The variable expansion as written will never match anything but
'amd64/.8' in OBJDIR. The original intention behind the construct
remains unclear, but "as is" it serves no other purpose but to
generate the warning. Remove it altogether.
Fixes: df90aeac24
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D38440
And put in it:
- kbdcontrol
- vidcontrol
- moused
- kbdmap
Those aren't useful in a jail or for a modern desktop.
While here, split the devd.conf part into some new files.
Reviewed by: bapt
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38321
It belongs here.
Also this unbloat FreeBSD-utilities a bit and it will not depend
on the FreeBSD-libevent1 package now.
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38226
This unbloat FreeBSD-utilities a bit and not everyone uses
valectl which is the only in-tree consumer of libnetmap
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38225
And put inetd and its config file in it.
This unbloat a bit FreeBSD-utilities and some people might not
want inetd always installed.
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38229
Compile mkmakefile.c as C++ instead and use an std::unordered_map to
accomplish the same goal.
Reviewed by: imp
Sponsored by: Klara, Inc.
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D38275
Highlights:
- Avoid keywords (this, not) as variable names
- Move yyparse into config.h with other declarations
- All declarations in config.h are assumed guilty until proven innocent
- Some const-correctness
- Casting malloc/calloc returns
Note that we're not building any C++ here yet, this will be introduced
in other commits to replace some of the lib dependencies. Reducing the
number of FreeBSD-specific dependencies we have reduces some friction
for building our bootstrap tools independently in other environments.
Reviewed by: imp
Sponsored by: Klara, Inc.
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D38274
Don't force /etc/ssl/cert.pem. It does not exist by default, only if
security/ca_root_nss is installed. Just use the default OpenSSL search
locations which are /etc/ssl/cert.pem and /etc/ssl/certs/.
The tls-system-cert option was added in Unbound 1.16.0.
Reviewed by: zlei
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D38243
This commit allows a kbdcontrol binary built with a version of kbio.h
that supports Unicode characters in dead key maps to load and display
keymaps including the dead key tables on a kernel built with a
previous version of kbio.h (that only supported 8 bit characters in
the dead key map).
This commit is meant as a temporary compatibility shim that will be
reverted when it can be assumed that all relevant systems have been
upgraded to a kernel that uses the updated kbio.h.
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D38388
Remove the hard-coded dependency on HYPERV being only x86. Instead, 100%
rely on MK_HYPERV. It's always right (since it's marked BROKEN (so set
to "no") on architectures we don't support).
Sponsored by: Netflix
Reviewed by: bz
Differential Revision: https://reviews.freebsd.org/D38306
The sc->codecs array contains HDA_CODEC_MAX (15) entries. The
guest-supplied cad field in the verb provided to hda_send_command is a
4-bit field that was used as an index into sc->codecs without any
bounds checking. The highest value (15) would overflow the array.
Other uses of sc->codecs in the device model used sc->codecs_no to
determine which array indices have been initialized, so use a similar
check to reject requests for uninitialized or invalid cad indices in
hda_send_command.
PR: 264582
Reported by: Robert Morris <rtm@lcs.mit.edu>
Reviewed by: corvink, markj, emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D38128
hda_write did not validate the relative register offset before using
it as an index into the hda_set_reg_table array to lookup a function
pointer to execute after updating the register's value.
PR: 264435
Reported by: Robert Morris <rtm@lcs.mit.edu>
Reviewed by: corvink, markj, emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D38127
Most of these arguments were unused. Device models which do need
access to the vmctx in one of these methods can obtain it from the
pi_vmctx member of the pci_devinst argument instead.
Reviewed by: corvink, markj
Differential Revision: https://reviews.freebsd.org/D38096
XHCI port and slot numbers are 1-based rather than 0-based. To handle
this, bhyve was subtracting one item from the pointers saved in the
softc so that index 1 accessed index 0 of the allocated array.
However, this is UB and confused GCC 12. The compiler noticed that
the calls to free() were using an offset and emitted a warning.
Rather than storing UB pointers in the softc, push the decrement
operation into the existing macros that wrap accesses to the relevant
arrays.
Reviewed by: corvink, markj
Differential Revision: https://reviews.freebsd.org/D36829
The mirrors list is in sync with the Handbook / Mirrors section [1],
which was refreshed a few months ago. Mirrors removed were not
responding or had duplicated addresses (aliases) with another mirror.
1 - https://docs.freebsd.org/en/books/handbook/mirrors/
Reviewed by: philip (clusteradm)
Approved by: philip
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D38014
Apparently it's possible for a mixer to have no devices:
$ mixer -f /dev/mixer2
pcm2:mixer: <USB audio> at ? kld snd_uaudio (rec)
$
If this is the default sound device, an attempt to change the default
unit using mixer -d fails with a segfault because mod_dunit is called
with a NULL device pointer, which is dereferenced to get the parent
mixer.
ctl_dunit seems to be a dummy, i.e., we don't actually need it and can
simply pass the mixer to mod_dunit() directly. This patch removes that
structure and associated indirection to fix the crash.
Reviewed by: christos, hselasky
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D38060
FreeBSD src does not support HAVE_DECL_EVSIGNAL_ASSIGN. While reviewing
the new config.h after regenerating it, this definition was not removed.
Updating config.h is a manual process of configuring the port and
copying/merging the generated config.h into src. This definition was
missed and not removed (#undef'd).
Fixes: 1838dec318
MFC after: 1 month
X-MFC with: 1838dec318
If a type=dir entry exists and all contents are directories, files
added with contents=, or symlinks with link= attributes then it doesn't
need to exist. Just let openat fail in that case. It's conceivable
this will make debugging some cases weird, but it's sufficent to handle
the way we add /root/.ssh in CheriBSD VM images.
This is a recommit of 794154149f with
bugfixes.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D38029
If a type=dir entry exists and all contents are directories, files
added with contents=, or symlinks with link= attributes then it doesn't
need to exist. Just let openat fail in that case. It's conceivable
this will make debugging some cases weird, but it's sufficent to handle
the way we add /root/.ssh in CheriBSD VM images.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D38029
When a link target is specified use it rather than attempting to read
a potentially non-existant file.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D38028
This reverts commit c33509d49a.
It turns out that the long 27 second delay I saw in the
gss_acquire_cred() call was caused by a (mis)configured
DNS. Although I did not specify "dns" in /etc/nsswitch.conf,
I did have a /etc/resolv.conf file on the system (left
there by wpa_supplicant). As such, with no route, it was
somehow trying to contact the DNS server, although there was none.
Once I got rid of the /etc/resolv.conf file, it worked
as expected.
Since there is now a large 5 minute timeout on the
kernel to gssd(8) upcalls, the gssd(8) daemon will not
get terminated when this delay occurs and the only affect
is a 30 second delay during the mount.
Discussed with: bjk
* Replay 2010[acflm] which had been merged but not recorded.
* Merge 2010n.
* Reorganize (unsplit) the code to match the upstream layout.
* Merge 2022[cdefg].
MFC after: 1 week
Sponsored by: Klara, Inc.
If an NFS mount using "sec=krb5[ip],gssname=<name>" is
done, the gssd daemon fails. There is a long delay
(several seconds) in the gss_acquire_cred() call and then
it returns success, but the credentials returned are
junk.
I have no idea how long this has been broken, due to some
change in the Heimdal gssapi library call, but I suspect
it has been quite some time.
Anyhow, it turns out that replacing the "desired_name"
argument with GSS_C_NO_NAME fixes the problem.
Replacing the argument should not be a problem, since the
TGT for the host based initiator credential in the default
keytab file should be the only TGT in the gssd'd credential
cache (which is not the one for uid 0).
I will try and determine if FreeBSD13 and/or FreeBSD12
needs this same fix and will MFC if they need the fix.
This problem only affected Kerberized NFS mounts when the
"gssname" mount option was used. Other Kerberized NFS
mount cases already used GSS_C_NO_NAME and work ok.
A workaround if you do not have this patch is to do a
"kinit -k host/FQDN" as root on the machine, followed by
the Kerberized NFS mount without the "gssname" mount
option.
MFC after: 1 month
The intention of /etc/passwd was to support legacy applications that are
not yet converted to use modern API like getpwent(3). Comments are not
defined in the legacy format, so copying them could break these
applications. Plus, it could leak sensitive information (e.g. encrypted
form of password of an user that was commented out instead of deleted
or disabled).
PR: bin/144652
MFC after: 1 month
Although the tls syscall to set up the upcall should
not normally fail, the daemon should check for such
a failure. This patch adds a check for that failure.
MFC after: 1 week
Although the tls syscall to set up the upcall should
not normally fail, the daemon should check for such
a failure. This patch adds a check for that failure.
MFC after: 1 week
Set the thread affinity in fbsdrun_start_thread next to where the
thread name is set. This keeps all the pthread initialization
operations at the start of a thread in one place.
Reviewed by: corvink, markj
Differential Revision: https://reviews.freebsd.org/D37646
The global vmexit[] array is no longer needed to smuggle the rip
value from fbsdrun_addcpu() to vm_loop().
Reviewed by: corvink, markj
Differential Revision: https://reviews.freebsd.org/D37644
fbsdrun_addcpu() read the current vCPU's RIP register from the kernel
via vm_get_register() to pass along through some layers to vm_loop()
which then set the register via vm_set_register(). However, this is
just always setting the value back to itself.
Reviewed by: corvink
Differential Revision: https://reviews.freebsd.org/D37643