Add appropriate bounds checks on the epid and streamid fields in the
device doorbell registers.
admbugs: 919
Submitted by: jhb
Reported by: Reno Robert <renorobert@gmail.com>
Reviewed by: markj
Approved by: so
Security: out-of-bounds read
This option was imported as part of the KAME project in r62627 (in 2000).
It was turned on unconditionally in r121472 (in 2003) and has been on ever
since. The old alternative code has bitrotted. Reap the dead code.
Reported by: Ján Sučan <jansucan@gmail.com>
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D20938
Move the bluetooth related files from FreeBSD-runtime to a new package named
FreeBSD-bluetooth
The FreeBSD runtime is only intended to have everything for a working
FreeBSD installation and bluetooth isn't needed for that.
Reviewed by: bapt, gjb
Differential Revision: https://reviews.freebsd.org/D20959
Move the hostapd related files from FreeBSD-runtime to a new package n
FreeBSD-hostapd
The FreeBSD runtime is only intended to have everything for a working
FreeBSD installation and hostapd isn't needed for that.
Reviewed by: bapt, gjb
Differential Revision: https://reviews.freebsd.org/D20958
Move the wpa related files from FreeBSD-runtime to a new package named
FreeBSD-wpa
The FreeBSD runtime is only intended to have everything for a working
FreeBSD installation and wpa isn't needed for that.
Reviewed by: bapt, gjb
Differential Revision: https://reviews.freebsd.org/D20957
zone.tab is deprecated. Install zone1970.tab alongside it, and use it
for tzsetup(8). This is also useful for other applications that need
the modern better maintained file.
Reviewed by: philip
Approved by: allanjude (mentor)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D20646
Instead of skipping the NVMe Completion Queue update based on the
opcode, define a synthetic status value which indicates the completion
queue entry is invalid. This will also allow deferred completion queue
updates for other commands.
Also returns the correct status for unrecognized opcodes ("invalid
opcode").
Reviewed by: imp, jhb, araujo
Approved by: imp (mentor), jhb (maintainer)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D20945
this implicitly by encoding it in a number space.
No functional change intended.
This is done as a preparation to add support for ICMPv6 mesages
indicating a parameter problem related to the next header.
MFC after: 2 weeks
We remove IPSEC only in parts of the tree, and not others. RELEASE_CRUNCH to
disable it has not kept up with all its uses. Remove it. Should there be a real
need to disable IPSEC, one that hasn't shown up in the base system to date,
it can be re-added behind a WITHOUT_IPSEC build option.
Since these things are more completely controlled by the MK_OPENSSL knob, remove
RELEASE_CRUNCH here. It's no longer needed for the release and other users can
use the more proper knob if they so desire.
Accept an IEEE Extended Unique Identifier (EUI-64) from the command
line for each NVMe namespace. If one isn't provided, it will create one
based on the CRC16 of:
- the FreeBSD IEEE OUI
- PCI bus, device/slot, function values
- Namespace ID
Reviewed by: imp, araujo, jhb, rgrimes
Approved by: imp (mentor), jhb (maintainer)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D19905
The RELEASE_CRUNCH ifdefs save about 100 bytes of text space. The
complexity is not worth it as they eliminate error messages.
Left the RELEASE_CRUNCH ifdef to eliminate a lot of stuff in place.
That saves an interesting amount of space and change some behaviors,
so absent a more detailed analysis, maintain the status quo.
Follow-up work to improve the handling of unsupported/invalid opcodes
is being developed by chuck@.
Coverity CID: 1398928
Reviewed by: chuck
Approved by: araujo, imp
Differential Revision: https://reviews.freebsd.org/D20914
This is a no-op initialization because nothing reads this value. "This
wasn't wrong previously, but this is more correct now." -imp
Coverity CID: 1194307
Approved by: markj, imp, scottl
Differential Revision: https://reviews.freebsd.org/D20921
Also update to use strsep(3) instead of strtok(3).
Most of this commit inadvertently ended up in r349914.
Coverity CID: 1357337
Approved by: markj
PR: 233038
Differential Revision: https://reviews.freebsd.org/D20918
In 2011, r218961 removed local code for rotating logs in favor of using the
rotate_log command in etc/rc.d/accounting. If the accounting service is
activated then subsequently de-activated in rc.conf but still remains active
in periodic.conf, then you get an error message every day in the periodic
jobs about being unable to rotate the logs.
With this change to use "onerotate_log", the log rotation will happen the
first time periodic daily runs after accounting was disabled but periodic
accounting was left enabled. After that happens once, the /var/account/acct
will no longer exist, which results in a different path through the periodic
code and no more error messages will appear (unless daily_show_badconfig is
set, in which case the admin will be told that periodic security processing
is enabled but the accounting file is not present).
This is only a partial fix for the problems reported in PR 202203.
PR: 202203
Bhyve can currently emulate two virtual NICs, namely virtio-net and e1000,
and connect to the host network through two backends, namely tap and netmap.
However, there is no interface between virtual NIC functionalities and
backend functionalities. As a result, the backend code is duplicated between
the two virtual NIC implementations and also within the same virtual NIC.
Also, e1000 cannot currently use netmap as a backend.
This patch introduces a network backend API between virtio-net/e1000 and
tap/netmap, to improve code reuse and add missing functionalities.
Virtual NICs and backends can negotiate virtio-net features, such as checksum
offload and TSO. If the backend supports the features, it will propagate this
information to the guest, so that the latter can make use of them. Currently,
only netmap VALE ports support the features, but support should be added to
tap in the future.
Reviewed by: jhb, bryanv
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D20659
Use the proper size_t type to match strlen's return type. This is not
exploitable in practice as this parses command line arguments, which
are limited to well below 2^31 bytes.
This is a minimal change to address the reported issue; hda_parse_config
and the rest of this file will benefit from further review.
Reported by: Fakhri Zulkifli
Reviewed by: jhb, markj
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
For strings without quotes and escapes dstptr and srcptr are equal, so
zeroing *dstptr before checking *srcptr is not a good idea. In practice
it means that in -maproot=65534:65533 everything after the colon is lost.
The problem was there since r293305, but before r346976 it was covered by
improper strsep_quote() usage.
PR: 238725
MFC after: 3 days
Sponsored by: iXsystems, Inc.
Add the PCI HDAudio device model from the 2016 GSoC. Detailed information
can be found at
https://wiki.freebsd.org/SummerOfCode2016/HDAudioEmulationForBhyve
This commit has evolved from the original work to include Capsicum
integration. As part of that, it only opens the host audio devices once
and leaves them open, instead of opening and closing them on each guest
access. Thanks to Peter Grehan and Marcelo Araujo for their help in
bringing the work forward and providing some of the final techncial push.
Submitted by: Alex Teaca <iateaca@freebsd.org>
Differential Revision: D7840, D12419
NANDFS has been broken for years. Remove it. The NAND drivers that
remain are for ancient parts that are no longer relevant. They are
polled, have terrible performance and just for ancient arm
hardware. NAND parts have evolved significantly from this early work
and little to none of it would be relevant should someone need to
update to support raw nand. This code has been off by default for
years and has violated the vnode protocol leading to panics since it
was committed.
Numerous posts to arch@ and other locations have found no actual users
for this software.
Relnotes: Yes
No Objection From: arch@
Differential Revision: https://reviews.freebsd.org/D20745
