This patch got accidentally left out when libdiff was imported. The
rest of the code (command-line option etc.) was present, just not the
part that actually prints ANSI color codes.
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D46873
The variable struct pd->nat_rule is set only during rule evaluation, that
is only for the first packet of a connection. Use struct pf_kstate->nat_rule
instead.
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D46867
Ensure that we don't conflict with other inetd processes running in other jails
by setting an explicit pid file (rather than relying on the default /var/run/
inetd.pid). This could lead to failure to start inetd, which in turn could cause
test failures.
Sponsored by: Rubicon Communications, LLC ("Netgate")
An upcoming refactor appends do-not-merge comments to all headers
centrally to do the same to reduce the final diff. Headers also start
with a comment line (for /*) and end with a blank line.
As for the consumer `enc_add_hhooks()`, `hhook_add_hook()` will never
fail for the given parameters. Meanwhile, to build the module if_enc(4),
at least option INET or INET6 is required, so no need for the error
EPFNOSUPPORT.
No functional change intended.
Reviewed by: ae
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D46770
This simplifies the code slightly, and brings us closer to the OpenBSD code.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46707
Reduces code and fixes a bunch of bugs with fragment handling not being in sync
with the rest of the ruleset.
Much feedback from mpf, bluhm & markus
Thanks to Tony Sarendal for help with testing
ok bluhm; various previous versions ok henning, claudio, mpf, markus
Note that while this changes the order of src addr/src port/dst addr/dst port
skips this doesn't actually affect the kernel/userspace ABI. The kernel always
recalculates skip steps. As a result we have to fix one of the pfctl parser
tests. Note that this is an order change that does not affect what packets are
acceppted or dropped.
Obtained from: OpenBSD, mcbride <mcbride@openbsd.org>, 04c69899a7
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46705
nfsrv_freeopen() was being called after the mutex
lock was released, making it possible for other
kernel threads to change the lists while nfsrv_freeopen()
took the nfsstateid out of the lists.
This patch moves the code around
"if (nfsrv_freeopen(stp, vp, 1 p) == 0) {"
into nfsrv_freeopen(), so that it can remove the nfsstateid
structure from all lists before unlocking the mutex.
This should avoid any race between CLOSE and other nfsd threads
updating the NFSv4 state.
The patch does not affect semantics when vfs.nfsd.enable_locallocks=0.
PR: 280978
Tested by: Matthew L. Dailey <matthew.l.dailey@dartmouth.edu>
MFC after: 1 week
This changeset started two years ago, but the entry was not tweaked upon
final commit to reflect reality.
Fixes: e7a629c851 ("libmd, kern, stand: consolidate md5 [...]")
Visibility can get complicated when, e.g., ifuncs are involved. In
particular, SHA256/SHA512 on aarch64 use ifuncs for their _Transform
implementations, which then exposes global symbols of the same name that
break things trying to statically link both libcrypto and libmd.
Revert this part of the _Transform removal to fix the pkg-static build
on aarch64.
Fixes: 81de655acd ("libmd: stop exporting Transform() symbols")
They all were experimental and some comments refer to internal Netflix
versions. There is not reason to leak that into the header. Style unused
options so that they have the available value aligned with really used
values.
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D46779
When the sysctl-variable net.inet.ip.accept_sourceroute is non-zero,
an mbuf would be leaked when processing a SYN-segment containing an
IPv4 strict or loose source routing option, when the on-stack
syncache entry is used or there is an error related to processing
TCP MD5 options.
Fix this by freeing the mbuf whenever an error occurred or the
on-stack syncache entry is used.
Reviewed by: markj, rscheff
MFC after: 1 week
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D46839
In chroot mode tzsetup prepended the chroot path to the symlink target,
which is not correct. Use the same path for the symlink regardless of
chroot mode.
PR: 281332
Reported by: scf, Herbert J. Skuhra
Reviewed by: olce
Fixes: 5e16809c95 ("tzsetup: symlink /etc/localtime instead of co...")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46725
Use explicit atomic load/store operations for all producer and consumer
head and tail accesses. This allows us to remove the volatile
annotation from these variables.
Reviewed by: alc, imp, kib, markj
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D46380
Add a threaded test for buf_ring.h used to help find issues with it on
architectures with a weak memory order.
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D46158
Check enqueue works correctly when the offsets overflow
Reviewed by: imp
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D46156
Add a simple test for sys/buf_ring.h. This enqueues and dequeues items
in the buf_ring to ensure the simple operations are correct.
There are no checks for multiple threads operating on buf_ring_enqueue
or buf_ring_dequeue_mc as they can be probabilistic and depend on the
architecture memory model.
Reviewed by: markj
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D46147
When the FreeBSD/arm64 port was created we only supported FDT. We now
also support ACPI, and have for many years. When this support was
added we kept FDT as the default.
There are some setups where both ACPI tables and a FDT DTB are passed
into the kernel. In most of these cases the DTB is only used to pass
in minimal information.
To handle the cases where both are passed in prefer ACPI over FDT.
Reviewed by: bz, imp, emaste
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D46750
Report when SVE is present and allow it to be used by calling
sve_restore_state on an SVE exception from userspace.
Reviewed by: kib
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D43310
As with floating point instructions don't trap SVE instructions to the
hypervisor. This lets us handle then in the kernel.
Reviewed by: imp (earlier version)
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D43303
Add the NT_ARM_SVE note type and use it to access the SVE registers
from ptrace. This allows userspace to modify the full SVE register
values.
Try to follow the Linux semantics to allow debuggers to use this with
minimal changes.
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D43309
To allow for user space to read the SVE vector length add a sysarch
handler to return the value to userspace.
Reviewed by: imp
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D43308
Use the new extended register support in the arm64 signal frame to
handle the SVE registers.
As these registers alias the VFP registers we use the floating point
register values to restore the lower bits of the SVE registers. This
is to support software that doesn't understand SVE to continue working.
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D43307
Add initial kernel support for SVE. This detects if SVE is present on
all CPUs, and if so allows for the use of SVE in the future.
As the SVE registers are a superset of the VFP registers we don't need
to restore the VFP registers when SVE is enabled.
Ths interface to enable SVE is provided, but not used until SVE is
supported in signals and with ptrace.
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D43306
The program copies an input buffer to an output buffer without verifying
that the size of the input buffer is less than the size of the output
buffer, leading to a buffer overflow.
Inside the function pci_vtcon_control_send, the length of the iov buffer
is not validated before copy of the payload.
Reported by: Synacktiv
Reviewed by: markj
Security: HYP-19
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46105
Split pf_map_addr() into 2 functions:
- pf_map_addr() handles just the address mapping algorithms, it is used
in pf_route() and pf_route6() in case of stateless route-to, where
source nodes would never be created
- pf_map_addr_sn() handles source nodes and calls pf_map_addr() for
address mapping algorightms, it is used everywhere else, like NAT
rules, which are always stateful
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D46776
- Provide a sys/md4.h in the cross-build environment to fix bootstrap
of libmd.
- flua now exposes WTRAPPED which isn't incredibly common- make it
conditional, we probably won't be using it in any bootstrap context
any time soon.
Fixes: 442e0975ee ("Consolidate md4 implementations written in C")
Fixes: c2caf3b331 ("flua: posix: add more useful functions [...]")
unistd:
- _exit
- close
- fork
- getpid
- pipe
- read
- write
libgen:
- basename, dirname
stdlib:
- realpath
These are sufficient for a number of real world scenarios. In our first
application of them, we use the libgen+stdlib additions to grab the
script dir based on argv[0]. The unistd assortment is then used to
outsource a bunch of work to forks and report back to the main process.
Reviewed by: emaste, imp
Differential Revision: https://reviews.freebsd.org/D39083
These are reportedly likely to be specific to SSLeay's implementation
and likely not needed here. At the very least they shouldn't be used
by consumers, so let's kick them out now while we're already prepared
for a libmd soversion bump.
Requested by: delphij, fuz
They're not documented in libmd and we don't have any consumers. It's
problematic to keep them exported, as we don't currently export their
implementations. Make them all private.
PR: 280784 (exp-run)
Reviewed by: fuz
Differential Revision: https://reviews.freebsd.org/D34503
The drivers just had a small issue, passing a literal string as
non-const. Fix it and lift WARNS.
PR: 280784 (exp-run)
Reviewed by: delphij, emaste
Differential Revision: https://reviews.freebsd.org/D34501
Make us a little less reliant on individuals running the tests, we'll
start running them as part of CI.
PR: 280784 (exp-run)
Reviewed by: delphij
Differential Revision: https://reviews.freebsd.org/D34500