asmc: use `ASMC_FAN_FUNCS2` with the Macmini4,1
The Macmini4,1 model does not have "fansafespeed" support. This issue
typically manifests with messages like so:
```
asmc0: asmc_key_read for key F0Sf failed 10 times, giving up
```
Swap out `ASMC_FAN_FUNCS` with `ASMC_FAN_FUNCS2` to explicitly drop
"fansafespeed" checks in the driver for the model as it doesn't support
that hardware feature.
MFC after: 1 week
Reported by: @probonopd
Closes: https://github.com/helloSystem/ISO/issues/357
ipfilter: Fix possible overrun
The destination buffer is FR_GROUPLEN (16 bytes) in length. When
gname is created, the userspace utilities correctly use FR_GROUPLEN
as the buffer length. The kernel should also limit its copy operation to
FR_GROUPLEN bytes to avoid any user written code from exploiting this
vulnerability.
Reported by: Ilja Van Sprundel <ivansprundel at ioactive.com>
(cherry picked from commit e40817302ebdf89df2f3bcd679fb7f2a18c244dc)
ipfilter: Interface name must not extend beyond end of buffer
sifpidx (an interface name) cannot extend beyond the end of the
fr_names buffer.
We do the validation for fr_sifpidx here because it is a union that
contains an offset only when fr_sifpidx points to an interface name,
an offset into fr_names. The union is an offset into fr_names in this
case only.
interr_tbl now becomes a static variable outside a function to facilitate
its use by two functions within fil.c
Note that sifpidx is only used in ipf_sync() which implments ipf -y.
Reported by: Ilja Van Sprundel <ivansprundel at ioactive.com>
MFC after: 1 week
(cherry picked from commit 47fb51847fdea3f1cce841b5f2bbbcd6f8a04ee0)
ipfilter: Interface name must not extend beyond end of buffer
sifpidx (an interface name) cannot extend beyond the end of the
fr_names buffer.
We do the validation for fr_sifpidx here because it is a union that
contains an offset only when fr_sifpidx points to an interface name,
an offset into fr_names. The union is an offset into fr_names in this
case only.
interr_tbl now becomes a static variable outside a function to facilitate
its use by two functions within fil.c
Note that sifpidx is only used in ipf_sync() which implments ipf -y.
Reported by: Ilja Van Sprundel <ivansprundel at ioactive.com>
MFC after: 1 week
(cherry picked from commit 47fb51847fdea3f1cce841b5f2bbbcd6f8a04ee0)
ipfilter: Fix possible overrun
The destination buffer is FR_GROUPLEN (16 bytes) in length. When
gname is created, the userspace utilities correctly use FR_GROUPLEN
as the buffer length. The kernel should also limit its copy operation to
FR_GROUPLEN bytes to avoid any user written code from exploiting this
vulnerability.
Reported by: Ilja Van Sprundel <ivansprundel at ioactive.com>
(cherry picked from commit e40817302ebdf89df2f3bcd679fb7f2a18c244dc)
ipfilter: Interface name must not extend beyond end of buffer
sifpidx (an interface name) cannot extend beyond the end of the
fr_names buffer.
We do the validation for fr_sifpidx here because it is a union that
contains an offset only when fr_sifpidx points to an interface name,
an offset into fr_names. The union is an offset into fr_names in this
case only.
interr_tbl now becomes a static variable outside a function to facilitate
its use by two functions within fil.c
Note that sifpidx is only used in ipf_sync() which implments ipf -y.
Reported by: Ilja Van Sprundel <ivansprundel at ioactive.com>
MFC after: 1 week
(cherry picked from commit 47fb51847fdea3f1cce841b5f2bbbcd6f8a04ee0)
ipfilter: Fix possible overrun
The destination buffer is FR_GROUPLEN (16 bytes) in length. When
gname is created, the userspace utilities correctly use FR_GROUPLEN
as the buffer length. The kernel should also limit its copy operation to
FR_GROUPLEN bytes to avoid any user written code from exploiting this
vulnerability.
Reported by: Ilja Van Sprundel <ivansprundel at ioactive.com>
(cherry picked from commit e40817302ebdf89df2f3bcd679fb7f2a18c244dc)
bhyve: fix USB mouse requests
USB HCI requests may not include HCI transfer block structures (i.e.,
xfer->data[] == NULL), but in several places, the USB mouse emulation
code assumes one will exist. This can lead to a NULL pointer dereference
and a SEGV in the bhyve process as observed via experiments with an
Ubuntu guest and PyUSB code. Note that many of the cases processing
other request types already checked for data == NULL.
While in the neighborhood, fix a typo in the loop iterating over the
usb_data_xfer_block array which used the wrong variable to check for
valid data (idx vs. i).
Reported by: danmcd at edgecast.io
Obtained from: SmartOS
MFC after: 1 week
Relnotes: yes
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D54661
bhyve: Fix unchecked stream I/O in RFB handler
Convert rfb_send_* helpers to return status codes and check their
results. Add missing checks for stream_read() and stream_write() returns
during the handshake in rfb_handle() to avoid acting on failed I/O.
Signed-off-by: Hayzam Sherif <hayzam at gmail.com>
Reviewed by: markj
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D55343
icmp6: clear csum_flags on mbuf reuse
When icmp6 sends an ICMPv6 message, it reuses the mbuf of the packet
that triggered the ICMPv6 message and prepends an IPv6 and ICMPv6
header. For a locally generated packet with checksum offloading, the
mbuf still has csum_flags set indicating that a SCTP/TCP/UDP checksum
has to be computed and inserted. Since this not the case anymore,
csum_flags need to be cleared.
PR: 293227
Reviewed by: kp, zlei, tuexen
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D55367
(cherry picked from commit ada4dc77577f7162353e8c2916ba5c258b6210f0)
(cherry picked from commit 0a87ae18331d5c52dde1e5a4f13ee577e8e5e188)
Merge commit bfb276e55c76 from upstream OpenZFS (by Jessica Clarke)
Once upon a time, 32-bit PowerPC did indeed have a 32-bit time_t, but
FreeBSD 12.0 switched to a 64-bit time_t for PowerPC as an ABI break,
which predates the addition of FreeBSD support to OpenZFS. Moreover,
64-bit PowerPC has existed since FreeBSD 9.0, where __powerpc__ is also
defined (alongside __powerpc64__ to disambiguate), which has always had
a 64-bit time_t. This code has therefore always been wrong for all
PowerPC variants. Fix this by limiting the 32-bit case to just i386,
which is the only architecture in FreeBSD to have a 32-bit time_t and
not have broken ABI, due to its special legacy compatibility status.
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Signed-off-by: Jessica Clarke <jrtc27 at jrtc27.com>
Closes #18217
Closes #18218
Reported by: fuz
[4 lines not shown]
OptionalObsoleteFiles: Don't mark /usr/lib/debug/boot directory obsolete
The intent of the currect code is to ignore anything under
/usr/lib/debug/boot/*. But we also should make sure that
/usr/lib/debug/boot directory is also ignored and is not marked
obsolete. If we don't do that, `make DBATCH_DELETE_OLD_FILES
delete-old` will try to rmdir(1) this directory, which will cause an
error, since /usr/lib/debug/boot may have nested directories like
kernel/ and modules/.
Reviewed by: markj
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D55077
icmp6: clear csum_flags on mbuf reuse
When icmp6 sends an ICMPv6 message, it reuses the mbuf of the packet
that triggered the ICMPv6 message and prepends an IPv6 and ICMPv6
header. For a locally generated packet with checksum offloading, the
mbuf still has csum_flags set indicating that a SCTP/TCP/UDP checksum
has to be computed and inserted. Since this not the case anymore,
csum_flags need to be cleared.
PR: 293227
Reviewed by: kp, zlei, tuexen
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D55367
(cherry picked from commit ada4dc77577f7162353e8c2916ba5c258b6210f0)
vmm: Add privilege checks to vmmctl operations
In preparation for supporting creation of VMs by unprivileged users, add
some restrictions:
- Disallow creation of non-transient VMs by unprivileged users. That
is, if an unprivileged user creates a VM, the VM must be destroyed
automatically once the last fd referencing it is gone.
- Disallow destroying VMs created by a different user, unless the caller
has the PRIV_VMM_DESTROY privilege.
Reviewed by: bnovkov
MFC after: 2 months
Sponsored by: The FreeBSD Foundation
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54740
vmm: Enable unprivileged bhyve
- Add the vmm group.
- Let /dev/vmmctl belong to the vmm group by default, and give group
write permissions.
- When creating a VM's device files, make them owned by the creating
process' effective UID.
Reviewed by: bnovkov
MFC after: 2 months
Sponsored by: The FreeBSD Foundation
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54741
vmm: Start using exterror
For now, just describe the error where an unprivileged user attempts to
run a VM without DESTROY_ON_CLOSE semantics, i.e., monitor mode.
Reviewed by: bnovkov
MFC after: 2 months
Sponsored by: The FreeBSD Foundation
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54743
vmm.4: Add information on VM access control
Add a section to vmm.4 explaining how vmm device file ownership works.
MFC after: 2 months
Sponsored by: The FreeBSD Foundation
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54742
