Protect IGMP and MLD6 fast timer with rwlock.
Multicast interface addresses for IPv4 and IPv6 get their own per
interface lock. Protect the TAILQ if_maddrlist with rwlock
if_maddrlock. Also struct in_multi and in6_multi use this lock for
their state and timer. Sleeps in malloc(9) are possible. Run IGMP
and MLD6 fast timeout with shared instead of exclusive net lock.
To prevent calling ip_output() or ip6_output() while holding the
multicast lock, delay igmp_sendpkt() and mld6_sendpkt(). All
information that is needed to create and send a multicast packet
is stored in igmp_pktinfo or mld6_pktinfo. If necessary, multiple
pktinfo are queued. After the lock has been released, packes are
sent based on pktinfo.
OK mvs@
Found another deeply hidden open /dev/null O_RDWR which was happening
in awk -safe mode. Reproducer is awk -safe '{ close("/dev/stdin"); }
Rerrange the pledges and unveils to make it work.
ok millert dgl
The percentage heuristic has failed for me on 40% of the machines
I run, so it is clear it is going to fail for many more people when
the next release comes out. It is wrong, back it out.
Ignore TCP SACK packets with invalid sequence numbers.
Due to an integer overflow, sequence numbers in selective ACK packets
were accepted. Such packets caused a NULL pointer dereference in
the TCP stack, resulting in a kernel crash.
Reported by Nicholas Carlini at anthropic dot com
with deraadt@; OK markus@
this is errata/7.7/031_sack.patch.sig
Ignore TCP SACK packets with invalid sequence numbers.
Due to an integer overflow, sequence numbers in selective ACK packets
were accepted. Such packets caused a NULL pointer dereference in
the TCP stack, resulting in a kernel crash.
Reported by Nicholas Carlini at anthropic dot com
with deraadt@; OK markus@
this is errata/7.8/025_sack.patch.sig
Ignore TCP SACK packets with invalid sequence numbers.
Due to an integer overflow, sequence numbers in selective ACK packets
were accepted. Such packets caused a NULL pointer dereference in
the TCP stack, resulting in a kernel crash.
Reported by Nicholas Carlini at anthropic dot com
with deraadt@; OK markus@
Backport fixes from libexpat version 2.7.5.
Relevant for OpenBSD are security fixes #1158 #1161 #1162 #1163,
other changes #1156 #1153. Library bump is not necessary.
CVE-2026-32776CVE-2026-32777CVE-2026-32778
OK tb@
this is errata/7.7/030_expat.patch.sig
Backport fixes from libexpat version 2.7.5.
Relevant for OpenBSD are security fixes #1158 #1161 #1162 #1163,
other changes #1156 #1153. Library bump is not necessary.
CVE-2026-32776CVE-2026-32777CVE-2026-32778
this is errata/7.8/024_expat.patch.sig
switch iwx(4) MA devices to -89 firmware images
Also fix the firmware filename for MA HR devices, and do not try to
load a non-existent .pnvm file for these devices.
tested by + ok kettenis@
drm/amd: Fix a few more NULL pointer dereference in device cleanup
From Mario Limonciello
38f1640db7f8bf57b9e09c5b0b8b205a598f1b3e in linux-6.18.y/6.18.19
72ecb1dae72775fa9fea0159d8445d620a0a2295 in mainline linux
drm/i915/psr: Repeat Selective Update area alignment
From Jouni Hogander
0189bf176dbe6e07cde08a6121108eda3bd18b06 in linux-6.18.y/6.18.19
1be2fca84f520105413d0d89ed04bb0ff742ab16 in mainline linux
drm/i915: Fix potential overflow of shmem scatterlist length
From Janusz Krzysztofik
eae4bf4107571283031db96ce132e951615e2ae4 in linux-6.18.y/6.18.19
029ae067431ab9d0fca479bdabe780fa436706ea in mainline linux
drm/amd: Fix NULL pointer dereference in device cleanup
From Mario Limonciello
43025c941aced9a9009f9ff20eea4eb78c61deb8 in linux-6.18.y/6.18.19
062ea905fff7756b2e87143ffccaece5cdb44267 in mainline linux
drm/amd: Set num IP blocks to 0 if discovery fails
From Mario Limonciello
57579312e0e87dffa2aeca9acd4ba2ec25da999d in linux-6.18.y/6.18.19
3646ff28780b4c52c5b5081443199e7a430110e5 in mainline linux
drm/amdgpu: Fix use-after-free race in VM acquire
From Alysa Liu
7885eb335d8f9e9942925d57e300a85e3f82ded4 in linux-6.18.y/6.18.19
2c1030f2e84885cc58bffef6af67d5b9d2e7098f in mainline linux
drm/amd/pm: remove invalid gpu_metrics.energy_accumulator on smu v13.0.x
From Yang Wang
33c3a4db31719d414f0622659ca086b708270c9f in linux-6.18.y/6.18.19
68785c5e79e0fc1eacf63026fbba32be3867f410 in mainline linux
drm/amd/display: Fallback to boot snapshot for dispclk
From Dillon Varone
1a34999922ba6c95df6e3ba5c82624f61323f82b in linux-6.18.y/6.18.19
30d937f63bd19bbcaafa4b892eb251f8bbbf04ef in mainline linux
drm/i915/alpm: ALPM disable fixes
From Jouni Hogander
32cca65189823f93ba89677a96b106e902b2dc9b in linux-6.18.y/6.18.19
eb4a7139e97374f42b7242cc754e77f1623fbcd5 in mainline linux
drm/amd: Disable MES LR compute W/A
From Mario Limonciello
06ef2ba582c68daa6bdaaef82827734d9f07b8fd in linux-6.18.y/6.18.19
6b0d812971370c64b837a2db4275410f478272fe in mainline linux
drm/amdgpu: add upper bound check on user inputs in wait ioctl
From Sunil Khatri
b1d10508da559da2e0ca9cca6505094a7df948e1 in linux-6.18.y/6.18.19
64ac7c09fc44985ec9bb6a9db740899fa40ca613 in mainline linux
drm/amdgpu/userq: Fix reference leak in amdgpu_userq_wait_ioctl
From Tvrtko Ursulin
762f47e2b824383d5be65eee2c40a1269b7d50c8 in linux-6.18.y/6.18.19
49abfa812617a7f2d0132c70d23ac98b389c6ec1 in mainline linux
drm/amdgpu: add upper bound check on user inputs in signal ioctl
From Sunil Khatri
6fff5204d8aa26b1be50b6427f833bd3e8899c4f in linux-6.18.y/6.18.19
ea78f8c68f4f6211c557df49174c54d167821962 in mainline linux
drm/amdgpu: ensure no_hw_access is visible before MMIO
From Perry Yuan
1051eb2f53886ec7e36896dfa356884d7212443a in linux-6.18.y/6.18.19
31b153315b8702d0249aa44d83d9fbf42c5c7a79 in mainline linux
