svn commit: r54224 - in head/share: security/advisories security/patches/EN-20:11 security/patches/EN-20:12 security/patches/SA-20:17 xml
Gordon Tetlow
gordon at FreeBSD.org
Tue Jun 9 16:36:57 UTC 2020
Author: gordon (src committer)
Date: Tue Jun 9 16:36:54 2020
New Revision: 54224
URL: https://svnweb.freebsd.org/changeset/doc/54224
Log:
Add EN-20:10, EN-20:11, and SA-20:17.
Approved by: so
Added:
head/share/security/advisories/FreeBSD-EN-20:11.ena.asc (contents, props changed)
head/share/security/advisories/FreeBSD-EN-20:12.iflib.asc (contents, props changed)
head/share/security/advisories/FreeBSD-SA-20:17.usb.asc (contents, props changed)
head/share/security/patches/EN-20:11/
head/share/security/patches/EN-20:11/ena.patch (contents, props changed)
head/share/security/patches/EN-20:11/ena.patch.asc (contents, props changed)
head/share/security/patches/EN-20:12/
head/share/security/patches/EN-20:12/iflib.patch (contents, props changed)
head/share/security/patches/EN-20:12/iflib.patch.asc (contents, props changed)
head/share/security/patches/SA-20:17/
head/share/security/patches/SA-20:17/usb.patch (contents, props changed)
head/share/security/patches/SA-20:17/usb.patch.asc (contents, props changed)
Modified:
head/share/xml/advisories.xml
head/share/xml/notices.xml
Added: head/share/security/advisories/FreeBSD-EN-20:11.ena.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-20:11.ena.asc Tue Jun 9 16:36:54 2020 (r54224)
@@ -0,0 +1,147 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-20:11.ena Errata Notice
+ The FreeBSD Project
+
+Topic: Stability issues in ena(4) driver
+
+Category: core
+Module: ena
+Announced: 2020-06-09
+Credits: Colin Percival
+Affects: FreeBSD 12.1
+Corrected: 2020-05-12 18:44:41 UTC (stable/12, 12.1-STABLE)
+ 2020-06-09 16:10:57 UTC (releng/12.1, 12.1-RELEASE-p6)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The ena(4) driver is used to access the Elastic Network Adapter network
+interface on recent Amazon Elastic Compute Cloud (EC2) instances. It is
+designed to make full use of the EC2 network, operating at up to 100 Gbps.
+
+II. Problem Description
+
+The ena(4) driver attempts to allocate a large number of 16 kB mbuf clusters
+to use as buffers for received packets. Under low memory conditions, the
+process of attempting to allocate these buffers may take a long time.
+
+On FreeBSD 12.x, these allocations are attempted from an interrupt thread
+running at high priority, and can subsequently starve other parts of the
+system of CPU time.
+
+It appears that systems using the ZFS filesystem may be more likely to
+experience this issue, possibly due to the memory pressure created by the
+allocation of memory to the ZFS ARC.
+
+III. Impact
+
+The system may become unresponsive, appearing to "lock up" for periods of
+several seconds. The ena(4) driver may log errors such as
+
+ The number of lost tx completion is above the threshold (129 > 128).
+
+and reset the device; the nvme(4) driver may also experience timeouts
+resulting in a range of errors being reported and the device being reset,
+and in some cases causing kernel panics.
+
+IV. Workaround
+
+No workaround is available. Systems which are not part of the Amazon
+Elastic Compute Cloud (EC2) are not affected; nor are older EC2 instance
+types, which lack the Elastic Network Adapter hardware.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date, and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for errata update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 12.1]
+# fetch https://security.FreeBSD.org/patches/EN-20:11/ena.patch
+# fetch https://security.FreeBSD.org/patches/EN-20:11/ena.patch.asc
+# gpg --verify ena.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+NOTE: This patch can have a small (~2%) impact on the throughput of the
+ena(4) device. The original performance can be restored -- at the expense
+of latency spikes and system instability under memory pressure -- by adding
+the following to /boot/loader.conf:
+
+ hw.ena.enable_9k_mbufs="1"
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r360985
+releng/12.1/ r361970
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-20:11.ena.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl7fuERfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cITew/+MQpJIKHrlWjqcR9fvAeqR4rX3aBVNMkambeTa2nKY4/PH8XzVLnKvyuE
+O7ZtzaU3bz5xYkyYnlYSGstTRWk/BRCRgpZvzlPWVsvsFINgCHO5QsKHVyC0+/M2
+Do3qRwxYDYPh0+Bz8QGuQGmpfMNpsuA//rfa12Ywp7jqu3IP8+0bBuWM71J7Bkyf
+WhEJIehFiU9iGUFS2LF7000CzIwmcTitCtYJFxxwaYYHGHT5nMtljcrsKK9I1N+Q
+f3mQ7dK8ryQ+H+CupfHodAYUeZyJbj/xVggdnzY45R1B9Tdr15VMPuurcqXyXIft
+Uj4UzdDUNgbUw4WQqfvqn8CDAT0V54NRhDs8AkYWn+GqaDDSnvcsKnI/V2UJgqTn
+Wp8ZClq7bF0mcBp7g1t97peseZsP+papJKsaVLKrTT+dw1x/aWz1cvK51x5UPWoW
+qaiFVMf5l9R0ZDcQxsyN/7gyHnZRR8X1wl1gVPVcJ8EEWs6Gh4sRTzXSDMDqsA/P
+89hA6vPVeOmBqKM3BlR8MrDPIALjzxNvzu65NMLMcebyPudaY9a2GEd8acw6mwxh
+hQ015y9+MoMV8xD3gfjNLdQS7899eK1MwXu1UZPcUEOlYErAhjoGo51N4D6mfU62
+7sDoy2Yt380Nmp57nUoanHkADzXPn8OV8fvlsTN6a0J4ZLu+KNM=
+=FDu4
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-EN-20:12.iflib.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-20:12.iflib.asc Tue Jun 9 16:36:54 2020 (r54224)
@@ -0,0 +1,127 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-20:12.iflib Errata Notice
+ The FreeBSD Project
+
+Topic: iflib watchdog timeout resetting idle queues
+
+Category: core
+Module: kernel
+Announced: 2020-06-09
+Affects: FreeBSD 12.1
+Corrected: 2020-01-10 18:29:05 UTC (stable/12, 12.1-STABLE)
+ 2020-06-09 16:11:54 UTC (releng/12.1, 12.1-RELEASE-p6)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+iflib is a framework that contains common code for network drivers to use,
+reducing code duplication. One function it contains is a "watchdog" that
+periodically checks the driver's software Tx queues to see if they're hung.
+
+II. Problem Description
+
+The iflib watchdog would sometimes trigger a false positive queue hang just
+after a link state change.
+
+III. Impact
+
+The iflib framework would print messages for the affected devices such as
+
+"igb0: TX(2) desc avail = 1024, pidx = 0"
+
+and would stop allowing Tx traffic to be sent.
+
+IV. Workaround
+
+No workaround is available. Systems that do not use iflib-based interfaces
+are not vulnerable.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date, and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for errata update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-20:12/iflib.patch
+# fetch https://security.FreeBSD.org/patches/EN-20:12/iflib.patch.asc
+# gpg --verify iflib.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r356605
+releng/12.1/ r361971
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=239240>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-20:12.iflib.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl7fuQlfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJl3RAAhIgmZfpK3r2qBuwC0EypnqtndvjEHGTTdcUhwY0iBjrDxt6AnHPMO/i/
+DEZkNJI6uCxSaybjVcnNob7lJ4p2o9rrAF+pExR4LycxJa0y8oZM5xIdqwwfY484
+Tge4/N4garWeA0ALetGXCrAf62t7ZLRgyWldH4tt4m0Mu7AIGkfPGivWK6kpmB5c
+O/GKv6fe4TiyPSAQroUQrNawdO9tQTDhXjGknRZ3iyu9tp/zeOkgtMAEnc3zdv0T
+J3sFqGGt/Mt2dL0KoqfUNK54k5vgUU+oV22+z2pf9TGtby4yUq0FTOxl+V5qE6hk
+aQHndYgklOo56AaSkA3GW1DoIOyU7VQtsA5hpbHXotiJo1P5BoNIa3IwMfLBmW45
+sD7f/vpyX5Mga9KqcvYIgRxCNvYpu8Dq0nKiVQboABAdplFLorTdHPJmSqmeoomO
+diEQk3cSotrav1b8xl2IfZYk8TaC5B7gm9UuU6ag6UM/vasr1kRcz5+7DxDOCP1d
+2CbaKqPnpGAxyGmd+DLO7EMkOIBPiKfoCtBfgLXRypD6ypEW/xAUmGtR6yIFCtJ/
+USAHRwrm0jteVOXYrpS3cvBYsXkEowcMK1n8ghIqUfDHtvebLK2m5ubhF2E1F0Gv
+6Nw6i0dt1Csrhg7CyrWqzY83iB7N3tPvqN45QaFMEBRqnnsLPpQ=
+=VqeW
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-20:17.usb.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-20:17.usb.asc Tue Jun 9 16:36:54 2020 (r54224)
@@ -0,0 +1,133 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-20:17.usb Security Advisory
+ The FreeBSD Project
+
+Topic: USB HID descriptor parsing error
+
+Category: core
+Module: kernel
+Announced: 2020-06-09
+Credits: Andy Nguyen, Google
+Affects: All supported versions of FreeBSD.
+Corrected: 2020-06-08 09:32:57 UTC (stable/12, 12.1-STABLE)
+ 2020-06-09 16:13:54 UTC (releng/12.1, 12.1-RELEASE-p6)
+ 2020-06-08 09:33:37 UTC (stable/11, 11.4-STABLE)
+ 2020-06-09 16:13:54 UTC (releng/11.4, 11.4-RC2-p1)
+ 2020-06-09 16:13:54 UTC (releng/11.3, 11.3-RELEASE-p10)
+CVE Name: CVE-2020-7456
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+USB Human Interface Device (HID) descriptors may push/pop the current state
+to allow description of items residing in a so-called union. FreeBSD
+supports 4 such pop levels.
+
+II. Problem Description
+
+If the push/pop level is not restored within the processing of the same HID
+item, an invalid memory location may be used for subsequent HID item
+processing.
+
+III. Impact
+
+An attacker with physical access to a USB port may be able to use a specially
+crafted USB device to gain kernel or user-space code execution.
+
+IV. Workaround
+
+Setting "sysctl hw.usb.disable_enumeration=1" disables USB device
+enumeration preventing the error from occurring.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+and reboot.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-20:17/usb.patch
+# fetch https://security.FreeBSD.org/patches/SA-20:17/usb.patch.asc
+# gpg --verify usb.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r361918
+releng/12.1/ r361972
+stable/11/ r361919
+releng/11.4/ r361972
+releng/11.3/ r361972
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7456>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-20:17.usb.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl7fuFhfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJ4Iw/6AuTNBD33WaEZTW7mAfigc1sp8cjnKCvm+DObx1CNpSr9fxiy+Dy5DMjg
+/Hv4ijv4flte3txXohdXvYcAKqYrbP1BBr6ptlQYE/V+61sTtxV18XGnID1fgSOZ
+WPHGaXMAUNeeVxJSEVJ5rJ+lRo90Rlp/n9pMZlU+tIDFjE0BQ5lJkicg/xgFO9rg
+tRaeotoXmdNo3HlkMfXnIZ8q5tOQrcsfSZP6DgQWKspinCJTVTr1eQ9p6mHNV7Ip
+XZGuXNaktYxwNk2oWP2dmk6FAkyldReyi856DurhOldmAxPbY5zh4NfwOuL78pSa
+draF1up4Vkb/aSQHN1xkaOjlBEmLYHgzND83M9gnE2RdtGVLeerI6Gdd6Pp4D8a2
+vPgWZOQfO82lUjSx/B/XHCA0Ztu4uinPuCkrf9vcteg/juJxQRRyFWUfqGbo3qpC
+U9a1AN9Ojgy0eFDKTo7vWUf34kB1RApEEt3y3XNwwbwDWtKdWMRLJfD4oIhbB6Re
+URYpBUv5wnkhOq5LR15VJc6jL/DZxqsjByALwtnEdNH6bAYM+6WTmnTYFgUyuvlF
+n2tZeD5LXM0GLs377edmAeGR7TUd+rFfndEGFKiDXeSNrmb0Ro6E4vvbUwu5PalA
+kf+suJS0noAH+SPmk0YyxKm12plPxyO2zLFIMRpjWz6v1joH+Qk=
+=4v1s
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/EN-20:11/ena.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-20:11/ena.patch Tue Jun 9 16:36:54 2020 (r54224)
@@ -0,0 +1,87 @@
+--- sys/dev/ena/ena.c.orig
++++ sys/dev/ena/ena.c
+@@ -200,6 +200,19 @@
+ SYSCTL_INT(_hw_ena, OID_AUTO, log_level, CTLFLAG_RWTUN,
+ &ena_log_level, 0, "Logging level indicating verbosity of the logs");
+
++/*
++ * Use 9k mbufs for the Rx buffers. Default to 0 (use page size mbufs instead).
++ * Using 9k mbufs in low memory conditions might cause allocation to take a lot
++ * of time and lead to the OS instability as it needs to look for the contiguous
++ * pages.
++ * However, page size mbufs has a bit smaller throughput than 9k mbufs, so if
++ * the network performance is the priority, the 9k mbufs can be used.
++ */
++int ena_enable_9k_mbufs = 0;
++SYSCTL_INT(_hw_ena, OID_AUTO, enable_9k_mbufs, CTLFLAG_RDTUN,
++ &ena_enable_9k_mbufs, 0, "Use 9 kB mbufs for Rx descriptors");
++#define ena_mbuf_sz (ena_enable_9k_mbufs ? MJUM9BYTES : MJUMPAGESIZE)
++
+ static ena_vendor_info_t ena_vendor_info_array[] = {
+ { PCI_VENDOR_ID_AMAZON, PCI_DEV_ID_ENA_PF, 0},
+ { PCI_VENDOR_ID_AMAZON, PCI_DEV_ID_ENA_LLQ_PF, 0},
+@@ -470,6 +483,7 @@
+ rxr->que = que;
+
+ rxr->empty_rx_queue = 0;
++ rxr->rx_mbuf_sz = ena_mbuf_sz;
+ }
+ }
+
+@@ -548,9 +562,9 @@
+ ENA_DMA_BIT_MASK(adapter->dma_width), /* lowaddr of excl window */
+ BUS_SPACE_MAXADDR, /* highaddr of excl window */
+ NULL, NULL, /* filter, filterarg */
+- MJUM16BYTES, /* maxsize */
++ ena_mbuf_sz, /* maxsize */
+ adapter->max_rx_sgl_size, /* nsegments */
+- MJUM16BYTES, /* maxsegsize */
++ ena_mbuf_sz, /* maxsegsize */
+ 0, /* flags */
+ NULL, /* lockfunc */
+ NULL, /* lockarg */
+@@ -957,7 +971,8 @@
+ return (0);
+
+ /* Get mbuf using UMA allocator */
+- rx_info->mbuf = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUM16BYTES);
++ rx_info->mbuf = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR,
++ rx_ring->rx_mbuf_sz);
+
+ if (unlikely(rx_info->mbuf == NULL)) {
+ counter_u64_add(rx_ring->rx_stats.mjum_alloc_fail, 1);
+@@ -968,7 +983,7 @@
+ }
+ mlen = MCLBYTES;
+ } else {
+- mlen = MJUM16BYTES;
++ mlen = rx_ring->rx_mbuf_sz;
+ }
+ /* Set mbuf length*/
+ rx_info->mbuf->m_pkthdr.len = rx_info->mbuf->m_len = mlen;
+--- sys/dev/ena/ena.h.orig
++++ sys/dev/ena/ena.h
+@@ -41,7 +41,7 @@
+
+ #define DRV_MODULE_VER_MAJOR 0
+ #define DRV_MODULE_VER_MINOR 8
+-#define DRV_MODULE_VER_SUBMINOR 4
++#define DRV_MODULE_VER_SUBMINOR 5
+
+ #define DRV_MODULE_NAME "ena"
+
+@@ -238,8 +238,12 @@
+
+ /* Determines if device will use LLQ or normal mode for TX */
+ enum ena_admin_placement_policy_type tx_mem_queue_type;
+- /* The maximum length the driver can push to the device (For LLQ) */
+- uint8_t tx_max_header_size;
++ union {
++ /* The maximum length the driver can push to the device (For LLQ) */
++ uint8_t tx_max_header_size;
++ /* The maximum (and default) mbuf size for the Rx descriptor. */
++ uint16_t rx_mbuf_sz;
++ };
+
+ struct ena_com_rx_buf_info ena_bufs[ENA_PKT_MAX_BUFS];
+
Added: head/share/security/patches/EN-20:11/ena.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-20:11/ena.patch.asc Tue Jun 9 16:36:54 2020 (r54224)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl7fuG1fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJufBAAkAgRwDCM4+HShm0Zag36TMJDelC7b3IeBd+NkwLvWHZvThcqbFEEr7xw
+X19EceBGVwapmKvMDWtJRZst8NTpRNBzxoN4aAg6a/cVQwWFUD9rGp65pAyLL0FT
+QBDyRZCEaSCzbu/hDSP3sD8okv+76lrlOInWkVq9SVhSxG3oWdufnmaosjgNlWDN
+JPU8soIf3eLCxehmGmSGJHwZo7ZZ6kC/41kVmmEHRG7aNwmSE3wu+Ih3bN7DA0PL
+UyUcpNAG3Bt+vm2hc/yIIv0QJUX+bXLMmaF2o2fTmPoqITHxeeCkt6HXT0176i+P
+gs4t0bJ7PeDy3GTy7VIYJJyPkA53ZqYsxLGm43dZMqGsKPH1j1wNBZ34KpPgcU0W
+8NukbpLxVpr00wMn992dG0fzowZSs1wk6woLwS//PBgxgEp10Eo9KUglWXnA2fHR
+ciTtzY6coDO7raUvPq0UHE3onyt9Mz5vkhNJ0yL6Ra+LyNX2gu3YmJSeNtfeossY
+V/ni+Eo/kCNW6yBBhp4YVPnmkTISRLIYTIav+NYhlUp+Jqd9m2ziJbzm+Dsk9aUT
+lbAOwoHde6OZxJO5SyX0bdVE2+vzuOANQT64kP3uh8wbPGYWN6q3FAucctMIaJ9e
+hLoYn+p3lnQmgg6yEVRJkWJeNs1mRzPDGq6asgYZJiAZAGiwvKA=
+=3wLT
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/EN-20:12/iflib.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-20:12/iflib.patch Tue Jun 9 16:36:54 2020 (r54224)
@@ -0,0 +1,15 @@
+--- sys/net/iflib.c.orig
++++ sys/net/iflib.c
+@@ -2301,8 +2301,11 @@
+ (sctx->isc_pause_frames == 0)))
+ goto hung;
+
+- if (ifmp_ring_is_stalled(txq->ift_br))
++ if (txq->ift_qstatus != IFLIB_QUEUE_IDLE &&
++ ifmp_ring_is_stalled(txq->ift_br)) {
++ KASSERT(ctx->ifc_link_state == LINK_STATE_UP, ("queue can't be marked as hung if interface is down"));
+ txq->ift_qstatus = IFLIB_QUEUE_HUNG;
++ }
+ txq->ift_cleaned_prev = txq->ift_cleaned;
+ }
+ #ifdef DEV_NETMAP
Added: head/share/security/patches/EN-20:12/iflib.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-20:12/iflib.patch.asc Tue Jun 9 16:36:54 2020 (r54224)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl7fuHRfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cLzsA/+N7MQ0mOSS3yDLZQkq90Yg7ohwmKo+HWPLeFGVkL/iZzIavouNHJ61Ayt
+BQSO0qHtcCOZulb1o36HwC48uGdiNbb32xO2zEmV0Ieu068iSK3oiRraYVzBBHCI
+7CtROQy0nP0a12wvEqvYnUC4VGD/IEswhaEvzM4d+pNxg0CUSxh/svbSifizckf8
+kVPALJSawd8Dw67AfhFXjdl8xUSIG+uspqC/Yg2dOljbSZ9Yb5Kr0iO2a+aOxm6v
+wboT1b77kQFMwQ7VMMX1rAnJigwliZ3qnwXa8Plrp+yNbOZDaHvOTTRNrB3tnTCJ
+WVKwsfRdlQ6q6xtQJDUsWv8/MQ5p1Xfp9iJbV8PF/mvaCAWUT0i9+WIzDiME3sRM
+gpyfMZCdUFW1bsQMlwSVY20y0+gWLs5qwHxsUDkdvw5P0ze78XwfXJJxI7qyoM9R
+RfqeOwTPfKdMI1ggeInVbESsGL2K3VDzzkXFmeXSIPv4v6jLTn+UgaoOjHI8M7e9
+6B+82hgR4C65YVs7zPa5ZdSSvhDswJC4rzMLIrNVa5PIkeZVv9civ124P78sxeUX
+4ckrcB1lmCwZNtp0/5+iC+z2OWhwN6kFS+AA0Mmf+PRDM/8kfLbylQV1l9qRdb5Q
+POEI4z8zxDnHlUAXqz8/wO5/dzWmEUG0ymvzFDflCUd4+NzfI6o=
+=qyuD
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/SA-20:17/usb.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-20:17/usb.patch Tue Jun 9 16:36:54 2020 (r54224)
@@ -0,0 +1,112 @@
+--- lib/libusbhid/parse.c.orig
++++ lib/libusbhid/parse.c
+@@ -403,26 +403,28 @@
+ s->loc_count = dval & mask;
+ break;
+ case 10: /* Push */
++ /* stop parsing, if invalid push level */
++ if ((s->pushlevel + 1) >= MAXPUSH)
++ return (0);
+ s->pushlevel ++;
+- if (s->pushlevel < MAXPUSH) {
+- s->cur[s->pushlevel] = *c;
+- /* store size and count */
+- c->report_size = s->loc_size;
+- c->report_count = s->loc_count;
+- /* update current item pointer */
+- c = &s->cur[s->pushlevel];
+- }
++ s->cur[s->pushlevel] = *c;
++ /* store size and count */
++ c->report_size = s->loc_size;
++ c->report_count = s->loc_count;
++ /* update current item pointer */
++ c = &s->cur[s->pushlevel];
+ break;
+ case 11: /* Pop */
++ /* stop parsing, if invalid push level */
++ if (s->pushlevel == 0)
++ return (0);
+ s->pushlevel --;
+- if (s->pushlevel < MAXPUSH) {
+- c = &s->cur[s->pushlevel];
+- /* restore size and count */
+- s->loc_size = c->report_size;
+- s->loc_count = c->report_count;
+- c->report_size = 0;
+- c->report_count = 0;
+- }
++ c = &s->cur[s->pushlevel];
++ /* restore size and count */
++ s->loc_size = c->report_size;
++ s->loc_count = c->report_count;
++ c->report_size = 0;
++ c->report_count = 0;
+ break;
+ default:
+ break;
+--- sys/dev/usb/usb_hid.c.orig
++++ sys/dev/usb/usb_hid.c
+@@ -436,36 +436,36 @@
+ s->loc_count = dval & mask;
+ break;
+ case 10: /* Push */
++ /* stop parsing, if invalid push level */
++ if ((s->pushlevel + 1) >= MAXPUSH) {
++ DPRINTFN(0, "Cannot push item @ %d\n", s->pushlevel);
++ return (0);
++ }
+ s->pushlevel ++;
+- if (s->pushlevel < MAXPUSH) {
+- s->cur[s->pushlevel] = *c;
+- /* store size and count */
+- c->loc.size = s->loc_size;
+- c->loc.count = s->loc_count;
+- /* update current item pointer */
+- c = &s->cur[s->pushlevel];
+- } else {
+- DPRINTFN(0, "Cannot push "
+- "item @ %d\n", s->pushlevel);
+- }
++ s->cur[s->pushlevel] = *c;
++ /* store size and count */
++ c->loc.size = s->loc_size;
++ c->loc.count = s->loc_count;
++ /* update current item pointer */
++ c = &s->cur[s->pushlevel];
+ break;
+ case 11: /* Pop */
++ /* stop parsing, if invalid push level */
++ if (s->pushlevel == 0) {
++ DPRINTFN(0, "Cannot pop item @ 0\n");
++ return (0);
++ }
+ s->pushlevel --;
+- if (s->pushlevel < MAXPUSH) {
+- /* preserve position */
+- oldpos = c->loc.pos;
+- c = &s->cur[s->pushlevel];
+- /* restore size and count */
+- s->loc_size = c->loc.size;
+- s->loc_count = c->loc.count;
+- /* set default item location */
+- c->loc.pos = oldpos;
+- c->loc.size = 0;
+- c->loc.count = 0;
+- } else {
+- DPRINTFN(0, "Cannot pop "
+- "item @ %d\n", s->pushlevel);
+- }
++ /* preserve position */
++ oldpos = c->loc.pos;
++ c = &s->cur[s->pushlevel];
++ /* restore size and count */
++ s->loc_size = c->loc.size;
++ s->loc_count = c->loc.count;
++ /* set default item location */
++ c->loc.pos = oldpos;
++ c->loc.size = 0;
++ c->loc.count = 0;
+ break;
+ default:
+ DPRINTFN(0, "Global bTag=%d\n", bTag);
Added: head/share/security/patches/SA-20:17/usb.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-20:17/usb.patch.asc Tue Jun 9 16:36:54 2020 (r54224)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl7fuHtfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJLJQ//f4TcAEnnsKfnofV3rXJpfzYvmVwiSfTjZjqqtkFPOmr2tiL3HHARS1XP
+uYO4wC42dkzWt+P1VC5qggzaBSno3npXSKhGuMKz8xYnOLTuxec/A8cEWxKJU2o7
+LofYtF3reX4nn2nASngrL7ZraGTcqyG5YGSQrrmY4l1v+M0Cn9+pAy0vGig1Sb0F
+nWvf29W3GOCHSxuUv4BL9/EDTufxbbHa5+dYJkXzlwqGoVh1XKw3eB83CsdRJA1G
+TF06PPTAiyn4p+YDCnpbjLJ2uiAeCl3wRoVUcMupjwq/R3CAVTS6NonSBS+Y8okB
+BxOtkGUwkTLPBcFmmH5zpUM7m1T8vgm8tlTbyYAQCxXG+JZ0iAWYSTFwt9iUdLPg
+hkgQOrtbQxxqiOaecS0jFhDXN0H1QZwZZd9cmDRk73s3CMawL7yXFBgwYUYo293d
+JWbHBJh0LFYr9lSk3pbIWgbm/0NTGLbYG6sny0k4jFlPU1FnHAJ01LHeAEAndfay
+OL/2urC7WYCowXs/GxjCH9sYkZiE8M59NEfd3N9yk5n8uGWevaLV9Nuv9LT7kHWX
++vVy3rbi+G0CLDiS9RnYTu4R2z/+8viuOy5yJlY6BiS7U760slhmVIVVqVOEveC7
+CGThrfTmVdmQo+2rn3PZrhlCs+YZ6+rIJD+7fB4Ud4yoxVQe93U=
+=L/yA
+-----END PGP SIGNATURE-----
Modified: head/share/xml/advisories.xml
==============================================================================
--- head/share/xml/advisories.xml Tue Jun 9 13:22:43 2020 (r54223)
+++ head/share/xml/advisories.xml Tue Jun 9 16:36:54 2020 (r54224)
@@ -8,6 +8,19 @@
<name>2020</name>
<month>
+ <name>6</name>
+
+ <day>
+ <name>9</name>
+
+ <advisory>
+ <name>FreeBSD-SA-20:17.usb</name>
+ </advisory>
+
+ </day>
+ </month>
+
+ <month>
<name>5</name>
<day>
Modified: head/share/xml/notices.xml
==============================================================================
--- head/share/xml/notices.xml Tue Jun 9 13:22:43 2020 (r54223)
+++ head/share/xml/notices.xml Tue Jun 9 16:36:54 2020 (r54224)
@@ -8,6 +8,23 @@
<name>2020</name>
<month>
+ <name>6</name>
+
+ <day>
+ <name>9</name>
+
+ <notice>
+ <name>FreeBSD-EN-20:12.iflib</name>
+ </notice>
+
+ <notice>
+ <name>FreeBSD-EN-20:11.ena</name>
+ </notice>
+
+ </day>
+ </month>
+
+ <month>
<name>5</name>
<day>
More information about the svn-doc-head
mailing list