src/usr.sbin, branch release/13.4.0 FreeBSD source tree bhyve: fix off by one error in pci_xhci 2024-09-04T19:14:35+00:00 Pierre Pronchery pierre@freebsdfoundation.org 2024-09-04T14:38:11+00:00 b3f0e555781cd9bc94ba4194a5bd82b6d347e3ec The function pci_xhci_find_stream validates that the streamid is valid but the bound check accepts up to ep_MaxPStreams included. The bug results in an out-of-bounds write on the heap with controlled data. Reported by: Synacktiv Reviewed by: jhb Security: FreeBSD-SA-24:12.bhyve Security: CVE-2024-32668 Security: HYP-04 Sponsored by: The Alpha-Omega Project Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D45994 (cherry picked from commit 5c9308a4130858598c76f3ae6e3e3dfb41ccfe68) (cherry picked from commit 90af1336ed5e3c8556147325c4841c68639c4b63) (cherry picked from commit 5920b7e6eea1e1c46b78656ef75944fc0709e887) Approved by: so Approved by: re (cperciva) 
The function pci_xhci_find_stream validates that the streamid is valid
but the bound check accepts up to ep_MaxPStreams included.

The bug results in an out-of-bounds write on the heap with controlled
data.

Reported by:	Synacktiv
Reviewed by:	jhb
Security:	FreeBSD-SA-24:12.bhyve
Security:	CVE-2024-32668
Security:	HYP-04
Sponsored by:	The Alpha-Omega Project
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D45994

(cherry picked from commit 5c9308a4130858598c76f3ae6e3e3dfb41ccfe68)
(cherry picked from commit 90af1336ed5e3c8556147325c4841c68639c4b63)
(cherry picked from commit 5920b7e6eea1e1c46b78656ef75944fc0709e887)

Approved by:	so
Approved by:	re (cperciva)
pw userdel: destroy home dataset if empty 2024-08-21T17:13:40+00:00 Mike Karels karels@FreeBSD.org 2024-05-29T23:55:14+00:00 7847d5e56cdc35e42dea1f801ccb01e2a96993e6 When removing a user's home directory, if the directory is a ZFS dataset, it cannot be removed. If the directory has been emptied, use "zfs destroy" to destroy it. This complements the automatic dataset creation in adduser. Note that datasets within the directory and snapshots are not handled, as the complete path is not constructed. While here, add waitpid() calls to rmat() and pw_user_del(). Reviewed by: des Differential Revision: https://reviews.freebsd.org/D45348 Approved by: re (cperciva) (cherry picked from commit d2f1f71ec8c62dd26d6169d0d671a5aa5a933c1a) (cherry picked from commit cd13258d266411c39944021ae46f5fcd724faa4a) 
When removing a user's home directory, if the directory is a ZFS
dataset, it cannot be removed.  If the directory has been emptied,
use "zfs destroy" to destroy it.  This complements the automatic
dataset creation in adduser.  Note that datasets within the directory
and snapshots are not handled, as the complete path is not constructed.

While here, add waitpid() calls to rmat() and pw_user_del().

Reviewed by:	des
Differential Revision:	https://reviews.freebsd.org/D45348
Approved by:	re (cperciva)

(cherry picked from commit d2f1f71ec8c62dd26d6169d0d671a5aa5a933c1a)
(cherry picked from commit cd13258d266411c39944021ae46f5fcd724faa4a)
adduser: Better document ZFS dataset creation. 2024-08-21T17:13:33+00:00 Dag-Erling Smørgrav des@FreeBSD.org 2024-08-19T08:30:01+00:00 eb7bf0d071916c2c11bc3f9810861998d7d070a6 MFC after: 3 days PR: 280873 Reviewed by: bcr Differential Revision: https://reviews.freebsd.org/D46316 Approved by: re (cperciva) (cherry picked from commit 9ff2ebd92891b6953bbe44c6d6a6d8bc31f5139f) (cherry picked from commit 8398c81b7c28ea315cb98405accb701502e3636a) 
MFC after:	3 days
PR:		280873
Reviewed by:	bcr
Differential Revision:	https://reviews.freebsd.org/D46316
Approved by:	re (cperciva)

(cherry picked from commit 9ff2ebd92891b6953bbe44c6d6a6d8bc31f5139f)
(cherry picked from commit 8398c81b7c28ea315cb98405accb701502e3636a)
adduser: create dataset only if home is directly within dataset 2024-08-21T17:13:22+00:00 Mike Karels karels@FreeBSD.org 2024-05-20T13:43:34+00:00 0ebe6df086f3bac96945415965a8e0ea1431259a Currently, if the prefix of the new home directory is a subdirectory of a ZFS dataset, adduser will create a new dataset up one or more levels from the intended destination. "pw useradd" will then create a normal directory in the desired location, leaving an unused dataset. Check for this situation when determining whether to create a dataset, and let pw create the directory. Reviewed by: des Differential Revision: https://reviews.freebsd.org/D45229 MFC after: 3 days Approved by: re (cperciva) (cherry picked from commit 0b39b2e2ddb2df1d1325e042893ddcb1a1c12b8e) (cherry picked from commit da384ffbd5adebd7079b4dadd2592e82232566e0) 
Currently, if the prefix of the new home directory is a subdirectory
of a ZFS dataset, adduser will create a new dataset up one or more
levels from the intended destination.  "pw useradd" will then create
a normal directory in the desired location, leaving an unused dataset.
Check for this situation when determining whether to create a dataset,
and let pw create the directory.

Reviewed by:	des
Differential Revision:	https://reviews.freebsd.org/D45229
MFC after:	3 days
Approved by:	re (cperciva)

(cherry picked from commit 0b39b2e2ddb2df1d1325e042893ddcb1a1c12b8e)
(cherry picked from commit da384ffbd5adebd7079b4dadd2592e82232566e0)
leap-seconds: Update to leap-seconds 3960057600 obtained from IERS 2024-07-22T02:37:03+00:00 Cy Schubert cy@FreeBSD.org 2024-07-21T01:41:09+00:00 fad8955b97cc2d29c2d66b63c4346611715eff6e IERS is the canonical source of leap-seconds. IANA, NIST and USNO obtain their leap-second updates from IERS. This resolves an issue for IPv6-only hosts as IERS is not accessible via IPv6, requiring IPv6-only host to rely on some other source, above. From this point forward we should fetch the file from IERS, the organization responsible for deciding when to insert leap-seconds. PR: 279413 Obtained from: https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list Discussed with: imp (cherry picked from commit 04b4dcf04fc345b29b78e5061768091648b8ee2a) 
IERS is the canonical source of leap-seconds. IANA, NIST and USNO obtain
their leap-second updates from IERS.

This resolves an issue for IPv6-only hosts as IERS is not accessible
via IPv6, requiring IPv6-only host to rely on some other source,
above.

From this point forward we should fetch the file from IERS, the
organization responsible for deciding when to insert leap-seconds.

PR:		279413
Obtained from:	https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list
Discussed with:	imp

(cherry picked from commit 04b4dcf04fc345b29b78e5061768091648b8ee2a)
ctladm: don't require the use of "-p" with "port -r", part 2 2024-07-20T14:56:36+00:00 Alan Somers asomers@FreeBSD.org 2024-07-04T20:32:24+00:00 9fd9ba30cc20011c07435d6ac19ac08717fd5d0a * Remove a now superfluous FALLTHROUGH hint * Don't specify "-p" with an empty argument in the tests Reported by: jhb (cherry picked from commit 7f50027321db3b08477f6236abded0297e9e5ed8) 
* Remove a now superfluous FALLTHROUGH hint
* Don't specify "-p" with an empty argument in the tests

Reported by:	jhb

(cherry picked from commit 7f50027321db3b08477f6236abded0297e9e5ed8)
cxgbetool(8): Be flexible about the nexus name. 2024-07-17T07:18:12+00:00 Navdeep Parhar np@FreeBSD.org 2024-06-13T20:17:55+00:00 1d0abfccc47f7f70c6dfd12dc96768259babf1f6 Use the name as-is but perform cxgbe specific ioctls on the device to make sure that it is a Terminator device nexus. Determine the chip type, pf/vf, etc. from the device registers rather than the nexus name. This allows cxgbetool to work with the VF driver. Sponsored by: Chelsio Communications (cherry picked from commit e827b61cacddd4bc9a2f1657ad8c6d2bcd70d52e) 
Use the name as-is but perform cxgbe specific ioctls on the device to
make sure that it is a Terminator device nexus.  Determine the chip
type, pf/vf, etc. from the device registers rather than the nexus name.

This allows cxgbetool to work with the VF driver.

Sponsored by:	Chelsio Communications

(cherry picked from commit e827b61cacddd4bc9a2f1657ad8c6d2bcd70d52e)
binmiscctl.8: Change the example to armv7 2024-07-15T12:35:21+00:00 Andrew Turner andrew@FreeBSD.org 2024-06-20T09:26:18+00:00 64542285a83209746679ce6e9335d5d2f3abef47 armv6 is in the process of being removed. Reviewed by: manu, imp, emaste Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D45641 (cherry picked from commit 68f044de29b3867c2e0d282b86395f777f95b034) 
armv6 is in the process of being removed.

Reviewed by:	manu, imp, emaste
Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D45641

(cherry picked from commit 68f044de29b3867c2e0d282b86395f777f95b034)
iovctl: allow vlan restrictions to be passed to the driver 2024-07-01T16:06:02+00:00 Kristof Provost kp@FreeBSD.org 2024-05-29T17:29:35+00:00 95596d181dade90597e8badd7916f9aa0dfce87c Allow iovctl to create VFs that are restricted to specific VLAN IDs. Reviewed by: kib, np MFC after: 2 weeks Sponsored by: Orange Business Services Differential Revision: https://reviews.freebsd.org/D45402 (cherry picked from commit c57c26179033f64c2011a2d2a904ee3fa62e826a) 
Allow iovctl to create VFs that are restricted to specific VLAN IDs.

Reviewed by:	kib, np
MFC after:	2 weeks
Sponsored by:	Orange Business Services
Differential Revision:	https://reviews.freebsd.org/D45402

(cherry picked from commit c57c26179033f64c2011a2d2a904ee3fa62e826a)
MFC zfs/jail: Document the zfs.mount_snapshot parameter in jail(8). 2024-06-28T19:51:58+00:00 Jamie Gritton jamie@FreeBSD.org 2024-06-24T20:03:45+00:00 0e391d97fbe4d0369b001f1e645f6984c8c1bca1 PR: 274263 Differential Revision: https://reviews.freebsd.org/D45647 (cherry picked from commit 63875db56bd545896e019c922378f96ad5adc892) 
PR:		274263
Differential Revision:	https://reviews.freebsd.org/D45647

(cherry picked from commit 63875db56bd545896e019c922378f96ad5adc892)