aa70361d kp Jan. 3, 2022, 9:12 a.m.
Sponsored by:	Rubicon Communications, LLC ("Netgate")
cgit
9d406e08 kp Jan. 3, 2022, 8:50 a.m.
Extend the dnctl (dummynet config) tool to be able to read commands from
a file, just like ipfw already does.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D33627
cgit
9e891d43 jah Jan. 3, 2022, 3:52 a.m.
The implementation simply passes the text ref to the appropriate
underlying vnode.  Without this, the default [un]set_text
implementation will only manage the text ref on the unionfs vnode,
causing it to be out of sync with the underlying filesystems and
potentially allowing corruption of executable file contents.
On INVARIANTS kernels, it also readily produces a panic on process
termination because the VM object representing the executable mapping
is backed by the underlying vnode, not the unionfs vnode.

PR:	251342
Reviewed by:	kib
Differential Revision: https://reviews.freebsd.org/D33611
cgit
d877dd57 jah Jan. 3, 2022, 3:52 a.m.
Use atomics to track the writecount granted to the underlying FS,
and avoid holding the vnode interlock while calling the underling FS'
VOP_ADD_WRITECOUNT().  This also fixes a WITNESS warning about nesting
the same lock type.  Also add comments explaining why we need to track
the writecount on the unionfs vnode in the first place.  Finally,
simplify writecount management to only use the upper vnode and assert
that we shouldn't have an active writecount on the lower vnode through
unionfs.

Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D33611
cgit
ca573c9a glebius Jan. 3, 2022, 2:32 a.m.
OpenSSH has dropped libwrap support in OpenSSH 6.7p in 2014
(f2719b7c in github.com/openssh/openssh-portable) and we
maintain the patch ourselves since 2016 (a0ee8cc636cd).

Over the years, the libwrap support has deteriotated and probably
that was reason for removal upstream.  Original idea of libwrap was
to drop illegitimate connection as soon as possible, but over the
years the code was pushed further down and down and ended in the
forked client connection handler.

The negative effects of late dropping is increasing attack surface
for hosts that are to be dropped anyway.  Apart from hypothetical
future vulnerabilities in connection handling, today a malicious
host listed in /etc/hosts.allow still can trigger sshd to enter
connection throttling mode, which is enabled by default (see
MaxStartups in sshd_config(5)), effectively casting DoS attack.
Note that on OpenBSD this attack isn't possible, since they enable
MaxStartups together with UseBlacklist.

A only negative effect from early drop, that I can imagine, is that
now main listener parses file in /etc, and if our root filesystems
goes bad, it would get stuck.  But unlikely you'd be able to login
in that case anyway.

Implementation details:

- For brevity we reuse the same struct request_info.  This isn't
  a documented feature of libwrap, but code review, viewing data
  in a debugger and real life testing shows that if we clear
  RQ_CLIENT_NAME and RQ_CLIENT_ADDR every time, it works as intended.
- We set SO_LINGER on the socket to force immediate connection reset.
- We log message exactly as libwrap's refuse() would do.

Differential revision:	https://reviews.freebsd.org/D33044
cgit
d9cacbf4 kib Jan. 3, 2022, 2:31 a.m.
in handling the cpuset sizes different from sizeof(cpuset_t).

For both cases, cpuset size shorter than sizeof(cpuset_t) results
in EINVAL on Linux.

For sched_getaffinity(), be more permissive and accept cpuset size
larger than our cpuset_t, by clipping the syscall argument and zeroing
the rest of the output buffer.  For sched_setaffinity(), we should allow
shorter cpusets than current ABI size, again zeroing the rest of the bits.

With this change, python os.sched_get/setaffinity functions work.

Reported by:	se
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
cgit
90266521 delphij Jan. 3, 2022, 2:05 a.m.
The MINIMUM_SUPPORTED_OSREL is 1002501 (FreeBSD 10.3), and xlocale is
supported there.

While I'm there, explicitly use config.h generated with --disable-bzlib
--disable-xzlib instead of deleting them manually.

MFC after:	2 weeks
cgit
f284bed2 asomers Jan. 3, 2022, 1:01 a.m.
With crafted input to the G_GATE_CMD_CREATE ioctl, geom_gate can be made
to print kernel memory to the system console, potentially revealing
sensitive data from whatever was previously in that memory page.

But but but: this is a case of the sys admin misconfiguring, and you'd
need root privileges to do this.

Submitted By:	Johannes Totz <jo@bruelltuete.com>
MFC after:	2 weeks
Reviewed By:	asomers
Differential Revision: https://reviews.freebsd.org/D31727
cgit
6226477a asomers Jan. 3, 2022, 12:53 a.m.
Dynamically size buffers in ggatec. Instead of static size on the stack.
Add flush support.

Submitted by:	Johannes Totz <jo@bruelltuete.com>
MFC after:	2 weeks
Reviewed by:	asomers
Differential Revision: https://reviews.freebsd.org/D31722
cgit
7776d3cc rwatson Dec. 18, 2021, 10:53 p.m.
Reviewed by:	jrtc27
Differential Revision: https://reviews.freebsd.org/D33724
MFC after:	2 weeks
cgit
1fbcaa13 mckusick Jan. 2, 2022, 10:04 p.m.
suppress error message about a missing gjournal provider.

Submitted by: Andreas Longwitz
MFC after:    2 weeks
Sponsored by: Netflix
cgit
7c9948c2 rew Jan. 2, 2022, 9:26 p.m.
If I'm not mistaken, the underlying sendmsg() for nvlist_send() is
failing with ENOBUFS. In turn, nvlist_recv() returns NULL because it
didn't receive the expected number of file descriptors.

Adjusting net.local.dgram.recvspace worked on my local machine, but on
CI the test still fails consistently.

PR:     260891
cgit
698727d6 cperciva Jan. 2, 2022, 9:07 p.m.
An earlier version of this code computed the TSC frequency in kHz.
When the code was changed to compute the frequency more accurately,
the variable name was not updated.

Reviewed by:	markj
Fixes:		22875f88799e x86: Implement deferred TSC calibration
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D33696
cgit
9cb32882 cperciva Jan. 2, 2022, 9:07 p.m.
It's possible that the "early" TSC calibration gave us a value which
is known to be exact; in that case, skip the later re-calibration.

MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D33695
cgit
324150d6 jrtc27 Jan. 2, 2022, 8:55 p.m.
The code here tries to be smart and zeroes out both di_db and di_ib with
a single bzero call, thereby overrunning the di_db subobject. This is
fine on most architectures, if a little dodgy. However, on CHERI, the
compiler can optionally restrict the bounds on pointers to subobjects to
just that subobject, in order to mitigate intra-object buffer overflows,
and this is enabled in CheriBSD's pure-capability kernels.

Instead, use separate bzero calls for each array, and let the compiler
optimise it as it sees fit; even if it's not generating inline zeroing
code, Clang will happily optimise two consecutive bzero's to a single
larger call.

Reviewed by:	mckusick
Differential Revision:	https://reviews.freebsd.org/D33651
cgit