In an earlier implementation the stack (gap) was randomized when the
enable sysctl was set and ASLR was also enabled (in general) for the
binary. In the current implementation the sysctl operates
independently.
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D42357
All aslr knobs are disabled by default for 32bit processes, except
stack. This results in weird stack location, typically making around 1G
of user address space hard to use.
Reviewed by: emaste
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D42356
OpenSSL 3.0.12 addresses:
* Fix incorrect key and IV resizing issues when calling
EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2()
with OSSL_PARAM parameters that alter the key or IV length
([CVE-2023-5363]).
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
* Fix incorrect key and IV resizing issues when calling
EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2()
with OSSL_PARAM parameters that alter the key or IV length
([CVE-2023-5363]).
Sponsored by: The FreeBSD Foundation
The nvlist based state retrieval ioctl has been replaced by an old-style
ioctl for performance reasons. Document that one.
Reported by: Michael Gmelin <grembo@freebsd.org>
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42331
pfctl_do_ioctl() copies the packed request data into the request buffer
and then frees it. However, it's possible for the buffer to be too small
for the reply, causing us to allocate a new buffer. We then copied from
the freed request, and freed it again.
Do not free the request buffer until we're all the way done.
PR: 274614
Reviewed by: emaste
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42329
Commit 428879dc91 adds a requirement for a new upcall for the
gssd(8). This patch adds that upcall.
Unfortunately, the old gssd.c would not build against the new
patched gssd.x.
This patch will fix the build.
MFC after: 1 month
Previously, while checking name2addr capabilities, we mistakenly used
the addr2name set. This error could cause a process to inadvertently
reset its limitations.
Reported by: Shawn Webb <shawn.webb@hardenedbsd.org>
This patch restores/fixes some of the behavior present in pre-netlink ndp(8).
1. Deleting a local address now correctly returns EPERM (instead of
ENOENT)
2. ndp -c no longer dumps the entire table while complaining about
local addresses
3. Return exit code when deleting entry (e.g. trying ndp -d on a local
address is an error)
Reviewed by: kp
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42316
During recent testing related to the IETF NFSv4 Bakeathon, it was
discovered that Kerberized NFSv4.1/4.2 mounts to pNFS servers
(sec=krb5[ip],pnfs mount options) was broken.
The FreeBSD client was using the "service principal" for
the MDS to try and establish a rpcsec_gss credential for a DS,
which is incorrect. (A "service principal" looks like
"nfs@<fqdn-of-server>" and the <fqdn-of-server> for the DS is not
the same as the MDS for most pNFS servers.)
To fix this, the rpcsec_gss code needs to be able to do a
reverse DNS lookup of the DS's IP address. A new kgssapi upcall
to the gssd(8) daemon is added by this patch to do the reverse DNS
along with a new rpcsec_gss function to generate the "service
principal".
A separate patch to the gssd(8) will be committed, so that this
patch will fix the problem. Without the gssd(8) patch, the new
upcall fails and current/incorrect behaviour remains.
This bug only affects the rare case of a Kerberized (sec=krb5[ip],pnfs)
mount using pNFS.
This patch changes the internal KAPI between the kgssapi and
nfscl modules, but since I did a version bump a few days ago,
I will not do one this time.
MFC after: 1 month
A future commit needs a new upcall function that can do reverse
DNS in order to generate a "service principal".
This patch adds the file.
MFC after: 1 month
This file does not exist, remove it from the list of files to avoid
confusion. The example file is just /etc/devfs.conf.
Reviewed by: mhorne
Pull Request: https://github.com/freebsd/freebsd-src/pull/871
Otherwise it can crash in sleepq_wait_sig -> sleepq_catch_signals ->
sig_ast_checksusp -> thread_suspend_check due to a mutex acquire.
Reported by: pho
Sponsored by: Rubicon Communications, LLC ("Netgate")
If a connection is NAT-ed we could previously only terminate it by its
ID or the post-NAT IP address. Allow users to specify they want look for
the state by its pre-NAT address. Usage: `pfctl -k nat -k <address>`.
See also: https://redmine.pfsense.org/issues/11556
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42312
This is required for the "used", "usedds" and "usedchild" dataset
properties to be displayed.
PR: 274613
Reported by: Mike Tancsa <mike@sentex.net>
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Most of the first block of pad bytes are now used for space accounting
purposes. No functional change intended.
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Allow users(pace) to specify a protocol, interface, address family and/
or address and mask, allowing the state listing to be pre-filtered in
the kernel.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42280
The nvlist-based version will be removed in FreeBSD 16.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42279
The netlink newneigh handler has the potential to leak the lock on
llentry objects in the kernel. This patch reconciles several paths
through the newneigh handler that could result in a lock leak.
MFC after: 1 week
Reviewed by: markj, kp
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42307
Readd bsddialog(1) to bsdconfig(8).
This can be considered an increment not a replacement: `$DIALOG=dialog'
restores dialog(1), no change for Xdialog(1). An exception is if an
error occurs, bsddialog(1) replaces dialog.
When allocating memory we should try to allocate from the NUMA node
closest to the device to reduce cross domain memory traffic. Teach the
arm64 bus_dma code to do this.
While here use mallocarray to guard against an unlikely integer
overflow.
Reviewed by: markj
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D42187
Configuring a FreeBSD laptop, my fingers kept wanting to type
`bsdconfig network' and I could not figure out why this was not working.
Took me a second to realize that the shortcut was `bsdconfig networking'
for where I wanted to go.
Reviewed by: jhb
Approved by: jhb
Differential Revision: https://reviews.freebsd.org/D42242
share/man/man4/Makefile adds a number of
variables to MAN and MLINKS, which are only set for
certain architectures.
The empty variables wreak havoc when := is used.
Add :M*.[1-9] to MLINKS reference for STAGE_LINKS.mlinks
to avoid invalid results.
Reviewed by: stevek
This enables obtaining lock information threads are actively waiting for
while sampling. Without the change one would only see a bunch of calls
to lock_delay(), where the stacktrace often does not reveal what the
lock might be.
Note this is not the same as lock profiling, which only produces data
for cases which wait for locks.
struct thread already has a td_lockname field, but I did not use it
because it has different semantics -- denotes when the thread is off
cpu. At the same time it could not be converted to hold a lock_object
pointer because non-curthread access would no longer be guaranteed to be
safe -- by the time it reads the pointer the lock might have been taken,
released and the object containing it freed.
Sample usage with dtrace:
rm /tmp/out.kern_stacks ; dtrace -x stackframes=100 -n 'profile-997 { @[curthread->td_wantedlock != NULL ? stringof(curthread->td_wantedlock->lo_name) : stringof("\n"), stack()] = count(); }' -o /tmp/out.kern_stacks
This also facilitates addition of lock information to traces produced by
hwpmc.
Note: spinlocks are not supported at the moment.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Notable upstream pull request merges:
#14378c0e58995e Large sync writes perform worse with slog
#14721797f55ef1 Do not persist user/group/project quota zap objects
when unneeded
#15356380c25f64 FreeBSD: Improve taskq wrapper
#153904fbc52495 Remove lock from dsl_pool_need_dirty_delay()
#1539757b409856 Trust ARC_BUF_SHARED() more
#15402b29e98fa8 Properly pad struct tx_cpu to cache line
#15405ea30b5a9e Set spa_ccw_fail_time=0 when expanding a vdev
#15416b9384b949 FreeBSD: taskq: Remove unused declaration
Obtained from: OpenZFS
OpenZFS commit: 797f55ef12
During testing at a recent IETF NFSv4 Bakeathon, a non-FreeBSD
server was rebooted. After the reboot, the FreeBSD client sent
an Open/Claim_previous with a Getattr after the Open in the same
compound. The Open/Claim_previous was done to recover the Open
and a Delegation for for a file. The Open succeeded, but the
Getattr after the Open failed with NFSERR_DELAY. This resulted
in the FreeBSD client retrying the entire RPC over and over again,
until the server's recovery grace period ended. Since the Open
succeeded, there was no need to retry the entire RPC.
This patch modifies the NFSv4 client side recovery Open/Claim_previous
RPC reply handling to deal with this case. With this patch, the
Getattr reply of NFSERR_DELAY is ignored and the successful Open
reply is processed.
This bug will not normally affect users, since this non-FreeBSD
server is not widely used (it may not even have shipped to any
customers).
MFC after: 1 month
The dead_bpf_if is not subjected to be written. Make it const so that
on destructive writing to it the kernel will panic instead of silent
memory corruption.
No functional change intended.
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D42189
The following loader tunables do have corresponding sysctl MIBs but
with inconsistent naming. That may be historical reason. Let's prefer
consistent naming for them so that it will be easier to maintain.
1. hw.dmar.timeout -> hw.iommu.dmar.timeout
2. hw.lapic_eoi_suppression -> hw.apic.eoi_suppression
3. hw.lapic_tsc_deadline -> hw.apic.timer_tsc_deadline
4. hw.x2apic_enable -> hw.apic.x2apic_mode
Those tunables are for field debugging, no need to keep old names for
compatibility.
Reviewed by: kib
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D42248
The sysctl knob 'vm.pmap.allow_2m_x_ept' is loader tunable and have
public document entry in security(7) but is fetched from kernel
environment 'hw.allow_2m_x_ept'. That is inconsistent and obscure.
As there is public security advisory FreeBSD-SA-19:25.mcepsc [1],
people may refer to it and use 'hw.allow_2m_x_ept', let's keep old
name for compatibility.
[1] https://www.freebsd.org/security/advisories/FreeBSD-SA-19:25.mcepsc.asc
Reviewed by: kib
Fixes: c08973d09c Workaround for Intel SKL002/SKL012S errata
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D42311
For NFSv4.1/4.2, there are two new options for the Open operation.
These two options use the file handle for the file instead of the
file handle for the directory plus a file name. By doing so, the
client code is simplified (it no longer needs the "nfsv4node" structure
attached to the NFS vnode). It also avoids problems caused by another
NFS client (or process running locally in the NFS server) doing a
rename or remove of the file name between the Lookup and Open.
Unfortunately, there was a bug (fixed recently by commit X)
in the NFS server which mis-parsed the Claim_Deleg_Cur_FH
arguments. To allow this patch to work with the broken FreeBSD
NFSv4.1/4.2 server, NFSMNTP_BUGGYFBSDSRV is defined and is set
when a correctly formatted Claim_Deleg_Cur_FH fails with NFSERR_EXPIRED.
(This is what the old, broken NFS server does, since it erroneously
uses the Getattr arguments as a stateID.) Once this flag is set,
the client fills in a stateID, to make the broken NFS server happy.
Tested at a recent IETF NFSv4 Bakeathon.
MFC after: 1 month
Support early printf for the ns8250 uart driver. Adding
options UART_NS8250_EARLY_PORT=0xYYY
options EARLY_PRINTF
to your kernel config will enable it. The code is rather simple minded,
so caveat emptor. This will enable printf before cninit. cninit
automatically disables this and switches to the real routine. It only
works for port-mapped COM ports, and only if you know the port's address
at compile time. It's intended for be a debugging aide, not a general
purpose thing.
Sponsored by: Netflix
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D42306
Unlike MSI-X, when a device uses multiple MSI interrupts, the entire
group of interrupts are enabled/disabled at once in the relevant PCI
config register. Currently, the interrupt code enables the IDT vector
for each MSI interrupt when a handler is first registered. If the PCI
device triggers an MSI interrupt which doesn't yet have a handler,
this can trigger a panic when the Xrsvd ISR executes rather than
treating it as a stray device interrupt.
To fix, enable all the IDT vectors for an MSI group when the first
interrupt handler is configured, and don't disable the IDT vectors
until the last interrupt handler for the group is torn down.
When migrating an MSI group between CPUs, enable/disable the entire
group of IDT vectors if at least one interrupt handler is configured
for the group.
Reported by: jhay
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D42232
In the zfs_id_over*quota functions, there is a short-circuit to skip
the zap_lookup when the quota zap does not exist. If quotas are never
used in a zpool, then the quota zap will never exist. But if
user/group/project quotas are ever used, the zap objects will be
created and will persist even if the quotas are deleted.
The quota zap_lookup in the write path can become a bottleneck for
write-heavy small I/O workloads. Before this commit, it was not
possible to remove this lookup without creating a new zpool.
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Sam Atkinson <samatk@amazon.com>
Closes#14721
