A new manpage and any associated links will be added in the next commit.
MFC after: 1 day (the security issues warrant a quick backport).
MFC with: 10a428653e
This change brings in version 3.5.6 of OpenSSL, which features
several security fixes (the highest of which is a MEDIUM severity
issue), as well as some miscellaneous feature updates.
Please see the release notes [1] for more details.
PS Apologies for the confusing merge commits -- I was testing out a
new automated update process and failed to catch the commit message
issues until after I pushed the change.
1. https://github.com/openssl/openssl/blob/openssl-3.5.6/NEWS.md
MFC after: 1 day (the security issues warrant a quick backport).
Merge commit 'ab5fc4ac933ff67bc800e774dffce15e2a541e90'
This is motivated by the following race in the ZFS zvol code.
When a zvol is created, we create a GEOM-backed zvol, which results in a
/dev/zvol/<zvol path> device file, created by GEOM::dev. If volmode=dev
is specified, zvol_set_volmode_impl() will wither the GEOM, then create
a device file with the same name. This sometimes fails because
g_wither_geom() is asynchronous, so we end up trying to create a device
file while the old one still exists. I want to fix this by adding a
g_waitidle() call to zvol_os_remove_minor().
g_waitidle() is not sufficient: GEOM::dev does not destroy the device
until g_dev_orphan() is called. (In fact the device destruction is
asynchronous too, but the delist_dev() call is sufficient to address
this race.) So, I propose modifying g_waitidle() to block until
orphaned providers are processed.
PR: 258766
Reviewed by: mav, imp, kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D55049
Add error numbers to the exit codes so that readers can decode them
without having to use a separate utility. Organize exits by error code.
Mark up the error constants with the error constant macro, even though
this is really not very helpful because people will search for the error
code, the macro is explicitly for the constants and not the codes.
While where, align and alphabetize the options list as well, fix
misaligned padding in an example, and a one-sentance-per-line error.
MFC after: 3 days
Reported by: Antranig Vartanian <antranigv@freebsd.am>
Differential Revision: https://reviews.freebsd.org/D48470
As soon as we need information from the hardware frame annotation to
make sure that checksums of the ingress frames were verified by the
DPAA2 HW, I've decided to make a preparation and extracted all of the
frame related routines into the separate dpaa2_frame.[h,c] along with
some clean up and improvements, e.g. no more dpaa2_fa, but dpaa2_swa
and dpaa2_hwa structures to describe software and hardware frame
annotations respectively, dpaa2_fa_get_swa/dpaa2_fa_get_hwa to obtain
those annotations from the frame descriptor. The next step is to
implement dpaa2_fa_get_hwa.
PR: 292006
Approved by: tuexen
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56315
* Use ourselves as test file instead of /COPYRIGHT, which may or may not
be present in the test environment.
* atf-check understands \n in strings, use it.
* Some file systems don't like creating small holes, so create large ones
instead. This means we need two variables: ps (page size) is the
minimum size of a data region and the alignment for a hole, while hs
(hole size) is the minimum size of the holes we create. This makes no
difference on FreeBSD but makes it easier to port the test to other
platforms.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D56304
We've compiled it since the LLVM 13 import in 2021, but for some reason
never exported it. A user of CheriBSD recently caused Morello LLVM to
emit a reference to it so finish the job and export it.
Reviewed by: dim, emaste
Fixes: 6e75b2fbf9 ("Merge llvm-project release/13.x llvmorg-13.0.0-rc1-97-g23ba3732246a")
MFC after: 1 week
Sponsored by: DARPA, AFRL
See also: https://github.com/CTSRD-CHERI/cheribsd/issues/2614
Differential Revision: https://reviews.freebsd.org/D56310
linprocfs_doauxv() allocates an automatic sbuf before validating
whether the requested read can be satisfied.
When the computed auxv read length exceeds IOSIZE_MAX, or when the
buffer length is too big, the function returns early without
releasing the sbuf.
Route these early exits through a shared cleanup path so the sbuf is
always deleted after sbuf_new_auto() succeeds.
Signed-off-by: Shunchao Hu <ankohuu@gmail.com>
Reviewed by: des, spmzt, zlei, aokblast
MFC after: 2 weeks
Pull Request: https://github.com/freebsd/freebsd-src/pull/2118
This also adds the aarch64 symbols, exporting them.
Reported and tested by: fluffy
Reviewed by: emaste
Fixes: 3a01e1e1a5
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D56283
Add the tests/sys/arch directory for architecture-specific tests and
use it to add arm64 SVE tests. These test the kernel is managing the
SVE state in a way we expect.
These tests require SVE hardware support to run so will skip when they
can't detect it.
Reviewed by: markj
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D43311
- When allocating a page, we should only consider the PG_ZERO flag when
handling the top-level page.
- Unconditionally reset the flag when restarting the fault handler.
Previously, vm_fault_busy_sleep() would fail to reset it.
PR: 294039
Reviewed by: kib
Tested by: Peter Much <pmc@citylink.dinoex.sub.org>
MFC after: 3 days
Fixes: cff67bc43d ("vm_fault: only rely on PG_ZERO when the page was newly allocated")
Differential Revision: https://reviews.freebsd.org/D56234
Commit a223d6c489 made most of the ip6_mroute state per-VNET, but
failed to do this for a couple of counter structures. Make them
per-VNET too.
Reported by: zlei
Reviewed by: pouria, zlei
Fixes: a223d6c489 ("ip6_mroute: Start putting global variables into a structure")
Differential Revision: https://reviews.freebsd.org/D56253
In the sb == NULL case, we are computing the size of the note using a
dummy sbuf drain handler which counts bytes and discards the contents of
the buffer, so the fact that "structsize" is uninitialized doesn't
matter. But, the compiler may complain about this, so we might as well
just initialize it unconditionally to silence the warning, as other
handlers already do.
PR: 292811
MFC after: 1 week
The unit tests are patterned after those for memrchr().
This catches the issue found in 293915.
PR: 293915
Reviewed by: strajabot
Reported by: safonov.paul@gmail.com
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56037
This allows something like the following local.lua to install a filter
to implement its own notion of hidden BEs using a naming convention of
a leading dot to hide them:
-- file: /boot/lua/local.lua
local core = require("core")
local function be_hide(be)
if core.isSingleUserBoot() then
-- All BEs are accepted for single-user
return true
end
local name = be:match("/([^/]+)$")
if not name then
-- Accept malformed BEs, for whatever reason
return true
end
return name:match("^%.") == nil
end
if core.bootenvFilter then
-- Just in case we need to be compatible with older versions of
-- core.lua without the filtering functionality.
core.bootenvFilter(be_hide)
end
-- EOF
Requested by: Marek Zarychta
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55359
* The f_flag test may fail if a component of the full path to the
temporary directory is a symbolic link.
* The n_flag test had an empty head; give it a description.
* Use consistent quoting.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D56293
Enable macros and includes by default as this is breaking package
building on HEAD. libucl 0.9.3 by default changed the behavior of
includes and macros. These were previously enabled but it switched to
disabled which breaks the package building in HEAD. This is a temporary
workaround for now to fix the package building specially for
releng/15.0. This might be reverted post EOL of 15.0 in the coming
months.
Reported by: ivy
Fixes: abda442d92 ("contrib/libucl: Import libucl 0.9.3")
Tested by: ivy
Approved by: ivy, kevans
Differential Revision: https://reviews.freebsd.org/D56294
sizeof(*sc->sc_ipimasks) * mp_maxid + 1 is parsed as
(sizeof(*sc->sc_ipimasks) * mp_maxid) + 1, so the buffers were one byte
short of a full (mp_maxid + 1) element count. Multiply by (mp_maxid + 1)
for sc_ipimasks and sc_cpuids.
Signed-off-by: Weixie Cui <cuiweixie@gmail.com>
Reviewed-by: kevans, ngie
Pull-Request: https://github.com/freebsd/freebsd-src/pull/2112
This change adds OpenSSL 3.5.6 from upstream [1].
The 3.5.5 artifact was been verified via PGP key [2] and by SHA256 checksum [3].
This is a security release, but also contains several bugfixes.
More information about the release (from a high level) can be found in
the release notes [4].
1. openssl-3.5.6.tar.gz
2. openssl-3.5.6.tar.gz.asc
3. openssl-3.5.6.tar.gz.sha256
4. https://github.com/openssl/openssl/blob/openssl-3.5.6/NEWS.md
Move is_restricted_var() to libsa/environment.c so it can be leveraged
by boot_setenv called from subr_boot with not truted input.
Also, allow for local tuning via ENV_IS_RESTRICTED_ALLOWED_LIST and
ENV_IS_RESTRICTED_LIST
Sponsored by: Hewlett Packard Enterprise Development LP.
Reviewed by: kevans, imp
Differential Revision: https://reviews.freebsd.org/D56287
Commit 8b9775912c added support for an NFSv4 mounted
root file system, but only if the NFSv4 configuration
used id numbers in the strings.
This patch adds support for the case where the NFSv4
configuration uses name<-->id mappings via nfsuserd(8)
by priming the mapping cache with just enough entries
so that it works until the nfsuserd(8) is running.
They are listed in nfs_prime_userd[] in
sys/fs/nfs/nfs_commonsubs.c.
The entries in nfs_prime_userd[] are also wired into
the kernel's cache for name<-->id mappings when nfsuserd(8)
starts up. This is necessary, since an upcall to the
nfsuserd(8) daemon for a mapping when looking up the
path to the passwd/group database files (/etc) will
hang the system, due to a vnode lock being held on
the entry in the path which blocks nfsuserd(8) from
accessing files.
To enable this case, the following must be put in the
NFS root file system's /boot/loader.conf:
boot.nfsroot.options="nfsv4"
boot.nfsroot.user_domain="<user.domain>"
where <user.domain> must be the same as nfsuserd
uses (usually set via the -domain flag).
If boot.nfsroot.user_domain does not exist or is
the empty string, ids is strings is configured.
MFC after: 1 week
Requested by: Dan Shelton <dan.f.shelton@gmail.com>
Fixes: 8b9775912c ("nfs_diskless: Add support for an NFSv4 root fs")
I think this is cleaner than playing around with return values.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56264
These still haven't been implemented by the original author, and there
doesn't seem to be much use for them anyway.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56239
This change adds the ability to examine the contents of multicast
routing tables for other FIBs without the need for executing
`netstat` with `setfib(1)`.
MFC after: 3 days
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D56205
Reviewed by: glebius, markj, zlei
Rather than trust that the compiler will lay out the stack frame the
way we expect it to, use a union to force the correct alignment.
MFC after: 1 week
Fixes: 616f47f176 ("tunefs: Fix alignment warning on arm64")
Reviewed by: kevans, mckusick
Differential Revision: https://reviews.freebsd.org/D56245
To avoid breaking the build due to incompatible changes in flua or lua
libraries on the host, use the bootstrap flua for the package build.
MFC after: 2 weeks
Reviewed by: kevans, emaste
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D56271
We want to use flua from the source tree (not the host) during package
build, firstly to protect us from breaking changes in lua or libucl,
and secondly to allow (in future) cross-building of packages from
Linux or macOS.
Since we don't know if the user will be building packages during the
bootstrap phase, and because flua is fairly small and generally useful,
build it as a bootstrap tool unconditionally.
MFC after: 2 weeks
Reviewed by: kevans, emaste
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D56270
Recurring banners except the first are printed just after the latest
interval's statistics line, giving the false impression that the latter
are omitted. It is also better to print a new banner only if it is
going to be followed by a new line of statistics, in case netstat(1) is
interrupted or we have reached the number of iterations specified by
'-q'.
Fix this by pushing printing these banners inside the loop producing
statistics lines, after having waited for the next interval.
The first banner is printed before the loop, as we want it to be printed
immediately at launch, even if at this point we do not have statistics
to display (we have to wait for an interval to compute these, as they
are based on a difference).
While here, remove the 'goto' spaghetti by putting banner printing into
its own private function and using a proper infinite loop in
sidewaysintpr().
While here, document the why of the 21 statistics line span between two
banners.
While here, check for the number of output lines of statistics once such
a line has effectively been printed. This allows to remove the internal
incrementation performed when reading '-w''s argument, which was a hack
to compensate the misplaced check.
While here, in the manual page, simplify the description of the '-w'
mode and mention that passing 0 to '-q' means "no count limit".
Reviewed by: glebius
Fixes: 84c1edcbad ("Rewrite netstat/if.c to use ...")
Fixes: bf10ffe1d3 ("Add a new option, -q howmany, ...")
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56227
To be more robust since the checking is now performed where the
interface is referenced.
While here, remove a redundant check from if_vmove_loan().
Reviewed by: kp, glebius, pouria
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D55875
This is used by the i915 DRM driver for some time to log more details
about a GPU error, but the code was commented out.
Reviewed by: emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56282
The amdgpu DRM driver started to use it in Linux 6.11.
Reviewed by: bz, emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D55740
There are the same as `MIN()` and `MAX()` except that they take a type
to cast both arguments to compare.
The DRM generic code started to use it in Linux 6.11.
Reviewed by: bz, emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D55739
This in the Linux version of `struct resource`, not the FreeBSD native
structure.
The amdgpu DRM driver started to use it in Linux 6.11.
Reviewed by: bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D55737
To be exact, there was a dummy file with no content before. This commit
defines `struct mfd_cell` and adds two function stubs.
The function stubs are not implemented but still return success. They
log a message to indicate they need to be implemented.
Also, unlike Linux, <linux/mfd/core.h> includes <linux/ioport.h>. This
works around the fact that we can't include <linux/ioport.h> from
<linux/pci.h>, due to a conflict with the FreeBSD-native `struct
resource`.
The amdgpu DRM driver started to use it in Linux 6.11.
Reviewed by: bz, emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D55736