CVS commit: src/sys/net
Module Name:src Committed By: ozaki-r Date: Fri Jan 6 01:54:23 UTC 2023 Modified Files: src/sys/net: if_tap.c Log Message: tap: link up an interface cloned from /dev/tap Fix PR 57155 (partially) To generate a diff of this commit: cvs rdiff -u -r1.127 -r1.128 src/sys/net/if_tap.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/net
Module Name:src Committed By: ozaki-r Date: Fri Jan 6 01:54:23 UTC 2023 Modified Files: src/sys/net: if_tap.c Log Message: tap: link up an interface cloned from /dev/tap Fix PR 57155 (partially) To generate a diff of this commit: cvs rdiff -u -r1.127 -r1.128 src/sys/net/if_tap.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_tap.c diff -u src/sys/net/if_tap.c:1.127 src/sys/net/if_tap.c:1.128 --- src/sys/net/if_tap.c:1.127 Sun Apr 10 09:50:46 2022 +++ src/sys/net/if_tap.c Fri Jan 6 01:54:22 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: if_tap.c,v 1.127 2022/04/10 09:50:46 andvar Exp $ */ +/* $NetBSD: if_tap.c,v 1.128 2023/01/06 01:54:22 ozaki-r Exp $ */ /* * Copyright (c) 2003, 2004, 2008, 2009 The NetBSD Foundation. @@ -33,7 +33,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_tap.c,v 1.127 2022/04/10 09:50:46 andvar Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_tap.c,v 1.128 2023/01/06 01:54:22 ozaki-r Exp $"); #if defined(_KERNEL_OPT) @@ -735,6 +735,7 @@ tap_dev_cloner(struct lwp *l) } sc->sc_flags |= TAP_INUSE; + if_link_state_change(&sc->sc_ec.ec_if, LINK_STATE_UP); return fd_clone(fp, fd, FREAD | FWRITE, &tap_fileops, (void *)(intptr_t)device_unit(sc->sc_dev));
CVS commit: src/sys/net
Module Name:src Committed By: christos Date: Thu Jan 5 20:32:19 UTC 2023 Modified Files: src/sys/net: if_wg.c Log Message: centralize the kauth ugliness. To generate a diff of this commit: cvs rdiff -u -r1.73 -r1.74 src/sys/net/if_wg.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/net
Module Name:src Committed By: christos Date: Thu Jan 5 20:32:19 UTC 2023 Modified Files: src/sys/net: if_wg.c Log Message: centralize the kauth ugliness. To generate a diff of this commit: cvs rdiff -u -r1.73 -r1.74 src/sys/net/if_wg.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_wg.c diff -u src/sys/net/if_wg.c:1.73 src/sys/net/if_wg.c:1.74 --- src/sys/net/if_wg.c:1.73 Thu Jan 5 13:29:46 2023 +++ src/sys/net/if_wg.c Thu Jan 5 15:32:18 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: if_wg.c,v 1.73 2023/01/05 18:29:46 jakllsch Exp $ */ +/* $NetBSD: if_wg.c,v 1.74 2023/01/05 20:32:18 christos Exp $ */ /* * Copyright (C) Ryota Ozaki @@ -41,7 +41,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_wg.c,v 1.73 2023/01/05 18:29:46 jakllsch Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_wg.c,v 1.74 2023/01/05 20:32:18 christos Exp $"); #ifdef _KERNEL_OPT #include "opt_altq_enabled.h" @@ -4449,6 +4449,17 @@ out: return error; } +static bool +wg_is_authorized(struct wg_softc *wg, u_long cmd) +{ + int au = cmd == SIOCGDRVSPEC ? + KAUTH_REQ_NETWORK_INTERFACE_WG_GETPRIV : + KAUTH_REQ_NETWORK_INTERFACE_WG_SETPRIV; + return kauth_authorize_network(kauth_cred_get(), + KAUTH_NETWORK_INTERFACE_WG, au, &wg->wg_if, + (void *)cmd, NULL) == 0; +} + static int wg_ioctl_get(struct wg_softc *wg, struct ifdrv *ifd) { @@ -4463,10 +4474,7 @@ wg_ioctl_get(struct wg_softc *wg, struct if (prop_dict == NULL) goto error; - if (kauth_authorize_network(kauth_cred_get(), - KAUTH_NETWORK_INTERFACE_WG, - KAUTH_REQ_NETWORK_INTERFACE_WG_GETPRIV, &wg->wg_if, - (void *)SIOCGDRVSPEC, NULL) == 0) { + if (wg_is_authorized(wg, SIOCGDRVSPEC)) { if (!prop_dictionary_set_data(prop_dict, "private_key", wg->wg_privkey, WG_STATIC_KEY_LEN)) goto error; @@ -4512,10 +4520,7 @@ wg_ioctl_get(struct wg_softc *wg, struct uint8_t psk_zero[WG_PRESHARED_KEY_LEN] = {0}; if (!consttime_memequal(wgp->wgp_psk, psk_zero, sizeof(wgp->wgp_psk))) { - if (kauth_authorize_network(kauth_cred_get(), - KAUTH_NETWORK_INTERFACE_WG, - KAUTH_REQ_NETWORK_INTERFACE_WG_GETPRIV, &wg->wg_if, - (void *)SIOCGDRVSPEC, NULL) == 0) { + if (wg_is_authorized(wg, SIOCGDRVSPEC)) { if (!prop_dictionary_set_data(prop_peer, "preshared_key", wgp->wgp_psk, sizeof(wgp->wgp_psk))) @@ -4659,10 +4664,7 @@ wg_ioctl(struct ifnet *ifp, u_long cmd, } return error; case SIOCSDRVSPEC: - if (kauth_authorize_network(kauth_cred_get(), - KAUTH_NETWORK_INTERFACE_WG, - KAUTH_REQ_NETWORK_INTERFACE_WG_SETPRIV, &wg->wg_if, - (void *)cmd, NULL) != 0) { + if (!wg_is_authorized(wg, cmd)) { return EPERM; } switch (ifd->ifd_cmd) {
CVS commit: src/sys/arch/mac68k/conf
Module Name:src Committed By: tsutsui Date: Thu Jan 5 18:48:13 UTC 2023 Modified Files: src/sys/arch/mac68k/conf: INSTALL Log Message: Disable (comment out) options DIAGNOSTIC in INSTALL kernels. It has been there since the initial revision 1.1 while it was disabled in GENERIC in revision 1.121 back in 2002: http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/arch/mac68k/conf/GENERIC#rev1.121 Briefly discussed in PR/57107, and maybe should be pulled up to netbsd-9 and netbsd-10. To generate a diff of this commit: cvs rdiff -u -r1.57 -r1.58 src/sys/arch/mac68k/conf/INSTALL Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/mac68k/conf
Module Name:src Committed By: tsutsui Date: Thu Jan 5 18:48:13 UTC 2023 Modified Files: src/sys/arch/mac68k/conf: INSTALL Log Message: Disable (comment out) options DIAGNOSTIC in INSTALL kernels. It has been there since the initial revision 1.1 while it was disabled in GENERIC in revision 1.121 back in 2002: http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/arch/mac68k/conf/GENERIC#rev1.121 Briefly discussed in PR/57107, and maybe should be pulled up to netbsd-9 and netbsd-10. To generate a diff of this commit: cvs rdiff -u -r1.57 -r1.58 src/sys/arch/mac68k/conf/INSTALL Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/mac68k/conf/INSTALL diff -u src/sys/arch/mac68k/conf/INSTALL:1.57 src/sys/arch/mac68k/conf/INSTALL:1.58 --- src/sys/arch/mac68k/conf/INSTALL:1.57 Mon Aug 10 06:32:58 2020 +++ src/sys/arch/mac68k/conf/INSTALL Thu Jan 5 18:48:13 2023 @@ -1,4 +1,4 @@ -# $NetBSD: INSTALL,v 1.57 2020/08/10 06:32:58 rin Exp $ +# $NetBSD: INSTALL,v 1.58 2023/01/05 18:48:13 tsutsui Exp $ # # INSTALL @@ -38,7 +38,7 @@ options PIPE_SOCKETPAIR # smaller, but #options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel # Diagnostic/debugging support options - XXX remove these at some point -options DIAGNOSTIC # cheap kernel consistency checks +#options DIAGNOSTIC # cheap kernel consistency checks options DDB # in-kernel debugger pseudo-device ksyms #options ADB_DEBUG # ADB debugging
CVS commit: src/sys
Module Name:src Committed By: jakllsch Date: Thu Jan 5 18:29:46 UTC 2023 Modified Files: src/sys/net: if_wg.c src/sys/secmodel/suser: secmodel_suser.c src/sys/sys: kauth.h Log Message: wg(4): Allow non-root to retrieve information other than the private key and the peer preshared key. Add kauth(9) enums for wg(4) and add use them in suser secmodel. Refines fix for PR 57161. To generate a diff of this commit: cvs rdiff -u -r1.72 -r1.73 src/sys/net/if_wg.c cvs rdiff -u -r1.56 -r1.57 src/sys/secmodel/suser/secmodel_suser.c cvs rdiff -u -r1.88 -r1.89 src/sys/sys/kauth.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_wg.c diff -u src/sys/net/if_wg.c:1.72 src/sys/net/if_wg.c:1.73 --- src/sys/net/if_wg.c:1.72 Thu Jan 5 02:38:51 2023 +++ src/sys/net/if_wg.c Thu Jan 5 18:29:46 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: if_wg.c,v 1.72 2023/01/05 02:38:51 jakllsch Exp $ */ +/* $NetBSD: if_wg.c,v 1.73 2023/01/05 18:29:46 jakllsch Exp $ */ /* * Copyright (C) Ryota Ozaki @@ -41,7 +41,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_wg.c,v 1.72 2023/01/05 02:38:51 jakllsch Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_wg.c,v 1.73 2023/01/05 18:29:46 jakllsch Exp $"); #ifdef _KERNEL_OPT #include "opt_altq_enabled.h" @@ -4463,9 +4463,14 @@ wg_ioctl_get(struct wg_softc *wg, struct if (prop_dict == NULL) goto error; - if (!prop_dictionary_set_data(prop_dict, "private_key", wg->wg_privkey, - WG_STATIC_KEY_LEN)) - goto error; + if (kauth_authorize_network(kauth_cred_get(), + KAUTH_NETWORK_INTERFACE_WG, + KAUTH_REQ_NETWORK_INTERFACE_WG_GETPRIV, &wg->wg_if, + (void *)SIOCGDRVSPEC, NULL) == 0) { + if (!prop_dictionary_set_data(prop_dict, "private_key", + wg->wg_privkey, WG_STATIC_KEY_LEN)) + goto error; + } if (wg->wg_listen_port != 0) { if (!prop_dictionary_set_uint16(prop_dict, "listen_port", @@ -4507,10 +4512,15 @@ wg_ioctl_get(struct wg_softc *wg, struct uint8_t psk_zero[WG_PRESHARED_KEY_LEN] = {0}; if (!consttime_memequal(wgp->wgp_psk, psk_zero, sizeof(wgp->wgp_psk))) { - if (!prop_dictionary_set_data(prop_peer, -"preshared_key", -wgp->wgp_psk, sizeof(wgp->wgp_psk))) -goto next; + if (kauth_authorize_network(kauth_cred_get(), + KAUTH_NETWORK_INTERFACE_WG, + KAUTH_REQ_NETWORK_INTERFACE_WG_GETPRIV, &wg->wg_if, + (void *)SIOCGDRVSPEC, NULL) == 0) { +if (!prop_dictionary_set_data(prop_peer, + "preshared_key", + wgp->wgp_psk, sizeof(wgp->wgp_psk))) + goto next; + } } wgsa = wg_get_endpoint_sa(wgp, &wgsa_psref); @@ -4650,8 +4660,8 @@ wg_ioctl(struct ifnet *ifp, u_long cmd, return error; case SIOCSDRVSPEC: if (kauth_authorize_network(kauth_cred_get(), - KAUTH_NETWORK_INTERFACE, - KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, &wg->wg_if, + KAUTH_NETWORK_INTERFACE_WG, + KAUTH_REQ_NETWORK_INTERFACE_WG_SETPRIV, &wg->wg_if, (void *)cmd, NULL) != 0) { return EPERM; } @@ -4674,12 +4684,6 @@ wg_ioctl(struct ifnet *ifp, u_long cmd, } return error; case SIOCGDRVSPEC: - if (kauth_authorize_network(kauth_cred_get(), - KAUTH_NETWORK_INTERFACE, - KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, &wg->wg_if, - (void *)cmd, NULL) != 0) { - return EPERM; - } return wg_ioctl_get(wg, ifd); case SIOCSIFFLAGS: if ((error = ifioctl_common(ifp, cmd, data)) != 0) Index: src/sys/secmodel/suser/secmodel_suser.c diff -u src/sys/secmodel/suser/secmodel_suser.c:1.56 src/sys/secmodel/suser/secmodel_suser.c:1.57 --- src/sys/secmodel/suser/secmodel_suser.c:1.56 Thu Jan 5 17:36:53 2023 +++ src/sys/secmodel/suser/secmodel_suser.c Thu Jan 5 18:29:45 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: secmodel_suser.c,v 1.56 2023/01/05 17:36:53 jakllsch Exp $ */ +/* $NetBSD: secmodel_suser.c,v 1.57 2023/01/05 18:29:45 jakllsch Exp $ */ /*- * Copyright (c) 2006 Elad Efrat * All rights reserved. @@ -38,7 +38,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.56 2023/01/05 17:36:53 jakllsch Exp $"); +__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.57 2023/01/05 18:29:45 jakllsch Exp $"); #include #include @@ -759,6 +759,20 @@ secmodel_suser_network_cb(kauth_cred_t c break; + case KAUTH_NETWORK_INTERFACE_WG: + switch (req) { + case KAUTH_REQ_NETWORK_INTERFACE_WG_GETPRIV: + case KAUTH_REQ_NETWORK_INTERFACE_WG_SETPRIV: + if (isroot) +result = KAUTH_RESULT_ALLOW; + break; + + default: + break; + } + + break; + case KAUTH_NETWORK_SOCKET: switch (req) { case KAUTH_REQ_NETWORK_SOCKET_DROP: Index: src/sys/sys/kauth.h diff -u src/sys/sys/kauth.h:1.88 src/sys/sys/kauth.h:1.89 --- src/sys/sys/kauth.h:1.88 Thu Jan 5 17:36:53 2023 +++ src/sys/sys/kauth.h Thu Jan 5 18:29:45 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: kauth.h,v 1.88 2023/01/05 17:36:53 jakllsch Exp $ */ +/* $NetBSD: kauth.h,v 1.89 2023/01/05 18:29:45 jakllsch Exp $
CVS commit: src/sys
Module Name:src Committed By: jakllsch Date: Thu Jan 5 18:29:46 UTC 2023 Modified Files: src/sys/net: if_wg.c src/sys/secmodel/suser: secmodel_suser.c src/sys/sys: kauth.h Log Message: wg(4): Allow non-root to retrieve information other than the private key and the peer preshared key. Add kauth(9) enums for wg(4) and add use them in suser secmodel. Refines fix for PR 57161. To generate a diff of this commit: cvs rdiff -u -r1.72 -r1.73 src/sys/net/if_wg.c cvs rdiff -u -r1.56 -r1.57 src/sys/secmodel/suser/secmodel_suser.c cvs rdiff -u -r1.88 -r1.89 src/sys/sys/kauth.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/m68k/m68k
Module Name:src Committed By: tsutsui Date: Thu Jan 5 18:27:48 UTC 2023 Modified Files: src/sys/arch/m68k/m68k: bus_dma.c Log Message: Fix out of bounds invalidate (and writeback) in bus_dmamap_sync(9) ops. Detected by the POOL_REDZONE check in sys/kern/subr_pool.c that has been activated if options DIAGNOSTIC is enabled on post netbsd-9. The extra invalidate on DMASYNC_PREREAD op discards redzone pattern data allocated right after an mbuf cluster without proper writeback to memory so that it triggers false redzone assertions on freeing mbufs. This bug was my botch in rev 1.25 committed 15 years ago. (sigh) Fixes PR/57107 (kernel panic on -current when configuring network with sn(4) on mac68k), as actually the bus_dma(9) op changes in the past days were introduced for mac68k sn(4) improvements by using the MI SONIC (src/sys/dev/ic/dp83932.c) driver. https://mail-index.netbsd.org/port-mac68k/2007/06/01/0001.html Should be pulled up to netbsd-9 and netbsd-10. To generate a diff of this commit: cvs rdiff -u -r1.38 -r1.39 src/sys/arch/m68k/m68k/bus_dma.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/m68k/m68k/bus_dma.c diff -u src/sys/arch/m68k/m68k/bus_dma.c:1.38 src/sys/arch/m68k/m68k/bus_dma.c:1.39 --- src/sys/arch/m68k/m68k/bus_dma.c:1.38 Tue Jul 26 20:08:55 2022 +++ src/sys/arch/m68k/m68k/bus_dma.c Thu Jan 5 18:27:48 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: bus_dma.c,v 1.38 2022/07/26 20:08:55 andvar Exp $ */ +/* $NetBSD: bus_dma.c,v 1.39 2023/01/05 18:27:48 tsutsui Exp $ */ /* * This file was taken from alpha/common/bus_dma.c @@ -41,7 +41,7 @@ #include /* RCS ID & Copyright macro defns */ -__KERNEL_RCSID(0, "$NetBSD: bus_dma.c,v 1.38 2022/07/26 20:08:55 andvar Exp $"); +__KERNEL_RCSID(0, "$NetBSD: bus_dma.c,v 1.39 2023/01/05 18:27:48 tsutsui Exp $"); #include #include @@ -494,7 +494,8 @@ _bus_dmamap_sync(bus_dma_tag_t t, bus_dm } /* flush cachelines per 128bytes */ - while ((p < e) && (p & PAGE_MASK) != 0) { + while ((p + CACHELINE_SIZE * 8 <= e) && + (p & PAGE_MASK) != 0) { DCFL(p); p += CACHELINE_SIZE; DCFL(p); @@ -570,7 +571,8 @@ _bus_dmamap_sync(bus_dma_tag_t t, bus_dm } /* purge cachelines per 128bytes */ - while ((p < e) && (p & PAGE_MASK) != 0) { + while ((p + CACHELINE_SIZE * 8 <= e) && + (p & PAGE_MASK) != 0) { DCPL(p); p += CACHELINE_SIZE; DCPL(p);
CVS commit: src/sys/arch/m68k/m68k
Module Name:src Committed By: tsutsui Date: Thu Jan 5 18:27:48 UTC 2023 Modified Files: src/sys/arch/m68k/m68k: bus_dma.c Log Message: Fix out of bounds invalidate (and writeback) in bus_dmamap_sync(9) ops. Detected by the POOL_REDZONE check in sys/kern/subr_pool.c that has been activated if options DIAGNOSTIC is enabled on post netbsd-9. The extra invalidate on DMASYNC_PREREAD op discards redzone pattern data allocated right after an mbuf cluster without proper writeback to memory so that it triggers false redzone assertions on freeing mbufs. This bug was my botch in rev 1.25 committed 15 years ago. (sigh) Fixes PR/57107 (kernel panic on -current when configuring network with sn(4) on mac68k), as actually the bus_dma(9) op changes in the past days were introduced for mac68k sn(4) improvements by using the MI SONIC (src/sys/dev/ic/dp83932.c) driver. https://mail-index.netbsd.org/port-mac68k/2007/06/01/0001.html Should be pulled up to netbsd-9 and netbsd-10. To generate a diff of this commit: cvs rdiff -u -r1.38 -r1.39 src/sys/arch/m68k/m68k/bus_dma.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src
Module Name:src Committed By: jakllsch Date: Thu Jan 5 17:36:53 UTC 2023 Modified Files: src/share/examples/secmodel: secmodel_example.c src/sys/secmodel/suser: secmodel_suser.c src/sys/sys: kauth.h Log Message: more strip(4) removal, this time in kauth(9) To generate a diff of this commit: cvs rdiff -u -r1.28 -r1.29 src/share/examples/secmodel/secmodel_example.c cvs rdiff -u -r1.55 -r1.56 src/sys/secmodel/suser/secmodel_suser.c cvs rdiff -u -r1.87 -r1.88 src/sys/sys/kauth.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/share/examples/secmodel/secmodel_example.c diff -u src/share/examples/secmodel/secmodel_example.c:1.28 src/share/examples/secmodel/secmodel_example.c:1.29 --- src/share/examples/secmodel/secmodel_example.c:1.28 Sat Aug 25 09:54:37 2018 +++ src/share/examples/secmodel/secmodel_example.c Thu Jan 5 17:36:53 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: secmodel_example.c,v 1.28 2018/08/25 09:54:37 maxv Exp $ */ +/* $NetBSD: secmodel_example.c,v 1.29 2023/01/05 17:36:53 jakllsch Exp $ */ /* * This file is placed in the public domain. @@ -13,7 +13,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: secmodel_example.c,v 1.28 2018/08/25 09:54:37 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: secmodel_example.c,v 1.29 2023/01/05 17:36:53 jakllsch Exp $"); #include #include @@ -515,15 +515,6 @@ secmodel_example_network_cb(kauth_cred_t } break; - case KAUTH_NETWORK_INTERFACE_STRIP: - switch ((u_long)arg0) { - case KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD: - default: - result = KAUTH_RESULT_DEFER; - break; - } - break; - case KAUTH_NETWORK_ROUTE: break; Index: src/sys/secmodel/suser/secmodel_suser.c diff -u src/sys/secmodel/suser/secmodel_suser.c:1.55 src/sys/secmodel/suser/secmodel_suser.c:1.56 --- src/sys/secmodel/suser/secmodel_suser.c:1.55 Tue Sep 8 14:12:57 2020 +++ src/sys/secmodel/suser/secmodel_suser.c Thu Jan 5 17:36:53 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: secmodel_suser.c,v 1.55 2020/09/08 14:12:57 christos Exp $ */ +/* $NetBSD: secmodel_suser.c,v 1.56 2023/01/05 17:36:53 jakllsch Exp $ */ /*- * Copyright (c) 2006 Elad Efrat * All rights reserved. @@ -38,7 +38,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.55 2020/09/08 14:12:57 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.56 2023/01/05 17:36:53 jakllsch Exp $"); #include #include @@ -700,19 +700,6 @@ secmodel_suser_network_cb(kauth_cred_t c break; - case KAUTH_NETWORK_INTERFACE_STRIP: - switch (req) { - case KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD: - if (isroot) -result = KAUTH_RESULT_ALLOW; - break; - - default: - break; - } - - break; - case KAUTH_NETWORK_INTERFACE_TUN: switch (req) { case KAUTH_REQ_NETWORK_INTERFACE_TUN_ADD: Index: src/sys/sys/kauth.h diff -u src/sys/sys/kauth.h:1.87 src/sys/sys/kauth.h:1.88 --- src/sys/sys/kauth.h:1.87 Sun Mar 27 16:16:39 2022 +++ src/sys/sys/kauth.h Thu Jan 5 17:36:53 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: kauth.h,v 1.87 2022/03/27 16:16:39 christos Exp $ */ +/* $NetBSD: kauth.h,v 1.88 2023/01/05 17:36:53 jakllsch Exp $ */ /*- * Copyright (c) 2005, 2006 Elad Efrat @@ -256,7 +256,7 @@ enum { KAUTH_NETWORK_SOCKET, KAUTH_NETWORK_INTERFACE_PPP, KAUTH_NETWORK_INTERFACE_SLIP, - KAUTH_NETWORK_INTERFACE_STRIP, + KAUTH_NETWORK_INTERFACE_STRIP, /* obsolete */ KAUTH_NETWORK_INTERFACE_TUN, KAUTH_NETWORK_INTERFACE_BRIDGE, KAUTH_NETWORK_IPSEC, @@ -298,7 +298,7 @@ enum kauth_network_req { KAUTH_REQ_NETWORK_SOCKET_SETPRIV, KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD, KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD, - KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD, + KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD, /* obsolete */ KAUTH_REQ_NETWORK_INTERFACE_TUN_ADD, KAUTH_REQ_NETWORK_IPV6_HOPBYHOP, KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_GETPRIV,
CVS commit: src
Module Name:src Committed By: jakllsch Date: Thu Jan 5 17:36:53 UTC 2023 Modified Files: src/share/examples/secmodel: secmodel_example.c src/sys/secmodel/suser: secmodel_suser.c src/sys/sys: kauth.h Log Message: more strip(4) removal, this time in kauth(9) To generate a diff of this commit: cvs rdiff -u -r1.28 -r1.29 src/share/examples/secmodel/secmodel_example.c cvs rdiff -u -r1.55 -r1.56 src/sys/secmodel/suser/secmodel_suser.c cvs rdiff -u -r1.87 -r1.88 src/sys/sys/kauth.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/lib/libc/gen
Module Name:src Committed By: kre Date: Thu Jan 5 15:13:57 UTC 2023 Modified Files: src/lib/libc/gen: err.3 Log Message: Add errc() and verrc() to the list of functions which do not return, but exit() instead. This was omitted when the *c() set of functions were added in 2014. To generate a diff of this commit: cvs rdiff -u -r1.22 -r1.23 src/lib/libc/gen/err.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/lib/libc/gen/err.3 diff -u src/lib/libc/gen/err.3:1.22 src/lib/libc/gen/err.3:1.23 --- src/lib/libc/gen/err.3:1.22 Mon Jul 3 21:32:49 2017 +++ src/lib/libc/gen/err.3 Thu Jan 5 15:13:57 2023 @@ -1,4 +1,4 @@ -.\" $NetBSD: err.3,v 1.22 2017/07/03 21:32:49 wiz Exp $ +.\" $NetBSD: err.3,v 1.23 2023/01/05 15:13:57 kre Exp $ .\" .\" Copyright (c) 1993 .\" The Regents of the University of California. All rights reserved. @@ -29,7 +29,7 @@ .\" .\" @(#)err.3 8.1 (Berkeley) 6/9/93 .\" -.Dd January 16, 2014 +.Dd January 5, 2023 .Dt ERR 3 .Os .Sh NAME @@ -124,6 +124,8 @@ functions will not output this error mes The .Fn err , .Fn verr , +.Fn errc , +.Fn verrc , .Fn errx , and .Fn verrx
CVS commit: src/lib/libc/gen
Module Name:src Committed By: kre Date: Thu Jan 5 15:13:57 UTC 2023 Modified Files: src/lib/libc/gen: err.3 Log Message: Add errc() and verrc() to the list of functions which do not return, but exit() instead. This was omitted when the *c() set of functions were added in 2014. To generate a diff of this commit: cvs rdiff -u -r1.22 -r1.23 src/lib/libc/gen/err.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/dev/pci
Module Name:src Committed By: msaitoh Date: Thu Jan 5 14:50:14 UTC 2023 Modified Files: src/sys/dev/pci: sdhc_pci.c Log Message: Add quirk setting for some Intel eMMC devices. On some Intel eMMC controllers, the driver reports "autoconfiguration error: couldn't enable card: 60" even though they really have eMMC device. This change fixes the problem on some machines. It might be required more quirks for newer devices (or HS400 support). At least, this change fixes the problem on GIGABYTE MA10-ST0. To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.21 src/sys/dev/pci/sdhc_pci.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dev/pci/sdhc_pci.c diff -u src/sys/dev/pci/sdhc_pci.c:1.20 src/sys/dev/pci/sdhc_pci.c:1.21 --- src/sys/dev/pci/sdhc_pci.c:1.20 Wed Jan 4 03:24:00 2023 +++ src/sys/dev/pci/sdhc_pci.c Thu Jan 5 14:50:14 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: sdhc_pci.c,v 1.20 2023/01/04 03:24:00 msaitoh Exp $ */ +/* $NetBSD: sdhc_pci.c,v 1.21 2023/01/05 14:50:14 msaitoh Exp $ */ /* $OpenBSD: sdhc_pci.c,v 1.7 2007/10/30 18:13:45 chl Exp $ */ /* @@ -18,7 +18,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: sdhc_pci.c,v 1.20 2023/01/04 03:24:00 msaitoh Exp $"); +__KERNEL_RCSID(0, "$NetBSD: sdhc_pci.c,v 1.21 2023/01/05 14:50:14 msaitoh Exp $"); #ifdef _KERNEL_OPT #include "opt_sdmmc.h" @@ -161,7 +161,8 @@ static const struct sdhc_pci_quirk { 0x, 0x, ~0, - SDHC_PCI_QUIRK_INTEL_EMMC_HW_RESET + SDHC_PCI_QUIRK_INTEL_EMMC_HW_RESET | + SDHC_PCI_QUIRK_NO_PWR0 }, { @@ -172,6 +173,97 @@ static const struct sdhc_pci_quirk { ~0, SDHC_PCI_QUIRK_INTEL_EMMC_HW_RESET }, + + { + PCI_VENDOR_INTEL, + PCI_PRODUCT_INTEL_C3K_EMMC, + 0x, + 0x, + ~0, + SDHC_PCI_QUIRK_INTEL_EMMC_HW_RESET | + SDHC_PCI_QUIRK_NO_PWR0 + }, + { + PCI_VENDOR_INTEL, + PCI_PRODUCT_INTEL_BAYTRAIL_SCC_MMC, + 0x, + 0x, + ~0, + SDHC_PCI_QUIRK_INTEL_EMMC_HW_RESET | + SDHC_PCI_QUIRK_NO_PWR0 + }, + { + PCI_VENDOR_INTEL, + PCI_PRODUCT_INTEL_BAYTRAIL_SCC_MMC2, + 0x, + 0x, + ~0, + SDHC_PCI_QUIRK_INTEL_EMMC_HW_RESET | + SDHC_PCI_QUIRK_NO_PWR0 + }, + { + PCI_VENDOR_INTEL, + PCI_PRODUCT_INTEL_APL_EMMC, + 0x, + 0x, + ~0, + SDHC_PCI_QUIRK_INTEL_EMMC_HW_RESET | + SDHC_PCI_QUIRK_NO_PWR0 + }, + { + PCI_VENDOR_INTEL, + PCI_PRODUCT_INTEL_GLK_EMMC, + 0x, + 0x, + ~0, + SDHC_PCI_QUIRK_INTEL_EMMC_HW_RESET | + SDHC_PCI_QUIRK_NO_PWR0 + }, + { + PCI_VENDOR_INTEL, + PCI_PRODUCT_INTEL_3HS_U_EMMC, + 0x, + 0x, + ~0, + SDHC_PCI_QUIRK_INTEL_EMMC_HW_RESET | + SDHC_PCI_QUIRK_NO_PWR0 + }, + { + PCI_VENDOR_INTEL, + PCI_PRODUCT_INTEL_495_YU_PCIE_EMMC, + 0x, + 0x, + ~0, + SDHC_PCI_QUIRK_INTEL_EMMC_HW_RESET | + SDHC_PCI_QUIRK_NO_PWR0 + }, + { + PCI_VENDOR_INTEL, + PCI_PRODUCT_INTEL_CMTLK_EMMC, + 0x, + 0x, + ~0, + SDHC_PCI_QUIRK_INTEL_EMMC_HW_RESET | + SDHC_PCI_QUIRK_NO_PWR0 + }, + { + PCI_VENDOR_INTEL, + PCI_PRODUCT_INTEL_JSL_EMMC, + 0x, + 0x, + ~0, + SDHC_PCI_QUIRK_INTEL_EMMC_HW_RESET | + SDHC_PCI_QUIRK_NO_PWR0 + }, + { + PCI_VENDOR_INTEL, + PCI_PRODUCT_INTEL_EHL_EMMC, + 0x, + 0x, + ~0, + SDHC_PCI_QUIRK_INTEL_EMMC_HW_RESET | + SDHC_PCI_QUIRK_NO_PWR0 + }, }; static void sdhc_pci_quirk_ti_hack(struct pci_attach_args *);
CVS commit: src/sys/dev/pci
Module Name:src Committed By: msaitoh Date: Thu Jan 5 14:50:14 UTC 2023 Modified Files: src/sys/dev/pci: sdhc_pci.c Log Message: Add quirk setting for some Intel eMMC devices. On some Intel eMMC controllers, the driver reports "autoconfiguration error: couldn't enable card: 60" even though they really have eMMC device. This change fixes the problem on some machines. It might be required more quirks for newer devices (or HS400 support). At least, this change fixes the problem on GIGABYTE MA10-ST0. To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.21 src/sys/dev/pci/sdhc_pci.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/dev/hdaudio
Module Name:src Committed By: kardel Date: Thu Jan 5 09:57:39 UTC 2023 Modified Files: src/sys/dev/hdaudio: hdafg.c Log Message: ignore NULL for hdaudio_audiodev in hdafg_freem also guard against NULL in ad_{capture,playback} observed during shutdown on Lenovo W510 To generate a diff of this commit: cvs rdiff -u -r1.28 -r1.29 src/sys/dev/hdaudio/hdafg.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dev/hdaudio/hdafg.c diff -u src/sys/dev/hdaudio/hdafg.c:1.28 src/sys/dev/hdaudio/hdafg.c:1.29 --- src/sys/dev/hdaudio/hdafg.c:1.28 Tue May 24 06:28:00 2022 +++ src/sys/dev/hdaudio/hdafg.c Thu Jan 5 09:57:39 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: hdafg.c,v 1.28 2022/05/24 06:28:00 andvar Exp $ */ +/* $NetBSD: hdafg.c,v 1.29 2023/01/05 09:57:39 kardel Exp $ */ /* * Copyright (c) 2009 Precedence Technologies Ltd @@ -60,7 +60,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: hdafg.c,v 1.28 2022/05/24 06:28:00 andvar Exp $"); +__KERNEL_RCSID(0, "$NetBSD: hdafg.c,v 1.29 2023/01/05 09:57:39 kardel Exp $"); #include #include @@ -4226,9 +4226,12 @@ hdafg_freem(void *opaque, void *addr, si struct hdaudio_audiodev *ad = opaque; struct hdaudio_stream *st; - if (addr == DMA_KERNADDR(&ad->ad_playback->st_data)) + if (ad == NULL) + return; + + if (ad->ad_playback != NULL && addr == DMA_KERNADDR(&ad->ad_playback->st_data)) st = ad->ad_playback; - else if (addr == DMA_KERNADDR(&ad->ad_capture->st_data)) + else if (ad->ad_capture != NULL && addr == DMA_KERNADDR(&ad->ad_capture->st_data)) st = ad->ad_capture; else return;
CVS commit: src/sys/dev/hdaudio
Module Name:src Committed By: kardel Date: Thu Jan 5 09:57:39 UTC 2023 Modified Files: src/sys/dev/hdaudio: hdafg.c Log Message: ignore NULL for hdaudio_audiodev in hdafg_freem also guard against NULL in ad_{capture,playback} observed during shutdown on Lenovo W510 To generate a diff of this commit: cvs rdiff -u -r1.28 -r1.29 src/sys/dev/hdaudio/hdafg.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
re: CVS commit: src/sys/net
"Jonathan A. Kollasch" writes: > Module Name: src > Committed By: jakllsch > Date: Thu Jan 5 02:38:51 UTC 2023 > > Modified Files: > src/sys/net: if_wg.c > > Log Message: > Check for authorization for SIOCSDRVSPEC and SIOCGDRVSPEC ioctls for wg(4). > > Addresses PR 57161. might be nice to push this down for SIOCGDRVSPEC. it sure seems right for *set* operation, but perhaps for *get*, it can just elide the sensitive portion in the output ioctl (either make it empty or make it not present at all?) it doesn't seem too hard, just moving the check into wg_ioctl_get() for the problematic parts... the idea being to match "ifconfig" on eg, wifi, only showing the configured passwrds to root. thanks. .mrg.