jtl [Mon, 6 Aug 2018 17:48:46 +0000 (17:48 +0000)]
Address concerns about CPU usage while doing TCP reassembly.
Currently, the per-queue limit is a function of the receive buffer
size and the MSS. In certain cases (such as connections with large
receive buffers), the per-queue segment limit can be quite large.
Because we process segments as a linked list, large queues may not
perform acceptably.
The better long-term solution is to make the queue more efficient.
But, in the short-term, we can provide a way for a system
administrator to set the maximum queue size.
We set the default queue limit to 100. This is an effort to balance
performance with a sane resource limit. Depending on their
environment, goals, etc., an administrator may choose to modify this
limit in either direction.
Approved by: so
Security: FreeBSD-SA-18:08.tcp
Security: CVE-2018-6922
gordon [Wed, 4 Apr 2018 05:33:56 +0000 (05:33 +0000)]
Fix vt console memory disclosure. [SA-18:04.vt]
Bump newvers.sh and UPDATING for today's patches.
Submitted by: emaste
Reported by: Dr Silvio Cesare of InfoSect
Approved by: so
Security: CVE-2018-6917
Security: FreeBSD-SA-18:04.vt
Sponsored by: The FreeBSD Foundation
This patch will cause geli's boot-time unlock code to attempt unlocking
the container using only the preloaded keyfile(s); and only when that
fails will it prompt for a passphrase.
If a container has a keyfile in one slot and a passphrase in the other,
the boot-time unlock code will get confused and assume they are to be
combined, resulting in a container that cannot be unlocked during boot
when its keyfile is preloaded.
MF11 r320947; MFC r320876:
Make sure the mlx4en RX DMA ring gets stamped with software ownership
in order to prevent the flow of QP to error in the firmware once
UPDATE_QP is called.
Approved by: re (marius)
Sponsored by: Mellanox Technologies
MFS 320866
MFC 313727, 317483
In addition, replace the missing caph routines with
small helper functions (bhyverun.c) or an open-coded
replacement (uart_emul.c)
313727 Capsicumize bhyve
317483 Allow CAP_MMAP_RW on memfd for PCI passthru
marius [Wed, 12 Jul 2017 21:46:16 +0000 (21:46 +0000)]
MF11: r320898; MFC: r320577, r320620
Retry up to 2 ms to enable bus power as at least with some Intel
SDHCI/eMMC controllers the first attempt after a D3 to D0 transition,
i. e. when the firmware has put the devices into D3 state before,
can fail.
In _krb5_extract_ticket() the KDC-REP service name must be obtained
from encrypted version stored in 'enc_part' instead of the unencrypted
version stored in 'ticket'. Use of the unecrypted version provides an
opportunity for successful server impersonation and other attacks.
MFS11 320824: Add deprecation notices for gdb and kgdb.
Even though gdb and kgdb may not be removed for 12.0 on some architectures,
the notice is unconditional as these tools will likely be removed at some
point in the future when adequate replacements are available (gdb in ports
or lldb in base).
Add MAP_GUARD and use it for stack grow area protection.
Bump __FreeBSD_version. This is an MFS of stable/11 r320666.
MFC r320317:
Implement address space guards.
MFC r320338:
Remove stale part of the comment.
MFC r320339:
Correctly handle small MAP_STACK requests.
MFC r320344:
For now, allow mprotect(2) over the guards to succeed regardless of
the requested protection.
MFC r320430:
Treat the addr argument for mmap(2) request without MAP_FIXED flag as
a hint.
MFC r320560 (by alc):
Modify vm_map_growstack() to protect itself from the possibility of the
gap entry in the vm map being smaller than the sysctl-derived stack guard
size.
MF11 r320731,320749,320759: Add Amazon Elastic Network Adapter driver
and turn it on in EC2 AMI builds
Approved by: re (gjb)
Relnotes: FreeBSD now supports "next generation" Enhanced Networking
in the Amazon EC2 cloud
Sponsored by: Amazon.com Inc. (original work)
MF11 r320685: Update to ELF Tool Chain snapshot at r3561
This update is primarily bug fixes in C++ symbol demangling, including:
- rvalue reference
- builtin type auto and decltype(auto)
- revamped support for function return types
- formatting fixes
- omit void when its the only param
- ref-qualifiers and others in function types
- type qualifiers in pointer-to-member function types
- incorrect handling regarding CV-qualifiers in function types
- ref-qualifier found in nested-name
- properly handle <name> ::= <substitute><template-args>
- make sure that nested function name is not a substitute candidate
- correctly handle expression in template args
- skip unknown substitution abbreviations
Also r320663 libelftc: bump version, tracking import in r320343
Approved by: re (gjb)
Sponsored by: The FreeBSD Foundation
Update the pkg(8) configuration for the default installation and
the dvd1.iso to use the quarterly set, now that the new quarterly
branch exists and packages have built.
This commit was deferred when branching releng/11.1, since the
2017Q3 branch did not exist yet.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
MFS11 r320697:
MFC r320599:
Fix Vagrant image upload after recent API changes.
- Update ATLAS_UPLOAD_URL to avoid various regular expressions
from failing to match due to redirections.
- Use ATLAS_UPLOAD_URL throughout the script.
- Adjust several regular expression patterns.
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation
ken [Mon, 3 Jul 2017 18:20:45 +0000 (18:20 +0000)]
Merge r320602 from stable/11 into releng/11.1:
------------------------------------------------------------------------
r320602 | ken | 2017-07-03 09:34:21 -0600 (Mon, 03 Jul 2017) | 45 lines
MFC r320421:
------------------------------------------------------------------------
r320421 | ken | 2017-06-27 13:26:02 -0600 (Tue, 27 Jun 2017) | 37 lines
Fix a panic in camperiphfree().
If a peripheral driver (e.g. da, sa, cd) is added or removed from the
peripheral driver list while an unrelated peripheral driver instance (e.g.
da0, sa5, cd2) is going away and is inside camperiphfree(), we could
dereference an invalid pointer.
When peripheral drivers are added or removed (see periphdriver_register()
and periphdriver_unregister()), the peripheral driver array is resized
and existing entries are moved.
Although we hold the topology lock while we traverse the peripheral driver
list, we retain a pointer to the location of the peripheral driver pointer
and then drop the topology lock. So we are still vulnerable to the list
getting moved around while the lock is dropped.
To solve the problem, cache a copy of the peripheral driver pointer. If
its storage location in the list changes while we have the lock dropped, it
won't have any effect.
This doesn't solve the issue that peripheral drivers ("da", "cd", as opposed
to individual instances like "da0", "cd0") are not generally part of a
reference counting scheme to guard against deregistering them while there
are instances active. The caller (generally the person unloading a module)
has to be aware of active drivers and not unload something that is in use.
sys/cam/cam_periph.c:
In camperiphfree(), cache a pointer to the peripheral driver
instance to avoid holding a pointer to an invalid memory location
in the event that the peripheral driver list changes while we have
the topology lock dropped.
ken [Mon, 3 Jul 2017 18:07:09 +0000 (18:07 +0000)]
Merge r320600 from stable/11 into releng/11.1:
------------------------------------------------------------------------
r320600 | ken | 2017-07-03 09:10:16 -0600 (Mon, 03 Jul 2017) | 30 lines
MFC r320420:
------------------------------------------------------------------------
r320420 | ken | 2017-06-27 11:55:25 -0600 (Tue, 27 Jun 2017) | 25 lines
In scsi_zbc_in(), fill in the length in the ZBC IN CDB.
Without the allocation length set, the target will either reject
the command or complete it without transferring any data.
This fixes the REPORT ZONES command for SCSI ZBC protocol devices,
as well as ATA ZAC protocol devices that are behind a SCSI to ATA
translation layer. (LSI/Broadcom's 12Gb SAS adapters translate ZBC
commands to ZAC commands.) Those are Host Aware and Host Managed SMR
drives.
This will fix REPORT ZONE commands sent to the da(4) driver via the
GEOM bio interface and zonectl, and REPORT ZONE commands sent from
camcontrol(8).
Note that in the case of camcontrol(8), we currently only send
SCSI ZBC commands to native SCSI protocol devices, not ATA devices
behind a SAT layer.
sys/cam/scsi/scsi_da.c:
Fill in the length field in scsi_zbc_in().
MFS11 r320596:
MFC r320488:
Correct the branch naming convention in param.h.
While here, consistently use upper-case 'X' to represent the
version number.
Approved by: re (kib, marius)
Sponsored by: The FreeBSD Foundation
MFS r320566: MFC r320390:
With r318394 seems it breaks gpart(8) in some embedded systems such like PCEngines,
RPI1-B, Alix and APU2 boards as well as NanoBSD with the following message:
gjb [Thu, 29 Jun 2017 23:56:50 +0000 (23:56 +0000)]
- Copy stable/11@r320475 to releng/11.1 as part of the 11.1-RELEASE
cycle.
- Prune svn:mergeinfo from the new branch.
- Bump __FreeBSD_version.
- Rename releng/11.1 to RC1.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
alc [Wed, 28 Jun 2017 05:28:15 +0000 (05:28 +0000)]
MFC r315518
Avoid unnecessary calls to vm_map_protect() in elf_load_section().
Typically, when elf_load_section() unconditionally passed VM_PROT_ALL to
elf_map_insert(), it was needlessly enabling execute access on the
mapping, and it would later have to call vm_map_protect() to correct the
mapping's access rights. Now, instead, elf_load_section() always passes
its parameter "prot" to elf_map_insert(). So, elf_load_section() must
only call vm_map_protect() if it needs to remove the write access that
was temporarily granted to perform a copyout().
alc [Wed, 28 Jun 2017 04:01:29 +0000 (04:01 +0000)]
MFC r314310
Refine the fix from r312954. Specifically, add a new PDE-only flag,
PG_PROMOTED, that indicates whether lingering 4KB page mappings might
need to be flushed on a PDE change that restricts or destroys a 2MB
page mapping. This flag allows the pmap to avoid range invalidations
that are both unnecessary and costly.
ken [Tue, 27 Jun 2017 12:56:36 +0000 (12:56 +0000)]
MFC r320123:
Fix a potential sleep while holding a mutex in the sa(4) driver.
If the user issues a MTIOCEXTGET ioctl, and the tape drive in question has
a serial number that is longer than 80 characters, we malloc a buffer in
saextget() to hold the output of cam_strvis().
Since a mutex is held in that codepath, doing a M_WAITOK malloc could lead
to sleeping while holding a mutex. Change it to a M_NOWAIT malloc and bail
out if we fail to allocate the memory. Devices with serial numbers longer
than 80 bytes are very rare (I don't recall seeing one), so this
should be a very unusual case to hit. But it is a bug that should be fixed.
sys/cam/scsi/scsi_sa.c:
In saextget(), if we need to malloc a buffer to hold the output of
cam_strvis(), don't wait for the memory. Fail and return an error
if we can't allocate the memory immediately.
PR: kern/220094
Submitted by: Jia-Ju Bai <baijiaju1990@163.com>
Sponsored by: Spectra Logic
Approved by: re (gjb)