Array indices must always be posive. We avoid this by making each index
unsigned. This mitigates out-of-bounds reads and writes.
Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Reviewed by: glebius
MFC after: 3 days
Differential revision: https://reviews.freebsd.org/D55260
Now that this project is part of freebsd-src, it no longer needs to be
portable. Remove Linux-only tests, cross-os compatibility code, and
compatibility with older FreeBSD versions. Leave in place some
originally Linux-only tests that could now be ported to FreeBSD, like the
pipe2 tests.
Sponsored by: ConnectWise
Reviewed by: oshogbo
Differential Revision: https://reviews.freebsd.org/D54985
Update rfb_recv_* functions to return -1 on failure and 0 on success.
Update rfb_handle to check these return values and drop the connection
if an error occurs.
Signed-off-by: Hayzam Sherif <hayzam@gmail.com>
Reviewed by: markj
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Make parse_selector() print a warning to stderr and continue parsing the
config if it encounters an invalid facility or priority. Note that
because the parsing is done from a casper service, there isn't a good
mechanism to log errors; the warnings are visible only when syslogd is
started in debug mode.
Reported by: Doug Hardie <bc979@lafn.org>
MFC after: 1 week
Fixes: f4b4a10abb ("syslogd: Move selector parsing into its own function")
Reviewed by: jfree, jlduran, eugen, delphij
Differential Revision: https://reviews.freebsd.org/D55033
Use pfrfork_thread(3) instead of pdrfork(RFSPAWN) to make tests working
on x86.
Tested by: pho
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D55306
into pdrfork(2) call itself, and basic_usage_tail() that checks the
pdrfork(2) results.
Tested by: pho
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D55306
Explicitly mmap guard and use it as the invalid address instead.
Tested by: pho
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D55306
when RFSPAWN is not specified, as stated in the man page.
rfork(2) cannot modify non-curproc, which is why RFPROC is required,
the syscall cannot act on arbitrary process descriptor.
If RFPROCDESC is not specified, the syscall does not make sense,
use rfork(2).
Reported and tested by: pho
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D55306
After discussion with jhibbits@, we pulled out what is supported here
and how it's supported.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55093
It's time to flip these on and see if anything happens in -HEAD.
It can be turned back off before 16.0-RELEASE if there are problems.
Reviewed by: jhibbits
Differential Revision: https://reviews.freebsd.org/D55071
It's not obvious that if `exitstatus` is omitted,
the exit status of the function is taken from the last executed command.
MFC after: 3 days
Reviewed by: jilles, ziaee
Differential Revision: https://reviews.freebsd.org/D55026
The ioctl might fail because it's run in a jail which doesn't have
permission to invoke ppt ioctls.
Reviewed by: jhb
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55070
After commit e11768e947 ("vmm: Add PRIV_DRIVER checks for passthru
ioctls"), it is not possible to use PCI passthru from jails, as
PRIV_DRIVER is not granted to jails. Apparently some users expect this
to work, understanding that jailing bhyve provides little security
benefit in this configuration.
I believe we should disable ppt access in jails even when allow.vmm is
configured. To provide an escape hatch for users, add a new
allow.vmm_ppt jail configuration knob, and check it when handling ppt
ioctls in jails. Also add a new PRIV_VMM_PPTDEV to replace the use of
PRIV_DRIVER.
PR: 292750
Reviewed by: corvink
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55066
As long as 'sys/compat/freebsd32/freebsd32.h' is used unconditionally on
all platforms (in 'kern_umtx.c' at least), the rule of thumb is to
ensure that 'struct foo32' on a 32-bit arch is type-compatible with
'struct foo' on the same arch. In practice, this is very simple to
achieve: All 'foo32' types should be compatible with 'foo' on 32-bit
architectures, which is what we are supposed to do already for compat'
structures by design. The recently introduced 'freebsd32_uint64_t' type
typically supports that.
This change fixes commit 87632ddf67 ("openzfs sys/types32.h: use
abi_compat.h for time32_t") which was defining 'time32_t' to 'in32_t'
for all 32-bit architectures, which is wrong but on i386. By luck, this
did not change the size of whole 'struct ffclock_estimate32' (whose size
is compile-time asserted) because 'struct bintime32''s one would stay
the same, as even if its field 'sec' was incorrectly sized after that
commit, the 'frac' one is 64-bit and 64-bit aligned on all non-x86
architectures so its offset in 'struct bintime32' would stay the same.
Reviewed by: kib
Fixes: 87632ddf67 ("openzfs sys/types32.h: use abi_compat.h for time32_t")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D55283
Packing 'struct ffclock_estimate32', in absence of substitution of
'ffcounter' (some 'uint64_t') by a 32-bit compatible type, was necessary
on amd64 since 'uint64_t' is 8-byte aligned, which leaves a padding gap
of 4-byte between fields 'update_time' and 'update_ffcount'. This gap
does not exist on i386 (or amd64 32-bit mode), as 'uint64_t' there is
only 4-byte aligned.
Change the type of the 'update_ffcount' and 'leapsec_next' fields to the
recently introduced 'freebsd32_uint64_t', and adapt copy-in and copy-out
accordingly. Using `CP()` previously worked due to the '__packed__'
attribute.
Reviewed by: kib
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D55282
The transfer proxy callbacks (bulk/interrupt, control, isochronous)
only called libusb10_submit_transfer_sub() in the START path to
pipeline the second kernel transfer slot. On completion or error,
no attempt was made to dequeue the next pending transfer from
tr_head onto the now-free slot.
When more than two async transfers were submitted on the same
endpoint, the third (and subsequent) transfers would remain stuck
on tr_head indefinitely, since no completion ever triggered their
submission. This caused a protocol-level deadlock in applications
like adb that submit header + payload + zero-length terminator as
three separate bulk transfers in sequence.
Fix by calling libusb10_submit_transfer_sub() after every
libusb10_complete_transfer() in all three proxy callbacks.
MFC After: 2 weeks
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D55289
Add PCI device ID 0x7a23 for Intel 700 Series (Raptor Lake) chipset SMBus controller.
This enables hardware monitoring functionality on 13th and 14th generation Intel Core platforms.
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D54957
This macro is widely used in new NetBSD tests. Please see the comment
next to the imported macro for more details on its use.
Obtained from: NetBSD (c26cc77b3a0b2)
MFC after: 1 week
This particular change replaces all local modifications to the test
script like so:
- Use `ATF_TESTS_SH_SED_test` with a sed(1) statement in the Makefile,
instead of the equivalent local modifications.
- Remove the need for expecting the output of newfs_msdos to be empty.
There isn't much to gain from deviating from the upstream NetBSD test--it's
just another local modification that would need to be carried forward. If
it's worth testing this FreeBSD-specific behavior, it should be in a
FreeBSD-specific test.
This makes moving new modifications to the script easier moving forward.
MFC after: 1 week
The UEFI spec says:
> Structures are aligned on boundaries equal to the largest internal
> datum of the structure and internal data are implicitly padded to
> achieve natural alignment.
By default, structs containing members of type "long long" have 4 byte
alignment on i386. This caused some EFI structures to be subtly wrong.
Fix this by compiling the ia32 EFI loader with -malign-double, which
bumps the alignment up to 8 if such members are present.
MFC after: 3 days
This is a non-functional change; it just returns the correct errno value
where IPv6 multicast socket options were passed non-AF_INET6 arguments,
in preparation for handling PR 193246 with a side-call into netinet as
xnu currently does.
Reviewed by: glebius
Approved by: glebius
PR: 193246 (with refinements)
Differential revision: https://reviews.freebsd.org/D55233
The MAC framework provides a lot of useful functionality that can be
configured per-jail without requiring the use of labels. Having another
entry point that we invoke just for general prison cleanup rather than
freeing the label is useful to allow a module that can otherwise work
off of a series of MAC entry points + sysctls for configuration to free
its per-jail configuration without having to bring in osd(9).
One such example in the wild is HardenedBSD's secadm, but some of my
own personal use had wanted it as well- it was simply overlooked in the
final version because my first policy made more sense with labels. On
that note, it's expected that prison_cleanup and prison_destroy_label
will effectively be mutually exclusive -- the former only used when
a label isn't needed, the latter when it is.
Note that prison_cleanup isn't perfectly symmetrical w.r.t.
prison_created: the latter takes a label as well, because it's called
later in jail setup and a better point for propagation than when the
label is created.
As discussed with olce@, we may want to later revisit the notion that
struct labels get passed around explicitly along with the referenced
object and consider stripping them from all entry points in favor of
an object -> label accessor or something.
__FreeBSD_version bumped to force a rebuild of MAC policies.
Reviewed by: olce
Differential Revision: https://reviews.freebsd.org/D54833
The compile assertion now failing is due to the change '__int64_t' =>
'__int32_t' as the type of 'time32_t' on i386, which is the correct
value. The use of 'freebsd32.h' on i386 may seem strange, but it comes
from 'kern_umtx.c' including it unconditionally as it needs 'struct
umutex32'.
Fixes: 87632ddf67 ("openzfs sys/types32.h: use abi_compat.h for time32_t")
Sponsored by: The FreeBSD Foundation
All other FreeBSD-specific constants have FREEBSD fully spelled out in
their names. Be consistent.
No functional change (intended).
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D55224
* Annotate logv() and fix format string bug.
* Don't reinvent str2sig(3).
* Reorganize kill_self() so we unblock signals as late as possible, and
use raise(2) instead of kill(2).
* Explicitly close unused pipe descriptors.
* Use correct type to collect result of read(2) and write(2).
* Compare return values to 0, not -1.
* Sort local variables according to style(9).
* Reduce unnecessary nesting.
* Reindent.
* Fix typo in manual page.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D55277
The -r flag is not required to compare two directories; it is only
required to compare them recursively, i.e. descend into their common
subdirectories. Adjust tests that use -r needlessly, and adjust the
dirloop test to verify that these two cases remain distinct.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D55262
POSIX uses the terms “positive decimal integer” for -C and “non-negative
decimal integer” for -U, which translates into lower bounds of 1 for -C
and 0 for -U.
POSIX does not specify a minimum upper bound for either mode, but as of
5fc739eb59 both our backends support context sizes up to and including
INT_MAX, so use that.
Having had the opportunity to consult the Unix System Test Suite, the
diff test cases found therein happen to precisely match these bounds.
While here, switch to using strtonum() to parse numerical arguments, and
try to be more consistent in how we report usage errors.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D55261
I have some patches which make ip_mroute and ip6_mroute multi-FIB-aware.
This enables running per-FIB routing daemons, each of which has a
separate routing socket.
Several places in the network stack check whether multicast routing is
configured by checking whether the multicast routing socket is non-NULL.
This doesn't directly translate in my proposed scheme, as each FIB would
have its own socket. I'd like to modify the ip(6)_mroute code to store
all state, including the socket, in a per-FIB structure. So, take a
step towards that and 1) hide the socket, 2) add a boolean flag which
indicates whether a multicast router is registered.
Reviewed by: pouria, zlei, glebius, adrian
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55236