HBSD: Make sure the kinfo_file struct always gets zeroed
Similar to FreeBSD commit 25cc459286a02b646751541ccde5a33319471c73,
apply a memset in one of the core functions used to fill the structure.
This ensures that all kinfo_file structure allocations are zeroed (at
least, at the point of calling shm_fill_kinfo_locked).
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
MFC-to: 15-STABLE
netinet: remove _WANT_INPCB and _WANT_TCPCB
These were hacks since FreeBSD 12 that provided some transition period for
utilities to migrate from reading kernel memory via kvm(3) to sysctl(3)
based APIs. The transition period is over.
tcp: make sack_filter.c compilable without _WANT_TCPCB
This file can be compiled as a standalone program for debugging purposes.
Achieve that without exposing hack from tcp_var.h that is destined for
removal.
systat: remove kvm(3) support for -netstat mode
The kvm(3) mode was actually non-functional since FreeBSD 8 for kernels
with VIMAGE, since FreeBSD 12 for the GENERIC kernel and since FreeBSD 14
for all kernels. The reason for that is that systat(1) tried to lookup
symbol "tcb" to check if kvm(3) is working. The symbol no longer exist in
the kernel.
A side effect was that systat(1) lost true kvm(3) support for all other
modes, e.g. -swap or -pigs. The tool was still working, but libkvm was
just a shim to sysctl(3) API.
So, contrary to what the header line says, this change actually restores
the kvm(3) support for other modes. Now we read the "allproc" symbol.
This was the last tool that abused _WANT_INPCB.
carp: retire ioctl(2) API
All supported stable branches use netlink(4) API to configure carp(4).
The deleted code also has kernel stack leak vulnerability, that requires
extra effort to fix.
Reviewed by: pouria, kp
Differential Revision: https://reviews.freebsd.org/D55804
fusefs: redo vnode attribute locking
Previously most fields in fuse_vnode_data were protected by the vnode
lock. But because DEBUG_VFS_LOCKS was never enabled by default until
stable/15 the assertions were never checked, and many were wrong.
Others were missing. This led to panics in stable/15 and 16.0-CURRENT,
when a vnode was expected to be exclusively locked but wasn't, for fuse
file systems that mount with "-o async".
In some places it isn't possible to exclusively lock the vnode when
accessing these fields. So protect them with a new mutex instead. This
fixes panics and unprotected field accesses in VOP_READ,
VOP_COPY_FILE_RANGE, VOP_GETATTR, VOP_BMAP, and FUSE_NOTIFY_INVAL_ENTRY.
Add assertions everywhere the protected fields are accessed.
Lock the vnode exclusively when handling FUSE_NOTIFY_INVAL_INODE.
During fuse_vnode_setsize, if the vnode isn't already exclusively
locked, use the vn_delayed_setsize mechanism. This fixes panics during
[13 lines not shown]
hwpmc_amd: fix amd_get_msr() MSR offset for newer counter bases
The previous code subtracted AMD_PMC_PERFCTR_0 (0xC0010004) from all
perfctr MSR addresses to compute a relative offset. This is incorrect
for counters using AMD_PMC_CORE_BASE (0xC0010200), AMD_PMC_L3_BASE
(0xC0010230), and AMD_PMC_DF_BASE (0xC0010240), producing wrong offsets.
Fix by promoting amd_core_npmcs, amd_l3_npmcs, and amd_df_npmcs to
static module-level variables and computing the correct flat RDPMC
index per AMD BKDG 24594 page 440:
ECX 0-5: Core counters 0-5
ECX 6-9: DF counters 0-3
ECX 10-15: L3 Cache counters 0-5
ECX 16-27: DF counters 4-15
ECX > 27: Reserved, returns EINVAL
Reviewed by: Ali Mashtizadeh <ali at mashtizadeh.com>, mhorne
Sponsored by: NLINK (https://nlink.com.br), Recife, Brazil
[2 lines not shown]
shm: Zero struct kinfo_file in sysctl handler
Reported by: Calif.io in collaboration with Claude and Anthropic Research
Reviewed by: jhb
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D55806
