aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* cryptodev: Fix some input validation bugsMark Johnston2021-05-111-4/+13
| | | | | | | | | | | | | | | | | | | | | - When we do not have a separate IV, make sure that the IV length specified by the session is not larger than the payload size. - Disallow AEAD requests without a separate IV. crp_sanity() asserts that CRYPTO_F_IV_SEPARATE is set for AEAD requests, and some (but not all) drivers require it. - Return EINVAL for AEAD requests if an IV is specified but the transform does not expect one. Reported by: syzbot+c9e8f6ff5cb7fa6a1250@syzkaller.appspotmail.com Reported by: syzbot+007341439ae295cee74f@syzkaller.appspotmail.com Reported by: syzbot+46e0cc42a428b3b0a40d@syzkaller.appspotmail.com Reported by: syzbot+2c4d670173b8bdb947df@syzkaller.appspotmail.com Reported by: syzbot+220faa5eeb4d47b23877@syzkaller.appspotmail.com Reported by: syzbot+e83434b40f05843722f7@syzkaller.appspotmail.com Reviewed by: jhb MFC after: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D30154
* Implement cdev_device_add() and cdev_device_del() in the LinuxKPI.Hans Petter Selasky2021-05-112-2/+47
| | | | | MFC after: 1 week Sponsored by: Mellanox Technologies // NVIDIA Networking
* cdev_del() should only put it's kernel object in the LinuxKPI.Hans Petter Selasky2021-05-112-5/+2
| | | | | | | The destructor takes care of the rest. MFC after: 1 week Sponsored by: Mellanox Technologies // NVIDIA Networking
* Implement read-only VM_SHARED flag in the LinuxKPI.Hans Petter Selasky2021-05-112-6/+9
| | | | | | | For use by mmap(2) callbacks. MFC after: 1 week Sponsored by: Mellanox Technologies // NVIDIA Networking
* ipfw.8: Fix table exampleLutz Donnerhacke2021-05-111-4/+4
| | | | | | | | | | Fix some erronous lines in the example section. PR: 248943 Submitted by: Jose Luis Duran MFC after: 2 weeks Reviewers: ae, manpages (gbe) Differential Revision: https://reviews.freebsd.org/D30191
* netinet6 tests: Fix Python warningKristof Provost2021-05-111-1/+1
| | | | | | | | | | Python 3.8 warns about line 112: 'SyntaxWarning: "is" with a literal. Did you mean "=="?' Use '==' as Python suggests. MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate")
* xen/blkback: fix reconnection of backendRoger Pau Monné2021-05-111-35/+48
| | | | | | | | | | | | | | | | | | | | | | The hotplug script will be executed only once for each backend, regardless of the frontend triggering reconnections. Fix blkback to deal with the hotplug script being executed only once, so that reconnections don't stall waiting for a hotplug script execution that will never happen. As a result of the fix move the initialization of dev_mode, dev_type and dev_name to the watch callback, as they should be set only once the first time the backend connects. This fix is specially relevant for guests wanting to use UEFI OVMF firmware, because OVMF will use Xen PV block devices and disconnect afterwards, thus allowing them to be used by the guest OS. Without this change the guest OS will stall waiting for the block backed to attach. Fixes: de0bad00010c ('blkback: add support for hotplug scripts') MFC after: 1 week Sponsored by: Citrix Systems R&D
* tcp: In rack, we must only convert restored rtt when the hostcache does ↵Randall Stewart2021-05-111-3/+6
| | | | | | | | | | | | | | | | restore them. Rack now after the previous commit is very careful to translate any value in the hostcache for srtt/rttvar into its proper format. However there is a snafu here in that if tp->srtt is 0 is the only time that the HC will actually restore the srtt. We need to then only convert the srtt restored when it is actually restored. We do this by making sure it was zero before the call to cc_conn_init and it is non-zero afterwards. Reviewed by: Michael Tuexen Sponsored by: Netflix Inc Differential Revision: https://reviews.freebsd.org/D30213
* mrouter: do not loopback packets unconditionallyWojciech Macek2021-05-111-1/+3
| | | | | | | | | | Looping back router multicast traffic signifficantly stresses network stack. Add possibility to disable or enable loopbacked based on sysctl value. Reported by: Daniel Deville Reviewed by: mw Differential Revision: https://reviews.freebsd.org/D29947
* mroute: fix race condition during mrouter shutting downWojciech Macek2021-05-114-1/+20
| | | | | | | | | | | | | | There is a race condition between V_ip_mrouter de-init and ip_mforward handling. It might happen that mrouted is cleaned up after V_ip_mrouter check and before processing packet in ip_mforward. Use epoch call aproach, similar to IPSec which also handles such case. Reported by: Damien Deville Obtained from: Stormshield Reviewed by: mw Differential Revision: https://reviews.freebsd.org/D29946
* truss: Add missing underscore to compat_prefix for FreeBSD32Alex Richardson2021-05-111-1/+1
| | | | | | | | I accidentally dropped this in the final version of D27625, so it didn't actually work as intended. I found this while testing the MFC to stable/13. MFC after: immediately Fixes: 7daca4e2043f ("truss: improved support for decoding compat32 arguments")
* sbin/ipfw: Allow tablearg as hostnameLutz Donnerhacke2021-05-111-1/+2
| | | | | | | | | | Hostnames starting with "tablearg" are considered as a functional argument instead of a literal. Reported by: ae Reviewers: ae MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D30208
* Clean up copyright messages.Kirk McKusick2021-05-112-10/+8
| | | | | | Reported by: Yoshihiro Ota MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D29354
* cache: fix lockless absolute symlink traversal to non-fp mountsMateusz Guzik2021-05-111-0/+14
| | | | | | Said lookups would incorrectly fail with EOPNOTSUP. Reported by: kib
* powerpc/radix pmap: Convert stat counters from ulongs to countersJustin Hibbits2021-05-111-22/+22
| | | | | This should help performance a hair, for concurrent stat updates, by reducing contention on cache lines.
* powerpc/mmu: Actually use the Radix pmap_align_superpage functionJustin Hibbits2021-05-111-0/+1
| | | | | This was missed in the conversion to ifuncs. It might help improve promotion rates.
* nfscl: Delete unneeded redundant MODULE_DEPEND() callsRick Macklem2021-05-112-6/+17
| | | | | | | | | | | | | There are two module declarations in the nfscl.ko module for "nfscl" and "nfs". Both of these declarations had MODULE_DEPEND() calls. This patch deletes the MODULE_DEPEND() calls for "nfs" to avoid confusion with respect to what modules this module is dependent upon. The patch also adds comments explaining why there are two module declarations within the module. Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D30102
* vfs: Fix error handling in vn_fullpath_hardlink()Mark Johnston2021-05-111-2/+2
| | | | | | | | | | | | vn_fullpath_any_smr() will return a positive error number if the caller-supplied buffer isn't big enough. In this case the error must be propagated up, otherwise we may copy out uninitialized bytes. Reported by: syzkaller+KMSAN Reviewed by: mjg, kib MFC aftr: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D30198
* rtld: preserve the 'seen' state of the dlerror message in errmsg_save()Konstantin Belousov2021-05-101-12/+25
| | | | | | | | | | | | | | | | | | rtld preserves its current error message around calls to user init/fini lists, to not override original error with potential secondary errors caused by user code recursing into rtld. After 4d9128da54f8f8e2a29190, the preservation of the string itself is not enough, the 'seen' indicator must be preserved as well. Otherwise, since new code does not clear string (it cannot), call to _rtld_error() from errmsg_restore() revived whatever message was consumed last. Change errmsg_save() to return structure recording both 'seen' indicator and the message, if any. PR: 255698 Reported by: Eugene M. Kim <astralblue@gmail.com> Sponsored by: The FreeBSD Foundation MFC after: 3 days
* openat(2): add O_EMPTY_PATHKonstantin Belousov2021-05-103-1/+22
| | | | | | | | | | | | | It reopens the passed file descriptor, checking the file backing vnode' current access rights against open mode. In particular, this flag allows to convert file descriptor opened with O_PATH, into operable file descriptor, assuming permissions allow that. Reviewed by: markj Tested by: Andrew Walker <awalker@ixsystems.com> Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D30148
* netstat: fix typo from 0471a8c73402Richard Scheffenegger2021-05-101-1/+1
|
* tcp: SACK Lost Retransmission Detection (LRD)Richard Scheffenegger2021-05-109-11/+114
| | | | | | | | | | Recover from excessive losses without reverting to a retransmission timeout (RTO). Disabled by default, enable with sysctl net.inet.tcp.do_lrd=1 Reviewed By: #transport, rrs, tuexen, #manpages Sponsored by: Netapp, Inc. Differential Revision: https://reviews.freebsd.org/D28931
* sh: implement persistent history storageBaptiste Daroussin2021-05-105-2/+81
| | | | | | | | | | | | | | | | Implement persistent history storage: the strategy is simple at start: loads the existing .sh_history file at exit dump it. The implementation respects the HISTFILE variable and its POSIX definition: ~/.sh_history is used if HISTFILE is not set. to avoid sh to create the history file, set HISTSIZE to 0 or HISTFILE to en empty value Co-authored-by: pstef Reviewed by: jilles Differential Revision: https://reviews.freebsd.org/D29493
* tcp:Host cache and rack ending up with incorrect values.Randall Stewart2021-05-102-101/+119
| | | | | | | | | | | | | | | | | | | | | The hostcache up to now as been updated in the discard callback but without checking if we are all done (the race where there are more than one calls and the counter has not yet reached zero). This means that when the race occurs, we end up calling the hc_upate more than once. Also alternate stacks can keep there srtt/rttvar in different formats (example rack keeps its values in microseconds). Since we call the hc_update *before* the stack fini() then the values will be in the wrong format. Rack on the other hand, needs to convert items pulled from the hostcache into its internal format else it may end up with very much incorrect values from the hostcache. In the process lets commonize the update mechanism for srtt/rttvar since we now have more than one place that needs to call it. Reviewed by: Michael Tuexen Sponsored by: Netflix Inc Differential Revision: https://reviews.freebsd.org/D30172
* in6_mcast: Return EADDRINUSE when we've already joined the groupKristof Provost2021-05-101-1/+1
| | | | | | | | | | | | | | | | | | | Distinguish between truly invalid requests and those that fail because we've already joined the group. Both cases fail, but differentiating them allows userspace to make more informed decisions about what the error means. For example. radvd tries to join the all-routers group on every SIGHUP. This fails, because it's already joined it, but this failure should be ignored (rather than treated as a sign that the interface's multicast is broken). This puts us in line with OpenBSD, NetBSD and Linux. Reviewed by: donner MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D30111
* Revert "getty: push assignment to inner block."Xin LI2021-05-091-2/+2
| | | | | | This reverts commit c7b8bc367f18210d233b0e2185b5ce0d55c9ccaa. Pointed out by: trasz
* full(4): Use correct section name for AUTHORSGordon Bergling2021-05-091-2/+2
| | | | | | PR: 255715 Reported by: Christos Margiolis <christos at christosmarg dot xyz> MFC after: 3 days
* rpi_ft5406: Recognize raspberrypi,firmware-ts touchscreenJuraj Lutter2021-05-091-2/+2
| | | | | | | | | - Recognize raspberrypi,firmware-ts touchscreen - Move the driver from ofwbus to simplebus Reviewed by: manu MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D30169
* getty: push assignment to inner block.Xin LI2021-05-091-2/+2
| | | | | | No functional change. MFC after: 2 weeks
* getty: const'ify search pointer.Xin LI2021-05-091-1/+2
| | | | | | No functional change. MFC after: 2 weeks
* sbin/ipfw: Fix parsing error in table based forwardLutz Donnerhacke2021-05-081-45/+42
| | | | | | | | | | | | | The argument parser does not recognise the optional port for an "tablearg" argument. Fix simplifies the code by make the internal representation expicit for the parser. PR: 252744 MFC: 1 week Reported by: <bugs.freebsd.org@mx.zzux.com> Approved by: nc Tested by: <bugs.freebsd.org@mx.zzux.com> Differential Revision: https://reviews.freebsd.org/D30164
* ofw: support for a single 'port' DTS property.Ruslan Bukin2021-05-081-0/+8
| | | | | | | | | On rk3399 the VOP-little node has a single 'port' property (not a collection of 'ports' or indexed ports). Reviewed by: manu Sponsored by: UKRI Differential Revision: https://reviews.freebsd.org/D30165
* stress2: Added two new syzkaller reproducers. Update the exclude listPeter Holm2021-05-083-2/+201
|
* Make encode/decode extra time functions inline.Fedor Uporov2021-05-081-2/+2
| | | | | Mentioned by: pfg MFC after: 2 weeks
* nfscl: Add support for va_birthtime to NFSv4Rick Macklem2021-05-087-1/+26
| | | | | | | | | | | | | | | There is a NFSv4 file attribute called TimeCreate that can be used for va_birthtime. r362175 added some support for use of TimeCreate. This patch completes support of va_birthtime by adding support for setting this attribute to the server. It also eanbles the client to acquire and set the attribute for a NFSv4 server that supports the attribute. Reviewed by: markj MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D30156
* This takes Warners suggested approach to making it so thatRandall Stewart2021-05-071-0/+14
| | | | | | | | | | | platforms that for whatever reason cannot include the RATELIMIT option can still work with rack. It adds two dummy functions that rack will call and find out that the highest hw supported b/w is 0 (which kinda makes sense and rack is already prepared to handle). Reviewed by: Michael Tuexen, Warner Losh Sponsored by: Netflix Inc Differential Revision: https://reviews.freebsd.org/D30163
* Fix panic when trying to delete non-existent gateway in multipath route.Alexander V. Chernikov2021-05-072-6/+11
| | | | | | | | | | | | | | | | | | IF non-existend gateway was specified, the code responsible for calculating an updated nexthop group, returned the same already-used nexthop group. After the route table update, the operation result contained the same old & new nexthop groups. Thus, the code responsible for decomposing the notification to the list of simple nexthop-level notifications, was not able to find any differences. As a result, it hasn't updated any of the "simple" notification fields, resulting in empty rtentry pointer. This empty pointer was the direct reason of a panic. Fix the problem by returning ESRCH when the new nexthop group is the same as the old one after applying gateway filter. Reported by: Michael <michael.adm at gmail.com> PR: 255665 MFC after: 3 days
* pf tests: Test killing matching statesKristof Provost2021-05-071-0/+71
| | | | | | MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D30093
* pf: Support killing 'matching' statesKristof Provost2021-05-077-17/+131
| | | | | | | | | | | | | | Optionally also kill states that match (i.e. are the NATed state or opposite direction state entry for) the state we're killing. See also https://redmine.pfsense.org/issues/8555 Submitted by: Steven Brown Reviewed by: bcr (man page) Obtained from: https://github.com/pfsense/FreeBSD-src/pull/11/ MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D30092
* pf tests: Test killing states by gatewayKristof Provost2021-05-071-0/+60
| | | | | | MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D30059
* pf: Allow states to by killed per 'gateway'Kristof Provost2021-05-077-5/+96
| | | | | | | | | | | | This allows us to kill states created from a rule with route-to/reply-to set. This is particularly useful in multi-wan setups, where one of the WAN links goes down. Submitted by: Steven Brown Obtained from: https://github.com/pfsense/FreeBSD-src/pull/11/ MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D30058
* authpf: Start using libpfctlKristof Provost2021-05-072-18/+20
| | | | | | | | Use pfctl_kill_states() rather than the DIOCKILLSTATES ioctl directly. MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D30057
* pfctl: Start using DIOCKILLSTATESNVKristof Provost2021-05-073-48/+69
| | | | | | MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D30055
* pf: Introduce DIOCKILLSTATESNVKristof Provost2021-05-072-15/+96
| | | | | | | | Introduce an nvlist based alternative to DIOCKILLSTATES. MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D30054
* pfctl: Start using DIOCCLRSTATESNVKristof Provost2021-05-073-10/+88
| | | | | | MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D30053
* pf: Introduce DIOCCLRSTATESNVKristof Provost2021-05-074-27/+192
| | | | | | | | Introduce an nvlist variant of DIOCCLRSTATES. MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D30052
* pfctl: Optionally show gateway information for statesKristof Provost2021-05-071-0/+2
| | | | | | | | | | | When showing the states, in very verbose mode, also display the gateway (i.e. the target for route-to/reply-to). Submitted by: Steven Brown Reviewed by: donner MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D30051
* Releases history updateMaxim Konovalov2021-05-071-13/+34
| | | | | Add DragonFly 5.8.1, OpenBSD 6.7, FreeBSD 11.4, DragonFly 5.8.2, DragonFly 5.8.3, OpenBSD 6.8, NetBSD 9.1, FreeBSD 13.0, OpenBSD 6.9.
* divert: Fix mbuf ownership confusion in div_output()Mark Johnston2021-05-071-8/+9
| | | | | | | | | | | | | | | | | | | div_output_outbound() and div_output_inbound() relied on the caller to free the mbuf if an error occurred. However, this is contrary to the semantics of their callees, ip_output(), ip6_output() and netisr_queue_src(), which always consume the mbuf. So, if one of these functions returned an error, that would get propagated up to div_output(), resulting in a double free. Fix the problem by making div_output_outbound() and div_output_inbound() responsible for freeing the mbuf in all cases. Reported by: Michael Schmiedgen <schmiedgen@gmx.net> Tested by: Michael Schmiedgen Reviewed by: donner MFC after: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D30129
* stack(9): Disable KASAN in stack_capture()Mark Johnston2021-05-071-1/+1
| | | | | | | | | When unwinding the stack, we may encounter a stack frame in a poisoned region of the stack, triggering a false positive. Reviewed by: andrew, kib Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D30126
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-21 01:58:41 +0000