Ed Maste [Mon, 13 Mar 2023 20:51:51 +0000 (16:51 -0400)]
makefs: do not call brelse if bread returns an error
If bread returns an error there is no bp to brelse. One of these
changes was taken from NetBSD commit 0a62dad69f62 ("This works well
enough to populate..."), the rest were found by looking for the same
pattern.
Reviewed by: imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39069
Mark Johnston [Mon, 6 Mar 2023 20:06:00 +0000 (15:06 -0500)]
netinet: Tighten checks for unspecified source addresses
The assertions added in commit b0ccf53f2455 ("inpcb: Assert against
wildcard addrs in in_pcblookup_hash_locked()") revealed that protocol
layers may pass the unspecified address to in_pcblookup().
Add some checks to filter out such packets before we attempt an inpcb
lookup:
- Disallow the use of an unspecified source address in in_pcbladdr() and
in6_pcbladdr().
- Disallow IP packets with an unspecified destination address.
- Disallow TCP packets with an unspecified source address, and add an
assertion to verify the comment claiming that the case of an
unspecified destination address is handled by the IP layer.
Mark Johnston [Fri, 10 Mar 2023 22:06:46 +0000 (17:06 -0500)]
netbsd-tests: Remove some pointless sleeps from message queue tests
- In the msgctl tests, there is no point in sleeping after a fork().
Just block immediately in wait().
- In non-blocking send/recv tests, just wait for the child to exit once
it's reached a message limit. If a bug prevents the child from
exiting promptly, the test will time out.
Kristof Provost [Sun, 12 Mar 2023 15:08:31 +0000 (16:08 +0100)]
pf tests: test IPv6 fragmentation with link-local addresses
We've observed a panic after pf_refragment6() with link-local addresses,
because pf_refragment6() calls ip6_forward() even for a simple output
case.
That results in us entering ip6_forward() with an mbuf with a NULL
m->m_pkthdr.rcvif, which can cause a NULL deref (but seemingly not for
GUAs.
Ihor Antonov [Fri, 3 Mar 2023 05:17:02 +0000 (23:17 -0600)]
daemon: set supervise_enabled during argument processing
Now when supervsion mode has it's own variable there is really no
reason to set it separately from the rest of the variables. Move
initialization of supervise_enabled var to the argument processing
switch loop, where it belongs.
Ihor Antonov [Fri, 3 Mar 2023 05:17:02 +0000 (23:17 -0600)]
daemon: decouple restart variable
The 'restart' variable was responsible for enablement of restart
behavior and for restart delay. While it may seem convenient it
leads to cluttering the exit/restart logic
Ihor Antonov [Thu, 2 Mar 2023 03:00:42 +0000 (21:00 -0600)]
daemon: move syslog facility and syslog tag into log_params
Since struct log_params already contains logging-related
varaiables, including syslog-related, move remaining
syslog-related variables into struct log_params as well
Ihor Antonov [Thu, 2 Mar 2023 03:00:42 +0000 (21:00 -0600)]
daemon: make dosyslog variable a bool and give it a better name
Following style(9) and C99 recommendation use bool instead of
int for boolean operations. Also give the variable a more descriptive
name that follows boolean naming convention.
Ihor Antonov [Thu, 2 Mar 2023 03:00:41 +0000 (21:00 -0600)]
daemon: initialize mask_orig with sigemptyset()
consolidation of variable declarations and initializations in previous
commit allowed me to detect that one of the signal masks is not properly
initialized with sigemptyset (as man 3 sigsetops demands)
Ihor Antonov [Thu, 2 Mar 2023 03:00:41 +0000 (21:00 -0600)]
daemon: consolidate variable declarations and initializaions
- improve readability by breaking apart single-line multi-variable declarations
- initialize simple variables at declaration site
- move other top-level variable initializations closer declarations
to avoid potential UB and unclutter the use-site.
Ihor Antonov [Fri, 10 Feb 2023 04:36:07 +0000 (22:36 -0600)]
daemon: add long_opts
Long options improve readability of scripts, makes code comprehension
easier. This patch adds long options while preserving the existing CLI
interface.
Mitchell Horne [Tue, 14 Feb 2023 18:02:12 +0000 (14:02 -0400)]
intrng: track counter allocation with a bitmap
Crucially, this allows releasing counters, and interrupt sources by
extension. Where before we were incrementing intrcnt_index with atomics,
now we protect the bitmap using the existing isrc_table_lock mutex.
Vitaliy Gusev [Mon, 6 Mar 2023 12:42:15 +0000 (13:42 +0100)]
bhyvectl: don't permit using --suspend and --checkpoint at same time
When using the --suspend and --checkpoint parameter, bhyvectl will
produce two checkpoint images and the exits. This is slightly ambiguous.
So, permit only one of theses parameters at the same time.
Corvin Köhne [Wed, 11 Aug 2021 08:02:57 +0000 (10:02 +0200)]
bhyve: add common fwcfg items
Qemu defines some common fwcfg items. We don't need to support all of
them. Only a subset needs to be present for fwcfg to work properly.
- signature
The signature is used by the guest to check if qemu's fwcfg is
available or not.
- id
The id is used by the guest to check which features are supported by
the fwcfg implementation of the hypervisor.
- file_dir
The file dir reports all fwcfg items which don't have a fixed index.
These are mostly user defined fwcfg items.
Corvin Köhne [Wed, 11 Aug 2021 08:01:19 +0000 (10:01 +0200)]
bhyve: add helper to add fwcfg items
This helper makes it easier to add multiple fwcfg items. You can pass an
index and some data to the helper. The helper adds these information to
the fwcfg emulation so that the guest reads the given data on the
specified index.
Kyle Evans [Fri, 10 Mar 2023 05:27:39 +0000 (23:27 -0600)]
kern: physmem: don't create a new exregion for different flags...
... if the region we're adding is an exact match to one that we already
have. Simply extend the flags of the existing entry as needed so that
we don't end up with duplicate regions.
It could be that we got the exclusion through two different means, e.g.,
FDT memreserve and the EFI memory map, and we may derive different
characteristics from each. Apply the most restrictive set to the
region.
Reported by: Mark Millard <marklmi yahoo com>
Reviewed by: mhorne
Kyle Evans [Wed, 1 Mar 2023 06:04:49 +0000 (00:04 -0600)]
efifb: add a tunable to select the framebuffer cache attribute
Mapping the framebuffer with WC (Write Combined) memory type can, in
practice, cause some memory transactions to be rate-limited at a
fraction of the fb write rate. WC allows one core to queue up many
globally visible write transactions, and in the process some unrelated
transactions may end up having to wait for all of the queued up PCI
writes to be flushed.
Add an hw.efifb.cache_attr tunable to allow mapping the framebuffer as
uncacheable instead. We should likely be taking a more careful approach
of checking the memory map to determine which cacheability attributes
are feasible, but the knob lets us use our historically functional
behavior while offering a convenient way to switch on a stock kernel.
The only valid values for hw.efifb.cache_attr at this time are "uc" and
"wc".
Original patch by Marc De La Gueronniere <mdelagueronniere@verisign.com>
along with previous testing.
Reviewed by: imp
Sponsored by: Verisign, Inc.
Sponsored by: Klara, Inc.
Kyle Evans [Wed, 1 Mar 2023 04:24:54 +0000 (22:24 -0600)]
i18n: csmapper: hook up the top-level .src files to the build
The top-level charset.pivot.src may be empty, but the top-level
mapper.dir.src is not -- it contains some definitions for supplementary
UCS planes. The SMP/SSP definitions aren't actually used at the moment,
but the inclusion of the SIP definitions fixes conversions involving
JISX0213-1/JISX0213-2 to be possible.
Ed Maste [Thu, 16 Mar 2023 14:29:55 +0000 (10:29 -0400)]
ssh: Update to OpenSSH 9.3p1
This release fixes a number of security bugs and has minor new
features and bug fixes. Security fixes, from the release notes
(https://www.openssh.com/txt/release-9.3):
This release contains fixes for a security problem and a memory
safety problem. The memory safety problem is not believed to be
exploitable, but we report most network-reachable memory faults as
security bugs.
* ssh-add(1): when adding smartcard keys to ssh-agent(1) with the
per-hop destination constraints (ssh-add -h ...) added in OpenSSH
8.9, a logic error prevented the constraints from being
communicated to the agent. This resulted in the keys being added
without constraints. The common cases of non-smartcard keys and
keys without destination constraints are unaffected. This problem
was reported by Luci Stanescu.
* ssh(1): Portable OpenSSH provides an implementation of the
getrrsetbyname(3) function if the standard library does not
provide it, for use by the VerifyHostKeyDNS feature. A
specifically crafted DNS response could cause this function to
perform an out-of-bounds read of adjacent stack data, but this
condition does not appear to be exploitable beyond denial-of-
service to the ssh(1) client.
The getrrsetbyname(3) replacement is only included if the system's
standard library lacks this function and portable OpenSSH was not
compiled with the ldns library (--with-ldns). getrrsetbyname(3) is
only invoked if using VerifyHostKeyDNS to fetch SSHFP records. This
problem was found by the Coverity static analyzer.
Accelerated MFC to prepare for inclusion in 13.2-RELEASE.
Justin Hibbits [Sun, 12 Mar 2023 15:46:57 +0000 (11:46 -0400)]
powerpc/pmap: Add pmap_sync_icache() for radix pmap
DTrace pid provider writes to user space to set breakpoints. Failing to
sync the icache can lead to SIGTRAP. Radix pmap is the only one missing
a pmap_sync_icache() method, so the pid provider would only potentially
crash a process on a POWER9 or later system.
Justin Hibbits [Sat, 11 Mar 2023 16:30:00 +0000 (11:30 -0500)]
dtrace/powerpc: "Fix" stack traces across trap frames
In function boundary tracing the link register is not yet saved to the
save stack location, so the save point contains whatever the previous
'lr' save was, or even garbage, at the time the trap is taken. Address
this by explicitly loading the link register from the trap frame instead
of the stack, and propagate that out.
sender_body() uses OPT_COPY to copy the frame into the destination slot
for the first 100,000 packets. Then it removes OPT_COPY to improve
performance. The function always starts with the first tx ring.
If multiple tx rings are in use, it is possible that the initial 100k
packets will only use the first ring. After OPT_COPY is removed, there
may come a time when the first ring is full and sender_body() will move
to the next ring which was never initialized. As a result it will send
all zero packets. (This was discovered when the receiving NIC reported
rx errors.)
Before any transmissions, step through every tx ring and set
NS_BUF_CHANGED on every slot. That will force send_packets() to
initialize the slot when first used. Since it only copies when
necessary, it performs better than always setting OPT_COPY. With this
change, there is no reason for the "drop copy" code.
Submitted by: Brian Poole <brian90013@gmail.com>
MFC after: 7 days
Warner Losh [Mon, 13 Mar 2023 20:28:51 +0000 (14:28 -0600)]
makefs: make msdos creation go fast
Add missing brelse(bp). Without it the cache grows and we have a n^2
lookup. I'm not entirely sure why we read the block before we write it
back out, since the only side effect of that is to allocate memory,
clear the memory, read it in from disk, throw it away with the contents
of the file being written out. We likely should just do a getblk() here
instead, but even with all that, this takes the time it takes to create
a 150MB msdos fs image down from 5 minutes to 30 seconds.
See code review for how we got this. tl;dr: netbsd move brelse
into bwrite and we picked up msdos code after that, but not the
move. That change should be picked up later.
Sponsored by: Netflix
Reviewed by: emaste
MFC After: 1 day (13.2 is coming fast)
Differential Revision: https://reviews.freebsd.org/D39025
Mark Johnston [Wed, 1 Mar 2023 20:21:30 +0000 (15:21 -0500)]
epair: Simplify the transmit path and address lost wakeups
epairs currently shuttle all transmitted packets through a single global
taskqueue thread. To hand packets over to the taskqueue thread, each
epair maintains a pair of ring buffers and a lockless scheme for
notifying the thread of pending work. The implementation can lead to
lost wakeups, causing to-be-transmitted packets to end up stuck in the
queue.
Rather than extending the existing scheme, simply replace it with a
linked list protected by a mutex, and use the mutex to synchronize
wakeups of the taskqueue thread. This appears to give equivalent or
better throughput with >= 16 producer threads and eliminates the lost
wakeups.
Mark Johnston [Mon, 6 Mar 2023 14:39:17 +0000 (09:39 -0500)]
epair: Avoid loading m_flags into a short
The m_flags field of struct mbuf is 24 bits wide and so gets truncated
in a couple of places in the epair code. Instead of preserving the
entire flag set, just remember whether M_BCAST or M_MCAST is set.
Mark Johnston [Mon, 27 Feb 2023 18:41:58 +0000 (13:41 -0500)]
netmap: Fix compiler warnings in tools
- Remove write-only variables, or hide them in cases where their use is
conditional or commented out.
- Check for errors from cmd_apply() in nmreplay.
- Use ANSI C definitions.
Gordon Bergling [Sun, 26 Feb 2023 13:33:58 +0000 (14:33 +0100)]
route.8: Fix mandoc warnings
- skipping end of block that is not open: Oc
- no blank before trailing delimiter
- remove useless TN macros
- remove commented out reference for esis(4)
Gordon Bergling [Sun, 26 Feb 2023 13:15:34 +0000 (14:15 +0100)]
route.8: Add information about ROUTE_MPATH and FIB_ALGO
Since the kernel options ROUTE_MPATH and FIB_ALGO are enabled
per default for a while, it's good to have some user facing
documetation about the general functionality of multipath
routing and fib lookup algorithms.
Reviewed by: pauamma, Jose Luis Duran <jlduran at gmail dot com>
Differential Revision: https://reviews.freebsd.org/D38783
Tijl Coosemans [Wed, 15 Feb 2023 20:09:51 +0000 (21:09 +0100)]
rc.d: Generate machine-id from hostid_save
rc.d/hostid_save saves a UUID generated by rc.d/hostid in /etc/hostid.
Store the same UUID, without hyphens, in /etc/machine-id. The hypĥens
are removed with a shell function because hostid_save runs before file
systems are mounted so other tools may not be available yet.
This eliminates some duplication between hostid and machine-id and for
virtual machines machine-id now contains the UUID configured in the
hypervisor like it does on Linux.
When CVE-2022-3437 was fixed by changing memcmp to be a constant
time and the workaround for th e compiler was to add "!=0". However
the logic implmented was inverted resulting in CVE-2022-4152.
Colin Percival [Sun, 5 Mar 2023 20:10:57 +0000 (12:10 -0800)]
linux_80211: Don't dequeue lsta if not queued
This fixes an instapanic when restarting wpa_supplicant on my laptop's
iwlwifi device. After this change, iwlwifi enters a nonfunctional
state if wpa_supplicant is restarted, but "service netif restart wlan0"
is enough to get it working again.
Mitchell Horne [Fri, 24 Feb 2023 17:19:54 +0000 (13:19 -0400)]
bcm_dma: don't dereference NULL softc
This file defines a small API to be used by other drivers. If any of
these functions are called before the bcm_dma device has attached we
should handle the error gracefully. Fix a formatting quirk while here.
Reviewed by: manu
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D38756
Mark Millard [Fri, 17 Feb 2023 20:30:35 +0000 (16:30 -0400)]
bcm_dma: attach at an earlier bus pass
The sdhci_bcm driver attach routine relies on bcm_dma already being
attached, in order to allocate a DMA channel. However, both drivers
attached at the default pass so this is not guaranteed. Newer RPI
firmware exposes this assumption, and the result is a NULL-dereference
in bcm_dma_allocate().
Mitchell Horne [Wed, 22 Feb 2023 15:11:15 +0000 (11:11 -0400)]
lockmgr: upgrade panic return checks
We short-circuit lockmgr functions in the face of a kernel panic. Other
lock implementations do this with a SCHEDULER_STOPPED() check, which
covers the additional case where the debugger is active but the system
has not panicked. Update this code to match that behaviour.
Xin LI [Sun, 5 Mar 2023 09:40:13 +0000 (01:40 -0800)]
xz: Improve compatibility with systems without capability mode support
When the kernel is built without capability mode support, or when
using an emulator like qemu-user-static that does not translate
system calls, these calls will return a negative number and set
the errno to ENOSYS. However, this error does not indicate a
real programming or runtime error and is generally ignored by
base system applications built with capability mode sandboxing.
Match this behavior by making xz(1) to ignore ENOSYS errors
when calling capability mode system calls too.