This reverts commit 5eb81a4b40, reversing
changes made to c6806434e7 and
this reverts commit 679ff61123.
What happend is git rebase --rebase-merges doesn't do what is expected.
When a use sets umask in login.conf(5) to 027 or 077 a subsequently
fetched /var/db/ntpd.leap-seconds.list will inherit the permissions
allowed by the umask, resulting in a file that may not be readable
ntpd running under the ntp account. This patch adds a umask command
to preempt the umask in login.conf(5) prior to fetching a new copy
of the leap-seconds file.
PR: 261298
Reported by: Martin Waschbusch <martin@waschbuesch.de>
MFC after: 3 days
The clang compiler recently got an update that generates warnings of unused
variables where they were set, and then never used. This revision goes through
the tcp stack and cleans all of those up.
Reviewed by: Michael Tuexen, Gleb Smirnoff
Sponsored by: Netflix Inc.
Differential Revision:
All supported Xen instances by FreeBSD provide a local APIC
implementation, so there's no need to replace the native local APIC
implementation anymore.
Leave just the ipi_vectored hook in order to be able to override it
with an implementation based on event channels if the underlying local
APIC is not virtualized by hardware. Note the hook cannot use ifuncs,
because at the point where ifuncs are resolved the kernel doesn't yet
know whether it will benefit from using the optimization.
Sponsored by: Citrix Systems R&D
Reviewed by: kib
Differential revision: https://reviews.freebsd.org/D33917
Instead of using event channels or hypercalls to deal with IPIs and
NMIs.
Using a hardware virtualized APIC should be faster than using any PV
interface, since the VM exit can be avoided.
Xen exposes whether the domain is using hardware assisted x{2}APIC
emulation in a CPUID bit.
Sponsored by: Citrix Systems R&D
Once a crypto cursor has reached the end of its buffer, it is invalid to
call crypto_cursor_segment() for at least some crypto buffer types.
Reorganize loops to avoid this.
Fixes: cfb7b942be ("cryptosoft: Use multi-block encrypt/decrypt for non-AEAD ciphers.")
Fixes: a221a8f4a0 ("cryptosoft: Use multi-block encrypt/decrypt for AES-GCM.")
Fixes: f8580fcaa1 ("cryptosoft: Use multi-block encrypt/decrypt for AES-CCM.")
Fixes: 5022c68732 ("cryptosoft: Use multi-block encrypt/decrypt for ChaCha20-Poly1305.")
Reported and tested by: madpilot
Discussed with: jhb
Sponsored by: The FreeBSD Foundation
... rather than using the KERN_PROC_PS_STRINGS value to derive the top
of the user address space.
Reviewed by: kib
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33708
This provides information about fixed regions of the target process'
user memory map.
Reviewed by: kib
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33708
The approach taken by the stack gap implementation was to insert a
random gap between the top of the fixed stack mapping and the true top
of the main process stack. This approach was chosen so as to avoid
randomizing the previously fixed address of certain process metadata
stored at the top of the stack, but had some shortcomings. In
particular, mlockall(2) calls would wire the gap, bloating the process'
memory usage, and RLIMIT_STACK included the size of the gap so small
(< several MB) limits could not be used.
There is little value in storing each process' ps_strings at a fixed
location, as only very old programs hard-code this address; consumers
were converted decades ago to use a sysctl-based interface for this
purpose. Thus, this change re-implements stack address randomization by
simply breaking the convention of storing ps_strings at a fixed
location, and randomizing the location of the entire stack mapping.
This implementation is simpler and avoids the problems mentioned above,
while being unlikely to break compatibility anywhere the default ASLR
settings are used.
The kern.elfN.aslr.stack_gap sysctl is renamed to kern.elfN.aslr.stack,
and is re-enabled by default.
PR: 260303
Reviewed by: kib
Discussed with: emaste, mw
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33704
ASLR stack randomization will reappear in a forthcoming commit. Rather
than inserting a random gap into the stack mapping, the entire stack
mapping itself will be randomized in the same way that other mappings
are when ASLR is enabled.
No functional change intended, as the stack gap implementation is
currently disabled by default.
Reviewed by: kib
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33704
Rather than fetching the ps_strings address directly from a process'
sysentvec, use this macro. With stack address randomization the
ps_strings address is no longer fixed.
Reviewed by: kib
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33704
This will not be required with a forthcoming reimplementation of ASLR
stack randomization. Moreover, this change was not sufficient to enable
the use of a stack size limit smaller than the stack gap itself.
PR: 260303
Reviewed by: kib
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33704
The size of the ps_strings structure varies between ABIs, so this is
useful for computing the address of the ps_strings structure relative to
the top of the stack when stack address randomization is enabled.
Reviewed by: kib
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33704
The current ASLR stack gap feature will be removed, and with that the
need for the kern.stacktop sysctl is gone. All consumers have been
removed.
This reverts commit a97d697122.
Reviewed by: kib
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33704
The current ASLR stack gap feature will be removed, and with that the
need for this change, and the kern.stactop sysctl, is gone. Moreover,
the approach taken in this revision does not provide compatibility for
old copies of libthr.so, and the revision should have also updated
__libc_map_stacks_exec().
This reverts commit 78df56ccfc.
Reviewed by: kib
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33704
It has been reported that on some AWS instances VCPUOP_send_nmi
returns -38 (ENOSYS). The hypercall is only available for HVM guests
in Xen 4.7 and newer. Add a fallback to use the native NMI sending
procedure when VCPUOP_send_nmi is not available, so that the NMI is
not lost.
Reported and Tested by: avg
MFC after: 1 week
Fixes: b2802351c1 ('xen: fix dispatching of NMIs')
Sponsored by: Citrix Systems R&D
From a user point of view, this makes ^T work out of the box.
Reviewed By: debdrup (man page)
Sponsored By: EPSRC
Differential Revision: https://reviews.freebsd.org/D33842
Printing %p does not need the 0x prefix and while here mark the
ieee80211_node_table argument unused given we do not need it in the
current incarnation of the function.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Since trie configuration remains invariant during each DXR instance
lifetime, instead of shifting and masking lookup keys by values
computed at runtime, compile upfront several dxr_lookup()
configurations with hardcoded shift / mask constants, and choose the
apropriate lookup function version after each DXR instance rebuild.
In synthetic tests this yields small but measurable (5-10%) lookup
throughput improvement, depending on FIB size and prefix patterns.
MFC after: 3 days
enum ieee80211_channel_flags are used as bit fields and not as 1..n.
Correct the values using BIT(n).
This is also hoped to fix problems with 7260 cards which come up and
panic due to an empty channel list as all channels are set disabled [1].
It will hopefully also fix the one or other oddity.
Reported by: ambrisko, Mike Tancsa (mike sentex.net) [1]
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
The new lock introduced in 5f5e32f1b3 needs to be initialised early so
that it can be safely destroyed if we error out.
Reported-by: syzbot+d76113e9a4ae0c0fcac2@syzkaller.appspotmail.com
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
If only one file is passed, this reads the terminating NULL and so
prints (null). If multiple files are passed then this always prints the
second file, which may or may not exist (and will be particularly
confusing if it does exist since the output will include the dump of the
second file).
MFC after: 1 week
Before commit 3cec5c77d6 buf_daemon() went to longer 1s sleep if
numdirtybuffers <= lodirtybuffers. After that commit new condition
!BIT_EMPTY(BUF_DOMAINS, &bdlodirty) got opposite -- true when one
or more more domains is above lodirtybuffers. As result, on freshly
booted system with no dirty buffers buf_daemon() wakes up 10 times
per second and probably only 1 time per second when there is actual
work to do.
MFC after: 1 week
Reviewed by: kib, markj
Tested by: pho
Differential revision: https://reviews.freebsd.org/D33890
A case of undefined behavior in __fread() has been detected by UBSAN
and reported by Mark Millard:
/usr/main-src/lib/libc/stdio/fread.c:133:10: runtime error: applying
zero offset to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior in
/usr/main-src/lib/libc/stdio/fread.c:133:10
While being benign (the NULL pointer is later passed to memcpy() with
a length argument of 0), this issue causes in the order of 600 Kyua
test cases to fail on systems running a world built with WITH_UBSAN
and WITH_ASAN.
The undefined behavior can be prevented by skipping operations that
have no effect for r == 0. Mark Millard has suggested to only skip
this code segment if fp->_p == NULL, but I have verified that for the
case of r == 0 no further argument checking is performed on the
addresses passed to memcpy() and thus no bugs are hidden from the
sanitizers due to the simpler condition chosen.
Reported by: Mark Millard (marklmi@yahoo.com)
Tested by: Mark Millard (marklmi@yahoo.com)
Differential Revision: https://reviews.freebsd.org/D33903
MFC after: 2 weeks
Correct data types related to delivery traffic indication map (DTIM)/
timing synchronization function (TSF) and implement/refine their
handling. This information is used/needed by iwlwifi to set a station
as associated. This will hopefully avoid more "no beacon heard"
time event failures.
The recording of the Linux specific sync_device_ts is done in the
receive path for now in case we do have the right information
available. I need to investigate as to how-much it may make sense
to also migrate it into net80211 in the future depending on the
usage in other drivers (or how we did handle this in the past in
natively ported versions, e.g. iwm).
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Rather than just bouncing back to SCAN bounce to INIT on connection
loss. This is should be refined in the future as the comment already
indicates but we need to tie two different worlds together.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
We do not include sys/rman.h and so machine/resource.h ends up not being
included by the time pci_private.h is included. This means PCI_RES_BUS
is never defined, and so the sc_bus member of pci_softc is not present
when compiling ofw_pci, resulting in the wrong softc size being passed
to DEFINE_CLASS_1 and thus any attempts by pci(4) to access that member
are out-of-bounds reads or writes.
This is pretty fragile; arguably pci_private.h should be including
sys/rman.h, but this is the minimal needed change to fix the bug whilst
maintaining the status quo.
Found by: CHERI
Reported by: andrew
Some VM systems announce the frequency of the local APIC via the
CPUID leaf 0x40000010. Using this allows us to boot slightly
faster by avoiding the need for timer calibration.
Reviewed by: markj
Sponsored by: https://www.patreon.com/cperciva
While this CPUID leaf was originally only used by VMWare, other
hypervisors now also use it to announce the TSC frequency to guests.
This speeds up the boot process by 100 ms in EC2 and other systems,
by allowing the early calibration DELAY to be skipped.
Reviewed by: markj
Sponsored by: https://www.patreon.com/cperciva
