Commit Graph

302038 Commits

Author SHA1 Message Date
Pierre Pronchery 4757b351ea openssl: Import version 3.5.1
Migrate to OpenSSL 3.5 in advance of FreeBSD 15.0. OpenSSL 3.0 will be
EOL after 2026-09-07.

Approved by:	philip (mentor)
Sponsored by:	Alpha-Omega Beach Cleaning Project
Sponsored by:	The FreeBSD Foundation
Differential revision:	https://reviews.freebsd.org/D51613
2025-08-07 15:54:34 +02:00
Pierre Pronchery e7be843b4a Merge commit '1095efe41feed8ea5a6fe5ca123c347ae0914801'
Approved by:	philip (mentor)
Sponsored by:	Alpha-Omega Beach Cleaning Project
Sponsored by:	The FreeBSD Foundation
2025-08-07 15:50:32 +02:00
Kyle Evans d0ff5773ce libregex: fix our mapping for \w
A small oversight in our implementation of \w is that it's actually
not strictly [[:alnum:]].  According to the GNU documentation, it's
actually [[:alnum:]] + underscore.  The fix is rather trivial: just add
it to our set explicitly, and amend our test set to be sure that _ is
actually included.

PR:		287396
2025-08-08 13:27:26 -05:00
John Baldwin 619feb9dd0 krb5: Don't add -Wno-macro-redefined to CFLAGS
This doesn't exist on GCC and masked warnings in OpenSSH.

Reviewed by:	des
Differential Revision:	https://reviews.freebsd.org/D51811
2025-08-08 13:44:15 -04:00
John Baldwin e8633bc76a openssh: Don't include an unused EVP_CIPHER_CTX_get_iv() stub
This stub isn't actually used on modern versions of OpenSSL for which
OpenSSH uses EVP_CIPHER_CTX_get_updated_iv instead via a wrapper macro.

However, the wrapper macro conflicted with the existing namespace
macro triggering an error on GCC:

In file included from crypto/openssh/sshd-session.c:65:
crypto/openssh/openbsd-compat/openssl-compat.h:71:11: error: "EVP_CIPHER_CTX_get_iv" redefined [-Werror]
   71 | #  define EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_get_updated_iv
      |           ^~~~~~~~~~~~~~~~~~~~~
In file included from <command-line>:
crypto/openssh/ssh_namespace.h:12:9: note: this is the location of the previous definition
   12 | #define EVP_CIPHER_CTX_get_iv                   Fssh_EVP_CIPHER_CTX_get_iv
      |         ^~~~~~~~~~~~~~~~~~~~~

The error was masked on clang due to MIT krb5 adding a blanket
-Wno-macro-redefined.  Building sshd-session without Kerberos support
was sufficient to trigger a warning from clang.

Reviewed by:	des
Differential Revision:	https://reviews.freebsd.org/D51810
2025-08-08 13:43:56 -04:00
John Baldwin 7de6d9d9b6 openssh: Include <fcntl.h> explicitly in includes.h
This was previously included due to nested includes in Heimdal's
headers.  Without this, the build fails with an error due to redefining
AT_FDCWD.

clang:

In file included from crypto/openssh/sshd-session.c:46:
/usr/obj/.../tmp/usr/include/fcntl.h:232:9: error: 'AT_FDCWD' macro redefined [-Werror,-Wmacro-redefined]
  232 | #define AT_FDCWD                -100
      |         ^
crypto/openssh/openbsd-compat/bsd-misc.h:69:10: note: previous definition is here
   69 | # define AT_FDCWD (-2)
      |          ^

GCC (can't be disabled):

In file included from crypto/openssh/sshd-session.c:46:
sys/sys/fcntl.h:232:9: error: "AT_FDCWD" redefined [-Werror]
  232 | #define AT_FDCWD                -100
      |         ^~~~~~~~
In file included from crypto/openssh/openbsd-compat/openbsd-compat.h:218,
                 from crypto/openssh/includes.h:173,
                 from crypto/openssh/sshd-session.c:30:
openssh/openbsd-compat/bsd-misc.h:69:10: note: this is the location of the previous definition
   69 | # define AT_FDCWD (-2)
      |          ^~~~~~~~

Reviewed by:	des
Differential Revision:	https://reviews.freebsd.org/D51809
2025-08-08 13:43:36 -04:00
Warner Losh 5090ea716b inet: fix typo
Note: btw submitted a number of other things in this area that haven't
made it into the tree, so I'm making an exception to the no typo rule
since it was done in that context.

Submitted by: btw (Tiwei Bie GSOC 2015 so unsure what to use for author)
Differential Revision: https://reviews.freebsd.org/D3510
2025-08-08 11:17:38 -06:00
Warner Losh b2df9c07df CONTRIBUTING: Tweak the language
Tweak the language around several items, as well as making things less
overly verbose. In addition, tweak the language about names, idenity and
project requirements around it to match the policy and intentions more
closely. Much of this language was taken from a recent proposal in the
git mailing list and matches well how the project has accepted
contributions in the past. It's also been tweaked a bit since 'legal
name' seems like it should be well defined, but actually isn't
as well defined universally as on might think.

Sponsored by:		Netflix
Differential Revision:	https://reviews.freebsd.org/D51638
2025-08-08 11:16:13 -06:00
Brooks Davis 8d26a9da0c amd64: assume the kernel supports RDFSBASE and RDGSBASE
There is no need to support pre-12.0 (and thus pre-ino64) kernels in a
15.x libc.

Continue to check if the CPU supports these features before using them
and fall back as required.

Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D50732
2025-08-08 18:15:21 +01:00
John Baldwin af261a46af RELNOTES: Update the note for NVMeoF to reference ctld instead of nvmfd
Sponsored by:	Chelsio Communications
2025-08-08 12:52:44 -04:00
John Baldwin 83dc2f3339 nvmfd: Move out of the base install and into tools/tools/nvmf
This is still useful as an example use of the APIs in libnvmf similar
to nvmfdd, but this functionality is now provided in the base system
by ctld.

Sponsored by:	Chelsio Communications
2025-08-08 12:52:44 -04:00
Damin Rido 950a251823 sockstat: revert incorrect use of path-state for SCTP connections
Revert a change that mistakenly used SCTP path state and the field name
`path-state` instead of the correct `conn-state` and `sctp_conn_state()`
call. This was introduced in 7b35b4d during the addition of libxo
support.

Fixes:		7b35b4d ("sockstat: add libxo support")
Reported by:	Phil Shafer <phil@juniper.net>
Sponsored by:	Google, LLC (GSoC 2025)
Pull Request:	https://github.com/freebsd/freebsd-src/pull
Reviewed by:	asomers
2025-08-08 10:16:56 -06:00
Faraz Vahedi 50dee97297 cap_fileargs.3: Polish
Extensively revised the manual page with clearer phrasing, better
structure, and corrected grammar throughout. Also fixed typos and
improved overall readability of the documentation.

Signed-off-by: Faraz Vahedi <kfv@kfv.io>
2025-08-08 18:08:21 +02:00
Dag-Erling Smørgrav 6dab48b9de build: Switch CLEAN back on by default
There have been too many issues with non-META_MODE incremental builds
recently, and it is clear that most users, even developers, were not
aware that the default had been switched.

This will be revisited once more work has been done to help prevent
future breakage.

This reverts commit ba373fca78.

Reviewed by:	markj, jhb
Differential Revision:	https://reviews.freebsd.org/D51828
2025-08-08 17:57:31 +02:00
Lexi Winter 7d2cfb27d6 krb5: Move headers to the kerberos-lib package
Reviewed by:		manu
Differential Revision:	https://reviews.freebsd.org/D51826
2025-08-08 16:36:06 +01:00
Lexi Winter f4fd2aa07c libutil++: Move to clibs
This library only installs manual pages, so putting it in its own
package means we build a FreeBSD-libutil++-man package but not a
base FreeBSD-libutil++ package.  Without a base package, the man
package can't be installed due to the missing dependency.

We don't really need a separate package for a few manpages, so move
it to clibs.

Reviewed by:		des
Differential Revision:	https://reviews.freebsd.org/D51756
2025-08-08 16:14:07 +01:00
Lexi Winter 2fb03d6c11 gssd: Be consistent about Makefile conditionals
gssd itself is only built when both MK_GSSAPI and MK_KERBEROS_SUPPORT
are enabled, but the init script and OptionalObsoleteFiles entries
only checked MK_GSSAPI.  Check both variables everywhere.

Reviewed by:		des
Differential Revision:	https://reviews.freebsd.org/D51812
2025-08-08 14:16:06 +01:00
Mark Johnston 66c75fa63a freebsd-update: Fix the pkgbase check
Even on a pkgbase system, it should be possible to use freebsd-update -j
to upgrade a non-pkgbase jail, at least for the time being.  However,
the check_pkgbase() call came before get_params, so BASEDIR was always
set to /.

Make check_pkgbase() a pure function and call it after get_params().
While here, use pkg -r ${BASEDIR} instead of pkg -c ${BASEDIR} since the
latter requires root privileges.  freebsd-update is supposed to be run
as root, but it doesn't actually check this that I can see, so let's not
make that assumption here since it affects the result of the function
(i.e., pkg -c ${BASEDIR} always fails as a non-root user).

Reviewed by:	des
Fixes:		856e158dc4 ("freebsd-update: improve pkgbase check")
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D51770
2025-08-08 12:51:54 +00:00
Zhenlei Huang f4744b8acb EtherIP: Fix passing the address family from if_bridge(4) to gif(4)
Given IPPROTO_IPV4, IPPROTO_IPV6 and IPPROTO_ETHERIP have different
protocol numbers, then it is perfect valid to tunnel IPv4, IPv6 and
Ethernet traffic over IPv[46] by the same interface. Since gif(4) has
already utilized the inbound csum_data field to carry address family,
also teach if_bridge(4) to do that, rather than checking if a gif(4)
interface is member of a if_bridge(4) interface.

Without this fix, tunnel IPv[46] over IPv[46] will not work when the
gif(4) interface is member of a if_bridge(4) interface, aka the EtherIP
setup, as the address family passed from gif_output() will be overwritten
with the wrong one AF_LINK by gif_transmit(), and end up with incorrectly
encapsulated packets.

PR:		227450
Reviewed by:	kp
Tested by:	meta
Fixes:		8a03087223 gif(4): Assert that gif_output() isn't called for EtherIP
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D51682
2025-08-08 18:17:51 +08:00
Zhenlei Huang 04d0dc4c0c tests: gif(4): Add regression tests for setup with EtherIP
Tunnel IPv[46] traffic over IPv[46] should still function when the
gif(4) interface is member of a if_bridge(4) interface, aka the
EtherIP setup.

PR:		227450
Reviewed by:	kp
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D51682
2025-08-08 18:17:51 +08:00
Aymeric Wibo 84bbfc32a3 acpi_powerres: D3cold support
Cherry-pick commit 0b76c0a from ACPICA (actypes: Distinguish between
D3hot/cold, and default `ACPI_STATE_D3` to D3cold).

The same distinction is made between `PCI_POWERSTATE_D3_HOT` and
`PCI_POWERSTATE_D3_COLD`, as they're defined by ACPI (and are asserted
to be the same).

D3cold is essentially the same as D3hot except the power resources are
turned off.  Add support for D3cold to `acpi_pwr_switch_consumer`.

`acpi_d_state_to_str` replaces the `printf("D%d", d_state)` pattern,
allowing for "D3hot" and "D3cold" strings to be printed instead of just
"D3".

Reviewed by:	markj, ziaee, mckusick (mentor)
Approved by:	markj, mckusick (mentor)
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D48384
2025-08-08 11:42:44 +02:00
Brooks Davis 7988e7e167 sysent: regen to mark _exit _Noreturn 2025-08-08 10:30:17 +01:00
Brooks Davis 2a2556879b syscalls.master: mark _exit as not returning
Reviewed by:	imp, kib
Differential Revision:	https://reviews.freebsd.org/D51674
2025-08-08 10:30:17 +01:00
Brooks Davis 202ac0975e sysent: add a new NORETURN type flag
System calls of type NORETURN don't return and their stubs are declare
not to.

Reviewed by:	kevans, kib
Differential Revision:	https://reviews.freebsd.org/D51673
2025-08-08 10:30:17 +01:00
Brooks Davis 8433f8cd06 sysent: regen for _exit(2) normalization 2025-08-08 10:30:16 +01:00
Brooks Davis e7e964cb2e syscalls: normalize _exit(2) declerations
exit(3) is implemented by the runtime and performs a number of shutdown
actions before ultimately calling _exit(2) to terminate the program.  We
historically named the syscall table entry `exit` rather than `_exit`,
but this requires special handling in libc/libsys to cause the `_exit`
symbol to exist while implementing `exit` in libc.

Declare the syscall as `_exit` and flow that through the system.

Because syscall(SYS_exit, code) is fairly widely used, allow a
configured extra line in syscall.h to define SYS_exit to SYS__exit.

I've found no external uses of __sys_exit() so I've not bothered to
create a compatability version of this private symbol.

Reviewed by:	imp, kib, emaste
Differential Revision:	https://reviews.freebsd.org/D51672
2025-08-08 10:30:16 +01:00
Brooks Davis fd4cdc438b rtld: fix dependencies for rtld-libc
Previously we (appropriately, but incorrectly) attempted to depend on
LIBC_NOSSP_PIC and LIBSYS_PIC for rtld_libc.a.  Unfortunately,
variables in dependency lists are expanded at parse time and those
variables are defined in bsd.libnames.mk which *must* be included by
bsd.{lib,prog}.mk.  As such, they were undefined and thus expanded to
the empty string resulting in no dependency with predictable and highly
confusing results.

Move the declaration of these dependencies to after the include of
bsd.prog.mk and add comments on both side in hopes of keeping any future
dependencies in sync.

Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D51790
2025-08-08 10:30:16 +01:00
Andrew Turner 4c6c27d3fb arm64: Support TBI in userspace
To allow for Hardware-assisted AddressSanitizer (HWASAN) and future
work to enable MTE we need to enable TBI in userspace. As address space
that previously would have faulted will now not it could be considered
an ABI change so only enable for processes with a late enough revision.

Relnotes:	yes
Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D51637
2025-08-08 09:09:38 +01:00
Toomas Soome d439a15512 libsa: ip fragment reassembly is buggy
Well, it does not really work and we are getting retransmits.
To replicate, set nfs.read_size large enough.

What needs to happen is, we read ethernet packet, if it has
IPv4 payload and that payload is fragment, we create reassembly
queue (sorted by growing fragment offset) and on last
fragment, we can build complete packet. Once done properly,
the network load can utilize larger read sizes.

While there, move ARP (and other) processing out of readipv4().

Reviewed by:	imp
Differential Revision: https://reviews.freebsd.org/D51690
2025-08-08 10:10:08 +03:00
Kyle Evans 7a7f74dbcc grep: toss in some explicit fflush()
grep|tee of the src/ tree for infrequently-occurring strings is fairly
annoying; drop some tactical flushes at line-match boundaries to reduce
the long stalls.  In the case of `grep -o`, we'll flush after multiple
lines if there are multiple matches within a single line of text, while
for non`-o` we'll flush generally after every line.
2025-08-08 00:05:10 -05:00
Kyle Evans bd21c672a8 jail.h: fix the build
A local change that fixed this got lost somewhere; unbreak the build.

Pointy hat:	kevans
Fixes:	8a5ceebece ("kern: disallow user scheduling/ [...]")
2025-08-07 23:34:42 -05:00
Kyle Evans 8a5ceebece kern: disallow user scheduling/debugging/signalling of jailed procs
Currently, jails are generally ignored when determining whether the
current process/thread can take action upon another, except to determine
if the target's jail is somewhere in the source's hierarchy. Notably,
uid 1001 in a jail (including prison0) can take action upon a process
run by uid 1001 inside of a subordinate jail by default.

While this could be considered a feature at times, it is a scenario
that really should be deliberately crafted; there is no guarantee that
uid 1001 in the parent jail is at all related to uid 1001 in a
subordinate.

This changes introduces three new privileges that grant a process
this kind of insight into other jails:

- PRIV_DEBUG_DIFFJAIL
- PRIV_SCHED_DIFFJAIl
- PRIV_SIGNAL_DIFFJAIL

These can be granted independently or in conjunction with the
accompanying *_DIFFCRED privileges, i.e.:

- PRIV_DEBUG_DIFFCRED alone will let uid 1001 debug uid 1002, but
  PRIV_DEBUG_DIFFJAIL is additionally needed to let it debug uid 1002
  in a jail.

- PRIV_DEBUG_DIFFJAIL alone will let uid 1001 debug uid 1001 in a jail,
  but will not allow it to debug uid 1002 in a jail.

Note that security.bsd.see_jail_proc can be used for similar effects,
but does not prevent a user from learning the pid of a jailed process
with matching creds and signalling it or rescheduling it (e.g., cpuset).
Debugging is restricted by visibility in all cases, so that one is less
of a concern.

This change adds a new jail(8) parameter for the parent to indicate on
a per-jail basis if its users are open to being tampered with by the
parent's unprivileged users: allow.unprivileged_parent_tampering.  This
is disabled by default, but may be enabled to bypass the new priv(9)
checks in some scenarios where the functionality is useful.  For
development setups that involve regularly debugging jailed processes
from outside the jail, consider adding a default
`allow.unprivileged_parent_tampering;` to your /etc/jail.conf.

This may get MFC'd in the future with the default flipped to preserve
pre-existing behavior but allow opt-in for the new position sooner.

Reviewed by:	jamie
Differential Revision:	https://reviews.freebsd.org/D51645
2025-08-07 23:26:51 -05:00
Kyle Evans 58c92776d1 jail: separate "statically valid allow flags" from "prison0 allow flags"
The current setup means that we can't add an allow flag in sys/jail.h
that's disabled by default without removing it from the pr_flags
assignment in kern_jail.c.  That's technically fine, but I think it's
better to make it more prevalent at the PR_ALLOW_* definition site so
that it's top-of-mind when adding a new flag.

This is a preparatory change for adding an allow flag that prison0 will
also have disabled by default, but with an allow.* knob and sysctl to
enable it.

Reviewed by:	jamie
Differential Revision:	https://reviews.freebsd.org/D51656
2025-08-07 23:26:51 -05:00
Rick Macklem 49eba35ce8 RELNOTES: Add an entry for COPY_FILE_RANGE_CLONE 2025-08-07 18:08:18 -07:00
Rick Macklem 37b2cb5ecb vfs: Add support for file cloning to VOP_COPY_FILE_RANGE
NFSv4 has a separate CLONE operation from COPY with
a couple of semantics differences. Unlike COPY, CLONE
must complete the "copy on write" and cannot return
partially copied. It also is required to use offsets (and
the length if not to EOF) that are aligned to a buffer
boundary.

Since VOP_COPY_FILE_RANGE() can already do "copy on write"
for file systems that support it, such as ZFS with block
cloning enabled, all this patch does is add a flag called
COPY_FILE_RANGE_CLONE so that it will conform to the
rule that it must do a "copy on write" to completion.

The patch also adds a new pathconf(2) name _PC_CLONE_BLKSIZE,
which acquires the blocksize requirement for cloning and
returns 0 for file systems that do not support the
"copy on write" feature. (This is needed for the NFSv4.2
clone_blksize attribute.)

This patch will allow the implementation of CLONE
for NFSv4.2.

Reviewed by:	asomers
Differential Revision:	https://reviews.freebsd.org/D51808
2025-08-07 17:52:23 -07:00
Colin Percival e4c0ecba44 15.0: Update main to -PRERELEASE
This marks the start of the FreeBSD 15.0 release cycle; the tree is now
in "code slush".

Developers are encouraged to prioritize fixing bugs over adding new
featuresa t this time.  Commit approval from re@ is not required but
if new features introduce problems they may be removed from the
upcoming release.

Approved by:	re (implicit)
2025-08-07 17:04:34 -07:00
Dag-Erling Smørgrav eb41613d22 indent: Fix buffer overflow
The function used to create a backup of the input before starting work
used a static buffer and did not check that the file name it constructed
did not overflow.  Switch to using asprintf(), clean up the rest of the
function, and update some comments that still referred to an earlier
version of the code.

MFC after:	1 week
Sponsored by:	Klara, Inc.
Reviewed by:	bnovkov
Differential Revision:	https://reviews.freebsd.org/D51796
2025-08-08 01:34:07 +02:00
Dag-Erling Smørgrav 0ecc679fd3 indent: Simplify test script
Much of the test script was concerned with working around RCS tags and
dealing with cases which don't apply to indent.

MFC after:	1 week
Sponsored by:	Klara, Inc.
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D51795
2025-08-08 01:33:56 +02:00
Jari Sihvola 7d955e02b1 jh7110_pcie: Add StarFive JH7110 PCIe controller driver
JH7110 has two PCIE controller devices. First one is used by board's
integrated USB which has no driver. Switching PHY to USB mode is not
currently implemented. This functionality could be added in a form of a
separate PCIE PHY driver if needed. PHY is on by default and there's no
need to switch it on.

Pre/post_ithread and post_filter methods are not used for interrupt
masking since they are meant for level-triggered interrupts whereas
JH7110's MSI interrupts are edge triggered (and INTx interrupts do not
use this irqsrc scheme at all). Pre_ithread method is nevertheless used
for MSI bottom acking.

The driver has been tested with Kingston SNV2S NVME SSD The
functionality of INTx and MSI interrupts (as opposed to default MSIx)
has been tested by forcing NVME to use them.

Reviewed by:	mhorne
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D47919
2025-08-07 20:10:32 -03:00
Jari Sihvola 5bae2ace2e jh7110_gpio: Add StarFive JH7110 GPIO controller driver
Basic functionality implemented; fdt_pinctrl interface to be added in
the future.

Reviewed by:	mhorne
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D43034
2025-08-07 20:10:32 -03:00
Rick Macklem 0080571ee0 RELNOTES: Make an entry for Solaris style extended attributes 2025-08-07 15:42:24 -07:00
Simon J. Gerraty 5c4d1c8584 Replace license with just SPDX BSD-2-Clause 2025-08-07 15:15:37 -07:00
Rick Macklem 3a6c62e695 named_attribute.7: Add an explanation for a quirk
I thought I would be able to come up with a
ZFS patch to avoid the possibility of there
being two attributes with the same name for
a file. This can only occur if the two attributes
are created when xattr=sa and xattr=dir respectively.

I have not been able to fix this, so this patch
documents this quirk.

Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D51751
2025-08-07 14:12:37 -07:00
John Baldwin d21b513988 ctld: Be more explicit in a few uses of types to avoid potential ambiguity
This appeases -Wchanges-meaning warnings from GCC.

Sponsored by:	Chelsio Communications
2025-08-07 17:11:31 -04:00
John Baldwin ab328f4e33 ctld: Catch exceptions by reference instead of by value
Reported by:	GCC -Wcatch-value
Sponsored by:	Chelsio Communications
2025-08-07 17:11:22 -04:00
Rick Macklem e3ac01e18e kgssapi: Fix the kgssapi so that it can use MIT Kerberos
Without this patch, the kgssapi uses detailed knowledge
of the internal context structure for Heimdal (up to vers 1.5).
It also does four upcalls to the gssd daemon to establish
a server side RPCSEC_GSS context.

This patch adds support for three new upcalls:
gss_init_sec_context_lucid_v1()
gss_accept_sec_context_lucid_v1()
gss_supports_lucid()

These are used to determine if the gssd can do the upcalls
and uses them to avoid needing detailed Heimdal knowledge
if they are supported.

gss_init_sec_context_lucid_v1() and
gss_accept_sec_context_lucid_v1() return the information
needed to complete the RPCSEC_GSS context.
They use gss_krb5_export_lucid_sec_context() to acquire
the information from the libraries. (MIT Kerberos supports
this and I believe newer versions of Heimdal does, as well).

This avoids the need for detailed knowledge about MIT's
internals and replaces the 2 or 4 (initiator or acceptor) upcalls
with a single upcall to create the RPCSEC_GSS context.

The old Heimdal (up to 1.5) support is left intact, but should
be removed whenever Heimdal 1.5 is removed from /usr/src.

It also modifies the Makefile so that the gssd is only built
when MK_KERBEROS_SUPPORT != "no", since it is useless without
Kerberos.

Reviewed by:	cy
Differeential Revision:	https://reviews.freebsd.org/D51731
Differeential Revision:	https://reviews.freebsd.org/D51733
2025-08-07 14:02:32 -07:00
Cy Schubert 42cacae4eb ObsoleteFiles: Remove gssapi_krbt/gssapi.h
Noted by:	"Herbert J. Skuhra" <herbert@gojira.at>
2025-08-07 13:43:54 -07:00
Jean-Sébastien Pédron c0fc0facf8 linuxkpi: Call lkpi_fpu_safe_exec() in the implementation of kvmalloc()
`kvmalloc()` was a simple wrapper around the FreeBSD native `malloc()`.
Unlike the more involved implementation of `kmalloc()`, it didn't end
and being the FPU context around the actual call to `malloc()`.

This caused the following panic in the amdgup DRM driver:

    panic: malloc: called with spinlock or critical section held

... triggered by the call:

    struct dc_3dlut *lut = kvzalloc(sizeof(*lut), GFP_KERNEL);

(for the record, GFP_KERNEL is defined as M_WAITOK)

Replicating the same behaviour as `kmalloc()`, in other words, ending
the FPU context before the call to the underlying `malloc()`, and
beginning it again afterwards solves the problem.

Reviewed by:	olce
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D51557
2025-08-07 20:46:15 +02:00
John Baldwin 3c4b3bab19 chroot: Remove always-true checks
gid_t and uid_t are unsigned types, so the values are always >= 0.

usr.sbin/chroot/chroot.c: In function 'resolve_group':
usr.sbin/chroot/chroot.c:68:55: error: comparison of unsigned expression in '>= 0' is always true [-Werror=type-limits]
   68 |         if (errno == 0 && *endp == '\0' && (gid_t)gid >= 0 && gid <= GID_MAX)
      |                                                       ^~
usr.sbin/chroot/chroot.c: In function 'resolve_user':
usr.sbin/chroot/chroot.c:87:55: error: comparison of unsigned expression in '>= 0' is always true [-Werror=type-limits]
   87 |         if (errno == 0 && *endp == '\0' && (uid_t)uid >= 0 && uid <= UID_MAX)
      |                                                       ^~

Reported by:	GCC
Fixes:		91eb4d2ba4 ("chroot: slightly cleanup")
2025-08-07 14:26:46 -04:00
John Baldwin 2d76470b70 zfs: Fix build with GCC on 32-bit architectures
The presence of uint64_t in the expression promotes the entire
expression to uint64_t which is larger than uintptr_t on 32-bit
plaforms.

Note that this also fixes the build for lib32 libraries on 64-bit
platforms.

sys/contrib/openzfs/include/sys/zio.h: In function 'gbh_eck':
sys/contrib/openzfs/include/sys/zio.h:85:17: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast]
   85 |         return ((zio_eck_t *)((uintptr_t)gbh + size - sizeof (zio_eck_t)));
      |                 ^
2025-08-07 14:26:46 -04:00