Intel json's now have pretty reasonable fixed counters representation
via event=0 and umask. Hardcoded values create more confusion than fix.
MFC after: 1 month
This file is shared with Linux. Having local style patches does not
help with updating it.
This reverts commit 3ea691c2612952dc5e6963649ad64312bd6dff4f.
Some of the sanitizers from compiler-rt can use ignore lists, which are
loosely modeled on valgrind's example. Upstream provides default lists
for AddressSanitizer, CFI, and MemorySanitizer, so install these in the
expected location, /usr/lib/clang/14.0.3/share.
Reviewed by: emaste
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D35338
This is an initial commit for RDMA FreeBSD driver for Intel(R) Ethernet
Controller E810, called irdma. Supporting both RoCEv2 and iWARP
protocols in per-PF manner, RoCEv2 being the default.
Testing has been done using krping tool, perftest, ucmatose, rping,
ud_pingpong, rc_pingpong and others.
Signed-off-by: Eric Joyner <erj@FreeBSD.org>
Reviewed by: #manpages (pauamma_gundo.com) [documentation]
MFC after: 1 week
Relnotes: yes
Sponsored by: Intel Corporation
Differential Revision: https://reviews.freebsd.org/D34690
According to pam_exec(8), the `expose_authtok` option should be ignored
when the service function is `pam_sm_setcred`. Currently `pam_exec` only
prevent prompt for anth token when `expose_authtok` is set on
`pam_sm_setcred`. This subsequently led to segfault when there isn't an
existing auth token available.
Bug reported on this: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263893
After reading https://reviews.freebsd.org/rS349556 I am not sure if the
default behaviour supposed to be simply not prompt for authentication
token, or is it to ignore the option entirely as stated in the man page.
This patch is therefore only adding an additional NULL check on the item
`pam_get_item` provide, and exit with `PAM_SYSTEM_ERR` when such item is
NULL.
MFC after: 1 week
Reviewed by: des, khng
Differential Revision: https://reviews.freebsd.org/D35169
1. Merge LLVM's 315d792130258a9b7250494be8d002ebb427b08f, adding support
for FreeBSD/powerpc64*.
2. Add sanitizer list to lib/libclang_rt/Makefile, taken from the list of
libraries that llvm-devel port builds.
3. powerpc64le supports the same sanitizers that powerpc64, but powerpc64le
also supports xray* sanitizers.
4. lib/libclang_rt/xray/Makefile hardcodes amd64-specific files, so that needs
to be conditionalized.
5. Sanitizers are not enabled for powerpc, because powerpc supports only
builtins and profile.
Reviewed by: dim
Differential Revision: https://reviews.freebsd.org/D35228
Relnotes: yes
MFC after: 3 days
Merge commit 44cdca37c01a from llvm git (by Arthur O'Dwyer):
[libc++] Define `namespace views` in its own detail header.
Discovered in the comments on D118748: we would like this namespace
to exist anytime Ranges exists, regardless of whether concepts syntax
is supported. Also, we'd like to fully granularize the <ranges> header,
which means not putting any loose declarations at the top level.
Differential Revision: https://reviews.llvm.org/D118809
This updates llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and
openmp to llvmorg-14-init-18294-gdb01b123d012, the last commit before
the upstream release/14.x branch was created.
PR: 261742
MFC after: 2 weeks
Summary:
These functions are missing from the library itself, and exist solely in
the header. This breaks a few ports that expect libm to have the
symbols in the library itself.
Questions on MFC-ability: Can this be MFC'd to 13.2, and how?
Reviewers: imp, emaste, kib
Reviewed By: kib
Differential Revision: https://reviews.freebsd.org/D35204
On success gnu libc sched_getaffinity() should return 0, unlike underlying
Linux syscall which returns the size of CPU mask copied to user.
PR: 263939
MFC after: 2 weeks
Linux has more tolerant checks of the user supplied cpuset_t's.
Minimum cpuset_t size that the Linux kernel permits in case of
getaffinity() is the maximum CPU id, present in the system / NBBY,
the maximum size is not limited.
For setaffinity(), Linux does not limit the size of the user-provided
cpuset_t, internally using only the meaningful part of the set, where
the upper bound is the maximum CPU id, present in the system, no larger
than the size of the kernel cpuset_t.
Unlike FreeBSD, Linux ignores high bits if set in the setaffinity(),
so clear it in the sched_setaffinity() and Linuxulator itself.
Reviewed by: Pau Amma (man pages)
In collaboration with: jhb
Differential revision: https://reviews.freebsd.org/D34849
MFC after: 2 weeks
Previously we invoked the sysctl with a NULL buffer to query the size,
allocated a buffer, then invoked it again to fetch the data.
As we only handle the case where the sysctl provides data of the
expected size we can just allocate a correctly-sized buffer to begin
with.
Reported by: Thomas Hurst via Twitter
Reviewed by: kevans
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35140
There are some sections which could be improved
and work to do so is on going. The work will be
covered via 'X-MFC-WITH' commits.
Obtained from: OpenBSD
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D34759
Retrieve FreeBSD revision number directly from sys/conf/newvers.sh
when building the compiler target triple value, avoiding manual
intervention on other files every new release.
Reviewed by: imp
MFC after: 2 months
Sponsored by: Instituto de Pesquisas Eldorado (eldorado.org.br)
Differential Revision: https://reviews.freebsd.org/D34429
In libthr we use PAGE_SIZE when allocating memory with mmap and to check
various structs will fit into a single page so we can use this allocator
for them.
Ask the kernel for the page size on init for use by the page allcator
and add a new machine dependent macro to hold the smallest page size
the architecture supports to check the structure is small enough.
This allows us to use the same libthr on arm64 with either 4k or 16k
pages.
Reviewed by: kib, markj, imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34984
Rather than calling getpagesize() twice use the value saved after the
first call to size a mmap allocation.
Reviewed by: kib, markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34983
Apparently some ports on arm require these symbols, and while they were
available in llvm's libunwind, they were never exported via the arm
specific Symbol.map. Put them in the same version block as gcc does
(GCC_3.5).
Reported by: Robert Clausecker <fuz_at_fuz.su>
MFC after: 3 days
Similar to ipfw rule timestamps, these timestamps internally are
uint32_t snaps of the system time in seconds. The timestamp is CPU local
and updated each time a rule or a state associated with a rule or state
is matched.
Reviewed by: kp
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D34970
Fix dialogs building and updating fault with disabled shadow
(conf.shadow=false and implicitly bsddialog --no-shadow).
While here delete WARNS=2: all warnings were fixed in upstream and
imported in 0.2.
Approved by: bapt (mentor)
Differential Revision: https://reviews.freebsd.org/D34958
When we issue a request to pf and expect a serialised nvlist as a reply
we have to supply a suitable buffer to the kernel.
The required size for this buffer is difficult to predict, and may be
(slightly) different from request to request.
If it's insufficient the kernel will return ENOSPC. Teach libpfctl to
catch this and send the request again with a larger buffer.
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D34908
We have a report of a panic in GELI that appears to go away when
unmapped I/O is disabled. Add a tunable to make such investigations
easier in the future. No functional change intended.
PR: 262894
Reviewed by: asomers
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34944
Main change is a callback for checking validity period of certificates.
Merge commit 'f6acb9b9f81c96ae7c9592bee1bb89c4357cc3e5'
Add -DHAVE_BR_X509_TIME_CHECK to libsecureboot/Makefile.inc
Preparation for updating bearssl, pull in updates to libsecureboot.
o fix handling of some out-of-memory cases
o allow more control over reporting of Verified/Unverified files.
this helps boot time when console output is slow
o recheck verbose/debug level after reading any unverified file
o more debug support for vectx
o hash_string to support fake stat for tftp
o tests/tvo add -v to simply verify signatures
o vets.c allow for HAVE_BR_X509_TIME_CHECK which will greatly simplify
verification in loader
o report date when certificate fails validity period checks
Reviewed by: stevek
Sponsored by: Juniper Networks, Inc.
Make sysdecode.h self-contained rather than forcing all consumers to
include dependencies. No functional change intended.
Reviewed by: pauamma_gundo.com, jhb, emaste
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34899
The time() system call first appeared in Version 1 AT&T UNIX. Through
the Version 3 AT&T UNIX, it returned 60 Hz ticks since an epoch that
changed occasionally, because it was a 32-bit value that overflowed in a
little over 2 years.
In Version 4 AT&T UNIX the granularity of the return value was reduced to
whole seconds, delaying the aforementioned overflow until 2038.
Version 7 AT&T UNIX introduced the ftime() system call, which returned
time at a millisecond level, though retained the gtime() system call
(exposed as time() in userland). time() could have been implemented as a
wrapper around ftime(), but that wasn't done.
4.1cBSD implemented a higher-precision time function gettimeofday() to
replace ftime() and reimplemented time() in terms of that.
Since FreeBSD 9 the implementation of time() uses
clock_gettime(CLOCK_SECOND) instead of gettimeofday() for performance
reasons.
With most valuable input from Warner (imp@).
Reviewed by: 0mp, jilles, imp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D34751
Problem is that open(O_PATH) on nullfs -o nocache is broken then,
because there is no reference on the vnode after the open syscall exits.
Reported and tested by: ambrisko
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Release notes are available at https://www.openssh.com/txt/release-8.9
Some highlights:
* ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
restricting forwarding and use of keys added to ssh-agent(1)
* ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid
ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
default KEXAlgorithms list (after the ECDH methods but before the
prime-group DH ones). The next release of OpenSSH is likely to
make this key exchange the default method.
* sshd(8), portable OpenSSH only: this release removes in-built
support for MD5-hashed passwords. If you require these on your
system then we recommend linking against libxcrypt or similar.
Future deprecation notice
=========================
A near-future release of OpenSSH will switch scp(1) from using the
legacy scp/rcp protocol to using SFTP by default.
Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
"scp host:* .") through the remote shell. This has the side effect of
requiring double quoting of shell meta-characters in file names
included on scp(1) command-lines, otherwise they could be interpreted
as shell commands on the remote side.
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
