git: cb57f50e6404 - main - defaults: oomprotect sshd and local_unbound
The branch main has been updated by netchild: URL: https://cgit.FreeBSD.org/src/commit/?id=cb57f50e6404389e4314025caea487d63ddf0ee4 commit cb57f50e6404389e4314025caea487d63ddf0ee4 Author: Alexander Leidinger AuthorDate: 2023-11-13 08:48:51 + Commit: Alexander Leidinger CommitDate: 2023-11-13 08:48:51 + defaults: oomprotect sshd and local_unbound Add sshd and local_unbound to the oom protected services. syslogd is protected by default already, document it. This was discussed on arch@, see https://lists.freebsd.org/archives/freebsd-arch/2023-November/000543.html sshd is protected to be able to investigate and fix oom issues on systems which don't have out-of-band console access. local_unbound is protected as it may be enabled for local use and without DNS a lot grinds to a halt (including sshd). Relnotes: yes MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D42544 --- libexec/rc/rc.conf | 2 ++ share/man/man5/rc.conf.5 | 20 +++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/libexec/rc/rc.conf b/libexec/rc/rc.conf index 26e189953044..3269288728b6 100644 --- a/libexec/rc/rc.conf +++ b/libexec/rc/rc.conf @@ -318,6 +318,7 @@ ggated_config="/etc/gg.exports" # ggated(8) exports file. ggated_flags=""# Extra parameters like which port to bind to. ctld_enable="NO" # CAM Target Layer / iSCSI target daemon. local_unbound_enable="NO" # Local caching DNS resolver +local_unbound_oomprotect="YES" # Don't kill local_unbound when swap space is exhausted. local_unbound_tls="NO" # Use DNS over TLS blacklistd_enable="NO" # Run blacklistd daemon (YES/NO). blacklistd_flags=""# Optional flags for blacklistd(8). @@ -364,6 +365,7 @@ pppoed_provider="*" # Provider and ppp(8) config file entry. pppoed_flags="-P /var/run/pppoed.pid" # Flags to pppoed (if enabled). pppoed_interface="em0" # The interface that pppoed runs on. sshd_enable="NO" # Enable sshd +sshd_oomprotect="YES" # Don't kill sshd when swap space is exhausted. sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one. sshd_flags="" # Additional flags for sshd. ftpd_enable="NO" # Enable stand-alone ftpd. diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5 index a76cb1a04e0a..ad84bcbd576c 100644 --- a/share/man/man5/rc.conf.5 +++ b/share/man/man5/rc.conf.5 @@ -22,7 +22,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd September 18, 2023 +.Dd November 13, 2023 .Dt RC.CONF 5 .Os .Sh NAME @@ -2318,6 +2318,12 @@ If set to run the .Xr syslogd 8 daemon. +Note, the +.Va syslogd_oomprotect +variable is set to +.Dq Li YES +by default in +.Pa /etc/defaults/rc.conf . .It Va syslogd_program .Pq Vt str Path to @@ -2381,6 +2387,12 @@ If set to run the .Xr unbound 8 daemon as a local caching DNS resolver. +Note, the +.Va local_unbound_oomprotect +variable is set to +.Dq Li YES +by default in +.Pa /etc/defaults/rc.conf . .It Va nscd_enable .Pq Vt bool Set to @@ -3840,6 +3852,12 @@ Set to to start .Xr sshd 8 at system boot time. +Note, the +.Va sshd_oomprotect +variable is set to +.Dq Li YES +by default in +.Pa /etc/defaults/rc.conf . .It Va sshd_flags .Pq Vt str If
Re: git: 0aa93010c571 - main - arm64: do not register elf32 brand if hardware cannot exec aarch32
Am 2023-11-16 23:06, schrieb Konstantin Belousov: commit 0aa93010c571b88a6402405be22745fa05a5baab Commit: Konstantin Belousov CommitDate: 2023-11-16 22:04:40 + arm64: do not register elf32 brand if hardware cannot exec aarch32 Would it make sense to add FEATURE(elf32, "...") and FEATURE(elf64, "...") to be able to query for it from userland? Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.orgnetch...@freebsd.org : PGP 0x8F31830F9F2772BF signature.asc Description: OpenPGP digital signature
git: aeb91e95cfc2 - main - Log euid, rgid and jail on listen queue overflow
The branch main has been updated by netchild: URL: https://cgit.FreeBSD.org/src/commit/?id=aeb91e95cfc2d86e6f5eea4114247d2987ba06b6 commit aeb91e95cfc2d86e6f5eea4114247d2987ba06b6 Author: Alexander Leidinger AuthorDate: 2022-03-26 10:14:16 + Commit: Alexander Leidinger CommitDate: 2022-03-26 10:17:55 + Log euid, rgid and jail on listen queue overflow If you have numerous jails with multiple similar services running, this helps to narrow down which services this log is referring to. --- sys/kern/uipc_socket.c | 24 ++-- 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c index ab8e5d6e1b69..4c4fde0d6a26 100644 --- a/sys/kern/uipc_socket.c +++ b/sys/kern/uipc_socket.c @@ -699,12 +699,24 @@ sonewconn(struct socket *head, int connstatus) } KASSERT(sbuf_len(&descrsb) > 0, ("%s: sbuf creation failed", __func__)); - log(LOG_DEBUG, - "%s: pcb %p (%s): Listen queue overflow: " - "%i already in queue awaiting acceptance " - "(%d occurrences)\n", - __func__, head->so_pcb, sbuf_data(&descrsb), - qlen, overcount); + if (head->so_cred == 0) { + log(LOG_DEBUG, + "%s: pcb %p (%s): Listen queue overflow: " + "%i already in queue awaiting acceptance " + "(%d occurrences)\n", + __func__, head->so_pcb, sbuf_data(&descrsb), + qlen, overcount); + } else { + log(LOG_DEBUG, "%s: pcb %p (%s): Listen queue overflow: " + "%i already in queue awaiting acceptance " + "(%d occurrences), euid %d, rgid %d, jail %s\n", + __func__, head->so_pcb, sbuf_data(&descrsb), + qlen, overcount, + head->so_cred->cr_uid, head->so_cred->cr_rgid, + head->so_cred->cr_prison ? + head->so_cred->cr_prison->pr_name : + "not_jailed"); + } sbuf_delete(&descrsb); overcount = 0;
Re: git: 0dfaefa97547 - main - depend-cleanup.sh: Simplify the logic, and clean bootstrap tools.
Quoting Dag-Erling Smørgrav (from Wed, 8 Feb 2023 22:59:33 GMT): The branch main has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=0dfaefa975477cee2ec3155c3e0689ba1fcdde9a commit 0dfaefa975477cee2ec3155c3e0689ba1fcdde9a Author: Dag-Erling Smørgrav AuthorDate: 2023-02-08 22:58:51 + Commit: Dag-Erling Smørgrav CommitDate: 2023-02-08 22:59:13 + depend-cleanup.sh: Simplify the logic, and clean bootstrap tools. * There's no need to check if the file exists before grepping it; if it does not exist, grep will fail, which is what we want. Just redirect the error message to /dev/null. You change from "no fork+exec if the file doesn't exist" (due to "if" and "[" being shell-builtins) to "always fork+exec". On fast machines surely not an issue, on slow ones, it may make a difference (I have an old amd64 machine at an ISP which takes days to do a buildworld with -j2 due to not much memory, only 2 cores, old HDs, and other stuff going on in parallel). While the .depend.* namespace is surely controlled by us, would it make sense to change the glob to ".{o,pico}" instead of ".*o" instead to prevent unexpected surprises in the future? --- a/tools/build/depend-cleanup.sh +++ b/tools/build/depend-cleanup.sh @@ -28,18 +28,8 @@ fi # $3 source extension clean_dep() { - if [ -e "$OBJTOP"/$1/.depend.$2.pico ] && \ - egrep -qw "$2\.$3" "$OBJTOP"/$1/.depend.$2.pico; then \ - echo "Removing stale dependencies and objects for $2.$3"; \ - rm -f \ - "$OBJTOP"/$1/.depend.$2.* \ - "$OBJTOP"/$1/$2.*o \ - "$OBJTOP"/obj-lib32/$1/.depend.$2.* \ - "$OBJTOP"/obj-lib32/$1/$2.*o - fi - if [ -e "$OBJTOP"/$1/.depend.$2.o ] && \ - egrep -qw "$2\.$3" "$OBJTOP"/$1/.depend.$2.o; then \ - echo "Removing stale dependencies and objects for $2.$3"; \ + if egrep -qw "$2\.$3" "$OBJTOP"/$1/.depend.$2.*o 2>/dev/null; then + echo "Removing stale dependencies and objects for $2.$3" rm -f \ "$OBJTOP"/$1/.depend.$2.* \ "$OBJTOP"/$1/$2.*o \ Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.orgnetch...@freebsd.org : PGP 0x8F31830F9F2772BF pgp_TeR5pCoJI.pgp Description: Digitale PGP-Signatur
Re: git: 0dfaefa97547 - main - depend-cleanup.sh: Simplify the logic, and clean bootstrap tools.
Quoting Dag-Erling Smørgrav (from Thu, 09 Feb 2023 10:46:49 +0100): Alexander Leidinger writes: You change from "no fork+exec if the file doesn't exist" (due to "if" and "[" being shell-builtins) to "always fork+exec". On fast machines surely not an issue, on slow ones, it may make a difference (I have an old amd64 machine at an ISP which takes days to do a buildworld with -j2 due to not much memory, only 2 cores, old HDs, and other stuff going on in parallel). Have you measured this? Because the whole point of clean_dep() is that No, I haven't measured, for this reason I used "may". the file it looks for nearly always exists. It's the grep we're not sure of. So checking if the file exists is nearly always a waste. Thanks for clarifying that. While the .depend.* namespace is surely controlled by us, would it make sense to change the glob to ".{o,pico}" instead of ".*o" instead to prevent unexpected surprises in the future? Our sh does not support the {} syntax. Besides, what would it change? What else would match .*o but not .{o,pico}? My point here is, that making this more specific (we can also list the files explicitely), we _maybe_ can prevent foot-shooting in the _future_, in case there is something else added. I've seen enough cases where wildcarded removals caused harm after a little change in some other place. I have no doubts that you checked that this _currently_ is working fine. Based upon my experience in troubleshooting issues with "lost files" after an innocent change somewhere else, I prefer to at least ask about it. Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.orgnetch...@freebsd.org : PGP 0x8F31830F9F2772BF pgpVgO_3zVeBo.pgp Description: Digitale PGP-Signatur
git: b45f09ac5756 - main - periodic: switch lockf to silent operation.
The branch main has been updated by netchild: URL: https://cgit.FreeBSD.org/src/commit/?id=b45f09ac57567de5c99a98941e5e06ecd5074871 commit b45f09ac57567de5c99a98941e5e06ecd5074871 Author: Alexander Leidinger AuthorDate: 2023-02-28 08:38:42 + Commit: Alexander Leidinger CommitDate: 2023-02-28 08:38:42 + periodic: switch lockf to silent operation. This fixes duplicate mails (one from cron, one from periodic) when a periodic run is not finished bfore the next one starts. The man page states that the intended use case is cron, and the error handling of the lockf invocation handles this case explicitely, as such no error message for the "interactive" use was considered. --- usr.sbin/periodic/periodic.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr.sbin/periodic/periodic.sh b/usr.sbin/periodic/periodic.sh index 26413c4ab51e..cdbd1b3b57fb 100644 --- a/usr.sbin/periodic/periodic.sh +++ b/usr.sbin/periodic/periodic.sh @@ -53,7 +53,7 @@ if [ $1 != "LOCKED" ]; then ret=0 for arg; do lockfile=/var/run/periodic.${arg##*/}.lock -lockf -t 0 "${lockfile}" /bin/sh $0 LOCKED "$arg" +lockf -s -t 0 "${lockfile}" /bin/sh $0 LOCKED "$arg" case $? in 0) ;; 73) #EX_CANTCREATE
Re: git: 72a1cb05cd23 - main - rc(8): Add a zpoolupgrade rc.d script
Quoting Li-Wen Hsu (from Mon, 7 Nov 2022 03:39:19 GMT): The branch main has been updated by lwhsu: URL: https://cgit.FreeBSD.org/src/commit/?id=72a1cb05cd230ce0d12a7180ae65ddbba2e0cb6d commit 72a1cb05cd230ce0d12a7180ae65ddbba2e0cb6d Author: Li-Wen Hsu AuthorDate: 2022-11-07 03:30:09 + Commit: Li-Wen Hsu CommitDate: 2022-11-07 03:30:09 + rc(8): Add a zpoolupgrade rc.d script If a zpool is created by makefs(8), its version is 5000, i.e., all feature flags are off. Introduce an rc script to run `zpool upgrade` over the assigned zpools on the first boot. This is useful to the ZFS based VM images built from release(7). diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5 index f9ceabc83120..43fa44a5f1cb 100644 --- a/share/man/man5/rc.conf.5 +++ b/share/man/man5/rc.conf.5 @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd August 28, 2022 +.Dd November 7, 2022 .Dt RC.CONF 5 .Os .Sh NAME @@ -2109,6 +2109,13 @@ A space-separated list of ZFS pool names for which new pool GUIDs should be assigned upon first boot. This is useful when using a ZFS pool copied from a template, such as a virtual machine image. +.It Va zpool_upgrade +.Pq Vt str +A space-separated list of ZFS pool names for which version should be upgraded +upon first boot. +This is useful when using a ZFS pool generated by +.Xr makefs 8 +utility. For someone who knows ZFS well, it is clear that only a zpool upgrade is done. Not so experienced people may assume there is a combination of zpool upgrade and zfs upgrade (more so for people which do not know what the difference is). Maybe you want to add some explicit documentation, that zfs upgrade + feature flags needs to be done by hand. And this brings me to a second topic, we don't have an explicit list of features which are supported by the bootloader (I had a look at the zfs and the boot related man pages, if I overlooked a place, then the other places should reference this important part with some text). Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.orgnetch...@freebsd.org : PGP 0x8F31830F9F2772BF pgpoHuSpLGESZ.pgp Description: Digitale PGP-Signatur
Re: git: 72a1cb05cd23 - main - rc(8): Add a zpoolupgrade rc.d script
Quoting Warner Losh (from Mon, 7 Nov 2022 14:23:11 -0700): On Mon, Nov 7, 2022 at 4:15 AM Alexander Leidinger wrote: Quoting Li-Wen Hsu (from Mon, 7 Nov 2022 03:39:19 GMT): The branch main has been updated by lwhsu: URL: https://cgit.FreeBSD.org/src/commit/?id=72a1cb05cd230ce0d12a7180ae65ddbba2e0cb6d commit 72a1cb05cd230ce0d12a7180ae65ddbba2e0cb6d Author: Li-Wen Hsu AuthorDate: 2022-11-07 03:30:09 + Commit: Li-Wen Hsu CommitDate: 2022-11-07 03:30:09 + rc(8): Add a zpoolupgrade rc.d script If a zpool is created by makefs(8), its version is 5000, i.e., all feature flags are off. Introduce an rc script to run `zpool upgrade` over the assigned zpools on the first boot. This is useful to the ZFS based VM images built from release(7). diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5 index f9ceabc83120..43fa44a5f1cb 100644 --- a/share/man/man5/rc.conf.5 +++ b/share/man/man5/rc.conf.5 @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd August 28, 2022 +.Dd November 7, 2022 .Dt RC.CONF 5 .Os .Sh NAME @@ -2109,6 +2109,13 @@ A space-separated list of ZFS pool names for which new pool GUIDs should be assigned upon first boot. This is useful when using a ZFS pool copied from a template, such as a virtual machine image. +.It Va zpool_upgrade +.Pq Vt str +A space-separated list of ZFS pool names for which version should be upgraded +upon first boot. +This is useful when using a ZFS pool generated by +.Xr makefs 8 +utility. For someone who knows ZFS well, it is clear that only a zpool upgrade is done. Not so experienced people may assume there is a combination of zpool upgrade and zfs upgrade (more so for people which do not know what the difference is). Maybe you want to add some explicit documentation, that zfs upgrade + feature flags needs to be done by hand. And this brings me to a second topic, we don't have an explicit list of features which are supported by the bootloader (I had a look at the zfs and the boot related man pages, if I overlooked a place, then the other places should reference this important part with some text). There is a fixed list of features we support in the boot loader: /* * List of ZFS features supported for read */ static const char *features_for_read[] = { "org.illumos:lz4_compress", "com.delphix:hole_birth", "com.delphix:extensible_dataset", "com.delphix:embedded_data", "org.open-zfs:large_blocks", "org.illumos:sha512", "org.illumos:skein", "org.zfsonlinux:large_dnode", "com.joyent:multi_vdev_crash_dump", "com.delphix:spacemap_histogram", "com.delphix:zpool_checkpoint", "com.delphix:spacemap_v2", "com.datto:encryption", "com.datto:bookmark_v2", "org.zfsonlinux:allocation_classes", "com.datto:resilver_defer", "com.delphix:device_removal", "com.delphix:obsolete_counts", "com.intel:allocation_classes", "org.freebsd:zstd_compress", "com.delphix:bookmark_written", "com.delphix:head_errlog", "org.openzfs:blake3", NULL }; Any feature not on this list will cause the boot loader to reject the pool. Whether or not it should do that by default, always, or never is an open question. I've thought there should be a 'shoot footing' override that isn't there today. Thanks for the list. For those interested, it is in $SRC/stand/libsa/zfs/zfsimpl.c Just to make my opinion expressed before explicit again, this should be documented in a boot / bootloader related man-page, but isn't. Should the above list be sorted in some way? Maybe in the same order as the zpool-features lists them (sort by feature name after the colon), or alphabetical? As Mark already mentioned some flags, I checked the features marked as read only (I checked in the zpool-features man page, including the dependencies documented there) and here are those not listed in zfsimpl.c. I would assume as they are read-only compatible, we should add them: com.delphix:async_destroy com.delphix:bookmarks org.openzfs:device_rebuild com.delphix:empty_bpobj com.delphix:enable_txg com.joyent:filesystem_limits com.delphix:livelist com.delphix:log_spacemap com.zfsonlinux:project_quota com.zfsonlinux:userobj_accounting com.openzfs:zilsaxattr Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.orgnetch...@freebsd.org : PGP 0x8F31830F9F2772BF pgp7ZpjmbBmnx.pgp Description: Digitale PGP-Signatur
git: f993fff68979 - main - Sort list of supported features for more easy handling in the future.
The branch main has been updated by netchild: URL: https://cgit.FreeBSD.org/src/commit/?id=f993fff6897946077a3f9604b7dcbe59f5ce5135 commit f993fff6897946077a3f9604b7dcbe59f5ce5135 Author: Alexander Leidinger AuthorDate: 2022-11-10 08:47:23 + Commit: Alexander Leidinger CommitDate: 2022-11-10 08:47:23 + Sort list of supported features for more easy handling in the future. Reviewed by:imp --- stand/libsa/zfs/zfsimpl.c | 32 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/stand/libsa/zfs/zfsimpl.c b/stand/libsa/zfs/zfsimpl.c index 6b961f3110ae..36c90613e827 100644 --- a/stand/libsa/zfs/zfsimpl.c +++ b/stand/libsa/zfs/zfsimpl.c @@ -118,29 +118,29 @@ static vdev_list_t zfs_vdevs; * List of ZFS features supported for read */ static const char *features_for_read[] = { - "org.illumos:lz4_compress", - "com.delphix:hole_birth", - "com.delphix:extensible_dataset", - "com.delphix:embedded_data", - "org.open-zfs:large_blocks", - "org.illumos:sha512", - "org.illumos:skein", - "org.zfsonlinux:large_dnode", - "com.joyent:multi_vdev_crash_dump", - "com.delphix:spacemap_histogram", - "com.delphix:zpool_checkpoint", - "com.delphix:spacemap_v2", - "com.datto:encryption", "com.datto:bookmark_v2", - "org.zfsonlinux:allocation_classes", + "com.datto:encryption", "com.datto:resilver_defer", + "com.delphix:bookmark_written", "com.delphix:device_removal", + "com.delphix:embedded_data", + "com.delphix:extensible_dataset", + "com.delphix:head_errlog", + "com.delphix:hole_birth", "com.delphix:obsolete_counts", + "com.delphix:spacemap_histogram", + "com.delphix:spacemap_v2", + "com.delphix:zpool_checkpoint", "com.intel:allocation_classes", + "com.joyent:multi_vdev_crash_dump", "org.freebsd:zstd_compress", - "com.delphix:bookmark_written", - "com.delphix:head_errlog", + "org.illumos:lz4_compress", + "org.illumos:sha512", + "org.illumos:skein", + "org.open-zfs:large_blocks", "org.openzfs:blake3", + "org.zfsonlinux:allocation_classes", + "org.zfsonlinux:large_dnode", NULL };
Re: git: b9cb80883bce - main - Don't omit bsd.compiler.mk for the nested delete-old in buildworld.
Quoting John Baldwin (from Sat, 19 Nov 2022 04:13:10 GMT): The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=b9cb80883bce6dc992cf05ae2e59089a60d311ec commit b9cb80883bce6dc992cf05ae2e59089a60d311ec Author: John Baldwin AuthorDate: 2022-11-19 04:11:07 + Commit: John Baldwin CommitDate: 2022-11-19 04:11:07 + Don't omit bsd.compiler.mk for the nested delete-old in buildworld. src.opts.mk will need bsd.compiler.mk to determine if CXX is supported. Without this, src.opts.mk always marks CXX as broken and attempts to delete all dependencies of MK_CXX from WORLDTMP. Is this the reason why a buildworld directly after a successful buildworld was (re-)building parts of llvm (without doing _any_ change in between)? I noticed this just last week but didn't took the time to have a look or discuss somewhere (well, I thought "maybe it's a feature of the bootstrap, it would surely get noticed if not"). Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.orgnetch...@freebsd.org : PGP 0x8F31830F9F2772BF pgpw_zs1Mx0k3.pgp Description: Digitale PGP-Signatur
git: ff0c7816db69 - main - Remove UPDATING entries from old branches.
The branch main has been updated by netchild: URL: https://cgit.FreeBSD.org/src/commit/?id=ff0c7816db696d31adc437134dcad45a70ad5889 commit ff0c7816db696d31adc437134dcad45a70ad5889 Author: Alexander Leidinger AuthorDate: 2022-11-25 09:17:14 + Commit: Alexander Leidinger CommitDate: 2022-11-25 09:17:14 + Remove UPDATING entries from old branches. We only support updates from major version N to N+1: stable/13 was branched on 20210122, remove all old entries from stable/10 branch point in 2013 to 20210122. --- UPDATING | 2175 -- 1 file changed, 2175 deletions(-) diff --git a/UPDATING b/UPDATING index 3782692c2a49..83e97246b964 100644 --- a/UPDATING +++ b/UPDATING @@ -275,2181 +275,6 @@ https://lists.freebsd.org/archives/freebsd-current/2021-June/000153.html Please update your drm-kmod port to after the __FreeBSD_version 143 update. -20210108: - PC Card attachments for all devices have been removed. In the case of - wi and cmx, the entire drivers were removed because they were only - PC Card devices. FreeBSD_version 1300134 should be used for this - since it was bumped so recently. - -20210107: - Transport-independent parts of HID support have been split off the USB - code in to separate subsystem. Kernel configs which include one of - ums, ukbd, uhid, atp, wsp, wmt, uaudio, ugold or ucycom drivers should - be updated with adding of "device hid" line. - -20210105: - ncurses installation has been modified to only keep the widechar - enabled version. Incremental build is broken for that change, so it - requires a clean build. - -20201223: - The FreeBSD project has migrated from Subversion to Git. Temporary - instructions can be found at - https://github.com/bsdimp/freebsd-git-docs/blob/main/src-cvt.md - and other documents in that repo. - -20201216: - The services database has been updated to cover more of the basic - services expected in a modern system. The database is big enough - that it will cause issues in mergemaster in Releases previous to - 12.2 and 11.3, or in very old current systems from before r358154. - -20201215: - Obsolete in-tree GDB 6.1.1 has been removed. GDB (including kgdb) - may be installed from ports or packages. - -20201124: - ping6 has been merged into ping. It can now be called as "ping -6". - See ping(8) for details. - -20201108: - Default value of net.add_addr_allfibs has been changed to 0. - If you have multi-fib configuration and rely on existence of all - interface routes in every fib, you need to set the above sysctl to 1. - -20201030: - The internal pre-processor in the calendar(1) program has been - extended to support more C pre-processor commands (e.g. #ifdef, #else, - and #undef) and to detect unbalanced conditional statements. - Error messages have been extended to include the filename and line - number if processing stops to help fixing malformed data files. - -20201026: - All the data files for the calendar(1) program, except calendar.freebsd, - have been moved to the deskutils/calendar-data port, much like the - jewish calendar entries were moved to deskutils/hebcal years ago. After - make delete-old-files, you need to install it to retain full - functionality. calendar(1) will issue a reminder for files it can't - find. - -20200923: - LINT files are no longer generated. We now include the relevant NOTES - files. Note: This may cause conflicts with updating in some cases. - find sys -name LINT\* -delete - is suggested across this commit to remove the generated LINT files. - - If you have tried to update with generated files there, the svn - command you want to un-auger the tree is - cd sys/amd64/conf - svn revert -R . - and then do the above find from the top level. Substitute 'amd64' - above with where the error message indicates a conflict. - -20200824: - OpenZFS support has been integrated. Do not upgrade root pools until - the loader is updated to support zstd. Furthermore, we caution against - 'zpool upgrade' for the next few weeks. The change should be transparent - unless you want to use new features. - - Not all "NO_CLEAN" build scenarios work across these changes. Many - scenarios have been tested and fixed, but rebuilding kernels without - rebuilding world may fail. - - The ZFS cache file has moved from /boot to /etc to match the OpenZFS - upstream default. A fallback to /boot has been added for mountroot. - - Pool auto import behavior at boot has been moved from the kernel module - to an explici
git: 17101a25f98e - main - Revert "Remove UPDATING entries from old branches."
The branch main has been updated by netchild: URL: https://cgit.FreeBSD.org/src/commit/?id=17101a25f98e3e4b21bf19b2e6807ea0c4563f8a commit 17101a25f98e3e4b21bf19b2e6807ea0c4563f8a Author: Alexander Leidinger AuthorDate: 2022-11-27 21:10:09 + Commit: Alexander Leidinger CommitDate: 2022-11-27 21:12:20 + Revert "Remove UPDATING entries from old branches." This reverts commit ff0c7816db696d31adc437134dcad45a70ad5889 as more history than just from branch N-1 to N is requested/needed by some downstram consumers. Requested by: imp --- UPDATING | 2175 ++ 1 file changed, 2175 insertions(+) diff --git a/UPDATING b/UPDATING index 83e97246b964..3782692c2a49 100644 --- a/UPDATING +++ b/UPDATING @@ -275,6 +275,2181 @@ https://lists.freebsd.org/archives/freebsd-current/2021-June/000153.html Please update your drm-kmod port to after the __FreeBSD_version 143 update. +20210108: + PC Card attachments for all devices have been removed. In the case of + wi and cmx, the entire drivers were removed because they were only + PC Card devices. FreeBSD_version 1300134 should be used for this + since it was bumped so recently. + +20210107: + Transport-independent parts of HID support have been split off the USB + code in to separate subsystem. Kernel configs which include one of + ums, ukbd, uhid, atp, wsp, wmt, uaudio, ugold or ucycom drivers should + be updated with adding of "device hid" line. + +20210105: + ncurses installation has been modified to only keep the widechar + enabled version. Incremental build is broken for that change, so it + requires a clean build. + +20201223: + The FreeBSD project has migrated from Subversion to Git. Temporary + instructions can be found at + https://github.com/bsdimp/freebsd-git-docs/blob/main/src-cvt.md + and other documents in that repo. + +20201216: + The services database has been updated to cover more of the basic + services expected in a modern system. The database is big enough + that it will cause issues in mergemaster in Releases previous to + 12.2 and 11.3, or in very old current systems from before r358154. + +20201215: + Obsolete in-tree GDB 6.1.1 has been removed. GDB (including kgdb) + may be installed from ports or packages. + +20201124: + ping6 has been merged into ping. It can now be called as "ping -6". + See ping(8) for details. + +20201108: + Default value of net.add_addr_allfibs has been changed to 0. + If you have multi-fib configuration and rely on existence of all + interface routes in every fib, you need to set the above sysctl to 1. + +20201030: + The internal pre-processor in the calendar(1) program has been + extended to support more C pre-processor commands (e.g. #ifdef, #else, + and #undef) and to detect unbalanced conditional statements. + Error messages have been extended to include the filename and line + number if processing stops to help fixing malformed data files. + +20201026: + All the data files for the calendar(1) program, except calendar.freebsd, + have been moved to the deskutils/calendar-data port, much like the + jewish calendar entries were moved to deskutils/hebcal years ago. After + make delete-old-files, you need to install it to retain full + functionality. calendar(1) will issue a reminder for files it can't + find. + +20200923: + LINT files are no longer generated. We now include the relevant NOTES + files. Note: This may cause conflicts with updating in some cases. + find sys -name LINT\* -delete + is suggested across this commit to remove the generated LINT files. + + If you have tried to update with generated files there, the svn + command you want to un-auger the tree is + cd sys/amd64/conf + svn revert -R . + and then do the above find from the top level. Substitute 'amd64' + above with where the error message indicates a conflict. + +20200824: + OpenZFS support has been integrated. Do not upgrade root pools until + the loader is updated to support zstd. Furthermore, we caution against + 'zpool upgrade' for the next few weeks. The change should be transparent + unless you want to use new features. + + Not all "NO_CLEAN" build scenarios work across these changes. Many + scenarios have been tested and fixed, but rebuilding kernels without + rebuilding world may fail. + + The ZFS cache file has moved from /boot to /etc to match the OpenZFS + upstream default. A fallback to /boot has been added for mountroot. + + Pool auto import behavior at boot has been moved from the ker
Re: git: 5faf90050e6c - main - committers-ports.dot: Bring file up to date.
Quoting Fernando Apesteguía (from Thu, 30 Mar 2023 12:22:37 GMT): The branch main has been updated by fernape: URL: https://cgit.FreeBSD.org/src/commit/?id=5faf90050e6c280c314bca58ee61707d8bfdbaf3 commit 5faf90050e6c280c314bca58ee61707d8bfdbaf3 Author: Fernando Apesteguía AuthorDate: 2023-03-30 10:03:00 + Commit: Fernando Apesteguía CommitDate: 2023-03-30 12:17:10 + committers-ports.dot: Bring file up to date. Many listed committers are actually alumni. Related to this change: 52f576459855 Approved by:bcr@ Differential Revision: https://reviews.freebsd.org/D39340 I think I noticed some people to be put into the alumi section, which are still active src committers (e.g. gnn). Given the recent discussion about some relaxed handling of the commit bits (sort of: all or nothing, but seek review when in an unfamiliar area): do we really want to put someone into the X-alumni section, if this person is still active in the Y-area? From a bean-counting perspective, I understand that ports!=src, but people looking at ports-alumni may understand that a particular person may have left the project, instead of not doing something anymore in a particular subset of the project. Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.orgnetch...@freebsd.org : PGP 0x8F31830F9F2772BF pgp0uimzerbR2.pgp Description: Digitale PGP-Signatur
Re: git: f5f277728ade - main - nfsd: Fix NFS access to .zfs/snapshot snapshots
Am 2023-11-23 16:25, schrieb Rick Macklem: The branch main has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=f5f277728adec4c5b3e840a1fb16bd16f8cc956d commit f5f277728adec4c5b3e840a1fb16bd16f8cc956d Author: Rick Macklem AuthorDate: 2023-11-23 15:23:33 + Commit: Rick Macklem CommitDate: 2023-11-23 15:23:33 + nfsd: Fix NFS access to .zfs/snapshot snapshots When a process attempts to access a snapshot under //.zfs/snapshot, the snapshot is automounted. However, without this patch, the automount does not set mnt_exjail, which results in the snapshot not being accessible over NFS. This patch defines a new function called vfs_exjail_clone() which sets mnt_exjail from another mount point and then uses that function to set mnt_exjail in the snapshot automount. A separate patch that is currently a pull request for OpenZFS, calls this function to fix the problem. May the same/similar fix like for ZFS be needed / useful for nullfs mounted stuff? I have a ZFS dataset which is mounted via nullfs into a jail. This nullfs-mount is then exported via samba. In samba I have the shadow-copy stuff enabled, but it doesn't work, as the jails can't access the snapshot. Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.orgnetch...@freebsd.org : PGP 0x8F31830F9F2772BF signature.asc Description: OpenPGP digital signature
Re: git: b1c95af45488 - main - rc.conf: correct $ntp_leapfile_sources
Am 2023-12-08 06:10, schrieb Warner Losh: On Thu, Dec 7, 2023 at 6:07 PM Steffen Nurpmeso wrote: What i mean is, the FreeBSD project and its pkg database, isn't this a natural place for such a thing? With guaranteed / controlled availability. The ntp leap stuff does pre-date the pkg by a decade. Having a package for it might be a natural evolution, Quick and dirty: ---snip--- PORTNAME= leapsecondfile DISTVERSION=20230328 CATEGORIES= sysutils MASTER_SITES= https://data.iana.org/time-zones/tzdb/ DISTFILES= leap-seconds.list MAINTAINER= security-offi...@freebsd.org COMMENT=Time Zone Database leap seconds file WWW=https://data.iana.org/time-zones/tzdb LICENSE=PD PLIST_FILES=etc/leap-seconds.list NO_ARCH=yes NO_BUILD= yes NO_EXTRACT= yes EXTRACT_CMD=cp EXTRACT_BEFORE_ARGS= EXTRACT_AFTER_ARGS=${WRKDIR}/ do-install: ${INSTALL_DATA} ${WRKDIR}/leap-seconds.list ${STAGEDIR}/${PREFIX}/etc/leap-seconds.list .include ---snip--- make makesum echo "NTP leap seconds file" > pkg-descr Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.orgnetch...@freebsd.org : PGP 0x8F31830F9F2772BF signature.asc Description: OpenPGP digital signature
Re: git: 2c24ad3377a6 - main - ifconfig: abort if loading a module fails other than for ENOENT
Quoting Alan Somers (from Thu, 19 Jan 2023 10:11:38 -0700): Ugh, it looks like kldload(2) is doing the privilege check before the file existence check. I'm not sure of the best solution: * Change kern_kldload to check for file existence first. This would ring some alarm bells among security folks, and it isn't totally easy to do, either. * Change ifconfig(8) to do an existence check of its own. This would be ugly. * Change ifconfig(8) so that it doesn't attempt to load modules when just listing an interface. This might be incomplete, but is probably worth doing anyway. Isn't this affecting all ifconfig operations in a _vnet_ jail, not only listing an interface? Would it be sensible to revert the commit until there is a solution? From a quick look I have the impression it makes sense to set noload to true in a jail (in that case ifmaybeload returns and the problem should go away). Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.orgnetch...@freebsd.org : PGP 0x8F31830F9F2772BF pgpKhUqu23Hif.pgp Description: Digitale PGP-Signatur
git: 194e059bb803 - main - service: Add -E option to set environment variables before starting a service.
The branch main has been updated by netchild: URL: https://cgit.FreeBSD.org/src/commit/?id=194e059bb80334e6f4f791a186015b20d7f6f4b8 commit 194e059bb80334e6f4f791a186015b20d7f6f4b8 Author: Alexander Leidinger AuthorDate: 2022-11-30 18:31:41 + Commit: Alexander Leidinger CommitDate: 2023-06-19 17:45:54 + service: Add -E option to set environment variables before starting a service. This allows for quicker testing/debugging of rc scripts and is a pre-req for automatic service jails. Differential Revision: https://reviews.freebsd.org/D40369 Reviewed by:se --- usr.sbin/service/service.8 | 12 usr.sbin/service/service.sh | 23 ++- 2 files changed, 26 insertions(+), 9 deletions(-) diff --git a/usr.sbin/service/service.8 b/usr.sbin/service/service.8 index 9902ae3c8574..c2be0e0af037 100644 --- a/usr.sbin/service/service.8 +++ b/usr.sbin/service/service.8 @@ -48,6 +48,7 @@ .Nm .Op Fl j Ar jail .Op Fl v +.Op Fl E Ar var=value .Ar script .Ar command .Sh DESCRIPTION @@ -67,6 +68,13 @@ the scripts using various criteria. .Pp The options are as follows: .Bl -tag -width F1 +.It Fl E Ar var=value +Set the environment variable +.Ar var +to the specified +.Ar value +before starting the script. +This option can be used multiple times. .It Fl e List services that are enabled. The list of scripts to check is compiled using @@ -117,6 +125,9 @@ to which is how they are set in .Pa /etc/rc at boot time. +If the +.Fl E +option is used, the corresponding variable is set accordingly. .Sh EXIT STATUS .Ex -std .Sh EXAMPLES @@ -126,6 +137,7 @@ command: .Bd -literal -offset -ident service named status service -j dns named status +service -E LC_ALL=C.UTF-8 named start service -rv .Ed .Pp diff --git a/usr.sbin/service/service.sh b/usr.sbin/service/service.sh index f056c43d3c98..5f232955bdff 100755 --- a/usr.sbin/service/service.sh +++ b/usr.sbin/service/service.sh @@ -37,21 +37,23 @@ usage () { echo "${0##*/} [-j ] -e" echo "${0##*/} [-j ] -R" echo "${0##*/} [-j ] [-v] -l | -r" - echo "${0##*/} [-j ] [-v] start|stop|etc." + echo "${0##*/} [-j ] [-v] [-E var=value] start|stop|etc." echo "${0##*/} -h" echo '' - echo "-jPerform actions within the named jail" - echo '-eShow services that are enabled' - echo "-RStop and start enabled $local_startup services" - echo "-lList all scripts in /etc/rc.d and $local_startup" - echo '-rShow the results of boot time rcorder' - echo '-vVerbose' + echo "-jPerform actions within the named jail" + echo "-E n=val Set variable n to val before executing the rc.d script" + echo '-eShow services that are enabled' + echo "-RStop and start enabled $local_startup services" + echo "-lList all scripts in /etc/rc.d and $local_startup" + echo '-rShow the results of boot time rcorder' + echo '-vVerbose' echo '' } -while getopts 'j:ehlrRv' COMMAND_LINE_ARGUMENT ; do +while getopts 'j:E:ehlrRv' COMMAND_LINE_ARGUMENT ; do case "${COMMAND_LINE_ARGUMENT}" in j) JAIL="${OPTARG}" ;; + E) VARS="${VARS} ${OPTARG}" ;; e) ENABLED=eopt ;; h) usage ; exit 0 ;; l) LIST=lopt ;; @@ -72,6 +74,9 @@ if [ -n "${JAIL}" ]; then [ -n "${RCORDER}" ] && args="${args} -r" [ -n "${RESTART}" ] && args="${args} -R" [ -n "${VERBOSE}" ] && args="${args} -v" + for var in ${VARS}; do + args="${args} -E ${var}" + done # Call jexec(8) with the rebuild args and any positional args that # were left in $@ @@ -171,7 +176,7 @@ cd / for dir in /etc/rc.d $local_startup; do if [ -x "$dir/$script" ]; then [ -n "$VERBOSE" ] && echo "$script is located in $dir" - exec env -i -L -/daemon HOME=/ PATH=/sbin:/bin:/usr/sbin:/usr/bin "$dir/$script" "$@" + exec env -i -L -/daemon HOME=/ PATH=/sbin:/bin:/usr/sbin:/usr/bin ${VARS} "$dir/$script" "$@" fi done
git: b75644771aa8 - main - Add nullfs specific nocache option.
The branch main has been updated by netchild: URL: https://cgit.FreeBSD.org/src/commit/?id=b75644771aa8bd362b9d22bc66c6bd6cc2beaf8a commit b75644771aa8bd362b9d22bc66c6bd6cc2beaf8a Author: Alexander Leidinger AuthorDate: 2022-04-22 08:22:26 + Commit: Alexander Leidinger CommitDate: 2022-04-22 08:22:26 + Add nullfs specific nocache option. --- sbin/mount_nullfs/mount_nullfs.8 | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/sbin/mount_nullfs/mount_nullfs.8 b/sbin/mount_nullfs/mount_nullfs.8 index f2969209e240..87cdeb288d83 100644 --- a/sbin/mount_nullfs/mount_nullfs.8 +++ b/sbin/mount_nullfs/mount_nullfs.8 @@ -33,7 +33,7 @@ .\" @(#)mount_null.8 8.6 (Berkeley) 5/1/95 .\" $FreeBSD$ .\" -.Dd October 3, 2016 +.Dd April 22, 2022 .Dt MOUNT_NULLFS 8 .Os .Sh NAME @@ -80,6 +80,12 @@ flag followed by a comma separated string of options. See the .Xr mount 8 man page for possible options and their meanings. +Additionally the following option is supported: +.Bl -tag -width indent +.It Cm nocache +Disable caching in the null layer. +Some lower-layer file systems may force this option. +.El .El .Pp The null layer has two purposes.
git: b29fb6cffd02 - main - Improve description of the nocache option.
The branch main has been updated by netchild: URL: https://cgit.FreeBSD.org/src/commit/?id=b29fb6cffd025dea9fb51e7c61c7f8e4f380ff4e commit b29fb6cffd025dea9fb51e7c61c7f8e4f380ff4e Author: Alexander Leidinger AuthorDate: 2022-05-06 11:00:37 + Commit: Alexander Leidinger CommitDate: 2022-05-06 11:03:30 + Improve description of the nocache option. Discussed with: pstef --- sbin/mount_nullfs/mount_nullfs.8 | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/sbin/mount_nullfs/mount_nullfs.8 b/sbin/mount_nullfs/mount_nullfs.8 index 87cdeb288d83..756b13a7ffdf 100644 --- a/sbin/mount_nullfs/mount_nullfs.8 +++ b/sbin/mount_nullfs/mount_nullfs.8 @@ -33,7 +33,7 @@ .\" @(#)mount_null.8 8.6 (Berkeley) 5/1/95 .\" $FreeBSD$ .\" -.Dd April 22, 2022 +.Dd May 6, 2022 .Dt MOUNT_NULLFS 8 .Os .Sh NAME @@ -83,8 +83,10 @@ man page for possible options and their meanings. Additionally the following option is supported: .Bl -tag -width indent .It Cm nocache -Disable caching in the null layer. +Disable metadata caching in the null layer. Some lower-layer file systems may force this option. +Depending on the access pattern, +this may result in increased lock contention. .El .El .Pp
Re: git: 87ee63bac69d - main - locks: add a runtime check for missing turnstile
Am 2024-07-15 22:13, schrieb John Baldwin: bugs might have been useful in the log as well. I think it's fine if we want to have some checks that are always on, but it's currently quite rare so needs a bit more rationale in the log than other changes is all. Is this a "we want to keep this permanent" change, or is this a "we see bugs, we don't know more, let's add this to have more people stumble upon it with more info until we know what is causing this and then remove it together with a fix" change? I would tend to understand it as the later (which maybe should lead to a commit to comment this part as such). Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.orgnetch...@freebsd.org : PGP 0x8F31830F9F2772BF signature.asc Description: OpenPGP digital signature
git: 2efbd480f1d3 - main - rc: add service jails framework
The branch main has been updated by netchild: URL: https://cgit.FreeBSD.org/src/commit/?id=2efbd480f1d37cbadc5af4476a87e5336c493910 commit 2efbd480f1d37cbadc5af4476a87e5336c493910 Author: Alexander Leidinger AuthorDate: 2024-05-22 13:28:11 + Commit: Alexander Leidinger CommitDate: 2024-05-22 13:41:48 + rc: add service jails framework This takes a rc.d-service and starts it in a jail which shares the same root-path as the host (or parent jail) and may inherit the network from the host (or parent jail). Per service there is the possibility to specify some arguments which give more permissions (e.g. netv4, netv6, sysvipc...). Reviewed by:bcr (man page) Relnotes: yes Differential Revision: https://reviews.freebsd.org/D40370 --- libexec/rc/rc.subr | 155 +++ share/man/man5/rc.conf.5 | 112 +- 2 files changed, 255 insertions(+), 12 deletions(-) diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr index 6ed9d24fdf5c..23651cbf8e58 100644 --- a/libexec/rc/rc.subr +++ b/libexec/rc/rc.subr @@ -50,6 +50,9 @@ PROTECT="/usr/bin/protect" ID="/usr/bin/id" IDCMD="if [ -x $ID ]; then $ID -un; fi" PS="/bin/ps -ww" +SERVICE=/usr/sbin/service +JAIL_CMD=/usr/sbin/jail +_svcj_generic_params="path=/ mount.nodevfs host=inherit" JID=0 CPUSET="/bin/cpuset" @@ -521,6 +524,16 @@ _find_processes() $_procname|$_procnamebn|${_procnamebn}:|"(${_procnamebn})"|"[${_procnamebn}]")' fi + if checkyesno ${name}_svcj && [ "${_rc_svcj}" != jailing ]; then + JID=$(/usr/sbin/jls -j svcj-${name} jid 2>/dev/null) + + case ${JID} in + ''|*[!0-9]*) + # svcj-jail doesn't exist, fallback to host-check + JID=0 + ;; + esac + fi _proccheck="\ $PS 2>/dev/null -o pid= -o jid= -o command= $_psargs"' | while read _npid _jid '"$_fp_args"'; do @@ -1138,6 +1151,18 @@ run_rc_command() _cpusetcmd="$CPUSET -l $_cpuset" fi + # If a specific jail has a specific svcj request, honor it (YES/NO). + # If not (variable empty), evaluate the global svcj catch-all. + # A global YES can be overriden by a specific NO, and a global NO is overriden + # by a specific YES. + eval _svcj=\$${name}_svcj + if [ -z "$_svcj" ]; then + _svcj=${svcj_all_enable} + if [ -z "$_svcj" ]; then + eval ${name}_svcj=NO + fi + fi + # setup pid check command if [ -n "$_procname" ]; then if [ -n "$pidfile" ]; then @@ -1174,7 +1199,7 @@ run_rc_command() _prepend=\$${name}_prepend _login_class=\${${name}_login_class:-daemon} \ _limits=\$${name}_limits_oomprotect=\$${name}_oomprotect \ _setup=\$${name}_setup _env_file=\$${name}_env_file \ - _umask=\$${name}_umask + _umask=\$${name}_umask _svcj_options=\$${name}_svcj_options if [ -n "$_env_file" ] && [ -r "${_env_file}" ]; then # load env from file set -a @@ -1188,6 +1213,45 @@ run_rc_command() fi fi + if [ -n "$_svcj_options" ]; then# translate service jail options + _svcj_cmd_options="" + + for _svcj_option in $_svcj_options; do + case "$_svcj_option" in + mlock) + _svcj_cmd_options="allow.mlock ${_svcj_cmd_options}" + ;; + netv4) + _svcj_cmd_options="ip4=inherit allow.reserved_ports ${_svcj_cmd_options}" + ;; + netv6) + _svcj_cmd_options="ip6=inherit allow.reserved_ports ${_svcj_cmd_options}" + ;; + net_basic) + _svcj_cmd_options="ip4=inherit ip6=inherit allow.reserved_ports ${_svcj_cmd_options}" + ;; + net_raw) + _svcj_cmd_options="allow.raw_sockets ${_svcj_cmd_options}" + ;; + net_all) +
git: f99f0ee14e3a - main - rc.d: add a service jails config to all base system services
The branch main has been updated by netchild: URL: https://cgit.FreeBSD.org/src/commit/?id=f99f0ee14e3af81c23150a6a340259ca8a33d01a commit f99f0ee14e3af81c23150a6a340259ca8a33d01a Author: Alexander Leidinger AuthorDate: 2024-05-22 13:31:47 + Commit: Alexander Leidinger CommitDate: 2024-05-22 13:41:49 + rc.d: add a service jails config to all base system services This gives more permissions to services (e.g. network access to services which require this) when they are started as an automatic service jail. The sshd patch is important for the sshd-related functionality as described in the man-page in the service jails part. The location of the added env vars is supposed to allow overriding them in rc.conf, and to hard-disable the use of svcj for some parts where it doesn't make sense or will not work. Only a subset of all of the services are fully tested (I'm running this since more than a year with various services started as service jails). The untested parts should be most of the time ok, in some edge-cases more permissions are needed inside the service jail. Differential Revision: https://reviews.freebsd.org/D40371 --- libexec/rc/rc.d/accounting | 4 libexec/rc/rc.d/adjkerntz | 4 libexec/rc/rc.d/apm| 4 libexec/rc/rc.d/apmd | 4 libexec/rc/rc.d/auditd | 4 libexec/rc/rc.d/auditdistd | 2 ++ libexec/rc/rc.d/automount | 4 libexec/rc/rc.d/automountd | 4 libexec/rc/rc.d/autounmountd | 4 libexec/rc/rc.d/bgfsck | 4 libexec/rc/rc.d/blacklistd | 3 +++ libexec/rc/rc.d/bluetooth | 3 +++ libexec/rc/rc.d/bootparams | 2 ++ libexec/rc/rc.d/bridge | 4 libexec/rc/rc.d/bsnmpd | 2 ++ libexec/rc/rc.d/bthidd | 3 +++ libexec/rc/rc.d/ccd| 4 libexec/rc/rc.d/cfumass| 4 libexec/rc/rc.d/cleanvar | 4 libexec/rc/rc.d/cleartmp | 4 libexec/rc/rc.d/cron | 5 + libexec/rc/rc.d/ctld | 4 libexec/rc/rc.d/ddb| 3 +++ libexec/rc/rc.d/defaultroute | 4 libexec/rc/rc.d/devd | 4 libexec/rc/rc.d/devfs | 4 libexec/rc/rc.d/devmatch | 4 libexec/rc/rc.d/dhclient | 3 +++ libexec/rc/rc.d/dmesg | 4 libexec/rc/rc.d/dnctl | 3 +++ libexec/rc/rc.d/dumpon | 4 libexec/rc/rc.d/fsck | 4 libexec/rc/rc.d/ftp-proxy | 2 ++ libexec/rc/rc.d/ftpd | 10 -- libexec/rc/rc.d/geli | 4 libexec/rc/rc.d/geli2 | 4 libexec/rc/rc.d/ggated | 3 +++ libexec/rc/rc.d/gptboot| 4 libexec/rc/rc.d/growfs | 4 libexec/rc/rc.d/growfs_fstab | 4 libexec/rc/rc.d/gssd | 2 ++ libexec/rc/rc.d/hastd | 4 libexec/rc/rc.d/hcsecd | 3 +++ libexec/rc/rc.d/hostapd| 4 libexec/rc/rc.d/hostid | 4 libexec/rc/rc.d/hostid_save| 4 libexec/rc/rc.d/hostname | 4 libexec/rc/rc.d/inetd | 2 ++ libexec/rc/rc.d/iovctl | 4 libexec/rc/rc.d/ip6addrctl | 4 libexec/rc/rc.d/ipfilter | 3 +++ libexec/rc/rc.d/ipfs | 4 libexec/rc/rc.d/ipfw | 3 +++ libexec/rc/rc.d/ipfw_netflow | 3 +++ libexec/rc/rc.d/ipmon | 3 +++ libexec/rc/rc.d/ipnat | 3 +++ libexec/rc/rc.d/ippool | 4 libexec/rc/rc.d/ipropd_master | 12 libexec/rc/rc.d/ipropd_slave | 14 +- libexec/rc/rc.d/ipsec | 4 libexec/rc/rc.d/iscsictl | 4 libexec/rc/rc.d/iscsid | 4 libexec/rc/rc.d/jail | 4 libexec/rc/rc.d/kadmind| 10 +++--- libexec/rc/rc.d/kdc| 1 + libexec/rc/rc.d/keyserv| 2 ++ libexec/rc/rc.d/kfd| 8 ++-- libexec/rc/rc.d/kld| 4 libexec/rc/rc.d/kldxref| 4 libexec/rc/rc.d/kpasswdd | 10 +++--- libexec/rc/rc.d/ldconfig | 4 libexec/rc/rc.d/linux | 4 libexec/rc/rc.d/local | 4 libexec/rc/rc.d/local_unbound | 1 + libexec/rc/rc.d/localpkg | 6 ++ libexec/rc/rc.d/lockd | 7 +-- libexec/rc/rc.d/lpd| 2 ++ libexec/rc/rc.d/mdconfig | 3 +++ libexec/rc/rc.d/mdconfig2 | 3 +++ libexec/rc/rc.d/mixer | 4 libexec/rc/rc.d/motd | 4 libex
git: a70ecfb11757 - main - rc.subr: add new sysv option for service jails
The branch main has been updated by netchild: URL: https://cgit.FreeBSD.org/src/commit/?id=a70ecfb11757812cd97b6499dc4b73984c310681 commit a70ecfb11757812cd97b6499dc4b73984c310681 Author: Alexander Leidinger AuthorDate: 2024-06-14 18:05:52 + Commit: Alexander Leidinger CommitDate: 2024-06-14 18:15:45 + rc.subr: add new sysv option for service jails Clarify that the "sysvipc" svcj option inherits from the host / parent. Add "sysvipcnew" which creates a new SysV namespace for the service jail. Sanity check that only one of them is used. --- libexec/rc/rc.subr | 11 +++ share/man/man5/rc.conf.5 | 8 ++-- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr index 2380d1aeabc3..f9d8bf9a3cc3 100644 --- a/libexec/rc/rc.subr +++ b/libexec/rc/rc.subr @@ -1219,6 +1219,7 @@ run_rc_command() if [ -n "$_svcj_options" ]; then# translate service jail options _svcj_cmd_options="" + _svcj_sysvipc_x=0 for _svcj_option in $_svcj_options; do case "$_svcj_option" in mlock) @@ -1243,8 +1244,13 @@ run_rc_command() _svcj_cmd_options="allow.nfsd enforce_statfs=1 ${_svcj_cmd_options}" ;; sysvipc) + _svcj_sysvipc_x=$((${_svcj_sysvipc_x} + 1)) _svcj_cmd_options="sysvmsg=inherit sysvsem=inherit sysvshm=inherit ${_svcj_cmd_options}" ;; + sysvipcnew) + _svcj_sysvipc_x=$((${_svcj_sysvipc_x} + 1)) + _svcj_cmd_options="sysvmsg=new sysvsem=new sysvshm=new ${_svcj_cmd_options}" + ;; vmm) _svcj_cmd_options="allow.vmm ${_svcj_cmd_options}" ;; @@ -1253,6 +1259,11 @@ run_rc_command() ;; esac done + if [ ${_svcj_sysvipc_x} -gt 1 ]; then + echo -n "ERROR: more than one sysvipc option is " + echo "specified in ${name}_svcj_options: $_svcj_options" + return 1 + fi fi [ -z "$autoboot" ] && eval $_pidcmd # determine the pid if necessary diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5 index 9f32cfa5ab82..3fa20fe3cf0c 100644 --- a/share/man/man5/rc.conf.5 +++ b/share/man/man5/rc.conf.5 @@ -4977,8 +4977,11 @@ to them. .It nfsd Allows to run nfsd and affiliated daemons. .It sysvipc -Allows access to SysV semaphores, SysV shared memory and -SysV messages. +Inherits the SysV semaphores, SysV shared memory and +SysV messages from the host or the parent jail. +.It sysvipcnew +Creates a new namespace for SysV semaphores, SysV shared memory +and SysV messages for this particular service jail. .It vmm Allows access to .Xr vmm 4 . @@ -4988,6 +4991,7 @@ is enabled in the kernel. .El All non-network options can be combined with all other options. +From the SysV options only one option can be specified. If the .Ao Ar name Ac Ns Va _svcj
git: 2d08f6b577e9 - main - rc.subr: add some sanity checks for service jails
The branch main has been updated by netchild: URL: https://cgit.FreeBSD.org/src/commit/?id=2d08f6b577e9d58848cd7734dc979e60fe6f0165 commit 2d08f6b577e9d58848cd7734dc979e60fe6f0165 Author: Alexander Leidinger AuthorDate: 2024-06-14 18:10:07 + Commit: Alexander Leidinger CommitDate: 2024-06-14 18:15:46 + rc.subr: add some sanity checks for service jails Add some sanity checks when service jails are used in jails: - children.max > 0 - children.max - children.cur > 0 The nesting is too deep at those places to have a sane formatting, so no line wrapping at the usual column. If someone has a better idea how to format this: feel free to go ahead. --- libexec/rc/rc.subr | 39 ++- 1 file changed, 34 insertions(+), 5 deletions(-) diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr index f9d8bf9a3cc3..e540d8f7d207 100644 --- a/libexec/rc/rc.subr +++ b/libexec/rc/rc.subr @@ -1332,11 +1332,28 @@ run_rc_command() start) if [ "${_rc_svcj}" != jailing ]; then _return=1 - $JAIL_CMD -c $_svcj_generic_params $_svcj_cmd_options \ - exec.start="${SERVICE} -E _rc_svcj=jailing ${name} ${_rc_prefix}start $rc_extra_args" \ - exec.stop="${SERVICE} -E _rc_svcj=jailing ${name} ${_rc_prefix}stop $rc_extra_args" \ - exec.consolelog="/var/log/svcj_${name}_console.log" \ - name=svcj-${name} && _return=0 + _do_jailing=1 + + if check_jail jailed; then + if [ $(${SYSCTL_N} security.jail.children.max) -eq 0 ]; then + echo ERROR: jail parameter children.max is set to 0, can not create a new service jail. + _do_jailing=0 + else + _free_jails=$(($(${SYSCTL_N} security.jail.children.max) - $(${SYSCTL_N} security.jail.children.cur))) + if [ ${_free_jails} -eq 0 ]; then + echo ERROR: max number of jail children reached, can not create a new service jail. + _do_jailing=0 + + fi + fi + fi + if [ ${_do_jailing} -eq 1 ]; then + $JAIL_CMD -c $_svcj_generic_params $_svcj_cmd_options \ + exec.start="${SERVICE} -E _rc_svcj=jailing ${name} ${_rc_prefix}start $rc_extra_args" \ + exec.stop="${SERVICE} -E _rc_svcj=jailing ${name} ${_rc_prefix}stop $rc_extra_args" \ + exec.consolelog="/var/log/svcj_${name}_console.log" \ + name=svcj-${name} && _return=0 + fi else _run_rc_doit "$_cpusetcmd $_cmd $rc_extra_args" || _return=1 fi @@ -1432,6 +1449,18 @@ run_rc_command() if checkyesno ${name}_svcj; then if [ "${_rc_svcj}" != jailing ]; then + if check_jail jailed; then + if [ $(${SYSCTL_N} security.jail.children.max) -eq 0 ]; then + echo ERROR: jail parameter children.max is set to 0, can not create a new service jail. + return 1 + else + _free_jails=$(($(${SYSCTL_N} security.jail.children.max) - $(${SYSCTL_N} security.jail.children.cur))) + if [ ${_free_jails} -eq 0 ]; then +
Re: git: d3bb35d4e51b - main - jail: allow adjustment of host time
Am 2024-06-28 12:25, schrieb Mariusz Zaborski: The branch main has been updated by oshogbo: URL: https://cgit.FreeBSD.org/src/commit/?id=d3bb35d4e51b06488b731071e7841f549bd5d26f commit d3bb35d4e51b06488b731071e7841f549bd5d26f Author: Mariusz Zaborski AuthorDate: 2024-06-28 10:23:31 + Commit: Mariusz Zaborski CommitDate: 2024-06-28 10:23:31 + jail: allow adjustment of host time Add a special permission to the jail to adjust and to set the host time. This can be useful if we want to compartmentalize the NTP daemon from the rest of the system. Do you plan to add a setting to service jails (rc.subr + rc.conf-man-page) for this, e.g. ---snip--- case "$_svcj_option" in chtime) _svcj_cmd_options="allow.adjtime allow.settime ${_svcj_cmd_options}" ;; ---snip--- and change the ntpd start script to use it (removing ntpd_svcj="NO" and adding ntpd_svcj_options="net_basic chtime" ... maybe net_raw is needed too, TBD)? Like this ntpd could be compartmentalized with "sysrc ntpd_svcj=YES". Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.orgnetch...@freebsd.org : PGP 0x8F31830F9F2772BF signature.asc Description: OpenPGP digital signature
git: e0dfe185cbca - main - jail(8): add support for ZFS datasets
The branch main has been updated by netchild: URL: https://cgit.FreeBSD.org/src/commit/?id=e0dfe185cbcae48b4c4493ed4c2626c46181eb80 commit e0dfe185cbcae48b4c4493ed4c2626c46181eb80 Author: Alexander Leidinger AuthorDate: 2024-01-17 07:40:40 + Commit: Alexander Leidinger CommitDate: 2024-01-17 07:40:40 + jail(8): add support for ZFS datasets Add zfs.dataset to jail(8) to add a list of ZFS datasets. Bump FreeBSD version for jail managers to switch to native dataset support. Datasets are attached to the jail after the jail creation and before the execution of any start command. Unlike current implementations in jail managers which attach datasets after the start command, this allows the zfs rc.d script to mount the datasets on start. Discussed with: jamie --- sys/sys/param.h | 2 +- usr.sbin/jail/command.c | 29 +++-- usr.sbin/jail/config.c | 1 + usr.sbin/jail/jail.8| 12 +++- usr.sbin/jail/jail.c| 1 + usr.sbin/jail/jailp.h | 1 + 6 files changed, 42 insertions(+), 4 deletions(-) diff --git a/sys/sys/param.h b/sys/sys/param.h index f912d193bc4a..b5a5398497e0 100644 --- a/sys/sys/param.h +++ b/sys/sys/param.h @@ -73,7 +73,7 @@ * cannot include sys/param.h and should only be updated here. */ #undef __FreeBSD_version -#define __FreeBSD_version 1500010 +#define __FreeBSD_version 1500011 /* * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD, diff --git a/usr.sbin/jail/command.c b/usr.sbin/jail/command.c index 8ffcca8039ac..60893444e9de 100644 --- a/usr.sbin/jail/command.c +++ b/usr.sbin/jail/command.c @@ -291,9 +291,9 @@ run_command(struct cfjail *j) login_cap_t *lcap; const char **argv; char *acs, *cs, *comcs, *devpath; - const char *jidstr, *conslog, *path, *ruleset, *term, *username; + const char *jidstr, *conslog, *fmt, *path, *ruleset, *term, *username; enum intparam comparam; - size_t comlen; + size_t comlen, ret; pid_t pid; cpusetid_t setid; int argc, bg, clean, consfd, down, fib, i, injail, sjuser, timeout; @@ -590,6 +590,31 @@ run_command(struct cfjail *j) } break; + case IP_ZFS_DATASET: + argv = alloca(4 * sizeof(char *)); + jidstr = string_param(j->intparams[KP_JID]) ? + string_param(j->intparams[KP_JID]) : + string_param(j->intparams[KP_NAME]); + fmt = "if [ $(/sbin/zfs get -H -o value jailed %s) = on ]; then /sbin/zfs jail %s %s || echo error, attaching %s to jail %s failed; else echo error, you need to set jailed=on for dataset %s; fi"; + comlen = strlen(fmt) + + 2 * strlen(jidstr) + + 4 * comstring->len + - 6 * 2 /* 6 * "%s" */ + + 1; + comcs = alloca(comlen); + ret = snprintf(comcs, comlen, fmt, comstring->s, + jidstr, comstring->s, comstring->s, jidstr, + comstring->s); + if (ret >= comlen) { + jail_warnx(j, "internal error in ZFS dataset handling"); + exit(1); + } + argv[0] = _PATH_BSHELL; + argv[1] = "-c"; + argv[2] = comcs; + argv[3] = NULL; + break; + case IP_COMMAND: if (j->name != NULL) goto default_command; diff --git a/usr.sbin/jail/config.c b/usr.sbin/jail/config.c index 63adc9652145..3af0088626c9 100644 --- a/usr.sbin/jail/config.c +++ b/usr.sbin/jail/config.c @@ -93,6 +93,7 @@ static const struct ipspec intparams[] = { [IP_MOUNT_FSTAB] = {"mount.fstab", PF_INTERNAL}, [IP_STOP_TIMEOUT] ={"stop.timeout",PF_INTERNAL | PF_INT}, [IP_VNET_INTERFACE] = {"vnet.interface", PF_INTERNAL}, +[IP_ZFS_DATASET] = {"zfs.dataset", PF_INTERNAL}, #ifdef INET [IP__IP4_IFADDR] = {"ip4.addr",PF_INTERNAL | PF_CONV | PF_REV}, #endif diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8 index 1f745caa5e7c..e49c3fe95e7f 100644 --- a/usr.sbin/jail/jail.8 +++ b/usr.sbin/jail/jail.8 @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd November 29, 2023 +.Dd January 17, 2024 .Dt JAIL 8 .Os .Sh NAME @@ -918,6 +918,15 @@ may also be specified, in the form .It Va vnet.interface A network interface to give to a vnet-enabled jail after is it created. The interface will automatically be released when the jail is removed. +.It Va zfs.dataset +A list of ZFS datasets to be attached to the jail. +This requires
git: 0b49e504a32d - main - rc.d/jail: add legacy compatibility for zfs.dataset
The branch main has been updated by netchild: URL: https://cgit.FreeBSD.org/src/commit/?id=0b49e504a32d90ccd6785841bced2ca8c93a87e6 commit 0b49e504a32d90ccd6785841bced2ca8c93a87e6 Author: Alexander Leidinger AuthorDate: 2024-01-17 12:32:39 + Commit: Alexander Leidinger CommitDate: 2024-01-17 12:38:00 + rc.d/jail: add legacy compatibility for zfs.dataset Evaluate the jail_${jailname}_zfs_dataset variable for legacy jail managers. This variable can take a space separated list of datasets. The singular was used specially to allow unmaintained jail managers like ezjail to use this (simply rename jail_${jailname}_zfs_datasets in the ezjail config to jail_${jailname}_zfs_dataset). --- libexec/rc/rc.d/jail | 7 +++ 1 file changed, 7 insertions(+) diff --git a/libexec/rc/rc.d/jail b/libexec/rc/rc.d/jail index f12dae280bb0..e24d6f8e21e0 100755 --- a/libexec/rc/rc.d/jail +++ b/libexec/rc/rc.d/jail @@ -268,6 +268,13 @@ parse_options() extract_var $_jv enforce_statfs enforce_statfs - 2 extract_var $_jv osreldate osreldate extract_var $_jv osrelease osrelease + + _zfs_dataset="$(eval echo \$jail_${_jv}_zfs_dataset)" + if [ -n "$_zfs_dataset" ]; then + for ds in $_zfs_dataset; do + echo " zfs.dataset += ${ds};" + done + fi for _p in $_parameters; do echo " ${_p%\;};" done
git: b9a60d36ba04 - main - RELNOTES: mention ZFS dataset support for jail(8)
The branch main has been updated by netchild: URL: https://cgit.FreeBSD.org/src/commit/?id=b9a60d36ba043f313ab98b8dd058d49559254791 commit b9a60d36ba043f313ab98b8dd058d49559254791 Author: Alexander Leidinger AuthorDate: 2024-01-17 12:59:03 + Commit: Alexander Leidinger CommitDate: 2024-01-17 12:59:03 + RELNOTES: mention ZFS dataset support for jail(8) --- RELNOTES | 10 ++ 1 file changed, 10 insertions(+) diff --git a/RELNOTES b/RELNOTES index adb9ca67aa0c..69a464d71873 100644 --- a/RELNOTES +++ b/RELNOTES @@ -10,6 +10,16 @@ newline. Entries should be separated by a newline. Changes to this file should not be MFCed. +0b49e504a32d: + rc.d/jail now supports the legacy variable jail_${jailname}_zfs_dataset + to allow unmaintained jail managers like ezjail to make use of this + feature (simply rename jail_${jailname}_zfs_datasets in the ezjail + config to jail_${jailname}_zfs_dataset. + +e0dfe185cbca: + jail(8) now support zfs.dataset to add a list of ZFS datasets to a +jail. + 61174ad88e33: newsyslog(8) now supports specifying a global compression method directly at the beginning of the newsyslog.conf file, which will make newsyslog(8)
Re: git: f239db4800ee - main - ktrace: Remove CAPFAIL from default trace points
Am 2024-04-24 02:29, schrieb Jake Freeland: The branch main has been updated by jfree: URL: https://cgit.FreeBSD.org/src/commit/?id=f239db4800ee9e7ff8485f96b7a68e6c38178c3b commit f239db4800ee9e7ff8485f96b7a68e6c38178c3b Author: Jake Freeland AuthorDate: 2024-04-24 00:26:14 + Commit: Jake Freeland CommitDate: 2024-04-24 00:26:14 + ktrace: Remove CAPFAIL from default trace points The CAPFAIL tracepoint was recently extended to report ECAPMODE capability violations for processes that do not enter capability mode. This allows developers that are interested in Capsicumizing their programs to determine where violations are being raised. Previously, CAPFAIL only produced output for processes using Capsicum(4) capabilties. Thus, most ktrace users never received log output from the trace point. With the recent changes, this is no longer the case. Having this trace point enabled by default will produce output for all processes that use syscalls that are not permitted in capability mode. This may lead to confusion for users that are not familiar with the feature. Remove KTRFAC_CAPFAIL from ktrace's default points to avoid this. Thanks for the opt-in instead of the opt-out! I stumbled over this a few hours ago and I can confirm that I was confused at first look... until I remembered a commit message about adding more info in this regard. Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.orgnetch...@freebsd.org : PGP 0x8F31830F9F2772BF signature.asc Description: OpenPGP digital signature
Re: git: ca63710d3668 - main - linux: ignore setsockopt(IPV6_RECVERR)
Am 2024-04-23 06:52, schrieb Warner Losh: The branch main has been updated by imp: URL: https://cgit.FreeBSD.org/src/commit/?id=ca63710d3668cf6f3cb4faf065d8b4eeffa028ad commit ca63710d3668cf6f3cb4faf065d8b4eeffa028ad Author: Lexi Winter AuthorDate: 2024-04-22 21:58:11 + Commit: Warner Losh CommitDate: 2024-04-23 04:36:34 + linux: ignore setsockopt(IPV6_RECVERR) Add support for ignoring IPV6_RECVERR, controlled by the same sysctl. This fixes DNS in Linux when using IPv6 resolvers. And all applications which depend upon a working DNS in an IPv6 enabled system (e.g. biology/linux-foldingathome started to work again for me). Any MFC target for this? Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.orgnetch...@freebsd.org : PGP 0x8F31830F9F2772BF signature.asc Description: OpenPGP digital signature
Re: git: fce03f85c5bf - main - TCP can be subject to Sack Attacks lets fix this issue.
Am 2024-05-05 15:10, schrieb Randall Stewart: The branch main has been updated by rrs: URL: https://cgit.FreeBSD.org/src/commit/?id=fce03f85c5bfc0d73fb5c43ac1affad73efab11a commit fce03f85c5bfc0d73fb5c43ac1affad73efab11a Author: Randall Stewart AuthorDate: 2024-05-05 13:08:47 + Commit: Randall Stewart CommitDate: 2024-05-05 13:08:47 + TCP can be subject to Sack Attacks lets fix this issue. There is a type of attack that a TCP peer can launch on a connection. This is for sure in Rack or BBR and probably even the default stack if it uses lists in sack processing. The idea of the attack is that the attacker is driving you to look at 100's of sack blocks that only update 1 byte. So for example if you have 1 - 10,000 bytes outstanding the attacker sends in something like: ACK 0 SACK(1-512) SACK(1024 - 1536), SACK(2048-2536), SACK(4096 - 4608), SACK(8192-8704) This first sack looks fine but then the attacker sends ACK 0 SACK(1-512) SACK(1025 - 1537), SACK(2049-2537), SACK(4097 - 4609), SACK(8193-8705) ACK 0 SACK(1-512) SACK(1027 - 1539), SACK(2051-2539), SACK(4099 - 4611), SACK(8195-8707) ... These blocks are making you hunt across your linked list and split things up so that you have an entry for every other byte. Has your list grows you spend more and more CPU running through the lists. The idea here is the attacker chooses entries as far apart as possible that make you run through the list. This example is small but in theory if the window is open to say 1Meg you could end up with 100's of thousands link list entries. Would it make sense to use a tree list (generic example: https://commons.apache.org/proper/commons-collections/apidocs/org/apache/commons/collections4/list/TreeList.html) instead of a linked list additional/independently to what you committed? diff --git a/sys/netinet/tcp_stacks/sack_filter.c b/sys/netinet/tcp_stacks/sack_filter.c index e82fcee2ffac..fc9ee8454a1e 100644 --- a/sys/netinet/tcp_stacks/sack_filter.c +++ b/sys/netinet/tcp_stacks/sack_filter.c #ifndef _KERNEL + +static u_int tcp_fixed_maxseg(const struct tcpcb *tp) +{ + /* Lets pretend their are timestamps on for user space */ + return (tp->t_maxseg - 12); +} Typo in the comment? Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.orgnetch...@freebsd.org : PGP 0x8F31830F9F2772BF signature.asc Description: OpenPGP digital signature
Re: git: fce03f85c5bf - main - TCP can be subject to Sack Attacks lets fix this issue.
Am 2024-05-06 13:11, schrieb Gary Jennejohn: On Mon, 06 May 2024 09:27:31 +0200 Alexander Leidinger wrote: Am 2024-05-05 15:10, schrieb Randall Stewart: > diff --git a/sys/netinet/tcp_stacks/sack_filter.c > b/sys/netinet/tcp_stacks/sack_filter.c > index e82fcee2ffac..fc9ee8454a1e 100644 > --- a/sys/netinet/tcp_stacks/sack_filter.c > +++ b/sys/netinet/tcp_stacks/sack_filter.c > #ifndef _KERNEL > + > +static u_int tcp_fixed_maxseg(const struct tcpcb *tp) > +{ > + /* Lets pretend their are timestamps on for user space */ > + return (tp->t_maxseg - 12); > +} Typo in the comment? Yes. Should be Let's as a contraction of Let us. As a non-native english speaker I also would change "their" in this place and reword "timestamps on for user space". Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.orgnetch...@freebsd.org : PGP 0x8F31830F9F2772BF signature.asc Description: OpenPGP digital signature
Re: git: 0ecf0b26a750 - main - timerfd_create: fix after cf742faa39a58a9b43b671c66097e6880459d4ae
Am 2024-03-06 18:29, schrieb Baptiste Daroussin: The branch main has been updated by bapt: URL: https://cgit.FreeBSD.org/src/commit/?id=0ecf0b26a750582b804e238e6446db55188d7fdc commit 0ecf0b26a750582b804e238e6446db55188d7fdc Author: Baptiste Daroussin AuthorDate: 2024-03-06 17:28:02 + Commit: Baptiste Daroussin CommitDate: 2024-03-06 17:28:02 + timerfd_create: fix after cf742faa39a58a9b43b671c66097e6880459d4ae Remove the include that crept in by accident Clang complains about CLOCK_BOOTTIME being the same for now as CLOCK_UPTIME, so remove CLOCK_BOOTTIME and leave a comment for what to do when CLOCK_BOOTTIME will be different for real. What about a compile time assert CLOCK_BOOTTIME == CLOCK_UPTIME, to make sure that someone knows to look at this piece if they want to make it different for other reasons? Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.orgnetch...@freebsd.org : PGP 0x8F31830F9F2772BF signature.asc Description: OpenPGP digital signature
git: 1c2ae9233b0e - main - Limit some cc options based upon features
The branch main has been updated by netchild: URL: https://cgit.FreeBSD.org/src/commit/?id=1c2ae9233b0ed4f6b92c59c0e4026f6ddc073e4a commit 1c2ae9233b0ed4f6b92c59c0e4026f6ddc073e4a Author: Alexander Leidinger AuthorDate: 2025-01-31 12:11:06 + Commit: Alexander Leidinger CommitDate: 2025-01-31 12:15:29 + Limit some cc options based upon features Limit the use of stack clash protection and zeroregs based upon compiler features: - switch unconditional use of stack clash protection into a compiler feature - limit the use of stack clash protection on unsupported architectures (I did not wade into the source of each compiler to determine when support arrived for each architecture, I used the compiler version when it was introduced with what is supported currently) - add a safeguard for stack clash protection in places where we have no SSP provisions (we may not need it, but better safe than sorry when something changes or is overridden by the user) - limit the use of zeroregs the same way, so that even specifying it will not lead to build failures (useful for universe builds when WITH_ZEROREGS is specified in src.conf) Differential Revision: https://reviews.freebsd.org/D48724 --- share/mk/bsd.compiler.mk | 13 - share/mk/bsd.lib.mk | 10 +- share/mk/bsd.sys.mk | 4 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/share/mk/bsd.compiler.mk b/share/mk/bsd.compiler.mk index bf6ef3956d7d..f93d3495b1aa 100644 --- a/share/mk/bsd.compiler.mk +++ b/share/mk/bsd.compiler.mk @@ -24,6 +24,7 @@ # - retpoline: supports the retpoline speculative execution vulnerability # mitigation. # - init-all: supports stack variable initialization. +# - stackclash:supports stack clash protection # - zeroregs: supports zeroing used registers on return # - aarch64-sha512: supports the AArch64 sha512 intrinsic functions. # @@ -264,8 +265,18 @@ ${X_}COMPILER_FEATURES+= compressed-debug ${X_}COMPILER_FEATURES+= fileprefixmap .endif +.if (${${X_}COMPILER_TYPE} == "clang" && ${${X_}COMPILER_VERSION} >= 7 \ + && ${MACHINE_ARCH:Mriscv*} != "" && ${MACHINE_ARCH:Mpower*} != "") || \ + (${${X_}COMPILER_TYPE} == "gcc" && ${${X_}COMPILER_VERSION} >= 81000 \ + && ${MACHINE_ARCH:Mriscv*} != "") +${X_}COMPILER_FEATURES+= stackclash +.endif + + .if (${${X_}COMPILER_TYPE} == "clang" && ${${X_}COMPILER_VERSION} >= 15) || \ - (${${X_}COMPILER_TYPE} == "gcc" && ${${X_}COMPILER_VERSION} >= 11) + (${${X_}COMPILER_TYPE} == "gcc" && ${${X_}COMPILER_VERSION} >= 11) && \ + ${MACHINE_ARCH:Mriscv*} != "" && ${MACHINE_ARCH:Mpower*} != "" && \ + ${MACHINE_ARCH:Marmv7*} != "" ${X_}COMPILER_FEATURES+= zeroregs .endif diff --git a/share/mk/bsd.lib.mk b/share/mk/bsd.lib.mk index cf4140d0b3e6..cf8057907a1f 100644 --- a/share/mk/bsd.lib.mk +++ b/share/mk/bsd.lib.mk @@ -170,7 +170,7 @@ PO_FLAG=-pg ${CTFCONVERT_CMD} .c.nossppico: - ${CC} ${PICFLAG} -DPIC ${SHARED_CFLAGS:C/^-fstack-protector.*$//:C/^-fsanitize.*$//} ${CFLAGS:C/^-fstack-protector.*$//:C/^-fsanitize.*$//} -c ${.IMPSRC} -o ${.TARGET} + ${CC} ${PICFLAG} -DPIC ${SHARED_CFLAGS:C/^-fstack-protector.*$//:C/^-fstack-clash-protection.*$//:C/^-fsanitize.*$//} ${CFLAGS:C/^-fstack-protector.*$//:C/^-fstack-clash-protection.*$//:C/^-fsanitize.*$//} -c ${.IMPSRC} -o ${.TARGET} ${CTFCONVERT_CMD} .c.pieo: @@ -184,7 +184,7 @@ PO_FLAG=-pg ${CXX} ${PICFLAG} -DPIC ${SHARED_CXXFLAGS} ${CXXFLAGS} -c ${.IMPSRC} -o ${.TARGET} .cc.nossppico .C.nossppico .cpp.nossppico .cxx.nossppico: - ${CXX} ${PICFLAG} -DPIC ${SHARED_CXXFLAGS:C/^-fstack-protector.*$//:C/^-fsanitize.*$//} ${CXXFLAGS:C/^-fstack-protector.*$//:C/^-fsanitize.*$//} -c ${.IMPSRC} -o ${.TARGET} + ${CXX} ${PICFLAG} -DPIC ${SHARED_CXXFLAGS:C/^-fstack-protector.*$//:C/^-fstack-clash-protection.*$//:C/^-fsanitize.*$//} ${CXXFLAGS:C/^-fstack-protector.*$//:C/^-fstack-clash-protection.*$//:C/^-fsanitize.*$//} -c ${.IMPSRC} -o ${.TARGET} .cc.pieo .C.pieo .cpp.pieo .cxx.pieo: ${CXX} ${PIEFLAG} ${SHARED_CXXFLAGS} ${CXXFLAGS} -c ${.IMPSRC} -o ${.TARGET} @@ -198,7 +198,7 @@ PO_FLAG=-pg ${CTFCONVERT_CMD} .f.nossppico: - ${FC} ${PICFLAG} -DPIC ${FFLAGS:C/^-fstack-protector.*$//} -o ${.TARGET} -c ${.IMPSRC} + ${FC} ${PICFLAG} -DPIC ${FFLAGS:C/^-fstack-protector.*$//:C/^-fstack-clash-protection.*$//} -o ${.TARGET} -c ${.IMPSRC} ${CTFCONVERT_CMD} .s.po .s.pico .s.nossppico .s.pieo: @@ -217,7 +217,7 @@ PO_FLAG=-pg .asm.nossppico: ${CC:N${CCACHE_BIN}} -x assembler-with-cpp
git: e91117fa8ed2 - main - Improve the stack clash protection description.
The branch main has been updated by netchild: URL: https://cgit.FreeBSD.org/src/commit/?id=e91117fa8ed2d00ae520454d6fecfce8abae0664 commit e91117fa8ed2d00ae520454d6fecfce8abae0664 Author: Alexander Leidinger AuthorDate: 2025-01-29 08:32:00 + Commit: Alexander Leidinger CommitDate: 2025-01-29 13:39:24 + Improve the stack clash protection description. Despite not being mentioned in the docs of gcc and clang, the stack clash protection is architecture / implementation dependent. Reported by:jrtc27 --- share/man/man7/mitigations.7 | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/share/man/man7/mitigations.7 b/share/man/man7/mitigations.7 index 4db6589cdcf1..c3c6ab55c480 100644 --- a/share/man/man7/mitigations.7 +++ b/share/man/man7/mitigations.7 @@ -28,7 +28,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd January 25, 2025 +.Dd January 29, 2025 .Dt MITIGATIONS 7 .Os .Sh NAME @@ -244,8 +244,9 @@ and it is possible that some applications may not function correctly. .Fx supports stack overflow protection using the Stack Smashing Protector .Pq SSP -compiler feature, -and stack clash protection. +compiler feature. +Stack clash protection is also enabled, +if supported by the compiler for the given architecture. In userland, SSP adds a per-process randomized canary at the end of every stack frame which is checked for corruption upon return from the function, and stack probing in
Re: git: f934e629dc22 - main - Add stack clash protection to the WITH_SSP flag
Am 2025-01-28 14:42, schrieb Ed Maste: On Sun, 26 Jan 2025 at 07:38, Alexander Leidinger wrote: Am 2025-01-25 20:21, schrieb Jessica Clarke: > It looks like with Clang we end up using -Qunused-arguments so the > warning/error is suppressed. That at least means the build doesn’t > fail, which I suppose is good, but I’m not sure we should be promising > that WITH_SSP will protect against stack clash then having the compiler > silently emit unprotected code (for which we’re to blame, by telling it > to ignore the fact it’s not supported). This at least needs to be > documented that the protection will only be provided if supported by > the compiler. I suppose we should add support for stack clash to COMPILER_FEATURES in bsd.compiler.mk and add the flag only if supported. I will submit a review for this later (testing some arch limits for zeroregs at the same time, seems it has similar restrictions). function correctly. supports stack overflow protection using the Stack Smashing Protector .Pq SSP compiler feature, -and stack clash protection. +and stack clash protection (if supported by the compiler for the given architecture). To make it explicitly clear that the "if supported" applies only to stack clash protection, maybe make it a separate sentence. ... SSP compiler feature. Stack clash protection is also enabled, if supported by the compiler for the given architecture. Looks good to me either way. Committed. Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.orgnetch...@freebsd.org : PGP 0x8F31830F9F2772BF signature.asc Description: OpenPGP digital signature
git: 2a44cccd404d - main - Add option to clear caller-used registers on function return.
The branch main has been updated by netchild: URL: https://cgit.FreeBSD.org/src/commit/?id=2a44cccd404d94c273c78e279df3fdc5531d25a2 commit 2a44cccd404d94c273c78e279df3fdc5531d25a2 Author: Alexander Leidinger AuthorDate: 2025-01-11 12:48:50 + Commit: Alexander Leidinger CommitDate: 2025-01-22 18:33:23 + Add option to clear caller-used registers on function return. The WITH_ZEROREGS option for src.conf will zero caller-used register contents just before returning from a function, ensuring that temporary values are not leaked beyond the function boundary. This means that register contents are less likely to be available for side channel attacks and information exposures. It reduces all except 1 of the simple "write-what-where" ROP gadgets in /lib: grep "Gadget found" /tmp/before_lib* | wc -l 197 grep "Gadget found" /tmp/after_lib* | wc -l 1 grep "Gadget found" /tmp/after_lib* /tmp/after_libbsdxml.so.4.txt: [+] Gadget found: 0x1b3f1 mov qword ptr [rdi], rcx ; pop rbp ; ret To reproduce: for lib in *.so.*; do echo $lib: ROPgadget --ropchain --binary /tmp/be_mount.Sx87/lib/$lib | sed -n '/Step 1/,/Step 2/p' >! /tmp/before_$lib.txt ROPgadget --ropchain --binary $lib | sed -n '/Step 1/,/Step 2/p' >! /tmp/after_$lib.txt done Additionally, in some cases this reduces the number of all ROP gadgets (quick check with /libs only): libalias.so.7: reduction 10.000% libavl.so.2: reduction 13.900% libbsdxml.so.4: reduction 37.500% libc.so.7: reduction 10.000% libc++.so.1: reduction 14.800% libcam.so.7: reduction 50.700% libcap_netdb.so.1: reduction 5.800% libcasper.so.1: reduction 14.600% libcrypto.so.30: reduction 7.500% libdtrace.so.2: reduction 3.900% libelf.so.2: reduction 15.800% libgcc_s.so.1: reduction 32.700% libibverbs.so.1: reduction 5.300% libicp.so.3: reduction 2.100% libipt.so.0: reduction 28.200% libirdma.so.1: reduction 1.600% libkiconv.so.4: reduction 0% libm.so.5: reduction 21.900% libmd.so.6: reduction 0% libmd.so.7: reduction 3.100% libncursesw.so.9: reduction 11.200% libnvpair.so.2: reduction 40.200% libpcap.so.8: reduction 11.400% libpjdlog.so.0: reduction 27.400% libsbuf.so.6: reduction 2.900% libspl.so.2: reduction 42.300% libsys.so.7: reduction 2.700% libthr.so.3: reduction 21.000% libuutil.so.2: reduction 13.100% libz.so.6: reduction 5.600% libzpool.so.2: reduction 15.100% In some cases it adds some ROP gadgets despite removing the simple ROP gadgets: lib80211.so.1: reduction -32.700% libbe.so.1: reduction -22.300% libbegemot.so.4: reduction -20.500% libcap_dns.so.2: reduction -58.000% libcap_fileargs.so.1: reduction -28.200% libcap_grp.so.1: reduction -54.000% libcap_net.so.1: reduction -28.800% libcap_pwd.so.1: reduction -38.800% libcap_sysctl.so.2: reduction -71.100% libcap_syslog.so.1: reduction -15.000% libcrypt.so.5: reduction -14.600% libctf.so.2: reduction -.300% libcxxrt.so.1: reduction -14.000% libdevstat.so.7: reduction -1.600% libedit.so.8: reduction -4.200% libgeom.so.5: reduction -16.500% libicp_rescue.so.3: reduction -2.300% libipsec.so.4: reduction -31.800% libjail.so.1: reduction -21.700% libkvm.so.7: reduction -5.300% libmlx5.so.1: reduction -6.300% libmt.so.5: reduction -23.000% libnv.so.1: reduction -.400% librss.so.1: reduction -3.800% librt.so.1: reduction -24.000% libssp.so.0: reduction -21.100% libstats.so.0: reduction -9.000% libtinfow.so.9: reduction -3.500% libtpool.so.2: reduction -36.500% libufs.so.8: reduction -11.900% libulog.so.0: reduction -67.400% libumem.so.2: reduction -2.000% libutil.so.9: reduction -7.200% libxo.so.0: reduction -9.000% libzdb.so.2: reduction -11.700% libzfs_core.so.2: reduction -17.700% libzfs.so.4: reduction -.300% libzfsbootenv.so.1: reduction -26.900% libzutil.so.2: reduction -5.600% To reproduce: for lib in *.so.*; do echo -n $lib: before="$(ROPgadget --nosys --nojop --binary /tmp/be_mount.Sx87/lib/$lib | tail -n1 | cut -d : -f 2)" after="$(ROPgadget --nosys --nojop --binary $lib | tail -n1 | cut -d : -f 2)" echo " reduction" $(bc -S 3 -e "(1-${after}/${before})*100")% done >/tmp/reduction.txt Most of the time the size difference is very small (<1% for >50% of the files and >10% for only 2 files): lib80211.so.1: size change .100% libalias.so.7: size change 0% libavl.so.2: size change 0% libbe.so.1: size change .100% libbegemot.so.4: siz
Re: git: 2a44cccd404d - main - Add option to clear caller-used registers on function return.
Am 2025-01-22 19:39, schrieb Alexander Leidinger: The branch main has been updated by netchild: URL: https://cgit.FreeBSD.org/src/commit/?id=2a44cccd404d94c273c78e279df3fdc5531d25a2 commit 2a44cccd404d94c273c78e279df3fdc5531d25a2 Author: Alexander Leidinger AuthorDate: 2025-01-11 12:48:50 + Commit: Alexander Leidinger CommitDate: 2025-01-22 18:33:23 + Add option to clear caller-used registers on function return. I forgot to add: https://reviews.freebsd.org/D48427 Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.orgnetch...@freebsd.org : PGP 0x8F31830F9F2772BF signature.asc Description: OpenPGP digital signature
git: f934e629dc22 - main - Add stack clash protection to the WITH_SSP flag
The branch main has been updated by netchild: URL: https://cgit.FreeBSD.org/src/commit/?id=f934e629dc22b859efabd3cdebc23b63b04fa2bb commit f934e629dc22b859efabd3cdebc23b63b04fa2bb Author: Alexander Leidinger AuthorDate: 2025-01-25 12:43:39 + Commit: Alexander Leidinger CommitDate: 2025-01-25 12:45:53 + Add stack clash protection to the WITH_SSP flag Some background info availabe in: https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html https://developers.redhat.com/blog/2020/05/22/stack-clash-mitigation-in-gcc-part-3 https://blog.llvm.org/posts/2021-01-05-stack-clash-protection/ Reviewed by:emaste Differential Revision: https://reviews.freebsd.org/D48651 --- share/man/man7/mitigations.7 | 14 ++ share/mk/bsd.sys.mk | 2 +- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/share/man/man7/mitigations.7 b/share/man/man7/mitigations.7 index c487e4e1000b..4db6589cdcf1 100644 --- a/share/man/man7/mitigations.7 +++ b/share/man/man7/mitigations.7 @@ -28,7 +28,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd July 23, 2024 +.Dd January 25, 2025 .Dt MITIGATIONS 7 .Os .Sh NAME @@ -244,9 +244,13 @@ and it is possible that some applications may not function correctly. .Fx supports stack overflow protection using the Stack Smashing Protector .Pq SSP -compiler feature. +compiler feature, +and stack clash protection. In userland, SSP adds a per-process randomized canary at the end of every stack -frame which is checked for corruption upon return from the function. +frame which is checked for corruption upon return from the function, +and stack probing in +.Dv PAGE_SIZE +chunks. In the kernel, a single randomized canary is used globally except on aarch64, which has a .Dv PERTHREAD_SSP @@ -264,7 +268,9 @@ When .Va WITH_SSP is enabled, which is the default, world is built with the .Fl fstack-protector-strong -compiler option. +and +.Fl fstack-clash-protection +compiler options. The kernel is built with the .Fl fstack-protector option. diff --git a/share/mk/bsd.sys.mk b/share/mk/bsd.sys.mk index 63774e857167..06f8e6e9fe78 100644 --- a/share/mk/bsd.sys.mk +++ b/share/mk/bsd.sys.mk @@ -304,7 +304,7 @@ CXXFLAGS.clang+= -Wno-c++11-extensions FORTIFY_SOURCE?= 0 .if ${MK_SSP} != "no" # Don't use -Wstack-protector as it breaks world with -Werror. -SSP_CFLAGS?= -fstack-protector-strong +SSP_CFLAGS?= -fstack-protector-strong -fstack-clash-protection CFLAGS+= ${SSP_CFLAGS} .endif # SSP .if ${FORTIFY_SOURCE} > 0
Re: git: f934e629dc22 - main - Add stack clash protection to the WITH_SSP flag
Am 2025-01-25 20:21, schrieb Jessica Clarke: It looks like with Clang we end up using -Qunused-arguments so the warning/error is suppressed. That at least means the build doesn’t fail, which I suppose is good, but I’m not sure we should be promising that WITH_SSP will protect against stack clash then having the compiler silently emit unprotected code (for which we’re to blame, by telling it to ignore the fact it’s not supported). This at least needs to be documented that the protection will only be provided if supported by the compiler. Like this? diff --git share/man/man7/mitigations.7 share/man/man7/mitigations.7 index 4db6589cdcf1..82a8e3a2c1c2 100644 --- share/man/man7/mitigations.7 +++ share/man/man7/mitigations.7 @@ -28,7 +28,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd January 25, 2025 +.Dd January 26, 2025 .Dt MITIGATIONS 7 .Os .Sh NAME @@ -245,7 +245,7 @@ and it is possible that some applications may not function correctly. supports stack overflow protection using the Stack Smashing Protector .Pq SSP compiler feature, -and stack clash protection. +and stack clash protection (if supported by the compiler for the given architecture). In userland, SSP adds a per-process randomized canary at the end of every stack frame which is checked for corruption upon return from the function, and stack probing in Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.orgnetch...@freebsd.org : PGP 0x8F31830F9F2772BF signature.asc Description: OpenPGP digital signature
git: 582c8de016f8 - main - Fix the date for the ROCKCHIP option.
The branch main has been updated by netchild: URL: https://cgit.FreeBSD.org/src/commit/?id=582c8de016f88c74eab5b34ba3764c18df4c36e0 commit 582c8de016f88c74eab5b34ba3764c18df4c36e0 Author: Alexander Leidinger AuthorDate: 2025-01-27 19:57:52 + Commit: Alexander Leidinger CommitDate: 2025-01-27 19:58:52 + Fix the date for the ROCKCHIP option. --- UPDATING | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/UPDATING b/UPDATING index 3eccd089d808..7329837c48ee 100644 --- a/UPDATING +++ b/UPDATING @@ -27,7 +27,7 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 15.x IS SLOW: world, or to merely disable the most expensive debugging functionality at runtime, run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) -20240106: +20250106: A new SOC_ROCKCHIP options appeared, so if you have a custom kernel configuration targetting Rockchip SoC you need to add it so shared and mandatory drivers for this SoC familly will be selected.
Re: git: f934e629dc22 - main - Add stack clash protection to the WITH_SSP flag
Am 2025-01-25 19:32, schrieb Jessica Clarke: On 25 Jan 2025, at 13:08, Alexander Leidinger wrote: The branch main has been updated by netchild: URL: https://cgit.FreeBSD.org/src/commit/?id=f934e629dc22b859efabd3cdebc23b63b04fa2bb commit f934e629dc22b859efabd3cdebc23b63b04fa2bb Author: Alexander Leidinger AuthorDate: 2025-01-25 12:43:39 + Commit: Alexander Leidinger CommitDate: 2025-01-25 12:45:53 + Add stack clash protection to the WITH_SSP flag Some background info availabe in: https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html https://developers.redhat.com/blog/2020/05/22/stack-clash-mitigation-in-gcc-part-3 https://blog.llvm.org/posts/2021-01-05-stack-clash-protection/ Reviewed by:emaste Differential Revision: https://reviews.freebsd.org/D48651 Uh, it does require architecture-specific compiler support, which isn’t implemented for all architectures in LLVM at least. RISC-V has only recently (as in 1.5 months ago so not even released yet) gained support, for example. So this is just going to spew out -Wunused-command-line-argument warnings, and errors with -Werror, no? The online docs for gcc (https://gcc.gnu.org/onlinedocs/gcc//Instrumentation-Options.html) tell this: ---snip--- Most targets do not fully support stack clash protection. However, on those targets -fstack-clash-protection will protect dynamic stack allocations. -fstack-clash-protection may also provide limited protection for static stack allocations if the target supports -fstack-check=specific. ---snip--- I read this as it should not spill such warnings. Additionally other options there are listed as limited to some architectures, but this one is not listed as such. The online docs of clang (https://clang.llvm.org/docs/ClangCommandLineReference.html) do not limit this option for some architectures while for other options (e.g. -fzero-call-used-regs) it tells about architecture limits. In a discussion on -current in November there was the opinion it may depend on run time support, as I've searched but I've read only that this option depends on stack guard pages in the kernel. I have not found info about any required run-time support in e.g. libc or such (like for -fstack-protector(-strong)). If those docs are missing listing limits for this option, we can off course enable this with a little bit of code in bsd.compiler.mk only for those architectures where we do not get such warnings. Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.orgnetch...@freebsd.org : PGP 0x8F31830F9F2772BF signature.asc Description: OpenPGP digital signature
git: 6fbd1bed6e7b - main - rc.subr: add ${svc}_svcj_ipaddrs option
The branch main has been updated by netchild: URL: https://cgit.FreeBSD.org/src/commit/?id=6fbd1bed6e7bf880a6cc579b06bdc6476983613a commit 6fbd1bed6e7bf880a6cc579b06bdc6476983613a Author: Lexi Winter AuthorDate: 2025-03-23 06:00:50 + Commit: Alexander Leidinger CommitDate: 2025-04-14 13:11:06 + rc.subr: add ${svc}_svcj_ipaddrs option setting ${svc}_svcj_ipaddrs to a list of IP addresses causes rc.subr to set ip6.addr and/or ip4.addr when starting the jail, restricting it to those IP addresses rather than inheriting all IP addresses. for example: inetd_enable=YES inetd_svcj=YES inetd_svcj_options="net_basic" inetd_svcj_ipaddrs="::1 127.0.0.1 2001:db8::1" if not specified, the default value is unchanged (inherit all addresses if networking is enabled). Reviewed by:netchild --- libexec/rc/rc.subr | 36 +--- share/man/man5/rc.conf.5 | 35 ++- 2 files changed, 55 insertions(+), 16 deletions(-) diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr index b7f8953012d7..29ed0eb05824 100644 --- a/libexec/rc/rc.subr +++ b/libexec/rc/rc.subr @@ -1196,7 +1196,8 @@ run_rc_command() _prepend=\$${name}_prepend _login_class=\${${name}_login_class:-daemon} \ _limits=\$${name}_limits_oomprotect=\$${name}_oomprotect \ _setup=\$${name}_setup _env_file=\$${name}_env_file \ - _umask=\$${name}_umask _svcj_options=\$${name}_svcj_options + _umask=\$${name}_umask _svcj_options=\$${name}_svcj_options \ + _svcj_ipaddrs=\$${name}_svcj_ipaddrs if [ -n "$_env_file" ] && [ -r "${_env_file}" ]; then # load env from file set -a @@ -1210,9 +1211,30 @@ run_rc_command() fi fi - if [ -n "$_svcj_options" ]; then# translate service jail options - _svcj_cmd_options="" + _svcj_ip="inherit" + _svcj_ip4_addrs="" + _svcj_ip6_addrs="" + + for addr in $_svcj_ipaddrs; do + case $addr in + *:*) _svcj_ip6_addrs="$addr,${_svcj_ip6_addrs}" ;; + *) _svcj_ip4_addrs="$addr,${_svcj_ip4_addrs}" ;; + esac + done + + _svcj_cmd_options="" + if [ -n "$_svcj_ip4_addrs" ]; then + _svcj_cmd_options="ip4.addr=${_svcj_ip4_addrs%*,} ${_svcj_cmd_options}" + _svcj_ip="new" + fi + + if [ -n "$_svcj_ip6_addrs" ]; then + _svcj_cmd_options="ip6.addr=${_svcj_ip6_addrs%*,} ${_svcj_cmd_options}" + _svcj_ip="new" + fi + + if [ -n "$_svcj_options" ]; then# translate service jail options _svcj_sysvipc_x=0 for _svcj_option in $_svcj_options; do case "$_svcj_option" in @@ -1220,19 +1242,19 @@ run_rc_command() _svcj_cmd_options="allow.mlock ${_svcj_cmd_options}" ;; netv4) - _svcj_cmd_options="ip4=inherit allow.reserved_ports ${_svcj_cmd_options}" + _svcj_cmd_options="ip4=${_svcj_ip} allow.reserved_ports ${_svcj_cmd_options}" ;; netv6) - _svcj_cmd_options="ip6=inherit allow.reserved_ports ${_svcj_cmd_options}" + _svcj_cmd_options="ip6=${_svcj_ip} allow.reserved_ports ${_svcj_cmd_options}" ;; net_basic) - _svcj_cmd_options="ip4=inherit ip6=inherit allow.reserved_ports ${_svcj_cmd_options}" + _svcj_cmd_options="ip4=${_svcj_ip} ip6=${_svcj_ip} allow.reserved_ports ${_svcj_cmd_options}" ;; net_raw) _svcj_cmd_options="allow.raw_sockets ${_svcj_cmd_options}" ;; net_all) - _svcj_cmd_options="allow.socket_af allow.raw_sockets allow.reserved_ports ip4=inherit ip6=inherit ${_svcj_cmd_options}" + _svcj_cmd_options="allow.socket_af allow.raw_sockets allow.reserved_ports ip4=${_svcj_ip} ip6=${_svcj_ip} ${_svcj_cmd_options}"
Re: git: 225639e7db68 - main - vt: Disable bell by default
Quoting Emmanuel Vadot (from Fri, 22 Oct 2021 22:55:40 +0200): I honestly thought that this setting was something that you setup once when you installed a new machine (which doesn't happens very often) and forget about it, you know another "ah crap yes I forgot about this, why do we have such insane default. Oh well now that I disabled it locally I don't have to think about it and won't change the default". Instead this time I didn't say to myself that I won't change it and I did. May I offer another perspective into this? Something outside of 0 and 1... I wonder if it is really the default of bell=on is what is crap, or if the bug Warner found is what makes it crap, or if the frequency of the current setting is what makes it crap (or the two last items together). Personally I dislike the bell, but not as much that I want to disable it. I don't mind to have it disabled (I simply enabled it directly in sysctl.conf even as I haven't updated to past the commit), as I think it gives usefull feedback. It may not give useful feedback in all cases where it goes off, but that's something we have influence on, don't we? What I don't like about the bell is the noise it makes. So what about changing the noise it makes to something more pleasant and asking if this is better and maybe acceptable to those which don't like the bell? I also think that disabling a feature you know it exists but you don't like is much more easy than to enable a feature you don't know exists. Basically I question in this email the problem you want to solve by disabling the bell. Does it really need to be disabled, or would a change of the sound and volume make it acceptable for you (you = all people which complain or agree to "the current one is crap -> disable it" which basically means we would need to make some kind of usability test what sounds better before deciding if it shall be disabled or not)? For me the issue with the bell would be solved if it sounds "better" and is less loud. I assume we could even make it configurable to some extend (override a hardcoded frequency and volume with a sysctl). Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.orgnetch...@freebsd.org : PGP 0x8F31830F9F2772BF