Upstream OpenSSL (and the KTLS backport) have switched to an opt-in
option (SSL_OP_ENABLE_KTLS) in place of opt-out modes
(SSL_MODE_NO_KTLS_TX and SSL_MODE_NO_KTLS_RX) for controlling kernel
TLS.
Reviewed by: rmacklem
Sponsored by: Netflix
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D31445
bhyve can also make use of fspacectl(2) to implement BOP_DELETE with
hole-punching. Since it is not desirable to do zero-filling for large
DEALLOCATE/UNMAP range, candelete is not set if pathconf(2) indicates
that the underlying file system does not support native
VOP_DEALLOCATE(9).
Sponsored by: The FreeBSD Foundation
Reviewed by: grehan
Differential Revision: https://reviews.freebsd.org/D28880
Setting CONFSNAME directly is a little more complicated for downstream
consumers, as any additional CONFS that are added here will inherit the
group name by default. This is perhaps arguably a design flaw in CONFS
because inheriting NAME will never give a good result when additional
files are added, but this is a low-effort change.
While we're here, pull FreeBSD.conf.${branch} out into a PKGCONF
variable so one can just drop a new repo config in entirely with a new
naming scheme. CONFSNAME gets set based on chopping anything off after
".conf", so that, e.g.:
- FooBSD.conf => FooBSD.conf
- FooBSD.conf.internal => FooBSD.conf
Reviewed by: bapt, manu
Differential Revision: https://reviews.freebsd.org/D28767
While pkg(7) add only handles a single 'add' argument, pkg-add(8) fully
handles multiple arguments.
Stop rejecting it, just turn off local-bootstrap mode and proceed to
remote bootstrap if we need it.
While we're here, check if the first argument to pkg add is even a pkg
package. If it's not, also do remote bootstrap instead. Future work
could improve this altogether by picking out a pkg package out of many
and local bootstrap then pass the rest through to the newly installed
pkg.
Reviewed by: bapt, manu (earlier version)
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D28766
If you want communications with the outside world and tell bhyve to
create an interfaces then it should be usable as well.
Rather than relying on the sysctl net.link.tap.up_on_open automatically
try to IFF_UP the opened tap device.
MFC after: 10 days
Reviewed by: markj, grehan
Differential Revision: https://reviews.freebsd.org/D31342
Previously we would display "OK, Swapped" for swapped disks,
instead of the usual disk size.
Reviewed By: allanjude
Differential Revision: https://reviews.freebsd.org/D31219
This builds on recently introduced NO_NEW_PRIVS flag to implement
unprivileged chroot, enabled by `security.bsd.unprivileged_chroot`.
It allows non-root processes to chroot(2), provided they have the
NO_NEW_PRIVS flag set.
The chroot(8) utility gets a new flag, -n, which sets NO_NEW_PRIVS
before chrooting.
Reviewed By: kib
Sponsored By: EPSRC
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D30130
Updated freebsd-update to allow it to create boot environments using
bectl should the system support it. The bectl utility was updated in
r352211 (490e13c140) to support a 'check' to determine if the system
supports boot environments. If UFS is used, the bectl check will fail
then no attempt will be made to create the boot environment.
If freebsd-update is run inside a jail, no attempt will be made to
create a boot environment.
The boot environment function will create a new environment using the
format: current FreeBSD kernel version and date/timestamp, example:
12.0-RELEASE-p10_2019-10-03_185233
This functionality can be disabled by setting 'CreateBootEnv' in
freebsd-update.conf to 'no'.
Discussed with: allanjude
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D21892
Since bsd.prog.mk includes bsd.obj.mk, and thus bsd.subdir.mk, we must
ensure all our bsd.subdir.mk-affecting variables are set before
including bsd.prog.mk. Since sbin's various Makefile.arch files add to
SUBDIR this results in those not taking effect, and presumably we also
end up not having buildworld as parallel as it should be due to the fact
that SUBDIR_PARALLEL was not being set before including bsd.prog.mk.
MFC with: 0a0f748641
Reviewed by: olivier
Differential Revision: https://reviews.freebsd.org/D31125
These were all incorrectly labeled as 2-clause BSD licenses by a
semi-automated process, when in fact they are 3-clause.
Discussed with: pfg, imp
MFC after: 2 weeks
Sponsored by: Axcient
Only ESRT and PROP tables are handled at the moment.
Submitted by: Pavel Balaev <pavel.balaev@3mdeb.com>
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D30104
Building and installing architecture-specific man pages only raises a number of
problems:
* The https://www.freebsd.org/cgi/man.cgi is incomplete. As an
example, it does not show results for pae(4). The reason for this is
that the cgi interface runs on FreeBSD amd64.
* In FreeBSD amd64 some manual pages have broken X-refs. See hptrr(4)
for an example.
* Also, we have broken links in our Release Notes. This is a
consequence of the first point. See
https://www.freebsd.org/releases/13.0R/hardware/#proc-i386.
Make MAN_ARCH default to 'all' so we build all the man pages for all the
architectures. The difference in disk space is negligible. Also link
architecture-specific man pages to their own section while keeping their own
namespace.
PR: 212290
Reported by: mj@bsdops.com
Approved by: ceri@, wosch@
MFC after: 4 weeks
Portsnap uses patches opportunistically to reduce download bandwidth: It
attempts to fetch patches which could be useful, and then makes use of
whichever patches it actually gets. (This solves the otherwise O(n^2)
issue for the server to build patches between every pair of versions.)
During the process of applying patches, portsnap prints lines of the
form "Skipping XXX-YYY (123 of 4567).\r", where the \r serves to allow
each of these (potentially many) lines to overwrite the previous one
on the console. Unfortunately, XXX and YYY here are SHA256 hashes,
resulting in these lines wrapping on reasonable-width consoles.
Replace the hashes with abbreviations of the form "0123...cdef"
(cutting 64 characters down to 11) in order to keep lines to a
reasonable length.
The rather ugly shell code here is used to avoid forking additional
processes; it would be much cleaner using sed(1), but in my testing
the sed-based alternative increases CPU time consumption by 50%.
Requested by: des
The UEFI driver included with Rocky Linux 8.4 uncovered an existing bug
in the NVMe emulation's construction of iovec's.
By default, NVMe data transfer operations use a scatter-gather list in
which all entries point to a fixed size memory region. For example, if
the Memory Page Size is 4KiB, a 2MiB IO requires 512 entries. Lists
themselves are also fixed size (default is 512 entries).
Because the list size is fixed, the last entry is special. If the IO
requires more than 512 entries, the last entry in the list contains the
address of the next list of entries. But if the IO requires exactly 512
entries, the last entry points to data.
The NVMe emulation missed this logic and unconditionally treated the
last entry as a pointer to the next list. Fix is to check if the
remaining data is greater than the page size before using the last entry
as a pointer to the next list.
PR: 256422
Reported by: dave@syix.com
Tested by: jason@tubnor.net
MFC after: 5 days
Relnotes: yes
Reviewed by: imp, grehan
Differential Revision: https://reviews.freebsd.org/D30897
After 34766aa8cb we are mounting and
unmounting devfs elsewhere already.
Reviewed by: nwhitehorn
MFC after: 1 week
Sponsored by: iXsystems, Inc.
Differential Revision: https://reviews.freebsd.org/D30877
While here only compile both of them if WITH_ISCSI is set (this is the default).
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D30755
Sponsored by: Diablotin Systems
And move all the nfs related commands there.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D30754
Sponsored by: Diablotin Systems
It can still be enabled as usual in /etc/periodic.conf
PR: 256253
Reported by: delphij
Submitted by: Miroslav Lachman <000.fbsd@quip.cz>
MFC after: 2 weeks
Old certctl commands still work for compatability, but are deprecated.
Approved by: secteam (gordon)
Differential Revision: https://reviews.freebsd.org/D30807
The "config" line in config files has been obsolete since FreeBSD 4.x
when we moved to having the boot loader pass in the root device. Remove
it.
MFC After: 1 week
Sponsored by: Netflix
When we introduced libpfctl in bnsmpd this was done incorrectly, and a
GETRULE call was replaced by pfctl_add_rule().
Change it to pfctl_get_rule().
Reviewed by: donner
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
Apparently some large-file systems out there, such as my powerpc64le
Linux box, define daddr_t as a 32-bit type, which is sad and stymies
cross-building disk images. Cast daddr_t to off_t before doing
arithmetic that overflows.
Reviewed by: arichardson, jrtc27, imp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D27458
Since 2d82b47 syslogd can't be built with `WITHOUT_INET` or
`WITHOUT_INET6` build variables set, because `iovlist_truncate` is not
defined but used.
This change wraps the problematic `iovlist_truncate` call within ifdef
directive. It's compiled out in this situation...
Pull Request: https://github.com/freebsd/freebsd-src/pull/475
Reviewed by: imp@ (commit message slightly tweaked)
Register a resize callback with the blockif interface. When the
callback fires, update the size of the disk and notify the guest via a
configuration change interrupt.
Reviewed by: grehan, markj
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D30506
This allows device models to assert VirtIO interrupts for reasons
other than publishing changes to a VirtIO ring such as configuration
changes.
Reviewed by: grehan, markj
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D30505
Allow clients of blockif to register a resize callback handler. When
a callback is registered, register an EVFILT_VNODE kevent watching the
backing store for a change in the file's attributes. If the size has
changed when the kevent fires, invoke the clients' callback.
Currently resize detection is limited to backing stores that support
EVFILT_VNODE kevents such as regular files.
Reviewed by: grehan, markj
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D30504
This allows registering an event to watch for changes to a file's
attributes. This is a bit imperfect as it would be nice to have a way
to determine if an fd can use EVFILT_VNODE successfully. mevent's
current structure does not permit that and a failure to register a
single kevent impacts several other kevents.
Reviewed by: grehan, markj
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D30503
Change mevent_add*() to synchronously add the new kevent. This
permits reporting event registration failures to the caller and avoids
failing the registration of other, unrelated events queued up in the
same batch.
Reviewed by: grehan, markj
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D30502
