FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=releng%2F13.4 2025-04-10T14:39:15Z 2025-04-10T14:39:15Z Philip Paeps philip@FreeBSD.org 2025-04-09T04:05:26Z urn:sha1:3bc5467e7f6c9b29db95b35298e687435412a0ce Approved by: so 2025-02-21T02:45:14Z Gordon Tetlow gordon@FreeBSD.org 2025-02-21T02:43:38Z urn:sha1:27f132c05c39138b375591d2bf9f73f680997de3 Approved by: so 2025-01-29T17:08:56Z Mark Johnston markj@FreeBSD.org 2025-01-29T17:08:56Z urn:sha1:aef6b5321eead428ac7cc25142d14a1d4b875df0 Approved by: so 2025-01-29T17:02:12Z Rick Macklem rmacklem@FreeBSD.org 2024-12-06T02:05:06Z urn:sha1:0365b776f1b189855c67bdfa2be38955039f8ed6 File system specific *fid structures are copied into the generic struct fid defined in sys/mount.h. As such, they cannot be larger than struct fid. This patch packed the structure and checks via a __Static_assert(). Approved by: so Security: FreeBSD-SA-25:02.fs Reviewed by: markj MFC after: 2 weeks (cherry picked from commit bfc8e3308bee23d0f7836d57f32ed8d47da02627) (cherry picked from commit ee931cf4a49c90487c938fa14b856401582a045c) 2025-01-29T17:01:33Z Mark Johnston markj@FreeBSD.org 2024-12-06T02:03:59Z urn:sha1:bb48aba6244c10236590b49e43fe90daab6a55fa File system specific *fid structures are copied into the generic struct fid defined in sys/mount.h. As such, they cannot be larger than struct fid. This patch packs the structure and checks via a __Static_assert(). Approved by: so Security: FreeBSD-SA-25:02.fs Reported by: Kevin Miller <mas@0x194.net> Reviewed by: olce, imp, kib, emaste MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D47879 (cherry picked from commit 205659c43d87bd42c4a0819fde8f81e8ebba068e) (cherry picked from commit cd597b4bb194f7a0bd756b5299b40ad3607b1baf) 2025-01-29T16:50:08Z Mark Johnston markj@FreeBSD.org 2025-01-14T14:19:24Z urn:sha1:f7b9cd733c39c86be258b60ba644df8ff7f6a1f5 syscallenter() has a slow path to handle syscall auditing and dtrace syscall tracing. It uses AUDIT_SYSCALL_ENTER() to check whether to take the slow path, but this macro also has side effects: it writes the audit log entry. When systrace (dtrace syscall tracing) is enabled, this would get short-circuited, and we end up not writing audit log entries. Introduce a pure macro to check whether auditing is enabled, use it in syscallenter() instead of AUDIT_SYSCALL_ENTER(). Approved by: so Security: FreeBSD-EN-25:02.audit Reviewed by: kib Reported by: Joe Duin <jd@firexfly.com> Fixes: 2f7292437d0c ("Merge audit and systrace checks") MFC after: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48448 (cherry picked from commit f78fe930854cac6eed55859b45e0a7b5d87189d6) (cherry picked from commit 1bf531bcd791794a39511359fbab612944a9e7b2) 2024-10-29T19:06:08Z Ed Maste emaste@FreeBSD.org 2024-10-29T19:06:08Z urn:sha1:3f40d5821ecad3fefb79700d01ce387adc29663e SA-24:17.bhyve SA-24:18.ctl SA-24:19.fetch Approved by: so 2024-10-29T18:49:18Z Pierre Pronchery pierre@freebsdfoundation.org 2024-07-19T17:32:27Z urn:sha1:e389eb99fb630627155879acab03373889848857 The virtio_scsi device allows a VM guest to directly send SCSI commands (ctsio->cdb array) to the kernel driver exposed on /dev/cam/ctl (ctl.ko). All kernel commands accessible from the guest are defined by ctl_cmd_table. The command ctl_persistent_reserve_out (cdb[0]=0x5F and cbd[1]=0) allows the caller to call malloc() with an arbitrary size (uint32_t). This can be used by the guest to overload the kernel memory (DOS attack). Reported by: Synacktiv Reviewed by: asomers Security: HYP-08 Security: FreeBSD-SA-24:18.ctl Approved by: so Sponsored by: The Alpha-Omega Project Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46044 (cherry picked from commit 64b0f52be2c9d7bcecebfeef393f8ec56cb85f47) (cherry picked from commit 2e7f4728fa738a7a7b6c4e4c46eb68952386efce) (cherry picked from commit 367d8c86a182813d88f728fdb2c3ef1a4679a852) 2024-10-29T18:46:43Z Pierre Pronchery pierre@freebsdfoundation.org 2024-08-27T13:57:32Z urn:sha1:1c48a9b47821de7c4d0dbe28de112b525470e209 Avoid a race condition when accessing guest memory, by reading memory contents only once. This has also been applied to _vq_record() in sys/dev/beri/virtio/virtio.c, as per markj@'s suggestion. Reported by: Synacktiv Reviewed by: markj Security: HYP-10 Security: FreeBSD-SA-24:17.bhyve Approved by: so Sponsored by: The Alpha-Omega Project Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D45735 (cherry picked from commit 869d760cb9d7a307faa2fbe8c1c2b238a81b74d4) (cherry picked from commit ed03c309908687bdb9f71dc6d9c9c8a92c54fc20) (cherry picked from commit 6eb7879f426129aa38f4e8b0d57ab7456e4eb351) 2024-09-19T13:34:16Z Gordon Tetlow gordon@FreeBSD.org 2024-09-19T13:18:55Z urn:sha1:bc3877972ebd569804a7843535fcf18b676ea1ec Approved by: so Approved by: re (cperciva)