Regenerating the configure script is optional and can introduce noise
if the installed versions of autoconf, automake, and libtool do not
match those used upstream. Tweak our script slightly so it will skip
this step if libtoolize is not found.
When using SW KTLS, we must account for the headers in sf_iodone()
in terms of either freeing or enqueuing them for TLS work.
Not doing so can lead to a situation where we enqueue only
the payload, and not the header, for encryption. Rather than
leaking the header, the socket is left "hung" with the header marked
M_NOTREADY.
Sponsored by: Netflix
Reviewed by: glebius, kib
Differential Revision: https://reviews.freebsd.org/D57134
MFC After: 14 days
Since this manual describes the mdoc syntax throughout the ecosystem,
I had to blend what we had before with what upstream is doing now.
Thanks: adrian
MFC after: 3 days (we shipped this doc in 15.0/14.4)
Reviewed by: ivy, mhorne, des, adrian
Discussed with: arch@
Differential Revision: https://reviews.freebsd.org/D56153
The first argument is always the function name, for which we can simply
use __func__. This leaves only the optional return value, so we can use
a single variadic macro instead of two nearly-identical copies.
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57076
In send_[rw]rq(), we were using strlcpy() to avoid overflowing our
packet buffer, then failing to check the result and blithely advancing
our pointer by the full length.
Luckily, this code is only ever used by tftp(1), not tftpd(8).
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57075
This adds a test case that passes a very long URL on the command line,
which would previously have resulted in a benign buffer overflow in
urihandling(), detectable only by compiling tftp with ASAN enabled.
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57074
Also, delete the file we created if receiving it failed.
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57071
* No need to copy our argument into a new buffer; it is writeable and
will not be reused after we return.
* Instead of constructing the string "get path" and then splitting it
into an argument vector, just construct the vector directly. This
avoid potentially overrunning the buffer.
* Call settftpmode() just once, with either the default mode or the
user-provided value we already validated.
* Use errx() instead of fprintf(stderr) + exit().
Reported by: Moyao, Minghao Fu
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57070
The RETURN VALUES section used "instr" to describe the fts_set()
argument, while the SYNOPSIS and all other references use "options".
Fix the inconsistency.
MFC after: 1 week
Sponsored by: Google LLC (GSoC 2026)
Reviewed by: asomers
Pull Request: https://github.com/freebsd/freebsd-src/pull/2213
This file implements a set of EL2 hypercall handlers and is used to
switch between guests and the host kernel when VHE is not in use. There
is no SSP runtime available there.
Reported by: Jenkins
Fixes: 8deebce931 ("kernel: Enable -fstack-protector-strong by default")
This extends stack canary use to all functions which define arrays on
the stack, not just those which operate on byte buffers. This option
would have made it harder to exploit SA-26:18.setcred and
SA-26:08.rpcsec_gss.
The change bloats the amd64 kernel text by about 350KB and increases the
number of covered functions from ~1500 to ~9000 (within the kernel
itself, i.e., not counting kernel modules).
Reviewed by: olce, olivier, emaste
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D56870
This has been stable in my testing, and enabling parallelism speeds up
test runs considerably. In particular, with -v parallelism=16 in a
16-vcpu bhyve VM my test runs go from ~50m to ~40m; the exact numbers
depend on the kernel config in use.
Reviewed by: pouria
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D57094
Even though it is not dereferenced, it is UB to take the address of an
out of bounds array element.
Reviewed by: pouria, bz, des, adrian
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57158
This ifdef does not do anything, SV_ABI_LINUX is a flag.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: ivy, brooks
Pull-Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/37
When updating the names of the sleep types in 95b4436e98 ("power:
Rename sleep types"), I forgot to update the lengths of the buffers they
went into.
Reported by: mhorne
Fixes: 95b4436e98 ("power: Rename sleep types")
Sponsored by: The FreeBSD Foundation
Drop and Add bits reset the data toggle for high-speed devices in XHCI.
The toggle bit represents the sequence number in USB 2.0 transfers. However,
a device can only recognize that the toggle bit has been reset while in
the HALT state. As a result, the host and device toggle values may
become mismatched, causing xHCI to reject the packet. This issue was
observed while testing the EZ-USB FX2 device.
The transfer may then return to the original value after a
bi-directional TD because the toggle field is only one bit wide. This
explains the reson that we can only receive packets bi-transfer in some
case. Therefore, we do not reset the toggle bit here.
Reviewed by: adrian
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57146
Reported by: markj
Fixes: e9a5eb0e5e ("vop_read_pgcache_post(): report inotify IN_ACCESS same as for vop_read_post()")
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
It is reported that micro(up)time() performs poorly in certain
virtualisation scenarios. Absolute accuracy isn't required here, so
switch to the slightly less accurate (as per the man page) get-variants.
PR: 295043
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
We used nla_p_table for pfr_table structures, but this netlink decoder
was intended for pfioc_table and decoded an extra field, outside
of pfr_table. This allowed userspace to write (slightly) outside of
pfr_table.
Use a separate nlattr_parser for pfr_table.
PR: 295218
Reported by: Robert Morris <rtm@lcs.mit.edu>
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Without that, 'make distributeworld' fails ('make buildworld' and 'make
installworld' do not need it).
Fixes: cba191e291 ("MAC/do: Add basic tests on setting rules")
MFC after: 1 minute
Sponsored by: The FreeBSD Foundation
It is not enough to check vp1 == vp2 to detect lock recursion, since
vnodes might share the locks. This might happen for e.g. stacked
filesystems (nullfs and other), and for FFS snapshots.
Switch from checking vnode equiality to check v_vnlock equiality, and
recheck the condition after vnode relock since reclamation or otner
parallel operation might change the vnode locks under us.
Return a value (not really an error) indicating the case that vnodes
share the lock, to simplify the unlock in caller.
Reviewed by: jah, markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D57035