Ricardo Branco [Sat, 3 Feb 2024 00:05:05 +0000 (17:05 -0700)]
wc: Do not use st_size if it equals zero
Pseudo-filesystems often cannot compute the size of the file correctly
and report 0 for the size. Ignore the size when it's zero and fallback
to the size unknown code.
Jessica Clarke [Sat, 3 Feb 2024 01:31:11 +0000 (01:31 +0000)]
Revert "bsdinstall: separate out dist selection in prep for pkgbase support"
Firstly, my review comments were not addressed and instead totally
ignored. Secondly, and a more valid justification for the revert, this
completely breaks the installer, since selectdists isn't installed.
Given the blatant lack of testing, back out this commit until it has
actually been tested and review comments taken on board so that the
installer actually works.
Lexi Winter [Fri, 2 Feb 2024 21:46:14 +0000 (14:46 -0700)]
traceroute6: remove -l flag
The -l flag was used to tell traceroute6(8) to show both hostname and
address for each hop. However, traceroute(8) already does this by
default, and there's no reason for traceroute6 to behave differently.
Make this the default behaviour, and accept -l for backward
compatibility as a no-op flag.
Cy Schubert [Fri, 2 Feb 2024 21:10:22 +0000 (13:10 -0800)]
OpenSSL: Vendor import of OpenSSL 3.0.13
* Fixed PKCS12 Decoding crashes ([CVE-2024-0727])
* Fixed Excessive time spent checking invalid RSA public keys
([CVE-2023-6237])
* Fixed POLY1305 MAC implementation corrupting vector registers on
PowerPC CPUs which support PowerISA 2.07 ([CVE-2023-6129])
* Fix excessive time spent in DH check / generation with large Q
parameter value ([CVE-2023-5678])
Release notes can be found at
https://www.openssl.org/news/openssl-3.0-notes.html.
Jessica Clarke [Fri, 2 Feb 2024 21:17:23 +0000 (21:17 +0000)]
bsd.subdir.mk: Drop broken optimisation for realinstall parallelisation
Not all of the tree is happy for realinstall to be done in parallel. In
particular, Makefile.inc1 uses .WAIT to force etc to be installed after
earlier subdirectories, since etc calls into share/man's makedb to run
makewhatis on the tree and needs all manpages to have been installed.
Also, libexec/Makefile doesn't set SUBDIR_PARALLEL, and the link from
ld-elf32.1 to ld-elf.1 relies on rtld-elf having been installed before
rtld-elf32, otherwise creating the link will fail.
In general, core behavioural differences like this between NO_ROOT and
"normal" builds are also dangerous and confusing.
If this optimisation is deemed important, it should be reintroduced in a
more limited and robust manner that doesn't break the above situations.
Until then value correctness over slight efficiency gains on high core
count machines, the same machines where you're more likely to encounter
issues from this optimisation.
This reverts commits cd19ecdbdc87 ("Similar to r296013 for NO_ROOT,
force SUBDIR_PARALLEL for buildworld WORLDTMP staging.") and b9c6f3168112 ("Add more STANDALONE_SUBDIR_TARGETS.").
Found by: CheriBSD Jenkins
Reviewed by: bdrewery, brooks
Fixes: cd19ecdbdc87 ("Similar to r296013 for NO_ROOT, force SUBDIR_PARALLEL for buildworld WORLDTMP staging.")
Fixes: b9c6f3168112 ("Add more STANDALONE_SUBDIR_TARGETS.")
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D43705
Warner Losh [Fri, 2 Feb 2024 01:37:12 +0000 (18:37 -0700)]
loader: Font module is EFI dependent
The font module is part of the gfx_fb support. Since we share this file
between EFI and kboot, we only want to pass the font data to the kernel
when we're booting from EFI, not kboot.
Warner Losh [Wed, 31 Jan 2024 23:54:19 +0000 (16:54 -0700)]
libsa: Move hash functions up a level
This should have no functional change. Move compiling the sha256, sha512
and md5 hash functions up into libsa to allow them to be used elsewhere
in the boot loader when geli isn't configured. Since libsa is a .a, these
won't wind up in any boot loader that doesn't reference them, so should
be a nop.
Stephan de Wit [Fri, 2 Feb 2024 19:17:14 +0000 (12:17 -0700)]
axgbe: Various link stability and module compatibilty improvements
Move the phy_stop() routine to if_detach() to prevent link interruptions
when configuring the interface. Accompanying this is a sanity check
using phy_started, which was already there but remained unused. We do
not move phy_start(), as the logic there is needed for any init routine,
be it attach or start.
Also bring in the linux PMA_PLL change which addresses the flapping of
back-to-back fiber connections.
Use miibus for SFP PHYs up to 1G copper. We retry in cases where the PHY
is not directly reachable. Set the correct IFM_100_SGMII flag when the
phy speed has been set to 100. We remove xgbe_phy_start_aneg() since
it's handled by miibus.
Add support for 100 and 1000 BASE-BX fiber modules
Add support for 25G multirate DACs which are capable of 10G.
While here, also fixup the LINK_ERR state. It was impossible to recover
from this previously.
[[ Note: light style fixes by imp, slight commit message adjustment,
and a warning that I don't have the hardware to validate, but
the changes do track the commit message and seem otherwise OK ]]
quick_exit() can call other functions, and we don't guarantee it calls
std::terminate should those other functions throw exceptions. And to
make it do so has ABI complications for libc. Until that's sorted out,
revert this noexcept (but leave a comment behind so people will find
this commit message)
Stéphane Rochoy [Thu, 21 Dec 2023 14:05:58 +0000 (15:05 +0100)]
stand/lua: always allow overriding with local config files
Loader now also read configuration files listed in local_loader_conf_files.
Files listed here are the last ones read. And /boot/loader.conf.local was
moved from loader_conf_files to local_loader_conf_files leaving only
loader.conf and device.hints in loader_conf_files by default.
The idea is to ensure local_loader_conf_files, i.e., /boot/loader.conf.local,
can always be used to override other user defined settings.
Stéphane Rochoy [Thu, 4 May 2023 07:23:47 +0000 (09:23 +0200)]
stand/lua: per-product conf if requested via product_vars
If product_vars is set, it must be a space separated list of environment
variable names to walk through to guess the product. Each time a product can be
guessed (i.e., the corresponding variable is defined), prepend
/boot/loader.conf.d/PRODUCT/ to loader_conf_dirs.
Stéphane Rochoy [Thu, 21 Dec 2023 14:05:58 +0000 (15:05 +0100)]
stand/lua: always allow overriding with local config files
Loader now also read configuration files listed in local_loader_conf_files.
Files listed here are the last ones read. And /boot/loader.conf.local was
moved from loader_conf_files to local_loader_conf_files leaving only
loader.conf and device.hints in loader_conf_files by default.
The idea is to ensure local_loader_conf_files, i.e., /boot/loader.conf.local,
can always be used to override other user defined settings.
Stéphane Rochoy [Thu, 4 May 2023 07:23:47 +0000 (09:23 +0200)]
stand/lua: per-product conf if requested via product_vars
If product_vars is set, it must be a space separated list of environment
variable names to walk through to guess the product. Each time a product can be
guessed (i.e., the corresponding variable is defined), prepend
/boot/loader.conf.d/PRODUCT/ to loader_conf_dirs.
regex: fix freeing g->charjump in low memory condition
computejumps() moves g->charjump to a position relativ to the value of
CHAR_MIN. As such, g->charjump doesn't necessarily point to the address
actually allocated. While regfree() takes that into account, the low
memory handling in regcomp_internal() doesn't. Fix that by free'ing
the actually allocated address, as in regfree().
- 223.backup-zfs would previously honour the daily_backup_zfs_verbose
flag for zfs/zpool list, but not for the properties list. fix it to
show a diff for both of these if requested.
- if daily_backup_zfs_verbose was disabled, 223.backup-zfs would still
set rc=1 if the backup files changed, which caused periodic(8) to send
a useless email even if daily_show_success=NO was set.
change this so that it only sets rc=1 if diff output is enabled, i.e.
the output is actually useful to the admin.
Lexi Winter [Fri, 2 Feb 2024 16:41:40 +0000 (09:41 -0700)]
sys/cdefs.h: add __noexcept and __noexcept_if
These macros provide the C++11 noexcept and noexcept(...) keywords if
we're compiling in a C++11 environment. Otherwise, they expand to an
empty string.
This will be used to add the required noexcept specifier to several libc
functions as required in C++11.
Kristof Provost [Thu, 1 Feb 2024 17:59:36 +0000 (18:59 +0100)]
pf: ensure dummynet gets the correct direction after route-to
If we apply a route-to to an inbound packet pf_route() may hand that
packet over to dummynet. Dummynet may then delay the packet, and later
re-inject it. This re-injection (in dummynet_send()) needs to know
if the packet was inbound or outbound, to call the correct path for
continued processing.
That's done based on the pf_pdesc we pass along (through
pf_dummynet_route() and pf_pdesc_to_dnflow()). In the case of pf_route()
on inbound packets that may be wrong, because we're called in the input
path, and didn't update pf_pdesc->dir.
This can manifest in issues with fragmented packets. For example, a
fragmented packet will be re-fragmented in pf_route(), and if dummynet
makes different decisions for some of the fragments (that is, it delays
some and allows others to pass through directly) this will break.
The packets that pass through dummynet without delay will be transmitted
correctly (through the ifp->if_output() call in pf_route()), but
the delayed packets will be re-injected in the input path (and not
the output path, as they should be). These packets will pass through
pf_test(PF_IN) as they're tagged PF_MTAG_FLAG_DUMMYNET. However,
this tag is then removed and the packet will be routed and enter
pf_test(PF_OUT) where pf_reassemble() will hold them indefinitely
(as some fragments have been transmitted directly, and will never hit
pf_test(PF_OUT)).
The fix is simple: we must update pf_pfdesc->dir to PF_OUT before we
pass the packet to dummynet.
Lexi Winter [Fri, 2 Feb 2024 16:17:19 +0000 (09:17 -0700)]
.gitignore: add sys/*/compile
Files in sys/*/compile are created when compiling the kernel with
config(8). They are never source files and should never be committed to
source control, so list this entire directory in .gitignore. While not
the official way to build the kernel, it's often useful to debug
sys/conf/files* changes when adding new drivers, etc.
Mina Galić [Fri, 2 Feb 2024 15:35:46 +0000 (08:35 -0700)]
kldxref: Fix maketempfile function's way of finding the root dir
Rather than assuming that the "root" is passed as directory and will be
marked by a trailing slash, we just assume that the directory, which has
been checked previously to be a directory, is a directory.
This fixes an inconsistency between `kldxref /boot/modules`, which tries
to create the temp file in `/boot/`, and `kldxref /boot/modules/`, which
tries to create it in `/boot/modules/` itself.
Mark Johnston [Fri, 2 Feb 2024 14:23:53 +0000 (09:23 -0500)]
libthr: Force the thr_wake() symbol to be resolved during initialization
Otherwise the lock upgrade performed by rtld's load_filtees() can result
in infinite recursion, wherein:
1. _rtld_bind() acquires the bind read lock,
2. the source DSO's filtees haven't been loaded yet, so the lock upgrade
in load_filtees() cause rtld to jump to _rtld_bind() and release the
bind lock,
3. _thr_rtld_lock_release() calls _thr_ast(), which calls thr_wake(),
which hasn't been resolved yet,
4. _rtld_bind() acquires the bind read lock in order to resolve
thr_wake(),
5. ...
See the linked pull request for an instance of this problem arising with
libsys. That particular instance is also worked around by commit e7951d0b04e6.
Lexi Winter [Fri, 2 Feb 2024 15:29:01 +0000 (08:29 -0700)]
share/examples/IPv6/USAGE: remove
This document dates from the KAME days and, among other things,
references the 'prefix' command which has not existed for a long time.
Since IPv6 configuration is now documented in the Handbook, remove this
obsolete file.
In order to atomically upgrade the rtld bind lock, load_filtees() may
trigger a longjmp back to _rtld_bind() so that the binding can be done
with the write lock held. However, the write lock is only needed when
filtee objects haven't already been loaded, so move the
lock_restart_for_upgrade() call to avoid unnecessary lock upgrades when
a filtee is defined.
Emmanuel Vadot [Fri, 2 Feb 2024 10:39:51 +0000 (11:39 +0100)]
Revert "pkgbase: Create a FreeBSD-dtb package"
Somehow this doesn't work iwth make packages due to some kind of a race.
The package is first created correctly but later in the process it is
overwritten by a badly created empty package.
Revert in the mean time so we can have working pkgbase on arm/arm64
Cy Schubert [Fri, 2 Feb 2024 04:39:16 +0000 (20:39 -0800)]
OpenSSL: Vendor import of OpenSSL 3.0.13
* Fixed PKCS12 Decoding crashes ([CVE-2024-0727])
* Fixed Excessive time spent checking invalid RSA public keys
([CVE-2023-6237])
* Fixed POLY1305 MAC implementation corrupting vector registers on
PowerPC CPUs which support PowerISA 2.07 ([CVE-2023-6129])
* Fix excessive time spent in DH check / generation with large Q
parameter value ([CVE-2023-5678])
Release notes can be found at
https://www.openssl.org/news/openssl-3.0-notes.html.
Gleb Smirnoff [Thu, 1 Feb 2024 21:37:26 +0000 (13:37 -0800)]
tests/netinet: add a demo of TCP implied connect
The TCP implied connect is an artifact left after T/TCP. To my surprise
it still works, hence the existence of this test. Please read this email
first:
An interesting fact that this test takes 220 - 240 milliseconds to
execute on my Threadripper PRO. Flipping the '#if 0' to '#if 1' in the
test, thus bringing it back to normal connect(2), would speed the test up
a hundred times and I guess all this time is fork+exec of the test.
bintrans: Error out if writing to the output failed.
- Cover all code paths.
- When decoding, check all output files, not just the last one.
- A simple `ferror()` check is not enough as an error may later occur
while flushing whatever remains in the output buffer.
ACPICA is using flexible arrays since 20230331 and it broke aarch64
build.
--- acpi_iort.o ---
/usr/src/sys/arm64/acpica/acpi_iort.c:103:4: error: field 'data' with
variable sized type 'union (unnamed union at
/usr/src/sys/arm64/acpica/acpi_iort.c:98:2)' not at the end of a struct
or class is a GNU extension [-Werror,-Wgnu-variable-sized-type-not-at-end]
103 | } data;
| ^
John Baldwin [Wed, 31 Jan 2024 00:41:43 +0000 (16:41 -0800)]
cxgbe tom: Enable ULP_MODE_TCPDDP on demand
Most ULP modes in cxgbe's TOE are enabled on the fly when a protocol
is needed (e.g. ULP_MODE_ISCSI is enabled by cxgbei when offloading a
connection using iSCSI, and ULP_MODE_TLS is enabled when RX TLS keys
are programmed for a TOE connection). The one exception to this is
ULP_MODE_TCPDDP.
Currently the cxgbe driver enables ULP_MODE_TCPDDP when a TOE
connection is first created. However, since DDP connections cannot be
converted to other connection types, this requires some special
handling in the driver. For example, iSCSI daemons use the SO_NO_DDP
socket option to ensure TOE connections use ULP_MODE_NONE so they can
be converted to ULP_MODE_ISCSI. Similarly, using TLS receive offload
(ULP_MODE_TLS) requires disabling TCP DDP for new connections by
default.
This commit changes cxgbe to instead switch a connection from
ULP_MODE_NONE to ULP_MODE_TCPDDP when a connection first attempts to
use TCP DDP via aio_read(2). This permits connections to always start
as ULP_MODE_NONE and switch to a protocol-specific mode as needed.
John Baldwin [Wed, 31 Jan 2024 00:41:23 +0000 (16:41 -0800)]
cxgbe tom: Limit TOE connections to 2 reassembly islands always
Previously this was only limited on T6 cards to support switching from
ULP_MODE_NONE to ULP_MODE_TLS. To support switching to
ULP_MODE_TCPDDP, enable this for all adapters.
Notable upstream pull request merges:
#15793 401c3563d libzfs: use zfs_strerror() in place of strerror()
#15793 692f0daba libzfs: make userquota_propname_decode threadsafe
#15798 0cbf13529 libnvpair.c: replace strstr() with strchr() for a single
character
#15812 78e8c1f84 Remove list_size struct member from list implementation
#15816 aeb33776f Update vdev devid and physpath if changed between imports
#15818 8161b7327 Don't assert mg_initialized due to device addition race
#15823 c3fd7a521 Update man pages to time(1) from time(2)
#15825 884a48d99 zpool wait: print timestamp before the header