With ASLR enabled by default, RLIMIT_STACK test fails due to the fact
that default stack gap can be as big as 15M. Because of that the
resource limit of 4M results in test program receiving SIGSEGV
immediately after exiting the setrlimit syscall. Since the idea of this
test is to check if rlim_cur does not extend past rlim_max, adjusting
the resource limit to 20M should not invalidate the test results.
Obtained from: Semihalf
Sponsored by: Alstom Group
Differential revision: https://reviews.freebsd.org/D33116
Summary:
One was required to press a key to continue after every 18 lines of
output. This requirement had been in the "show vmopag" command since it
was introduced, which was many years before paging was added to DDB.
With paging, this explict key check is no longer necessary.
Obtained from: Juniper Networks, Inc.
MFC after: 1 week
Test Plan:
Run "show vmopag" from db> prompt and see that it does not need additional
keypresses other than the ones needed for the pager.
Subscribers: imp, #contributor_reviews_base
Differential Revision: https://reviews.freebsd.org/D33550
Commit 867c27c23a modified the NFS client so that
it does IO_APPEND writes directly to the NFS server,
bypassing the buffer cache. However, this could result
in stale data in client pages when the file is mmap(2)'d.
As such, the NFS client needs to call is_object_active()
to check if the file is mmap(2)'d.
This patch renames is_object_active() to vm_object_is_active(),
moves it to sys/vm/vm_object.c and makes it global, so that
the NFS client can call it in a future commit.
Reviewed by: kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D33520
The structure goes away anyway, but it would be interesting to know
how much memory we used to save with it. So for the record, structure
size with this revision is 64 bytes.
From OpenSSH 8.8p1's release notes:
---
Potentially-incompatible changes
================================
This release disables RSA signatures using the SHA-1 hash algorithm
by default. This change has been made as the SHA-1 hash algorithm is
cryptographically broken, and it is possible to create chosen-prefix
hash collisions for <USD$50K [1]
For most users, this change should be invisible and there is
no need to replace ssh-rsa keys. OpenSSH has supported RFC8332
RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys
will automatically use the stronger algorithm where possible.
Incompatibility is more likely when connecting to older SSH
implementations that have not been upgraded or have not closely tracked
improvements in the SSH protocol. For these cases, it may be necessary
to selectively re-enable RSA/SHA1 to allow connection and/or user
authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms
options. For example, the following stanza in ~/.ssh/config will enable
RSA/SHA1 for host and user authentication for a single destination host:
Host old-host
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
We recommend enabling RSA/SHA1 only as a stopgap measure until legacy
implementations can be upgraded or reconfigured with another key type
(such as ECDSA or Ed25519).
[1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
Application to the PGP Web of Trust" Leurent, G and Peyrin, T
(2020) https://eprint.iacr.org/2020/014.pdf
---
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
OpenSSH v8.8p1 was motivated primarily by a security update and
deprecation of RSA/SHA1 signatures. It also has a few minor bug fixes.
The security update was already applied to FreeBSD as an independent
change, and the RSA/SHA1 deprecation is excluded from this commit but
will immediately follow.
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Running sys/netpfil/pf/fragmentation v6 results in:
lock order reversal:
1st 0xfffffe00050429a8 rip (rip, sleep mutex) @ /usr/src/sys/netinet6/raw_ip6.c:803
2nd 0xfffff8009491e1d0 rawinp (rawinp, rw) @ /usr/src/sys/netinet6/raw_ip6.c:804
lock order rawinp -> rip established at:
0xffffffff8068e26a at witness_lock_order_add+0x28a
0xffffffff8068d087 at witness_checkorder+0x627
0xffffffff805a9f05 at __mtx_lock_flags+0x205
0xffffffff808102e4 at in_pcballoc+0x204
0xffffffff808d53c6 at rip6_attach+0x116
0xffffffff806dc4e8 at socreate+0x368
0xffffffff806eaedc at kern_socket+0xfc
0xffffffff806eadcd at sys_socket+0x2d
0xffffffff80abc774 at syscallenter+0x5c4
0xffffffff80abbeeb at amd64_syscall+0x1b
0xffffffff80a8044b at fast_syscall_common+0xf8
lock order rip -> rawinp attempted at:
0xffffffff8068dc2a at witness_checkorder+0x11ca
0xffffffff805d1b7f at _rw_wlock_cookie+0x18f
0xffffffff808d596c at rip6_connect+0x19c
0xffffffff806e0842 at soconnectat+0x142
0xffffffff806ebe36 at kern_connectat+0x136
0xffffffff806ebcdf at sys_connect+0x4f
0xffffffff80abc774 at syscallenter+0x5c4
0xffffffff80abbeeb at amd64_syscall+0x1b
0xffffffff80a8044b at fast_syscall_common+0xf8
Reviewed by: glebius
Fixes: de2d47842e ("SMR protection for inpcbs")
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D33508
Make sure to reset 'message_done' flag when jumping from a message to the
next one within the same interrupt handler call. This happens only when
a write with no-stop flag message is followed by a write with no-start
flag message.
Without this fix the second message would be prematurely "completed"
without waiting for an ACK (or NACK) for its first byte and without
sending subsequent bytes (if any).
Fixes: ff1e8581 twsi: support more message combinations in transfers
MFC after: 4 days
The problem is that carp(4) would clear the error counter on first
successful send, and stop counting successes after that. Fix this
logic and document it in human language.
PR: 260499
Differential revision: https://reviews.freebsd.org/D33536
Thanks to gallatin@ for suggesting the patch.
PR: 260330
Reported by: Vincent Milum Jr.
Reviewed by: gallatin, glebius
Tested by: Vincent Milum Jr.
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D33395
dirdeps.mk: simplify computation of qualified vs unqualified dirdeps.
Note the importance of avoiding unresolved variables in DIRDEPS
Fix DIRDEP_LOADAVG_REPORT - expr(1) fails if expression evaluates to 0
Trim ${SRCTOP}/ from debug etc messages to make comparison easier.
Include number of DIRDEPS in debug output.
Trim ${SRCTOP}/ when exporting to env while building DIRDEPS_CACHE
to help avoid env exhaustion.
Use DIRDEPS_ALL_MACHINES_FILTER to better handle ALL_MACHINES
in complex build environments.
dirdeps-options.mk: use separate .undef for each variable
dirdeps-targets.mk: allow for '.' in DIRDEPS_TARGETS_DIRS
meta.autodep.mk: leverage ${.SUFFIXES} if we can.
meta.sys.mk: allow use in META_MODE vs DIRDEPS_BUILD
meta2deps.py: compute a list of dirdep extensions that map to current
TARGET_SPEC to avoid confusion.
Reviewed by: stevek
This makes the left column narrower, leaving more space for the text.
Reviewed By: debdrup, 0mp
Differential Revision: https://reviews.freebsd.org/D33385
Relevant changes see ChangeLog for details:
Add support for ${.SUFFIXES} as read-only variable.
Fix memory leak in cond.c
Punt on write errors - ENOSPC etc.
Lots of code refactoring, rework to reduce memory allocations.
More unit-tests.
This fixes a regression in the previous change to move CBC chaining
into enc_xform_camellia which passed the raw input into the encrypt
function (thus not actually doing the chaining). This still works
when using the same buffer for input and output which is why my
initial testing with cryptocheck didn't catch it.
Fixes: f84d708b48 crypto: Move CBC handling into enc_xform_camellia.
Sponsored by: The FreeBSD Foundation
Group sensitive on-stack variables into anonymous structs so that they
can be cleared with a single call to explicit_bzero rather than
multiple calls.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33527
Reusing the storage removes the need for an additional explicit_bzero.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33526
Now that we have proper 32-bit compat support, remove COMPAT_32BIT
ifdefs to allow 32-bit code to use the 64-bit layout of USB ioctl
structs and struct usb_fs_endpoint.
This includes the removal of redundant alignment directives that had
no effect in practice.
Reviewed by: hselasky, jrtc27 (prior version)
This codepath used uint64_t's in place of pointers in structs and
arrays to allow 32-bit code to use 64-bit version of ioctls. Now
that we support 32-bit compat natively this is no longer needed.
Reviewed by: hselasky, jrtc27 (prior version)
Unlike most 32-bit compatability code, this isn't just a simple thunk
in the ioctl code. An ioctl (USB_FS_INIT) is used to install a
pointer to an array of usb_fs_endpoint structs which are then used
by the ugen fifo code. These struct contains an array of pointers
which requires translation. We change the interfaces around
struct usb_fs_endpoint as follows:
- We store the size of struct usb_fs_endpoint in struct usb_fifo
in the USB_FS_INIT handler so we know the ABI of the userspace
array.
- APIs to manipulate userspace struct usb_fs_endpoint objects now
take a struct usb_fifo and an index rather than a pointer to
the object. This allows most code to remain oblivious to the
different struct usb_fs_endpoint sizes.
- Add ugen_fs_copyin() which copies the struct usb_fs_endpoint
from userspace, thunking it to the native size if required.
- Uses of struct usb_fs_endpoint's ppBuffer member are now
via ugen_fs_getbuffer() which produces a native pointer.
- Updates to userspace are now handled by ugen_fs_update().
For clarity, single, fixed-sized members now are accessed with
fueword/suword rather than copyin/copyout.
Reviewed by: hselasky, jrtc27 (prior version)
Use thunks or alternative access methods to support ioctls without
the COMPAT_32BIT hacks that store pointers in uint64_t's on 32-bit
platforms. This should allow a normal i386 libusb to work.
On CheriBSD, the sizes of the structs will differ between CheriABI
(the default) and freebsd64 no matter what so we need proper compat
support there. This change paves the way.
Reviewed by: hselasky, jrtc27 (prior version)
After 53f5ac1310 allowed SATA device mapping to enclosure slots,
it may have sense to provide enclosure device emulation even without
real hardware interface like SGPIO just for purposes of physical
device location tracking (still assuming straight cabling).
MFC after: 1 week
Sponsored by: iXsystems, Inc.
These sysctls failed to return an error if the caller had provided too
short an output buffer. Change them to return ENOMEM instead, to ensure
that callers can detect truncation in the face of a concurrently
changing fd table.
PR: 228432
Discussed with: cem, jhb
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D15607
In particular, we need to initialize efbuf->flags, since
export_vnode_to_sb() loads that field. This was mostly harmless since
the flag only determines whether the output kinfo_file is packed, and
KERN_PROC_CWD only ever emits a single kinfo_file anyway.
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
getf() on FreeBSD calls _sx_slock(), _sx_sunlock() and fget_locked().
Furthermore, it does not set the per-core fault flag, meaning it
usually ends up in a double fault panic once getf() does get called,
especially from fbt.
Reviewing the DTrace Toolkit + a number of other scripts scattered
around FreeBSD, I have not been able to find one use of getf(). Given
how broken the implementation currently is, we disable it until it
can be implemented properly.
Also comment out a test in aggs/tst.subr.d for getf().
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D33378
Prior to commit 916c61a5ed ("Fix handling of errors from
pru_send(PRUS_NOTREADY)") this test triggered a kernel panic due to an
mbuf double free.
Reviewed by: jhb
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33517
