vmm/arm64: Compile vmm_nvhe.c without SSP
This file implements a set of EL2 hypercall handlers and is used to
switch between guests and the host kernel when VHE is not in use. There
is no SSP runtime available there.
Reported by: Jenkins
Fixes: 8deebce931fa ("kernel: Enable -fstack-protector-strong by default")
(cherry picked from commit bed77cf7c213c3f93a0dc099e4b46c078495a328)
if_stf: Free entire mbuf chain on failure
Reported by: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai
Reviewed by: markj, bz, kp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57476
(cherry picked from commit 5a7f41e94b6d47e60e5d76dfb3a61ee2746700ca)
libalias: Serialize updates to the global instance list
libalias maintains a global list of all libalias handles. The list was
updated without any locking, but nothing prevents updates from running
concurrently.
MFC after: 1 week
(cherry picked from commit 2ff705f32a2033201a8f83f1ade5ddbc0460387d)
kernel: Enable -fstack-protector-strong by default
This extends stack canary use to all functions which define arrays on
the stack, not just those which operate on byte buffers. This option
would have made it harder to exploit SA-26:18.setcred and
SA-26:08.rpcsec_gss.
The change bloats the amd64 kernel text by about 350KB and increases the
number of covered functions from ~1500 to ~9000 (within the kernel
itself, i.e., not counting kernel modules).
Reviewed by: olce, olivier, emaste
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D56870
(cherry picked from commit 8deebce931fa9b469cf28a082038a64caf972602)
net: Fix handling of unmapped user pages in if_getgroup()
We cannot call copyout() while in a net epoch section, unless the user
memory is wired. Use the global ifnet lock to synchronize the accesses
instead.
Reported by: emaste
Reviewed by: zlei
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D57154
(cherry picked from commit 68004e56fdc22c11b4ec680e83309b4ea2bfe13a)
lagg: Handle a port count of zero
The sc_count check in lagg_transmit_ethernet() and
lagg_transmit_infiniband() is racy, as the lagg protocol handlers are
only synchronized by net_epoch. Handle a count of 0 in each protocol
handler where it's needed, namely in the RR and LB handlers.
Reported by: Yuxiang Yang, Yizhou Zhao, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM5.1 from Z.ai
Reviewed by: pouria, zlei
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D56942
(cherry picked from commit 49d90d9ddfc1ecda9ad9b6cb5565e5fbdcc14964)
ucode: Fix validation on Intel platforms
The check for the extended signature table was backwards, so we always
ignored it.
We should verify that the extended signature table fits within the total
image size.
Reviewed by: jrm, kib
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D57209
(cherry picked from commit 0beb172898499fff51eed4df3d9284cd1094afbb)
fork: Drop an uneeded PHOLD/PRELE pair
Support for swapping out kernel stacks was removed, so the PHOLD has no
purpose. (And even before that, it's not clear why a swapout here would
have been problematic.)
Reviewed by: kib
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D57486
(cherry picked from commit 1ee4b5fd824aa93f9a20df6bd5dad50c7e32fe05)
rpcsec_tls: Avoid a socket reference underflow in rpctls_server()
The upcall_sockets tree owns a ref on any resident socket. When a
socket is removed after a TLS handshake failure, rpctls_rpc_failed()
thus calls soclose().
rpctls_server() does not acquire an extra ref to compensate for this.
So, if the upcall fails, e.g., because rpc.tlsservd is not running,
we'll call soclose() to drop the reference, but this effectively
releases the xprt layer's reference.
Fix the problem by explicitly acquiring a socket reference when adding
a socket to the upcall tree.
PR: 289734
Reviewed by: rmacklem, glebius
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57555
tests: Fix build if TIOCSTI is not defined
Some downstream projects (e.g. ElectroBSD) have removed the TIOCSTI
We already have some components (such as mail and tcsh) that build
without TIOCSTI defined. This is (existing portability support in those
projects.
Simplify things for downstreams by extending this approach to this
additional TIOCSTI user.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D50614
sound: Create all device nodes with GID_AUDIO
Commit 6024e3f99a1e ("Add audio group") introduced GID_AUDIO, initially
for virtual_oss(8) loopback devices. Now make all of them with
GID_AUDIO.
Relnotes: yes
Sponsored by: The FreeBSD Foundation
Reviewed by: emaste
Pull-Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/35
if_bnxt: add few source files to version control
Commits- f85e66e655c9 ("if_bnxt/bnxt_re: add support for driver snapdump")
and 03839879a2dd ("if_bnxt: Add Firmware crashdump collection support")
missed to add few files under version control, those files are
added now:
sys/dev/bnxt/bnxt_en/bnxt_log.c
sys/dev/bnxt/bnxt_en/bnxt_log.h
sys/dev/bnxt/bnxt_en/bnxt_log_data.c
sys/dev/bnxt/bnxt_en/bnxt_log_data.h
sys/dev/bnxt/bnxt_en/bnxt_coredump.c
sys/dev/bnxt/bnxt_en/bnxt_coredump.h
bnxt_coredump.c entry is added in sys/conf/files as well.
Fixes: f85e66e655c9 ("if_bnxt/bnxt_re: add support for driver snapdump")
Fixes: 03839879a2dd ("if_bnxt: Add Firmware crashdump collection support")
LinuxKPI: add KERNEL_VERSION() macro
Add a KERNEL_VERSION() macro which normally would be in linux/version.h.
On Linux that file is auto-generated and we are supporting more than
one Linux version in LinuxKPI anyway so any further defines in there
would likely be wrong.
Adding the macro helps to support (vendor/out of tree) drivers more
easily which are supporting multiple Linux versions.
MFC after: 3 days
Reviewed by: dumbbell
Differential Revision: https://reviews.freebsd.org/D57590
LinuxKPI: scatterlist.h: implement sg_init_marker()
Add sg_init_marker() which is needed by mt76 drivers USB attachment.
Sponosored by: The FreeBSD Foundation
MFC after: 3 days
Reviewed by: emaste, dumbbell
Differential Revision: https://reviews.freebsd.org/D57594
linuxulator: Return EINVAL for invalid inotify flags
We implement all of the currently-defined Linux inotify mask bits and
flags, with the same values as Linux. Return EINVAL for unknown bits,
as Linux does.
This also moves the translation inline into linux_inotify_add_watch.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57387
(cherry picked from commit f77d37cffdf3951b7f28b97005467241aa27c183)
ipfilter: Fix ip_pptp_pxy (PPTP proxy) length underflow
A PPTP client sending a specially crafted PPTP message with a length
smaller than the already processed fixed header can panic the system.
This resultes in a negative remaining length (a large unsigned 16-bit
number).
Reported by: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li,
and Ke Xu from Tsinghua University using GLM-5.1 from
Z.ai
Differential Revision: https://reviews.freebsd.org/D57383
(cherry picked from commit 37e9d3641ba0e0da0d2bbaa26a59ee56a8cf3ee6)
krb5: Fix null dereference in SPNEGO token processing
krb5 1.22.1 erroneously removed a check from get_negTokenResp() for
successful decoding of the mechListMIC field. Restore the check to
prevent a null pointer dereference.
Commit message details obtained from upstream commit.
Obtained from: Upstream commit 4ae75cded
(cherry picked from commit efb5c07f91c5c11fb9bd32227ac74c2d08adf3cf)
ipfilter: Fix ip_pptp_pxy (PPTP proxy) length underflow
A PPTP client sending a specially crafted PPTP message with a length
smaller than the already processed fixed header can panic the system.
This resultes in a negative remaining length (a large unsigned 16-bit
number).
Reported by: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li,
and Ke Xu from Tsinghua University using GLM-5.1 from
Z.ai
Differential Revision: https://reviews.freebsd.org/D57383
(cherry picked from commit 37e9d3641ba0e0da0d2bbaa26a59ee56a8cf3ee6)
krb5: Fix reachable assert when importing krb5 names
If a name token contains trailing garbage, error out from
krb5_gss_import_name() instead of crashing the process with an
assertion failure.
Commit message details obtained from upstream commit.
Obtained from: upstream commit 07818f1fd
Reported by: Aisle Research (Ze Sheng, Dmitrijs Trizna,
Luigino Camastra, Guido Vranken) to krb5-bugs
MFC after: 3 days
(cherry picked from commit fce16f60de9718be6b789f00e86141a84cd920d3)
ntsync(9): do not double-free obj when finstall() failed
Reported by: Alex S <iwtcex at gmail.com>
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
