Highlights:
- Some style fixes
- Bumped mbbuf in istrsenvisx() to MB_LEN_MAX to avoid VLAs
- mbslength cannot go negative, so make it unsigned
- Further bounds checking & fix an additional overrun, with dlen == 0
- Avoid duplicate call to wcslen(start)
On 64bit, there is a 4-byte hole in struct vdso_timekeep32 after
tk_current, if the structure is not packed. This is due to the MD
th_x86_pvc_last_systime being 64bit.
Change amd64 VDSO_TIMEHANDS_MD32 to not use uint64_t, replace it with
pair of uint32_t, as it is done for all other members.
PR: 273085
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
A UFS/FFS snapshot file is identified with the SF_SNAPSHOT
flag to identify it as a snapshot. This flag needs to be
set before setting some of its block pointers to the special
values BLK_SNAP and BLK_NOCOPY. If the snapshot creation fails
and we call VOP_REMOVE(), the SF_SNAPSHOT flag will let the
remove routine know that the special block pointer values need
to be rolled back before attempting deletion of the file.
Also ensure that an fsck is required after setting superblock
values in the ffs_checkcgintegrity() routine.
Reported-by: Peter Holm
Tested-by: Peter Holm
MFC-after: 1 week
Sponsored-by: The FreeBSD Foundation
vlan_capabilities(), used by the IFCAP ioctl, was not respecting the
IFCAP_LRO bit if it was masked by the requestor.
This prevented if_bridge(4) from automasking LRO with a message like:
bridge0: can't disable some capabilities on em3.11: 0x400
This also prevented manually disabling LRO from any vlan interface.
PR: 254596
Reported by: Paul Vixie <paul@redbarn.org>
MFC after: 1 week
This reverts commit 5f11a33cee.
As requested by Kevin Bowling. He explains:
> The subtle bug was that vlan_capabilities() in if_vlan was not obeying
> the requested mask from its IFCAP ioctl.
Also, rename min_addr to default_addr, which better reflects what it
represents. The min_addr is not a minimum address in the same way that
max_addr is actually a maximum address that can be allocated. For
example, a non-zero hint can be less than min_addr and be allocated.
Reported by: dchagin
Reviewed by: dchagin, kib, markj
Fixes: d8e6f4946c "vm: Fix anonymous memory clustering under ASLR"
Differential Revision: https://reviews.freebsd.org/D41397
From the Linux man page for mprotect(2):
PROT_GROWSDOWN
Apply the protection mode down to the beginning of a mapping
that grows downward (which should be a stack segment or a
segment mapped with the MAP_GROWSDOWN flag set).
Reported by: dchagin
Reviewed by: alc, markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D41099
which requests to propagate lowest stack segment protection to the grow gap.
This seems to be required for Linux emulation.
Reported by: dchagin
Reviewed by: alc, markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D41099
mprotect(2) on the stack region needs to adjust guard stored protection,
so that e.g. enable executing on stack worked properly on stack growth.
Reported by: dchagin
Reviewed by: alc, markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D41099
Restructure the first phase slightly, to facilitate further changes.
Reviewed by: alc, markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D41099
Do not assume that protection is same as max_protection. Store both in
offset, packed in the same way as the prot syscall parameter.
Reviewed by: alc, markj (previous version)
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D41099
The function returns the newly created entry.
Use vm_map_insert1() in stack grow code to avoid gap entry re-lookup.
The comment update for vm_map_try_merge_entries() was suggested by dougm.
Suggested by: alc
Reviewed by: alc, markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D41099
Only a part of the object may be mapped.
Noted by: alc
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D41099
Now that we no longer support armv[45] devices, these tests can be
simplified. While here, update the comment to reflect which rpi devices
we support. It's been way more thant he Pi-B for a long time.
Sponsored by: Netflix
If the parent interface is not a bridge and can do LRO and
checksum offloading on VLANs, then guess it may do LRO on VLANs.
False positive here cost nothing, while false negative may lead
to some confusions. According to Wikipedia:
"LRO should not operate on machines acting as routers, as it breaks
the end-to-end principle and can significantly impact performance."
The same reasoning applies to machines acting as bridges.
PR: 254596
MFC after: 3 weeks
This makes it possible to install kerberos-lib (which is used by common
utilities such as curl) without pulling in the rest of kerberos.
MFC after: 1 week
If the host doesn't announce VIRTIO_NET_F_CTRL_RX we cannot disable all
multicast traffic. Previously we'd refuse to set the IFF_ALLMULTI flag,
which is the exact opposite of what is actually happening.
This broke things such as igmpproxy.
See also: https://redmine.pfsense.org/issues/14301
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D41356
If a UFS/FFS filesystem develops a broken cylinder group (which is
usually detected when its check hash fails), that cylinder group
will not be usable until the filesystem has been unmounted and fsck
has been run to repair it. On the first attempt to to allocate
resources from the broken cylinder group, its available resources
are set to zero in the superblock summary information. Since it
will appear to have no resources available, no further calls will
be made to allocate resources from it. When resources are freed to
the broken cylinder group, the resource free routines will find the
cylinder group unusable so the resource will simply be discarded
and thus will not show up in the superblock summary information
until they are recovered by fsck.
Reported-by: Peter Holm
Tested-by: Peter Holm
MFC-after: 1 week
Sponsored-by: The FreeBSD Foundation
Rename to ffs_checkfreeblk() to better describe that it is checking
to find out if a block or fragment is free. Clarify its implementation.
No functional change intended.
MFC-after: 1 week
Sponsored-by: The FreeBSD Foundation
This creates an appropriate symlink instead of a potentially incorrect
path pointing to the absolute path for cpuset(8) on the host.
MFC after: 2 weeks
MFC with: f05948d4e9
Requested by: imp
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D41419
The panic stack looks like this:
panic: _sx_xlock_hard: recursed on non-recursive sx MANA port lock
@ /usr/src/sys/dev/mana/mana_en.c:1022
KDB: stack backtrace:
vpanic() at vpanic+0x150/frame 0xfffffe011b3c1970
panic() at panic+0x43/frame 0xfffffe011b3c19d0
_sx_xlock_hard() at _sx_xlock_hard+0x82d/frame 0xfffffe011b3c1a70
_sx_xlock() at _sx_xlock+0xb0/frame 0xfffffe011b3c1ab0
mana_cfg_vport() at mana_cfg_vport+0x79/frame 0xfffffe011b3c1b40
mana_alloc_queues() at mana_alloc_queues+0x3b/frame 0xfffffe011b3c1c50
mana_up() at mana_up+0x40/frame 0xfffffe011b3c1c70
mana_ioctl() at mana_ioctl+0x25b/frame 0xfffffe011b3c1cb0
ifhwioctl() at ifhwioctl+0xd11/frame 0xfffffe011b3c1db0
hn_xpnt_vf_init() at hn_xpnt_vf_init+0x15f/frame 0xfffffe011b3c1e10
The lock has already been held in the caller. Remove this
redundant lock attempt.
Reported by: NetApp
Sponsored by: Microsoft
Excerpts from the release notes:
* ssh-agent(1): PKCS#11 modules must now be specified by their full
paths. Previously dlopen(3) could search for them in system
library directories.
* ssh(1): allow forwarding Unix Domain sockets via ssh -W.
* ssh(1): add support for configuration tags to ssh(1).
This adds a ssh_config(5) "Tag" directive and corresponding
"Match tag" predicate that may be used to select blocks of
configuration similar to the pf.conf(5) keywords of the same
name.
* ssh(1): add a "match localnetwork" predicate. This allows matching
on the addresses of available network interfaces and may be used to
vary the effective client configuration based on network location.
* ssh-agent(1): improve isolation between loaded PKCS#11 modules
by running separate ssh-pkcs11-helpers for each loaded provider.
* ssh-agent(1), ssh(1): improve defences against invalid PKCS#11
modules being loaded by checking that the requested module
contains the required symbol before loading it.
* ssh(1): don't incorrectly disable hostname canonicalization when
CanonicalizeHostname=yes and ProxyJump was expicitly set to
"none". bz3567
Full release notes at https://www.openssh.com/txt/release-9.4
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Fix a boot-time panic in qcom_mdio_ipq4018 due to a missing bus function
and hook the file up to the build so that it will not rot away.
Test booted on an ipq807x in 2022.
X-Differential Revision: extracted from D37882
The ffs_inotovp() function returns a vnode from a mounted filesystem
for an inode number with specified generation number. We now
consistently return ESTALE if the inode with given generation number
no longer exists on that filesystem.
The ffs_reload() function reloads all incore data for a filesystem.
It is used after running fsck on a mounted filesystem and finding
things to fix. It now returns the EINTEGRITY error if it is unable
to find a valid superblock.
MFC-after: 1 week
Sponsored-by: The FreeBSD Foundation
Summary:
This change moves /usr/bin/cpuset to /bin/cpuset so it is more readily
available on hosts where the /usr partition might not be mounted at the
time / has been mounted.
Remove some complexity from rc.subr(8) since /bin is assumed to always
be present if/when / is mounted.
MFC after: 2 weeks
MFC with: 0661f93892, 271d552379af
Test Plan:
- Test out rc.subr change.
- Confirm that the installation logic does what's needed.
Relnotes: yes (moving cpuset may impact strict file permissions/mode checking)
Reviewers: kevans
Subscribers: imp
Differential Revision: https://reviews.freebsd.org/D40057
Back when Makefile.lib32 was turned into Makefile.libcompat, a typo was
introduced; it should have been LIBCOMPATDTRACE, but instead gained a
dollar sign in it as LIB$COMPATDTRACE (and with COMPATDTRACE not being
defined, was equivalent to ${LIB:U${DTRACE}}). This then meant it was
not converted to LIB${_LIBCOMPAT}DTRACE in 91d7edd549 ("Generalise
libcompat to be a list rather than a single option") and instead left
broken. Belatedly fix this long-standing seemingly-inconsequential bug.
Fixes: dba75e9fa5 ("Move Makefile.lib32 to Makefile.libcompat and generalize it.")
OpenSSL's BN_zero API has had a void return value since 1.1.x: chase the
change to unbreak the build on OpenSSL 3.x with MK_GH_BC == no.
MFC after: 2 weeks
Reviewed by: emaste, kevans
Differential Revision: https://reviews.freebsd.org/D41410
Without this patch got_sighup(), which is the SIGHUP handler,
would set a variable of type int.
This would appear to be incorrect, although it has worked reliably.
This patch changes the type to "_Atomic(int)", which appears
to be all that is needed to correct it.
Reported by: pen@lysator.lui.se
Reviewed by: theraven, karels (prev version), kevans (prev version)
Differential Revision: https://reviews.freebsd.org/D41265
uint64_t is not sufficient alignment for allocators on all platforms.
On a CHERI platform pointers require 16 byte alignment, but also if a
type contained a uint128_t or long double it would not be aligned
correctly either. C11 added max_align_t precisely to provide a
portable type for allocators to use.
Reviewed by: melifaro
Obtained from: CheriBSD
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D41301
If a slot is freed that isn't the last one, we'll set its destructor to
NULL to indicate that it's been freed and leave a hole in the slot map.
Check osd_destructors in osd_call() to avoid dereferencing a method that
is potentially from a module that's been unloaded.
This scenario would most commonly surface when two modules are loaded
that osd_register(), then the earlier one deregisters and an osd_call()
is made after the fact. In the specific report that triggered the
investigation, kldload if_wg -> kldload linux* -> kldunload if_wg ->
destroy a jail -> panic.
Noted in the review, but left for follow-up work, is that the realloc
that may happen in osd_deregister() should likely go away and the
assumption that reallocating to a smaller size cannot fail is actually
not correct.
Reported by: dim
Reviewed by: markj, jamie
Differential Revision: https://reviews.freebsd.org/D41404
If the root fs is forcibly unmounted then basically every process
will die with a SEGV as soon as it tries to run again because libc.so
is gone, which leaves the system basically hung. It seems better
to just panic instead, so let's do that.
Requested-by: karels
Reviewed-by: imp, mckusick, karels
Sponsored-by: Netflix
Differential Revision: https://reviews.freebsd.org/D41387
