firewire: Fix watchdog_clock aliasing and fw_tl2xfer UAF race
Two bugs in the firewire bus layer that affect all consumers (
if_fwip, sbp):
watchdog_clock was a static local in firewire_watchdog(), shared across
all firewire_comm instances. With two controllers (e.g. built-in +
Thunderbolt Display), both advance the same counter, so the second
controller's 15-second boot-time timeout guard expires prematurely.
fw_tl2xfer() released tlabel_lock before returning the xfer pointer.
Reviewed by: zlei, adrian
Differential Revision: https://reviews.freebsd.org/D57496
krb5: Fix null dereference in SPNEGO token processing
krb5 1.22.1 erroneously removed a check from get_negTokenResp() for
successful decoding of the mechListMIC field. Restore the check to
prevent a null pointer dereference.
Commit message details obtained from upstream commit.
Obtained from: Upstream commit 4ae75cded
MFC after: 3 days
krb5: Fix reachable assert when importing krb5 names
If a name token contains trailing garbage, error out from
krb5_gss_import_name() instead of crashing the process with an
assertion failure.
Commit message details obtained from upstream commit.
Obtained from: upstream commit 07818f1fd
Reported by: Aisle Research (Ze Sheng, Dmitrijs Trizna,
Luigino Camastra, Guido Vranken) to krb5-bugs
MFC after: 3 days
ipfilter: Fix ip_pptp_pxy (PPTP proxy) length underflow
A PPTP client sending a specially crafted PPTP message with a length
smaller than the already processed fixed header can panic the system.
This resultes in a negative remaining length (a large unsigned 16-bit
number).
Reported by: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li,
and Ke Xu from Tsinghua University using GLM-5.1 from
Z.ai
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D57383
pfsync: remove invalid panic
When we undefer a packet (when the peer acks the state) it's possible
that we don't find a corresponding pfsync_deferral. We panic here, but
that's actually something that can happen in normal operation:
- if we have too many deferred packets already (in pfsync_defer())
- if the deferral timed out (in pfsync_defer_tmo())
Remove this panic and document the scenarios where it might occur.
MFC after: 2 weeks
Sponsored by: Orange Business Services
sound: Centralize and improve hot-swapping
Introduce pcm_hotswap(), which is responsible for sending devctl
SND/CONN notifications.
There are two user-visible improvements with this patch:
First, in pcm_unregister(), instead of just sending a SND/CONN/NODEV
notification when all devices have detached, we also switch to the new
default device if the previously default one has detached, but there are
more left.
Second, in pcm_register(), if the device happens to also be the new
default device, we hot-swap to it. Additionally, if hw.snd.default_auto
is set to 2, then we will essentially be hot-swapping to the newest
attached device.
The latter is especially useful for laptops like the Framework 16, which
comes with a built-in snd_hda(4) speaker-microphone-only device, and
[18 lines not shown]
rc: virtual_oss: Handle absent pidfile properly
Instead of throwing errors from the programs that use it, print a
warning if the file does not exist.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: 0mp, jrm
Pull-Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/33
(cherry picked from commit b2677d002edbe9308b1f8cecd1a5fc515d2a5deb)
rc: virtual_oss: Wait for process to exit
Sometimes virtual_oss processes do not exit immediatelly. If we do not
wait for the processes to fully exit before returning from
virtual_oss_stop(), then the service restart operation might call
virtual_oss_start() too early and fail, because it will think the
service wasn't stopped and is still running.
Reported by: jrm
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: 0mp, jrm
Pull-Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/33
(cherry picked from commit 803f686938ec2472d54a26bff668e48cc4999558)
depend-cleanup.sh: rebuild strrchr.o on riscv64 if it came from strrchr.S
We have to switch back to the previous rule once the temporary
build fix has been replaced with a permanent fix.
PR: 295823
See also: 4996ebdb720042239a197ebec2d265cdfdf1bbf3
Reported by: siva
MFC after: 1 week
msun: Fix up for recent rsqrt[fl] functions
Paul Zimmermann (of Core-Math and MPFR fame) graciously tested
the recently committed rsqrt[fl]() functions. He identified 127
incorrectly rounded values for rsqrtf() in round-to-nearest mode.
This patch fixes the rounding in RN. Exhaustive testing now shows
that rsqrtf() is corrected rounded for RN. He also tested rsqrt()
and rsqrtl() in the interval [1,4). Both appear to be correctly
rounded. Finally, the patch includes small changes to comments.
A concise list of changes is
* lib/msun/src/s_rsqrt.c:
. Fix comments.
* lib/msun/src/s_rsqrtf.c
. Fix comments.
. Exhaustive testing by Paul Zimmermann found 127 incorrectly
rounded values in round-to-nearests. These gave have the
[10 lines not shown]
libc/riscv64: temporarily unhook strrchr() from the build
A bug was discovered in the riscv64 assembly implementation of
this function. Fall back to the generic implementation until a
fix can be developed.
PR: 295823
Reported by: siva
MFC after: 1 week
libc: Add free_sized() and free_aligned_sized() as per C23
Add C23 sized deallocation entry points as thin wrappers around free(3).
Implementations may ignore size and alignment hints, so behaviour stays
correct for existing allocations without validating caller metadata yet.
When jemalloc is updated to 5.3.1, rewire these to je_free_sized() and
je_free_aligned_sized() so deallocation can use the allocator's sized
deallocation (free_sized for fast paths and free_aligned_sized for
correct aligned hints.)
Please note this change satisfies the standard interface only. Both
functions should be delegated to jemalloc after the upgrade so callers
get the intended allocator behaviour; until then, hints are unused and
neither sized nor aligned-sized deallocation optimizations apply.
Signed-off-by: Faraz Vahedi <kfv at kfv.io>
Reviewed by: fuz
Pull Request: https://github.com/freebsd/freebsd-src/pull/2201
MFC after: 1 month
zfs: fix sysctl_os.c
Correctly declare vfs.zfs.metaslab.condense_pct
The following sysctls have moved to metaslab.c:
vfs.zfs.metaslab.df_alloc_threshold
vfs.zfs.metaslab.df_free_pct
vfs.zfs.metaslab.sm_blksz_no_log
vfs.zfs.metaslab.sm_blksz_with_log
Reported by: dim at FreeBSD.org
firewire: clean up XXX comments
Remove stale and misleading XXX comments throughout firewire.c.
Most were from the original 2002 codebase and either described
correct behavior or noted aspirational improvements that never
happended.
Two actionable items retained as TODO: config ROM CRC validation
and pending xfer cleanup on detach.
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D57466
fix(fwe): add missing net epoch around ether_input
Wrap the if_input() call in fwe_as_input() with NET_EPOCH_ENTER/EXIT.
The network stack requires epoch protection when delivering packets
via if_input, and fwe was missing it.
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D57459
procctl(): do not allow the process to exit inside kern_procctl_single()
Requested and reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D57491
metaslab: expose df_alloc_threshold and df_free_pct on Linux
Expose metaslab_df_alloc_threshold and metaslab_df_free_pct as module
parameters on Linux, matching their existing FreeBSD sysctls.
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Christos Longros <chris.longros at gmail.com>
Closes #18632
ZTS: relax zpool_import_parallel_pos.ksh timing
Occasionally in the CI this test will fail because the parallel import
took longer than half of the serial time (but still less than the full
serial time). Increase the cutoff to 3/4 of the serial time to preserve
the intent yet try and avoid these false positive failures.
Reviewed-by: Chris Longros <chris.longros at gmail.com>
Signed-off-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Closes #18634
fork: Drop an uneeded PHOLD/PRELE pair
Support for swapping out kernel stacks was removed, so the PHOLD has no
purpose. (And even before that, it's not clear why a swapout here would
have been problematic.)
Reviewed by: kib
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D57486
