Commit Graph

289643 Commits

Author SHA1 Message Date
Xin LI 4543ef5166 MFV: expat 2.6.0.
MFC after:	3 days
2024-02-17 14:04:14 -08:00
Xin LI 345cf360f8 Vendor import of expat 2.6.0 2024-02-17 13:54:42 -08:00
Stefan Eßer 8b67c670a4 msdosfs: fix directory corruption after rename operation
The is a bug in MSDOSFS that can be triggered when the target of a
rename operation exists. It is caused by the lack of inodes in the
FAT file system, which are substituted by the location of the DOS 8.3
directory entry in the file system. This causes the "inode" of a file
to change when its directory entry is moved to a different location.

The rename operation wants to re-use the existing directory entry
position of an existing target file name (POS1). But the code does
instead locate the first position in the directory that provides
sufficient free directory slots (POS2) to hold the target file name
and fills it with the directory data.

The rename operation continues and at the end writes directory data to
the initially retrieved location (POS1) of the old target directory.
This leads to 2 directory entries for the target file, but with
inconsistent data in the directory and in the cached file system
state.

The location that should have been re-used (POS1) is marked as deleted
in the directory, and new directory data has been written to a
different location (POS2). But the VFS cache has the newly written
data stored under the inode number that corresponds to the initially
planned position (POS1).

If then a new file is written, it can allocate the deleted directory
entries (POS1) and when it queries the cache, it retrieves data that
is valid for the target of the prior rename operation, leading to a
corrupt directory entry (at POS1) being written (DOS file name of the
earlier rename target combined with the Windows long file name of the
newly written file).

PR:		268005
Reported by:	wbe@psr.com
Approved by:	kib, mckusick
Fixes:	   	2c9cbc2d45b94
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D43951
2024-02-17 22:04:49 +01:00
Dimitry Andric e368e9b756 Proactively remove /usr/lib/kgdb file that became a directory
This was already handled in ObsoleteFiles.inc (see the 20201215 entry),
but some people never run "make delete-old", or want to upgrade directly
from a revision that still had the file to the most recent revision.

They would then encounter a failure during installworld, similar to:

  install: /usr/libexec/kgdb exists but is not a directory

Therefore, clean it up in the distrib-cleanup phase, similar to the
earlier instances of libc++ header files that became a directory.

MFC after:	3 days
2024-02-17 12:27:33 +01:00
John Baldwin 61d9bd21e9 powerpc psim: Fix infinite recursion in multiple bus methods
Similar to 68a3ff0411, the default case
needs to call bus_generic_* to pass the request up the tree, not bus_*
which will just call this method again.

Fixes:		d7c16b3334 powerpc psim: Use bus_generic_rman_*
2024-02-16 23:19:06 -08:00
John Baldwin cd9d26ed91 powerpc mpc85xx: Fix infinite recursion in multiple bus methods
Similar to 68a3ff0411, the default case
needs to call bus_generic_* to pass the request up the tree, not bus_*
which will just call this method again.

Fixes:		5a7e717fb7 powerpc mpc85xx: Use bus_generic_rman_*
2024-02-16 23:19:06 -08:00
Dimitry Andric 73ff7384e0 Optionally create full debuginfo for llvm-related executables
Commit de6feefdb7 limited the amount of debuginfo generated for clang
and other llvm-related executables. This was done to save disk space and
memory during building, but it makes debugging any of these executables
much harder.

Add a new src.conf(5) setting, WITH_LLVM_FULL_DEBUGINFO, to generate
full debuginfo instead. This is off by default, but could for example be
enabled for release builds or snapshots, so llvm executables are easier
to debug.

Reviewed by:	emaste
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D43839
2024-02-17 00:15:32 +01:00
Bartosz Sobczak 5b5f7d0e77 irdma(4): Upgrade to 1.2.36-k
Update Intel irdma driver to version 1.2.36-k.

Notable changes:

- Start using ib_sge directly instead of irdma_sge
- Turn off flush completion generator for libirdma
- Minor formatting changes

Signed-off-by: Bartosz Sobczak <bartosz.sobczak@intel.com>
Signed-off-by: Eric Joyner <erj@FreeBSD.org>

Reviewed by:	erj@
MFC after:	3 days
Sponsored by:	Intel Corporation
Differential Revision:	https://reviews.freebsd.org/D43567
2024-02-16 14:01:34 -08:00
John Baldwin 66d37dbedf pci_host_generic: Fix build without PCI_RES_BUS
Fixes:		d79b6b8ec2 pci_host_generic: Don't rewrite resource start address for translation
2024-02-16 12:09:46 -08:00
Maxim Konovalov 1250c96479 fclose.3: remove a confusing sentence
PR:		277037
Reviewed by:	oshogbo
2024-02-16 18:50:12 +00:00
Mitchell Horne b134c10d65 busdma: fix page miscount for small segment sizes
For small segments (< PAGE_SIZE) there is a mismatch between how
required bounce pages are counted in _bus_dmamap_count_pages() and
bounce_bus_dmamap_load_buffer().

This problem has been observed on the RISC-V VisionFive v2 SoC (and
earlier revisions of the hardware) which has memory physically addressed
above 4GB. This requires some bouncing for the dwmmc driver, which has
has a maximum segment size of 2048 bytes. When attempting to load a
page-aligned 4-page buffer that requires bouncing, we can end up
counting 4 bounce pages for an 8-segment transfer. These pages will be
incorrectly configured to cover only the first half of the transfer (4 x
2048 bytes).

Fix the immediate issue by adding the maxsegsz check to
_bus_dmamap_count_pages(); this is what _bus_dmamap_count_phys() does
already. The result is that we will inefficiently allocate a separate
bounce page for each segment (8 pages for the example above), but the
transfer will proceed in its entirety.

The more complete fix is to address the shortcomings in how small
segments are assigned to bounce pages, so that we opportunistically
batch multiple segments to a page whenever they fit (e.g. two 2048 bytes
segments per 4096 page). This will be addressed more holistically in the
future. For now this change will prevent the (silent) incomplete
transfers that have been observed.

PR:		273694
Reported by:	Jari Sihvola <jsihv@gmx.com>
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D34118
2024-02-16 14:38:48 -04:00
John Baldwin ccb1b43e20 powerpc psim: Fix infinite recursion in bus_adjust_resource method
The default case needs to call bus_generic_adjust_resource to pass the
request up the tree, not bus_adjust_resource which will just call this
method again.

Fixes:		d7c16b3334 powerpc psim: Use bus_generic_rman_*
2024-02-16 09:42:30 -08:00
John Baldwin 68a3ff0411 powerpc mpc85xx: Fix infinite recursion in bus_adjust_resource method
The default case needs to call bus_generic_adjust_resource to pass the
request up the tree, not bus_adjust_resource which will just call this
method again.

Fixes:		5a7e717fb7 powerpc mpc85xx: Use bus_generic_rman_*
2024-02-16 09:40:34 -08:00
Cy Schubert 5130b35ef5 Revert "heimdal: CVE-2022-41916: Check for overflow in _gsskrb5_get_mech()"
This was already applied by ed549cb0c5.

Repored by:	Gunther Nikl <gnikl@justmail.de>

This reverts commit 9286d46a79.
2024-02-16 09:31:13 -08:00
Bjoern A. Zeeb fa4e425794 LinuxKPI: 802.11: lsta txq locking cleanup
Rename the LSTA lock to LSTA_TXQ lock as that is really what it is and
put down the full set of macros.  Replace the init and destroy with the
macro invocation rather than direct code.

Put locking around the txq_ready unset and check. Move the taskq_enqueue
call under lock to be sure we do not call it anymore after txq_ready
got unset.

Leave a comment related to the node reference which is passed into the
TX path on the recvif mbuf pointer.

Fixes:		0936c648ad
PR:		274382 (possibly)
MFC after:	1 day
Reviewed by:	emaste
Differential Revision: https://reviews.freebsd.org/D43909
2024-02-16 15:50:11 +00:00
Mark Johnston 23d4d0fcc1 pmc: Fix some problems with the makefile
- For some reason we don't build it as a PIE, but I don't have any
  problems doing so with either clang or gcc.
- There is no apparent need to override WARNS, so don't.
- Some building with -O0, presumably that's left over from debugging.

MFC after:	1 week
Reviewed by:	imp, brooks
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D43923
2024-02-16 09:50:43 -05:00
Roger Pau Monné e7e2431586 x86/xen: fix migration when ACPI suspend is not available
Xen PVH guests expose a very minimal set of ACPI tables, and due to the lack of
SCI interrupt FreeBSD doesn't allocate the suspend stacks for saving CPU and
FPU contexts.

Lack of allocated stacks would lead to a page-fault in cpususpend_handler() when
CPUs attempted to use the save context area as a result of a Xen suspend
request.  However there's no need to save the CPU or the FPU registers in the
Xen case, as that's all handled by the hypervisor.  Hence avoid saving all this
state if the suspend stacks are not allocated.

Note that this will currently only apply to PVH guests, HVM ones will still get
the stack allocated and the context saved even when not strictly required.  I
find it easier rather that having to provide cpususpend_handler() with extra
information whether the context needs to be saved or not.

Sponsored by: Cloud Software Group
Reviewed by: markj
Differential revision: https://reviews.freebsd.org/D43765
2024-02-16 14:16:18 +01:00
Dag-Erling Smørgrav 17d5b027c1 md5: Clean up input stream rights.
Keep it simple, caph_limit_stdio() and fileargs_fopen() already take
care of everything for us.

MFC after:	1 week
Reviewed by:	markj, jhb, emaste
Differential Revision:	https://reviews.freebsd.org/D43897
2024-02-16 13:37:41 +01:00
Dag-Erling Smørgrav 5b44edb405 md5: Ignore files in string and passthrough mode.
MFC after:	1 week
Reviewed by:	allanjude, markj
Differential Revision:	https://reviews.freebsd.org/D43871
2024-02-16 13:37:36 +01:00
Dag-Erling Smørgrav 72ee91fed4 md5: Accept "-" as alias for stdin.
(based on a patch by jhb)

MFC after:	1 week
PR:		276915
Reported by:	Hannes Hauswedell <h2+fbsdports@fsfe.org>
Reviewed by:	allanjude, markj, jhb, emaste
Differential Revision:	https://reviews.freebsd.org/D43870
2024-02-16 13:37:29 +01:00
Michael Tuexen e00fd24262 dtrace: allow NULL interface pointer for ifinfo_t translator
This is similar to other translators and will be used in static
probes where the interface is not known.

Reviewed by:		markj
MFC after:		1 week
Sponsored by:		Netflix, Inc.
Differential Revision:	https://reviews.freebsd.org/D43728
2024-02-16 12:28:48 +01:00
Michael Tuexen 2f4e46dfdd RACK, BBR: handle EACCES like EPERM for IP output handling
The FreeBSD TCP base stack handles them also the same way.
In case of packet filters dropping packets in the output path,
this avoids retranmitting the dropped packet every 10ms or so.

Reviewed by:		rscheff
MFC after:		1 week
Sponsored by:		Netflix, Inc.
Differential Revision:	https://reviews.freebsd.org/D43773
2024-02-16 12:19:24 +01:00
Warner Losh e5d1a21e50 loader: Bump the limit to 560,000 bytes for BIOS loader
Further experience suggests we do not need as much margin. This was
mistakenly bumped to 570,000 in a prior commit, so this undoes that.

Sponsored by:		Netflix
2024-02-15 21:16:36 -07:00
Warner Losh 26c8dedef1 loader: line line per src file in libi386
Sponsored by:		Netflix
Differential Revision:	https://reviews.freebsd.org/D43913
2024-02-15 21:02:37 -07:00
Warner Losh 588ff0748f loader: Simplify build a little
Confine -DDISK_DEBUG to biosdisc.c, the only file it affects.
Use modern variable arrays instead of alloca and add a sanity
size minimum for biospnp nodes. These nodes are tiny enough that
we needn't do a malloc/free pair: the stack is fine.

Sponsored by:		Netflix
Reviewed by:		tsoome
Differential Revision:	https://reviews.freebsd.org/D43914
2024-02-15 20:59:23 -07:00
Warner Losh e34fd722ca kboot: Add our own lua bindings
Create a small wrapper around the new flua hash module so we can use it
here too. There's no 4th bindings, nor will they be created.

Sponsored by:		Netflix
Differential Revision:	https://reviews.freebsd.org/D43874
2024-02-15 20:59:23 -07:00
Warner Losh f7781d030c flua: Add hash module
Add lua bindings to hashing functions. sha256 is available. sha256.new
craetes a new object. sha256.update updates the digest. sha256.digest
returns the digest as a binary string and resets the
context. sha256.hexdigest returns the digest as a string of hex digits
and then resets the cotnext.

Sponsored by:		Netflix
Differential Revision:	https://reviews.freebsd.org/D43872
2024-02-15 20:59:23 -07:00
Warner Losh 0fd98b8a76 loader: Move drawer.lua over to gfx table.
Drawer.lua is the only bit of lua code in the base that uses any of the
functons moved from the loader table to the gfx table. Move the main
code to using the gfx dispatch. Add compat code for running on old
loaders that creates the newer-style gfx table with the term_* functions
we call in it populated. This will even work on the super old versions
of the loader that don't have them (we'll still skip using them).

Sponsored by:		Netflix
Reviewed by:		kevans
Differential Revision:	https://reviews.freebsd.org/D43908
2024-02-15 20:59:23 -07:00
Warner Losh a8f8c53761 loader: Move gfx functions to gfx.lua.8
Now that the fb_* and term_* functions are available in the gfx table,
move the documentation to gfx.lua.8. Add information about backwards
compatibility.

Sponsored by:		Netflix
Reviewed by:		kevans
Differential Revision:	https://reviews.freebsd.org/D43907
2024-02-15 20:59:23 -07:00
Warner Losh 0921a771da loader: Move to using linker sets to bring in optional bits
The graphics stuff is optional. When it is pulled into the system, we
use a linker set to initialize the lua bindings for it now.

Sponsored by:		Netflix
Reviewed by:		kevans, jhb
Differential Revision:	https://reviews.freebsd.org/D43906
2024-02-15 20:59:23 -07:00
Warner Losh 23d9b5c9fe loader: Remove gfx_fb_stub.c, it's no longer needed
Now that we draw in the gfx bindings for all our interpreters only when
graphics support is compiled in, we can eliminate this from all the
loaders that don't have graphics support.

Sponsored by:		Netflix
Reviewed by:		kevans, jhb
Differential Revision:	https://reviews.freebsd.org/D43905
2024-02-15 20:59:23 -07:00
Warner Losh 9c8bf69a53 loader: Only create gfx 4th bindings when gfx is available
Only create the gfx bindings for 4th when it's compiled into the
loader. We do this with a linker set that only gets brought in to those
loaders that call gfx_framework_init. This calls gfx_interp_md() will
will drag in gfx_loader.c which will add to the linker set that
registers these bindings.

Sponsored by:		Netflix
Reviewed by:		kevans, jhb
Differential Revision:	https://reviews.freebsd.org/D43904
2024-02-15 20:59:22 -07:00
Warner Losh 60e199d9fd loader: Add prototype for gfx_interp_md
This function will be used to draw in the graphics bindings when the
loader is compiled with graphics (gfx) support. Provide definitions
for lua and the simple interpreter. 4th support is forthcoming.

Sponsored by:		Netflix
Reviewed by:		kevans, jhb
Differential Revision:	https://reviews.freebsd.org/D43903
2024-02-15 20:59:22 -07:00
Warner Losh 9b16231032 loader: Create new gfx table
Create a new gfx global table. Put into it all the graphics bindings
that we have in loader today. For now, have compatability binding for
loader. Remove them from loader.

Sponsored by:		Netflix
Reviewed by:		kevans, jhb
Differential Revision:	https://reviews.freebsd.org/D43902
2024-02-15 20:59:22 -07:00
Warner Losh 061b68a760 loader: Separate gfx to a new file.
Move gfx lua hook registration to a new file.

Sponsored by:		Netflix
Reviewed by:		kevans, jhb
Differential Revision:	https://reviews.freebsd.org/D43901
2024-02-15 20:59:22 -07:00
Warner Losh 1dac5a34b6 loader: Register the gfx stuff separately.
Move registration of the gfx stuff to separate function. However, no
change in functionality is intended.

Sponsored by:		Netflix
Reviewed by:		kevans, jhb
Differential Revision:	https://reviews.freebsd.org/D43900
2024-02-15 20:59:22 -07:00
Warner Losh 7fc95c31f0 loader: Simplify the loader.has_command
luaL_checkstring already checks for the right number of
arguments. There's no need to do that by hand here. Now an exception
will be thrown like any other function with the wrong args. Also,
push a boolean instead of an int.

Sponsored by:		Netflix
Differential Revision:	https://reviews.freebsd.org/D43820
2024-02-15 20:59:22 -07:00
Warner Losh 33a2406eed reboot: Use posix_spawn instead of system
Use posix_spawn to avoid having to allocate memory needed for the system
command line.

Sponsored by:		Netflix
Reviewed by:		jrtc27
Differential Revision:	https://reviews.freebsd.org/D43860
2024-02-15 20:59:22 -07:00
Karim Fodil-Lemelin 62b1faa3b7 ipfw: Skip to the start of the loop when following a keep-state rule
When a packet matches an existing dynamic rule for a keep-state rule,
the matching engine advances the "instruction pointer" to the action
portion of the rule skipping over the match conditions.  However, the
code was merely breaking out of the switch statement rather than doing
a continue, so the remainder of the loop body after the switch was
still executed.  If the first action opcode contains an F_NOT but not
an F_OR (such as an "untag" action), then match is toggled to 0, and
the code exits the inner loop via a break which aborts processing of
the actions.

To fix, just use a continue instead of a break.

PR:		276732
Reviewed by:	jhb, ae
MFC after:	2 weeks
2024-02-15 17:57:51 -08:00
John Baldwin feefc3c71e pci_host_generic: Properly handle bus_release_resource of IRQ resources
Unlike other bus methods updated to use bus_generic_rman_* in commit
d79b6b8ec2, the bus_release_resource method was using
bus_generic_rman_release_resource for all types other than
PCI_RES_BUS.  Instead, bus_generic_rman_* should only be used for
memory and I/O port resources for this driver.

Tested by:	cperciva
Reviewed by:	cperciva
Fixes:		d79b6b8ec2 pci_host_generic: Don't rewrite resource start address for translation
Differential Revision:	https://reviews.freebsd.org/D43925
2024-02-15 17:56:01 -08:00
John Baldwin 992f5b16af pci_host_generic: Set a valid error if allocating a range resource fails
Previously pci_host_generic_attach was returning 0 (success)
incorrectly if allocating a range failed.  The error value was 0 from
the previously successful call to bus_set_resource in this case.

Fixes:		d79b6b8ec2 pci_host_generic: Don't rewrite resource start address for translation
2024-02-15 16:05:09 -08:00
John Baldwin e89d0785ff simplebus: Implement bus_delete_resource 2024-02-15 16:05:00 -08:00
John Baldwin 4505c89242 simplebus: Map SYS_RES_IOPORT to SYS_RES_MEMORY later in alloc_resource
Specifically, the set/get_resource methods do not currently remap
resource types, so remap the type in alloc_resource only after
looking for a matching resource list entry.

Fixes:		3cf553288b simplebus: Consistently map SYS_RES_IOPORT to SYS_RES_MEMORY
2024-02-15 16:04:50 -08:00
Warner Losh e32de9626f reboot: initialize howto
Make static analyzers happy by initialzing howto to 0. Coverity is
cranky that it could be used unused. But it's analysis is incomplete
because the args to getopt when it wasn't initialized preclude it from
being used.
2024-02-15 14:32:04 -07:00
Cy Schubert fc773115fa heimdal: Fix NULL deref
A flawed logical condition allows a malicious actor to remotely
trigger a NULL pointer dereference using a crafted negTokenInit
token.

Upstream notes:

    Reported to Heimdal by Michał Kępień <michal@isc.org>.

    From the report:

    Acknowledgement
    ---------------

    This flaw was found while working on addressing ZDI-CAN-12302: ISC BIND
    TKEY Query Heap-based Buffer Overflow Remote Code Execution
    Vulnerability, which was reported to ISC by Trend Micro's Zero Day

Security:	CVE-2022-3116
Obtained from:	upstream 7a19658c1
MFC after:	1 week
2024-02-15 13:27:55 -08:00
Cy Schubert 60616b445e heimdal: always confirm PA-PKINIT-KX for anon PKINIT
Import upstream 38c797e1a.

Upstream notes:

    RFC8062 Section 7 requires verification of the PA-PKINIT-KX key
    excahnge when anonymous PKINIT is used.  Failure to do so can
    permit an active attacker to become a man-in-the-middle.

Reported by:	emaste
Obtained from:	upstream 38c797e1a
Security:	CVE-2019-12098
MFC after:	1 week
2024-02-15 13:27:55 -08:00
Cy Schubert 9286d46a79 heimdal: CVE-2022-41916: Check for overflow in _gsskrb5_get_mech()
Apply upstream 22749e918 to fix a buffer overflow.

Upstream notes:

    If len_len is equal to total_len - 1 (i.e. the input consists only of a
    0x60 byte and a length), the expression 'total_len - 1 - len_len - 1',
    used as the 'len' parameter to der_get_length(), will overflow to
    SIZE_MAX. Then der_get_length() will proceed to read, unconstrained,
    whatever data follows in memory. Add a check to ensure that doesn't
    happen

This is similar to samba CVE-2022-3437.

Reported by:	emaste
Security:	CVE-2022-41916
Obtained from:	upstream 22749e918
MFC after:	1 week
2024-02-15 13:27:55 -08:00
Cy Schubert 2433937749 Heimdal: CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum
Upstream's explanation of the problem:

    S4U2Self is an extension to Kerberos used in Active Directory to allow
    a service to request a kerberos ticket to itself from the Kerberos Key
    Distribution Center (KDC) for a non-Kerberos authenticated user
    (principal in Kerboros parlance). This is useful to allow internal
    code paths to be standardized around Kerberos.

    S4U2Proxy (constrained-delegation) is an extension of this mechanism
    allowing this impersonation to a second service over the network. It
    allows a privileged server that obtained a S4U2Self ticket to itself
    to then assert the identity of that principal to a second service and
    present itself as that principal to get services from the second
    service.

    There is a flaw in Samba's AD DC in the Heimdal KDC. When the Heimdal
    KDC checks the checksum that is placed on the S4U2Self packet by the
    server to protect the requested principal against modification, it
    does not confirm that the checksum algorithm that protects the user
    name (principal) in the request is keyed.  This allows a
    man-in-the-middle attacker who can intercept the request to the KDC to
    modify the packet by replacing the user name (principal) in the
    request with any desired user name (principal) that exists in the KDC
    and replace the checksum protecting that name with a CRC32 checksum
    (which requires no prior knowledge to compute).

    This would allow a S4U2Self ticket requested on behalf of user name
    (principal) user@EXAMPLE.COM to any service to be changed to a
    S4U2Self ticket with a user name (principal) of
    Administrator@EXAMPLE.COM. This ticket would then contain the PAC of
    the modified user name (principal).

Reported by:	emaste
Security:	CVE-2018-16860
Obtained from:	Upstream c6257cc2c
MFC after:	1 week
2024-02-15 13:27:54 -08:00
Cy Schubert f8041e3628 Heimdal: Fix transit path validation CVE-2017-6594
Apply upstream b1e699103. This fixes a bug introduced by upstream
f469fc6 which may in some cases enable bypass of capath policy.

Upstream writes in their commit log:

    Note, this may break sites that rely on the bug.  With the bug some
    incomplete [capaths] worked, that should not have.  These may now break
    authentication in some cross-realm configurations.

Reported by:	emaste
Security:	CVE-2017-6594
Obtained from:	upstream b1e699103
MFC after:	1 week
2024-02-15 13:27:54 -08:00
John Baldwin 57d312b8ea pci_pci: Remove obsolete comment
This comment referred to the layering violation fixed in commit
b377ff8110.
2024-02-15 12:27:45 -08:00