dab [Fri, 9 Mar 2018 14:45:17 +0000 (14:45 +0000)]
MFC r330245:
Allow the "@" and "!" characters in passwd file GECOS fields.
Two PRs (152084 & 210187) request allowing the "@" and/or "!"
characters in the passwd file GECOS field. The man page for pw does
not mention that those characters are disallowed, Linux supports those
characters in this field, and the "@" character in particular would be
useful for storing email addresses in that field.
PR: 152084, 210187
Submitted by: jschauma@netmeister.org, Dave Cottlehuber <dch@freebsd.org>
Reported by: jschauma@netmeister.org, Dave Cottlehuber <dch@freebsd.org>
Sponsored by: Dell EMC
dab [Fri, 9 Mar 2018 14:38:46 +0000 (14:38 +0000)]
MFC r330085:
dhclient violates RFC2131 when sending early DHCPREQUEST message to re-obtain old IP
When dhclient first starts, if an old IP address exists in the
dhclient.leases file, dhclient(8) sends early DHCPREQUEST message(s)
in an attempt to re-obtain the old IP address again. These messages
contain the old IP as a requested-IP-address option in the message
body (correct) but also use the old IP address as the packet's source
IP (incorrect).
RFC2131 sec 4.1 states:
DHCP messages broadcast by a client prior to that client obtaining
its IP address must have the source address field in the IP header
set to 0.
The use of the old IP as the packet's source address is incorrect if
(a) the computer is now on a different network or (b) it is on the
same network, but the old IP has been reallocated to another host.
Fix dhclient to use 0.0.0.0 as the source IP in this circumstance
without removing any existing functionality. Any previously-used old
IP is still requested in the body of an early DHCPREQUEST message.
imcsmb(4) provides smbus(4) support for the SMBus controller functionality
in the integrated Memory Controllers (iMCs) embedded in Intel Sandybridge-
Xeon, Ivybridge-Xeon, Haswell-Xeon, and Broadwell-Xeon CPUs. Each CPU
implements one or more iMCs, depending on the number of cores; each iMC
implements two SMBus controllers (iMC-SMBs).
*** IMPORTANT NOTE ***
Because motherboard firmware or the BMC might try to use the iMC-SMBs for
monitoring DIMM temperatures and/or managing an NVDIMM, the driver might
need to temporarily disable those functions, or take a hardware interlock,
before using the iMC-SMBs. Details on how to do this may vary from board to
board, and the procedure may be proprietary. It is strongly suggested that
anyone wishing to use this driver contact their motherboard vendor, and
modify the driver as described in the manual page and in the driver itself.
(For what it's worth, the driver as-is has been tested on various SuperMicro
motherboards.)
mav [Thu, 8 Mar 2018 21:33:52 +0000 (21:33 +0000)]
MFC r328521 (by imp):
Use atomic load and stores to ensure that the compiler doesn't
optimize away these loops. Change boolean to int to match what atomic
API supplies. Remove wmb() since the atomic_store_rel() on status.done
ensure the prior writes to status. It also fixes the fact that there
wasn't a rmb() before reading done. This should also be more efficient
since wmb() is fairly heavy weight.
eadler [Thu, 8 Mar 2018 08:04:32 +0000 (08:04 +0000)]
MFC r316797:
banner(6): Squash a harmless coverity warning
The destination buffer is sized as the sum of program argument lengths, so
it has plenty of room for *argv. Appease Coverity by using strlcpy instead
of strcpy. Similar to a nearby cleanup performed in r316500.
eadler [Thu, 8 Mar 2018 07:50:11 +0000 (07:50 +0000)]
MFC r323865:
Ammend bin/cat/cat.c so the output is the same aside
from blank lines being numbered or unnumbered, depending on whether cat
was invoked with -ne or -be.
At present, when cat is invoked with -be, there is an aditional
difference that the '$' on blank lines is placed on the far left of the
output.
Discussed in bug 210607.
While here, revert the workaround from r304035 which skipped the unit test for
this issue previously.
eadler [Thu, 8 Mar 2018 07:05:19 +0000 (07:05 +0000)]
MFC r313544:
indent(1): add regression test cases
These examples show expected behavior of indent(1). They are meant to be used
together with a regression test mechanism, either Kyua, a Makefile or perhaps
something else. The mechanism should in essence do this:
indent -P${test}.pro < ${test}.0 > ${test}.0.run
and compare ${test}.0.stdout to ${test}.0.run. If the files differ or the exit
status isn't 0, the test failed.
* ${test}.pro is an indent(1) profile: a list of options passed through a file.
The program doesn't complain if the file doesn't exist.
* ${test}.0 is a C source file which acts as input for indent(1). It doesn't
have to have any particular formatting, since it's the output that matters.
* ${test}.0.stdout contains expected output. It doesn't have to be formatted in
Kernel Normal Form as the point of the tests is to check for regressions in
the program and not to check that it always produces KNF.
jhb [Wed, 7 Mar 2018 20:50:28 +0000 (20:50 +0000)]
MFC 328102: Save and restore guest debug registers.
Currently most of the debug registers are not saved and restored
during VM transitions allowing guest and host debug register values to
leak into the opposite context. One result is that hardware
watchpoints do not work reliably within a guest under VT-x.
Due to differences in SVM and VT-x, slightly different approaches are
used.
For VT-x:
- Enable debug register save/restore for VM entry/exit in the VMCS for
DR7 and MSR_DEBUGCTL.
- Explicitly save DR0-3,6 of the guest.
- Explicitly save DR0-3,6-7, MSR_DEBUGCTL, and the trap flag from
%rflags for the host. Note that because DR6 is "software" managed
and not stored in the VMCS a kernel debugger which single steps
through VM entry could corrupt the guest DR6 (since a single step
trap taken after loading the guest DR6 could alter the DR6
register). To avoid this, explicitly disable single-stepping via
the trace flag before loading the guest DR6. A determined debugger
could still defeat this by setting a breakpoint after the guest DR6
was loaded and then single-stepping.
For SVM:
- Enable debug register caching in the VMCB for DR6/DR7.
- Explicitly save DR0-3 of the guest.
- Explicitly save DR0-3,6-7, and MSR_DEBUGCTL for the host. Since SVM
saves the guest DR6 in the VMCB, the race with single-stepping
described for VT-x does not exist.
For both platforms, expose all of the guest DRx values via --get-drX
and --set-drX flags to bhyvectl.
eadler [Wed, 7 Mar 2018 10:54:10 +0000 (10:54 +0000)]
Revert MFC of r330463 r330462 r330454 r330452 r330451:
These commits have KPI/KBI considerations (or are a result of those that
do). I did not properly take into account these concerns when merging to
a kbi-stable branch.
davidcs [Tue, 6 Mar 2018 23:12:32 +0000 (23:12 +0000)]
MFC r329855
1. Added support to offline a port if is error recovery on successful.
2. Sysctls to enable/disable driver_state_dump and error_recovery.
3. Sysctl to control the delay between hw/fw reinitialization and
restarting the fastpath.
4. Stop periodic stats retrieval if interface has IFF_DRV_RUNNING flag off.
5. Print contents of PEG_HALT_STATUS1 and PEG_HALT_STATUS2 on heartbeat
failure.
6. Speed up slowpath shutdown during error recovery.
7. link_state update using atomic_store.
8. Added timestamp information on driver state and minidump captures.
9. Added support for Slowpath event logging
10.Added additional failure injection types to simulate failures.
dab [Mon, 5 Mar 2018 13:58:03 +0000 (13:58 +0000)]
MFC r330027
iconv uses strlen directly on user supplied memory
`iconv_sysctl_add` from `sys/libkern/iconv.c` incorrectly limits the
size of user strings, such that several out of bounds reads could have
been possible.
static int
iconv_sysctl_add(SYSCTL_HANDLER_ARGS)
{
struct iconv_converter_class *dcp;
struct iconv_cspair *csp;
struct iconv_add_in din;
struct iconv_add_out dout;
int error;
error = SYSCTL_IN(req, &din, sizeof(din));
if (error)
return error;
if (din.ia_version != ICONV_ADD_VER)
return EINVAL;
if (din.ia_datalen > ICONV_CSMAXDATALEN)
return EINVAL;
if (strlen(din.ia_from) >= ICONV_CSNMAXLEN)
return EINVAL;
if (strlen(din.ia_to) >= ICONV_CSNMAXLEN)
return EINVAL;
if (strlen(din.ia_converter) >= ICONV_CNVNMAXLEN)
return EINVAL;
...
Since the `din` struct is directly copied from userland, there is no
guarantee that the strings supplied will be NULL terminated. The
`strlen` calls could continue reading past the designated buffer
sizes.
Declaration of `struct iconv_add_in` is found in `sys/sys/iconv.h`:
struct iconv_add_in {
int ia_version;
char ia_converter[ICONV_CNVNMAXLEN];
char ia_to[ICONV_CSNMAXLEN];
char ia_from[ICONV_CSNMAXLEN];
int ia_datalen;
const void *ia_data;
};
Our strings are followed by the `ia_datalen` member, which is checked
before the `strlen` calls:
if (din.ia_datalen > ICONV_CSMAXDATALEN)
Since `ICONV_CSMAXDATALEN` has value `0x41000` (and is `unsigned`),
this ensures that `din.ia_datalen` contains at least 1 byte of 0, so
it is not possible to trigger a read out of bounds of the `struct`
however, this code is fragile and could introduce subtle bugs in the
future if the `struct` is ever modified.
eadler [Mon, 5 Mar 2018 09:05:37 +0000 (09:05 +0000)]
MFC r326473:
diag/httpd-error: remove
This is a script for a web server in a specific
configuration. Current web servers don't produce
similar log files and it isn't FreeBSD's
goal to produce a log file analyzer.
This adds HardenedBSD which is a pseudo-fork of FreeBSD. It hasn't had a
release yet, but does does have active users and a community. As such
document it as a branch off of FreeBSD-stable. Ideally this adds enough
space so that future releases are easy enough to add.
eadler [Mon, 5 Mar 2018 08:32:15 +0000 (08:32 +0000)]
MFC r313880:
[asmc] Add support for MacBook Pro 11,2
This patch will add support for MacBookPro 11.2.
For the macros, the MBP11_* macros (for the existing MacBookPro11.3) did not
match so they have been renamed to MBP113_* and a new MBP112_* has been
added (modified copy of MBP11_*).
Some trailing whitespaces may have been removed automatically.
eadler [Mon, 5 Mar 2018 08:24:58 +0000 (08:24 +0000)]
MFC r308663:
[net80211] announce 11n capabilities in probe requests in IBSS mode.
The 802.11-2012 specification notes that a subset of IEs should be present
in IBSS probe requests. This is what (initially) allows nodes to discover
that other nodes are 11n capable. Notably - HTCAP, but not HTINFO.
This isn't everything required to reliably enable 11n between net80211
peers; there's more work to come.
eadler [Mon, 5 Mar 2018 08:18:13 +0000 (08:18 +0000)]
MFC r306139:
[net80211] don't add IBSS node table entries for neighbors from other SSIDs.
The adhoc probe/beacon input path was creating nodes for all SSIDs.
This wasn't a problem when the NICs were configured to only process
frames for the current BSSID, but that didn't allow IBSS merges.
Once avos and I flipped on "beacons from all BSSIDs" to allow for
correct IBSS merging, we found this interesting behaviour.
This adds a check against the current SSID.
* If there's no VAP SSID, allow anything
* If there's a VAP SSID, check if the incoming frame has a suitable
SSID and if so, allow it.
This prevents nodes being created for other SSIDs in probe and beacon
frames - ie, beacons overlapping IBSSes with different SSIDs, and
probe requests from arbitrary devices.
eadler [Mon, 5 Mar 2018 08:17:02 +0000 (08:17 +0000)]
MFC r305895:
[net80211] add a HT method to populate HTCAP based on IBSS requirements.
IBSS negotiation is a subset of the STA/AP negotiation. We always have a
current channel, so base the HT capabilities on the current channel.
This is then put into IBSS probe requests to inform peers of our
11n capabilities.
eadler [Mon, 5 Mar 2018 07:54:57 +0000 (07:54 +0000)]
MFC r306837:
[net80211] extend the ieee80211_rx_stats struct to include more information.
There are a variety of more interesting RX statistics that we should
keep track of but we don't. This is a starting point for adding more
information.
Specifically:
* now the RX rate information and some of the packet status is
passed up;
* The 32 bit or 64 bit TSF is passed up;
* the PHY mode is passed up;
* the "I'm decap'ed AMSDU!" state is passed up;
* number of RX chains is bumped to 4.
This is all mostly a placeholder for getting the data into the RX status
before we pass it up to net80211 - unfortunately we don't yet enforce
that drivers provide it, nor do we pass the provided info back up the
stack so anyone can use the data.
We're going to need to use some of this data moving forward.
Notably, now that some hardware can do AMSDU decap for us (the intel iwm
driver can do it when we flip it on; the ath10k port I'm doing does
it for us) then we need to pass it up through the stack so the duplicate
RX sequence numbers and crypto/IV details don't cause the packet to
be dropped and/or counted against a replay counter.
It's also the beginning of being able to do more interesting node
accounting in net80211. Specifically, once drivers start populating
per-packet rate information, AMPDU information, timestamps, etc,
we can start providing histograms of rate-versus-RSSI, account
for receive time spent per node and other such interesting things.
(Note: I'm also hoping to include ranging and RTT information for
future chipset support; and it's likely going to include it in
this kind of fashion.)
eadler [Mon, 5 Mar 2018 07:26:05 +0000 (07:26 +0000)]
MFC r326276:
various: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
eadler [Mon, 5 Mar 2018 07:14:56 +0000 (07:14 +0000)]
MFC r314181:
[ifconfig] handle illegal WPS frames
Some APs broadcast WPS IE frames with totally broken data. Ifconfig's printwpsie()
loops through WPS frames printing the attributes out; if the frame's data is bad,
printwpsie() can end up looking at out-of-bounds addresses causing ifconfig to
bus error.
Thanks to Takashi Inoue at Nihon U for his efforts in debugging this.
eadler [Mon, 5 Mar 2018 06:52:26 +0000 (06:52 +0000)]
MFC r307901,r308180:
FreeBSD tcp stack used to inform respective congestion control module about the
loss event but not use or obay the recommendations i.e. values set by it in some
cases.
Here is an attempt to solve that confusion by following relevant RFCs/drafts.
Stack only sets congestion window/slow start threshold values when there is no
CC module availalbe to take that action. All CC modules are inspected and
updated when needed to take appropriate action on loss.
tcp_stacks/fastpath module has been updated to adapt these changes.
Note: Probably, the most significant change would be to not bring congestion
window down to 1MSS on a loss signaled by 3-duplicate acks and letting
respective CC decide that value.
eadler [Mon, 5 Mar 2018 06:47:28 +0000 (06:47 +0000)]
MFC r308065:
Remove a PCI ID for a raid controller from Adaptec that was planned,
but never released. Since no real hardware was released with this ID,
just drop it from the aacraid driver. This paves the path for future
drivers for hardware that actually has this ID.
Submitted by: Scott Benesh from Microsemi.
Differential Revision: https://reviews.freebsd.org/D8377
MFC After: 3 days
eadler [Mon, 5 Mar 2018 06:37:02 +0000 (06:37 +0000)]
MFC r306896:
Fix spurious white space introduced in r301059
r301059 accidently introduced a subtle change for point to point interfaces
where an extra space is inserted before the netmask. This can cause issues
for scripts that parse ifconfig output.
hselasky [Sun, 4 Mar 2018 19:15:24 +0000 (19:15 +0000)]
MFC r330236:
Correct the return value from flush_work() and flush_delayed_work() in the
LinuxKPI to comply more with Linux. This fixes an issue when these functions
are used in waiting loops.
eadler [Sat, 3 Mar 2018 21:05:28 +0000 (21:05 +0000)]
MFC r305137:
Eliminate unnecessary loop in _cap_check()
Calling cap_rights_contains() several times with the same inputs is not
going to produce a different output. The variable being iterated, i, is
never used inside the for loop.
The loop is actually done in cap_rights_contains()
eadler [Sat, 3 Mar 2018 18:11:02 +0000 (18:11 +0000)]
MFC r302519:
Audit the file-descriptor number argument for openat(2). Remove a comment
about the desirability of auditing the number, as it was in fact in the
wrong place (in the common path for open(2) and openat(2), and only the
latter accepts a file-descriptor argument). Where other ABIs support
openat(2), it may be necessary to do additional argument auditing as it is
not performed in kern_openat(9).