Commit Graph

440 Commits

Author SHA1 Message Date
robak
746101149f bhyve: avoid applying capsicum capabilities to file that was not opened
When using -l option targeting file that can't be opened (ie. nmdm module
is not loaded and /dev/nmdm* is specified) bhyve tries to apply capsicum
capabilities to a file that was not opened.

Enclose that code in an if statement and only run it on correctly opened
descriptor also providing meaningful message in case of an error.

Submitted by:	Pawel Biernacki <pawel.biernacki@gmail.com>
Reviewed by:	grehan, emaste
Sponsoied by:	Mysterious Code Ltd.
Differential Revision:	D12985
2017-11-11 22:50:14 +00:00
bdrewery
a598c4b809 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	Dell EMC Isilon
2017-10-31 00:07:04 +00:00
eadler
45275e3a26 Update several more URLs
- Primarily http -> https
- Primarily FreeBSD project URLs
2017-10-29 08:17:03 +00:00
rlibby
f145a20f2f bhyve/vga.c: fix atc_color_select_67 bit shift
Gcc noticed that the result of the bit shift is always zero.  Shift so
that the ATC_CS_C67 bits end up in bits 6 & 7.

Reviewed by:	grehan, tychon
Approved by:	markj (mentor)
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D11775
2017-07-28 21:47:10 +00:00
rlibby
eb5afc4ce2 bhyve/pci_e82545.c: squelch gcc warning for noreturn procedure
Gcc complained that e82545_tx_thread has a return type declared but
doesn't return anything.  Annotate the procedure with _Noreturn.

Reviewed by:	grehan
Approved by:	markj (mentor)
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D11774
2017-07-28 21:42:59 +00:00
bdrewery
2e8cf0308b DIRDEPS_BUILD: Update dependencies.
Sponsored by:	Dell EMC Isilon
2017-07-10 23:52:04 +00:00
araujo
67d8903aad Check if pthread_create(3) successfully created the thread prior to call
pthread_join(3). The variable tid is not yet initialized in case
the authentication fails at early stage, that would lead pthread_join be
called with an uninitialized variable.

CID:		1375950
Reported by:	Coverity, cem
Reviewed by:	cem
MFC after:	3 weeks.
Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D11150
2017-06-16 01:26:01 +00:00
araujo
9925765730 Initialize variables and use byteorder(9) instead of aliasing char array
buf via uint32_t pointer.

CID:		1375949
Reported by:	Coverity, cem
Reviewed by:	cem
MFC after:	3 weeks
Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D11153
2017-06-15 06:21:01 +00:00
araujo
50d59ed68a Make the VNC authentication build with LibreSSL on HardenedBSD and TrueOS.
PR:		219790
Submitted by:	Shirkdog <mshirk@daemon-security.com>
Reviewed by:	grehan and rgrimes
MFC after:	4 weeks.
Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D11071
2017-06-08 04:54:15 +00:00
araujo
4c1f4b0bed Bump manpage date. 2017-06-02 02:37:17 +00:00
araujo
fa2245832b Add VNC Authentication support based on RFC6143 section 7.2.2.
Submitted by:	Fabian Freyer <fabian.freyer@physik.tu-berlin.de>
Reworked by:	myself
Reviewed by:	grehan, rgrimes and jilles
MFC after:	1 week.
Relnotes:	Yes.
Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D10818
2017-06-02 02:35:16 +00:00
pfg
040f93fba7 bhyvegc_resize: make use of reallocarray(3) for bounds-checking.
Also add __FBSDID.

Reviewed by:	grehan

This file lacks a license(!) so for this change the following declaration
applies:

To the greatest extent permitted by, but not in contravention of,
applicable law, Affirmer hereby overtly, fully, permanently, irrevocably
and unconditionally waives, abandons, and surrenders all of Affirmer's
Copyright and Related Rights and associated claims and causes of action,
whether now known or unknown (including existing as well as future claims
and causes of action).
2017-05-24 14:24:47 +00:00
bdrewery
f7f6293381 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	Dell EMC Isilon
2017-05-09 01:48:23 +00:00
glebius
bd29cb78ca Improve documentation of fbuf device.
Submitted by:	novel
Reviewed by:	grehan, bcr
Differential Revision:	https://reviews.freebsd.org/D10014
2017-05-03 21:44:04 +00:00
glebius
f3d4e9b470 Document raw framebuffer device and XHCI device configurations. 2017-04-28 05:43:27 +00:00
glebius
e685c6153f - For security reasons by default listen on localhost address,
not on wildcard. [1]
- Move the default port assignment from pci_fbuf.c to rfb.c,
  to avoid polluting pci_fbuf.c with network things.

Suggested by:	grehan
2017-04-28 05:32:26 +00:00
glebius
de5141cf7a When no "rfb" configuration specified bind to the default VNC
port instead of binding to a random one.
2017-04-28 05:13:27 +00:00
glebius
4a27907a6e Make comments match the code. No functional change. 2017-04-28 05:09:51 +00:00
glebius
9a7099f50d We need CAP_MMAP_RW on memfd, since init_msix_table() may call mmap(). 2017-04-27 05:48:52 +00:00
mav
6f295d26ad Fix variable for sizeof() in previous commit.
MFC after:	2 weeks
2017-04-02 20:57:59 +00:00
mav
9b141cb386 Add Log directory and SATA NCQ Send and Receive Log.
Those are used at least by Linux guests to detect queued TRIM support.

MFC after:	2 weeks
Sponsored by:	iXsystems, Inc.
2017-04-02 20:39:51 +00:00
novel
2590be1079 Minor style improvements in bhyve.8
Replace "as of now" with "at present". As the change is a really minor one,
don't bump .Dd.

Suggested by:	wblock
Approved by:	wblock (implicit)
2017-04-01 15:01:10 +00:00
grehan
c9112639c6 This fixes a typo in bhyve's USB mouse emulation.
There is no behavioral difference, as it's just swapping
out the name of two identically-valued constants.

Submitted by:	Vicki Pfau (vi AT endrift.com)
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D9597
2017-03-22 16:53:03 +00:00
novel
d630d13cea bhyve: document virtio-console in the manpage
Reviewed by:	bcr, wblock, jceel
Approved by:	grehan
Differential Revision:	https://reviews.freebsd.org/D9564
2017-02-27 15:37:38 +00:00
emaste
dbb0e9468d bhyve: whitespace fix for r313727
Reported by:	jhb
2017-02-14 16:49:32 +00:00
robak
541b0a86fd Capsicum support for bhyve(8).
Adds Capsicum sandboxing to bhyve.

Submitted by:	Pawel Biernacki <pawel.biernacki@gmail.com>
Reviewed by:	grehan, oshogbo
Approved by:	emaste, grehan
Sponsored by:	Mysterious Code Ltd.
Differential Revision:	https://reviews.freebsd.org/D8290
2017-02-14 13:35:59 +00:00
grehan
919dec09c2 Use correct PCI device id for virtio-rng.
This prevented the device from attaching with a
Windows guest (most other guests use the device type
for matching)

PR:	212711
Submitted by:	jbeich
MFC after:	3 days
2017-01-08 20:58:58 +00:00
grehan
cfcddfc497 Make sure the 'Always-one' bit is always set to one,
in the first byte of the 3-byte mouse data report.
Plan9/9front requires this.

Switch over to using #defines for the data report bits.

Verified no regression on Win10/Fedora-live.

Reported and tested by: Trent Thompson (trentnthompson at gmail com)
MFC after:	1 week
2017-01-08 20:29:35 +00:00
avg
4596354565 bhyve: stability and performance improvement for dbgport
The TCP server implementation in dbgport does not track clients, so it
may try to write to a disconected socket resulting in SIGPIPE.
Avoid that by setting SO_NOSIGPIPE socket option.

Because dbgport emulates an I/O port to guest, the communication is done
byte by byte.  Reduce latency of the TCP/IP transfers by using
TCP_NODELAY option.  In my tests that change improves performance of
kgdb commands with lots of output (e.g. info threads) by two orders of
magnitude.

A general note.  Since we have a uart emulation in bhyve, that can be
used for the console and gdb access to guests.  So, bvmconsole and bvmdebug
could be de-orbited now.  But there are many existing deployments that
still dependend on those.

Discussed with:	julian, jhb
MFC after:	2 weeks
Sponsored by:	Panzura
2016-11-29 13:11:00 +00:00
jceel
65feaeaf88 virtio_console: handle short writes to an Unix domain socket gracefully.
writev() can do a short write.  Retrying it results in a very convoluted
and complex code, so we iterate over iovec and do regular stream_write()
instead.

Approved by:	trasz
Sponsored by:	iXsystems, Inc.
2016-11-24 22:16:18 +00:00
jceel
5673d8fe28 Allow opening virtio-console ports from the host side before guest
enumerates them.

Approved by:	trasz
Sponsored by:	iXsystems, Inc.
2016-11-24 21:53:42 +00:00
bdrewery
30f99dbeef Fix improper use of "its".
Sponsored by:	Dell EMC Isilon
2016-11-08 23:59:41 +00:00
glebius
ebc9866803 Fix unchecked array reference in the VGA device emulation code.
Submitted by:   Ilja Van Sprundel <ivansprundel@ioactive.com>
Patch by:	tychon
Security:       SA-16:32
2016-10-25 17:13:58 +00:00
bapt
b606610ad8 accept4 actually expect SOCK_NONBLOCK and not O_NONBLOCK
Reported by:	jhb
Pointyhat to:	bapt
2016-10-25 15:20:06 +00:00
maxim
4ae8c3ff61 Typo fixed: arbitraty -> arbitrary.
PR:		213559
Submitted by:	olgeni
2016-10-17 09:40:18 +00:00
bapt
f455ef8733 Use accept4 with O_NONBLOCK rather than accept + fcntl 2016-10-01 11:43:37 +00:00
ed
8ab365d211 Fix misuse of the basename() and dirname() functions.
These functions are allowed to overwrite their input. Pull a copy of the
input parameter and call dirname() and basename() on that instead. Do
ensure that we reload the pathname value between calls.
2016-09-21 13:02:43 +00:00
jceel
3d1d054982 Add virtio-console support to bhyve.
Adds virtio-console device support to bhyve, allowing to create
bidirectional character streams between host and guest.

Syntax:
-s <slotnum>,virtio-console,port1=/path/to/port1.sock,anotherport=...

Maximum of 16 ports per device can be created. Every port is named
and corresponds to an Unix domain socket created by bhyve. bhyve
accepts at most one connection per port at a time.

Limitations:
- due to lack of destructors of in bhyve, sockets on the filesystem
  must be cleaned up manually after bhyve exits
- there's no way to use "console port" feature, nor the console port
  resize as of now
- emergency write is advertised, but no-op as of now

Approved by:	trasz
MFC after:	1 month
Relnotes:	yes
Sponsored by:	iXsystems, Inc.
Differential Revision:	D7185
2016-09-17 13:48:01 +00:00
bdrewery
621419c360 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	EMC / Isilon Storage Division
2016-08-31 19:30:46 +00:00
araujo
faf49c548b Invert calloc(3) argument order.
Reviewed by:	grehan, mav
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D7613
2016-08-30 12:40:12 +00:00
grehan
d5b4f0b542 - Change the fbuf "vga" parameter to "vga=on|io|off".
"io" is the default, and allows VGA i/o registers to be
   accessed. This is required by Win7/2k8 graphics guests that
   use a combination of BIOS int10 and UEFI.
   "off" disables all VGA i/o and mem accesses.
   "on" is not yet hooked up, but will enable full VGA rendering.

   OpenBSD/UEFI >= 5.9 graphics guests can be booted using "vga=off"

- Allow "rfb" to be used instead of "tcp" for the fbuf VNC
  description. "tcp" will be removed at a future point and is
  kept as an alias.

Discussed with:	Leon Dang
MFC after:	3 days
2016-07-27 00:03:29 +00:00
grehan
e2d448a951 Catch another case where an XHCI interrupt was being
injected without state being set up.

This fixes a core dump when dropping to the UEFI prompt
with graphics enabled and moving the mouse around.

Discussed with:	Leon Dang
MFC after:	3 days
2016-07-26 23:40:25 +00:00
grehan
f760bee50d Disallow interrupt requests on disabled endpoints.
Submitted by:	Leon Dang
MFC after:	3 days
2016-07-17 20:34:46 +00:00
mav
2e12a25c19 Fix NCQ TRIM emulation.
When this code was written, there was no guests using it to test.
2016-07-17 14:13:47 +00:00
mav
9027865830 Revert unwanted change leaked into r302932. 2016-07-16 09:44:31 +00:00
mav
3908745a98 Increase I82545_MAX_TXSEGS from 20 to 64 and add checks for it.
There seems no hard limit on number of segments per packet in the chip,
and 20 appeared insufficient.  Hope 64 will be enough, but if not -- add
check to report that and drop the packet instead of corrupting stack.
2016-07-16 09:08:33 +00:00
mav
4d4166697e Make PCI interupts allocation static when using bootrom (UEFI).
This makes factual interrupt routing match one shipped with UEFI firmware.
With old firmware this make legacy interrupts work reliable for functions 0
of PCI slots 3-6.  Updated UEFI image fixes problem completely.
2016-07-14 17:16:10 +00:00
mav
b0b33eab6a Make unknown register reads predictable.
Reported by:	Coverity
CID:		1357525
2016-07-12 17:38:18 +00:00
mav
9e4391cd80 Add missing breaks in I/O BAR read/write.
This could be important if any guest actually used those registers.

Reported by:	Coverity
CID:		1357519, 1357520
2016-07-12 17:30:37 +00:00
grehan
06c339f7d7 Implement right shift/ctl, and convert the VNC/xorg scancode
of 0xff03 into right-alt.

Reported by:	lme@
MFC after:	1 week
2016-07-11 06:31:15 +00:00