Mark Johnston [Wed, 30 Mar 2022 19:41:44 +0000 (15:41 -0400)]
pf: Initialize the table entry zone limit at initialization time
The limit may later be updated by the "set limit" directive in pf.conf.
UMA does not permit a limit to be set on a zone after any items have
been allocated from a zone.
Other UMA zones used by pf do not appear to be susceptible to this
problem: they either set a limit at zone creation time or never set one
at all.
PR: 260406
Reviewed by: kp
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34713
- Remove extraneous examples
- Apply "-compact" to the list macros so that it is possible to fit the
definitions of the types and formats in one terminal screen.
ifconfig.8: Clean up formatting of -f documentation
This change is about moving the -f documentation into the right place in
the manual. Also, document the IFCONFIG_FORMAT variable in the
ENVIRONMENT section.
In order to clean up the layout of the manual page, let's keep
parameters in the end of the DESCRIPTION section. This patch does not
change any content, it's meant to only move the content around before
refactoring.
Kristof Provost [Tue, 29 Mar 2022 12:15:47 +0000 (14:15 +0200)]
libpfct: Return errno from pfctl_add_eth_rule()
If the pfctl_add_eth_rule() ioctl fails return the errno, not the error
returned by ioctl(). That will give us slightly more insight into what
went wrong, because ioctl() would always return -1.
Wei Hu [Wed, 30 Mar 2022 06:56:09 +0000 (06:56 +0000)]
Hyper-V: vPCI: Write back original BAR values after prepopulating bars
In vmbus_pcib_prepopulate_bars(), after writing all 1's to the
avialable device bars, those without being configured by device driver
are also set to its initialized values. However, this could cause
weird problem which results to device failure. The issue has been
reported to happen on LSI 9211-8i HBA card for DDA access on Hyper-V.
Writing back the orignal BAR values seem to work around this problem.
Ed Maste [Mon, 28 Mar 2022 21:03:10 +0000 (17:03 -0400)]
fstyp: detect Raspberry Pi Pico boot filesystem as FAT
fstyp looks for a 0x55 0xAA signature at offset 510, but this is not
required by specifications and is not proivded by the Raspberry Pi Nano
bootloader.
We should really remove the signature check and implement a more
comprehensive BPB validation instead, but it will require more
investigation and testing. For now just add a special case for the
Raspberry Pi Nano bootloader, to avoid introducing regressions or new
false positives.
PR: 262896
Reviewed by: delphij
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34699
Ed Maste [Tue, 29 Mar 2022 17:55:21 +0000 (13:55 -0400)]
Clear non-x86 compat stat syscall kernel stack memory disclosure
32-bit architectures other than i386 have 64-bit time_t which results
in a struct timespec with 12 bytes for tv_sec and tv_nsec, and 4 bytes
of padding. Zero the padding holes in struct stat32 and struct
freebsd11_stat32.
i386 has 32-bit time_t; struct timespec is 8 bytes and has no padding.
Found by inspection, prompted by a report by Reno Robert of Trend Micro
Zero Day Initiative. The originally reported issue (ZDI-CAN-14538) is
already fixed in all supported FreeBSD versions (it was addressed
incidentally as part of the 64-bit inode project).
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34709
- There is no need to mention in the synopsis that -f can be a list of
comma-separated type:format pairs. Let's keep it simple instead.
- Mention that -f can be supplied multiple times.
- Add -f to other entries in the synopsis where it can be used.
ifconfig.8: Add capability codes descriptions from handbook
We document capability codes (the CAPS field of "ifconfig wlan0 scan")
in both ifconfig(8) and the handbook. The list is more complete in the
manual page, while the descriptions of individual capabilities are more
detailed in the handbook.
In order to reduce content duplication and bit rot, let's move
handbook's details to the manual page and reference the manual page
whenever necessary.
Ed Maste [Mon, 28 Mar 2022 13:33:54 +0000 (09:33 -0400)]
mpr/mps/mpt: verify cfg page ioctl lengths
*_CFG_PAGE ioctl handlers in the mpr, mps, and mpt drivers allocated a
buffer of a caller-specified size, but copied to it a fixed size header.
Add checks that the size is at least the required minimum.
Note that the device nodes are owned by root:operator with 0640
permissions so the ioctls are not available to unprivileged users.
This change includes suggestions from scottl, markj and mav.
Two of the mpt cases were reported by Lucas Leong (@_wmliang_) of
Trend Micro Zero Day Initiative; scottl reported the third case in mpt.
Same issue found in mpr and mps after discussion with imp.
Reported by: Lucas Leong (@_wmliang_), Trend Micro Zero Day Initiative
Reviewed by: imp, mav
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34692
Rick Macklem [Mon, 28 Mar 2022 22:11:52 +0000 (15:11 -0700)]
nfscl: Fix IO_APPEND writes from kernel space
Commit 867c27c23a5c modified the NFS client so that
it did IO_APPEND writes directly to the NFS server
bypassing the buffer cache, via a call to
nfs_directio_write(). Unfortunately, this (very old)
function assumed that the uio iov was for user space
addresses. As such, a IO_APPEND VOP_WRITE() that
was for system space, such as ktrace(1) does, would
write bogus data.
This patch fixes nfs_directio_write() so that it
handles kernel space uio iovs.
Brooks Davis [Mon, 28 Mar 2022 18:43:03 +0000 (19:43 +0100)]
syscallarg_t: Add a type for system call arguments
This more clearly differentiates system call arguments from integer
registers and return values. On current architectures it has no effect,
but on architectures where pointers are not integers (CHERI) and may
not even share registers (CHERI-MIPS) it is necessiary to differentiate
between system call arguments (syscallarg_t) and integer register values
(register_t).
наб [Mon, 28 Mar 2022 17:24:22 +0000 (19:24 +0200)]
config: user: check for <aio.h>
And always zpool_read_label_slow() on non-conformant libcs
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Co-authored-by: José Luis Salvador Rufo <salvador.joseluis@gmail.com> Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Closes #13207
Closes #13254