Mountd can now be run in an appropriately
configured vnet jail.
This man page update adds some information
for this case.
This is a content change.
Reviewed by: markj
MFC after: 3 months
Differential Revision: https://reviews.freebsd.org/D39168
Start breaking down big main()
Remove goto exit label and replace it with a function that does cleanup.
Comment re-worded by kevans@.
Pull Request: https://github.com/freebsd/freebsd-src/pull/694
Let the user decide if he wants to use bhyve's fwctl or qemu's fwcfg. He
can set the interface by adding a fwcfg option to bootrom:
-l bootrom,<path/to/rom>,fwcfg=bhyve
-l bootrom,<path/to/rom>,fwcfg=qemu
Reviewed by: markj
MFC after: 1 week
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38337
Fwcfg items without a fixed index are reported by the file_dir. They
have an index of 0x20 and above. This helper simplifies the addition of
such fwcfg items. It selects a new free index, assigns it to the fwcfg
items and creates an proper entry in the file_dir.
Reviewed by: markj
MFC after: 1 week
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38336
This patch updates the information for "allow.nfsd"
and adds configuration information.
This is a content change.
Reviewed by: karels, markj, pauamma (manpages)
MFC after: 3 months
Differential Revision: https://reviews.freebsd.org/D39033
If bread returns an error there is no bp to brelse. One of these
changes was taken from NetBSD commit 0a62dad69f62 ("This works well
enough to populate..."), the rest were found by looking for the same
pattern.
Reviewed by: imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39069
Add missing brelse(bp). Without it the cache grows and we have a n^2
lookup. I'm not entirely sure why we read the block before we write it
back out, since the only side effect of that is to allocate memory,
clear the memory, read it in from disk, throw it away with the contents
of the file being written out. We likely should just do a getblk() here
instead, but even with all that, this takes the time it takes to create
a 150MB msdos fs image down from 5 minutes to 30 seconds.
Old: 317.663u 0.685s 5:18.34 100.0% 198+360k 0+19io 1009pf+0w
New: 7.330u 23.841s 0:31.17 100.0% 198+360k 0+250522io 4pf+0w
See code review for how we got this. tl;dr: netbsd move brelse
into bwrite and we picked up msdos code after that, but not the
move. That change should be picked up later.
Sponsored by: Netflix
Reviewed by: emaste
MFC After: 1 day (13.2 is coming fast)
Differential Revision: https://reviews.freebsd.org/D39025
The fact that most of the daemon's state is stored on the stack
of the main() makes it hard to split the logic smaller chunks.
Which in turn leads to huge main func that does a a lot of things.
struct log_params existed because some variables need to be passed
into other functions together.
This change renames struct log_params into daemon_state
and moves the rest of the variables into it. This is a necessary
preparation step for further refactroing.
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/687
Use SHA256_Fd and SHA256_Data instead of home made equivalent.
wrap those functions into hash.c to avoid header collition between
openssl and libmd
Suggested by: kevans
OpenSSL 3.0 has deprecated the sha256 api, let's use libmd which has the
same API instead.
In order to avoid the collision in definitions (sha256.h cannot be
included in the same file as a file where openssl headers has been
included) let's move the sha256 related code in its own file
PR: 270023
Reported by: ngie
libcasper(3) is not used in bhyve. So move dependency to the appropriate
place.
Reviewed by: markj
MFC after: 1 week
Sponsored by: vStack
Differential Revision: https://reviews.freebsd.org/D38905
When using the --suspend and --checkpoint parameter, bhyvectl will
produce two checkpoint images and the exits. This is slightly ambiguous.
So, permit only one of theses parameters at the same time.
Reviewed by: corvink, markj
MFC after: 1 week
Sponsored by: vStack
Differential Revision: https://reviews.freebsd.org/D38887
init_checkpoint_thread binds to a socket. Bhyve isn't allowed to do that
after caph_enter.
Reviewed by: corvink, markj
MFC after: 1 week
Sponsored by: vStack
Differential Revision: https://reviews.freebsd.org/D38857
Mostly sprinkle __unused. Also duplicate strings passed to addenv() so
that constant string literals can be passed. No functional change
intended.
Reviewed by: corvink, rew, jhb
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D38840
Avoid unaligned accesses in cpu_vendor_intel() and address a few other
nits. No functional change intended.
Reviewed by: corvink, rew, jhb
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D38839
Now when supervsion mode has it's own variable there is really no
reason to set it separately from the rest of the variables. Move
initialization of supervise_enabled var to the argument processing
switch loop, where it belongs.
Reviewed by: kevans
Pull Request: https://github.com/freebsd/freebsd-src/pull/672
The 'restart' variable was responsible for enablement of restart
behavior and for restart delay. While it may seem convenient it
leads to cluttering the exit/restart logic
Reviewed by: kevans
Pull Request: https://github.com/freebsd/freebsd-src/pull/672
This is not a functional change.
- Clean up whitespace (spaces where there should be tabs)
- Break up lines that are longer than 80
Reviewed by: kevans
Pull Request: https://github.com/freebsd/freebsd-src/pull/672
GNU egrep emits a warning that it is obsolescent and suggests grep -E
instead. Switch to grep -E in case we end up invoking GNU (e)grep (and
for consistency with other invocations in this file).
Reported by: Steffen Nurpmeso
Sponsored by: The FreeBSD Foundation
Since struct log_params already contains logging-related
varaiables, including syslog-related, move remaining
syslog-related variables into struct log_params as well
Reviewed by: kevans
Pull Request: https://github.com/freebsd/freebsd-src/pull/669
Following style(9) and C99 recommendation use bool instead of
int for boolean operations. Also give the variable a more descriptive
name that follows boolean naming convention.
Reviewed by: kevans
Pull Request: https://github.com/freebsd/freebsd-src/pull/669
consolidation of variable declarations and initializations in previous
commit allowed me to detect that one of the signal masks is not properly
initialized with sigemptyset (as man 3 sigsetops demands)
Reviewed by: kevans
Pull Request: https://github.com/freebsd/freebsd-src/pull/669
freebsd-update will open ${EDITOR} if conflicts occur while merging
updates to config files. Inform the user if they've left conflict
markers behind, and go back to editing the file.
PR: 185546
PR: 229689
Reviewed by: delphij
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37703
A user had GREP_OPTIONS containing --color=always, which broke grep use
in freebsd-update. Unset this environment variable.
PR: 255990
Reviewed by: kevans
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
This corrects a bug in which the daily periodic script '310.accounting'
attempts to rotate logs via /etc/rc.d/accounting by calling
onerotate_logs function. The rotate logs function turns accounting back
on regardless of what acccounting_enable is set to in /etc/rc.conf. This
is due to checkyesno always returning YES since rotate logs is called
with the 'one' prefix.
In effect, accounting will always be turned back on once a day even if
it is disabled and stopped by hand. The fix was simple, just check if
accounting is before rotating logs and if it is, don't attempt the
rotate.
PR: 267464
Reviewed by: imp, hps (lgtm, not approval), Mina Galić
Pull Request: https://github.com/freebsd/freebsd-src/pull/648
Differential Revision: https://reviews.freebsd.org/D37434
This error occurs because vm->vcpu[1] has not been allocated yet when
vm_snapshot_vm() is called.
To fix this, move spinup_vcpu() before restore code.
Reviewed by: corvink, markj
MFC after: 2 weeks
Sponsored by: vStack
Differential Revision: https://reviews.freebsd.org/D38477
vmx_snapshot() and svm_snapshot() do not save any data and error occurs at
resume:
Restoring kernel structs...
vm_restore_kern_struct: Kernel struct size was 0 for: vmx
Failed to restore kernel structs.
Reviewed by: corvink, markj
Fixes: 39ec056e6d ("vmm: Rework snapshotting of CPU-specific per-vCPU data.")
MFC after: 2 weeks
Sponsored by: vStack
Differential Revision: https://reviews.freebsd.org/D38476
Qemu defines some common fwcfg items. We don't need to support all of
them. Only a subset needs to be present for fwcfg to work properly.
- signature
The signature is used by the guest to check if qemu's fwcfg is
available or not.
- id
The id is used by the guest to check which features are supported by
the fwcfg implementation of the hypervisor.
- file_dir
The file dir reports all fwcfg items which don't have a fixed index.
These are mostly user defined fwcfg items.
Reviewed by: <If someone else reviewed your modification.>
MFC after: 1 week
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38335
This helper makes it easier to add multiple fwcfg items. You can pass an
index and some data to the helper. The helper adds these information to
the fwcfg emulation so that the guest reads the given data on the
specified index.
Reviewed by: <If someone else reviewed your modification.>
MFC after: 1 week
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38334
This fixes duplicate mails (one from cron, one from periodic)
when a periodic run is not finished bfore the next one starts.
The man page states that the intended use case is cron, and
the error handling of the lockf invocation handles this case
explicitely, as such no error message for the "interactive"
use was considered.
Fixes the following warning:
yacc: w - the symbol System_spec is undefined
yacc: 3 rules never reduced
Reported by: otis
Fixes: 6a836ea741 ("config(8): Remove obsolete 'config' directive.")
Commit da88842029 ("config: error out on malformed env/hint lines")
added a reference to EINVAL. In some configurations the bootstrap tools
build fails for lack of errno definitions.
Fixes: da88842029 ("config: error out on malformed env/hint lines")
Reported by: syzbot+b1a5d112a737d9a2be9b@syzkaller.appspotmail.com
For the cases where the nfsd(8) daemon is already running or
has failed to start within a prison due to an incorrect prison
configuration, the failure message logged is:
Can't read stable storage file: operation not permitted
This patch replaces the above with more meaningful messages.
It depends on commit 10dff9da97 to differentiate between the
above two cases, however even without this commit, the messages
should be an improvement.
MFC after: 3 months
We need these to be assignments, error out if they're not.
While we're here, tag errout as __printflike so that the compiler will
sanity check the format string + args.
CID: 1505293
Reviewed by: emaste, imp
Differential Revision: https://reviews.freebsd.org/D38642
Every caller path()s its arguments anyways, just simplify these and push
path() into moveifchanged(). This fixes a number of memory leaks in the
process since path() allocates memory, which we will now free().
While we're here, make sure we close from_fd/to_fd appropriately.
CID: 1471040, 1471714, 1472045, 1006907, 1006908
Reviewed by: emaste, imp
Differential Revision: https://reviews.freebsd.org/D38641
None of the callers check that the allocation in path() failed, so let's
check in path() and abort instead of failing.
Along those lines, none of the callers seem to acknowledge that the
returned string needs to be free()d -- let's do that as well. There are
a couple not addressed in this commit that will be addressed in a future
commit by pushing the path() call down into moveifchanged() instead and
freeing it properly there.
CID: 1505271, 1505250, 1505279
Reviewed by: emaste, imp
"efibootmgr --efidev unix-path" will return the UEFI device-path to the
file or device specified by unix-path. It's useful for debugging, but
may also be useful for scripting.
Sponsored by: Netflix
Reviewed by: corvink, manu
Differential Revision: https://reviews.freebsd.org/D38617
The definition of pre-Unicode keymap ioctls will be made optional and
dependent on COMPAT_FREEBSD13 in a follow-up commit to 14-CURRENT.
While we generally provide ABI compatibility for older binaries on
a new kernel, but not functionally extended userland programs on an
old kernel, it has been specifically requested to preserve ABI
compatibility for the kbdcontrol program for both these cases.
Passing the kernel configuration option COMPAT_FREEBSD13 to the build
of kbdcontrol will make ioctls visible to the build that are normally
hidden, but required to implement compatibility with kernels that only
support 8 bit characters in dead key maps.
This commit is not to be merged to any previous FreeBSD version and
it shall be reverted as soon as this type of ABI compatibility is no
longer deemed necessary (probably before 14-STABLE is branched).
This commit is a part of review D38465 and split off to allow it to be
reverted using the commit ID.
Support for the full range of Unicode character codes has been added
to the main keymap back in 2009, with compatibility shims added in
2011 (to support an older kbdcontrol command on a new kernel during
an upgrade from FreeBSD-8 to FreeBSD-9).
Unicode support for accented characters that are reached via dead key
combinations has been added just recently, again with compatibility
shims to allow all combinations of old/new kernel and old/new
kbdcontrol command to load and display the keymaps including the dead
key table. (But full Unicode in the dead key table requires both a new
kernel and kbdcontrol command.)
This commit makes the compatibility shims depend on the respective
compatibility ioctls (OGIO_KEYMAP, OPIO_KEYMAP, OGIO_DEADKEYMAP, and
OPIO_DEADKEYMAP) being defined in sys/kbio.h. This is true for all of
them in 13-STABLE, none in 12-STABLE (as of now), and will become
optional due to a follow-up commit to sys/kbio.h in -CURRENT.
This commit is the only part of review D38465 that should be merged
back to 12-STABLE and 13-STABLE.
MFC after: 1 month
The data port returns the data of the fwcfg item.
Reviewed by: markj
MFC after: 1 week
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38333
The selector port is used to select the desired fwcfg item.
Reviewed by: markj
MFC after: 1 week
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38332
qemu's fwcfg and bhyve's fwctl are both used to configure ovmf. qemu's
fwcfg is much more powerfull than bhyve's fwctl. For that reason, add
support for qemu's fwcfg.
Reviewed by: markj
MFC after: 1 week
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38331
The list is used to generate the dsdt entry for every acpi device.
Reviewed by: markj
MFC after: 1 week
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D3830
The guest will check the dsdt to detect acpi devices. Therefore, add a
helper function to create such a dsdt entry for an acpi device.
Reviewed by: markj
MFC after: 1 week
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38329
These helper function can be used to assign acpi resources to an
acpi_device.
Reviewed by: markj
MFC after: 1 week
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38328
To simplify the handling of different acpi devices like qemu fwcfg or a
tpm, add a helper struct. It will handle the reporting of acpi
resources.
Reviewed by: markj
MFC after: 1 week
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38327
Long options improve readability of scripts, makes code comprehension
easier. This patch adds long options while preserving the existing CLI
interface.
Also --help/-h option is added.
Reviewed by: allanjude, pauamma (both earlier versions), kevans
Differential Revision: https://reviews.freebsd.org/D38244
Use an std::stringstream instead. get_word() and get_quoted_word() both
return a buffer that's presumed to not need release, so solve this by
returning a new special configword type that holds a string or eof/eol
state. This cleans up caller checking for EOF/EOL to make it more
explicit what they're doing, at least in the EOL cases which previously
checked for NULL.
Sponsored by: Klara, Inc.
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D38276
The variable expansion as written will never match anything but
'amd64/.8' in OBJDIR. The original intention behind the construct
remains unclear, but "as is" it serves no other purpose but to
generate the warning. Remove it altogether.
Fixes: df90aeac24
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D38440
And put in it:
- kbdcontrol
- vidcontrol
- moused
- kbdmap
Those aren't useful in a jail or for a modern desktop.
While here, split the devd.conf part into some new files.
Reviewed by: bapt
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38321
It belongs here.
Also this unbloat FreeBSD-utilities a bit and it will not depend
on the FreeBSD-libevent1 package now.
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38226
This unbloat FreeBSD-utilities a bit and not everyone uses
valectl which is the only in-tree consumer of libnetmap
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38225
And put inetd and its config file in it.
This unbloat a bit FreeBSD-utilities and some people might not
want inetd always installed.
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38229
Compile mkmakefile.c as C++ instead and use an std::unordered_map to
accomplish the same goal.
Reviewed by: imp
Sponsored by: Klara, Inc.
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D38275
Highlights:
- Avoid keywords (this, not) as variable names
- Move yyparse into config.h with other declarations
- All declarations in config.h are assumed guilty until proven innocent
- Some const-correctness
- Casting malloc/calloc returns
Note that we're not building any C++ here yet, this will be introduced
in other commits to replace some of the lib dependencies. Reducing the
number of FreeBSD-specific dependencies we have reduces some friction
for building our bootstrap tools independently in other environments.
Reviewed by: imp
Sponsored by: Klara, Inc.
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D38274
Don't force /etc/ssl/cert.pem. It does not exist by default, only if
security/ca_root_nss is installed. Just use the default OpenSSL search
locations which are /etc/ssl/cert.pem and /etc/ssl/certs/.
The tls-system-cert option was added in Unbound 1.16.0.
Reviewed by: zlei
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D38243
This commit allows a kbdcontrol binary built with a version of kbio.h
that supports Unicode characters in dead key maps to load and display
keymaps including the dead key tables on a kernel built with a
previous version of kbio.h (that only supported 8 bit characters in
the dead key map).
This commit is meant as a temporary compatibility shim that will be
reverted when it can be assumed that all relevant systems have been
upgraded to a kernel that uses the updated kbio.h.
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D38388
Remove the hard-coded dependency on HYPERV being only x86. Instead, 100%
rely on MK_HYPERV. It's always right (since it's marked BROKEN (so set
to "no") on architectures we don't support).
Sponsored by: Netflix
Reviewed by: bz
Differential Revision: https://reviews.freebsd.org/D38306
The sc->codecs array contains HDA_CODEC_MAX (15) entries. The
guest-supplied cad field in the verb provided to hda_send_command is a
4-bit field that was used as an index into sc->codecs without any
bounds checking. The highest value (15) would overflow the array.
Other uses of sc->codecs in the device model used sc->codecs_no to
determine which array indices have been initialized, so use a similar
check to reject requests for uninitialized or invalid cad indices in
hda_send_command.
PR: 264582
Reported by: Robert Morris <rtm@lcs.mit.edu>
Reviewed by: corvink, markj, emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D38128
hda_write did not validate the relative register offset before using
it as an index into the hda_set_reg_table array to lookup a function
pointer to execute after updating the register's value.
PR: 264435
Reported by: Robert Morris <rtm@lcs.mit.edu>
Reviewed by: corvink, markj, emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D38127
Most of these arguments were unused. Device models which do need
access to the vmctx in one of these methods can obtain it from the
pi_vmctx member of the pci_devinst argument instead.
Reviewed by: corvink, markj
Differential Revision: https://reviews.freebsd.org/D38096
XHCI port and slot numbers are 1-based rather than 0-based. To handle
this, bhyve was subtracting one item from the pointers saved in the
softc so that index 1 accessed index 0 of the allocated array.
However, this is UB and confused GCC 12. The compiler noticed that
the calls to free() were using an offset and emitted a warning.
Rather than storing UB pointers in the softc, push the decrement
operation into the existing macros that wrap accesses to the relevant
arrays.
Reviewed by: corvink, markj
Differential Revision: https://reviews.freebsd.org/D36829
The mirrors list is in sync with the Handbook / Mirrors section [1],
which was refreshed a few months ago. Mirrors removed were not
responding or had duplicated addresses (aliases) with another mirror.
1 - https://docs.freebsd.org/en/books/handbook/mirrors/
Reviewed by: philip (clusteradm)
Approved by: philip
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D38014
Apparently it's possible for a mixer to have no devices:
$ mixer -f /dev/mixer2
pcm2:mixer: <USB audio> at ? kld snd_uaudio (rec)
$
If this is the default sound device, an attempt to change the default
unit using mixer -d fails with a segfault because mod_dunit is called
with a NULL device pointer, which is dereferenced to get the parent
mixer.
ctl_dunit seems to be a dummy, i.e., we don't actually need it and can
simply pass the mixer to mod_dunit() directly. This patch removes that
structure and associated indirection to fix the crash.
Reviewed by: christos, hselasky
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D38060
FreeBSD src does not support HAVE_DECL_EVSIGNAL_ASSIGN. While reviewing
the new config.h after regenerating it, this definition was not removed.
Updating config.h is a manual process of configuring the port and
copying/merging the generated config.h into src. This definition was
missed and not removed (#undef'd).
Fixes: 1838dec318
MFC after: 1 month
X-MFC with: 1838dec318
If a type=dir entry exists and all contents are directories, files
added with contents=, or symlinks with link= attributes then it doesn't
need to exist. Just let openat fail in that case. It's conceivable
this will make debugging some cases weird, but it's sufficent to handle
the way we add /root/.ssh in CheriBSD VM images.
This is a recommit of 794154149f with
bugfixes.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D38029
If a type=dir entry exists and all contents are directories, files
added with contents=, or symlinks with link= attributes then it doesn't
need to exist. Just let openat fail in that case. It's conceivable
this will make debugging some cases weird, but it's sufficent to handle
the way we add /root/.ssh in CheriBSD VM images.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D38029
When a link target is specified use it rather than attempting to read
a potentially non-existant file.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D38028
This reverts commit c33509d49a.
It turns out that the long 27 second delay I saw in the
gss_acquire_cred() call was caused by a (mis)configured
DNS. Although I did not specify "dns" in /etc/nsswitch.conf,
I did have a /etc/resolv.conf file on the system (left
there by wpa_supplicant). As such, with no route, it was
somehow trying to contact the DNS server, although there was none.
Once I got rid of the /etc/resolv.conf file, it worked
as expected.
Since there is now a large 5 minute timeout on the
kernel to gssd(8) upcalls, the gssd(8) daemon will not
get terminated when this delay occurs and the only affect
is a 30 second delay during the mount.
Discussed with: bjk
* Replay 2010[acflm] which had been merged but not recorded.
* Merge 2010n.
* Reorganize (unsplit) the code to match the upstream layout.
* Merge 2022[cdefg].
MFC after: 1 week
Sponsored by: Klara, Inc.
If an NFS mount using "sec=krb5[ip],gssname=<name>" is
done, the gssd daemon fails. There is a long delay
(several seconds) in the gss_acquire_cred() call and then
it returns success, but the credentials returned are
junk.
I have no idea how long this has been broken, due to some
change in the Heimdal gssapi library call, but I suspect
it has been quite some time.
Anyhow, it turns out that replacing the "desired_name"
argument with GSS_C_NO_NAME fixes the problem.
Replacing the argument should not be a problem, since the
TGT for the host based initiator credential in the default
keytab file should be the only TGT in the gssd'd credential
cache (which is not the one for uid 0).
I will try and determine if FreeBSD13 and/or FreeBSD12
needs this same fix and will MFC if they need the fix.
This problem only affected Kerberized NFS mounts when the
"gssname" mount option was used. Other Kerberized NFS
mount cases already used GSS_C_NO_NAME and work ok.
A workaround if you do not have this patch is to do a
"kinit -k host/FQDN" as root on the machine, followed by
the Kerberized NFS mount without the "gssname" mount
option.
MFC after: 1 month
The intention of /etc/passwd was to support legacy applications that are
not yet converted to use modern API like getpwent(3). Comments are not
defined in the legacy format, so copying them could break these
applications. Plus, it could leak sensitive information (e.g. encrypted
form of password of an user that was commented out instead of deleted
or disabled).
PR: bin/144652
MFC after: 1 month
Although the tls syscall to set up the upcall should
not normally fail, the daemon should check for such
a failure. This patch adds a check for that failure.
MFC after: 1 week
Although the tls syscall to set up the upcall should
not normally fail, the daemon should check for such
a failure. This patch adds a check for that failure.
MFC after: 1 week
Set the thread affinity in fbsdrun_start_thread next to where the
thread name is set. This keeps all the pthread initialization
operations at the start of a thread in one place.
Reviewed by: corvink, markj
Differential Revision: https://reviews.freebsd.org/D37646
The global vmexit[] array is no longer needed to smuggle the rip
value from fbsdrun_addcpu() to vm_loop().
Reviewed by: corvink, markj
Differential Revision: https://reviews.freebsd.org/D37644
fbsdrun_addcpu() read the current vCPU's RIP register from the kernel
via vm_get_register() to pass along through some layers to vm_loop()
which then set the register via vm_set_register(). However, this is
just always setting the value back to itself.
Reviewed by: corvink
Differential Revision: https://reviews.freebsd.org/D37643
