Olivier Certner [Tue, 30 May 2023 16:35:08 +0000 (18:35 +0200)]
setusercontext(): Apply personal settings only on matching effective UID
Commit 35305a8dc114 (r211393) added a check on whether 'uid' was equal
to getuid() before calling setlogincontext(). Doing so still allows
a setuid program to apply resource limits and priorities specified in
a user-controlled configuration file ('~/.login_conf') where
a non-setuid program could not. Plug the hole by checking instead that
the process' effective UID is the target one (which is likely what was
meant in the initial commit).
PR: 271750
Reviewed by: kib, des
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40351
Approved by: so
Security: FreeBSD-EN-24:02.libutil
Kristof Provost [Wed, 29 Nov 2023 18:06:31 +0000 (19:06 +0100)]
pf: remove incorrect fragmentation check
We do not need to check PFDESC_IP_REAS while tracking TCP state.
Moreover, this check incorrectly considers no-data packets (e.g. RST) to
be in-window when this flag is not set.
Dimitry Andric [Wed, 22 Nov 2023 18:23:06 +0000 (19:23 +0100)]
compiler-rt: avoid segfaults when re-exec'ing with ASLR
The ReExec() function that re-executes the binary after
turning off ASLR should not call elf_aux_info(3) and realpath(3), since
these will also be intercepted. Instead, loop directly over the elf aux
info vector to find the executable path, and avoid calling realpath(3)
since it is actually unwanted for this use case.
Christos Zoulas [Wed, 30 Aug 2023 20:37:24 +0000 (20:37 +0000)]
regcomp: use unsigned char when testing for escapes
- cast GETNEXT to unsigned where it is being promoted to int to prevent
sign-extension (really it would have been better for PEEK*() and
GETNEXT() to return unsigned char; this would have removed a ton of
(uch) casts, but it is too intrusive for now).
- fix an isalpha that should have been iswalpha
Kyle Evans [Thu, 12 Oct 2023 02:51:07 +0000 (21:51 -0500)]
freebsd-update: create deep BEs by default
The -r flag to bectl needs to go away, and we need to just do the right
thing. In the meantime, we can apply an -r in freebsd-update as a
minimal fix to stop creating partial backups in these (non-default) deep
BE setups.
Mariusz Zaborski [Mon, 23 Oct 2023 21:03:51 +0000 (23:03 +0200)]
cap_net: correct capability name from addr2name to name2addr
Previously, while checking name2addr capabilities, we mistakenly used
the addr2name set. This error could cause a process to inadvertently
reset its limitations.
The commit that purported to fix CVE-2014-8611 (805288c2f062) only hid
it behind another bug. Two later commits, 86a16ada1ea6 and 44cf1e5eb470, attempted to address this new bug but mostly just confused
the issue. This commit rolls back the three previous changes and fixes
CVE-2014-8611 correctly.
The key to understanding the bug (and the fix) is that `_w` has
different meanings for different stream modes. If the stream is
unbuffered, it is always zero. If the stream is fully buffered, it is
the amount of space remaining in the buffer (equal to the buffer size
when the buffer is empty and zero when the buffer is full). If the
stream is line-buffered, it is a negative number reflecting the amount
of data in the buffer (zero when the buffer is empty and negative buffer
size when the buffer is full).
At the heart of `fflush()`, we call the stream's write function in a
loop, where `t` represents the return value from the last call and `n`
the amount of data that remains to be written. When the write function
fails, we need to move the unwritten data to the top of the buffer
(unless nothing was written) and adjust `_p` (which points to the next
free location in the buffer) and `_w` accordingly. These variables have
already been set to the values they should have after a successful
flush, so instead of adjusting them down to reflect what was written,
we're adjusting them up to reflect what remains.
The bug was that while `_p` was always adjusted, we only adjusted `_w`
if the stream was fully buffered. The fix is to also adjust `_w` for
line-buffered streams. Everything else is just noise.
Fixes: 805288c2f062 Fixes: 86a16ada1ea6 Fixes: 44cf1e5eb470
Sponsored by: Klara, Inc.
Andrew Turner [Mon, 18 Sep 2023 16:34:51 +0000 (17:34 +0100)]
arm64: Fix errata workarounds that depend on smccc
Some arm64 errata depend on calling into the firmware via the SMCCC
interface. This needs to happen after the psci driver has attached
as they share the interface.
Fix this by allowing the workarounds to mark when they depend on
device drivers attaching.
This is only an issue on CPU 0 as the workarounds are applied later
for the non-boot CPUs.
Reviewed by: emaste
Approved by: so
Security: FreeBSD-SA-23:14.smccc
Security: CVE-2023-5370
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D41916
When using copy_file_range(2) with an offset parameter,
the CAP_SEEK capability should be required.
This requirement is similar to the behavior observed with
pread(2)/pwrite(2).
Ed Maste [Wed, 27 Sep 2023 13:36:33 +0000 (09:36 -0400)]
freebsd-update: handle file -> directory on upgrade
Upgrading from FreeBSD 13.2 to 14.0 failed with
install: ///usr/include/c++/v1/__string exists but is not a directory
because __string changed from a file to a directory with an LLVM
upgrade.
Now, remove the existing file when the type conflicts. Note that this
is only an interim fix to facilitate upgrades from 13.2 for 14.0 BETA
testing. This change does not handle the directory -> file case and
further work is needed.
PR: 273661
Reviewed by: dim, gordon
Approved by: so
Security: FreeBSD-EN-23:12.freebsd-update
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41893
With 'scrub fragment reassemble' if a packet contains multiple IPv6
fragment headers we would reassemble the packet and immediately
continue processing it.
That is, we'd remove the first fragment header and expect the next
header to be a final header (i.e. TCP, UDP, ICMPv6, ...). However, if
it's another fragment header we'd not treat the packet correctly.
That is, we'd fail to recognise the payload and treat it as if it were
an IPv6 fragment rather than as its actual payload.
Fix this by restarting the normalisation on the reassembled packet.
If there are multiple fragment headers drop the packet.
Reported by: Enrico Bassetti bassetti@di.uniroma1.it (NetSecurityLab @ Sapienza University of Rome)
Sponsored by: Rubicon Communications, LLC ("Netgate")
Approved by: so
Security: FreeBSD-SA-23:10.pf
Security: CVE-2023-4809
Colin Percival [Fri, 5 May 2023 03:00:58 +0000 (20:00 -0700)]
freebsd-update: Fix merging already-updated files
When performing an "upgrade" (moving between FreeBSD releases, as
opposed to "update" which merely applies security/errata updates
to the installed release) FreeBSD Update:
1. Generates a list of "files needing to be merged", namely those
files which don't match the version installed in the "old" release
and have paths matching the MergeChanges configuration directive
(by default, /boot/device.hints and everything under /etc/).
and later on,
2. Compares the currently-installed files to the versions in the
"new" release, removing index entries for files which "don't need
to be updated because they're not changing".
Unfortunately if a file falls into both of these categories -- that
is to say, if a file in /etc/ is the same as the version in the new
release and not the same as the version in the old release -- the
resulting "merge" step saw that the file was no longer listed as
being part of the new release, resulting in the file being deleted.
For the first 18 years of FreeBSD Update's existence, this never
happened, since $FreeBSD$ tags resulted in "new release" files
always being different from any files systems would already have
installed.
This commit fixes this behaviour by only placing a file into the
"files needing to be merged" list if it does not match the version
in the old release *or* the version in the new release.
Reported by: des
Reviewed by: delphij (earlier version), des, emaste
Approved by: so
Security: FreeBSD-EN-23:09.freebsd-update
Differential Revision: https://reviews.freebsd.org/D39973
John Baldwin [Thu, 29 Jun 2023 18:27:12 +0000 (11:27 -0700)]
bhyve: Fully reset the fwctl state machine if the guest requests a reset.
If a guest tries to reset the fwctl device while a pending request was
in flight, the fwctl state machine can be left in an incomplete state.
Specifically, rinfo is not cleared.
Normally the state machine for fwctl alternates between REQ (receiving
request) and RESP (sending response) and ignores port writes while in
RESP or port reads while in REQ. Once a guest completes the writes to
the port to send a request, the state machine transitions to RESP and
ignores future writes.
However, if a guest writes a full request and then resets the fwctl
device, the state would transition to REQ without draining the pending
response or discarding the received request. Instead, additional
port writes after the reset were treated as new payload bytes, but
were appended to the previously-received request and could overflow
the fget_str buffer.
To fix, fully reset the fwctl state machine if the guest requests a
reset.
admbugs: 998
Approved by: so
Reviewed by: markj
Reported by: Omri Ben Bassat <t-benbassato@microsoft.com>
Security: FreeBSD-SA-23:07.bhyve
Security: CVE-2023-3494
Cy Schubert [Wed, 31 May 2023 19:20:27 +0000 (12:20 -0700)]
pam_krb5: Fix spoofing vulnerability
An adversary on the network can log in via ssh as any user by spoofing
the KDC. When the machine has a keytab installed the keytab is used to
verify the service ticket. However, without a keytab there is no way
for pam_krb5 to verify the KDC's response and get a TGT with the
password.
If both the password _and_ the KDC are controlled by an adversary, the
adversary can provide a password that the adversary's spoofed KDC will
return a valid tgt for. Currently, without a keytab, pam_krb5 is
vulnerable to this attack.
Reported by: Taylor R Campbell <riastradh@netbsd.org> via emaste@
Reviewed by: so
Approved by: so
Security: FreeBSD-SA-23:04.pam_krb5
Security: CVE-2023-3326
Before the commit 6cc44223cb6717795afdac4348bbe7e2a968a07d the
field event_mask was fully copied to the EventMasks field.
After this commit the event_mask (uint8_t) is 4 times casted to
EventMask (uint32_t). Because of that 24 bits of each event_mask array
is lost.
This commits brings back simple copying of field, and after words
converting 32 bits field to the requested endian.
I don't think we need more sophisticated method,
as the array is of size 4 (for 32 bits version).
loader: comconsole: don't unconditionally wipe out hw.uart.console
It may be the case that we need to set hw.uart.console manually in some
scenarios that comconsole can't necessarily support. Avoid clobbering
hw.uart.console unless we've actually selected comconsole so that one
could at least get kernel console output..
The tzdata 2023c release reverts all changes made in 2023b other than
commentary, as that appears to be the best of a bad set of short-notice
choices for modeling this week's daylight saving chaos in Lebanon.
Mark Johnston [Wed, 10 Nov 2021 21:57:12 +0000 (16:57 -0500)]
mbuf: Fix an offset calculation in m_apply_extpg_one()
We were not including the requested starting offset in the page offset.
Approved by: re (cperciva)
Reviewed by: jhb
Fixes: 3c7a01d773ac ("Extend m_apply() to support unmapped mbufs.")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32922
Warner Losh [Wed, 22 Mar 2023 02:25:58 +0000 (20:25 -0600)]
_endian.h: Include sys/cdefs.h for visibility macros
BYTE_ORDER, LITTLE_ENDIAN and BIG_ENDIAN will be required by the
forthcoming POSIX Issue 8. In addition, they are provided in the BSD
compilation environments. However, depending on the order includes
happend, sys/cdefs.h may or may not be included when endian.h is
included. Include it here so we can safely test __BSD_VISIBLE. Add
visibility when we're compiling in the future for issue 8, but since the
date number for issue 8 hasn't been fixed, use strictly greater than the
issue 7 date.of 200809.
This had the side effect of sometimes (in the traditional BSD
compliation environment)
#if BYTE_ORDER == LITTLE_ENDIAN
and
#if BYTE_ORDER == BIG_ENDIAN
both being true because none of these were defined. This fixes
that. It also fixes including it after <stdio.h> but not before.
Mark Johnston [Mon, 20 Mar 2023 18:16:00 +0000 (14:16 -0400)]
kerneldump: Inline dump_savectx() into its callers
The callers of dump_savectx() (i.e., doadump() and livedump_start())
subsequently call dumpsys()/minidumpsys(), which dump the calling
thread's stack when writing the dump. If dump_savectx() gets its own
stack frame, that frame might be clobbered when its caller later calls
dumpsys()/minidumpsys(), making it difficult for debuggers to unwind the
stack.
Fix this by making dump_savectx() a macro, so that savectx() is always
called directly by the function which subsequently calls
dumpsys()/minidumpsys().
This fixes stack unwinding for the panicking thread from arm64
minidumps. The same happened to work on amd64, but kgdb reports the
dump_savectx() calls as coming from dumpsys(), so in that case it
appears to work by accident.
Approved by: re (gjb)
Fixes: c9114f9f86f9 ("Add new vnode dumper to support live minidumps")
Reviewed by: mhorne, jhb
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D39151
Ed Maste [Thu, 16 Mar 2023 14:29:55 +0000 (10:29 -0400)]
ssh: Update to OpenSSH 9.3p1
This release fixes a number of security bugs and has minor new
features and bug fixes. Security fixes, from the release notes
(https://www.openssh.com/txt/release-9.3):
This release contains fixes for a security problem and a memory
safety problem. The memory safety problem is not believed to be
exploitable, but we report most network-reachable memory faults as
security bugs.
* ssh-add(1): when adding smartcard keys to ssh-agent(1) with the
per-hop destination constraints (ssh-add -h ...) added in OpenSSH
8.9, a logic error prevented the constraints from being
communicated to the agent. This resulted in the keys being added
without constraints. The common cases of non-smartcard keys and
keys without destination constraints are unaffected. This problem
was reported by Luci Stanescu.
* ssh(1): Portable OpenSSH provides an implementation of the
getrrsetbyname(3) function if the standard library does not
provide it, for use by the VerifyHostKeyDNS feature. A
specifically crafted DNS response could cause this function to
perform an out-of-bounds read of adjacent stack data, but this
condition does not appear to be exploitable beyond denial-of-
service to the ssh(1) client.
The getrrsetbyname(3) replacement is only included if the system's
standard library lacks this function and portable OpenSSH was not
compiled with the ldns library (--with-ldns). getrrsetbyname(3) is
only invoked if using VerifyHostKeyDNS to fetch SSHFP records. This
problem was found by the Coverity static analyzer.
Approved by: re (cperciva)
Sponsored by: The FreeBSD Foundation
Cy Schubert [Tue, 7 Feb 2023 15:46:59 +0000 (07:46 -0800)]
heimdal: Resolve hdb_free_entry() SIGSEGV/SIGILL
When the client sends kadmind a create principal (kadm_create) request
kadm_s_create_principal() returns an error before zeroing out ent (an
hdb entry structure wrapper -- hdb_entry_ex), resulting in a NULL
reference.
When CVE-2022-3437 was fixed by changing memcmp to be a constant
time and the workaround for th e compiler was to add "!=0". However
the logic implmented was inverted resulting in CVE-2022-4152.
Tom Hukins [Sat, 4 Mar 2023 15:59:02 +0000 (08:59 -0700)]
netlink: Fix "version introduced" documentation
netlink(4) and associated features will exist in FreeBSD 14.0 but they
will also exist in 13.2, an older version, from commits such as 02b958b1
and b309249b.
This commit needs merging to stable/13 and releng/13.2.
MFC after: 2days (needs to be in RC2)
Reviewed by: imp,melifaro
Pull Request: https://github.com/freebsd/freebsd-src/pull/651
Approved by: re@ (cperciva)
Warner Losh [Mon, 13 Mar 2023 20:28:51 +0000 (14:28 -0600)]
makefs: make msdos creation go fast
Add missing brelse(bp). Without it the cache grows and we have a n^2
lookup. I'm not entirely sure why we read the block before we write it
back out, since the only side effect of that is to allocate memory,
clear the memory, read it in from disk, throw it away with the contents
of the file being written out. We likely should just do a getblk() here
instead, but even with all that, this takes the time it takes to create
a 150MB msdos fs image down from 5 minutes to 30 seconds.
See code review for how we got this. tl;dr: netbsd move brelse
into bwrite and we picked up msdos code after that, but not the
move. That change should be picked up later.
Justin Hibbits [Sun, 12 Mar 2023 15:46:57 +0000 (11:46 -0400)]
powerpc/pmap: Add pmap_sync_icache() for radix pmap
DTrace pid provider writes to user space to set breakpoints. Failing to
sync the icache can lead to SIGTRAP. Radix pmap is the only one missing
a pmap_sync_icache() method, so the pid provider would only potentially
crash a process on a POWER9 or later system.
Justin Hibbits [Sat, 11 Mar 2023 16:30:00 +0000 (11:30 -0500)]
dtrace/powerpc: "Fix" stack traces across trap frames
In function boundary tracing the link register is not yet saved to the
save stack location, so the save point contains whatever the previous
'lr' save was, or even garbage, at the time the trap is taken. Address
this by explicitly loading the link register from the trap frame instead
of the stack, and propagate that out.
Mark Johnston [Wed, 1 Mar 2023 20:21:30 +0000 (15:21 -0500)]
epair: Simplify the transmit path and address lost wakeups
epairs currently shuttle all transmitted packets through a single global
taskqueue thread. To hand packets over to the taskqueue thread, each
epair maintains a pair of ring buffers and a lockless scheme for
notifying the thread of pending work. The implementation can lead to
lost wakeups, causing to-be-transmitted packets to end up stuck in the
queue.
Rather than extending the existing scheme, simply replace it with a
linked list protected by a mutex, and use the mutex to synchronize
wakeups of the taskqueue thread. This appears to give equivalent or
better throughput with >= 16 producer threads and eliminates the lost
wakeups.
Mark Johnston [Mon, 6 Mar 2023 14:39:17 +0000 (09:39 -0500)]
epair: Avoid loading m_flags into a short
The m_flags field of struct mbuf is 24 bits wide and so gets truncated
in a couple of places in the epair code. Instead of preserving the
entire flag set, just remember whether M_BCAST or M_MCAST is set.
Approved by: re (cperciva)
MFC after: 1 week
Sponsored by: Klara, Inc.
Gordon Bergling [Sun, 26 Feb 2023 13:33:58 +0000 (14:33 +0100)]
route.8: Fix mandoc warnings
- skipping end of block that is not open: Oc
- no blank before trailing delimiter
- remove useless TN macros
- remove commented out reference for esis(4)
Approved by: re (cperciva)
Differential Revision: https://reviews.freebsd.org/D38783
Gordon Bergling [Sun, 26 Feb 2023 13:15:34 +0000 (14:15 +0100)]
route.8: Add information about ROUTE_MPATH and FIB_ALGO
Since the kernel options ROUTE_MPATH and FIB_ALGO are enabled
per default for a while, it's good to have some user facing
documetation about the general functionality of multipath
routing and fib lookup algorithms.
Reviewed by: pauamma, Jose Luis Duran <jlduran at gmail dot com>
Approved by: re (cperciva)
Differential Revision: https://reviews.freebsd.org/D38783
Tijl Coosemans [Wed, 15 Feb 2023 20:09:51 +0000 (21:09 +0100)]
rc.d: Generate machine-id from hostid_save
rc.d/hostid_save saves a UUID generated by rc.d/hostid in /etc/hostid.
Store the same UUID, without hyphens, in /etc/machine-id. The hyphens
are removed with a shell function because hostid_save runs before file
systems are mounted so other tools may not be available yet.
This eliminates some duplication between hostid and machine-id and for
virtual machines machine-id now contains the UUID configured in the
hypervisor like it does on Linux.
Mike Karels [Tue, 28 Feb 2023 13:55:35 +0000 (07:55 -0600)]
growfs_fstab startup script: set dumpdev to AUTO
The growfs_fstab script has been testing dumpdev, and if it is AUTO,
enables dumps on the newly-added swap device for the initial boot.
However, dumpdev defaults to AUTO on main, but NO on stable/13 and
release branches. On the other hand, bsdinstall adds dumpdev="AUTO"
by default (controlled by a menu item). bsdinstall is not used when
booting an SD card or other disk image. Adopt the default from
bsdinstall, and set dumpdev to AUTO in /etc/rc.conf in the
growfs_fstab script if a swap partition has been added, along with
the explanatory comment added by bsdinstall.
Approved by: re (cperciva)
Differential Revision: https://reviews.freebsd.org/D38751
Colin Percival [Sun, 5 Mar 2023 20:10:57 +0000 (12:10 -0800)]
linux_80211: Don't dequeue lsta if not queued
This fixes an instapanic when restarting wpa_supplicant on my laptop's
iwlwifi device. After this change, iwlwifi enters a nonfunctional
state if wpa_supplicant is restarted, but "service netif restart wlan0"
is enough to get it working again.
Xin LI [Sun, 5 Mar 2023 09:40:13 +0000 (01:40 -0800)]
xz: Improve compatibility with systems without capability mode support
When the kernel is built without capability mode support, or when
using an emulator like qemu-user-static that does not translate
system calls, these calls will return a negative number and set
the errno to ENOSYS. However, this error does not indicate a
real programming or runtime error and is generally ignored by
base system applications built with capability mode sandboxing.
Match this behavior by making xz(1) to ignore ENOSYS errors
when calling capability mode system calls too.
PR: 269185
Reported by: Dan Kotowski
Approved by: re (cperciva)
Mark Johnston [Sat, 25 Sep 2021 14:15:31 +0000 (10:15 -0400)]
amd64: Avoid copying td_frame from kernel procs
When creating a new thread, we unconditionally copy td_frame from the
creating thread. For threads which never return to user mode, this is
unnecessary since td_frame just points to the base of the stack or a
random interrupt frame.
If KASAN is configured this copying may also trigger false positives
since the td_frame region may contain poisoned stack regions. It was
not noticed before since thread0 used a dummy proc0_tf trapframe, and
kernel procs are generally created by thread0. Since commit df8dd6025af88a99d34f549fa9591a9b8f9b75b1, though, we call
cpu_thread_alloc(&thread0) when initializing FPU state, which
reinitializes thread0.td_frame.
Work around the problem by not copying the frame unless the copying
thread came from user mode. While here, de-duplicate the copying and
remove redundant re(initialization) of td_frame.
Reported by: syzbot+2ec89312bffbf38d9aec@syzkaller.appspotmail.com
Reviewed by: kib
Approved by: re (delphij)
Fixes: df8dd6025af8
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32057
The current code missed interface addition when reallocating
temporary buffer.
Tweak the code to perform the reallocation first and add
interface afterwards unconditionally.
Reported by: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>
Approved by: re (cperciva)
Brooks Davis [Fri, 3 Mar 2023 16:20:18 +0000 (16:20 +0000)]
NgATM: deprecate
Support for ATM NICs was removed prior to FreeBSD 12. At the time it
was unclear if this code was still useful without it. Now the time has
come to finish removing support.
Add DREPRECATION NOTICEs to the manpages and gone_in(14, ...) warnings
in the constructors (or module init for ngatmbase).
Ed Maste [Thu, 2 Mar 2023 23:54:52 +0000 (18:54 -0500)]
freebsd-update: use grep -E instead of egrep
GNU egrep emits a warning that it is obsolescent and suggests grep -E
instead. Switch to grep -E in case we end up invoking GNU (e)grep (and
for consistency with other invocations in this file).
Reported by: Steffen Nurpmeso
Approved by: re (cperciva)
Sponsored by: The FreeBSD Foundation
Dimitry Andric [Sat, 25 Feb 2023 15:25:57 +0000 (16:25 +0100)]
Ensure .inc files are regenerated when llvm/clang tblgen binaries change
When doing a fully incremental build (with WITHOUT_CLEAN enabled), from
a commit before llvm 15 was merged (3264f6b88fce), to a commit after
that, a number of .inc files were not regenerated. This could lead to
unexpected compilation errors when these .inc files were included from
llvm-project sources, similar to:
In file included from /usr/src/contrib/llvm-project/clang/lib/CodeGen/CGBuiltin.cpp:8268:
/usr/obj/usr/src/amd64.amd64/lib/clang/libclang/clang/Basic/arm_mve_builtin_cg.inc:279:18: error: no matching constructor for initialization of 'clang::CodeGen::Address'
Address Val2 = Address(Val1, CharUnits::fromQuantity(2));
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work around this by making the .inc files dependent on the tblgen binary
used for generating them. E.g., we can relatively safely assume that if
the binary gets updated, the .inc files must also be updated. (Although
this is not 100% optimal, the gain by complicating things even more is
probaby not worth the effort.)
Approved by: re (cperciva)
MFC after: 3 days
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D38770
Ed Maste [Wed, 14 Dec 2022 17:34:59 +0000 (12:34 -0500)]
freebsd-update: re-edit files if merge conflict markers remain
freebsd-update will open ${EDITOR} if conflicts occur while merging
updates to config files. Inform the user if they've left conflict
markers behind, and go back to editing the file.
PR: 185546
PR: 229689
Reviewed by: delphij
Approved by: re (cperciva)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37703
Dmitry Chagin [Sun, 26 Feb 2023 13:42:22 +0000 (16:42 +0300)]
linprocfs(4): Fixup process size in the /proc/pid/stat file
According to the Linux sources the kernel exposes a proces virtual
memory size via proc filesystem into the three files - stat, status
and statm. This is the struct mm->total_vm value adjusted to the
corresponding units - bytes, kilobytes and pages.
The fix is based on a fernape@ analysis.
Approved by: re (delphij)
PR: 265937
Reported by: Ray Bellis
MFC after: 3 days
Reported by: David Leadbeater, G-Research
Reviewed by: gordon
Approved by: re (delphij)
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D38648
Mina Galić [Tue, 28 Feb 2023 02:58:45 +0000 (19:58 -0700)]
apic: prevent divide by zero in CPU frequency init
If a CPU for some reason returns 0 as CPU frequency, we currently panic
on the resulting divide by zero when trying to initialize the CPU(s) via
APIC. When this happens, we'll fallback to measuring the frequency
instead.