pf: relax sctp v_tag verification
pf was too strict when validating SCTP tags. When a server receives a
retransmitted INIT it will reply with a random initiate tag every time.
However, pf saves the first initiate tag and expects every subsequent INIT_ACK
retransmission to have the same tag. This is not the case, leading to endless
INIT/INIT_ACK cycles.
Allow the tag to be updated as long as we've not gone past COOKIE_WAIT.
Add a test case to verify this.
MFC after: 2 weeks
See also: https://redmine.pfsense.org/issues/16516
Sponsored by: Rubicon Communications, LLC ("Netgate")
kevent: Hold the knlist mutex when invoking f_event(NOTE_FORK)
In general f_event is supposed to be called with the knlist mutex held,
so lock it earlier to follow this protocol. Also make sure that the
update to kn_fflags is synchronized.
Lock the kqueue itself earlier in the case where the knote is activated,
to avoid locking and unlocking the kqueue twice.
PR: 291005
Reported by: Qiu-ji Chen <chenqiuji666 at gmail.com>
Reviewed by: kib
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D53762
(cherry picked from commit d795c753e262b97a93dc353aa66b858e1b1969d1)
kevent: Hold the knlist mutex when invoking f_event(NOTE_FORK)
In general f_event is supposed to be called with the knlist mutex held,
so lock it earlier to follow this protocol. Also make sure that the
update to kn_fflags is synchronized.
Lock the kqueue itself earlier in the case where the knote is activated,
to avoid locking and unlocking the kqueue twice.
PR: 291005
Reported by: Qiu-ji Chen <chenqiuji666 at gmail.com>
Reviewed by: kib
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D53762
(cherry picked from commit d795c753e262b97a93dc353aa66b858e1b1969d1)
libpfctl: improve error handling
If we fail to open /dev/pf don't try to close it again. That would result in
errno getting overwritten by close(), hiding potentially useful information.
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
kernel linker: Disable local sym resolution by default
In 95c20faf11a1 and ecd8245e0d77 kib introduced support to have the
kernel linker stop resolving local symbols from other files, but did
not enable it by default to avoid surprises. Flip the default now,
before FreeBSD 16.0.
The debug.link_elf_leak_locals and debug.link_elf_obj_leak_locals
sysctls are available to revert to the previous behaviour if necessary.
PR: 207898
Reviewed by: bz
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47742
pf: fix udp_mapping cleanup
If we fail to obtain a new source port (pf_get_sport()) while we've
created a udp_mapping (for 'endpoint independent nat') we must free the
udp_mapping in pf_get_sport(). Otherwise the calling function will call
pf_udp_mapping_release(). This will then attempt to remove the udp_mapping from
a list it's not in, and crash.
Actually free the udp_mapping in all failure cases. While here sprinkle in a few
more assertions to ensure we don't forget leak udp_mappings and add a test case
to provoke this problem.
Reviewed by: thj
MFC after: 1 week
See also: https://redmine.pfsense.org/issues/16517
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D53737
(cherry picked from commit c12013f5bb3819e64499f02ecd199a635003c7ce)
if_ovpn: use IFT_TUNNEL
IFT_ENC has special behaviour in pf we don't desire, and this also ensures that
for all interface types there is N:1:1 correspondence between if_type:dlt:header len.
Requested by: glebius
MFC after: 1 week
(cherry picked from commit ff9f76a206c80c263050816735d537a151ee2999)
if_ovpn: use IFT_TUNNEL
IFT_ENC has special behaviour in pf we don't desire, and this also ensures that
for all interface types there is N:1:1 correspondence between if_type:dlt:header len.
Requested by: glebius
MFC after: 1 week
(cherry picked from commit ff9f76a206c80c263050816735d537a151ee2999)
em(4): fix capability bounds needed to access checksum context.
Ensure the offp capability bounds cover entire struct with checksum fields.
This is needed for CHERI systems to avoid bounds violation trap, as
otherwise offp allowed to dereference 4 bytes of csum_flags field only
so bzero failed.
Tested on ARM Morello.
Reviewed by: kbowling
Discussed with: jrtc27
Sponsored by: CHERI Research Centre
Differential Revision: https://reviews.freebsd.org/D53903
nvme(4): Increase HMB alignment.
The NVME controller in Crucial P310 disk does not accept 16-byte aligned
host memory buffer on Codasip Prime platform, but works fine on PAGE_SIZE
aligned memory.
Instead of adding a quirk, just increase alignment for everyone.
Reviewed by: jhb
Discussed with: imp
Sponsored by: CHERI Research Centre
Differential Revision: https://reviews.freebsd.org/D53296
kern: Fix section name for embedded firmware blobs
In practice this just ends up as an orphan section and so is placed next
to .rodata-like sections, so it's pretty harmless, but not intended.
Fixes: a095390344fb ("Use a template assembly file for firmware object files.")
openssh: Don't attempt to connect to unsupported addresses
When iterating over known addresses for the requested target host name,
skip those that are not supported by the running kernel.
MFC after: 1 week
PR: 195231
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D53588
(cherry picked from commit 5818b6ee552b302f5300934f9b8cb94881867a5f)
openssh: Don't attempt to connect to unsupported addresses
When iterating over known addresses for the requested target host name,
skip those that are not supported by the running kernel.
MFC after: 1 week
PR: 195231
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D53588
(cherry picked from commit 5818b6ee552b302f5300934f9b8cb94881867a5f)
sh: Don't assume EINTR means SIGALRM
While waiting for input in the read builtin, if select() is interrupted
but there is no pending signal, we act like we timed out, and return the
same status as if we had been interrupted by SIGALRM, instead of looping
until we actually do time out.
* Replace the single select() call with a ppoll() loop.
* Improve validation of the timeout value. We now accept things like
"1h30m15s", which we used to silently truncate to "1h". The flip side
is that we no longer accept things like "1hour" or "5sec".
* Modify the existing `read -t 0` test case to verify that read returns
immediately when there is input and fails immediately when there isn't.
* Add a second test case which performs the same tests with a non-zero
timeout value.
[7 lines not shown]
sh tests: Fix racy test11.0
This was sometimes exiting while the child fifo was created resulting in
[ENOTEMPTY] from rm. The child fifo isn't needed, just sleep.
PR: 290837
Fixes: e31fb97148f ("read builtin: Empty variables on timeout")
MFC after: 3 days
(cherry picked from commit 5d55553e160a93788372785300f5bd07c2451f93)
openssh: Don't attempt to connect to unsupported addresses
When iterating over known addresses for the requested target host name,
skip those that are not supported by the running kernel.
MFC after: 1 week
PR: 195231
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D53588
(cherry picked from commit 5818b6ee552b302f5300934f9b8cb94881867a5f)
sh: Don't assume EINTR means SIGALRM
While waiting for input in the read builtin, if select() is interrupted
but there is no pending signal, we act like we timed out, and return the
same status as if we had been interrupted by SIGALRM, instead of looping
until we actually do time out.
* Replace the single select() call with a ppoll() loop.
* Improve validation of the timeout value. We now accept things like
"1h30m15s", which we used to silently truncate to "1h". The flip side
is that we no longer accept things like "1hour" or "5sec".
* Modify the existing `read -t 0` test case to verify that read returns
immediately when there is input and fails immediately when there isn't.
* Add a second test case which performs the same tests with a non-zero
timeout value.
[7 lines not shown]
sh tests: Fix racy test11.0
This was sometimes exiting while the child fifo was created resulting in
[ENOTEMPTY] from rm. The child fifo isn't needed, just sleep.
PR: 290837
Fixes: e31fb97148f ("read builtin: Empty variables on timeout")
MFC after: 3 days
(cherry picked from commit 5d55553e160a93788372785300f5bd07c2451f93)
stand: Rename ZFSSRC to SAZFSSRC to avoid confusion
ZFSSRC is abiguous on its surface and too clos to ZFSTOP, so rename it
to SAZFSSRC.
Sponsored by: Netflix
Reviewed by: tsoome
Differential Revision: https://reviews.freebsd.org/D53901
nuageinit: Add guards against empty user data
Add guards against attempting to process a user data file with an empty
first line or contents.
PR: 290395
Reviewed by: bapt (earlier), dtxdf, markj
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D53239
(cherry picked from commit 57d25b6333523491ac7a3e869bd5d16127203eed)
nuageinit: Add guards against empty user data
Add guards against attempting to process a user data file with an empty
first line or contents.
PR: 290395
Reviewed by: bapt (earlier), dtxdf, markj
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D53239
(cherry picked from commit 57d25b6333523491ac7a3e869bd5d16127203eed)
stand: Move from OZFS to ZFSTOP
Use ZFSTOP instead of OZFS. They are the saame thing.
Sponsored by: Netflix
Reviewed by: tsoome
Differential Revision: https://reviews.freebsd.org/D53900
setcred(): Remove an optimization for when cr_groups[0] was the egid
Because setcred() has (always) treated the effective GID separately from
the supplementary groups, when cr_groups[0] was storing the effective
GID, it internally needed to build an array containing both the
effective GID and the specified supplementary groups to eventually call
crsetgroups_internal().
As kern_setcred() was only used to actually implement
user_setcred()/sys_setcred(), which need to allocate a buffer to copy in
the userland groups array into, some optimization was put in place where
these would allocate an array with one more element than
'wc_supp_groups', copyin() the latter into the subarray starting at
index 1 and pass the pointer to the whole array to kern_setcred() in
'preallocated_groups'. This would allow kern_setcred() not to have to
allocate memory again to make room for the additional effective GID.
Since commit be1f7435ef21 ("kern: start tracking cr_gid outside of
cr_groups[]"), crsetgroups_internal() only takes supplementary groups,
[8 lines not shown]
mdo(1): Avoid calling getgroups() in some unnecessary cases
If the basis for supplementary groups are the current ones, we do not
need to fetch them when they are to be replaced entirely (which we
already have been doing), as in the '!start_from_current_groups' case,
but specifically also when they are not going to be touched at all.
This change in passing makes the modified code block's comment saying
that SETCREDF_SUPP_GROUPS need not be set here correct.
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53771
irdma(4): fix potential memory leak on qhash cqp operation
It was found that in some circumstances when launching
non-waiting create qhash cqp operation the refcount on
the cqp_request may be not properly decremented leading to a memory
leak.
Signed-off-by: Bartosz Sobczak <bartosz.sobczak at intel.com>
Reviewed by: anzhu_netapp.com
Tested by: mateusz.moga_intel.com
Approved by: kbowling (mentor)
MFC after: 1 week
Sponsored by: Intel Corporation
Differential Revision: https://reviews.freebsd.org/D53732