This is a display of mostly-automatically-classified git commits from 2025-09-01 to 2025-09-30.
In the future, these reports might include summaries or additional information, but for now our focus is figuring out what type of classification would be most useful.
Table of contents and commits per category:
| (19) | Highlighted commits (these are copies, not in stats) | |
| 3 | 0.4% | Userland programs |
| 58 | 7.2% | Documentation |
| 159 | 19.9% | Hardware support |
| 71 | 8.9% | Networking |
| 105 | 13.1% | System administration |
| 18 | 2.2% | Libraries |
| 11 | 1.4% | Filesystems |
| 124 | 15.5% | Kernel |
| 119 | 14.9% | Build system |
| 6 | 0.7% | Internal organizational stuff |
| 46 | 5.7% | Testing |
| 21 | 2.6% | Style, typos, and comments |
| 31 | 3.9% | Contrib code |
| 29 | 3.6% | Reverted commits |
| 0 | 0.0% | Unclassified commits |
| 801 | 100% | total |
| Technical notes about this page |
For extra visibility, these are copies of commits found in
other sections. Most (if not all) come from the commit message
containing "Relnotes:", or commits modifying
UPDATING.
There's no need for an implied value judgement. Suggested by: jhb Reviewed by: kib, jhb Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52351
Add kqueue tracking to jails, inspired by how it's done with processes. EVFILT_JAIL takes a jail ID, and tracks with NOTE_JAIL_SET, NOTE_JAIL_ATTACH, NOTE_JAIL_REMOVE, and NOTE_JAIL_CHILD. It also uses the NOTE_TRACK mechanism that EVFILT_PROC uses, using the same result flags (NOTE_CHILD and NOTE_TRACKERR). Relnotes: yes Differential Revision: https://reviews.freebsd.org/D51940
Similar to process descriptors, jail desriptors are allow jail administration using the file descriptor interface instead of JIDs. They come from and can be used by jail_set(2) and jail_get(2), and there are two new system calls, jail_attach_jd(2) and jail_remove_jd(2). Reviewed by: bz, brooks Relnotes: yes Differential Revision: https://reviews.freebsd.org/D43696
* Bumps to versions in lib/clang * Bumps to sys/conf/newvers.sh and sys/sys/param.h * Update to UPDATING Approved by: re (implicit) Sponsored by: https://www.patreon.com/cperciva
Manpages are very small, and having a separate manpages package for every base package is quite annoying for users. Turn this option off by default. Discussed with: bapt Reviewed by: manu, emaste MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D52417
Fixes: https://cgit.freebsd.org/src/commit/?id=dd8c666d8b78 ("src.sys.mk: Support src.conf in SRCTOP")
Enabled qat driver support for 402xx device with ID 0x4944/0x4945. This is an additional device supported under the existing qat_4xxx driver. Firmwares specific to the 402xx device are added. Signed-off-by: Hareshx Sankar Raj <hareshx.sankar.raj@intel.com> Relnotes: yes Sponsored by: Intel Corporation MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D52488
When starting single-user mode, use the home directory from user root as current directory and for the HOME environment variable. If the directory does not exist, set HOME=/. Also adjust /root/.profile to stop setting HOME, since it should always have been set now. This is intended to keep shell startup files working in single-user mode after /.profile has been removed. Reviewed by: emaste, ivy, kevans MFC after: 1 week Relnotes: yes Differential Revision: https://reviews.freebsd.org/D52527
We don't want a tests-dev package, because this means set-devel depends on tests-dev, which transitively depends on tests, which means you can't install set-devel without also getting tests. The only real "dev" files in tests-dev are from ATF (libprivateatf), so move that to its own package and add a dependency from tests. Also move Kyua to its own package, since this might be useful for running tests even when the user doesn't want the whole set of base tests installed. Add a dependency from -tests to both -atf and -kyua, and a dependency on -set-base, since the tests won't work without the full base system installed. The remaining "dev" files in tests are actually test artifacts, not real development libraries. Add a new NO_DEV_PACKAGE option to bsd.lib.mk, which causes dev files to be installed in the base package instead of creating a -dev package, and set this option for everything that installs test libraries. While here, add a slightly more informative description for the tests package. MFC after: 3 seconds Reviewed by: bapt, emaste Differential Revision: https://reviews.freebsd.org/D52597
Move mandoc to its own package so users can install it independently of -utilities. Put the package in the minimal set, since we also ship manpages in minimal and "man" is a basic Unix utility. Add a pkg-triggers(5) hook to run makewhatis when new manpages are installed, so that apropos(1) works. This depends on a new pkg(8) feature expected to be in in the upcoming 2.3.2 release; in the mean time, this is a no-op (i.e., having an older pkg doesn't break anything, it just won't run the trigger). MFC after: 3 seconds Reviewed by: bapt Differential Revision: https://reviews.freebsd.org/D52564
Implement RFC 7217 (A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration (SLAAC)) in our IPv6 stack. A new ifconfig `stableaddr` flag is added to enable the feature on interfaces, which defaults to on or off for new interfaces based on the sysctl `net.inet6.ip6.use_stableaddr` (off by default, so this commit causes no change in behavior with default settings). The algorithm follows the RFC in its logic, using SHA256-HMAC as the algorithm to derive addresses so as to provide code that can be leveraged by future implentations of RFC 8981, leveraging the `hostuuid` as the secret. The source of the hostidentifier can be configured using the sysctl `net.inet6.ip6.stableaddr_netifsource`, while the number of retries generating a new address in case of collision can be configured using the `net.inet6.ip6.stableaddr_maxretries` sysctl (default 3). Documentation about all these flags is added to the ifconfig(8) man page. Reviewed by: cognet, glebius, hrs Tested by: zarychtam@plan-b.pwste.edu.pl Approved by: cognet, glebius Relnotes: yes Differential Revision: https://reviews.freebsd.org/D49681
Nearly everyone wants powerd to manage CPU frequency scaling on real hardware, even if -utilities isn't installed. Conversely, very small jails might want -utilities but don't need powerd. Move it to its own package and add it to the minimal set. MFC after: 1 day Reviewed by: manu, imp Differential Revision: https://reviews.freebsd.org/D52645
Due to the size of libpmc.so.5, this reduces the size of the -utilities package by 10%. MFC after: 1 day Reviewed by: manu, adrian, emaste Differential Revision: https://reviews.freebsd.org/D52662
Currently libbz2 is in the libbz2 package, while bzip2 itself is in -utilities, which is inconsistent. Move both the library and the utility to a new -bzip2 package, and use LIB_PACKAGE to create a separate -bzip2-lib package for runtime dependencies. Add the bzip2 package to the minimal set, and since newsyslogd uses bzip2 for logfile compression, add a dependency from there. MFC after: 1 day Reviewed by: manu Differential Revision: https://reviews.freebsd.org/D52663
Sponsored by: The FreeBSD Foundation Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D52583
While preserving compatibility ('root' implied if no user is specified,
option '-i' not setting groups), introduce options to control finely
which user and group IDs are set in the launched process.
To minimize the risks of user error, mdo(1) by default enforces that all
user and group IDs are specified, either with explicit values from the
command-line or, if a known user name is passed with '-u', from the
corresponding content of the password and group databases. The other
main type of use cases is to start from the current process'
credentials, only amending part of them. It is now also possible to
blend both approaches, where some parts must be specified and the others
can just be amended or left as is.
Options:
* As before:
-u: Specifies a user name or ID to change all user IDs to. If a known
name is passed, also automatically sets all groups as per the
password and group databases.
-i: Starts from the current groups, instead of having to specify them
by using '-u' with a known user name or explicitly.
* New:
-k: Starts from the current users (incompatible with '-u'). Implies '-i'.
-g: Sets/overrides the primary group IDs with the passed group name or ID.
-G: Sets/overrides the supplementary groups set with the passed list of
comma-separated names or IDs.
-s: Amend the supplementary groups set according to the list of
comma-separated directives from the following:
- @: Empties the set. Must be the first directive. Incompatible with '-G'.
- +<group>: Add a group to the set.
- -<group>: Remove a group from the set. Takes precedence over +<group>.
--euid: Overrides the effective user ID.
--ruid: Overrides the real user ID.
--svuid: Overrides the saved user ID.
--egid: Overrides the effective group ID.
--rgid: Overrides the real group ID.
--svgid: Overrides the saved group ID.
Option '-k' was introduced as a requirement to be explicit when one
wants to keep the current user(s) instead of specifying new ones. This
is both for the purpose of avoiding foot-shooting and preserving the
possibility to omit '-u' to switch to 'root'. In order to avoid
confusion, if any user or group overrides are specified, mdo(1) however
enforces that either '-u' or '-k' has been specified (so, in practice,
'-u root' is implied only in the absence of any other options except
'-i').
Some base supplementary groups set is needed when '-s' is used without
directive '@'. It can be an explicit one specified with '-G',
effectively meaning that '-G' is processed before '-s'. Else, it is
determined from the password/group database (see initgroups(3)) if '-u'
with a user name was passed, or is simply the current set if '-i' (or
'-k') was specified. Other cases require specifying the full set (using
'-G' or '-s' with '@'), and will fail otherwise.
As the release process for 15.0 is progressing, this is committed in
advance of the still-in-progress tests and manual page updates.
Note for MFC to stable/14: As initgroups() has its old behavior,
consistently with it, remove the effective GID from being passed also as
a supplementary group.
Reviewed by: bapt
MFC after: 3 days
Relnotes: yes
Event: EuroBSDCon 2025
Sponsored by: The FreeBSD Foundation
Sponsored by: Google LLC (GSoC 2025)
Co-authored-by: Kushagra Srivastava <kushagra1403@gmail.com>
Differential Revision: https://reviews.freebsd.org/D52613
This was previously deprecated and is slated for removal in 15.0. Users who still need ftpd(8) can install the ftp/freebsd-ftpd port. Retain the ftp(d) PAM services since other FTP daemons use them. Update /etc/inetd.conf to point to /usr/local. Add ftpd to ObsoleteFiles, but do not list configuration files since users may want to preserve these to use with the freebsd-ftpd port. There is still some language in the manual referring to ftpd(8) which is relevant to the port, which has been retained but updated to reference the port. MFC after: 3 days Relnotes: yes Reviewed by: cperciva Differential Revision: https://reviews.freebsd.org/D52739
Both drm-kmod and nvidia-drm were updated to keep compiling and/or working after the latest LinuxKPI PCI changes. Some of what should have worked for a long time but did not or conflicted was hidden behind native PCI calls instead of using LinuxKPI. We cleaned this up. Bump __FreeBSD_version so that users will get the updated packages. MFC after: 3 days PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289647
root's home directory was moved to /root many years ago, so there's no reason to keep this old link. This brings sh in line with csh, where /.cshrc was removed in dcb65c5a94d4. Relnotes: yes Approved by: re (cperciva) MFC after: 1 day PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289097 Reviewed by: cperciva, jilles, bapt, emaste Differential Revision: https://reviews.freebsd.org/D52161
Commits about commands found in man section 1 (other than networking).
Add a new -h option that causes stat to print a list of holes for each file argument. Sponsored by: Klara, Inc. Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D52481
The timeout parser would check the first character after the number and ignore any subsequent ones. While here, switch to bool for booleans and fix some style nits. MFC after: 1 week Reviewed by: 0mp, markj Differential Revision: https://reviews.freebsd.org/D52612
While preserving compatibility ('root' implied if no user is specified,
option '-i' not setting groups), introduce options to control finely
which user and group IDs are set in the launched process.
To minimize the risks of user error, mdo(1) by default enforces that all
user and group IDs are specified, either with explicit values from the
command-line or, if a known user name is passed with '-u', from the
corresponding content of the password and group databases. The other
main type of use cases is to start from the current process'
credentials, only amending part of them. It is now also possible to
blend both approaches, where some parts must be specified and the others
can just be amended or left as is.
Options:
* As before:
-u: Specifies a user name or ID to change all user IDs to. If a known
name is passed, also automatically sets all groups as per the
password and group databases.
-i: Starts from the current groups, instead of having to specify them
by using '-u' with a known user name or explicitly.
* New:
-k: Starts from the current users (incompatible with '-u'). Implies '-i'.
-g: Sets/overrides the primary group IDs with the passed group name or ID.
-G: Sets/overrides the supplementary groups set with the passed list of
comma-separated names or IDs.
-s: Amend the supplementary groups set according to the list of
comma-separated directives from the following:
- @: Empties the set. Must be the first directive. Incompatible with '-G'.
- +<group>: Add a group to the set.
- -<group>: Remove a group from the set. Takes precedence over +<group>.
--euid: Overrides the effective user ID.
--ruid: Overrides the real user ID.
--svuid: Overrides the saved user ID.
--egid: Overrides the effective group ID.
--rgid: Overrides the real group ID.
--svgid: Overrides the saved group ID.
Option '-k' was introduced as a requirement to be explicit when one
wants to keep the current user(s) instead of specifying new ones. This
is both for the purpose of avoiding foot-shooting and preserving the
possibility to omit '-u' to switch to 'root'. In order to avoid
confusion, if any user or group overrides are specified, mdo(1) however
enforces that either '-u' or '-k' has been specified (so, in practice,
'-u root' is implied only in the absence of any other options except
'-i').
Some base supplementary groups set is needed when '-s' is used without
directive '@'. It can be an explicit one specified with '-G',
effectively meaning that '-G' is processed before '-s'. Else, it is
determined from the password/group database (see initgroups(3)) if '-u'
with a user name was passed, or is simply the current set if '-i' (or
'-k') was specified. Other cases require specifying the full set (using
'-G' or '-s' with '@'), and will fail otherwise.
As the release process for 15.0 is progressing, this is committed in
advance of the still-in-progress tests and manual page updates.
Note for MFC to stable/14: As initgroups() has its old behavior,
consistently with it, remove the effective GID from being passed also as
a supplementary group.
Reviewed by: bapt
MFC after: 3 days
Relnotes: yes
Event: EuroBSDCon 2025
Sponsored by: The FreeBSD Foundation
Sponsored by: Google LLC (GSoC 2025)
Co-authored-by: Kushagra Srivastava <kushagra1403@gmail.com>
Differential Revision: https://reviews.freebsd.org/D52613
Man pages, release notes, etc.
* ISO 8601 defines two formats: basic and extended, clarify that we output the extended format only. * Clarify that ISO 8601 is only aware of timezone /offsets/, not timezones, it has no relation to the Olson timezone database (TZ environment variable). Reviewed by: otis (mentor), des MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D52314
When booting with boot_verbose, you want a larger msgbuf size. Add a poitner to its tuneable. Suggested by: John De Boskey (Ages ago) Sponsored by: Netflix
Reviewed by: imp, ziaee Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52239
MFC after: 1 day Reviewed by: ziaee, markj Differential Revision: https://reviews.freebsd.org/D52355
Merge the upstream manpage upades into awk.1. This goes through upstream hash 9acc510. Upstream man page is written in raw nroff with "an" macros, rather than in mandoc, so convert to mandoc as well. The man page isn't updated on imports automatically, plus our man page has diverged somewhat from upstraem's so it's not a mechanical change... PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=230730 Sponsored by: Netflix
Signed-off-by: Stéphane Rochoy <stephane.rochoy@stormshield.eu> Sponsored-by: Stormshield Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1805
Because newsyslog(8) actually _requires_ a space after the <compress> directive. Reviewed by: bcr Differential Revision: https://reviews.freebsd.org/D52414
Add a -l option which causes man to interpret all arguments as paths to open directly rather than man pages to search for in MANPATH. See the PR for a detailed rationale. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289245 MFC after: 1 week Reviewed by: ziaee, emaste Differential Revision: https://reviews.freebsd.org/D52385
PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289245 Fixes: https://cgit.freebsd.org/src/commit/?id=14b61b2e9317 ("man: Add -l option")
Reviewed by: cem, emaste MFC after: 2 weeks Sponsored by: Stormshield Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D52231
make(1)'s -D flag does not allow for setting the value of the variable. It just defines the variable and sets its value to 1. In fact, make(1) treats "=" as just another character in the variable name: ``` $ make -DA=2 -V A # Output is just an empty line. $ make -DA=2 -V A=2 # Variable "A=2" is defined and set to "1". 1 ``` Fixes: https://cgit.freebsd.org/src/commit/?id=d25f7d324a9d ports.7: Document DEBUG_FLAGS and the process of debugging ports MFC after: 3 days
Reviewed by: bapt@ Approved by: bapt@ Differential Revision: https://reviews.freebsd.org/D52436
Reviewed by: bcr MFC after: 3 days
MFC after: 3 days Sponsored by: Klara, Inc. Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D52489
Document the buildenvvars target and the BUILDENV_SHELL variable. Sponsored by: Netflix
Signed-off-by: Miroslav Cimerman <mc@doas.su> Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1845
The manual page does not directly mention this reason for getting EPERM, instead referring the reader to chroot(2). We have had some questions about it recently, in part due to a bug (fixed), and this case is not an obvious permission/problem, so let's be more explicit. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280809 Reviewed by: jamie MFC after: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52319
from jesper wallin
ok bluhm
Obtained from: OpenBSD, jmc <jmc@openbsd.org>, 8c83d32726
Sponsored by: Rubicon Communications, LLC ("Netgate")
Hint that the tcp timeout values can be adjusted collectively via "set
optimization".
from jesper wallin
ok bluhm
Obtained from: OpenBSD, jmc <jmc@openbsd.org>, df80715c2d
Sponsored by: Rubicon Communications, LLC ("Netgate")
So that it renders as intended. MFC after: 3 days Sponsored by: The FreeBSD Foundation
If this tunable is enabled and vtnet receives a packet with VIRTIO_NET_HDR_F_NEEDS_CSUM set, vtnet computes the TCP/UDP checksum and writes it in the checksum field. This was somewhat useful when vtnet pretended that such a packet has a correct checksum and set the mbuf flag CSUM_DATA_VALID. But this is not the case anymore. Reviewed by: tuexen MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D52546
Bring up to date with NSS by substituting "file" with "database". Describe more precisely which database is accessed, i.e., only the group database, which value should be used and where it lands in the result. Prefer a terminology referring to POSIX terms, i.e., use "effective group list" instead of "group access list". Reviewed by: gbe MFC after: 5 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52283
Add a new SECURITY CONSIDERATIONS section describing in details what the
new behavior is after commit 9da2fe96ff2e ("kern: fix setgroups(2) and
getgroups(2) to match other platforms"), what setgroups(2) does not
do anymore, and how programs using it are affected.
Fix the groups limit after commit 9da2fe96ff2e ("kern: fix setgroups(2)
and getgroups(2) to match other platforms").
Prefer a terminology referring to POSIX terms, i.e., use "effective
group list" instead of "group access list".
While here, fix some style.
Note for MFC to stable/14: The content will have to be revised as the
new behavior is not in place. The latter should still be mentioned as
upcoming in 15.
Fixes: https://cgit.freebsd.org/src/commit/?id=9da2fe96ff2e ("kern: fix setgroups(2) and getgroups(2) to match other platforms")
MFC after: 5 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52284
Reviewed by: gbe Fixes: https://cgit.freebsd.org/src/commit/?id=9da2fe96ff2e ("kern: fix setgroups(2) and getgroups(2) to match other platforms") MFC after: 5 days MFC to: stable/15 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52285
Clarify and be more precise about the behavior of getgroups(2), in
particular with respect to 'gidsetlen'.
Prefer a terminology referring to POSIX terms, i.e., use "supplementary
groups" instead of "group access list".
Say that getgroups(2) reports the supplementary groups in strictly
ascending order and returns the cardinal of the set they form (and
mention this has been the case since FreeBSD 14.3).
Add a new SECURITY CONSIDERATIONS section contrasting the new behavior
after commit 9da2fe96ff2e ("kern: fix setgroups(2) and getgroups(2) to
match other platforms") with the historical one.
While here, fix some style.
Note for MFC to stable/14: The content will have to be revised as the
new behavior is not in place. The latter should be mentioned as
upcoming in 15.
Reviewed by: gbe (older version)
MFC after: 5 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52286
Reviewed by: gbe MFC after: 5 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52287
MFC after: 5 days MFC to: stable/15 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52288
reads odd to repeat, e.g. -F, when listing all its modifiers.
as a consequence, automatic tagging wouldn't work, e.g. no "zero"
tag would exist to jump to that -F modifier's definition.
also add manual tags for -R and -T as get explained together with
-s and -t, respectively, where only the first flag gets tagged.
Obtained from: OpenBSD, kn <kn@openbsd.org>, e08605c7f2
Sponsored by: Rubicon Communications, LLC ("Netgate")
OK sashan henning deraadt
Obtained from: OpenBSD, kn <kn@openbsd.org>, 1ddc001403
Sponsored by: Rubicon Communications, LLC ("Netgate")
In the manual pages for configuration files based on parse.y, describe
the syntax of both defining and using macros, rather than exclusively
relying on examples, which some of the pages do not even provide.
In those pages containing tables of content, also clarify that
the "Macros" section contains *definitions* of variables.
Both changes were already committed to vm.conf(5) earlier.
OK florian@, and deraadt also requests keeping these manuals in sync.
Obtained from: OpenBSD, schwarze <schwarze@openbsd.org>, 20aba01e82
Sponsored by: Rubicon Communications, LLC ("Netgate")
vnet.9: Rename vnet.9/vimage.9 to VNET.9/VIMAGE.9 Fix crossreferences to VNET(9) by correcting it's capitalization. MFC after: 3 days Reviewed by: enji, ziaee Closes: https://github.com/freebsd/freebsd-src/pull/1848
ObsoleteFiles: Remove the miscapitalized vnet.9 MFC after: 3 days Fixes: https://cgit.freebsd.org/src/commit/?id=3049b2f5115b (vnet.9: Rename vnet.9/vimage.9)
ObsoleteFiles: Remove the miscapitalized vimage.9 MFC after: 3 days Fixes: https://cgit.freebsd.org/src/commit/?id=08d41d8803d9 (ObsoleteFiles: Remove the miscapitalized vnet.9) Fixes: https://cgit.freebsd.org/src/commit/?id=3049b2f5115b (vnet.9: Rename vnet.9/vimage.9 to VNET.9/VIMAGE.9)
CDCEEM is already defined in the document name, no need to list it in parentheticals a second time in the document description. This brings the apropos listing down to one line on the one true standard console. MFC after: 3 days
blackhole.4: Describe better Rewrite the document description to fit cleanly on one line and omit crossreferences, to clean up apropos results. MFC after: 3 days Reviewed by: tuexen, cperciva Differential Revision: https://reviews.freebsd.org/D52695
blackhole.4: Describe even better Rewrite the document description to omit ficticious "UDP connections". Fixes: https://cgit.freebsd.org/src/commit/?id=38f6a4467419 (blackhole.4: Describe better) MFC after: 3 days Reviewed by: tuexen Reported by: tuexen, zi Differential Revision: https://reviews.freebsd.org/D52696
A predicate cannot be used without an action. MFC after: 3 days Event: EuroBSDCon DevSummit 2025
Approved by: bcr, ziaee
MFC after: 1 week
MFC to: stable/14, stable/15
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D52620
I meant to change this to tuexen's suggestion upon commit but failed. MFC after: 3 days Fixes: https://cgit.freebsd.org/src/commit/?id=9e02de4ad6c3 (blackhole.4: Describe even better)
While here, remove whitespaces at end of lines. Event: EuroBSDcon 2025 Devsummit
Consolidate examples to build the system in the build(7) manual where the details about the syntax involved is documented. Remove them from development(7), instead adding examples for patching the trees. They are left in UPDATING for now, to hopefully be removed eventually. Reduce documentation proliferation and create consistent, maintainable doc about building the system, eventually removing the COMMMON ITEMS section of UPDATING so there is a single source of truth in the cannon and well-integrated location, the in-band system reference manual. + Example 1: Build and upgrade system in place + Example 2: Build and upgrade a custom kernel in place + Example 3: Build and upgrade a single piece of userspace + Example 4: Build and upgrade a loadable kernel module + Example 5: Quickly rebuild a kernel in place + Example 6: Cross-compiling for different architectures The examples section of development(7) now contains examples for applying patches to the trees. There is certainy much more to do here, but it needs to be chunked. MFC after: 3 days Reviewed by: imp (previous version), ivy (previous version) Discussed with: emaste, imp, jhb, ivy Differential Revision: https://reviews.freebsd.org/D48693
Reviewed by: bcr Differential Revision: https://reviews.freebsd.org/D52698
ok henning, mcbride, jmc
Obtained from: OpenBSD, mikeb <mikeb@openbsd.org>, 355f9a50c1
Sponsored by: Rubicon Communications, LLC ("Netgate")
- use imperative tense in the pf.conf(5) "once" part
- leave printing implementation details to pfctl(8)'s "-s rules" part
- use more markup
- debug mode also prints expired rules
OK jmc sashan
Obtained from: OpenBSD, kn <kn@openbsd.org>, 1f1797aba7
Sponsored by: Rubicon Communications, LLC ("Netgate")
Update man page to account for chnage in timeout representation (sbintime_t vs power-of-2 nanoseconds), and addition of new WDIOC_CONTROL ioctl. Reviewed by: ziaee MFC after: 3 days Sponsored by: Juniper Networks, Inc. Differential Revision: https://reviews.freebsd.org/D52479
MFC after: 3 days Reviewed by: ziaee Signed-off-by: Minsoo Choo <minsoochoo0122@proton.me> Closes: https://github.com/freebsd/freebsd-src/pull/1853
The packages target was previously listed under kernel, move it to the general source make targets listing. Add the update-packages target as well. Adjust the release building targets with package in their names to clarify they are unrelated to pkgbase. Add the OBJROOT and REPODIR variables to ENVIRONMENT. MFC after: 3 days Reviewed by: ivy, markj (both previous versions) Suggestions by: des, emaste, ivy, kevans, markj Fixes: https://cgit.freebsd.org/src/commit/?id=1d26746cfd4a (Document the packages target) Fixes: https://cgit.freebsd.org/src/commit/?id=0ac8aa55da1c (Add incremental packages) Fixes: https://cgit.freebsd.org/src/commit/?id=26490d9b74f0 (allow update-packages for first) Differential Revision: https://reviews.freebsd.org/D50289
It's the same as lockmgr(9), which the man page already refers to.
While here, use Ev for TMPDIR consistently. MFC after: 3 days Event: EuroBSDCon 2025
+ Rewrite SYNOPSIS for consistency + Rewrite HARDWARE for HW Relnotes, and add some stragglers + Correct mdoc grammar, making sysctls aproposable and linking xrefs + Clean up TODO, cannonicalize to CAVEATS, a standard section + Editorial pass, tag SPDX MFC after: 3 days Reviewed by: imp Differential Revision: https://reviews.freebsd.org/D52125
Reported by: bcr Reviewed by: bcr MFC after: 3 days Event: EuroBSDCon 2025 Fixes: https://cgit.freebsd.org/src/commit/?id=5eb1caa8c845 Updated SYSCTL manual pages Differential Revision: https://reviews.freebsd.org/D52768
Sponsored by: The FreeBSD Foundation Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D52583
MFC after: 3 days Event: EuroBSDCon 2025 Sponsored by: The FreeBSD Foundation
Add context for inclusion in Hardware Release Notes. MFC after: 3 days
For the improvement of the hardware release notes. While here, tag SPDX. MFC after: 3 days
Add some context for the Hardware Relnotes, and tag SPDX while here. MFC after: 3 days
Fixes: https://cgit.freebsd.org/src/commit/?id=5673462af533 ("namei.9: sort operational modifiers in numerical order") MFC after: 2 days Sponsored by: The FreeBSD Foundation
Hardware drivers and architecture-specific code.
Parse out and display xhci controller extended capabilities. This gives us a mechanism to pick these up when the controller attaches. The print helps users and developer know the availability of features in the wild. This change will let developers know from dmesg that a controller supports USB debugging. Reviewed by: aokblast Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D51255
Chase commit 8e8d3068dcbe ("amd64 GENERIC: enable bloating kernel with
ext errors strings") from amd64. In general we would like to keep
GENERIC kernel options in sync between the Tier-1 architectures.
PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289236
Reviewed by: andrew
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52342
Use the underlying mechanism of vmapbuf instead of using this legacy interface. This means we don't have to allocate a buf, and can store the page array on the stack as it will be small enough for transfers that the vast majority of cards can do. And those that can do larger (> 512k) have provisions to split up requests. Sponsored by: Netflix Reviewed by: kib, markj Differential Revision: https://reviews.freebsd.org/D52149
While we can lookup the opcode and know exactly what we meant, sharing error messages with vendors can lead to some ambiguity. Go ahead and include the hex values for the error messages to aid in debugging. Sponsored by: Netflix Reviewed by: chuck Differential Revision: https://reviews.freebsd.org/D52353
umb: Fix setting the input routine This driver does not depend on netmap, and umb_input() works greatly without netmap. Remove the #ifdef DEV_NETMAP so that when "device netmap" is not configured this driver can still correctly pass the inbound packets to the net stack. Otherwise the input routine will be if_input_default() which will silently drop all inbound packets. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263783 Reported by: Andre Albsmeier <mail@fbsd2.e4m.org> Tested by: Andre Albsmeier <mail@fbsd2.e4m.org> Differential Revision: https://reviews.freebsd.org/D52182
umb.4: Remove device netmap from synopsis This driver was recently improved to no longer require DEV_NETMAP. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263783 Reported by: zlei Fixes: https://cgit.freebsd.org/src/commit/?id=e921d2842ee8 (umb: Fix setting the input routine)
vtnet: improve checksum offloading When transmitting a packet over the vtnet interface, map the csum flags CSUM_DATA_VALID | CSUM_PSEUDO_HDR to the virtio flag VIRTIO_NET_HDR_F_DATA_VALID. When receiving a packet over the virtio network channel, translate the virtio flag VIRTIO_NET_HDR_F_NEEDS_CSUM not to CSUM_DATA_VALID | CSUM_PSEUDO_HDR, but to CSUM_TCP, CSUM_TCP_IPV6, CSUM_UDP, or CSUM_UDP_IPV6. The second change fixes a series of issue related to checksum offloading for if_vtnet. While there, improve the stats counters to allow a detailed view on what is going on in relation to checksum offloading. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=165059 Reviewed by: tuexen, manpages MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D51686
vtnet: fix compilation for NOIP configs Reported by: bz Fixes: https://cgit.freebsd.org/src/commit/?id=1c23d8f9f398 ("vtnet: improve checksum offloading") MFC after: 3 days Sponsored by: Netflix, Inc.
vtnet: improve checksum offloading When transmitting a packet over the vtnet interface, map the csum flags CSUM_DATA_VALID | CSUM_PSEUDO_HDR to the virtio flag VIRTIO_NET_HDR_F_DATA_VALID. When receiving a packet over the virtio network channel, translate the virtio flag VIRTIO_NET_HDR_F_NEEDS_CSUM not to CSUM_DATA_VALID | CSUM_PSEUDO_HDR, but to CSUM_TCP, CSUM_TCP_IPV6, CSUM_UDP, or CSUM_UDP_IPV6. The second change fixes a series of issue related to checksum offloading for if_vtnet. While there, improve the stats counters to allow a detailed view on what is going on in relation to checksum offloading. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=165059 Reviewed by: tuexen, manpages MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D51686
vtnet: fix compilation for NOIP configs Reported by: bz Fixes: https://cgit.freebsd.org/src/commit/?id=3008f30d2c2c ("vtnet: improve checksum offloading") MFC after: 3 days
Mark the unused space after pv_memattr as reserved. This doesn't change the size of the struct as this padding was already inserted by the compiler. Sponsored by: Arm Ltd
To allow for possible future use add reserved fields to struct mdproc. Sponsored by: Arm Ltd
arm64: Add a macro to create cpu_feat This will be used later to extend cpu feature detection Reviewed by: imp (earlier version) Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D52356
arm64: Add a sysctl to see if features are enabled This will also be used as a tunable to control features in a later change. Reviewed by: imp Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D52357
arm64: Support managing features from loader Allow the user to enable/disable supported cpu features/errata from a known tunable. This will allow the user to disable features, e.g. to work around broken firmware. It can also be used to enable workarounds for rare errata. Reviewed by: imp Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D52358
arm64: Add a function to check a range of CPU revs Add a function that can check if a given midr is within a range of revisions. This will be used to check if a CPU is affected by a known erratum. Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D52187
arm64: Clean up HW DBM errata detection - Use the passed in midr rather than reading from pcpu - Use the new midr_check_var_part_range function to check if the midr is within the range of affected CPUs Reviewed by: alc Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D52188
arm64: Update the Neoverse-N1 1542419 errata check Use the new midr_check_var_part_range function to check if running on an affected Neoverse-N1 CPU. Reviewed by: emaste Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D52189
arm64: Move the FEAT_PAN check later We only need to enable PAN (Privileged access never) before userspace is running. Before that there are no unprivileged mappings to protect the kernel from accessing. While here switch to use get_kernel_reg to handle the case some CPUs have FEAT_PAN, while some don't. Reviewed by: emaste Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D52576
arm64: Add cpu_feat_disabled for disabled features When a feature is disabled we may need to run a cleanup handler, e.g. to remove a feature from the sanitized ID registers. Add support for this with a new feat_disabled handler. Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D52577
arm64: Read the CPU feature tunables once Rather than reading the CPU tunables each time we enable a feature just read them once on boot. Reading them early on non-boot CPUs causes issues where they try to allocate memory before the core is set up to do so. As they don't change it is safe to cache the state of them. Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D52578
arm64: Fix enabling CPU features Previously when enabling CPU feature we assumed the no check function means the feature was unconditionally enabled. When adding support to disable features on boot this check was incorrectly partially left in place. As all current features have a check function this meant all features were disabled. Fix this by restoring the previous behaviour while also allowing the user to disable the feature. Reviewed by: emaste Fixes: https://cgit.freebsd.org/src/commit/?id=4bc68fa98f68 ("arm64: Support managing features from loader") Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D52579
arm64: Set the endian without a memory access Early in the kernel we set the endian through the sctlr_el1 and sctlr_el2 registers. To get the value to put into these registers we load them from memory. As this will depend on the endian to get the fields in the correct order then it will fail if the endian is not what the kernel expects. Add a macro to load a 64-bit value into a register without a memory access and use this to set the register. As instructions are not affected by the endian set in sctlr this is safe. It is unlikely this will be hit as UEFI requires the processor to be in little endian mode, however when booting using the Linux ABI the kernel may start in big-endian, and secondary CPUs could be big-endian. Reviewed by: emaste Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D51012
arm64: Enable EPAN and IESB These are both safe to enable. EPAN only affects PAN when it's enabled, and IESB makes exception entry and exit an Implicit Error Synchronization event. Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D51013
arm64: Remove CPU_MATCH_RAW It's unused. Reviewed by: emaste Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D52191
arm64: Create a TLBI invalidate for the kernel Add pmap_s1_invalidate_all_kernel to remove the need to check for the kernel_pmap when it's passed in. While here replace pmap calls to cpu_tlb_flushID with pmap_s1_invalidate_all_kernel as they are identical. Reviewed by: kib Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D52183
arm64: Replace cpu_tlb_flushID in initarm Replace cpu_tlb_flushID with pmap_s1_invalidate_all_kernel in initarm. They are identical in the SMP case. Reviewed by: alc Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D52184
arm64: Add a multiple TLBI workaround The Arm Cortex-A55, Cortex-A76, and Cortex-A510 CPUs have errata that require multiple TLBI, DSB instructions to workaround. Add support to pmap to implement these. As it appears that all affected TLBI calls are via pmap.c this should be sufficient. As all variants of this erratum are Category-B (rare) require the user to enable it at boot time. Reviewed by: alc Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D52190
While here, advertise the IFCAP_HWSTATS capability to avoid the net stack from double counting it. Co-authored-by: zlei Reviewed by: zlei MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D44816
When ALTQ is enabled, this driver does "hardware" accounting and soft accounting at the same time. Prefer the "hardware" one to make the logic simpler. Reviewed by: zlei MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D44817
The interrupt handler releases the device lock in hdaa_stream_intr to avoid a lock order reversal. This allows child devices to be detached and destroyed and then the interrupt handler panics. Let hdac_detach take down the interrupt handler before detaching child devices and order hdac_driver so hdac_detach is called first. Remove duplicate hdac_if.h from the module Makefile. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=286385 Reviewed by: christos Differential Revision: https://reviews.freebsd.org/D50393
The new daemon have following properties as compared with previous
incarnation:
- evdev protocol support for mices and touchpads. Additionally to
relative PS/2 and USB devices it enables console support for I2C/USB
touchpads and bluetooth mices.
- Other aged protocols like COM, raw PS/2 and X10 are dropped with only
exception of sysmouse. For those who still use them there is an
utility called msconvd(8).
- single daemon per system where hotplug is processed via devd socket.
Per device mode still supported too.
- Configuration and quirks files in libinput-compatible format.
Actually, the new moused config parser is taken from libinput.
The moused(8) can work in 2 modes:
1. Evdev support mode. It enables all previously mentioned devices.
It is enabled by deault.
2. Sysmouse support mode. All should work as before.
No new devices supported. To enable it add following lines to
/etc/rc.conf:
moused_port="/dev/psm0"
moused_nondefault_enable="YES"
One may add hw.usb.usbhid.enable=0 to /boot/loader.conf to enable
ums(4) driver which supports sysmouse protocol.
Differential Revision: https://reviews.freebsd.org/D52164
Earlier only intellimouse protocol was supported.
The function used the wrong variable (mask) to print the Exit and Entry controls. Fix it. Signed-off-by: Aaron LI <aly@aaronly.me> Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1820
Add hint.gpioled.%d.invmode to allow setting the pin inversion method. Accept
the following values:
- auto Use hardware pin inversion if available, else fallback to software pin
inversion.
- hw Use hardware pin inversion.
- sw Use software pin inversion.
Default is auto. This hint is ignored when no pin inversion is
requested (hint.gpioled.%d.invert=0).
Signed-off-by: Stéphane Rochoy <stephane.rochoy@stormshield.eu>
Sponsored-by: Stormshield
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1805
This should both enable the sequence number offloading and disable the net80211 TX lock from being acquired/released/checked. Locally tested: * RTL8812AU, STA mode Reviewed by: bz Differential Revision: https://reviews.freebsd.org/D52301 Differential Revision: https://reviews.freebsd.org/D50693
Right now the cutoff values for the RCT and APT tests are computed with a fixed min-entropy estimate of 1. In preparation for permitting alternative estimates for "pure" sources (i.e., hardware noise sources), extend the code to handle alternative estimates of an integer number of bits. For the RCT test, the cutoff is simply the formula from section 4.4.1 of NIST SP 800-90B. For the APT test, I used Excel to compute a lookup table using the formula provided in section 4.4.2. Reviewed by: cem MFC after: 2 weeks Sponsored by: Stormshield Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D52228
This variable provides a mask of all registered entropy sources and is updated when drivers attach and detach (or by sysctl). However, nothing was synchronizing accesses to it. Use the harvest lock to provide mutual exclusion for updates, and use atomic_load_int() to mark unlocked reads. Reviewed by: cem MFC after: 2 weeks Sponsored by: Stormshield Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D52230
The current implementation of the NIST health tests assumes a min-entropy estimate of one bit per sample, which is quite conservative. For so-called "pure" sources (e.g., virtio-random, TPM) it might be nice to support larger estimates so that the tests catch failed devices more quickly. Thus: - let each pure random source provide an estimate, so that downstreams or driver implementors can override defaults if they want to; - increase the default estimate for pure sources; - for pure sources initialize the state machine at source registration time. Reviewed by: cem MFC after: 2 weeks Sponsored by: Stormshield Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D52232
So-called pure sources provide entropy at regular intervals, so the timestamp counter provides little entropy. Exclude it from health testing for such sources. Reviewed by: cem, emaste MFC after: 2 weeks Sponsored by: Stormshield Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D52233
Strictly speaking, opc & 0x3 == 3 is input and output at the same time. This is undefined, in general. But for vendor commands, it's vendor specific. Linux allows it generally and treats it as a read, which is what we do too, so remove this check to be more compatible with Linux's behavior (which we're trying to emulate). Sponsored by: Netflix
Enable sequence number offload. This should both enable the sequence number offloading and disable the net80211 TX lock from being acquired/released/checked. Differential Revision: https://reviews.freebsd.org/D50747 Okayed by: bz
Enable sequence number offload. This should both enable the sequence number offloading and disable the net80211 TX lock from being acquired/released/checked. Differential Revision: https://reviews.freebsd.org/D50749 Okayed by: bz
* Enable A-MPDU TX by fixing the A-MPDU TX establish routine; always assign sequence numbers from net80211 (for now); and fix the descriptor programming. * Add TODO items around CAM allocation for keys, MAC ID stuff which we likely need to fix for working IBSS/AP behaviour, and whatever other bits and pieces I noticed. * Disable amsdu2ampdu, we can decap A-MSDU just fine in net80211, doubly so if we somehow get A-MSDU inside an A-MPDU. I've tested / verified that A-MPDU TX and A-MPDU RX is correctly established and functioning by using rtwn in monitor mode. I used an old r92su linux out of tree driver for comparison. Differential Revision: https://reviews.freebsd.org/D50748 Okayed by: bz
qlnxe: Unconditionally enable extended media types Those extended media types are available since about 2015 [1]. All supported branches already have them defined. No functional change intended. [1] eb7e25b22f1c ifmedia changes: Extend the number of available subtypes for Ethernet media ... Reviewed by: kbowling MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52374
qlnxe: Support SIOCGIFXMEDIA ioctl ifconfig(8) will try SIOCGIFXMEDIA first and then retry SIOCGIFMEDIA if that fails. Since the driver reports extended media types, support SIOCGIFXMEDIA ioctl directly rather than doing another round. Reviewed by: kbowling MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52375
qlnxe: Report speeds in decimal format It is more natural to read the speed in decimal format than hexadecimal one. Spotted this while diagnosing PR 287445, ``` [__ecore_configure_pf_max_bandwidth:6864(qlnx-0)]Configured MAX bandwidth to be 000061a8 Mb/sec [__ecore_configure_pf_min_bandwidth:6922(qlnx-0)]Configured MIN bandwidth to be 750 Mb/sec ``` Reviewed by: kbowling MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52376
This restores a check that existed prior to commit be1f7435ef218b1d
("kern: start tracking cr_gid outside of cr_groups[]").
While here, improve pmc_can_attach()'s style by changing the type of
'decline_attach' to 'bool', fixing tests on it, adding missing
parentheses to 'return' statements, and by changing its return value
type to 'bool'.
Fixes: https://cgit.freebsd.org/src/commit/?id=be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]")
MFC after: 9 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52252
The returned value in this case was wrong, and would basically prevent some PMC's owner process to attach that PMC to itself although the security checks underneath would have allowed it. Now that this early return has been fixed, its block basically becomes a performance short-circuit which has no effect from a functional standpoint. Fixes: https://cgit.freebsd.org/src/commit/?id=ebccf1e3a6b1 ("Bring a working snapshot of hwpmc(4), ...") MFC after: 9 days Sponsored by: The FreeBSD Foundation
This restores a check that existed prior to commit be1f7435ef218b1d
("kern: start tracking cr_gid outside of cr_groups[]").
Fixes: https://cgit.freebsd.org/src/commit/?id=be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]")
MFC after: 9 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52253
Originally ixgbe_if_update_admin_status() only handled 1G and 10G speeds, causing any other speeds to display as "1 Gbps" in link status logs. This issue is fixed by adding link speed to string conversion logic through the introduction of a helper function, ixgbe_link_speed_to_str(), which corrects the misleading logs to reflect accurate link speeds. Signed-off-by: Yogesh Bhosale yogesh.bhosale@intel.com PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288960 Reported by: Mike Belanger - QNX MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D52442
Remove the unused function ixgbe_is_media_cage_present that generates a compiler warning. Signed-off-by: Yogesh Bhosale yogesh.bhosale@intel.com Reported by: markj MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D52467
It may pass packets up the stack and so needs to be called in a network epoch. When a watchdog timeout happens, we need to enter a section explicitly. Reviewed by: zlei, glebius, adrian MFC after: 2 weeks Sponsored by: Innovate UK Differential Revision: https://reviews.freebsd.org/D51885
PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288960 Reported by: michaelo MFC after: 2 days
PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=286720 Reviewed by: zlei MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D50491
Reported by: markj, bz Approved by: markj (mentor) Fixes: https://cgit.freebsd.org/src/commit/?id=2b74ff5fceb6 ("ichwd: introduce i6300esbwd watch dog driver") Differential Revision: https://reviews.freebsd.org/D52476
The new Framework 16 with ALC285 exhibits the same issue as the previous model. Therefore, we apply the same fix to the new model. Reviewed by: emaste, Daniel Schaefer <dhs@frame.work> Approved by: lwhsu (mentor) MFC after: 3 days Sponsored by: The FreeBSD Foundation Sponsored by: Framework Computer Inc Differential Revision: https://reviews.freebsd.org/D52423
cxgbe tom: Halve the size of offload transmit software descriptors Use bitfields to pack tx_credits and plen into a single 32-bit word. Reviewed by: np Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D47759
cxgbe tom: Support sending "raw" WR mbufs on plain TCP and TLS sockets This is intended to support control work requests that manipulate connection state but do not transmit data. Raw WRs are transmitted immediately if possible, otherwise they are queued to an mbufq in the toe pcb until sufficient credits are available. Raw WRs take precendence over transmitting socket data. Reviewed by: np Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D47761
cxgbe tom: Export alloc_raw_mbuf for use in other TOE drivers Reviewed by: np Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D47762
cxgbe tom: Send auxiliary TLS work requests as raw WR mbufs In particular, the work request to update the TCB state when switching from plain TCP to TLS is now queued on the connection's offload transmit queue rather than over the per-port control queue. This also handles an unlikely edge case that a connection does not have sufficient credits to transmit other work requests synchronously such as programming the key in on-card memory or altering TCB fields. Reviewed by: np Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D47763
igb VF must not read normal stat registers and only read a limited set of registers. The PF registers also don't make since as the VF is an internal port, and there is no PHY to collect stats like CRC errors from. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282309 Obtained from: Juniper Networks, Inc. Differential Revision: https://reviews.freebsd.org/D52326
So gcc12 doesn't understand that t->udelay is >= 1, so thinks that noack might be unset sometimes. While we specifically constrain this on direct assignment, there's a sysctl that might not. This is likely also a bug. Instead of uglifying everything by using MAX(1, sc->udelay), I rewrote the for loop as a do-while loop (which arguably dictates intent better because this code clearly assumes it will be executed once). Sponsored by: Netflix
We detect an error condiction and print it. And then unconditionally jump to the err code, which is incorrect. It's clear from indentation and code tracing there should be braces here. Sponsored by: Netflix
Help the flow analysis in gcc12 by initializing scsi_reply to NULL and testing it along with sense_buf. Sense buf should be non-null only in this code path, but might also be non-null if the PA for is somehow set to zero. I debated adding an assert for the latter, but opted to instead preserve existing behavior. Also set host_diagnostic to 0. gcc12 can't quite realize that we only test it after we've been through this loop at least once to report an error condition. Initialize to 0 to avoid a diagnostic. Sponsored by: Netflix
If we have outstanding tractions and then poll and still have
outstanding transactions, we print a warning. However, we print the
warning, confusingly, even if there's 0 left. Enclose the two statements
in {} to avoid this relatively harmless effect and quiet gcc12's
indentation complaint.
Sponsored by: Netflix
This is as opposed to using ACPI sleep states (`ACPI_STATE_S*`). We now use `POWER_STYPE_*` added in D52036. This is in preparation for adding support for s2idle, which is not an ACPI sleep state, but needs to be handled specially by `acpi_EnterSleepState`. Supersedes D48732. Reviewed by: mckusick (mentor), markj Approved by: mckusick (mentor), markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52043
Add the Arm C1-Nano, C1-Pro, C1-Premium, and C1-Ultra CPUs from their Technical Reference Manuals. Sponsored by: Arm Ltd
The check was always true so would incorrectly enable the feature when it wasn't supported. Due to another bug this was harmless. Sponsored by: Arm Ltd
xhci offers a debugging interface which uses a special usb 3 cable with the D+, D- and VBUS pairs disconnected. This interface allows a target device to configure its xhci controller as a debugging channel which can then be used to provide a serial link between the target and a debug host. This change extracts the udbc host mode driver from hrs@'s xhci debug implementation. Reviewed by: bcr (man page) MFC after: Before 15-ALPHA3 builds Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D51299
If the device is opened with O_NONBLOCK, even though we check for it in order to set CHN_F_NBIO, the subsequent chn_reset() calls will clear all flags, except those set in CHN_F_RESET, which does not include CHN_F_NBIO. Add CHN_F_NBIO to CHN_F_RESET. Additionally, because primary channels can be reused, make sure we do not unintentionally keep CHN_F_NBIO set if the channel is re-opened, but without O_NONBLOCK. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289441 MFC after: 2 days Reviewed by: christos, markj Differential Revision: https://reviews.freebsd.org/D52493
When fixing the conflicts caused by gallatin's commit and the reviewed patch, I missed this location because it didn't exist when gallatin did their change. Obtained from: Juniper Networks, Inc.
These functions are stubs that do nothing but are called by some software and not providing them results in implicit function declaration errors. This was missed in D25740. Reviewed by: #riscv, mhorne MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52035
The first store-pair instruction in save_registers_head decrements the stack pointer to create room for most of the trapframe (and the redzone area for nested exceptions). However, the expression was a bit non-intuitive as it was using an expression without a leading negative sign to adjust the stack pointer. Rewrite the expression so that it is more clearly a negative adjustment to the stack pointer. Suggested by: andrew Reviewed by: andrew Sponsored by: AFRL, DARPA Differential Revision: https://reviews.freebsd.org/D52514
x18 is overwritten with a temporary copy of the kernel stack pointer when it is saved in the trapframe. This does not matter in terms of function since nested exception return does not restore x18 from the trapframe, but it does mean that examining x18 in a debugger in stack frames above a nested fault outputs the wrong register value. To fix, compute the value of the original stack pointer to save in x18 later after the trapframe has been constructed. Reviewed by: jhb, andrew Sponsored by: AFRL, DARPA Differential Revision: https://reviews.freebsd.org/D52472
Add PNP info so it the module can be by devmatch(8) and automatically loaded. On non-x86 platforms it is not included in GENERIC. Reviewed by: imp MFC after: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52557
Use tsadc_temp_to_raw instead of tsadc_raw_to_temp, otherwise rk3566/68 get stuck in a kernel reboot cycle. https://forums.freebsd.org/threads/running-freebsd-on-radxa-rock-3c-rk3566-board.89389/post-624890 Submitted by: covacat Reviewed by: mmel MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D52309
This patch revisits the controller reset path and introduces timeout handling for I/O commands. To support controller reset during driver operation, the controller’s construct, destruct, enable, and disable functions are clearly separated in ufshci_ctrlr.c. ufshci_ctrlr_hw_reset() function is added to leverage enable/disable. After initialization, ufshci_ctrlr_reset_task() is also introduced to ensure controller resets are performed via the task queue. Timeout handling is designed in five steps. This patch implements Step 1 and Step 5, while the remaining steps will be added later. The timeout mechanism follows the same shared timeout model used in the NVMe driver. Test: Intentionally delayed UPIU I/O in QEMU to trigger a timeout and verify timeout handling. Sponsored by: Samsung Electronics Reviewed by: imp (mentor) Differential Revision: https://reviews.freebsd.org/D52440
The CPUCTL_UPDATE is supposed to be applied only to the CPU the ioctl(2) was performed on. This is true for Intel CPUs, but for AMD the SMP rendezvouz of amd_ucode_wrmsr() effectively executed it on all CPUs. Also, the update failure was not reported. Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D52466
The function is never called with onoff = -1 MFC after: 3 days MFC with: 9ae3c30
Migrate the following wifi drivers to use the seqno offload option. Locally tested (STA mode) on: * mtw * uath * upgt * ural * urtw * uzyd Differential Revision: https://reviews.freebsd.org/D50771 Okayed by: bz
* Convert the rest of the drivers to implement driver/offloaded sequence number handling. * For drivers that implement their own sequence number space handling for A-MPDU, only call ieee80211_output_seqno_assign() if the frame isn't tagged with M_AMPDU_MPDU, which mirrors the original net80211 sequence number behaviour. (Except of course, the assignment is now happening during final encap/transmit, not early in encap.) Locally tested (sta mode): * ath * iwn * bwi * bwn * iwm * otus * ral Differential Revision: https://reviews.freebsd.org/D50772 Okayed by: bz
the firmware should be sending these. Differential Revision: https://reviews.freebsd.org/D52298 Reviewed by: bz Locally tested: * rtl8821/rtl8812au (STA)
Don't originate null data frames in net80211; leave that up to the iwn firmware. This should fix a bunch of cases where we're seeing out of sequence 802.11n aggregation data packets because net80211 power management stuff was triggering NULL data frames when we don't need them and messing up the firmware / ring buffer sequence number space. Differential Revision: https://reviews.freebsd.org/D52299 Locally tested: * 6205, STA mode
Tell it not to originate NULL / QoS NULL data frames. The firmware will handle them here. Differential Revision: https://reviews.freebsd.org/D52300 Reviewed by: bz Locally tested: * 9260, STA mode
Otherwise we get a NULL pointer dereference when writing to /dev/random. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288826 Reviewed by: cem MFC after: 1 week Fixes: https://cgit.freebsd.org/src/commit/?id=fa8db724ae6e ("random: Treat writes to /dev/random as separate from /entropy") Differential Revision: https://reviews.freebsd.org/D52633
Reviewed by: jrtc27, markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D52626
Noted and reviewed by: jrtc27 Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D52626
We already use clflushopt in support.S, there is no reason to manually construct the encoding. Initially it was done because toolchains did not supported the (then) new instruction. Sponsored by: The FreeBSD Foundation MFC after: 1 week
to evdev or sysmouse. It is required to avoid receiving of double events on hybrid devices supporting both interfaces like ums (4). MFC after: 1 day Reviewed by: glebius (via private chat) Differential Revision: https://reviews.freebsd.org/D52647
I received a report on freebsd-wireless@ that traffic stopped working. It seems that although my AX210 is fine with this change, the AX201/22000 hardware/firmware seems to require it. There's a bit to set in the TX command to force the FW to set the sequence control. We only set a few flags, and we don't set that. So, add the sequence number allocation where encryption is performed. Locally tested: * AX210, STA mode * AX201, STA mode Differential Revision: https://reviews.freebsd.org/D52652 Reviewed by: kevans Tested by: kevans
I've had a report of this breaking without the sequence number assigned (from glebius@) so, similar to iwx work, let's just re-add it here. Reported by: glebius Differential Revision: https://reviews.freebsd.org/D52664 Reviewed by: glebius Tested by: glebius
Lower values may result in non-acknowledged interrupts. E.g. ITE5570 device found in ASUS TUF. Greater values may result in read failures. E.g. GXTP7863 device found on MateBookPro 2023. Investigated by: huanghwh@gmail.com PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289353 MFC after: 1 week fixes: 36027361f9cf ("iichid: Stop using split I²C bus transactions")
It is required since "iichid(4): Always use wMaxInputLength bytes as input report length" commit. MFC after: 1 week
MFC after: 1 week
fixes: 36027361f9cf ("iichid: Stop using split I²C bus transactions")
arm64/vmm: Add a feature flag and use it for HCRX Add a field to hold the features the hardware supports that need to be handled when switching to a guest and use it to handle FEAT_HCX that adds the HRX_EL2 register. This reduces the number of times we read ID registers in guest switching which may be trapped when running under nested virtualisation. Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D51816
arm64/vmm: Clean up enabling guest timer access Clean up the name of CNTHCTL_EL2 field macros and expand to include more fields. This makes it easier to see which accesses are trapped or not trapped. While here set the register directly. We already set it in locore.S so there is no need to read that and modify it. Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D51817
arm64/vmm: Remove support for reading CNTHCTL_EL2 This is now unused as we just set the register value directly. Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D51818
These will be used to support the Enhanced Counter Virtualization Extensions: FEAT_ECV and FEAT_ECV_POFF. The former adds Self-Synchronized registers, and the latter adds support for an offset for the physical counter. Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D51819
When FEAT_ECV is implemented on arm64 a Self-Synchronized view of the counter registers are available. These don't need an isb before reading the count as they are not able to be speculatively executed. Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D51820
Support guest access to the physical timer when FEAT_ECV_POFF is supported. In this case we can set an offset for the physical timer. We can reuse the virtual timer support to also support the physical timer, with a few more registers needing to be handled when switching to a guest. As it is not clear how this will affect performance when the guest doesn't use it hide enabling it behind a sysctl. It is expected this will be useful when Nested Virtualisation is supported as guests are expected to use the physical timer registers. Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D51821
PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216568 MFC after: 1 week Reviewed by: christos, kib Differential Revision: https://reviews.freebsd.org/D52509
Reviewed by: markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D52607
The variant of wrmsr_safe(9) that might work before IDT and curpcb are initialized. Assumes BSP, and that all APs are parked. Before calling wrmsr_early_safe(), the wrmsr_early_safe_start() should be called, afterward wrmsr_early_safe_end() restores the bootenv IDT. Reviewed by: markj Tested by: glebius Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D52607
to avoid recursion on u2f mutex and taking of hidbus sleepable lock. Tested by: emaste PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289494 MFC after: 2 days
Not all registers have a write mask with high/low register on rk3568. Reviewed by: vexeduxr MFC after: 5 days Differential Revision: https://reviews.freebsd.org/D52512
The code is based on bcm2835_gpio.c. This enables allocating gpio interrupts via interrupts property in fdt. Reviewed by: vexeduxr MFC after: 5 days Differential Revision: https://reviews.freebsd.org/D52513
Include VLAN tag in policy and SA outbound rules so that rules from VLAN interfaces differ from physical interface rules, preventing duplicate rule creation in VLAN configurations. Sponsored by: Nvidia networking MFC after: 1 week
Enable the handling of the IFCAP_RXCSUM_IPV6 handling by handling IFCAP_RXCSUM and IFCAP_RXCSUM_IPV6 as a pair. Also make clear, that software and hardware LRO require receive checksum offload. Reviewed by: Timo Völker MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D52682
FEAT_PAN3 adds the SCTLR_EL1.EPAN field. This tells the hardware to raise a permission abort when userspace could execute a page, i.e. the ATTR_S1_UXN field is clear in the page table. This causes issues for the EFI runtime as we only mark non-executable pages with this flag leading to a permission fault when accessing it. Fix this by marking all EFI mappings with ATTR_S1_UXN. The kernel already had this field set so was already safe. Reported by: tuexen Reviewed by: tuexen Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D52750
Use table attributes to also limit unprivileged access to the EFI runtime mappings. This is mostly for parity with pmap as this is never mapped while userspace could execute. Reviewed by: tuexen Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D52751
This is as opposed to using ACPI sleep states directly (`ACPI_STATE_S*`). We now use `POWER_STYPE_*` added in D52036. This is in preparation for adding support for s2idle, which is not an ACPI sleep state, but needs to be handled specially by `acpi_EnterSleepState`. Reviewed by: cy Approved by: cy Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52705 Event: EuroBSDcon 2025 Devsummit
When writing an ACPI S-state to it it will set kern.power.suspend to the appropriate sleep type, and when reading from it it will return the corresponding ACPI S-state to the sleep type in kern.power.suspend. This is deprecated and kern.power.suspend should be used directly instead, but add this back because zzz(1) makes use of this and we can't easily rewrite it just now. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289634 Reviewed by: cy, markj Approved by: cy, markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52600 Event: EuroBSDcon 2025 Devsummit
Use the new method for wrmsr that is able to set up fault handler even at the very early stage of kernel boot. This prevents panic with new microcode for some new AMD EPYCs, that requires certain patchlevel of microcode to be already present in the CPU. If BSP patching failed, we print the message and we don't try to patch APs. This has been tested only on AMD booted in EFI mode. Reviewed by: stas, kib Differential Revision: https://reviews.freebsd.org/D52643
Add initial USB4 code written by Scott Long and originally passed on to HPS (source: https://github.com/hselasky/usb4), minus the ICM code and with some small fixes. For context, older TB chips implemented the connection manager in firmware (ICM) instead of in the OS (HCM), but maintaining the ICM code would be a huge burden for not many chips. Mostly completed work: - Debug/trace framework. - NHI controller driver. - PCIe bridge driver. - Router and config space layer handling (just reading in this commit). Link to the email where Scott shared details about the initial USB4 work: https://lists.freebsd.org/archives/freebsd-hackers/2024-July/003411.html Glanced at by: emaste, imp Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D49450 Event: EuroBSDcon 2025
Keep the hwassist flags for transmit checksum offload and transmit segment offload in sync with the enabled capabilities. Reported by: Timo Völker Reviewed by: Timo Völker MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D52765
virtual_oss: Port to base This patch diverges quite a bit from the current upstream [1] in a few ways: 1. virtual_oss(8), virtual_bt_speaker(8) and virtual_oss_cmd(8) are actually separate programs. 2. Backends (lib/virtual_oss) are built as separate shared libraries and we dlopen() them in virtual_oss(8) and virtual_bt_speaker(8) on demand. 3. virtual_equalizer(8) and the sndio and bluetooth backends are built as ports, because they depend on third-party libraries. 4. Use newer libav API in bluetooth backend (see HAVE_LIBAV ifdefs) to address compiler errors. [1] https://github.com/freebsd/virtual_oss Sponsored by: The FreeBSD Foundation MFC after: 1 week Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D52308
virtual_bt_speaker(8): Fix aarch64 build Reported by: fuz, otis Fixes: https://cgit.freebsd.org/src/commit/?id=9cab9fde5eda ("virtual_oss: Port to base") Sponsored by: The FreeBSD Foundation
cxgbe(4): Rename lport to hw_port. No functional change intended. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): Use hw_port and tx_chan correctly all over the driver The port's tx channel and its hardware index are different things that happen to have the same value on NICs using T4 through T6. This is going to change so use the correct spelling all over the driver. Specifically, the firmware expects the hw port index in all of these: * PCIe channel for queues * TX interface for TX CPLs * PORTID in FW_PORT commands * PORTID in t4_alloc_vi * flowid in all the firmware flowc WRs * mbox commands that deal with the tx scheduler Also, create a port_id lookup table for hw_port, just like the one for tx_chan. Use it to lookup the port softc in the port_info handler. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): hw/fw headers and shared code for the Terminator 7 ASIC This is the first of a series of commits that will add T7 support to cxgbe. The ASIC is gen5x16 on the PCIe side and has a 400Gbps MAC on the Ethernet side. NICs using the T7 will come in the following variants: * 1 x 400Gbps with QSFP-DD connector * 2 x 200/100/40Gbps with QSFP56/QSFP28/QSFP+ connectors * 4 x 50/25/10/1Gbps with SFP28/SFP+/SFP connectors There are 8 general purpose ARM A72 cores available on select SmartNIC/DPU boards. Obtained from: Chelsio Communications MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): Claim T7 based devices The nexus/ifnet names are chnex/che respectively. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): Add T7 support to routines that deal with memory windows MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): Update meminfo for T7 There are new regions in the T7 and internal addresses are not limited to 32b. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): Support for displaying T7 MPS TCAM entries MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): Include T7 PMRX cache stats in the sysctl that shows PM stats MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): T7's SGE context has 4 more bytes MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): Congestion manager context settings for T7 MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): Recognize the new capabilities reported by T7 firmwares MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): T7 LB mode support This is the new mode where multiple internal channels are used to service 1 port. LB = Load Balancing. * Ask for tx_tpchmap from the firmware and update sc->chan_map. * Statistics for a port should include all its channels. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): Updates for T7 CIM multicore operation T7 has a multicore microprocessor and each core has its own queue configuration, inbound/outbound queues, and logic analyzer. A work request involving a tid can only be handled on queues where (tid & tid_qid_sel_mask) == (eq->cntxt_id & tid_qid_sel_mask). MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): Update the filtering code for T7 There are new fields available and the width of the optional part has changed. This affects the ntuples used by TOE/filters/hashfilters. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): T7 TCB CPLs have queue and channel in different location MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): T7 ULPTX supports larger data length with MEMIO commands MFC after: 3 days Sponsored by: Chelsio Communications
These are the filters that can be used to sniff wire traffic after all hw offloads. MFC after: 3 days Sponsored by: Chelsio Communications
This enables the 2x200/100/40Gbps and 4x50/25/10/1Gbps boards. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe: Refactor find_offload_adapter and move to t4_tom from cxgbei This allows it to be used for other offload drivers. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe: Move send_iscsi_flowc_wr to t4_tom.ko Rename the function to send_txdataplen_max_flowc_wr to match the parameter it sets. This function will be reused by other ULP modules. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe: Move the STAG and PBL memory pool arenas to the base driver Both RDMA (iw_cxgbe) and NVMe offloads use TPT table entries to map transaction tags in incoming PDUs to buffers in host memory permitting direct placement of received data into host memory buffers avoiding copies (iSCSI offload uses a different scheme for mapping tags to host memory). Move the vmem arenas for the supporting card memory regions from iw_cxgbe to the main driver so they can be shared with the NVMe offload driver. In addition, add some helper routines for constructing work requests to update TPT table entries. MFC after: 3 days Sponsored by: Chelsio Communications
- Use expanded channel ID fields (2 bits vs 1 bits), even on T6 as on T6 the extra bits were previously reserved and the channel IDs should only be 0 or 1 on T6. - Set CMDMORE in ULP_TX_PKT on T7. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe: Support for NIC KTLS transmit on T7 adapters. Unlike NIC KTLS support on T6, T7 is able to reuse the existing TSO functionality directly, including trimming the output of the crypto engine before it is passed on to TSO. This is much simpler and does not require the use of bypass pseudo-connections in the TOE engine. Among other things this permits arbitrary TCP options (including the full range of possible TCP timestamp values) while also avoiding various edge cases where parts of a requested TCP packet could not always be transmitted (e.g. partial trailers). This implementation also permits NIC KTLS to be used in parallel with TOE. This version does not yet support connections over a VF (specifically the ktls_tunnel_packet function needs to handle the VF work request), nor does it support VxLAN offload. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe: Support for TLS 1.3 in key contexts. For TLS 1.3 the 4 byte salt field has been extended to hold the 12 byte nonce. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe: Extend NIC TLS to support TLS 1.3. One unusual quirk is that the crypto engine requires the driver to provide an 8 byte placeholder as input before the AAD that is replaced with the middle 8 bytes of the nonce generated from the sequence number and key context. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe TOE TLS: Better support for partial records for T7. T7 is able to start TOE TLS receive offload more cleanly if a partial TLS record containing a full header and at least one other byte has been received. In that case it is able to request the remaining bytes for the current TLS record from the NIC. Once those bytes has been received TLS receive offload can then be received starting with the subsequent record. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe TOE TLS: Support for TLS 1.3 for transmit. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe TOE TLS: Support for TLS 1.3 for receive MFC after: 3 days Sponsored by: Chelsio Communications
Unlike mp_ring_enqueue, this function is meant to be called from within a drain routine to enqueue more packets to the queue currently being drained. To avoid recursion, it only enqueues additional items without becoming a consumer. MFC after: 3 days Sponsored by: Chelsio Communications
Currently this CPL is only used to handle replies from lookaside crypto requests submitted by ccr(4). However, in the future this request will be returned for other requests. Use the low bit in the cookie field as a way to identify replies to ccr(4) vs other use cases. This should be safe as 'struct cryptop' pointers should be word-aligned. MFC after: 3 days Sponsored by: Chelsio Communications
T7's crypto co-processor adds a new partial GCM mode. This permits an AES-GCM operation to be split into multiple requests. After each request, the partial GHASH state is returned to the host and must be included in the subsequent request to continue the GHASH computation. Make use of this when sending a TLS record that spans multiple TCP "request" (where a request can use TSO to span multiple segments). This permits computing the final GHASH value across multiple requests without having to re-send the entire TLS record for the final request. To ensure that intermediate GHASH results are available when needed, mbuf chains are queued in the TLS pcb and only dispatched one at a time to the NIC TXQ. Packets which do not request a GHASH result queue the next mbuf from the connection as soon as they are written into the TXQ. Packets which do request a GHASH result queue the next mbuf after the the GHASH result is returned by a message on a NIC RXQ. Note that partial GCM mode is only used for the in-order data at the "tip" of a connection and not for retransmits of earlier data. Retransmits will not request a GHASH result so will enqueue the next mbuf from the connection to the NIC TXQ after being written. Partial GCM mode is also not TLS-aware and only supports "plain" AES-GCM. Thus, TLS AAD must be explicitly constructed and sent as part of the work request in the TXQ at the start of each TLS record. However, by avoiding the need to retransmit the entire TLS record's contents for the last mbuf spanning a TLS record, the overall amount of "wasted" DMA is reduced by a factor of about 30. MFC after: 3 days Sponsored by: Chelsio Communications
Implement bus_setup_intr and bus_teardown_intr as bus_generic_setup_intr and bus_generic_teardown_intr respectively for GPIO drivers that support interrupts. This allows children to setup interrupts. Reported by: Evgenii Ivanov <devivanov@proton.me> Reviewed by: imp MFC after: 1 day Differential Revision: https://reviews.freebsd.org/D52197
snd_hda: Implement automatic redirection between associations For audio to be redirected to the headphones/headset after plugging the jack, or back to the speaker/internal mic when unplugging it, the speaker and headphone pins need to be part of the same association (i.e., the same PCM device). This patch makes it possible to redirect audio even between different associations, which can reduce the need for manual pin patching. The idea is that we issue a devctl_notify() from within the jack detection callback whenever a jack is (un-)plugged to redirect audio to the appropriate device. Then the snd.conf devd script is responsible for using virtual_oss to change the playback/recording device to whatever snd_hda(4) selected. The reason for requiring virtual_oss is that it has hot-swapping support, which is necessary for jack redirection. Sponsored by: The FreeBSD Foundation MFC after: 2 days Differential Revision: https://reviews.freebsd.org/D50070
gpioc: allocate priv->events with the correct size MFC after: 1 day
gpioc: fix race in ioctl(GPIOCONFIGEVENTS) A race can occur in gpioc_ioctl when it is called with GPIOCONFIGEVENTS closely followed by GPIOSETCONFIG. GPIOSETCONFIG can alter the priv->pins list, making it no longer empty and opening the door for access to priv->events while we are reallocating it. Fix this by holding priv->mtx while handling GPIOCONFIGEVENTS. Reported by: Qiu-ji Chen PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289120 Reviewed by: mmel MFC after: 1 day Differential Revision: https://reviews.freebsd.org/D52783
gpioc: allocate new fifo size This slipped through after I resolved some merge conflicts. Fixes: https://cgit.freebsd.org/src/commit/?id=d000adfe MFC after: 1 day
This is the most contended lock type during the first hour of -j 104 poudriere. Drops significantly with the change. Note there are suspicous acquires which most likely don't need to happen, artificially exacerbating tehe problem..
Hardware TCP LRO results in problems in settings with IP forwarding being enabled. In case of nodes without IP forwarding, using software LRO is also beneficial in general, since it can provide better information about what was received on the wire. Therefore, disable hardware TCP LRO by default. By tuning the loader tunable, this can be changed. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263229 Reviewed by: Timo Völker MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D52684
Network-related commands, library, and kernel.
and fix assigning IP addresses to the gif(4) interface when it is a member of a if_bridge(4) interface. When setting the sysctl net.link.bridge.member_ifaddrs to 1, if_bridge(4) can eliminate unnecessary walk of the member list to determine whether the inbound unicast packets are for us or not. Well when a gif(4) interface is member of a if_bridge(4) interface, it acts as the tunnel endpoint to tunnel Ethernet frames over IP network, aka the EtherIP protocol, so the IP addresses configured on it are independent of the if_bridge(4) interface or other if_bridge(4) members, hence the sysctl net.link.bridge.member_ifaddrs should not have any influnce over gif(4) interfaces's behavior of assigning IP addresses. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=227450 Reported by: Siva Mahadevan <me@svmhdvn.name> Reviewed by: ivy, #bridge MFC after: 1 week Fixes: https://cgit.freebsd.org/src/commit/?id=0a1294f6c610 bridge: allow IP addresses on members to be disabled Differential Revision: https://reviews.freebsd.org/D52200
Fixes: https://cgit.freebsd.org/src/commit/?id=e1751ef896119d7372035b1b60f18a6342bd0e3b Reviewed by: tuexen, kp, markj Differential Revision: https://reviews.freebsd.org/D52170
Make it bool. Reword the comment, add note that mbuf is always consumed. In case tunnel consumed the mbuf, don't INP_RUNLOCK(), behave just like all the other normal exits from the function. Reviewed by: tuexen, kp, markj Differential Revision: https://reviews.freebsd.org/D52171
Also move num initialization for clarity. We still need to check num in ng_unparse_composite (reported by des@ in D52151) but this is another incremental improvement in netgraph input validation. Reviewed by: des PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267334 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52151
Only compute wscale when it is actually used. While there, change the type of wscale to u_int as suggested by glebius. No functional change intended. Reviewed by: glebius, rscheff (older version) MFC after: 1 week Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D52296
Put SYN-cookie related counters in its own container and use consistent indentation for them. Reviewed by: glebius MFC after: 1 week Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D52227
Use '% IEEE80211_SEQ_RANGE' to limit the sequence numbers being stored and retrieved to 0..4095 inclusive. Differential Revision: https://reviews.freebsd.org/D52302 Reviewed by: bz
These fields all need to be explicitly initialized with zeroes. Prior to the conversion to C++ these fields were zeroed by calloc(). This worked for me in earlier testing as my test boxes had MALLOC_PRODUCTION enabled in make.conf. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289115 Reported by: Slawa Olhovchenkov <slw zxy.spb.ru> Fixes: https://cgit.freebsd.org/src/commit/?id=eb0dc901a541 ("ctld: Convert struct auth_group to a C++ class") Fixes: https://cgit.freebsd.org/src/commit/?id=6acc7afa34aa ("ctld: Convert struct port to a hierarchy of C++ classes") Fixes: https://cgit.freebsd.org/src/commit/?id=2bb9180bb5d0 ("ctld: Convert struct target to a C++ class") Fixes: https://cgit.freebsd.org/src/commit/?id=ed076901ec80 ("ctld: Convert struct ctld_connection to a C++ class") Sponsored by: Chelsio Communications
internal representation of icmp type/code in pfctl(8)/pf(4) does not
fit into u_int8_t. Issue has been noticed and kindly reported by
amalinin _at_ bh0.amt.ru via bugs@.
OK bluhm@
Obtained from: OpenBSD, sashan <sashan@openbsd.org>, 1fdb608f55
Sponsored by: Rubicon Communications, LLC ("Netgate")
Issue found and kindly reported by Luca Di Gregorio <lucdig _at_ gmail>
OK bluhm@
Obtained from: OpenBSD, sashan <sashan@openbsd.org>, 58feb3ffc6
Sponsored by: Rubicon Communications, LLC ("Netgate")
Currently used M_TEMP and M_IFADDR types are unreasonable for that purpose.
This dedicated statistics simplify the future pf(4) unlocking work by decreasing
search area of possible memory leaks.
ok bluhm sashan
FreeBSD note: The unlocking work has already been done in FreeBSD, but it's
still useful to have all pf malloc() allocations be accounted to pf, not the
generic 'temp' bucket.
Obtained from: OpenBSD, mvs <mvs@openbsd.org>, 062cda8b8d
Sponsored by: Rubicon Communications, LLC ("Netgate")
We never actually use action or reason in pf_state_key_addr_setup(), so just
pass NULL to pf_pull_hdr().
No functional change.
Sponsored by: Rubicon Communications, LLC ("Netgate")
must initialize ttl field in pf_pdesc structure for inner packet.
feedback from bluhm@
OK bluhm@
Obtained from: OpenBSD, sashan <sashan@openbsd.org>, 0d48c46cfe
Sponsored by: Rubicon Communications, LLC ("Netgate")
pf: fix memory leak in legacy getstate calls
If we fail to copy the data out we didn't free the temporary allocation.
Sponsored by: Rubicon Communications, LLC ("Netgate")
pf: free struct pf_krule_global with pf_rule_tree_free()
Sponsored by: Rubicon Communications, LLC ("Netgate")
pf: fix struct pf_krule_global leak
Make sure we free all of the trees we allocated when we free the ruleset.
Found by 'kldunload pf' after a test run, now that the allocation is done from a
pf-specific malloc type.
Sponsored by: Rubicon Communications, LLC ("Netgate")
pf: Always skip outbound filtering for inbound af-to rules The af-to rules on inbound direction create a single state spanning both the inbound and the outbound interface. Calling pf_test() for the outbound direction in pf_route() makes the packet pass through state search, match the existing state, never evaluate the ruleset, and increase state counters. Check that the state comes from an af-to rule in inbound direction, and if yes, skip outbound testing. Reviewed by: kp Sponsored by: InnoGames GmbH Differential Revision: https://reviews.freebsd.org/D52446
pf: Fix rule and state counters Increasing counters on "match" rules causes the 1st packet making a connection to be double-counted, but only for rule counters, not rules' tables, because those are not increased at all during rule parsing. Remove "match" rule counter handling during rule parsing, do it only in pf_counters_inc(). NAT can be performed either by "nat" rules in the NAT ruleset or by "match" rules. Rules before the NAT rule, and the NAT rule itself match on pre-NAT addresses, and later rules match on post-NAT addresses. When increasing counters go over rules in the same order as a packet would and use source and destination addresses for updating table counters from appropriate state key, taking into consideration on which rule NAT happens. Use AF from state key, so that table counters can be properly updated for af-to rules. Synchronize match rule updating behaviour to that of OpenBSD: if rules match, but state is not created, don't update counters. Reviewed by: kp Sponsored by: InnoGames GmbH Differential Revision: https://reviews.freebsd.org/D52447
pf: Fix interface counters for af-to rules An inbound af-to rule creates a state bypassing outbound pf_test(). In such case increase counters of the outbound interface directly in pf_route() for post-af-to address family. For outbound af-to rules ensure that post-af-to address family is used to increase interface counters. Reviewed by: kp Sponsored by: InnoGames GmbH Differential Revision: https://reviews.freebsd.org/D52448
The link-level address and the mbuf shall not overlap. Prefer memcmp() over bcmp() for slight performance gain. No functional change intended. Reviewed by: glebius MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D52345
While diagnosing PR 279653 and PR 285129, I observed that thread may write to freed memory but the system does not crash. This hides the real problem. A clear NULL pointer derefence is much better than writing to freed memory. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279653 PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=285129 Reviewed by: glebius MFC after: 3 weeks Differential Revision: https://reviews.freebsd.org/D49444
When doing NAT64, not only map the packet, but also map the csum_flags in the mbuf header. This fixes NAT64 when pf is used in combination with transmit checksum offloading. Reviewed by: kp, tuexen MFC after: 1 week
Add capabilities RXCSUM and RXCSUM6 as well as TXCSUM and TXCSUM6 for for receive and transmit checksum offloading for TCP and UDP to the epair interface and enable them by default. RXCSUM and RXCSUM6 are enabled because an epair interface may receive a packet with the csum_flag CSUM_DATA_VALID set, which is expected only if these capabilities are enabled. Since it seems not helpful to remove this flag, it is not possible to disable these capabilities. TXCSUM and TXCSUM6 are synchronized between the two epair interface ends. If enabled/disabled on one end, it will be enabled/disabled on the other end. If the sending epair interface end has TXCSUM or TXCSUM6 enabled and the receiving end is in a bridge, it is assumed that all interfaces in the bridge have that capability enabled. Otherwise the bridge would have disabled that capability on the receiving epair interface end in the bridge which would have disabled that capability on the sending epair interface end as well due to the synchronization. This change was committed and reverted earlier, since several pf tests were failing. This has been addressed. Reviewed by: bcr, Seyed Pouria Mousavizadeh Tehrani, tuexen MFC after: 4 weeks Differential Revision: https://reviews.freebsd.org/D51639
When adding an interface with an IP address to a bridge, or assigning an IP address to an interface which is in a bridge, and member_ifaddrs=1, print a warning so users are informed this is deprecated. Also add "(deprecated)" to the sysctl description. MFC after: 9 hours Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D52335
We aren't ready to release with this set to 0: there's no solution for running DHCP on a bridge from a devd hook, there are missing edge cases like network boot with the boot interface in a bridge, and third-party tools (e.g., vm-bhyve) still direct users to use the incorrect configuration and/or don't support the correct configuration. Based on popular vote, we'll set this back to 0 in both main and for stable/15. MFC after: 9 hours Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D52336
Depricate the support for the old RFC3517 behavior of SACK loss recovery, and simplfy the code to always adhere to RFC6675. Reviewed By: tuexen, cc, #transport Sponsored by: NetApp, Inc. Differential Revision: https://reviews.freebsd.org/D52383
When building with DDB support, the inclusion of in_kdtrace.h is needed. Make this explicit and don't rely on tcp_var.h to do this. This is required for stable/14. Fixes: https://cgit.freebsd.org/src/commit/?id=a62c6b0de48a ("ddb: add optional printing of BBLog entries") MFC after: immediately Sponsored by: Netflix, Inc.
Ensure that we always populate pcksum, not just for TCP/UDP/SCTP/ICMP.
We may end up using it (through pf_change_ap()) if we're doing NAT, so
ensure it's available even if it's sometimes just a dummy variable.
Reported-by: syzbot+3e73a7cba8cb6cd46f90@syzkaller.appspotmail.com
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
in6_ifadd() asserts that an interface has an existing LL address with a /64
prefix from which to extract the ifid for SLAAC address selection (even though
the comments suggest that an ifid will be generated if one does not exist). This
is adequate for most generic cases, however to support PPP links with /128 LL
addresses we must be able to fall back on another source for the ifid since we
cannot assume the /128 LL has a unique ifid in the lower 64 bits.
To do this, the static function get_ifid() in in6_ifattach.c is renamed to
non-static in6_get_ifid(), and this is used in lieu of a proper /64 LL address
to attempt to obtain a valid ifid.
Reviewed by kp
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D51778
The commit in Fixes: introduced logging the output bits from ieee80211_vht_get_vhtflags(). This ends up causing quite a lot of logging when net80211 is doing things like processing received beacons. So just remove the logging; if it's needed again then a developer can add it back to that location, or just use dtrace to capture the return value. Fixes: https://cgit.freebsd.org/src/commit/?id=4bf049bfeefd9 Differential Revision: https://reviews.freebsd.org/D52142 Reviewed by: bz
net80211 has various places where null data / null qos data frames are sent. However plenty of NICs shouldn't be sending them from net80211 and it may even upset their 802.11n window / sequence number tracking. So add support here. Differential Revision: https://reviews.freebsd.org/D52297 Reviewed by: bz
The legacy code handling -j in display() was causing xo_finish() to be skipped. It has also been causing a memory leak since 0726c6574f8 (sockstat: Add automatic column sizing and remove -w option) Fixes: https://cgit.freebsd.org/src/commit/?id=7b35b4d1963 (sockstat: add libxo support) MFC after: 1 week Reported by: glebius Reviewed by: glebius Sponsored by: ConnectWise Pull Request: https://github.com/freebsd/freebsd-src/pull/1842
No functional change intended. MFC after: 3 days Sponsored by: Netflix, Inc.
pf_pull_hdr() allows to pass an action pointer parameter as output
value. This is never used, all callers pass a NULL argument. Remove
ACTION_SET() entirely.
The logic (fragoff >= len) in pf_pull_hdr() does not work since
revision 1.4. Before it was used to drop short TCP or UDP fragments
that contained only part of the header. Current code in pf_pull_hdr()
drops the packets anyway, so always set reason PFRES_FRAG.
OK kn@ sashan@
Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, 46650f23db
Sponsored by: Rubicon Communications, LLC ("Netgate")
Update to current convention of using fcntl.h O_* flags instead of vnode.h IO_* ones, as explained in sys/fs/devfs/devfs_vnops.c. Signed-off-by: Quentin Thébault <quentin.thebault@defenso.fr> Reviewed by: imp, jhb Pull Request: https://github.com/freebsd/freebsd-src/pull/1827
Return success when FIONBIO or FIOASYNC ioctl are received in order to support being set to non-blocking through fcntl(2). We return an error on FIOASYNC with non-zero data argument since we do not support O_ASYNC. Signed-off-by: Quentin Thébault <quentin.thebault@defenso.fr> Reviewed by: imp, jhb Pull Request: https://github.com/freebsd/freebsd-src/pull/1827
Outbound VLAN filtering wasn't being done for host-originated frames, because bridge_output was missing a call to bridge_vfilter_out, like in bridge_forward and bridge_broadcast. Rather than adding another call, move the filtering to bridge_enqueue, which ensures all frames will be filtered. This slightly changes the observable behaviour since we now do pfil before vlan filtering, but that's probably closer to what users expect anyway. MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52380
Framgent count and statistics are stored in struct pf_status. From
there pfctl(8) and systat(1) collect and show them. Note that pfctl
-s info needs the -v switch to show fragments.
input claudio@; OK henning@
Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, 19e99d0613
Sponsored by: Rubicon Communications, LLC ("Netgate")
Obtained from: OpenBSD, jsg <jsg@openbsd.org>, 7ac7a88014
Sponsored by: Rubicon Communications, LLC ("Netgate")
ng_hci: Cast NG_HCI_BDADDR_ANY to const bdaddr_t * This is needed to address some compiler errors cleanly, where consumer functions want this address to be a const pointer. Sponsored by: The FreeBSD Foundation MFC after: 3 days Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D52310
ng_btsocket_rfcomm: Mark a couple buffers as const in a helper function Fixes: https://cgit.freebsd.org/src/commit/?id=680f9acc3657 ("ng_hci: Cast NG_HCI_BDADDR_ANY to const bdaddr_t *")
This adds support for obtaining timestamps from IPv6 packets using the SO_BINTIME socket option, bringing it in parity with IPv4 behavior. Enable testing the SO_BINTIME option in the relevant (manual) regression test. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289423 Reviewed by: markj MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D52504
In case we use OVPN_CIPHER_ALG_NONE, the memcpy will attempt to copy 0 bytes from an uninitialized pointer. While the memcpy() implementation will treat this as a no-op and not actually dereferece the undefined variable it is still undefined behaviour to the compiler and should be fixed. Found by building with clang HEAD Reviewed by: kp MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52543
Previously, the macros used '>' instead of '>=' when comparing elapsed time against the preferred and valid lifetimes. This caused any deprecated address to become usable again for one extra second after receiving each Router Advertisement. In that short window, the address could be selected as a source for outgoing connections. Update the checks to use '>=' so that addresses are deprecated or invalid when their lifetime expires. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289177 Reported by: Dmitry Nexus <fbsd.4f6a at nexus tel> Reviewed by: zlei Submitted by: Marek Zarychta MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52323
so that we do not discard EtherIP packets ( over IPv6 network ) when net.inet6.ip6.fw.deny_unknown_exthdrs is set to 1 ( which is the default value ). PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=227450 Reviewed by: ae, #network MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52566
This requires passing the reason pointer down into pf_build_tcp().
ok bluhm@
Obtained from: OpenBSD, sf <sf@openbsd.org>, 03c532ca70
Sponsored by: Rubicon Communications, LLC ("Netgate")
TCP reset packets are generated for the sequence numbers that have
been acknowledged. Our pf(4) is quite strict regarding sequence
numbers of reset packets to avoid evil connection drops. It expected
exact match and did not allow a sequence window for resets. As pf
tracks neither gaps in the sequence space nor the acknowledged data,
it does not know where exactly the reset is expected by the TCP
stack.
Problem was that legit reset packets before a gap but not at the
highest sequence numbers were blocked by pf. Solution is to fix
pf_tcp_track_full(). Now it allows sequence number windows if the
packet has ACK+RST flags set and the acknowlege number matches
perfectly. This still prevents reset number guessing by an attacker.
Curiously the TCP stack behaves correctly and accepts only resets
before the gap. pf only allowed resets after the final data. So
any reset was ignored by the system. When the other side processed
the challenge ACK, the situation could be fixed.
bug reported and fix tested by Lucas Aubard with Johan Mazel, Gilles
Guette and Pierre Chifflier; OK sashan@
Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, 12e4c257ea
Sponsored by: Rubicon Communications, LLC ("Netgate")
The previous pf_krule_global leak fix was a bit too aggressive and cleaned up the inactive tree pointer before we needed it to preserve counters. Only clean up anchors that are entirely unused. Clean up pf_main_ruleset on pf shutdown. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289299 MFC after: 1 week Fixes: https://cgit.freebsd.org/src/commit/?id=275ff85b25 ("pf: fix struct pf_krule_global leak") Sponsored by: Rubicon Communications, LLC ("Netgate")
Implement RFC 7217 (A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration (SLAAC)) in our IPv6 stack. A new ifconfig `stableaddr` flag is added to enable the feature on interfaces, which defaults to on or off for new interfaces based on the sysctl `net.inet6.ip6.use_stableaddr` (off by default, so this commit causes no change in behavior with default settings). The algorithm follows the RFC in its logic, using SHA256-HMAC as the algorithm to derive addresses so as to provide code that can be leveraged by future implentations of RFC 8981, leveraging the `hostuuid` as the secret. The source of the hostidentifier can be configured using the sysctl `net.inet6.ip6.stableaddr_netifsource`, while the number of retries generating a new address in case of collision can be configured using the `net.inet6.ip6.stableaddr_maxretries` sysctl (default 3). Documentation about all these flags is added to the ifconfig(8) man page. Reviewed by: cognet, glebius, hrs Tested by: zarychtam@plan-b.pwste.edu.pl Approved by: cognet, glebius Relnotes: yes Differential Revision: https://reviews.freebsd.org/D49681
commit 31ec8b6407fdd5a87d70265762457c67ce618283 added a `dad_failures` variable to `struct nd_ifinfo`, which broke the netowrking ABI. This commit fixes it by moving such variable to `struct in6_ifextra` which is not a public interface, while `struct nd_ifinfo` is back in its original state. Thanks to kib, markj and glebious for their help and suggestions in solving this problem. Reported by: "Herbert J. Skuhra" <herbert@gojira.at> Tested by: "Herbert J. Skuhra" <herbert@gojira.at> Approved by: glebius Fixes: https://cgit.freebsd.org/src/commit/?id=31ec8b6407fdd5a87d70265762457c67ce618283
States created by inbound af-to rules bypass outbound filtering and span both the inbound and outbound interfaces. When the first packet for such rule creates a state, this state has st->orig_kif set the original inbound interface and kif set to V_pfi_all. When the outbound interface is eventually known st->kif is updated to that interface. When not using route-to, the outbound route and its interface are determined for the new address family and st->kif is set to that interface. However when using route-to, ifp is explicitely given and the code for updating st->kif is not run for the first packet. When the returning packet matches the state, the code is run but updates st->kif to the original inbound interface, which is now the outbound interface. The state ends up with st->kif == st->orig_kif and won't forward any more returning packets. There is another block of code performing such update, but only for reply-to. Perform the update of st->kif in a single place no matter if ifp was explicitely given or found by routing lookup. For checks using pings check if really all pings have been replied to, because a single reply is enough to have ping exit with a successful exit code. Reviewed by: kp Sponsored by: InnoGames GmbH Differential Revision: https://reviews.freebsd.org/D52445
A new version of pfsync packet is introduced: 1500. This version solves the issues with data alignment introduced in version 1400 and adds syncing of information needed to sync states created by rules with af-to (original interface, af and proto separate for wire and stack keys), of rt_af needed for prefer-ipv6-nexthop, and of tag names. Reviewed by: kp Sponsored by: InnoGames GmbH Differential Revision: https://reviews.freebsd.org/D52176
Take endpoint parameters into account when available. Fixes: https://cgit.freebsd.org/src/commit/?id=463b5aed0d62 ("tcp: retire rstreason") MFC after: 3 days Sponsored by: Netflix, Inc.
Remove a check which is also done in tcp_lro_rx_common(). Reviewed by: gallatin MFC after: 3 days Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D52683
A jailed process, `sysctl -j foo` or `jexec foo sysctl`, do not have privilege to write to non-vnet sysctls but only to those marked as jail writable, aka sysctls those marked with CTLFLAG_VNET flag. Without this change we will get EPERM when trying to expire and purge hostcache entries of vnet jails via the net.inet.tcp.hostcache.purgenow sysctl. Fix that by adding a CTLFLAG_VNET flag. Reviewed by: tuexen, #transport, #network Fixes: https://cgit.freebsd.org/src/commit/?id=264563806496 Add a new sysctl net.inet.tcp.hostcache.purgenow=1 to expire ... MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D52692
The two sysctls net.inet.tcp.hostcache.list and net.inet.tcp.hostcache.histo are readonly and are to operate hostcache of vnet jails. Add CTLFLAG_VNET flag to them since they are per-vnet sysctls. This change does not have any impact on reading the two sysctls, but `sysctl -ANV net.inet.tcp.hostcache` will report them correctly. Reviewed by: tuexen, #transport, #network MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D52693
It's possible for interface groups to not have had a pfi_kkif assigned to
them, so before we pass that pointer to pfi_kkif_update() we must check if it's
actually set.
We've seen panics such as this, where we get an address update for an interface
that belongs to a group without associated pfi_kkif:
Tracing pid 12 tid 100034 td 0xfffff80100d2a000
kdb_enter() at kdb_enter+0x33/frame 0xfffffe0067eed340
panic() at panic+0x43/frame 0xfffffe0067eed3a0
trap_pfault() at trap_pfault+0x3c9/frame 0xfffffe0067eed3f0
calltrap() at calltrap+0x8/frame 0xfffffe0067eed3f0
--- trap 0xc, rip = 0xffffffff8102ebd5, rsp = 0xfffffe0067eed4c0, rbp = 0xfffffe0067eed500 ---
pfi_kkif_update() at pfi_kkif_update+0x15/frame 0xfffffe0067eed500
pfi_kkif_update() at pfi_kkif_update+0x1fc/frame 0xfffffe0067eed550
pfi_ifaddr_event() at pfi_ifaddr_event+0x82/frame 0xfffffe0067eed5a0
srcaddr_change_event() at srcaddr_change_event+0xa7/frame 0xfffffe0067eed610
in6_update_ifa() at in6_update_ifa+0xd52/frame 0xfffffe0067eed790
in6_ifadd() at in6_ifadd+0x29a/frame 0xfffffe0067eed8b0
nd6_ra_input() at nd6_ra_input+0xf65/frame 0xfffffe0067eeda90
icmp6_input() at icmp6_input+0x3c8/frame 0xfffffe0067eedc10
ip6_input() at ip6_input+0xa15/frame 0xfffffe0067eedcf0
sppp_input() at sppp_input+0x502/frame 0xfffffe0067eedd80
pppoe_data_input() at pppoe_data_input+0x1e7/frame 0xfffffe0067eeddf0
swi_net() at swi_net+0x128/frame 0xfffffe0067eede60
ithread_loop() at ithread_loop+0x239/frame 0xfffffe0067eedef0
fork_exit() at fork_exit+0x7b/frame 0xfffffe0067eedf30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0067eedf30
Note that pf doesn't assign pfi_kkif objects to groups created before pf has
fully started (see V_pf_vnet_active check in pfi_attach_group_event()), which is
one possible way for this to happen.
Reported by: garga
Sponsored by: Rubicon Communications, LLC ("Netgate")
When we're NAT-ing give dummynet (via its struct ip_fw_args) the pre-NAT source and destination addresses. That's what we used to do, but that got unintentionally changed during the nat64 work. The pre-NAT addresses make somewhat more sense, in that it enables limiting based on specific LAN clients. See also: https://redmine.pfsense.org/issues/15770 Sponsored by: Rubicon Communications, LLC ("Netgate")
Stop incrementing m_data so the callee can read the mbuf. MFC after: 3 days Reviewed by: glebius Differential Revision: https://reviews.freebsd.org/D52702
Add support for one shot rules that remove themselves from an active
ruleset after match.
This is an extremely handy technique for firewall proxies.
ok henning, mcbride
Note that the FreeBSD implementation differs significantly from the OpenBSD
version due to locking differences. We do not remove the rule, but mark it as
having fired previously so we can skip it.
Obtained from: OpenBSD, mikeb <mikeb@openbsd.org>, c981122504
Obtained from: OpenBSD, sashan <sashan@openbsd.org>, a21b78cad0 (partial)
Sponsored by: Rubicon Communications, LLC ("Netgate")
Obtained from: OpenBSD, sashan <sashan@openbsd.org>, 8cf23eed7f
Sponsored by: Rubicon Communications, LLC ("Netgate")
let packet to mark 'once' rule as expired. The rule
will be removed by pfctl(8) when rules are updated.
OK kn@
Obtained from: OpenBSD, sashan <sashan@openbsd.org>, a21b78cad0
Obtained from: OpenBSD, jmc <jmc@openbsd.org>, 588f4160c8
Sponsored by: Rubicon Communications, LLC ("Netgate")
time_t has a different size on different platforms (i.e. 32-bit on i386, 64-bit
on others). Rather than always exporting it as 64-bits use the platform-native
size.
This means we can safely write directly into a time_t variable, which we can't
do on i386 eif we export 64 bits.
Sponsored by: Rubicon Communications, LLC ("Netgate")
memcpy should copy to the current mbuf, otherwise we're copying to the first mbuf in the chain over and over. Reported by: kevans Reviewed by: glebius MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D52713
Refactor tcp_send_challenge_ack() such that the logic checking whether a challenge ACK is sent or not is available in the separate function tcp_challenge_ack_check(). This new function will also be used for sending challenge ACKs in the SYN-cache code, which will be added in upcoming commits. No functional change intended. Reviewed by: cc, Nick Banks, Peter Lei MFC after: 3 days Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D52717
Otherwise builds warn about them being unused.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Use NetBSD probe locations for consistency. We have submitted all improved or missing probes, keeping them synchronized with NetBSD (our blocklist upstream) should simplify upgrades and maintenance, as the locations of these probes are a moving target, depending on upstream OpenSSH changes. Additionally, use BLACKLIST_AUTH_FAIL exclusively for now. At the time of this commit BLACKLIST_BAD_USER, is a no-op. However, it will change in a future upgrade. Also, enhance blacklist notification messages for better debugging by making them more descriptive. Reviewed by: emaste Approved by: emaste (mentor) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52749
This was previously deprecated and is slated for removal in 15.0. Users who still need ftpd(8) can install the ftp/freebsd-ftpd port. Retain the ftp(d) PAM services since other FTP daemons use them. Update /etc/inetd.conf to point to /usr/local. Add ftpd to ObsoleteFiles, but do not list configuration files since users may want to preserve these to use with the freebsd-ftpd port. There is still some language in the manual referring to ftpd(8) which is relevant to the port, which has been retained but updated to reference the port. MFC after: 3 days Relnotes: yes Reviewed by: cperciva Differential Revision: https://reviews.freebsd.org/D52739
All the status and statistics utilties in base are ending with "stat", the only exception is mailstats(8) but that's from sendmail. Reviewed by: imp, adrian MFC after: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52724
- Update related comments - Remove from tools/tools/net80211 Reviewed by: imp, adrian MFC after: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52726
When sending challenge ACKs from the SYN-cache, apply the same rate limiting as in other states. Reviewed by: cc, rrs MFC after: 3 days Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D52754
Stuff in man section 8 (other than networking).
Fix a redirect of stderr to stdout which is going to /dev/null. A '&' got missing in the original rewrite from the review that I took and committed. Seems no one had noticed during testing or review. People may have ended up with a "/1" file in their root file system. Fixes: https://cgit.freebsd.org/src/commit/?id=40652f86b5ef Reported by: Vladyslav Movchan (vladislav.movchan gmail.com) MFX after: 3 days X-MFC: squash
MFC after: 3 days Reviewed by: imp, manu Differential Revision: https://reviews.freebsd.org/D52311
- one duplcate entry: 0x664*|0x664*) -> 0x664*|0x665*) - one unneeded glob: 0x98e4*) -> 0x98e4) - 0x15e7|0x1636|0x1638|0x164c) half of these are green-sardine; split - a missing entry for skillfish2 : + 0x143f MFC after: 3 days Reviewed by: imp, manu Differential Revision: https://reviews.freebsd.org/D52312
The -c command-line option, which allowed setting a global compression method, is removed in favor of the <compress> directive in newsyslog.conf. The motivation of this change is to eliminate a source of potential confusion. Since newsyslog(8) is typically invoked by cron(8), having a command line option that can override it could cause inconsistent behavior (specifying in crontab would take precedence). Suggested by: karels Differential Revision: https://reviews.freebsd.org/D43466
A VM had no virtual terminals and emitted a warning on boot `eval: cannot open /dev/ttyv*: No such file or directory`. Break the loop in this case to avoid the warning. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289173 Reviewed by: jlduran Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52344
This fixes a few KNF issues and ugly line wrapping by using a local
version of nitems(); fix two bsearch() on top.
ok claudio
FreeBSD note: we already used nitems(), but now pick up the use of size_t over
unsigned int.
Obtained from: OpenBSD, tb <tb@openbsd.org>, 3d49904c6e
Sponsored by: Rubicon Communications, LLC ("Netgate")
Cyclades and digiboard drivers were removed in 2017 and 2016 respectively. There's no need for these anymore. Sponsored by: Netflix Reviewed by: kevans, emaste Differential Revision: https://reviews.freebsd.org/D52315
The dtrwait wait functionality was dropped in the TTY MPSAFE rewrite for FreeBSD 8. Remove referneces to it here. Also, the sysctl was renamed for drainwait, so use the new name. Given the 16 years between this event and somebody noticing, I strongly suspect this file can just be removed. Sponsored by: Netflix Reviewed by: kevans, emaste Differential Revision: https://reviews.freebsd.org/D52316
Nothing uses dtrwait anymore. This was elimianted with the tty mpsafe rewrite for FreeBSD 8. Only these zombie symbols and functionality remain. GC them. Add comcontrol to the list things to remove in 16.0. Sponsored by: Netflix Reviewed by: kevans, emaste Differential Revision: https://reviews.freebsd.org/D52317
Reviewed by: markj MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D52329
Similar to process descriptors, jail desriptors are allow jail administration using the file descriptor interface instead of JIDs. They come from and can be used by jail_set(2) and jail_get(2), and there are two new system calls, jail_attach_jd(2) and jail_remove_jd(2). Reviewed by: bz, brooks Relnotes: yes Differential Revision: https://reviews.freebsd.org/D43696
The Spleen 32x64 fonts cause some systems such as the AMD Framework 16 to boot extremely slowly. Adding screen.font="16x32" to /boot/loader.conf is a partial workaround, but text displayed before the boot menu still takes ~30 seconds to render on that laptop. With this change, the same text renders immediately. By leaving the font files in place but removing them from the INDEX, users who want to use them can still load them manually. Once pending work is committed to allow normal booting with these fonts, they can be added back to the INDEX. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289007 Reviewed by: emaste, kevans, tsoome, ziaee Fixes: https://cgit.freebsd.org/src/commit/?id=1ec2c8b2f364 (stand: Enable Spleen 32x64 font in the bootloader) Sponsored by: The FreeBSD Foundation
In base 8f0a6a9aadb1f, usr/share/examples/drivers was cleaned up, because it contained unmaintained scripts. The directory itself is cleaned up by ObsoleteFiles.inc, but there was still an entry in BSD.usr.dist that re-created the directory. Remove it. Fixes: https://cgit.freebsd.org/src/commit/?id=8f0a6a9aadb1 MFC after: 3 days
Current leap-seconds file has already expired on 28 June 2025 PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289352 Obtained from: https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.3960835200 MFC after: 3 days
error: 'static' is not at beginning of declaration [-Werror=old-style-declaration]
All datasets on zroot pool are compressed by default since FreeBSD 11.0 [1], no need to mention that on some specific datasets these days. [1] 47206692f2cca020891d1eec5028e02c3e6f56c5 Reviewed by: jrm (mentor), ziaee MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D52304
This is needed to fix bootstrapping on FreeBSD versions before commit
56ee5c551f89 ("sysctl: make sys/sysctl.h self contained"). Moreover,
certctl should really be including sys/types.h directly since it uses
size_t.
MFC after: 1 week
loader/efi: return error from efi_find_framebuffer Also return actual errno values in other code paths. (suggested by tsoome) Reviewed by: tsoome, imp Differential Revision: https://reviews.freebsd.org/D52432
loader/efi: plug memory leak Reviewed by: tsoome Differential Revision: https://reviews.freebsd.org/D52433
loader/efi: remove is_last parameter from find_currdev It is unused. Reviewed by: tsoome Differential Revision: https://reviews.freebsd.org/D52434
Translate the given errno to an efi status instead of always exiting with EFI_LOAD_ERROR.
This helps future developers when adding additional options handlers in the surrounding blocks. This is effectively a no-op. MFC after: 1 month
Put -I in its proper place alphabetically Sponsored by: Netflix
nanobsd: Expose do_image_prep on command line do_image_prep will skip the customizations and other image prep that's the same each time. It was just set before for -I. Expose it now with -p which doesn't have the other side effects. Also, fix a bug where early customization was run in this case. We don't want that run multiple times when building an image from an existing tree or when skipping image prep (there's no reason to make it a separate hook). Also change example small media from Compact Flash to SD Card (though maybe it should be microSD card, eMMC or similar, but that's getting too verbose). Sponsored by: Netflix
nanobsd: Fix the p flag Fix the "p" flag in the manual page. While here, add the flag to the usage instructions. Reviewed by: imp Approved by: emaste (mentor) Fixes: https://cgit.freebsd.org/src/commit/?id=90593b1bdb80 ("nanobsd: Expose do_image_prep on command line") Differential Revision: https://reviews.freebsd.org/D52508
Reported by: Michael Dexter Fixes: https://cgit.freebsd.org/src/commit/?id=72d01e62b082 netgraph: teach ngctl to attach and run itself in a jail MFC after: 1 day
Pointy hat to: vexeduxr Reported by: Bakul Shah
When sending UDP packets: * compute the checksum in the correct order. This only has an impact if the length of the payload is odd. * don't send packet with a checksum of zero, use 0xffff instead as required. When receiving UDP packets: * don't do any computations when the checksum is zero. * compute the checksum in the correct order. This only has an impact if the length of the payload is odd. * when computing the checksum, store the pseudo header checksum * if the checksum is computed as zero, use 0xffff instead. * also accept packets, when the checksum in the packet is the pseudo header checksum. The last point fixes a problem when the DHCP client runs in a VM, the DHCP server runs on the host serving the VM and the network interface supports transmit checksum offloading. Since dhclient doesn't use UDP sockets but bpf devices to read the packets, the checksum will be incorrect and only contain the checksum of the pseudo header. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263229 Reviewed by: markj, Timo Völker Tested by: danilo MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D52394
Use pfctl_fopen (which checks to ensure the given file isn't a directory)
for pfctl -f /path/to/pf.conf. Otherwise, if you accidentally use a dir
instead of a file (e.g. if you have an /etc/pf directory and don't notice
the name when tab-completing), you successfully install an empty ruleset.
ok sashan@
Obtained from: OpenBSD, sthen <sthen@openbsd.org>, 2f48098846
Sponsored by: Rubicon Communications, LLC ("Netgate")
Currently 'pfctl -a "*" -sr' recursively walks anchor tree and shows
rules found in every anchor. This commit introduces the same behavior
for tables. Command 'pfctl -a "*" -sT' prints all tables attached to
every anchor loaded to pf(4).
Inconsistency has been noticed by Klemens (kn@).
OK @bluhm, OK @kn
Obtained from: OpenBSD, sashan <sashan@openbsd.org>, 3898e3532e
Sponsored by: Rubicon Communications, LLC ("Netgate")
The fix to pfctl_kill_src_nodes() comes from Olivier Croquin.
bluhm@ pointed out pfctl_net_kill_states() suffers from the
same copy'n'paste typo. Commit combines both fixes.
OK @bluhm, OK @kn
Obtained from: OpenBSD, sashan <sashan@openbsd.org>, cde97ca321
Sponsored by: Rubicon Communications, LLC ("Netgate")
Reported by: bdrewery
MFC after: 1 week
See also: da50f49977cc4e6aae55cb2379313599249a8dd2
Sponsored by: Rubicon Communications, LLC ("Netgate")
While here, improve userlist error message. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289399 MFC after: 3 days Reviewed by: kbowling, rgrimes Approved by: kbowling, rgrimes (src) Reported by: michaeldexter, rgrimes Differential Revision: https://reviews.freebsd.org/D52464
MFC After: 1 day Sponsored by: Amn Afzar Hoopad Inc Differencial Revision: https://reviews.freebsd.org/D52418
StartImage() may return additional data from failure. This data has text message followed by optional binary blob. Print out the text message (if present) and free the data. See 7.4.2 EFI_BOOT_SERVICES.StartImage() page 199 UEFI_Spec_Final_2.11.pdf. Reviewed by: imp
nuageinit: chmod sudoers directory instead of chmod (again) sudoers file * Set mode of sudoers to 0440. Reviewed by: bapt@, jlduran@ Approved by: bapt@, jlduran@ Differential Revision: https://reviews.freebsd.org/D52438
nuageinit: Allow the use of network parameters from network-config To better comply with the cloud-init specification, we need to support the configuration of network-related parameters from the network-config file, which is common in most deployments. Reviewed by: bapt@ Approved by: bapt@ Differential Revision: https://reviews.freebsd.org/D52419
nuageinit: Add doas support
* Set mode of etc directory to 0755.
* Use user.localbase sysctl instead of /usr/local.
* Add test case for doas.
* Set ${LOCALBASE} instead of /usr/local in nuageinit(7) man page.
Reviewed by: bapt@
Approved by: bapt@
Differential Revision: https://reviews.freebsd.org/D52437
nuageinit: Add me to copyright list Approved by: bapt@
It is referred to in the documentation as the system crontab, not root's crontab. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289099 Reviewed by: emaste Approved by: emaste (mentor) Fixes: https://cgit.freebsd.org/src/commit/?id=d33daab9348a ("Call /etc/crontab the "system crontab", not "root's crontab". While here, fix some other wording issues") MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D52503
guid here is only used for EFI_ZFS_BOOT, so move the ifdef. Noticed by: wosch and clang 20 Sponsored by: Netflix
Like lastjid, desc should count as a pseudo-parameter. The difference lies entirely in the security.jail.param sysctls, which list all of the jail parameters. Since desc opens and returns a file descriptor, it has no place in such uses as "jls all." Like lastjid, it's still recognized by the kernel if passed in/out, and hard-coded into libjail so it can be recognized there. MFC after: 3 days
Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1843
found by "buffer overflow 'anchortypes' 10 <= 12" smatch error
feedback and ok sashan@, ok miod@ on an earlier version
Obtained from: OpenBSD, jsg <jsg@openbsd.org>, 730c5d0121
Sponsored by: Rubicon Communications, LLC ("Netgate")
Sponsored by: Rubicon Communications, LLC ("Netgate")
Add missing error checks
Input kettenis, millert
OK millert
Obtained from: OpenBSD, florian <florian@openbsd.org>, a7b9eedcb4
Sponsored by: Rubicon Communications, LLC ("Netgate")
Obtained from: OpenBSD, jsg <jsg@openbsd.org>, 6768654732
Sponsored by: Rubicon Communications, LLC ("Netgate")
Some options (in particular, -g) are processed immediately upon being parsed. This will produce the wrong result in combination with -j since we only attach to the jail after we're done parsing arguments. Solve this by attaching to the jail immediately when -j is encountered. The downside is that e.g. `ifconfig -j foo -j bar` would previously attach to jail “bar”, whereas now it will attempt to attach to jail “foo”, and if successful, attempt to attach to jail “bar” within jail “foo”. This may be considered a feature. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289134 MFC after: 1 week Reviewed by: zlei Differential Revision: https://reviews.freebsd.org/D52501
Build without LOADER_BIOS_TEXTONLY since it is now the default. Reviewed by: imp Differential Revision: https://reviews.freebsd.org/D52559
When passing an NVIDIA GPU to a Linux VM, the GPU driver refuses to work and complains about a missing IRQ: [ 77.208984] NVRM: Can't find an IRQ for your NVIDIA card! [ 77.212697] NVRM: Please check your BIOS settings. [ 77.212699] NVRM: [Plug & Play OS] should be set to NO [ 77.212700] NVRM: [Assign IRQ to VGA] should be set to YES [ 77.212702] nvidia: probe of 0000:00:07.0 failed with error -1 By setting a valid INTPIN in the PCI config space those error messages disappear. Additionally, tools like nvidia-smi are able to detect the GPU and the GPU driver seems to work properly. Note that bhyve still doesn't support legacy interrupts. So, the guest shouldn't try to use it even though we're assigning an INTPIN. Reviewed by: jhb Tested by: chuck MFC after: 1 week Sponsored by: Beckhoff Automation GmbH & Co. KG Differential Revision: https://reviews.freebsd.org/D51892
When starting single-user mode, use the home directory from user root as current directory and for the HOME environment variable. If the directory does not exist, set HOME=/. Also adjust /root/.profile to stop setting HOME, since it should always have been set now. This is intended to keep shell startup files working in single-user mode after /.profile has been removed. Reviewed by: emaste, ivy, kevans MFC after: 1 week Relnotes: yes Differential Revision: https://reviews.freebsd.org/D52527
It is in fact redundant with the previous one, as the set of supplementary groups is expected to be empty. MFC after: 5 days MFC to: stable/15 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52281
This change allows user to define table inside the anchor like that:
anchor foo {
table <bar> { 192.168.1.1 }
pass in from <bar> to <self>
}
Without this diff one must either create table <bar> in main
ruleset (root) or use 'pfctl -a foo -t bar -T add 192.168.1.1'
This glitch is hard to notice. Not many human admins try to attach
tables to non-global anchors. Deamons which configure pf(4) automatically
at run time such as relayd(8) and spamd(8) create tables attached to
thair anchors (for example 'relayd/*') but the deamons use way similar
to pfctl(8) to add and manage those tables.
The reason why I'd like to seal this gap is that my long term goal
is to turn global `pfr_ktable` in pf(4) into member of pf_anchor.
So each ruleset will get its own tree of tables.
feedback and OK bluhm@
Obtained from: OpenBSD, sashan <sashan@openbsd.org>, 30269bc362
Sponsored by: Rubicon Communications, LLC ("Netgate")
The current way to adjust pf(4) limits in pf.conf(5) is inconvenient.
For example when ruleset uses more than 512 anchors (the current default
limit) one would typically add 'set limit anchor 1024' to adjust
the limit so the 'pf.conf(5)' gets processed. Unfortunately it
does not work because limit gets changed with DIOCXCOMMIT which
is too late. The pf.conf(5) fails to load the anchors to transaction,
because the old lower limit is still in place. To fix it we must
set the limit as soon as we parse 'set limit ...' option.
The issue has been reported and fix tested by rafal _dot_ ramocki _von_ eo.pl
OK @bluhm
Obtained from: OpenBSD, sashan <sashan@openbsd.org>, 85baac7751
Sponsored by: Rubicon Communications, LLC ("Netgate")
This moves some math to where it logically makes more sense for skipping over the ": " separator in the message formatted "app[PID]: MSG". No functional change. Fixes: https://cgit.freebsd.org/src/commit/?id=18bcf5a0 ("Restore local kernel "prog" filtering") Sponsored by: Dell Inc.
This fixes two printing bugs in cpucontrol(1). First, the utility will now print "updating from rev X to rev Y", instead of incorrect "updating to revision X", where X is actually the old revision. This also matches what Intel updater prints. Second, the utility won't incorrectly warn that the update failed after reading the new revision post update. Reviewed by: kib, markj Differential Revision: https://reviews.freebsd.org/D52506
- Reformat function definitions
POSIX states that compound commands, i.e., ones that use `(..)` or
`{ .. } `, are permissible as function definitions, however, many shell
syntax validators do not acknowledge the former format.
Switch to the latter format so more naive editors, like the vim syntax
highlighter, better parse the syntax of the file.
Moreover, replacing `(..)` with `{..}` replaces several subshells with
their non-subshell equivalents. Given that `set -e` is used liberally
and `exit` is not used in the calling code when `set -e` is not
enforced, there is no net loss by making this change.
- Clean trailing whitespace.
- Reindent some related comments to match the indentation of the
previous line.
- Add shebangs to the tops of files to help syntax colorizers and file
identifiers understand that the files are in shell syntax.
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D52596
pw: Remove duplicate lines from the pw useradd usage message No functional change intended. MFC after: 1 week Sponsored by: The FreeBSD Foundation Sponsored by: Klara, Inc.
pw: Print warnings when metadata updates fail We do this in most places already, but not consistently. MFC after: 1 week Sponsored by: The FreeBSD Foundation Sponsored by: Klara, Inc.
pw: Clean up a couple of errx() calls - Remove a stray backslash. - Make an error message fit on one line. No functional change intended. MFC after: 1 week Sponsored by: The FreeBSD Foundation Sponsored by: Klara, Inc.
pw: Add a missing chown() when creating dirs in mkdir_home_parents() mkdir_home_parents() effectively performs a mkdir -p of the root home directory. It chowns the home directory to 0, 0, but doesn't do so for the intermediate directories. Add an explicit chown() call for those too. Fix a long line while here. Reviewed by: bapt MFC after: 1 week Sponsored by: The FreeBSD Foundation Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D52587
pw: Use copy_file_range() when copying skeleton files As a bonus, check for I/O errors and print them to standard error. Reviewed by: bapt, emaste MFC after: 1 week Sponsored by: The FreeBSD Foundation Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D52588
pw: Add a metalog output mode When creating OS images as a non-root user, it may be useful to pre-create users in the staged tree. The useradd operation adds files to the new user's home directory, copied from the skeleton directory (/usr/share/skel), which makes it inconvient for use in this scenario since the added files are not recorded in the mtree metalog. To cover this gap, this change adds a new -M <metalog> option to pw's useradd operation, causing pw to add mtree entries for newly added files. Extend an existing regression test to validate this mode. Reviewed by: bapt, emaste MFC after: 1 week Sponsored by: The FreeBSD Foundation Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D52590
Update the pkgbase component selection dialogue to take the components list from the meta-package sets available on the install media, except for "kernel" which is still handled magically. Always install "minimal", and by default select "base", "kernel-dbg" and any libcompat sets (e.g., lib32) if they're available. Replace the various "dbg" options with a single "debug" component that installs the debug symbols for all the components the user selected, except for kernel since we handle that separately and it's common to want kernel debugs symbols without userland debug symbols. MFC after: 3 seconds Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D52558
Signed-off-by: Siva Mahadevan <me@svmhdvn.name> PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266374 Pull request: https://github.com/freebsd/freebsd-src/pull/1851 Reviewed by: emaste Sponsored by: The FreeBSD Foundation
This ensures the normally-empty directories /proc, /net, /media and /mnt are created on a fresh pkgbase install. Put /proc, /mnt and /media in -runtime since those are basic directories that should always exist. /net is only used by the automounter, so put that in -autofs. While here, also tag /rescue in -rescue, since nothing else installs there. Reported by: Graham Perrin <grahamperrin@gmail.com> PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289654 MFC after: 3 days Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D52622
Historically this capability is IFCAP_NOMAP but it was renamed to IFCAP_MEXTPG. Catch up with the change 3f43ada98c89. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289545 Fixes: https://cgit.freebsd.org/src/commit/?id=3f43ada98c89 Catch up with https://cgit.freebsd.org/src/commit/?id=6edfd179c86: mechanically rename IFCAP_NOMAP to IFCAP_MEXTPG MFC after: 3 days
It is appeared that currently starting of moused does not depend on moused_enable variable value in rc.conf. That leads to missing USB mice support in default configuration. Start moused in traditional per device mode with devd to follow POLA. One daemon per system mode still can be enabled with setting of moused_port="auto" moused_nondefault_enable="NO" variables in /etc/rc.conf To revert to sysmouse mode add moused_type="sysmouse" to /etc/rc.conf Reported by: many Requested by: glebius Reviewed by: glebius MFC after: 1 day Differential Revision: https://reviews.freebsd.org/D52430
This follows the commit 4cdc1f5421c5, which introduces the IFCAP_HWSTATS capability. Fixes: https://cgit.freebsd.org/src/commit/?id=4cdc1f5421c5 There are some high performance NICs that count statistics in hardware MFC after: 3 days
This follows the commit 051e7d78b039, which introduces the IFCAP_NV capability. Fixes: https://cgit.freebsd.org/src/commit/?id=051e7d78b039 Kernel-side infrastructure to implement nvlist-based set/get ifcaps MFC after: 3 days
This fixes "usage: basename string [suffix]" message. Reported by: cy MFC after: 1 day
Instead of sleeping while constructing the list of PIDs to wait for, sleep briefly after pwait to give init a chance to reap the processes that just terminated before we loop around and start probing them. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289630 Reviewed by: allanjude Differential Revision: https://reviews.freebsd.org/D52619
Fix "run-under-chroot" workaround by replacing strlcpy(2) with memmove(2) since strings overlap. MFC after: 1 week Reviewed by: arrowd Differential Revision: https://reviews.freebsd.org/D52670
Upgrading from 14.x to 15.x with freebsd-update broke because libc depends on the new libsys library; freebsd-update installed the new libc before creating libsys, and every step after that failed because all the tools (including gunzip and install) are dynamically linked and need a working libc. Enforce ordering when installing shared objects: First libsys, then libc, then libthr, and then all the rest of the shared object files. This is a candidate for an Errata Notice since the issue this fixes breaks upgrades. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289769 Reported by: Graham Perrin Reviewed by: kib MFC after: 3 days Sponsored by: https://www.patreon.com/cperciva Differential Revision: https://reviews.freebsd.org/D52688
Now that the pkg package is shipped on the pkgbase release media, install it by default for a pkgbase install if it's present. If it's not available (e.g., when running bsdinstall from a repository built from src alone, without ports), skip it and assume the user will install it another way. MFC after: 1 day Reviewed by: ifreund_freebsdfoundation.org, cperciva Differential Revision: https://reviews.freebsd.org/D52639
c99bb5747f5e changed ( ) grouping into { }, but in these cases we chdir
and depended on the subshell not changing it for the caller. Restore the
old behavior. It seems to work w/o this change, true, but the old code
was intentionally like this.
Fixes: https://cgit.freebsd.org/src/commit/?id=c99bb5747f5e
Sponsored by: Netflix
Reviewed by: bapt Differential Revision: https://reviews.freebsd.org/D52697
ok henning, mcbride
Obtained from: OpenBSD, mikeb <mikeb@openbsd.org>, 44b1b5a8a9
Sponsored by: Rubicon Communications, LLC ("Netgate")
ok henning
Obtained from: OpenBSD, mikeb <mikeb@openbsd.org>, 47068a62ee
Sponsored by: Rubicon Communications, LLC ("Netgate")
* Merge `once' handling from `anchorrule' and `pfrule'
* Remove/shorten duplicate code block
OK sashan
Obtained from: OpenBSD, kn <kn@openbsd.org>, d114b77333
Sponsored by: Rubicon Communications, LLC ("Netgate")
parse.y revision 1.682 from 16.07.2018 errornously allowed `match once' and
`anchor "a" once'.
Fix both by checking for PF_DROP not PF_MATCH and creating anchors in the
parser already such that they can be used to distinguish anchor rules in
the same check as well.
Found and fixed by Petr Hoffmann <petr.hoffmann at oracle dot com>, thanks!
While here, remove an unneeded cast and make pfctl_add_rule() void as it
always returned 0.
OK sashan
Obtained from: OpenBSD, kn <kn@openbsd.org>, 6da84b37b3
Sponsored by: Rubicon Communications, LLC ("Netgate")
After the refactoring in 'pfctl: fix once rules' we broke nat/rdr/binat rules.
These no longer exist on OpenBSD, so were not considered in that patch. Factor
out the common code and call it from all anchor types.
Sponsored by: Rubicon Communications, LLC ("Netgate")
We already track this in the kernel and pass it to userspace, we may as well
show users.
Sponsored by: Rubicon Communications, LLC ("Netgate")
The 'rule_numbers' is used for more than just displaying rule numbers.
Rename it and move the actual opts checking into the relevant functions.
Sponsored by: Rubicon Communications, LLC ("Netgate")
In cloud-init, when a group specified in the 'users.{index}.groups' parameter
does not exist, it is ignored, but the user is created anyway. In the case of
nuageinit, it exits with an exception, since pw(8) expects each group to exist.
Reviewed by: bapt@
Approved by: bapt@
Differential Revision: https://reviews.freebsd.org/D52718
After f99f0ee14e3a ("rc.d: add a service jails config to all base system
services"), the FTP service ignores the flags configured in ftpd_flags:
# sysrc ftpd_flags=-B
ftpd_flags: -> -B
# service ftpd enable
ftpd enabled in /etc/rc.conf
# service ftpd start
Starting ftpd.
# pgrep -fl ftpd
1234 /usr/libexec/ftpd -D
Notice the absence of the "-B" flag.
PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=285600
Reviewed by: 0mp, emaste
Approved by: emaste (mentor)
Fixes: https://cgit.freebsd.org/src/commit/?id=f99f0ee14e3a ("rc.d: add a service jails config to all base system services")
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D52745
virtual_oss is part of base as of 9cab9fde5eda ("virtual_oss: Port to
base").
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D52322
Useful when used with syslog-ng, which uses SIGUSR1. Instead of adding signal number to every new entry, just set it via command line option. Reviewed by: bcr, delphij Differential Revision: https://reviews.freebsd.org/D52701
If a newsyslog.conf(5) has an entry that is configured to be rotated every hour, and crontab(8) is set to execute newsyslog several times per hour, the logic of age_old_log() is broken and it would rotate the entry too often. AFAIU, the extra 1800 seconds were added to allow some leeway for the previous newsyslog invocation, that could have been too slow and the timestamp on the old file is newer than actual time of the previous newsyslog invocation. But 30 minutes of leeway is way to much. Reduce this down to 3 minutes, which would be a compromise between a potential need to run newsyslogd every 5 minutes and a situation when newsyslog takes a significant time to rotate the logs. Provide a test case for that. Reviewed by: delphij Differential Revision: https://reviews.freebsd.org/D52700
Remove 'pager' shim that was last not supported in FreeBSD 12.2, which went EOL on March 31, 2022. People have had enough time to upgrade the boot loader. Sponsored by: Netflix
Check the number of arguments and ensure that the passed-in device to disable parses correctly. Sponsored by: Netflix
While boot_single:lower() should always be in {yes,no}, it might not
be. In one place we check == yes, and another ~= no. Make both places ~=
no for consistency. We generally try to test != default.
Sponsored by: Netflix
Fixes armv7 build. Reported by: CI Fixes: https://cgit.freebsd.org/src/commit/?id=9cab9fde5eda ("virtual_oss: Port to base") Sponsored by: The FreeBSD Foundation MFC after: 4 days
* Registers dump * SGE context * TCB info MFC after: 3 days Sponsored by: Chelsio Communications
Reported by: CI Fixes: https://cgit.freebsd.org/src/commit/?id=9cab9fde5eda ("virtual_oss: Port to base") Sponsored by: The FreeBSD Foundation MFC after: 4 days
Add a blocklist probe when user access is denied. Reviewed by: emaste Approved by: emaste (mentor) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52747
Reviewed by: emaste Approved by: emaste (mentor) Obtained from: NetBSD MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52746
For proper redundancy, add copies of loader.efi to each of the ESPs we create when we create multi-volume ZFS datasets. zfsboot creates a list of secondary ESPs, while bootpart doesn't create any (it's the UFS partitioning tool) because we don't supporg UFS over gmirror. The primary ESP is mounted and is what we use efibootmgr to boot from. The redundant copies allow the system to boot if the primary disks fails. Sponsored by: Netflix MFC After: 2 days PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208802 Reviewed by: cperciva Differential Revision: https://reviews.freebsd.org/D52780
With pkgbase, users may decide to install a minimal set of packages that's missing some daemons. Check which services are installed, and only include the ones which are present in the dialogue. MFC after: 1 day Reviewed by: cperciva Differential Revision: https://reviews.freebsd.org/D52646
virtual_oss(8) chooses formats based on preference lists (see VPREFERRED_*) for each sample depth (-b option). However, if we, for example, use 32 bits LE for the sample depth, what will end up happening is that the format chosen will be 0x10001000, which corresponds to AFMT_S32_LE *and* AFMT_F32_LE OR'd together. This happens because the preference lists include both AFMT_S32_* and AFMT_F32_* in the 32-bit cases. Because we essentially end up using an invalid format, sound(4) will eventually reach pcm_sample_write()'s (sys/dev/sound/pcm/pcm.h) __assert_unreachable() case. This patch is a temporary fix to address the panic, until a proper solution for using floating point formats is found. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289904 Sponsored by: The FreeBSD Foundation MFC after: 2 days
Add utility functions for configuring gpio interrupts and document file operations. Reviewed by: vexeduxr, ziaee Differential Revision: https://reviews.freebsd.org/D52102
In particular, fixes 'procstat -s -M' (only if there are less than 16 groups). Reviewed by: kib, emaste Fixes: https://cgit.freebsd.org/src/commit/?id=be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]") MFC after: 9 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52260
PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289447 MFC after: 1 week
libc: prevent incorrect %a/%La rounding at full precision In __hdtoa() and __hldtoa(), rounding is incorrectly applied when the requested precision exactly matches the number of significant hexadecimal digits. In this case, the redux adjustment can trigger an unintended exponent increment and shift the rounding position left by one bit. This causes the least significant digit to be rounded incorrectly. The fix adds a new condition based on MAX_HEX_DIGITS (derived from MANT_DIG) so that rounding is performed only when precision is strictly less than the number of significant digits. This avoids the unintended shift while preserving correct rounding for other cases. A new regression test (printfloat_test:hexadecimal_rounding_offset_eq_exp) covers both the binary64 (%.13a) and binary128 (%.28La on arm64) cases that previously fail, ensuring the bug does not regress. Note: MAX_HEX_DIGITS represents the maximum number of hexadecimal digits needed to express the mantissa. It is computed by subtracting the implicit integer bit from [L]DBL_MANT_DIG, dividing the remaining mantissa bits by 4 (with +3 to round up any remainder), and finally adding +1 for the leading integer digit. This makes its meaning explicit and distinct from SIGFIGS, which serves a different purpose. Fixes: https://cgit.freebsd.org/src/commit/?id=76303a9735ee ("Make several changes to the way printf handles hex floating point (%a):") Signed-off-by: Osamu Sho <osamusho@gmail.com> Reviewed by: imp,jlduran Pull Request: https://github.com/freebsd/freebsd-src/pull/1837
Fix floaing point test. I botched a style fix to a pull request, and didn't catch it on amd64, but it broke almost everything else. It's a false positive to the style program and spaces cannot be inserted here. It's not math, but a funky notation. Fixes: https://cgit.freebsd.org/src/commit/?id=9dd78db9c30a
Fix floaing point test. (again) Fixes: https://cgit.freebsd.org/src/commit/?id=9dd78db9c30a
Fixes the following warnings: ld: error: relocation R_X86_64_32S cannot be used against local symbol; recompile with -fPIC >>> defined in /usr/obj/usr/src/amd64.amd64/lib/libsamplerate/libsamplerate.a(samplerate.o) >>> referenced by samplerate.c:498 (/usr/src/contrib/libsamplerate/samplerate.c:498) >>> >>> samplerate.o:(src_new) in archive /usr/obj/usr/src/amd64.amd64/lib/libsamplerate/libsamplerate.a Related discussion: https://reviews.freebsd.org/D52306 Sponsored by: The FreeBSD Foundation Reviewed by: fuz Differential Revision: https://reviews.freebsd.org/D52307
No functional change (intended). MFC after: 5 days Sponsored by: The FreeBSD Foundation
In particular, fixes 'procstat -s -M' (for processes with more than 16 groups). Reviewed by: kib Fixes: https://cgit.freebsd.org/src/commit/?id=be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]") MFC after: 5 days MFC to: stable/15 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52275
We must not return ENOMEM, but rather -1 with 'errno' set to ENOMEM, as described in the manual page and as other implementations are doing. A malloc() failure actually already sets ENOMEM for us. Add comments indicating which function set 'errno' each time we return. While here, improve style and remove useless headers. Reviewed by: kib, emaste Fixes: https://cgit.freebsd.org/src/commit/?id=54404cfb13d4 ("In preparation for raising NGROUPS and NGROUPS_MAX, ...") MFC after: 5 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52580
After commit 9da2fe96ff2e ("kern: fix setgroups(2) and getgroups(2) to
match other platforms"), initgroups() does not set the effective GID
anymore and uses all passed groups as the supplementary group list.
This effectively breaks backwards compatibility with programs/libraries
compiled on a FreeBSD 14 or earlier system.
Restore compatibility by creating a new version of the 'initgroups'
symbol that designates the current implementation and providing
a pre-FreeBSD-15-compatible version under the symbol's previously
exported version. The new version calls the new setgroups(2) system
call, while the compatible one calls the original one (called
freebsd14_setgroups()).
Update the manual page with some history and comparison with other
current open-source systems. Add a "SECURITY CONSIDERATIONS" section
highlighting some security properties of this approach and the reasons
we adopt it. While here, revamp the manual page, in particular to use
the exact POSIX terminology where possible.
Note for MFC to stable/14: Only the manual page update is to be MFCed,
and the text changed to reflect the old behavior and inform readers of
the new upcoming behavior in 15.
Reviewed by: kib
Fixes: https://cgit.freebsd.org/src/commit/?id=9da2fe96ff2e ("kern: fix setgroups(2) and getgroups(2) to match other platforms")
MFC after: 5 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52282
Fixes compiler error when the caller passes a const bdaddr_t * paramemeter (e.g., NG_HCI_BDADDR_ANY). Sponsored by: The FreeBSD Foundation MFC after: 1 day Reviewed by: markj, emaste Differential Revision: https://reviews.freebsd.org/D52582
by forwarding the reference to libsys syscall symbol, for the libc.so case. Reviewed and tested by: kevans Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D52672
There are no symbols that needs to be namespaced in the header, and it would not allow to use proper raw syscall names later, where they are needed. Reviewed by: olce Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D52687
same as it was done for setgroups@FBSD_1.0. Switch from weakref to symver, since GNU as cannot handle version spec with weakref. Reviewed by: olce Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D52687
after libc is switched to use public symbols for pre-ino64 syscalls. Reviewed by: olce Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D52687
Looks like a copy and paste error. The ELF size of 0 prevents Valgrind from redirecting this function. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289845 Reviewed by: fuz Fixes: https://cgit.freebsd.org/src/commit/?id=3f224333af163d5fcd7547a20993dcf18f19076c See also: https://bugs.kde.org/show_bug.cgi?id=509406 Pull Request: https://github.com/freebsd/freebsd-src/pull/1854 MFC after: 1 day Event: EuroBSDcon 2025
Commit c5d671b added netlink support to server side rpcbind. However it did not add a case for AF_NETLINK to __rpc_taddr2uaddr_af(). (Reported as PR#289625.) As such, without this patch the r_addr field of the netlink rbllist is NULL, which causes a crash in svc_sendreply() for a Dump query (what rpcinfo does). PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289625 Reviewed by: glebius MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D52651 Fixes: https://cgit.freebsd.org/src/commit/?id=c5d671b711c3 ("libc/rpc: add userland side RPC server over netlink(4)")
Commit 9a3edc8 modified the behaviour of ZFS's VOP_READDIR() such that it will reply EINVAL for an offset past EOF on the directory. This exposed a latent bug in the NFSv4 Readdir code, which would attempt a Readdir with an offset beyond EOF for a directory that consists of only "." and "..". This happened because NFSv4 does not reply "." or ".." to the client and, after skipping over them, attempted another VOP_READDIR(). This patch fixes the problem by checking the eofflag for the case where all entries have been skipped over. Reviewed by: kib MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D52370
Reviewed by: des, kib Differential Revision: https://reviews.freebsd.org/D52155
In D52038, we kind of guess at the reason that pfs_create_dir() failed, which isn't great: it could be EEXISTS, or it could even be ENOMEM. Change the pfs_create_*() interfaces to return an error and use a double pointer to return the new node as requested. Outside of the changes in sys/fs/pseudofs, this diff is the result of running the added coccinelle script against in-tree pseudofs and fixing all of the style(9) violations that spatch added. We set *opn to NULL in the failure cases to avoid breaking callers that did actually error-check their results, since the cocci patch does not attempt to handle that in any way. Reviewed by: des (previous version), kib Differential Revision: https://reviews.freebsd.org/D52157
This comment is obsolete, as:
1. This code is FreeBSD-specific and is not shared with other BSDs.
2. With our recent changes in commit be1f7435ef218b1d ("kern: start
tracking cr_gid outside of cr_groups[]"), all of NetBSD, OpenBSD and
FreeBSD have the effective GID in a separate field (DragonFlyBSD
remains to this day an outlier).
MFC after: 9 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52254
Fixes: https://cgit.freebsd.org/src/commit/?id=be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]") MFC after: 9 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52256
Reviewed by: kib Fixes: https://cgit.freebsd.org/src/commit/?id=be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]") MFC after: 9 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52257
Due to the partial-only changes of commit 46c07316f906 ("kern: adopt the
cr_gid macro for cr_groups[0] more widely"), subsequent commit
be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]")
caused a mismatch between filling cr_groups[0] in 'reused_creds' in
fuse_interrupt_send() and reading 'cr_gid' from it in
fuse_setup_ihead(), with the consequence that the kernel would send
a FUSE_INTERRUPT message to the FUSE deamon with an uninitialized GID in
its header (which, besides being wrong, would disclose 4 bytes from its
stack).
Fixes: https://cgit.freebsd.org/src/commit/?id=be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]")
MFC after: 5 days
MFC to: stable/15
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52255
This comment has been obsoleted by commit be1f7435ef21 ("kern: start
tracking cr_gid outside of cr_groups[].").
No functional change.
MFC after: 5 days
MFC to: stable/15
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52264
If the last copy of an open file resides within the socket buffer of a unix-domain socket, then VOP_CLOSE will be called with no thread information. Fix fusefs to handle that case, and add a regression test. Also add a test case for writes to a file that lies within a sockbuf. Along with close, a write from the writeback cache is the only other operation I can think of that might apply to a file residing in a sockbuf. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289686 Reported by: iron.udjin@gmail.com MFC after: 1 week Sponsored by: ConnectWise Reviewed by: glebius, markj Differential Revision: https://reviews.freebsd.org/D52625
It is defined as a plain use of vref. Churn generated with coccinelle: @@ expression vp; @@ - VREF(vp) + vref(vp)
Introduce vn_fullpath_jail(), which returns a path to the passed vnode relative to the current jail's root. It will be used by mac_do(4) in a subsequent commit. Factor out common code between the new variant and vn_fullpath(). While here, rework the comments a bit. Add vn_fullpath_jail() to the vn_fullpath.9 manual page. While here, document all the existing public vn_fullpath*() functions. Reviewed by: kib (except latest manual page changes) MFC after: 3 days Event: EuroBSDCon 2025 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52757
Kernel stuff (other than networking, filesystems, and drivers).
LinuxKPI: 802.11: use IEEE80211_FEXT_AMPDU_OFFLOAD Set IEEE80211_FEXT_AMPDU_OFFLOAD if the driver/firmware does AMPDU[-TX] offload and net80211 should stay out of the way. Later use IEEE80211_CONF_AMPDU_OFFLOAD() (the IEEE80211_FEXT_AMPDU_OFFLOAD net80211 flag) rather than the LinuxKPI check to clear AMPDU-RX if we do not support crypto offload. This may seem odd at first as AMPDU-RX is mandatory but we would not be able to get anything working if we would let net80211 do a (*ic_ampdu_rx_start)() call. Some of this is neccessary until we have the code for all drivers (rtw8x use further interfaces) sorted. Sponsored by: The FreeBSD Foundation (originally) MFC after: 3 days Fixes: https://cgit.freebsd.org/src/commit/?id=ac2c7271b7c26
LinuxKPI: 802.11: only change dtim_period once assoc At least iwlwifi(4) seems to expect us to be assoc when seeing BSS_CHANGED_BEACON_INFO as it will stop session protection and update the beacon filter amongst other things. Check for the vif to be assoc before applying any dtim_period updates. See comment for more details on the entire flow. MFC after: 3 days
LinuxKPI: 802.11: counting beacons for debug only when assoc Simplify the logic and only count beacons when we are assoc, given we only do this for debugging purposes of beacon/connection loss. Fixes: https://cgit.freebsd.org/src/commit/?id=bdfe17f129db0 MFC after: 3 days
When fixing bug 286692, the change eafe5967ac558, that fixed a case when peer side does close(), also had regressed a case when our side does shutdown(SHUT_WR). These actually are two independent code paths, and the eafe5967ac558 shouldn't have touched the second block. The removal of 'kn->kn_flags |= EV_EOF' was incorrect and the statement on original behavior in the commit message was also incorrect. Do not add back so_error setting, since I failed to find a test case that would return anything but 0 in kevent.fflags when run on stable/14. This was found with help of https://github.com/tokio-rs/mio. Add a test case into our test suite for that. Fixes: https://cgit.freebsd.org/src/commit/?id=eafe5967ac558de142d91660e18e9238289890e3 Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D52327
Suggested by: imp Reviewed by: alc, imp Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D52348
The pre-load, aka linker_preload() runs at the order of SI_SUB_KLD, but a pre-loaded module may have SYSINITs that have startup order prior to SI_SUB_KLD, e.g. TUNABLE_INT() / TUNABLE_LONG(), hence it is possible that we run into abnormal orders. Without this change, the subsystem of the pre-loaded kernel modules will be melted into previous one. That is mostly harmless but confusing. MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D47904
A port using linux(kpi) header files but not using skbuffs is hitting the case that it cannot find opt_wlan.h. Give up to the idea that skbuff.h is only used by wireless drivers (or in-tree) and that IEEE80211_DEBUG (via opt_lwan.h) could autmatically compile in debug support. It is likely time to add a LINUXKPI_DEBUG knob in the near future (also for linuxkpi_debug or linuxkpi_debug_rcu). PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289268 MFC after: 3 days
There's no need for an implied value judgement. Suggested by: jhb Reviewed by: kib, jhb Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52351
This was initially introduced to ensure there is at least one entry so that the sysinit_set symbol is not undefined. Well now that the kernel has plenty of SYSINITs and it is unlikely we will have a kernel without any SYSINITs in future, then this placeholder is not relevant anymore. MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D47916
Most vfs_init implementations will not fail, with the notable current exception that tmpfs_subr_init() can fail to allocate a new swap pager type, in which case we probably do not want to proceed and keep it registered. linsysfs was a potential consumer, but we opted to go a different direction and move pseudofs init/deinit over to first mount and last mount instead. Reviewed by: fuz, kib Differential Revision: https://reviews.freebsd.org/D52037
This one in particular is ripe with opportunities to trigger a duplicate node error in pfs_create_dir(), so we do actually want to error-check it. The rest, more or less, should be expected not to fail. We'll propagate the error from pfs_create_dir() up through linsysfs_run_bus and complain about the device node that caused the error. Note that we avoid failing vfs_init() since a partially-constructed linsysfs with missing devices is probably more useful than missing linsysfs entirely. While we're here, convert two malloc() that weren't being error checked to M_WAITOK -- we already wait in the rest of the function, might as well do the same here. Add a missing newline to the pseudofs error mesage. Reviewed by: fuz, kib Differential Revision: https://reviews.freebsd.org/D52038
A PCI device's NUMA domain is now accessible via the pd_numa_domain member of struct pci_conf when using the PCIOCGETCONF ioctl. A new ioctl number has been assigned to PCIOCGETCONF to preserve compatibility with binaries compiled on FreeBSD versions 7 through 14. Such binaries can continue to use the PCIOCGETCONF ioctl number that they were compiled with and experience no ABI repercussions. Reviewed by: imp, markj Differential Revision: https://reviews.freebsd.org/D44289
Avoid future compatibility churn when adding new members to struct pci_conf by introducing some padding. An additional member, pc_reported_len, has also been added to report the length of the valid portion of an encompassing pci_conf. This allows users to verify that their definition of pci_conf matches the kernel's, preventing the use of invalid data. Reviewed by: imp Differential Revision: https://reviews.freebsd.org/D52313
Add kqueue tracking to jails, inspired by how it's done with processes. EVFILT_JAIL takes a jail ID, and tracks with NOTE_JAIL_SET, NOTE_JAIL_ATTACH, NOTE_JAIL_REMOVE, and NOTE_JAIL_CHILD. It also uses the NOTE_TRACK mechanism that EVFILT_PROC uses, using the same result flags (NOTE_CHILD and NOTE_TRACKERR). Relnotes: yes Differential Revision: https://reviews.freebsd.org/D51940
No functional change intended. MFC after: 2 weeks
No functional change intended. MFC after: 2 weeks
No functional change intended. MFC after: 2 weeks
No functional change intended. MFC after: 2 weeks
No functional change intended. MFC after: 2 weeks
There is no userland interface which would need these, so make header kernel-only. Reviewed by: jrm (mentor), markj Approved by: jrm (mentor), markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52395
We shouldn't be manipulating the parent's bio at all (except to update the number of children). physio() already set this properly as well, in addition. Signed-off-by: Miroslav Cimerman <mc@doas.su> Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1800
Signed-off-by: Wuyang Chung <wy-chung@outlook.com> Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1835
This function is a variant of g_new_geomf. It accepts a regular string instead of a format string as its input parameter. It can save the time wasted on unnecessary format string processing. Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1786
Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1786
LinuxKPI: pci: implement for_each_pci_dev() and improve pci_get_device() Implement for_each_pci_dev() needed by a wireless driver update. For that also improve pci_get_device() and add the functionality to support the odev argument to start searching from that. Sponsored by: The FreeBSD Foundation (intially) MFC after: 3 days Reviewed by: dumbbell Differential Revision: https://reviews.freebsd.org/D52066
LinuxKPI: pci: implement pcim_iomap() Like pci_iomap() add the devres version pcim_iomap() using the former to get the resource. Add a helper function to validate that the bar is within a valid range and sprinkle that check also to other related functions. Sponsored by: The FreeBSD Foundation (intially) MFC after: 3 days Reviewed by: dumbbell Differential Revision: https://reviews.freebsd.org/D52067
LinuxKPI: pci: implement [linuxkpi_]pcim_request_all_regions() Factor out the pci_request_region() implementation into an internal function and make pci_request_region() a simple wrapperaround it. Likewise implement pcim_request_all_regions() as a loop calling pci_request_region() for each entry. In two cases which we returned an error before (bar index is valid but bar is not (no len), and neither IO nor MEM) we now reutrn success (nothing to do for us). Otherwise callers, especially pcim_request_all_regions() would error out for the wrong reasons. This seems to also match the expected behaviour of pci_request_region(). Sponsored by: The FreeBSD Foundation (intially) MFC after: 3 days Reviewed by: dumbbell Differential Revision: https://reviews.freebsd.org/D52068
LinuxKPI: pci: allocate entire pci_dev hiereachy up to root port on attach In linux_pci_attach_device() allocate a LinuxKPI pci_dev for each device in the hierarchy up to the root port[1] as we cannot do that later on demand as we may be in a context where we may not sleep. Take special care of DRM as there is a non-PCI device in the chain which needs to be skipped. iwlwifi(4) can hit this case called from a callout. While here leave a comment sa the cleanup order of linux_pci_attach_device() needs correction seperately. Sponsored by: The FreeBSD Foundation (initially) PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=283027 Suggested by: jhb [1] MFC after: 3 days Reviewed by: dumbbell Differential Revision: https://reviews.freebsd.org/D52069
LinuxKPI: pci: allow children to be attached to a pci_dev This will be used for hooking suspend/resume in for LinuxKPI 802.11 based drivers. Sponsored by: The FreeBSD Foundation (initially) MFC after: 3 days Reviewed by: dumbbell Differential Revision: https://reviews.freebsd.org/D52070
LinuxKPI: correct the LINUXKPI_VERSION check for abs_diff() The code introduced abs_diff() as migrated from drm to standard linux headers. The LINUXKPI_VERSION check did not allow this to be visible by default in-tree. Make sure the v6.6 check is optional. drm-kmod always defines LINUXKPI_VERSION so this should be fine. Sponsored by: The FreeBSD Foundation (initially) Fixes: https://cgit.freebsd.org/src/commit/?id=afc450fac9f04 MFC after: 3 days Reviewed by: dumbbell Differential Revision: https://reviews.freebsd.org/D52071
LinuxKPI: acpi; fix type to acpi_get_handle() The native AcpiGetHandle() and acpi_get_handle() take a const char * argument for pathname and not an acpi_string (char *). For that they spell it out fully as 'const char *', so should we. Sponsored by: The FreeBSD Foundation (intially) MFC after: 3 days Reviewed by: dumbbell Differential Revision: https://reviews.freebsd.org/D52072
LinuxKPI: rename from_timer() to timer_container_of() With Linux 6.16 from_timer() got renamed to timer_container_of(); add the LINUXKPI_VERSION check with a default to the current version. Update all in-tree consumers (apart from wireless drivers managed otherwise). Sponsored by: The FreeBSD Foundation (initially) MFC after: 3 days Reviewed by: dumbbell Differential Revision: https://reviews.freebsd.org/D52073
LinuxKPI: timer KPI *_timer -> timer_* del_timer() got renamed to timer_delete() approximately in Linux 6.2 (similar for *_sync and likely others). Keep the old functions as compat; unclear when we can gc them. We should also re-define them with a linuxkpi_ prefix to avoid possible conflicts in the future if we do a full pass over this at some point. Sponsored by: The FreeBSD Foundation (intiially) MFC after: 3 days X-MFC; preserve symbols, not inline Reviewed by: dumbbell Differential Revision: https://reviews.freebsd.org/D52074
LinuxKPI: cleanup: implement __free() and DEFINE_FREE(); use for kfree() A wifi driver update needs this. Sponsored by: The FreeBSD Foundation (initially) MFC after: 3 days Reviewed by: dumbbell Differential Revision: https://reviews.freebsd.org/D52075
LinuxKPI: add DEFINE_LOCK_GUARD_0 for rcu This adds guard support for non-real-types like rcu locking meaning that we need to keep the lock state separately ourselves. _T is still special and needs to be updated. Given it may not be used it needs an __unused attribute (we are using the LinuxKPI __maybe_unused which indeed is more expressive in this case). Sponsored by: The FreeBSD Foundation (initially) MFC after: 3 days Reviewed by: dumbbell Differential Revision: https://reviews.freebsd.org/D52076
LinuxKPI: add __struct_size Use __builtin_object_size() by default. If __builtin_dynamic_object_size() is available use that instead. I would hope that in a future version we can remove the conditional checks but in order to be able to MFC this without checking all compiler versions simply keep it this way for now. Sponsored by: The FreeBSD Foundation (initially) MFC after: 3 days Reviewed by: dumbbell Differential Revision: https://reviews.freebsd.org/D52077
LinuxKPI: sync overflow.h from Linux v6.16
It seems overflow.h wsa imported directly from Linux in 3208d4ad2b8320a.
Update the file to the newer version as needed for wireless driver updates.
Sponsored by: The FreeBSD Foundation (initially)
MFC after: 3 days
Obtained from: git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
038d61fd642278 (tag: v6.16)
Reviewed by: dumbbell
Differential Revision: https://reviews.freebsd.org/D52078
LinuxKPI: kunit: add static_stub.h and more dummy headers These came up during a wifi driver update. Sponsored by: The FreeBSD Foundation (initially) MFC after: 3 days Reviewed by: dumbbell Differential Revision: https://reviews.freebsd.org/D52079
LinuxKPI: maths64: implement roundup_u64() Needed by a wifi driver update. Sponsored by: The FreeBSD Foundation (initially) MFC after: 3 days Reviewed by: dumbbell Differential Revision: https://reviews.freebsd.org/D52080
LinuxKPI: devres: divorce dem_kfree from lkpi_devm_kmalloc_release dem_kfree() is called from all over the place and should actually do something; contrary to lkpi_devm_kmalloc_release() it can also take a const void *. We have to __DECONST() that though as the entire devres framework does otherwise not take a const argument. This was discovered during the rtw89 upadte to 6.16. Sponsored by: The FreeBSD Foundation (initially) MFC after: 3 days Reviewed by: dumbbell Differential Revision: https://reviews.freebsd.org/D52082
EBADF semantic is that the passed fd is invalid, not that it is of wrong type. Using EBADF in these places in kern_event.c and sys_procdesc.c give bad examples to copy from. Note that places in kern_event.c that checks KQ_CLOSING and return EBADF are kept, since KQ_CLOSING is the transient state before the fd is finally closed and become eligible for EBADF. Reviewed by: markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D52410
Most pure sources work under a "pull" model wherein a dedicated thread polls the source at regular intervals (every 100ms). A couple of sources, however, will instead call random_harvest_direct() to provide entropy samples. Such sources were not calling random_source_register() and thus weren't in the global random source list. Modify "push" sources to use random_source_register() like other sources do. Such sources omit an implementation of rs_read and are thus skipped by the above-mentioned thread. This makes it easier to allow pure sources to provide a min-entropy estimate in a uniform way. Reviewed by: cem MFC after: 2 weeks Sponsored by: Stormshield Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D52229
If passed the parent of a device instead of the device, the loop might end up with the host bridge in the pci local variable. If the passed device is not from the pci hierarchy, any of the calculated parents might be NULL. Change the interface to allow the caller to receive error. Instead of asserting, just issue a message and return ENXIO, allowing the caller to select appropriate action. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289318 Reviewed by: jah Sponsored by: The FreeBSD Foundation MFC after: 2 weeks Differential revision: https://reviews.freebsd.org/D52406
PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289204 Reviewed by: markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D52421
For kernel threads, ASTs are not handled at all, so there is no reason to expect that g_waitidle() would be called through AST scheduling. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289204 Reviewed by: markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D52421
vm_domainset: Only probe domains once when iterating, instead of up to 4 times
Because of the 'di_minskip' logic, which resets the initial domain, an
iterator starts by considering only domains that have more than
'free_min' pages in a first phase, and then all domains in a second one.
Non-"underpaged" domains are thus examined twice, even if the allocation
can't succeed.
Re-scanning the same domains twice just wastes time, as allocation
attempts that must not wait may rely on failing sooner and those that
must will loop anyway (a domain previously scanned twice has more pages
than 'free_min' and consequently vm_wait_doms() will just return
immediately).
Additionally, the DOMAINSET_POLICY_FIRSTTOUCH policy would aggravate
this situation by reexamining the current domain again at the end of
each phase. In the case of a single domain, this means doubling again
the number of times domain 0 is probed.
Implementation consists in adding two 'domainset_t' to 'struct
vm_domainset_iter' (and removing the 'di_n' counter). The first,
'di_remain_mask', contains domains still to be explored in the current
phase, the first phase concerning only domains with more pages than
'free_min' ('di_minskip' true) and the second one concerning only
domains previously under 'free_min' ('di_minskip' false). The second,
'di_min_mask', holds the domains with less pages than 'free_min'
encountered during the first phase, and serves as the reset value for
'di_remain_mask' when transitioning to the second phase.
PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277476
Fixes: https://cgit.freebsd.org/src/commit/?id=e5818a53dbd2 ("Implement several enhancements to NUMA policies.")
Fixes: https://cgit.freebsd.org/src/commit/?id=23984ce5cd24 ("Avoid resource deadlocks when one domain has exhausted its memory."...)
MFC after: 10 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D51249
vm_domainset: Simplify vm_domainset_iter_next() As we are now visiting each domain only once, the test in vm_domainset_iter_prefer() about skipping the preferred domain (the one initially visited for policy DOMAINSET_POLICY_PREFER) becomes redundant. Removing it makes this function essentially the same as vm_domainset_iter_rr(). Thus, remove vm_domainset_iter_prefer(). This makes all policies behave the same in vm_domainset_iter_next(). No functional change (intended). PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277476 MFC after: 10 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D51250
vm_domainset: Refactor iterators, multiple fixes vm_domainset_iter_first() would not check if the initial domain selected by the policy was effectively valid (i.e., allowed by the domainset and not marked as ignored by vm_domainset_iter_ignore()). It would just try to skip it if it had less pages than 'free_min', and would not take into account the possibility of no domains being valid. Factor out code that logically belongs to the iterator machinery and is not tied to how allocations (or impossibility thereof) are to be handled. This allows to remove duplicated code between vm_domainset_iter_page() and vm_domainset_iter_policy(), and between vm_domainset_iter_page_init() and _vm_domainset_iter_policy_init(). This also allows to remove the 'pages' parameter from vm_domainset_iter_page_init(). This also makes the two-phase logic clearer, revealing an inconsistency between setting 'di_minskip' to true in vm_domainset_iter_init() (implying that, in the case of waiting allocations, further attempts after the first sleep should just allocate for the first domain, regardless of their situation with respect to their 'free_min') and trying to skip the first domain if it has too few pages in vm_domainset_iter_page_init() and _vm_domainset_iter_policy_init(). Fix this inconsistency by resetting 'di_minskip' to 'true' in vm_domainset_iter_first() instead so that, after each vm_wait_doms() (waiting allocations that could not be satisfied immediately), we again start with only the domains that have more than 'free_min' pages. While here, fix the minor quirk that the round-robin policy would start with the domain after the one pointed to by the initial value of 'di_iter' (this just affects the case of resetting '*di_iter', and would not cause domain skips in other circumstances, i.e., for waiting allocations that actually wait or at each subsequent new iterator creation with same iteration index storage). PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277476 Tested by: Kenneth Raplee <kenrap_kennethraplee.com> Fixes: https://cgit.freebsd.org/src/commit/?id=7b11a4832691 ("Add files for r327895") Fixes: https://cgit.freebsd.org/src/commit/?id=e5818a53dbd2 ("Implement several enhancements to NUMA policies.") Fixes: https://cgit.freebsd.org/src/commit/?id=23984ce5cd24 ("Avoid resource deadlocks when one domain has exhausted its memory."...) MFC after: 10 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D51251
Fix the comment introducing the 'wlan_*' devices (AES-CCMP is missing) after introducing AES-GCMP. While here, re-order the devices in order of appearance of the related technologies. No functional change (intended). Reviewed by: adrian, emaste Fixes: https://cgit.freebsd.org/src/commit/?id=7bf82ea4fdda ("sys: add wlan_gcmp to GENERIC kernels as appropriate") MFC after: 3 days MFC to: stable/15 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52444
Following commit be1f7435ef218b1d ("kern: start tracking cr_gid outside
of cr_groups[]"), cr_groups[] doesn't contain the effective GID anymore.
Fix the 'show proc' DDB command to show it again, and make it stand out
with respect to the supplementary ones.
Fixes: https://cgit.freebsd.org/src/commit/?id=be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]")
MFC after: 9 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52251
Fixes 'procstat -s' run on a core file when the number of groups in effect at the moment of core dump exceeds KI_NGROUPS (16). Reviewed by: kib Fixes: https://cgit.freebsd.org/src/commit/?id=be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]") MFC after: 9 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52258
In particular, fixes 'procstat -s' on a live system or a core file (only if there are less than 16 groups). Reviewed by: kib Fixes: https://cgit.freebsd.org/src/commit/?id=be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]") MFC after: 9 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52259
In particular, fixes 'procstat -s' on a live system (for processes with more than 16 groups). Reviewed by: kib, emaste Fixes: https://cgit.freebsd.org/src/commit/?id=be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]") MFC after: 9 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52261
Following fd9e09cb, EBADF is not the suitable error code for a non- jail descriptor passed to jail_set, jail_get, jail_attach_fd, and jail_remove_fd. Reported by: kib
- Fix an mbuf leak with iflib.simple_tx=1 when we run out of tx descs in iflib_encap(). It seems odd to free the mbuf in iflib_encap(), but that routine consumes mbufs for other reasons, and it seemed safest to free there rather than have the simple tx routine parse return values to determine what needed to be freed. - Increment counters for output drops when ENOBUFS is encountered and output errors when other transmit errors are encountered for both the simple and normal tx routines. - Performed driver changes so that iflib drivers now add the generic output drop and output error counters to their private counters in their ifdi_get_counter routines. Reviewed by: kbowling, markj Differential Revision: https://reviews.freebsd.org/D52369 Sponsored by: Netflix
Reviewed by: andrew Obtained from: CheriBSD Differential Revision: https://reviews.freebsd.org/D52401
Currently, F_SETFL always invokes FIONBIO and FIOASYNC ioctls on the file descriptor even if the state of the associated flag has not changed. This means that a character device driver that implements non-blocking I/O but not async I/O needs a handler for FIOASYNC that permits setting the value to 0. This also means that fcntl(fd, F_SETFL, fcntl(fd, F_GETFL)) can fail for a character device driver that does not handle both FIONBIO and FIOASYNC. These requirements are not obvious nor well documented. Instead, only invoke FIONBIO and FIOASYNC if the relevant flag changes state. This only requires a device driver to implement support for FIONBIO or FIOASYNC if it supports the corresponding flag. While here, if a request aims to toggle both F_NOBLOCK and F_ASYNC and FIOASYNC fails, pass the previous state of F_NONBLOCK to FIONBIO instead of always disabling non-blocking I/O and then possibly reverting the flag back to on in f_flags. Reviewed by: mckusick, imp, kib, emaste Differential Revision: https://reviews.freebsd.org/D52403
struct sysinit's func pointer requires its address, thus a real function is generated in every translation unit when the source file has SYSINITs declared. That results in plenty of identical sysinit_tslog_shim in the final kernel file, in which only one is used and others are left useless. MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52413
Otherwise we don't do anything to kick vcpu threads out of a sleep
state when destroying a VM. For instance, suppose a guest executes hlt
on amd64 or wfi on arm64 with interrupts disabled. Then,
bhyvectl --destroy will hang until the vcpu thread somehow comes out of
vm_handle_hlt()/vm_handle_wfi() since destroy_dev() is waiting for vCPU
threads to drain.
Note that on amd64, if hw.vmm.halt_detection is set to 1 (the default),
the guest will automatically exit in this case since it's treated as a
shutdown. But, the above should not hang if halt_detection is set to 0.
Here, vm_suspend() wakes up vcpu threads, and a subsequent attempt to
run the vCPU will result in an error which gets propagated to userspace,
allowing destroy_dev() to proceed.
Add a new suspend code for this purpose. Modify bhyve to exit with
status 4 ("exited due to an error") when it's received, since that's
what'll happen generally when the VM is destroyed asynchronously.
Reported by: def
MFC after: 2 weeks
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D51761
Jail descriptors were given a file-like mode, user, and group, for the purpose of controlling how the descriptor may be used. This is too far removed from the file paradigm to make sense. Remove it in favor of a better access control method to be added, such as Capsicum. Also add missing code in jaildesc_fill_kinfo. Reported by: crest at rlwinm.de, kib MFC after: 3 days
When freeing the last reference of the net80211 node the net80211 node_free() code may directly call into the crypto code to delete the keys. While we still holding the wiphy lock this would lead to a recursion on the non-recursive wiphy lock. Defer freeing the reference until we are back under the net80211 com lock. Reported by: Mark Phillips (mark freebsdfoundation.org) on 15.0-ALPHA1 MFC after: 3 days
Separate ossl's existing AES-NI GCM implementation into a common ossl_aes_gcm.c and add conditionals to switch between OpenSSL's AES-NI and POWER8 GCM routines depending on the architecture. Since the existing AVX-512 implementation is less agnostic, move it into a separate ossl_aes_gcm_avx512.c. Reviewed by: markj MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D44274
Instead of using the EVFILT_PROC model of attempting to automatically register new events when a child jail is created, just give a single event when a child jail is created. As was already done with jail attach events, make a best-effort report of the added jail's id in kn_data. If the are multiple NOTE_JAIL_CHILD and/or NOTE_JAIL_ATTACH events, set the NOTE_JAIL_MULTI flag, and don't report anything in data, indicating that the caller will need to query the system state on their own. MFC after: 3 days
We also need to destroy the rw_lock when we free the softc. Noticed by: markj Fixes: https://cgit.freebsd.org/src/commit/?id=656f7f43f204 Sponsored by: Netflix
Give jail descriptors the same kevent flags as jails. Also fix the event reporting in jails, where it was including data for events the user didn't ask for. MFC after: 3 days
sdt hotpatching was implemented, thus a remark about usefulnes of doing it was removed. Apart from that a bunch of expanded/reworded explanations. Improvement in terms of the quality of the use the English language was a non-goal and was most likely not achieved.
See the added comment. The entire notion of how vnodes are doomed needs to be reworked, but the bare minimum would be to have filesystems provide ops for doomed nodes and keep ->v_data around at least until they are done with it.
PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289504 Reported by: Damjan Jovanovic <damjan.jov@gmail.com> Sponsored by: The FreeBSD Foundation MFC after: 1 week
g_provider_by_name already skips the leading '/dev/' so these if statements are redundant. This changes some error messages, but those aren't parsed. g_concat also calls g_concat_find_disk, but it also skips /dev/ if present at the start of the string. Reviewed by: imp, Elliot Mitchell Pull Request: https://github.com/freebsd/freebsd-src/pull/1793
This partially reverts fd9e09cb2ab0, since apparently QT depends on this specific error code. It seems that it applies pdgetpid() to random fds and filters non-procdescs by checking errno for EBADF. Reported by: arrowd, Kenneth Raplee <kenrap@kennethraplee.com> Sponsored by: The FreeBSD Foundation MFC after: 1 week
Remove sys/cdefs.h. Remove unneeded sys/param.h. Reviewed by: alc, markj Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D51474
Reviewed by: alc, markj Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D51474
vm_fault: add vm_fault_might_be_cow() helper The helper checks that the object containing the fs->m page is not the top object in the shadow chain. Reviewed by: alc, markj Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D51474
vm_fault: add helper vm_fault_can_cow_rename() Reviewed by: alc, markj Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D51474
vm_fault: try to only share-busy page for soft faults If the fault handler found a vaild page that is definitely not going to be renamed for COW, try to only sbusy the page. We do not need to validate the page, and parallel faults on the same address are excluded by the xbusy state of the page from the top object. Reviewed by: alc, markj Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D51474
vm_fault: assert that first_m is xbusy There are several invariants, most important of which is prevention of parallel faults handling, that depend on first_m being xbusy for the duration of the page fault processing. Suggested by: markj Reviewed by: alc, markj Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D51474
Pull out the sleep types (stype) from ACPI, as was previously being done in D48732, and pass this sleep type to `power_pm_fn` instead of passing the existing sleep state. This is a little awkward because we already kinda have generic sleep states (`POWER_SLEEP_STATE_*`), but these are not precise enough to build upon. This revision also adds generic equivalents to `hw.acpi.suspend_state` etc sysctls, e.g. `kern.power.suspend`. Reviewed by: markj, mckusick (mentor) Approved by: markj, mckusick (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52036
Allow PM backends to report supported sleep types when registering through `power_pm_register`. Expose this information through `kern.power.supported_stype` sysctl, and set defaults for `power_standby/suspend/hibernate_stype` based on this. Implement this in ACPI PM backend. Reviewed by: mckusick (mentor), markj Approved by: mckusick (mentor), markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52044
Enabled qat driver support for 402xx device with ID 0x4944/0x4945. This is an additional device supported under the existing qat_4xxx driver. Firmwares specific to the 402xx device are added. Signed-off-by: Hareshx Sankar Raj <hareshx.sankar.raj@intel.com> Relnotes: yes Sponsored by: Intel Corporation MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D52488
Reviewed by: markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D52538
aarch64 and riscv are supported since 2023 so it should be safe to enable it by default. MFC after: 2 weeks Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D52575
Currently it is impossible for a privileged, jailed process to set audit session state. This can result in suprising audit event misattribution. For example, suppose a user ssh'es into a jail and restarts a service; normally, sshd sets audit state such that events generated by the SSH session are attributed to the newly authenticated user, but in a jail, the corresponding setaudit(2) call fails, so events are attributed to the user who had started sshd in the jail (typically the user who had started the jail itself by some means). While this behaviour is reasonable, administrators might want to trust the jailed sshd to reset audit state, such that the authenticated user appears in audit logs. Add a jail knob to enable this. Add a simple regression test. This is a reapplication of commit 246d7e9fc23928 following a revert. The audit system calls must preserve the old behaviour of returning ENOSYS if the system call is disallowed within a jail, as some applications depend on that behaviour. Reviewed by: kevans, jamie (previous version) MFC after: 1 week Sponsored by: Modirum MDPay Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D51719 Differential Revision: https://reviews.freebsd.org/D52572
Reviewed by: markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differrential revision: https://reviews.freebsd.org/D52567
* Allow the congestion control modules CDG, CHD, HD, and vegas also to be compiled into the kernel for IPv6 only kernel configs. * Compile the helper module h_ertt for round trip time estimation only into the kernel, if one of the congestion control module using it (one of CDG, CDH, HD, or vegas) is also compiled into the kernel. Please note the second point implies that TCP TSO is done whenever possible as long as none of the congestion control modules CDG, CHD, HD, or vegas is loaded or compiled into the kernel. Reviewed by: cc MFC after: 3 days Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D52547
cmcred_groups[0] in 'struct cmsgcred' must be the effective GID. Note that the code in unp_addsockcred() filling up 'struct sockcred'/'struct sockcred2' (LOCAL_CREDS/LOCAL_CREDS_PERSISTENT options) was in fact "wrong" before 'cr_gid' was moved out of cr_groups[], in the sense that it would transmit the effective GID twice, both separately as 'sc_egid' and as the first element of 'sc_groups'. It is now exact, so is left unchanged, which causes a difference in output (the effective GID is no more in 'sc_groups', unless it is also a supplementary group) that is unlikely to affect applications in practice. Reviewed by: glebius Fixes: https://cgit.freebsd.org/src/commit/?id=be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]") MFC after: 5 days MFC to: stable/15 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52262
cred: 'kern.ngroups' tunable: Rework the comment on the initial value
Remove the parts about the effective GID being stored as the first
element of the groups array, as this is generally not the case now after
commit be1f7435ef21 ("kern: start tracking cr_gid outside of
cr_groups[]") (some credentials export structures still have the old
layout, and need to do the 'ngroups_max + 1' computation, but given the
computation needed to obtain a size in bytes, this detail is not really
important here).
Remove the part about 32-bit machines, avoiding another modification
when support for them is removed.
No functional change.
MFC after: 5 days
MFC to: stable/15
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52265
cred: Update some comments after 'cr_gid' is no more cr_groups[0] While here, fix style of some already-updated comments. Fixes: https://cgit.freebsd.org/src/commit/?id=be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]") MFC after: 5 days MFC to: stable/15 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52266
cred: Remove obsolete comment after getgroups() not returning the eGID No functional change. Fixes: https://cgit.freebsd.org/src/commit/?id=9da2fe96ff2e ("kern: fix setgroups(2) and getgroups(2) to match other platforms") MFC after: 5 days MFC to: stable/15 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52267
cred: Restore proper checking of effective groups in some security policies The removal of 'cr_gid' from cr_groups[] as cr_groups[0] made cr_canseeothergids() skip considering the subject's first supplementary group, causing the 'security.bsd.see_other_gids' policy to be too restrictive, and cr_xids_subset() miss a check on the effective GID, relaxing the "can debug" and "can export KTLS keys" checks. Fix these policies. Fixes: https://cgit.freebsd.org/src/commit/?id=be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]") MFC after: 5 days MFC to: stable/15 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52268
cred: 'struct ucred': Rework comment on 'cr_gid'/cr_groups[] Make it more straightforward for consumers. Also, recommend using cr_sgroups[] for supplementary groups, as this can generally alleviate index problems and will help us spot and change consumers if/when 'struct ucred' is evolved incompatibly (and cr_sgroups[] suppressed). MFC after: 5 days MFC to: stable/15 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52269
Fixes: https://cgit.freebsd.org/src/commit/?id=be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]") MFC after: 5 days MFC to: stable/15 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52270
As 'cr_gid' was in fact stored in cr_groups[0], rule_grant_supplementary_groups() would loop only on further elements of cr_groups[]. Now that cr_groups[0] is not 'cr_gid' anymore, but some supplementary group, take it into account. Fixes: https://cgit.freebsd.org/src/commit/?id=be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]") MFC after: 5 days MFC to: stable/15 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52271
Invert the initial test on whether the policy is in force so that, if there are no restrictions, the function bails out early, allowing to de-indent the rest of the code and have it finish with a non-zero (deny) 'return'. No functional change (intended). MFC after: 5 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52272
linux: Simplify further getgroups() after 'cr_gid' not in cr_groups[] No functional change (intended). While here, fix/improve style a bit and in setgroups(). MFC after: 5 days MFC to: stable/15 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52276
linux: setgroups(): Fix the group number's upper limit 'ngroups_max' is the maximum number of supplementary groups the system will accept, and this has not changed. Fixes: https://cgit.freebsd.org/src/commit/?id=9da2fe96ff2e ("kern: fix setgroups(2) and getgroups(2) to match other platforms") MFC after: 5 days MFC to: stable/15 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52277
linux: setgroups(): Avoid allocation under the process lock
This was missed in commit 838d9858251e ("Rework the credential code to
support larger values of NGROUPS (...)").
No functional change (intended).
MFC after: 5 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52278
linux: setgroups16(): Pre-extend the groups array For the size we know we will need in the end. No functional change (intended). MFC after: 5 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52279
linux: getsockopt(): Simplify exporting groups a bit No functional change (intended). Go through conversion to a 'l_gid_t' before copying out in order to cope with differing group types (except for not representable values, of course). This is what is done, e.g., for getgroups() in 'linux_misc.c'. As Linux's group type is the same as ours on all architectures, we could as well just stop bothering and copy out our memory representation, eliminating the loop here. Whatever the choice, though, it has to be consistent here and there. Introduce 'out' of type 'l_gid_t' to avoid performing "by hand" array arithmetics when copying out. MFC after: 5 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52280
An examination of the scripts under 'sys/tools/syscalls' indicates that keeping STD as a type in the presence of COMPATxx does not make any difference, and regenerating system call files with STD removed does indeed not show any difference. Moreover, this practice is inconsistent with the rest of the file. Thus, remove the superfluous STD type for the two above-mentioned system calls. While here, re-order the remaining types for getgroups() to be consistent with other such occurences (COMPATxx before CAPENABLED). Reviewed by: kevans, emaste MFC after: 5 days MFC to: stable/15 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52499
and the last acquired file and line to witness object. For recursable locks, unfortunately current implementation records only the recurse count and the last acquired file and line, but does not restore the previous acquired file and line on unlock. Hence it is possible to report false acquired file and line, and that may mislead developers and make the report by users a little harder to analyse. Since subsequent recurse locks do not affect how witness order check, record the first acquired file and line so that the logic is much clear. Reported by: bz Reviewed by: kib (previous version), markj See also: https://lists.freebsd.org/archives/freebsd-current/2025-June/007944.html MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D52496
It does not hold since introduction of vnode state tracking, which
validates unlock only happens after the target vnode is sorted out
(fully constructed or aborted). See 829f0bcb5fe24bb5 ("vfs: add the
concept of vnode state transitions").
dtrace_xcall() is just a thin wrapper around smp_rendezvous_cpus(). There's no need for six identical implementations to live in MD layers. No functional change intended. MFC after: 2 weeks
Chace Linux change fca76071bab2 ("lib/string_helpers: Split out
string_choices.h") from v6.5. Everything that we implemented from
string_helpers.h has moved, so rename the file, update the include
guards, and add a new dummy string_helpers.h that just #includes it.
This matches Linux for the functionality that we have.
Reviewed by: bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52606
Reported and tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week
Noticed when building a kernel with options RANDOM_FENESTRASX. MFC after: 1 week
Generalize foffset_lock/unlock() by splitting the locking info file_v_lock/unlock() (LP64 case) or file_v_lock/unlock_mtxp() for ILP32 (using mutex pool) and then taking the action to read the offset. sys/file.h: rename struct file f_vnread_flags member into generic f_vflags Reviewed by: markj Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 2 weeks Differential revision: https://reviews.freebsd.org/D52486
Use f_vflags file locking for this. Allowing more than one thread handling F_SETFL might cause de-sync between real driver state and flags. Reviewed by: markj Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 2 weeks Differential revision: https://reviews.freebsd.org/D52487
Implements pipe_destroy as a counterpart to pipe_create, no functional changes. Arguably code could be refactored so that ino allocation only happens after bufs are allocated.
These files include a vmm_hyp equivalent file but don't have a dependency recorded. Fix this by manually adding this dependency. This is only a problem in a non-GENERIC configuration as normally vmm is loaded as vmm.ko. Reviewed by: imp Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D51822
nfc
This makes non-GENERIC kernel configs easier to maintain. Requested by: glebius MFC after: 2 days
The flag is guarded by proc lock which is already held.
After tracing poudriere for over 4 hours like so:
dtrace -n 'fbt::do_fork:entry { @[curthread->td_proc->p_flag & 0x2] = count(); }':
2 15605151
0 20074116
Over 56% of cases did not have P_CONTROLT set and could have avoided the
lock.
This reduces hold time of the proctree lock.
Allow PM backends to report supported sleep types when registering through `power_pm_register`. Expose this information through `kern.power.supported_stype` sysctl, and set defaults for `power_standby/suspend/hibernate_stype` based on this. Implement this in ACPI PM backend. Reviewed by: cy Approved by: cy Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52727 Event: EuroBSDcon 2025 Devsummit
There is precisely one place using it and even that should probably go away.
The kernel was already mostly using plain NULL, just whack it and be doen with the legacy. Churn generated with coccinelle: @@ @@ - NULLVP + NULL
No point after hot patching was introduced.
This was retained for KPI compatibility, but I can't find anything which needs it. Just get rid of it. Reported by: rwatson Reviewed by: alc, kib Differential Revision: https://reviews.freebsd.org/D52708
MAC/do: Check executable path from the current jail's root Contrary to my initial belief, vn_fullpath() does return a vnode's path from the current chroot, and not from the global root (which would have been a bug also, but without security consequences). This enables a "confused deputy"-like scenario where a chroot(2) can change which executable can be authorized by MAC/do, which is even more problematic for unprivileged chroot(2). This was found by re-examining the code following two close events: 1. Shawn Webb sent a mail to freebsd-hackers@ on 08/05 saying that in HardenedBSD they had added a check on P2_NO_NEW_PRIVS (in mac_do_priv_grant()), which I responded to on 08/20 saying that P2_NO_NEW_PRIVS was not necessary for mac_do(4), with a correct reasoning but based on the wrong above-mentioned assumption about vn_fullpath(). 2. I reviewed some code by Kushagra Srivastava (GSoC 2025 student working on mac_do(4)/mdo(1)) adding the ability to specify which executables can spawn processes that mac_do(4) may decide to authorize (others are simply ignored), which currently is hardcoded to '/usr/bin/mdo'. MFC after: 3 days Event: EuroBSDCon 2025 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52758
vn_fullpath.9: Add missing links for described functions To reflect all the functions that are now described in the manual page. Fixes: https://cgit.freebsd.org/src/commit/?id=9f269a0a771a ("MAC/do: Check executable path ...") MFC after: 3 days Event: EuroBSDCon 2025 Sponsored by: The FreeBSD Foundation
share/man/man9: Fix compilation I goofed in the previous commit. Fixes: https://cgit.freebsd.org/src/commit/?id=05e5de00b9ea ("vn_fullpath.9: Add missing links for described functions") MFC after: 3 days Event: EuroBSDCon 2025 Sponsored by: The FreeBSD Foundation
Like lkpi_pci_get_domain_bus_and_slot() implement lkpi_pci_get_slot() using pci_find_bsf() instead of pci_find_dbsf() (no domain). This is needed for a wireless driver. Unfortunately the name [pci_get_slot()] collides with the native PCI function. Add a guard around it and disable the use when the native version is required (in lkpifill_pci_dev() and in bnxt/bnxt_en; if the latter gets fixed we can probably also fix work around it in the former; further conflicts in drm-kmod 6.1-lts, 6.6-lts, and master were resolved). Sponsored by: The FreeBSD Foundation (initially) MFC aftre: 3 days Reviewed by: dumbbell Differential Revision: https://reviews.freebsd.org/D52065
Both drm-kmod and nvidia-drm were updated to keep compiling and/or working after the latest LinuxKPI PCI changes. Some of what should have worked for a long time but did not or conflicted was hidden behind native PCI calls instead of using LinuxKPI. We cleaned this up. Bump __FreeBSD_version so that users will get the updated packages. MFC after: 3 days PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289647
Reviewed by: khorben, ngie Differential Revision: https://reviews.freebsd.org/D52113
sh: Add config tag to /.profile The file /.profile is installed as a hard link to /root/.profile. The file in /root has the config tag, but the file in / does not, which causes it to be overwritten by pkg upgrade. Since they're linked, this also overwrites the file in /root. Add the config tag to the file in / as well, so pkg treates both links as config files and won't overwrite them. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289097 MFC after: 3 days Reviewed by: bapt, emaste Differential Revision: https://reviews.freebsd.org/D52162
sh: Fix non-NO_ROOT installconfig
When building without NO_ROOT, ${TAG_ARGS} is not set, which means we
pass ",config" as an install(1) argument. Only add the config tag if
${TAG_ARGS} is defined to begin with.
Fixes: https://cgit.freebsd.org/src/commit/?id=aa730a66bc74 ("sh: Add config tag to /.profile")
Reported by: bz
Reviewed by: ziaee, bapt MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D52343
tcpdump: get BINDIR from usr.sbin/Makefile.inc [NFC] Reviewed by: jrm, emaste Differential Revision: https://reviews.freebsd.org/D52332
tcpdump: drop no-op LBL_ALIGN macro This macro was replaced by a collection of architecture ifdefs in tcpdump 4.99.4 so defining it does nothing. Fixes: https://cgit.freebsd.org/src/commit/?id=51a183021fce3 ("Import tcpdump 4.99.4") Reviewed by: jrm, emaste Differential Revision: https://reviews.freebsd.org/D52333
tcpdump: don't create unused version.c The version now comes from the PACKAGE_VERSION macro. Fixes: https://cgit.freebsd.org/src/commit/?id=0a7e5f1f02aa ("tcpdump: Update to 4.99.5") Reviewed by: jrm, emaste Differential Revision: https://reviews.freebsd.org/D52334
X509_NAME_hash_ex() is not available in OpenSSL 1.x. Reviewed by: des Reported by: syzbot+54c1e57e7184582a8f59@syzkaller.appspotmail.com Fixes: https://cgit.freebsd.org/src/commit/?id=c340ef28fd38 ("certctl: Reimplement in C") Differential Revision: https://reviews.freebsd.org/D52291
We need to build OpenSSL when bootstrapping certctl. On MacOS ktls_enable() isn't defined anywhere, so without this the build fails. We don't need KTLS in the bootstrap library, so just disable it. Reviewed by: khorben, ngie Differential Revision: https://reviews.freebsd.org/D52341
When LIB_PACKAGE was added, MIT Kerberos was updated to use it but Heimdal was not, so it still used PACKAGE=kerberos-lib. Since we deleted kerberos-lib-all.ucl, this caused update-packages to fail when WITHOUT_MITKRB5 is set. Change the Heimdal libraries to use LIB_PACKAGE by setting this in kerberos5/lib/Makefile.inc, and remove PACKAGE=kerberos-lib from the individual Makefiles for each library. This means Heimdal gets the same set of packages as MIT Kerberos, except for kerberos-kdc which we don't create for Heimdal. Fixes: https://cgit.freebsd.org/src/commit/?id=929f5966a9fd ("packages: Improve handling of -lib packages") Reported by: jlduran Reviewed by: jlduran, cy Differential Revision: https://reviews.freebsd.org/D52371
Otherwise files are handled in the order returned by find(1). This in turn results in inconsistent ordering of files in the METALOG mtree file produced by "make installworld -DNO_ROOT", which results in non-reproducible filesystem images. Reviewed by: gshapiro, emaste MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D52349
So aef807876c30 moved moused down a level, so make depend broke. This fixes it. Sponsored by: Netflix
This "noatime" tweak, reduced the OPNsense constant 50kb - 80kb disk writes that wear down the SSD / NVME. Signed-off-by: Unicorn9x Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1834
Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1822
This option is turned on by default in -CURRENT but will be turned off in 15-STABLE; this description will land in the src.conf(5) man page in that branch. MFC after: 1 minute
When cross-building from MacOS we have MACHINE=arm64 MACHINE_ARCH=arm, so bsd.cpu.mk infers that sizeof(long) == 4, but of course it isn't. This breaks the bootstrap build of openssl, which tests MACHINE_ABI:Mlong64 to decide whether to build ecp_nistp224.c. It doesn't, and crypto/openssl/freebsd/include/openssl/configuration.h undefines OPENSSL_NO_EC_NISTP_64_GCC_128, so we end up with a link error. Reviewed by: ngie, emaste MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D52340
MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52008
It was added to the list in bsd.opts.mk in commit 4f81c42fbd76, so should have been removed here. Reported by: cperciva Fixes: https://cgit.freebsd.org/src/commit/?id=4f81c42fbd76 ("share/mk: Substitute reproducible prefixes in dwarf info") MFC after: 3 days Sponsored by: The FreeBSD Foundation Sponsored by: Klara, Inc.
Reviewed by: tsoome Differential Revision: https://reviews.freebsd.org/D52431
sysutils/panicmail is specified again several lines down. MFC after: 1 week Sponsored by: The FreeBSD Foundation Sponsored by: Klara, Inc.
src.sys.mk: Support src.conf in SRCTOP If SRCCONF is not defined and src.conf exists at the top level of the source tree, use that instead of /etc/src.conf. MFC after: 3 days Reviewed by: kevans, imp Differential Revision: https://reviews.freebsd.org/D52470
UPDATING: mention the src.conf change Fixes: https://cgit.freebsd.org/src/commit/?id=dd8c666d8b78 ("src.sys.mk: Support src.conf in SRCTOP")
Manpages are very small, and having a separate manpages package for every base package is quite annoying for users. Turn this option off by default. Discussed with: bapt Reviewed by: manu, emaste MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D52417
Verify that the target file or directory exists, and add support for an optional mode. This is required to enable NO_ROOT builds of some cloudware image types. No functional change intended. Reviewed by: cperciva, emaste MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D52449
Some services, such as growfs, only run upon the first boot of an image. The first boot is indicated by the presence of the file /firstboot, which is unlinked after boot. Individual cloudware types shouldn't be responsible for creating it. Do so in a centralized place. Aside from simplifying things, this ensures that we create a metalog entry for the firstboot file. Reviewed by: cperciva, emaste MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D52450
The “all.sh” script in version 7.1.0 accepts one less parameter for selecting the tests to be run.
Add extra defines required for bc-7.1.0 to the Makefiles.
PRINC_LOOK_AHEAD is the upstream default. Normally ksu determines the target princiapl by (quoted from the man page) a. default principal of the source cache b. target_user@local_realm c. source_user@local_realm With PRINC_LOOK_AHEAD emabled, for each candidate in the above list, select an authorized principal that has the same realm name and first part of the principal name equal to the prefix of the candidate. For example if candidate a) is jqpublic@ISI.EDU and jqpublic/secure@ISI.EDU is authorized to access the target account then the default principal is set to jqpublic/secure@ISI.EDU. Case 2: source user is root. If the target user is non-root then the default principal name is target_user@local_realm. Else, if the source cache exists the default principal name is set to the default principal of the source cache. If the source cache does not exist, default principal name is set to root\@local_realm. This commit restores the same behaviour as Heimdal ksu. Reported by: Dan Mahoney <dmahoney@isc.org> Requested by: Dan Mahoney <dmahoney@isc.org> MFC after: 3 days MFC to: 15/stable Differential revision: https://reviews.freebsd.org/D52478
MFC After: 1 day
packages: Use LIB_PACKAGE for zfs and ufs packages Commit f9513c334ff7 moved the shared libraries for ZFS and UFS into separate packages (libzfs and libufs), which resulted in a rather large number of packages being created, e.g. for ZFS: FreeBSD-libzfs FreeBSD-libzfs-dbg FreeBSD-libzfs-dbg-lib32 FreeBSD-libzfs-dev FreeBSD-libzfs-dev-lib32 FreeBSD-libzfs-lib32 FreeBSD-zfs FreeBSD-zfs-dbg FreeBSD-zfs-dbg-lib32 FreeBSD-zfs-dev FreeBSD-zfs-dev-lib32 FreeBSD-zfs-lib32 FreeBSD-zfs-man Use LIB_PACKAGE instead, which significantly reduces the number of packages: FreeBSD-zfs FreeBSD-zfs-dbg FreeBSD-zfs-dbg-lib32 FreeBSD-zfs-dev FreeBSD-zfs-dev-lib32 FreeBSD-zfs-lib FreeBSD-zfs-lib32 FreeBSD-zfs-man MFC after: 3 days Reviewed by: bapt Differential Revision: https://reviews.freebsd.org/D52416
packages: Add correct license for zoneinfo Source: contrib/tzdata/LICENSE MFC after: 3 days Reviewed by: bapt Differential Revision: https://reviews.freebsd.org/D51886
packages: Add meta-package sets Add several metapackages which contain no files themselves, but depend on other packages. This allows the user to install a system by using a set like "FreeBSD-set-minimal" instead of having to know which specific packages are required, and it means if we add more package in the future, existing installations will get them automatically as long as they were installed using a set. The defined sets are significantly less granular than the actual packages; the assumption is that users who want a very specific set of packages installed can do that manually, while sets are intended more for typical users who just want to install FreeBSD. The following sets are defined: * minimal: the set of packages required to boot the system and bring up a multi-user UNIX system. This includes hardware support, networking (wireless, DHCP), basic functionality like syslogd, cron and periodic. It does not include a kernel, because the kernels are quite large and the user might want to use a custom kernel. sendmail and DMA are not included in minimal. Since we provide two MTAs, the user should select which one they want, or install one from ports. sshd is not included because it's not required for the base system, and the user might want to install it from ports. Some other significant subsystems (e.g. NFS, Kerberos) are also not included. The minimal set does not include any libraries itself, since we rely on dependencies to pull these in. This implies it doesn't include library manpages, which is fine, since users won't want manpages for libraries unless they've also installed the development packages. * devel: the compiler toolchain for building software, along with all "-dev" packages which include header files and static libraries. * lib32: 32-bit compatibility packages. This includes both runtime and development packages. * kernels: the kernel packages. For freebsd.org builds, this will be GENERIC, GENERIC-DEBUG, etc., for custom builds it will be whatever was set in $KERNCONF. * base: everything else; this includes the entire base system. For each set, also generate a <setname>-dbg set containing the debug packages for the set. The sets are built along with the rest of the packages using a new script called create-sets.sh, which examines the "set" annotation in each package and puts it in the appropriate set. This is in anticipation of the later "groups" feature appearing in pkg itself, at which point we can simply replace the set annotation with the group. MFC after: 3 days Reviewed by: imp, bapt Differential Revision: https://reviews.freebsd.org/D52412
packages: Add minimal-jail set This is minimal, but without bootloader, hardware and networking support that's typically not required in jails. This requires extending the 'set' annotation to be a comma-separated list, so that packages can be in multiple sets. MFC after: 3 seconds Reviewed by: bapt Differential Revision: https://reviews.freebsd.org/D52591
packages: Mark all sets as vital At least "minimal" must be vital, because it's required for a functional system. For example, we might create new packages in the future which are required for the multi-user system and are part of the minimal set, so it's important that users don't remove set-minimal to ensure they get those new packages. For the other sets, it's debatable whether they should be vital or not, but let's start out with the assumption that if the user installed a set, they should have to have to explicit request it be removed. This means if, for example, they install set-devel, then remove lldb, pkg won't remove set-devel and cause the next "pkg autoremove" to remove everything else that was in set-devel. We might want to adjust this later (or possibly adjust the behaviour of pkg(8) itself) based on user feedback. While here, fix a typo in the description of the devel set. Suggested by: bapt MFC after: 3 seconds Reviewed by: kevans Differential Revision: https://reviews.freebsd.org/D52562
packages: Move kernel-man to the minimal set Currently this is in the "kernels" set, which doesn't make sense because it's not a kernel. Move it to the "minimal" set, on the basis that minimal already includes a bunch of manpages, and a user who installs with minimal expects that e.g. "man ix" will work. MFC after: 3 seconds Reported by: des Reviewed by: bapt Differential Revision: https://reviews.freebsd.org/D52560
release.sh: Pass PKGCONF through to make release Otherwise setting PKGCONF=1 in the release.conf file doesn't actually result in pkgbase bits being produced and shipped on images. MFC after: 1 minute Sponsored by: https://www.patreon.com/c/cperciva
release.sh: Pass *PKGBASE* through It helps to get the variable name right... Fixes: https://cgit.freebsd.org/src/commit/?id=d4282cfa97d6 ("release.sh: Pass PKGCONF through to make release") MFC after: 1 minute Sponsored by: https://www.patreon.com/c/cperciva
We then pass ABI from pkgbase-stage.lua to pkg(8); without this, cross-building releases with PKGBASE enabled fails with pkg: wrong architecture: ... pkg: repository FreeBSD-base contains packages with wrong ABI: ... MFC after: 1 minute Discussed with: emaste, jrtc27 Sponsored by: https://www.patreon.com/c/cperciva
This directory gets created by pkgbase-stage.lua. MFC after: 3 days Sponsored by: https://www.patreon.com/c/cperciva
gcc 13 and earlier don't have __builtin_bitcountg. The linux wifi kpi uses this unconditionally. While in this one use, it might not be needed, I opted to not compile iwlwifi when building gcc12 or 13 rather than risk breaking it for everbody else. With this change gcc12 builds the kernel. Maybe this will stop jenkins email for every commit I make. Sponsored by: Netflix
Reviewed by: thj MFC with: d566b6a70bcbc329e8c690464043401fa8bdd49f Sponsored by: The FreeBSD Foundation
When MANSPLITPKG is disabled (which is now the default), the kernel
manpages in sections 4 and 9 are installed in the -kernel package
instead of the -kernel-man package, because bsd.man.mk doesn't add
the -man suffix.
Since we already have handling for kernel-man in generate-ucl.lua,
set PACKAGE=kernel-man to make sure they're always in the right
package.
To avoid creating -kernel-man-man when WITH_MANSPLITPKG is enabled,
add some logic to bsd.man.mk (suggested by kevans) to avoid adding
the -man suffix if the package already has a -man suffix, and while
here, ensure ${__group}PACKAGE is always defined.
MFC after: 3 seconds
Reviewed by: des, bapt
Differential Revision: https://reviews.freebsd.org/D52525
I did this for disc1 but forgot to amend the dvd invocation. Fixes: https://cgit.freebsd.org/src/commit/?id=340e68fd7c0d ("release: Pass ABI to pkgbase-stage.lua") MFC after: 3 days Sponsored by: https://www.patreon.com/cperciva
Provide variables, PKG_REPOS_DIR and PKG_REPO_NAME, to allow the user to configure the source package repository. Configure pkg to emit added files to a metalog which gets concatenated with the main metalog immediately before we build the root filesystem. Reviewed by: cperciva, emaste MFC after: 3 days Sponsored by: The FreeBSD Foundation Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D52453
The FreeBSD-src package is the largest single pkgbase package at 158M currently. Remove it and FreeBSD-src-sys (87M) from the base set as they are not useful to all users. Reviewed by: emaste, ivy Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52573
Create a new tests package set to hold the tests, which are not useful to all users and don't belong in the base set. Reviewed by: emaste, ivy Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52574
release: Make azure cloudware images buildable as non-root - Don't chroot to uninstall pkg since we don't install pkg in the first place. - Use pw -R instead of chrooting. - Add metalog entries. Reviewed by: cperciva, emaste MFC after: 3 days Sponsored by: The FreeBSD Foundation Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D52451
release: Prepare EC2 cloudware images to be buildable as non-root - Avoid chrooting to uninstall pkg, as it will not be installed in the first place when in non-root mode. - Add metalog entries. Reviewed by: cperciva MFC after: 3 days Sponsored by: The FreeBSD Foundation Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D52452
release: Prepare oracle cloudware images for non-root builds - Add metalog entries. - Remove a stray entry in the package list. Reviewed by: cperciva, emaste MFC after: 3 days Sponsored by: The FreeBSD Foundation Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D52454
release: Prepare GCE cloudware images for building as non-root - Avoid mounting devfs just to list packages and fetch distfiles. - Add metalog entries. Reviewed by: cperciva, emaste MFC after: 3 days Sponsored by: The FreeBSD Foundation Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D52455
release: Prepare Vagrant cloudware images for building as non-root Add metalog entries for various files. This is a bit incomplete as pw(8) doesn't yet have support for emitting metalog entries, which we need since it's used here to create an interactive user. Reviewed by: emaste MFC after: 3 days Sponsored by: The FreeBSD Foundation Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D52456
crypto/openssl: apply polish to new vendor import process This change does the following 2 things: - Makes the build more repeatable by isolating the environment. This prevents bmake from leaking variables into gmake and makes the overall process a bit more robust. - Add debug printouts to make the process more straightforward to the reader and whoever is executing doing the current vendor import. MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D52420
crypto/openssl: fix importing new versions from pristine trees Prior to this change, CC was not being passed through to Configure, which was resulting in failures when Configure was running compiler checks. Pass through CC via `WRK_ENV` to Configure so the compiler is defined properly as part of the initial build. MFC after: 1 month Fixes: https://cgit.freebsd.org/src/commit/?id=d18058b7b850 ("crypto/openssl: apply polish to new vendor import process") Differential Revision: https://reviews.freebsd.org/D52595
Contains almost everything of use in a container except: - *lib32 - *dev - *dbg - *src - anything expecting hardware such as device config tools Differential Revision: https://reviews.freebsd.org/D51471 Reviewed by: dfr, emaste Approved by: cperciva MFC after: 1 day Sponsored by: SkunkWerks, GmbH
Include a pkg package in the pkgbase repo It is essential that users be able to install the FreeBSD base system from release media and have all the bits needed to update the FreeBSD base system without touching the ports tree or pkg.freebsd.org. To that end, resurrect (and heavily rewrite) the make-pkg-package.sh script and hook it into the create-packages target; if /usr/ports exists when building pkgbase packages, we'll also (cross)build pkg and include it in the repository. Scripting for actually installing this package as part of the FreeBSD installation process to come later, but I wanted this in the tree in time to test it in this week's snapshots. MFC after: 1 day Sponsored by: https://www.patreon.com/cperciva
Bootstrap pkg before building a pkg package At sufficiently high levels of build parallelism we can try to create the pkg before any of the other pkgbase-creation steps have taken care of the bootstrap. Fixes: https://cgit.freebsd.org/src/commit/?id=6b5adf33873a ("Include a pkg package in the pkgbase repo") MFC after: 12 hours Sponsored by: https://www.patreon.com/cperciva
release: Allow powerpc GENERIC64(le)? kernels The pkgbase-stage.lua script asserts that it has exactly one "kernel", but only accepts GENERIC as a "kernel". Use a slightly more permissive regex in order to capture kernels with names which start "GENERIC". Reviwed by: ivy MFC after: 12 hours Sponsored by: https://www.patreon.com/cperciva Differential Revision: https://reviews.freebsd.org/D52544
release: Make PKGBASE the default Replace the PKGBASE option by a NOPKGBASE option. Check for both whether the option is defined and whether it is empty, since when running from release.sh we always define NOPKGBASE. MFC after: 12 hours Sponsored by: https://www.patreon.com/cperciva Differential Revision: https://reviews.freebsd.org/D52536
release: Always dist sets on dvd1 In the !NOPKGBASE && !NODISTSETS case, we only want the pkgbase repo on disc1; but we want both packaging formats on dvd in order to allow for offline installs in both methods and also tools which ingest the dist sets from the dvd image. MFC after: 12 hours Sponsored by: https://www.patreon.com/cperciva Differential Revision: https://reviews.freebsd.org/D52537
We don't want a tests-dev package, because this means set-devel depends on tests-dev, which transitively depends on tests, which means you can't install set-devel without also getting tests. The only real "dev" files in tests-dev are from ATF (libprivateatf), so move that to its own package and add a dependency from tests. Also move Kyua to its own package, since this might be useful for running tests even when the user doesn't want the whole set of base tests installed. Add a dependency from -tests to both -atf and -kyua, and a dependency on -set-base, since the tests won't work without the full base system installed. The remaining "dev" files in tests are actually test artifacts, not real development libraries. Add a new NO_DEV_PACKAGE option to bsd.lib.mk, which causes dev files to be installed in the base package instead of creating a -dev package, and set this option for everything that installs test libraries. While here, add a slightly more informative description for the tests package. MFC after: 3 seconds Reviewed by: bapt, emaste Differential Revision: https://reviews.freebsd.org/D52597
Move mandoc to its own package so users can install it independently of -utilities. Put the package in the minimal set, since we also ship manpages in minimal and "man" is a basic Unix utility. Add a pkg-triggers(5) hook to run makewhatis when new manpages are installed, so that apropos(1) works. This depends on a new pkg(8) feature expected to be in in the upcoming 2.3.2 release; in the mean time, this is a no-op (i.e., having an older pkg doesn't break anything, it just won't run the trigger). MFC after: 3 seconds Reviewed by: bapt Differential Revision: https://reviews.freebsd.org/D52564
pkgbootstrap: Build pkg if PORTSDIR exists If we don't already have the pkg tool installed, we need to install it before we can build packages for pkgbase. (This arises in release builds which run in clean chroots; most users will have pkg installed already.) Installing it from pkg.freebsd.org via "pkg bootstrap" runs into two problems: First, it's an external dependency with security implications; and second, there's a bootstrapping problem on new major versions where pkg.freebsd.org does not have packages yet. Instead, if we have a ports tree, use it to build pkg ourselves. With hat: re MFC after: 6 hours Sponsored by: https://www.patreon.com/cperciva
pkgbootstrap: Gate building from ports In release builds we want to build pkg from the ports tree for reasons mentioned in a previous commit; but non-release pkgbase builds may be just fine with installing pkg from pkg.freebsd.org. Gate it behind BOOTSTRAP_PKG_FROM_PORTS rather than building form ports any time we have a ports tree available. While I'm here, make the pkgbase-repo target in release/Makefile create the temporary directories we need for building. Reviewed by: ivy MFC after: 6 hours Sponsored by: https://www.patreon.com/cperciva Fixes: https://cgit.freebsd.org/src/commit/?id=2c06b824436d ("pkgbootstrap: Build pkg if PORTSDIR exists")
While we usually build FreeBSD releases on the same major version, we do need to be able to e.g. build 15 on 16. Tell the ports tree that we know what we're doing. (We don't, not really, but we can at least pretend...) MFC after: 6 hours Sponsored by: https://www.patreon.com/cperciva
The introduction of package sets allows us to replace the current fragile string matching with this simpler and more robust alternative. Sponsored by: The FreeBSD Foundation MFC after: 3 seconds Reviewed by: emaste, ivy Differential Revision: https://reviews.freebsd.org/D52592
* Ignore "wrong major" errors when obtaining WRKDIR. * Put distfiles in /tmp in case /usr/ports is read-only. MFC after: 6 hours Sponsored by: https://www.patreon.com/cperciva
We need to put pkg into the pkgbase repository for release builds, but not for non-release pkgbase builds. Gate the contents of package-pkg behind INCLUDE_PKG_IN_PKGBASE_REPO=YES and set that when building releases. Reviewed by: ivy MFC after: 6 hours Sponsored by: https://www.patreon.com/cperciva
release.sh: Bootstrap pkg from the ports tree When building OCI continers, we create a pkgbase repository; but we need pkg in order to do this, and it may not be fetchable. Bootstrap it from the ports tree instead. Note that this pkgbase repository is not the same one as we ship as part of the release build; this duplication of package-creation will be fixed at a later date. MFC after: 6 hours Sponsored by: https://www.patreon.com/cperciva
release.sh: Use mkdir -p Don't fail if directories already exist. Fixes: https://cgit.freebsd.org/src/commit/?id=08adaf71e2e5 ("release.sh: Bootstrap pkg from the ports tree") MFC after: 6 hours Sponsored by: https://www.patreon.com/cperciva
MFC After: 3 day Reviewed by: ivy Differential Revision: https://reviews.freebsd.org/D52689
Nearly everyone wants powerd to manage CPU frequency scaling on real hardware, even if -utilities isn't installed. Conversely, very small jails might want -utilities but don't need powerd. Move it to its own package and add it to the minimal set. MFC after: 1 day Reviewed by: manu, imp Differential Revision: https://reviews.freebsd.org/D52645
MFC after: 1 day Reviewed by: manu, imp, emaste Differential Revision: https://reviews.freebsd.org/D52648
MFC after: 1 day Reviewed by: manu Differential Revision: https://reviews.freebsd.org/D52650
This was moved to -acct along with the rest of the accounting tools. While it does work with accounting data, it's also a core Unix tool that users would expect to be installed without having to install the whole accounting system. Move it back to -utilities, which is also where w(1) lives. MFC after: 1 day Reviewed by: manu Differential Revision: https://reviews.freebsd.org/D52653
Due to the size of libpmc.so.5, this reduces the size of the -utilities package by 10%. MFC after: 1 day Reviewed by: manu, adrian, emaste Differential Revision: https://reviews.freebsd.org/D52662
Currently libbz2 is in the libbz2 package, while bzip2 itself is in -utilities, which is inconsistent. Move both the library and the utility to a new -bzip2 package, and use LIB_PACKAGE to create a separate -bzip2-lib package for runtime dependencies. Add the bzip2 package to the minimal set, and since newsyslogd uses bzip2 for logfile compression, add a dependency from there. MFC after: 1 day Reviewed by: manu Differential Revision: https://reviews.freebsd.org/D52663
Development versions of pkg have a version like "2.3.0-d8bbde1c3-dirty", which is not handled by PKG_BIN_VERSION, so PKG_EXT ends up being "tar" and this breaks update-packages. Fix the PKG_BIN_VERSION logic, and while here, remove backwards compat for pkg versions prior to 2.0, which no one should be using to build main or stable/15. This means nothing is left to use PKG_BIN_VERSION, but continue to set it, since we might need it again in the future. MFC after: 1 day Reviewed by: manu, kevans Differential Revision: https://reviews.freebsd.org/D52666
I didn't add this originally since many jails don't require devd, but it's very small (~90kB) and has no dependencies other than clibs and runtime, so we may as well include it for parity between minimal and minimal-jail. While here, improve the package description. Requested by: imp MFC after: 1 day Differential Revision: https://reviews.freebsd.org/D52679
atf.7 should be in -atf, and tests.7 should be in -tests. MFC after: 1 day Differential Revision: https://reviews.freebsd.org/D52661
rc(8), as well as rc scripts themselves, require /bin/sh and basic shell utilities to work. Currently -rc has an implicit dependency on -runtime because of libutil, but this might change in the future if libutil were moved to a different package. Add an explicit dep to ensure -runtime is installed. MFC after: 1 day Differential Revision: https://reviews.freebsd.org/D52654
To be specific, set NO_ROOT=1 WITHOUT_QEMU=1 (those options go together and it is an error to specify one without the other) if NO_ROOT is defined in release.conf. MFC after: 3 days Sponsored by: https://www.patreon.com/cperciva
package-pkg (via make-pkg-package.sh) passes CONFIGURE_ARGS to make when building ports-mgmt/pkg, which overrides the port's default configure args that are supposed to set --prefix. This means that pkg is always built with the default prefix of /usr/local, which then fails when ports tries to package it from LOCALBASE. Work around this by explicitly adding --prefix to CONFIGURE_ARGS. MFC after: 1 day Reviewed by: bapt Differential Revision: https://reviews.freebsd.org/D52634
If we can't install pkg(8) on the media, instead of ignoring the error, fail the build. This avoids silently creating media which doesn't have pkg(8) on, and therefore can't be used for a pkgbase install. Installing pkg(8) can still be entirely disabled by setting NOPKG. MFC after: 1 day Reviewed by: ifreund_freebsdfoundation.org, cperciva Differential Revision: https://reviews.freebsd.org/D52635
We need a pkg package on the media so we can install it for offline installations; copy this package from the staging repository to the pkgbase offline repository on the media. MFC after: 1 day Reviewed by: ifreund_freebsdfoundation.org, cperciva Differential Revision: https://reviews.freebsd.org/D52636
If we're building pkgbase media, install the pkg package from the pkgbase repository we already created, not from pkg.freebsd.org. Aside from being more desirable, this also fixes make release for version/architecture combinations which are missing repository on pkg.f.o (which is nearly all of them at the time of writing). This doesn't yet work for bootonly, since we don't build the pkgbase repository there. For now, restore the old behaviour of attempting to install pkg from pkg.freebsd.org for bootonly. MFC after: 1 day Reviewed by: ifreund_freebsdfoundation.org, cperciva (previous version) Differential Revision: https://reviews.freebsd.org/D52637
Although support for PowerPC kernels (GENERIC64 and GENERIC64LE) was added to pkgbase-stage.lua, the equivalent support was missing from bsdinstall, so the installer would fail at runtime since it wouldn't find a kernel package. Improve the pkgbase-stage logic to have a specific list of kernels we want to support (which avoids breaking if multiple kernels are available), and use the same logic in both bsdinstall and pkgbase-stage. MFC after: 1 day Reviewed by: cperciva Differential Revision: https://reviews.freebsd.org/D52638
There are still some minor breakage with NO_ROOT (aka WITHOUT_QEMU) builds but turning all the cloudware on unconditionally will allow for more testing of the build process concurrently with the final bug fixes landing. Discussed with: markj MFC after: 1 week Sponsored by: https://www.patreon.com/cperciva
* at requires cron, since atrun is started by cron and won't work without it, and also requires runtime because at runs jobs under /bin/sh. * bluetooth requires ppp for rfcomm_pppd (a very common use case). * bsdconfig and bsdinstall are written in shell script and therefore require /bin/sh. * devd requires /bin/sh to invoke its hooks. While here, document the policy for adding dependencies in the README. This will hopefully ensure we end up with consistent dependencies. MFC after: 1 day Reviewed by: bapt Differential Revision: https://reviews.freebsd.org/D52699
Provide at least a basic description of every package we build. Where possible, the description is taken from a relevant manpage; when there was no suitable text in the manpage, I wrote a new description. Since the UCL files now contain a significant amount of English prose which is almost certainly subject to copyright in at least some jurisdictions, add a copyright header to every file. Where the text was taken from a manpage, the copyright and license are also taken from the manpage. A few files don't have copyright headers added because the origin of the text is unclear, or because the files were written by someone else. While here, remove some orphaned UCL files for packages we no longer ship. MFC after: 1 day Reviewed by: bapt Differential Revision: https://reviews.freebsd.org/D52690
When NO_INSTALLKERNEL and NO_INSTALLEXTRAKERNELS are set, or when BUILDKERNELS is empty, we can fail to define the create-kernel-packages make target, which we call unconditionally. So if do not have a kernel staging dir, go ahead and provide an empty create-kernel-packages so that when it's used elsewhere, the build succeeds. This lets me build a tree and package it when I don't have a kernel, for jails and other similar environments. There's no change if any kernels are built, since that will provide the necessary make target that does useful things for that case. Sponsored by: Netflix
This also indirectly addresses the lack of FreeBSD-lldb package on the riscv64 platform by relying on that package being part of the FreeBSD-set-devel set iff it exists. A subsequent commit will adjust the "notoolchain" OCI container image to also use a package set, which will indirectly affect the contents of the "toolchain" container (which is an explicit superset of the "notoolchain" container). MFC after: 1 day Co-authored-by: dch
This will allow the VM image build scripts to use the same repository config file for installing base system packages at build time. Reviewed by: emaste Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D51482
VM and cloud images are now built as packaged base systems by default, matching the default for installation media. Setting -DNOPKGBASE allows building as non-pkgbase systems. Reviewed by: emaste Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D51483
Although inetd is widely used, none of the base daemons which require or support inetd (e.g. fingerd, tftpd, sshd) are in the minimal set, and it's fairly uncommon to enable inetd's built-in servers nowadays. MFC after: 6 hours Reviewed by: manu, bapt, emaste Differential Revision: https://reviews.freebsd.org/D52715
This is base, but without packages which are not generally useful in jails. The following packages are excluded: * Support for hardware not present in a jail: acpi, apm, bluetooth, ccdconfig, console-tools, cxgbe-tools, efi-tools, fd, hostapd, mlx-tools, nvme-tools, wpa * Kernel facilities that don't work in a jail: dtrace, dwatch, ggate, hast, iscsi, libcuse, smbutils All library packages are included in base-jail, even if they might not work, because the user may have executables linked with them. While here, remove the set-minimal dependency from set-devel, since this will cause unnecessary packages to be installed in jails. This means users will need to install set-devel in addition to their base set (minimal or base), which bsdinstall already handles correctly. Add a license to all the set UCL files, so people can redistribute them. MFC after: 6 hours Reviewed by: manu Differential Revision: https://reviews.freebsd.org/D52719
This covers the basic structure of pkgbase, how packages are distributed, how package sets work, and provides a few example of actually using pkgbase. MFC after: 6 hours Approved by: re (cperciva) Reviewed by: ziaee, cperciva Differential Revision: https://reviews.freebsd.org/D52644
Prior to this commit, pkgbase-stage.lua used a hard-coded PKG_DBDIR "./pkgdb"; unfortunately this creates a race condition if we start building disc1.iso and dvd1.iso at the same time pkg: sqlite error while executing CREATE TABLE licenses [...] in file pkgdb.c:2330: table licenses already exists since pkg checks to see if the pkgdb is initialized and initializes it if not. Use separate pkgdb-disc1 and pkgdb-dvd directories. MFC after: 1 minute Sponsored by: https://www.patreon.com/cperciva Differential Revision: https://reviews.freebsd.org/D52755
PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289653 Reported by: Trond Endrestøl <Trond.Endrestol@ximalas.info> MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52676
This is required to manage the firmware on amd64 and aarch64 systems. MFC after: 3 days Reviewed by: imp, emaste Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52742
These manpages are broadly applicable to all systems, even jails, since they describe kernel facilities which are available in jails. MFC after: 3 days Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52743
packages: Add an "optional" set This is everything in "base" but without compilers. This means we have sets to support four basic workloads: - "minimal" for a small installation where the user intends to add other packages by hand. - "optional" for a complete installation on a production system which does not need to compile software. - "devel", which can be added to either minimal or optional when compilers are required. - "base" for a complete installation, including compilers, for users who don't want to interact with pkgbase and just want the complete system installed like it was before. This is probably the last set want to add; any further metapackages would be better treated as "task" packages intended to target one specific workload. MFC after: 3 days Reviewed by: cperciva, bapt Differential Revision: https://reviews.freebsd.org/D52777
create-sets.sh: Always build the base sets Since all packages were moved to the optional set, no packages are directly in the base sets, which means nothing caused the base sets to be built. Add the base sets to create-sets.sh so they're always built. Fixes: https://cgit.freebsd.org/src/commit/?id=eaecc9551ae4 ("packages: Add an "optional" set") MFC after: 1 day
sh: Remove /.profile root's home directory was moved to /root many years ago, so there's no reason to keep this old link. This brings sh in line with csh, where /.cshrc was removed in dcb65c5a94d4. Relnotes: yes Approved by: re (cperciva) MFC after: 1 day PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289097 Reviewed by: cperciva, jilles, bapt, emaste Differential Revision: https://reviews.freebsd.org/D52161
bin/sh: Fix the build Removing <bsd.prog.mk> was unintentional; put it back. Fixes: https://cgit.freebsd.org/src/commit/?id=d31e342bcc8e ("sh: Remove /.profile") MFC after: 1 day
We don't need an entire package for this trivial library. Move it to toolchain, which in practice means it's installed in toolchain-dev as it only contains a static library. MFC after: 1 day Reviewed by: bapt Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52793
This library is required for C11 conformance, and is tiny (11kB), so instead of creating a bunch of packages for it, put it in runtime. Although this is a core C library and might be expected to live in clibs, kib objected to this on the basis that almost nothing actually uses libstdthreads and putting it in clibs would be wasteful. MFC after: 1 day Reviewed by: kib Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52792
Rename liblzma to xz, and use LIB_PACKAGE to create an xz-lib package for runtime libraries. MFC after: 1 day Reviewed by: bapt Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52791
Instead of creating a separate libsdp package, use LIB_PACKAGE to ship this in bluetooth-lib. MFC after: 1 day Reviewed by: bapt Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52790
This is part of audit, so use the new LIB_PACKAGE feature to name the package audit-lib, rather than libbsm. MFC after: 1 day Reviewed by: bapt Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52789
This is a niche tool which is only useful in a small number of specific situations. It's very small (8kB), and the executable component /usr/bin/stdbuf is already in -utilities, so move the shlib to -utilities as well. MFC after: 1 day Reviewed by: bapt Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52788
virtual_bt_speaker(8) includes bluetooth.h, which won't exist if WITHOUT_BLUETOOTH is set, which will result in a build failure. Reported by: peterj Fixes: https://cgit.freebsd.org/src/commit/?id=9cab9fde5eda ("virtual_oss: Port to base") Sponsored by: The FreeBSD Foundation MFC after: 3 days
Remove the ctf-tools package. Add a new package which contains the previous contents of ctf-tools along with libctf. This removes CDDL-licensed code from the utilities package. Set LIB_PACKAGE for libctf so that DTrace runtime doesn't need to install the tools. MFC after: 1 day Reviewed by: bapt Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52776
LLVM was relicensed under Apache 2.0 with LLVM exception a while ago. MFC after: 1 day Reviewed by: bapt, imp (previous version) Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D51769
pkgbase: move ncurses into its own package Pushing ncurses into clibs adds extra upgrade risk to a package that otherwise consists of integral libs with non-trivial interdependencies. Adding it to -runtime was considered, but the move was historically motivated to some extent by allowing a much smaller set of base libs to be installed for smaller VM images that don't really need all of the runtime package. This also fixes the ncurses build to ensure that libmenuw is grouped with the rest of the ncurses libraries, which doesn't seem to have been an intentional omission. Reviewed by: ivy MFC after: 2 days (pkgbase movement) Differential Revision: https://reviews.freebsd.org/D52786
packages: remove ncurses-all license text The "Software" line in the license text seems to trip some kind of UCL parsing bug. Replace it with an SPDX tag and a pointer to the file for the time being. Reported by: fluffy, madpilot Fixes: https://cgit.freebsd.org/src/commit/?id=06afa0a55e0ac ("pkgbase: move ncurses into its own package")
libedit isn't as foundational as the rest of -clibs, but various bits of -runtime do need it. Give it a new home over in -runtime. This also fixes the libedit build to group the readline bits into the same package as the libedit that implements them. Reviewed by: ivy MFC after: 2 days (pkgbase movement) Differential Revision: https://reviews.freebsd.org/D52787
While here, fix manlint warnings and a typo in tzset(3). MFC after: 3 days
virtual_oss: Do not build if WITHOUT_CUSE is set PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289920 Fixes: https://cgit.freebsd.org/src/commit/?id=9cab9fde5eda ("virtual_oss: Port to base") Sponsored by: The FreeBSD Foundation MFC after: 1 day Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D52807
Azure images are Microsoft VHD files which use the .vhd extension. We use the mkimg format arg "vhdf" to specify the fixed vhd format, but the extension should remain .vhd. Reviewed by: lwhsu, whu Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D38761
Update main to 16 * Bumps to versions in lib/clang * Bumps to sys/conf/newvers.sh and sys/sys/param.h * Update to UPDATING Approved by: re (implicit) Sponsored by: https://www.patreon.com/cperciva
devd: Remove gross hack Remove hack from FreeBSD 14 that mapped kern->kernel for name. Fixes: https://cgit.freebsd.org/src/commit/?id=8b4e4c273730 MFC: Never Sponsored by: Netflix
Add myself (jaeyoon@) as a new src committer with imp@ as my mentor. Reviewed by: imp (mentor) Approved by: imp (mentor) Differential Revision: https://reviews.freebsd.org/D52570
Reviewed by: maxim (mentor) Approved by: maxim (mentor) Differential Revision: https://reviews.freebsd.org/D52769
Onboard new ports committer Tiago Gasiba (tiga) in accordance with step 5 of sec. 7.1 committer's guide PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289889 Approved by: eduardo, flo (mentors)
This catches a bug in tzcode which incorrectly considers TZDEFAULT as unsafe as if it came from the environment. Also deduplicate some repeated code, and fix a missing mode in an open(2) call with O_CREAT set. Event: Oslo Hackathon 202508 Reviewed by: philip Differential Revision: https://reviews.freebsd.org/D52241
if_bridge(4) should not prohibit adding a gif(4) interface which is assigned with IP addresses as a bridge member regardless of the setting of sysctl variable net.link.bridge.member_ifaddrs. Assigning IP addresses on the gif(4) interface should not be affected no matter whether it is member of a bridge interface or not. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=227450 Reported by: Siva Mahadevan <me@svmhdvn.name> Reviewed by: ivy (previous version) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52200
Earlier versions (than 2.7.0) do not support float notifications or link-local addresses. Skip the relevant tests there. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289150 MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D52234
Add a wait after we establish the SCTP connection to give pfsync some time to work before we check if it has synced the state to the other jail. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289239 Sponsored by: Rubicon Communications, LLC ("Netgate")
When transmit checksum offloading is enabled, if_epair does not compute checksums, it just marks packets that this computation still needs to be done. However, some test cases verify the checksum. Therefore disable this for IPv4 and IPv6. Reviewed by: kp MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52379
Signed-off-by: Siva Mahadevan <me@svmhdvn.name> Sponsored by: The FreeBSD Foundation Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1780
Signed-off-by: Siva Mahadevan <me@svmhdvn.name> Sponsored by: The FreeBSD Foundation Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1780
Signed-off-by: Siva Mahadevan <me@svmhdvn.name> Sponsored by: The FreeBSD Foundation Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1780
Signed-off-by: Siva Mahadevan <me@svmhdvn.name> Sponsored by: The FreeBSD Foundation Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1780
Signed-off-by: Siva Mahadevan <me@svmhdvn.name> Sponsored by: The FreeBSD Foundation Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1780
Signed-off-by: Siva Mahadevan <me@svmhdvn.name> Sponsored by: The FreeBSD Foundation Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1780
Signed-off-by: Siva Mahadevan <me@svmhdvn.name> Sponsored by: The FreeBSD Foundation Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1780
Signed-off-by: Siva Mahadevan <me@svmhdvn.name> Sponsored by: The FreeBSD Foundation Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1780
Signed-off-by: Siva Mahadevan <me@svmhdvn.name> Sponsored by: The FreeBSD Foundation Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1780
Signed-off-by: Siva Mahadevan <me@svmhdvn.name> Sponsored by: The FreeBSD Foundation Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1780
Signed-off-by: Siva Mahadevan <me@svmhdvn.name> Sponsored by: The FreeBSD Foundation Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1780
Sponsored by: Rubicon Communications, LLC ("Netgate")
Sponsored by: Rubicon Communications, LLC ("Netgate")
This has been supplanted by cryptocheck and has bitrotted to the point where it no longer builds. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289325 Reviewed by: jhb Differential Revision: https://reviews.freebsd.org/D52399
libc's C memcmp currently returns the difference in byte values rather than just -1/0/1 as the AArch64 assembly implementation, many non- FreeBSD implementations, and compiler built-in optimizations do. It is a bug for a user to expect memcmp to return the difference in the byte values as the compiler is free to inline memcmp() with an implementation that does not do this. Change the test to validate only what the standard requires. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289084 Reviewed by: markj, fuz Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52502
The LastLocalModify tests were originally written to simulate a race condition between VOP_SETATTR and VOP_LOOKUP. They were later extended to cover some other VOPs that can affect file size, including VOP_WRITE. However, the test never correctly simulated the race with VOP_WRITE. So that test only ever passed by accident. Fix it by always opening the file with O_DIRECT. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289237 Reported by: Siva Mahadevan <me@svmhdvn.name> MFC after: 1 week
Ensure that the fragmentation counters work as expected.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Sponsored by: Rubicon Communications, LLC ("Netgate")
Now that stat(1) can report whether a file is sparse, we no longer need a helper program for our tests. Sponsored by: Klara, Inc. Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D52482
These tests use pft_ping.py, which requires python3 and Scapy. Reviewed by: ngie Approved by: emaste (mentor) Fixes: https://cgit.freebsd.org/src/commit/?id=65c318630123 ("pf: Add prefer-ipv6-nexthop option for route-to pools") MFC after: 10 days Differential Revision: https://reviews.freebsd.org/D52589
The 'setgroups(0, NULL);' stance works the same on all versions of FreeBSD, getting rid of all supplementary groups. The replaced code would force the effective GID to also be a supplementary group. Fixes: https://cgit.freebsd.org/src/commit/?id=9da2fe96ff2e ("kern: fix setgroups(2) and getgroups(2) to match other platforms") MFC after: 5 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52289
To this end, call setgroups(0, NULL) instead of passing the effective GID. This stance is fully compatible with older versions of FreeBSD. Fixes: https://cgit.freebsd.org/src/commit/?id=9da2fe96ff2e ("kern: fix setgroups(2) and getgroups(2) to match other platforms") MFC after: 5 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52290
Sponsored by: Rubicon Communications, LLC ("Netgate")
Verify that 'set limit anchors' now has the expected effect.
Sponsored by: Rubicon Communications, LLC ("Netgate")
The location of the 'wasxfail' attribute was moved from the 'reason' attribute back to the parent 'report'. This fixes an issue where xfails are wrongly reported to ATF as skipped tests. Signed-off-by: Siva Mahadevan <me@svmhdvn.name> Pull-request: https://github.com/freebsd/freebsd-src/pull/1849 Sponsored by: The FreeBSD Foundation
Tests contains a file that contains spaces in it. This causes the freebsd-update build scripts some issues. As we don't need the tests directory let's simply remove it. MFC after: 3 days or as determined by re@ MFC to: stable/15
The garbage left would prevent subsequent tests to succeed. Note that currently this is the last test to execute.
At the moment all tests need forced rotation, but future tests may not, so let the tests themselves decide if -F is needed. Should be no functional change.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Sponsored by: Rubicon Communications, LLC ("Netgate")
Sponsored by: Rubicon Communications, LLC ("Netgate")
The problem is that fullsocket() creates a socket that has both send and receive buffers full and as we process messages from the receive buffer we allow the kernel to continue processing of the send buffer and a new message may arrive while the test expects that no new messages arrive. Fix that by creating a socket that has several messages in the receive buffer, but don't have any in the send buffer.
Test a value of TZ that temporarily escapes from TZDIR (which is not permitted when setugid) then reenters it. MFC after: 3 days
Test scripts based on atf_python can now pass jail command options via the
'opts' key in the 'vnetX' key of TOPOLOGY.
Reviewed by: melifaro
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D52761
We can't reliably check for the absence of replies to our MLD queries (because a host may announce its multicast subscriptions), so enable pf logging and check for the relevant error message instead. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289821 MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D52762
These could go in other categories, but it's more clear if they're here instead.
Reported by: Timo Völker Fixes: https://cgit.freebsd.org/src/commit/?id=ac87d70563f8 ("vtnet.4: improve existing descriptions and add missing ones") MFC after: 3 days Sponsored by: Netflix, Inc.
Requested by: kevans
MFC after: 3 days
MFC after: 3 days
MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52407
For "options", we put a space before a TAB so that commenting out an option doesn't move the columns. No functional change. Fixes: https://cgit.freebsd.org/src/commit/?id=c8d8cac2a847 ("mac_do(4): allow compiling into kernel") MFC after: 3 days Sponsored by: The FreeBSD Foundation
Reported by: kib MFC after: 3 days
MFC after: 3 days
MFC after: 3 days
and whitespace cleanup. MFC after: 3 days
MFC after: 3 days
getgrouplist(3): Remove superfluous headers, bogus comment and whitespace No functional change (intended). Fixes: https://cgit.freebsd.org/src/commit/?id=a59d6a872459 ("Implementing 'fallback' nsswitch source.") MFC after: 3 days Sponsored by: The FreeBSD Foundation
libc: fix the _FORTIFY_SOURCE build of getgrouplist(3) We need <unistd.h> to get our prototype normally, but WARNS in libc is way too low to surface that. Additionally, _FORTIFY_SOURCE needs to include <ssp/unistd.h> by way of <unistd.h> to actually export an implementation of getgrouplist(3). The version defined in the .c gets named __ssp_real_getgrouplist() and the actual implementation comes from the redirect stub in <ssp/unistd.h>, which basically gets optimized away in the built object because our __builtin_object_size() check is trivially false when we cannot resolve any object sizes in this translation unit. This could be argued as a design flaw in _FORTIFY_SOURCE, but we should grab <unistd.h> for our prototype anyways so let's kick the can down the road instead of re-thinking it for 15.0. Reported by: Shawn Webb (HardenedBSD) Fixes: https://cgit.freebsd.org/src/commit/?id=d3f8ed6066 ("getgrouplist(3): Remove superfluous [...]") MFC after: 3 days
Signed-off-by: Quentin Thébault <quentin.thebault@defenso.fr> Reviewed by: imp, jhb Pull Request: https://github.com/freebsd/freebsd-src/pull/1827
[skip ci]
Fixed typos in UPDATING Signed-off-by: Harry Fellowes <harryfellowes1@gmail.com> Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1846
"[ n foo ]" is an error and should have been "[ -n foo ]". Fortunately the only ill effect was to result in garbage in /tmp/ when creating powerpc ISO images. Fixes: https://cgit.freebsd.org/src/commit/?id=6c3e01bf8578 ("release: Randomize powerpc boot block file name") MFC after: 3 days Sponsored by: https://www.patreon.com/cperciva
MFC after: 3 days
No functional change intended. MFC after: 1 week Sponsored by: The FreeBSD Foundation Sponsored by: Klara, Inc.
Spotted by: lme@
No functional change intended. MFC after: 3 days Sponsored by: Netflix, Inc.
tzset() calls zoneinit() with the FROMENV flag set unconditionally, so
if TZ is unset and we use TZDEFAULT instead, we were still treating it
as if it came from the environment. Unset the FROMENV flag if name is
null and we switch to TZDEFAULT, or if, after skipping the optional
leading colon, we find that name is identical to TZDEFAULT.
This incorporates upstream change d0e0b00f846c ("Avoid unnecessary
access, stat calls").
Fixes: https://cgit.freebsd.org/src/commit/?id=b6ea2513f776 ("tzcode: Limit TZ for setugid programs")
Event: Oslo Hackathon 202508
Reviewed by: philip
Differential Revision: https://reviews.freebsd.org/D52240
The merge markers were added, it seems, in one of my rebases. The HEAD entry is the merged code, as far as I can tell, and is what should be in the base. None of these files are used during the build. Noticed by: jhb Sponsored by: Netflix
Originally in e2340276fc73 the function argument was a "const void *data" which we changed to "const int" in FreeBSD. The Linux version simply cast the const void * to (enum rtw89_rf_path) both losing the const and changing the type. When later the function argument became a const union rtw89_fw_element_arg in 5b760eaecd6c3 it seems we tried to undo the older FreeBSD specific part and initially mismerged it leading to the const void *; but when fixing the type we did not undo the __DECONST but did a mechanical copy. Reviewed by: bz Co-authored-by: bz (commit message) Obtained from: CheriBSD Sponsored by: AFRL, DARPA Fixes: https://cgit.freebsd.org/src/commit/?id=6d67aabd6355 ("rtw89: update Realtek's rtw89 driver.") Differential Revision: https://reviews.freebsd.org/D52359
C++ source files need `extern "C"` to disable C++ name mangling. MFC after: 1 week Reviewed by: aokblast (previous version), phil, imp (previous version) Differential Revision: https://reviews.freebsd.org/D47930
Release notes at
https://nlnetlabs.nl/news/2025/Jul/16/unbound-1.23.1-released/
Since we don't enable ECS, this is mostly a nop for us.
Merge commit 'c8864f6ba46ff3271d97b4ae1c3cc6ce01eaf18a'
MFC after: 3 days
Notable upstream pull request merges: #15869 ee7c36264 Add description of default sorting behavior to zfs_list.8 #17375 ced72fdd6 tunables: remove legacy FreeBSD aliases #17600 1da2c30be Update pam_zfs_key.c default path for FreeBSD #17632 b6bd3228b Synchronize the update of feature refcount #17645 59f8f5dfe zfs_vnops_os.c: Add support for the _PC_CLONE_BLKSIZE name #17665 0d54ae288 zdb: Fix format strings on 32-bit systems #17673 976f76534 Update compatibility.d files #17699 e3c3e86c0 Fix wrong dedup_table_size for legacy dedup #17704 e29bfa5bd Fix warnings about sha2_is_supported on FreeBSD/i386 #17706 a2424312c Fix the build on 32-bit FreeBSD with GCC Obtained from: OpenZFS OpenZFS commit: 7939bad5e79225288a2580e8ea217f5c6f616db2
Suppose an nvlist nvl belongs to a parent nvlist or nvlist array. In this case, nvl contains a pointer to its container. This trips up nvlist_send(nvl) and nvlist_dump(nvl), which intuitively should only operate on nvl and its nvpairs. In particular, both of these functions will traverse to nvl's parent and start sending/dumping the parent's nvpairs, which results in assertion failures or nonsensical output, respectively. Reviewed by: oshogbo MFC after: 2 weeks Sponsored by: Innovate UK Differential Revision: https://reviews.freebsd.org/D52360
printm is specific to the FreeBSD dtrace port. I believe it's effectively the same as tracemem(), though printm apparently predates it. It stores the size of the buffer of traced data inline. Currently it represents that size using a uintptr_t, which isn't really right and poses challenges when porting to CHERI because `DTRACE_STORE(uintptr_t, ...` requires the destination to be suitably aligned, but this isn't necessary since we're just storing a size. Convert to using a size_t. This should be a no-op since sizeof(uintptr_t) == sizeof(size_t) on non-CHERI platforms (and besides that I don't see a reason to use printm() when tracemem() is available and is simpler to use.) Reviewed by: Domagoj Stolfa, avg MFC after: 2 weeks Sponsored by: Innovate UK Differential Revision: https://reviews.freebsd.org/D52055
This update fixes a few bugs: - Improper response to double SIGINT with editline. - Not letting libedit handle terminal size changes. - A dc crash from improperly handling an error. - A duplicate check for reference arrays. - Build failures with GCC 15. Merge commit '682da5a0fdb2c38ecc3951047a882471d62aa1d1'
Notable upstream pull request merges: #17227 d64711c20 Detect a slow raidz child during reads #17543 -multiple zfs allow send:raw #17717 bc0b5318a Prevent scrubbing a read-only pool #17722 cb5f9aa58 FreeBSD: Satisfy ASSERT_VOP_IN_SEQC() #17729 3f4312a0a Fix two infinite loops if dmu_prefetch_max set to zero #17730 37cd30f71 Fix ddle memleak in ddt_log_load #17733 bc8bcfc71 Fix type in dbrrd_closest() #17735 9b772f328 Fix time database update calculations Obtained from: OpenZFS OpenZFS commit: 3f4312a0a428624e596bb35ae4806ea0d4d69472
raidz_outlier_check_interval_ms has type hrtime_t, which is a long long, which is 64 bits wide on all supported platforms.
libc++: avoid use of deprecated builtin This pulls in LLVM commit accfbd4cb327411ad66c0109ba1841482b871967 to avoid the use of __libcpp_is_trivially_relocatable. This fixes building FreeBSD libc++ with clang HEAD as of today. Original commit message: [libc++] Replace __is_trivially_relocatable by is_trivially_copyable (#124970) The __is_trivially_relocatable builtin has semantics that do not correspond to any current or future notion of trivial relocation. Furthermore, it currently leads to incorrect optimizations for some types on supported compilers: - Clang on Windows where types with non-trivial destructors get incorrectly optimized - AppleClang where types with non-trivial move constructors get incorrectly optimized Until there is an agreed upon and bugfree implementation of what it means to be trivially relocatable, it is safer to simply use trivially copyable instead. This doesn't leave a lot of types behind and is definitely correct. Reviewed by: dim MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52529
libc++: avoid use of deprecated __reference_binds_to_temporary This was removed in upstream libc++ in commit 437ad06f762ab07d89badecdd20627db200b98d3, but as this does not apply cleanly to the current repository, I am applying the equivalent change in a minimally invasive way. This is needed to build with latest clang HEAD as of today. Reviewed by: dim MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52530
libc++: Fix deprecation warnings with latest clang Latest clang has become more strict in diagnosing deprecated decls, so pull in LLVM commit 9feac2cbd0d80927ce9a8b4c3e810d2b81802d55. Original commit message: [libc++] Improve deprecated diagnostic guards. Recent Clang-21 builds improved the deprecated diagnotics. This uncovered missing guards in libc++ internally. Reviewed by: dim MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52531
libc++: silence -Wnontrivial-memaccess warning with newer clang Apply part of LLVM commit 71315698c91d0cda054b903da0594ca6f072c350 to silence the -Wnontrivial-memaccess warning that is triggered any time this function is instantiated by user code. This fixes another buildworld failure with Clang HEAD. Original commit message: [clang] Warn about memset/memcpy to NonTriviallyCopyable types (#111434) This implements a warning that's similar to what GCC does in that context: both memcpy and memset require their first and second operand to be trivially copyable, let's warn if that's not the case. Reviewed by: emaste, dim MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52534
Reviewed by: emaste Fixes: https://cgit.freebsd.org/src/commit/?id=be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]") MFC after: 5 days MFC to: stable/15 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52274
This is a targeted effort to update the INCS and SRCS entries for libcrypto, the legacy provider, and libssl to match what upstream (OpenSSL) builds in their respective libraries. The number of stylistic changes were kept at a minimum. Another incoming change will reformat this file to make future maintenance easier. MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52554
MFC after: 3 days
This change updates the sources for crypto/openssl. The subsequent commit will update the build artifacts to match the 3.5.3 release. More details about the update can be found in the related vendor branch commits. MFC after: 1 week Merge commit 'aed904c48f330dc76da942a8ee2d6eef9d11f572'
This change updates the build artifacts to match the 3.5.3 release. Much of the change involves updating version numbers and release dates to match the release version's metadata. MFC after: 1 week MFC with: 88b8b7f0c4e9948667a2279e78e975a784049cba
tzcode: Use -00 only for invalid time zones As of tzcode 2025a, if we are unable to load a time zone, we set tzname to "-00" to indicate an error. This penalizes users who simply don't set TZ or create /etc/localtime as a faster way of setting the time zone to UTC (pointing /etc/localtime at /usr/share/zoneinfo/UTC forces us to parse it every time for no real benefit). To rectify this, use "-00" only if TZ was set or zoneinit() returned something else than ENOENT. MFC after: 3 days Fixes: https://cgit.freebsd.org/src/commit/?id=967a49a21a27 ("Update tzcode to 2025b") Reviewed by: philip Differential Revision: https://reviews.freebsd.org/D52680
tzcode: Fix issues when TZ is an absolute path * If TZ starts with TZDIR, strip any additional slashes so relname does not end up looking like an absolute path. For instance, TZ=/usr/share/zoneinfo//UTC should result in UTC, not /UTC. * In the setugid case, we were incorrectly passing name rather than relname to fstatat(). * Modify the tz_env and tz_env_setugid test cases to exercise both of these scenarios. * Also add test cases for invalid values of TZ, which I wrote earlier but forgot to include in a5f14e4f9069. Reported by: Paul Eggert <eggert@cs.ucla.edu> MFC after: 3 days Fixes: https://cgit.freebsd.org/src/commit/?id=967a49a21a27 ("Update tzcode to 2025b") Fixes: https://cgit.freebsd.org/src/commit/?id=a5f14e4f9069 ("tzcode: Use -00 only for invalid time zones") Reviewed by: philip Differential Revision: https://reviews.freebsd.org/D52753
tzcode: Really fix issues when TZ is an absolute path This was accidentally left out of the previous commit. Fixes: https://cgit.freebsd.org/src/commit/?id=df8bc705eb04 ("tzcode: Fix issues when TZ is an absolute path")
Includes diff reduction to upstream version of this patch. MFC after: 3 days Sponsored by: Klara, Inc. Reviewed by: philip Differential Revision: https://reviews.freebsd.org/D39715
Notable upstream pull request merges:
#17705 545d66204 Fix a printf format specifier on FreeBSD/i386
#17708 3387d3409 Fix atomic-alignment warnings in libspl on FreeBSD/i386
#17719 f319ff357 vdev_disk_close: take disk write lock before destroying it
#17732 1d2d81298 Refactor `zhack label repair` and fix `-c` regression on
nonzero TXG
#17764 ea37c30fc zdb: Fix asize overflow in verify_livelist_allocs()
Obtained from: OpenZFS
OpenZFS commit: b2196fbedf5dbfb8593288f5f9ba712e31429a84
This hasn't been needed in years and is a maintenance headache. MFC after: 1 week Reviewed by: philip Differential Revision: https://reviews.freebsd.org/D52694
MFC after: 3 days
Upstream uses a set of flags that reduces to O_RDONLY | O_CLOEXEC when you ignore flags that either don't exist in FreeBSD or have no effect. We were using O_RDONLY | O_BINARY, which reduces to O_RDONLY. Add O_CLOEXEC. Also replace O_RDONLY with the more accurate O_SEARCH when opening TZDIR. MFC after: 3 days Fixes: https://cgit.freebsd.org/src/commit/?id=967a49a21a27 ("Update tzcode to 2025b")
MFC after: 3 days Sponsored by: Chelsio Communications
Interesting changes: + mandoc db: Improve case sorting, found by our very own markj + history: Add macros for version 8 and 10 AT&T Unix + linter: Warn on blank lines in man(7) like mdoc(7) + manuals: Improve precision, man(7) syntax table, and roff(7) specifics + manuals: Fix PDF/PS footer regression detailed in our PR: 289786 PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289786 MFC after: 3 days
Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230) Timing side-channel in SM2 algorithm on 64 bit ARM (CVE-2025-9231) Out-of-bounds read in HTTP client no_proxy handling (CVE-2025-9232) Obtained from: OpenSSL Approved by: so Security: FreeBSD-SA-25:08.openssl Security: CVE-2025-9230 Security: CVE-2025-9231 Security: CVE-2025-9232
stand: Use calloc instead of malloc for initialization of filesystem devsw This change is required for https://reviews.freebsd.org/D49355, so that we can check if d_dev is uninitialized by checking if it's NULL. Reviewed by: imp Differential Revision: https://reviews.freebsd.org/D49705
Revert "stand: Use calloc instead of malloc for initialization of filesystem devsw" This reverts commit dfafdbdfc3e9db8b878283bcbef35f5d8d37dae8. There's no author, and also problems with it. I'll redo it. Sponsored by: Netflix
epair: add support for checksum offloading Add capabilities RXCSUM and RXCSUM6 as well as TXCSUM and TXCSUM6 for for receive and transmit checksum offloading for TCP and UDP to the epair interface and enable them by default. RXCSUM and RXCSUM6 are enabled because an epair interface may receive a packet with the csum_flag CSUM_DATA_VALID set, which is expected only if these capabilities are enabled. Since it seems not helpful to remove this flag, it is not possible to disable these capabilities. TXCSUM and TXCSUM6 are synchronized between the two epair interface ends. If enabled/disabled on one end, it will be enabled/disabled on the other end. If the sending epair interface end has TXCSUM or TXCSUM6 enabled and the receiving end is in a bridge, it is assumed that all interfaces in the bridge have that capability enabled. Otherwise the bridge would have disabled that capability on the receiving epair interface end in the bridge which would have disabled that capability on the sending epair interface end as well due to the synchronization. Reviewed by: bcr, Seyed Pouria Mousavizadeh Tehrani MFC after: 4 weeks Differential Revision: https://reviews.freebsd.org/D51639
Revert "epair: add support for checksum offloading" This reverts commit e4ea162509e400340a2bc3e755071a92f3465e2d. kp reports failures related to pf tests. Revert until we understand what is going wrong.
pseudofs: defer initialization until first mount Currently, pseudofs all get fully constructed when the module is loaded and vfs registered, but this is pretty unnecessary. Just loading the fs doesn't mean that it will be used so we're adding overhead and risk[0] by fully initializing these at the start, along with committing resources that may not be used. Deferring pfs_init() allows us to reduce the risk of simply loading the module causing problems that are harder to avoid, and existing pseudo filesystems don't really care: configuration that is context-sensitive is generally deferred to access-time with PFS_PROCDEP. To preserve symmetry, we'll also teardown our pseudofs on last unmount, which leaves us with a vfs_uninit() implementation that simply destroys our lock and prints a message. [0] Example of such being recent bugs in linsysfs, which caused a panic as soon as the module was loaded because we're eager to set it up. Reviewed by: des (previous version), kib Differential Revision: https://reviews.freebsd.org/D52156
Revert "pseudofs: defer initialization until first mount" This reverts commit 65059dd2b6f94e570acc645be82b8ea056316459. lindebugfs does he vast majority of its pseudofs initialization nearly everywhere but pseudofs, so let's defer this to post-brsnching.
It turns out this breaks the nvidia-drm drviers. We'll try to rework things and put it back later. This reverts commit bbeeb585315645db20118ef349a4e3dc83b148cc.
This reverts commit 7c448f5aab8be6977d0860e608e7d497b495d28c. Will be committed again with correct authorship.
This reverts commit 1c23d8f9f39870951c1d0dfbb112fc4e53237737. Will be committed again with correct authorship.
libc: Remove readdir_r(3) This function was never safe to use. We marked it deprecated in the manual page in 2016, and it is marked obsolete in POSIX 2024. We previously added a linker warning and annotated the prototype; now that stable/15 has been branched, we can remove it from main. Relnotes: yes Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D52474
Revert "libc: Remove readdir_r(3)" This reverts commit d549de769055ae6116601e54e4c86dfb3e17f4c4.
I received a report that certain Linux application would crash on a message of a departure of an interface with FreeBSD name. Looks like dropping NL_RTM_DELLINK is a lesser evil than relay them with FreeBSD names. This reverts commit 554907bac3b264863a051f75eedc35d180d3e18c.
acpi: Fix build when `ACPI_DEBUG_OUTPUT` defined Reviewed by: olce Fixes: https://cgit.freebsd.org/src/commit/?id=ce5e22b28ef6 ("acpi: Use sleep types defined in sys/power.h") Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52545
Revert "acpi: Fix build when `ACPI_DEBUG_OUTPUT` defined" This reverts commit 4894f5ba394306a75dbed9ed4377ab0eae75aede. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289634
jail: Optionally allow audit session state to be configured in a jail Currently it is impossible for a privileged, jailed process to set audit session state. This can result in suprising audit event misattribution. For example, suppose a user ssh'es into a jail and restarts a service; normally, sshd sets audit state such that events generated by the SSH session are attributed to the newly authenticated user, but in a jail, the corresponding setaudit(2) call fails, so events are attributed to the user who had started sshd in the jail (typically the user who had started the jail itself by some means). While this behaviour is reasonable, administrators might want to trust the jailed sshd to reset audit state, such that the authenticated user appears in audit logs. Add a jail knob to enable this. Add a simple regression test. Reviewed by: kevans, jamie MFC after: 1 week Sponsored by: Modirum MDPay Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D51719
Revert "jail: Optionally allow audit session state to be configured in a jail" Changing audit system calls to return EPERM instead of ENOSYS when invoked from a jail breaks some userspace applications. Revert for now until a more complete change is reviewed. This reverts commit 246d7e9fc23928be22db38220f5439f5cdee5264. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289645
This reverts commit e779891327b1d9b9ab10ba482e59f498790505a7. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289634
This reverts commit ce5e22b28ef6caff3ffd228ac188114b08c0da02. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289634
kern/vfs_vnops.c: generalize the lock primitive for file foffset Generalize foffset_lock/unlock() by splitting the locking info file_v_lock/unlock() (LP64 case) or file_v_lock/unlock_mtxp() for ILP32 (using mutex pool) and then taking the action to read the offset. sys/file.h: rename struct file f_vnread_flags member into generic f_vflags Reviewed by: markj Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 2 weeks Differential revision: https://reviews.freebsd.org/D52486
Revert "kern/vfs_vnops.c: generalize the lock primitive for file foffset" Temporarily back this out to fix the tree while I try 16.0 snapshot builds. It will come back once D52626 lands. This reverts commit 94a0f9f63e164e4f3791bc7d105d6f267b4d47bc. Discussed with: kib
fcntl(F_SETFL): only allow one thread to perform F_SETFL Use f_vflags file locking for this. Allowing more than one thread handling F_SETFL might cause de-sync between real driver state and flags. Reviewed by: markj Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 2 weeks Differential revision: https://reviews.freebsd.org/D52487
Revert "fcntl(F_SETFL): only allow one thread to perform F_SETFL" Temporarily back this out to fix the tree while I try 16.0 snapshot builds. It will come back once D52626 lands. This reverts commit 40a42785dbba93cc5196178fc49d340c1a89cabe. Discussed with: kib
This reverts commit 9a3edc8d5dbcb896179cfa7867f961184e146a09. Apparently returning EINVAL is more aggressive than UFS does it, and this causes compatibility issues with apps that actually trigger the behavior. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289485, https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289678 Sponsored by: The FreeBSD Foundation MFC after: 3 days
This reverts commit cead6157cc1b748df29b32072f492d4f6afae65a. Same as 9a3edc8d5dbcb896179cfa7867f961184e146a09 Sponsored by: The FreeBSD Foundation MFC after: 3 days
This reverts commit 676d64ee8327851063d92d0dd6a4ceee6b3a25e6. These tests take a combined 3h to run and are consuming our montly Cirrus-CI credits in short order, before failing. In the PR markj reports that the failure appeared somewhere between: good: da64f6e047b5f6cd9b9e8450d19072cb0b6e44d0 bad: b197d2abcb6895d78bc9df8404e374397aa44748 Unfortunately, even after we find the offending commit and have a fix we still do not have sufficient monthly compute credit. Disable these tests for now, pending a solution to both issues. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289696 Reviewed by: ngie Differential Revision: https://reviews.freebsd.org/D52618
The display of IFCAP_NV is handled by SIOCGIFCAPNV ioctl. The kernel composes a nvlist of capabilities and the userland unpack them and display. So this "NV" in IFCAPBITS is meaningless but rather misleading. This reverts commit 0c1684dd456e3df306b359b04e61f9f2048d9ff2.
Setting ACPI D-states is generally broken on FreeBSD and this change surfaced an issue. So reverting for the time being whilst I write a proper fix for this. This reverts commit 02a8fadd2c4dc4b78d6d93d9d8b70e9348a6de6d. Reported by: glebius, phk Tested by: glebius Sponsored by: The FreeBSD Foundation
IfAPI: Added missing accessor for if_home_vnet Reviewed by: kp Signed-off-by: Kevin Irabor <kevin.irabor04@gmail.com>
In linux_pci_attach_device() allocate a LinuxKPI pci_dev for each device in the hierarchy up to the root port[1] as we cannot do that later on demand as we may be in a context where we may not sleep. Take special care of DRM as there is a non-PCI device in the chain which needs to be skipped. iwlwifi(4) can hit this case called from a callout. While here leave a comment sa the cleanup order of linux_pci_attach_device() needs correction seperately. This reverts commit 3860afe99ec39b9942967941181f28f27f3fc548. Sponsored by: The FreeBSD Foundation (initially) PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=283027 PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289647 Suggested by: jhb [1] MFC after: 3 days Reviewed by: dumbbell Differential Revision: https://reviews.freebsd.org/D52069
Not classified automatically, and waiting for manual attention.
-- no commits in this category this week --
Dates:
Automatic grouping:
This reverts commit \\b([0-9a-fA-F]{40})\\b
and the hash was found in this week's commits.
Automatic categories:
Source code:
Generated with commits-periodical 0.18 at 2025-11-03 03:26:55+00:00.
This work is supported by Tarsnap Backup Inc.
Alternate version: 2025-09-01 (debug) (contains info about the classification)