Ed Maste [Mon, 28 Mar 2022 13:33:54 +0000 (09:33 -0400)]
mpr/mps/mpt: verify cfg page ioctl lengths
*_CFG_PAGE ioctl handlers in the mpr, mps, and mpt drivers allocated a
buffer of a caller-specified size, but copied to it a fixed size header.
Add checks that the size is at least the required minimum.
Note that the device nodes are owned by root:operator with 0640
permissions so the ioctls are not available to unprivileged users.
This change includes suggestions from scottl, markj and mav.
Two of the mpt cases were reported by Lucas Leong (@_wmliang_) of
Trend Micro Zero Day Initiative; scottl reported the third case in mpt.
Same issue found in mpr and mps after discussion with imp.
Reported by: Lucas Leong (@_wmliang_), Trend Micro Zero Day Initiative
Reviewed by: imp, mav
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34692
Rick Macklem [Mon, 28 Mar 2022 22:11:52 +0000 (15:11 -0700)]
nfscl: Fix IO_APPEND writes from kernel space
Commit 867c27c23a5c modified the NFS client so that
it did IO_APPEND writes directly to the NFS server
bypassing the buffer cache, via a call to
nfs_directio_write(). Unfortunately, this (very old)
function assumed that the uio iov was for user space
addresses. As such, a IO_APPEND VOP_WRITE() that
was for system space, such as ktrace(1) does, would
write bogus data.
This patch fixes nfs_directio_write() so that it
handles kernel space uio iovs.
Brooks Davis [Mon, 28 Mar 2022 18:43:03 +0000 (19:43 +0100)]
syscallarg_t: Add a type for system call arguments
This more clearly differentiates system call arguments from integer
registers and return values. On current architectures it has no effect,
but on architectures where pointers are not integers (CHERI) and may
not even share registers (CHERI-MIPS) it is necessiary to differentiate
between system call arguments (syscallarg_t) and integer register values
(register_t).
Mark Johnston [Sun, 20 Mar 2022 01:59:13 +0000 (21:59 -0400)]
audit: Initialize vattr fields before calling VOP_GETATTR
Some filesystems do not fill out certain optional vattr fields. To
ensure that they do not get copied out to userspace uninitialized, use
VATTR_NULL to provide default values.
Reported by: KMSAN
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
John F. Carr [Sat, 19 Mar 2022 22:51:43 +0000 (18:51 -0400)]
hpet: Allow a MMIO window smaller than 1K
Some new AMD systems provide a HPET MMIO region smaller than the 1KB
specified, and a correspondingly small number of timers. Handle this in
the HPET driver rather than requiring a 1KB window. This allows the
HPET driver to attach on such systems.
Mateusz Guzik [Mon, 21 Mar 2022 16:34:42 +0000 (16:34 +0000)]
pf: include anchor path when hashing a rule
Otherwise all anchors hash to the same value.
Note this can result in checksum mismatches between pfsynced hosts,
but it has to be sorted out as the previously computed checksum
would fail to indicate changed anchors.
Andrew Turner [Sat, 26 Mar 2022 15:59:34 +0000 (15:59 +0000)]
Treat cache write as a read in arm64 data faults
On arm64 we can ask the hardware to perform cache operations from
userspace. These require read permission however when the memory is
unmapped the kernel will receive a write exception. Add a check to
see if the cause of the exception is from the cache and pass a memory
read fault type to the vm subsystem.
PR: 262836
Reported by: dch
Sponsored by: The FreeBSD Foundation
sh: fix autocompletion for commands that share name with a directory
Provide libedit a special function making it always add a space after
the autocompleted command. The default one adds a slash if the word is
also a name of a directory in the current working directory, but this is
wrong for commands.
Use of stdatomic.h is undefined in C++, even the C++ 2020 standard does not
list stdatomic.h as a C library header supported by the language. More,
there are some subtle differences between the <atomic> C++ header, and
C11+ stdatomic.h provided features.
Nonetheless, it is a quality of the implementation aspect, so let mis-users
mis-use stdatomic.h as they want, by making a compat shim for _Bool.
Mateusz Guzik [Sun, 27 Mar 2022 18:01:38 +0000 (18:01 +0000)]
clang: Skip attempts to access /proc/self/fd
In contrast to Linux it does not provide entries which can be readlinked
-- these are just regular files, not giving the expected outcome. That's
on top of procfs not being mounted by default to begin with.
Reviewed by: dim
Differential Revision: https://reviews.freebsd.org/D34684
Martin Matuska [Sat, 26 Mar 2022 10:04:36 +0000 (11:04 +0100)]
libarchive: merge vendor bugfixes
Bugfixes:
IS #1672 and OSS-Fuzz #38766:
(zip reader) fix possible out-of-bounds read in zipx_lzma_alone_init()
PR #1676: (mtree reader) remove the unused variable "detected_bytes"
PR #1674: (doc) fix use of At mdoc(7) macro in cpio.5
Martin Matuska [Sat, 26 Mar 2022 09:46:31 +0000 (10:46 +0100)]
Update vendor/libarchive to libarchive/libarchive@cfaa28168
Bugfixes:
IS #1672 and OSS-Fuzz #38766:
(zip reader) fix possible out-of-bounds read in zipx_lzma_alone_init()
PR #1676: (mtree reader) remove the unused variable "detected_bytes"
PR #1674: (doc) fix use of At mdoc(7) macro in cpio.5
Jamie Gritton [Sat, 26 Mar 2022 02:16:51 +0000 (19:16 -0700)]
jail: handle jailsys parameters in modification permission test
Avoid a null dereference when a value-less jailsys parameter is passed
to "jail -m". There was already code to handle boolean parameters,
but in reality any parameter could be passed without a value.
Eric van Gyzen [Mon, 7 Mar 2022 17:12:15 +0000 (11:12 -0600)]
uma_zalloc_domain: call uma_zalloc_debug in multi-domain path
It was only called in the non-NUMA and single-domain paths.
Some of its assertions were duplicated in uma_zalloc_domain,
but some things were missed, especially memguard.
Eric van Gyzen [Mon, 7 Mar 2022 01:12:28 +0000 (19:12 -0600)]
stack(9): dynamic allocation is not necessary
The man page said dynamic allocation was required, but struct stack
can be allocated in any way, including on the stack. Make this clear,
and explain how to initialize the struct.
While I'm here, stack_save does not require any lock.
Eric van Gyzen [Fri, 4 Mar 2022 11:23:08 +0000 (05:23 -0600)]
uma_zalloc: assert M_NOWAIT ^ M_WAITOK
The uma_zalloc functions expect exactly one of [M_NOWAIT, M_WAITOK].
If neither or both are passed, print an error and a stack dump.
Only do this ten times, to prevent livelock. In the future, after
this exposes enough bad callers, this will be changed to a KASSERT().
Mateusz Guzik [Fri, 25 Mar 2022 18:19:36 +0000 (18:19 +0000)]
vfs: set cn_namelen when handling degenerate lookups
Turns out execve looks at it to store binary name, but in order to
trigger the problem one has to be trying to exec '/'. As is the value
would be left uninitialized (or rather set to -1 on debug kernels).
Fixes: 56244d35741a62e7 ("vfs: hoist degenerate path lookups out of the
loop")
D Scott Phillips [Fri, 25 Mar 2022 16:04:47 +0000 (09:04 -0700)]
arm64: Add explicit barrier after address translation instruction
Following ARMARM sec D5.2.11, which says:
> Where an instruction results in an update to a System register,
> as is the case with the AT * address translation instructions,
> explicit synchronization must be performed before the result is
> guaranteed to be visible to subsequent direct reads of the
> PAR_EL1.
D Scott Phillips [Fri, 25 Mar 2022 16:04:11 +0000 (09:04 -0700)]
arm64: pmap: Mask VA operand in TLBI instructions
Bits 43:0 of the TLBI operand are bits 55:12 of the VA. Leaving
bits 63:55 of the VA in bits 51:44 of the operand might wind up
setting the TTL field (47:44) and accidentally restricting which
translation levels are flushed in the TLB.
Reviewed By: andrew
MFC after: 3 days
Sponsored by: Ampere Computing
Differential Revision: https://reviews.freebsd.org/D34664
Dmitry Chagin [Fri, 25 Mar 2022 14:54:23 +0000 (17:54 +0300)]
linux(4): Add AT_NO_AUTOMOUNT to statx.
Specific to Linux AT_NO_AUTOMOUNT flag tells the kernel to not automount the
terminal component of pathname if it is a directory that is an automount point.
As it is the default for FreeBSD silencly ignore this flag.
glibc-2.34 uses this flag in the stat64 system calls which is used by i386.
Kristof Provost [Fri, 25 Mar 2022 10:13:47 +0000 (11:13 +0100)]
pf: ether l3 rules can only use addresses
Disallow the use of tables in ethernet rules. Using tables requires
taking the PF_RULES lock. Moreover, the current table code isn't ready
to deal with ethernet rules.
Navdeep Parhar [Fri, 25 Mar 2022 07:34:54 +0000 (00:34 -0700)]
cxgbe(4): Handle FORCE_FEC in pcaps correctly.
The firmware doesn't report FORCE_FEC in pcaps if the transceiver
plugged in at that time does not support a speed that may use FEC. It
is incorrect for the driver to assume that the FORCE_FEC value it read
during attach (in init_link_config) is permanent. Instead, it should
check pcaps just before issuing the L1CFG command.
Bjoern A. Zeeb [Thu, 24 Mar 2022 19:09:04 +0000 (19:09 +0000)]
LinuxKPI: 802.11: cleanup debugging
Cleanup some debugging. Rename the global variable to be less
generic. Hide all debugging behind #ifdef for now and turn off.
Rename the debugging sysctl so we can start adding more to the
subtree.
There is a need to change that wildly grown infrastructure into
something more homogenic soon but this should do for 13.1.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
John Baldwin [Thu, 24 Mar 2022 18:36:19 +0000 (11:36 -0700)]
x86: Add a NT_X86_SEGBASES register set.
This register set contains the values of the fsbase and gsbase
registers. Note that these registers can already be controlled
individually via ptrace(2) via MD operations, so the main reason for
adding this is to include these register values in core dumps. In
particular, this will enable looking up the value of TLS variables
from core dumps in gdb.
The value of NT_X86_SEGBASES was chosen to match the value of
NT_386_TLS on Linux. The notes serve similar purposes, but FreeBSD
will never dump a note equivalent to NT_386_TLS (which dumps a single
segment descriptor rather than a pair of addresses) and picking a
currently-unused value in the NT_X86_* range could result in a future
conflict.
Bjoern A. Zeeb [Thu, 24 Mar 2022 17:49:59 +0000 (17:49 +0000)]
LinuxKPI: 802.11: improve hw_scan fallback to sw_scan
Extending what was started in d3ef7fb459ff924911e5276db0c04b13cd8074d9,
when a driver signals that hw_scan is not possible and expects a sw_scan
to be preformed we triggered a sw_scan towards the driver but did not
let net80211 know.
Cancel the initial scan towards net80211. If we we defer to sw_scan
then clear IEEE80211_FEXT_SCAN_OFFLOAD so net80211 will send probe
requests, and actively start a new scan with net80211.
This may have to be further refined in the future but seems to work
for the moment.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days