Currently, if jail_getid(3) is passed in a numeric string, it assumes that
this is a jid string and passes it back converted to an int without checking
that it's a valid/existing jid. This breaks consumers that might use
jail_getid(3) to see if it can trivially grab a jid from a name if that name
happens to be numeric but not actually the name/jid of the jail. Instead of
returning -1 for the jail not existing, it'll return the int version of the
input and the consumer will not fallback to trying other methods.
Pass the numeric input to jail_get(2) as the jid for validation, rather than
the name. This works well- the kernel enforces that jid=name if name is
numeric, so doing the safe thing and checking numeric input as a jid will
still DTRT based on the description of jail_getid.
Reported by: Wes Maag
Reviewed by: jamie, Wes Maag
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D20388
- Add a write_mem counterpart to read_mem to handle writes to MMIO.
- Add support for the GDB 'M' packet to write bytes to the guest's
memory. For MMIO writes, attempt to batch writes up into words.
This is imprecise, but if you write a single 2 or 4-byte aligned
word, it should be treated as a single MMIO write operation.
- While here, tidy up the parsing of the 'm' command used for reading
memory to match 'M'.
Reviewed by: markj, Scott Phillips <d.scott.phillips@intel.com>
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D20307
- Triple DES has been formally deprecated in Kerberos (RFC 8429)
and is soon to be deprecated in IPsec (RFC 8221).
- Blowfish is deprecated. FreeBSD doesn't support its successor
(Twofish).
- MD5 is generally considered a weak digest that has known attacks.
geli refuses to create new volumes using these algorithms via 'geli
init'. It also warns when attaching to existing volumes or creating
temporary volumes via 'geli onetime' . The plan is to fully remove
support for these algorithms in FreeBSD 13.
Note that none of these algorithms have ever been the default
algorithm used by geli(8). Users would have had to explicitly select
these algorithms when creating volumes in the past.
Reviewed by: cem, delphij
MFC after: 3 days
Relnotes: yes
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D20344
All of these algorithms are either explicitly marked MUST NOT, or they
are implicitly MUST NOTs by virtue of not being included in IETF's
list of protocols at all despite having assignments from IANA.
Specifically, this adds warnings for the following ciphers:
- des-cbc
- blowfish-cbc
- cast128-cbc
- des-deriv
- des-32iv
- camellia-cbc
Warnings for the following authentication algorithms are also added:
- hmac-md5
- keyed-md5
- keyed-sha1
- hmac-ripemd160
Reviewed by: cem, gnn
MFC after: 3 days
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D20340
Pull the responsibility for zeroing events, which is general to any
conceivable implementation of a random device algorithm, out of the
algorithm-specific Fortuna code and into the callers. Most callers
indirect through random_fortuna_process_event(), so add the logic there.
Most callers already explicitly bzeroed the events they provided, so the
logic in Fortuna was mostly redundant.
Add one missing bzero in randomdev_accumulate(). Also, remove a redundant
bzero in the same function -- randomdev_hash_finish() is obliged to bzero
the hash state.
Reviewed by: delphij
Approved by: secteam(delphij)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D20318
Add Chacha20 mode to Encrypted Kernel Crash Dumps.
Chacha20 does not require messages to be multiples of block size, so it is
valid to use the cipher on non-block-sized messages without the explicit
padding AES-CBC would require. Therefore, allow use with simultaneous dump
compression. (Continue to disallow use of AES-CBC EKCD with compression.)
dumpon(8) gains a -C cipher flag to select between chacha and aes-cbc.
It defaults to chacha if no -C option is provided. The man page documents this
behavior.
Relnotes: sure
Sponsored by: Dell EMC Isilon
This takes the SPCR code currently in uart_cpu_arm64.c, moves it into
a new uart_cpu_acpi.c (with some associated refactoring), and uses it
from both arm64 and x86.
An SPCR serial port address AccessWidth field value of 0 ("reserved")
is now treated as 1 ("byte access") in order to work around a buggy
SPCR table on Amazon EC2 i3.metal instances.
Reviewed by: manu, Greg V
MFC after: 3 days
Sponsored by: https://www.patreon.com/cperciva
Differential Revision: https://reviews.freebsd.org/D20357
This adds some new commands to loader :
- pnpmatch
This takes a pnpinfo string as argument and tries to find a kernel module
associated with it. -v and -d option are available and are the same as in
devmatch (v is verbose, d dumps the hints).
- pnpload
This takes a pnpinfo string as argument and tries to load a kernel module
associated with it.
- pnpautoload
This will attempt to load every kernel module for each buses. Each buses are
probed, the probe function will generate pnpinfo string and load kernel module
associated with it if it exists.
Only simplebus for FDT system is implemented for now.
Since we need the dtb and overlays to be applied before searching the tree
fdt_devmatch_next will load and apply the dtb + overlays.
All the pnp parsing code comes from devmatch and is the same at 99%.
Reviewed by: imp, kevans
Differential Revision: https://reviews.freebsd.org/D19498
Use the .PATH mechanism instead so keep installing them from lib/libc/gen
While here revert 347961 and 347893 which are no longer needed
Discussed with: manu
Tested by: manu
ok manu@
Some clocks used the NM type but this clock is for the ones with the
formula "clk = clkin / n / m" and not "clk = clkin * n / m"
Use the new frac clock for them.
Add a clock driver for clock that can either be used in integer mode
with one N factor and one M divider or in fractional mode where the
output frequency is chosen between two predifined output.
newvers.sh has supported a variable setting only mode, use that in
preference to grep to future proof this script from changes there.
Differential Revision: https://reviews.freebsd.org/D19849
Rather than the tedious and error-prone grep of sys/conf/newvers.sh,
use the new -v arg to dig out the data that's desired.
Differential Revision: https://reviews.freebsd.org/D19849
Add -v to print TYPE REVISION BRANCH RELEASE VERSION RELDATE variables
Add -V var to print var's value
Both of these in ${var}="${val}" format suitable for
eval $(sh newvers.sh -v)
in shell scripts / makefiles.
Add -c to print the copyright / license comment text only.
Document these, and remove soon-to-be obsolete comment.
Minor code motion as well bunded here to put functions after
VARS_ONLY and command line argument parsing.
Differential Revision: https://reviews.freebsd.org/D19849
Due to how the linker.hints file is laid out, we'll associate the pnp
info with the wrong module if the module declaration comes after the
pnp info. Until that limiation is removed, we need to have this
ordering. Ideally, we'd also enforce the ordering somehow, but I've
come up with no way to do that yet...
Pnpinfo is bus-specific and requires the bus name. The FDTCOMPAT_PNP_INFO()
macro makes it easier to define new FDT-based pnpinfo for busses other than
simplebus.
Differential Revision: https://reviews.freebsd.org/D20382
See usage for the command line structure. Man page will come shortly.
Reviewed by: jilles, tmunro
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D20258
Many i2c slave drivers are in modules that can be unloaded. If they detach
while IO is in progress the bus would be hung forever. Conversely,
lower-layer drivers (iicbus and the hardware driver) also live in modules
and other kinds of bad things happen if they get detached while IO is in
progress. Because device_busy() propagates up to parents, marking the slave
device busy while it owns the bus solves both kinds of problems that come
with detaching i2c devices while IO is in progress.
It should be safer to flush controller and disk caches on the shutdown.
And to gracefully shut down the controller as well.
It seems that the Linux driver has been doing that for a long time.
Discussed with: scottl
Reviewed by: imp, Sumit Saxena <sumit.saxena@broadcom.com>
(both earlier version)
MFC after: 3 weeks
Sponsored by: Panzura
Differential Revision: https://reviews.freebsd.org/D19817
The sysctl provides the listing on named linked posix shared memory
segments existing in the system.
Reuse shm_fill_kinfo() for filling individual struct kinfo_file.
Remove unneeded lock around reading of shmfd->shm_mode.
Reviewed by: jilles, tmunro
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D20258
Unless there are transient references to the object, the ref count is
equal to the number of the shared memory segment mappings plus one.
Reviewed by: jilles, tmunro
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D20258
hint.gpioled.%d.state determines the initial state of the LED when the
driver takes control over it:
0 - the LED is off
1 - the LED is on
-1 - the LED is kept as it was
While here, add a module version declaration.
MFC after: 2 weks
This is a curious small widget for which I might write a driver.
It is bridge between USB HID interface and I2C interface plus some
GPIO pins.
MFC after: 2 weeks
DBCR0, according to the Freescale EREF, is guaranteed to be updated, and
changes take effect, after an isync plus change of MSR[DE] from 0 to 1.
Otherwise it's guaranteed to be updated "eventually". Use the expected
synchronization sequence to write it for resetting.
This prevents "Reset failed" from being printed immediately before the CPU
resets.
MFC after: 2 weeks
Actually set the source and destination VA's before using them. Fixes a
bizarre panic on 32-bit Book-E. Not sure why this wasn't caught by the
compiler.
