Fix use after free in ND6 DAD timer.
In IPv6 neighbor discovery, the duplicate address detection code
could trigger a use after free. Kernel reported a data modifed on
NDP freelist panic. The offset pointed to timeout field of struct
dadq.
nd6_dad_stop() calls nd6_dad_stoptimer() and nd6_dad_destroy()
without waiting for the timer to run before freeing. As a quick
fix implement a reaper on the timeout queue.
While there remove an useless NULL check in nd6_dad_timer().
OK florian@
Minor exception handling bug and comment fixes.
Also, revert override of TARGET_BUILTIN_SETJMP_FRAME_VALUE - this was done
while experimenting with sjlj exceptions support, to make them work better,
but now that unwinding works it is no longer useful.
Define AVOID_CCMODE_COPIES. While CCmode values are kept in registers, there
is no reason to copy {f,}cmp results to another register; prefer keeping that
register live as long as necessary.
Fix precedence problem in PkgCreate version check
Noticed when testing out perl 5.42 which has a new warning for this.
"Go Ahead" Marc Espie <marc.espie.openbsd () gmail ! com>
mlkem_public_to_private: fix overread/information leak
After the guts of MLKEM_public_key were changed from a union to a struct,
the aligner grew the struct, leaking as many bytes of private key data as
the struct grew (on normal platforms that would be 2).
Ideally this would all be a bit more robust.
CID 621603 621604
ok jsing kenjiro
require unrestricted guest support for VMX hosts using vmm(4)
Support for CPUs that don't allow unrestricted guest support is getting
in the way of making progress elsewhere. This diff requires support for
unrestricted guest capability in the host CPU.
Practically speaking, this means original first-generation Nehalem
microarchitecture machines won't be supported anymore. Even before this
change, those CPUs were very limited in what guest VMs they could run
with vmm(4) anyway - they could only use the -b option to directly boot
an OpenBSD kernel, not being able to support a BIOS. This diff adds
code to check for the required capabilities, and not attach vmm(4)
if we don't detected a supported configuration.
FWIW, the CPUs affected by this change are now close to 15 years old.
ok dv
discussed with deraadt
