eugen [Mon, 10 Dec 2018 14:12:04 +0000 (14:12 +0000)]
MFC r340321: Move definition of $jail_conf variable to /etc/defaults/rc.conf
from jail startup script so it can be successfully queried
with the command "sysrc jail_conf".
eugen [Mon, 10 Dec 2018 13:47:05 +0000 (13:47 +0000)]
MFC r340319: jail(8): introduce new command option -e to exhibit
a list of configured non-wildcard jails with their parameters,
no matter running or not.
The option -e takes separator argument that is used
to separate printed parameters. It will be used with following
additions to system periodic scripts to differentiate parts
of directory tree belonging jails as opposed to host's.
Restore handling of PMTU discovery, removed through an unifdef(1)
following the MFV of r254219 into r255332. In addition the 'FreeBSD'
macro was never defined in ipfilter 5.1.2 thus it never would have
been enabled in the first place.
This work is prompted by a general cleanup of the IP Filter code
prompted by working to resolve a PR. More to follow.
Remove IFF_DRVRLOCK as it is used in IRIX only (and we all know IRIX
is dead). This includes collaterally removing code shared by HP/UX,
SGI, and Linux, where IP Filter will in all likelihood for various
reasons never run again.
MFC r341008:
Fix possible panic during ifnet detach in rtsock.
The panic can happen, when some application does dump of routing table
using sysctl interface. To prevent this, set IFF_DYING flag in
if_detach_internal() function, when ifnet under lock is removed from
the chain. In sysctl_rtsock() take IFNET_RLOCK_NOSLEEP() to prevent
ifnet detach during routes enumeration. In case, if some interface was
detached in the time before we take the lock, add the check, that ifnet
is not DYING. This prevents access to memory that could be freed after
ifnet is unlinked.
kevans [Thu, 6 Dec 2018 19:18:51 +0000 (19:18 +0000)]
Fix kenv handling in stable/11 following r337333
The aforementioned commit merged revised static_env/static_hint handling to
allow static_env and loader env to coexist with the variable
loader_env.disabled=0. init_static_kenv had been rewritten slighly in an
attempt to maintain historical behavior: the static environment and loader
environment are mutually exclusive, unless the latter disables the former.
The rewritten version botched this by only setting up the loader environment
if the static environment was empty or if the loader environment was
specifically enabled. It was never given a chance to disable the static
environment, so the default behavior was broken unless the loader
environment was specifically enabled by the static environment.
Rewrite this again to do the right thing:
- Setup the static environment and check loader_env.disabled; if it's
explicitly enabled, we're done.
- Check static_{env,hints}.disabled and "empty out" the respective
environments as needed
- Finally, check: if the static environment is not empty and we've not
explicitly re-enabled the static environment with loader_env.disabled=0,
we tear the loader environment (which was setup to 'keep things simple')
down again.
Future commits to head (and subsequently MFC'd) will likely zero these
environments out if they're disabled since this normally happens when
they're merged into the dynamic environment.
This is a direct commit to stable/11 because this particular bug does not
apply to head.
yuripv [Thu, 6 Dec 2018 11:52:07 +0000 (11:52 +0000)]
MFC r339827:
localedef: define characters in "space" class also as "print", except
for the known conflicts ("control" characters can't be "print"able).
POSIX doesn't explicitly forbid this, and actually includes <space>
character in "print".
yuripv [Thu, 6 Dec 2018 11:49:52 +0000 (11:49 +0000)]
MFC r339311, r339313:
Restore some of the ctype definitions reported in the PR from pre-CLDR
data, namely 0xE000-0xF8FF private use area, and 0xFF00-0xFFF half- and
fullwidth punctuation.
While here, update tools/tools/locale/README based on my experience
rebuilding the locale data.
tuexen [Tue, 4 Dec 2018 22:52:15 +0000 (22:52 +0000)]
MFC r339042:
Mitigate providing a timing signal if the COOKIE or AUTH
validation fails.
Thanks to jmg@ for reporting the issue, which was discussed in
https://admbugs.freebsd.org/show_bug.cgi?id=878
gordon [Tue, 4 Dec 2018 18:32:50 +0000 (18:32 +0000)]
MFC r341484
Always treat firmware request and response sizes as unsigned.
This fixes an incomplete bounds check on the guest-supplied request
size where a very large request size could be interpreted as a negative
value and not be caught by the bounds check.
Submitted by: jhb
Reported by: Reno Robert
Approved by: so
Security: FreeBSD-SA-18:14.bhyve
Security: CVE-2018-17160
vmaffione [Tue, 4 Dec 2018 17:44:12 +0000 (17:44 +0000)]
MFC r340436
vtnet: fix netmap support
netmap(4) support for vtnet(4) was incomplete and had multiple bugs.
This commit fixes those bugs to bring netmap on vtnet in a functional state.
Changelist:
- handle errors returned by virtqueue_enqueue() properly (they were
previously ignored)
- make sure netmap XOR rest of the kernel access each virtqueue.
- compute the number of netmap slots for TX and RX separately, according to
whether indirect descriptors are used or not for a given virtqueue.
- make sure sglist are freed according to their type (mbufs or netmap
buffers)
- add support for mulitiqueue and netmap host (aka sw) rings.
- intercept VQ interrupts directly instead of intercepting them in txq_eof
and rxq_eof. This simplifies the code and makes it easier to make sure
taskqueues are not running for a VQ while it is in netmap mode.
- implement vntet_netmap_config() to cope with changes in the number of queues.
vmaffione [Tue, 4 Dec 2018 17:40:56 +0000 (17:40 +0000)]
MFC r339639
netmap: align codebase to the current upstream (sha 8374e1a7e6941)
Changelist:
- Move large parts of VALE code to a new file and header netmap_bdg.[ch].
This is useful to reuse the code within upcoming projects.
- Improvements and bug fixes to pipes and monitors.
- Introduce nm_os_onattach(), nm_os_onenter() and nm_os_onexit() to
handle differences between FreeBSD and Linux.
- Introduce some new helper functions to handle more host rings and fake
rings (netmap_all_rings(), netmap_real_rings(), ...)
- Added new sysctl to enable/disable hw checksum in emulated netmap mode.
- nm_inject: add support for NS_MOREFRAG
eugen [Tue, 4 Dec 2018 07:48:43 +0000 (07:48 +0000)]
MFC r340135: Make ng_pptpgre(8) netgraph node be able to restore order
for packets reordered in transit instead of dropping them altogether.
It uses sequence numbers of PPtPGRE packets.
A set of new sysctl(8) added to control this ability or disable it:
net.graph.pptpgre.reorder_max (1) defines maximum length of node's
private reorder queue used to keep data waiting for late packets.
Zero value disables reordering. Default value 1 allows the node to restore
the order for two packets swapped in transit. Greater values allow the node
to deliver packets being late after more packets in sequence
at cost of increased kernel memory usage.
net.graph.pptpgre.reorder_timeout (1) defines time value in miliseconds
used to wait for late packets. It may be useful to increase this
if reordering spot is distant.
vmaffione [Mon, 3 Dec 2018 17:51:22 +0000 (17:51 +0000)]
MFC r340279
netmap: add load balancer program
Add the lb program, which is able to load-balance input traffic
received from a netmap port over M groups, with N netmap pipes in
each group. Each received packet is forwarded to one of the pipes
chosen from each group (using an L3/L4 connection-consistent hash function).
This also adds a man page for lb and some cross-references in related
man pages.
emaste [Mon, 3 Dec 2018 02:33:53 +0000 (02:33 +0000)]
MFC r340095: Remove apparently unused 0-byte files that cause grief on Windows
r235274 added a sort regression test (it operates by comparing output
against GNU sort). The commit included a number of 0-byte files, one
of which ends in a trailing . which reportedly breaks svn/git checkouts
on Windows.
It appears these were added accidentally, so just remove them.
mmel [Sun, 2 Dec 2018 07:45:22 +0000 (07:45 +0000)]
MFC r338317:
Fix wrong offset calculation for R_ARM_TLS_TPOFF32 relocations. TLS_TCB_SIZE
is already accounted in defobj-> tlsoffset so all these symbols were
incorrectly relocated by +8.
cy [Fri, 30 Nov 2018 06:45:53 +0000 (06:45 +0000)]
This is a direct commit to the stable/11 branch. This would have been
MFC r340754 except that etc/rc.d has been moved in HEAD which would
have resulted in a tree conflict if merged.
Allow forced start of ipmon in special cases where testing is desired
(or other special cases) and when ipfilter is disabled in rc.conf but
started by other means.
dab [Fri, 30 Nov 2018 02:06:30 +0000 (02:06 +0000)]
MFC r337812,r337814,r337820,r341068:
Fix several memory leaks (r337812 & r337814).
The libkqueue tests have several places that leak memory by using an
idiom like:
puts(kevent_to_str(kevp));
Rework to save the pointer returned from kevent_to_str() and then
free() it after it has been used.
r337812 also fixed a bug in the netmap kevent code. The inclusion of
that fix was an oversight that I didn't notice until this
MFC. Reference the code review and PR here in the MFC for
completeness.
r337820 & r341068 were white-space only changes as a follow-up to
r337812 & r337814:
After r337820, which "corrected" some spaces-instead-of-tab whitespace
issues in the libkqueue tests, jmg@ pointed out that these files were
originally space-based, not tab-spaced, and so the correction should
have been to get rid of the tabs that had been introduced in previous
changes, not the spaces. This change does that. This is a whitespace
only change; no functional change is intended.
sef [Thu, 29 Nov 2018 01:05:21 +0000 (01:05 +0000)]
MFC r340442
mountd has no way to configure the listen queue depth; rather than add a new
option, we pass -1 down to listen, which causes it to use the
kern.ipc.soacceptqueue sysctl.
vangyzen [Wed, 28 Nov 2018 21:20:51 +0000 (21:20 +0000)]
MFC r340995
Prevent kernel stack disclosure in signal delivery
On arm64 and riscv platforms, sendsig() failed to zero the signal
frame before copying it out to userspace. Zero it.
On arm, I believe all the contents of the frame were initialized,
so there was no disclosure. However, explicitly zero the whole frame
because that fact could inadvertently change in the future,
it's more clear to the reader, and I could be wrong in the first place.
Security: similar to FreeBSD-EN-18:12.mem and CVE-2018-17155
Sponsored by: Dell EMC Isilon
vangyzen [Tue, 27 Nov 2018 19:40:18 +0000 (19:40 +0000)]
MFC r340257
in6_ifattach_linklocal: handle immediate removal of the new LLA
If another thread immediately removes the link-local address
added by in6_update_ifa(), in6ifa_ifpforlinklocal() can return NULL,
so the following assertion (or dereference) is wrong.
Remove the assertion, and handle NULL somewhat better than panicking.
This matches all of the other callers of in6_update_ifa().
PR: 219250
Reviewed by: bz, dab (both an earlier version)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D17898
eugen [Mon, 26 Nov 2018 11:32:22 +0000 (11:32 +0000)]
MFC r339810: ipfw: implement ngtee/netgraph actions for layer-2 frames.
Kernel part of ipfw does not support and ignores rules other than
"pass", "deny" and dummynet-related for layer-2 (ethernet frames).
Others are processed as "pass".
Make it support ngtee/netgraph rules just like they are supported
for IP packets. For example, this allows us to mirror some frames
selectively to another interface for delivery to remote network analyzer
over RSPAN vlan. Assuming ng_ipfw(4) netgraph node has a hook named "900"
attached to "lower" hook of vlan900's ng_ether(4) node, that would be
as simple as:
ipfw add ngtee 900 ip from any to 8.8.8.8 layer2 out xmit igb0
eugen [Mon, 26 Nov 2018 11:22:04 +0000 (11:22 +0000)]
MFC r339816: mount_msdosfs
mount_msdosfs: do not fail mounts requiring locale name conversion table
that is already present in a kernel statically.
For example, the command "mount_msdosfs -L ru_RU.KOI8-R" fails with error
"mount_msdosfs: msdosfs_iconv: File exists" for a kernel having
options LIBICONV and MSDOSFS_ICONV. After this change, it mounts
successfully.
emaste [Sun, 25 Nov 2018 00:34:00 +0000 (00:34 +0000)]
MFC r340771: proto: change device permissions to 0600
C Turt reports that the driver is not thread safe and may have
exploitable races.
Note that the proto device is intended for prototyping and development,
and is not for use on production systems. From the man page:
SECURITY CONSIDERATIONS
Because programs have direct access to the hardware, the proto
driver is inherently insecure. It is not advisable to use this
driver on a production machine.
The proto device is not included in any of FreeBSD's kernel config files
(although the module is built).
The issues in the proto device still need to be fixed, and the device is
inherently (and intentionally) insecure, but it might as well be limited
to root only.
admbugs: 782
Reported by: C Turt <ecturt@gmail.com>
Sponsored by: The FreeBSD Foundation
emaste [Fri, 23 Nov 2018 20:41:54 +0000 (20:41 +0000)]
MFC r340663 (rmacklem):
Improve sanity checking for the dircount hint argument to
NFSv3's ReaddirPlus and NFSv4's Readdir operations. The code
checked for a zero argument, but did not check for a very large value.
This patch clips dircount at the server's maximum data size.
emaste [Fri, 23 Nov 2018 20:39:37 +0000 (20:39 +0000)]
MFC r340662 (rmacklem):
nfsm_advance() would panic() when the offs argument was negative.
The code assumed that this would indicate a corrupted mbuf chain, but
it could simply be caused by bogus RPC message data.
This patch replaces the panic() with a printf() plus error return.
emaste [Fri, 23 Nov 2018 20:38:50 +0000 (20:38 +0000)]
MFC r340661 (rmacklem):
r304026 added code that started statistics gathering for an operation
before the operation number (the variable called "op") was sanity checked.
This patch moves the code down to below the range sanity check for "op".