bhyve: fix USB mouse requests
USB HCI requests may not include HCI transfer block structures (i.e.,
xfer->data[] == NULL), but in several places, the USB mouse emulation
code assumes one will exist. This can lead to a NULL pointer dereference
and a SEGV in the bhyve process as observed via experiments with an
Ubuntu guest and PyUSB code. Note that many of the cases processing
other request types already checked for data == NULL.
While in the neighborhood, fix a typo in the loop iterating over the
usb_data_xfer_block array which used the wrong variable to check for
valid data (idx vs. i).
Reported by: danmcd at edgecast.io
Obtained from: SmartOS
MFC after: 1 week
Relnotes: yes
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D54661
bhyve: Fix unchecked stream I/O in RFB handler
Convert rfb_send_* helpers to return status codes and check their
results. Add missing checks for stream_read() and stream_write() returns
during the handshake in rfb_handle() to avoid acting on failed I/O.
Signed-off-by: Hayzam Sherif <hayzam at gmail.com>
Reviewed by: markj
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D55343
icmp6: clear csum_flags on mbuf reuse
When icmp6 sends an ICMPv6 message, it reuses the mbuf of the packet
that triggered the ICMPv6 message and prepends an IPv6 and ICMPv6
header. For a locally generated packet with checksum offloading, the
mbuf still has csum_flags set indicating that a SCTP/TCP/UDP checksum
has to be computed and inserted. Since this not the case anymore,
csum_flags need to be cleared.
PR: 293227
Reviewed by: kp, zlei, tuexen
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D55367
(cherry picked from commit ada4dc77577f7162353e8c2916ba5c258b6210f0)
(cherry picked from commit 0a87ae18331d5c52dde1e5a4f13ee577e8e5e188)
Merge commit bfb276e55c76 from upstream OpenZFS (by Jessica Clarke)
Once upon a time, 32-bit PowerPC did indeed have a 32-bit time_t, but
FreeBSD 12.0 switched to a 64-bit time_t for PowerPC as an ABI break,
which predates the addition of FreeBSD support to OpenZFS. Moreover,
64-bit PowerPC has existed since FreeBSD 9.0, where __powerpc__ is also
defined (alongside __powerpc64__ to disambiguate), which has always had
a 64-bit time_t. This code has therefore always been wrong for all
PowerPC variants. Fix this by limiting the 32-bit case to just i386,
which is the only architecture in FreeBSD to have a 32-bit time_t and
not have broken ABI, due to its special legacy compatibility status.
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Signed-off-by: Jessica Clarke <jrtc27 at jrtc27.com>
Closes #18217
Closes #18218
Reported by: fuz
[4 lines not shown]
OptionalObsoleteFiles: Don't mark /usr/lib/debug/boot directory obsolete
The intent of the currect code is to ignore anything under
/usr/lib/debug/boot/*. But we also should make sure that
/usr/lib/debug/boot directory is also ignored and is not marked
obsolete. If we don't do that, `make DBATCH_DELETE_OLD_FILES
delete-old` will try to rmdir(1) this directory, which will cause an
error, since /usr/lib/debug/boot may have nested directories like
kernel/ and modules/.
Reviewed by: markj
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D55077
icmp6: clear csum_flags on mbuf reuse
When icmp6 sends an ICMPv6 message, it reuses the mbuf of the packet
that triggered the ICMPv6 message and prepends an IPv6 and ICMPv6
header. For a locally generated packet with checksum offloading, the
mbuf still has csum_flags set indicating that a SCTP/TCP/UDP checksum
has to be computed and inserted. Since this not the case anymore,
csum_flags need to be cleared.
PR: 293227
Reviewed by: kp, zlei, tuexen
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D55367
(cherry picked from commit ada4dc77577f7162353e8c2916ba5c258b6210f0)
vmm: Add privilege checks to vmmctl operations
In preparation for supporting creation of VMs by unprivileged users, add
some restrictions:
- Disallow creation of non-transient VMs by unprivileged users. That
is, if an unprivileged user creates a VM, the VM must be destroyed
automatically once the last fd referencing it is gone.
- Disallow destroying VMs created by a different user, unless the caller
has the PRIV_VMM_DESTROY privilege.
Reviewed by: bnovkov
MFC after: 2 months
Sponsored by: The FreeBSD Foundation
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54740
vmm: Enable unprivileged bhyve
- Add the vmm group.
- Let /dev/vmmctl belong to the vmm group by default, and give group
write permissions.
- When creating a VM's device files, make them owned by the creating
process' effective UID.
Reviewed by: bnovkov
MFC after: 2 months
Sponsored by: The FreeBSD Foundation
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54741
vmm: Start using exterror
For now, just describe the error where an unprivileged user attempts to
run a VM without DESTROY_ON_CLOSE semantics, i.e., monitor mode.
Reviewed by: bnovkov
MFC after: 2 months
Sponsored by: The FreeBSD Foundation
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54743
vmm.4: Add information on VM access control
Add a section to vmm.4 explaining how vmm device file ownership works.
MFC after: 2 months
Sponsored by: The FreeBSD Foundation
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54742
types.h: use central definition of offsetof()
Previously this broke if included after (sys/)stddef.h.
Reported by: des
Fixes: 2adc3f0db187 ("stddef.h: centralize definition of offsetof()")
libpfctl: Sort order of snl attribute parser
snl atttribute parsers must be sorted by type, so PF_GS_BCOUNTERS
(16) must follow PF_GF_PCOUNTERS (15). Fix ordering and add a call
to SNL_VERIFY_PARSERS.
Without this fix, byte counters reported by 'pfctl -s info' with
a loginterface are always zero.
PR: 291763
MFC after: 1 week
Reviewed by: kp
Signed-off-by: eborisch at gmail.com
(cherry picked from commit 363b57d579bafa8a52cfb5a1dcb98af821b1ecb6)
.github: support all stable branches
If this eventually poses a problem for unsupported branches we can fix
them directly.
Sponsored by: Innovate UK
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D53838
stddef.h: centralize definition of offsetof()
Move to sys/_offsetof.h and use __builtin_offsetof() instead of
__offsetof to avoid reintroducing sys/cdefs.h polution in stddef.h.
This has the side effect of allowing sys/stddef.h to be included after
stddef.h which can happen in compatability headers.
Effort: CHERI upstreaming
Sponsored by: DARPA, AFRL
Reviewed by: imp, kib
Differential Revision: https://reviews.freebsd.org/D55307
