GELI allows to read a user key from a standard input.
However if user initialize multiple providers at once, the standard
input will be empty for the second and next providers.
This caused GELI to encrypt a master key with an empty key file.
This commits initialize the HMAC with the key file, and then reuse the
finalized structure to generate different encryption keys for different
providers.
In addition, it switches around how we flavor liblua for the boot loader
and flua. This is done to reduce diffs with upstream and make it easier
to import new versions (the current method has too many conflicts to
resolve by hand): we include luaconf.local.h from luaconf.h (the only
change to this file is now that #include at the end). We then define
what we need to: for flua (which does very little) and one for stand
(which creates the new FLOAT type out of int64).
Doug Moore [Wed, 8 Feb 2023 17:04:13 +0000 (11:04 -0600)]
iommu_gas: initialize start_gap as first node
In iommu_gas.c, domain->start_gap points to one of the nodes on either
side of the first free, unallocated range. In iommu_gas_init_domain,
it is initialized to point to the node after the single free
range. Change it to point to the node before that free range, so that,
when 'lowaddr' is within the initial free range, the first allocation
search for free space below 'lowaddr' does not begin and end at an
address above 'lowaddr'. This fixes problems on a machine with Intel
DMAR enabled.
Reported by: jah
Reviewed by: dougm
Tested by: jah
Obtained from: jah
Fixes: commit db151ca0c343531256b8839f938a4ecbd8b4fd7e iommu_gas: start space search from 1st free space
MFC after: 1 day
* The sparsity check was ineffective: it compared the apparent size in bytes to the actual size in blocks. Instead, write a tool that reliably detects sparseness.
* Some of the seq commands were missing an argument.
* Based on empirical evidence, 1 MB holes are not necessarily large enough to be preserved by the underlying filesystem. Increase the hole size to 16 MB.
Emmanuel Vadot [Tue, 31 Jan 2023 10:26:36 +0000 (11:26 +0100)]
rc: syscons: Add UEFI special case
Changing cursor, screenmap and setting blanktime doesn't work when booted
with vt(4) and UEFI so add a special case for those depending on machdep.bootmethods.
I have no way to test if this can work with vt(4) and bios boot so just in case
keep calling those for this.
Emmanuel Vadot [Fri, 27 Jan 2023 14:26:06 +0000 (15:26 +0100)]
pkgbase: Create a FreeBSD-elftoolchain package
It contain all the binaries and libs from the elftoolchain contrib
project except for libelf which is used everywhere.
All of those tools are never used by the average user.
Kyle Evans [Wed, 8 Feb 2023 06:02:56 +0000 (00:02 -0600)]
config: make changes to allow some parts to build as C++
Highlights:
- Avoid keywords (this, not) as variable names
- Move yyparse into config.h with other declarations
- All declarations in config.h are assumed guilty until proven innocent
- Some const-correctness
- Casting malloc/calloc returns
Note that we're not building any C++ here yet, this will be introduced
in other commits to replace some of the lib dependencies. Reducing the
number of FreeBSD-specific dependencies we have reduces some friction
for building our bootstrap tools independently in other environments.
Reviewed by: imp
Sponsored by: Klara, Inc.
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D38274
Mark Johnston [Tue, 7 Feb 2023 20:12:10 +0000 (15:12 -0500)]
tcp: Remove a couple of always-false checks from syncache_socket()
syncache_socket() does some unnecessary work: before connecting the PCB,
it saves the local address on the stack and restores it before freeing
the PCB in case of an error. However:
- There's no need to restore the old address in the error case.
- The PCB's local address will always be equal to that of the syncache
entry anyway.
So just remove this unnecessary code, which appears to date from the
introduction of the syncache 20+ years ago.
Mark Johnston [Tue, 7 Feb 2023 19:33:27 +0000 (14:33 -0500)]
libdwarf: Add some constants from DWARF 5
This is not exhaustive - DWARF 5 has some new enumeration types not
implemented here - but I think I caught all the ones that are extended
in DWARF 5, plus the new compilation unit type (DW_UT_*), needed when
parsing .debug_info headers.
These were useful when extending libdwarf/ctfconvert/readelf to handle
DWARF generated by gcc 12, which is version 5 by default.
Reviewed by: emaste
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D38273
tarfs: Silence warnings when no supported compression is enabled.
Some of the code in sys/fs/tarfs/tarfs_io.c is not specific to zstd, but is still only used when some form of decompression is enabled. Put it behind #ifdef TARFS_ZIO to silence warnings.
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D38415
Gleb Smirnoff [Tue, 7 Feb 2023 17:21:52 +0000 (09:21 -0800)]
inpcb: immediately return matching pcb on lookup
This saves a lot of CPU cycles if you got large connection table.
The code removed originates from 413628a7e3d, a very large changeset.
Discussed that with Bjoern, Jamie we can't recover why would we ever
have identical 4-tuples in the hash, even in the presence of jails.
Bjoern did a test that confirms that it is impossible to allocate an
identical connection from a jail to a host. Code review also confirms
that system shouldn't allow for such connections to exist.
With a lack of proper test suite we decided to take a risk and go
forward with removing that code.
Gleb Smirnoff [Tue, 7 Feb 2023 17:21:52 +0000 (09:21 -0800)]
tcp: use straight in_pcbconnect() in tcp_connect()
This brings tcp_connect() par with tcp6_connect(). The code removed
now is a remnant of "truncating old TIME-WAIT" removed back in 2004
in c94c54e4df9a.
Tijl Coosemans [Thu, 19 Jan 2023 17:13:35 +0000 (18:13 +0100)]
local-unbound-setup: Use default root certificates
Don't force /etc/ssl/cert.pem. It does not exist by default, only if
security/ca_root_nss is installed. Just use the default OpenSSL search
locations which are /etc/ssl/cert.pem and /etc/ssl/certs/.
The tls-system-cert option was added in Unbound 1.16.0.
Reviewed by: zlei
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D38243
This commit allows a kbdcontrol binary built with a version of kbio.h
that supports Unicode characters in dead key maps to load and display
keymaps including the dead key tables on a kernel built with a
previous version of kbio.h (that only supported 8 bit characters in
the dead key map).
This commit is meant as a temporary compatibility shim that will be
reverted when it can be assumed that all relevant systems have been
upgraded to a kernel that uses the updated kbio.h.
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D38388
Stefan Eßer [Mon, 6 Feb 2023 22:48:47 +0000 (23:48 +0100)]
Support Unicode characters in keymap dead key tables
Support for Unicode characters had been added to the keyboard code,
but there are keymaps that have accented characters accessed via dead
key combinations, and those were still restricted to 8 bit codes.
This update to kbd.c adds support for Unicode characters and
compatibility code that allows a kbdcontrol command built from kbio.h
without these patches to work on a new kernel.
Compatibility code that allows a new kbdcontrol binary running on an
old kernel to load and display the dead key map will be committed in a
separate commit.
Bartosz Sobczak [Mon, 6 Feb 2023 22:37:39 +0000 (14:37 -0800)]
irdma(4): Add code for compilation on stable/13 branch
Current content of the irdma(4) driver consists only of code that is
compilable on current 14-CURRENT branch which makes it impossible to
merge into stable/13 branch because of missing dependencies in the ofed
tree.
This patch adds missing code that allows for merging into stable branch.
Once it is there, code relating only to version 14 or higher should be
removed.
Signed-off-by: Eric Joyner <erj@FreeBSD.org>
Reviewed by: erj@
MFC after: 1 day
Sponsored by: Intel Corporation
Differential Revision: https://reviews.freebsd.org/D38170
Val Packett [Mon, 6 Feb 2023 21:50:13 +0000 (21:50 +0000)]
LinuxKPI: return an address string in pci_name()
amdgpu's virtual display feature uses pci_name() to match a module parameter
string, and the documentation shows an example of `0000:26:00.0` for the name.
In our case the name was just `drmn`, which is not actually unique across
devices.
The other consumers are wireless drivers, which will benefit from this
change.
Generate the expected string for pci_name() to return.
Related to: https://github.com/freebsd/drm-kmod/issues/134
Sponsored by: https://www.patreon.com/valpackett
Reviewed by: bz, hselasky, manu (earlier)
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D34248
Ed Maste [Mon, 6 Feb 2023 21:54:56 +0000 (16:54 -0500)]
ssh: update to OpenSSH 9.2p1
Release notes are available at https://www.openssh.com/txt/release-9.2
OpenSSH 9.2 contains fixes for two security problems and a memory safety
problem. The memory safety problem is not believed to be exploitable.
These fixes have already been committed to OpenSSH 9.1 in FreeBSD.
Some other notable items from the release notes:
* ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that
controls whether the client-side ~C escape sequence that provides a
command-line is available. Among other things, the ~C command-line
could be used to add additional port-forwards at runtime.
* sshd(8): add support for channel inactivity timeouts via a new
sshd_config(5) ChannelTimeout directive. This allows channels that
have not seen traffic in a configurable interval to be
automatically closed. Different timeouts may be applied to session,
X11, agent and TCP forwarding channels.
* sshd(8): add a sshd_config UnusedConnectionTimeout option to
terminate client connections that have no open channels for a
length of time. This complements the ChannelTimeout option above.
* sshd(8): add a -V (version) option to sshd like the ssh client has.
* scp(1), sftp(1): add a -X option to both scp(1) and sftp(1) to
allow control over some SFTP protocol parameters: the copy buffer
length and the number of in-flight requests, both of which are used
during upload/download. Previously these could be controlled in
sftp(1) only. This makes them available in both SFTP protocol
clients using the same option character sequence.
* ssh-keyscan(1): allow scanning of complete CIDR address ranges,
e.g. "ssh-keyscan 192.168.0.0/24". If a CIDR range is passed, then
it will be expanded to all possible addresses in the range
including the all-0s and all-1s addresses. bz#976
* ssh(1): support dynamic remote port forwarding in escape
command-line's -R processing. bz#3499
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Stefan Eßer [Mon, 6 Feb 2023 21:33:56 +0000 (22:33 +0100)]
contrib/bc: uodate to version 6.2.4
This update contains only documentation changes (new main repository
URL and changed mail address of the program author) and changes to
the build system that do not affect the FreeBSD base system build.
Eugene M. Kim [Fri, 11 Mar 2022 04:32:00 +0000 (20:32 -0800)]
Fix _REVISION to be always major.minor
Introduced in commit 613fe53, _REVISION was redefined to be just the
major version (14) instead of major.minor (14.0) iff:
- PKG_VERSION was not overridden (default), and
- Branch was -CURRENT, -STABLE, or -PRERELEASE.
This introduced side effects in other parts of the code which expected
_REVISION to be major.minor:
- make-pkg-package.sh target triple became amd64-portbld-freebsd14
(should be amd64-portbld-freebsd14.0);
- Versioned cross dev symlink name became amd64-freebsd14-<tool>
(should be amd64-freebsd14.0-<tool>)
Also, compounded with commit ea9a92d (which was introduced afterward
and removed minor version from _REVISION incorrectly using :S with a
regex) this also caused pkgbase repo to use a wrong PKG_ABI with a minor
version (FreeBSD:14.0:amd64) when a custom PKG_VERSION was specified.
(Note, without a custom PKG_VERSION the bug was not triggered because in
that case _REVISION was already major-only.)
This commit fixes both problems by introducing and using MAJOR_REVISION
instead of redefining _REVISION. Existing uses of _REVISION now see
major.minor again, except PKG_ABI (ex: FreeBSD:14:amd64, as described
above) and PKG_VERSION (ex: 14.snap20220311121531) need only the major
version and now use MAJOR_REVISION instead.
Stefan Eßer [Mon, 6 Feb 2023 20:11:51 +0000 (21:11 +0100)]
md5/tests: extend md5 test
The testloop function is called with various parameters, but those
were ignored in the coreutils-c-test script. This was an oversight
and is fixed by passing the option to all invocations of the hash
functions in this test script.
Mitchell Horne [Tue, 10 Jan 2023 15:50:00 +0000 (11:50 -0400)]
libdtrace: add riscv support
Largely untested, as we can't really do anything with user probes
without an implementation of fasttrap. However, this is enough to
generate an embedded dtrace program with `dtrace -G` and link the
generated ELF file.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D38301
Jessica Clarke [Mon, 6 Feb 2023 18:30:57 +0000 (14:30 -0400)]
dtrace: Fix RISC-V user stack unwinder
The unwind logic was copied from AArch64 which follows the peculiar
AACPS (where, unlike typical RISC architectures, its frame pointer
follows an x86/stack machine-like convention where the frame pointer
points at the bottom of the frame record, not the top). Delete the
pointless riscv_frame struct and fix this.