Tom Hukins [Sat, 4 Mar 2023 15:59:02 +0000 (08:59 -0700)]
netlink: Fix "version introduced" documentation
netlink(4) and associated features will exist in FreeBSD 14.0 but they
will also exist in 13.2, an older version, from commits such as 02b958b1
and b309249b.
This commit needs merging to stable/13 and releng/13.2.
MFC after: 2days (needs to be in RC2)
Reviewed by: imp,melifaro
Pull Request: https://github.com/freebsd/freebsd-src/pull/651
Kristof Provost [Sat, 4 Mar 2023 13:35:24 +0000 (14:35 +0100)]
netpfil tests: Add functions for testing routing scenarios
Many pf tests use identical setup where one jail is a router and
optionally another jail is a server. Add functions to create such jails
for IPv6 and IPv4 and functions to perform tests on such setup.
Add tests using those functions: scrub actions, routing table, tcp
sequence number modulation.
Dmitry Chagin [Sat, 4 Mar 2023 09:11:38 +0000 (12:11 +0300)]
linux(4): Refactor socket ioctl path to avoid referencing an unstable interfaces
Split the linux_ioctl_socket() function on two counterparts, where
the linux_ioctl_socket_ifreq() intended to use in a code path which
requires the struct ifreq manipulation, i.e., translating in/out
values of the struct, while the linux_ioctl_socket() function is left
as is, it calls sys_ioctl() without touching in/out values.
Due to structures ifreq, sockaddr difference between FreeBSD and Linux
the linux_ioctl_socket_ifreq() calls kern_ioctl() directly, converting
in and out values to FreeBSD and to Linux accordingly.
Finally, modify the ifname_linux_to_bsd() to return error code, not
an unstable reference to the interface.
Dmitry Chagin [Sat, 4 Mar 2023 09:11:38 +0000 (12:11 +0300)]
linux(4): Rename struct l_ifreq members names to avoid conflicts with FreeBSD
For now we are using mixed names to access struct ifreq members, some
of Linux (ifr_name, ifr_ifindex), others of FreeBSD. To avoid conflicts
switch to use FreeBSD names.
Dmitry Chagin [Sat, 4 Mar 2023 09:11:38 +0000 (12:11 +0300)]
linsysfs(4): Refactor to avoid referencing an unstable interfaces
Enter the net epoch when traversing a list of interfaces. For that
split the ifname_linux_to_bsd() function on two counterparts, where
the ifname_linux_to_ifp() intended to use in epoch, while the
ifname_linux_to_bsd() intended to be a self-contained.
Until the linux_ioctl_coket() function is refactored, the
ifname_linux_to_bsd() temporarily returns interface outside
of the net epoch.
Dmitry Chagin [Sat, 4 Mar 2023 09:11:38 +0000 (12:11 +0300)]
linux(4): Migrate to IfAPI
Migrate linux and linprocfs to use the IfAPI interfaces instead of
direct ifnet accesses.
The code initially writed by jhibbits@, and adapted by me to 3ab3c9c2.
If there is no source filter entry => block if that's SSM ("exclude"
mode per RFC 3678 clause 3). If there is an entry => check its action &
block if the action is "exclude".
It would be nice if the test case in this PR were converted into an ATF
test case, but not blocking on that.
Kyle Evans [Fri, 3 Mar 2023 17:02:19 +0000 (11:02 -0600)]
arm64: disable the physical timer for now if HCR_EL2.E2H is set
On some hardware, we can't clear HCR_EL2.E2H so accesses to the physical
timer hopelessly trap to EL2. Stash off the value of HCR_EL2 and use it
in has_hyp() to avoid this.
Reviewed by: andrew
Differential Revision: https://reviews.freebsd.org/D38884
Brooks Davis [Fri, 3 Mar 2023 16:20:18 +0000 (16:20 +0000)]
NgATM: deprecate
Support for ATM NICs was removed prior to FreeBSD 12. At the time it
was unclear if this code was still useful without it. Now the time has
come to finish removing support.
Add DREPRECATION NOTICEs to the manpages and gone_in(14, ...) warnings
in the constructors (or module init for ngatmbase).
Ihor Antonov [Fri, 3 Mar 2023 05:17:02 +0000 (23:17 -0600)]
daemon: set supervise_enabled during argument processing
Now when supervsion mode has it's own variable there is really no
reason to set it separately from the rest of the variables. Move
initialization of supervise_enabled var to the argument processing
switch loop, where it belongs.
Ihor Antonov [Fri, 3 Mar 2023 05:17:02 +0000 (23:17 -0600)]
daemon: decouple restart variable
The 'restart' variable was responsible for enablement of restart
behavior and for restart delay. While it may seem convenient it
leads to cluttering the exit/restart logic
Jessica Clarke [Fri, 3 Mar 2023 02:15:30 +0000 (02:15 +0000)]
Makefile.inc1: Support building with macOS Ventura's AMFI Launch Constraints
As of macOS Ventura, Apple-signed binaries cannot be run if copied away from
their system location. This security feature doesn't really make sense for
boring things like sh(1), more so for applications with special entitlements,
but it's universally present, and results in the following error:
>>> Install check world
bmake[2]: "/Users/Jess/cheri/freebsd/Makefile.inc1" line 572: warning: "MAKEFLAGS= CPUTYPE=dummy /Users/Jess/cheri/build/freebsd-riscv64-build/bmake-install/bin/bmake -f /dev/null -m /Users/Jess/cheri/freebsd/share/mk MK_AUTO_OBJ=no -V CPUTYPE" exited on a signal
bmake[2]: "/Users/Jess/cheri/freebsd/Makefile.inc1" line 575: CPUTYPE global should be set with ?=.
As with host-symlinks, we don't actually need to copy the files on macOS, since
we're not updating the current machine, so copy its approach and just symlink
them instead.
Ed Maste [Thu, 2 Mar 2023 23:54:52 +0000 (18:54 -0500)]
freebsd-update: use grep -E instead of egrep
GNU egrep emits a warning that it is obsolescent and suggests grep -E
instead. Switch to grep -E in case we end up invoking GNU (e)grep (and
for consistency with other invocations in this file).
Reported by: Steffen Nurpmeso
Sponsored by: The FreeBSD Foundation
Rick Macklem [Thu, 2 Mar 2023 21:09:01 +0000 (13:09 -0800)]
vfs_mount.c: Allow mountd(8) to do exports in a vnet prison
To run mountd in a vnet prison, three checks in vfs_domount()
and vfs_domount_update() related to doing exports needed
to be changed, so that a file system visible within the
prison but mounted outside the prison can be exported.
I did all three in a minimal way, only changing the checks for
the specific case of a process (typically mountd) doing exports
within a vnet prison and not updating the mount point in other
ways. The changes are:
- Ignore the error return from vfs_suser(), since the file
system being mounted outside the prison will cause it to fail.
- Use the priv_check(PRIV_NFS_DAEMON) for this specific case
within a prison.
- Skip the call to VFS_MOUNT(), since it will return an error,
due to the "from" argument not being set correctly. VFS_MOUNT()
does not appear to do anything for the case of doing exports only.
Warner Losh [Thu, 2 Mar 2023 17:57:43 +0000 (10:57 -0700)]
kboot: Fix hostdisk_override
We were assuming that hostdisk_override was both a directory and a
file, which is not going to work very well. It's supposed to be a
single file, so recode it as such. Simplify erorr handling a little as
well and fix a return type-mismatch that doesn't matter for the
generated code (return NULL is the same as return false in this
context)
Stéphane Rochoy [Thu, 2 Mar 2023 15:16:35 +0000 (08:16 -0700)]
ftgpio: Fix panic at attach and use better device description
Use ftgpio_group_get_status instead of inlining an imperfect
version of it to get correct register and avoid
panic: ftgpio_group_get_ioreg: invalid register 0 for group 0
Ihor Antonov [Thu, 2 Mar 2023 03:00:42 +0000 (21:00 -0600)]
daemon: move syslog facility and syslog tag into log_params
Since struct log_params already contains logging-related
varaiables, including syslog-related, move remaining
syslog-related variables into struct log_params as well
Ihor Antonov [Thu, 2 Mar 2023 03:00:42 +0000 (21:00 -0600)]
daemon: make dosyslog variable a bool and give it a better name
Following style(9) and C99 recommendation use bool instead of
int for boolean operations. Also give the variable a more descriptive
name that follows boolean naming convention.
Ihor Antonov [Thu, 2 Mar 2023 03:00:41 +0000 (21:00 -0600)]
daemon: initialize mask_orig with sigemptyset()
consolidation of variable declarations and initializations in previous
commit allowed me to detect that one of the signal masks is not properly
initialized with sigemptyset (as man 3 sigsetops demands)
Ihor Antonov [Thu, 2 Mar 2023 03:00:41 +0000 (21:00 -0600)]
daemon: consolidate variable declarations and initializaions
- improve readability by breaking apart single-line multi-variable declarations
- initialize simple variables at declaration site
- move other top-level variable initializations closer declarations
to avoid potential UB and unclutter the use-site.
Ed Maste [Wed, 14 Dec 2022 17:34:59 +0000 (12:34 -0500)]
freebsd-update: re-edit files if merge conflict markers remain
freebsd-update will open ${EDITOR} if conflicts occur while merging
updates to config files. Inform the user if they've left conflict
markers behind, and go back to editing the file.
PR: 185546
PR: 229689
Reviewed by: delphij
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37703
Rick Macklem [Wed, 1 Mar 2023 23:29:25 +0000 (15:29 -0800)]
svc_rpcsec_gss.c: Separate out the non-vnet initialization
Without this patch, a single initialization function was
used to initialize both the vnet'd and non-vnet'd data.
This patch separates out the non-vnet'd initializations
into a separate function invoked by SYSINIT().
This avoids use of IS_DEFAULT_VNET() in the initialization
functions and also configures the non-vnet'd initialization
function to be called first, although ordering is not
currently needed.
Rick Macklem [Wed, 1 Mar 2023 23:25:35 +0000 (15:25 -0800)]
nfs_fha_new: Fix nfs_fha_new so that sysctls work in prisons
The sysctls were in "struct fha_params", making it impractical
to vnet them. This patch moves the sysctls out of "struct fha_params"
and vnet's them, so that they are available in vnet prisons
running nfsd(8). It also avoids the IS_DEFAULT_VNET() macros
in the VNET_SYSINIT() function.