sys: add conf/std.debug, generic debugging options
The new sys/conf/std.debug contains the list of debugging options
enabled by default in -CURRENT, so they don't need to be listed
individually in every kernel config.
Introduce *-DEBUG variants of the major kernel configs.
(cherry picked and modified from commit 4f8f9d708e6a4143f3b178bfab10d0a9b75ba2fe)
Reviewed by: markj, imp, olce (previous version)
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46871
Bump lld LINKER_FREEBSD_VERSION for reproducibility fix
The upstream fix to make lld output for our EFI loaders reproducible
again was committed in 54521a2ff93a. Bump lld's LINKER_FREEBSD_VERSION
to be able to check this in the EFI loader Makefile.
MFC after: 3 days
(cherry picked from commit f97c7fdc59d252cc8611968ffac541d4b8342b8b)
release: basic-cloudinit improve default image
- Add the firstboot-freebsd-update package, as long as we do not have
pkgbase, this is needed
- Support SLAAC by default to complement DHCPv4 (use SYNCDHP instead)
Signed-off-by: Jose Luis Duran <jlduran at gmail.com>
(cherry picked from commit 120740221fd4a4577e63e6c279f9873cabe449d0)
nuageinit: tests: Cleanup
- Export NUAGE_FAKE_ROOTDIR only once
- Use the header section of the test to require the root user
- Use the PWD environment variable
- Set the root/sys shell as /bin/sh
- Use RFC 5737 reserved IP addresses
Signed-off-by: Jose Luis Duran <jlduran at gmail.com>
(cherry picked from commit e72457c4f5166eef2a27249e02f3c1e9a1cf852d)
nuageinit: Fix passwords
The hashed password usually contains a "$" sign, which, when used on a
shell, must be escaped. Also, the plain text password may contain
special characters that require escaping.
Add a quick fix by enclosing it in single quotes. Note that if the
plain text password contains a "'", it will still fail. This will be
properly fixed in later commits.
Some here documents require the document to be a string literal,
especially when passing invalid characters. Enclose it in single
quotes.
Signed-off-by: Jose Luis Duran <jlduran at gmail.com>
(cherry picked from commit b9ce743c5447e90c2c97f4d49e048c301f708527)
nuageinit: Replace os.execute with Lua libraries
Prefer posix.sys.stat's chmod() to os.execute(). While here, change the
name of the locals to be more descriptive.
Signed-off-by: Jose Luis Duran <jlduran at gmail.com>
(cherry picked from commit 9b2d92addc31ba6f5696c85d184a45d43e9073dc)
nuageinit: Silence an fstyp(8) warning
Silence a warning emitted by fread(3) in fstyp(8)'s read_buf(), when
detecting the file system type of the cloud-init device:
% fstyp /dev/iso9660/cidata
fstyp: fread: Invalid argument
cd9660
Also rephrase slightly a comment while here.
Signed-off-by: Jose Luis Duran <jlduran at gmail.com>
(cherry picked from commit d71e2c037c942dbe2a9fd2630d5cf155dd1bf7db)
nuageinit: Standardize user-facing error messages
Signed-off-by: Jose Luis Duran <jlduran at gmail.com>
(cherry picked from commit 38bb6f79e39a14ea99f559f59129a4cadf92b569)
nuageinit: Lua check and lint files
Mostly white space, style, and luacheck compliance.
Signed-off-by: Jose Luis Duran <jlduran at gmail.com>
(cherry picked from commit 504981357aa36365784458cfe8d9e23097bfac7b)
nuageinit: Standardize warning/error messages
Standardize the utilities from nuage.lua, to return nil on failure, plus
an error message as a second result, and some value different from nil
on success.
Make warnmsg() and errmsg() append "nuageinit: " by default. Pass an
optional second parameter as false to avoid printing this tag.
Signed-off-by: Jose Luis Duran <jlduran at gmail.com>
(cherry picked from commit 945632ca76117029e7bd1f46d17ccb378973daf7)
if_enc(4): Make enc_add_hhooks() void
As for the consumer `enc_add_hhooks()`, `hhook_add_hook()` will never
fail for the given parameters. Meanwhile, to build the module if_enc(4),
at least option INET or INET6 is required, so no need for the error
EPFNOSUPPORT.
No functional change intended.
Reviewed by: ae
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D46770
(cherry picked from commit 7643141e9314f1eac0d9ac08457410509e6829ad)
netstat: increase width of Netif column
The previous width of Netif (10 or 8) was too short for modern interface
names; make it 12, which is long enough to display "epair0a.1000".
This came up in practice with genet(4) interfaces, since the base
interface name is long enough that with the previous limit, VLAN
identifiers would be truncated at 1 character in the IPv6 output:
"genet0.100" becomes "genet0.1".
The width is now fixed, and doesn't depend on the address family,
because there's no reason that length of the interface name would vary
based on the AF.
Reviewed by: imp,zlei,Mina Galić
Pull Request: https://github.com/freebsd/freebsd-src/pull/1223
(cherry picked from commit d33b87e8cf91a6bcb5eac0ecc0371c1041c61050)
[6 lines not shown]
ObsoleteFiles.inc: Update after libpcap upgrade from 1.10.4 to 1.10.5
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 407a9cced68440ce86f1c5d86c57e6b4ec3e4618)
bhyve: improve bounds checks in hda_codec
The function hda_codec_command is vulnerable to buffer over-read, the
payload value is extracted from the command and used as an array index
without any validation.
Fortunately, the payload value is capped at 255, so the information
disclosure is limited and only a small part of .rodata of bhyve binary
can be disclosed.
The risk is low because the leaked information is not sensitive. An
attacker may be able to validate the version of the bhyve binary using
this information disclosure (layout of .rodata information, ex:
jmp_tables) before executing an exploit.
Reported by: Synacktiv
Reviewed by: christos, emaste
Security: HYP-13
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
[3 lines not shown]
vmm: Properly handle writes spanning across two pages in vm_handle_db
The vm_handle_db function is responsible for writing correct status
register values into memory when a guest VM is being single-stepped
using the RFLAGS.TF mechanism. However, it currently does not properly
handle an edge case where the resulting write spans across two pages.
This commit fixes this by making vm_handle_db use two vm_copy_info
structs.
Security: HYP-09
Reviewed by: markj
(cherry picked from commit 51fda658baa3f80c9778f3a9873fbf67df87119b)
vmm: avoid potential KASSERT kernel panic in vm_handle_db
If the guest VM emits the exit code VM_EXITCODE_DB the kernel will
execute the function named vm_handle_db.
If the value of rsp is not page aligned and if rsp+sizeof(uint64_t)
spans across two pages, the function vm_copy_setup will need two structs
vm_copyinfo to prepare the copy operation.
For instance is rsp value is 0xFFC, two vm_copyinfo objects are needed:
* address=0xFFC, len=4
* address=0x1000, len=4
The vulnerability was addressed by commit 51fda658baa ("vmm: Properly
handle writes spanning across two pages in vm_handle_db"). Still,
replace the KASSERT with an error return as a more defensive approach.
Reported by: Synacktiv
[7 lines not shown]
printf(): Save errno earlier.
The manual page says %m is replaced with “the string representation of
the error code stored in the errno variable at the beginning of the
call”. However, we don't actually save `errno` until fairly late in
`__vfprintf()`. Make sure it is saved before we do anything that
might perturb `errno`.
MFC after: 1 week
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D46718
(cherry picked from commit 74f1007fcc838501c74a633792c3f01833bf65e1)
date: Fix a few nits.
* Don't use `asprintf()` when `strdup()` can do the job just as well.
* Fix a couple of typos in a comment.
Fixes: eeb04a736cb9
MFC after: 3 days
Sponsored by: Klara, Inc.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D46533
(cherry picked from commit a8ddd1926a34fc20970d9ceaad71b31fc414b1c5)
date: Documentation nits.
* Fix spurious capitalization.
* Fix inconsistent quoting.
* Use `Dq` rather than ASCII double quotes.
[6 lines not shown]
locate.updatedb: Explicitly exit from trap code.
When a signal is trapped, the script continues after the trap code has
run, unless the trap code explicitly exits. In the particular case of
locate.updatedb, this is mostly harmless, except that the trap code is
executed twice (once for the signal and once when we reach the end of
the script), but it's still worth fixing.
Furthermore, install the trap as soon as we've created the temporary
directory, to minimize the window during which we can fail to clean up
after ourselves if interrupted.
While here, simplify the empty check at the end and make some minor
style tweaks.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D46475
[17 lines not shown]
igc: Add NVM/firmware prints and sysctl
This chipset suffered an (un)usual number of bugs and iterations. Let's
add our NVM/firmware code from e1000 and the similar igc_nvm function
from DPDK to keep track of issues.
Sponsored by: BBOX.io
(cherry picked from commit 33ed9bdca307bedb3d66a50ed7d4d7b4bf4acf39)
igc: Remove non-existent legacy absolute and packet timers
igc, derived from igb, does not use these registers. All interrupt
timing is governed by EITR or LLI and driven by write-back.
Sponsored by: BBOX.io
(cherry picked from commit a40ecb6f740530fb7e6a95e702113aa3fe24d975)
ixgbe: Switch if_sriov read/write back to ixgbe_mbx APIs
These are more succinct than jumping through the function pointers
directly and add some additional error handling.
(cherry picked from commit 1e3b1870ad2a426de6e3f5445211b698f20f7f1f)