The qemu ACPI table loader patches the ACPI tables. After patching them,
checksums aren't correct any more. It has to calculate a new checksum
for the ACPI table. For that reason, basl has to keep track of checksums
and has to cause the qemu loader to create new checksums for the tables.
The qemu ACPI table loader isn't supported yet. However, the address of
all tables is unknown as long as bhyve hasn't finished ACPI table
creation. So, the checksum of tables which include pointer to other
tables are unknown too. This requires tracking of checksums too.
Reviewed by: jhb
Approved by: manu (mentor)
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D36990
ACPI tables have different layouts. So, there's no common position for
the length field. When tables are build by basl, the length is unknown
at the beginning. It has to be set after building the table.
Reviewed by: jhb
Approved by: manu (mentor)
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D36989
In upcoming commits, bhyve will build some ACPI tables by it's own.
Therefore, it should be capable of appending GENERIC_ADDRESS structs to
ACPI tables.
Reviewed by: jhb, markj
Approved by: manu (mentor)
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D36988
In upcoming commits, bhyve will build some ACPI tables by it's own.
Therefore, it should be capable of appending int values to ACPI tables.
Reviewed by: jhb, markj (older version)
Approved by: manu (mentor)
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D36987
Load the blobs compiled by iasl into a basl_table. The basl_table is a
temporary buffer which copies the ACPI tables into guest memory for us.
This allows us in the future to pass the blobs over the qemu fwcfg
interface to the guest.
Reviewed by: jhb, markj
Approved by: manu (mentor)
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D36986
Developing an ACPI table compiler isn't quite easy. It's helpful if you
can take a look at the ACPI tables created by the compiler.
The dump functions can either dump a ACPI table which was copied into
guest memory or a ACPI table provided for qemu's ACPI table loader.
Reviewed by: jhb, markj
Approved by: manu (mentor)
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D36985
Basl is the bhyve ASL compiler. At the moment, it's just a small wrapper
to call iasl, the Intel ASL compiler. As bhyve will gain support for
qemu's ACPI table loader in the future, it has to create ACPI tables on
it's own. Therefore, it makes sense to create a new file which keeps the
code for basl.
This first implementation of basl supports creating an ACPI table by
appending raw bytes to it. It's also capable of loading all tables into
guest memory.
Reviewed by: jhb, markj (older version)
Approved by: manu (mentor)
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D36984
The '/' and '§' keys are missing in the german keyboard layout.
Reviewed by: markj
Approved by: manu (mentor)
MFC after: 1 week
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D37386
Async event report is controlled by async event configuration feature
setting. When reporting a critical temperature warning, check the async
event configuration.
Approved by: manu (mentor)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D37355
Set Feature is a feature specified function. Currently only some
features have the set procedure. For features that are not handled by
the controller, we should return a FEATURE_NOT_CHANGEABLE error message.
Approved by: manu (mentor)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D32802
Currently bhyve's NVMe controller cannot save feature values cross
reboot. It should return a FEATURE_NOT_SAVEABLE error when the command
specifies a save flag.
Quote from NVMe specification, page 205:
https://nvmexpress.org/wp-content/uploads/NVM-Express-1_4-2019.06.10-Ratified.pdf
If the Feature Identifier specified in the Set Features command is not
saveable by the controller and the controller receives a Set Features
command with the Save bit set to one, then the command shall be aborted
with a status of Feature Identifier Not Saveable.
Reviewed by: chuck (older version)
Approved by: manu (mentor)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D32767
We only need to call pci_xhci_xfer_complete() when handling a transfer
to the control endpoint, so move that code into the epid == 1 block and
eliminate a goto. Also remove an unneeded reinitialization of
setup_trb.
No functional change intended.
MFC after: 1 week
Reviewed by: corvink, jhb
Differential Revision: https://reviews.freebsd.org/D37287
Silence a warning from the compiler about "const" being discarded. The
warning is correct: nvlist values are supposed to be immutable.
However, fixing this properly will require some contortions on behalf of
consumers who look up a subtree of the config and modify it. Per a
discussion on freebsd-virtualization@, the solution will probably be to
outright replace the use of nvlists for VM configuration, but until that
happens let's document the problem and silence the warning.
No functional change intended.
MFC after: 2 weeks
Reviewed by: corvink, jhb
Differential Revision: https://reviews.freebsd.org/D37293
They accomplish nothing since the qualifier is casted away in calls to
memcpy() and copyin()/copyout(). No functional change intended.
MFC after: 2 weeks
Reviewed by: corvink, jhb
Differential Revision: https://reviews.freebsd.org/D37292
The qualifiers are there presumably because these rings are mapped into
the guest, but they do not appear to be required for correctness, and
bhyve generally doesn't qualify accesses to guest memory this way.
Moreover, the qualifiers are discarded by snapshot code, causing clang
to emit warnings. Just stop using volatile here.
MFC after: 2 weeks
Reviewed by: corvink, jhb
Differential Revision: https://reviews.freebsd.org/D37291
This fixes a warning raised by the removal of the volatile qualifier
from &trb->qwTrb0 in the following snippet:
xfer_block = usb_data_xfer_append(xfer,
(void *)(trbflags & XHCI_TRB_3_IDT_BIT ?
&trb->qwTrb0 : XHCI_GADDR(sc, trb->qwTrb0)),
trb->dwTrb2 & 0x1FFFF, (void *)addr, ccs);
The use of volatile appears to be inherited from the kernel driver's
definitions of the same structures. It makes some sense, since USB TRBs
and related structures live in guest memory, but bhyve device models
generally don't volatile-qualify accesses to guest memory and I can't
see how they are required for correctness here. Moreover, XHCI_GADDR
does not return volatile pointers so we're already being inconsistent.
Just drop the qualifiers to address the warning.
MFC after: 2 weeks
Reviewed by: corvink, jhb
Differential Revision: https://reviews.freebsd.org/D37290
Use it to silence warnings about potential unaligned accesses. No
functional change intended.
MFC after: 1 week
Reviewed by: corvink, jhb
Differential Revision: https://reviews.freebsd.org/D37289
dma accepts mail from a local Mail User Agent (MUA) and delivers it
locally or to a smarthost for delivery. dma does not accept inbound
mail (i.e., it does not listen on port 25) and is not intended to
provide the same functionality as a full MTA like postfix or sendmail.
It is intended for use cases such as delivering cron(8) mail. which
is the default configuration and usage of sendmail in the default
setup of the base system.
In order to switch the default from sendmail to dma, we teach
mailwrapper to fallback on dma directly if the mailer.conf file cannot
be opened.
We install by default a mailer.conf file which points at dma
We install a mailer.conf file for sendmail in the examples.
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D37035
Currently PowerCycles field of Log Page is 0 and it is an invalid value.
This patch will initial the PowerCycles data to 1.
MFC after: 1 week
Approved by: manu (mentor)
Reviewed By: grehan (older version), chuck, corvink
Differential Revision: https://reviews.freebsd.org/D32558
Commit d7eec79b70 overlooked the fact that
nvlist_find(DATA_TYPE_STRING) does not provide a nul-terminated string.
Fix the leak a different way.
Fixes: d7eec79b70 ("makefs: Plug a memory leak")
Linux reads MISC_FEATURES_ENABLES to manage the CPUID faulting feature
(undocumented in the Intel SDM, but documented in 323850-004 (Intel
Virtualization Technology FlexMigration Application Note). Since bhyve
doesn't emulate this feature, we always return 0. Neither does bhyve
support the MONITOR/MWAIT fault bit also in this MSR (which is
documented in the sdm), so always return 0.
Sponsored by: Netflix
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D36602
Also remove the out-parameter of pci_xhci_find_stream(), since it's
unused by all callers.
MFC after: 1 week
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D37118
clang warned that "client_ver" can be left uninitialized. This change
causes the new connection to be dropped if a version string is not
presented.
MFC after: 1 week
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D37117
devmatch is useful on standalone machine but not on jails.
Put devinfo(8) and libdevinfo there too.
Differential Revision: https://reviews.freebsd.org/D36229
It's not really useful in a jail or in a mdroot or even if a users
wants to do a full zfs machine.
Reviewed by: mckusick
Differential Revision: https://reviews.freebsd.org/D36227
- Use unsigned types for all arithmetic. Use a new signed variable for
holding the return value of pread() and pwrite().
- Handle short I/O from pwrite().
MFC after: 1 week
- Rename the global cores/sockets/threads to cpu_cores/sockets/threads.
This way, num_vcpus_allowed() doesn't shadow them.
- The global maxcpus is unused, remove it for the same reason.
MFC after: 1 week
This addresses a compiler warning arising from the fact that bhyve
needs to cast away a const qualifier in order to call free().
No functional change intended.
Reviewed by: jhb
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D37099
In case of device reset or not configured - features_negotiated is not
set, calling calling pci_vtnet_neg_features is wrong and resume gets
"Segmentation fault".
Reviewed by: markj
Sponsored by: vStack
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D36244
- Qualify unexported symbols with "static".
- Drop some unnecessary and incorrect casts.
- Avoid arithmetic on void pointers.
- Avoid signed/unsigned comparisons in loops which use nitems() as a
bound.
No functional change intended.
MFC after: 1 week
- Include headers containing prototypes for exported functions.
- Initialize all fields of the extended translation table.
- Qualify an unexported translation table as static.
- Fix error handling for a read(2).
- Fix some style bugs.
No functional change intended.
MFC after: 1 week
If the admin creates more CTL ports than kern.cam.ctl.max_ports, then
adding some will fail. If he then removes some ports and does
"service ctld reload", he would expect that the new ports would get
added in the newly-freed port space. But they don't, because ctld
assigned them port numbers during their first creation attempts.
Fix this bug by removing newly created ports from ctld's internal list
if the kernel rejects them for any reason. That way, a subsequent
config reload will attempt to add them again, possibly with new port
numbers.
MFC after: 2 weeks
Sponsored by: Axcient
Reviewed by: jhb, mav
Differential Revision: https://reviews.freebsd.org/D36974
These are emitted in at least two kmods, and kldxref prints a warning.
While here, remove the unneeded local variable 'val'.
Reviewed by: jrtc27, imp, emaste
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37038
The Dragonfy Mail Agent (dma) can be used with mailwrapper as a
replacement for sendmail(8)
Even if mailwrapper and sendmail are disabled from the build but
dma is not create all the expect symlinks on mailwrapper and make
mailwrapper a symlink to dma, the same way it was done before when
mailwrapper is disabled by sendmail was not.
Discussed with: emaste
Add VM_EXITCODE_IPI to permit returning unhandled IPIs to userland.
INIT and STARTUP IPIs are now returned to userland. Due to backward
compatibility reasons, a new capability is added for enabling
VM_EXITCODE_IPI.
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D35623
Sponsored by: Beckhoff Automation GmbH & Co. KG
fetchmissingdists naturally sets BSDINSTALL_DISTDIR to a directory in
the new filesystem that it can write fetched distfiles to. As a result,
BSDINSTALL_DISTSITE was incorrectly set to the scratch space on /mnt for
the call to distfetch when grabbing local distfiles, and it would
subsequently fail.
Switch to using the copy of BSDINSTALL_DISTDIR that we stashed off
coming into fetchmissingdists; this one is in-fact set to the path where
the local distfiles are stored.
Patch suggested by jrtc27.
Reported and tested by: Daniel O'Connor <darius dons net au>
MFC after: 1 week
During discussions with someone that was doing NFS-over-TLS
development for Solaris, we had a concern that the server might
become overloaded after rebooting, due to a large number of
TLS handshake requests from clients.
To alleviate this potential problem, this patch modifies rpc.tlsservd
so that it supports the "-N/--numdaemons" command line option,
which specifies that up to RPCTLS_SRV_MAXNPROCS (currently defined
as 16 in the patch) may be started.
When there are multiple daemons, one is selected by the patched kernel
in a round-robin fashion, to serve a TLS handshake request.
The man page update will be done in a future commit.
Reviewed by: emaste, karels
Differential Revision: https://reviews.freebsd.org/D35886
Whilst reboot(8) will block whilst it runs, shutdown(8) does not,
daemonizing instead. This means that we must wait after running it,
otherwise we will exit and cause the system to attempt to go multi-user
in parallel with the shutdown daemon killing init. With the new
multi-console support in the installer, runconsoles will immediately
kill this daemon, racing with the daemon being able to signal init as
desired, and I have seen this race be lost in QEMU with a single CPU. In
the past this wasn't such an issue, since shutdown's daemon puts itself
in a new session group immediately after fork (and the parent doesn't
wait until that has happened, so whilst there's technically a race
condition in there where it could receive a SIGHUP from the death of the
parent's session leader, in practice this is very unlikely to be hit.
This means that the only consequence of this oversight before was that
you might get the beginnings of more console output on the way to
multi-user and thus the console would look a little confusing.
Reviewed by: gjb
Fixes: e4505364c0 ("release/rc.local: Provide option to shutdown after installation complete")
Fixes: a09af1b7fd ("bsdinstall release: Start installer on multiple consoles")
Differential Revision: https://reviews.freebsd.org/D36879
On the receive socket, recvmsg() and poll()/select() is called.
Therefore, CAP_EVENT is needed in addition to CAP_RECV..
While there, check the socket for readbility before calling recvmsg().
Reviewed by: markj@
MFC after: 3 days
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D36878
nvlist_find_string() would return a copy of the found value, but callers
assumed they would have to make their own copy. It's simpler to change
nvlist_find_string() than it is to change callers, so do that.
Reported by: Coverity
The netmap-specific data stored at be->opaque is freed by the caller
on error as part of freeing be.
Reviewed by: markj
Reported by: GCC -Wfree-nonheap-object
Differential Revision: https://reviews.freebsd.org/D36828
NLM 4 status values are a superset of the older NLM protocol so these
casts are safe while pacifying -Wenum-conversion warnings from GCC.
Reviewed by: rmacklem
Differential Revision: https://reviews.freebsd.org/D36816
Whilst febca0e643 added -N for both build and extract, it only fully
worked for extract; build would perform the actual tree build with
-DNO_ROOT and construct the intended METALOG, but the subsequent tarball
creation did not take this into account and just tarred up the the
directory as-is rather than using the METALOG. This resulted in the
permissions and ownership not being correct, as well as there being a
stray METALOG file in the tarball's root.
Reported by: avg
Reviewed by: avg, jhb, imp
Tested by: avg
Fixes: febca0e643 ("etcupdate: Add a -N flag to perform a NO_ROOT build")
Differential Revision: https://reviews.freebsd.org/D36845
Currently the installer is only started on the primary ("high level")
console. For systems where this is the video console and serial consoles
aren't of interest, and headless systems with just a serial console,
this works just fine, but for systems where both video and serial
consoles are present and meaningful this requires the user to select the
right primary console in loader, with the poor user experience of the
system appearing to hang if they leave the wrong one selected. This
notably differs from our multi-user behaviour of spawning getty on every
console, where the only issue with selecting the wrong primary console
is a quieter boot process until the login prompt appears (or the system
crashes).
Instead, use the newly-added runconsoles helper to run the installer on
every console (except for ttyv*, where only ttyv0 will be used). For
interactive installations, any of the consoles can be used, though only
one should be used at a time as no effort is made to avoid multiple
installations running at the same time clobbering each other. If the
Live CD option is selected, the other installers (which should, if the
user is well-behaved, be sitting at the welcome screen) will be killed.
If an automated install is in use, the primary console will be used to
display its output, and the others will direct the user to the primary
console.
Reviewed by: brooks, gjb
Differential Revision: https://reviews.freebsd.org/D36805
This separates out the install media-specific environment (creating
bsdinstall_etc) from actually running the installer on a given console.
This will be used by a future change to start the installer on multiple
consoles.
Reviewed by: brooks, gjb
Differential Revision: https://reviews.freebsd.org/D36803
This helper binary will run a given command on every on console, as
defined by /etc/ttys (except for ttyv*, where only ttyv0 will be used).
If one of the command processes exits, the rest will be killed. This
will be used by a future change to start the installer on multiple
consoles.
Reviewed by: brooks, imp, gjb
Differential Revision: https://reviews.freebsd.org/D36804
Mostly remove from the SEE ALSO section, adding a mention of the port
where not removed. Elsewhere, remove as appropriate and change from .Xr
to .Nm where a mention of telnetd continues to make sense (or removing
it would require significant reworking of the surrounding text).
Reviewed by: imp, delphij, emaste
Differential Revision: https://reviews.freebsd.org/D36785
- Add const and __unused qualifiers where appropriate.
- Localize some global variables.
- Consistently spell vmexit state as "vme" in vmexit handlers, to avoid
shadowing the global vm_exit state array.
- Similarly, avoid shadowing "optarg".
MFC after: 2 weeks
This is easier to read and addresses some compiler warnings.
One might expect these tables to be read-only but it seems that the
snapshot/restore code may modify them.
MFC after: 2 weeks
- Avoid arithmetic on void pointers.
- Avoid a signed/unsigned comparison in loops which write or fill audio
data buffers.
Convert while loops to for loops while here.
MFC after: 2 weeks
* change current NTP services offered by the FreeBSD Installer;
* no longer offer ntpdate to be enabled and started on boot;
* start offering the option to make ntpd set the date and time on boot itself.
The motivation for this change comes from the ntpdate(8) manpage:
Note: The functionality of this program is now available in the ntpd(8)
program. See the -q command line option in the ntpd(8) page. After a
suitable period of mourning, the ntpdate utility is to be retired from
this distribution.
Approved by: cy (src), dteske (src)
Differential Revision: https://reviews.freebsd.org/D36206
The RFC for this finally got published and, therefore,
now has a number. This patch puts this RFC number
in the man page.
This is a content change.
MFC after: 1 week
The RFC for this finally got published and, therefore,
now has a number. This patch puts this RFC number
in the man page.
This is a content change.
MFC after: 1 week
It is some times hard to understand the difference between
kernel version and userland version. So clarify the -r option
of uname(1) in terms of a printed kernel version.
While here, add some cross references:
- cross reference freebsd-version(1) in uname(1)
- cross reference freebsd-version(1) and uname(1) in freebsd-update(8)
PR: 265594
Reported by: rwatson
Reviewed by: gbe, imp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D36516
Add VM_EXITCODE_IPI to permit returning unhandled IPIs to userland.
INIT and Startup IPIs are now returned to userland. Due to backward
compatibility reasons, a new capability is added for enabling
VM_EXITCODE_IPI.
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D35623
Sponsored by: Beckhoff Automation GmbH & Co. KG
vcpus could be restarted by the guest by sending an INIT SIPI SIPI
sequence to a vcpu. That's not supported by bhyve yet but it will be
supported in a future commit. So, create the vcpu threads only once on
startup to make restarting a vcpu easier.
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D35621
Sponsored by: Beckhoff Automation GmbH & Co. KG
- Ignore I/O requests with insufficiently sized input or output
buffers (those not containing compete request headers).
- Ignore control requests with improperly sized buffers.
- While here, explicitly zero the output header of an I/O request to
avoid leaking malloc garbage from the host if the header is not
fully populated.
PR: 264521
Reported by: Robert Morris <rtm@lcs.mit.edu>
Reviewed by: mav, emaste
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36271
Use a consistent prefix ("virtio-scsi: ") similar to the e1000 device
model.
Reviewed by: mav, emaste
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36270
When preparing to transmit pending packets, ensure that the head (TDH)
and tail (TDT) indices are in bounds. Note that validating values
when they are written is not sufficient along as the transmit length
(TDLEN) could be changed turning a value that was valid when written
into an out of bounds value.
While here, add further restrictions to the head register (TDH). The
manual states that writing to this value while transmit is enabled can
cause unexpected behavior and that it should only be written after a
reset. As such, ignore attempts to write while transmit is active,
and also ignore writes of non-zero values. Later e1000 chipsets have
this register as read-only.
Also ignore any attempts to transmit packets if the transmit ring's
size is zero.
PR: 264567
Reported by: Robert Morris <rtm@lcs.mit.edu>
Reviewed by: emaste
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36269
Add an internal debug level global:
- Level 1 (-d) currently does nothing.
- Level 2 (-d -d) enables libfetch debugging (quite verbose) so it's
possible to see what pkg is attempting to download without having
to sniff traffic.
Reviewed by: debdrup, bapt
Differential Revision: https://reviews.freebsd.org/D35756
Permit naming pass through devices using the syntax accepted by
pciconf (pci[<domain>:]<bus>:<slot>:<func>) as well as by device name
(e.g. "ppt0").
While here, fix an error in the manpage that had the bus and slot
arguments for the original /-delimited scheme swapped.
Reviewed by: imp, markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36147
This adds missing includes, uses the standard dirent.h rather than the
BSD-specific sys/dirent.h subset (which works on macOS but not Linux)
and works around Linux's lack of st_birthtim.
This allows usr.sbin/makefs to be added to LOCAL_XTOOL_DIRS again on
macOS and Linux so that disk images can be cross-built.
Reviewed by: markj
Fixes: 240afd8c1f ("makefs: Add ZFS support")
Differential Revision: https://reviews.freebsd.org/D36135
Currently the code copies a struct timespec's raw bits as a pair of
uint64_t. On 64-bit systems this has the same representation, but on
32-bit issues there are two issues:
1. tv_sec is a time_t which is 32-bit on i386 specifically
2. tv_nsec is a long not a 64-bit integer
On i386, this means the assertion should fire as the size doesn't match.
On other 32-bit systems there are 4 bytes of padding after tv_nsec,
which in practice are probably 0, as this data is ultimately coming from
the kernel, so it's deterministic (though the padding bytes are not
required to be preserved by the compiler, so are strictly unspecified).
However, on 32-bit big-endian systems, the padding bytes are in the
wrong half to be harmless, resulting in the nanoseconds being multiplied
by 2^32.
Fix this all by marshalling via a real uint64_t pair like is done by the
real ZFS_TIME_ENCODE.
Reviewed by: markj
Fixes: 240afd8c1f ("makefs: Add ZFS support")
Differential Revision: https://reviews.freebsd.org/D36131
The fsnode tree traversal routines used in ZFS mode assume that all
children of a (directory) fsnode can be accessed using a directory fd
for the parent and the child name. This is true when populating the
image using an mtree manifest or from a single staging directory, but
doesn't work when multiple staging directories are specified.
Change the traversal routines to use absolute path lookups when an mtree
manifest is not in use. This isn't ideal, but it's the simplest way to
fix the problem.
Reported by: imp
Sponsored by: The FreeBSD Foundation
Certain operations such as checksum insertion and VLAN insertion
require the device model to rewrite the packet header. The first step
in rewriting the packet header is to copy the existing packet header
from the source packet. This copy is done by copying data from an
iovec array that corresponds to the S/G entries described by transmit
descriptors. However, if the total packet length is smaller than the
headers that need to be copied as the initial template, this copy can
overflow the iovec array and use garbage values as the source pointer
to memcpy. The PR used a single descriptor with a length of 0 in its
PoC.
To fix, track the total packet length and drop requests to transmit
packets whose payload is smaller than the required header length.
While here, fix another issue where the final descriptor could have an
invalid length (too short) that could underflow 'len' when stripping
the checksum. Skip those requests instead, too.
PR: 264372
Reported by: Robert Morris <rtm@lcs.mit.edu>
Reviewed by: grehan, markj
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36182
This avoids type confusion where a malicious guest could rewrite the
MaxPStreams field in an endpoint context after the endpoint was
initialized causing the device model to interpret a guest provided
address (stored in ep_ringaddr of the "software" endpoint state) as a
bhyve host process address (ep_sctx_trbs). It also prevents a malicious
guest from triggering overflows of ep_sctx_trbs[] by increasing the
number of streams after the endpoint has been initialized.
Rather than re-reading the MaxPStreams value out of the endpoint context
in guest memory on subsequent operations, cache the value in the software
endpoint state. Possibly the device model should raise errors if the
value of MaxPStreams changes while an endpoint is running. This approach
simply ignores any such changes by the guest.
PR: 264294, 264347
Reported by: Robert Morris <rtm@lcs.mit.edu>
Reviewed by: markj
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36181
Controllers must support the Identify Controller list if they support
Namespace Management. But the UNH NVMe tests use this command regardless
of whether the device under test supports Namespace Management.
This implementation returns an empty Controller list (i.e., Number of
Identifiers is zero).
Fixes UNH Test 1.1.2
Reviewed by: jhb
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D36193
The NVMe specification only allows Controllers compliant with the
revision 1.3 and earlier specification to report a value of 0x0 in the
No-Deallocate Modifies Media After Sanitize (NODMMAS) field.
For our revision 1.4 Controller, report that media is not modified after
Sanitize as the implementation does not implement Sanitize.
Fixes UNH Test 1.1.2
Reviewed by: jhb
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D36192
Space used by the MOS is summed after all on-disk data structures are
finalized, so the MOS DSL directory represents a special case when
counting bytes used for each directory. The DSL layer failed to update
the MOS DSL directory's parent, the root directory, accordingly, so the
root directory reported less space used than was used in reality. Be
careful to update the root directory after the MOS is finalized.
PR: 265849
Sponsored by: The FreeBSD Foundation
There was a missing sentence in the description of the second mount
entry in the example. Fix that and some other bits in the EXAMPLES
section.
Also, make the STANDARDS section a bit more readable.
MFC after: 1 week
Sponsored by: Klara Inc.
Summary:
Code was using the mask value without the shift.
Test Plan: Within FreeBSD/Linux guest, Identify NVMe controller to check the result.
Reviewed by: chuck, imp
MFC after: 2 weeks
Signed-off-by: Wanpeng Qian <wanpengqian@gmail.com>
Differential Revision: https://reviews.freebsd.org/D32659
Summary:
Currently Active Firmware Info is not initialized.
Fix is to initialize the Active Firmware Info to Slot 1.
Test Plan: Within FreeBSD/Linux guests, show the Firmware Logpage to confirm.
Reviewed By: chuck
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D32658
Summary:
Set Number of Power States Supported to indicate 1 power state. Keep the
Power State Descriptor data structures as zero to indicate "Not
reported".
Test Plan:
Within FreeBSD/Linux guests, list the number of power states and check
the Max Power value.
Reviewed By: markj, chuck
MFC after: 2 weeks
Signed-off-by: Wanpeng Qian <wanpengqian@gmail.com>
Differential Revision: https://reviews.freebsd.org/D32657
The debug print in nvme_opc_get_log_page() would print an uninitialized
local variable.
In nvme_opc_write_read(), a failed LBA bounds check would cause
pci_nvme_stats_write_read_update() to be called with an uninitialized
variable as a parameter. Although the parameter is unused when the
check fails (and so status != 0), LLVM 14 emits some bogus machine code
in this path, which happens to result in a segfault when it gets
executed.
PR: 265749
Reviewed by: chuck, emaste
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36119
Currently these are not reported because bhyve is compiled with WARNS=2.
Let's start taking small steps towards enabling more warnings.
No functional change intended.
Reviewed by: chuck, imp, emaste
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36118
The Dataset Management code could free an uninitialized pointer if the
device doesn't support the Dataset Management command.
PR: 264548
Reported by: Robert Morris <rtm@lcs.mit.edu>
Fuzzing of bhyve uncovered an assertion failure in the NVMe emulation.
Investigation uncovered several corner cases the code did not handle.
This change handles several Controller initialization errors, including
- bad AQ sizes
- bad AQ vm_map_gpa
- doorbell writes prior to RDY
- doorbell writes to uninitialized queue
- CSTS.RDY if CFS set
PR: 256317,256319,256320,256322
Reported by: Cheolwoo Myung <cwmyung@snu.ac.kr>
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D35453
Fuzzing of bhyve using hyfuzz discovered a way to cause a segmentation
fault in the NVMe emulation. If a guest specifies a physical address in
either the PRP1 or PRP2 field of a command that cannot be mapped from
guest to host, the function paddr_guest2host() returns a NULL pointer.
The NVMe emulation did not check for this error case, which allowed for
the segmentation fault to occur.
Fix is to check for a return value of NULL and indicate an error back to
the guest (Data Transfer error). While in the area, slightly refactor
the write/read blockif function to use a common error exit path.
PR: 256321
Reported by: Cheolwoo Myung <cwmyung@snu.ac.kr>
Reviewed by: imp, jhb
Differential Revision: https://reviews.freebsd.org/D35452
Summary:
NVMe operations indicate the memory region(s) associated with a command
via physical region pages (PRPs). Since each PRP has a fixed size,
contiguous memory regions larger than the PRP size require multiple PRP
entries.
Instead of issuing a blockif call for each PRP, the NVMe emulation
concatenates multiple contiguous PRP entries into a single blockif
request. The test for contiguous regions has a bug such that it
mistakenly treats an initial PRP address of zero as a contiguous range
and concatenates it with the previous. But because there is no previous
IOV, the concatenation code corrupts the IO request structure and leads
to a segmentation fault when the blockif request completes.
Fix is to test for the existence of a previous range before trying to
concatenate the current range with the previous one.
While in the area, rename pci_nvme_append_iov_req()'s lba parameter to
offset to match its usage.
PR: 264177
Reported by: Robert Morris <rtm@lcs.mit.edu>
Reviewed by: jhb
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D35328
This is consistent with what other uid-morphing utilities
do, i.e. jexec(1), su(1) etc.
MFC after: 2 weeks
Reviewed by: gbe
Differential Revision: https://reviews.freebsd.org/D36148
Check the canmount property before building the mountpoint string.
Reported by: Coverity
Fixes: 240afd8c1f ("makefs: Add ZFS support")
Sponsored by: The FreeBSD Foundation
nvstring_get() returns a copy of the string, not a pointer into the
nvlist's internal buffer.
Reported by: Coverity
Fixes: 240afd8c1f ("makefs: Add ZFS support")
Sponsored by: The FreeBSD Foundation
This is in preparation for including an etcupdate tree when performing a
-DNO_ROOT release image build. Although -DNO_ROOT can be passed via -M,
to be useful we need to mangle the resulting METALOG to mirror the
various cleanups to the tree that are done after the build (removing
generated files, empty files and empty directories), so etcupdate needs
its own flag.
Reviewed by: jhb, pauamma
Obtained from: CheriBSD
Differential Revision: https://reviews.freebsd.org/D35857
This is in preparation for building an etcupdate tree on non-FreeBSD
when building release images. The -d option is documented as a
BSD-specific equivalent to the POSIX -depth primary. Whilst GNU find
sort of accepts it in an attempt to be compatible, it still doesn't
permit it coming before the paths, unlike BSD find, and prints a
deprecation warning either way. Thus, use the equivalent POSIX -depth to
ensure it works correctly and without warning everywhere.
Reviewed by: jhb
Obtained from: CheriBSD
Differential Revision: https://reviews.freebsd.org/D35856
This will allow release/Makefile to forward on ${MAKE} to allow building
on non-FreeBSD systems where ${MAKE} is something other than make, as
make is typically GNU make in such situations.
Reviewed by: jhb, pauamma
Obtained from: CheriBSD
Differential Revision: https://reviews.freebsd.org/D35854
This allows one to take a staged directory tree and create a file
consisting of a ZFS pool with one or more datasets that contain the
contents of the directory tree. This is useful for creating virtual
machine images without using the kernel to create a pool; "zpool create"
requires root privileges and currently is not permitted in jails.
makefs -t zfs also provides reproducible images by using a fixed seed
for pseudo-random number generation, used for generating GUIDs and hash
salts. makefs -t zfs requires relatively little by way of machine
resources.
The "zpool_reguid" rc.conf setting can be used to ask a FreeBSD guest to
generate a unique pool GUID upon first boot.
A small number of pool and dataset properties are supported. The pool
is backed by a single disk vdev. Data is always checksummed using
Fletcher-4, no redundant copies are made, and no compression is used.
The manual page documents supported pool and filesystem properties.
The implementation uses a few pieces of ZFS support from with the boot
loader, especially definitions for various on-disk structures, but is
otherwise standalone and in particular doesn't depend on OpenZFS.
This feature should be treated as experimental for now, i.e., important
data shouldn't be trusted to a makefs-created pool, and the command-line
interface is subject to change.
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35248
Rather than trying to shoehorn flags into the requested superblock
address, create a separate flags parameter to the ffs_sbget()
function in sys/ufs/ffs/ffs_subr.c. The ffs_sbget() function is
used both in the kernel and in user-level utilities through export
to the sbget() function in the libufs(3) library (see sbget(3)
for details). The kernel uses ffs_sbget() when mounting UFS
filesystems, in the glabel(8) and gjournal(8) GEOM utilities,
and in the standalone library used when booting the system
from a UFS root filesystem.
The ffs_sbget() function reads the superblock located at the byte
offset specified by its sblockloc parameter. The value UFS_STDSB
may be specified for sblockloc to request that the standard
location for the superblock be read.
The two existing options are now flags:
UFS_NOHASHFAIL will note if the check hash is wrong but will still
return the superblock. This is used by the bootstrap code to
give the system a chance to come up so that fsck can be run to
correct the problem.
UFS_NOMSG indicates that superblock inconsistency error messages
should not be printed. It is used by programs like fsck that
want to print their own error message and programs like glabel(8)
that just want to know if a UFS filesystem exists on a partition.
One additional flag is added:
UFS_NOCSUM causes only the superblock itself to be returned, but does
not read in any auxiliary data structures like the cylinder group
summary information. It is used by clients like glabel(8) that
just want to check for possible filesystem types. Using UFS_NOCSUM
skips the superblock checks for csum data which allows superblocks
that have corrupted csum data to be read and used.
The validate_sblock() function checks that the superblock has not
been corrupted in a way that can crash or hang the system. Unless
the UFS_NOMSG flag is specified, it will print out any errors that
it finds. Prior to this commit, validate_sblock() returned as soon
as it found an inconsistency so would print at most one message.
It now does all its checks so when UFS_NOMSG has not been specified
will print out everything that it finds inconsistent.
Sponsored by: The FreeBSD Foundation
They might belong to kernel modules not currently loaded, or to other
kernel versions. Ignoring them allows the configuration to be shared
between multiple hosts.
MFC after: 2 weeks
Sponsored by: Axcient
Reviewed by: rew
Differential Revision: https://reviews.freebsd.org/D35540
The last number of unbound upgrades failed to manually update the
version strings in usr.sbin/unbound/config.h. This commit fixes that.
Reported by: "Herbert J. Skuhra" <herbert@gojira.at>
Fixes: 0a92a9fca7a39a5a69059cf5bc93f6273016e83624e36522005469a99530
MFC after: 3 days
This will be used by Makefile.inc1 to fix -DNO_ROOT distributeworld,
which needs to split out DESTDIR from DISTBASE so the METALOG file
includes the base/ prefix.
Reviewed by: kevans
Obtained from: CheriBSD
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D35808
Copy the ENVIRONMENT section from df(1) to swapinfo(8), except
that the --si option is removed for swapinfo.
PR: 235225
Reported by: 0mp
MFC after: 3 days
The original code had used a fixed-size buffer for ioctl(SIOCGIFCONF),
that might cause the target ifreq spilled from the buffer. Use the handy
getifaddrs(3) to fix the problem.
Reviewed by: glebius
Differential revision: https://reviews.freebsd.org/D35536
pmcstat has been broken for analyzing logs since D35342 / b6e28991bf.
This is because the pmc for the first CPU is not added when reading logs
because unlike its clones, its event id is not invalid. That causes us
to fail the assertion at lib/libpmcstat/libpmcstat_logging.c:293
when encountering samples from cpu0.
Fix this by removing the check that the PMC is invalid
Reviewed by: tsoome
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D35709
As of hostap 2.10, WEP is disabled by default. This of course is not a
bad thing but requires some planning and an announcment to remove WEP
support by default. A possible src.conf knob or letting users know they
should use the port instead might different options.
MFC after: 3 days
Surrently virtio-net uses the prefix of the backing interface to
choose the backend. This patch adds an additional option "type" to
choose the backend type explicitly. This allows greater flexibility
for end users to manage bhyve specific resources (such as by naming
the tap interfaces to more descriptive names). The option "type" is
optional. When it is not presented, the backend is derived from the
name of the backend interface.
For example, the line `-s 3,virtio-net,bsdvm0,type=tap` will create a
virtio-net device for the guest using the tap interface "bsdvm0".
Adding a new "type" option preserves the current legacy format in which
the first value after virtio-net names an instance of a backend.
Note that tap interfaces not following the pattern "tap*" will not be
created on demand via devfs cloning but must be created explicitly.
Reviewed by: vmaffione, jhb
Differential Revision: https://reviews.freebsd.org/D35143
Describe explicitly the handling of TCP endpoints in the TIME-WAIT and
SYN-RCVD state.
Reported by: glebius@
Reviewed by: glebius@
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D35651
named(8) hasn't been in base for some time. Remove all references to it in
manual pages.
Approved by: manpages (Pau Amma)
Differential Revision: https://reviews.freebsd.org/D35586
Add support for system wide and NUMA domain wide counters support.
Add 3 new PMC classes for ARM DMC-620 and CMN-600 controllers PMU.
Reviewed by: mhorne
Sponsored By: ARM
Sponsored By: Ampere Computing
Differential Revision: https://reviews.freebsd.org/D35342
When pausing a block I/O device model as part of suspending a VM, wait
for all active block I/O requests to finish before saving snapshot
data. This avoids having to save information about in-flight requests
both in the block_if layer and in storage device models.
For the AHCI device model, the queues are now guaranteed to be idle
when taking a snapshot, so remove the code to save queue state and
rely on the initial state in a resumed VM having all queues already
idle.
This will also simplify adding NVMe snapshot support in the future.
Reviewed by: jhb
Sponsored by: vStack
Differential Revision: https://reviews.freebsd.org/D26267
Currently we only set canmount=noauto on the root of the BE, this
change makes it so we set it on all datasets under the BE as well.
Reviewed by: allanjude
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D35422
Disable P2P in WPS as it is not supported by FreeBSD. Also, it is not
enabled in wpa_supplicant so the WPS P2P code is redundant.
PR: 264238
Reported by: adrian
MFC after: 3 days
The current situation is fairly confusing, where an integer is interpreted
as a percent until you slap a decimal on it and magically it becomes an
absolute value.
Let's have a flag day in 14.0 and remove this shim entirely. Setting with
percent can still be useful, so allow a trailing '%' to indicate as such.
As a side effect, we tighten down the format allowed in the volume a little
bit by ensuring there's no trailing garbage after the value once it's
separated into left and right components.
Reviewed by: christos, hselasky, pauamma_gundo.com (manpages)
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D35101
libpmc already returns an end address that is after the end of the
last instruction of a function (on both amd64 and arm64) as the end
address written to the annotate map file is computed as the start
address of the symbol plus the size.
Adding one could result in a curious failure where an entire
function's contents in assembly was reduced instead to only the first
instruction. The reason is that when the end instruction is bumped by
one, objdump -d can append the first instruction of the next function
in its output. However, since pmcannotate concatenates all of the
objdump -d output from various functions into a single file which it
then searches to find the assembly for a given file, if this
additional trailer was earlier in the file than the full function, the
trailer was chosen to represent the entire function resulting in the
truncated listing of the function.
Sponsored by: University of Cambridge, Google, Inc.
Differential Revision: https://reviews.freebsd.org/D35399
They are no longer needed, but were likely missed simply because they
don't show up in a grep for 'mips'.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D35475
If installing from the DVD, mount its packages in the chroot at
/dist/packages. That way they'll be accessible to an install script.
MFC after: 2 weeks
Sponsored by: Axcient
Reviewed by: gjb
Differential Revision: https://reviews.freebsd.org/D35330
As with i386 and amd64, "latest" packages are available on stable
branches for arm64/aarch64.
Reviewed by: manu
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35445
Addition to D31491 in order to actually resolve the top root cause.
Currently rpcbind gets contact address from connectionless xprt->xp_p2
member of a transport and will fail to get it when working over
connection oriented transport, leading to a guess game in terms of
contact address on rpcinfo requests like RPCBPROC_GETVERSADDR or
RPCBPROC_GETADDRLIST and poor returns which may influence a user
of a call and specifically reported on OSX clients, which tend to
not provide address hint from rpcinfo request to a server.
MFC after: 1 week
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D35220
This allows building a container image with enough functionality for
downloading and installing packages without having to include the
utilities package.
Reviewed by: manu
MFC after: 2 weeks
Some software uses SMBIOS entries to identify the system on which it's
running. In order to make it possible to use such software inside a VM,
SMBIOS entries should be configurable. Therefore, bhyve_config can be
used. While only a few SMBIOS entries might be of interest, it makes
sense that all SMBIOS entries are configurable. This way all SMBIOS
tables are build the same way and there's no special handling for some
tables.
Reviewed by: jhb
Sponsored by: Beckhoff Automation GmbH & Co. KG
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D34465
Don't shadow an already-local variable with another local declaration.
Reported by: dteske
MFC after: 13 days
MFC with: caf73e5857
Sponsored by: Axcient
Differential Revision: https://reviews.freebsd.org/D35331
If the ZFSBOOT_DISKS variable is set to one or more disk names, then
those disks should be preselected in the disk menu. However, the code
wasn't correctly setting the variable, leaving all disks unselected.
MFC after: 2 weeks
Sponsored by: Axcient
Reviewed by: dteske
Differential Revision: https://reviews.freebsd.org/D35331
Similar to the change in 1a04446f08, use
cat to overwrite the contents of the existing file rather than cp so
that metadata of the existing file such as permissions and ownership
is preserved.
PR: 255514
Reported by: uqs
MFC after: 1 week
When performing a dry run, remove the temporary tree created rather
than rotating the trees. Rotating the trees meant that etcupdate
thought the latest changes were already merged and would not merge
them on the next real run.
PR: 260281
Reported by: Tomoaki AOKI <junchoon@dec.sakura.ne.jp>
Fixes: 0611aec3cf etcupdate: Always extract to a temporary tree.
MFC after: 1 week
Otherwise, boot will hang if the numbering of disks has changed since
initial install.
MFC after: 2 weeks
Sponsored by: Axcient
Reviewed by: brd
Differential Revision: https://reviews.freebsd.org/D35309
Replace (LGPL) dialog utility with (BSD-2-Clause) bsddialog utility.
Add --hline info because bsddialog requires TAB to switch the focus on
buttons for an inputbox, dialog differs.
Delete f_dialog_inputbox_size() using libbsddialog autosizing.
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D35285
Commit 72bf76d6b8 added the -2 option to use
TLS 1.2 NFS-over-TLS mounts. It did not add -2
to the usage message.
This patch adds -2 to the usage message.
MFC after: 2 weeks
Commit 0637b12b13 added the -2 option to allow
TLS 1.2 NFS-over-TLS mounts. It did not add -2
to the usage message.
This patch adds -2 to the usage message.
MFC after: 2 weeks
Since the KTLS now supports TLS1.3, the daemons default
to version 1.3, since the draft (to be an RFC someday)
requires TLS1.3.
However, since FreeBSD 13,0, 13,1 uses TLS1.2 for
NFS-over-TLS, the "-2" option is added to both daemons
for compatibility with FreeBSD 13.0, 13.1.
This patch updates the man pages for this.
This is a content change.
Reviewed by: pauamma_gundo.com
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D35290
Since the KTLS now supports TLS1.3, the daemons default
to version 1.3, since the draft (to be an RFC someday)
requires TLS1.3.
However, since FreeBSD 13,0, 13,1 uses TLS1.2 for
NFS-over-TLS, the "-2" option is added to both daemons
for compatibility with FreeBSD 13.0, 13.1.
This patch updates the man pages for this.
This is a content change.
Reviewed by: pauamma_gundo.com
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D35290
Commit f5b40aa0de modifies the -C command line option
for rpc.tlsclntd to use the TLS 1.3 SSL_CTX_set_ciphersuites().
This patch updates the man page for this modified command
line option.
This is a content change.
Reviewed by: jhb, pauamma_gundo.com (same change for rpc.tlsservd.8)
MFC after: 2 weeks
Commit 0b4f2ab0e9 fixes the krpc so that it can use TLS
version 1.3 for NFS-over-TLS, as required by
the draft (someday to be an RFC).
This patch replaces SSL_CTX_set_cipher_list() with
SSL_CTX_set_ciphersuites(), since that is the function
that is used for TLS1.3.
The man page will be updated in a separate commit.
MFC after: 2 weeks
Commit 0b4f2ab0e9 fixes the krpc so that it can use TLS
version 1.3 for NFS-over-TLS, as required by
the draft (someday to be an RFC).
This patch replaces SSL_CTX_set_cipher_list() with
SSL_CTX_set_ciphersuites(), since that is the function
that is used for TLS1.3.
The man page has already been updated.
MFC after: 2 weeks
Commit 712aac1389 adds a new -C command line option
to rpc.tlsservd.
This patch updates the man page for this new command
line option.
This is a content change.
Reviewed by: jhb, pauamma_gundo.com
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D35136
bsdinstall(8) has an option to enable moused support.
However, if it is not selected, moused is still started
through the configuration of nondefault devices.
So, automatically add the moused_nondefault_enable="NO"
setting to rc.conf unless moused support is selected.
PR: 227999
Reported by: bcran
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D35193
Commit 0b4f2ab0e9 fixes the krpc so that it can use TLS
version 1.3 for NFS-over-TLS, as required by
the draft (someday to be an RFC).
Since FreeBSD 13.0, 13.1 use TLS version 1.2 for
NFS-over-TLS mounts, this command line option
may be used so that NFS-over-TLS mounts to 13.0, 13.1
servers will still work.
Without the command line option, NFS-over-TLS mounts
will use TLS version 1.3.
The man page update will be a separate commit.
MFC after: 2 weeks
Commit 0b4f2ab0e9 fixes the krpc so that it can use TLS
version 1.3 for NFS-over-TLS, as required by
the draft (someday to be an RFC).
Since FreeBSD 13.0, 13.1 use TLS version 1.2 for
NFS-over-TLS mounts, this command line option
may be used so that mounts from 13.0, 13.1 will still work.
Without the command line option, only TLS version 1.3
mounts are permitted.
The man page update will be a separate commit.
MFC after: 2 weeks
Add a sentence that explains that PATH is set to `/bin:/usr/bin`.
I had to dive into `jexec.c` to find this out.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D35251
Makefile.arm64 relies on being included via Makefile.${MACHINE}. This
only works when arm64 is the only aarch64 architecture. Switch to
Makefile.aarch64 so downstream CheriBSD can use the file when building
for Morello which uses a differen ${MACHINE} value.
Sponsored by: Innovate UK
