svn commit: r365325 - head/usr.sbin/fmtree

2020-09-03 Thread Stephen J. Kiernan
Author: stevek Date: Fri Sep 4 04:31:56 2020 New Revision: 365325 URL: https://svnweb.freebsd.org/changeset/base/365325 Log: Avoid collisions with function names in openssl headers. Just using MD5, SHA1, RMD160 and SHA256 for defines collides with functions of the same name in OpenSSL. T

svn commit: r365286 - head/lib/libucl

2020-09-02 Thread Stephen J. Kiernan
Author: stevek Date: Thu Sep 3 03:48:42 2020 New Revision: 365286 URL: https://svnweb.freebsd.org/changeset/base/365286 Log: Avoid issues with STAGING by using LIBUCL_DIR for the source directory variable name instead of LIBUCL (which would otherwise end up with the staging directory used i

svn commit: r363738 - head/stand/common

2020-07-31 Thread Stephen J. Kiernan
Author: stevek Date: Fri Jul 31 16:08:25 2020 New Revision: 363738 URL: https://svnweb.freebsd.org/changeset/base/363738 Log: Fix compilation error for install.c in loader Fix typo in interp_include() invocation (missing 'p') Remove setting tftpip, as servip is used by the tftp code in li

svn commit: r351878 - head/sys/kern

2019-09-05 Thread Stephen J. Kiernan
Author: stevek Date: Thu Sep 5 17:48:39 2019 New Revision: 351878 URL: https://svnweb.freebsd.org/changeset/base/351878 Log: Bump up the low range of cpuset numbers to account for the kernel cpuset. Reviewed by: jeff Obtained from:Juniper Networks, Inc. Modified: head/sys/ker

svn commit: r351244 - head/sys/dev/usb/net

2019-08-19 Thread Stephen J. Kiernan
Author: stevek Date: Tue Aug 20 01:06:43 2019 New Revision: 351244 URL: https://svnweb.freebsd.org/changeset/base/351244 Log: usb_ethernet.h includes a number of mii headers, but only does so in order to have struct mii_data available. However, it only really needs a forward declaration of s

svn commit: r348051 - in head/sys: kern sys x86/x86

2019-05-21 Thread Stephen J. Kiernan
Author: stevek Date: Tue May 21 13:29:53 2019 New Revision: 348051 URL: https://svnweb.freebsd.org/changeset/base/348051 Log: The older detection methods (smbios.bios.vendor and smbios.system.product) are able to determine some virtual machines, but the vm_guest variable was still only being

svn commit: r347972 - head/sys/x86/x86

2019-05-19 Thread Stephen J. Kiernan
Author: stevek Date: Sun May 19 15:07:14 2019 New Revision: 347972 URL: https://svnweb.freebsd.org/changeset/base/347972 Log: Add missing setting of hv_base to the leaf that we used. Correct setting hv_high to use regs[0], not leaf. Modified: head/sys/x86/x86/identcpu.c Modified: head/sys/

svn commit: r347942 - in head/sys: dev/veriexec security/mac_veriexec

2019-05-17 Thread Stephen J. Kiernan
Author: stevek Date: Fri May 17 19:27:07 2019 New Revision: 347942 URL: https://svnweb.freebsd.org/changeset/base/347942 Log: Add a new ioctl for the larger params struct that includes the label. We need to make the find_veriexec_file() function available publicly, so rename it to mac_ver

svn commit: r347941 - head/sys/dev/veriexec

2019-05-17 Thread Stephen J. Kiernan
Author: stevek Date: Fri May 17 18:25:53 2019 New Revision: 347941 URL: https://svnweb.freebsd.org/changeset/base/347941 Log: Add command to get version of the ioctl interface for the veriexec device. Obtained from:Juniper Networks, Inc. MFC after:1 week Modified: head/sys/

svn commit: r347938 - head/sys/security/mac_veriexec

2019-05-17 Thread Stephen J. Kiernan
Author: stevek Date: Fri May 17 18:13:43 2019 New Revision: 347938 URL: https://svnweb.freebsd.org/changeset/base/347938 Log: Obtain a shared lock instead of exclusive in the MAC/veriexec MAC_VERIEXEC_CHECK_PATH_SYSCALL per-MAC policy system call. When we are checking the status of the fi

svn commit: r347936 - head/sys/security/mac_veriexec

2019-05-17 Thread Stephen J. Kiernan
Author: stevek Date: Fri May 17 18:09:48 2019 New Revision: 347936 URL: https://svnweb.freebsd.org/changeset/base/347936 Log: sysctls which should be restricted when securelevel is raised should also be restricted when veriexec is enforced. Add mpo_system_check_sysctl method to mac_veriex

svn commit: r347935 - head/sys/security/mac_veriexec

2019-05-17 Thread Stephen J. Kiernan
Author: stevek Date: Fri May 17 18:06:24 2019 New Revision: 347935 URL: https://svnweb.freebsd.org/changeset/base/347935 Log: Fix format strings for some debug messages that could have arguments that are different types across architectures by using %ju and typecasting to uintmax_t, where ap

svn commit: r347934 - head/sys/dev/veriexec

2019-05-17 Thread Stephen J. Kiernan
Author: stevek Date: Fri May 17 18:02:26 2019 New Revision: 347934 URL: https://svnweb.freebsd.org/changeset/base/347934 Log: Protect commands that are considered dangerous with checks for kmem write priv. This allows for MAC/veriexec to prevent apps that are not "trusted" from using these c

svn commit: r347933 - head/sys/security/mac_veriexec

2019-05-17 Thread Stephen J. Kiernan
Author: stevek Date: Fri May 17 17:50:01 2019 New Revision: 347933 URL: https://svnweb.freebsd.org/changeset/base/347933 Log: Ensure we have obtained a lock on the process before calling mac_veriexec_get_executable_flags(). Only try locking/unlocking if the caller has not already acquired th

svn commit: r347932 - in head/sys: kern sys x86/include x86/x86

2019-05-17 Thread Stephen J. Kiernan
Author: stevek Date: Fri May 17 17:21:32 2019 New Revision: 347932 URL: https://svnweb.freebsd.org/changeset/base/347932 Log: Instead of individual conditional statements to look for each hypervisor type, use a table to make it easier to add more in the future, if needed. Add VirtualBox d

svn commit: r336289 - head/sys/security/mac_veriexec

2018-07-14 Thread Stephen J. Kiernan
Author: stevek Date: Sat Jul 14 17:21:16 2018 New Revision: 336289 URL: https://svnweb.freebsd.org/changeset/base/336289 Log: Add mpo_vnode_check_setmode MAC method to MAC/veriexec. In the method, disallow changing SUID/SGID on verified files. Obtained from:Juniper Networks, Inc.

svn commit: r336287 - head/sys/conf

2018-07-14 Thread Stephen J. Kiernan
Author: stevek Date: Sat Jul 14 17:18:17 2018 New Revision: 336287 URL: https://svnweb.freebsd.org/changeset/base/336287 Log: Add config(8) options that can be used to enable building MAC/veriexec and its fingerprint modules into a kernel. Reviewed by: sjg Modified: head/sys/conf/opti

svn commit: r336286 - head/sys/security/mac_veriexec

2018-07-14 Thread Stephen J. Kiernan
Author: stevek Date: Sat Jul 14 17:15:28 2018 New Revision: 336286 URL: https://svnweb.freebsd.org/changeset/base/336286 Log: Fix a typo which could cause a build breakage when building with MAC/veriexec enabled in the kernel config. Remove unused mac_veriexec_print_db prototype in intern

svn commit: r336284 - in head/sys: modules/mac_veriexec_rmd160 security/mac_veriexec

2018-07-14 Thread Stephen J. Kiernan
Author: stevek Date: Sat Jul 14 16:59:17 2018 New Revision: 336284 URL: https://svnweb.freebsd.org/changeset/base/336284 Log: Remove RIPEMD-160 fingerprint modules for veriexec, since it has very little practical use and would not be recommended for anyone to use in a production environment.

svn commit: r335682 - head/sys/modules

2018-06-26 Thread Stephen J. Kiernan
Author: stevek Date: Tue Jun 26 23:28:03 2018 New Revision: 335682 URL: https://svnweb.freebsd.org/changeset/base/335682 Log: Partial revert of r335399 and r335400: Unhook the MAC/veriexec, fingerprint handlers, and veriexec modules from the kernel modules Makefile. Reviewed by: sjg M

svn commit: r335681 - head/sbin/veriexecctl

2018-06-26 Thread Stephen J. Kiernan
Author: stevek Date: Tue Jun 26 23:19:55 2018 New Revision: 335681 URL: https://svnweb.freebsd.org/changeset/base/335681 Log: Revert r335402 While useful as an example, veriexecctl, as it is, has very little practical use, since there is nothing ensuring the integrity of the manifest of h

svn commit: r335430 - head/sys/security/mac_veriexec

2018-06-19 Thread Stephen J. Kiernan
Author: stevek Date: Wed Jun 20 06:54:38 2018 New Revision: 335430 URL: https://svnweb.freebsd.org/changeset/base/335430 Log: Fix build breakage in veriexec for 32-bit architectures. fsid_t and ino_t are 64-bit entities, use uintmax_t typecast to ensure we can print it on 32-bit or 64-bit

svn commit: r335402 - head/sbin/veriexecctl

2018-06-19 Thread Stephen J. Kiernan
Author: stevek Date: Wed Jun 20 01:08:54 2018 New Revision: 335402 URL: https://svnweb.freebsd.org/changeset/base/335402 Log: This application (veriexecctl) handles reading a fingerprints file containing paths, fingerprints, and optional option flags which in turn get pushed into the MAC/ver

svn commit: r335401 - head/lib/libveriexec

2018-06-19 Thread Stephen J. Kiernan
Author: stevek Date: Wed Jun 20 00:55:18 2018 New Revision: 335401 URL: https://svnweb.freebsd.org/changeset/base/335401 Log: This library allows for user space applications to check file descriptors or paths to see if they can be verified by MAC/veriexec. Reviewed by: jtl, wblock Obta

svn commit: r335400 - in head/sys: dev/veriexec modules modules/veriexec

2018-06-19 Thread Stephen J. Kiernan
Author: stevek Date: Wed Jun 20 00:48:46 2018 New Revision: 335400 URL: https://svnweb.freebsd.org/changeset/base/335400 Log: Device for user space to interface with MAC/veriexec. The veriexec device features the following ioctl commands: VERIEXEC_ACTIVE Activate veriexec functiona

svn commit: r335399 - in head/sys: conf modules modules/mac_veriexec modules/mac_veriexec_rmd160 modules/mac_veriexec_sha1 modules/mac_veriexec_sha256 modules/mac_veriexec_sha384 modules/mac_veriex...

2018-06-19 Thread Stephen J. Kiernan
Author: stevek Date: Wed Jun 20 00:41:30 2018 New Revision: 335399 URL: https://svnweb.freebsd.org/changeset/base/335399 Log: MAC/veriexec implements a verified execution environment using the MAC framework. The code is organized into a few distinct pieces: * The meta-data store (in

svn commit: r326636 - head/contrib/binutils/libiberty

2017-12-06 Thread Stephen J. Kiernan
Author: stevek Date: Wed Dec 6 21:18:45 2017 New Revision: 326636 URL: https://svnweb.freebsd.org/changeset/base/326636 Log: The function make_relative_prefix_1 does not properly free locally allocated memory when it returns early. Free the memory associated with the variables full_progr

svn commit: r326635 - head/lib/libc/stdio

2017-12-06 Thread Stephen J. Kiernan
Author: stevek Date: Wed Dec 6 21:12:24 2017 New Revision: 326635 URL: https://svnweb.freebsd.org/changeset/base/326635 Log: The function fwscanf() return value is wrong when encountering an early matching failure. According to the Open Group documentation for fwscanf: "Upon successful

svn commit: r319987 - head/etc

2017-06-15 Thread Stephen J. Kiernan
Author: stevek Date: Thu Jun 15 20:06:41 2017 New Revision: 319987 URL: https://svnweb.freebsd.org/changeset/base/319987 Log: Replace md(4) usage in diskless(8) script rc.initdiskless with tmpfs(5). Need to multiply the size of the disk passed to mount_md by 512 as mdmfs expects number of 51

svn commit: r319903 - head/usr.bin/finger

2017-06-13 Thread Stephen J. Kiernan
Author: stevek Date: Tue Jun 13 15:50:16 2017 New Revision: 319903 URL: https://svnweb.freebsd.org/changeset/base/319903 Log: The variable nargv is allocated but never freed, so free it when the it is no longer used. Submitted by: Thomas Rix Reviewed by: ed Approved by: sjg (mentor

svn commit: r319639 - head/usr.sbin/bluetooth/hccontrol

2017-06-06 Thread Stephen J. Kiernan
Author: stevek Date: Tue Jun 6 22:17:55 2017 New Revision: 319639 URL: https://svnweb.freebsd.org/changeset/base/319639 Log: When the input parameter node is NULL, memory is allocated to it. To later free the memory, introduce a new variable lnode to track when this happens. Submitted

svn commit: r319638 - head/usr.sbin/ppp

2017-06-06 Thread Stephen J. Kiernan
Author: stevek Date: Tue Jun 6 21:51:04 2017 New Revision: 319638 URL: https://svnweb.freebsd.org/changeset/base/319638 Log: Before returning because of an memory allocation error, free the memory already allocated to buf. Found using clang's static analyzer - scan-build Submitted b

svn commit: r319636 - head/usr.bin/tset

2017-06-06 Thread Stephen J. Kiernan
Author: stevek Date: Tue Jun 6 21:40:35 2017 New Revision: 319636 URL: https://svnweb.freebsd.org/changeset/base/319636 Log: The memory assigned to the local variable 'copy' needs to be freed. Found using clang's static analyzer - scan-build Submitted by: Thomas Rix Reviewed by: e

svn commit: r319508 - head/usr.bin/last

2017-06-02 Thread Stephen J. Kiernan
Author: stevek Date: Fri Jun 2 20:25:25 2017 New Revision: 319508 URL: https://svnweb.freebsd.org/changeset/base/319508 Log: Fix a memory leak with last free memory allocated to 'buf' Submitted by: Thomas Rix Reviewed by: ed Approved by: sjg (mentor) MFC after:1 week Diffe

svn commit: r319453 - head/contrib/telnet/telnetd

2017-06-01 Thread Stephen J. Kiernan
Author: stevek Date: Thu Jun 1 19:21:30 2017 New Revision: 319453 URL: https://svnweb.freebsd.org/changeset/base/319453 Log: Fix memory leak in edithost The problem is that when the parameter 'pat' is null, the function locally allocates a NULL string but never frees it. Instead of

svn commit: r319443 - head/lib/libutil

2017-06-01 Thread Stephen J. Kiernan
Author: stevek Date: Thu Jun 1 16:44:39 2017 New Revision: 319443 URL: https://svnweb.freebsd.org/changeset/base/319443 Log: When sysctlbyname fails, free buf before returning. Submitted by: Thomas Rix Reviewed by: jhb Approved by: sjg (mentor) MFC after:1 week Differential

svn commit: r319361 - head/sbin/dhclient

2017-05-31 Thread Stephen J. Kiernan
Author: stevek Date: Wed May 31 21:31:15 2017 New Revision: 319361 URL: https://svnweb.freebsd.org/changeset/base/319361 Log: parse.c parse_string When parse_semi fails, free s before returning parse.c parse_numeric_aggregate The memory assigned to bufp is complicated, it can either be

svn commit: r319358 - in head: sbin/mdconfig sbin/mount sys/dev/md sys/fs/cd9660 sys/geom/uzip sys/sys

2017-05-31 Thread Stephen J. Kiernan
Author: stevek Date: Wed May 31 21:18:11 2017 New Revision: 319358 URL: https://svnweb.freebsd.org/changeset/base/319358 Log: Add MD_VERIFY option to enable O_VERIFY in open for vnode type. Add -o [no]verify option to mdconfig (and document in man page.) Implement GEOM attribute MNT::verifie

svn commit: r318893 - stable/11/lib/libc/sys

2017-05-25 Thread Stephen J. Kiernan
Author: stevek Date: Thu May 25 18:55:10 2017 New Revision: 318893 URL: https://svnweb.freebsd.org/changeset/base/318893 Log: MFC r318314 Add information to open(2) man page about the O_VERIFY flag. PR: 219262 Reviewed by: bjk wblock Approved by: sjg (mentor) Obtained

svn commit: r318314 - head/lib/libc/sys

2017-05-15 Thread Stephen J. Kiernan
Author: stevek Date: Mon May 15 19:32:26 2017 New Revision: 318314 URL: https://svnweb.freebsd.org/changeset/base/318314 Log: Add information to open(2) man page about the O_VERIFY flag. Reviewed by: bjk wblock Approved by: sjg (mentor) Obtained from:Juniper Networks, Inc. Mo

svn commit: r313703 - head/sys/dev/md

2017-02-13 Thread Stephen J. Kiernan
Author: stevek Date: Mon Feb 13 18:52:26 2017 New Revision: 313703 URL: https://svnweb.freebsd.org/changeset/base/313703 Log: Fix typo where opening brace was needed. Reported by: Michael Butler Reviewed by: sjg Approved by: sjg (mentor) Modified: head/sys/dev/md/md.c Modified: h

svn commit: r313701 - in head: sbin/mdconfig sys/dev/md

2017-02-13 Thread Stephen J. Kiernan
Author: stevek Date: Mon Feb 13 17:44:07 2017 New Revision: 313701 URL: https://svnweb.freebsd.org/changeset/base/313701 Log: For MD_PRELOAD type md(4) devices, if there is a file name in the preloaded meta-data, copy it into the softc structure. When returning md(4) device details to the

svn commit: r313019 - in head/sys: dev/e1000 dev/vnic net

2017-01-31 Thread Stephen J. Kiernan
Author: stevek Date: Tue Jan 31 16:12:31 2017 New Revision: 313019 URL: https://svnweb.freebsd.org/changeset/base/313019 Log: Add the folowing set accessor functions for recently-added members of ifnet structure: if_gethwtsomax(), if_sethwtsomax() - if_hw_tsomax if_gethw

svn commit: r308535 - head/sys/boot/common

2016-11-11 Thread Stephen J. Kiernan
Author: stevek Date: Fri Nov 11 17:41:17 2016 New Revision: 308535 URL: https://svnweb.freebsd.org/changeset/base/308535 Log: Add support for LOADER_RC setting in the pkgfs manifest (defaults to /loader.rc) to specify a Forth file to read from the pkgfs tarball and process by Ficl. This

svn commit: r308534 - head/sys/boot/common

2016-11-11 Thread Stephen J. Kiernan
Author: stevek Date: Fri Nov 11 16:59:26 2016 New Revision: 308534 URL: https://svnweb.freebsd.org/changeset/base/308534 Log: The file_loadraw function grew an argument, update install function accordingly. Reviewed by: imp Approved by: sjg (mentor) MFC after:2 weeks Sponsored

svn commit: r307540 - head/sys/amd64/amd64

2016-10-17 Thread Stephen J. Kiernan
Author: stevek Date: Mon Oct 17 22:57:41 2016 New Revision: 307540 URL: https://svnweb.freebsd.org/changeset/base/307540 Log: Add sysctl to make amd64 minidump retry count tunable at runtime. PR: 213462 Submitted by: RaviPrakash Darbha Reviewed by: cemi, markj Approved by:

svn commit: r306827 - head/usr.sbin/pmcstat

2016-10-07 Thread Stephen J. Kiernan
Author: stevek Date: Fri Oct 7 21:03:12 2016 New Revision: 306827 URL: https://svnweb.freebsd.org/changeset/base/306827 Log: Just remove freeing memory in pmcstat_cleanup, since we only clean up when we are exiting anyway. Add NULL checks for all malloc and strdup returns. Reviewed

svn commit: r306159 - in head/sys/boot: efi/libefi i386/libi386 ofw/libofw powerpc/kboot powerpc/ps3 uboot/lib

2016-09-21 Thread Stephen J. Kiernan
Author: stevek Date: Thu Sep 22 06:24:40 2016 New Revision: 306159 URL: https://svnweb.freebsd.org/changeset/base/306159 Log: The getsecs() function is implemented in platform- and bootfw-specific files and, in a number of these places, there were problems with how they were declared. S

svn commit: r303962 - head/sys/boot/i386/btx/btxldr

2016-08-11 Thread Stephen J. Kiernan
Author: stevek Date: Thu Aug 11 15:00:55 2016 New Revision: 303962 URL: https://svnweb.freebsd.org/changeset/base/303962 Log: Add the missing space between .asciz directive and opening quote for some lines within #ifdef BTXLDR_VERBOSE/#endif Reported by: Kevin Zheng Reviewed by: jhb

svn commit: r303936 - head/sys/boot/i386/libi386

2016-08-10 Thread Stephen J. Kiernan
Author: stevek Date: Wed Aug 10 18:23:23 2016 New Revision: 303936 URL: https://svnweb.freebsd.org/changeset/base/303936 Log: Add kernel environment variables under smbios.system for the following SMBIOS Type 1 fields: smbios.system.sku - SKU Number (SMBIOS 2.4 and above) smbios.syste

svn commit: r303863 - in head/sys: conf kern netinet netinet6 sys

2016-08-08 Thread Stephen J. Kiernan
Author: stevek Date: Tue Aug 9 02:16:21 2016 New Revision: 303863 URL: https://svnweb.freebsd.org/changeset/base/303863 Log: Move IPv4-specific jail functions to new file netinet/in_jail.c _prison_check_ip4 renamed to prison_check_ip4_locked Move IPv6-specific jail functions to new file

svn commit: r303803 - in head/sys/dev: fdt ofw

2016-08-06 Thread Stephen J. Kiernan
Author: stevek Date: Sat Aug 6 18:48:47 2016 New Revision: 303803 URL: https://svnweb.freebsd.org/changeset/base/303803 Log: Add hw.fdt sysctl node. Make FDT blob available via opaque hw.fdt.dtb sysctl, if a DTB has been installed by the time sysctls are registered. Reviewed by: andre

svn commit: r303455 - in head/sys: netinet sys

2016-07-28 Thread Stephen J. Kiernan
Author: stevek Date: Thu Jul 28 18:39:30 2016 New Revision: 303455 URL: https://svnweb.freebsd.org/changeset/base/303455 Log: Remove BSD and USL copyright and update license block in in_prot.c, as the code in this file was written by Robert N. M. Waston. Move cr_can* prototypes from sys/s

svn commit: r303411 - in head/sys: conf kern netinet netinet6 sys

2016-07-27 Thread Stephen J. Kiernan
Author: stevek Date: Wed Jul 27 20:34:09 2016 New Revision: 303411 URL: https://svnweb.freebsd.org/changeset/base/303411 Log: Prepare for network stack as a module - Move cr_canseeinpcb to sys/netinet/in_prot.c in order to separate the INET and INET6-specific code from the rest of the

svn commit: r303355 - in head/sys: conf kern

2016-07-26 Thread Stephen J. Kiernan
Author: stevek Date: Wed Jul 27 03:21:02 2016 New Revision: 303355 URL: https://svnweb.freebsd.org/changeset/base/303355 Log: Add the NUM_CORE_FILES kernel config option which specifies the limit for the number of core files allowed by a particular process when using the %I core file name pa

svn commit: r303063 - head/share/misc

2016-07-19 Thread Stephen J. Kiernan
@@ sobomax [label="Maxim Sobolev\nsobomax@F sos [label="Soren Schmidt\n...@freebsd.org\n/??/??"] sson [label="Stacey Son\ns...@freebsd.org\n2008/07/08"] stas [label="Stanislav Sedov\ns...@freebsd.org\n2008/08/22"] +stevek [label="Stephen J. Kiernan\nste.