Cy Schubert [Fri, 12 Jan 2024 07:39:02 +0000 (23:39 -0800)]
Revert "kerberos: Fix numerous segfaults when using weak crypto"
This revision breaks Linux and MacOS cross builds because
TARGET_ENDIANNESS is not define during bootstrapping on these
platforms.
I think the correct approach would be to separate the new
fbsd_ossl_provider_load() and unload functions into their own
library (instead of libroken). This avoids the less desirable
option of including bsd.cpu.mk in secure/lib/Makefile.common,
which does build but could complicate future work.
Xin LI [Fri, 12 Jan 2024 05:38:04 +0000 (21:38 -0800)]
releng-gce: Advertise the availability of gVNIC support in GCE images.
This marks FreeBSD GCE images as gVNIC capable by adding the
--guest-os-features=GVNIC flag at creation time as suggested in GCE
documentation[1]. This allows Generation 3 and newer GCE instances
to leverage advanced networking capabilities and performance
enhancements provided by gVNIC. Users will benefit from these
improvements without needing to create custom images.
Commit cc760de2183f changed the internal interface between
the nfscommon and nfscl modules. As such, both need to be
rebuilt from sources. Therefore, bump __FreeBSD_version.
Rick Macklem [Fri, 12 Jan 2024 00:38:33 +0000 (16:38 -0800)]
nfscl: Only update atime for Copy when noatime is not specified
Commit 57ce37f9dcd0 modified the NFSv4.2 Copy operation so that
it will update atime on the infd file whenever possible.
This is done by adding a Setattr of TimeAccess for the
input file.
This patch disables this change for the case of an NFSv4.2
mount with the "noatime" mount option, which avoids the
additional Setattr of TimeAccess operation.
Mark Johnston [Thu, 11 Jan 2024 16:42:47 +0000 (11:42 -0500)]
conf: Do not set -fno-sanitize-memory-param-retval for old compilers
The option was introduced in LLVM 16.
Fixes: b6c653c97463 ("kmsan: Set -fno-sanitize-memory-param-retval for now")
MFC after: 1 week
Sponsored by: Klara, Inc.
Sponsored by: Juniper Networks, Inc.
Brooks Davis [Thu, 11 Jan 2024 18:27:20 +0000 (18:27 +0000)]
libc: separate syscall and non-syscall symbols
Put declerations of _ and __sys_ prefixed stubs at the top and
everything else at the bottom. Sort the bottom list with sort(1).
This paves the way to generate the syscall symbol list.
Cy Schubert [Wed, 6 Dec 2023 15:30:05 +0000 (07:30 -0800)]
kerberos: Fix numerous segfaults when using weak crypto
Weak crypto is provided by the openssl legacy provider which is
not load by default. Load the legacy providers as needed.
When the legacy provider is loaded into the default context the default
provider will no longer be automatically loaded. Without the default
provider the various kerberos applicaions and functions will abort().
vnode_pager_generic_putpages(): correctly handle clean block at EOF
The loop 'skip clean blocks' checking for the clean blocks in the dirty
pages might end up setting the in_hole to true when exactly at EOF at
the middle of the block, without advancing the prev_offset value. Then
the next block is not dirty, and next_offset is clipped back to poffset
+ maxsize, equal to prev_offset, failing the assertion.
Instead of asserting prev_offset < next_offset, we must skip the write.
Gleb Smirnoff [Thu, 11 Jan 2024 04:51:53 +0000 (20:51 -0800)]
netlink: fix bug with socket buffer character counter underflow
Cover case when an nb that we are now reading in full had been partially
read by previous read(2) and now has positive offset. Throw couple
assertions that helped to catch that earlier.
Gleb Smirnoff [Thu, 11 Jan 2024 04:51:53 +0000 (20:51 -0800)]
netlink: avoid putting empty mbufs on the socket queue
When processing incoming Netlink messages in nl_process_nbuf() kernel
always allocates a writer with a buffer to put generated reply to.
However, certain messages aren't replied. That makes nlmsg_flush()
to put an empty buffer to the socket. Avoid doing that because avoiding
is much easier than dealing with empty buffers on the receiver side.
Gleb Smirnoff [Thu, 11 Jan 2024 04:51:53 +0000 (20:51 -0800)]
netlink: improve edge case when reading out truncated last nlmsg in nb
When there is not enough space for one full message we return it truncated.
This enters special block of code that previously may leave empty buffer
with offset == datalen in the queue. Avoid that, as dealing later with
empty buffers causes more pain than just avoiding them. While here add
missing msgrcv increment.
Warner Losh [Wed, 3 Jan 2024 23:18:23 +0000 (16:18 -0700)]
acpi/apm: Improve APM ioctl interface emulation
The apm(8) program documents certain states, but doesn't document the
'unknown' state. It reports things correctly for systems with a battery,
but incorrectly for systems without one. Emulate the old interface a
little better by saying ac power is online if we have no status (instead
of unknown), the battery has a high charge of 255% if there's no battery
(instead of -1). Programs, like emacs, expect to see only the documented
values and misbehave when they see something else.
This is closer to what would happen on old-school APM machines. Sadly
(or not) I have no access to old-school APM machines to 100% confirm
this, but reading the spec, old code and testing with emacs' mode line
with battery suggests these values are more correct. emacs has never
been converted to acpi_conf due to permissions issues with acpi devices.
Fixing the kernel is preferable to hacking apm(8) for these special
cases because other programs that use these interfaces will also be more
correct. The kernel also has more data with which to decide what to
return.
Domagoj Stolfa [Wed, 3 Jan 2024 14:58:01 +0000 (14:58 +0000)]
dtrace: Add the 'oformat' libdtrace option
This option can be used to specify a format to use in DTrace output.
The following formats are supported:
- json
- xml
- html
- none (default DTrace output)
This is implemented using libxo and integrated into libdtrace. Client
code only works with the following API:
- dtrace_oformat_setup(dtrace_hdl_t *) -- to be called when output is starting.
- dtrace_oformat_teardown(dtrace_hdl_t *) -- to be called when output is finished
- dtrace_oformat(dtrace_hdl_t *) -- check if oformat is enabled.
- dtrace_set_outfp(FILE *) -- sets the output file for oformat.
- Ensure that oformat is correctly checked in the drop handler and record
processing callbacks.
This commit also adds tests which check if the generated output is
valid (JSON, XML) and extends the dtrace(1) describing the structured output.
Reviewed by: markj
Discussed with: phil
MFC after: 2 months
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D41745
Emmanuel Vadot [Tue, 26 Dec 2023 17:58:15 +0000 (18:58 +0100)]
syscon: Move syscon code in dev/syscon
We've removed kernel option EXT_RESOURCES almost two years ago.
While it was ok to have some code under a common 'extres' subdirectory
at first, we now have a lot of consumer of it and we made it mandatory
so no need to have it under a cryptic name.
Emmanuel Vadot [Tue, 26 Dec 2023 17:56:52 +0000 (18:56 +0100)]
phy: Move phy code in dev/phy
We've removed kernel option EXT_RESOURCES almost two years ago.
While it was ok to have some code under a common 'extres' subdirectory
at first, we now have a lot of consumer of it and we made it mandatory
so no need to have it under a cryptic name.
Emmanuel Vadot [Tue, 26 Dec 2023 17:54:53 +0000 (18:54 +0100)]
regulator: Move regulator code in dev/regulator
We've removed kernel option EXT_RESOURCES almost two years ago.
While it was ok to have some code under a common 'extres' subdirectory
at first, we now have a lot of consumer of it and we made it mandatory
so no need to have it under a cryptic name.
Emmanuel Vadot [Tue, 26 Dec 2023 17:51:22 +0000 (18:51 +0100)]
nvmem: Move nvmem code in dev/nvmem
We've removed kernel option EXT_RESOURCES almost two years ago.
While it was ok to have some code under a common 'extres' subdirectory
at first, we now have a lot of consumer of it and we made it mandatory
so no need to have it under a cryptic name.
Emmanuel Vadot [Tue, 26 Dec 2023 17:49:19 +0000 (18:49 +0100)]
hwreset: Move reset code in dev/hwreset
We've removed kernel option EXT_RESOURCES almost two years ago.
While it was ok to have some code under a common 'extres' subdirectory
at first, we now have a lot of consumer of it and we made it mandatory
so no need to have it under a cryptic name.
Emmanuel Vadot [Tue, 26 Dec 2023 17:43:48 +0000 (18:43 +0100)]
clk: Move clock code in dev/clk
We've removed kernel option EXT_RESOURCES almost two years ago.
While it was ok to have some code under a common 'extres' subdirectory
at first, we now have a lot of consumer of it and we made it mandatory
so no need to have it under a cryptic name.
Emmanuel Vadot [Mon, 25 Dec 2023 19:01:52 +0000 (20:01 +0100)]
clk: Move allwinner driver into the common directory
No need to keep it under sys/arm/allwinner/clkng
It's easier to find which controller we support by looking under one directory.
It will also be shared with Allwinner RiscV SoC.
Emmanuel Vadot [Mon, 25 Dec 2023 18:21:52 +0000 (19:21 +0100)]
iicbus: Move rockchip driver into the common directory
No need to keep it under sys/arm64/rockchip
It's easier to find which controller we support by looking under one directory.
While here remove the condition on SOC option, device rk_i2c is enough as all
Rockchip SoC that we support have this controller.
Olivier Certner [Thu, 4 Jan 2024 17:45:52 +0000 (18:45 +0100)]
pthread_attr_get_np(): Use malloc(), report ENOMEM, don't tamper on error
Similarly as in the previous commit, using calloc() instead of malloc()
is useless here in the regular case since the subsequent call to
cpuset_getaffinify() is going to completely fill the allocated memory.
However, there is an additional complication. This function tries to
allocate memory to hold the cpuset if it previously wasn't, and does so
before the thread lock is acquired, which can fail on a bad thread ID.
In this case, it is necessary to deallocate the memory allocated in this
function so that the attributes object appears unmodified to the caller
when an error is returned. Without this, a subsequent call to
pthread_attr_getaffinity_np() would expose uninitialized memory (not
a security problem per se, since it comes from the same process) instead
of returning a full mask as it would before the failing call to
pthread_attr_get_np(). So the caller would be able to notice a change
in the state of the attributes object even if pthread_attr_get_np()
reported failure, which would be quite surprising. A similar problem
that could occur on failure of cpuset_setaffinity() has been fixed.
Finally, we shall always report memory allocation failure. This already
goes for pthread_attr_init(), so, if for nothing else, just be
consistent.
Reviewed by: emaste, kib
Approved by: emaste (mentor)
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D43329
Stefan Eßer [Thu, 4 Jan 2024 23:07:46 +0000 (00:07 +0100)]
vendor/bc: upgrade to version 6.7.5
This update fixes a bug that line breaks in printed numbers may not
match the line length set by the user. The value is printed correctly,
just not split as specified in some situations.
Michael Tuexen [Wed, 10 Jan 2024 07:33:09 +0000 (08:33 +0100)]
tcpsso: fix when used without -i option
Since fdb987bebddf it is not possible anymore to use inp_next
iterator for bound, but unconnected sockets. This applies
to TCP listening sockets. Therefore the metioned commit broke
tcpsso on listening sockets if the -i option was not used.
Fix this by iterating through all endpoints instead of only
through the bound, but unconnected ones.
Marius Strobl [Tue, 9 Jan 2024 22:01:46 +0000 (23:01 +0100)]
igb(4): Remove disconnected SYSCTL
The global hw.igb.rx_process_limit knob never was adhered to by the
in-tree version of this driver but similar functionality is available
via the device-specific dev.igb.N.iflib.rx_budget.
While at it, remove the - besides initialization of tx_process_limit -
unused {r,t}x_process_limit members.
Andrew Gallatin [Tue, 9 Jan 2024 20:52:07 +0000 (15:52 -0500)]
apei: Mark ReadAckRegister resource as shareable
Work around vendors who use the same address for multiple
ReadAckRegisters in their ACPI HEST table. This
allows apei to attach cleanly on Ampere Altra servers.
Note the issue is not specific to Ampere, I've run into
it with at least one other vendor (whose server is not
yet released).
Gleb Smirnoff [Tue, 9 Jan 2024 21:01:28 +0000 (13:01 -0800)]
netlink: fix regression with group writers
Refactoring of argument list to nl_send_one() led to derefercing
wrong union member. Rename nl_send_one() to a more generic name,
isolate anew nl_send_one() as the callback only for the normal
writer and provide correct argument to nl_send() from nl_send_group().
John Baldwin [Tue, 9 Jan 2024 19:23:10 +0000 (11:23 -0800)]
acpi: Only reserve resources enumerated via _CRS
In particular, don't reserve resources added by drivers via other
means (e.g. acpi_bus_alloc_gas which calls bus_alloc_resource
right after adding the resource).
The intention of reserved resources is to ensure that a resource range
that a bus driver knows is assigned to a device is reserved by the
system even if no driver is attached to the device. This prevents
other "wildcard" resource requests from conflicting with these
resources. For ACPI, the only resources the bus driver knows about
for unattached devices are the resources returned from _CRS. All of
these resources are already reserved now via acpi_reserve_resources
called from acpi_probe_children.
As such, remove the logic from acpi_set_resource to try to reserve
resources when they are set. This permits RF_SHAREABLE to work with
acpi_bus_alloc_gas without requiring hacks like the current one for
CPU device resources in acpi_set_resource.
Reported by: gallatin (RF_SHAREABLE not working)
Diagnosed by: jrtc27
John Baldwin [Tue, 9 Jan 2024 19:05:03 +0000 (11:05 -0800)]
memdesc: Helper function to construct mbuf chain backed by memdesc buffer
memdesc_alloc_ext_mbufs constructs a chain of external (M_EXT or
M_EXTPG) mbufs backed by a data buffer described by a memory
descriptor.
Since memory descriptors are not an actual buffer just a description
of a buffer, the caller is required to supply a couple of helper
routines to manage allocation of the raw mbufs and associating them
with a reference to the underlying buffer.
John Baldwin [Tue, 9 Jan 2024 18:57:48 +0000 (10:57 -0800)]
kldxref: Workaround incorrect PT_DYNAMIC in existing powerpc kernels
Existing powerpc kernels include additional sections beyond .dynamic
in the PT_DYNAMIC segment. Relax the requirement for an exact size
match of the section and segment for PowerPC files as a workaround.
gofaster [Tue, 9 Jan 2024 17:49:30 +0000 (12:49 -0500)]
Add Gotify notification support to ZED
This commit adds the zed_notify_gotify() function and hooks it
into zed_notify(). This will allow ZED to send notifications
to a self-hosted Gotify service, which can be received
on a desktop or mobile device. It is configured with ZED_GOTIFY_URL,
ZED_GOTIFY_APPTOKEN and ZED_GOTIFY_PRIORITY variables in zed.rc.
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: gofaster <felix.gofaster@gmail.com>
Closes #15693
Alexander Motin [Tue, 9 Jan 2024 17:48:40 +0000 (12:48 -0500)]
Fix livelist assertions for dedup and cloning
Two block pointers in livelist pointing to the same location may
be caused not only by dedup, but also by block cloning. We should
not assert D bit set in them.
Two block pointers in livelist pointing to the same location may
have different logical birth time in case of dedup or cloning. We
should assert identical physical birth time instead.
Assert identical physical block size between pointers in addition
to checksum, since that is what checksums are calculated on.
Reviewed-by: Matthew Ahrens <mahrens@delphix.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Alexander Motin <mav@FreeBSD.org>
Sponsored by: iXsystems, Inc.
Closes #15732
Alexander Motin [Tue, 9 Jan 2024 17:46:43 +0000 (12:46 -0500)]
Improve block sizes checks during cloning
- Fail if source block is smaller than destination. We can only
grow blocks, not shrink them.
- Fail if we do not have full znode range lock. In that case grow
is not even called. We should improve zfs_rangelock_cb() somehow
to know when cloning needs to grow the block size unlike write.
- Fail of we tried to resize, but failed. There are many reasons
for it to fail that we can not predict at this level, so be ready
for them. Unlike write, that may proceed after growth failure,
block cloning can't and must return error.
This fixes assertion inside dmu_brt_clone() when it sees different
number of blocks held in destination than it got block pointers.
Builds without ZFS_DEBUG returned EXDEV, so are not affected much.
Reviewed-by: Pawel Jakub Dawidek <pawel@dawidek.net> Reviewed-by: Brian Atkinson <batkinson@lanl.gov> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Alexander Motin <mav@FreeBSD.org>
Sponsored by: iXsystems, Inc.
Closes #15724
Closes #15735
Kent Ross [Tue, 9 Jan 2024 17:13:52 +0000 (09:13 -0800)]
make zdb_decompress_block check decompression reliably
This function decompresses to two buffers and then compares them to
check whether the (opaque) decompression process filled the whole
buffer. Previously it began with lbuf uninitialized and lbuf2 filled
with pseudorandom data. This neither guarantees that any bytes not
written by the compressor would be different, nor seems incredibly
sound otherwise!
After these changes, instead of filling one buffer with generated
pseudorandom data we overwrite each buffer with completely different
data. This should remove the possibility of low-probability failures,
as well as make the process simpler and cheaper.
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Rich Ercolani <rincebrain@gmail.com> Signed-off-by: Kent Ross <k@mad.cash>
Closes #15733
The standard is somewhat unclear, but on the balance, I believe that the
phrase “the rest of the input line” should be interpreted to mean the
rest of the input line including the terminating newline if and only if
there is one. This means the current implementation is incorrect on two
points:
- First, it suppresses the previous line's newline in the '1' case.
- Second, it unconditionally emits a newline at the end of the output
for non-empty input, even if the input did not end with a newline.
Resolve this by rewriting the main loop. Instead of special-casing the
first line and then assuming that every line ends with a newline, we
remember how each line ends and emit that either at the beginning of
the next line or at the end of the file except in the one case ('+')
where the standard explicitly says not to.
While here, try to reduce diff to upstream a little and update their
RCS tag to reflect the fact that while we've diverged significantly
from them, we've incorporated all their changes. Remove the useless
second RCS tag.
We also update the tests to account for the change in interpretation
of the '1' case and add a test case for unterminated input.
Olivier Certner [Thu, 4 Jan 2024 15:10:40 +0000 (16:10 +0100)]
libthr: thr_attr.c: More style and clarity fixes
The change of argument for sizeof() (from a type to an object) is to be
consistent with the change done for the malloc() code just above in the
preceding commit touching this file.
Consider bit flags as integers and test whether they are set with an
explicit comparison with 0.
Use an explicit flag value (PTHREAD_SCOPE_SYSTEM) in place of a variable
that has this value at point of substitution.
Kyle Evans [Tue, 9 Jan 2024 04:21:36 +0000 (22:21 -0600)]
build: only inspect the first word of toolchain tools
CC/CXX/CPP/LD may all have arguments supplied in various circumstances,
which break the logic here. We only need to determine which of these
tools we're expecting to invoke from PATH, which just requires
examination of the first word. Limit our scope to exactly that.
Kyle Evans [Tue, 9 Jan 2024 03:08:16 +0000 (21:08 -0600)]
bhyveload: add CAP_SEEK to our dirfd rights
In the case of hostbase_fd, this is infact a bug fix; we have a seek
callback that the host: filesystem may use in loader, and we really
don't have a good excuse to break it.
bootfd-derived fds will only be used with fdlopen(3) and rtld doesn't
seem to need pread / lseek at all for it today, but there's no reason to
break if it finds a good reason to later.
Gleb Smirnoff [Tue, 9 Jan 2024 01:20:31 +0000 (17:20 -0800)]
sockets: on shutdown(2) do sorflush() only in case of generic sockbuf
This is a quick plug to fix panic with Netlink which has protocol specific
buffers. Note that PF_UNIX/SOCK_DGRAM, which also has its own buffers,
avoids the panic due to being SOCK_DGRAM. A correct but more complicated
fix that needs to be done is to merge pr_shutdown, pr_flush and dom_dispose
into one protocol method that may call sorflush for generic sockets or do
their own stuff for protocol which has own buffers.
Alexander Motin [Tue, 9 Jan 2024 00:49:39 +0000 (19:49 -0500)]
ZIL: Update Linux tracing after #15635
While picking parts from #14909 I've missed Linux tracing specific
ones, that went unnoticed in default configurations, but breaks the
build in some.
Reviewed-by: Ameer Hamza <ahamza@ixsystems.com> Reviewed-by: Brian Atkinson <batkinson@lanl.gov> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Alexander Motin <mav@FreeBSD.org>
Sponsored by: iXsystems, Inc.
Closes #15730
Shengqi Chen [Tue, 9 Jan 2024 00:05:24 +0000 (08:05 +0800)]
Linux 6.2 compat: add check for kernel_neon_* availability
This patch adds check for `kernel_neon_*` symbols on arm and arm64
platforms to address the following issues:
1. Linux 6.2+ on arm64 has exported them with `EXPORT_SYMBOL_GPL`, so
license compatibility must be checked before use.
2. On both arm and arm64, the definitions of these symbols are guarded
by `CONFIG_KERNEL_MODE_NEON`, but their declarations are still
present. Checking in configuration phase only leads to MODPOST
errors (undefined references).
tcp: prevent spurious empty segments and fix uncommon panic
Only try sending more data on pure ACKs when there is
more data available in the send buffer.
In the case of a retransmitted SYN not being sent due to
an internal error, the snd_una/snd_nxt accounting could
be off, leading to a panic. Pulling snd_nxt up to snd_una
prevents this from happening.
Kyle Evans [Mon, 8 Jan 2024 17:49:40 +0000 (11:49 -0600)]
bhyveload: make error printing consistent
Previously we used a mix of perror(3) + exit(3) and err(3); standardize
on the latter instead. This does remove one free() in an error path,
because we're decidedly leaking a lot more than just the loader name
there (loader handle, vcpu, vmctx...) anyways.
Bjoern A. Zeeb [Mon, 8 Jan 2024 15:29:09 +0000 (15:29 +0000)]
ath10k/rtw89: make compile again after LinuxKPI changes
Both drivers are not yet attached to the build so this change is
for people currently trying them out.
In 96ab16ebab6319dce9b3041961b0ab6e20a4fecc the sys/rman.h include
was removed. In various wireless drivers we prefer to directly use
bus_dma functions rather than io* LinuxKPI once. In order to cast
the pointer we need sys/rman.h back for our native 'struct resource'
in their pci.c implementations.
Long-term we should consider providing some lkpi_-FreeBSD-specific
wrapper functions to avoid this problem.
Improve log messages to be more helpful in error cases.
Change one LinuxKPI sleep function as we cannot call the original
one from a context we cannot sleep.
Both cases were hit during testing.