Migrate linux and linprocfs to use the IfAPI interfaces instead of
direct ifnet accesses.
The code initially writed by jhibbits@, and adapted by me to 3ab3c9c2.
Reviewed by: jhibbits
Differential Revision: https://reviews.freebsd.org/D38735
If there is no source filter entry => block if that's SSM ("exclude"
mode per RFC 3678 clause 3). If there is an entry => check its action &
block if the action is "exclude".
It would be nice if the test case in this PR were converted into an ATF
test case, but not blocking on that.
Reviewed by: imp, melifaro
Pull Request: https://github.com/freebsd/freebsd-src/pull/601
On some hardware, we can't clear HCR_EL2.E2H so accesses to the physical
timer hopelessly trap to EL2. Stash off the value of HCR_EL2 and use it
in has_hyp() to avoid this.
Reviewed by: andrew
Differential Revision: https://reviews.freebsd.org/D38884
With the deprecation of NgATM, ng_atmllc is the last vestage of ATM
support so deprecate it too.
MFC after: 3 days
Relnotes: yes
Reviewed by: manu, emaste
Differential Revision: https://reviews.freebsd.org/D38878
Support for ATM NICs was removed prior to FreeBSD 12. At the time it
was unclear if this code was still useful without it. Now the time has
come to finish removing support.
Add DREPRECATION NOTICEs to the manpages and gone_in(14, ...) warnings
in the constructors (or module init for ngatmbase).
MFC after: 3 days
Relnotes: yes
Reviewed by: manu, emaste
Differential Revision: https://reviews.freebsd.org/D38877
It's no longer possible to disable C++ so there's no need to comment
on it.
Reviewed by: imp, emaste
Differential Revision: https://reviews.freebsd.org/D38883
Mostly sprinkle __unused. Also duplicate strings passed to addenv() so
that constant string literals can be passed. No functional change
intended.
Reviewed by: corvink, rew, jhb
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D38840
Avoid unaligned accesses in cpu_vendor_intel() and address a few other
nits. No functional change intended.
Reviewed by: corvink, rew, jhb
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D38839
ATM is an old technology, remove build of related programs by default
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38844
Reviewed by: brooks, imp, emaste
Now when supervsion mode has it's own variable there is really no
reason to set it separately from the rest of the variables. Move
initialization of supervise_enabled var to the argument processing
switch loop, where it belongs.
Reviewed by: kevans
Pull Request: https://github.com/freebsd/freebsd-src/pull/672
The 'restart' variable was responsible for enablement of restart
behavior and for restart delay. While it may seem convenient it
leads to cluttering the exit/restart logic
Reviewed by: kevans
Pull Request: https://github.com/freebsd/freebsd-src/pull/672
This is not a functional change.
- Clean up whitespace (spaces where there should be tabs)
- Break up lines that are longer than 80
Reviewed by: kevans
Pull Request: https://github.com/freebsd/freebsd-src/pull/672
As of macOS Ventura, Apple-signed binaries cannot be run if copied away from
their system location. This security feature doesn't really make sense for
boring things like sh(1), more so for applications with special entitlements,
but it's universally present, and results in the following error:
>>> Install check world
bmake[2]: "/Users/Jess/cheri/freebsd/Makefile.inc1" line 572: warning: "MAKEFLAGS= CPUTYPE=dummy /Users/Jess/cheri/build/freebsd-riscv64-build/bmake-install/bin/bmake -f /dev/null -m /Users/Jess/cheri/freebsd/share/mk MK_AUTO_OBJ=no -V CPUTYPE" exited on a signal
bmake[2]: "/Users/Jess/cheri/freebsd/Makefile.inc1" line 575: CPUTYPE global should be set with ?=.
As with host-symlinks, we don't actually need to copy the files on macOS, since
we're not updating the current machine, so copy its approach and just symlink
them instead.
MFC after: 1 week
This makes the detection of VMs common between platforms that
have SMBios.
Reviewed by: imp, kib
Differential Revision: https://reviews.freebsd.org/D38800
GNU egrep emits a warning that it is obsolescent and suggests grep -E
instead. Switch to grep -E in case we end up invoking GNU (e)grep (and
for consistency with other invocations in this file).
Reported by: Steffen Nurpmeso
Sponsored by: The FreeBSD Foundation
This code was removed as part of the NATM removal in 2017 and somehow
this option was missed.
MFC after: 3 days
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D38874
The consensus was that VNET_NFSD was not needed.
This patch removes it from kern_jail.c.
With this patch, support for the "allow.nfsd"
jail parameter is enabled in the kernel for
kernels built with "options VIMAGE".
Reviewed by: markj
MFC after: 3 months
Differential Revision: https://reviews.freebsd.org/D38808
To run mountd in a vnet prison, three checks in vfs_domount()
and vfs_domount_update() related to doing exports needed
to be changed, so that a file system visible within the
prison but mounted outside the prison can be exported.
I did all three in a minimal way, only changing the checks for
the specific case of a process (typically mountd) doing exports
within a vnet prison and not updating the mount point in other
ways. The changes are:
- Ignore the error return from vfs_suser(), since the file
system being mounted outside the prison will cause it to fail.
- Use the priv_check(PRIV_NFS_DAEMON) for this specific case
within a prison.
- Skip the call to VFS_MOUNT(), since it will return an error,
due to the "from" argument not being set correctly. VFS_MOUNT()
does not appear to do anything for the case of doing exports only.
Reviewed by: markj
MFC after: 3 months
Differential Revision: https://reviews.freebsd.org/D37741
The behavior is the same as in capability mode, it does not actually
return EINVAL for absolute lookups:
openat(AT_FDCWD,"/tmp/test",O_RDONLY|O_DIRECTORY,00) = 3 (0x3)
openat(3,"../../",O_RDONLY|0x800000,00) ERR#93 'Capabilities insufficient'
openat(3,"/etc/passwd",O_RDONLY|0x800000,00) ERR#93 'Capabilities insufficient'
Fixes: 1f305be43 ("Document {O,AT}_RESOLVE_BENEATH...")
Reviewed by: kib, pauamma (manpages), emaste
Sponsored by: https://www.patreon.com/valpackett
Pull Request: https://github.com/freebsd/freebsd-src/pull/680
Differential Revision: https://reviews.freebsd.org/D38675
In every mpr and mps ioctl that copies kernel data to userland, validate
that the requested length does not exceed the size of the kernel's
buffer.
Note that all of these ioctls already required root access.
MFC after: 2 weeks
Sponsored by: Axcient
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D38842
All drivers are already either in GENERIC or in the other arches LINT
so no need to build this one too.
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38851
All drivers are already either in GENERIC or in the other arches LINT
so no need to build this one too.
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38850
All drivers are already either in GENERIC or in the IMX51 kernel config
so no need to build this one too.
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38849
Specific devices are in LINT so no need to build this one as part
of make universe.
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38848
Reviewed by: imp
We were assuming that hostdisk_override was both a directory and a
file, which is not going to work very well. It's supposed to be a
single file, so recode it as such. Simplify erorr handling a little as
well and fix a return type-mismatch that doesn't matter for the
generated code (return NULL is the same as return false in this
context)
Sponsored by: Netflix
MIN works for any type, while min() is only for integers. So we were
rounding down to 0 since that's the size of 4GB truncated to an int.
Sponsored by: Netflix
When we're running on a FreeBSD host, we can't open /proc/iomem. So,
for now, just assume that we have 32GB of ram starting at 4GB.
Sponsored by: Netflix