Add a new kdc_restart rc variable that manages kdc (or krb5kdc) under
daemon(8). This automatically restarts the kdc should it fail, i.e.
when it's configured to use LDAP as a backend and cannot connect to its
LDAP directory.
Set kdc_restart="YES" to auto restart kdc on abnormal termination.
Set kdc_restart_delay="N" to the number of seconds to delay before
restarting the kdc. The daemon(8) default seconds applies when not set.
This is a smaller version of upstream 1fafd968b48e5cea6c85f126d77071a8de707a55 to address the
issue that less not being able to operate on files
residing in pseudo-filesystems that advertize a zero
size value.
Warner Losh [Wed, 24 Apr 2024 03:18:00 +0000 (21:18 -0600)]
Revert "swapon: Do not overwrite Linux swap header"
This reverts commit cf04a7775a4e8ff6fd28c768be9daa3d83dd382e.This is
broken on armv7, and closer scrutiny of the reviews shows I was in error
when I thought it was ready.
The CAPFAIL tracepoint was recently extended to report ECAPMODE
capability violations for processes that do not enter capability mode.
This allows developers that are interested in Capsicumizing their
programs to determine where violations are being raised.
Previously, CAPFAIL only produced output for processes using Capsicum(4)
capabilties. Thus, most ktrace users never received log output from the
trace point. With the recent changes, this is no longer the case.
Having this trace point enabled by default will produce output for all
processes that use syscalls that are not permitted in capability mode.
This may lead to confusion for users that are not familiar with the
feature. Remove KTRFAC_CAPFAIL from ktrace's default points to avoid
this.
bsdinstall/distfetch.c: check environment variables before downloading and handle memory allocation errors
1. Currently, distfetch checks environment variables existence
when it will use them or in a case (in chdir()) it doesn't check
at all. As they are necessary to set before doing anything with
it, check them, if they set or not, before proceeding any further.
This also avoids extra cleaning when that environment variable
isn't set.
2. Handle memory allocation error in malloc(PATH_MAX) and replace
(sizeof const char *) with (sizeof char *). Both are similar and
const doesn't have a size.
The new sys/conf/std.debug contains the list of debugging options
enabled by default in -CURRENT, so they don't need to be listed
individually in every kernel config.
The enabled options are the set of all debug options which were enabled
for the GENERIC kernel on any platform. This means some architectures
now have debugging options enabled in GENERIC which weren't previously
enabled:
[1] ALT_BREAK_TO_DEBUGGER is now enabled.
[2] BUF_TRACKING, FULL_BUF_TRACKING, and QUEUE_MACRO_DEBUG_TRASH are now
enabled.
[3] DEADLKRES is now enabled.
While here, move the documentation for the (commented out) K*SAN options
for amd64 from GENERIC to NOTES.
HP van Braam [Tue, 23 Apr 2024 20:47:12 +0000 (14:47 -0600)]
ahc(4)/ahd(4): target mode: cancel outstanding AIOs and INOTs
When disabling a lun there can still be outstanding AIOs and INOTs, when
this happens previously the lun would just fail to disable and trying to
re-use the lun would break the card.
isp(4) in target mode does the same thing when disabling a lun, in
testing this allows re-starting of ctld(8) with connected initiators and
allows initiators to gracefully resume afterwards.
Signed-off-by: HP van Braam <hp@tmm.cx>
Reviewed by: imp, mav
Pull Request: https://github.com/freebsd/freebsd-src/pull/1190
Karl Tomlinson [Tue, 23 Apr 2024 18:18:25 +0000 (12:18 -0600)]
pow,powf(3),__ieee754_rem_pio2(f): Avoid negative integer left shift UB
A compiler clever enough to know that z is positive with a non-zero
biased exponent could, for example, optimize away the scalbnf(z,n) in
pow() because behavior for left shift of negative values is undefined.
`n` is negative when y*log2(|x|) < -0.5. i.e. |x^y| < sqrt(0.5)
The intended behavior for operator<< in this code is to shift the two's
complement representation of the first operand.
In the pow() functions, the result is added to the IEEE 754 exponent of
z = 2^y'. n may be negative enough to underflow the biased IEEE 754
exponent below zero, which is manifested in the sign bit of j
(which would correspond to the IEEE 754 sign bit).
The conversion from uint32_t to int32_t for out-of-int32_t-range values
is implementation defined. The assumed behavior of interpreting the
uint32_t value as a two's complement representation of a signed value
is already assumed in many parts of the code, such as uses of
GET_FLOAT_WORD() with signed integers.
This code passes all the current tests, and makes some out of tree
fuzzing tests pass again rather than hit UB (detailed in the commentary
of the pull request).
Signed-off-by: Karl Tomlinson <karlt+@karlt.net>
Reviewed by: imp, steve kargl, dim
Pull Request: https://github.com/freebsd/freebsd-src/pull/1137
__vprintf(): switch from strerror() to strerror_rl()
This eliminates the use of non-thread-safe function in printf*() family,
and make the call locale-aware. Also, it stops obliterating the
strerror() static buffer, which aligns with the POSIX requirement that
implementations must behave as if no standard-mandated functions call
strerror().
PR: 278556
Reported by: Jonathan Gruber <jonathan.gruber.jg@gmail.com>
Reviewed by: imp
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D44916
Mark Johnston [Tue, 23 Apr 2024 16:51:03 +0000 (12:51 -0400)]
nfsserver: Default to nfs_reserved_port_only="YES"
This setting causes the NFS server to check that all RPCs are sent from
a privileged (<= 1023) port, rejecting those that are not. This
slightly raises the bar for a user with network access to an
unauthenticated NFS server to access exported NFS filesystems.
Users that use traditional NFS clients (e.g., those provided by FreeBSD
or Linux) should not see any difference, assuming that unprivileged
filesystem mounting is disallowed.
Note that the setting is per-VNET, so may be overridden in VNET jails
without affecting the rest of the system.
Discussed with: freebsd-arch@
Reviewed by: rmacklem, bz, emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D44906
sigqueue(2): add impl-specific flag __SIGQUEUE_TID
The flag allows the pid argument to designate a thread from the calling
process. The flag value is carved from the high bit of the signal
number, which slightly changes the ABI of syscall.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D44867
This is used by 802.3 Ethernet. (Also be used by 802.4 Token Bus and
802.5 Token Ring, but we don't support those.)
This was accidentally removed along with FDDI support in commit 0437c8e3b198, presumably because comments implied it was used only by
FDDI or Token Ring.
Fixes: 0437c8e3b198 ("Remove support for FDDI networks.") Reviewed-by: emaste Signed-off-by: Denny Page <dennypage@me.com>
Pull-request: https://github.com/freebsd/freebsd-src/pull/1166
Alexander Motin [Tue, 23 Apr 2024 16:06:00 +0000 (12:06 -0400)]
L2ARC: Cleanup buffer re-compression
When compressed ARC is disabled, we may have to re-compress when
writing into L2ARC. If doing so we can't fit it into the original
physical size, we should just fail immediately, since even if it
may still fit into allocation size, its checksum will never match.
While there, refactor the code similar to other compression places
without using abd_return_buf_copy().
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Alexander Motin <mav@FreeBSD.org>
Sponsored by: iXsystems, Inc.
Closes #16038
Update manual page references and macros to align to mandoc syntax
xlocale.3: Comment out reference to atof_l(3), atoi_l(3), atol_l(3), atoll_l(3)
These manual page references do not exist.
lagg.4: Change the reference for /etc/rc.conf from a reference link
.Xr -> .Pa based on the context within the manual page it is used.
buf.9: Remove .Xr entries from the file
The buf.9 manual page contains a commented out .Xr reference.
The <filmmein> 9 entry is a placeholder and has been removed for
clarity.
swab.c(libc): use a simplified version of byte swapping
This version of swab function simplifies the logic of swapping adjacent
bytes. Previous version of swab() used an arbitrary unrolling, which was
relevant back in the day but unnecessary for modern compilers, as if the
input size is known at compile time, they can do it automatically.
This version of swab() is inspired by musl.
A similar version can be found at: https://github.com/openbsd/src/blob/master/lib/libc/string/swab.c
Several users with alc(4)-based "Killer" Ethernet cards have reported
issues with this driver not passing traffic, which are solved by
disabling MSI-X using the provided tunable.
To work around this issue, disable MSI-X by default on this card.
This is done by having msix_disable default to 2, which means
"auto-detect". The user can still override this to either 0 or 1 as
desired.
Since these are slow (1Gbps) Ethernet ICs used in low-end systems, it's
unlikely this will cause any practical performance issues; on the other
hand, the card not working by default likely causes issues for many new
FreeBSD users who find their network port doesn't work and have no idea
why.
share/examples: move examples into appropriate packages
Allow a new variable SE_xxxPACKAGE to be used to place an example group
into a package.
Move the following examples into existing appropriate packages:
- bhyve examples into FreeBSD-bhyve
- bootforth examples into FreeBSD-bootloader
- csh examples into FreeBSD-csh
- ipfw examples into FreeBSD-ipfw
- jail examples into FreeBSD-jail
- pf examples into FreeBSD-pf
- ppp examples into FreeBSD-ppp
- printing examples into FreeBSD-lp
- uefisign examples into FreeBSD-efi-tools
- ypldap examples into FreeBSD-yp
- hast examples into FreeBSD-hast
Move all other examples into the new 'FreeBSD-examples' package.
This removes a significant number of files from the FreeBSD-utilities
package.
Reviewed by: imp, manu
Pull Request: https://github.com/freebsd/freebsd-src/pull/1176
Under Linux, the socket options IP_RECVERR and IPV6_RECVERR are used to
receive socket errors via a dedicated 'error queue' which can be
retrieved via recvmsg(). FreeBSD does not support this functionality.
For IPv4, the sysctl compat.linux.ignore_ip_recverr can be set to 1 to
silently ignore attempts to set IP_RECVERR and return success to the
application, which is wrong, but is required for (among other things)
a functional DNS client in recent versions of glibc.
Add support for ignoring IPV6_RECVERR, controlled by the same sysctl.
This fixes DNS in Linux when using IPv6 resolvers.
Reviewed by: imp, Jose Luis Duran
Pull Request: https://github.com/freebsd/freebsd-src/pull/1118
Fix an error in zfs-kmod.spec that causes kmod-zfs packages not to
include the correct RPM requires/conflicts relationships. With this
change applied, RPM correctly no longer allows kmod-zfs & zfs-dkms
packages to be installed together.
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Todd Seidelmann <18294602+seidelma@users.noreply.github.com>
Closes #16121
Brooks Davis [Mon, 22 Apr 2024 19:13:35 +0000 (20:13 +0100)]
libsys/arm: make vfork less of an outlier
Following the pattern of other architectures, make __sys_vfork the main
symbol and _vfork and vfork weak aliases. This avoids the need to
special case vfork in the generated list of symbols.
Brooks Davis [Mon, 22 Apr 2024 18:24:26 +0000 (19:24 +0100)]
libthr: always use __libc_interposing_slot()
Use __libc_interposing_slot() in favor of __libsys_interposing_slot() so
that the interposing interface is entierly between libc and libthr with
libsys only involved as an implementation detail.
Alan Somers [Mon, 22 Apr 2024 18:03:40 +0000 (12:03 -0600)]
geli: add a read-only kern.geom.eli.use_uma_bytes sysctl
It reports the value of the g_eli_alloc_sz variable. Allocations of
this size or less will use UMA. Larger allocations will use malloc.
Since malloc is slower, it is useful for users to know this variable so
they can avoid such allocations. For example, ZFS users can set
vfs.zfs.vdev.aggregation_limit to this value.
Joseph Mingrone [Mon, 22 Apr 2024 19:04:13 +0000 (16:04 -0300)]
adduser: Fix a syntax error
Reported by: Jose Luis Duran <jlduran@gmail.com>
Fixes: b37333899bd2
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D44871
Alexander Motin [Mon, 22 Apr 2024 18:41:03 +0000 (14:41 -0400)]
Refactor dbuf_read() for safer decryption
In dbuf_read_verify_dnode_crypt():
- We don't need original dbuf locked there. Instead take a lock
on a dnode dbuf, that is actually manipulated.
- Block decryption for a dnode dbuf if it is currently being
written. ARC hash lock does not protect anonymous buffers, so
arc_untransform() is unsafe when used on buffers being written,
that may happen in case of encrypted dnode buffers, since they
are not copied by dbuf_dirty()/dbuf_hold_copy().
In dbuf_read():
- If the buffer is in flight, recheck its compression/encryption
status after it is cached, since it may need arc_untransform().
Tested-by: Rich Ercolani <rincebrain@gmail.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Alexander Motin <mav@FreeBSD.org>
Sponsored by: iXsystems, Inc.
Closes #16104
Ryan [Mon, 22 Apr 2024 17:59:31 +0000 (01:59 +0800)]
zfs get: add '-t fs' and '-t vol' options
Make `zfs get` accept `fs` for `filesystem` and `vol` for `volume`.
Reviewed-by: Rob Norris <rob.norris@klarasystems.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Ryan <errornointernet@envs.net>
Closes #16117
Ed Maste [Mon, 22 Apr 2024 17:54:52 +0000 (13:54 -0400)]
mfc-candidates: use stable/14 as default MFC-to branch
This tool is typically invoked from within a working tree containing the
desired MFC target branch, which is detected automatically. It also has
a default for when it is invoked from elsewhere. Switch the default to
the most recent branch, stable/14.
Brooks Davis [Mon, 22 Apr 2024 17:48:58 +0000 (10:48 -0700)]
ztest: use ASSERT3P to compare pointers
With a sufficiently modern gcc (I saw this with gcc13), gcc complains
when casting pointers to an integer of a different type (even a larger
one). On 32-bt ASSERT3U does this on 32-bit systems by casting a 32-bit
pointer to uint64_t so use ASSERT3P which uses uintptr_t.
Fixes: 5caeef02fa53 RAID-Z expansion feature Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Brooks Davis <brooks.davis@sri.com>
Closes #16115
George Wilson [Mon, 22 Apr 2024 16:42:38 +0000 (12:42 -0400)]
Parallel pool import
This commit allow spa_load() to drop the spa_namespace_lock so
that imports can happen concurrently. Prior to dropping the
spa_namespace_lock, the import logic will set the spa_load_thread
value to track the thread which is doing the import.
Consumers of spa_lookup() retain the same behavior by blocking
when either a thread is holding the spa_namespace_lock or the
spa_load_thread value is set. This will ensure that critical
concurrent operations cannot take place while a pool is being
imported.
The zpool command is also enhanced to provide multi-threaded support
when invoking zpool import -a.
Lastly, zinject provides a mechanism to insert artificial delays
when importing a pool and new zfs tests are added to verify parallel
import functionality.
Contributions-by: Don Brady <don.brady@klarasystems.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: George Wilson <gwilson@delphix.com>
Closes #16093
Clean this up by adding a couple of macros at the top of the file that
are conditionally defined based on whether INET and/or INET6 are enabled,
which makes the code more readable and easier to maintain.
Mark Johnston [Mon, 22 Apr 2024 15:48:00 +0000 (11:48 -0400)]
ng_hci: Add sockaddr validation to sendto()
ng_btsocket_hci_raw_send() wasn't verifying that the destination address
specified by sendto() is large enough to fill a struct sockaddr_hci.
Thus, when copying the socket address into an mbuf,
ng_btsocket_hci_raw_send() may read past the end of the input sockaddr
while copying.
In practice this is effectively harmless since
ng_btsocket_hci_raw_output() only uses the address to identify a
netgraph node.
Reported by: Oliver Sieber <oliver@secfault-security.com>
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Mark Johnston [Mon, 22 Apr 2024 15:43:17 +0000 (11:43 -0400)]
thread: Simplify sanitizer integration with thread creation
fork() may allocate a new thread in one of two ways: from UMA, or cached
in a freed proc that was just allocated from UMA. In either case, KASAN
and KMSAN need to initialize some state; in particular they need to
initialize the shadow mapping of the new thread's stack.
This is done differently between KASAN and KMSAN, which is confusing.
This patch improves things a bit:
- Add a new thread_recycle() function, which moves all kernel stack
handling out of kern_fork.c, since it doesn't really belong there.
- Then, thread_alloc_stack() has only one local caller, so just inline
it.
- Avoid redundant shadow stack initialization: thread_alloc()
initializes the KMSAN shadow stack (via kmsan_thread_alloc()) even
through vm_thread_new() already did that.
- Add kasan_thread_alloc(), for consistency with kmsan_thread_alloc().
Doug Moore [Sun, 21 Apr 2024 22:24:29 +0000 (17:24 -0500)]
riscv: create a convenience composite macro
Define PTE_TO_VM_PAGE to compose the PHYS_TO_VM_PAGE and PTE_TO_PHYS
macros. Use it where appropriate, and drop some variables that it
makes unnecessary.
HP van Braam [Tue, 16 Apr 2024 23:01:20 +0000 (01:01 +0200)]
Enable L1SS handling on RPI4 pcib
Thanks to @kevans91 for pointing me in the right direction. FreeBSD had
the same bug as Linux (see
https://bugzilla.kernel.org/show_bug.cgi?id=217276) where the ultimate
solution was to honor the brcm,enable-l1ss FDT property.
In current versions of the dtb files this property has been added by
default.
Without this on many, many pcie addin cards the pcib will Serror when
trying to assert the clreq# pin on the pcie bus. Many cards do not have
these hooked up.
PR: 260131, 277638, 277605
Reviewed-by: emaste Signed-off-by: HP van Braam <hp@tmm.cx>
Pull-request: https://github.com/freebsd/freebsd-src/pull/1179
Enji Cooper [Sat, 20 Apr 2024 19:12:50 +0000 (12:12 -0700)]
OpenSSL: use the upstream provided version.map files for the fips/legacy providers
This change introduces a static copy of the fips and legacy linker version maps
generated by the OpenSSL 3.0.13 build process.
This unbreaks the fips and legacy providers by not exposing unnecessary
symbols from the fips/legacy provider shared objects shared with other
providers (base, default) and libcrypto.
More discussion:
Prior to this change, loading the fips provider indirectly from a
FreeBSD 14.0-CURRENT and 15.0-CURRENT host would result in a
process-wide deadlock when invoking select OpenSSL APIs
(CONF_modules_load* in this particular example).
Speaking with the upstream maintainers [1], it became obvious that
the FreeBSD base system was incorrectly building/linking the fips
provider, resulting in a symbol collision at runtime, and thus a
process-wide deadlock in specific circumstances. The fips provider
would deadlock when trying to acquire a write lock on internal
structures which should have only been available to the base and
default providers, as certain preprocessor ifdefs only allow specific
internal calls to be made with the base and default providers.
Enji Cooper [Sun, 21 Apr 2024 16:27:48 +0000 (09:27 -0700)]
bsd.subdir.mk: improve `SUBDIR.${MK_FOO}` advice
- Remove superfluous whitespace by removing trailing whitespace
before `\` (line continuation character)
- Quote `SUBDIR.` to clarify the fact that this is a variable
reference--not the end of a sentence.
Ed Maste [Tue, 16 Apr 2024 16:49:05 +0000 (12:49 -0400)]
mfc-candidates: move pretty printing into lua
d51c59002367 moved the MFC hash matching logic into a lua utility
script but left the output formatting in the shell script. Simplify this
slightly by just printing the formatted output from lua.
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D44836
The general idea looked good to me. In particular, it allowed to save
some memory and avoid memory allocation failures when a large buffer
size was requested along with ring and fill policies.
But I didn't take into account that the second, supposedly unused
buffer, was actually used as the scratch buffer. The scratch buffer is
used as a temporary space for DTrace subroutines like copyin, copyinstr,
and alloca.
I think that the change can be fixed by allocating a separate smaller
buffer for the scratch buffer, but that fix would require more work than
I am able to do now. Hence the revert.