FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=releng%2F11.3 2020-07-08T20:20:59Z 2020-07-08T20:20:59Z Gordon Tetlow gordon@FreeBSD.org 2020-07-08T20:20:59Z urn:sha1:4c9ce523b4c72a52b2d099a00da0cb4931e7260a Approved by: so Security: FreeBSD-SA-20:19.unbound Security: CVE-2020-12662 Security: CVE-2020-12663 2020-03-19T16:52:41Z Gordon Tetlow gordon@FreeBSD.org 2020-03-19T16:52:41Z urn:sha1:dce57d8ed485c51ab08a0c8f1271a3165afa701d Approved by: so Security: FreeBSD-SA-20:09.ntp 2019-08-06T17:13:17Z Gordon Tetlow gordon@FreeBSD.org 2019-08-06T17:13:17Z urn:sha1:744d41c234bbb7432dfdf07563145590660168c3 Approved by: so Security: FreeBSD-SA-19:21.bhyve Security: CVE-2019-5609 2019-07-24T12:56:06Z Gordon Tetlow gordon@FreeBSD.org 2019-07-24T12:56:06Z urn:sha1:5b7c0b55b21e838969ad873d21425ae80e904718 Approved by: so Security: FreeBSD-SA-19:16.bhyve Security: CVE-2019-5604 2019-06-27T14:26:57Z Alexander Motin mav@FreeBSD.org 2019-06-27T14:26:57Z urn:sha1:51b3ef0ef81ef954e06204a7d70e2265df531e7a For strings without quotes and escapes dstptr and srcptr are equal, so zeroing *dstptr before checking *srcptr is not a good idea. In practice it means that in -maproot=65534:65533 everything after the colon is lost. The problem was there since r293305, but before r346976 it was covered by improper strsep_quote() usage. PR: 238725 Approved by: re (gjb) 2019-05-29T23:11:07Z John Baldwin jhb@FreeBSD.org 2019-05-29T23:11:07Z urn:sha1:3a6b7494d06cc52d78627c6d1abca25c9935b938 Increase the VirtIO segment count to support modern Windows guests. The Windows virtio driver ignores the advertized seg_max field and assumes the host can accept up to 67 segments in indirect descriptors, triggering an assert in the bhyve process. This brings back r282922 but with a couple of changes: - It raises the block interface segment limit to 128 instead of 67. - Linux's virtio driver assumes that the segment limit is no larger than the ring size. To avoid breaking Linux guests, raise the VirtIO ring size to 128, and cap the VirtIO segment limit at ring size - 2 (effectively 126). Approved by: re (gjb) 2019-05-29T20:45:31Z John Baldwin jhb@FreeBSD.org 2019-05-29T20:45:31Z urn:sha1:5e0b4fa97dcc952dcddff041a27277a064381222 THRE is always asserted in LSR reads, so REG_IER writes that raise IER_ETXRDY must also set thre_int_pending. Approved by: re (gjb) 2019-05-25T10:17:03Z Rodney W. Grimes rgrimes@FreeBSD.org 2019-05-25T10:17:03Z urn:sha1:7761e9b72a9d02e3bc961b035048b6758c8ccadc When the CPU Topology was added to bhyve in r332298 the SMBIOS table was missed, this table passes topology information to the system and was still using the old concept of each vCPU is a socket with 1 core and 1 thread. This code did not even try to use the old sysctl information to adjust this data. Correct that by building a proper SMBios table, mapping the > 254 cases to 0 per the SMBios 2.6 specification that is claimed by the structure. Approved by: re (kib) 2019-05-23T21:23:18Z Rodney W. Grimes rgrimes@FreeBSD.org 2019-05-23T21:23:18Z urn:sha1:28f66cc2724627c71d57092325afb3e15383c524 Approved by: re (gjb), bde/phk (mentor, implicit) 2019-05-23T18:58:06Z Rodney W. Grimes rgrimes@FreeBSD.org 2019-05-23T18:58:06Z urn:sha1:971753c51fd2029277010b01333d91adc392a062 Under certain tight race conditions, we found that the lack of a memory barrier in bhyve's virtio handling causes it to miss a NO_NOTIFY state transition on block devices, resulting in guest stall. The investigation is recorded in OS-7613. As part of the examination into bhyve's use of barriers, one other section was found to be problematic, but only on non-x86 ISAs with less strict memory ordering. That was addressed in this patch as well, although it was not at all a problem on x86. PR: 231117 Submitted by: Patrick Mooney <patrick.mooney@joyent.com> Reviewed by: jhb, kib, rgrimes Approved by: re (gjb), jhb Differential Revision: https://reviews.freebsd.org/D19501