Tom Jones [Thu, 17 Nov 2022 10:31:38 +0000 (10:31 +0000)]
ping: Fix handling of IP packet sizes
Ping reads raw IP packets to parse ICMP responses. When reading the
IP Header Len (IHL) ping was was taking the value from the provided
packet without any validation. This could lead to remotely triggerable
stack corruption.
Validate the IHL against expected and recieved data sizes when reading
from the received packet and when reading any quoted packets from within
the ICMP response.
Approved by: so
Reviewed by: markj, asomers
Security: FreeBSD-SA-22:15.ping
Security: CVE-2022-23093
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
X-NetApp-PR: #77
Differential Revision: https://reviews.freebsd.org/D37195
Bjoern A. Zeeb [Tue, 29 Nov 2022 18:21:05 +0000 (18:21 +0000)]
net80211: fix IEEE80211_DEBUG_REFCNT builds
Remove the KPI/KBI changes from ieee80211_node.h and always use the
macros to pass in __func__ and __LINE__ to the functions.
The actual implementations are prefixed by "_" rather than suffixed
by "_debug" as they no longer are "debug"-specific.
Some of the select functions were not actually using the passed in
func, line options; however they are calling other functions which
use them. Directly call the internal implementation in those cases
passing the arguments on.
Use a file-local __debrefcnt_used define to mark the arguments __unused
in cases when we compile without IEEE80211_DEBUG_REFCNT and hope the
toolchain is intelligent enough to not pass them at all in those cases.
Also _ieee80211_free_node() now has a conflict so make the previous
_ieee80211_free_node() the new __ieee80211_free_node().
Add IEEE80211_DEBUG_REFCNT to the NOTES file on amd64 to keep exercising
the option.
Sponsored by: The FreeBSD Foundation
X-MFC: never
Discussed on: freebsd-wireless
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D37529
Ed Maste [Wed, 23 Nov 2022 17:14:18 +0000 (12:14 -0500)]
csh: install hard link with same mode as target
Previously when using NO_ROOT we recorded METALOG entries for the /.cshrc
hard link with a different file mode than the link target, which is not
permitted.
We cannot just set LINKMODE here as it would also apply to the hard link
for the tcsh binary.
Reviewed by: brooks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37499
Warner Losh [Tue, 29 Nov 2022 20:02:40 +0000 (13:02 -0700)]
stand/ofw: Use strpbrk instead of two strchrs
No need to call strchr twice, when one call to strpbrk will do the
job.. Test booted with qemu-powerpc + mac99 successfully.
Minor style(9) tweaks as well.
Roger Pau Monné [Tue, 29 Nov 2022 15:21:51 +0000 (16:21 +0100)]
xen/acpi: only evaluate Processor objects matching online CPUs
Current Xen Processor driver will evaluate any Processor object on the
ACPI tables regardless of whether the processor is online or not.
Avoid doing so for processors that are not online, as evaluating
methods of processors that are not online could lead to accesses to
invalid memory, and in any case the data that the driver fetches from
the Processor ACPI object only makes sense for processors that are
online.
Note the CPU related data fetched from Xen using XENPF_get_cpuinfo
hypercall could be cached, I leave that as a future optimization.
Sponsored by: Citrix Systems R&D Fixes: b93f47eaeef7 ('xen/acpi: upload Cx and Px data to Xen')
Jessica Clarke [Tue, 29 Nov 2022 03:09:51 +0000 (03:09 +0000)]
bsdinstall: Fix local_unbound option default on revisit
The variable used for the checklist's default value needs to correspond
to the rc.conf variable as that's what's being parsed to determine them.
In the case of local_unbound it's missing the _enable suffix and thus
always defaults to off on revisit.
Fixes: 58eb9abb3157 ("Add a line to the post-installation configuration dialog to enable the local_unbound service.")
Jessica Clarke [Tue, 29 Nov 2022 02:56:25 +0000 (02:56 +0000)]
bsdinstall: Fix issues parsing rc.conf.services on revisit
There are a few issues here, some of which are hiding others. The first
is that we don't use double quotes around the command substitution so
every word in the conf file is treated as a separate argument to eval,
resulting in spaces being used in place of newlines and thus comments in
the file commenting out the rest of the file, not just to the end of
their line. In particular, we insert one comment just before the dumpdev
entry (the final one in the file) and so we never see dumpdev as set,
and thus set a default value of on for the menu.
The second issue is that, for dumpdev, it takes a value of AUTO not YES
when set, but we don't replace this with on when eval'ing, so then end
up giving AUTO to bsddialog which is interpreted the same as off (which
seems to match GPL dialog). Thus handle AUTO like YES otherwise it will
always appear as unchecked on revisit.
The final issue is that our case-insensitive YES/NO (and now AUTO)
replacements have no word boundaries around them so match the middle of
words too. As it happens this doesn't matter in practice at the moment,
but it could in future; currently the only effect is that it rewrites
moused_nondefault_enable to moused_offndefault_enable, but since this
variable is never read, only written based on moused(_enable) this is
harmless, but we should fix it in case a service comes along in future
that does get affected by it.
Jessica Clarke [Tue, 29 Nov 2022 00:57:38 +0000 (00:57 +0000)]
bsdinstall: Fix ntpd_sync_on_start service option
This installer option is currently totally useless, as it ends up
creating an ntpd_sync_on_start_enable="YES" entry in rc.conf, not an
ntpd_sync_on_start="YES" entry, as is the correct name. This can also be
noticed by revisiting the services menu, which parses the previously
written rc.conf.services file to set variables governing the default
menu entry values so that selecting OK regenerates the same file, as the
menu entry will use the correct variable name and thus think the entry
was not selected last time, defaulting back to off and losing the
setting.
Thus, add a special case in the loop for this option. The only other
entry that doesn't follow the *_enable pattern is dumpdev (even moused
does, it just also sets a second variable), but that also deviates in
terms of being explicitly set either way and using AUTO rather than YES,
hence why ntpd_sync_on_start follows a different pattern here and is
special-cased rather than introducing a whole new variable that governs
behaviour outside the loop.
Fixes: c153a35bfd71 ("bsdinstall: replace ntpdate by ntpd_sync_on_start")
John Baldwin [Tue, 29 Nov 2022 01:10:30 +0000 (17:10 -0800)]
bhyve: Avoid passing a possible garbage pointer to free().
All of the error paths in pci_vtcon_sock_add free the sock pointer.
However, sock is not initialized until part way through the function.
An early error would pass stack garbage to free().
John Baldwin [Tue, 29 Nov 2022 01:10:07 +0000 (17:10 -0800)]
bhyve: Appease warning about a potentially unaligned pointer.
When initializing the device model for a PCI pass through device that
uses MSI-X, bhyve reads the MSI-X capability from the real device to
save a copy in the emulated PCI config space. It also saves a copy in
a local struct msixcap on the stack. Since struct msixcap is packed,
GCC complains that casting a pointer to the struct to a uint32_t
pointer may result in an unaligned pointer.
This path is not performance critical, so to appease the compiler,
simply change the pointer to a char * and use memcpy to copy the 4
bytes read in each iteration of the loop.
John Baldwin [Tue, 29 Nov 2022 01:09:15 +0000 (17:09 -0800)]
bhyve: Avoid unlikely truncation of the blockif ident strings.
The ident string for NVMe and VirtIO block deivces do not contain the
bus, and the various fields can potentially use up to three characters
when printed as unsigned values (full range of uint8_t) even if not
likely in practice.
John Baldwin [Tue, 29 Nov 2022 01:08:09 +0000 (17:08 -0800)]
bhyve: Fix sign compare warnings in the e1000 device model.
Adding a bare constant to a uint16_t promotes to a signed int which
triggers these warnings. Changing the constant to be explicitly
unsigned instead promotes the expression to unsigned int.
Bjoern A. Zeeb [Mon, 28 Nov 2022 21:21:06 +0000 (21:21 +0000)]
LinuxKPI: 802.11: minor header updates
- add comments for enum values constantly looked up, and another one to
a net80211 equivalent (should possibly re-define those in the future?)
- add another nl80211_sta_info flag
- add enum environment_cap used in cfg80211.h in the future.
Bjoern A. Zeeb [Mon, 28 Nov 2022 20:54:57 +0000 (20:54 +0000)]
LinuxKPI: SKB update
- skb_reset_tail_pointer(): we do not do offsets so do a plain reset
- skb_add_rx_frag(): adjust data_len to keep track of the frag
- based on that implement skb_is_nonlinear() and skb_linearize()
- implement build_skb() and adjust linuxkpi_kfree_skb() and ddb macro.
Sponsored by: The FreeBSD Foundation (partially)
MFC after: 3 days
Kristof Provost [Tue, 22 Nov 2022 13:43:59 +0000 (14:43 +0100)]
pf: drop support for fragment crop|drop-ovl
We removed the code for these modes back in 2015, but converted such
configurations to 'scrub fragment reassemble'. It's been long enough,
drop the backwards compatibility glue too.
Kristof Provost [Tue, 22 Nov 2022 13:23:27 +0000 (14:23 +0100)]
pf: allow scrub rules without fragment reassemble
scrub rules have defaulted to handling fragments for a long time, but
since we removed "fragment crop" and "fragment drop-ovl" in 64b3b4d611
this has become less obvious and more expensive ("reassemble" being the
more expensive option, even if it's the one the vast majority of users
should be using).
Extend the 'scrub' syntax to allow fragment reassembly to be disabled,
while retaining the other scrub behaviour (e.g. TTL changes, random-id,
..) using 'scrub fragment no reassemble'.
Bjoern A. Zeeb [Mon, 28 Nov 2022 15:12:58 +0000 (15:12 +0000)]
LinuxKPI: iwlwifi: rtw88: rtw89: remove budget argument from netif_napi_add()
In preparation for future updates remove the budget argument from the
netif_napi_add() in drivers and update LinuxKPI to reflect that it is
gone and only set it internally. This required changes to the currently
committed wireless drivers based on LinuxKPI (iwlwifi, rtw88, rtw89).
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Eugene Grosbein [Mon, 28 Nov 2022 14:22:39 +0000 (21:22 +0700)]
pw(8): fix combination of modes -N and -w random
The command "pw usermod nobody -Nw random" (or useradd)
generates random password and prints it in encrypted form
but skips choosen random string that makes not much sense
and contradicts the manual page pw.8
Fix it by showing random password in plain text with -N and
without it equally. Add yet another example of how to generate
pw-style random password.
Warner Losh [Sun, 27 Nov 2022 20:23:28 +0000 (13:23 -0700)]
ofw: Cast function pointer to proper type
clang 15 insists that we call entry() via a function prototype. Rather
than copping out and using (...), cast it to the same prototype that's
used elsewhere (with tweaks to pointers to make them fit into that
prototype). No functional change.
Dave Cottlehuber [Sun, 27 Nov 2022 11:12:02 +0000 (11:12 +0000)]
release/oci: add Oracle Cloud image builder
Provides an OCI (Oracle Cloud Infrastructure) release target for
Oracle's KVM-based VM implementation. Tested using 13.1-RELEASE,
primarily on Ampere CPU on A1.Flex VM shapes, but also works on
amd64 shapes.
- supports cloud-init and custom scripts
- provides a freebsd@ sudo-enabled user
- root user disabled over ssh & console
Cy Schubert [Fri, 25 Nov 2022 23:29:14 +0000 (15:29 -0800)]
heimdal: Fix uninitialized pointer dereference
krb5_ret_preincipal() returns a non-zero return code when
a garbage principal is passed to it. Unfortunately ret_principal_ent()
does not check the return code, with garbage pointing to what would
have been the principal. This results in a segfault when free() is
called.
PR: 267944, 267972
Reported by: Robert Morris <rtm@lcs.mit.edu>
MFC after: 3 days
Justin Hibbits [Sat, 26 Nov 2022 16:32:24 +0000 (11:32 -0500)]
dpaa: Use BUS_PASS_SUPPORTDEV for pqmdio
BUS_PASS_SUPPORTDEV is semantically better than BUS_PASS_RESOURCE, since
it's a support device for dtsec, so only needs probed before dtsec, not
before interrupts.
Justin Hibbits [Sat, 26 Nov 2022 15:38:13 +0000 (10:38 -0500)]
dpaa: Account for MDIO device not being found
It's possible the MDIO device hasn't been and attached, or is incorrect
in the device tree so can't probe and attach. In this case,
ofw_bus_find_child_device_by_phandle() will fail, and return NULL.
Return an error from find_mdio() here to prevent the MAC from attaching,
rather than worry about a NULL pointer dereference later on when
accessing the PHY.
We only support updates from major version N to N+1:
stable/13 was branched on 20210122, remove all old entries from stable/10
branch point in 2013 to 20210122.
Ed Maste [Wed, 23 Nov 2022 15:34:58 +0000 (10:34 -0500)]
pam.d: install hard link with same mode as target
Previously when using NO_ROOT we recorded a METALOG entry for the
pam.d/ftp hard link with a different file mode than the link target
pam.d/ftpd, which is not permitted.
This change is similar to 1dbb9994d4dd for .profile
John Baldwin [Thu, 24 Nov 2022 00:10:05 +0000 (16:10 -0800)]
<type_traits>: Avoid instantiating a pointer type in std::decay<>.
GCC expands the pointer type in this conditional expression even for
template types _Up that are not arrays. This raises an error when
std::decay<> is used with reference types (as is done in LLVM's
sources). Using add_pointer<> causes GCC to only instantiate a
pointer type for array types.
Ed Maste [Wed, 23 Nov 2022 15:44:41 +0000 (10:44 -0500)]
dwatch: install hard links with same mode as target
Previoulsy when using NO_ROOT we recorded METALOG entries for dwatch
hard links with different file modes than their link targets, which is
not permitted.
Reviewed by: bapt
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37477
Ed Maste [Wed, 23 Nov 2022 15:20:49 +0000 (10:20 -0500)]
sh: install hard link with same mode as target
Previously when using NO_ROOT we recorded a METALOG entry for the
/.profile hard link with a different mode than the link target, which is
not permitted.
Reviewed by: bapt
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37476
John Baldwin [Tue, 22 Nov 2022 19:12:06 +0000 (11:12 -0800)]
tftpd: Disable -Wformat-nonliteral for GCC.
GCC warns about the non-literal format string passed to strftime(). A
warning here seems a bit odd as strftime() does not take varargs so
there is not a risk of missing args.
John Baldwin [Tue, 22 Nov 2022 19:11:42 +0000 (11:11 -0800)]
systat: Fix a bunch of use after frees in fetch_ifstat().
I think this was probably just a typo. initifstat() continues around
a similar loop if the mib data fails to fetch, and fetch_ifstat() was
already using a FOREACH_SAFE loop here so expected to keep going.
Calling clearifstat() from the fetch routine also seems wrong, and the
sort_interface_list() call triggered by the existing needsort = 1 will
itself set needclear to trigger a future clearifstat().
Bjoern A. Zeeb [Tue, 22 Nov 2022 17:29:41 +0000 (17:29 +0000)]
iwlwifi: fix hang on unloading driver
f808c43ad9234670770601ba32a7426b00bbf528 introduced a FreeBSD specific
behaviour to wait for firmware load completion before returning from
loading the driver. This does no longer allow iwl_drv_stop to detect
that startup has completed and it will wait indefinitely for a
completion event that will not happen.
We could change the complete() call to a complete_all() but to avoid
confusion, future side effects, and for simplicity daisy-chain two
complete events in FreeBSD.
PR: 267869
Reported by: Peter Much (pmc citylink.dinoex.sub.org)
Tested by: Peter Much (pmc citylink.dinoex.sub.org)
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Cyrus Rahman [Fri, 18 Nov 2022 18:30:30 +0000 (10:30 -0800)]
Add support for _CR3 critical standby (S3) threshold.
Along with _PSV, _HOT, and _CRT, ACPI supports the _CR3 threshold
which specifies a temperature above which a system should transition
to the S3 standby state.
On FreeBSD, this is more useful than _HOT, which specifies the S4
transition threshold temperature (since FreeBSD does not generally
support the S4 state), or, in many cases, _CRT, since after
transitioning to S3 the system can cool and then be resumed.
Ed Maste [Thu, 29 Sep 2022 18:15:39 +0000 (14:15 -0400)]
Retire CLANG_IS_CC option
A small reduction in build infrastructure complexity; when we had both
Clang and GCC in the tree it was useful to have both built, and choose
one or the other to install as /usr/bin/cc. Now only Clang is in the
tree, and there is no point in building and installing base Clang but
not providing it as cc (and c++, cpp).
Reviewed by: imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37075
projects / FreeBSD / FreeBSD.git / log