Commit Graph

289621 Commits

Author SHA1 Message Date
Warner Losh e5d1a21e50 loader: Bump the limit to 560,000 bytes for BIOS loader
Further experience suggests we do not need as much margin. This was
mistakenly bumped to 570,000 in a prior commit, so this undoes that.

Sponsored by:		Netflix
2024-02-15 21:16:36 -07:00
Warner Losh 26c8dedef1 loader: line line per src file in libi386
Sponsored by:		Netflix
Differential Revision:	https://reviews.freebsd.org/D43913
2024-02-15 21:02:37 -07:00
Warner Losh 588ff0748f loader: Simplify build a little
Confine -DDISK_DEBUG to biosdisc.c, the only file it affects.
Use modern variable arrays instead of alloca and add a sanity
size minimum for biospnp nodes. These nodes are tiny enough that
we needn't do a malloc/free pair: the stack is fine.

Sponsored by:		Netflix
Reviewed by:		tsoome
Differential Revision:	https://reviews.freebsd.org/D43914
2024-02-15 20:59:23 -07:00
Warner Losh e34fd722ca kboot: Add our own lua bindings
Create a small wrapper around the new flua hash module so we can use it
here too. There's no 4th bindings, nor will they be created.

Sponsored by:		Netflix
Differential Revision:	https://reviews.freebsd.org/D43874
2024-02-15 20:59:23 -07:00
Warner Losh f7781d030c flua: Add hash module
Add lua bindings to hashing functions. sha256 is available. sha256.new
craetes a new object. sha256.update updates the digest. sha256.digest
returns the digest as a binary string and resets the
context. sha256.hexdigest returns the digest as a string of hex digits
and then resets the cotnext.

Sponsored by:		Netflix
Differential Revision:	https://reviews.freebsd.org/D43872
2024-02-15 20:59:23 -07:00
Warner Losh 0fd98b8a76 loader: Move drawer.lua over to gfx table.
Drawer.lua is the only bit of lua code in the base that uses any of the
functons moved from the loader table to the gfx table. Move the main
code to using the gfx dispatch. Add compat code for running on old
loaders that creates the newer-style gfx table with the term_* functions
we call in it populated. This will even work on the super old versions
of the loader that don't have them (we'll still skip using them).

Sponsored by:		Netflix
Reviewed by:		kevans
Differential Revision:	https://reviews.freebsd.org/D43908
2024-02-15 20:59:23 -07:00
Warner Losh a8f8c53761 loader: Move gfx functions to gfx.lua.8
Now that the fb_* and term_* functions are available in the gfx table,
move the documentation to gfx.lua.8. Add information about backwards
compatibility.

Sponsored by:		Netflix
Reviewed by:		kevans
Differential Revision:	https://reviews.freebsd.org/D43907
2024-02-15 20:59:23 -07:00
Warner Losh 0921a771da loader: Move to using linker sets to bring in optional bits
The graphics stuff is optional. When it is pulled into the system, we
use a linker set to initialize the lua bindings for it now.

Sponsored by:		Netflix
Reviewed by:		kevans, jhb
Differential Revision:	https://reviews.freebsd.org/D43906
2024-02-15 20:59:23 -07:00
Warner Losh 23d9b5c9fe loader: Remove gfx_fb_stub.c, it's no longer needed
Now that we draw in the gfx bindings for all our interpreters only when
graphics support is compiled in, we can eliminate this from all the
loaders that don't have graphics support.

Sponsored by:		Netflix
Reviewed by:		kevans, jhb
Differential Revision:	https://reviews.freebsd.org/D43905
2024-02-15 20:59:23 -07:00
Warner Losh 9c8bf69a53 loader: Only create gfx 4th bindings when gfx is available
Only create the gfx bindings for 4th when it's compiled into the
loader. We do this with a linker set that only gets brought in to those
loaders that call gfx_framework_init. This calls gfx_interp_md() will
will drag in gfx_loader.c which will add to the linker set that
registers these bindings.

Sponsored by:		Netflix
Reviewed by:		kevans, jhb
Differential Revision:	https://reviews.freebsd.org/D43904
2024-02-15 20:59:22 -07:00
Warner Losh 60e199d9fd loader: Add prototype for gfx_interp_md
This function will be used to draw in the graphics bindings when the
loader is compiled with graphics (gfx) support. Provide definitions
for lua and the simple interpreter. 4th support is forthcoming.

Sponsored by:		Netflix
Reviewed by:		kevans, jhb
Differential Revision:	https://reviews.freebsd.org/D43903
2024-02-15 20:59:22 -07:00
Warner Losh 9b16231032 loader: Create new gfx table
Create a new gfx global table. Put into it all the graphics bindings
that we have in loader today. For now, have compatability binding for
loader. Remove them from loader.

Sponsored by:		Netflix
Reviewed by:		kevans, jhb
Differential Revision:	https://reviews.freebsd.org/D43902
2024-02-15 20:59:22 -07:00
Warner Losh 061b68a760 loader: Separate gfx to a new file.
Move gfx lua hook registration to a new file.

Sponsored by:		Netflix
Reviewed by:		kevans, jhb
Differential Revision:	https://reviews.freebsd.org/D43901
2024-02-15 20:59:22 -07:00
Warner Losh 1dac5a34b6 loader: Register the gfx stuff separately.
Move registration of the gfx stuff to separate function. However, no
change in functionality is intended.

Sponsored by:		Netflix
Reviewed by:		kevans, jhb
Differential Revision:	https://reviews.freebsd.org/D43900
2024-02-15 20:59:22 -07:00
Warner Losh 7fc95c31f0 loader: Simplify the loader.has_command
luaL_checkstring already checks for the right number of
arguments. There's no need to do that by hand here. Now an exception
will be thrown like any other function with the wrong args. Also,
push a boolean instead of an int.

Sponsored by:		Netflix
Differential Revision:	https://reviews.freebsd.org/D43820
2024-02-15 20:59:22 -07:00
Warner Losh 33a2406eed reboot: Use posix_spawn instead of system
Use posix_spawn to avoid having to allocate memory needed for the system
command line.

Sponsored by:		Netflix
Reviewed by:		jrtc27
Differential Revision:	https://reviews.freebsd.org/D43860
2024-02-15 20:59:22 -07:00
Karim Fodil-Lemelin 62b1faa3b7 ipfw: Skip to the start of the loop when following a keep-state rule
When a packet matches an existing dynamic rule for a keep-state rule,
the matching engine advances the "instruction pointer" to the action
portion of the rule skipping over the match conditions.  However, the
code was merely breaking out of the switch statement rather than doing
a continue, so the remainder of the loop body after the switch was
still executed.  If the first action opcode contains an F_NOT but not
an F_OR (such as an "untag" action), then match is toggled to 0, and
the code exits the inner loop via a break which aborts processing of
the actions.

To fix, just use a continue instead of a break.

PR:		276732
Reviewed by:	jhb, ae
MFC after:	2 weeks
2024-02-15 17:57:51 -08:00
John Baldwin feefc3c71e pci_host_generic: Properly handle bus_release_resource of IRQ resources
Unlike other bus methods updated to use bus_generic_rman_* in commit
d79b6b8ec2, the bus_release_resource method was using
bus_generic_rman_release_resource for all types other than
PCI_RES_BUS.  Instead, bus_generic_rman_* should only be used for
memory and I/O port resources for this driver.

Tested by:	cperciva
Reviewed by:	cperciva
Fixes:		d79b6b8ec2 pci_host_generic: Don't rewrite resource start address for translation
Differential Revision:	https://reviews.freebsd.org/D43925
2024-02-15 17:56:01 -08:00
John Baldwin 992f5b16af pci_host_generic: Set a valid error if allocating a range resource fails
Previously pci_host_generic_attach was returning 0 (success)
incorrectly if allocating a range failed.  The error value was 0 from
the previously successful call to bus_set_resource in this case.

Fixes:		d79b6b8ec2 pci_host_generic: Don't rewrite resource start address for translation
2024-02-15 16:05:09 -08:00
John Baldwin e89d0785ff simplebus: Implement bus_delete_resource 2024-02-15 16:05:00 -08:00
John Baldwin 4505c89242 simplebus: Map SYS_RES_IOPORT to SYS_RES_MEMORY later in alloc_resource
Specifically, the set/get_resource methods do not currently remap
resource types, so remap the type in alloc_resource only after
looking for a matching resource list entry.

Fixes:		3cf553288b simplebus: Consistently map SYS_RES_IOPORT to SYS_RES_MEMORY
2024-02-15 16:04:50 -08:00
Warner Losh e32de9626f reboot: initialize howto
Make static analyzers happy by initialzing howto to 0. Coverity is
cranky that it could be used unused. But it's analysis is incomplete
because the args to getopt when it wasn't initialized preclude it from
being used.
2024-02-15 14:32:04 -07:00
Cy Schubert fc773115fa heimdal: Fix NULL deref
A flawed logical condition allows a malicious actor to remotely
trigger a NULL pointer dereference using a crafted negTokenInit
token.

Upstream notes:

    Reported to Heimdal by Michał Kępień <michal@isc.org>.

    From the report:

    Acknowledgement
    ---------------

    This flaw was found while working on addressing ZDI-CAN-12302: ISC BIND
    TKEY Query Heap-based Buffer Overflow Remote Code Execution
    Vulnerability, which was reported to ISC by Trend Micro's Zero Day

Security:	CVE-2022-3116
Obtained from:	upstream 7a19658c1
MFC after:	1 week
2024-02-15 13:27:55 -08:00
Cy Schubert 60616b445e heimdal: always confirm PA-PKINIT-KX for anon PKINIT
Import upstream 38c797e1a.

Upstream notes:

    RFC8062 Section 7 requires verification of the PA-PKINIT-KX key
    excahnge when anonymous PKINIT is used.  Failure to do so can
    permit an active attacker to become a man-in-the-middle.

Reported by:	emaste
Obtained from:	upstream 38c797e1a
Security:	CVE-2019-12098
MFC after:	1 week
2024-02-15 13:27:55 -08:00
Cy Schubert 9286d46a79 heimdal: CVE-2022-41916: Check for overflow in _gsskrb5_get_mech()
Apply upstream 22749e918 to fix a buffer overflow.

Upstream notes:

    If len_len is equal to total_len - 1 (i.e. the input consists only of a
    0x60 byte and a length), the expression 'total_len - 1 - len_len - 1',
    used as the 'len' parameter to der_get_length(), will overflow to
    SIZE_MAX. Then der_get_length() will proceed to read, unconstrained,
    whatever data follows in memory. Add a check to ensure that doesn't
    happen

This is similar to samba CVE-2022-3437.

Reported by:	emaste
Security:	CVE-2022-41916
Obtained from:	upstream 22749e918
MFC after:	1 week
2024-02-15 13:27:55 -08:00
Cy Schubert 2433937749 Heimdal: CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum
Upstream's explanation of the problem:

    S4U2Self is an extension to Kerberos used in Active Directory to allow
    a service to request a kerberos ticket to itself from the Kerberos Key
    Distribution Center (KDC) for a non-Kerberos authenticated user
    (principal in Kerboros parlance). This is useful to allow internal
    code paths to be standardized around Kerberos.

    S4U2Proxy (constrained-delegation) is an extension of this mechanism
    allowing this impersonation to a second service over the network. It
    allows a privileged server that obtained a S4U2Self ticket to itself
    to then assert the identity of that principal to a second service and
    present itself as that principal to get services from the second
    service.

    There is a flaw in Samba's AD DC in the Heimdal KDC. When the Heimdal
    KDC checks the checksum that is placed on the S4U2Self packet by the
    server to protect the requested principal against modification, it
    does not confirm that the checksum algorithm that protects the user
    name (principal) in the request is keyed.  This allows a
    man-in-the-middle attacker who can intercept the request to the KDC to
    modify the packet by replacing the user name (principal) in the
    request with any desired user name (principal) that exists in the KDC
    and replace the checksum protecting that name with a CRC32 checksum
    (which requires no prior knowledge to compute).

    This would allow a S4U2Self ticket requested on behalf of user name
    (principal) user@EXAMPLE.COM to any service to be changed to a
    S4U2Self ticket with a user name (principal) of
    Administrator@EXAMPLE.COM. This ticket would then contain the PAC of
    the modified user name (principal).

Reported by:	emaste
Security:	CVE-2018-16860
Obtained from:	Upstream c6257cc2c
MFC after:	1 week
2024-02-15 13:27:54 -08:00
Cy Schubert f8041e3628 Heimdal: Fix transit path validation CVE-2017-6594
Apply upstream b1e699103. This fixes a bug introduced by upstream
f469fc6 which may in some cases enable bypass of capath policy.

Upstream writes in their commit log:

    Note, this may break sites that rely on the bug.  With the bug some
    incomplete [capaths] worked, that should not have.  These may now break
    authentication in some cross-realm configurations.

Reported by:	emaste
Security:	CVE-2017-6594
Obtained from:	upstream b1e699103
MFC after:	1 week
2024-02-15 13:27:54 -08:00
John Baldwin 57d312b8ea pci_pci: Remove obsolete comment
This comment referred to the layering violation fixed in commit
b377ff8110.
2024-02-15 12:27:45 -08:00
John Baldwin d714e73f78 vmd: Use bus_generic_rman_* for PCI bus and memory resources
While here, add custom bus_map/unmap_resource methods to request
mappings via the window memory resources allocated from the parent
bus.

Tested by:		emaste
Differential Revision:	https://reviews.freebsd.org/D43886
2024-02-15 12:26:40 -08:00
John Baldwin 76c6786886 vmd: Use bus_read/write_* instead of bus_space_read/write_*
Using an explicit bus space tag and handle is deprecated.

Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D43885
2024-02-15 12:26:19 -08:00
John Baldwin 962b0bcbd9 riscv: Add missing includes for DDB
The #ifdef DDB code in parse_metadata was dead code without opt_ddb.h.
While here, update the call to db_fetch_ksymtab for changes in commit
02bc014a200a.

Reviewed by:	mhorne
Obtained from:	CheriBSD
Differential Revision:	https://reviews.freebsd.org/D43919
2024-02-15 12:20:30 -08:00
Stephen J. Kiernan 53670ee165 psci: Add FDT node status check
Consider the PSCI missing if the FDT node status says it is not okay.

Reviewed by:	andrew
Obtained from:	Juniper Networks, Inc.
Differential Revision:	https://reviews.freebsd.org/D43920
2024-02-15 14:24:15 -05:00
Gleb Smirnoff bc9107f8c4 socket tests: add listener_wakeup
This test runs several scenarios when sleep(9) on a listen(2)ing socket is
interrupted by shutdown(2) or by close(2).  What should happen in that
case is not specified, neither is documented.  However, there is certain
behavior that we have and this test makes sure it is preserved.  There is
software that relies on it, see bug 227259.  This test is based on
submission with this bug, bugzilla attachment 192260.

The test checks TCP and unix(4) stream socket behavior and SCTP can be
added easily if needed.

The test passes on FreeBSD 11 to 15.  It won't pass on FreeBSD 10,
although the wakeup behavior of shutdown(2) is the same, but it doesn't
return error.

PR:	227259
2024-02-15 10:48:44 -08:00
Gleb Smirnoff abe8379b4f sockets: repair wakeup of accept(2) by shutdown(2)
That was lost in transition from one-for-all soshutdown() to protocol
specific methods.  Only protocols that listen(2) were affected.  This is
not a documented or specified feature, but some software relies on it.  At
least the FreeSWITCH telephony software uses this behavior on
PF_INET/SOCK_STREAM.

Fixes:  5bba272807
2024-02-15 10:48:44 -08:00
Ed Maste 2c5ff9118c rights.4: Remove sentence implying that rights are a mask
Capability rights passed to cap_rights_* are (now) not simple bitmaks
and cannot be ORed together in general (although it will work for
certain subsets of rights).

Remove sentence that implied rights are masks.  We already have the
sentence "The complete list of capability rights is provided below" so
listing the rights without an introductory sentence seems fine.

PR:		277057
2024-02-15 10:00:52 -05:00
Ed Maste 8d1348f55a path_test: fix cap_rights_init usage
Capability rights passed to cap_rights_* are not simple bitmaks and
cannot be ORed together in general (although it will work for certain
subsets of rights).

PR:		277057
Fixes:		e5e1d9c7b7 ("path_test: Add a test case for...")
Sponsored by:	The FreeBSD Foundation
2024-02-15 08:58:39 -05:00
Philip Paeps 2911c44baf bsdinstall: remove two dead mirrors 2024-02-15 21:49:33 +08:00
Philip Paeps 9c59988175 bsdinstall: prefer HTTP
In 2024, users are more likely to have working HTTP than working FTP.
Present http://ftp.FreeBSD.org as the first option in the installer.
Keep ftp://ftp.FreeBSD.org as the second option.

MFC after:	3 weeks
2024-02-15 21:49:33 +08:00
Kajetan Staszkiewicz 50edc63071 pfsync: Fix offset calculation
Even though message version is automatically recognized and the top of
the struct is identical for different versions, when iterating over
multiple messages proper message length must be used. That's the length
of an union member for given version, not of the union itself.

Reviewed by:	kp
Differential Revision:	https://reviews.freebsd.org/D43862
2024-02-15 12:54:02 +01:00
Martin Matuska e2257b3168 zfs: merge openzfs/zfs@e0bd8118d
Notable upstream pull request merges:
 #15469 cbe882298 Add slow disk diagnosis to ZED
 #15857 d0d273320 Update zfs-snapshot.8
 #15864 a5a725440 zfs list: add '-t fs' and '-t vol' options
 #15874 6cc93ccde BRT: Fix slop space calculation with block cloning
 #15882 a0635ae73 zdb: Fix false leak report for BRT objects

Obtained from:	OpenZFS
OpenZFS commit:	e0bd8118d0
2024-02-15 10:22:15 +01:00
Ed Maste 3733d82c4d libcasper: fix cap_rights_init usage
Capability rights passed to cap_rights_* are not simple bitmaks and
cannot be ORed together in general (although it will work for certain
subsets of rights).

PR:		277057
Fixes:		faaf43b2a7 ("fileargs: add tests")
Sponsored by:	The FreeBSD Foundation
2024-02-14 22:33:24 -05:00
Tai-hwa Liang 25a5bb7318 net: bandaid for plugging a fw_com leak in fwip_detach()
Adding a temporary workaround for plugging a fw_com upon if_fwip unloading.

Steps to reproduce(needs two hosts connected with firewire):

  while true; do
    ifconfig fwip0 10.0.0.5 up
    fwcontrol -r
    ping -c 10.0.0.3
    kldunload if_fwip
  done

There's a chance that the unloading of if_fwip.ko triggers following warning:

	Warning: memory type fw_com leaked memory on destroy (1 allocations, 64 bytes leaked).

commit d79b6b8ec2 (origin/main, origin/HEAD)
2024-02-15 01:00:49 +00:00
Ed Maste 05f530f4d2 cat: fix cap_rights_init usage
Capability rights passed to cap_rights_* are not simple bitmaks and
cannot be ORed together in general (although it will work for certain
subsets of rights).

PR:		277057
Reported by:	asomers, markj
2024-02-14 19:37:54 -05:00
John Baldwin d79b6b8ec2 pci_host_generic: Don't rewrite resource start address for translation
Allocate resources from the parent device for decoded physical address
ranges.  When child resources suballocated from rman's are mapped,
translate those mapping requests into a mapping request of the
associated physical address range in a bus_map_resource method.

While here, convert generic_pcie_rman to a bus_get_rman method and use
bus_generic_rman_* for operations on child resources.

Factor out a generic_pcie_containing_range to share logic between
bus_translate_resource and bus_*map_resource.

Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D43894
2024-02-14 14:07:33 -08:00
John Baldwin add99c9c4b physmem ram: Don't reserve excluded regions
These regions can conflict with I/O resources and prevent allocation
of those regions by other drivers.  It may make sense to reserve them
after the boot-time probe of devices has concluded (or after an
initial pass to reserve firmware-assigned resources before "wildcard"
resources are allocated), but that would require additional changes.

Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D43893
2024-02-14 14:07:33 -08:00
John Baldwin 055c1fe230 acpi: Allow child drivers to use bus_set_resource for more resources
acpi_set_resource excludes certain types of resources for certain
devices.  The intention of this is to avoid adding resource entries
for bogus resources enumerated via _CRS.  However, this also prevents
drivers from adding those resources explicitly if needed.  To fix
this, move the logic to exclude these resources into an ignore hook
used when parsing _CRS to create the initial set of resources for each
device.

Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D43892
2024-02-14 14:07:32 -08:00
John Baldwin e05436d577 acpi: Don't assume a resource is reserved in acpi_delete_resource
This fixes a panic if a driver uses bus_set_resource to add a resource
that fails to reserve and then deletes the resource via
bus_delete_resource.

Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D43891
2024-02-14 14:07:32 -08:00
John Baldwin 51f8ac224f pci_host_generic: Include the bridge's device name in rman descriptions
The rman description strings now match those used in the PCI-PCI
bridge driver.  Using more specific names removes ambiguity in devinfo -u
output on systems with multiple host to PCI bridges.

Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D43890
2024-02-14 14:07:32 -08:00
John Baldwin eac46b9dd7 pci_host_generic: Remove unused res1 field from softc
Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D43889
2024-02-14 14:07:32 -08:00
John Baldwin 93923685d3 pci_host_generic_fdt: Remove duplicate DEVMETHOD entries
These are already inherited from generic_pcie_core_driver.

Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D43888
2024-02-14 14:07:32 -08:00