Two additional stdio changes followed 86a16ada1e and need to be
reverted as part of the fflush fix.
This reverts commit 6e13794fbe.
This reverts commit bafaa70b6f.
Fixes: d09a3bf72c ("fflush: correct buffer handling in __sflush")
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D42491
errno.h was added in 44cf1e5eb4, which has been reverted.
Fixes: d09a3bf72c ("fflush: correct buffer handling in __sflush")
Sponsored by: The FreeBSD Foundation
This fixes CVE-2014-8611 correctly.
The commit that purported to fix CVE-2014-8611 (805288c2f0) only hid
it behind another bug. Two later commits, 86a16ada1e and
44cf1e5eb4, attempted to address this new bug but mostly just confused
the issue. This commit rolls back the three previous changes and fixes
CVE-2014-8611 correctly.
The key to understanding the bug (and the fix) is that `_w` has
different meanings for different stream modes. If the stream is
unbuffered, it is always zero. If the stream is fully buffered, it is
the amount of space remaining in the buffer (equal to the buffer size
when the buffer is empty and zero when the buffer is full). If the
stream is line-buffered, it is a negative number reflecting the amount
of data in the buffer (zero when the buffer is empty and negative buffer
size when the buffer is full).
At the heart of `fflush()`, we call the stream's write function in a
loop, where `t` represents the return value from the last call and `n`
the amount of data that remains to be written. When the write function
fails, we need to move the unwritten data to the top of the buffer
(unless nothing was written) and adjust `_p` (which points to the next
free location in the buffer) and `_w` accordingly. These variables have
already been set to the values they should have after a successful
flush, so instead of adjusting them down to reflect what was written,
we're adjusting them up to reflect what remains.
The bug was that while `_p` was always adjusted, we only adjusted `_w`
if the stream was fully buffered. The fix is to also adjust `_w` for
line-buffered streams. Everything else is just noise.
Fixes: 805288c2f0
Fixes: 86a16ada1e
Fixes: 44cf1e5eb4
Sponsored by: Klara, Inc.
If we fail to find the pfctl family we should not attempt to make the
call. That means that either pf is not loaded, or it's a very old (i.e.
pre-netlink) version.
Reported by: manu
Sponsored by: Rubicon Communications, LLC ("Netgate")
Upstream is now https://github.com/zoulasc/blocklist/. Rename the
contrib directory and update Makefiles to match, in advance of the next
vendor branch update.
Sponsored by: The FreeBSD Foundation
These sys/cdefs.h are not needed. Purge them. They are mostly left-over
from the $FreeBSD$ removal. A few in libc are still required for macros
that cdefs.h defines. Keep those.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D42385
Forward compatibility code was added for running newer ino64 binaries on
older kernels as a transition aide. Now that ino64 has been in the tree
6 years, this code is no longer useful and should have been removed long
ago. Remove it now. Should be no user-visible changes at this point as
all the 'upgrade' scenarios it was intended for are long since past.
Also need to remove this stuff from rtld since the _foo versions
no longer exist.
Sponsored by: Netflix
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D42382
These were obtained from a drive, but they agree with the IBM
documentation.
The bpi/bpmm values are the same as TS1160, but the number of
tracks is much larger (18944 tracks vs 8704 for TS1160). The tapes
are also longer, 1337m total. (According to the MAM on a sample JF
tape. I don't have a JE tape handy to compare.) The end result
is a 50TB raw capacity (150TB compressed) for TS1170 with a JF
cartridge vs 20TB raw capacity (60TB compressed) for TS1160 with
a JE cartridge.
lib/libmt/mtlib.c:
Add the TS1170 density codes to the denstiy table in libmt.
usr.bin/mt/mt.1:
Add the TS1170 density codes and specs to the density table
in the mt(1) man page. As usual for TS drives, there is an
encrypted and non-encrypted density code (0x79 and 0x59
respectively).
MFC after: 3 days
Sponsored by: Spectra Logic
Allow the kernel to supply more array elements than expected, but cut
off when we hit what we think the maximum is. This will improve forward
compatibility (i.e. old userspace with newer kernel).
Reviewed by: zlei
MFC after: 1 week
Sponsored by: Orange Business Services
Differential Revision: https://reviews.freebsd.org/D42392
Add the Branch Target Identification (BTI) note to libc assembly
sources and Pointer Authentication Code (PAC) instructions to _init and
_fini.
_init and _fini may be called indirectly so need a BTI landing pad. As
they are non-leaf functions use the appropriate PAC instruction that
also guards against changing the link register.
As all object files need the note for any binary using these object files
we need to insert it in all asm files.
Reviewed by: markj
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D42227
Normalize on hard tabs.
I didn't catch this before pushing the previous commit.
No functional changes intended.
MFC after: 2 weeks
MFC with: 8ef8da882f
Add a note saying that the CLOCK_BOOTTIME is unrelated to FreeBSD's
kern.boottime sysctl. Make a minor tweak to markup.
Feedback from: pauammu
Sponsored by: Netflix
Differential Revsion: https://reviews.freebsd.org/D36037
While strlcpy and snprintf are somewhat similar, there's big differences
between strlcat and snprintf which leads to confusion. Remove the
comparison, since it's ultimately not that useful: the snprintf man page
has similar language to strlcpy, so it doesn't provide a better
reference. The two implementations are otherwise unrelated.
Reviewed by: bcr
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D27228
pfctl_do_ioctl() copies the packed request data into the request buffer
and then frees it. However, it's possible for the buffer to be too small
for the reply, causing us to allocate a new buffer. We then copied from
the freed request, and freed it again.
Do not free the request buffer until we're all the way done.
PR: 274614
Reviewed by: emaste
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42329
Previously, while checking name2addr capabilities, we mistakenly used
the addr2name set. This error could cause a process to inadvertently
reset its limitations.
Reported by: Shawn Webb <shawn.webb@hardenedbsd.org>
If a connection is NAT-ed we could previously only terminate it by its
ID or the post-NAT IP address. Allow users to specify they want look for
the state by its pre-NAT address. Usage: `pfctl -k nat -k <address>`.
See also: https://redmine.pfsense.org/issues/11556
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42312
Allow users(pace) to specify a protocol, interface, address family and/
or address and mask, allowing the state listing to be pre-filtered in
the kernel.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42280
The nvlist-based version will be removed in FreeBSD 16.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42279
This is the first step in recognizing that the K8 microarchitecture
represents a small and aged subset of AMD CPUs supported by this class.
Future changes will update the code and documentation details to better
reflect this.
Keep the old filename as an alias.
Reviewed by: jkoshy
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41279
This includes event definitions from sys/pmc_events.h, definitions from
sys/pmc.h, and the man pages.
Reviewed by: jkoshy
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41275
If a request ends up growing beyong the initially allocated space the
netlink functions (such as snl_add_msg_attr_u32()) will allocate a
new buffer. This invalidates the header pointer we can have received
from snl_create_msg_request(). Always use the hdr returned by
snl_finalize_msg().
Reviewed by: melifaro
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42223
Include support for translating 32-bit auxv vectors on non-64-bit
platforms that aren't riscv (which has no 32-bit ABI support and
probably never will).
Reviewed by: markj
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D42201
Use source struct size not the destination struct size so we copy all
the auxv entries, not just the first half of them.
Fix a style issue on an adjacent line.
Reviewed by: markj
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D42200
Making this variable static makes is_elf32_sysctl() and callers thread
unsafe.
Use a less absurd length for sv_name. The longest name in the system is
"FreeBSD ELF64 V2" which tips the scales at 16+1 bytes. We'll almost
certainly have other problems if we exceed 32 characters.
Reviewed by: markj
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D42199
Avoid a weird dance through the union and treat all 32-bit values as
unsigned integers. This avoids sign extension of flags and userspace
pointers.
Reviewed by: markj
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D42198
Conceptually very similar to timingsafe_bcmp(), but with comparison
logic inspired by Elijah Stone's fancy memcmp. A baseline (SSE)
implementation was omitted this time as I was not able to get it to
perform adequately. Best I got was 8% over the scalar version for
long inputs, but slower for short inputs.
Sponsored by: The FreeBSD Foundation
Approved by: security (cperciva)
Inspired by: https://github.com/moon-chilled/fancy-memcmp
Differential Revision: https://reviews.freebsd.org/D41696
Very straightforward and similar to memcmp(3). The code has
been written to use only instructions specified as having
data operand independent timing by Intel.
Sponsored by: The FreeBSD Foundation
Approved by: security (cperciva)
Differential Revision: https://reviews.freebsd.org/D41673
POSIX has accepted a proposal[1] to add glibc-compatible ptsname_r. It
indicates an error by returning the error number, rather than returning
-1 and setting errno. Update RETURN VALUES in ptsname_r's man page now
to encourage folks to test that the return value != 0 rather than == -1.
[1] https://www.austingroupbugs.net/bug_view_page.php?bug_id=508
Reported by: Collin Funk
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D42204
Implement equivalents to DIOCSTART and DIOCSTOP in netlink. Provide a
libpfctl implementation and add a basic test case, mostly to verify that
we still return the same errors as before the conversion
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42145
libbsddialog >= 0.3 has a built-in form implementation so delete
formw dependency.
Approved by: bapt (share/mk maintainer)
Differential Revision: https://reviews.freebsd.org/D42167
Unbloat a bit FreeBSD-utilities.
The only package that will depends on this new one is FreeBSD-ssh
which not anyone have in some setup.
And this will allow to have small pkgbase setup with ssh without
having to bring the bloated FreeBSD-utilities package
Name the package blocklist to reflect upstream futur changes.
Sponsored by: Beckhoff Automation GmbH & Co. KG
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D42148