Commit Graph

271925 Commits

Author SHA1 Message Date
Wolfram Schneider
cfa3856452 Use 64-bit integers for database statistics
This fix (harmless) integer overflows for larger partitions (>2TB)

PR: 223023
2022-01-20 06:27:08 +00:00
Konstantin Belousov
7406ec4ea9 kqueue(2): Add note about format of the data for NOTE_EXIT
Noted by:	Dave Baukus <daveb@spectralogic.com>
PR:	261346
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2022-01-20 00:37:25 +02:00
Mitchell Horne
eb81812fb7 riscv: fix unused var in page_fault_handler()
clang warns that p is set-but-not-used, so let's use it.
2022-01-19 17:21:25 -04:00
Alan Somers
eea7c61590 Add tests for ses(4)
The tests require SES hardware.  Without it, the test cases will be
skipped.

Reviewed by:	ken
Differential Revision: https://reviews.freebsd.org/D31809
Sponsored by:	Axcient
MFC after:	2 weeks
2022-01-19 12:43:51 -07:00
Alan Somers
18acbeb392 sesutil: fix a comment
MFC after:	2 weeks
Sponsored by:	Axcient
2022-01-19 12:43:51 -07:00
Wolfram Schneider
a97ce14abc correct type of mmap len parameter
Using locate -m on a database > 2GB should work now.

PR: 261277
2022-01-19 19:32:16 +00:00
Alan Somers
170a0a8ebb ses: minor cleanup
* Prefer variables of small scope rather than large scope
* Remove a magic number
* style(9) for return statements
* Remove the get_enc_status method, which never did anything
* Fix a variable type in the handle_string method
* Proofread some comments

MFC after:	2 weeks
Sponsored by:	Spectra Logic, Axcient
Reviewed by:	ken, mav
Differential Revision: https://reviews.freebsd.org/D31686
2022-01-19 12:08:03 -07:00
Ed Maste
7cafe89f9c sanitizers: Improve FreeBSD ASLR detection
The kern.elf64.aslr.pie_enable and kern.elf32.aslr.pie_enable sysctls
control the default setting for PIE binary address randomization, but
it is possible to enable or disable ASLR on a per-process basis.  Use
procctl(2) to query whether ASLR is enabled.

(Note that with ASLR enabled but sysctl kern.elf64.aslr.pie_enable=0
a PIE binary will in effect have randomization disabled, and be
functional with msan.  This is not intended as as a user-facing control
though.  The user can use proccontrol(1) to disable aslr for the
process.)

Approved by:	dim
Obtained from:	LLVM 64de0064f315f57044294879d9ff4eacb454d45b
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D33933
2022-01-19 13:07:40 -05:00
Robert Wing
51fbd894dd bhyve/snapshot: fix pthread_create() error check
pthread_create() returns 0 on success or an error number on failure.

Reviewed by:	khng, markj
Differential Revision:	https://reviews.freebsd.org/D33930
2022-01-19 08:40:06 -09:00
Mark Johnston
6c7e4d72b1 vt: Use a taskqueue to clear splash_cpu logos
vt_fini_logos() calls vtbuf_grow(), which reallocates the console
window's buffer using malloc(M_WAITOK).  Because vt_fini_logos() is
called via a callout, we end up panicking if INVARIANTS is enabled.

Fix the problem simply by clearing the logos using a timed taskqueue.
taskqueue_thread is formally allowed to sleep; of course, if we actually
end up sleeping to satisfy the allocation, then we have bigger problems.

PR:		260896
Reviewed by:	emaste
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D33932
2022-01-19 10:53:15 -05:00
Andrew Turner
2ad1999722 Add the Armv8.3-SPE registers 2022-01-19 12:07:35 +00:00
Andrew Turner
b5876847ac Teach DTrace about BTI on arm64
The Branch Target Identification (BTI) Armv8-A extension adds new
instructions that can be placed where we may indirrectly branch to,
e.g. at the start of a function called via a function pointer. We can't
emulate these in DTrace as the kernel will have raised a different
exception before the DTrace handler has run.

Skip over the BTI instruction if it's used as the first instruction in
a function.

Sponsored by:	The FreeBSD Foundation
2022-01-19 12:07:35 +00:00
Baptiste Daroussin
6521372e95 pci_vendors: update to 2022-01-15 2022-01-19 09:58:13 +01:00
Alfonso Siciliano
8ea2d22e6d bsddialog: Fix for terminals without colours
When running the installer, in particular disextract (which is so far
the only part converted to bsddialog), on serial console or vt100 or
actually any terminal without color support, it failed to start.

This change makes bsddialog fallback on the black and white theme.

This is incorporated in newer version of bsddialog which will be
imported soon.

PR:		261272
Reported by:	thj
Differential Revision:	https://reviews.freebsd.org/D33920
2022-01-19 09:28:42 +01:00
Doug Moore
0ce7909cd0 vm_phys: add essential segment bounds check
A lower-bound segment check is necessary in vm_phys_alloc_seg_contig.
Add one.

Reported by:	jenkins
Reviewed by:	alc
Fixes:	da92ecbc0d vm_phys: fix seg->end test in alloc_seg_contig
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D33945
2022-01-19 00:42:39 -06:00
Alan Somers
89d57b94d7 fusefs: implement VOP_DEALLOCATE
MFC after:	Never
Reviewed by:	khng
Differential Revision: https://reviews.freebsd.org/D33800
2022-01-18 21:13:02 -07:00
Alexander Motin
b7ff445ffa Reduce bufdaemon/bufspacedaemon shutdown time.
Before this change bufdaemon and bufspacedaemon threads used
kthread_shutdown() to stop activity on system shutdown.  The problem is
that kthread_shutdown() has no idea about the wait channel and lock used
by specific thread to wake them up reliably.  As result, up to 9 threads
could consume up to 9 seconds to shutdown for no good reason.

This change introduces specific shutdown functions, knowing how to
properly wake up specific threads, reducing wait for those threads on
shutdown/reboot from average 4 seconds to effectively zero.

MFC after:	2 weeks
Reviewed by:	kib, markj
Differential Revision:  https://reviews.freebsd.org/D33936
2022-01-18 19:26:16 -05:00
Robert Wing
6596f19daa etc/defaults/rc.conf: set default of zfskeys_enable to NO
This addresses the following boot message:
    /etc/rc: WARNING: $zfskeys_enable is not set properly - see rc.conf(5).

Reported by:    Mark Millard
Sponsored by:   Modirum MDPay
Sponsored by:   Klara Inc.
Fixes: bfb7a31b6a ("rc: Hook zfskeys to the build")
Fixes: 33ff39796f ("Add zfskeys rc.d script for auto-loading encryption keys")
2022-01-18 14:26:30 -09:00
John Baldwin
dd2f7a4b45 Bump __FreeBSD_version for the addition of <crypto/chacha20_poly1305.h>.
Sponsored by:	The FreeBSD Foundation
2022-01-18 14:49:24 -08:00
John Baldwin
42876a039e crypto: Stop compiling in chacha20poly1305 AEAD ciphers from libsodium.
These ciphers are now supported via OCF or 'struct enc_xform'.

Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D33889
2022-01-18 14:48:40 -08:00
John Baldwin
e71680049b crypto: Add a simple API for [X]ChaCha20-Poly1035 on flat buffers.
This is a synchronous software API which wraps the existing software
implementation shared with OCF.  Note that this will not currently
use optimized backends (such as ossl(4)) but may be appropriate for
operations on small buffers.

Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D33524
2022-01-18 14:47:13 -08:00
наб
e1c720de7d
libefi: remove efi_type()
All it is right now is some #if 0ed Solaris code that returns ENOSYS,
and is only applicable for the Solaris blockdev layer.
In the Illumos gate, there's a single user: rmformat(1);
I recommend a read of the manual as a blast from the past, but, well

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Issue #12844
Closes #12969
2022-01-18 14:40:43 -08:00
Robert Wing
ae9ea22e14 bhyve: get mediasize for character devices when resizing virtio-blk
Reviewed by:	imp, allanjude, jhb
Differential Revision:	https://reviews.freebsd.org/D33403
2022-01-18 11:26:49 -09:00
Vladimir Kondratyev
89889ab470 LinuxKPI: Allow wake_up to be executed within a critical section
by replaceing of spin_lock() call with spin_lock_irqsave()

This fixes following panic in drm-kmod:

panic: mi_switch: switch in a critical section
cpuid = 2
time = 1636939794
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b
vpanic() at vpanic+0x187
panic() at panic+0x43
mi_switch() at mi_switch+0x198
__mtx_lock_sleep() at __mtx_lock_sleep+0x1c9
__mtx_lock_flags() at __mtx_lock_flags+0xa2
linux_wake_up() at linux_wake_up+0x38
__active_retire() at __active_retire+0xb7
dma_fence_signal() at dma_fence_signal+0x100
dma_resv_add_shared_fence() at dma_resv_add_shared_fence+0x96
i915_gem_do_execbuffer() at i915_gem_do_execbuffer+0x11d0
i915_gem_execbuffer2_ioctl() at i915_gem_execbuffer2_ioctl+0x19a
drm_ioctl_kernel() at drm_ioctl_kernel+0x72
drm_ioctl() at drm_ioctl+0x2c4
linux_file_ioctl() at linux_file_ioctl+0x297
kern_ioctl() at kern_ioctl+0x1dc
sys_ioctl() at sys_ioctl+0x124
amd64_syscall() at amd64_syscall+0x124
fast_syscall_common() at fast_syscall_common+0xf8
--- syscall (54, FreeBSD ELF64, sys_ioctl)

MFC after:	1 week
Reviewed by:	manu
Reported by:	Graham Perrin <grahamperrin_AT_gmail_DOT_com>
PR:		261166
Differential Revision:	https://reviews.freebsd.org/D33888
2022-01-18 23:14:13 +03:00
Vladimir Kondratyev
02ea603302 LinuxKPI: Allow spin_lock_irqsave to be called within a critical section
with spinning on spin_trylock. dma-buf part of drm-kmod depends on this
property and absence of it support results in "mi_switch: switch in a
critical section" assertions [1][2].

[1] https://github.com/freebsd/drm-kmod/issues/116
[2] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261166

MFC after:	1 week
Reviewed by:	manu
Differential Revision:	https://reviews.freebsd.org/D33887
2022-01-18 23:14:12 +03:00
Robert Wing
a50e92cc20 geom: add kqfilter support for geom dev
The only event hooked up is NOTE_ATTRIB, which is triggered when the
device is resized. Support for other NOTE_* events to follow.

Reviewed by:	kib, jhb
Differential Revision:	https://reviews.freebsd.org/D33402
2022-01-18 10:54:59 -09:00
Kenneth D. Merry
6e8a2f0400 Update sa(4) comments and man page after review.
sys/cam/scsi/scsi_sa.c:
	Add comments explaining the priority order of the various
	sources of timeout values.  Also, explain that the probe
	that pulls in drive recommended timeouts via the REPORT
	SUPPORTED OPERATION CODES command is in a race with the
	thread that creates the sysctl variables.  Because of that
	race, it is important that the sysctl thread not load any
	timeout values from the kernel environment.

share/man/man4/sa.4:
	Use the Sy macro to emphasize thousandths of a second
	instead of capitalizing it.

Requested by:	Warner Losh <imp@freebsd.org>
Requested by:	Daniel Ebdrup Jensen <debdrup@freebsd.org>
Sponsored by:	Spectra Logic
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D33883
2022-01-18 13:50:31 -05:00
Kenneth D. Merry
bcff64c54a Clarify loader tunable usage when tape drives arrive after boot.
Tape drives that arrive after boot will still use any loader
tunables that apply to that instance.

Requested by:	Pau Amma <pauamma@gundo.com>
MFC After:	1 week
Sponsored by:	Spectra Logic
Differential Revision:	https://reviews.freebsd.org/D33883
2022-01-18 13:50:30 -05:00
Kenneth D. Merry
5719b5a1bb Switch to using drive-supplied timeouts for the sa(4) driver.
Summary:
The sa(4) driver has historically used tape drive timeouts that
were one-size fits all, with compile-time options to adjust a few
of them.

LTO-9 drives (and presumably other tape drives in the future)
implement a tape characterization process that happens the first
time a tape is loaded.  The characterization process formats the
tape to account for the temperature and humidity in the environment
it is being used in.  The process for LTO-9 tapes can take from 20
minutes (I have observed 17-18 minutes) to 2 hours according to the
documentation.

As a result, LTO-9 drives have significantly longer recommended
load times than previous LTO generations.

To handle this, change the sa(4) driver over to using timeouts
supplied by the tape drive using the timeout descriptors obtained
through the REPORT SUPPORTED OPERATION CODES command.  That command
was introduced in SPC-4.  IBM tape drives going back to at least
LTO-5 report timeout values.  Oracle/Sun/StorageTek tape drives
going back to at least the T10000C report timeout values.  HP LTO-5
and newer drives report timeout values.  The sa(4) driver only
queries drives that claim to support SPC-4.

This makes the timeout settings automatic and accurate for newer
tape drives.

Also, add loader tunable and sysctl support so that the user can
override individual command type timeouts for all tape drives in
the system, or only for specific drives.

The new global (these affect all tape drives) loader tunables are:

	kern.cam.sa.timeout.erase
	kern.cam.sa.timeout.load
	kern.cam.sa.timeout.locate
	kern.cam.sa.timeout.mode_select
	kern.cam.sa.timeout.mode_sense
	kern.cam.sa.timeout.prevent
	kern.cam.sa.timeout.read
	kern.cam.sa.timeout.read_position
	kern.cam.sa.timeout.read_block_limits
	kern.cam.sa.timeout.report_density
	kern.cam.sa.timeout.reserve
	kern.cam.sa.timeout.rewind
	kern.cam.sa.timeout.space
	kern.cam.sa.timeout.tur
	kern.cam.sa.timeout.write
	kern.cam.sa.timeout.write_filemarks

The new per-instance loader tunable / sysctl variables are:

	kern.cam.sa.%d.timeout.erase
	kern.cam.sa.%d.timeout.load
	kern.cam.sa.%d.timeout.locate
	kern.cam.sa.%d.timeout.mode_select
	kern.cam.sa.%d.timeout.mode_sense
	kern.cam.sa.%d.timeout.prevent
	kern.cam.sa.%d.timeout.read
	kern.cam.sa.%d.timeout.read_position
	kern.cam.sa.%d.timeout.read_block_limits
	kern.cam.sa.%d.timeout.report_density
	kern.cam.sa.%d.timeout.reserve
	kern.cam.sa.%d.timeout.rewind
	kern.cam.sa.%d.timeout.space
	kern.cam.sa.%d.timeout.tur
	kern.cam.sa.%d.timeout.write
	kern.cam.sa.%d.timeout.write_filemarks

The values are reported and set in units of thousandths of a
second.

share/man/man4/sa.4:
	Document the new loader tunables in the sa(4) man page.

sys/cam/scsi/scsi_sa.c:
	Add a new timeout_info array to the softc.

	Add a default timeouts array, along with descriptions.

	Add a new sysctl tree to the softc to handle the timeout
	sysctl values.

	Add a new function, saloadtotunables(), that will load
	the global loader tunables first and then any per-instance
	loader tunables second.

	Add creation of the new timeout sysctl variables in
	sasysctlinit().

	Add a new, optional probe state to the sa(4) driver.  We
	previously didn't do any probing, but now we probe for
	timeout descriptors if the drive claims to support SPC-4 or
	later.  In saregister(), we check the SCSI revision and
	either launch the probe state machine, or announce the
	device and become ready.

	In sastart() and sadone(), add support for the new
	SA_STATE_PROBE.  If we're probing, we don't go through
	saerror(), since that is currently only written to handle
	I/O errors in the normal state.

	Change every place in the sa(4) driver that fills in
	timeout values in a CCB to use the new timeout_info[] array
	in the softc.

	Add a new saloadtimeouts() routine to parse the returned
	timeout descriptors from a completed REPORT SUPPORTED
	OPERATION CODES command, and set the values for the
	commands we support.

MFC after:	1 week
Sponsored by:	Spectra Logic

Test Plan:
Try this out with a variety of tape drives and make sure the timeouts that
result (sysctl kern.cam.sa to see them) are reasonable.

Reviewers: #manpages, #cam

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D33883
2022-01-18 13:50:30 -05:00
Doug Moore
da92ecbc0d vm_phys: fix seg->end test in alloc_seg_contig
In vm_phys_alloc_seg_contig, in allocating multiple memory blocks for
a huge allocation, ensure that the end of the allocated range does not
exceed the upper segment limit.

Reorder a couple of checks to improve code layout.

Reviewed by:	alc
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D33870
2022-01-18 12:49:09 -06:00
John Baldwin
da7fc5c33f freebsd32: Fix layout of struct shmid_kernel32.
The kernel pointers in this structure need to be 32-bit pointers,
not native pointers to 32-bit integers.

Reviewed by:	kib
Sponsored by:	The University of Cambridge, Google Inc.
Differential Revision:	https://reviews.freebsd.org/D33905
2022-01-18 10:42:21 -08:00
John Baldwin
a3af69fa81 iscsi: Abort fewer data-out tasks on a terminating session.
Only abort tasks queued for datamove after
cfiscsi_sesssion_terminate_tasks has posted its internal
CTL_TASK_I_T_NEXUS_RESET task.

Reported by:	Jithesh Arakkan @ Chelsio
Reviewed by:	mav
Fixes:		0cd6e85e24 iscsi: Abort data-out tasks queued on a terminating session.
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D33747
2022-01-18 09:28:43 -08:00
Cy Schubert
ec080394e2 wpa: Import wpa 2.10.
The long awaited hostapd 2.10 is finally here.

MFC after:      3 weeks
2022-01-18 08:17:08 -08:00
Cy Schubert
64e33c5cb1 Revert "wpa: Import wpa 2.10."
This reverts commit 5eb81a4b40, reversing
changes made to c6806434e7 and
this reverts commit 679ff61123.

What happend is git rebase --rebase-merges doesn't do what is expected.
2022-01-18 08:10:33 -08:00
Cy Schubert
679ff61123 .gitignore: Restore inadvertently deleted file
Restore .gitignore inadvertently deleted by
5eb81a4b40.

Fixes:		5eb81a4b40
Pointy hat to:	cy
2022-01-18 08:00:42 -08:00
Mark Johnston
46d35d415a fork: Copy the vm_stacktop field into the new vmspace
Fixes:	1811c1e957 ("exec: Reimplement stack address randomization")
Reported by:	pho
Reported by:	syzbot+0446312a51bc13ead834@syzkaller.appspotmail.com
Sponsored by:	The FreeBSD Foundation
2022-01-18 10:51:49 -05:00
Cy Schubert
5eb81a4b40 wpa: Import wpa 2.10.
The long awaited hostapd 2.10 is finally here.

MFC after:	3 weeks
2022-01-18 07:45:39 -08:00
Cy Schubert
c6806434e7 rc.d/ntp: Ensure ntpd.leap-seconds.list is readable by ntpd
When a use sets umask in login.conf(5) to 027 or 077 a subsequently
fetched /var/db/ntpd.leap-seconds.list will inherit the permissions
allowed by the umask, resulting in a file that may not be readable
ntpd running under the ntp account. This patch adds a umask command
to preempt the umask in login.conf(5) prior to fetching a new copy
of the leap-seconds file.

PR:		261298
Reported by:	Martin Waschbusch <martin@waschbuesch.de>
MFC after:	3 days
2022-01-18 06:21:00 -08:00
Randall Stewart
aac52f94ea tcp: Warning cleanup from new compiler.
The clang compiler recently got an update that generates warnings of unused
variables where they were set, and then never used. This revision goes through
the tcp stack and cleans all of those up.

Reviewed by: Michael Tuexen, Gleb Smirnoff
Sponsored by: Netflix Inc.
Differential Revision:
2022-01-18 07:41:18 -05:00
Roger Pau Monné
e0516c7553 x86/apic: remove apic_ops
All supported Xen instances by FreeBSD provide a local APIC
implementation, so there's no need to replace the native local APIC
implementation anymore.

Leave just the ipi_vectored hook in order to be able to override it
with an implementation based on event channels if the underlying local
APIC is not virtualized by hardware. Note the hook cannot use ifuncs,
because at the point where ifuncs are resolved the kernel doesn't yet
know whether it will benefit from using the optimization.

Sponsored by: Citrix Systems R&D
Reviewed by: kib
Differential revision: https://reviews.freebsd.org/D33917
2022-01-18 10:19:04 +01:00
Roger Pau Monné
2450da6776 x86/xen: use x{2}APIC if virtualized by hardware
Instead of using event channels or hypercalls to deal with IPIs and
NMIs.

Using a hardware virtualized APIC should be faster than using any PV
interface, since the VM exit can be avoided.

Xen exposes whether the domain is using hardware assisted x{2}APIC
emulation in a CPUID bit.

Sponsored by: Citrix Systems R&D
2022-01-18 10:18:22 +01:00
Xin LI
cc68614da8 MFV f83ac37f1e: libbsdxml (expat) 2.4.3. 2022-01-17 16:34:41 -08:00
Mark Johnston
5072251428 cryptosoft: Avoid referencing end-of-buffer cursors
Once a crypto cursor has reached the end of its buffer, it is invalid to
call crypto_cursor_segment() for at least some crypto buffer types.
Reorganize loops to avoid this.

Fixes:	cfb7b942be ("cryptosoft: Use multi-block encrypt/decrypt for non-AEAD ciphers.")
Fixes:	a221a8f4a0 ("cryptosoft: Use multi-block encrypt/decrypt for AES-GCM.")
Fixes:	f8580fcaa1 ("cryptosoft: Use multi-block encrypt/decrypt for AES-CCM.")
Fixes:	5022c68732 ("cryptosoft: Use multi-block encrypt/decrypt for ChaCha20-Poly1305.")
Reported and tested by:	madpilot
Discussed with:	jhb
Sponsored by:	The FreeBSD Foundation
2022-01-17 19:01:24 -05:00
Mark Johnston
2188152717 security.7: Minor fixes for ASLR sysctl descriptions
Reviewed by:	debdrup, danfe, emaste
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D33908
2022-01-17 16:12:43 -05:00
Mark Johnston
6393594b03 copyin tests: Use the KERN_PROC_VM_LAYOUT sysctl to fetch layout info
... rather than using the KERN_PROC_PS_STRINGS value to derive the top
of the user address space.

Reviewed by:	kib
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D33708
2022-01-17 16:12:43 -05:00
Mark Johnston
3ce04aca49 proc: Add a sysctl to fetch virtual address space layout info
This provides information about fixed regions of the target process'
user memory map.

Reviewed by:	kib
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D33708
2022-01-17 16:12:43 -05:00
Cy Schubert
df0c787c3e wpa: Import wpa 2.10 (second part)
WPA is in fact two distfiles. Import the second distfile.
2022-01-17 13:12:36 -08:00
Mark Johnston
1811c1e957 exec: Reimplement stack address randomization
The approach taken by the stack gap implementation was to insert a
random gap between the top of the fixed stack mapping and the true top
of the main process stack.  This approach was chosen so as to avoid
randomizing the previously fixed address of certain process metadata
stored at the top of the stack, but had some shortcomings.  In
particular, mlockall(2) calls would wire the gap, bloating the process'
memory usage, and RLIMIT_STACK included the size of the gap so small
(< several MB) limits could not be used.

There is little value in storing each process' ps_strings at a fixed
location, as only very old programs hard-code this address; consumers
were converted decades ago to use a sysctl-based interface for this
purpose.  Thus, this change re-implements stack address randomization by
simply breaking the convention of storing ps_strings at a fixed
location, and randomizing the location of the entire stack mapping.
This implementation is simpler and avoids the problems mentioned above,
while being unlikely to break compatibility anywhere the default ASLR
settings are used.

The kern.elfN.aslr.stack_gap sysctl is renamed to kern.elfN.aslr.stack,
and is re-enabled by default.

PR:		260303
Reviewed by:	kib
Discussed with:	emaste, mw
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D33704
2022-01-17 16:12:36 -05:00
Mark Johnston
758d98debe exec: Remove the stack gap implementation
ASLR stack randomization will reappear in a forthcoming commit.  Rather
than inserting a random gap into the stack mapping, the entire stack
mapping itself will be randomized in the same way that other mappings
are when ASLR is enabled.

No functional change intended, as the stack gap implementation is
currently disabled by default.

Reviewed by:	kib
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D33704
2022-01-17 16:11:54 -05:00
Mark Johnston
706f4a81a8 exec: Introduce the PROC_PS_STRINGS() macro
Rather than fetching the ps_strings address directly from a process'
sysentvec, use this macro.  With stack address randomization the
ps_strings address is no longer fixed.

Reviewed by:	kib
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D33704
2022-01-17 16:11:54 -05:00