HBSD: Introduce clang C++ hardening integration
clang/llvm's libc++ provides functionality for additional sanity checks.
Enable these checks for C++ code by enabling extensive mode by default.
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
See-Also: https://www.youtube.com/watch?v=t7EJTO0-reg
MFC-to: 14-STABLE
ifnet: Assert that we are assigning network stack correctly
It makes no sense to assign NULL vnet to an interface when the kernel
option VIMAGE is enabled. Add an assertion to catch that.
This will also help diagnosing problem report [1] and [2].
1. https://bugs.freebsd.org/275381
2. https://bugs.freebsd.org/282168
Reviewed by: kp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D46982
nfsd: Fix handling of credentials with cr_ngroups == 0
There has been a documented case in the exports(5) man
page forever, which specifies that the -maproot or -mapall
may have a single user entry, followed by a ':'.
This case is defined as specifying no groups (aka cr_ngroups == 0).
This patch fixes the NFS server so that it handles this case correctly.
After MFC'ng this patch to stable/13 and stable/14, I propose that
this unusual case be deprecated and no longer allowed in FreeBSD15.
At that point, this patch can be reverted.
Reviewed by: brooks
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D47204
HBSD: Fix hardening.kmalloc_zero regression
FreeBSD changed some key details of the malloc(9) implementation. Our
changes to support zeroing on free(9) caused an infinite recursion bug.
Now that the `dofree` variable exists, we simply set that when
hardening.kmalloc_zero is set.
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
Fixes: 4fab5f005482aa88bc0f7d7a0a5e81b436869112
MFC-to: 14-STABLE
MFC-to: 13-STABLE
(cherry picked from commit 46a8af04c941be55b6e7d65647934c38e14a2b4a)
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
HBSD: Fix hardening.kmalloc_zero regression
FreeBSD changed some key details of the malloc(9) implementation. Our
changes to support zeroing on free(9) caused an infinite recursion bug.
Now that the `dofree` variable exists, we simply set that when
hardening.kmalloc_zero is set.
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
Fixes: 4fab5f005482aa88bc0f7d7a0a5e81b436869112
MFC-to: 14-STABLE
MFC-to: 13-STABLE
(cherry picked from commit 46a8af04c941be55b6e7d65647934c38e14a2b4a)
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
rc.d/sendmail: Return non-zero if the daemon fails to start or is not running
If you have a mail server that is running sendmail daemon
(sendmail_enable=YES) and sendmail queue runner (sendmail_msp_queue=YES)
and the sendmail daemon dies, /etc/rc.d/sendmail status does see the
daemon is not running but returns 0 as the exit code. This prevents
other programs (like puppet) from restarting sendmail to fix the issue.
Make sure that the exit code is propagated towards the end of the script
if any of the sendmail services fail.
This patch does not call exit directly but instead just sets the exit
status code by calling exit in a subshell. This way we do not exit the
current shell in case the service script is sourced (e.g., when
rc_fast_and_loose is active).
PR: 223132
MFC after: 2 weeks
Reported by: pirzyk
[5 lines not shown]
fdisk: add deprecation/removal notice to man page
As of 2015 (commit b8c19fd71994) the fdisk man page claimed the command
is obsolete, but had no explicit mention of removal. Add another note
that follows our current deprecation notice format.
Reviewed by: imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47067
(cherry picked from commit 255d2d9bbc3756c940462c61d3cd6fb7753aab2c)
mk: honor TAGS for FILES in default group
Currently the lib32 crt files (/usr/lib32/Scrt1.o etc.) are placed in
the clibs-dev package rather than the clibs-dev-lib32 package.
The /usr/lib32/dtrace/drti.o file is similarly placed in the dtrace
package rather than the dtrace-lib32 package.
Splitting shared libraries in /usr/lib32 into a -lib32 package is
handled in bsd.lib.mk by adding "lib32" to TAGS. However bsd.files.mk
ignores TAGS and only honors ${group}TAGS since 144c442.
This patch changes the behavior of bsd.files.mk to honor TAGS if the
default FILES group is used. This matches the handling of PACKAGE, which
is also ignored unless the default FILES group is used.
With this patch, both the clibs and dtrace package are split correctly.
PR: 249145
[5 lines not shown]
ldd32: place in utilities-lib32 not utilities
The ldd32 binary is currently in the utilities package but belongs in
utilities-lib32. This patch corrects the situation.
PR: 249145
Reviewed by: emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47023
(cherry picked from commit 53bb5613a8a15363718b6e6de8d965bf9a2c5469)
cxgbe(4): Use correct synchronization when marking the adapter offline.
adapter->flags are guarded by a synch_op, as noted in the comment in
adapter.h where the flags are defined.
Fixes: 5241b210a4e cxgbe(4): Basic infrastructure for ULDs to participate in adapter reset.
Sponsored by: Chelsio Communications
(cherry picked from commit 52e5a66eac22d24e29f204c5b65232378e71f4cf)
cxgbe(4): Allow t4_tom to be unloaded safely.
* Disable IFCAP_TOE automatically on all ifnets on all adapters during
unload. This is user-friendly and avoids panics due to stale ifnet
state after t4_tom is unloaded.
* Do not allow unload if tids are in use by the TOE on any adapter.
Reported by: Bimal Abraham @ Chelsio
Sponsored by: Chelsio Communications
(cherry picked from commit 9ba8670a8b175de79ea087688f51595b4f2db862)
cxgbe(4): Clobber all tracer state on stop and redo only traceq on restart.
Tracers have to be recreated after a restart but that's okay given that
they are used for debugging only.
Sponsored by: Chelsio Communications
(cherry picked from commit ee3da604dd016439850dae77366796313e60f0e0)
cxgbe/t4_tom: Do not set unresolved entries to STALE in t4_l2t_update.
An L2 entry in the driver's hash was marked STALE unconditionally if it
changed in the kernel when its driver refcount is 0. Fix the driver to
do this for VALID entries only.
Sponsored by: Chelsio Communications
(cherry picked from commit 3883300afe0bff5c5658274c4d8cfe773d08343e)
cxgbe/t4_tom: completely avoid L2T entries during stop/suspend.
1. Mark the L2T entry valid only if t4_write_l2e succeeds, which won't
happen if the adapter is stopped. This prevents L2T entries from
sometimes getting (re)promoted to VALID on Tx activity during stop.
2. Discard a work request immediately instead of enqueueing it to the
arp queue if the adapter is stopped.
Fixes: c1c524852f62 cxgbe/t4_tom: Implement uld_stop and uld_restart for ULD_TOM.
Sponsored by: Chelsio Communications
(cherry picked from commit 07f47e8850d0639d474026b203013072aeb32c81)
cxgbe(4): Make sure that the tracing filters are usable after restart.
The destination queue for tracing filters is destroyed during stop or
suspend and the software state needs to reflect this. A new destination
queue will be setup when the adapter resumes operation.
Sponsored by: Chelsio Communications
(cherry picked from commit d82cb5c608ae9aaced4cb459ca511e62c64dbf74)
cxgbe/t4_tom: Demote STALE L2 table entries to RESOLVING in uld_stop.
The STALE state means the L2T entry is valid in hardware but needs to be
refreshed (ARP/NDP) in software. But stop/suspend wipes the hardware
L2T and STALE entries need to be updated just like VALID entries to match
actual hardware state.
Fixes: c1c524852f62 cxgbe/t4_tom: Implement uld_stop and uld_restart for ULD_TOM.
Sponsored by: Chelsio Communications
(cherry picked from commit 171e57967b3e53f0fb48116df5003ce17163295c)
cxgbe/t4_tom: Add synq entry to the list before calling send_synack.
This fixes a panic where the peer's ack to the synack arrives on a
different queue and do_pass_establish tries to remove the synqe from
synqe_list before it has been added by do_pass_accept_req.
Reported by: Sony Arpita Das @ Chelsio
Fixes: 283333c0e329 cxgbe/t4_tom: Track all synq entries in a per-adapter list.
Sponsored by: Chelsio Communications
(cherry picked from commit 674cbf38f6d0a0b307e52c4265da9f077606b035)
cxgbe(4): Always report link-down on an abrupt stop.
This fixes a regression in 5241b210a4e1 where the driver stopped
reporting link down after a fatal error unless t4_reset_on_fatal_err was
also set.
Fixes: 5241b210a4e1 cxgbe(4): Basic infrastructure for ULDs to participate in adapter reset.
Sponsored by: Chelsio Communications
(cherry picked from commit 7aeec281b8b2620d7d88c9abdfadd7e20a485b9c)