision 1.9 sys/arch/iyonix/conf/GENERIC: revision 1.60 sys/arch/sparc64/conf/GENERIC: revision 1.129 sys/dev/usb/hid.c: revision 1.30 sys/dev/usb/hid.h: revision 1.13 sys/arch/i386/conf/GENERIC: revision 1.983 usr.sbin/btdevctl/print.c: revision 1.10 sys/arch/evbarm/conf/MPCSA_GENERIC: revision 1.16 sys/arch/alpha/conf/GENERIC: revision 1.337 sys/dev/bluetooth/files.bluetooth: revision 1.14 sys/arch/evbarm/conf/GUMSTIX: revision 1.49 sys/dev/usb/usbdevs: revision 1.550 sys/arch/evbppc/conf/OPENBLOCKS266_OPT: revision 1.14 sys/arch/hpcsh/conf/GENERIC: revision 1.91 sys/dev/bluetooth/btmagic.c: revision 1.1 distrib/sets/lists/man/mi: revision 1.1210 sys/arch/amd64/conf/GENERIC: revision 1.279 sys/arch/i386/conf/ALL: revision 1.258 sys/arch/amd64/conf/XEN3_DOM0: revision 1.54 sys/arch/hpcarm/conf/JORNADA720: revision 1.78 sys/dev/usb/hid.c: revision 1.29 share/man/man4/btmagic.4: revision 1.1 hid_get_data() does not work if the size of data is less than a byte and crosses a byte boundary, and it always returns a sign-extended value. fix this by using the algorithm from libusbhid to read bytes, and provide a hid_get_udata() function to return unsigned data values. while here, const args update DPRINTF to reflect actual function name add Apple Magic Mouse product-id regen for Magic Mouse id allow for vendor-id and product-id properties, passing them through to child devices add Magic Mouse driver and manpage btmagic(4) additionally query the "PnP Information" service record to discover any USB Forum vendor-id and product-id values and store them in the property list if found. add btmagic(4) where other Bluetooth drivers are listed 1.482.2.8 Wed Oct 28 09:03:42 UTC 2009 bouyer Pull up the following revisions, requested by sborrill in ticket #1114: share/man/man4/sdhc.4 1.1-1.2 sys/dev/pci/sdhc_pci.c 1.1-1.3 distrib/sets/lists/man/mi patch share/man/man4/Makefile patch sys/arch/amd64/conf/GENERIC patch sys/arch/i386/conf/ALL patch sys/arch/i386/conf/GENERIC patch sys/dev/pci/files.pci patch sys/dev/pci/pcidevs patch sys/dev/pci/pcidevs.h regen sys/dev/pci/pcidevs_data.h regen Add sdhc(4), a driver for SD controllers following the SD Host Controller Standard Simplified Specification. 1.482.2.7 Thu Oct 08 09:47:08 UTC 2009 sborrill Pull up the following revisions(s) (requested by jmcneill in ticket #1045): distrib/sets/lists/man/mi: revision 1.1160 share/man/man4/Makefile: revision 1.499 share/man/man4/wb.4: revision 1.1-1.2 share/man/man4/ld.4: revision 1.17 sys/arch/i386/conf/ALL: revision 1.215-1.216 + patch sys/arch/i386/conf/GENERIC: revision 1.946-1.947 + patch sys/arch/amd64/conf/GENERIC: revision 1.254-1.256 + patch sys/conf/files: revision 1.958 sys/dev/acpi/files.acpi: revision 1.59 sys/dev/acpi/wb_acpi.c: revision 1.1 sys/dev/ic/w83l518d.c: revision 1.1 sys/dev/ic/w83l518d_sdmmc.c: revision 1.1 sys/dev/ic/w83l518d_sdmmc.h: revision 1.1 sys/dev/ic/w83l518dreg.h: revision 1.1 sys/dev/ic/w83l518dvar.h.c: revision 1.1 wb(4): Add a driver for Winbond W83L518D SD/MMC readers. |
| /src/share/man/man4/man4.x86/ | |
| amdsmn.4 | 1.3.2.2 Mon Feb 05 13:06:55 UTC 2018 martin Pull up following revision(s) (requested by pgoyette in ticket #524): distrib/sets/lists/man/mi 1.1574 distrib/sets/lists/modules/md.amd64 1.73 distrib/sets/lists/modules/md.i386 1.76 share/man/man4/amdtemp.4 1.11 share/man/man4/man4.x86/Makefile 1.17 share/man/man4/man4.x86/amdsmn.4 1.1-1.3 share/man/man4/man4.x86/amdzentemp.4 1.1-1.6 sys/arch/amd64/conf/ALL 1.79,1.80 sys/arch/amd64/conf/GENERIC 1.482,1.484 sys/arch/amd64/conf/XEN3_DOM0 1.146,1.147 sys/arch/x86/pci/amdsmn.c 1.1-1.2 sys/arch/x86/pci/amdsmn.h 1.1 sys/arch/x86/pci/amdzentemp.c 1.1-1.7 sys/arch/x86/pci/files.pci 1.22,1.23 sys/modules/amdzentemp/amdzentemp.ioconf 1.2 Add amdzentemp from FreeBSD via Ian Clark. man pages for amdsmn and amdzentemp. Some clean-up on the HISTORY and AUTHORS sections, and addition of a BUGS section to document the fact that we don't yet handle the required temp offset, nor do we expose the available thermal-trip value. Add missing article 'a' KNF: Put back the blank line following the empty variable declarations Put back the variable declaration, too, and mark it __diagused Otherwise a DIAGNOSTIC kernel will complain about the variable being undeclared. Correct placement of __diagused attribute. Modularize the amdsmn(4) driver, and update dependency for amdzentemp(4), Create amdsmn(4) amd amdzentemp(4) modules for X86. |
| amdzentemp.4 | 1.6.2.2 Mon Feb 05 13:06:55 UTC 2018 martin Pull up following revision(s) (requested by pgoyette in ticket #524): distrib/sets/lists/man/mi 1.1574 distrib/sets/lists/modules/md.amd64 1.73 distrib/sets/lists/modules/md.i386 1.76 share/man/man4/amdtemp.4 1.11 share/man/man4/man4.x86/Makefile 1.17 share/man/man4/man4.x86/amdsmn.4 1.1-1.3 share/man/man4/man4.x86/amdzentemp.4 1.1-1.6 sys/arch/amd64/conf/ALL 1.79,1.80 sys/arch/amd64/conf/GENERIC 1.482,1.484 sys/arch/amd64/conf/XEN3_DOM0 1.146,1.147 sys/arch/x86/pci/amdsmn.c 1.1-1.2 sys/arch/x86/pci/amdsmn.h 1.1 sys/arch/x86/pci/amdzentemp.c 1.1-1.7 sys/arch/x86/pci/files.pci 1.22,1.23 sys/modules/amdzentemp/amdzentemp.ioconf 1.2 Add amdzentemp from FreeBSD via Ian Clark. man pages for amdsmn and amdzentemp. Some clean-up on the HISTORY and AUTHORS sections, and addition of a BUGS section to document the fact that we don't yet handle the required temp offset, nor do we expose the available thermal-trip value. Add missing article 'a' KNF: Put back the blank line following the empty variable declarations Put back the variable declaration, too, and mark it __diagused Otherwise a DIAGNOSTIC kernel will complain about the variable being undeclared. Correct placement of __diagused attribute. Modularize the amdsmn(4) driver, and update dependency for amdzentemp(4), Create amdsmn(4) amd amdzentemp(4) modules for X86. |
| Makefile | 1.16.8.1 Mon Feb 05 13:06:55 UTC 2018 martin Pull up following revision(s) (requested by pgoyette in ticket #524): distrib/sets/lists/man/mi 1.1574 distrib/sets/lists/modules/md.amd64 1.73 distrib/sets/lists/modules/md.i386 1.76 share/man/man4/amdtemp.4 1.11 share/man/man4/man4.x86/Makefile 1.17 share/man/man4/man4.x86/amdsmn.4 1.1-1.3 share/man/man4/man4.x86/amdzentemp.4 1.1-1.6 sys/arch/amd64/conf/ALL 1.79,1.80 sys/arch/amd64/conf/GENERIC 1.482,1.484 sys/arch/amd64/conf/XEN3_DOM0 1.146,1.147 sys/arch/x86/pci/amdsmn.c 1.1-1.2 sys/arch/x86/pci/amdsmn.h 1.1 sys/arch/x86/pci/amdzentemp.c 1.1-1.7 sys/arch/x86/pci/files.pci 1.22,1.23 sys/modules/amdzentemp/amdzentemp.ioconf 1.2 Add amdzentemp from FreeBSD via Ian Clark. man pages for amdsmn and amdzentemp. Some clean-up on the HISTORY and AUTHORS sections, and addition of a BUGS section to document the fact that we don't yet handle the required temp offset, nor do we expose the available thermal-trip value. Add missing article 'a' KNF: Put back the blank line following the empty variable declarations Put back the variable declaration, too, and mark it __diagused Otherwise a DIAGNOSTIC kernel will complain about the variable being undeclared. Correct placement of __diagused attribute. Modularize the amdsmn(4) driver, and update dependency for amdzentemp(4), Create amdsmn(4) amd amdzentemp(4) modules for X86. |
| /src/sys/compat/sys/ | |
| siginfo.h | 1.7.2.1 Tue Oct 15 18:32:13 UTC 2019 martin Pull up following revision(s) (requested by kamil in ticket #311): sys/sys/siginfo.h: revision 1.34 sys/kern/sys_ptrace_common.c: revision 1.59 sys/kern/sys_lwp.c: revision 1.70 sys/compat/sys/siginfo.h: revision 1.8 sys/kern/kern_sig.c: revision 1.365 sys/kern/kern_lwp.c: revision 1.203 sys/sys/signalvar.h: revision 1.96 sys/kern/kern_exec.c: revision 1.482 sys/kern/kern_fork.c: revision 1.214 Move TRAP_CHLD/TRAP_LWP ptrace information from struct proc to siginfo Storing struct ptrace_state information inside struct proc was vulnerable to synchronization bugs, as multiple events emitted in the same time were overwritting other ones. Cache the original parent process id in p_oppid. Reusing here p_opptr is in theory prone to slight race codition. Change the semantics of PT_GET_PROCESS_STATE, reutning EINVAL for calls prompting for the value in cases when there wasn't registered an appropriate event. Add an alternative approach to check the ptrace_state information, directly from the siginfo_t value returned from PT_GET_SIGINFO. The original PT_GET_PROCESS_STATE approach is kept for compat with older NetBSD and OpenBSD. New code is recommended to keep using PT_GET_PROCESS_STATE. Add a couple of compile-time asserts for assumptions in the code. No functional change intended in existing ptrace(2) software. All ATF ptrace(2) and ATF GDB tests pass. This change improves reliability of the threading ptrace(2) code. |
| /src/sys/fs/efs/ | |
| efs_vfsops.c | 1.22.14.1 Mon Apr 21 10:17:48 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). 1.22.12.1 Mon Apr 21 10:15:37 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). 1.22.8.1 Mon Apr 21 10:14:19 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). |
| /src/sys/fs/nilfs/ | |
| nilfs_vfsops.c | 1.8.12.1 Mon Apr 21 10:17:47 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). 1.8.10.1 Mon Apr 21 10:15:36 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). 1.8.6.1 Mon Apr 21 10:14:17 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). |
| /src/sys/fs/unionfs/ | |
| unionfs_vfsops.c | 1.9.18.1 Mon Apr 21 10:17:47 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). 1.9.16.1 Mon Apr 21 10:15:36 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). 1.9.10.1 Mon Apr 21 10:14:17 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). |
| /src/sys/ufs/chfs/ | |
| chfs_vfsops.c | 1.2.10.1 Mon Apr 21 10:17:47 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). 1.2.8.1 Mon Apr 21 10:15:36 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). 1.2.4.1 Mon Apr 21 10:14:17 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). |
| /src/external/cddl/osnet/dist/uts/common/fs/zfs/ | |
| zfs_vfsops.c | 1.7.10.1 Mon Apr 21 10:17:49 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). 1.7.8.1 Mon Apr 21 10:15:37 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). 1.7.2.1 Mon Apr 21 10:14:19 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). |
| /src/sys/fs/hfs/ | |
| hfs_vfsops.c | 1.27.8.2 Mon Apr 21 10:14:18 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). 1.27.8.1.6.1 Mon Apr 21 10:17:48 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). 1.27.8.1.4.1 Mon Apr 21 10:15:37 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). |
| /src/sys/fs/sysvbfs/ | |
| sysvbfs_vfsops.c | 1.38.6.2 Mon Apr 21 10:14:17 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). 1.38.6.1.6.1 Mon Apr 21 10:17:47 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). 1.38.6.1.4.1 Mon Apr 21 10:15:36 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). |
| /src/sys/coda/ | |
| coda_vfsops.c | 1.70.14.1 Mon Apr 21 10:17:48 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). 1.70.12.1 Mon Apr 21 10:15:37 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). 1.70.8.1 Mon Apr 21 10:14:18 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). |
| /src/sys/fs/ptyfs/ | |
| ptyfs_vfsops.c | 1.42.18.2 Mon Apr 21 10:14:18 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). 1.42.18.1.4.1 Mon Apr 21 10:17:48 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). 1.42.18.1.2.1 Mon Apr 21 10:15:37 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). |
| /src/sys/fs/tmpfs/ | |
| tmpfs_vfsops.c | 1.52.22.1 Mon Apr 21 10:17:48 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). 1.52.14.1 Mon Apr 21 10:15:37 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). 1.52.8.1 Mon Apr 21 10:14:18 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). |
| /src/sys/fs/union/ | |
| union_vfsops.c | 1.67.8.1 Mon Apr 21 10:17:48 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). 1.67.6.1 Mon Apr 21 10:15:37 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). 1.67.2.1 Mon Apr 21 10:14:18 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). |
| /src/sys/miscfs/overlay/ | |
| overlay_vfsops.c | 1.56.20.1 Mon Apr 21 10:17:48 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). 1.56.18.1 Mon Apr 21 10:15:37 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). 1.56.14.1 Mon Apr 21 10:14:18 UTC 2014 bouyer Pull up following revision(s) (requested by maxv in ticket #1050): sys/ufs/chfs/chfs_vfsops.c: revision 1.11 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/fs/nilfs/nilfs_vfsops.c: revision 1.16 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/kern/vfs_syscalls.c: revision 1.478 sys/kern/vfs_syscalls.c: revision 1.479 sys/fs/puffs/puffs_vfsops.c: revision 1.110 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/nfs/nfs_vfsops.c: revision 1.227 sys/fs/v7fs/v7fs_vfsops.c: revision 1.10 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 sys/coda/coda_vfsops.c: revision 1.81 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/kern/vfs_syscalls.c: revision 1.480 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/kern/vfs_syscalls.c: revision 1.482 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/udf/udf_vfsops.c: revision 1.67 Limit check for 'data_len'. Otherwise a (un)privileged user can easily panic the system by passing a huge size. ok christos@ An (un)privileged user can easily make the kernel dereference a NULL pointer. The kernel allows 'data' to be NULL; it's the fs's responsibility to ensure that it isn't NULL (if the fs actually needs data). ok christos@ Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). This thing is totally buggy: 'data_len' is modified by the fs, so calling kmem_free with it while its value has changed since the kmem_alloc is far from being a good idea. If the kernel figures out that something mismatches, it will panic (typically with kernfs). |
| /src/sys/sys/ | |
| siginfo.h | 1.33.2.1 Tue Oct 15 18:32:13 UTC 2019 martin Pull up following revision(s) (requested by kamil in ticket #311): sys/sys/siginfo.h: revision 1.34 sys/kern/sys_ptrace_common.c: revision 1.59 sys/kern/sys_lwp.c: revision 1.70 sys/compat/sys/siginfo.h: revision 1.8 sys/kern/kern_sig.c: revision 1.365 sys/kern/kern_lwp.c: revision 1.203 sys/sys/signalvar.h: revision 1.96 sys/kern/kern_exec.c: revision 1.482 sys/kern/kern_fork.c: revision 1.214 Move TRAP_CHLD/TRAP_LWP ptrace information from struct proc to siginfo Storing struct ptrace_state information inside struct proc was vulnerable to synchronization bugs, as multiple events emitted in the same time were overwritting other ones. Cache the original parent process id in p_oppid. Reusing here p_opptr is in theory prone to slight race codition. Change the semantics of PT_GET_PROCESS_STATE, reutning EINVAL for calls prompting for the value in cases when there wasn't registered an appropriate event. Add an alternative approach to check the ptrace_state information, directly from the siginfo_t value returned from PT_GET_SIGINFO. The original PT_GET_PROCESS_STATE approach is kept for compat with older NetBSD and OpenBSD. New code is recommended to keep using PT_GET_PROCESS_STATE. Add a couple of compile-time asserts for assumptions in the code. No functional change intended in existing ptrace(2) software. All ATF ptrace(2) and ATF GDB tests pass. This change improves reliability of the threading ptrace(2) code. |
Completed in 262 milliseconds
Indexes created Thu Apr 02 00:23:07 UTC 2026