Justin Hibbits [Thu, 9 Feb 2023 02:32:47 +0000 (21:32 -0500)]
infiniband: Convert BPF handling for IfAPI
Summary:
All callers of infiniband_bpf_mtap() call it through the wrapper macro,
which checks the if_bpf member explicitly. Since this is getting
hidden, move this check into the internal function and remove the
wrapper macro.
Ed Maste [Wed, 8 Feb 2023 13:16:53 +0000 (08:16 -0500)]
ssh: fix leak and apply style(9) to hostname canonicalization
Fixes: bf2e2524a2ce ("ssh: canonicize the host name before...")
Fixes: 3e74849a1ee2 ("ssh: canonicize the host name before...")
Reviewed by: rew
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D38441
Ed Maste [Tue, 14 Mar 2023 17:01:20 +0000 (13:01 -0400)]
compiler-rt: remove eprintf
It was used by ancient GCC assert.h. Prior to 2001 GCC used to provide
its own assert.h The GCC assert.h required __eprintf to emit the error
message. FreeBSD's own assert.h never used this.
Reviewed by: ed (previously), imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D2597
dl [Tue, 14 Mar 2023 04:26:41 +0000 (22:26 -0600)]
Increase protection provided by veriexec with new unlink/rename hooks.
Functions implemented :
- mac_veriexec_vnode_check_unlink: Unlink on a file has been
requested and requires validation. This function prohibits the
deleting a protected file (or deleting one of these hard links, if
any).
- mac_veriexec_vnode_check_rename_from: Rename the file has been
requested and must be validated. This function controls the renaming
of protected file
- mac_veriexec_vnode_check_rename_to: File overwrite rename has been
requested and must be validated. This function prevent overwriting of
a file protected (overwriting by mv command).
The 3 fonctions together aim to control the 'removal' (via unlink) and
the 'mv' on files protected by veriexec. The intention is to reach the
functional level of NetBSD veriexec.
Add sysctl node security.mac.veriexec.unlink to toggle control on
syscall unlink.
Add tunable kernel variable security.mac.veriexec.block_unlink to toggle
unlink protection. Add the corresponding read-only sysctl.
[ tidied up commit message, trailing whitespace, long lines, { placement ]
Allan Jude [Sat, 26 Nov 2022 18:11:13 +0000 (18:11 +0000)]
loader: Add support for booting from a ZFS snapshot
When booting from a snapshot we need to follow a different code path
to turn the objset ID into the name, and for forward lookups we need
to walk the parent's snapnames_zap.
With this, it is possible to set the pools BOOTFS property to a
snapshot and boot with a read-only filesystem of that snapshot.
Reviewed by: tsoome, rew, imp
Sponsored By: Beckhoff Automation GmbH & Co. KG
Sponsored By: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D38600
Roger Pau Monné [Mon, 13 Mar 2023 14:17:21 +0000 (15:17 +0100)]
xen: take struct size into account for video information
The xenpf_dom0_console_t structure can grow as more data is added, and
hence we need to check that the fields we accesses have been filled by
Xen. The only extra field FreeBSD currently uses is the top 32 bits
for the frame buffer physical address.
Note that this field is present in all the versions that make the
information available from the platform hypercall interface, so the
check here is mostly cosmetic, and to remember us that newly added
fields require checking the size of the returned data.
Fixes: 6f80738b228c ('xen: fetch dom0 video console information from Xen')
Sponsored by: Citrix Systems R&D
lucy [Mon, 13 Mar 2023 22:01:12 +0000 (16:01 -0600)]
Add GNU glibc compatible secure_getenv
Add mostly glibc and msl compatible secure_getenv. Return NULL if
issetugid() indicates the process is tainted, otherwise getenv(x). The
rational behind this is the fact that many Linux applications use this
function instead of getenv() as it's widely consider a, "best
practice".
Jessica Clarke [Tue, 14 Mar 2023 04:12:31 +0000 (04:12 +0000)]
arm64: Move Azure-specific config from std.hyperv to std.azure
Hyper-V does not provide Mellanox hardware, some of Azure's instances
do, thus the configuration to enable them does not belong in the generic
std.hyperv config.
Fixes: 15e7fa83ef3c ("arm64: Hyper-V: Add vPCI and Mellanox driver modules into build")
Warner Losh [Tue, 14 Mar 2023 02:33:35 +0000 (20:33 -0600)]
Parse /kboot.conf
If there's a kboot.conf, prase it after the command line args are
parsed. It's not always easy to get all the right command line args
depending on the environment. Allow an escape hatch. While we can't do
everything one might like in this file, we can do enough.
Ed Maste [Mon, 13 Mar 2023 20:51:51 +0000 (16:51 -0400)]
makefs: do not call brelse if bread returns an error
If bread returns an error there is no bp to brelse. One of these
changes was taken from NetBSD commit 0a62dad69f62 ("This works well
enough to populate..."), the rest were found by looking for the same
pattern.
Reviewed by: imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39069
Kyle Evans [Sun, 5 Mar 2023 00:49:04 +0000 (18:49 -0600)]
arm: generic_timer: use interrupt-names when available
Offsets for all of thse can be a bit complicated as not all interrupts
will be present, only phys and virt are actually required, and sec-phys
could optionally be specified before phys. Push idx/name pairs into
a new config struct and maintain the old indices while still getting the
correct timers.
Split fdt/acpi attach out independently and allocate interrupts before
we head into the common attach(). The secure physical timer is also
optional there, so mark it so to avoid erroring out if we run into
problems.
Reviewed by: andrew
Differential Revision: https://reviews.freebsd.org/D38911
Warner Losh [Mon, 13 Mar 2023 20:28:51 +0000 (14:28 -0600)]
makefs: make msdos creation go fast
Add missing brelse(bp). Without it the cache grows and we have a n^2
lookup. I'm not entirely sure why we read the block before we write it
back out, since the only side effect of that is to allocate memory,
clear the memory, read it in from disk, throw it away with the contents
of the file being written out. We likely should just do a getblk() here
instead, but even with all that, this takes the time it takes to create
a 150MB msdos fs image down from 5 minutes to 30 seconds.
See code review for how we got this. tl;dr: netbsd move brelse
into bwrite and we picked up msdos code after that, but not the
move. That change should be picked up later.
Sponsored by: Netflix
Reviewed by: emaste
MFC After: 1 day (13.2 is coming fast)
Differential Revision: https://reviews.freebsd.org/D39025
Pawel Biernacki [Mon, 13 Mar 2023 16:36:11 +0000 (16:36 +0000)]
netinet6: allow disabling excess log messages
RFC 4443 specifies cases where certain packets, like those originating from
local-scope addresses destined outside of the scope shouldn't be forwarded.
The current practice is to drop them, send ICMPv6 message where appropriate,
and log the message:
At times the volume of such messages cat get very high. Let's allow local
admins to disable such messages on per vnet basis, keeping the current
default (log).
Dimitry Andric [Sat, 25 Feb 2023 00:45:48 +0000 (01:45 +0100)]
zfs: Use .section .rodata instead of .rodata on FreeBSD
In commit 0a5b942d4 the FreeBSD SECTION_STATIC macro was set to
".rodata". This assembler directive is supported by LLVM (as a
convenience alias for ".section .rodata") by not by GNU as.
This caused the FreeBSD builds that are done with gcc to fail.
Therefore, use ".section .rodata" instead, similar to the other
asm_linkage.h headers.
lib/csu: do not compile the body of handle_static_init() for PIC build at all
The referenced symbols that provide init array boundaries are weak,
hidden, and undefined. The code that iterates over that arrays is not
used for the case when libc is compiled as dso.
This should fix linking with ld.bfd.
Sponsored by: The FreeBSD Foundation
MFC after: 3 weeks
Rick Macklem [Sun, 12 Mar 2023 21:34:25 +0000 (14:34 -0700)]
rc.d: Fix NFS server startup scripts to enable vnet prison use
Now that commit cbbb22031f9b is in main,
it is possible to run nfsd(8), nfsuserd(8), mountd(8),
gssd(8) and rpc.tlsservd(8) in an appropriately configured vnet
prison if the "allow.nfsd" option is specified in jail.conf.
This patch fixes the rc scripts for this.
Mostly just replaces the "nojail" KEYWORD with "nojailvnet",
but also avoids setting vfs.nfsd.srvmaxio in a prison, since it
must be set outside of the prisons and applies to all
nfsd(8) instances.
Ihor Antonov [Sun, 12 Mar 2023 16:07:34 +0000 (10:07 -0600)]
daemon: move variables into struct daemon_state
The fact that most of the daemon's state is stored on the stack
of the main() makes it hard to split the logic smaller chunks.
Which in turn leads to huge main func that does a a lot of things.
struct log_params existed because some variables need to be passed
into other functions together.
This change renames struct log_params into daemon_state
and moves the rest of the variables into it. This is a necessary
preparation step for further refactroing.
Justin Hibbits [Sun, 12 Mar 2023 15:46:57 +0000 (11:46 -0400)]
powerpc/pmap: Add pmap_sync_icache() for radix pmap
DTrace pid provider writes to user space to set breakpoints. Failing to
sync the icache can lead to SIGTRAP. Radix pmap is the only one missing
a pmap_sync_icache() method, so the pid provider would only potentially
crash a process on a POWER9 or later system.
The current name was a historical curiosity that started when init array
support was added, and then the file appeared a convenient place for the
addition of the MI common code to csu. It is now referenced by name in
single place and the rename is easy, so do it.
Sponsored by: The FreeBSD Foundation
MFC after: 3 weeks
Why? Most trivial point, it shaves around 600 bytes from the dynamic
binaries on amd64. Less trivial, the removed code is no longer part of
the ABI, and we can ship updates to it with libc updates. Right now most
of the csu is linked into the binaries and require us to do somewhat
tricky ABI compat when it needs to change. For instance, the init_array
change would be much simpler and does not require note tagging if we
have init calling code in libc.
This could be improved more, by splitting dynamic and static
initialization. For instance, &_DYNAMIC tests can be removed then.
Such change, nonetheless, would require building libc three times.
I left this for later, after this change stabilizes, if ever.
Reviewed by: markj
Discussed with: jrtc27 (some objections, see the review), imp
Tested by: markj (aarch64)
Sponsored by: The FreeBSD Foundation
MFC after: 3 weeks
Differential revision: https://reviews.freebsd.org/D37220
Justin Hibbits [Sat, 11 Mar 2023 16:30:00 +0000 (11:30 -0500)]
dtrace/powerpc: "Fix" stack traces across trap frames
In function boundary tracing the link register is not yet saved to the
save stack location, so the save point contains whatever the previous
'lr' save was, or even garbage, at the time the trap is taken. Address
this by explicitly loading the link register from the trap frame instead
of the stack, and propagate that out.
Mateusz Guzik [Tue, 7 Mar 2023 20:56:54 +0000 (20:56 +0000)]
vm: read-locked fault handling for backing objects
This is almost the simplest patch which manages to avoid write locking
for backing objects, as a result mostly fixing vm object contention
problems.
What is not fixed:
1. cacheline ping pong due to read-locks
2. cacheline ping pong due to pip
3. cacheling ping pong due to object busying
4. write locking on first object
On top of it the use of VM_OBJECT_UNLOCK instead of explicitly tracking
the state is slower multithreaded that it needs to be, done for
simplicity for the time being.
Mark Johnston [Fri, 10 Mar 2023 22:06:46 +0000 (17:06 -0500)]
netbsd-tests: Remove some pointless sleeps from message queue tests
- In the msgctl tests, there is no point in sleeping after a fork().
Just block immediately in wait().
- In non-blocking send/recv tests, just wait for the child to exit once
it's reached a message limit. If a bug prevents the child from
exiting promptly, the test will time out.
Warner Losh [Fri, 10 Mar 2023 13:55:11 +0000 (06:55 -0700)]
opts: Minor cleanup of ZFS options
Remove redundant CPUARCH test: we really just want a plain MACHINE_ARCH
here.
Second, always turn off LOADER_ZFS when we turn off ZFS. Not 100%
required, but we did it some places and not others. There's no current
mechanism to say that if X is disabled then X_Y must be too.
Just like stdin and stdout, stderr is a copy of the listen socket inherited from inetd. We need to close it so inetd can process further requests, be restarted, etc.
Sponsored by: Klara, Inc.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D38968
Stefan Eßer [Fri, 10 Mar 2023 10:33:33 +0000 (11:33 +0100)]
contrib/bc: update to version 6.4.0
This version contains a fix for an issue that can affect complex
bc scripts that use multiple read() functions that receive input from
an interactive user. The same value could be returned multiple times.
Kyle Evans [Fri, 10 Mar 2023 05:27:39 +0000 (23:27 -0600)]
kern: physmem: don't create a new exregion for different flags...
... if the region we're adding is an exact match to one that we already
have. Simply extend the flags of the existing entry as needed so that
we don't end up with duplicate regions.
It could be that we got the exclusion through two different means, e.g.,
FDT memreserve and the EFI memory map, and we may derive different
characteristics from each. Apply the most restrictive set to the
region.
Reported by: Mark Millard <marklmi yahoo com>
Reviewed by: mhorne
When CVE-2022-3437 was fixed by changing memcmp to be a constant
time and the workaround for th e compiler was to add "!=0". However
the logic implmented was inverted resulting in CVE-2022-4152.
OpenSSL 3.0 has deprecated the sha256 api, let's use libmd which has the
same API instead.
In order to avoid the collision in definitions (sha256.h cannot be
included in the same file as a file where openssl headers has been
included) let's move the sha256 related code in its own file
Roger Pau Monné [Mon, 21 Nov 2022 11:40:08 +0000 (12:40 +0100)]
xen: fetch dom0 video console information from Xen
It's possible for Xen to switch the video mode set by the boot loader,
so that the information passed in the kernel metadata is no longer
valid. Fetch the video mode used by Xen using an hypercall and update
the medatada for the kernel to use the correct video mode.
netlink: add snl(3) default parsers for routes and links.
This change adds the "default" parsers of _all_ route/link attributes
exported by the kernel.
It removes the need to declare similar parsers in the userland applications,
simplifying their logic.
netlink: add rtsock-compatible header to use with netlink snl(3).
Some routing socket defines (`RTM_` and `RTA_` ones) clash with the ones
used by the the Netlink.
As some rtsock definitions like interface flags or route flags are used in
both netlink and rtsock, provide a convenient way to include those without
running into the define collision.