Cy Schubert [Tue, 7 Feb 2023 15:46:59 +0000 (07:46 -0800)]
heimdal: Resolve hdb_free_entry() SIGSEGV/SIGILL
When the client sends kadmind a create principal (kadm_create) request
kadm_s_create_principal() returns an error before zeroing out ent (an
hdb entry structure wrapper -- hdb_entry_ex), resulting in a NULL
reference.
depend-cleanup.sh: Simplify the logic, and clean bootstrap tools.
* There's no need to check if the file exists before grepping it; if it does not exist, grep will fail, which is what we want. Just redirect the error message to /dev/null.
* There's no need to split the .o and .pico cases; the bodies are identical, so combine the conditions. Use a glob to avoid a false negative if one exists but not the other.
* Also run depend-cleanup.sh on the bootstrap build tree. This unbreaks the build after 29c5f8bf9a01.
Sponsored by: Klara, Inc.
Sponsored by: NetApp, Inc.
Reviewed by: imp, emaste
Differential Revision: https://reviews.freebsd.org/D38447
Rick Macklem [Wed, 8 Feb 2023 22:25:01 +0000 (14:25 -0800)]
nfscl: Fix interaction between mmap'd and VOP_WRITE file updates
asomers@ found a problem with the NFS client, where a write to
an NFS mounted file done via mmap(2) was lost when fspacectl(2)
was done before it. This turned out to be caused by clearing the
dirty bit on pages when the client was doing commit RPCs,
due to the second argument to vfs_busy_pages() being set to 1.
Commit RPCs tell the server to commit previously written data to
stable storage. However, Commit RPCs do not write data from the
client to the server. As such, if the dirty bit on the page has
been set by a mmap'd write to an address in the page, it should
not be cleared. Clearing it causes the mmap'd write to by lost.
This patch fixes the problem by changing the 2nd argument to
vfs_busy_pages() to 0 for this case.
I doubt this bug has affected many, since it was inherited from
the old NFS client and was in 4.3 FreeBSD twenty years ago.
Although fspacectl(2) is FreeBSD 14 specific, a write(2) would
cause the same failure.
Rick Macklem [Wed, 8 Feb 2023 21:06:07 +0000 (13:06 -0800)]
nfsd: Fix handling of the error case for nfsvno_open
Using done_namei instead of ni_startdir did not
fix the crashes reported in the PR. Upon looking
more closely at the code, the only case where the
code near the end of nfsvno_open() needs to be
executed is when nfsvno_namei() has succeeded,
but a subsequent error was detected.
This patch uses done_namei to indicate this case.
Also, nfsvno_relpathbuf() should only be called for
this case and not whenever nfsvno_open() is called
with nd_repstat != 0. A bug was introduced here when
the HASBUF flag was deleted.
Mitchell Horne [Thu, 27 May 2021 14:27:40 +0000 (11:27 -0300)]
physmem: add ram0 pseudo-driver
Its purpose is to reserve all I/O space belonging to physical memory
from nexus, preventing it from being handed out by bus_alloc_resource()
to callers such as xenpv_alloc_physmem(), which looks for the first
available free range it can get. This mimics the existing pseudo-driver
on x86.
If needed, the device can be disabled with hint.ram.0.disabled="1" in
/boot/device.hints.
The architecture nexus should handle allocation and release of memory and
interrupts. This is to ensure that system-wide resources such as these
are available to all devices, not just children of ofwbus0.
On powerpc this moves the ownership of these resources up one level,
from ofwbus0 to nexus0. Other architectures already have the required
logic in their nexus implementation, so this eliminates the duplication
of resources. An implementation of nexus_adjust_resource() is added for
arm, arm64, and riscv.
As noted by ian@ in the review, resource handling was the main bit of
logic distinguishing ofwbus from simplebus. With some attention to
detail, it should be possible to merge the two in the future.
Mitchell Horne [Sun, 5 Dec 2021 15:27:50 +0000 (11:27 -0400)]
arm: add an interrupt rman to nexus
Allow the nexus bus to own and manage interrupt resources. Currently,
interrupt resources on this architecture are managed completely by
ofwbus, but it is desirable that system-wide memory and interrupt
resources be managed by the top-level bus.
This is a pre-requisite to moving this resource management out of
ofwbus.
Makefile.amd64: remove construct that serves no purpose
The variable expansion as written will never match anything but
'amd64/.8' in OBJDIR. The original intention behind the construct
remains unclear, but "as is" it serves no other purpose but to
generate the warning. Remove it altogether.
This updates llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and
openmp to llvmorg-15-init-17826-g1f8ae9d7e7e4, the last commit before
the upstream release/16.x branch was created.
GELI allows to read a user key from a standard input.
However if user initialize multiple providers at once, the standard
input will be empty for the second and next providers.
This caused GELI to encrypt a master key with an empty key file.
This commits initialize the HMAC with the key file, and then reuse the
finalized structure to generate different encryption keys for different
providers.
In addition, it switches around how we flavor liblua for the boot loader
and flua. This is done to reduce diffs with upstream and make it easier
to import new versions (the current method has too many conflicts to
resolve by hand): we include luaconf.local.h from luaconf.h (the only
change to this file is now that #include at the end). We then define
what we need to: for flua (which does very little) and one for stand
(which creates the new FLOAT type out of int64).
Doug Moore [Wed, 8 Feb 2023 17:04:13 +0000 (11:04 -0600)]
iommu_gas: initialize start_gap as first node
In iommu_gas.c, domain->start_gap points to one of the nodes on either
side of the first free, unallocated range. In iommu_gas_init_domain,
it is initialized to point to the node after the single free
range. Change it to point to the node before that free range, so that,
when 'lowaddr' is within the initial free range, the first allocation
search for free space below 'lowaddr' does not begin and end at an
address above 'lowaddr'. This fixes problems on a machine with Intel
DMAR enabled.
Reported by: jah
Reviewed by: dougm
Tested by: jah
Obtained from: jah
Fixes: commit db151ca0c343531256b8839f938a4ecbd8b4fd7e iommu_gas: start space search from 1st free space
MFC after: 1 day
* The sparsity check was ineffective: it compared the apparent size in bytes to the actual size in blocks. Instead, write a tool that reliably detects sparseness.
* Some of the seq commands were missing an argument.
* Based on empirical evidence, 1 MB holes are not necessarily large enough to be preserved by the underlying filesystem. Increase the hole size to 16 MB.
Emmanuel Vadot [Tue, 31 Jan 2023 10:26:36 +0000 (11:26 +0100)]
rc: syscons: Add UEFI special case
Changing cursor, screenmap and setting blanktime doesn't work when booted
with vt(4) and UEFI so add a special case for those depending on machdep.bootmethods.
I have no way to test if this can work with vt(4) and bios boot so just in case
keep calling those for this.
Emmanuel Vadot [Fri, 27 Jan 2023 14:26:06 +0000 (15:26 +0100)]
pkgbase: Create a FreeBSD-elftoolchain package
It contain all the binaries and libs from the elftoolchain contrib
project except for libelf which is used everywhere.
All of those tools are never used by the average user.
Kyle Evans [Wed, 8 Feb 2023 06:02:56 +0000 (00:02 -0600)]
config: make changes to allow some parts to build as C++
Highlights:
- Avoid keywords (this, not) as variable names
- Move yyparse into config.h with other declarations
- All declarations in config.h are assumed guilty until proven innocent
- Some const-correctness
- Casting malloc/calloc returns
Note that we're not building any C++ here yet, this will be introduced
in other commits to replace some of the lib dependencies. Reducing the
number of FreeBSD-specific dependencies we have reduces some friction
for building our bootstrap tools independently in other environments.
Reviewed by: imp
Sponsored by: Klara, Inc.
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D38274
Mark Johnston [Tue, 7 Feb 2023 20:12:10 +0000 (15:12 -0500)]
tcp: Remove a couple of always-false checks from syncache_socket()
syncache_socket() does some unnecessary work: before connecting the PCB,
it saves the local address on the stack and restores it before freeing
the PCB in case of an error. However:
- There's no need to restore the old address in the error case.
- The PCB's local address will always be equal to that of the syncache
entry anyway.
So just remove this unnecessary code, which appears to date from the
introduction of the syncache 20+ years ago.
Mark Johnston [Tue, 7 Feb 2023 19:33:27 +0000 (14:33 -0500)]
libdwarf: Add some constants from DWARF 5
This is not exhaustive - DWARF 5 has some new enumeration types not
implemented here - but I think I caught all the ones that are extended
in DWARF 5, plus the new compilation unit type (DW_UT_*), needed when
parsing .debug_info headers.
These were useful when extending libdwarf/ctfconvert/readelf to handle
DWARF generated by gcc 12, which is version 5 by default.
Reviewed by: emaste
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D38273
tarfs: Silence warnings when no supported compression is enabled.
Some of the code in sys/fs/tarfs/tarfs_io.c is not specific to zstd, but is still only used when some form of decompression is enabled. Put it behind #ifdef TARFS_ZIO to silence warnings.
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D38415
Gleb Smirnoff [Tue, 7 Feb 2023 17:21:52 +0000 (09:21 -0800)]
inpcb: immediately return matching pcb on lookup
This saves a lot of CPU cycles if you got large connection table.
The code removed originates from 413628a7e3d, a very large changeset.
Discussed that with Bjoern, Jamie we can't recover why would we ever
have identical 4-tuples in the hash, even in the presence of jails.
Bjoern did a test that confirms that it is impossible to allocate an
identical connection from a jail to a host. Code review also confirms
that system shouldn't allow for such connections to exist.
With a lack of proper test suite we decided to take a risk and go
forward with removing that code.
Gleb Smirnoff [Tue, 7 Feb 2023 17:21:52 +0000 (09:21 -0800)]
tcp: use straight in_pcbconnect() in tcp_connect()
This brings tcp_connect() par with tcp6_connect(). The code removed
now is a remnant of "truncating old TIME-WAIT" removed back in 2004
in c94c54e4df9a.
Tijl Coosemans [Thu, 19 Jan 2023 17:13:35 +0000 (18:13 +0100)]
local-unbound-setup: Use default root certificates
Don't force /etc/ssl/cert.pem. It does not exist by default, only if
security/ca_root_nss is installed. Just use the default OpenSSL search
locations which are /etc/ssl/cert.pem and /etc/ssl/certs/.
The tls-system-cert option was added in Unbound 1.16.0.
Reviewed by: zlei
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D38243
This commit allows a kbdcontrol binary built with a version of kbio.h
that supports Unicode characters in dead key maps to load and display
keymaps including the dead key tables on a kernel built with a
previous version of kbio.h (that only supported 8 bit characters in
the dead key map).
This commit is meant as a temporary compatibility shim that will be
reverted when it can be assumed that all relevant systems have been
upgraded to a kernel that uses the updated kbio.h.
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D38388
Stefan Eßer [Mon, 6 Feb 2023 22:48:47 +0000 (23:48 +0100)]
Support Unicode characters in keymap dead key tables
Support for Unicode characters had been added to the keyboard code,
but there are keymaps that have accented characters accessed via dead
key combinations, and those were still restricted to 8 bit codes.
This update to kbd.c adds support for Unicode characters and
compatibility code that allows a kbdcontrol command built from kbio.h
without these patches to work on a new kernel.
Compatibility code that allows a new kbdcontrol binary running on an
old kernel to load and display the dead key map will be committed in a
separate commit.
Bartosz Sobczak [Mon, 6 Feb 2023 22:37:39 +0000 (14:37 -0800)]
irdma(4): Add code for compilation on stable/13 branch
Current content of the irdma(4) driver consists only of code that is
compilable on current 14-CURRENT branch which makes it impossible to
merge into stable/13 branch because of missing dependencies in the ofed
tree.
This patch adds missing code that allows for merging into stable branch.
Once it is there, code relating only to version 14 or higher should be
removed.
Signed-off-by: Eric Joyner <erj@FreeBSD.org>
Reviewed by: erj@
MFC after: 1 day
Sponsored by: Intel Corporation
Differential Revision: https://reviews.freebsd.org/D38170
Val Packett [Mon, 6 Feb 2023 21:50:13 +0000 (21:50 +0000)]
LinuxKPI: return an address string in pci_name()
amdgpu's virtual display feature uses pci_name() to match a module parameter
string, and the documentation shows an example of `0000:26:00.0` for the name.
In our case the name was just `drmn`, which is not actually unique across
devices.
The other consumers are wireless drivers, which will benefit from this
change.
Generate the expected string for pci_name() to return.
Related to: https://github.com/freebsd/drm-kmod/issues/134
Sponsored by: https://www.patreon.com/valpackett
Reviewed by: bz, hselasky, manu (earlier)
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D34248
Ed Maste [Mon, 6 Feb 2023 21:54:56 +0000 (16:54 -0500)]
ssh: update to OpenSSH 9.2p1
Release notes are available at https://www.openssh.com/txt/release-9.2
OpenSSH 9.2 contains fixes for two security problems and a memory safety
problem. The memory safety problem is not believed to be exploitable.
These fixes have already been committed to OpenSSH 9.1 in FreeBSD.
Some other notable items from the release notes:
* ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that
controls whether the client-side ~C escape sequence that provides a
command-line is available. Among other things, the ~C command-line
could be used to add additional port-forwards at runtime.
* sshd(8): add support for channel inactivity timeouts via a new
sshd_config(5) ChannelTimeout directive. This allows channels that
have not seen traffic in a configurable interval to be
automatically closed. Different timeouts may be applied to session,
X11, agent and TCP forwarding channels.
* sshd(8): add a sshd_config UnusedConnectionTimeout option to
terminate client connections that have no open channels for a
length of time. This complements the ChannelTimeout option above.
* sshd(8): add a -V (version) option to sshd like the ssh client has.
* scp(1), sftp(1): add a -X option to both scp(1) and sftp(1) to
allow control over some SFTP protocol parameters: the copy buffer
length and the number of in-flight requests, both of which are used
during upload/download. Previously these could be controlled in
sftp(1) only. This makes them available in both SFTP protocol
clients using the same option character sequence.
* ssh-keyscan(1): allow scanning of complete CIDR address ranges,
e.g. "ssh-keyscan 192.168.0.0/24". If a CIDR range is passed, then
it will be expanded to all possible addresses in the range
including the all-0s and all-1s addresses. bz#976
* ssh(1): support dynamic remote port forwarding in escape
command-line's -R processing. bz#3499
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Stefan Eßer [Mon, 6 Feb 2023 21:33:56 +0000 (22:33 +0100)]
contrib/bc: uodate to version 6.2.4
This update contains only documentation changes (new main repository
URL and changed mail address of the program author) and changes to
the build system that do not affect the FreeBSD base system build.