Due to performance constraints on a synthesized CHERI RISC-V core,
remove usage of xdma(4) scatter-gather framework. Instead, provide
a minimalistic interface between two drivers.
This increases performance ~4-5 times.
Tested using scp(1) and nc(1) on Codasip Prime.
Sponsored by: CHERI Research Centre
Differential Revision: https://reviews.freebsd.org/D53932
Add a fix to apply scrubbing of unsolicited NS RRSets (and their
respective address records) for YXDOMAIN and nodata non-referral
answers. This prevents a malicious actor from exploiting a possible
cache poison attack.
Obtained from: NLnet Labs
Security: CVE-2025-11411
The ipnat struct is built by ipnat(8), specifically ipnat_y.y when
parsing the ipnat configuration file (typically ipnat.conf). ipnat
contains a variable length string field at the end of the struct. This
data field, called in_names, may contain various text strings such as
NIC names. There is no upper bound limit to the length of strings as
long as the in_namelen length field specifies the length of in_names
within the ipnat structure and in_size specifies the size of the ipnat
structure itself.
Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Reviewed by: markj
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D53843
The frentry struct is built by ipf(8), specifically ipf_y.y when parsing
the ipfilter configuration file (typically ipf.conf). frentry contains
a variable length string field at the end of the struct. This data field,
called fr_names, may contain various text strings such as NIC names,
destination list (dstlist) names, and filter rule comments. The length
field specifies the length of fr_names within the frentry structure and
fr_size specifies the size of the frentry structure itself.
The upper bound limit to the length of strings field is controlled by the
fr_max_namelen sysctl/kenv or the max_namelen ipfilter tuneable.
The initial concepts were discussed with emaste and jrm.
Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Reviewed by: markj
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D53843
ipf_check_names_string will verify userland inputs in names strings
(fr.fr_names, in.in_names) for correctness.
Original concept of ipf_check_names_string() instead of macros by
markj.
Reviewed by: markj
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D53843
linux.ko supports POSIX message queues using these symbols, so they need
to be exported rather than relying on the kernel linker's misfeature of
linking against debug or local symbols (which will soon be disabled by
default).
Reported by: mav
Reviewed by: zlei
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53907
When checking vnet test prerequisites we check if if_epair and if_bridge are
available, but we only checked for loadable modules. It's possible for these to
be built into the kernel instead.
Sponsored by: Rubicon Communications, LLC ("Netgate")
The upstream refactoring of ndaregister() to split out ndasetgeom()
accidentally used an uninitialed variable to decide whether or not
to set DISKFLAG_UNMAPPED_BIO. Fix this by moving that portion of
ndasetgeom() back up to ndaregister(). The check for PIM_UNMAPPED
is not really needed because nvme devices always have that set,
so it cannot change in the other path that ndasetgeom() is now called.
Reviewed by: imp
Fixes: dffd882d12
Sponsored by: Netflix
MFC After: 1 minute
This isn't used by modern cards, but is needed for i915kms to load
on a system that has agp as a module not compiled into the kernel.
PR: 291214
Reviewed by: cy
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53906
FIB_ALGO modular FIB lookups have been enabled by default on
amd64 and arm64 since 2021, so enable it on riscv as well.
Reviewed by: melifaro
MFC after: 1 month
When reading by sector (because reading a whole track failed), we can
accidentally fall into the "should not happen" path, which both
(a) emits a spurious error message and (b) fouls up our position
accounting going forward. Ensure we do not inappropriately fall into
that path.
Avoid obscuring the "short after" message in cases where it happens.
Signed-off-by: Matt Jacobson <mhjacobson@me.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1897
This commit introduces gratuitous white space and unused functions.
This functionality is guarded/commented out. This change is necessary
to reduce the differences with the reference file in subsequent commits.
No functional change intended.
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1894
Fix typos in the files that are owned by the project.
Bring back a "duplicate word" removal (node node), which should have
been "node Node", the second "node" is not capitalized in the reference
file (yet). We'll bring it back capitalized to avoid it from triggering
automated checking scripts and possibly reverting this change again. A
few other typos were not fixed, as we strive to keep as close to the
reference files as possible, these fixes should be submitted to the
reference project (tianocore/edk2) in the not so distant future.
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1894
I've received a report of a failure from resolving kern_kmq_open.
Revert for now as we are currently in stabweek.
This reverts commit 9562994a7a.
Reported by: mav
pf was too strict when validating SCTP tags. When a server receives a
retransmitted INIT it will reply with a random initiate tag every time.
However, pf saves the first initiate tag and expects every subsequent INIT_ACK
retransmission to have the same tag. This is not the case, leading to endless
INIT/INIT_ACK cycles.
Allow the tag to be updated as long as we've not gone past COOKIE_WAIT.
Add a test case to verify this.
MFC after: 2 weeks
See also: https://redmine.pfsense.org/issues/16516
Sponsored by: Rubicon Communications, LLC ("Netgate")
If we fail to open /dev/pf don't try to close it again. That would result in
errno getting overwritten by close(), hiding potentially useful information.
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
In 95c20faf11 and ecd8245e0d kib introduced support to have the
kernel linker stop resolving local symbols from other files, but did
not enable it by default to avoid surprises. Flip the default now,
before FreeBSD 16.0.
The debug.link_elf_leak_locals and debug.link_elf_obj_leak_locals
sysctls are available to revert to the previous behaviour if necessary.
PR: 207898
Reviewed by: bz
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47742
On FreeBSD errno is defined as (* __error()), which means compiler
can't say whether two consecutive reads will return the same.
And without this knowledge the reported error is formally right.
Caching of the errno in local variable fixes the issue.
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Rob Norris <robn@despairlabs.com>
Signed-off-by: Alexander Motin <alexander.motin@TrueNAS.com>
Closes#17975
Ensure the offp capability bounds cover entire struct with checksum fields.
This is needed for CHERI systems to avoid bounds violation trap, as
otherwise offp allowed to dereference 4 bytes of csum_flags field only
so bzero failed.
Tested on ARM Morello.
Reviewed by: kbowling
Discussed with: jrtc27
Sponsored by: CHERI Research Centre
Differential Revision: https://reviews.freebsd.org/D53903
The NVME controller in Crucial P310 disk does not accept 16-byte aligned
host memory buffer on Codasip Prime platform, but works fine on PAGE_SIZE
aligned memory.
Instead of adding a quirk, just increase alignment for everyone.
Reviewed by: jhb
Discussed with: imp
Sponsored by: CHERI Research Centre
Differential Revision: https://reviews.freebsd.org/D53296
In practice this just ends up as an orphan section and so is placed next
to .rodata-like sections, so it's pretty harmless, but not intended.
Fixes: a095390344 ("Use a template assembly file for firmware object files.")
ZFSSRC is abiguous on its surface and too clos to ZFSTOP, so rename it
to SAZFSSRC.
Sponsored by: Netflix
Reviewed by: tsoome
Differential Revision: https://reviews.freebsd.org/D53901
Use ZFSTOP instead of OZFS. They are the saame thing.
Sponsored by: Netflix
Reviewed by: tsoome
Differential Revision: https://reviews.freebsd.org/D53900
Because setcred() has (always) treated the effective GID separately from
the supplementary groups, when cr_groups[0] was storing the effective
GID, it internally needed to build an array containing both the
effective GID and the specified supplementary groups to eventually call
crsetgroups_internal().
As kern_setcred() was only used to actually implement
user_setcred()/sys_setcred(), which need to allocate a buffer to copy in
the userland groups array into, some optimization was put in place where
these would allocate an array with one more element than
'wc_supp_groups', copyin() the latter into the subarray starting at
index 1 and pass the pointer to the whole array to kern_setcred() in
'preallocated_groups'. This would allow kern_setcred() not to have to
allocate memory again to make room for the additional effective GID.
Since commit be1f7435ef ("kern: start tracking cr_gid outside of
cr_groups[]"), crsetgroups_internal() only takes supplementary groups,
so this machinery has become obsolete. It was not removed as part of
that commit, but just minimally amended to simplify the changes and
lower the risks. Finally remove it.
Reviewed by: kevans
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53772
If the basis for supplementary groups are the current ones, we do not
need to fetch them when they are to be replaced entirely (which we
already have been doing), as in the '!start_from_current_groups' case,
but specifically also when they are not going to be touched at all.
This change in passing makes the modified code block's comment saying
that SETCREDF_SUPP_GROUPS need not be set here correct.
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53771
It was found that in some circumstances when launching
non-waiting create qhash cqp operation the refcount on
the cqp_request may be not properly decremented leading to a memory
leak.
Signed-off-by: Bartosz Sobczak <bartosz.sobczak@intel.com>
Reviewed by: anzhu_netapp.com
Tested by: mateusz.moga_intel.com
Approved by: kbowling (mentor)
MFC after: 1 week
Sponsored by: Intel Corporation
Differential Revision: https://reviews.freebsd.org/D53732