And put inetd and its config file in it.
This unbloat a bit FreeBSD-utilities and some people might not
want inetd always installed.
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38229
Compile mkmakefile.c as C++ instead and use an std::unordered_map to
accomplish the same goal.
Reviewed by: imp
Sponsored by: Klara, Inc.
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D38275
Highlights:
- Avoid keywords (this, not) as variable names
- Move yyparse into config.h with other declarations
- All declarations in config.h are assumed guilty until proven innocent
- Some const-correctness
- Casting malloc/calloc returns
Note that we're not building any C++ here yet, this will be introduced
in other commits to replace some of the lib dependencies. Reducing the
number of FreeBSD-specific dependencies we have reduces some friction
for building our bootstrap tools independently in other environments.
Reviewed by: imp
Sponsored by: Klara, Inc.
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D38274
Don't force /etc/ssl/cert.pem. It does not exist by default, only if
security/ca_root_nss is installed. Just use the default OpenSSL search
locations which are /etc/ssl/cert.pem and /etc/ssl/certs/.
The tls-system-cert option was added in Unbound 1.16.0.
Reviewed by: zlei
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D38243
This commit allows a kbdcontrol binary built with a version of kbio.h
that supports Unicode characters in dead key maps to load and display
keymaps including the dead key tables on a kernel built with a
previous version of kbio.h (that only supported 8 bit characters in
the dead key map).
This commit is meant as a temporary compatibility shim that will be
reverted when it can be assumed that all relevant systems have been
upgraded to a kernel that uses the updated kbio.h.
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D38388
Remove the hard-coded dependency on HYPERV being only x86. Instead, 100%
rely on MK_HYPERV. It's always right (since it's marked BROKEN (so set
to "no") on architectures we don't support).
Sponsored by: Netflix
Reviewed by: bz
Differential Revision: https://reviews.freebsd.org/D38306
The sc->codecs array contains HDA_CODEC_MAX (15) entries. The
guest-supplied cad field in the verb provided to hda_send_command is a
4-bit field that was used as an index into sc->codecs without any
bounds checking. The highest value (15) would overflow the array.
Other uses of sc->codecs in the device model used sc->codecs_no to
determine which array indices have been initialized, so use a similar
check to reject requests for uninitialized or invalid cad indices in
hda_send_command.
PR: 264582
Reported by: Robert Morris <rtm@lcs.mit.edu>
Reviewed by: corvink, markj, emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D38128
hda_write did not validate the relative register offset before using
it as an index into the hda_set_reg_table array to lookup a function
pointer to execute after updating the register's value.
PR: 264435
Reported by: Robert Morris <rtm@lcs.mit.edu>
Reviewed by: corvink, markj, emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D38127
Most of these arguments were unused. Device models which do need
access to the vmctx in one of these methods can obtain it from the
pi_vmctx member of the pci_devinst argument instead.
Reviewed by: corvink, markj
Differential Revision: https://reviews.freebsd.org/D38096
XHCI port and slot numbers are 1-based rather than 0-based. To handle
this, bhyve was subtracting one item from the pointers saved in the
softc so that index 1 accessed index 0 of the allocated array.
However, this is UB and confused GCC 12. The compiler noticed that
the calls to free() were using an offset and emitted a warning.
Rather than storing UB pointers in the softc, push the decrement
operation into the existing macros that wrap accesses to the relevant
arrays.
Reviewed by: corvink, markj
Differential Revision: https://reviews.freebsd.org/D36829
The mirrors list is in sync with the Handbook / Mirrors section [1],
which was refreshed a few months ago. Mirrors removed were not
responding or had duplicated addresses (aliases) with another mirror.
1 - https://docs.freebsd.org/en/books/handbook/mirrors/
Reviewed by: philip (clusteradm)
Approved by: philip
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D38014
Apparently it's possible for a mixer to have no devices:
$ mixer -f /dev/mixer2
pcm2:mixer: <USB audio> at ? kld snd_uaudio (rec)
$
If this is the default sound device, an attempt to change the default
unit using mixer -d fails with a segfault because mod_dunit is called
with a NULL device pointer, which is dereferenced to get the parent
mixer.
ctl_dunit seems to be a dummy, i.e., we don't actually need it and can
simply pass the mixer to mod_dunit() directly. This patch removes that
structure and associated indirection to fix the crash.
Reviewed by: christos, hselasky
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D38060
FreeBSD src does not support HAVE_DECL_EVSIGNAL_ASSIGN. While reviewing
the new config.h after regenerating it, this definition was not removed.
Updating config.h is a manual process of configuring the port and
copying/merging the generated config.h into src. This definition was
missed and not removed (#undef'd).
Fixes: 1838dec318
MFC after: 1 month
X-MFC with: 1838dec318
If a type=dir entry exists and all contents are directories, files
added with contents=, or symlinks with link= attributes then it doesn't
need to exist. Just let openat fail in that case. It's conceivable
this will make debugging some cases weird, but it's sufficent to handle
the way we add /root/.ssh in CheriBSD VM images.
This is a recommit of 794154149f with
bugfixes.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D38029
If a type=dir entry exists and all contents are directories, files
added with contents=, or symlinks with link= attributes then it doesn't
need to exist. Just let openat fail in that case. It's conceivable
this will make debugging some cases weird, but it's sufficent to handle
the way we add /root/.ssh in CheriBSD VM images.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D38029
When a link target is specified use it rather than attempting to read
a potentially non-existant file.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D38028
This reverts commit c33509d49a.
It turns out that the long 27 second delay I saw in the
gss_acquire_cred() call was caused by a (mis)configured
DNS. Although I did not specify "dns" in /etc/nsswitch.conf,
I did have a /etc/resolv.conf file on the system (left
there by wpa_supplicant). As such, with no route, it was
somehow trying to contact the DNS server, although there was none.
Once I got rid of the /etc/resolv.conf file, it worked
as expected.
Since there is now a large 5 minute timeout on the
kernel to gssd(8) upcalls, the gssd(8) daemon will not
get terminated when this delay occurs and the only affect
is a 30 second delay during the mount.
Discussed with: bjk
* Replay 2010[acflm] which had been merged but not recorded.
* Merge 2010n.
* Reorganize (unsplit) the code to match the upstream layout.
* Merge 2022[cdefg].
MFC after: 1 week
Sponsored by: Klara, Inc.
If an NFS mount using "sec=krb5[ip],gssname=<name>" is
done, the gssd daemon fails. There is a long delay
(several seconds) in the gss_acquire_cred() call and then
it returns success, but the credentials returned are
junk.
I have no idea how long this has been broken, due to some
change in the Heimdal gssapi library call, but I suspect
it has been quite some time.
Anyhow, it turns out that replacing the "desired_name"
argument with GSS_C_NO_NAME fixes the problem.
Replacing the argument should not be a problem, since the
TGT for the host based initiator credential in the default
keytab file should be the only TGT in the gssd'd credential
cache (which is not the one for uid 0).
I will try and determine if FreeBSD13 and/or FreeBSD12
needs this same fix and will MFC if they need the fix.
This problem only affected Kerberized NFS mounts when the
"gssname" mount option was used. Other Kerberized NFS
mount cases already used GSS_C_NO_NAME and work ok.
A workaround if you do not have this patch is to do a
"kinit -k host/FQDN" as root on the machine, followed by
the Kerberized NFS mount without the "gssname" mount
option.
MFC after: 1 month
The intention of /etc/passwd was to support legacy applications that are
not yet converted to use modern API like getpwent(3). Comments are not
defined in the legacy format, so copying them could break these
applications. Plus, it could leak sensitive information (e.g. encrypted
form of password of an user that was commented out instead of deleted
or disabled).
PR: bin/144652
MFC after: 1 month
Although the tls syscall to set up the upcall should
not normally fail, the daemon should check for such
a failure. This patch adds a check for that failure.
MFC after: 1 week
Although the tls syscall to set up the upcall should
not normally fail, the daemon should check for such
a failure. This patch adds a check for that failure.
MFC after: 1 week
Set the thread affinity in fbsdrun_start_thread next to where the
thread name is set. This keeps all the pthread initialization
operations at the start of a thread in one place.
Reviewed by: corvink, markj
Differential Revision: https://reviews.freebsd.org/D37646
The global vmexit[] array is no longer needed to smuggle the rip
value from fbsdrun_addcpu() to vm_loop().
Reviewed by: corvink, markj
Differential Revision: https://reviews.freebsd.org/D37644
fbsdrun_addcpu() read the current vCPU's RIP register from the kernel
via vm_get_register() to pass along through some layers to vm_loop()
which then set the register via vm_set_register(). However, this is
just always setting the value back to itself.
Reviewed by: corvink
Differential Revision: https://reviews.freebsd.org/D37643
- Enable VM_CAP_IPI_EXIT in fbsdrun_set_capabilities along with other
capabilities enabled on all vCPUs.
- Don't call fbsdrun_set_capabilities a second time on the BSP in
spinup_vcpu.
- To preserve previous behavior, don't unconditionally enable
unrestricted guest mode on the BSP (this unbreaks single-vCPU guests
on Nehalem systems, though supporting such setups is of dubious
value). Other places that enbale UG on the BSP are careful to check
the result of the operation and fail if it is not available.
- Don't set any capabilities in spinup_ap(). These are now all
redundant with earlier settings from spinup_vcpu().
- While here, axe a stale comment from fbsdrun_addcpu(). This
function is now always called from the main thread for all vCPUs.
Reviewed by: corvink, markj
Differential Revision: https://reviews.freebsd.org/D37642
Since commit 0bda8d3e9f, bhyve always enables VM_EXITCODE_IPI exits
instead, so this handler is no longer used.
Reviewed by: corvink, markj
Differential Revision: https://reviews.freebsd.org/D37640
Commit bba7a2e896 added "allow.nfsd" to optionally allow
mountd/nfsd to be run inside a vnet prison when the kernel
is built with "options VNET_NFSD".
This patch updates the man page for this change.
This is a content change.
Reviewed by: jamie, bcr (manpages)
MFC after: 4 months
Differential Revision: https://reviews.freebsd.org/D37665
