Commit Graph

285197 Commits

Author SHA1 Message Date
Shivank Garg
215bab7924 mac_ipacl: new MAC policy module to limit jail/vnet IP configuration
The mac_ipacl policy module enables fine-grained control over IP address
configuration within VNET jails from the base system.
It allows the root user to define rules governing IP addresses for
jails and their interfaces using the sysctl interface.

Requested by:	multiple
Sponsored by:	Google, Inc. (GSoC 2019)
MFC after:	2 months
Reviewed by:	bz, dch (both earlier versions)
Differential Revision: https://reviews.freebsd.org/D20967
2023-07-26 00:07:57 +00:00
Mike Karels
a1b6757313 arm64 lib32: enable building of lib32 on arm64
Enable LIB32 option on aarch64, defaulting to YES; it had defaulted
to "broken".  Add required variables for how to compile lib32 on
arm.  Use /usr/include/arm for armv7 (32-bit) headers, analogous to
/usr/include/i386 on amd64.  Omit libomp from lib32; it is not
supported on armv7.

Reviewed by:	jrtc27
Differential Revision:	https://reviews.freebsd.org/D40945
2023-07-25 18:59:52 -05:00
Mike Karels
d5d97bed4a arm64 lib32: prepare arm64 headers to redirect to arm
In order to compile lib32 libraries and other 32-bit code on arm64,
<machine/foo.h> needs to be redirected to an arm header rather
than arm64 when building with -m32.  Ifdef the arm64 headers that
are installed in /usr/include/machine and used by user-level software
(including references from /usr/include/*.h) so that if __arm__ is
defined when including the arm64 version, <arm/foo.h> is included
rather than using the rest of the file's contents.  Some arm headers
had no arm64 equivalent; headers were added just to do the redirection.
These files use #error if __arm__ is not defined to guard against
confusion.  Also add an include/arm Makefile, and modify Makefiles
as needed to install everything, including the arm files in
/usr/include/arm.  fenv.h comes from lib/msun/arm/fenv.h.

The new arm64 headers are:
    acle-compat.h
    cpuinfo.h
    sysreg.h

Reviewed by:	jrtc27, imp
Differential Revision:	https://reviews.freebsd.org/D40944
2023-07-25 18:59:26 -05:00
Mike Karels
f1d5183124 arm64 lib32: change clang to allow -m32 on arm64
The FreeBSD driver support for clang tested explicitly for 32-bit
Intel, MIPS, or PowerPC targets where /usr/lib32/libcrt1.o was
present to decide whether -m32 should use /usr/lib32.  At jrtc27's
suggestion, simply test for a 32-bit platform rather than adding
arm to the list.  Upstreamed as
3450272fc2
Bump the freebsd version to force a bootstrap build.  This is one
step in adding support for -m32 on arm64.

Reviewed by:	jrtc27, brooks, dim
Differential Revision:	https://reviews.freebsd.org/D40943
2023-07-25 18:58:51 -05:00
Mike Karels
81250b9cc7 Makefile.inc1: add LIBCOMPAT_INCLUDE_DIRS to reduce arch ifdefs
In preparation for adding support for building lib32 on arm64,
add a list of architecture-specific include directories,
LIBCOMPAT_INCLUDE_DIRS, then replace the architecture-specific
ifdefs throughout the file with simple loops.  Another commit
will add a definition of LIBCOMPAT_INCLUDE_DIRS for aarch64.

Reviewed by:	jrtc27
Differential Revision:	https://reviews.freebsd.org/D40977
2023-07-25 18:58:29 -05:00
Jessica Clarke
dd3ad7c21e tools/build: Tidy up whitespace and comments, and delete duplicate code
We already handle the make and bmake links unconditionally above.
2023-07-25 22:24:02 +01:00
Kirk McKusick
4a3444428d Comment cleanup.
MFC-after:    1 week
Sponsored-by: The FreeBSD Foundation
2023-07-25 14:07:31 -07:00
Kirk McKusick
4d512b0735 Debugging output additions. No functional changes intended.
MFC-after:    1 week
Sponsored-by: The FreeBSD Foundation
2023-07-25 14:03:43 -07:00
Brooks Davis
437e1e37df kern_sig.c: include sys/jail.h per style(9)
Fixes:		e722820434
Sponsored by:	DARPA
2023-07-25 18:13:17 +01:00
Vitaliy Gusev
65f8467e33
bhyvectl: Add '--get-debug-cpus' command
vmm and libvmmapi already have handlers for that. When adding debug
cpus, they were only used for the debug stub. Over time, they were
reused by other parts like snapshots or idle APs.

Reviewed by:		corvink, jhb
MFC after:		1 week
Sponsored by:		vStack
Differential Revision:	https://reviews.freebsd.org/D40804
2023-07-25 14:03:54 +02:00
Corvin Köhne
f0124ab111
bhyve: do not hold CRB mutex when executing TPM commands
TPM commands can take up to several seconds to execute. If we hold the
CRB mutex while executing the command, MMIO accesses could be blocked
for a long time. Therefore, just copy all required values and work on
the copied values.

Reviewed by:		markj
MFC after:		1 week
Sponsored by:		Beckhoff Automation GmbH & Co. KG
Differential Revision:	https://reviews.freebsd.org/D40724
2023-07-25 08:50:23 +02:00
Kyle Evans
b9b8a4769c RELNOTES: add a note about lua config files in loader
Scripted configuration can make safer some use-cases that currently use
local.lua, but don't actually need to access external resources to make
their changes.  Let's note the new feature in RELNOTES.

Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D40066
2023-07-24 23:35:25 -05:00
Warner Losh
814722d285 UPDATING: Update nvd info
Sponsored by:		Netflix
2023-07-24 22:32:39 -06:00
Warner Losh
f475b7108b UPDATING: Note CAM update
Not the update to standard uintXX_t from the traditional BSD u_intXX_t
types.

Sponsored by: Netflix
2023-07-24 22:25:57 -06:00
Warner Losh
f9ffa1ef25 libcam: Migrate to modern uintXX_t from u_intXX_t
As per https://lists.freebsd.org/archives/freebsd-scsi/2023-July/000257.html
move to the modern uintXX_t.

MFC After:	3 days
Sponsored by:	Netflix
2023-07-24 21:35:10 -06:00
Warner Losh
efff068cbf camcontrol: Migrate to modern uintXX_t from u_intXX_t
As per https://lists.freebsd.org/archives/freebsd-scsi/2023-July/000257.html
move to the modern uintXX_t.

MFC After:	3 days
Sponsored by:	Netflix
2023-07-24 21:32:57 -06:00
Warner Losh
73551d4f60 cam/mmc: Migrate to modern uintXX_t from u_intXX_t
As per https://lists.freebsd.org/archives/freebsd-scsi/2023-July/000257.html
move to the modern uintXX_t.

MFC After:	3 days
Sponsored by:	Netflix
2023-07-24 21:32:57 -06:00
Warner Losh
7f85b11c57 cam/nvme: Migrate to modern uintXX_t from u_intXX_t
As per https://lists.freebsd.org/archives/freebsd-scsi/2023-July/000257.html
move to the modern uintXX_t.

MFC After:	3 days
Sponsored by:	Netflix
2023-07-24 21:32:56 -06:00
Warner Losh
a74530d9e2 cam/ctl: Migrate to modern uintXX_t from u_intXX_t
As per https://lists.freebsd.org/archives/freebsd-scsi/2023-July/000257.html
move to the modern uintXX_t.

MFC After:	3 days
Sponsored by:	Netflix
2023-07-24 21:32:56 -06:00
Warner Losh
7c5d20a6c2 cam/scsi: Migrate to modern uintXX_t from u_intXX_t
As per https://lists.freebsd.org/archives/freebsd-scsi/2023-July/000257.html
move to the modern uintXX_t.

MFC After:	3 days
Sponsored by:	Netflix
2023-07-24 21:32:56 -06:00
Warner Losh
9db2db6bf6 cam/ata: Migrate to modern uintXX_t from u_intXX_t
As per https://lists.freebsd.org/archives/freebsd-scsi/2023-July/000257.html
move to the modern uintXX_t.

MFC After:	3 days
Sponsored by:	Netflix
2023-07-24 21:32:56 -06:00
Warner Losh
7af2f2c801 cam: Migrate to modern uintXX_t from u_intXX_t
As per https://lists.freebsd.org/archives/freebsd-scsi/2023-July/000257.html
move to the modern uintXX_t.

MFC After:	3 days
Sponsored by:	Netflix
2023-07-24 21:32:56 -06:00
Mark Johnston
789df254cc amd64: Use a larger boot stack
With sanitizers enabled, it becomes possible to overflow the stack when
only a single page is used.  Follow arm64's example and use the default
kernel stack size instead.  This is a bit wasteful, but without a guard
page, overflow merely corrupts adjacent .bss entries and is thus
difficult to debug.

Note, with a GENERIC kernel we already consume over half of the
available boot stack space, see the review for an example.

Reviewed by:	kib
Reported by:	Jenkins
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D41166
2023-07-24 18:49:36 -04:00
Konstantin Belousov
5b353925ff vnode read(2)/write(2): acquire rangelock regardless of do_vn_io_fault()
To ensure atomicity of reads against parallel writes and truncates,
vnode lock was not enough at least since introduction of vn_io_fault().
That code only take rangelock when it was possible that vn_read() and
vn_write() could drop the vnode lock.

At least since the introduction of VOP_READ_PGCACHE() which generally
does not lock the vnode at all, rangelocks become required even
for filesystems that do not need vn_io_fault() workaround.  For
instance, tmpfs.

PR:	272678
Analyzed and reviewed by:	Andrew Gierth  <andrew@tao11.riddles.org.uk>
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D41158
2023-07-25 01:02:59 +03:00
Mykola Hohsadze
4a07c77863 arm64/disassem.c: add extended register instruction definitions
Add disassembly support for the following extended register
instructions: add, adds, sub, subs, cmp, cmn.

Reviewed by:	mhorne
MFC after:	1 week
Pull Request:	https://reviews.freebsd.org/D40967
2023-07-24 17:51:11 -03:00
Mykola Hohsadze
e57b86266b arm64/disassem.c: remove redundant OP_RN_SP for TYPE_02
Removed redundant OP_RN_SP for TYPE_02, since these addressing modes
always use the SP register, never XZR.

Reviewed by:	mhorne
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D40588
2023-07-24 17:51:08 -03:00
John Baldwin
92103adbeb nvme: Use a memdesc for the request buffer instead of a bespoke union.
This avoids encoding CAM-specific knowledge in nvme_qpair.c.

Reviewed by:	chuck, imp, markj
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D41119
2023-07-24 10:32:58 -07:00
Marius Strobl
0b416346e1 bus_dma: Trim CAM includes from subr_bus_dma.c
These are no longer needed after commit c5312bd79e.  This did
require adding an include of <sys/limits.h> instead for SIZE_T_MAX
which previously was dragged in via header pollution.
2023-07-24 10:26:06 -07:00
Andrew Turner
7a16546025 arm: Only include sysreg.h when needed in asm.h
We only need sysreg.h for armv6 barriers

Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D41141
2023-07-24 17:58:16 +01:00
Andrew Turner
379c736c5a Add old arm headers to ObsoleteFiles.inc
Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D41140
2023-07-24 17:58:15 +01:00
Andrew Turner
29629d9e76 arm: Rename pte-v6.h to pte.h
There is no need for this to be versioned after the removal of armv4/v5

Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D41139
2023-07-24 17:58:15 +01:00
Andrew Turner
1e7dfc94cc arm: Move contents of pmap-v6.h into pmap.h
Previously we had an armv4/v5 and armv6/v7 copy of the pmap header. As
we have removed armv4/v5 support we can now merge the armv6/v7 code
into pmap.h

Reviewed by:	imp
Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D41138
2023-07-24 17:58:15 +01:00
Andrew Turner
67d39872e2 arm: Move contents of cpu-v6.h into cpu.h
Previously we had an armv4/v5 and armv6/v7 copy of the cpu.h header. As
we have removed armv4/v5 support we can now merge the armv6/v7 code
into cpu.h

Reviewed by:	imp
Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D41137
2023-07-24 17:58:14 +01:00
Andrew Turner
835927fd8e arm: Remove swi.h
It has been unneeded since moving to the Arm EABI

Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D41136
2023-07-24 17:58:14 +01:00
Andrew Turner
04b1532935 arm: Move contents of atomic-v6.h into atomic.h
Previously we had an armv4/v5 and armv6/v7 implementation of the atomic
operations. As we have removed armv4/v5 support we can now merge the
armv6/v7 code into atomic.h

Reviewed by:	imp
Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D41135
2023-07-24 17:58:13 +01:00
Andrew Turner
554cdf8f57 arm: Explain why _atomic_subword.h is needed
Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D41134
2023-07-24 17:58:13 +01:00
Andrew Turner
e0e5127ff4 Remove left over includes from armv4/v5
These includes were added for armv4 and armv5 support. Remove them as
this has been removed from the tree.

Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D41133
2023-07-24 17:58:13 +01:00
Kristof Provost
b03012d0b6 netinet6 tests: test for loss of Solicited-node multicast groups
The multicast code has an issue where it can lose the Solicited-node
multicast group subscription if the same address is added twice.

Test for this.

PR:		233683
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D41123
2023-07-24 16:47:50 +02:00
Kristof Provost
9c9a76dc68 mld: always commit state changes on leaving
Resolve a race condition where we'd lose the Solicited-node multicast
group subscription if we assigned the same IPv6 address twice.

PR:		233683
Reviewed by:	ae
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D41124
2023-07-24 16:47:34 +02:00
Mitchell Horne
a4e4ea738b sys_getrandom: fix a function reference in a comment
MFC after:	3 days
Sponsored by:	FreeBSD Foundation
2023-07-24 10:50:04 -03:00
Mitchell Horne
09e5d91069 puc: fix man page reference
The reference to puc(9) is wrong; the page does not exist, and drivers
belong to section 4. Change the reference to puc(4), which does exist.

MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2023-07-24 09:54:42 -03:00
Martin Matuska
e64fe029e9 libarchive: merge from vendor branch
Libarchive 3.7.0

Important changes (relevant to FreeBSD):
  #1814 Do not account for NULL terminator when comparing with "TRAILER!!!"
  #1818 Add ability to produce multi-frame zstd archives
  #1840 year 2038 fix for pax archives on platforms with 64-bit time_t
  #1860 Make single bit bitfields unsigned to avoid clang 16 warning
  #1869 Fix FreeBSD builds with WARNS=6
  #1873 bsdunzip ported to libarchive from FreeBSD
  #1894 read support for zstd compression in 7zip archives
  #1918 ARM64 filter support in 7zip archives

MFC after:	2 weeks
PR:		272567 (exp-run)
2023-07-24 07:42:43 +02:00
Jessica Clarke
7f9318a022 bsd.linker.mk: Use :C not :S for regex
Whilst ^ and $ are supported with C, those are special cases, and
general regex syntax like groups and alternations are not. Use the
correct modifier so we get a version number out that's not 0 (which is
what happens when it can't be parsed by the later code).

Fixes:		c4177f5b41 ("bsd.linker.mk: Handle Xcode 15 linker identification")
MFC after:	1 week
2023-07-24 01:50:55 +01:00
Jessica Clarke
c4177f5b41 bsd.linker.mk: Handle Xcode 15 linker identification
The upcoming Xcode 15 introduces a new linker (called ld-prime or ld-new
in some documentation) to replace the classic ld64, which we need to
handle.

Previously, the linker would identify itself as:

  @(#)PROGRAM:ld  PROJECT:ld64-<version>

Now, there are two cases. When the classic ld64 is in use, it identifies
itself as:

  @(#)PROGRAM:ld-classic  PROJECT:ld64-<version>

When the new linker is in use, it identifies itself as:

  @(#)PROGRAM:ld  PROJECT:dyld-<version>

Thus, tweak the detection to allow a -classic suffix in the PROGRAM
string and to allow a dyld- prefix instead of an ld64- prefix on the
version number in the PROJECT string.

MFC after:	1 week
2023-07-24 01:34:17 +01:00
Dimitry Andric
80e4ac2964 Work around VNET and DPCPU related panics on aarch64
lld >= 14 and recent GNU ld can relax adrp+add and adrp+ldr
instructions, which breaks VNET and DPCPU when used in modules.

Until VNET and DPCPU can be fixed to deal with these relaxed
instructions, disable linker relaxation for now.

PR:		264094
Reviewed by:	markj
MFC after:	3 days
Differential Revision: https://reviews.freebsd.org/D41156
2023-07-24 00:35:04 +02:00
Michael Tuexen
058d1722b0 sctp: include sctp_module.c in kernel builds
Allow kldload to detect that SCTP has been build into the kernel.

MFC after:	3 days
2023-07-23 14:34:10 +02:00
Dimitry Andric
f576172682 Move LIBADD lines from usr.bin/clang/*/Makefile one level up
Some utilities under usr.bin/clang were only linked to libz, while most
others were linked to libz and libzstd. Make this consistent, and remove
repetition, by moving these LIBADD lines to usr.bin/clang/clang.prog.mk
and usr.bin/clang/clang.prog.mk.

MFC after:	3 days
2023-07-23 22:04:55 +02:00
Xin LI
9df529b8a1 login_getclassbyname(3): use calloc. 2023-07-23 11:18:24 -07:00
Mateusz Guzik
176d83eafc vfs: fix up NDFREE_PNBUF usage in vfs_mountroot_shuffle
Noted by:	karels
2023-07-23 13:44:15 +00:00
Mateusz Guzik
4d9b2ed34b ufs: stop using LK_SLEEPFAIL in ffs_sync
It provides nothing as either locking succeeds or fails with ENOENT as
is.
2023-07-23 13:44:15 +00:00