Commit Graph

304884 Commits

Author SHA1 Message Date
Mark Johnston 39ee24182b rc.subr: Support setting the audit user when starting services
When an unprivileged user restarts a service using, e.g., sudo, the
service runs with the audit user ID set to that of the unprivileged
user.  This can have surprising effects: for instance, a user that
restarts a jail that is running sshd will end up with their UID attached
to all audit logs associated with users who log in via that sshd
instance.  (sshd will set the audit user, but this is disallowed in
jails by default.)

Add support for rc.conf directives which cause rc to override the audit
user.  Specifically, make <name>_audit_user=foo cause the audit user to
be set to "foo" for service <name>.  A plain audit_user=foo directive
causes all services to be started as foo.

Note, like other similar rc features, this feature is limited to rc
services which are run by executing a command.  Shell functions can't be
wrapped this way.

Reviewed by:	0mp
MFC after:	2 weeks
Sponsored by:	Modirum MDPay
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D53747
2025-11-18 16:24:21 +00:00
Mark Johnston 71f6592a01 rc.subr: Remove misguided cpuset usage
When running an rc command, if the target rc script defines
<command>_cmd, e.g., start_cmd=..., then the run_rc_command() executes
that instead of $command.  In general it's a shell function, and
"cpuset -l <n> <shell function>" doesn't work.

Moreover, it doesn't really make sense to run cpuset for anything other
than start_cmd.

Other optional isolation mechanisms (e.g., <name>_fib,
<name>_chroot) are only used when invoking $command directly as part of
the "start" command.  Make <name>_cpuset consistent with everything else
by removing these extraneous cpuset invocations.

Reviewed by:	0mp
MFC after:	2 weeks
Sponsored by:	Modirum MDPay
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D53746
2025-11-18 16:24:21 +00:00
Mark Johnston 1238610a27 setaudit: Add an update mode
By default, setaudit(8) overwrites the whole audit session state.  For
the purpose of overwriting only a single field, e.g., the audit user,
this is inconvenient.  Add -U to accomodate this case: when specified,
setaudit(8) will first fetch the current session state block and then
will only overwrite those fields specified on the command line.

Reviewed by:	csjp
MFC after:	2 weeks
Sponsored by:	Modirum MDPay
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D53672
2025-11-18 16:24:20 +00:00
Mark Johnston 551191e14e setaudit: Fix handling of numeric UIDs
The usage of strtoul() was incorrect.

Reviewed by:	csjp
MFC after:	2 weeks
Sponsored by:	Modirum MDPay
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D53671
2025-11-18 16:24:20 +00:00
Mark Johnston a9be8f9968 setaudit: Bump WARNS and fix some style bugs
- Cast sockaddrs through void to silence warnings about expected
  alignment.
- Fix cast style.
- Sort includes.
- Make some global variables local.
- Sort options.

No functional change intended.

Reviewed by:	csjp
MFC after:	2 weeks
Sponsored by:	Modirum MDPay
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D53670
2025-11-18 16:24:20 +00:00
Mark Johnston dcb0790bad setaudit: Initial import
Unmodified sources from https://github.com/csjayp/setaudit at commit
aa4dd9dfa40b6437030d718834236f4eaeb18ccb.

Some follow-up changes will fix a few issues and make it easier to use
this utility in the rc framework.

Reviewed by:	csjp
MFC after:	2 weeks
Sponsored by:	Modirum MDPay
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D53669
2025-11-18 16:24:20 +00:00
Mark Johnston 7861d051de rc.subr: Try to make svjc option handling a bit easier to read
Specifically, make this code fit in fewer columns:
- deindent cases to conform to the usual style,
- use a local variable to minimize duplication in each case.

No functional change intended.

Reviewed by:	0mp, netchild
MFC after:	2 weeks
Sponsored by:	Klara, Inc.
Sponsored by:	Modirum MDPay
Differential Revision:	https://reviews.freebsd.org/D53754
2025-11-18 16:24:20 +00:00
Randall Stewart 8f2f66b323 TCP Pacing system (HPTS) is missing an API
Recent changes to HPTS have broken an API that was somehow removed (used by user space programs for
time calculations). This commit will add back the inline function that was removed.

Differential Revision:<https://reviews.freebsd.org/D53225>
2025-11-18 10:18:25 -05:00
Ed Maste 38829592dc diff3: Remove bespoke getopt.h
diff3's getopt.h included a function declaration without a prototype,
which produces a compiler warning.  Just remove the bespoke getopt.h
and use the system header.

Reported by:	Mark Millard
Reviewed by:	fuz
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53802
2025-11-18 08:42:36 -05:00
Boris Lytochkin 8012c61bef ipfw: fix lookup dst-ip opcode
Opcode handling should not fall through to the LOOKUP_DSCP type.

Reviewed by:	melifaro
Obtained from:	Yandex LLC
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D53775
2025-11-18 13:31:56 +03:00
Konstantin Belousov c0a38339fe exterror.9: explain buffers and bios usage of extended errors
Reviewed by:	pauamma_gundo.com
Sponsored by:	The FreeBSD Foundation
Differential revision:	https://reviews.freebsd.org/D53798
2025-11-18 07:34:56 +02:00
Warner Losh 396b32e801 stand: Add back missing EFIAPI define
EFIAPI has to be defined correctly for amd64, or things won't boot
because it uses a different API than we normally use. Normally, this
only affects amd64, since all the other archs are basically nothing.
Tested on: amd64, aarch64 and armv7 (the frist two by markj and I with
differnet test setups).

Fixes:			43b8edb320
Sponsored by:		Netflix
Reviewed by:		markj
Differential Revision:	https://reviews.freebsd.org/D53799
2025-11-17 21:45:59 -07:00
Colin Percival f6e9474ebd release: Add a MISSING_METALOGS hack to VMs
The packages for 15.0-RELEASE built without the bug fix needed to make
files created via @sample get properly listed in METALOG.  Fix the
cloudware which contain @sample-using packages by adding the necessary
files to METALOG manually.

This should be reverted after the next full package build, and live on
only in releng/15.0.

Reviewed by:	markj
MFC after:	immediately (15.0-RC2)
Differential Revision:	https://reviews.freebsd.org/D53797
2025-11-17 18:18:27 -08:00
Colin Percival 0dbb00733c GCE: Add /usr/src and /usr/ports to METALOG
We ship these in order to comply with GCE Marketplace rules about
providing source code and licenses for all the software we ship as
part of images.

Reviewed by:	markj
MFC after:	immediately (15.0-RC2)
Differential Revision:	https://reviews.freebsd.org/D53796
2025-11-17 18:18:27 -08:00
Colin Percival 86c63597f2 release: Add /boot/loader.conf to some cloudware
These were forgotten during the METALOGization process earlier.

Reviewed by:	markj
MFC after:	immediately (for 15.0-RC2)
Differential Revision:	https://reviews.freebsd.org/D53795
2025-11-17 18:18:27 -08:00
Bjoern A. Zeeb 640205bc22 LinuxKPI: 802.11: initialize the passed in chandef in cfg80211_chandef_create
cfg80211_chandef_create() gets passed a pointer to a cfg80211_chan_def.
It seems that several users are passing in an uninitialized variable
from the stack and expect cfg80211_chandef_create() to initialize it.
Run memset() on the struct, which for all callers currently seems to do
the right thing, to avoid later accesses to uninitialized struct members
like "punctured".

Reported by:	CI (gcc build)
MFC after:	3 days
Sponsonred by:	The FreeBSD Foundation
2025-11-17 22:54:07 +00:00
Kristof Provost ff9f76a206 if_ovpn: use IFT_TUNNEL
IFT_ENC has special behaviour in pf we don't desire, and this also ensures that
for all interface types there is N:1:1 correspondence between if_type:dlt:header len.

Requested by:	glebius
MFC after:	1 week
2025-11-17 23:05:45 +01:00
Martin Matuska 1b9254f4d4 zfs: unbreak gcc builds after openzfs/zfs@e63d026b9 2025-11-17 22:17:19 +01:00
Martin Matuska fb709935d6 zfs: fix aarch64 build after openzfs/zfs@e63d026b9 2025-11-17 20:15:33 +01:00
Jilles Tjoelker 75a6c38e4d sh: Fix a double free in a rare scenario with pipes
The command
  sh -c 'sleep 3 | sleep 2 & sleep 3 & kill %1; wait %1'
crashes (with appropriate sanitization such as putting
MALLOC_CONF=abort:true,junk:true in the environment or compiling with
-fsanitize=address).

What happens here is that waitcmdloop() calls dowait() with a NULL job
pointer, instructing dowait() to freejob() if it's a non-interactive
shell and $! was not and cannot be referenced for it. However,
waitcmdloop() then uses fields possibly freed by freejob() and calls
freejob() again.

This only occurs if the job being waited for is identified via % syntax
($! has never been referenced for it), it is a pipeline with two or more
elements and another background job has been started before the wait
command. That seems special enough for a bug to remain. Test scripts
written by Jilles would almost always use $! and not % syntax.

We can instead make waitcmdloop() pass its job pointer to dowait(),
fixing up things for that (waitcmdloop() will have to call deljob() if
it does not call freejob()).

The crash from
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290330#c2 appears to
be the same bug.

PR:		290330
Reported by:	bdrewery
Reviewed by:	bdrewery
Differential Revision:	https://reviews.freebsd.org/D53773
2025-11-17 19:32:38 +01:00
John Baldwin 33383fbf60 nvmf: Add support for DIOCGIDENT
This mirrors commit 6d0001d444 but for
nvmf(4).

Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D53339
2025-11-17 13:26:30 -05:00
John Baldwin 8d2a50bb38 nvme: Abstract out function to obtain a disk ident string from cdata
This will permit sharing the code with nvmf(4).

Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D53338
2025-11-17 13:21:39 -05:00
Robert Clausecker 4fcc58afbf msun: document that {sin,cos,tan}pi(3) follow C23
- also use new .St -ieee754-2008 request in *pi.3

Reviewed by:	imp
Approved by	markj (mentor)
See also:	D53784
Differential Revision:	https://reviews.freebsd.org/D53783
2025-11-17 18:18:46 +01:00
Robert Clausecker 37fa5b36ab msun: expose the C23 functions we already support in <math.h>
This is the *pi family of trigonometric functions. Quite a few C23
functions are still missing.  These seem to be:
acospi, acospif, acospil, asinpi, asinpif, asinpil, atan2pi, atan2pif,
atan2pil, atanpi, atanpif, atanpil, canonicalize, canonicalizef,
canonicalizel, compoundn, compoundnf, compoundnl, daddl, ddivl, dfmal,
dmull, dsqrtl, dsubl, exp10, exp10f, exp10l, exp10m1, exp10m1f,
exp10m1l, exp2m1, exp2m1f, exp2m1l, fadd, faddl, fdiv, fdivl, ffma,
ffmal, fmaximum, fmaximum_mag, fmaximum_mag_num, fmaximum_mag_numf,
fmaximum_mag_numl, fmaximum_magf, fmaximum_magl, fmaximum_num,
fmaximum_numf, fmaximum_numl, fmaximumf, fmaximuml, fminimum,
fminimum_mag, fminimum_mag_num, fminimum_mag_numf, fminimum_mag_numl,
fminimum_magf, fminimum_magl, fminimum_num, fminimum_numf,
fminimum_numl, fminimumf, fminimuml, fmul, fmull, fromfp, fromfpf,
fromfpl, fromfpx, fromfpxf, fromfpxl, fsqrt, fsqrtl, fsub, fsubl,
iscanonical, iseqsig, issignaling, issubnormal, iszero, nextdown,
nextdownf, nextdownl, nextup, nextupf, nextupl, pown, pownf, pownl,
powr, powrf, powrl, rootf, rootl, rootn, roundeven, roundevenf,
roundevenl, rsqrt, rsqrtf, rsqrtl, ufromfp, ufromfpf, ufromfpl,
ufromfpx, ufromfpxf, ufromfpxl.

Reviewed by:	imp
Approved by:	markj (mentor)
MFC after:	1 month
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D53783
2025-11-17 18:18:46 +01:00
Robert Clausecker 63cd0841de contrib/mandoc: document .St -ieee754-2008 in mdoc(7)
Approved by:	markj (mentor)
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D53784
2025-11-17 18:18:46 +01:00
Robert Clausecker db3884b039 contrib/mandoc: add -ieee754-2008
This is needed to simplify the msun manpages {sin,cos,tan}pi.3

Approved by:	markj (mentor)
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D53784
2025-11-17 18:18:40 +01:00
Martin Matuska bb8580e7a6 zfs: fix cross-build after openzfs/zfs@e63d026b9d
Workaround multiple cross-build issues in OpenZFS code

TBD: discuss long-term fix with OpenZFS
2025-11-17 17:12:03 +01:00
Martin Matuska 4303bde429 zfs: fix build after openzfs/zfs@e63d026b9
Fix Makefiles
Update zfs_config.h and zfs_gitrev.h
2025-11-17 17:11:56 +01:00
Martin Matuska 8ac904ce09 zfs: merge openzfs/zfs@e63d026b9
Notable upstream pull request merges:
 #17477 02fdd26e5 Add knob to disable slow io notifications
 #17792 d0294aa75 Update dnode_next_offset_level to accept blkid instead
                  of offset
 #17824 8c225ff1b Fix gang write late_arrival bug
 #17861 -multiple Lift userspace definitions out of zfs_context.h
 #17872 dcada084b Pass flags to more DMU write/hold functions
 #17875 ec268cdf9 Fix caching of DDT log and BRT
 #17875 ea125eeb5 BRT: Round bv_entcount up to BRT_BLOCKSIZE
 #17877 6cfc3dba9 Cleanup ZIO_FLAG_IO_RETRY vs TRYHARD usage
 #17885 e63d026b9 cmd/zpool cstyle issues
 #17890 b4f073b5a Add BRT support to zpool prefetch command
 #17903 baefe098e ZIO: Set minimum number of free issue threads to 32
 #17906 6e12f0bd7 spa_misc: add an API for spa_namespace_lock
 #17908 e26b9fc87 FreeBSD: Add support for _PC_CASE_INSENSITIVE
 #17911 -multiple Update library ABI versions for v2.4.0
 #17915 8aaed7dc4 BRT: Fix ranges to blocks conversion math
 #17916 cc5cae547 BRT: Increase block size from 4KB to 8KB
 #17921 72b2a9571 ZAP: Remove dmu_object_info_from_dnode() call

Obtained from:	OpenZFS
OpenZFS commit:	e63d026b91
2025-11-17 17:11:32 +01:00
Christos Margiolis 5f624d923d snd_hda: Patch Lenovo V15
PR:		290496
Tested by:	adrian
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2025-11-17 17:09:18 +01:00
Kristof Provost c12013f5bb pf: fix udp_mapping cleanup
If we fail to obtain a new source port (pf_get_sport()) while we've
created a udp_mapping (for 'endpoint independent nat') we must free the
udp_mapping in pf_get_sport(). Otherwise the calling function will call
pf_udp_mapping_release(). This will then attempt to remove the udp_mapping from
a list it's not in, and crash.

Actually free the udp_mapping in all failure cases. While here sprinkle in a few
more assertions to ensure we don't forget leak udp_mappings and add a test case
to provoke this problem.

Reviewed by:	thj
MFC after:	1 week
See also:	https://redmine.pfsense.org/issues/16517
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D53737
2025-11-17 16:48:04 +01:00
Krzysztof Galazka 1839526b73 igb(4): Fix VLAN support on VFs
Virtual Functions are considered untrusted and have no control
over VLAN filtering configuration in HW. To allow using
VLANs on VF intreface driver has to assume that VLAN HW Filtering
is always enabled and pass requests for adding or removing VLAN
tags to Physical Function driver using Mailbox API.

Signed-off-by: Krzysztof Galazka <krzysztof.galazka@intel.com>

Approved by:	kbowling (mentor)
Reviewed by:	erj (previous version)
Tested by:	gowtham.kumar.ks_intel.com
MFC after:	1 week
Sponsored by:   Intel Corporation
Differential Revision:	https://reviews.freebsd.org/D53245
2025-11-17 16:30:35 +01:00
Ed Maste bf2dc446d1 example.4: Bump deprecation example to FreeBSD 17
The deprecation notice should indicate that the driver or feature will
be removed in a future release, not one that's nearly EOL.

Sponsored by:	The FreeBSD Foundation
2025-11-17 10:13:17 -05:00
Ed Maste af4ba95daf freebsd-update: Add some diagnositic information for a failure case
Users report freebsd-update failing with "The update metadata index is
correctly signed, but failed an integrity check."  Add a hint at which
of the cases is failing to help track down the issue.

PR:		264205
Reviewed by:	dch
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52222
2025-11-17 09:42:17 -05:00
Warner Losh 3c5ca68b9b stand: Fix secureboot build
Make libesecureboot build, enabled when WITH_BEARSSL=y
WITH_LOADER_EFI_SECUREBOOT=y.

Copy EDK2 files related to secure boot to sys/contrib/edk2 and delete
duplicates under libsecreboot/efi/include.
Adjust efi_variables.c to build in the new environment.

Undefine MIN and MAX before include sys/param.h in libsecureboot.h. I'm
not sure that sys/param.h is needed here, but either the param.h or the
Base.h definitions are fine.

Fix include paths to reflect the new way.

Fixes:		43b8edb320
Sponsored by:	Netflix
2025-11-16 22:58:36 -07:00
Warner Losh c62eaf8af9 stand: Update riscv efi booting to edk2 includes
Update to include the right includes for the riscv protocol to get the
hypervisor details.

Note: I expanded the GUID inline rather than using a #define because
there was none. This is only listed in UefiCpuPkg/UefiCpuPkg.dec, so
include it here inline until we can automate using those files.

Fixes:		43b8edb320
Sponsored by:	Netflix
2025-11-16 22:58:03 -07:00
Warner Losh c570deb1cc edk2: Import UefiCpuPkg/Include/Protocol/RiscVBootProtocol.h
Import UefiCpuPkg/Include/Protocol/RiscVBootProtocol.h to
Include/Protocol. This is another direct copy that needs to be carefully
considered in future imports. For now, it's easier to add this
incrementally here.

Sponsored by:		Netflix
2025-11-16 22:08:22 -07:00
Warner Losh 499d2ed109 Base.h: Ifdef out always char purity test.
Now that we've moved to always using this, it turns out the the funky
thing we have for L'a' is everywhere. Removing this check until I can
sort it out. This breaks the build on armv7 otherwise.

Fixes:		43b8edb320
Sponsored by:	Netflix
2025-11-16 19:42:24 -07:00
Warner Losh de060b6851 efi.h: Bring in sys/types.h explicitly now
sys/types.h used to be brought in through namespace pollution, but no
more.

Fixes:		43b8edb320
Sponsored by:	Netflix
2025-11-16 17:16:44 -07:00
Warner Losh 44fb9f2701 sys/efi_map.h: This is a kernel-only file
Slap a #ifdef _KERNEL around it all since it's useless to userland.

Fixes:		43b8edb320
Sponsored by:	Netflix
2025-11-16 17:16:26 -07:00
Warner Losh 60f14d05d2 edk2: Fix fdt build
x86 doesn't use FDT things by default, but aarch64 does. I thought I'd
built the loader on aarch64 to test the EDK2 all the things series, but
apparently not. This fixes the aarch64 build.

Fixes:		43b8edb320
Sponsored by:	Netflix
2025-11-16 16:55:14 -07:00
Warner Losh af6d77c0bd edk2: Bring in Guid/Fdt.h
This one is from EmbeddedPkg/Include/Guid/Fdt.h, which is our first
EmbeddedPkg addition. For the moment, I'm doing this as an ad-hoc basis,
but in the next import may need to reconsider the strategy.

Sponsored by:		Netflix
2025-11-16 16:55:13 -07:00
Ed Maste 4c736cfc69 Deprecate fdc(4) and floppy utilities
Floppies have been obsolete for over a decade.  Add a deprecation note
now and plan to remove fdc(4) support in 16.

Reviewed by:	ziaee
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41549
2025-11-16 17:46:12 -05:00
Ed Maste e1b027b276 fdc.4: Correct igor-reported warnings
Sponsored by:	The FreeBSD Foundation
2025-11-16 17:44:16 -05:00
Dag-Erling Smørgrav ebb0b48226 iwx.4: Follow the established style
Fixes:          b0c1ead2b9 ("iwx.4: Fix SYNOPSIS")
Reviewed by:	ziaee
Differential Revision:	https://reviews.freebsd.org/D53760
2025-11-16 20:10:44 +01:00
Warner Losh 1aa241b4ee tpm20: Bring in the edk2 includes for TPM 2.0 support
Bring these in from edk2-stable202502. They will be used in a
forthcoming TPM 2.0 support code.

Sponsored by:		Netflix
2025-11-16 11:29:04 -07:00
Warner Losh 43b8edb320 stand: Cut over to using the EDK2 files
Remove the old EFI SDK files that we've been nursing along for too many
years. Replace them with files from EDK2 edk2-stable202502 and tweak the
interfaces we need to tweak. Mostly include different things or change
the names of the protocols that no longer have old-school compat names.

I gave up in the middle of env.c, too damn tedious to find all those new
GUIDs. Also, many of the guids were mystery meat, most likely from the
EDK2 sources, but just not the Include subdirectory. Need to investigate
those. And the memory info? Is it just an oboslete thing, or embedded
knowledge of EDK2.

Delete the now-redundant copies of things in Guid and Protocol. I
debated keeping ZeroGuid.h, but EDK2 has moved on from when I snagged it
years ago (or maybe I just invented it out of whole cloth: edk2 does
radically different things today and I didn't do the git deep-dive to
find out).

Sponsored by:		Netflix
Differential Revision:	https://reviews.freebsd.org/D53655
2025-11-16 11:29:03 -07:00
Warner Losh f439973d67 edk2: Pull in more headers from edk2
Pull in more headers from edk2-stable202502 that will be needed as we
transition the building to using only EDK2 headers in the boot loader,
finally ditching our home-grown ones from a super-obsolete SDK from the
early days of EFI.

Note to future importers: My apologies if this not being a mege commit
causes problems. Except for ProcessorBind.h, all files should be exactly
as we got them from EDK2, and if that breaks the build on future
imports, we should adjust our code.

Sponsored by:		Netflix
Differential Revision:	https://reviews.freebsd.org/D53654
2025-11-16 11:29:03 -07:00
Warner Losh 473786a131 edk2: Tweak the tests for UEFI Specification Data Type requirements
On x86 these trigger for 32-bit builds. We only ever (will) do that for
the 32-bit loader that starts a 64 bit kernel for ia32. For the moment,
take the training wheels off, though most likely some compile flags need
to be used to change the i386 ABI to force *int64_t alignment to 64
bits or some other horror as yet ill-concieved. Despite this assertion,
the ia32 to boot 64-bit kernels loaders seem to work.

Sponsored by:		Netflix
Differential Revision:	https://reviews.freebsd.org/D53653
2025-11-16 11:29:03 -07:00
Warner Losh 84dc74b827 stand: switch the loader over to using efi-edk2.h
Sponsored by:		Netflix
Differential Revision:	https://reviews.freebsd.org/D53652
2025-11-16 11:29:03 -07:00