kern: add a security knob to disable unprivileged access to kenv
We sometimes store sensitive things in the kenv that get zapped, but we
really shouldn't rely on that zapping to actually happen. Most
unprivileged processes don't really need to read from the kernel
environment in the first place, so add a knob that allows it to be
disabled.
Note that we consider jailed root to be unprivileged from this
perspective; they have their own meta/env concepts and we should
encourage users to take advantage of those for passing information to
jails.
"Hey we should do something about that": dch
Reviewed by: imp, ziaee, zlei (all slightly previous version)
Differential Revision: https://reviews.freebsd.org/D57697
amdsmu(4), acpi_spmc(4): Fix ordering of calls
The AMD SMU is supposed to be notified of suspension the SPMC has been,
and conversely on resume, as expressed in comments.
Fix the EVENTHANDLER(9) priorities used so that they match the
comments. Lower values indeed indicate higher priority in this
subsystem.
Reviewed by: obiwac
Fixes: 2c60fce365f4 ("amdsmu: Sleep entry/exit hints for PMFW")
Event: Halifax Hackathon 202606
Sponsored by: The FreeBSD Foundation
etcupdate: Recommend building when bootstrapping
Since building is no longer the default, add -b to the bootstrapping
examples as they are likely to be run with a tree that hasn't been
built.
MFC after: 1 week
Fixes: ddf6fad0295a ("etcupdate: Make nobuild the default")
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D57643
etcupdate: Warn if the tree hasn't been built
Warn the user before trying `make installetc` if etcupdate was invoked
without -b (or with -B) and it appears that `make buildetc` hasn't
already been run (which usually happens as part of `make buildworld`).
MFC after: 1 week
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D57504
RDMA: dma-mapping: use unsigned long for dma_attrs
Tested by: Wafa Hamzah <wafah at nvidia.com> (mlx5_ib)
Tested by: John Baldwin <jhb at FreeBSD.org> (iw_cxgbe)
Obtained from: Linux commit 00085f1efa387a8ce100e3734920f7639c80caa3
Sponsored by: Chelsio Communications
OFED: Implement ib_process_cq_direct
This is largely pulled from the original Linux commit to add cq.c.
Note that irq_poll is still not supported, but polling should now be
possible whereas it wasn't really before.
Tested by: Wafa Hamzah <wafah at nvidia.com> (mlx5_ib)
Tested by: John Baldwin <jhb at FreeBSD.org> (iw_cxgbe)
Obtained from: Linux commit 14d3a3b2498edadec344cb11e60e66091f5daf63
Sponsored by: Chelsio Communications
OFED: Use vmalloc() and vzalloc() in various places
This contains changes from the following Linux commits:
10313cbb9220 IPoIB: Allocate priv->tx_ring with vmalloc()
b1404069f644 IPoIB/cm: Use vmalloc() to allocate rx_rings
948579cd8c6e RDMA: Use vzalloc() to replace vmalloc()+memset(0)
Tested by: Wafa Hamzah <wafah at nvidia.com> (mlx5_ib)
Tested by: John Baldwin <jhb at FreeBSD.org> (iw_cxgbe)
Sponsored by: Chelsio Communications
OFED: Use prandom_u32() to reduce diff with upstream
Tested by: Wafa Hamzah <wafah at nvidia.com> (mlx5_ib)
Tested by: John Baldwin <jhb at FreeBSD.org> (iw_cxgbe)
Sponsored by: Chelsio Communications
rtld: Check for -1 as an-end-of-section marker
rtld calls functions in the .init_array section one at a time, until
it finds a distinguished sentinel value. The C runtime does the same
thing (in crtend.c). However, that checks for the sentinel -1 and not
1. If one is using a linker that unifies .ctors and .init_array, then
rtld will miss the sentinel value. I believe the author of this code
intended to write -1 instead of 1. Indeed, changing the code to also
check for -1 prevents rtld from attempting to call a non-existent
function. The same is true of .dtors and .fini_array.
Signed-off-by: Daniel Levin <daniellevin2607 at gmail.com>
Reviewed by: kib
MFC after: 3 days
Pull Request: https://github.com/freebsd/freebsd-src/pull/2270
cd9660: Add various length checks when parsing RRIP extensions
Pass the length of a RockRidge attribute to the handler functions and
validate that length in each handler. If a parsing error is detected,
abort the entire parsing pass.
Reviewed by: des
Differential Revision: https://reviews.freebsd.org/D57136
acpi_ibm.4: Fix mic_led sysctl name
Fixes: 707347f88649 ("Add missing documentation for dev.acpi_ibm.0.mic_led added in r335304")
Event: Halifax Hackathon 202606
Sponsored by: The FreeBSD Foundation
acpi: Forbid requesting S4 when S4BIOS is not supported
Pending the OS-supported hibernate functionality, prevent requesting S4
when S4BIOS is not supported.
To this end, make sure that acpi_supported_stypes[] indicates that
POWER_STYPE_FW_HIBERNATE is not supported if 'acpi_s4bios_supported' is
false, even if S4 is supported by the platform (which is only
a power-down-like state, without any support to save the system image by
itself). This will cause requests to enter S4, which are translated to
POWER_STYPE_FW_HIBERNATE before reaching
acpi_ReqSleepState()/acpi_EnterSleepState(), to fail in this case.
Retire the 'hw.acpi.s4bios' sysctl knob, as having it to 0 by default
(S4BIOS not supported) or setting it to 0 (default is 1 when S4BIOS is
supported) could only lead, on a S4 request, to a power down without any
possibility to restore the system (and, since a recent commit, it has
not been possible anymore to force it to 1 when S4BIOS is not announced
supported in the FACS table, which would cause a failure or a crash).
[14 lines not shown]
libusb: implement zlp flag in libusb transfer
The USB protocol defines a Zero-Length Packet (ZLP) to signal the end of
a transfer when the data size is an exact multiple of the Maximum Packet
Size (MPS). Without a ZLP in such cases, the device may not be able to
determine that the transfer has completed.
This flag is added to libusb to allow the user send a ZLP in the end
of libusb_xfer.
Reviewed by: adrian
Sponsored by: The FreeBSD Foundataion
Differential Revision: https://reviews.freebsd.org/D51759
libusb: implement IAD parser
libusb provide functions to parse interface association descriptor. This
descriptor indicates that a function is composed by multiple interface
and which interfaces is associate to the target function. This
descriptor is not a separate USB require, instead, it comes with the
config descriptor.
Reviewed by: adrian
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50958
libusb: implement libusb_get_max_alt_packet_size
The libusb has a function to calculate the size from given interface,
alt_setting, endpoint. Implementing it by refactoring the calculating
function for libusb_get_max_iso_packet_size.
Reviewed by: adrian
Sponsored By: FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D51225
libusb: implement libusb_set_option
Implement libusb_set_option for API compatibility of libusb upstream
The implementation status of each option is as following:
LIBUSB_OPTION_LOG_LEVEL: just like libusb_set_debug
LIBUSB_OPTION_LOG_CB: add callback support for DPRINTF
LIBUSB_OPTION_NO_DEVICE_DISCOVERY: disable initialization of devd and
netlink when register. Also, create no thread when registration of
callback happens.
LIBUSB_OPTION_USE_USBDK: no needed as USBDK is for Windows
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50818
tests.7: Remove an unused configuration variable
No existing tests require it, and I cannot understand what kinds of test
scenarios are supposed to require it. Just remove it.
While here, improve the documentation of test variables a bit.
Reviewed by: ngie
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56604
(cherry picked from commit 6bd97b5f3778aa36bcf89ff870bb1483b301a9be)
