This is a follow-up to commit e72d86ad9c ("bhyve: improve input
validation in pci_xhci") -- introducing a helper for slot validation.
Co-authored-by: John Baldwin <jhb@FreeBSD.org>
Reviewed by: markj, emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46696
+ expand see also section with other relevant pages and the handbook
+ tag paths with the path macro so they can be searched with apropos
+ tag spdx, one sentance per line
MFC after: 3 days
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1371
These were reported by `mandoc -T lint` as
ERROR: skipping unknown macro
When these pages were rendered with `man`, the "unknown macro" meant
that the entire line was omitted from the output.
Obvious typos in:
lib/libsys/swapon.2
lib/libsys/procctl.2
share/man/man9/firmware.9
lib/libcasper/services/cap_net/cap_net.3: 'mode' describes a function
argument.
lib/libsys/statfs.2: there's no .Tm command ("trademark?"), and
.Tn ("tradename") is deprecated, so remove the macro entirely.
usr.sbin/mfiutil/mfiutil.8: man was interpreting '/dev/' as a macro
(which it didn't recognize).
share/man/man4/qat.4: same issue as above, but with '0'. In this case,
given the context of the previous line, rewriting as "Value '0'"
seemed more appropriate.
usr.sbin/mlx5tool/mlx5tool.8: typo in .Xr
Signed-off-by: Graham Percival <gperciva@tarsnap.com>
Sponsored by: Tarsnap Backup Inc.
Reviewed by: concussious, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1417
This handles copying in install-boot.sh and bsdinstall's bootconfig.
install-boot.sh:
make_esp_file now optionally takes extra arguments so it can copy
multiple files. This is used by the amd64 release scripts.
make_esp_device also takes an extra optional argument for efibootname.
This is currently unused, but it can be used in the future to do
something like:
make_esp_device loader.efi bootx64
make_esp_device loader_ia32.efi bootia32
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1098
The change of its description from integer to boolean didn't actually
change it to a boolean, but only made it impossible to set as either
a boolean or an integer.
Rather than make it work as a boolean parameter should, just revert
to the old (working) integer parameter, and change the documentation
to match.
PR: 274263
Reported by: andrew.hotlab at hotmail
Several functions did not validate the slot index resulting in OOB read
on the heap of the slot device structure which could lead to arbitrary
reads/writes and potentially code execution.
Reported by: Synacktiv
Reviewed by: markj (earlier), jhb
Security: CVE-2024-41721
Security: HYP-02
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45996
This can arise if the jail doesn't have networking configured, and if
-ss is specified, syslogd won't listen on port 514 anyway.
Add a regression test case for this as well.
PR: 238006
MFC after: 1 month
This feature is required by OpenStack Nova that needs a serial output
through tcp socket. When enable this feature, a tcp server will be
started and wait for connection on specified port under capsicum's protection.
We only accept one connection at the same time. Other connection try to
connect will fail.
Reviewed by: corvink, markj
MFC after: 2 months
Differential Revision: https://reviews.freebsd.org/D45120
All of the below bugs could result in a system where ctld is not
running, but LUNs and targets still exist in the kernel; a difficult
situation to recover from.
* open the pidfile earlier. Open the pidfile before reading the
kernel's current state, so two racing ctld processes won't step on
each others' toes.
* close the pidfile later. Close it after tearing down the
configuration, for the same reason.
* If the configured pidfile changes, then rename it on SIGHUP rather
than remove and recreate it.
* When running in debug mode, don't close the pidfile while handling a
new connection. Only do that in non-debug mode, in the child of the
fork.
* Register signal handlers earlier. Otherwise a SIGTERM signal received
during startup could kill ctld without tearing down the configuration.
MFC after: 2 weeks
PR: 271460
Sponsored by: Axcient
Reviewed by: mav
Pull Request: https://github.com/freebsd/freebsd-src/pull/1370
This is useful for downstream consumers to add their own kernel config
files in another directory other than the default ones.
Obtained from: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D44538
The "includeoptions" directive can be used to specify an additional
options file to be used.
This is useful in conjunction with the "files" directive for build
environments to be able to add custom files and options.
Add "-v" flag to enable verbose mode. Added some additional error
messages when in verbose mode.
Obtained from: Juniper Networks, Inc.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D39540
This case is hit for the kernel itself on riscv64, and did not used to
be checked. Since the code here can already handle missing Elf_Rel
and/or Elf_Rela just delete the check.
Reviewed by: jhb, imp
Fixes: 0299afdff1 ("kldxref: Make use of libelf to be a portable cross tool")
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D46517
The bhyve VNC server would ignore the SetPixelFormat message from the
VNC client. This change supports a limited implementation to detect
and reorder the colors such as requested from the noVNC client.
PR: 280984
Reviewed by: corvink
Differential Revision: https://reviews.freebsd.org/D46402
MFC after: 3 weeks
Notable upstream pull request merges:
#15892 -multiple Fast Dedup: Introduce the FDT on-disk format and feature flag
#15893 -multiple Fast Dedup: “flat” DDT entry format
#15895 -multiple Fast Dedup: FDT-log feature
#162396be8bf555 zpool: Provide GUID to zpool-reguid(8) with -g
#16277 -multiple Fast Dedup: prune unique entries
#163165807de90a Fix null ptr deref when renaming a zvol with snaps and snapdev=visible
#1634377a797a38 Enable L2 cache of all (MRU+MFU) metadata but MFU data only
#1644683f359245 FreeBSD: fix build without kernel option MAC
#16449963e6c9f3 Fix incorrect error report on vdev attach/replace
#16505b10992582 spa_prop_get: require caller to supply output nvlist
Obtained from: OpenZFS
OpenZFS commit: b109925820
Some exports(5) options take a "=arg" component that provides an
argument value for the option. Others do not.
Without this patch, if "=arg" was provided for an option that did
not take an argument value, the "=arg" was simply ignored.
This could result in confusion w.r.t. what was being exported,
as noted by the Problem Report.
This patch adds a check for "=arg" for the options that do not
take an argument value and fails the exports line if one is found.
PR: 281003
MFC after: 2 weeks
Update the sample ip6addrctl.conf.sample file to match the default
policy, currently based on RFC 6724.
MFC after: 3 days
Signed-off-by: Jose Luis Duran <jlduran@gmail.com>
Reviewed by: imp, glebius
Pull Request: https://github.com/freebsd/freebsd-src/pull/1375
Commit e695500d3c updated the policy table
to match RFC 6724, which obsoletes RFC 3484.
Add a reference to RFC 6724, and mark it up as a technical report (%R).
MFC after: 3 days
Signed-off-by: Jose Luis Duran <jlduran@gmail.com>
Reviewed by: imp, glebius
Pull Request: https://github.com/freebsd/freebsd-src/pull/1375
The function pci_xhci_find_stream validates that the streamid is valid
but the bound check accepts up to ep_MaxPStreams included.
The bug results in an out-of-bounds write on the heap with controlled
data.
Reported by: Synacktiv
Reviewed by: jhb
Security: FreeBSD-SA-24:12.bhyve
Security: CVE-2024-32668
Security: HYP-04
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45994
The function tpm_ppi_mem_handler is vulnerable to buffer over-read and
over-write, the MMIO handler serves the heap allocated structure
tpm_ppi_qemu.
The issue is that the structure size is smaller than 0x1000 and the
handler does not validate the offset and size (sizeof is 0x15A while the
handler allows up to 0x1000 bytes)
Reported by: Synacktiv
Reviewed by: corvink
Security: FreeBSD-SA-24:10.bhyve
Security: CVE-2024-41928
Security: HYP-01
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45980
The return value of function 'mfi_dcmd_command' should always be checked for
the potential ioctl(2) failure.
PR: 281158
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/1403
Use the term "network switch" instead of the ambiguous term "switch".
Signed-off-by: Tom Hukins <tom@FreeBSD.org>
Reviewed by: imp, mhorne
MFC after: 3 days
Pull Request: https://github.com/freebsd/freebsd-src/pull/1369
The tests correctly skip if no snd_dummy neither mixer is found, but the
cleanup is still called with the skip condition, which fails if there is
no mixer.
MFC after: 2 days
Reviewed by: christos
Differential Revision: https://reviews.freebsd.org/D46491
Remove support for IPPROTO_TCP-level socket option names, because these
names will be removed from the source tree soon.
The corresponding socket options are not implemented by the TCP stack
at all.
This change was suggested by Peter Lei.
Reviewed by: cc
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D46437
In the function pci_fbuf_baraddr the field sc->fbaddr was set with a
user-controlled value, even though the call to vm_mmap_memseg failed.
No security risk as currently sc->fbaddr is not really used in the
source code.
Reported by: Synacktiv
Reviewed by: emaste
Sponsored by: Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential revision: https://reviews.freebsd.org/D46109
Introduce a -V option, which can be used alongside -d (default unit
change), in order to hot-swap devices (i.e switch to them on the fly
without needing to restart the track), in case virtual_oss(8) exists and
is running.
Sponsored by: The FreeBSD Foundation
MFC after: 2 days
Reviewed by: dev_submerge.ch
Differential Revision: https://reviews.freebsd.org/D46253
Let the boot ROM handle BAR initialization. This fixes a problem where
u-boot's BAR remapping conflicts with some limitations in bhyve. See
https://lists.freebsd.org/archives/freebsd-virtualization/2024-April/002103.html
for a description of what goes wrong.
The old behaviour can be restored by setting the pci.enable_bars
configuration variable.
Reviewed by: corvink, jhb
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D45049
- On amd64, deprecate lpc.bootrom and lpc.bootvars. Use top-level
config variables instead.
- Introduce a generic predicate which can be used to determine whether
the guest has a boot ROM.
Reviewed by: corvink, jhb
MFC after: 2 weeks
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D46282
jail(8) with the "exec.clean" parameter not only cleans the enviromnent
variables before running commands, but also changes to the user's home
directory. While this makes sense when auser is specified (via one of
the exec.*_user parameters), it leads to all commands being run in the
jail's /root directory even in the absence of an explicitly specified
user. This can lead to problems when e.g. rc scripts are run from that
non-world-readable directory, and run counter to expectations that jail
startup is analogous to system startup.
Restrict this behvaiour to only users exlicitly specified, either via
the command line or jail parameters, but not the implicit root user.
While this changes long-stand practice, it's the more intuitive action.
jexec(8) has the same problem, and the same fix.
PR: 277210
Reported by: johannes.kunde at gmail
Differential Revision: https://reviews.freebsd.org/D46226
This previously read, to me at least, as if the not only applied to
ending with ".ko", not to the entire rest of the sentence, and thus the
implementation looked wrong. The history of D43507 however shows that
the behaviour is as intended.
When reserving a block with the same size of a RAM segement, we can end up with
an empty RAM segmenet. Avoid that by removing this empty segment from the E820
table.
Reviewed by: jhb, markj (older version)
MFC after: 1 week
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D45480
TCP_BBR_POLICER_DETECT will be removed by an upcoming commit.
Reviewed by: rrs
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D46244
When the gdb stub is configured to pause guest execution upon boot (i.e.,
the "w" flag is passed to -G), vCPUs end up suspended in two senses: first,
suspended by the GDB stub (marked in the vcpus_suspended set), and suspended
by the kernel (because fbsdrun_addcpu() suspends APs before spawning their
vCPU threads). When the guest is resumed by the debugger, vCPUs are
unsuspended in both senses, but this is not correct for APs.
Hack around this problem by re-suspending vCPUs after the debugger
resumes guest execution, if they were suspended beforehand.
Reviewed by: corvink, jhb
MFC after: 2 weeks
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D46196
Separate the parsing of the config file from the reading of kernel port
information. This has three benefits:
* Separation of concerns makes future changes easier.
* Allows the config file to be read earlier, which is necessary for
fixing PR 271460.
* Reduces total line count, by eliminating duplication between parse.y
(for traditional config file) and uclparse.c (for UCL config file).
MFC after: 2 weeks
Sponsored by: Axcient
Reviewed by: mav
Pull Request: https://github.com/freebsd/freebsd-src/pull/1287
This unlocks a mutex in an error path, that would otherwise remain locked and
potentially cause a deadlock later on.
Reported by: Coverity Scan
CID: 1521334
Reviewed by: corvink, markj
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45401
Describe how to switch the TCP stack on all endpoints in the
LISTEN state.
Reviewed by: concussious.bugzilla_runbox.com
MFC after: 1 week
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D46218