Pierre Pronchery [Fri, 23 Jun 2023 22:53:35 +0000 (18:53 -0400)]
Merge OpenSSL 3.0.9
Migrate to OpenSSL 3.0 in advance of FreeBSD 14.0. OpenSSL 1.1.1 (the
version we were previously using) will be EOL as of 2023-09-11.
Most of the base system has already been updated for a seamless switch
to OpenSSL 3.0. For many components we've added
`-DOPENSSL_API_COMPAT=0x10100000L` to CFLAGS to specify the API version,
which avoids deprecation warnings from OpenSSL 3.0. Changes have also
been made to avoid OpenSSL APIs that were already deprecated in OpenSSL
1.1.1. The process of updating to contemporary APIs can continue after
this merge.
Additional changes are still required for libarchive and Kerberos-
related libraries or tools; workarounds will immediately follow this
commit. Fixes are in progress in the upstream projects and will be
incorporated when those are next updated.
There are some performance regressions in benchmarks (certain tests in
`openssl speed`) and in some OpenSSL consumers in ports (e.g. haproxy).
Investigation will continue for these.
Netflix's testing showed no functional regression and a rather small,
albeit statistically significant, increase in CPU consumption with
OpenSSL 3.0.
Thanks to ngie@ and des@ for updating base system components, to
antoine@ and bofh@ for ports exp-runs and port fixes/workarounds, and to
Netflix and everyone who tested prior to commit or contributed to this
update in other ways.
PR: 271615
PR: 271656 [exp-run]
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Kyle Evans [Wed, 21 Jun 2023 18:56:58 +0000 (13:56 -0500)]
wg: fix a number of issues with module load failure handling
If MOD_LOAD fails, then MOD_UNLOAD will be called to unwind module
state, but wg_module_init() will have already deinitialized everything
it needs to in a manner that renders it unsafe to call MOD_UNLOAD
after (e.g., freed zone not reset to NULL, wg_osd_jail_slot not reset
to 0). Let's simply stop trying to handle freeing everything in
wg_module_init() to simplify it; let the subsequent MOD_UNLOAD deal with
it, and let's make that robust against partially-constructed state.
jhb@ notes that MOD_UNLOAD being called if MOD_LOAD fails is kind of an
anomaly that doesn't match other paradigms in the kernel; e.g., if
device_attach() fails, we don't invoke device_detach(). It's likely
that a future commit will revert this and instead stop calling
MOD_UNLOAD if MOD_LOAD fails, expecting modules to clean up after
themselves in MOD_LOAD upon failure. Some other modules already do this
and may see similar problems to the wg module (see: carp). The proper
fix is decidedly a bit too invasive to do this close to 14 branching,
and it requires auditing all kmods (base + ports) for potential leaks.
Mark Johnston [Fri, 23 Jun 2023 13:59:52 +0000 (09:59 -0400)]
tcp: Disallow connecting a disconnected socket
Currently nothing prevents tcp_usr_connect() from attempting to connect
when the socket has been disconnected. At the moment, doing so triggers
an assertion in in_pcbconnect() because inp_faddr is not unspecified. I
believe this may have been caught in the past by TIMEWAIT checks, but
those are now removed.
Check for additional socket states in tcp_connect().
Reported by: syzbot+f0f7871ec5397602b446@syzkaller.appspotmail.com
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40579
Mark Johnston [Fri, 23 Jun 2023 13:55:43 +0000 (09:55 -0400)]
netinet6: Implement in6_cksum_partial() using m_apply()
This ensures that in6_cksum_partial() can be applied to unmapped mbufs,
which can happen at least when icmp6_reflect() quotes a packet.
The basic idea is to restructure in6_cksum_partial() to operate on one
mbuf at a time. If the buffer length is odd or unaligned, an extra
residual byte may be returned, to be incorporated into the checksum when
processing the next buffer.
PR: 268400
Reviewed by: cy
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40598
Mark Johnston [Fri, 23 Jun 2023 13:54:39 +0000 (09:54 -0400)]
pseudofs: Fix a potential out-of-bounds access in pfs_lookup()
pseudofs nodes store their name in a flexible array member, so the node
allocation is sized using the length of the name, including a nul
terminator. pfs_lookup() scans a directory of nodes, comparing names to
find a match. The comparison was incorrect and assumed that all node
names were at least as long as the name being looked up, which of course
isn't true.
I believe the bug is mostly harmless since it cannot result in false
positive or negative matches from the lookup, but it triggers a KASAN
check.
Test Plan:
```
$ git status
On branch vendor/openssl-3.0
Your branch is up to date with 'origin/vendor/openssl-3.0'.
nothing to commit, working tree clean
$ (cd ..; fetch http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc)
openssl-3.0.9.tar.gz 14 MB 74 MBps 01s
openssl-3.0.9.tar.gz.asc 833 B 10 MBps 00s
$ set | egrep '(XLIST|OSSLVER)='
OSSLVER=3.0.9
XLIST=FREEBSD-Xlist
$ gpg --list-keys
/home/khorben/.gnupg/pubring.kbx
--------------------------------
pub rsa4096 2021-07-16 [SC] [expires: 2031-07-14] A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C
uid [ unknown] Tomáš Mráz <tm@t8m.info>
uid [ unknown] Tomáš Mráz <tomas@arleto.cz>
uid [ unknown] Tomáš Mráz <tomas@openssl.org>
sub rsa4096 2021-07-16 [S] [expires: 2027-07-15]
sub rsa4096 2021-07-16 [E] [expires: 2031-07-14]
$ gpg --verify ../openssl-${OSSLVER}.tar.gz.asc ../openssl-${OSSLVER}.tar.gz
gpg: Signature made Tue May 30 14:32:24 2023 CEST
gpg: using RSA key DC7032662AF885E2F47F243F527466A21CA79E6D
gpg: Good signature from "Tomáš Mráz <tm@t8m.info>" [unknown]
gpg: aka "Tomáš Mráz <tomas@arleto.cz>" [unknown]
gpg: aka "Tomáš Mráz <tomas@openssl.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C
Subkey fingerprint: DC70 3266 2AF8 85E2 F47F 243F 5274 66A2 1CA7 9E6D
$ tar -x -X $XLIST -f ../openssl-${OSSLVER}.tar.gz -C ..
$ rsync --exclude FREEBSD.* --delete -avzz ../openssl-${OSSLVER}/* .
[...]
$ diff -arq ../openssl-${OSSLVER} .
Only in .: .git
Only in .: FREEBSD-Xlist
Only in .: FREEBSD-upgrade
$ git status FREEBSD*
On branch vendor/openssl-3.0
Your branch is up to date with 'origin/vendor/openssl-3.0'.
Warner Losh [Fri, 23 Jun 2023 02:51:30 +0000 (20:51 -0600)]
scsi_all.c: Update to latest asc-num.txt at T10
This updates our table to Sat Mar 25 2023 at 04:30 of the T10
asc-num.txt. I added all the codes that weren't present in the tree,
corrected a couple of the 'alphabet' comments about where the ASC/ASCQ
was defined. I did not, however, make the transition that the
asc-num.txt file made (it deleted W between P and R and added Z after D
so the first few letters shifted a bit). I've not removed the 'W' nor
added the 'Z' at this time. I'm looking for some way to do this
automatically. Try to pick reasonable responses for new entries. When in
doubt, I selected SS_RDEF.
Dimitry Andric [Wed, 14 Jun 2023 18:49:59 +0000 (20:49 +0200)]
Merge commit 69d42eef4bec from llvm-project (by Dimitry Andric):
[Clang] Show type in enum out of range diagnostic
When the diagnostic for an out of range enum value is printed, it
currently does not show the actual enum type in question, for example:
v8/src/base/bit-field.h:43:29: error: integer value 7 is outside the valid range of values [0, 3] for this enumeration type [-Wenum-constexpr-conversion]
static constexpr T kMax = static_cast<T>(kNumValues - 1);
^
This can make it cumbersome to find the cause for the problem. Add the
enum type to the diagnostic message, to make it easier.
clang: re-downgrade implicit int/function declarations to warning only
This reapplies upstream commit c0141f3c300f by Aaron Ballman:
Downgrade implicit int and implicit function declaration to warning only
The changes in Clang 15.0.0 which enabled these diagnostics as a
warning which defaulted to an error caused disruption for people
working on distributions such as Gentoo. There was an explicit request
to downgrade these to be warning-only in Clang 15.0.1 with the
expectation that Clang 16 will default the diagnostics to an error.
See
https://discourse.llvm.org/t/configure-script-breakage-with-the-new-werror-implicit-function-declaration/65213
for more details on the discussion.
See https://reviews.llvm.org/D133800 for the public review of these
changes.
As noted in the upstream discussion, there are many programs that fail
to configure or build correctly, if these warnings are turned into
errors by default.
Note that most affected programs in ports are relatively old, and are
unlikely to be fixed by actually adjusting their declarations, but by
compiling with -std=gnu89, which downgrades the errors back to warning
again. Lots of tedious work for very little gain.
Merge commit db492316399a from llvm-project (by Dimitry Andric):
[clang][BFloat] Avoid redefining bfloat16_t in arm_neon.h
As of https://reviews.llvm.org/D79708, clang-tblgen generates `arm_neon.h`,
`arm_sve.h` and `arm_bf16.h`, and all those generated files will contain a
typedef of `bfloat16_t`. However, `arm_neon.h` and `arm_sve.h` include
`arm_bf16.h` immediately before their own typedef:
#include <arm_bf16.h>
typedef __bf16 bfloat16_t;
With a recent version of clang (I used 16.0.1) this results in warnings:
/usr/lib/clang/16/include/arm_neon.h:38:16: error: redefinition of typedef 'bfloat16_t' is a C11 feature [-Werror,-Wtypedef-redefinition]
Since `arm_bf16.h` is very likely supposed to be the one true place where
`bfloat16_t` is defined, I propose to delete the duplicate typedefs from the
generated `arm_neon.h` and `arm_sve.h`.
Merge commit 16949c5c48ab from llvm-project (by Dimitry Andric):
[compiler-rt] Include system headers before optionally defining HWCAP macros
In https://reviews.llvm.org/D141285 the optional definitions of `HWCAP`
macros were moved to before their usage. However, they were also moved
to before the inclusion of system headers which can optionally define
them. If any of those system headers then actually defined any of the
`HWCAP` macros, it would result in a redefinition error.
Move the system header includes to just before the optional definitions,
to avoid this problem.
This matches GNU m4's -G / --traditional option, and although BSD m4 in non-GNU mode is not exactly identical to GNU mode in traditional mode, it's close enough.
Stefan Eßer [Wed, 21 Jun 2023 17:36:39 +0000 (19:36 +0200)]
dev/pci: simplify PCI VPD access functions
This update contains a rewrite of the VPD parser based on the
definition of the structure of the VPD data (ident, R/O resource
data, optional R/W data, end tag).
The parser it replaces was based on a state machine, with the tags
and the parsed data controlling the state changes. The flexibility
of this parser is actually not required, and it has caused kernel
panics when operating on malformed data.
Analysis of the VPD code to make it more robust lead me to believe
that it was easier to write a "strict" parser than to restrict the
flexible state machine to detect and reject non-well-formed data.
A number of restrictions had already been added, but they make the
state machine ever more complex and harder to understand.
This updated parser has been verified to return identical parsed data
as the current implementation for the example VPD data given in the
PCI standard and in some actual PCIe VPD data.
It is strict in the sense that it detects and rejects any deviation
from a well-formed VPD structure.
Not making it explicit that we're printing values in hex can be
misleading when the number doesn't contain hex-only symbols (a-f). A
good example of this is print_gp_register(), where we print "(func +
offset)"; if the offset doesn't contain a-f symbols, it's not
immediately clear if that value is in decimal or hex. Using '%#' instead
of '0x%' also isn't a better option, it doesn't print '0x' if the value
is 0, and it also messes up column alignment.
Reviewed by: imp, markj
Approved by: markj (mentor)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40583
Wei Hu [Wed, 21 Jun 2023 09:31:46 +0000 (09:31 +0000)]
Hyper-V: vmbus: Prevent load/store reordering when access ring buffer index
When running VM on ARM64 Hyper-V, we have seen netvsc/hn driver hit
assert on reading duplicated network completion packets over vmbus
channel or one of the tx channels stalls completely. This seems to
caused by processor reordering the instructions when vmbus driver
reading or updating its channel ring buffer indexes.
Fix this by using load acquire and store release instructions to
enforce the order of these memory accesses.
Michael Tuexen [Wed, 21 Jun 2023 07:03:30 +0000 (09:03 +0200)]
sctp: fix man page for socket option controlling delayed acks
The SCTP_DELAYED_ACK_TIME socket option was replaced by the
SCTP_DELAYED_SACK in the socket API specification in
draft-ietf-tsvwg-sctpsocket-14.
The code was updated in r170056, but the man page was not.
Corvin Köhne [Wed, 21 Jun 2023 06:55:34 +0000 (08:55 +0200)]
Revert "bhyve: add command line parameter and parsing for migration"
Unfortunately, this feature didn't receive much feedback in the past.
However, after committing this, some people came up and complain that
this feature requires some more discussion before upstreaming it.
Additionally, it wasn't a good idea to start this new feature by adding
a new command line parameter as it fixes the user interface.
Cy Schubert [Wed, 31 May 2023 19:20:27 +0000 (12:20 -0700)]
pam_krb5: Fix spoofing vulnerability
An adversary on the network can log in via ssh as any user by spoofing
the KDC. When the machine has a keytab installed the keytab is used to
verify the service ticket. However, without a keytab there is no way
for pam_krb5 to verify the KDC's response and get a TGT with the
password.
If both the password _and_ the KDC are controlled by an adversary, the
adversary can provide a password that the adversary's spoofed KDC will
return a valid tgt for. Currently, without a keytab, pam_krb5 is
vulnerable to this attack.
Reported by: Taylor R Campbell <riastradh@netbsd.org> via emaste@
Reviewed by: so
Approved by: so
Security: FreeBSD-SA-23:04.pam_krb5
Security: CVE-2023-3326
Doug Moore [Wed, 21 Jun 2023 04:52:27 +0000 (23:52 -0500)]
vm_radix: drop unused function; use bool.
Replace boolean_t with bool in vm_radix.c. Drop the unused function
vm_radix_is_singleton, which is unused and has no corresponding
function in subr_pctrie.c.
Reviewed by: alc
Differential Revision: <https://reviews.freebsd.org/D40586>
Ed Maste [Tue, 20 Jun 2023 12:44:22 +0000 (08:44 -0400)]
bfe: add unmaintained / deprecation notice
The bfe (Broadcom BCM4401 10/100 Ethernet) driver has known bugs and no
active maintenance. There have been no changes other than sweeping tree
changes, typo corrections etc. since 2008 a far as I can tell. Add a
note in the man page so that users expectations are correctly set, and
indicate that it may be removed in the future.
I did not add a gone_in() call in the driver itself as there is no
specific target version for removal, and this driver has evidence of
recent use (dmesg, PRs).
PR: 201947, 213751
Reviewed by: brooks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40625
John Baldwin [Tue, 20 Jun 2023 19:38:48 +0000 (12:38 -0700)]
rtld-elf: Mark tls_init_align __unused in free_tls for Variant I TLS.
Some architectures (powerpc and RISC-V) always use 0 for the post TLS
size in which case tls_init_align isn't used by
calculate_tls_post_size. Use __unused to quiet the warning for these
platforms.
Doug Moore [Tue, 20 Jun 2023 16:30:29 +0000 (11:30 -0500)]
radix_trie: eliminate iteration in keydiff
Use flsll(), instead of a loop, to find where two keys differ, and
then arithmetic to transform that to a trie level.
Approved by: alc, markj
Differential Revision: https://reviews.freebsd.org/D40585
John Baldwin [Tue, 20 Jun 2023 16:28:59 +0000 (09:28 -0700)]
bluetooth/ath3kfw: Propagate return value from ath3k_load_fwfile.
The caller ignores the return value so this is a no-op, but
ath3k_init_ar3012 returns the return values of its internal functions,
so this is more consistent.
Mitchell Horne [Tue, 20 Jun 2023 14:52:26 +0000 (11:52 -0300)]
riscv: improve KTR_TRAP trace entries
For more informative records of exceptions, include key details such as
the exception code and stval register contents. Remove the curthread
argument as it is redundant (saved with every ktr entry), and the
trapframe as it is somewhat meaningless.
Add a new KTR_TRAP trace record for interrupts.
Reviewed by: markj, jhb
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40584
John Baldwin [Tue, 20 Jun 2023 14:53:50 +0000 (07:53 -0700)]
ossl: Don't try to initialize the cipher for Chacha20+Poly1305.
Chacha20+Poly1305 doesn't use an ossl_cipher instance the way AES-GCM
does, so ossl_lookup_cipher() failed causing ossl_newsession() to
always fail for Chacha20+Poly1305 sessions.
Reported by: gallatin (ktls_test fails with ossl.ko loaded)
Fixes: 9a3444d91c70 ossl: Add a VAES-based AES-GCM implementation for amd64
Tested by: gallatin
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D40580
Doug Rabson [Tue, 20 Jun 2023 13:01:58 +0000 (14:01 +0100)]
pf: Add code to enable filtering for locally delivered packets
This is disabled by default since it potentially changes the behavior of
existing filter rule sets. To enable this extra filter for packets being
delivered locally, use: