svn commit: r50475 - in head/share: security/advisories security/patches/EN-17:06 security/patches/SA-17:05 xml
Xin LI
delphij at FreeBSD.org
Wed Jul 12 08:31:18 UTC 2017
Author: delphij
Date: Wed Jul 12 08:31:16 2017
New Revision: 50475
URL: https://svnweb.freebsd.org/changeset/doc/50475
Log:
Add SA-17:05 and EN-17:06.
Added:
head/share/security/advisories/FreeBSD-EN-17:06.hyperv.asc (contents, props changed)
head/share/security/advisories/FreeBSD-SA-17:05.heimdal.asc (contents, props changed)
head/share/security/patches/EN-17:06/
head/share/security/patches/EN-17:06/hyperv.patch (contents, props changed)
head/share/security/patches/EN-17:06/hyperv.patch.asc (contents, props changed)
head/share/security/patches/SA-17:05/
head/share/security/patches/SA-17:05/heimdal.patch (contents, props changed)
head/share/security/patches/SA-17:05/heimdal.patch.asc (contents, props changed)
Modified:
head/share/xml/advisories.xml
head/share/xml/notices.xml
Added: head/share/security/advisories/FreeBSD-EN-17:06.hyperv.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-17:06.hyperv.asc Wed Jul 12 08:31:16 2017 (r50475)
@@ -0,0 +1,133 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-17:06.hyperv Errata Notice
+ The FreeBSD Project
+
+Topic: Boot compatibility improvements with Azure VMs
+
+Category: core
+Module: hyperv/storvsc
+Announced: 2017-07-12
+Credits: Microsoft OSTC
+Affects: FreeBSD 10.3
+Corrected: 2016-10-19 08:45:19 UTC (stable/10, 10.3-STABLE)
+ 2017-07-12 08:07:55 UTC (releng/10.3, 10.3-RELEASE-p20)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+Hyper-V is a default hypervisor provided on Windows server by Microsoft.
+ATA driver is the legacy storage driver for FreeBSD on Hyperv, now they
+are replaced by synthetic driver which has better performance.
+
+There are issues when attaching multiple synthetic storage driver for
+FreeBSD 10.3 on some of Hyper-V hosts.
+
+CD/DVD cannot be detected in some circumstances which cause provisioning
+fail on Azure.
+
+II. Problem Description
+
+The disk INQUIRY response is not complete for FreeBSD 10.3 on some
+Hyper-V hosts, which will cause the disks will be detached during boot.
+
+An interrupt is missing if we allow intr_shuffle_irqs on Hyper-V.
+
+III. Impact
+
+FreeBSD 10.3 can not be boot properly on a guest system on Hyper-V host.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+A reboot is required.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+A reboot is required.
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-17:06/hyperv.patch
+# fetch https://security.FreeBSD.org/patches/EN-17:06/hyperv.patch.asc
+# gpg --verify hyperv.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/10/ r307623
+releng/10.3/ r320912
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212721>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-17:06.hyperv.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.21 (FreeBSD)
+
+iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlll2psACgkQ7Wfs1l3P
+audtKRAA2OiRehFvElfsMARX+nBZazgKUGXfFRmWO8v8MCpI9jQtB9T8HItDWVHh
+ZPbgM/AV3osUAmzdZOFwTpHbVbPQ8nO14n5inhC9u0J0wA0c5apfp54F2EXdgm6+
++ckf+2lkisBI1YVewH8aPRNSIhueRJPEX79g7Z/EqxHJhq1wfGaJ6zDT8royE1F8
+q8uyawClGL1vS7ofW4IPVYQOgebf+s7vSF845JWQcqXeqpPU6Qt1kGP+wkTSx7HE
+3tuRowym5EmzweP+U5DqE34Ryli7/jsDr0rgmVkVh5JEQfHznSadAAWsHj9bMimc
+4Y2TSYdOhrPKV6Id/el5XWTSetUVPHMmQh6TTIWg10Ygr6CK0folZWnR5t2ym4np
+HfzEdaUXJXZyj/5qy1mcFzR8JRifj9lmlRzBqZOOOwMakhSSYD7daouLK76SvH0K
+gf4AgG0X6FUETD8N+rM+1RpvSfbeA9zktcPmxE/WCTtc8lIcQc/9CZY7zNOoi+du
+LKU1MhWBQTk8zP5AHzAmHL+O+C6sF7uYVaUL6Ui3hqq2AjhnK+sxVX1QNT4kwgJ4
+h3sBliNUQ6kz1e2yTROj2v66OkFKYaSugLwyg15Qa6pfE7R448lCwZOe65rYYTyZ
+u4yd5mACaO9mkYmQulxIO/Eit19kGvapBXF4CEHBt+WvqG8Cbdk=
+=a6m2
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-17:05.heimdal.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-17:05.heimdal.asc Wed Jul 12 08:31:16 2017 (r50475)
@@ -0,0 +1,146 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-17:05.heimdal Security Advisory
+ The FreeBSD Project
+
+Topic: heimdal KDC-REP service name validation vulnerability
+
+Category: contrib
+Module: heimdal
+Announced: 2017-07-12
+Affects: All supported versions of FreeBSD.
+Corrected: 2017-07-12 07:26:07 UTC (stable/11, 11.1-PRERELEASE)
+ 2017-07-12 08:07:16 UTC (releng/11.1, 11.1-RC2-p1)
+ 2017-07-12 08:07:16 UTC (releng/11.1, 11.1-RC1-p1)
+ 2017-07-12 07:26:07 UTC (stable/11, 11.1-BETA3-p1)
+ 2017-07-12 08:07:36 UTC (releng/11.0, 11.0-RELEASE-p11)
+ 2017-07-12 07:26:07 UTC (stable/10, 10.3-STABLE)
+ 2017-07-12 08:07:36 UTC (releng/10.3, 10.3-RELEASE-p20)
+CVE Name: CVE-2017-11103
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+Heimdal implements the Kerberos 5 network authentication protocols.
+The Kerberos protocol uses "ticket" to authenticate a client to a
+service.
+
+A Key Distribution Center (KDC) is trusted by all principals registered
+in that administrative "realm" to store a secret key in confidence, of
+which, the proof of knowledge is used to verify the authenticity of a
+principal.
+
+
+II. Problem Description
+
+There is a programming error in Heimdal implementation that used an
+unauthenticated, plain-text version of the KDC-REP service name found
+in a ticket.
+
+III. Impact
+
+An attacker who has control to the network between a client and the
+service it talks to will be able to impersonate the service, allowing
+a successful man-in-the-middle (MITM) attack that circumvents the mutual
+authentication.
+
+IV. Workaround
+
+No workaround is available, but only Kerberos enabled clients are
+affected.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+A reboot is recommended.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+A reboot is recommended.
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-17:05/heimdal.patch
+# fetch https://security.FreeBSD.org/patches/SA-17:05/heimdal.patch.asc
+# gpg --verify heimdal.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that use the library, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/10/ r320907
+releng/10.3/ r320912
+stable/11/ r320907
+releng/11.0/ r320911
+releng/11.1/ r320910
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://www.orpheus-lyre.info/>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:05.heimdal.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.21 (FreeBSD)
+
+iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlll2poACgkQ7Wfs1l3P
+auf+8BAA13v5XSuifFibb4T+UY6tnCJgeRoCKYzwYIgx6glcDZyDUAuK0OtT5Skc
+2EK24SUe2371sKYkLJ0pULKU5suRqWmzVKvSXGpexcYj8h+B9VCHuQc6tM87v3nA
+/Nct5Svwxf+oBcI2MkVrn80NXsi5AfkBMzbgzXKGp3yGdMgbSpUx1uixN8QNtYSb
+9nuZZPlXRa7GJDqLuVZwkZQVq1EXnSWwSNH/Oq8DuW7VrTWGJHflS0i/azxTvT+2
+6zZCtCRkYd/875Bn7COxN5F597xwT76XDz5cQzOBH9hk0p+0hxfjAVSf7m5tbl1A
+g3qBvXmAhavLvtJfwVFtkwZeAzkLiU1FlcNdoFTFmBwzUYvob41K+JPud1sEUFmu
+4w5PXWPq3CbjvwzabOwFRlaA9XMBv8JSgATET3rk6ECjQ6I9+ptYkAXtpiCFXtxq
+09kw5dbsqwJ3RQsw/ZtNdbQhhoEG3rNTOCLkLYM3VPwPaCaDAFXN2OGRf6lE21HX
+QZQ57OypjTfd7OaSeM6kVeF/xYxh3AoxPsPdqTxphBOF+Ih0zCwcSVdXumuSqufq
+daNo+qLV7/IqvY9p0YmHtLKGhwss8jVQBTObNW8JESxmWrDAwtUke0fxnqK9LKMT
+vWbvNsgUaLFNEisMkY25VZCzgUiIDJu5JyhTMQtlqQOSNYB686k=
+=enb2
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/EN-17:06/hyperv.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-17:06/hyperv.patch Wed Jul 12 08:31:16 2017 (r50475)
@@ -0,0 +1,538 @@
+--- sys/cam/ata/ata_xpt.c.orig
++++ sys/cam/ata/ata_xpt.c
+@@ -40,6 +40,7 @@
+ #include <sys/interrupt.h>
+ #include <sys/sbuf.h>
+
++#include <sys/eventhandler.h>
+ #include <sys/lock.h>
+ #include <sys/mutex.h>
+ #include <sys/sysctl.h>
+@@ -827,6 +828,7 @@
+ {
+ struct ccb_pathinq cpi;
+ int16_t *ptr;
++ int veto = 0;
+
+ ident_buf = &softc->ident_data;
+ for (ptr = (int16_t *)ident_buf;
+@@ -833,6 +835,11 @@
+ ptr < (int16_t *)ident_buf + sizeof(struct ata_params)/2; ptr++) {
+ *ptr = le16toh(*ptr);
+ }
++ EVENTHANDLER_INVOKE(ada_probe_veto, path, ident_buf, &veto);
++ if (veto) {
++ goto device_fail;
++ }
++
+ if (strncmp(ident_buf->model, "FX", 2) &&
+ strncmp(ident_buf->model, "NEC", 3) &&
+ strncmp(ident_buf->model, "Pioneer", 7) &&
+--- sys/conf/files.amd64.orig
++++ sys/conf/files.amd64
+@@ -262,7 +262,6 @@
+ dev/hyperv/netvsc/hv_net_vsc.c optional hyperv
+ dev/hyperv/netvsc/hv_netvsc_drv_freebsd.c optional hyperv
+ dev/hyperv/netvsc/hv_rndis_filter.c optional hyperv
+-dev/hyperv/stordisengage/hv_ata_pci_disengage.c optional hyperv
+ dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c optional hyperv
+ dev/hyperv/utilities/hv_kvp.c optional hyperv
+ dev/hyperv/utilities/hv_util.c optional hyperv
+--- sys/conf/files.i386.orig
++++ sys/conf/files.i386
+@@ -240,7 +240,6 @@
+ dev/hyperv/netvsc/hv_net_vsc.c optional hyperv
+ dev/hyperv/netvsc/hv_netvsc_drv_freebsd.c optional hyperv
+ dev/hyperv/netvsc/hv_rndis_filter.c optional hyperv
+-dev/hyperv/stordisengage/hv_ata_pci_disengage.c optional hyperv
+ dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c optional hyperv
+ dev/hyperv/utilities/hv_kvp.c optional hyperv
+ dev/hyperv/utilities/hv_util.c optional hyperv
+--- sys/dev/hyperv/include/hyperv.h.orig
++++ sys/dev/hyperv/include/hyperv.h
+@@ -124,6 +124,8 @@
+ unsigned char data[16];
+ } __packed hv_guid;
+
++int snprintf_hv_guid(char *, size_t, const hv_guid *);
++
+ #define HV_NIC_GUID \
+ .data = {0x63, 0x51, 0x61, 0xF8, 0x3E, 0xDF, 0xc5, 0x46, \
+ 0x91, 0x3F, 0xF2, 0xD2, 0xF9, 0x65, 0xED, 0x0E}
+--- sys/dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c.orig
++++ sys/dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c
+@@ -58,6 +58,7 @@
+ #include <sys/lock.h>
+ #include <sys/sema.h>
+ #include <sys/sglist.h>
++#include <sys/eventhandler.h>
+ #include <machine/bus.h>
+ #include <sys/bus_dma.h>
+
+@@ -198,6 +199,7 @@
+ STORVSC_RINGBUFFER_SIZE}
+ };
+
++static eventhandler_tag storvsc_handler_tag;
+ /*
+ * Sense buffer size changed in win8; have a run-time
+ * variable to track the size we should use.
+@@ -818,6 +820,7 @@
+ * because the fields will be used later in storvsc_io_done().
+ */
+ request->vstor_packet.u.vm_srb.scsi_status = vm_srb->scsi_status;
++ request->vstor_packet.u.vm_srb.srb_status = vm_srb->srb_status;
+ request->vstor_packet.u.vm_srb.transfer_len = vm_srb->transfer_len;
+
+ if (((vm_srb->scsi_status & 0xFF) == SCSI_STATUS_CHECK_COND) &&
+@@ -966,20 +969,13 @@
+ static int
+ storvsc_probe(device_t dev)
+ {
+- int ata_disk_enable = 0;
+ int ret = ENXIO;
+
+ switch (storvsc_get_storage_type(dev)) {
+ case DRIVER_BLKVSC:
+ if(bootverbose)
+- device_printf(dev, "DRIVER_BLKVSC-Emulated ATA/IDE probe\n");
+- if (!getenv_int("hw.ata.disk_enable", &ata_disk_enable)) {
+- if(bootverbose)
+- device_printf(dev,
+- "Enlightened ATA/IDE detected\n");
+- ret = BUS_PROBE_DEFAULT;
+- } else if(bootverbose)
+- device_printf(dev, "Emulated ATA/IDE set (hw.ata.disk_enable set)\n");
++ device_printf(dev, "Enlightened ATA/IDE detected\n");
++ ret = BUS_PROBE_DEFAULT;
+ break;
+ case DRIVER_STORVSC:
+ if(bootverbose)
+@@ -1967,28 +1963,17 @@
+ return(0);
+ }
+
+-/*
+- * SCSI Inquiry checks qualifier and type.
+- * If qualifier is 011b, means the device server is not capable
+- * of supporting a peripheral device on this logical unit, and
+- * the type should be set to 1Fh.
+- *
+- * Return 1 if it is valid, 0 otherwise.
+- */
+-static inline int
+-is_inquiry_valid(const struct scsi_inquiry_data *inq_data)
++static uint32_t
++is_scsi_valid(const struct scsi_inquiry_data *inq_data)
+ {
+- uint8_t type;
+- if (SID_QUAL(inq_data) != SID_QUAL_LU_CONNECTED) {
+- return (0);
+- }
++ u_int8_t type;
+ type = SID_TYPE(inq_data);
+- if (type == T_NODEVICE) {
++ if (type == T_NODEVICE)
+ return (0);
+- }
++ if (SID_QUAL(inq_data) == SID_QUAL_BAD_LU)
++ return (0);
+ return (1);
+ }
+-
+ /**
+ * @brief completion function before returning to CAM
+ *
+@@ -2057,75 +2042,108 @@
+ callout_drain(&reqp->callout);
+ }
+ #endif
+-
+ ccb->ccb_h.status &= ~CAM_SIM_QUEUED;
+ ccb->ccb_h.status &= ~CAM_STATUS_MASK;
+ if (vm_srb->scsi_status == SCSI_STATUS_OK) {
+ const struct scsi_generic *cmd;
+- /*
+- * Check whether the data for INQUIRY cmd is valid or
+- * not. Windows 10 and Windows 2016 send all zero
+- * inquiry data to VM even for unpopulated slots.
+- */
+ cmd = (const struct scsi_generic *)
+ ((ccb->ccb_h.flags & CAM_CDB_POINTER) ?
+ csio->cdb_io.cdb_ptr : csio->cdb_io.cdb_bytes);
+- if (cmd->opcode == INQUIRY) {
+- /*
+- * The host of Windows 10 or 2016 server will response
+- * the inquiry request with invalid data for unexisted device:
+- [0x7f 0x0 0x5 0x2 0x1f ... ]
+- * But on windows 2012 R2, the response is:
+- [0x7f 0x0 0x0 0x0 0x0 ]
+- * That is why here wants to validate the inquiry response.
+- * The validation will skip the INQUIRY whose response is short,
+- * which is less than SHORT_INQUIRY_LENGTH (36).
+- *
+- * For more information about INQUIRY, please refer to:
+- * ftp://ftp.avc-pioneer.com/Mtfuji_7/Proposal/Jun09/INQUIRY.pdf
+- */
+- const struct scsi_inquiry_data *inq_data =
+- (const struct scsi_inquiry_data *)csio->data_ptr;
+- uint8_t* resp_buf = (uint8_t*)csio->data_ptr;
+- /* Get the buffer length reported by host */
+- int resp_xfer_len = vm_srb->transfer_len;
+- /* Get the available buffer length */
+- int resp_buf_len = resp_xfer_len >= 5 ? resp_buf[4] + 5 : 0;
+- int data_len = (resp_buf_len < resp_xfer_len) ? resp_buf_len : resp_xfer_len;
+- if (data_len < SHORT_INQUIRY_LENGTH) {
+- ccb->ccb_h.status |= CAM_REQ_CMP;
+- if (bootverbose && data_len >= 5) {
+- mtx_lock(&sc->hs_lock);
+- xpt_print(ccb->ccb_h.path,
+- "storvsc skips the validation for short inquiry (%d)"
+- " [%x %x %x %x %x]\n",
+- data_len,resp_buf[0],resp_buf[1],resp_buf[2],
+- resp_buf[3],resp_buf[4]);
+- mtx_unlock(&sc->hs_lock);
+- }
+- } else if (is_inquiry_valid(inq_data) == 0) {
+- ccb->ccb_h.status |= CAM_DEV_NOT_THERE;
+- if (bootverbose && data_len >= 5) {
+- mtx_lock(&sc->hs_lock);
+- xpt_print(ccb->ccb_h.path,
+- "storvsc uninstalled invalid device"
+- " [%x %x %x %x %x]\n",
+- resp_buf[0],resp_buf[1],resp_buf[2],resp_buf[3],resp_buf[4]);
+- mtx_unlock(&sc->hs_lock);
+- }
+- } else {
+- ccb->ccb_h.status |= CAM_REQ_CMP;
++ if (vm_srb->srb_status != SRB_STATUS_SUCCESS) {
++ /*
++ * If there are errors, for example, invalid LUN,
++ * host will inform VM through SRB status.
++ */
+ if (bootverbose) {
+- mtx_lock(&sc->hs_lock);
+- xpt_print(ccb->ccb_h.path,
+- "storvsc has passed inquiry response (%d) validation\n",
+- data_len);
+- mtx_unlock(&sc->hs_lock);
++ if (vm_srb->srb_status == SRB_STATUS_INVALID_LUN) {
++ xpt_print(ccb->ccb_h.path,
++ "invalid LUN %d for op: %s\n",
++ vm_srb->lun,
++ scsi_op_desc(cmd->opcode, NULL));
++ } else {
++ xpt_print(ccb->ccb_h.path,
++ "Unknown SRB flag: %d for op: %s\n",
++ vm_srb->srb_status,
++ scsi_op_desc(cmd->opcode, NULL));
++ }
+ }
+- }
++
++ /*
++ * XXX For a selection timeout, all of the LUNs
++ * on the target will be gone. It works for SCSI
++ * disks, but does not work for IDE disks.
++ *
++ * For CAM_DEV_NOT_THERE, CAM will only get
++ * rid of the device(s) specified by the path.
++ */
++ if (storvsc_get_storage_type(sc->hs_dev->device) ==
++ DRIVER_STORVSC)
++ ccb->ccb_h.status |= CAM_SEL_TIMEOUT;
++ else
++ ccb->ccb_h.status |= CAM_DEV_NOT_THERE;
+ } else {
+ ccb->ccb_h.status |= CAM_REQ_CMP;
+ }
++
++ if (cmd->opcode == INQUIRY &&
++ vm_srb->srb_status == SRB_STATUS_SUCCESS) {
++ int resp_xfer_len, resp_buf_len, data_len;
++ struct scsi_inquiry_data *inq_data =
++ (struct scsi_inquiry_data *)csio->data_ptr;
++ /* Get the buffer length reported by host */
++ resp_xfer_len = vm_srb->transfer_len;
++ uint8_t *resp_buf = (uint8_t *)csio->data_ptr;
++
++ /* Get the available buffer length */
++ resp_buf_len = resp_xfer_len >= 5 ? resp_buf[4] + 5 : 0;
++ data_len = (resp_buf_len < resp_xfer_len) ?
++ resp_buf_len : resp_xfer_len;
++ if (bootverbose && data_len >= 5) {
++ xpt_print(ccb->ccb_h.path, "storvsc inquiry "
++ "(%d) [%x %x %x %x %x ... ]\n", data_len,
++ resp_buf[0], resp_buf[1], resp_buf[2],
++ resp_buf[3], resp_buf[4]);
++ }
++ /*
++ * XXX: Manually fix the wrong response returned from WS2012
++ */
++ if (!is_scsi_valid(inq_data) &&
++ (vmstor_proto_version == VMSTOR_PROTOCOL_VERSION_WIN8_1 ||
++ vmstor_proto_version == VMSTOR_PROTOCOL_VERSION_WIN8 ||
++ vmstor_proto_version == VMSTOR_PROTOCOL_VERSION_WIN7)) {
++ if (data_len >= 4 &&
++ (resp_buf[2] == 0 || resp_buf[3] == 0)) {
++ resp_buf[2] = 5; // verion=5 means SPC-3
++ resp_buf[3] = 2; // resp fmt must be 2
++ if (bootverbose)
++ xpt_print(ccb->ccb_h.path,
++ "fix version and resp fmt for 0x%x\n",
++ vmstor_proto_version);
++ }
++ } else if (data_len >= SHORT_INQUIRY_LENGTH) {
++ char vendor[16];
++
++ cam_strvis(vendor, inq_data->vendor,
++ sizeof(inq_data->vendor), sizeof(vendor));
++ /*
++ * XXX: Upgrade SPC2 to SPC3 if host is WIN8 or
++ * WIN2012 R2 in order to support UNMAP feature.
++ */
++ if (!strncmp(vendor, "Msft", 4) &&
++ SID_ANSI_REV(inq_data) == SCSI_REV_SPC2 &&
++ (vmstor_proto_version ==
++ VMSTOR_PROTOCOL_VERSION_WIN8_1 ||
++ vmstor_proto_version ==
++ VMSTOR_PROTOCOL_VERSION_WIN8)) {
++ inq_data->version = SCSI_REV_SPC3;
++ if (bootverbose) {
++ xpt_print(ccb->ccb_h.path,
++ "storvsc upgrades "
++ "SPC2 to SPC3\n");
++ }
++ }
++ }
++ }
+ } else {
+ mtx_lock(&sc->hs_lock);
+ xpt_print(ccb->ccb_h.path,
+@@ -2193,3 +2211,51 @@
+ return (DRIVER_UNKNOWN);
+ }
+
++#define PCI_VENDOR_INTEL 0x8086
++#define PCI_PRODUCT_PIIX4 0x7111
++
++static void
++storvsc_ada_probe_veto(void *arg __unused, struct cam_path *path,
++ struct ata_params *ident_buf __unused, int *veto)
++{
++ /*
++ * Hyper-V should ignore ATA
++ */
++ if (path->device->protocol == PROTO_ATA) {
++ struct ccb_pathinq cpi;
++
++ bzero(&cpi, sizeof(cpi));
++ xpt_setup_ccb(&cpi.ccb_h, path, CAM_PRIORITY_NONE);
++ cpi.ccb_h.func_code = XPT_PATH_INQ;
++ xpt_action((union ccb *)&cpi);
++ if (cpi.ccb_h.status == CAM_REQ_CMP &&
++ cpi.hba_vendor == PCI_VENDOR_INTEL &&
++ cpi.hba_device == PCI_PRODUCT_PIIX4) {
++ (*veto)++;
++ xpt_print(path,
++ "Disable ATA for vendor: %x, device: %x\n",
++ cpi.hba_vendor, cpi.hba_device);
++ }
++ }
++}
++
++static void
++storvsc_sysinit(void *arg __unused)
++{
++ if (vm_guest == VM_GUEST_HV) {
++ storvsc_handler_tag = EVENTHANDLER_REGISTER(ada_probe_veto,
++ storvsc_ada_probe_veto, NULL, EVENTHANDLER_PRI_ANY);
++ }
++}
++SYSINIT(storvsc_sys_init, SI_SUB_DRIVERS, SI_ORDER_SECOND, storvsc_sysinit,
++ NULL);
++
++static void
++storvsc_sysuninit(void *arg __unused)
++{
++ if (storvsc_handler_tag != NULL) {
++ EVENTHANDLER_DEREGISTER(ada_probe_veto, storvsc_handler_tag);
++ }
++}
++SYSUNINIT(storvsc_sys_uninit, SI_SUB_DRIVERS, SI_ORDER_SECOND,
++ storvsc_sysuninit, NULL);
+--- sys/dev/hyperv/storvsc/hv_vstorage.h.orig
++++ sys/dev/hyperv/storvsc/hv_vstorage.h
+@@ -249,10 +249,10 @@
+ /**
+ * SRB Status Masks (can be combined with above status codes)
+ */
+-#define SRB_STATUS_QUEUE_FROZEN 0x40
+-#define SRB_STATUS_AUTOSENSE_VALID 0x80
++#define SRB_STATUS_QUEUE_FROZEN 0x40
++#define SRB_STATUS_AUTOSENSE_VALID 0x80
++#define SRB_STATUS_INVALID_LUN 0X20
+
+-
+ /**
+ * Packet flags
+ */
+--- sys/dev/hyperv/utilities/hv_kvp.c.orig
++++ sys/dev/hyperv/utilities/hv_kvp.c
+@@ -311,28 +311,11 @@
+ {
+ int err_ip, err_subnet, err_gway, err_dns, err_adap;
+ int UNUSED_FLAG = 1;
+- int guid_index;
+ struct hv_device *hv_dev; /* GUID Data Structure */
+ hn_softc_t *sc; /* hn softc structure */
+ char if_name[4];
+- unsigned char guid_instance[40];
+- char *guid_data = NULL;
+ char buf[39];
+
+- struct guid_extract {
+- char a1[2];
+- char a2[2];
+- char a3[2];
+- char a4[2];
+- char b1[2];
+- char b2[2];
+- char c1[2];
+- char c2[2];
+- char d[4];
+- char e[12];
+- };
+-
+- struct guid_extract *id;
+ device_t *devs;
+ int devcnt;
+
+@@ -359,17 +342,7 @@
+ /* Trying to find GUID of Network Device */
+ hv_dev = sc->hn_dev_obj;
+
+- for (guid_index = 0; guid_index < 16; guid_index++) {
+- sprintf(&guid_instance[guid_index * 2], "%02x",
+- hv_dev->device_id.data[guid_index]);
+- }
+-
+- guid_data = (char *)guid_instance;
+- id = (struct guid_extract *)guid_data;
+- snprintf(buf, sizeof(buf), "{%.2s%.2s%.2s%.2s-%.2s%.2s-%.2s%.2s-%.4s-%s}",
+- id->a4, id->a3, id->a2, id->a1,
+- id->b2, id->b1, id->c2, id->c1, id->d, id->e);
+- guid_data = NULL;
++ snprintf_hv_guid(buf, sizeof(buf), &hv_dev->device_id);
+ sprintf(if_name, "%s%d", "hn", device_get_unit(devs[devcnt]));
+
+ if (strncmp(buf, (char *)umsg->body.kvp_ip_val.adapter_id, 39) == 0) {
+--- sys/dev/hyperv/vmbus/hv_vmbus_drv_freebsd.c.orig
++++ sys/dev/hyperv/vmbus/hv_vmbus_drv_freebsd.c
+@@ -59,6 +59,7 @@
+ #include <sys/pcpu.h>
+ #include <machine/apicvar.h>
+
++#include <dev/hyperv/include/hyperv.h>
+ #include "hv_vmbus_priv.h"
+
+ #include <contrib/dev/acpica/include/acpi.h>
+@@ -298,6 +299,23 @@
+ return (ENOENT);
+ }
+
++static int
++vmbus_child_pnpinfo_str(device_t dev, device_t child, char *buf, size_t buflen)
++{
++ char guidbuf[40];
++ struct hv_device *dev_ctx = device_get_ivars(child);
++
++ strlcat(buf, "classid=", buflen);
++ snprintf_hv_guid(guidbuf, sizeof(guidbuf), &dev_ctx->class_id);
++ strlcat(buf, guidbuf, buflen);
++
++ strlcat(buf, " deviceid=", buflen);
++ snprintf_hv_guid(guidbuf, sizeof(guidbuf), &dev_ctx->device_id);
++ strlcat(buf, guidbuf, buflen);
++
++ return (0);
++}
++
+ struct hv_device*
+ hv_vmbus_child_device_create(
+ hv_guid type,
+@@ -324,15 +342,17 @@
+ return (child_dev);
+ }
+
+-static void
+-print_dev_guid(struct hv_device *dev)
++int
++snprintf_hv_guid(char *buf, size_t sz, const hv_guid *guid)
+ {
+- int i;
+- unsigned char guid_name[100];
+- for (i = 0; i < 32; i += 2)
+- sprintf(&guid_name[i], "%02x", dev->class_id.data[i / 2]);
+- if(bootverbose)
+- printf("VMBUS: Class ID: %s\n", guid_name);
++ int cnt;
++ const unsigned char *d = guid->data;
++
++ cnt = snprintf(buf, sz,
++ "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x",
++ d[3], d[2], d[1], d[0], d[5], d[4], d[7], d[6],
++ d[8], d[9], d[10], d[11], d[12], d[13], d[14], d[15]);
++ return (cnt);
+ }
+
+ int
+@@ -341,9 +361,12 @@
+ device_t child;
+ int ret = 0;
+
+- print_dev_guid(child_dev);
++ if (bootverbose) {
++ char name[40];
++ snprintf_hv_guid(name, sizeof(name), &child_dev->class_id);
++ printf("VMBUS: Class ID: %s\n", name);
++ }
+
+-
+ child = device_add_child(vmbus_devp, NULL, -1);
+ child_dev->device = child;
+ device_set_ivars(child, child_dev);
+@@ -747,6 +770,7 @@
+ DEVMETHOD(bus_print_child, bus_generic_print_child),
+ DEVMETHOD(bus_read_ivar, vmbus_read_ivar),
+ DEVMETHOD(bus_write_ivar, vmbus_write_ivar),
++ DEVMETHOD(bus_child_pnpinfo_str, vmbus_child_pnpinfo_str),
+
+ { 0, 0 } };
+
+--- sys/sys/eventhandler.h.orig
++++ sys/sys/eventhandler.h
+@@ -283,4 +283,11 @@
+ EVENTHANDLER_DECLARE(register_framebuffer, register_framebuffer_fn);
+ EVENTHANDLER_DECLARE(unregister_framebuffer, unregister_framebuffer_fn);
+
++/* veto ada probing */
++struct cam_path;
++struct ata_params;
++typedef void (*ada_probe_veto_fn)(void *, struct cam_path *,
++ struct ata_params *, int *);
++EVENTHANDLER_DECLARE(ada_probe_veto, ada_probe_veto_fn);
++
+ #endif /* SYS_EVENTHANDLER_H */
+--- sys/x86/x86/intr_machdep.c.orig
++++ sys/x86/x86/intr_machdep.c
+@@ -535,6 +535,9 @@
+ if (mp_ncpus == 1)
+ return;
+
++ /* Does not work properly on Hyper-V. */
++ if (vm_guest == VM_GUEST_HV)
++ return;
+ /* Round-robin assign a CPU to each enabled source. */
+ mtx_lock(&intr_table_lock);
+ assign_cpu = 1;
Added: head/share/security/patches/EN-17:06/hyperv.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-17:06/hyperv.patch.asc Wed Jul 12 08:31:16 2017 (r50475)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.21 (FreeBSD)
+
+iQIzBAABCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlll2rgACgkQ7Wfs1l3P
+aueyXRAAmp/GRpfdn8f9xMXP0W4QOsODfV7xVgxvaVTXLkBxT4o1710I2oVEh959
+7uXoXjJbGRepdj8U1CLrbusKjuTRM88hUR+QMrw0A82Iz+0FP1EQJU/kwLhl/CrJ
+Uhrnjqr0pHfNlGczym35Qii6gRD1Kvt8A6EhpzQhXVWPhpooPGnjpJsJ/cPPbJmN
+ywoi66JpgJHAJ94zH1qcdaKghirZ0D3f3rErWqZmAI7b4UGGGtHWtg04GcOXHdW5
+6cKuqRcn3cniWCs/dlHm/QEbhrsYYDKVAexzIxKlKnZt4L2b1od4Nwt2g5T0KNGD
+kVRIeIi4gfQNLiymS1jtUK/2l9ryZwMNDgDKXXbCGYFDVlGjhF/zV24J56owq24a
+9xUrA/eIt2aDkMXjbg/hCFooaaUW9bIEkfE7oGPZWOiv57Xl8tcVfxaCQhg7D7NI
+cacKTep4pfXezD5nm5Jv/CIZhdgfs73kUuhknf3Aje7lGaQDGGjJm0Izpr5CDU09
+fybWoyzEkMdD41Yuf0JgRqh0fC+kWmu9fRAe9v6UBJWnhFnKUeUrC5fidVXCR5c0
+CdgV3kYUK2cH0jDGeQrjcZybR52WFfeHa9Wj8Ea7fzOfsEu1qr+mCg7Vnbqt1Rbx
+WW8ob+UcPrxEYMSRJrg33Xr/EiTVpv2VA2zSwJIO7WNsR8NirbQ=
+=wx6c
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/SA-17:05/heimdal.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-17:05/heimdal.patch Wed Jul 12 08:31:16 2017 (r50475)
@@ -0,0 +1,13 @@
+--- crypto/heimdal/lib/krb5/ticket.c.orig
++++ crypto/heimdal/lib/krb5/ticket.c
+@@ -713,8 +713,8 @@
+ /* check server referral and save principal */
+ ret = _krb5_principalname2krb5_principal (context,
+ &tmp_principal,
+- rep->kdc_rep.ticket.sname,
+- rep->kdc_rep.ticket.realm);
++ rep->enc_part.sname,
++ rep->enc_part.srealm);
+ if (ret)
+ goto out;
+ if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){
Added: head/share/security/patches/SA-17:05/heimdal.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-17:05/heimdal.patch.asc Wed Jul 12 08:31:16 2017 (r50475)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.21 (FreeBSD)
+
+iQIzBAABCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlll2rgACgkQ7Wfs1l3P
+audDPBAA2J6IvRsymXj8EzCdEYI/DeoooD5wP2EuGxw166XH/UJgJC95LLEhpGsi
+sZ6ePOCEIDqUlWhYZjJT6uI3ww8ZLzIQ6gHIlA+J9/IfLimlFhG6J2E6D+IKwAcC
+4bhQOWeUT+HmiE3rRBtGsiND4Eos/LCzinSZR1oQMuiNpC+Z+Os+47EsDAM7zCRd
+HQo7Ko+8VUpI47E8jNeummjziHnmczpXsSVuuord8gpegLFYFaAqKmhJoD8O33Cf
+gVigMl/Oo039XlibJ6kivs+jY93iDAFb1ahQE1n/M8G0oMR1vExm6/ILDfjebA9z
+rS/6DNvbEBPfx9QSjnE1l9KVbIaWJjIQYU0Mia0Bu2h83mtk8zPoG2q2nfFpAP4I
+01wqv+zzVJjr3LULwZcAOGSTUSuXgZrnc5KBSM3ULs5ZZMgoCJ54oQjFXUkzQAqQ
+DXyHX3Oq6abG2YUOyErlt2mqUvbUJl4XU3nC0Hdw76UIK46/ksXwfabt+W3ICeEf
+ZX4YjMGWZU0XOJIfhmhgS6/Yr+F37ldac5D38I6AcnbgfBW8CiebtWyn5QNjoMOT
+jxSSz3Rl5Lt1M2xjPP4jg2a5ivq7gz2JmNOjBtNCVWeq1hAP+0EryghDFENMQDhL
+PZ7H+/201FUlxO9BQ5tOluGL0Nu4mtaLyeDUHZCwHYxQb+cz4/c=
+=Wwzw
+-----END PGP SIGNATURE-----
Modified: head/share/xml/advisories.xml
==============================================================================
--- head/share/xml/advisories.xml Wed Jul 12 01:13:40 2017 (r50474)
+++ head/share/xml/advisories.xml Wed Jul 12 08:31:16 2017 (r50475)
@@ -8,6 +8,18 @@
<name>2017</name>
<month>
+ <name>7</name>
+
+ <day>
+ <name>12</name>
+
+ <advisory>
+ <name>FreeBSD-SA-17:05.heimdal</name>
+ </advisory>
+ </day>
+ </month>
+
+ <month>
<name>4</name>
<day>
Modified: head/share/xml/notices.xml
==============================================================================
--- head/share/xml/notices.xml Wed Jul 12 01:13:40 2017 (r50474)
+++ head/share/xml/notices.xml Wed Jul 12 08:31:16 2017 (r50475)
@@ -8,6 +8,18 @@
<name>2017</name>
<month>
+ <name>7</name>
+
+ <day>
+ <name>12</name>
+
+ <notice>
+ <name>FreeBSD-EN-17:06.hyperv</name>
+ </notice>
+ </day>
+ </month>
+
+ <month>
<name>4</name>
<day>
More information about the svn-doc-all
mailing list