Ping reads raw IP packets to parse ICMP responses. When reading the
IP Header Len (IHL) ping was was taking the value from the provided
packet without any validation. This could lead to remotely triggerable
stack corruption.
Validate the IHL against expected and recieved data sizes when reading
from the received packet and when reading any quoted packets from within
the ICMP response.
Approved by: so
Reviewed by: markj, asomers
Security: FreeBSD-SA-22:15.ping
Security: CVE-2022-23093
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
X-NetApp-PR: #77
Differential Revision: https://reviews.freebsd.org/D37195
Update to use c99 initializers, although there's no plans to change
anything that this would make easier...
Sponsored by: Netflix
Reviewed by: zlei
Differential Revision: https://reviews.freebsd.org/D37442
Remove the KPI/KBI changes from ieee80211_node.h and always use the
macros to pass in __func__ and __LINE__ to the functions.
The actual implementations are prefixed by "_" rather than suffixed
by "_debug" as they no longer are "debug"-specific.
Some of the select functions were not actually using the passed in
func, line options; however they are calling other functions which
use them. Directly call the internal implementation in those cases
passing the arguments on.
Use a file-local __debrefcnt_used define to mark the arguments __unused
in cases when we compile without IEEE80211_DEBUG_REFCNT and hope the
toolchain is intelligent enough to not pass them at all in those cases.
Also _ieee80211_free_node() now has a conflict so make the previous
_ieee80211_free_node() the new __ieee80211_free_node().
Add IEEE80211_DEBUG_REFCNT to the NOTES file on amd64 to keep exercising
the option.
Sponsored by: The FreeBSD Foundation
X-MFC: never
Discussed on: freebsd-wireless
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D37529
Previously when using NO_ROOT we recorded METALOG entries for the /.cshrc
hard link with a different file mode than the link target, which is not
permitted.
We cannot just set LINKMODE here as it would also apply to the hard link
for the tcsh binary.
Reviewed by: brooks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37499
No need to call strchr twice, when one call to strpbrk will do the
job.. Test booted with qemu-powerpc + mac99 successfully.
Minor style(9) tweaks as well.
Sponsored by: Netflix
Current Xen Processor driver will evaluate any Processor object on the
ACPI tables regardless of whether the processor is online or not.
Avoid doing so for processors that are not online, as evaluating
methods of processors that are not online could lead to accesses to
invalid memory, and in any case the data that the driver fetches from
the Processor ACPI object only makes sense for processors that are
online.
Note the CPU related data fetched from Xen using XENPF_get_cpuinfo
hypercall could be cached, I leave that as a future optimization.
Sponsored by: Citrix Systems R&D
Fixes: b93f47eaeef7 ('xen/acpi: upload Cx and Px data to Xen')
The variable used for the checklist's default value needs to correspond
to the rc.conf variable as that's what's being parsed to determine them.
In the case of local_unbound it's missing the _enable suffix and thus
always defaults to off on revisit.
Fixes: 58eb9abb3157 ("Add a line to the post-installation configuration dialog to enable the local_unbound service.")
There are a few issues here, some of which are hiding others. The first
is that we don't use double quotes around the command substitution so
every word in the conf file is treated as a separate argument to eval,
resulting in spaces being used in place of newlines and thus comments in
the file commenting out the rest of the file, not just to the end of
their line. In particular, we insert one comment just before the dumpdev
entry (the final one in the file) and so we never see dumpdev as set,
and thus set a default value of on for the menu.
The second issue is that, for dumpdev, it takes a value of AUTO not YES
when set, but we don't replace this with on when eval'ing, so then end
up giving AUTO to bsddialog which is interpreted the same as off (which
seems to match GPL dialog). Thus handle AUTO like YES otherwise it will
always appear as unchecked on revisit.
The final issue is that our case-insensitive YES/NO (and now AUTO)
replacements have no word boundaries around them so match the middle of
words too. As it happens this doesn't matter in practice at the moment,
but it could in future; currently the only effect is that it rewrites
moused_nondefault_enable to moused_offndefault_enable, but since this
variable is never read, only written based on moused(_enable) this is
harmless, but we should fix it in case a service comes along in future
that does get affected by it.
This installer option is currently totally useless, as it ends up
creating an ntpd_sync_on_start_enable="YES" entry in rc.conf, not an
ntpd_sync_on_start="YES" entry, as is the correct name. This can also be
noticed by revisiting the services menu, which parses the previously
written rc.conf.services file to set variables governing the default
menu entry values so that selecting OK regenerates the same file, as the
menu entry will use the correct variable name and thus think the entry
was not selected last time, defaulting back to off and losing the
setting.
Thus, add a special case in the loop for this option. The only other
entry that doesn't follow the *_enable pattern is dumpdev (even moused
does, it just also sets a second variable), but that also deviates in
terms of being explicitly set either way and using AUTO rather than YES,
hence why ntpd_sync_on_start follows a different pattern here and is
special-cased rather than introducing a whole new variable that governs
behaviour outside the loop.
Fixes: c153a35bfd71 ("bsdinstall: replace ntpdate by ntpd_sync_on_start")
All of the error paths in pci_vtcon_sock_add free the sock pointer.
However, sock is not initialized until part way through the function.
An early error would pass stack garbage to free().
Reviewed by: corvink, markj
Differential Revision: https://reviews.freebsd.org/D37491
When initializing the device model for a PCI pass through device that
uses MSI-X, bhyve reads the MSI-X capability from the real device to
save a copy in the emulated PCI config space. It also saves a copy in
a local struct msixcap on the stack. Since struct msixcap is packed,
GCC complains that casting a pointer to the struct to a uint32_t
pointer may result in an unaligned pointer.
This path is not performance critical, so to appease the compiler,
simply change the pointer to a char * and use memcpy to copy the 4
bytes read in each iteration of the loop.
Reviewed by: corvink, bz, markj
Differential Revision: https://reviews.freebsd.org/D37490
The ident string for NVMe and VirtIO block deivces do not contain the
bus, and the various fields can potentially use up to three characters
when printed as unsigned values (full range of uint8_t) even if not
likely in practice.
Reviewed by: corvink, chuck
Differential Revision: https://reviews.freebsd.org/D37488
In some cases, some bits in the 16-bit status word were never
initialized.
Reported by: GCC
Reviewed by: corvink, chuck, markj
Differential Revision: https://reviews.freebsd.org/D37486
Adding a bare constant to a uint16_t promotes to a signed int which
triggers these warnings. Changing the constant to be explicitly
unsigned instead promotes the expression to unsigned int.
Reviewed by: corvink, markj
Differential Revision: https://reviews.freebsd.org/D37485
- add comments for enum values constantly looked up, and another one to
a net80211 equivalent (should possibly re-define those in the future?)
- add another nl80211_sta_info flag
- add enum environment_cap used in cfg80211.h in the future.
MFC after: 3 days
- skb_reset_tail_pointer(): we do not do offsets so do a plain reset
- skb_add_rx_frag(): adjust data_len to keep track of the frag
- based on that implement skb_is_nonlinear() and skb_linearize()
- implement build_skb() and adjust linuxkpi_kfree_skb() and ddb macro.
Sponsored by: The FreeBSD Foundation (partially)
MFC after: 3 days
We can now tell scrub rules to not reassemble packets. Test that this
affects packets being passed or dropped as expected.
Sponsored by: Rubicon Communications, LLC ("Netgate")
We removed the code for these modes back in 2015, but converted such
configurations to 'scrub fragment reassemble'. It's been long enough,
drop the backwards compatibility glue too.
Reviewed by: mjg
MFC after: never
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D37460
scrub rules have defaulted to handling fragments for a long time, but
since we removed "fragment crop" and "fragment drop-ovl" in 64b3b4d611
this has become less obvious and more expensive ("reassemble" being the
more expensive option, even if it's the one the vast majority of users
should be using).
Extend the 'scrub' syntax to allow fragment reassembly to be disabled,
while retaining the other scrub behaviour (e.g. TTL changes, random-id,
..) using 'scrub fragment no reassemble'.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D37459
In preparation for future updates remove the budget argument from the
netif_napi_add() in drivers and update LinuxKPI to reflect that it is
gone and only set it internally. This required changes to the currently
committed wireless drivers based on LinuxKPI (iwlwifi, rtw88, rtw89).
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
While we do not currently use ethtool, add the definitions to avoid
other longer-term maintenance problems with drivers.
Also migrate ETH_GSTRING_LEN into here from if_ether.h as it seems this
is where it belongs.
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D37214
Add debugfs_create_u8() based on other already present implementations.
Add a read-only implementation for debugfs_create_blob().
Both are needed for iwlwifi debugfs support.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
OKed by: jfree (earlier version)
Differential Revision: https://reviews.freebsd.org/D37090
This is needed for debugfs implementations in drivers.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
OKed by: jfree
Differential Revision: https://reviews.freebsd.org/D37092
Add more MSI related constansts defined to our native defines and
pci_is_enabled(). All are needed for another wireless driver.
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D37225
The command "pw usermod nobody -Nw random" (or useradd)
generates random password and prints it in encrypted form
but skips choosen random string that makes not much sense
and contradicts the manual page pw.8
Fix it by showing random password in plain text with -N and
without it equally. Add yet another example of how to generate
pw-style random password.
MFC after: 2 weeks
In the DTS import from Linux 5.14 the compatible strings has changed for
the driver am335x_ecap.c && am335x_ehrpwm.c
Approved by: manu (mentor)
Differential revision: https://reviews.freebsd.org/D37502
This reverts commit ff0c7816db696d31adc437134dcad45a70ad5889 as more
history than just from branch N-1 to N is requested/needed by some
downstram consumers.
Requested by: imp
clang 15 insists that we call entry() via a function prototype. Rather
than copping out and using (...), cast it to the same prototype that's
used elsewhere (with tweaks to pointers to make them fit into that
prototype). No functional change.
Sponsored by: Netflix
Provides an OCI (Oracle Cloud Infrastructure) release target for
Oracle's KVM-based VM implementation. Tested using 13.1-RELEASE,
primarily on Ampere CPU on A1.Flex VM shapes, but also works on
amd64 shapes.
- supports cloud-init and custom scripts
- provides a freebsd@ sudo-enabled user
- root user disabled over ssh & console
Approved by: gjb
Reviewed by: emaste
MFS after: 1 week
Sponsored by: The FreeBSD Foundation
Sponsored by: SkunkWerks, GmbH
Technical assistance from: Oracle
Differential Revision: https://reviews.freebsd.org/D34746
A malformed principal will cause kadmind to segfault. The PR
addresses only when chpass is requested but delete is also affected.
Fix both.
PR: 268002
Reported by: Robert Morris <rtm@lcs.mit.edu>
MFC after: 3 days
