A bug in release/packages/generate-ucl.sh causes package dependencies
(other than shlib depends) to not be generated correctly, meaning
packages are missing their dependencies.
generate-ucl.sh creates the UCL file by:
1. copying ${uclsource} (template.ucl) to ${uclfile}
2. appending dependencies to ${uclfile}
3. calling generate-ucl.lua on ${uclsource} to create ${uclfile}
This breaks because the dependencies added in step 2 are overwritten in
step 3.
Fix this by calling generate-ucl.lua with ${uclfile} as both the input
and output file, so anything we added to ${uclfile} is preserved.
Mark Johnston [Mon, 29 Apr 2024 14:19:27 +0000 (10:19 -0400)]
arm64/vmm: Handle VM_EXITCODE_SUSPENDED
This is required for bhyve reboot to work. In particular, unless we
suspend vcpu threads here, vm_reinit() will fail with EBUSY.
The implementation is copied from amd64; in the not-too-distant future
the amd64 and arm64 copies of vmm.c and vmm_dev.c will be merged, so
for now it's useful to minimize diffs between amd64 and arm64.
Reviewed by: corvink, andrew
MFC after: 2 weeks
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D44934
rights.4: various corrections on capability rights
- A file descriptor obtained from accept(2), accept4(2) and openat(2)
is not always assigned all capability rights. Instead, it inherits
capability rights from the "parent" socket/dir file descriptor.
- getdents(2) and getdirentries(2) requires CAP_READ.
- openat(2) with O_WRONLY|O_TRUNC does not require CAP_SEEK.
package: move OpenBSM auditing into its own package
Move auditing runtime (auditd, etc.) into the new FreeBSD-audit package.
Also move the runtime OpenBSM manual pages from libbsm into auditd so
they get installed with the right package.
Add an UPDATING entry noting the new packages.
Reviewed by: imp, manu
Pull Request: https://github.com/freebsd/freebsd-src/pull/1197
There are a few places in which unionfs_rename() accesses fvp's private
data without holding the necessary lock/interlock. Moreover, the
implementation completely fails to handle the case in which fdvp is not
the same as tdvp; in this case it simply fails to lock fdvp at all.
Finally, it locks fvp while potentially already holding tvp's lock, but
makes no attempt to deal with possible LOR there.
Fix this by optimistically using the vnode interlock to protect
the short accesses to fdvp and fvp private data, sequentially.
If a file copy or shadow directory creation is required to prepare
the upper FS for the rename operation, the interlock must be dropped
and fdvp/fvp locked as necessary.
Additionally, use ERELOOKUP (as suggested by kib@) to simplify the
locking logic and eliminate unionfs_relookup() calls for file-copy/
shadow-directory cases that require tdvp's lock to be dropped.
This check is not related to channel initializion, but is also
unnecessary, since sysctl_hw_snd_timeout() takes care of checking if
chn_timeout is within bounds.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D44992
pcm_chn_destroy() acts like a wrapper around chn_kill(), and
additionally calls a few more functions that should in fact be part of
chn_kill()'s logic. Merge pcm_chn_destroy()'s functionality in
chn_kill() to improve readability, as well as code layering.
While here, convert chn_kill() to void as it currently always returns 0.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D44984
The unit.* code is largely obsolete and imposes limits that are no
longer needed nowadays.
- Capping the maximum allowed soundcards in a given machine. By default,
the limit is 512 (snd_max_u() in unit.c), and the maximum possible is
2048 (SND_UNIT_UMAX in unit.h). It can also be tuned through the
hw.snd.maxunit loader(8) tunable. Even though these limits are large
enough that they should never cause problems, there is no need for
this limit to exist in the first place.
- Capping the available device/channel types. By default, this is 32
(snd_max_d() in unit.c). However, these types are pre-defined in
pcm/sound.h (see SND_DEV_*), so the cap is unnecessary when we know
that their number is constant.
- Capping the number of channels per-device. By default, the limit 1024
(snd_max_c() in unit.c). This is probably the most problematic of the
limits mentioned, because this limit can never be reached, as the
maximum is hard-capped at either hw.snd.maxautovchans (16 by default),
or SND_MAXHWCHAN and SND_MAXVCHANS.
These limtits are encoded in masks (see SND_U_MASK, SND_D_MASK,
SND_C_MASK in unit.h) and are used to construct a bitfield of the form
[dsp_unit, type, channel_unit] in snd_mkunit() which is assigned to
pcm_channel->unit.
This patch gets rid of everything unit.*-related and makes a slightly
different use of the "unit" field to only contain the channel unit
number. The channel type is stored in a new pcm_channel->type field, and
the DSP unit number need not be stored at all, since we can fetch it
from device_get_unit(pcm_channel->dev). This change has the effect that
we no longer need to impose caps on the number of soundcards,
device/channel types and per-device channels. As a result the code is
noticeably simplified and more readable.
Apart from the fact that the hw.snd.maxunit loader(8) tunable is also
retired as a side-effect of this patch, sound(4)'s behavior remains the
same.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: dev_submerge.ch
Differential Revision: https://reviews.freebsd.org/D44912
sound: Fix panic caused by sleeping-channel destruction during asynchronous detach
Currently we are force-destroying all channels unconditionally in
pcm_killchan(). However, since asynchronous audio device detach is
possible as of 44e128fe9d92, if we do not check whether the channel is
sleeping or not and forcefully kill it, we will get a panic from
cv_timedwait_sig() (called from chn_sleep()), because it will try to use
a freed lock/cv.
Modify pcm_killchan() (renamed to pcm_killchans() since that's a more
appropriate name now) to loop through the channel list and destroy only
the channels that are awake, otherwise wake up the sleeping thread and
try again. This loop is repeated until all channels are awakened and
destroyed.
To reduce code duplication, implement chn_shutdown() which wakes up the
channel and sets CHN_F_DEAD, and use it in pcm_unregister() and
pcm_killchans().
Reported by: KASAN
Fixes: 44e128fe9d92 ("sound: Implement asynchronous device detach")
Sponsored by: The FreeBSD Foundation
MFC after: 1 day
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D44923
sound: Fix NULL dereference in dsp_clone() and mixer_clone()
If we only have a single soundcard attached and we detach it right
before entering [dsp|mixer]_clone(), there is a chance pcm_unregister()
will have returned already, meaning it will have set snd_unit to -1, and
thus devclass_get_softc() will return NULL here.
While here, 1) move the calls to dsp_destroy_dev() and mixer_uninit()
below the point where we unset SD_F_REGISTERED, and 2) follow what
mixer_clone() does and make sure we don't use a NULL d->dsp_dev in
dsp_clone().
Reported by: KASAN
Sponsored by: The FreeBSD Foundation
MFC after: 1 day
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D44924
Chris Moerz [Fri, 26 Apr 2024 18:23:13 +0000 (15:23 -0300)]
bhyve.8: Update and rearrange to improve readability
bhyve's man page is a very long block of text that has grown to
proportions that make it hard to read. In particular, the level of
nesting of various content means man can no longer render the text in a
user-friendly way.
To remedy this:
- move the -s argument documentation into a separate section and
reformat the various arguments so they are consistent
- add documentation on how to use the -o config.dump feature
- make the listing of various arguments more consistent
- consolidated duplicate listings of TPM backends
- add an example for the config.dump feature
- fix various formatting inconsistencies.
Rick Macklem [Sun, 28 Apr 2024 00:10:48 +0000 (17:10 -0700)]
nfscl: Clear out a lot of cruft related to B_DIRECT
There is only one place in the unpatched sources where B_DIRECT is
set in the NFS client and this code is never executed. As such, this patch
removes this code that is never executed, since B_DIRECT should never
be set.
During a IETF testing event this week, I saw a crash in ncl_doio_directwrite(),
but this function is only called if B_DIRECT is set.
I cannot explain how ncl_doio_directwrite() got called, but once this patch
was applied to the sources, the crash did not recur. This is not surprising,
since this patch deleted the function.
At least for HDSPe RayDAT cards, newer firmware comes with RME's own PCI
vendor id instead of the Xilinx one. Other HDSPe cards are probably also
affected. Update snd_hdspe(4) to recognize both the old Xilinx and the
new RME vendor ids.
Differential Revision: https://reviews.freebsd.org/D44978
MFC after: 1 day
Rick Macklem [Sat, 27 Apr 2024 00:55:24 +0000 (17:55 -0700)]
krpc: Ref cnt the client structures for TLS upcalls
A crash occurred during testing, where the client structures had
already been free'd when the upcall thread tried to lock them.
This patch acquires a reference count on both of the structures
and these are released when the upcall is done, so that the
structures cannot be free'd prematurely. This happened because
the testing is done over a very slow vpn.
Found during a IETF bakeathon testing event this week.
This patch introduces support for a conversion specification for
nanoseconds.
The format of %N is meant to be compatible with that of GNU date.
The nanoseconds conversion specification is implemented directly in
date(1) instead of libc (in strftime(3)) to avoid introducing
non-standard functions to libc at this time and modifying struct tm.
Apart from introducing the nanoseconds conversion specification, this
patch brings the following changes:
- The "ns" format for ISO 8061 dates is now unlocked. E.g., date -Ins
prints:
2024-04-22T12:20:28,763742224+02:00
- The -r flag when fed a file is now aware of the nanosecond part of the last
modification time.
- date(1) is now able to set the time with nanosecond precision. It is
not possible as of now to do that by specifying nanoseconds directly
via the command-line arguments. Instead, the -r flag can be used.
- date(1) is now using the clock_gettime(3) family of functions instead
of ctime(3) family of functions where possible.
Rick Macklem [Fri, 26 Apr 2024 03:58:21 +0000 (20:58 -0700)]
nfscl: Do not use nfso_own for delayed nfsrpc_doclose()
When an initial attempt to close an NFSv4 lock returns NFSERR_DELAY,
the open structure is put on a list for delayed closing. When this
is done, the nfso_own field is set to NULL, so it cannot be used by
nfsrpc_doclose().
Without this patch, the NFSv4 client can crash when a NFSv4 server
replies NFSERR_DELAY to a Close operation. Fortunately, most extant
NFSv4 servers do not do this. This patch avoids the crash for any
that do return NFSERR_DELAY for Close.
Found during a IETF bakeathon testing event this week.
Warner Losh [Thu, 25 Apr 2024 23:47:18 +0000 (17:47 -0600)]
nvmecontrol: Flesh out nvmecontrol format information
The format command takes a number of different parameters. Include a
brief summary of what the values mean, though since the driver's support
for metadata is at best weak, 0's are almost always used for values
other than -f format. Add an example that ties it all together.
This isn't actually packaged by the sysutils/rpi-firmware port, so we
cannot include it in the image. Fix the RPI release build until an
interested party adds it to the port and packages are available.
Brooks Davis [Thu, 25 Apr 2024 21:38:15 +0000 (22:38 +0100)]
Revert "config.mk: Add MK_VIMAGE knob"
This commit broke "make makeman" checks in github CI due to a lack of
option description files. The split between VIMAGE and VIMAGE_SUPPORT
is not clearly justified and the code is broken because there is no
opt_vimage.h (it's in opt_global.h).
Commit 196787f79e67 erroneously assumed that the client code for
Open/Claim_deleg_cur_FH was broken, but it was not.
It was actually wireshark that was broken and indicated
that the correct XDR was bogus.
This reverts the part of 196787f79e67 that changed the arguments for
Open/Claim_deleg_cur_FH.
Found during the IETF bakeathon testing event this week.
* In the setup phase, wait for the server to start (or fail to start)
before proceeding with the test. This makes it possible to write test
cases that don't expect a response from the server without ending up
in a race over the server PID file.
* After running each test, wait up to 30 seconds for the server to exit
and check that the exit status matches what the test case says to
expect (usually 0).
* We still kill and collect the server in the cleanup phase, in case the
test ended early.
Merge commit 0f329e0246d1 from llvm-project (by Dimitry Andric):
[sanitizer_symbolizer] Cast arguments for format strings in markup (#89815)
When compiling the common sanitizer libraries, there are many warnings
about format specifiers, similar to:
compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_markup.cpp:31:32: warning: format specifies type 'void *' but the argument has type 'uptr' (aka 'unsigned long') [-Wformat]
31 | buffer->AppendF(kFormatData, DI->start);
| ~~~~~~~~~~~ ^~~~~~~~~
compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_markup_constants.h:33:46: note: format string is defined here
33 | constexpr const char *kFormatData = "{{{data:%p}}}";
| ^~
| %lu
compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_markup.cpp:46:43: warning: format specifies type 'void *' but the argument has type 'uptr' (aka 'unsigned long') [-Wformat]
46 | buffer->AppendF(kFormatFrame, frame_no, address);
| ~~~~~~~~~~~~ ^~~~~~~
compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_markup_constants.h:36:48: note: format string is defined here
36 | constexpr const char *kFormatFrame = "{{{bt:%u:%p}}}";
| ^~
| %lu
...
This is because `uptr` is dependent on the platform, and can be either
`unsigned long long`, `unsigned long`, or `unsigned int`.
To fix the warnings, cast the arguments to the expected type of the
format strings.
It turns out that the old code was correct and it was wireshark
that was broken and indicated that the RPC's XDR was bogus.
Found during IETF bakeathon testing this week.
Skip building libclang_rt when WITHOUT_CLANG is used
As noted in bug 277096, when building a pkgbase repository using
WITHOUT_CROSS_COMPILER and WITHOUT_TOOLCHAIN (which sets WITHOUT_CLANG),
the following residual files are left over:
This is because the lib/libclang_rt directory is still descended into,
even if WITHOUT_CLANG is used. Fix it by not descending into the
libclang_rt directory in that case.
Mark Johnston [Thu, 25 Apr 2024 13:35:38 +0000 (09:35 -0400)]
kthread: Set *tdptr earlier in kproc_kthread_add()
See commit ae77041e0714 ("kthread: Set *newtdp earlier in
kthread_add1()") for details. That commit was incomplete since
g_init()'s first call to kproc_kthread_add() will cause
kproc_kthread_add() to take the `*procptr == NULL` branch, which avoids
kthread_create().
To ensure that the thread pointer is initialized before the thread
starts running, we have to start the kernel process with RFSTOPPED.
We could perhaps go further and use RFSTOPPED only when tdptr != NULL,
but it's probably better to have consistent behaviour.
sync.8: Document that the "sync dance" is not a thing
People still believe that it is essential to run sync(8) a couple of
times before a reboot/halt. Document that this has not been necessary
for a long time now.
Reviewed by: imp, bcr, Pau Amma <pauamma@gundo.com>
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D33233
accept_filter: return different errors for non-listener and a busy socket
The fact that an accept filter needs to be cleared first before setting to
a different one isn't properly documented. The requirement that the
socket needs already be listening, although trivial, isn't documented
either. At least return a more meaningful error than EINVAL for an
existing filter. Cover this with a test case.
Andrew Turner [Mon, 8 Apr 2024 10:44:33 +0000 (10:44 +0000)]
arm64: Check DMAP address is valid in PHYS_IN_DMAP
When checking if a physical address is in the DMAP region we assume
all physical addresses between DMAP_MIN_PHYSADDR and DMAP_MAX_PHYSADDR
are able to be accesses through the DMAP. It may be the case that
there is device memory in this range that shouldn't be accessed through
the DMAP mappings.
Add a check to PHYS_IN_DMAP that the translated virtual address is a
valid kernel address. To support code that already checks the address
is valid add PHYS_IN_DMAP_RANGE.
Andrew Turner [Mon, 15 Apr 2024 14:36:20 +0000 (14:36 +0000)]
arm64/vmm: Ensure the tlbi has completed
Ensure the TLB is invalidated before enabling the EL2 MMU. Without
this the TLB may be in an inconsistant state leading to a possible
exception when enabling the MMU.