Commit Graph

21485 Commits

Author SHA1 Message Date
Kristof Provost
93abcf17e6 pf: Support killing 'matching' states
Optionally also kill states that match (i.e. are the NATed state or
opposite direction state entry for) the state we're killing.

See also https://redmine.pfsense.org/issues/8555

Submitted by:	Steven Brown
Reviewed by:	bcr (man page)
Obtained from:	https://github.com/pfsense/FreeBSD-src/pull/11/
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D30092
2021-05-07 22:13:31 +02:00
Kristof Provost
abbcba9cf5 pf: Allow states to by killed per 'gateway'
This allows us to kill states created from a rule with route-to/reply-to
set.  This is particularly useful in multi-wan setups, where one of the
WAN links goes down.

Submitted by:	Steven Brown
Obtained from:	https://github.com/pfsense/FreeBSD-src/pull/11/
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D30058
2021-05-07 22:13:31 +02:00
Kristof Provost
2a00c4db93 pfctl: Start using DIOCKILLSTATESNV
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D30055
2021-05-07 22:13:31 +02:00
Kristof Provost
53714a5861 pfctl: Start using DIOCCLRSTATESNV
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D30053
2021-05-07 22:13:30 +02:00
Justin Hibbits
6640579610 msun fixes for SPE
Summary:
Fix FPU exception management for powerpcspe.  Bits are in a different place from
the standard FPSCR, so we need to handle the shifting differences.  Also,
there's no concept of a "software exception" raise, so we need to do exceptional
math to trigger the exception from software.

Reviewed By: alfredo
Differential Revision: https://reviews.freebsd.org/D22824
2021-05-05 20:57:33 -05:00
Edward Tomasz Napierala
1bffa44166 ptrace: document ENOMEM
Reviewed By:	emaste, markj
Sponsored By:	EPSRC
Differential Revision:	https://reviews.freebsd.org/D29960
2021-05-04 15:22:42 +01:00
Konstantin Belousov
87a64872cd Add ptrace(PT_COREDUMP)
It writes the core of live stopped process to the file descriptor
provided as an argument.

Based on the initial version from https://reviews.freebsd.org/D29691,
submitted by Michał Górny <mgorny@gentoo.org>.

Reviewed by:	markj
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D29955
2021-05-03 19:18:26 +03:00
Konstantin Belousov
07f229d20c connectat(2): clarify that the s argument is socket
Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
2021-04-30 17:43:45 +03:00
Mark Johnston
44bbda649d cap_sysctl.3: Fix bugs in the example
- Correct the type of the sysctl value.
- Initialize the oldsize parameter to cap_sysctlbyname()

MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2021-04-28 10:38:52 -04:00
Thomas Munro
3aaaa2efde poll(2): Add POLLRDHUP.
Teach poll(2) to support Linux-style POLLRDHUP events for sockets, if
requested.  Triggered when the remote peer shuts down writing or closes
its end.

Reviewed by:	kib
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D29757
2021-04-28 23:00:31 +12:00
Yuri Pankov
01a856c666 open_memstream(3): fix typo
While here, pet mandoc: .Tn -> .Vt
2021-04-28 12:18:25 +03:00
Kristof Provost
402dfb0a8d pf: Fix parsing of long table names
When parsing the nvlist for a struct pf_addr_wrap we unconditionally
tried to parse "ifname". This broke for PF_ADDR_TABLE when the table
name was longer than IFNAMSIZ. PF_TABLE_NAME_SIZE is longer than
IFNAMSIZ, so this is a valid configuration.

Only parse (or return) ifname or tblname for the corresponding
pf_addr_wrap type.

This manifested as a failure to set rules such as these, where the pfctl
optimiser generated an automatic table:

	pass in proto tcp to 192.168.0.1 port ssh
	pass in proto tcp to 192.168.0.2 port ssh
	pass in proto tcp to 192.168.0.3 port ssh
	pass in proto tcp to 192.168.0.4 port ssh
	pass in proto tcp to 192.168.0.5 port ssh
	pass in proto tcp to 192.168.0.6 port ssh
	pass in proto tcp to 192.168.0.7 port ssh

Reported by:	Florian Smeets
Tested by:	Florian Smeets
Reviewed by:	donner
X-MFC-With:	5c11c5a365
MFC after:	2 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29962
2021-04-26 18:08:15 +02:00
Kristof Provost
6fcc8e042a pf: Allow multiple labels to be set on a rule
Allow up to 5 labels to be set on each rule.
This offers more flexibility in using labels. For example, it replaces
the customer 'schedule' keyword used by pfSense to terminate states
according to a schedule.

Reviewed by:	glebius
MFC after:	2 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29936
2021-04-26 14:14:21 +02:00
Robert Watson
8e491aaeac Add code examples to cpuset(2), and improve cross referencing.
MFC after:	1 week
Reviewed by:	jeff, jrtc27, kevans, bcr (manpages)
Differential revision:	https://reviews.freebsd.org/D27803
2021-04-25 15:22:00 +01:00
Ed Maste
3cfd08c1c7 libkiconv: address memory leak in not-found cases
Found in "Understanding and Detecting Disordered Error Handling with
Precise Function Pairing" by Qiushi Wu et al.

Reviewed by:	imp, jhb
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D29896
2021-04-22 19:32:34 -04:00
Mitchell Horne
50f6c13997 pmc_allocate(3): document the count argument
This was added in b2ca2e50b9, and serves to provide an initial value
to the PMC, eliminating the need for a second syscall via pmc_set(3).

Reviewed by:	gnn, 0mp (manpages)
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D29885
2021-04-21 17:35:03 -03:00
Andrew Walker
dd559118ab Fix leak in libc NFSv4 flags parsing
Free memory allocated by strdup() in parse_flags_verbose().

Submitted by:	Andrew Walker <walker.aj325_gmail.com>
Reported by:	valgrind
Reviewed by:	allanjude, freqlabs, rpokala
MFC after:	3 days
Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D29871
2021-04-20 15:39:56 -04:00
Mateusz Piotrowski
ca904beafd fork.2: Fix a typo in an example
Reported by:	rpokala
MFC with:	c4207d867c
2021-04-20 10:24:21 +02:00
Alex Richardson
1ad83445fc Allow lib/msun/logarithm_test to pass on ld128 platforms
For some reason the ld128 log1pl() implementation is less accurate than
logl(), but does at least guarantee precision >= the ld80 implementation.
Mark log1p_accuracy_tests as XFAIL for ld128 and increase the log1p tolerance
to the ld80 equivalent in accuracy_tests to avoid losing test coverage for
the other functions.

PR:		253984
Reviewed By:	ngie, dim
Differential Revision: https://reviews.freebsd.org/D29039
2021-04-20 01:46:43 +01:00
Alex Richardson
ab147542b7 libc/string/memset.c: Use unsigned long for stores
While most 64-bit architectures have an assembly implementation of this
file, RISC-V does not. As we now store 8 bytes instead of 4 it should speed
up RISC-V.

Reviewed By:	kib
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D29536
2021-04-20 01:46:43 +01:00
Alex Richardson
0b4ad01d91 libc/string/bcopy.c: Use intptr_t as the copy type
While most 64-bit architectures have an assembly implementation of this
file RISC-V does not. As we now copy 8 bytes instead of 4 it should speed
up RISC-V. Using intptr_t instead of int also allows using this file for
CHERI pure-capability code since trying to copy pointers using integer
loads/stores will invalidate pointers.

Reviewed By:	kib
Obtained from:	CheriBSD (partially)
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D29535
2021-04-20 01:46:42 +01:00
Kristof Provost
42ec75f83a pf: Optionally attempt to preserve rule counter values across ruleset updates
Usually rule counters are reset to zero on every update of the ruleset.
With keepcounters set pf will attempt to find matching rules between old
and new rulesets and preserve the rule counters.

MFC after:	4 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29780
2021-04-19 14:31:47 +02:00
Alex Richardson
738314e445 Revert "lib/libc/net/nsdispatch.c: Fix missing unlock and add locking annotations"
This commit should not have introduced any functional changes, but
apparently it did. This appears to have broken LDAP setups.
Reverting for now. Will reland once I have fixed the breakage.

This reverts commit 5245bf7b92.
Reported By:	Александр Недоцуков, brd
MFC after:	immediately
2021-04-19 09:36:47 +01:00
Mateusz Piotrowski
1ffdcdadf6 getprogname.3: Add an example
It shows the difference between getprogname() and argv[0].

Reviewed by:	yuripv
Approved by:	yuripv (src)
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D27204
2021-04-18 10:20:11 +02:00
Mateusz Piotrowski
c4207d867c fork.2: Add a simple use pattern
It seems to be a nice idea to show how fork() is usually used in
practice. This may act as a guide to developers who want to quickly
recall how to use the fork() function.

Reviewed by:	bcr, yuripv
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D27626
2021-04-17 23:12:06 +02:00
Kristof Provost
8403170b3d libpfct: Fix PIC flag
Use ${PICFLAG} rather than hard-adding -fPIC, which removes the
requirement for libnv to be built PIC.

MFC after:      4 weeks
Sponsored by:   Rubicon Communications, LLC ("Netgate")
2021-04-17 22:10:13 +02:00
Alex Richardson
062293c2c4 Remove XFAIL from tests/lib/msun/lround_test:main
This test no longer fails after 3b00222f15.

PR:		205451
MFC after:	1 week
2021-04-15 16:28:09 +01:00
Alex Richardson
3f01d8c2fe Remove amd64 XFAIL from tests/lib/msun/fma_test:infinities
This test no longer fails after 3b00222f15.

PR:		205448
MFC after:	1 week
2021-04-15 16:28:08 +01:00
Alex Richardson
168234fa67 lib/msun: Exclude ignored-pragmas from -Werror
This avoids build failures due to the clang 12 warning:
    '#pragma FENV_ACCESS' is not supported on this target - ignored

Clang 12 currently emits this warning for all non-x86 architectures.
While this can result in incorrect code generation (e.g. on AArch64 some
exceptions are not raised as expected), this is a pre-existing issue and
we should not fail the build due to this warning.

Reviewed By:	dim, emaste
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D29743
2021-04-15 16:27:52 +01:00
Konstantin Belousov
bbf7a4e878 O_PATH: allow vnode kevent filter on such files
if VREAD access is checked as allowed during open

Requested by:	wulf
Reviewed by:	markj
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D29323
2021-04-15 12:49:18 +03:00
Konstantin Belousov
a5970a529c Make files opened with O_PATH to not block non-forced unmount
by only keeping hold count on the vnode, instead of the use count.

Reviewed by:	markj
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D29323
2021-04-15 12:48:27 +03:00
Konstantin Belousov
8d9ed174f3 open(2): Implement O_PATH
Reviewed by:	markj
Tested by:	pho
Discussed with:	walker.aj325_gmail.com, wulf
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D29323
2021-04-15 12:48:24 +03:00
Konstantin Belousov
509124b626 Add AT_EMPTY_PATH for several *at(2) syscalls
It is currently allowed to fchownat(2), fchmodat(2), fchflagsat(2),
utimensat(2), fstatat(2), and linkat(2).

For linkat(2), PRIV_VFS_FHOPEN privilege is required to exercise the flag.
It allows to link any open file.

Requested by:	trasz
Tested by:	pho, trasz
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D29111
2021-04-15 12:48:11 +03:00
Konstantin Belousov
c78e124535 link(2): correct descriptor name in AT_RESOLVE_BENEATH description
Noted and reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
Differential revision:	https://reviews.freebsd.org/D29111
2021-04-15 12:47:40 +03:00
Yuri Pankov
adec9669ff expand @TPUT@ in ncurses manpages
Reviewed by:	bapt
Differential Revision:	https://reviews.freebsd.org/D29761
2021-04-14 18:16:59 +03:00
Kristof Provost
4eabfe468b pfctl: Fix clearing rules counters
After the migration to libpfctl for rule retrieval we accidentally lost
support for clearing the rules counters.

Introduce a get_clear variant of pfctl_get_rule() which allows rules
counters to be cleared.

MFC after:	4 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29727
2021-04-14 13:33:02 +02:00
Alexander Motin
e49d3eb403 Fix race in case of device destruction.
During device destruction it is possible that open() succeed, but
fdevname() return NULL, that can't be assigned to string variable.
Fix that by adding explicit NULL check.

Also while there switch from fdevname() to fdevname_r().

Sponsored by:	iXsystems, Inc.
MFC after:	2 weeks
2021-04-13 11:25:27 -04:00
Kurosawa Takahiro
2aa21096c7 pf: Implement the NAT source port selection of MAP-E Customer Edge
MAP-E (RFC 7597) requires special care for selecting source ports
in NAT operation on the Customer Edge because a part of bits of the port
numbers are used by the Border Relay to distinguish another side of the
IPv4-over-IPv6 tunnel.

PR:		254577
Reviewed by:	kp
Differential Revision:	https://reviews.freebsd.org/D29468
2021-04-13 10:53:18 +02:00
Kurosawa Takahiro
600bd6ce06 pfctl, libpfctl: introduce pfctl_pool
Introduce pfctl_pool to be able to extend the pool part of the pf rule
without breaking the ABI.

Reviewed by:	kp
MFC after:	4 weeks
Differential Revision:	https://reviews.freebsd.org/D29721
2021-04-12 18:30:29 +02:00
Yuri Pankov
eeaf9d562f setclassenvironment: trim leading spaces in variable names
Trim leading spaces in variable names when the list is e.g.
pretty-formatted in /etc/login.conf or ~/.login_conf.

PR:		247947
Reviewed by:	allanjude
Differential Revision:	https://reviews.freebsd.org/D25649
2021-04-12 01:05:10 +03:00
Piotr Pawel Stefaniak
1fdd6934d5 getdirentries.2: remove unnecessary space 2021-04-11 11:17:01 +02:00
Konstantin Belousov
4d9128da54 rtld: make dlerror() thread-local
PR:	95339
Discussed with:	arichardson
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D29633
2021-04-10 17:33:34 +03:00
Konstantin Belousov
08bfbd4359 rtld: workaround for broken ABI
Right now, libthr does not initialize RtldLockInfo.rtli_version when calling
_rtld_thread_init(), which makes versioning the interface troublesome.

Add a workaround: if the calling object of _rtld_thread_init() exports
the "_pli_rtli_version" symbol, then consider rtli_version initialized.
Otherwise, forcibly set it to RTLI_VERSION_ONE, currently defined as
RTLI_VERSION.

Export "_pli_rtli_version" from libthr and properly initialize rtli_version.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D29633
2021-04-10 17:33:33 +03:00
Dimitry Andric
bae9fd0b33 Only use -fp-exception-behavior=maytrap on x86, for now
After 3b00222f15, it turns out that clang only supports strict
floating point semantics for SystemZ and x86 at the moment, while for
other architectures it is still experimental.

Therefore, only use -fp-exception-behavior=maytrap on x86 for now,
otherwise this option results in "error: overriding currently
unsupported use of floating point exceptions on this target
[-Werror,-Wunsupported-floating-point-opt]" on other architectures.

Fixes:		3b00222f15
PR:		254911
MFC after:	1 week
2021-04-10 16:02:58 +02:00
Kristof Provost
15ca662208 libnv: Use PICFLAG rather than -fPIC
Suggested by:	andrew
MFC after:	4 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-04-10 15:43:28 +02:00
Dimitry Andric
3b00222f15 Avoid raising unexpected floating point exceptions in libm
When using clang with x86_64 CPUs that support AVX, some floating point
transformations may raise exceptions that would not have been raised by
the original code. To avoid this, use the -fp-exception-behavior=maytrap
flag, introduced in clang 10.0.0.

In particular, this fixes a number of test failures with ctanhf(3) and
ctanf(3), when libm is compiled with -mavx. An unexpected FE_INVALID
exception is then raised, because clang emits vdivps instructions to
perform certain divides. (The vdivps instruction operates on multiple
single-precision float operands simultaneously, but the exceptions may
be influenced by unused parts of the XMM registers. In this particular
case, it was calculating 0 / 0, which results in FE_INVALID.)

If -fp-exception-behavior=maytrap is specified however, clang uses
vdivss instructions instead, which work on one operand, and should not
raise unexpected exceptions.

Reported by:	olivier
Reviewed by:	arichardson
PR:		254911
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D29686
2021-04-10 13:59:57 +02:00
Kristof Provost
ab5707a5cf libpfctl: Fix u_* counters
struct pf_rule had a few counter_u64_t counters. Those couldn't be
usefully comminicated with userspace, so the fields were doubled up in
uint64_t u_* versions.

Now that we use struct pfctl_rule (i.e. a fully userspace version) we
can safely change the structure and remove this wart.

Reviewed by:	glebius
MFC after:	4 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29645
2021-04-10 11:16:03 +02:00
Kristof Provost
e9eb09414a libpfctl: Switch to pfctl_rule
Stop using the kernel's struct pf_rule, switch to libpfctl's pfctl_rule.
Now that we use nvlists to communicate with the kernel these structures
can be fully decoupled.

Reviewed by:	glebius
MFC after:	4 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29644
2021-04-10 11:16:02 +02:00
Kristof Provost
0d71f9f36e pfctl: Move ioctl abstraction functions into libpfctl
Introduce a library to wrap the pf ioctl interface.

MFC after:	4 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29562
2021-04-10 11:16:02 +02:00
Kristof Provost
0dd13c7743 libnv: Build PIC
Build libnv as position independent code so we can use it from shared
libraries.

MFC after:	4 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29561
2021-04-10 11:16:01 +02:00