Try to live with cruel reality fact - if_vmove doesn't move an
interface from previous vnet cloning infrastructure to the new
one. Let's admit this as design feature and make it work better.
* Delete two blocks of code that would fallback to vnet0, if a
cloner isn't found. They didn't do any good job and also whole
idea of treating vnet0 as special one is wrong.
* When deleting a cloned interface, lookup its cloner using it's
home vnet.
With this change simple sequence works correctly:
ifconfig foo0 create
jail -c name=jj persist vnet vnet.interface=foo0
jexec jj ifconfig foo0 destroy
Differential revision: https://reviews.freebsd.org/D33942
(cherry picked from commit 6d1808f051)
* Do a single call into if_clone.c instead of two. The cloner
can't disappear since the interface sits on its list.
* Make restoration smarter - check that cloner with same name
exists in the new vnet.
Differential revision: https://reviews.freebsd.org/D33941
(cherry picked from commit 54712fc423)
Now that if_alloc_domain() never fails and actually doesn't
expose ifnet to outside we can eliminate IFNET_HOLD and two
step index allocation.
Reviewed by: kp
Differential revision: https://reviews.freebsd.org/D33259
(cherry picked from commit 8062e5759c)
This follows the recent MFC [1]. No functional change intended.
This is a direct commit to stable/13.
1. f500e5c6c9 net: Remove unneeded NULL check for the allocated ifnet
As for the consumer `enc_add_hhooks()`, `hhook_add_hook()` will never
fail for the given parameters. Meanwhile, to build the module if_enc(4),
at least option INET or INET6 is required, so no need for the error
EPFNOSUPPORT.
No functional change intended.
Reviewed by: ae
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D46770
(cherry picked from commit 7643141e93)
(cherry picked from commit d6374ee051)
Change 4787572d05 made if_alloc_domain() never fail, then also do the
wrappers if_alloc(), if_alloc_dev(), and if_gethandle().
No functional change intended.
Reviewed by: kp, imp, glebius, stevek
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D45740
MFC note: This is only a partial MFC, as some drivers do not exist in
stable/13 branch. The if_epair(4) drifts too much from stable/14 so not
included in this MFC.
(cherry picked from commit aa3860851b)
(cherry picked from commit 6b1f530935)
The upstream fix to make lld output for our EFI loaders reproducible
again was committed in 54521a2ff9. Bump lld's LINKER_FREEBSD_VERSION
to be able to check this in the EFI loader Makefile.
MFC after: 3 days
(cherry picked from commit f97c7fdc59)
[Parallel] Revert sequential task changes
https://reviews.llvm.org/D148728 introduced `bool Sequential` to unify
`execute` and the old `spawn` without argument. However, sequential
tasks might be executed by any worker thread (non-deterministic),
leading to non-determinism output for ld.lld -z nocombreloc (see
https://reviews.llvm.org/D133003).
In addition, the extra member variables have overhead.
This sequential task has only been used for lld parallel relocation
scanning.
This patch restores the behavior before https://reviews.llvm.org/D148728 .
Fix#105958
Pull Request: https://github.com/llvm/llvm-project/pull/109084
This fixes the non-reproducibility we had noticed when linking our EFI
loaders, and for which we committed a workaround in f5ce3f4ef5.
MFC after: 3 days
(cherry picked from commit 54521a2ff9)
The last consumer of if_com_alloc() is firewire. It never fails
to allocate. Most likely the if_com_alloc() KPI will go away
together with if_fwip(), less likely new consumers of if_com_alloc()
will be added, but they would need to follow the no fail KPI.
MFC note: As for stable/13, there is one additional consumer sppp,
which also never fails to allocate. This MFCing is mainly to keep
behavioral compatibility of if_alloc_domain() and its wrappers
if_alloc(), if_alloc_dev(), and if_gethandle() with stable/14 and
onward branches. 3rd party drivers should be ready for this for years
as this behavioral change was done in stable/14 at November 22 2021.
As a good effect new drivers to be MFCed to stable/13 do not have to
conditionally check failure from if_alloc() for stable/13.
(cherry picked from commit 4787572d05)
The function hda_codec_command is vulnerable to buffer over-read, the
payload value is extracted from the command and used as an array index
without any validation.
Fortunately, the payload value is capped at 255, so the information
disclosure is limited and only a small part of .rodata of bhyve binary
can be disclosed.
The risk is low because the leaked information is not sensitive. An
attacker may be able to validate the version of the bhyve binary using
this information disclosure (layout of .rodata information, ex:
jmp_tables) before executing an exploit.
Reported by: Synacktiv
Reviewed by: christos, emaste
Security: HYP-13
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46098
(cherry picked from commit e94a1d6a7f)
(cherry picked from commit 757bbf484c)
If the guest VM emits the exit code VM_EXITCODE_DB the kernel will
execute the function named vm_handle_db.
If the value of rsp is not page aligned and if rsp+sizeof(uint64_t)
spans across two pages, the function vm_copy_setup will need two structs
vm_copyinfo to prepare the copy operation.
For instance is rsp value is 0xFFC, two vm_copyinfo objects are needed:
* address=0xFFC, len=4
* address=0x1000, len=4
The vulnerability was addressed by commit 51fda658ba ("vmm: Properly
handle writes spanning across two pages in vm_handle_db"). Still,
replace the KASSERT with an error return as a more defensive approach.
Reported by: Synacktiv
Reviewed by markj, emaste
Security: HYP-09
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46133
(cherry picked from commit d19fa9c1b7)
(cherry picked from commit f8db6fb90e)
The manual page says %m is replaced with “the string representation of
the error code stored in the errno variable at the beginning of the
call”. However, we don't actually save `errno` until fairly late in
`__vfprintf()`. Make sure it is saved before we do anything that
might perturb `errno`.
MFC after: 1 week
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D46718
(cherry picked from commit 74f1007fcc)
This script is usually run unprivileged, so install fails to create a
temporary file while copying the finished database. Revert to using
cat, which can overwrite the existing file as it is usually owned by
the same user which is running the script.
Fixes: f62c1f3f8e
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D46872
(cherry picked from commit 26bd374e72)
When a signal is trapped, the script continues after the trap code has
run, unless the trap code explicitly exits. In the particular case of
locate.updatedb, this is mostly harmless, except that the trap code is
executed twice (once for the signal and once when we reach the end of
the script), but it's still worth fixing.
Furthermore, install the trap as soon as we've created the temporary
directory, to minimize the window during which we can fail to clean up
after ourselves if interrupted.
While here, simplify the empty check at the end and make some minor
style tweaks.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D46475
(cherry picked from commit f62c1f3f8e)
This chipset suffered an (un)usual number of bugs and iterations. Let's
add our NVM/firmware code from e1000 and the similar igc_nvm function
from DPDK to keep track of issues.
Sponsored by: BBOX.io
(cherry picked from commit 33ed9bdca3)
igc, derived from igb, does not use these registers. All interrupt
timing is governed by EITR or LLI and driven by write-back.
Sponsored by: BBOX.io
(cherry picked from commit a40ecb6f74)
These are more succinct than jumping through the function pointers
directly and add some additional error handling.
(cherry picked from commit 1e3b1870ad)
Remove the reference to the nonexistent 'end' parameter. While here,
rephrase a bit.
I did the initial comment fix (commit "bitset: Fix __BIT_FFS_AT()'s
herald comment", f3ab0d86e8) as part of an experiment introducing
macros to operate on ranges of bits in a bitset and subject to
a predicate (a generalization of some code used in some pending
modifications of the ULE scheduler), which was finally ditched as being
too verbose and impractical to use. I however then forgot to remove the
reference to 'end'.
No functional change.
Noted by: emaste
Approved by: emaste (mentor)
MFC after: 3 days
MFC with: f3ab0d86e8
Sponsored by: The FreeBSD Foundation
(cherry picked from commit ad4cf76ec4)
Approved by: emaste (mentor)
Provide macros to derive the various needed values and make it a bit
more clear the differences between em and igb.
The igb default EITR was not landing at the right offset.
Respect the 'max_interrupt_rate' tunable.
Sponsored by: BBOX.io
(cherry picked from commit 9bf9164fc8)
The absolute and packet timers only apply to lem and em with some only
applying to the later.
This cleans up the sysctl tree to only show these where applicable and
stops writing to unexpected registers for igb.
Sponsored by: BBOX.io
(cherry picked from commit 1c578f1c93)
The driver is giant-locked and thus already prints a deprecation warning
when attaching. The device file interface was broken in 14.0 and 14.1,
see commit 12500c1428, but it took a very long time for anyone to
notice, and in that case it was only because of some code which probes
all device files.
Relnotes: yes
Reviewed by: imp, jhb, emaste
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D46542
(cherry picked from commit 0abe2d3903)
Avoid a race condition when accessing guest memory, by reading memory
contents only once.
This has also been applied to _vq_record() in
sys/dev/beri/virtio/virtio.c, as per markj@'s suggestion.
Reported by: Synacktiv
Reviewed by: markj
Security: HYP-10
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45735
(cherry picked from commit 869d760cb9)
(cherry picked from commit ed03c30990)
Follow the pattern from iflib_irq_alloc_generic function and use
iflib_fast_intr as a handler for RX only interrupts.
Also remove some intermediate variables and use consistent
way for referencing queue's structures.
Signed-off-by: Krzysztof Galazka <krzysztof.galazka@intel.com>
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D46061
(cherry picked from commit 36a0019238)
Based on sysinit_sub_id, SI_SUB_CLOCKS is after SI_SUB_CONFIGURE.
SI_SUB_CONFIGURE = 0x3800000, /* Configure devices */
At this stage, the variable “cold” will be set to 0.
SI_SUB_CLOCKS = 0x4800000, /* real-time and stat clocks*/
At this stage, the clock configuration will be done, and the real-time
clock can be used.
In the e1000 driver, if the API safe_pause_* are called between
SI_SUB_CONFIGURE and SI_SUB_CLOCKS stages, it will choose the wrong
clock source. The API safe_pause_* uses “cold” the value of which is
updated in SI_SUB_CONFIGURE, to decide if the real-time clock source is
ready. However, the real-time clock is not ready til the SI_SUB_CLOCKS
routines are done.
Obtained from: Juniper Networks
Differential Revision: https://reviews.freebsd.org/D42920
(cherry picked from commit 930a1e6f3d)
It does not handle scripts in /usr/local/etc/rc.d/. Instead, it takes
care of /etc/rc.local and /etc/rc.shutdown.local.
MFC after: 2 weeks
(cherry picked from commit 9dc67a7065)
Order of libraries still matters with GCC toolchains. Moving the
wpapasn library before the wpacommon specification resolves the link
problem.
This issue was not detected by make universe.
Fixes: a90b9d0159
(cherry picked from commit 8880825df1)
Following is a changelog of new features and fixes to wpa:
hostapd:
* Wi-Fi Easy Connect
- add support for DPP release 3
- allow Configurator parameters to be provided during config exchange
* HE/IEEE 802.11ax/Wi-Fi 6
- various fixes
* EHT/IEEE 802.11be/Wi-Fi 7
- add preliminary support
* SAE: add support for fetching the password from a RADIUS server
* support OpenSSL 3.0 API changes
* support background radar detection and CAC with some additional
drivers
* support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3)
* EAP-SIM/AKA: support IMSI privacy
* improve 4-way handshake operations
- use Secure=1 in message 3 during PTK rekeying
* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
to avoid interoperability issues
* support new SAE AKM suites with variable length keys
* support new AKM for 802.1X/EAP with SHA384
* extend PASN support for secure ranging
* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
- this is based on additional details being added in the IEEE 802.11
standard
- the new implementation is not backwards compatible
* improved ACS to cover additional channel types/bandwidths
* extended Multiple BSSID support
* fix beacon protection with FT protocol (incorrect BIGTK was provided)
* support unsynchronized service discovery (USD)
* add preliminary support for RADIUS/TLS
* add support for explicit SSID protection in 4-way handshake
(a mitigation for CVE-2023-52424; disabled by default for now, can be
enabled with ssid_protection=1)
* fix SAE H2E rejected groups validation to avoid downgrade attacks
* use stricter validation for some RADIUS messages
* a large number of other fixes, cleanup, and extensions
wpa_supplicant:
* Wi-Fi Easy Connect
- add support for DPP release 3
- allow Configurator parameters to be provided during config exchange
* MACsec
- add support for GCM-AES-256 cipher suite
- remove incorrect EAP Session-Id length constraint
- add hardware offload support for additional drivers
* HE/IEEE 802.11ax/Wi-Fi 6
- support BSS color updates
- various fixes
* EHT/IEEE 802.11be/Wi-Fi 7
- add preliminary support
* support OpenSSL 3.0 API changes
* improve EAP-TLS support for TLSv1.3
* EAP-SIM/AKA: support IMSI privacy
* improve mitigation against DoS attacks when PMF is used
* improve 4-way handshake operations
- discard unencrypted EAPOL frames in additional cases
- use Secure=1 in message 2 during PTK rekeying
* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
to avoid interoperability issues
* support new SAE AKM suites with variable length keys
* support new AKM for 802.1X/EAP with SHA384
* improve cross-AKM roaming with driver-based SME/BSS selection
* PASN
- extend support for secure ranging
- allow PASN implementation to be used with external programs for
Wi-Fi Aware
* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
- this is based on additional details being added in the IEEE 802.11
standard
- the new implementation is not backwards compatible, but PMKSA
caching with FT-EAP was, and still is, disabled by default
* support a pregenerated MAC (mac_addr=3) as an alternative mechanism
for using per-network random MAC addresses
* EAP-PEAP: require Phase 2 authentication by default (phase2_auth=1)
to improve security for still unfortunately common invalid
configurations that do not set ca_cert
* extend SCS support for QoS Characteristics
* extend MSCS support
* support unsynchronized service discovery (USD)
* add support for explicit SSID protection in 4-way handshake
(a mitigation for CVE-2023-52424; disabled by default for now, can be
enabled with ssid_protection=1)
- in addition, verify SSID after key setup when beacon protection is
used
* fix SAE H2E rejected groups validation to avoid downgrade attacks
* a large number of other fixes, cleanup, and extensions
Merge commit '6377230b3cf4f238dcd0dc2d76ff25943d3040e5'
(cherry picked from commit a90b9d0159)
This is a fixed version of 888796ade2.
PR: 277783
Reported by: Victor Stinner
Reviewed by: emaste
MFC after: 1 week
(cherry picked from commit 888796ade2)
(cherry picked from commit e77ad954bb)
(cherry picked from commit 34f746cc7f)
(cherry picked from commit dc39004bc6)
Allow a user to change the "ether" address by ifconfig while a VAP is
not UP. Compared to net80211 (given we have no callback) we register
an eventhandler per-vif (a global one would force us to use hacks to
derive if a vap is indeed also a lkpi_80211 vif).
Sponsored by: The FreeBSD Foundation
PR: 277356
Tested by: lwhsu
Differential Revision: https://reviews.freebsd.org/D46121
(cherry picked from commit 4aff4048f5)
In case of an error in a code pattern like
```
uint64_t val;
error = memread(vcpu, gpa, &val, 1, arg);
error = vie_update_register(vcpu, reg, val, size);
```
uninitialized stack data would be used.
Reported by: Synacktiv
Reviewed by: markj
Security: HYP-21
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46107
(cherry picked from commit 94693ec7c8)
(cherry picked from commit a03acfa434)
