param.h: Bump __FreeBSD_version for NFS api changes
Commits 171f66b0c2ca and 8e2a90ac8089 changed the internal
api between nfscommon.ko and the other nfs modules.
Bump __FreeBSD_version to 1500049 for this.
All NFS related modules must be rebuilt from up-to-date
sources.
HBSD: Fix the RTLD hardening regression
The RTLD wasn't actually calling sysctlbyname due to recent changes
regarding libsys. To fix this, we now embed our own version of
sysctlbyname into the RTLD.
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
(cherry picked from commit 323b8378538f7cb830f7ca573a954f8162dd5d23)
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
HBSD: Do not delete the boot environment if it already exists
If the creation of the boot environment fails due to it already
existing, do not delete the boot environment. Instead, just exit.
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
MFC-to: 14-STABLE
(cherry picked from commit d7dbbf7bf52a6c7e262f09d3ea3c291136449ee6)
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
HBSD: Check whether BSD.hardened.dist exists
We want to make sure that the mtree file exists before trying to apply
it.
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
MFC-to: 14-STABLE
X-MFC-with: ea0c19533e04a8839c267ffddd8fa37d08f19d7a
(cherry picked from commit 1a16765c8a2b6e0815751f50083abda677260c40)
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
HBSD: Disable security.bsd.see_jail_proc by default
Do not allow unprivileged users to see processes not in their own jails.
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
MFC-to: 14-STABLE
(cherry picked from commit 6c7e20a94fde03e38e0599dd051728f7e23685df)
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
pfctl: Move AF-specific mask logic from callers into set_ipmask()
Instead of doing the same dance with every caller, check for user provided
mask or address familiy specific maximum inside the function itself.
Feedback and OK claudio
Obtained from: OpenBSD, kn <kn at openbsd.org>, c04427dd30
Sponsored by: Rubicon Communications, LLC ("Netgate")
pfctl: Zap bits in host_v4(), use mask parameter
This avoids a duplicate strrchr() call and makes the function consistent
with host_v6() regarding mask handling.
While here, use the destination's size in memcpy instead of hardcoding its
type.
OK sashan
Obtained from: OpenBSD, kn <kn at openbsd.org>, a7ede25358
Sponsored by: Rubicon Communications, LLC ("Netgate")
pfctl: Zap v4mask and v6mask in host()
Simply defer checks whether a mask has been specified to where it's set in
host_*(); this is to reduce address family specific code.
OK sashan
Obtained from: OpenBSD, kn <kn at openbsd.org>, 17e25e9423
Sponsored by: Rubicon Communications, LLC ("Netgate")
pfctl: Use error label in host_if()
This brings it in line with host() and host_dns().
OK sashan miko
Obtained from: OpenBSD, kn <kn at openbsd.org>, d127311405
Sponsored by: Rubicon Communications, LLC ("Netgate")
pfctl: Simplify getaddrinfo() error handling
`error' is not used so drop it and jump to the end.
OK sashan
Obtained from: OpenBSD, kn <kn at openbsd.org>, da7f49d74e
Sponsored by: Rubicon Communications, LLC ("Netgate")
pfctl: Use strtonum in host()
This is simpler than checking three cases for `q' and gives nicer error
messages. While here, use `v6mask' as maximum netmask instead of hardcoding
it.
OK sashan
Obtained from: OpenBSD, kn <kn at openbsd.org>, e351e6cba3
Sponsored by: Rubicon Communications, LLC ("Netgate")
pfctl: Move duplicate code into new helper print_addr_str()
This simply puts the wiggle around inet_ntop() from four into one location.
OK benno
Obtained from: OpenBSD, kn <kn at openbsd.org>, 88d4e2f324
Sponsored by: Rubicon Communications, LLC ("Netgate")
nfscl: Use delegation ACE when mounted with nocto
For NFSv4.1/4.2, there is an ACE in the delegation reply.
Without this patch, this ACE is ignored by the NFSv4 client.
This patch enables use of the ACE to avoid the need for
Access RPCs when the "nocto" option is specified.
This requires a NFSv4.1/4.2 server that does not reply
with a bogus ACE that is too generous w.r.t. access permissions.
Note that the recent commit 0d51adee3072 added use of the NFSv4
ACL for generation of the ACE in the reply. This patch might be
needed for this client change to work correctly if NFSv4 ACLs are
being used on the NFSv4.1/4.2 exported file systems.
This only affects NFSv4 mounts with the "nocto" mount option
and only if NFSv4 servers are issuing delegations with ACEs
that specify access. Some NFSv4 servers, such as the Linux
knfsd reply with ACEs that do not allow any access, so this
patch has no effect for them.
gve: Add support for 4k RX Buffers when using DQO queue formats
This change adds support for using 4K RX Buffers when using DQO queue
formats when a boot-time tunable flag is set to true by the user.
When this flag is enabled, the driver will use 4K RX Buffer size either
when HW LRO is enabled or mtu > 2048.
Signed-off-by: Vee Agarwal <veethebee at google.com>
Reviewed by: markj, ziaee
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D50786
(cherry picked from commit 71702df6126226b31dc3ec66459388e32b993be1)
gve: Relax a static assertion
It's okay if MCLBYTES is larger than the default receive buffer size.
Fixes: 71702df61262 ("gve: Add support for 4k RX Buffers when using DQO queue formats")
(cherry picked from commit 3b4bc5d70e1c2066fcb6e8535941258c88999fa2)
namei: Make stackable filesystems check harder for jail roots
Suppose a process has its cwd pointing to a nullfs directory, where the
lower directory is also visible in the jail's filesystem namespace.
Suppose that the lower directory vnode is moved out from under the
nullfs mount. The nullfs vnode still shadows the lower vnode, and
dotdot lookups relative to that directory will instantiate new nullfs
vnodes outside of the nullfs mountpoint, effectively shadowing the lower
filesystem.
This phenomenon can be abused to escape a chroot, since the nullfs
vnodes instantiated by these dotdot lookups defeat the root vnode check
in vfs_lookup(), which uses vnode pointer equality to test for the
process root.
Fix this by extending nullfs and unionfs to perform the same check,
exploiting the fact that the passed componentname is embedded in a
nameidata structure to avoid changing the VOP_LOOKUP interface. That
is, add a flag to indicate that containerof can be used to get the full
[9 lines not shown]
namei: clear internal flags in NDREINIT()
same as it is done for NDRESTART()
Fixes: e05e33041c252
Reported and tested by: pho
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 58b2bd33aff71c0268d99d63e9c83f6544d3beb3)
vfs cache: Add NAMEILOOKUP to the whitelist of fastpath lookup flags
Otherwise the lockless name lookup path is inadvertently disabled since
NAMEILOOKUP isn't recognized.
Reviewed by: olce, kib
Fixes: 7587f6d4840f ("namei: Make stackable filesystems check harder for jail roots")
Differential Revision: https://reviews.freebsd.org/D50532
(cherry picked from commit f4158953007f557061d91f99d2374d48d8376cc6)