Consolidate add_efi_map_entry() and exclude_efi_map_entry() into a
single function, handle_efi_map_entry(), so that the exact set of entry
types handled is the same in the addition or exclusion cases. Before,
exclude_efi_map_entry() had a 'default' case that would exclude all
entry types that were not listed explicitly in the switch statement.
Logically, we do not need to exclude a range that could not possibly be
added to physmem, and we do not need to exclude bus ranges that are not
physical memory, for example EFI_MD_TYPE_IOMEM.
Since physmem's ram0 device will reserve bus memory resources for its
owned ranges, this was preventing attachment of the watchdog device on
the RPI4B. For some reason its region of memory-mapped I/O appeared in
the EFI memory map (with the aforementioned EFI_MD_TYPE_IOMEM type).
This change fixes the attachment issue, as we prevent the physmem API
from messing with this range of bus space.
PR: 270044
Reported by: karels, Mark Millard
Reviewed by: andrew, karels, imp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D39003
* Add ifc_find_cloner()
* Rename current ifc_find_cloner() to ifc_find_cloner_in_vnet()
* Add ifc_find_cloner_match()
This change simplifies the code a bit and reduces the diff to
the netlink interface cloners merge (D39032).
Reviewed by: glebius, kp
Differential Revision: https://reviews.freebsd.org/D39046
MFC after: 2 weeks
To invalidate stage 2 mappings on arm64 we may need to call into the
hypervisor so add a function pointer that bhyve can use to implement
this.
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37254
Eliminate a redundant resource array allow possible use by bhyve later.
Reviewed by: kevans
Sponsored by: Arm Ltd
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37424
Make it clear we're checking to see if the target is a verified file and
prevent its replacement if so.
Sponsored by: Netflix
Reviewed by: rpokala
Differential Revision: https://reviews.freebsd.org/D39079
be_clone calls be_clone_cb and both call set_error on the return
error path. set_error prints the error resulting in a double print.
be_clone_cb should just return the error code and allow be_clone
to print it.
PR: 265248
Reported by: Graham Perrin
Reviewed by: imp, kevans
Pull Request: https://github.com/freebsd/freebsd-src/pull/685
these functions exclusively return (0) and (1), so convert them to bool
We also convert some networking related jail functions from int to bool
some of which were returning an error that was never used.
Differential Revision: https://reviews.freebsd.org/D29659
Reviewed by: imp, jamie (earlier version)
Pull Request: https://github.com/freebsd/freebsd-src/pull/663
tools/pkgbase/metalog_reader.lua checks for errors in METALOG (for
pkgbase staging), such as hard links with differing modes, duplicate
entries, etc. Run it as part of the Cirrus-CI job to prevent
regressions.
Reviewed by: manu, imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37521
Building the tools is quick so we should provide coverage of this to
ensure it keeps working, especially on non-FreeBSD.
Reviewed by: emaste, arichardson
Differential Revision: https://reviews.freebsd.org/D39073
This will build etdump, makefs and mkimg as bootstrap tools to allow
easily creating disk images. Note that etdump is bootstrapped due to its
use in the release scripts for building ISO images.
Reviewed by: emaste, arichardson
Differential Revision: https://reviews.freebsd.org/D39072
Since 9503d2704c LOADER_ZFS gets turned off when ZFS is, and since
63715498ac ZFS is no longer disabled on powerpc and powerpcspe.
Reviewed by: emaste
Fixes: 9503d2704c ("opts: Minor cleanup of ZFS options")
Fixes: 63715498ac ("powerpc: enable ZFS on 32 bit powerpc/powerpcspe")
Differential Revision: https://reviews.freebsd.org/D39071
This patch updates the information for "allow.nfsd"
and adds configuration information.
This is a content change.
Reviewed by: karels, markj, pauamma (manpages)
MFC after: 3 months
Differential Revision: https://reviews.freebsd.org/D39033
ieee80211_scan_dump_channels() is only used locally and only when
IEEE80211_DEBUG is compiled. Stop exporting it, make it file local
and hide under the #ifdef to reduce the footprint for production
kernels a tiny bit.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D38833
scan state ss_flags in two places cut off the "internal" GOTPICK
options. Replace the hardcoded 0xfff with a defined mask.
Note that "internal" flags is confusing as we also supplement the
the 16bit by another 16bit of "internal flags" passed around but
comaparing to GOTPICK never stored to my understanding.
No functional change.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D38832
The save_if_input function pointer was meant to save the previous
value of ifp->if_input before replacing it with the emulated
adapter hook.
However, the same pointer value is already stored in the if_input
field of the netmap_adapter struct, to be used for host TX ring processing.
Reuse the netmap_adapter if_input field to simplify the code
and save some space.
MFC after: 14 days
Summary:
All callers of infiniband_bpf_mtap() call it through the wrapper macro,
which checks the if_bpf member explicitly. Since this is getting
hidden, move this check into the internal function and remove the
wrapper macro.
Reviewed by: hselasky
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D39024
Fixes: bf2e2524a2 ("ssh: canonicize the host name before...")
Fixes: 3e74849a1e ("ssh: canonicize the host name before...")
Reviewed by: rew
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D38441
It was used by ancient GCC assert.h. Prior to 2001 GCC used to provide
its own assert.h The GCC assert.h required __eprintf to emit the error
message. FreeBSD's own assert.h never used this.
Reviewed by: ed (previously), imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D2597
We have FIDO/U2F support in the base system now, so reserve a group ID
for it (maching the security/u2f-devd port).
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34341
In the IP header, Flags + Fragment Offset is a 16-bit field.
Use ntohs() instead of ntohl(), otherwise the Flags/Fragment Offset
values may not display correctly.
Before (DF set)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 0001 0 0000 40 01 b6a4 192.0.2.1 192.0.2.2
After (DF set)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 0001 2 0000 40 01 b6a4 192.0.2.1 192.0.2.2
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D38479
Functions implemented :
- mac_veriexec_vnode_check_unlink: Unlink on a file has been
requested and requires validation. This function prohibits the
deleting a protected file (or deleting one of these hard links, if
any).
- mac_veriexec_vnode_check_rename_from: Rename the file has been
requested and must be validated. This function controls the renaming
of protected file
- mac_veriexec_vnode_check_rename_to: File overwrite rename has been
requested and must be validated. This function prevent overwriting of
a file protected (overwriting by mv command).
The 3 fonctions together aim to control the 'removal' (via unlink) and
the 'mv' on files protected by veriexec. The intention is to reach the
functional level of NetBSD veriexec.
Add sysctl node security.mac.veriexec.unlink to toggle control on
syscall unlink.
Add tunable kernel variable security.mac.veriexec.block_unlink to toggle
unlink protection. Add the corresponding read-only sysctl.
[ tidied up commit message, trailing whitespace, long lines, { placement ]
Reviewed by: sjg, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/613
When booting from a snapshot we need to follow a different code path
to turn the objset ID into the name, and for forward lookups we need
to walk the parent's snapnames_zap.
With this, it is possible to set the pools BOOTFS property to a
snapshot and boot with a read-only filesystem of that snapshot.
Reviewed by: tsoome, rew, imp
Sponsored By: Beckhoff Automation GmbH & Co. KG
Sponsored By: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D38600
It is better to mention the externel command for showing
the routing table as using an explicit command.
PR: 231579
Suggested by: karels
Reviewed by: karles, gbe
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D39075
We always have it, some languages assume it's present, e.g. go
before 1.20. Enable it by default on arm and arm64.
PR: 269070
Reviewed by: kevans
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D39059
The xenpf_dom0_console_t structure can grow as more data is added, and
hence we need to check that the fields we accesses have been filled by
Xen. The only extra field FreeBSD currently uses is the top 32 bits
for the frame buffer physical address.
Note that this field is present in all the versions that make the
information available from the platform hypercall interface, so the
check here is mostly cosmetic, and to remember us that newly added
fields require checking the size of the returned data.
Fixes: 6f80738b22 ('xen: fetch dom0 video console information from Xen')
Sponsored by: Citrix Systems R&D
Add mostly glibc and msl compatible secure_getenv. Return NULL if
issetugid() indicates the process is tainted, otherwise getenv(x). The
rational behind this is the fact that many Linux applications use this
function instead of getenv() as it's widely consider a, "best
practice".
Reviewed by: imp, mjg (feedback)
Pull Request: https://github.com/freebsd/freebsd-src/pull/686
Signed-off-by: Lucy Marsh <seafork@disroot.org>
Hyper-V does not provide Mellanox hardware, some of Azure's instances
do, thus the configuration to enable them does not belong in the generic
std.hyperv config.
Fixes: 15e7fa83ef ("arm64: Hyper-V: Add vPCI and Mellanox driver modules into build")
If there's a kboot.conf, prase it after the command line args are
parsed. It's not always easy to get all the right command line args
depending on the environment. Allow an escape hatch. While we can't do
everything one might like in this file, we can do enough.
Sponsored by: Netflix
If bread returns an error there is no bp to brelse. One of these
changes was taken from NetBSD commit 0a62dad69f62 ("This works well
enough to populate..."), the rest were found by looking for the same
pattern.
Reviewed by: imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39069
Offsets for all of thse can be a bit complicated as not all interrupts
will be present, only phys and virt are actually required, and sec-phys
could optionally be specified before phys. Push idx/name pairs into
a new config struct and maintain the old indices while still getting the
correct timers.
Split fdt/acpi attach out independently and allocate interrupts before
we head into the common attach(). The secure physical timer is also
optional there, so mark it so to avoid erroring out if we run into
problems.
Reviewed by: andrew
Differential Revision: https://reviews.freebsd.org/D38911
Add missing brelse(bp). Without it the cache grows and we have a n^2
lookup. I'm not entirely sure why we read the block before we write it
back out, since the only side effect of that is to allocate memory,
clear the memory, read it in from disk, throw it away with the contents
of the file being written out. We likely should just do a getblk() here
instead, but even with all that, this takes the time it takes to create
a 150MB msdos fs image down from 5 minutes to 30 seconds.
Old: 317.663u 0.685s 5:18.34 100.0% 198+360k 0+19io 1009pf+0w
New: 7.330u 23.841s 0:31.17 100.0% 198+360k 0+250522io 4pf+0w
See code review for how we got this. tl;dr: netbsd move brelse
into bwrite and we picked up msdos code after that, but not the
move. That change should be picked up later.
Sponsored by: Netflix
Reviewed by: emaste
MFC After: 1 day (13.2 is coming fast)
Differential Revision: https://reviews.freebsd.org/D39025
RFC 4443 specifies cases where certain packets, like those originating from
local-scope addresses destined outside of the scope shouldn't be forwarded.
The current practice is to drop them, send ICMPv6 message where appropriate,
and log the message:
cannot forward src fe80:10::426:82ff:fe36:1d8, dst 2001:db8:db8::10, nxt
58, rcvif vlan5, outif vlan2
At times the volume of such messages cat get very high. Let's allow local
admins to disable such messages on per vnet basis, keeping the current
default (log).
Reported by: zarychtam@plan-b.pwste.edu.pl
Reviewed by: zlei (previous version), pauamma (docs)
Differential Revision: https://reviews.freebsd.org/D38644
