dtrace: Fix DOF section-specific validation
The entry size of the probe section is assumed to be at least
sizeof(dof_probe_t) by the loop further below.
enoff_sec->dofs_entsize was not being validated at all.
When multiplying an index by a table entry size, make sure the
multiplication can't overflow.
Fix an off-by-one when validating the translated probe argument array.
Make sure that the probe argument argvs are valid string offsets
even if the argument count is zero.
Reviewed by: christos
MFC after: 2 weeks
Sponsored by: CHERI Research Centre
Differential Revision: https://reviews.freebsd.org/D57979
dtrace: Improve DOF string table validation
The check for a nul terminator implicitly assumes that the section size
is positive. Make the assumption explicit.
Reviewed by: christos
MFC after: 2 weeks
Sponsored by: CHERI Research Centre
Differential Revision: https://reviews.freebsd.org/D57977
dtrace: Fix DOF section bounds validation
We must ensure that each DOF section does not overlap with the DOF
header or section table. Otherwise the relocations processed in the
second pass over sections can manipulate DOF metadata, leading to OOB
writes.
Reviewed by: christos
MFC after: 2 weeks
Sponsored by: CHERI Research Centre
Differential Revision: https://reviews.freebsd.org/D57976
dtrace: Improve DOF section size validation
The loop which validates each DOF section assumes that the section
header is present, so the section size must be at least as large as the
header, otherwise a small OOB access is possible.
Reviewed by: christos
MFC after: 2 weeks
Sponsored by: CHERI Research Centre
Differential Revision: https://reviews.freebsd.org/D57975
ee: Handle EINTR when waiting for a character
Otherwise one can't easily attach gdb to ee.
Reviewed by: bapt
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57997
ee: Improve handling of malformed UTF-8 characters
In delete(), when copying the deleted character to the d_char buffer,
don't assume that it fits. utf8_prev() may return a sequence of more
than 5 bytes.
In insert_utf8(), fix the copy-up of the line. We extended the line by
"len" bytes, so "temp" has to be repositioned accordingly. Compare with
plain insert().
Use sizeof when copying to buffers instead of hard-coding buffer sizes.
Don't dynamically allocate d_char, there is no need.
Fixes: 62fba0054d9e ("ee: add unicode support")
Reported by: Sayono Hiragi (overflow in delete())
Reviewed by: bapt
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57996
jaildesc: Publish the new fd only after the jaildesc is initialized
jaildesc_alloc() finishes initializing the file structure only after it
is made visible from the file descriptor table via finit(). In that
window, other threads could try to perform operations on the descriptor
and thus access an incompletely initialized jaildesc.
Defer the finit() call until locks are initialized. While here,
simplify the error path for falloc_caps().
Reported by: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li,
and Ke Xu from Tsinghua University using GLM-5.2 from Z.ai
Reviewed by: jamie
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D58049
inotify: Unconditionally generate IN_IGNORED events for files/dirs
The implementation previously only generated an IN_IGNORED event for a
deleted watched file if the watch explicitly requested IN_DELETE_SELF.
This is not correct, IN_IGNORED should always be raised when the watched
subject is deleted. Adjust the implementation of inotify_log_one()
accordingly.
This also fixes a problem where a deleted watched file's watch
would not be removed if IN_DELETE_SELF was not in the watch's event
mask, in which case the unlinked vnode would linger until the inotify
descriptor itself is closed.
Add a regression test.
Reported by: jrtc27
Reviewed by: jrtc27
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D58050
libc/resolv: Add no-debug and no-rotate options
These are simply the reverse of the debug and rotate options.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57926
libc/resolv: Reimplement the sortlist parser
When we switched from the BIND4 resolver to the BIND9 resolver, the
sortlist parser was inadvertently disabled due to a missing #define, and
nobody seemed to notice. The sorting code remained enabled in the
resolver, but there was no way to set a sort order.
Reimplement the sortlist parser, but correctly, and update the manual
accordingly. The new parser accepts IPv4 and IPv6 addresses with or
without a mask or prefix length, just like the old one, except IPv6
support was a bit wonky in the original code.
Fixes: 5342d17f09a8 ("Update the resolver in libc to BIND9's one.")
Relnotes: yes
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57925
libc/resolv: Refactor the configuration parser
This was previously all a single loop in res_init(), apart from option
parsing which we cleaned up in a previous commit. Break it out into
separate functions for reading the configuration line by line, setting
the default domain, setting the search list, and adding a nameserver
to the nameserver list. Sprinkle bounds checks and code comments all
around.
The sortlist code, which has been disabled for the past 20 years, will
be dealt with in a separate commit.
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57924
libc/resolv: Refactor the option parser
Start the loop by finding the end of the option name, the name-value
separator (if any), and the end of the option. Use those pointers to
simplify matching the option name and parsing the option value, and
validate option names and values more strictly. This means that:
* We no longer accept trailing garbage in an option name or value. For
instance, we would previously interpret “edns0123” as “edns0” and
“timeout:3xyz” as “timeout:3”. This was actually quite lucky because
we also failed to recognize the newline at the end of the option line
as a whitespace character.
* For options that take a numerical argument, we would previously accept
negative values and treat non-numerical arguments as 0, while large
numerical arguments would be capped to the option's maximum permitted
value. Now, any failure to parse the argument, including overflow,
results in the option being left unchanged.
[4 lines not shown]
resolver(5): Overhaul
* Modernize the markup
* Describe the comment syntax
* Drop obsolete advice
* Capitalize sentences
* Improve the language
* Replace no_tld_query with no-tld-query; both are supported, but all the
other multi-word options use hyphens rather than underscores.
* Add missing ENVIRONMENT section
* Redo the example
[3 lines not shown]
sound: track kqueue low watermark per-knote for mmaped channels
Use kn->kn_sdata to track the last bs->total value for each knote
attached to an mmaped channel. An event is delivered only when the total
byte counter has advanced by at least c->lw since the last delivery.
After delivery kn_sdata is updated to the current total.
Each knote tracks its own watermark independently, so multiple knotes
attached to the same mmaped channel all receive events correctly.
Non-mmap channels keep the existing level-triggered behavior via
chn_polltrigger().
MFC after: 1 week
Reviewed by: christos
Differential Revision: https://reviews.freebsd.org/D57833
net-mgmt/uptime-kuma: new port - easy self-hosted monitoring
To save unnecessary space, substantial pruning of npm detritus was done.
Please report any errors and issues via the usual channels.
Sponsored by: SkunkWerks, GmbH
Differential Revision: https://reviews.freebsd.org/D57369
ibcore: Fix GID sysctl fallback formatting
When a GID table entry is empty or not yet present in the cache,
show_port_gid() falls back to printing a zero GID. Use the existing
GID_PRINT_FMT/GID_PRINT_ARGS helpers instead of Linux's %pI6 format,
which FreeBSD printf treats as a pointer followed by "I6".
This makes empty GID sysctl entries consistently report
0000:0000:0000:0000:0000:0000:0000:0000.
Tested by: Wafa Hamzah <wafah at nvidia.com> (mlx5_ib)
Reviewed by: jhb, kib
Sponsored by: NVIDIA Networking
Fixes: 6a75471dbcf0 ("OFED: Various changes from Linux 4.19")
Differential Revision: https://reviews.freebsd.org/D58042
net/rsync: Add back the FLAGS option
This restores support for copying file flags and fixes a long-standing
peeve of mine by renaming the command-line option to --file-flags,
better matching the naming style of other rsync options. Full backward
compatibility is maintained, including with older servers.
Reviewed by: rodrigo
Differential Revision: https://reviews.freebsd.org/D57645
devel/pecl-msgpack: reinstate IGNORE_WITH_PHP=86
Dependency devel/pecl-APCu is not yet available for php86.
Please make sure you test the port in the php86 flavour before
reenabling the option.
Fixes: 4390d463875b81a5948541e3b27275d30aad54e2
Approved by: portmgr (build fix blanket)
sysutils/podman: Fix build by blocking fetching newer go over network
Go insists on trying to download a newer toolchain, as the default is currently 1.24,
and this version of podman requires 1.25 or newer. The MAKE_ENV flag is described
here in nauseating detail https://go.dev/doc/toolchain .