Re: svn commit: r349974 - head/libexec/rc/rc.d
> On Jul 13, 2019, at 09:07, Ian Lepore wrote: > > Author: ian > Date: Sat Jul 13 16:07:38 2019 > New Revision: 349974 > URL: https://svnweb.freebsd.org/changeset/base/349974 > > Log: > Limit access to system accounting files. > > In 2013 the security chapter of the Handbook was updated in r42501 to > suggest limiting access to the system accounting file [*1] by creating the > initial file with a mode of 0600. This was in part based on a discussion in > the forums [*2]. Unfortunately, this advice is overridden by the fact that a > new file is created as part of periodic daily processing, and the file mode > is set by the rc.d/accounting script. > > These changes update the accounting script to create the directory with mode > 0750 if it doesn't already exist, and to create the daily file with mode > 0640. This limits write access to root only, read access to root and members > of wheel, and eliminates world access completely. For admins who want to > prevent even members of wheel from accessing the files, the mode of the > /var/account directory can be manually changed to 0700, because the script > never creates or changes that directory if it already exists. > > The accounting_rotate_log() function now also handles the error cases of no > existing log file to rotate, and attempting to rotate the file multiple > times (.0 file already exists). > > Another small change here eliminates the complexity of the mktemp/chmod/mv > sequence for creating a new acct file by using install(1) with the flags > needed to directly create the file with the desired ownership and > modes. That allows coalescing two separate if checkyesno accounting_enable > blocks into one. > > These changes were inspired by my investigation of PR 202203. > > [1] https://www.freebsd.org/doc/handbook/security-accounting.html > [2] http://forums.freebsd.org/showthread.php?t=41059 > > PR: 202203 > Differential Revision: https://reviews.freebsd.org/D20876 Does this deserve a “Relnotes: yes”…? Thanks! -Enji ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r349989 - head/sys/kern
Author: tuexen Date: Sun Jul 14 21:44:18 2019 New Revision: 349989 URL: https://svnweb.freebsd.org/changeset/base/349989 Log: Improve the input validation for l_linger. When using the SOL_SOCKET level socket option SO_LINGER, the structure struct linger is used as the option value. The component l_linger is of type int, but internally copied to the field so_linger of the structure struct socket. The type of so_linger is short, but it is assumed to be non-negative and the value is used to compute ticks to be stored in a variable of type int. Therefore, perform input validation on l_linger similar to the one performed by NetBSD and OpenBSD. Thanks to syzkaller for making me aware of this issue. Thanks to markj@ for pointing out that a similar check should be added to so_linger_set(). Reviewed by: markj@ MFC after:2 weeks Differential Revision:https://reviews.freebsd.org/D20948 Modified: head/sys/kern/uipc_socket.c Modified: head/sys/kern/uipc_socket.c == --- head/sys/kern/uipc_socket.c Sun Jul 14 21:08:54 2019(r349988) +++ head/sys/kern/uipc_socket.c Sun Jul 14 21:44:18 2019(r349989) @@ -2776,7 +2776,12 @@ sosetopt(struct socket *so, struct sockopt *sopt) error = sooptcopyin(sopt, , sizeof l, sizeof l); if (error) goto bad; - + if (l.l_linger < 0 || + l.l_linger > USHRT_MAX || + l.l_linger > (INT_MAX / hz)) { + error = EDOM; + goto bad; + } SOCK_LOCK(so); so->so_linger = l.l_linger; if (l.l_onoff) @@ -4105,6 +4110,9 @@ so_linger_get(const struct socket *so) void so_linger_set(struct socket *so, int val) { + + KASSERT(val >= 0 && val <= USHRT_MAX && val <= (INT_MAX / hz), + ("%s: val %d out of range", __func__, val)); so->so_linger = val; } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r349988 - head/sys/x86/iommu
On Sun, Jul 14, 2019 at 09:08:54PM +, Konstantin Belousov wrote: > Author: kib > Date: Sun Jul 14 21:08:54 2019 > New Revision: 349988 > URL: https://svnweb.freebsd.org/changeset/base/349988 In dmar_find(), refuse to search for DMAR unit for non-PCI device. Eventually this should be reworked, because ACPI DMAR table can specify ANND entries for scoping ACPI namespace enumerated devices. But code to match DMAR unit against such device is missed currently anyway. Sorry. > > Log: > PR: 239143 > Reported and tested by: Wes Maag > Sponsored by: The FreeBSD Foundation > MFC after: 1 week > > Modified: > head/sys/x86/iommu/intel_drv.c > > Modified: head/sys/x86/iommu/intel_drv.c > == > --- head/sys/x86/iommu/intel_drv.cSun Jul 14 16:05:47 2019 > (r349987) > +++ head/sys/x86/iommu/intel_drv.cSun Jul 14 21:08:54 2019 > (r349988) > @@ -770,6 +770,13 @@ dmar_find(device_t dev, bool verbose) > const char *banner; > int i, dev_domain, dev_busno, dev_path_len; > > + /* > + * This function can only handle PCI(e) devices. > + */ > + if (device_get_devclass(device_get_parent(dev)) != > + devclass_find("pci")) > + return (NULL); > + > dmar_dev = NULL; > dev_domain = pci_get_domain(dev); > dev_path_len = dmar_dev_depth(dev); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r349988 - head/sys/x86/iommu
Author: kib Date: Sun Jul 14 21:08:54 2019 New Revision: 349988 URL: https://svnweb.freebsd.org/changeset/base/349988 Log: PR: 239143 Reported and tested by: Wes Maag Sponsored by: The FreeBSD Foundation MFC after:1 week Modified: head/sys/x86/iommu/intel_drv.c Modified: head/sys/x86/iommu/intel_drv.c == --- head/sys/x86/iommu/intel_drv.c Sun Jul 14 16:05:47 2019 (r349987) +++ head/sys/x86/iommu/intel_drv.c Sun Jul 14 21:08:54 2019 (r349988) @@ -770,6 +770,13 @@ dmar_find(device_t dev, bool verbose) const char *banner; int i, dev_domain, dev_busno, dev_path_len; + /* +* This function can only handle PCI(e) devices. +*/ + if (device_get_devclass(device_get_parent(dev)) != + devclass_find("pci")) + return (NULL); + dmar_dev = NULL; dev_domain = pci_get_domain(dev); dev_path_len = dmar_dev_depth(dev); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r349391 - head/sys/kern
Hi Alan, This change restores the possible overflow beyond IO_SEQMAX that the removed conditional prevented. On Tue, Jun 25, 2019 at 12:44 PM Alan Somers wrote: > > Author: asomers > Date: Tue Jun 25 19:44:22 2019 > New Revision: 349391 > URL: https://svnweb.freebsd.org/changeset/base/349391 > > --- head/sys/kern/vfs_vnops.c Tue Jun 25 19:36:01 2019(r349390) > +++ head/sys/kern/vfs_vnops.c Tue Jun 25 19:44:22 2019(r349391) > @@ -499,10 +499,8 @@ sequential_heuristic(struct uio *uio, struct file *fp) > * closely related to the best I/O size for real disks than > * to any block size used by software. > */ > - fp->f_seqcount += MIN(IO_SEQMAX, > + fp->f_seqcount += lmin(IO_SEQMAX, > howmany(uio->uio_resid, 16384)); > - if (fp->f_seqcount > IO_SEQMAX) > - fp->f_seqcount = IO_SEQMAX; > return (fp->f_seqcount << IO_SEQSHIFT); > } Perhaps instead this should be: fp->f_seqcount = lmin(IO_SEQMAX, fp->f_seqcount + howmany(...)); Best, Conrad ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r349987 - in head/sys/netinet: . tcp_stacks
Author: rrs Date: Sun Jul 14 16:05:47 2019 New Revision: 349987 URL: https://svnweb.freebsd.org/changeset/base/349987 Log: This is the second in a number of patches needed to get BBRv1 into the tree. This fixes the DSACK bug but is also needed by BBR. We have yet to go two more one will be for the pacing code (tcp_ratelimit.c) and the second will be for the new updated LRO code that allows a transport to know the arrival times of packets and (tcp_lro.c). After that we should finally be able to get BBRv1 into head. Sponsored by: Netflix Inc Differential Revision:https://reviews.freebsd.org/D20908 Modified: head/sys/netinet/tcp_output.c head/sys/netinet/tcp_sack.c head/sys/netinet/tcp_stacks/rack.c head/sys/netinet/tcp_var.h Modified: head/sys/netinet/tcp_output.c == --- head/sys/netinet/tcp_output.c Sun Jul 14 12:04:39 2019 (r349986) +++ head/sys/netinet/tcp_output.c Sun Jul 14 16:05:47 2019 (r349987) @@ -1508,7 +1508,13 @@ timer: if (SEQ_GT(tp->snd_nxt + xlen, tp->snd_max)) tp->snd_max = tp->snd_nxt + xlen; } - + if ((error == 0) && + (TCPS_HAVEESTABLISHED(tp->t_state) && +(tp->t_flags & TF_SACK_PERMIT) && +tp->rcv_numsacks > 0)) { + /* Clean up any DSACK's sent */ + tcp_clean_dsack_blocks(tp); + } if (error) { /* Record the error. */ TCP_LOG_EVENT(tp, NULL, >so_rcv, >so_snd, TCP_LOG_OUT, Modified: head/sys/netinet/tcp_sack.c == --- head/sys/netinet/tcp_sack.c Sun Jul 14 12:04:39 2019(r349986) +++ head/sys/netinet/tcp_sack.c Sun Jul 14 16:05:47 2019(r349987) @@ -279,6 +279,45 @@ tcp_update_sack_list(struct tcpcb *tp, tcp_seq rcv_sta tp->rcv_numsacks = num_head + num_saved; } +void +tcp_clean_dsack_blocks(struct tcpcb *tp) +{ + struct sackblk saved_blks[MAX_SACK_BLKS]; + int num_saved, i; + + INP_WLOCK_ASSERT(tp->t_inpcb); + /* +* Clean up any DSACK blocks that +* are in our queue of sack blocks. +* +*/ + num_saved = 0; + for (i = 0; i < tp->rcv_numsacks; i++) { + tcp_seq start = tp->sackblks[i].start; + tcp_seq end = tp->sackblks[i].end; + if (SEQ_GEQ(start, end) || SEQ_LEQ(start, tp->rcv_nxt)) { + /* +* Discard this D-SACK block. +*/ + continue; + } + /* +* Save this SACK block. +*/ + saved_blks[num_saved].start = start; + saved_blks[num_saved].end = end; + num_saved++; + } + if (num_saved > 0) { + /* +* Copy the saved SACK blocks back. +*/ + bcopy(saved_blks, >sackblks[0], + sizeof(struct sackblk) * num_saved); + } + tp->rcv_numsacks = num_saved; +} + /* * Delete all receiver-side SACK information. */ Modified: head/sys/netinet/tcp_stacks/rack.c == --- head/sys/netinet/tcp_stacks/rack.c Sun Jul 14 12:04:39 2019 (r349986) +++ head/sys/netinet/tcp_stacks/rack.c Sun Jul 14 16:05:47 2019 (r349987) @@ -5087,9 +5087,8 @@ rack_do_fastnewdata(struct mbuf *m, struct tcphdr *th, /* Clean receiver SACK report if present */ -/* if (tp->rcv_numsacks) + if (tp->rcv_numsacks) tcp_clean_sackreport(tp); -*/ TCPSTAT_INC(tcps_preddat); tp->rcv_nxt += tlen; /* @@ -8537,10 +8536,10 @@ out: * retransmit. In persist state, just set snd_max. */ if (error == 0) { -/* if (TCPS_HAVEESTABLISHED(tp->t_state) && + if (TCPS_HAVEESTABLISHED(tp->t_state) && (tp->t_flags & TF_SACK_PERMIT) && tp->rcv_numsacks > 0) - tcp_clean_dsack_blocks(tp);*/ + tcp_clean_dsack_blocks(tp); if (len == 0) counter_u64_add(rack_out_size[TCP_MSS_ACCT_SNDACK], 1); else if (len == 1) { Modified: head/sys/netinet/tcp_var.h == --- head/sys/netinet/tcp_var.h Sun Jul 14 12:04:39 2019(r349986) +++ head/sys/netinet/tcp_var.h Sun Jul 14 16:05:47 2019(r349987) @@ -939,6 +939,7 @@ tcp_seq tcp_new_isn(struct in_conninfo *); int tcp_sack_doack(struct tcpcb *, struct tcpopt *, tcp_seq); voidtcp_update_sack_list(struct tcpcb *tp, tcp_seq rcv_laststart, tcp_seq rcv_lastend); +void
svn commit: r349986 - in head/sys: netinet netinet6
Author: tuexen Date: Sun Jul 14 12:04:39 2019 New Revision: 349986 URL: https://svnweb.freebsd.org/changeset/base/349986 Log: When calling sctp_initialize_auth_params(), the inp must have at least a read lock. To avoid more complex locking dances, just call it in sctp_aloc_assoc() when the write lock is still held. Reported by: syzbot+08a486f7e6966f1c3...@syzkaller.appspotmail.com MFC after:1 week Modified: head/sys/netinet/sctp_input.c head/sys/netinet/sctp_output.c head/sys/netinet/sctp_pcb.c head/sys/netinet/sctp_pcb.h head/sys/netinet/sctp_usrreq.c head/sys/netinet6/sctp6_usrreq.c Modified: head/sys/netinet/sctp_input.c == --- head/sys/netinet/sctp_input.c Sun Jul 14 05:41:43 2019 (r349985) +++ head/sys/netinet/sctp_input.c Sun Jul 14 12:04:39 2019 (r349986) @@ -2155,8 +2155,8 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, in ntohl(initack_cp->init.initiate_tag), vrf_id, ntohs(initack_cp->init.num_outbound_streams), port, - (struct thread *)NULL - ); + (struct thread *)NULL, + SCTP_DONT_INITIALIZE_AUTH_PARAMS); if (stcb == NULL) { struct mbuf *op_err; Modified: head/sys/netinet/sctp_output.c == --- head/sys/netinet/sctp_output.c Sun Jul 14 05:41:43 2019 (r349985) +++ head/sys/netinet/sctp_output.c Sun Jul 14 12:04:39 2019 (r349986) @@ -12769,7 +12769,8 @@ sctp_lower_sosend(struct socket *so, stcb = sctp_aloc_assoc(inp, addr, , 0, vrf_id, inp->sctp_ep.pre_open_stream_count, inp->sctp_ep.port, - p); + p, + SCTP_INITIALIZE_AUTH_PARAMS); if (stcb == NULL) { /* Error is setup for us in the call */ goto out_unlocked; @@ -12797,9 +12798,6 @@ sctp_lower_sosend(struct socket *so, asoc = >asoc; SCTP_SET_STATE(stcb, SCTP_STATE_COOKIE_WAIT); (void)SCTP_GETTIME_TIMEVAL(>time_entered); - - /* initialize authentication params for the assoc */ - sctp_initialize_auth_params(inp, stcb); if (control) { if (sctp_process_cmsgs_for_init(stcb, control, )) { Modified: head/sys/netinet/sctp_pcb.c == --- head/sys/netinet/sctp_pcb.c Sun Jul 14 05:41:43 2019(r349985) +++ head/sys/netinet/sctp_pcb.c Sun Jul 14 12:04:39 2019(r349986) @@ -4190,8 +4190,8 @@ struct sctp_tcb * sctp_aloc_assoc(struct sctp_inpcb *inp, struct sockaddr *firstaddr, int *error, uint32_t override_tag, uint32_t vrf_id, uint16_t o_streams, uint16_t port, -struct thread *p -) +struct thread *p, +int initialize_auth_params) { /* note the p argument is only valid in unbound sockets */ @@ -4420,6 +4420,9 @@ sctp_aloc_assoc(struct sctp_inpcb *inp, struct sockadd head = >sctp_tcbhash[SCTP_PCBHASH_ALLADDR(stcb->rport, inp->sctp_hashmark)]; LIST_INSERT_HEAD(head, stcb, sctp_tcbhash); + } + if (initialize_auth_params == SCTP_INITIALIZE_AUTH_PARAMS) { + sctp_initialize_auth_params(inp, stcb); } SCTP_INP_WUNLOCK(inp); SCTPDBG(SCTP_DEBUG_PCB1, "Association %p now allocated\n", (void *)stcb); Modified: head/sys/netinet/sctp_pcb.h == --- head/sys/netinet/sctp_pcb.h Sun Jul 14 05:41:43 2019(r349985) +++ head/sys/netinet/sctp_pcb.h Sun Jul 14 12:04:39 2019(r349986) @@ -578,9 +578,13 @@ int sctp_is_address_on_local_host(struct sockaddr *add void sctp_inpcb_free(struct sctp_inpcb *, int, int); +#define SCTP_DONT_INITIALIZE_AUTH_PARAMS 0 +#define SCTP_INITIALIZE_AUTH_PARAMS1 + struct sctp_tcb * sctp_aloc_assoc(struct sctp_inpcb *, struct sockaddr *, -int *, uint32_t, uint32_t, uint16_t, uint16_t, struct thread *); +int *, uint32_t, uint32_t, uint16_t, uint16_t, struct thread *, +int); int sctp_free_assoc(struct sctp_inpcb *, struct sctp_tcb *, int, int); Modified: head/sys/netinet/sctp_usrreq.c == --- head/sys/netinet/sctp_usrreq.c Sun Jul 14 05:41:43 2019 (r349985) +++ head/sys/netinet/sctp_usrreq.c Sun Jul 14 12:04:39 2019 (r349986) @@ -1443,8 +1443,8 @@ sctp_do_connect_x(struct socket *so, struct sctp_inpcb stcb = sctp_aloc_assoc(inp,