ipfw: fix possible data race between jump cache reading and updating.
Jump cache is used to reduce the cost of rule lookup for O_SKIPTO and
O_CALLRETURN actions. It uses rules chain id to check correctness of
cached value. But due to the possible race, there is the chance that
one thread can read invalid value. In some cases this can lead to out
of bounds access and panic.
Use thread fence operations to constrain the reordering of accesses.
Also rename jump_fast and jump_linear functions to jump_cached and
jump_lookup_pos respectively.
John Baldwin [Tue, 17 Aug 2021 21:39:58 +0000 (14:39 -0700)]
OpenSSL: Refactor KTLS tests to better support TLS 1.3.
Most of this upstream commit touched tests not included in the
vendor import. The one change merged in is to remove a constant
only present in an internal header to appease the older tests.
John Baldwin [Tue, 17 Aug 2021 21:39:32 +0000 (14:39 -0700)]
OpenSSL: Update KTLS documentation
KTLS support has been changed to be off by default, and configuration is
via a single "option" rather two "modes". Documentation is updated
accordingly.
John Baldwin [Tue, 17 Aug 2021 21:39:03 +0000 (14:39 -0700)]
OpenSSL: Only enable KTLS if it is explicitly configured
It has always been the case that KTLS is not compiled by default. However
if it is compiled then it was automatically used unless specifically
configured not to. This is problematic because it avoids any crypto
implementations from providers. A user who configures all crypto to use
the FIPS provider may unexpectedly find that TLS related crypto is actually
being performed outside of the FIPS boundary.
Instead we change KTLS so that it is disabled by default.
We also swap to using a single "option" (i.e. SSL_OP_ENABLE_KTLS) rather
than two separate "modes", (i.e. SSL_MODE_NO_KTLS_RX and
SSL_MODE_NO_KTLS_TX).
John Baldwin [Tue, 17 Aug 2021 21:37:47 +0000 (14:37 -0700)]
OpenSSL: Correct the return value of BIO_get_ktls_*().
BIO_get_ktls_send() and BIO_get_ktls_recv() are documented as
returning either 0 or 1. However, they were actually returning the
internal value of the associated BIO flag for the true case instead of
1.
John Baldwin [Tue, 10 Aug 2021 21:18:43 +0000 (14:18 -0700)]
nfs tls: Update for SSL_OP_ENABLE_KTLS.
Upstream OpenSSL (and the KTLS backport) have switched to an opt-in
option (SSL_OP_ENABLE_KTLS) in place of opt-out modes
(SSL_MODE_NO_KTLS_TX and SSL_MODE_NO_KTLS_RX) for controlling kernel
TLS.
Kevin Bowling [Mon, 23 Aug 2021 16:21:39 +0000 (09:21 -0700)]
ixgbe: Avoid sbuf_trim(9) in sysctl handler
This was an error, we cannot use sbuf_trim(9) in the
ixgbe_sbuf_fw_version function because it also gets called in
the context of sbuf_new_for_sysctl(9). sbuf(9) explains the interaction
with drain functions as used by sbuf_new_for_sysctl(9).
The macro bit_foreach() traverses all set bits in the bitstring in the
forward direction, assigning each location in turn to variable.
The macro bit_foreach_at() traverses all set bits in the bitstring in
the forward direction at or after the zero-based bit index, assigning
each location in turn to variable.
The bit_foreach_unset() and bit_foreach_unset_at() macros which
traverses unset bits are implemented for completeness.
Kyle Evans [Wed, 18 Aug 2021 17:31:45 +0000 (12:31 -0500)]
uipc: avoid circular pr_{slow,fast}timos
domain_init() gets reinvoked for each vnet on a system, so we must not
alter global state. Practically speaking, we were creating circular
lists and tying up a softclock thread into an infinite loop.
The breakage here was most easily observed by simply creating a jail
in a new vnet and watching the system suddenly become erratic.
Reported by: markj
Fixes: e0a17c3f063f ("uipc: create dedicated lists for fast ...")
Pointy hat: kevans
Alexander Motin [Mon, 9 Aug 2021 01:34:33 +0000 (21:34 -0400)]
Optimize res_find().
When the device name is provided, we can simply run strncmp() for each
line to quickly skip unrelated ones, that is much faster than sscanf()
and only then strcmp().
Mark Johnston [Mon, 16 Aug 2021 17:15:25 +0000 (13:15 -0400)]
sigtimedwait: Use a unique wait channel for sleeping
When a sigtimedwait(2) caller goes to sleep, it uses a wait channel of
p->p_sigacts with the proc lock as the interlock. However, p_sigacts
can be shared between processes if a child is created with
rfork(RFSIGSHARE | RFPROC). Thus we can end up with two threads
sleeping on the same wait channel using different locks, which is not
permitted.
Fix the problem simply by using a process-unique wait channel, following
the example of sigsuspend. The actual wait channel value is irrelevant
here, sleeping threads are awoken using sleepq_abort().
Reported by: syzbot+8c417afabadb50bb8827@syzkaller.appspotmail.com
Reported by: syzbot+1d89fc2a9ef92ef64fa8@syzkaller.appspotmail.com
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Alan Somers [Wed, 21 Jul 2021 21:11:00 +0000 (15:11 -0600)]
Escape any '.' characters in sysctl node names
ZFS creates some sysctl nodes that include a pool name, and '.' is an
allowed character in pool names. But it's the separator in the sysctl
tree, so it can't be included in a sysctl name. Replace it with "%25".
Handily, "%" is illegal in ZFS pool names, so there's no ambiguity
there.
Add zfskeys rc.d script for auto-loading encryption keys
ZFS in 13 supports encryption, but for the use case where keys are
available in plaintext on disk there is no mechanism for automatically
loading keys on startup.
This script will, by default, look for any dataset with encryption and
keylocation prefixed with file://. It will attempt to unlock, timing
out after 10 seconds for each dataset found.
User can optionally specify explicitly which datasets to attempt to
unlock.
Also supports (optionally by force) unmounting filesystems and unloading
associated keys.
Alexander Motin [Sun, 8 Aug 2021 22:19:08 +0000 (18:19 -0400)]
kbdmux(4): Make callout handler mpsafe.
Both callout and taskqueue now have drain() routines not requiring
external locking. It allows to remove TASK flag and manual drain,
so the only thing remaining for lock to protect inside the callout
handler is ks_inq_length zero comparison, that can be lockless.
Mark Johnston [Thu, 27 May 2021 19:49:32 +0000 (15:49 -0400)]
kevent: Prohibit negative change and event list lengths
Previously, a negative change list length would be treated the same as
an empty change list. A negative event list length would result in
bogus copyouts. Make kevent(2) return EINVAL for both cases so that
application bugs are more easily found, and to be more robust against
future changes to kevent internals.
Reviewed by: imp, kib
Sponsored by: The FreeBSD Foundation
kern: ether_gen_addr: randomize on default hostuuid, too
Currently, this will still hash the default (all zero) hostuuid and
potentially arrive at a MAC address that has a high chance of collision
if another interface of the same name appears in the same broadcast
domain on another host without a hostuuid, e.g., some virtual machine
setups.
Instead of using the default hostuuid, just treat it as a failure and
generate a random LA unicast MAC address.
Dimitry Andric [Mon, 16 Aug 2021 16:56:41 +0000 (18:56 +0200)]
Apply upstream lldb fix for unhandled Error causing abort
Merge commit 5033f0793fe6 from llvm git (by Dimitry Andric):
[lldb] Avoid unhandled Error in TypeSystemMap::GetTypeSystemForLanguage
When assertions are turned off, the `llvm::Error` value created at the
start of this function is overwritten using the move-assignment
operator, but the success value is never checked. Whenever a TypeSystem
cannot be found or created, this can lead to lldb core dumping with:
Program aborted due to an unhandled Error:
Error value was Success. (Note: Success values must still be checked prior to being destroyed).
Fix this by not creating a `llvm::Error` value in advance, and directly
returning the result of `llvm::make_error` instead, whenever an error is
encountered.
See also: <https://bugs.freebsd.org/253881> and
<https://bugs.freebsd.org/257829>.
Cy Schubert [Thu, 12 Aug 2021 13:38:21 +0000 (06:38 -0700)]
wpa: Add wpa_cli action file event
Yang Zhong at FreeBSD Foundation is working on a wireless network
configuratior for an experimental FreeBSD installer. The new installer
requires an event to detect when connecting to a network fails due to a
bad password. When this happens a WPA-EVENT-TEMP-DISABLED event is
triggered. This patch passes the event to an action file provided by
the new experimental installer.
Submitted by: Yang Zhong <yzhong () freebsdfoundation.org>
Reviewed by: assumed to be reviewed by emaste (and cy)
Cy Schubert [Wed, 2 Jun 2021 19:46:02 +0000 (12:46 -0700)]
wpa: Fix a SIGBUS error in wpa_sm_set_rekey_offload
Incorrectly linked built-in wpa functions resulted in overwriting
sm->ctx->set_rekey_offload with garbage. It was initialized correctly
however it changed after wpa_supplicant became a daemon.
No SIGBUS violations reported by dhw@ were experienced during testing
of the original commit by msyelf or philip@.
Cy Schubert [Thu, 20 May 2021 21:28:17 +0000 (14:28 -0700)]
wpa: Restructure wpa build
The current WPA build assumes a flat namespace. However the latest sources
from w1.fi now have a duplicate config.c, in two separate subdirectories.
The flat namespace will overwrite config.o with the output from the most
recently modified config.c, of which there are two of them.
This commit resolves this problem by building each component in
wpa's src subdirectory tree into its own .a archive, just as the w1.fi
upstream build as used by the port does. The advantages of this approach
are:
1. Duplicate source file names, i.e. config.c in the wpa_supplicant
direcory and another config.c in src/utils in the next wpa
will result in both compiles writing to the same .o file.
2. This restructure simplifies maintanence. A develper needs only to add
new files as identified by git status in the vendor branch to the
appropriate Makefile within the usr.sbin/wpa tree. This also reduces
time required to prepare a new import and should reduce error.
3. The new wpa build structure more closely represents the build as
performed by the upstream tarball.
This is in preparation for the next wpa update from w1.fi.
Reviewed by: philip
Tested by: philip
Differential Revision: https://reviews.freebsd.org/D30372