This policy enables a user to become another user without having to be
root (hence no setuid binary). it is configured via rules using sysctl
security.mac.do.rules
For example:
security.mac.do.rules=uid=1001:80,gid=0:any
The above rule means the user identifier by the uid 1001 is able to
become user 80
Any user of the group 0 are allowed to become any user on the system.
The mdo(1) utility expects the MAC/do policy to be installed and its
rules defined.
Reviewed by: des
Differential Revision: https://reviews.freebsd.org/D45145
Not once has rman_reserve_resource_bound() ever been used. There are
though several uses of RF_ALIGNMENT. In light of this remove this
extra and leave the actually used portion in place.
This partially reverts commit 13fb665772.
Reviewed by: imp,jhb
Pull Request: https://github.com/freebsd/freebsd-src/pull/1224
Link with --no-undefined-version by default. Will detect and prevent
the accidental removal of symbols from versioned libraries.
(cherry picked from commit 4510f2ca91)
This reverts commit b25ceb97ed.
Reviewed by: arichardson, kib, dim, emaste
Differential Revision: https://reviews.freebsd.org/D44216
Loading modules via kld_list is no longer substantially faster than via
loader.conf.
[skip ci]
MFC after: 2 weeks
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D45242
Filesystem manual pages describe drivers, not formats;
except for fs, which describes the structures of ffs/ufs,
not how to use it in the system.
Reported by: emaste
Reviewed by: des, imp, meena (previous version)
Pull Request: https://github.com/freebsd/freebsd-src/pull/1077
In the future, we will Default to _FORTIFY_SOURCE=2 if SSP is enabled,
otherwise default to _FORTIFY_SOURCE=0. For now we default it to 0
unconditionally to ease bisect across older versions without the new
symbols, and we'll put out a call for testing.
include/*.h include their ssp/*.h equivalents as needed based on the
knob. Programs and users are allowed to override FORTIFY_SOURCE in their
Makefiles or src.conf/make.conf to force it off.
Reviewed by: des, markj
Relnotes: yes
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D32308
<sysexits.h> was deprecated in the base system in a1432b4 for FreeBSD
8.0 and is retained only for backwards compatibility. Make that clear,
since sysexits(3) suggested using it since it was in style(9) prior
to this.
MFC after: 1 week
Co-authored-by: imp
Fixes: a1432b4
Reviewed by: imp, pauamma (previous version)
Pull Request https://github.com/freebsd/freebsd-src/pull/1195
When this driver was written it made sense to make this default to off,
but these days almost all BIOSses will do the right thing. Furthermore
non-mmio communication only works on Intel architectures.
So lets default to allowing mmio, but not change the semantics of the
AHC_ALLOW_MEMIO flag to not break existing installs. Also document the
already existing hint.ahc.<unit>.allow_memio.
Signed-off-by: HP van Braam <hp@tmm.cx>
Reviewed by: imp (small style tweak)
Pull Request: https://github.com/freebsd/freebsd-src/pull/1219
Add a sound(4) bridge device driver for the RME HDSP 9632 and HDSP 9652
sound cards. These cards require a nowadays rare PCI 32bit (not PCIe)
slot, but still see use due to their value and wealth of features.
The HDSP 9632 is mostly comparable to the newer HDSPe AIO, while the
HDSP 9652 is similar to the HDSPe RayDAT. These HDSPe PCIe cards are
supported by the snd_hdspe(4) driver which was taken as a starting point
for development of snd_hdsp(4).
Implementation is kept separately due to substantial differences in
hardware configuration and to allow easy removal in case PCI 32bit
support would be phased out in the future.
The snd_hdsp(4) kernel module is not enabled by default, and can be
loaded at runtime with kldload(8) or during boot via loader.conf(5).
Basic operation was tested with both cards, not including all optional
cable connectors and expansion boards. Features should be roughly on par
with the snd_hdspe(4) supported cards.
Reviewed by: christos, br
Differential Revision: https://reviews.freebsd.org/D45112
This dates way, way back with the original net80211 support w/ atheros chips.
The earliest chip (AR5210) had limitations supporting software encryption.
It only had the four WEP slots, and not any keycache entries. So when
trying to do CCMP/TKIP encryption would be enabled and the key slots
would have nothing useful in them, resulting in garbage encryption/decryption.
I changed this back in 2012 to disable supporting hardware WEP for AR5210
so if_ath(4) / net80211 crypto is all done in software and yes,
I could do CCMP/TKIP on AR5210 in software.
Fast-forward to newer-ish hardware - the Qualcomm 11ac hardware.
Those also don't support pass-through keycache slots! Well, the hardware
does at that layer, but then there's a whole offload data path encap/decap
layer that's turning the frames from raw wifi into ethernet frames (for
"dumb" AP behaviours) or "wifi direct" frames (ie, "windows".)
This hides a bunch of header frame contents required for doing the software
encryption / decryption path.
But then if you enable the raw transmit/receive frame format it ALSO
bypasses the hardware encryption/decryption engine!
So for those NICs:
* If you want to do encryption, you can only use the firmware supported
ciphers w/ wifi direct or ethernet;
* If you want to use software encrypt/decrypt, you MUST disable all encryption
and instead use 100% software encryption.
The wpa_supplicant bsd driver code has a specific comment about this and
flips on supporting WEP/TKIP/CCMP, which is understandable but it doesn't
fix the ACTUAL intention of all of this stuff.
So:
* create a new field, ic_sw_cryptocaps
* populate it with the default supported set of ciphers for net80211
(right now wep, tkip, ccmp)
* Communicate the combination of both ic_sw_cryptocaps and ic_cryptocaps
to wpa_supplicant via the relevant devcap ioctl.
* Update manpage.
I'll follow this up with a driver_bsd.c change in wpa_supplicant to
trust this again, and then start adding the other cipher support there.
Differential Revision: https://reviews.freebsd.org/D44820
Microchip Technology acquired SMSC in 2012, and all current products
and datasheets refer to the devices supported by this driver as
Microchip parts. Mention SMSC in a parenthetical comment to explain
the driver's name.
Reviewed by: imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45115
Add minimal sg(4) manual page. This implements a subset of the Linux
IOCTL interface for either native FreeBSD programs, or for Linux
binaries in the linuxulator.
Noticed by: Lexi Winter
Sponsored by: Netflix
It's not 1996 anymore, and we use CIDR nowadays. Update the various
ifconfig_ examples to use CIDR notation instead of netmasks, and also
add an example of a basic ifconfig_ entry that most users will be
interested in.
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1217
Previously it was only possible to enable target mode for these drivers
by rebuilding the kernel with AHC_TMODE_ENABLE or AHD_TMODE_ENABLE and a
bitmask of which units to statically enable for target mode.
There is no space-savings in the driver by not having AHC_TMODE_ENABLE
set, so in addition to the compile time option lets also introduce some
tunables:
hint.ahc.<unit>.tmode_enable=0/1
hint.ahd.<unit>.tmode_enable=0/1
For compatibility the old behavior is retained, but it can be overridden
with tunables
Signed-off-by: HP van Braam <hp@tmm.cx>
Reviewed by: imp, mav
Pull Request: https://github.com/freebsd/freebsd-src/pull/1208
This is the server (target in SCSI terms) for NVMe over Fabrics.
Userland is responsible for accepting a new queue pair and receiving
the initial Connect command before handing the queue pair off via an
ioctl to this CTL frontend.
This frontend exposes CTL LUNs as NVMe namespaces to remote hosts.
Users can ask LUNS to CTL that can be shared via either iSCSI or
NVMeoF.
Reviewed by: imp
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D44726
This is the client (initiator in SCSI terms) for NVMe over Fabrics.
Userland is responsible for creating a set of queue pairs and then
handing them off via an ioctl to this driver, e.g. via the 'connect'
command from nvmecontrol(8). An nvmeX new-bus device is created
at the top-level to represent the remote controller similar to PCI
nvmeX devices for PCI-express controllers.
As with nvme(4), namespace devices named /dev/nvmeXnsY are created and
pass through commands can be submitted to either the namespace devices
or the controller device. For example, 'nvmecontrol identify nvmeX'
works for a remote Fabrics controller the same as for a PCI-express
controller.
nvmf exports remote namespaces via nda(4) devices using the new NVMF
CAM transport. nvmf does not support nvd(4), only nda(4).
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D44714
Structurally this is very similar to the TCP transport for iSCSI
(icl_soft.c). One key difference is that NVMeoF transports use a more
abstract interface working with NVMe commands rather than transport
PDUs. Thus, the data transfer for a given command is managed entirely
in the transport backend.
Similar to icl_soft.c, separate kthreads are used to handle transmit
and receive for each queue pair. On the transmit side, when a capsule
is transmitted by an upper layer, it is placed on a queue for
processing by the transmit thread. The transmit thread converts
command response capsules into suitable TCP PDUs where each PDU is
described by an mbuf chain that is then queued to the backing socket's
send buffer. Command capsules can embed data along with the NVMe
command.
On the receive side, a socket upcall notifies the receive kthread when
more data arrives. Once enough data has arrived for a PDU, the PDU is
handled synchronously in the kthread. PDUs such as R2T or data
related PDUs are handled internally, with callbacks invoked if a data
transfer encounters an error, or once the data transfer has completed.
Received capsule PDUs invoke the upper layer's capsule_received
callback.
struct nvmf_tcp_command_buffer manages a TCP command buffer for data
transfers that do not use in-capsule-data as described in the NVMeoF
spec. Data related PDUs such as R2T, C2H, and H2C are associated with
a command buffer except in the case of the send_controller_data
transport method which simply constructs one or more C2H PDUs from the
caller's mbuf chain.
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D44712
Link with --no-undefined-version by default. Will detect and prevent
the accidental removal of symbols from versioned libraries.
Reviewed by: arichardson, kib, dim, emaste
Differential Revision: https://reviews.freebsd.org/D44216
Mergemaster has been deprecated for some time, and will be retired.
Reviewed by: kevans
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41799
Use a more specific description for this man page, and add SDPX tag
while here.
Reviewed by: imp, meena
Signed-off-by: Alexander Ziaee <concussious@runbox.com>
Pull Request: https://github.com/freebsd/freebsd-src/pull/1194
- A file descriptor obtained from accept(2), accept4(2) and openat(2)
is not always assigned all capability rights. Instead, it inherits
capability rights from the "parent" socket/dir file descriptor.
- getdents(2) and getdirentries(2) requires CAP_READ.
- openat(2) with O_WRONLY|O_TRUNC does not require CAP_SEEK.
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1207
Macros to ANDNOT a bitset currently exist, but there are no ORNOT
equivalents. Introduce ORNOT macros for bitset(9), cpuset(9), and
domainset(9).
Approved by: markj (mentor)
Reviewed by: markj
MFC after: 1 week
Sponsored by: NIKSUN, Inc.
Differential Revision: https://reviews.freebsd.org/D44976
xlocale.3: Comment out reference to atof_l(3), atoi_l(3), atol_l(3), atoll_l(3)
These manual page references do not exist.
lagg.4: Change the reference for /etc/rc.conf from a reference link
.Xr -> .Pa based on the context within the manual page it is used.
buf.9: Remove .Xr entries from the file
The buf.9 manual page contains a commented out .Xr reference.
The <filmmein> 9 entry is a placeholder and has been removed for
clarity.
Reviewed by: mhorne
Pull Request: https://github.com/freebsd/freebsd-src/pull/1114
Several users with alc(4)-based "Killer" Ethernet cards have reported
issues with this driver not passing traffic, which are solved by
disabling MSI-X using the provided tunable.
To work around this issue, disable MSI-X by default on this card.
This is done by having msix_disable default to 2, which means
"auto-detect". The user can still override this to either 0 or 1 as
desired.
Since these are slow (1Gbps) Ethernet ICs used in low-end systems, it's
unlikely this will cause any practical performance issues; on the other
hand, the card not working by default likely causes issues for many new
FreeBSD users who find their network port doesn't work and have no idea
why.
PR: 230807
MFC after: 1 week
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1185
When in netmap (emulated) mode, wireguard interfaces prepend or strip a
dummy ethernet header when interfacing with netmap. The netmap
application thus sees unencrypted, de-encapsulated frames with a fixed
header.
In this mode, netmap hooks the if_input and if_transmit routines of the
ifnet. Packets from the host TX ring are handled by wg_if_input(),
which simply hands them to the netisr layer; packets which would
otherwise be tunneled are intercepted in wg_output() and placed in the
host RX ring.
The "physical" TX ring is processed by wg_transmit(), which behaves
identically to wg_output() when netmap is not enabled, and packets
appear in the "physical" RX ring by hooking wg_deliver_in().
Reviewed by: vmaffione
MFC after: 1 month
Sponsored by: Klara, Inc.
Sponsored by: Zenarmor
Differential Revision: https://reviews.freebsd.org/D43460