ipfilter: Avoid negative array indicies
Array indices must always be posive. We avoid this by making each index
unsigned. This mitigates out-of-bounds reads and writes.
Reported by: Ilja Van Sprundel <ivansprundel at ioactive.com>
Reviewed by: glebius
MFC after: 3 days
Differential revision: https://reviews.freebsd.org/D55260
capsicum-tests: remove Linux support
Now that this project is part of freebsd-src, it no longer needs to be
portable. Remove Linux-only tests, cross-os compatibility code, and
compatibility with older FreeBSD versions. Leave in place some
originally Linux-only tests that could now be ported to FreeBSD, like the
pipe2 tests.
Sponsored by: ConnectWise
Reviewed by: oshogbo
Differential Revision: https://reviews.freebsd.org/D54985
netlink: force uninline of nl_receive_message()
The entire netlink(4) message processing thread is all inlined into
nl_taskqueue_handler() making it difficult to dtrace(1) on a message
level.
bhyve: Propagate errors from rfb_recv_* functions
Update rfb_recv_* functions to return -1 on failure and 0 on success.
Update rfb_handle to check these return values and drop the connection
if an error occurs.
Signed-off-by: Hayzam Sherif <hayzam at gmail.com>
Reviewed by: markj
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
syslogd: Improve handling of configuration errors
Make parse_selector() print a warning to stderr and continue parsing the
config if it encounters an invalid facility or priority. Note that
because the parsing is done from a casper service, there isn't a good
mechanism to log errors; the warnings are visible only when syslogd is
started in debug mode.
Reported by: Doug Hardie <bc979 at lafn.org>
MFC after: 1 week
Fixes: f4b4a10abb26 ("syslogd: Move selector parsing into its own function")
Reviewed by: jfree, jlduran, eugen, delphij
Differential Revision: https://reviews.freebsd.org/D55033
pdrfork(2) tests: enable on x86
Use pfrfork_thread(3) instead of pdrfork(RFSPAWN) to make tests working
on x86.
Tested by: pho
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D55306
pdrfork(2) tests: should wait for the child to exit
Tested by: pho
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D55306
pdrfork(2): do require RFPROCDESC | RFPROC
when RFSPAWN is not specified, as stated in the man page.
rfork(2) cannot modify non-curproc, which is why RFPROC is required,
the syscall cannot act on arbitrary process descriptor.
If RFPROCDESC is not specified, the syscall does not make sense,
use rfork(2).
Reported and tested by: pho
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D55306
pdfork.2: add EFAULT as possible error, explain some consequences of it
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D55306
pdrfork(2) tests: do not rely on (int *)-1 being invalid address
Explicitly mmap guard and use it as the invalid address instead.
Tested by: pho
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D55306
powerpc: document the magic constants for 16MB page size
After discussion with jhibbits@, we pulled out what is supported here
and how it's supported.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55093
powerpc: enable HPT superpages by default
It's time to flip these on and see if anything happens in -HEAD.
It can be turned back off before 16.0-RELEASE if there are problems.
Reviewed by: jhibbits
Differential Revision: https://reviews.freebsd.org/D55071
sys/netinet6: Use atomic(9) for dad_failures counter
Replace counter(9) usage with more lightweight atomic(9) in the
code handling RFC 7217 SLAAC address generation.
Also, use `u_int` types with this. Leaving `dad_failures` local to
`in6_get_stableifid()` as a `uint64_t` to avoid changing the generated
addresses from previous code; this also gives some headroom for
future changes.
While here, moved some `#include` lines to adhere to style(9).
Reviewed by: glebius, jhibbits, jtl, zlei
Approved by: glebius, jtl, zlei
Differential Revision: https://reviews.freebsd.org/D52731
(cherry picked from commit 0c94dc9da7c238603e43c55ca6da64c417fc2204)
Reviewed by: glebius, kp, pouria, zlei
[3 lines not shown]
sys/netinet6: Fix ABI breakage introduced with RFC 7217 support
commit 31ec8b6407fdd5a87d70265762457c67ce618283 added a `dad_failures`
variable to `struct nd_ifinfo`, which broke the netowrking ABI.
This commit fixes it by moving such variable to `struct in6_ifextra`
which is not a public interface, while `struct nd_ifinfo` is back
in its original state.
Thanks to kib, markj and glebious for their help and suggestions
in solving this problem.
Reported by: "Herbert J. Skuhra" <herbert at gojira.at>
Tested by: "Herbert J. Skuhra" <herbert at gojira.at>
Approved by: glebius
Fixes: 31ec8b6407fdd5a87d70265762457c67ce618283
(cherry picked from commit 0ec13430c583830cc4d29640787e2d154b140e31)
[4 lines not shown]
sys/netinet6: Implement RFC 7217
Implement RFC 7217 (A Method for Generating Semantically Opaque
Interface Identifiers with IPv6 Stateless Address Autoconfiguration
(SLAAC)) in our IPv6 stack.
A new ifconfig `stableaddr` flag is added to enable the feature on
interfaces, which defaults to on or off for new interfaces based
on the sysctl `net.inet6.ip6.use_stableaddr` (off by default, so
this commit causes no change in behavior with default settings).
The algorithm follows the RFC in its logic, using SHA256-HMAC as
the algorithm to derive addresses so as to provide code that can
be leveraged by future implentations of RFC 8981, leveraging the
`hostuuid` as the secret.
The source of the hostidentifier can be configured using the sysctl
`net.inet6.ip6.stableaddr_netifsource`, while the number of retries
generating a new address in case of collision can be configured
[17 lines not shown]
sh.1: Fix ordering of Cm and Aq macros
MFC after: 3 days
Reviewed by: ziaee
Fixes: 2711852bd9ac (sh.1: Provide detailed job control documentation)
Differential Revision: https://reviews.freebsd.org/D55194
sh.1: Document the exit status of return
It's not obvious that if `exitstatus` is omitted,
the exit status of the function is taken from the last executed command.
MFC after: 3 days
Reviewed by: jilles, ziaee
Differential Revision: https://reviews.freebsd.org/D55026
vmm: Allow the use of PCI passthrough in a jail
After commit e11768e94787 ("vmm: Add PRIV_DRIVER checks for passthru
ioctls"), it is not possible to use PCI passthru from jails, as
PRIV_DRIVER is not granted to jails. Apparently some users expect this
to work, understanding that jailing bhyve provides little security
benefit in this configuration.
I believe we should disable ppt access in jails even when allow.vmm is
configured. To provide an escape hatch for users, add a new
allow.vmm_ppt jail configuration knob, and check it when handling ppt
ioctls in jails. Also add a new PRIV_VMM_PPTDEV to replace the use of
PRIV_DRIVER.
PR: 292750
Reviewed by: corvink
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55066
bhyve: Fix a misleading error message
The ioctl might fail because it's run in a jail which doesn't have
permission to invoke ppt ioctls.
Reviewed by: jhb
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55070
