ipf_htable_stats_get() constructs an iphtstat_t on the stack and only
initializes select fields before copying the entire structure to
userland. The trailing padding array iphs_pad[16] is never initialized,
so ~128 bytes of uninitialized kernel stack memory can be leaked to user
space on each call. This is a classic information disclosure
vulnerability that can reveal pointers and other sensitive data.
We fix this by zeroing out the data structure prior to use.
Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Reviewed by: emaste
MFC after: 3 days
Differential revision: https://reviews.freebsd.org/D53275
ipf_nat_getent() allocates a variable-sized nat_save_t buffer with
KMALLOCS() (which does not zero memory) and then copies only a subset
of fields into it before returning the object to userland using
ipf_outobjsz(). Because the structure is not fully initialized on all
paths, uninitialized kernel heap bytes can be copied back to user space,
resulting in an information leak.
We fix this by zeroing out the data structure immediately after
allocation.
Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Reviewed by: emaste
MFC after: 3 days
Differential revision: https://reviews.freebsd.org/D53274
This defaults to plain "pkg", but being able to override it is useful
when testing pkg itself.
Reviewed by: cperciva
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D53307
This includes the conflicting changes from previous driver versions
(v6.11/v6.14), mostly being function pointer or function arguments.
MFC after: 3 days
This version is based on
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
e5f0a698b34ed76002dc5cff3804a61c80233a7a ( tag: v6.17 ).
MFC after: 3 days
This version is based on
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
e5f0a698b34ed76002dc5cff3804a61c80233a7a ( tag: v6.17 ).
MFC after: 3 days
This version is based on
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
e5f0a698b34ed76002dc5cff3804a61c80233a7a ( tag: v6.17 ).
MFC after: 3 days
This version is based on
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
e5f0a698b34ed76002dc5cff3804a61c80233a7a ( tag: v6.17 ).
Some of the changes we reported upstream got incorporated in this
(or the v6.16) release.
This also includes a change from iwlwifi-next.git::next for missing symbols
iwl_mvm_v3_rate_from_fw() and iwl_mvm_v3_rate_to_fw() were originally
comitted to mvm/rs.[ch] which we do not have. That left us with
unresolved symbols. For the never comitted v6.16 driver update I had
started to piece these together but they have been migrated out to
utils.c so take them from there until the next release hopefully ships
this change.
Obtained from: git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-next.git
branch next, 1b49af228594452206d5c50a33b6a341428edb63
MFC after: 3 days
The first test is supposed to close the new fd, but was instead not
closing anything.
Reviewed by: ngie, markj
Fixes: 3cedbec3ee ("Integrate tools/regression/fifo into ...")
Differential Revision: https://reviews.freebsd.org/D52799
Reviewed by: cem
Fixes: 1492c8c0d qcom_rnd: add initial qualcomm prng driver.
Fixes: 9eecef052 Add an Armv8 rndr random number provider
Fixes: b2f8b2dc8 sys: Add an SMCCC Random Number Generator driver
Differential Revision: https://reviews.freebsd.org/D53292
VOP_BMAP is purely advisory. If VOP_BMAP returns an error during
readahead, cluster_read should still succeed, because the actual data
was still read just fine.
Add a regression test for PR 264196, wherein cluster_read would fail if
VOP_BMAP did.
PR: 264196
MFC with: 62aef3f73f
Reported by: danfe
Reviewed by: arrowd
Differential Revision: https://reviews.freebsd.org/D51316
fvp-base-revc.dtb works with the kernel now interrupt-maps are
supported in more cases.
Reviewed by: mhorne
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D51258
When producing formatted output, trim leading whitespace and trailing
commas from the human-readable time and uptime before emitting them.
The text output remains unchanged.
PR: 290089
Fixes: 6e6febb54d ("w: Fix idle time in json output, add login/idle times to json output")
Reviewed by: marius.h_lden.org
Differential Revision: https://reviews.freebsd.org/D53167
When copying the data in the first mbuf to get rid of the UDP
header, use the correct length. It was copying too much (8 bytes,
the length of the UDP header).
This only applies to handling TCP over UDP packets. The support for
TCP over UDP is disabled by default.
Reported by: jtl
Reviewed by: Peter Lei
MFC after: 3 days
Sponsored by: Netflix, Inc.
With this patch UDP-Lite endpoints are also shown per default.
Reviewed by: Nick Banks
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D53252
With this patch UDP-Lite endpoints are also show per default.
Reviewed by: Peter Lei, Nick Banks
MFC after: 3 days
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D53230
Export the list of pcbs for UDP-Lite to be consumed by sockstat and
netstat.
Reviewed by: Peter Lei, Nick Banks
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D53229
There may be other issues here but this change certainly seems to
be necessary.
PR: 290394
Reviewed by: cperciva
Differential Revision: https://reviews.freebsd.org/D53263
The archive attribute (UF_ARCHIVE) is listed as deprecated
in RFC8881. However, the Windows NFSv4.1 client folk disagree
with this and say they need support for it.
This patch adds support for it, in a manner similar to what
is done for UF_SYSTEM and UF_HIDDEN.
MFC after: 2 weeks
__GLIBC__ is not pre-defined by the toolchain, it comes from features.h,
so we need to make sure that's included by this point.
Fixes: 4dd2b869cd ("krb5: Fix -Wint-conversion when bootstrapping on GNU/Linux")
It was previously disabled when we built for older 32-bit arm targets
which lack 64-bit atomics. As we now support armv7 at a minimum there
is no need to disable LLDB.
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52668
It was used for Octeon MIPS and all producers have been removed
from the source tree.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D53146
The menu was incorrectly using the fourth column (distname) instead of
the first (dist) of the MANIFEST.
The actual file name is on the first column of the MANIFEST file.
Remove the .txz part of the name to build the menu options.
Reviewed by: jamie
MFC after: 5 days
Differential Revision: https://reviews.freebsd.org/D53177
The -libutil function getmntpoint(3) is documented as accepting a device
name “with or without /dev/ prepended to it” but did not attempt to
prepend /dev/. This patch corrects the problem by prepending /dev/ to
names that do not begin with a '/'.
Reported-by: Dag-Erling Smørgrav
Differential Revision: https://reviews.freebsd.org/D53185
MFC-after: 1 week
Sponsored-by: Netflix
ATM support for netgraph was removed in af0cc0b223 ("NgATM: Remove
netgraph ATM support")
Remove the directory from the mtree specification.
Reviewed by: emaste
Fixes: 21735dfaeb ("include: Remove no longer existing netgraph/atm")
MFC after: 5 days
Differential Revision: https://reviews.freebsd.org/D53260
The code that makes this VOP_BMAP call tries to perform a read-ahead I/O
operation. Failing to do that for any reason isn't fatal for `cluster_read()`,
because we still can return some data to the caller. This change is consistent
with other places within `cluster_read()`, where error returned by VOP_BMAP is
not returned to the caller - see the `if (nblks > 1)` block above the changed
lines and `if (reqbp)` at the end of the function.
PR: 264196
Approved by: markj, kib
Differential Revision: https://reviews.freebsd.org/D51254
While TCP disallows connect()ing a socket with SO_REUSEPORT_LB, UDP does
not. As a result, a connected UDP socket can be placed in the lbgroup
hash and thus receive datagrams from sources other than the connected
host.
Reported by: Amit Klein <amit.klein@mail.huji.ac.il>
Reported by: Omer Ben Simhon <omer.bensimhon@mail.huji.ac.il>
Reviewed by: glebius
Approved by: so
Security: FreeBSD-SA-25:09.netinet
Security: CVE-2025-24934
Add support for the DIOCGIDENT ioctl to both nvme controller device
nodes and namespace device nodes.
This information was already available via the nda(4) device node.
However, mapping /dev/nvmeX to /dev/ndaY device nodes is not
straightforward, so it's better to get it directly from the /dev/nvme
device node.
PR: 290259
MFC after: 2 weeks
Sponsored by: ConnectWise
Submitted by: imp (mostly)
Pull Request: https://github.com/freebsd/freebsd-src/pull/1875
Ensure the header is generated; it is a dependency for these drivers.
This fixes standalone module builds and riscv LINT.
Reported by: zlei
Sponsored by: The FreeBSD Foundation
Fixes: 5522519731 ("modules: enable allwinner kmods on riscv")
Don't use __LP64__ to decide the value, as it gives the wrong result on
CHERI platforms. Just define it in terms of __SIZEOF_LONG__. Make a
similar adjustment for BITS_PER_LONG_LONG while here.
Reviewed by: bz, dumbbell, emaste
MFC after: 1 week
Sponsored by: CHERI Research Centre (EPSRC grant UKRI3001)
Differential Revision: https://reviews.freebsd.org/D53135
The direction of the data transfer in uio(9) can be confusing,
so state explicitly the difference between UIO_READ and UIO_WRITE.
Reviewed by: ziaee
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D52996
We have provided implementations for hard float of these for
a while now. Add them to the header to make things official.
This is required for a bunch of legacy programs in ports.
Approved by: markj (mentor)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D53156
It seems like _QUAD_LOWWORD was incorrectly expanded into 1,
which is correct for big endian but not little endian. This
means we always grab the padding word for the syscall number,
which is usually 0, causing SIGSYS to be delivered to the caller.
Reintroduce _QUAD_LOWWORD to fix the syscall.
PR: 290411
MFC after: 1 week
Discussed with: jrtc27
Reviewed by: cognet, emaste
Approved by: markj (mentor)
Fixes: 8c9c3144cc
Differential Revision: https://reviews.freebsd.org/D53250