Ed Maste [Fri, 5 May 2023 23:11:52 +0000 (19:11 -0400)]
libfido2: update to 1.9.0
Some highlights from NEWS:
** Added OpenSSL 3.0 compatibility.
** Removed OpenSSL 1.0 compatibility.
** Support for FIDO 2.1 "minPinLength" extension.
** Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation.
** Support for TPM 2.0 attestation.
** Support for device timeouts; see fido_dev_set_timeout().
** New API calls:
- es256_pk_from_EVP_PKEY;
- fido_cred_attstmt_len;
- fido_cred_attstmt_ptr;
- fido_cred_pin_minlen;
- fido_cred_set_attstmt;
- fido_cred_set_pin_minlen;
- fido_dev_set_pin_minlen_rpid;
- fido_dev_set_timeout;
- rs256_pk_from_EVP_PKEY.
** Reliability and portability fixes.
** Better handling of HID devices without identification strings; gh#381.
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Ed Maste [Wed, 19 Jul 2023 17:02:33 +0000 (13:02 -0400)]
ssh: Update to OpenSSH 9.3p2
From the release notes:
Changes since OpenSSH 9.3
=========================
This release fixes a security bug.
Security
========
Fix CVE-2023-38408 - a condition where specific libaries loaded via
ssh-agent(1)'s PKCS#11 support could be abused to achieve remote
code execution via a forwarded agent socket if the following
conditions are met:
* Exploitation requires the presence of specific libraries on
the victim system.
* Remote exploitation requires that the agent was forwarded
to an attacker-controlled system.
Exploitation can also be prevented by starting ssh-agent(1) with an
empty PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring
an allowlist that contains only specific provider libraries.
This vulnerability was discovered and demonstrated to be exploitable
by the Qualys Security Advisory team.
In addition to removing the main precondition for exploitation,
this release removes the ability for remote ssh-agent(1) clients
to load PKCS#11 modules by default (see below).
* ssh-agent(8): the agent will now refuse requests to load PKCS#11
modules issued by remote clients by default. A flag has been added
to restore the previous behaviour "-Oallow-remote-pkcs11".
Note that ssh-agent(8) depends on the SSH client to identify
requests that are remote. The OpenSSH >=8.9 ssh(1) client does
this, but forwarding access to an agent socket using other tools
may circumvent this restriction.
Security: CVE-2023-38408
Sponsored by: The FreeBSD Foundation
bcmp() returned the number of remaining bytes when the main loop exits.
In case of a match, this is zero, else a positive integer. On systems
where SIZE_MAX > INT_MAX, the implicit conversion from size_t to int in
the return value may cause the number of remaining bytes to overflow,
becoming zero and falsely indicating a successful comparison.
Fix the bug by always returning 0 on equality, 1 otherwise.
PR: 272474
Approved by: emaste
Reviewed by: imp
MFC After: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41011
lib/libc/string: replace ffs/fls implementations with clang builtins
Most architectures we support (except for riscv64) have instructions
to compute these functions very quickly. Replace old code with the
ftz and clz builtin functions, allowing clang to generate good code
for all architectures.
We cannot use the ffs builtins as gcc uses ffs() to implement these on
some platforms, potentially causing an infinite loop.
As a consequence, toss out arm and i386 ffs() implementations.
iflib: Unlock ctx lock around call to ether_ifattach()
Panic occurs during loading driver using kldload. It exists since netlink is
enabled. There is problem with double locking ctx. This fix allows to call
ether_ifattach() without locked ctx.
Brooks Davis [Wed, 14 Jun 2023 17:55:54 +0000 (18:55 +0100)]
oce(4): deprecate
The Emulex OneConnect NIC driver hasn't seen any commits other than ioctl
bug fixes (some severe) and sweeping commits since 2016. There is no
indication of new parts since 2014 or earlier. As such, deprecate the
driver with the aim of removing it prior to FreeBSD 15.
Brooks Davis [Wed, 14 Jun 2023 17:55:41 +0000 (18:55 +0100)]
oce(4): Don't directly access usespace
Replace direct stores to userspace addresses (never safe and broken on
modern CPUs) with a copyout. Use a static assert on the size to ensure
we don't overflow the field.
The lang/python3 port had failed to properly install because
it did in fact already exist and FORCE_PKG_REGISTER was not
set. So, behaviorally everything here was correct. However,
installing lang/python3 is in fact not correct and not needed,
so only install the lang/python port to provide symbolic links.
When libc switched to generation of logs as per RFC 5424,
that change broke application ability to insert specific process id
using ident[N] format, the feature existed for decades.
Some processes rely on it (including logger and syslogd).
Later the regression was fixed but the feature remained undocumented.
This change documents it.
Mitchell Horne [Fri, 16 Jun 2023 16:38:43 +0000 (13:38 -0300)]
hwpmc(4): document debugging options
The debug options for hwpmc are not documented in detail anywhere, and
setting it up was error-prone the first time I had to figure it out (and
each time I've had to remember it). Add some explanation of the required
options and describe the kern.hwpmc.debugflags sysctl format.
Reviewed by: emaste
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40545
Mitchell Horne [Fri, 16 Jun 2023 16:38:19 +0000 (13:38 -0300)]
pmc: clarify and strengthen statements about API/ABI
- Make it clear that applications are not only encouraged to use the
pmc(3) library, but use of the hwpmc(4) interface directly is a
use-case we do not support
- Move the COMPATIBILITY section above PROGRAMMING API in hwpmc(4)
- Drop statements about the driver and library being "under development"
Reviewed by: jkoshy, emaste
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40543
Ed Maste [Wed, 28 Jun 2023 18:50:49 +0000 (14:50 -0400)]
login.conf: document how to specify env var values with commas
As of f32db406504e quotes may be used to specify login class
capabilities that include commas. This is true in general but is
particularly relevant for setenv, a comma-separated list of environment
variables and values, so mention it there.
Doug Rabson [Tue, 20 Jun 2023 13:01:58 +0000 (14:01 +0100)]
pf: Add code to enable filtering for locally delivered packets
This is disabled by default since it potentially changes the behavior of
existing filter rule sets. To enable this extra filter for packets being
delivered locally, use:
Doug Rabson [Wed, 24 May 2023 13:11:37 +0000 (14:11 +0100)]
netinet*: Fix redirects for connections from localhost
Redirect rules use PFIL_IN and PFIL_OUT events to allow packet filter
rules to change the destination address and port for a connection.
Typically, the rule triggers on an input event when a packet is received
by a router and the destination address and/or port is changed to
implement the redirect. When a reply packet on this connection is output
to the network, the rule triggers again, reversing the modification.
When the connection is initiated on the same host as the packet filter,
it is initially output via lo0 which queues it for input processing.
This causes an input event on the lo0 interface, allowing redirect
processing to rewrite the destination and create state for the
connection. However, when the reply is received, no corresponding output
event is generated; instead, the packet is delivered to the higher level
protocol (e.g. tcp or udp) without reversing the redirect, the reply is
not matched to the connection and the packet is dropped (for tcp, a
connection reset is also sent).
This commit fixes the problem by adding a second packet filter call in
the input path. The second call happens right before the handoff to
higher level processing and provides the missing output event to allow
the redirect's reply processing to perform its rewrite. This extra
processing is disabled by default and can be enabled using pfilctl:
pfilctl link -o pf:default-out inet-local
pfilctl link -o pf:default-out6 inet6-local
libbe: bail out early if the zfs kmod isn't loaded
As noted in the comment, we already know the rest of libbe_init() will
fail because there's no pool imported. Avoid the side effect by
checking beforehand and bailing out early.
With this, freebsd-update(8) should no longer trigger a load of the zfs
kmod just because it runs `bectl check`.
Kyle Evans [Wed, 21 Jun 2023 18:56:58 +0000 (13:56 -0500)]
wg: fix a number of issues with module load failure handling
If MOD_LOAD fails, then MOD_UNLOAD will be called to unwind module
state, but wg_module_init() will have already deinitialized everything
it needs to in a manner that renders it unsafe to call MOD_UNLOAD
after (e.g., freed zone not reset to NULL, wg_osd_jail_slot not reset
to 0). Let's simply stop trying to handle freeing everything in
wg_module_init() to simplify it; let the subsequent MOD_UNLOAD deal with
it, and let's make that robust against partially-constructed state.
jhb@ notes that MOD_UNLOAD being called if MOD_LOAD fails is kind of an
anomaly that doesn't match other paradigms in the kernel; e.g., if
device_attach() fails, we don't invoke device_detach(). It's likely
that a future commit will revert this and instead stop calling
MOD_UNLOAD if MOD_LOAD fails, expecting modules to clean up after
themselves in MOD_LOAD upon failure. Some other modules already do this
and may see similar problems to the wg module (see: carp). The proper
fix is decidedly a bit too invasive to do this close to 14 branching,
and it requires auditing all kmods (base + ports) for potential leaks.
Kyle Evans [Mon, 19 Jun 2023 05:31:16 +0000 (00:31 -0500)]
acl_is_trivial_np(3): minor fixes
- Correct the document title
- This function has an _np suffix
- acl_strip_np has a manpage, xref it
- RETURN VALUES should describe acl_is_trivial_np, not acl_get_tag_type
hier(7): remove entry for non-existent /usr/compat
This is historical (?), but today /compat is the default according to
linux(4). The only remaining reference to /usr/compat in the src tree is
under tools/test/stress2.
Add a next-level entry for /compat/linux.
PR: 261349
Reviewed by: grahamperrin, karels, dchagin
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40876
Kristof Provost [Thu, 18 May 2023 18:04:45 +0000 (20:04 +0200)]
if_bridge: fix potential panic
When a new bridge_rtnode is added it is added with a NULL brt_dst. The
brt_dst is set after the entry is added. This means there's a small
window where another core could also attempt to add this node, leading
to the code attempting to log that the MAC addresses moved to a new
interface.
Aside from that being a spurious log entry it also panics, because
obif is NULL (and we attempt to dereference it).
Avoid this by settings brt_dst before we insert the bridge_rtnode.
Assert that obif is non-NULL, as an extra precaution.
Mitchell Horne [Tue, 20 Jun 2023 14:52:26 +0000 (11:52 -0300)]
riscv: improve KTR_TRAP trace entries
For more informative records of exceptions, include key details such as
the exception code and stval register contents. Remove the curthread
argument as it is redundant (saved with every ktr entry), and the
trapframe as it is somewhat meaningless.
Add a new KTR_TRAP trace record for interrupts.
Reviewed by: markj, jhb
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40584
Val Packett [Sat, 17 Jun 2023 16:29:53 +0000 (13:29 -0300)]
amdtemp: Fix missing 49 degree offset on current EPYC CPUs
On an EPYC 7313P, the temperature reported by amdtemp was off, because
the offset was not applied. Turns out it needs to be applied with one
more condition: https://lkml.org/lkml/2023/4/13/1095
Mykola Hohsadze [Sat, 17 Jun 2023 15:31:25 +0000 (12:31 -0300)]
arm64/disassem.c: Add shifted register definitions with ror
Add disassembly support for the following shifted register instructions:
* mvn
* orn
* orr
* and
* ands
* bic
* bics
* eon
* eor
* tst
According to Arm64 documenation, operational pseuducode of shifted
register instruction must return `UNDEFINED` if shift type is `RESERVED`
('11'). Hence, removed "rsv" from `shift_2` array and add "ror". In case
of shift type is 3 and this type is `RESERVED`, we will return
`undefined`.
Mitchell Horne [Thu, 29 Jun 2023 16:53:52 +0000 (13:53 -0300)]
hier(7): adjust overlays/ subdirectory
Device tree overlays are installed in /boot/dtb/overlays by default.
Adjust the comment to mention fdt_overlays and loader.conf, but do not
repeat what is said in the parent directory's description.
PR: 261349
Reviewed by: grahamperrin, kevans
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40785
Mitchell Horne [Mon, 12 Jun 2023 18:59:00 +0000 (15:59 -0300)]
mac(9): update SEE ALSO
Rather than maintaining an incomplete list of MAC modules references,
just reference mac(4), where such a list can be found.
Reviewed by: Mina Galić <freebsd@igalic.co>
Reviewed by: Pau Amma <pauamma@gundo.com>
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40485
Mitchell Horne [Mon, 12 Jun 2023 18:56:34 +0000 (15:56 -0300)]
mac(4): update the references to MAC modules
Add entries for mac_ntpd(4) and mac_priority(4) to the table of MAC
modules.
Drop the entry for mac_none(4) from the list, but retain the
cross-reference in SEE ALSO. This module has no functional impact and is
of minimal interest to users. Add a new cross-reference to the similar
mac_stub(4), limited to SEE ALSO for the same reasoning.
Reviewed by: Pau Amma <pauamma@gundo.com>
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40483
Mark Johnston [Fri, 23 Jun 2023 13:55:43 +0000 (09:55 -0400)]
netinet6: Implement in6_cksum_partial() using m_apply()
This ensures that in6_cksum_partial() can be applied to unmapped mbufs,
which can happen at least when icmp6_reflect() quotes a packet.
The basic idea is to restructure in6_cksum_partial() to operate on one
mbuf at a time. If the buffer length is odd or unaligned, an extra
residual byte may be returned, to be incorporated into the checksum when
processing the next buffer.
PR: 268400
Reviewed by: cy
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40598
Mark Johnston [Fri, 23 Jun 2023 13:54:39 +0000 (09:54 -0400)]
pseudofs: Fix a potential out-of-bounds access in pfs_lookup()
pseudofs nodes store their name in a flexible array member, so the node
allocation is sized using the length of the name, including a nul
terminator. pfs_lookup() scans a directory of nodes, comparing names to
find a match. The comparison was incorrect and assumed that all node
names were at least as long as the name being looked up, which of course
isn't true.
I believe the bug is mostly harmless since it cannot result in false
positive or negative matches from the lookup, but it triggers a KASAN
check.
Juraj Lutter [Tue, 6 Jun 2023 11:40:49 +0000 (13:40 +0200)]
periodic: Honor kern.localbase
Take kern.localbase into account with fallback to /usr/local and
also allow for LOCALBASE/etc/periodic.conf (similarly to what
many other utilities do).
Rick Macklem [Fri, 7 Apr 2023 19:57:26 +0000 (12:57 -0700)]
nfscl: Fix support for doing Null RPCs
Although the NFS client does not currently perform Null RPCs,
this fix is needed if/when it might do so.
Found during testing of experimental code that uses Null RPCs
to maintain/monitor TCP connections for "nconnect" mounts.
Mark Johnston [Wed, 28 Jun 2023 20:06:37 +0000 (16:06 -0400)]
bhyve: Rename a pci_cfgrw() parameter
pci_cfgrw() may be called via a write to the extended config space,
which is memory-mapped. In this case, the name "eax" is misleading.
Give it a more generic name. No functional change intended.
Greg Becker [Tue, 27 Jun 2023 01:08:29 +0000 (20:08 -0500)]
libpthread: allocate rwlocks and spinlocks in dedicated cachelines
Reduces severe performance degradation due to false-sharing. Note that this
does not account for hardware which can perform adjacent cacheline prefetch.
[mjg: massaged the commit message and the patch to use aligned_alloc
instead of malloc]
This matches GNU m4's -G / --traditional option, and although BSD m4 in non-GNU mode is not exactly identical to GNU mode in traditional mode, it's close enough.
Rick Macklem [Sun, 18 Jun 2023 20:02:20 +0000 (13:02 -0700)]
mount_nfs.8: Note a case where the "nconnect" option does not work
The "nconnect" NFS mount option will not work
correctly for servers where the TCP connections
might connect to different NFS clusters that do not
share NFSv4.1/4.2 state information, such as file locks.
This patch adds a sentence to the "nconnect" section
of mount_nfs.8 noting this case.
projects / FreeBSD / FreeBSD.git / log