Migrate to OpenSSL 3.5 in advance of FreeBSD 15.0. OpenSSL 3.0 will be
EOL after 2026-09-07.
Approved by: philip (mentor)
Sponsored by: Alpha-Omega Beach Cleaning Project
Sponsored by: The FreeBSD Foundation
Differential revision: https://reviews.freebsd.org/D51613
A small oversight in our implementation of \w is that it's actually
not strictly [[:alnum:]]. According to the GNU documentation, it's
actually [[:alnum:]] + underscore. The fix is rather trivial: just add
it to our set explicitly, and amend our test set to be sure that _ is
actually included.
PR: 287396
This stub isn't actually used on modern versions of OpenSSL for which
OpenSSH uses EVP_CIPHER_CTX_get_updated_iv instead via a wrapper macro.
However, the wrapper macro conflicted with the existing namespace
macro triggering an error on GCC:
In file included from crypto/openssh/sshd-session.c:65:
crypto/openssh/openbsd-compat/openssl-compat.h:71:11: error: "EVP_CIPHER_CTX_get_iv" redefined [-Werror]
71 | # define EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_get_updated_iv
| ^~~~~~~~~~~~~~~~~~~~~
In file included from <command-line>:
crypto/openssh/ssh_namespace.h:12:9: note: this is the location of the previous definition
12 | #define EVP_CIPHER_CTX_get_iv Fssh_EVP_CIPHER_CTX_get_iv
| ^~~~~~~~~~~~~~~~~~~~~
The error was masked on clang due to MIT krb5 adding a blanket
-Wno-macro-redefined. Building sshd-session without Kerberos support
was sufficient to trigger a warning from clang.
Reviewed by: des
Differential Revision: https://reviews.freebsd.org/D51810
This was previously included due to nested includes in Heimdal's
headers. Without this, the build fails with an error due to redefining
AT_FDCWD.
clang:
In file included from crypto/openssh/sshd-session.c:46:
/usr/obj/.../tmp/usr/include/fcntl.h:232:9: error: 'AT_FDCWD' macro redefined [-Werror,-Wmacro-redefined]
232 | #define AT_FDCWD -100
| ^
crypto/openssh/openbsd-compat/bsd-misc.h:69:10: note: previous definition is here
69 | # define AT_FDCWD (-2)
| ^
GCC (can't be disabled):
In file included from crypto/openssh/sshd-session.c:46:
sys/sys/fcntl.h:232:9: error: "AT_FDCWD" redefined [-Werror]
232 | #define AT_FDCWD -100
| ^~~~~~~~
In file included from crypto/openssh/openbsd-compat/openbsd-compat.h:218,
from crypto/openssh/includes.h:173,
from crypto/openssh/sshd-session.c:30:
openssh/openbsd-compat/bsd-misc.h:69:10: note: this is the location of the previous definition
69 | # define AT_FDCWD (-2)
| ^~~~~~~~
Reviewed by: des
Differential Revision: https://reviews.freebsd.org/D51809
Note: btw submitted a number of other things in this area that haven't
made it into the tree, so I'm making an exception to the no typo rule
since it was done in that context.
Submitted by: btw (Tiwei Bie GSOC 2015 so unsure what to use for author)
Differential Revision: https://reviews.freebsd.org/D3510
Tweak the language around several items, as well as making things less
overly verbose. In addition, tweak the language about names, idenity and
project requirements around it to match the policy and intentions more
closely. Much of this language was taken from a recent proposal in the
git mailing list and matches well how the project has accepted
contributions in the past. It's also been tweaked a bit since 'legal
name' seems like it should be well defined, but actually isn't
as well defined universally as on might think.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D51638
There is no need to support pre-12.0 (and thus pre-ino64) kernels in a
15.x libc.
Continue to check if the CPU supports these features before using them
and fall back as required.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D50732
This is still useful as an example use of the APIs in libnvmf similar
to nvmfdd, but this functionality is now provided in the base system
by ctld.
Sponsored by: Chelsio Communications
Revert a change that mistakenly used SCTP path state and the field name
`path-state` instead of the correct `conn-state` and `sctp_conn_state()`
call. This was introduced in 7b35b4d during the addition of libxo
support.
Fixes: 7b35b4d ("sockstat: add libxo support")
Reported by: Phil Shafer <phil@juniper.net>
Sponsored by: Google, LLC (GSoC 2025)
Pull Request: https://github.com/freebsd/freebsd-src/pull
Reviewed by: asomers
Extensively revised the manual page with clearer phrasing, better
structure, and corrected grammar throughout. Also fixed typos and
improved overall readability of the documentation.
Signed-off-by: Faraz Vahedi <kfv@kfv.io>
There have been too many issues with non-META_MODE incremental builds
recently, and it is clear that most users, even developers, were not
aware that the default had been switched.
This will be revisited once more work has been done to help prevent
future breakage.
This reverts commit ba373fca78.
Reviewed by: markj, jhb
Differential Revision: https://reviews.freebsd.org/D51828
This library only installs manual pages, so putting it in its own
package means we build a FreeBSD-libutil++-man package but not a
base FreeBSD-libutil++ package. Without a base package, the man
package can't be installed due to the missing dependency.
We don't really need a separate package for a few manpages, so move
it to clibs.
Reviewed by: des
Differential Revision: https://reviews.freebsd.org/D51756
gssd itself is only built when both MK_GSSAPI and MK_KERBEROS_SUPPORT
are enabled, but the init script and OptionalObsoleteFiles entries
only checked MK_GSSAPI. Check both variables everywhere.
Reviewed by: des
Differential Revision: https://reviews.freebsd.org/D51812
Even on a pkgbase system, it should be possible to use freebsd-update -j
to upgrade a non-pkgbase jail, at least for the time being. However,
the check_pkgbase() call came before get_params, so BASEDIR was always
set to /.
Make check_pkgbase() a pure function and call it after get_params().
While here, use pkg -r ${BASEDIR} instead of pkg -c ${BASEDIR} since the
latter requires root privileges. freebsd-update is supposed to be run
as root, but it doesn't actually check this that I can see, so let's not
make that assumption here since it affects the result of the function
(i.e., pkg -c ${BASEDIR} always fails as a non-root user).
Reviewed by: des
Fixes: 856e158dc4 ("freebsd-update: improve pkgbase check")
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D51770
Given IPPROTO_IPV4, IPPROTO_IPV6 and IPPROTO_ETHERIP have different
protocol numbers, then it is perfect valid to tunnel IPv4, IPv6 and
Ethernet traffic over IPv[46] by the same interface. Since gif(4) has
already utilized the inbound csum_data field to carry address family,
also teach if_bridge(4) to do that, rather than checking if a gif(4)
interface is member of a if_bridge(4) interface.
Without this fix, tunnel IPv[46] over IPv[46] will not work when the
gif(4) interface is member of a if_bridge(4) interface, aka the EtherIP
setup, as the address family passed from gif_output() will be overwritten
with the wrong one AF_LINK by gif_transmit(), and end up with incorrectly
encapsulated packets.
PR: 227450
Reviewed by: kp
Tested by: meta
Fixes: 8a03087223 gif(4): Assert that gif_output() isn't called for EtherIP
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D51682
Tunnel IPv[46] traffic over IPv[46] should still function when the
gif(4) interface is member of a if_bridge(4) interface, aka the
EtherIP setup.
PR: 227450
Reviewed by: kp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D51682
Cherry-pick commit 0b76c0a from ACPICA (actypes: Distinguish between
D3hot/cold, and default `ACPI_STATE_D3` to D3cold).
The same distinction is made between `PCI_POWERSTATE_D3_HOT` and
`PCI_POWERSTATE_D3_COLD`, as they're defined by ACPI (and are asserted
to be the same).
D3cold is essentially the same as D3hot except the power resources are
turned off. Add support for D3cold to `acpi_pwr_switch_consumer`.
`acpi_d_state_to_str` replaces the `printf("D%d", d_state)` pattern,
allowing for "D3hot" and "D3cold" strings to be printed instead of just
"D3".
Reviewed by: markj, ziaee, mckusick (mentor)
Approved by: markj, mckusick (mentor)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48384
System calls of type NORETURN don't return and their stubs are declare
not to.
Reviewed by: kevans, kib
Differential Revision: https://reviews.freebsd.org/D51673
exit(3) is implemented by the runtime and performs a number of shutdown
actions before ultimately calling _exit(2) to terminate the program. We
historically named the syscall table entry `exit` rather than `_exit`,
but this requires special handling in libc/libsys to cause the `_exit`
symbol to exist while implementing `exit` in libc.
Declare the syscall as `_exit` and flow that through the system.
Because syscall(SYS_exit, code) is fairly widely used, allow a
configured extra line in syscall.h to define SYS_exit to SYS__exit.
I've found no external uses of __sys_exit() so I've not bothered to
create a compatability version of this private symbol.
Reviewed by: imp, kib, emaste
Differential Revision: https://reviews.freebsd.org/D51672
Previously we (appropriately, but incorrectly) attempted to depend on
LIBC_NOSSP_PIC and LIBSYS_PIC for rtld_libc.a. Unfortunately,
variables in dependency lists are expanded at parse time and those
variables are defined in bsd.libnames.mk which *must* be included by
bsd.{lib,prog}.mk. As such, they were undefined and thus expanded to
the empty string resulting in no dependency with predictable and highly
confusing results.
Move the declaration of these dependencies to after the include of
bsd.prog.mk and add comments on both side in hopes of keeping any future
dependencies in sync.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D51790
To allow for Hardware-assisted AddressSanitizer (HWASAN) and future
work to enable MTE we need to enable TBI in userspace. As address space
that previously would have faulted will now not it could be considered
an ABI change so only enable for processes with a late enough revision.
Relnotes: yes
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D51637
Well, it does not really work and we are getting retransmits.
To replicate, set nfs.read_size large enough.
What needs to happen is, we read ethernet packet, if it has
IPv4 payload and that payload is fragment, we create reassembly
queue (sorted by growing fragment offset) and on last
fragment, we can build complete packet. Once done properly,
the network load can utilize larger read sizes.
While there, move ARP (and other) processing out of readipv4().
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D51690
grep|tee of the src/ tree for infrequently-occurring strings is fairly
annoying; drop some tactical flushes at line-match boundaries to reduce
the long stalls. In the case of `grep -o`, we'll flush after multiple
lines if there are multiple matches within a single line of text, while
for non`-o` we'll flush generally after every line.
Currently, jails are generally ignored when determining whether the
current process/thread can take action upon another, except to determine
if the target's jail is somewhere in the source's hierarchy. Notably,
uid 1001 in a jail (including prison0) can take action upon a process
run by uid 1001 inside of a subordinate jail by default.
While this could be considered a feature at times, it is a scenario
that really should be deliberately crafted; there is no guarantee that
uid 1001 in the parent jail is at all related to uid 1001 in a
subordinate.
This changes introduces three new privileges that grant a process
this kind of insight into other jails:
- PRIV_DEBUG_DIFFJAIL
- PRIV_SCHED_DIFFJAIl
- PRIV_SIGNAL_DIFFJAIL
These can be granted independently or in conjunction with the
accompanying *_DIFFCRED privileges, i.e.:
- PRIV_DEBUG_DIFFCRED alone will let uid 1001 debug uid 1002, but
PRIV_DEBUG_DIFFJAIL is additionally needed to let it debug uid 1002
in a jail.
- PRIV_DEBUG_DIFFJAIL alone will let uid 1001 debug uid 1001 in a jail,
but will not allow it to debug uid 1002 in a jail.
Note that security.bsd.see_jail_proc can be used for similar effects,
but does not prevent a user from learning the pid of a jailed process
with matching creds and signalling it or rescheduling it (e.g., cpuset).
Debugging is restricted by visibility in all cases, so that one is less
of a concern.
This change adds a new jail(8) parameter for the parent to indicate on
a per-jail basis if its users are open to being tampered with by the
parent's unprivileged users: allow.unprivileged_parent_tampering. This
is disabled by default, but may be enabled to bypass the new priv(9)
checks in some scenarios where the functionality is useful. For
development setups that involve regularly debugging jailed processes
from outside the jail, consider adding a default
`allow.unprivileged_parent_tampering;` to your /etc/jail.conf.
This may get MFC'd in the future with the default flipped to preserve
pre-existing behavior but allow opt-in for the new position sooner.
Reviewed by: jamie
Differential Revision: https://reviews.freebsd.org/D51645
The current setup means that we can't add an allow flag in sys/jail.h
that's disabled by default without removing it from the pr_flags
assignment in kern_jail.c. That's technically fine, but I think it's
better to make it more prevalent at the PR_ALLOW_* definition site so
that it's top-of-mind when adding a new flag.
This is a preparatory change for adding an allow flag that prison0 will
also have disabled by default, but with an allow.* knob and sysctl to
enable it.
Reviewed by: jamie
Differential Revision: https://reviews.freebsd.org/D51656
NFSv4 has a separate CLONE operation from COPY with
a couple of semantics differences. Unlike COPY, CLONE
must complete the "copy on write" and cannot return
partially copied. It also is required to use offsets (and
the length if not to EOF) that are aligned to a buffer
boundary.
Since VOP_COPY_FILE_RANGE() can already do "copy on write"
for file systems that support it, such as ZFS with block
cloning enabled, all this patch does is add a flag called
COPY_FILE_RANGE_CLONE so that it will conform to the
rule that it must do a "copy on write" to completion.
The patch also adds a new pathconf(2) name _PC_CLONE_BLKSIZE,
which acquires the blocksize requirement for cloning and
returns 0 for file systems that do not support the
"copy on write" feature. (This is needed for the NFSv4.2
clone_blksize attribute.)
This patch will allow the implementation of CLONE
for NFSv4.2.
Reviewed by: asomers
Differential Revision: https://reviews.freebsd.org/D51808
This marks the start of the FreeBSD 15.0 release cycle; the tree is now
in "code slush".
Developers are encouraged to prioritize fixing bugs over adding new
featuresa t this time. Commit approval from re@ is not required but
if new features introduce problems they may be removed from the
upcoming release.
Approved by: re (implicit)
The function used to create a backup of the input before starting work
used a static buffer and did not check that the file name it constructed
did not overflow. Switch to using asprintf(), clean up the rest of the
function, and update some comments that still referred to an earlier
version of the code.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: bnovkov
Differential Revision: https://reviews.freebsd.org/D51796
Much of the test script was concerned with working around RCS tags and
dealing with cases which don't apply to indent.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D51795
JH7110 has two PCIE controller devices. First one is used by board's
integrated USB which has no driver. Switching PHY to USB mode is not
currently implemented. This functionality could be added in a form of a
separate PCIE PHY driver if needed. PHY is on by default and there's no
need to switch it on.
Pre/post_ithread and post_filter methods are not used for interrupt
masking since they are meant for level-triggered interrupts whereas
JH7110's MSI interrupts are edge triggered (and INTx interrupts do not
use this irqsrc scheme at all). Pre_ithread method is nevertheless used
for MSI bottom acking.
The driver has been tested with Kingston SNV2S NVME SSD The
functionality of INTx and MSI interrupts (as opposed to default MSIx)
has been tested by forcing NVME to use them.
Reviewed by: mhorne
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D47919
I thought I would be able to come up with a
ZFS patch to avoid the possibility of there
being two attributes with the same name for
a file. This can only occur if the two attributes
are created when xattr=sa and xattr=dir respectively.
I have not been able to fix this, so this patch
documents this quirk.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D51751
Without this patch, the kgssapi uses detailed knowledge
of the internal context structure for Heimdal (up to vers 1.5).
It also does four upcalls to the gssd daemon to establish
a server side RPCSEC_GSS context.
This patch adds support for three new upcalls:
gss_init_sec_context_lucid_v1()
gss_accept_sec_context_lucid_v1()
gss_supports_lucid()
These are used to determine if the gssd can do the upcalls
and uses them to avoid needing detailed Heimdal knowledge
if they are supported.
gss_init_sec_context_lucid_v1() and
gss_accept_sec_context_lucid_v1() return the information
needed to complete the RPCSEC_GSS context.
They use gss_krb5_export_lucid_sec_context() to acquire
the information from the libraries. (MIT Kerberos supports
this and I believe newer versions of Heimdal does, as well).
This avoids the need for detailed knowledge about MIT's
internals and replaces the 2 or 4 (initiator or acceptor) upcalls
with a single upcall to create the RPCSEC_GSS context.
The old Heimdal (up to 1.5) support is left intact, but should
be removed whenever Heimdal 1.5 is removed from /usr/src.
It also modifies the Makefile so that the gssd is only built
when MK_KERBEROS_SUPPORT != "no", since it is useless without
Kerberos.
Reviewed by: cy
Differeential Revision: https://reviews.freebsd.org/D51731
Differeential Revision: https://reviews.freebsd.org/D51733
`kvmalloc()` was a simple wrapper around the FreeBSD native `malloc()`.
Unlike the more involved implementation of `kmalloc()`, it didn't end
and being the FPU context around the actual call to `malloc()`.
This caused the following panic in the amdgup DRM driver:
panic: malloc: called with spinlock or critical section held
... triggered by the call:
struct dc_3dlut *lut = kvzalloc(sizeof(*lut), GFP_KERNEL);
(for the record, GFP_KERNEL is defined as M_WAITOK)
Replicating the same behaviour as `kmalloc()`, in other words, ending
the FPU context before the call to the underlying `malloc()`, and
beginning it again afterwards solves the problem.
Reviewed by: olce
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D51557
The presence of uint64_t in the expression promotes the entire
expression to uint64_t which is larger than uintptr_t on 32-bit
plaforms.
Note that this also fixes the build for lib32 libraries on 64-bit
platforms.
sys/contrib/openzfs/include/sys/zio.h: In function 'gbh_eck':
sys/contrib/openzfs/include/sys/zio.h:85:17: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast]
85 | return ((zio_eck_t *)((uintptr_t)gbh + size - sizeof (zio_eck_t)));
| ^