267967 Commits

Author SHA1 Message Date
Gleb Popov
19f7f91133 libc/posix1e: Add acl_from_mode_np() function.
Reviewed by: kib, debdrup, gbe
Approved by: kib
Differential Revision: https://reviews.freebsd.org/D28255
2021-08-27 11:49:19 +03:00
Hiroki Sato
9823a0c0ac
inet6(4): add a missing IPPROTO_ETHERIP entry
bridge(4) + gif(4) did not work when the outer protocol was IPv6.

Submitted by:	Masahiro Kozuka
PR:		256820
MFC after:	3 days
2021-08-27 17:14:35 +09:00
Rick Macklem
bb958dcf3d nfsd: Add support for the NFSv4.2 Deallocate operation
The recently added VOP_DEALLOCATE(9) VOP call allows
implementation of the Deallocate NFSv4.2 operation.

Since the Deallocate operation is a single succeed/fail
operation, the call to VOP_DEALLOCATE(9) loops so long
as progress is being made.  It calls maybe_yield()
between loop iterations to allow other processes
to preempt it.

Where RFC 7862 underspecifies behaviour, the code
is written to be Linux NFSv4.2 server compatible.

Reviewed by:	khng
Differential Revision:	https://reviews.freebsd.org/D31624
2021-08-26 18:14:11 -07:00
Colin Percival
c5af0ac1a7 Add support for recording EC2 AMI Ids in SSM
If SSMPREFIX is specified, AMI Ids will be recorded in the SSM
Parameter Store under the name
  ${SSMPREFIX}/${ARCH}/${FLAVOUR}/${ROOTFS}/${REVISION}/${BRANCH}
where ARCH is "amd64" or "arm64", FLAVOUR is "base" (but may have
other options in the future), ROOTFS is "ufs" (but may have other
options in the future), and REVISION and BRANCH have their normal
meanings.

FreeBSD will be using the public prefix "/aws/service/freebsd",
resulting in SSM Parameter names which look like
  /aws/service/freebsd/amd64/base/ufs/14.0/CURRENT

Relnotes:	yes
Sponsored by:	https://patreon.com/cperciva
MFC after:	2 weeks
2021-08-26 18:01:02 -07:00
Alexander Motin
15cb3b5404 pcib(4): Write window registers after resource adjustment
When adjusting resources we should write updated window base/limit into
the registers.  Without this newly added address range won't be routed
through the bridge properly.

Use MIN()/MAX() against current window base/limit to not shrink it on
the other side if the window is shared by several resources.

Align passed resource start/end to the set window granularity to keep
it properly aligned.  Currently this is mostly called by other bridges
having the same window alignment, but it may be change one day.

Reviewed by:	jrtc27, jhb
MFC after:	1 week
Sponsored by:	iXsystems, Inc.
Differential Revision: 	https://reviews.freebsd.org/D31693
2021-08-26 20:39:27 -04:00
Dimitry Andric
d396c67f26 googletest: Silence warnings about deprecated implicit copy constructors
Our copy of googletest is rather stale, and causes a number of -Werror
warnings about implicit copy constructor definitions being deprecated,
because several classes have user-declared copy assignment operators.
Silence the warnings until we either upgrade or remove googletest.

MFC after:	3 days
2021-08-26 22:06:53 +02:00
Dimitry Andric
f643997a17 Cleanup compiler warning flags in lib/libefivar/Makefile
There is no need to set -Wno-unused-parameter twice, and instead of
appending to CFLAGS, append to CWARNFLAGS instead. While here, add
-Wno-unused-but-set-variable for the sake of clang 13.0.0.

MFC after:	3 days
2021-08-26 20:53:26 +02:00
Mateusz Guzik
f1e2cc1c66 vfs: drop dedicated sysinit for mountlist_mtx
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-08-26 20:52:03 +02:00
Artem Khramov
620cf65c2b netinet: prevent NULL pointer dereference in in_aifaddr_ioctl()
It appears that maliciously crafted ifaliasreq can lead to NULL
pointer dereference in in_aifaddr_ioctl(). In order to replicate
that, one needs to

1. Ensure that carp(4) is not loaded

2. Issue SIOCAIFADDR call setting ifra_vhid field of the request
   to a negative value.

A repro code would look like this.

int main() {
    struct ifaliasreq req;
    struct sockaddr_in sin, mask;
    int fd, error;

    bzero(&sin, sizeof(struct sockaddr_in));
    bzero(&mask, sizeof(struct sockaddr_in));

    sin.sin_len = sizeof(struct sockaddr_in);
    sin.sin_family = AF_INET;
    sin.sin_addr.s_addr = inet_addr("192.168.88.2");

    mask.sin_len = sizeof(struct sockaddr_in);
    mask.sin_family = AF_INET;
    mask.sin_addr.s_addr = inet_addr("255.255.255.0");

    fd = socket(AF_INET, SOCK_DGRAM, 0);
    if (fd < 0)
        return (-1);

    memset(&req, 0, sizeof(struct ifaliasreq));
    strlcpy(req.ifra_name, "lo0", sizeof(req.ifra_name));
    memcpy(&req.ifra_addr, &sin, sin.sin_len);
    memcpy(&req.ifra_mask, &mask, mask.sin_len);
    req.ifra_vhid = -1;

    return ioctl(fd, SIOCAIFADDR, (char *)&req);
}

To fix, discard both positive and negative vhid values in
in_aifaddr_ioctl, if carp(4) is not loaded. This prevents NULL pointer
dereference and kernel panic.

Reviewed by:	imp@
Pull Request:	https://github.com/freebsd/freebsd-src/pull/530
2021-08-26 12:08:03 -06:00
Michael Tuexen
26d79d40a7 Hyper-V: hn: Enter network epoch when required
PR:				254695
2021-08-26 19:32:00 +02:00
Konstantin Belousov
7aa47cace1 amd64: remove lfence after swapgs on syscall entry
According to the description of SBSS issue at
https://software.intel.com/content/www/us/en/develop/articles/software-security-guidance/technical-documentation/speculative-behavior-swapgs-and-segment-registers.html
lfence after swapgs is needed only for the case when swapgs could be
speculatively executed.  Since syscall entry, unlike exception and
interrupt entries, executes swapgs unconditionally, there is no
opportunity for speculation.

Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D31682
2021-08-26 19:09:21 +03:00
Gordon Bergling
58d868c88d sound(4): Fix some common typos in comments
- s/doens't/doesn't/
- s/apropriate/appropriate/
- s/intepretation/interpretation/

MFC after:	5 days
2021-08-26 17:15:55 +02:00
Mateusz Guzik
0d28d014c8 vfs: refactor kern_unmount
Split unmounting by path and id in preparation for other changes.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-08-26 13:58:28 +02:00
Mateusz Guzik
7b2561b46b vfs: stop open-coding vfs_getvfs in kern_unmount
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-08-26 11:38:31 +00:00
Andrey V. Elsukov
da3a09d894 ipfw_nat64: fix direct output mode
In nat64_find_route[46] handle NHF_GATEWAY flag and use destination
address from next hop to do link layer address lookup.

PR:		255928
Reviewed by:	melifaro
Obtained from:	Yandex LLC
MFC after:	1 week
Sponsored by:	Yandex LLC
Differential Revision:	https://reviews.freebsd.org/D31680
2021-08-26 13:48:23 +03:00
Paweł Anikiel
9da8235cc8 ichwd: add Lewisburg Super SKUs, Cannon and Comet Lake support
Cannon and Comet Lake PCHs have their PMC hidden, so when reading
the ACPI Base Address fails, we assume a default value.

Obtained from:	Semihalf
Sponsored by:	Stormshield
2021-08-26 12:04:28 +02:00
Kristof Provost
062463698e pf tests: Test ALTQ on top of if_bridge
Reviewed by:	donner
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31676
2021-08-26 11:23:45 +02:00
Luiz Otavio O Souza
eb680a63de if_bridge: add ALTQ support
Similar to the recent addition of ALTQ support to if_vlan.

Reviewed by:	donner
Obtained from:	pfsense
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31675
2021-08-26 11:23:44 +02:00
Kristof Provost
cd46399b9c pf tests: ALTQ priority test
Test that ALTQ can prioritise one type of traffic over another. Do this
by establishing a slow link and saturating it with ICMP echos.
When prioritised TCP connections reliably go through. When not
prioritised TCP connections reliably fail.

MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-08-26 11:23:39 +02:00
Arnaud Ysmal
3706af423f Add support for Lewisburg GPIO through P2SB
Obtained from:		Semihalf
Sponsored by:		Stormshield
Differential revision:	https://reviews.freebsd.org/D31269
2021-08-26 11:00:39 +02:00
Kyle Evans
3daa8e165c pxeboot: improve and simplify rx handling
This pushes the bulk of the rx servicing into a single loop that's only
slightly convoluted, and it addresses a problem with rx handling in the
process.  If we hit a tx interrupt while we're processing, we'd
previously drop the frame on the floor completely and ultimately
timeout, increasing boot time on particularly busy hosts as we keep
having to backoff and resend.

After this patch, we don't seem to hit timeouts at all on zoo anymore
though loading a 27M kernel is still relatively slow (~1m20s).

Reviewed by:	tsoome
Triage by:	Ash Gokhale <ashfixit gmail com>
Sponsored By:	National Bureau of Economic Research
Sponsored by:	Klara, Inc.
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D31512
2021-08-25 21:59:08 -05:00
Ka Ho Ng
8d7cd10ba6 tmpfs: Implement VOP_DEALLOCATE
Implementing VOP_DEALLOCATE to allow hole-punching in the same manner as
POSIX shared memory's fspacectl(SPACECTL_DEALLOC) support.

Sponsored by:	The FreeBSD Foundation
Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D31684
2021-08-26 05:34:54 +08:00
Ka Ho Ng
399be91098 tmpfs: Move partial page invalidation to a separate helper
The partial page invalidation code is factored out to be a separate
helper from tmpfs_reg_resize().

Sponsored by:	The FreeBSD Foundation
Reviewed by:	kib
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D31683
2021-08-26 05:34:54 +08:00
Mark Johnston
a507a40f3b fsetown: Simplify error handling
No functional change intended.

Suggested by:	kib
Reviewed by:	kib
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D31671
2021-08-25 16:20:07 -04:00
Mark Johnston
1d874ba4f8 fsetown: Fix process lookup bugs
- pget()/pfind() will acquire the PID hash bucket locks, which are
  sleepable sx locks, but this means that the sigio mutex cannot be held
  while calling these functions.  Instead, use pget() to hold the
  process, after which we lock the sigio and proc locks, respectively.
- funsetownlst() assumes that processes cannot be registered for SIGIO
  once they have P_WEXIT set.  However, pfind() will happily return
  exiting processes, breaking the invariant.  Add an explicit check for
  P_WEXIT in fsetown() to fix this. [1]

Fixes:	f52979098d3c ("Fix a pair of races in SIGIO registration")
Reported by:	syzkaller [1]
Reviewed by:	kib
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D31661
2021-08-25 16:18:10 -04:00
Konstantin Belousov
6032b6ba95 amd64 UEFI loader: enable automatic disable of staging area copying
Discussed with:	emaste
Sponsored by:	The FreeBSD Foundation
MFC after:	1 month
2021-08-25 22:26:52 +03:00
Piotr Pawel Stefaniak
9f7a81b133 diff3: document and test -T
Reviewed by:	bapt
Differential Revision:	https://reviews.freebsd.org/D31650
2021-08-25 18:20:59 +02:00
Ka Ho Ng
76321d2d43 param: Bump __FreeBSD_version to 1400032
Commit 9e202d036dd6 introduces incompatible changes to
fspacectl(2), vn_deallocate(9) and VOP_DEALLOCATE(9)'s
rmsr.r_offset/*offset return value.

Sponsored by:	The FreeBSD Foundation
2021-08-26 00:03:55 +08:00
Ka Ho Ng
9e202d036d fspacectl(2): Changes on rmsr.r_offset's minimum value returned
rmsr.r_offset now is set to rqsr.r_offset plus the number of bytes
zeroed before hitting the end-of-file. After this change rmsr.r_offset
no longer contains the EOF when the requested operation range is
completely beyond the end-of-file. Instead in such case rmsr.r_offset is
equal to rqsr.r_offset.  Callers can obtain the number of bytes zeroed
by subtracting rqsr.r_offset from rmsr.r_offset.

Sponsored by:	The FreeBSD Foundation
Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D31677
2021-08-26 00:03:37 +08:00
Michael Tuexen
dc6ab77d66 tcp: make network epoch expectations of LRO explicit
Reviewed by:		gallatin, hselasky
MFC after:		3 days
Sponsored by:		Netflix, Inc.
Differential Revision:	https://reviews.freebsd.org/D31648
2021-08-25 17:12:36 +02:00
Kristof Provost
e62175df4e pf tests: test ALTQ CBQ on top of if_vlan
The main purpose of this test is to verify that we can use ALTQ on top
of if_vlan, but while we're here we also exercise the CBQ code. There's
already a basis test for HFSC, so it makes sense to test another
algorithm while we test if_vlan.

Reviewed by:	donner
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31649
2021-08-25 08:57:10 +02:00
Luiz Otavio O Souza
2e5ff01d0a if_vlan: add the ALTQ support to if_vlan.
Inspired by the iflib implementation, allow ALTQ to be used with if_vlan
interfaces.

Reviewed by:	donner
Obtained from:	pfsense
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31647
2021-08-25 08:56:45 +02:00
Keith Owens
3b29c8b4bd ddb: do not assume that ffs is mounted with softdep
Avoid a panic when debugging with "show ffs" in ddb.

Reviewed By:	kib, markj, mckusick
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D31622
2021-08-24 21:00:19 -05:00
Vladimir Kondratyev
8d73071c47 wsp(4): Add evdev support.
Reviewed by:	hselasky
Tested by:	Greg V, Constantin Furst<constantin_AT_fuersten_DOT_info>
MFC after:	2 weeks
PR:		252236
Differential revision:	https://reviews.freebsd.org/D31653
2021-08-25 02:01:42 +03:00
Vladimir Kondratyev
250ab00407 wsp(4): Compact parameter structure.
MFC after:	2 weeks
2021-08-25 01:59:48 +03:00
Vladimir Kondratyev
9fa1201d60 atp(4), wsp(4): Return correct priority from probe() method;
MFC after:	2 weeks
2021-08-25 01:59:17 +03:00
Vladimir Kondratyev
d056693d7b evdev: Add support for automatic MT protocol type A to type B conversion.
MFC after:	2 weeks
2021-08-25 01:53:56 +03:00
Vladimir Kondratyev
f76051c7da evdev: Add implicit mode for touch tracking.
In implicit mode assignment of slot number and tracking id is performed
automatically on each synchronization requested by device driver.

This is done with creation of intermediate buffer for multitouch events.
This buffer holds untracked events until synchronization is requested by
device driver. It is needed as touch assigment requires
knowledges of all touch positions pushed in current and previous reports.

MFC after:	2 weeks
2021-08-25 01:52:37 +03:00
Vladimir Kondratyev
4c0a134e32 evdev: Import support for touch-tracking.
Touch tracking is a process of assignment of unique trackingID to each
initiated contact on the surface.  Keeping the trackingIDs persistent
across multitouch reports requires solving of so called Euclidian
Bipartite Matching problem.

This commit imports EBM-solver implementation based on Dinitz-Kronrod
algorithm to find minimum cost matching between contacts listed in two
consecutive reports.

Obtained from:	OpenBSD
MFC after:	2 weeks
2021-08-25 01:50:53 +03:00
Vladimir Kondratyev
66bd52f5e2 evdev: Make MT tracking IDs monotonically increasing sequence.
MFC after:	2 weeks
2021-08-25 01:48:33 +03:00
Vladimir Kondratyev
059360287e evdev: Give short aliases to items of evdev_mt_slot array
with using of unioned anonymous structure.

Access to the same data by using different members of union generally
works despite it is not supported by C specs.

Also add helper function to report entire slot state.

MFC after:	2 weeks
2021-08-25 01:47:34 +03:00
Vladimir Kondratyev
127e54deb6 evdev: Normalize width and pressure of single touch compat events
to match Synaptics touchpad reporting range.

MFC after:	2 weeks
2021-08-25 01:46:49 +03:00
Vladimir Kondratyev
314913ed7c evdev: force no fuzz for autogenerated single touch compat events.
As fuzz has already been applied on multitouch event processing.
This allows to remove existing workaround for double fuzz procesing.

MFC after:	2 weeks
2021-08-25 01:45:50 +03:00
Vladimir Kondratyev
fbe17f9017 evdev: Send first active rather than 0-th slot state as ST report
MFC after:	2 weeks
2021-08-25 01:45:16 +03:00
Vladimir Kondratyev
2dc7188e53 evdev: Use bitsets to track active touches and slots changed in current report
Obtained from:	OpenBSD

MFC after: 	2 weeks
2021-08-25 01:44:36 +03:00
Vladimir Kondratyev
98a7606b85 evdev: Multitouch code style changes.
1. Move touch count reporting helpers to utils. They are not multitouch.
2. Use evdev_mt prefix for private multitouch support routines.
3. Use int instead of int32_t where fixed size is not required.
4. Export some internal functions.

This change should be no-op.

MFC after:	2 weeks
2021-08-25 01:43:41 +03:00
John Baldwin
4f0f5bf995 iscsi: Validate DataSN values in Data-In PDUs in the initiator.
As is done in the target, require that DataSN values are consecutive
and in-order.  If an out of order Data-In PDU is received, force a
session reconnect.  In addition, when a SCSI Response PDU is received,
verify that the ExpDataSN field matches the count of Data-In PDUs
received for this command.  If not, force a session reconnect.

Reviewed by:	mav
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D31594
2021-08-24 14:58:34 -07:00
Mark Johnston
71fbc6faed bhyve: Fix vq_getchain() error handling bugs in various device models
Reviewed by:	grehan, khng
Approved by:	so
Security:	CVE-2021-29631
Security:	FreeBSD-SA-21:13.bhyve
2021-08-24 14:29:13 -04:00
Gordon Tetlow
aef815e787 Fix multiple OpenSSL vulnerabilities.
Approved by:	so
Security:	SA-21:16.openssl
Security:	CVE-2021-3711
Security:	CVE-2021-3712
2021-08-24 11:26:45 -07:00
Gordon Tetlow
64ae2f785e Fix libfetch out of bounds read.
Approved by:	so
Security:	SA-21:15.libfetch
Security:	CVE-2021-36159
2021-08-24 11:26:45 -07:00