It's a stupid warning, but some ports enable it by default and were
already defining _FORTIFY_SOURCE, thus exposing the new macros
immediately. This at least fixes the libfido2 build, perhaps others as
well.
While we're here, fix a fresh build of stand w/ FORTIFY_SOURCE enabled
by not pulling in the ssp headers if _STANDALONE is defined. We do not
have runtime support in libsa as of the time of writing.
Reported by: netchild
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
The WPA1/WPA2 driver capabilities aren't really enough in today's world.
There are a /lot/ more key management suites to support!
So, add initial support for net80211 and drivers to announce what
key management suites are supported. These are the list from 802.11-2016
section 9.4.2.25.3 (AKM suites.)
The flags are for software supported key management.
Drivers may support more key management suites and are welcome to
announce more; net80211 will only announce ones that we know
net80211 knows "enough" about to support correctly.
There /are/ other suites that may be interesting to some people in
the future that are not part of this set - eg if anyone ever
wants to support the Chinese WAPI standard - so this bitmap is not
specifically just the AKM suites in the RSN OUI.
This should eventually be communicated up to the wpa_supplicant and
hostapd via a replacement driver/vap capabilities call so they know
what to enable rather than just IEEE80211_C_WPA1 / IEEE80211_C_WPA2.
Differential Revision: https://reviews.freebsd.org/D44919
Reviewed by: bz
This allows a single wlan crypto module to register for more than
one cipher. Without it, duplicate linkerset structs are initialised
for the actual module loading machinery itself.
I've tested this in my private tree with wlan_ccmp providing both
128 and 256 bit cipher support.
Differential Revision: https://reviews.freebsd.org/D44901
Reviewed by: bz, cc, cy
Approved by: bz, cc, cy
This is effectively a no-op as we currently don't advertise these
ciphers as available anywhere.
Note though the intent to support 128 and 256 bit ciphers in the same
crypto module.
Differential Revision: https://reviews.freebsd.org/D44900
Reviewed by: cc, cy
Approved by: cc, cy
These are the bitmap / cipher module number fields used for net80211
ciphers.
This requires a kernel recompile, but nothing (currently) in userland
is using these.
Differential Revision: https://reviews.freebsd.org/D44899
Reviewed by: bz, cc
In the last 2nd edition import, I mistakenly grabbed from the 'main'
branch of upstream rather than the bsd-feature branch. This means that
we have a regression in awk from that point forward: all the
BSD-specific bit functions (and a few others) were dropped. This
restores it at the same level.
MFC After: 1 day
Sponsored by: Netflix
The prior import(s) of 2nd edition awk imported the 'main' branch of
OTA, not the bsd-feature branch, resulting in a regression for the
bsd-specific features. This re-imports those from the correct branch.
The loop counter is also the card's index, so ncards is redundant.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Reviewed by: dev_submerge.ch
Differential Revision: https://reviews.freebsd.org/D45144
The pmap_bti_same test in pmap_enter_l3c only happens in the
!ADDR_IS_KERNEL case; in the other case, a KASSERT fails. So move the
test into that case to save a bit of time when ADDR_IS_KERNEL.
Reviewed by: andrew
Differential Revision: https://reviews.freebsd.org/D45160
Intersting/relevant changes since bmake-20240430
ChangeLog since bmake-20240430
2024-05-07 Simon J Gerraty <sjg@beast.crufty.net>
* VERSION (_MAKE_VERSION): 20240508
Merge with NetBSD make, pick up
o make: ensure variables set on command line get added to
.MAKEOVERRIDES (even if they start with '.') so they are passed to
sub-makes.
mk/ChangeLog since bmake-20240430
2024-05-04 Simon J Gerraty <sjg@beast.crufty.net>
* install-mk (MK_VERSION): 20240504
* dirdeps.mk: allow BUILD_DIRDEPS_OVERRIDES to pass overrides to
sub-make building DIRDEPS_CACHE.
These were previously installed by the GCC implementation of libssp, but
now they're installed once again with our implementation of
FORTIFY_SOURCE.
Reported by: jkim
Fixes: be04fec426 ("Import _FORTIFY_SOURCE implementation [...]")
Most of these were fixed when rebasing the patch forward, but this one
seems to have been missed.
Reported by: marck
Fixes: be04fec426 ("Import _FORTIFY_SOURCE implementation [...]")
It's easy to overlook the chain of events that lead to tr->deadline
being updated. Add a comment here to explain what otherwise looks like
an oversight w/o careful study.
Sponsored by: Netflix
We don't need to dereference qpair to get the ctrlr pointer each time,
so use the cached value. It's not going to change. No change intended.
Sponsored by: Netflix
nvme_qpair_complete_tracker and nvme_qpair_manual_complete_tracker have
to be called without the qpair lock, so assert its unowned.
Sponsored by: Netflix
Which allows tmpfs_pager_writecount_recalc() to reliably detect
reclaimed vnode and make its accesses to object->un_pager.swp.private
(== vp) safe against reclaim. Note that vnode instantiation already
assigns v_object under the object lock.
Reviewed by: markj
Reported and tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D45119
There is no reason not do do this, we already allow fork(2),
and I need vfork(2) for CHERI process colocation.
Reviewed by: brooks, emaste, oshogbo
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D39829
User misconfiguration may lead to routing loops where we try to send the tunnel
packet into the tunnel. This eventually leads to stack overflows and panics.
Avoid this using if_tunnel_check_nesting(), which will drop the packet if we're
looping or we hit three layers of nested tunnels.
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
access(), eaccess() and faccessat() will always dereference
symbolic links.
So add a note in the manual page, that lstat(2) should be
used in the case of symbolic links.
PR: 262895
Reviewed by: gbe, pauamma_gundo.com
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D44890
In the future, we will Default to _FORTIFY_SOURCE=2 if SSP is enabled,
otherwise default to _FORTIFY_SOURCE=0. For now we default it to 0
unconditionally to ease bisect across older versions without the new
symbols, and we'll put out a call for testing.
include/*.h include their ssp/*.h equivalents as needed based on the
knob. Programs and users are allowed to override FORTIFY_SOURCE in their
Makefiles or src.conf/make.conf to force it off.
Reviewed by: des, markj
Relnotes: yes
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D32308
Notably:
- libc needs to #undef some of the macros from ssp/* for underlying
implementations
- ssp/* wants a __RENAME() macro (snatched more or less from NetBSD)
There's some extra hinkiness included for read(), since libc spells it
as "_read" while the rest of the world spells it "read."
Reviewed by: imp, ngie
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D32307
This is a mostly-unmodified copy of the various *_chk implementations
and headers from NetBSD, without yet modifying system headers to start
actually including them. A future commit will also apply the needed
bits to fix ssp/unistd.h.
Reviewed by: imp, pauamma_gundo.com (both previous versions), kib
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D32306
When the page size is 16K, use ATTR_CONTIGUOUS to map the kernel code
and data sections using 2M pages. Previously, they were mapped using
16K pages.
Reviewed by: markj
Tested by: markj
Differential Revision: https://reviews.freebsd.org/D45162
ALL_DISTRIBUTIONS and VERIFY_MANIFEST_SIG
They are neither used in the script nor exported.
Not referenced anywhere in bsdinstall/*
Approved by: imp@
Differential Revision: https://reviews.freebsd.org/D42369
There's a race in these that I missed in my review that needs
to be resolved.
This reverts commit ee2e36686e.
This reverts commit 02f481a30b.
This reverts commit 099a81a417.
The cast to (long) is wrong on all the other 32-bit platforms. (long
long) is the correct type on all platforms. Also, use a z modifier for
size_t which also fails on 32-bit platforms.
Fixes: 02f481a30b
Sponsored by: Netflix
per allocated vm_object. Otherwise, since constructors are not
idempotent, we e.g. leak device reference in case of non-managed pager.
PR: 278826
Reported by: Austin Zhang <austin.zhang@dell.com>
Reviewed by: alc, markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D45113
