bhyve's -p allows to pin guest's virtual CPU vcpu to hostcpu, however
this becomes very tedious work when you have to pin more than a single
CPU.
This allows to pass a range to -p, e.g. -p 0-3:4-7 which will pin the
cpus 0:4, 1:5, 2:6, 3:7. The ranges must be equal and the CPU numbers
must be ascending.
Sponsored by: Armenian Bioinformatics Institute
Reviewed by: corvink, markj
Tested by: bnovkov
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D54937
The common case for etcupdate is to run it after building and installing
the world, in which case we already have an object directory to draw on.
Add a -b option to turn nobuild off (opposite of -B), and turn nobuild
on by default.
MFC after: 1 week
Reviewed by: jhb, emaste
Differential Revision: https://reviews.freebsd.org/D57306
The unquote() function took a const char * parameter but modified the
string in-place (removing quote characters). Change the parameter to
char * and update callers that passed const char * to cast explicitly.
The 'name' variable could be left uninitialized if neither the
positional argument nor -n is supplied, leading to undefined
behavior when passed to getgroup().
pfctl doesn't like empty anchors (-a ''), but we can specify the root
anchor as '/' too, so do that instead.
PR: 295324
Tested by: Paweł Krawczyk
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Since virtual_oss is now part of base, there is no reason not to provide
an installer option to enable it, and make it more visible to new users,
who might also benefit from the devd rules in /etc/devd/snd.conf, which
use virtual_oss, as well as 8532b4a436 ("rc: virtual_oss: Create a
loopback device in the default configuration").
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: ivy
Pull-Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/31
Restore exporting DISTRIBUTIONS to make it available to other scripts.
Reviewed by: imp, asomers
Fixes: dc14ae4217 ("bsdinstall: do pkgbase installations with the "script" command")
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D57319
The error messages ctld emits when it finds a port or LUN it did not
create were inconsistent with each other as well as with ctld's other
error messages.
MFC after: 1 week
Sponsored by: Klara, Inc.
Sponsored by: NetApp, Inc.
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D57270
When saving a coredump, savecore(8) maintains .last symlinks for the
info and vmcore artifacts, but not for the crashinfo text report.
Make crashinfo(8) create the link, pointing at the current
core.txt.<bounds> file.
This makes /var/crash/core.txt.last track the same core dump as
info.last and vmcore.last.
[mhorne: I tweaked the submission, such that the link will be created as
soon as the core.txt.X file is generated; not only after a successful
report has been written.]
Signed-off-by: Ricardo Branco <rbranco@suse.de>
Reviewed by: mhorne
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/2199
This particular calls swaps the samples and maxchan arguments, which can
cause a buffer overflow in p_ch_chain if maxchan exceeds its bounds
(VMAX_CHAN).
Reported by: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Reviewed by: emaste
This doesn't really matter, as we trust that the installer tarballs are
not malicious, but it doesn't hurt to set these flags.
Reported by: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57274
Commit 969876fcee moved struct pport from being per-configuration to
being a "global" object shared across multiple configurations. As a
result, the check for duplicate ports actually spanned across
configurations, such that reloading a configuration would now think
that existing physical ports were already linked.
The linking field in pport added in the C++-ification (commit
6acc7afa34) faithfully replicated this bug (albeit simpler as I had
noticed that the TAILQ links weren't used after the earlier commit).
To restore the desired behavior, remove the linking field from struct
pport entirely and use a local unordered_map in conf::add_pports which
tracks if a given pport is claimed by more than one target.
PR: 293076
Reported by: Ken J. Thomson <thomsonk@yandex.com>
Fixes: 969876fcee ("ctld: parse config file independently of getting kernel info")
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D57093
- Normalize ioctl port names when the port name is first added to
the configuration. This can catch potential duplicate port names
sooner and helps with other parts of this change.
- When recognizing existing ioctl ports, always expand the name to
include the physical and virtual port numbers. This permits binding
ioctl/0/0 or ioctl/1/0 to a target, for example.
- When adding physical ports to a target, first check for an existing
kernel port to reuse. This handles both ioctl and non-ioctl ports
and removes the need for the conf::add_port method for ioctl ports
to check in kports.
- If an existing kport isn't found when adding physical ports, check
to see if the port name is an ioctl port. If so, call conf::add_port
to add an ioctl port. This add_port method overload is now simpler
as it always creates a new port.
NB: The kernel_port class handles CTL ports that already existed
before ctld started including existing ioctl ports, whereas the
ioctl_port class handles ioctl ports that are created and completely
managed by ctld. This was true before this change but is perhaps more
obvious after this change.
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D57092
Previous script called acpiconf(8) (or apm(8) if ACPI wasn't supported,
although this was anyway redundant because APMIO just uses ACPI now).
Since a new generic power management interface was introduced, this isn't
sufficient, as this would only work for ACPI systems and for ACPI S3 suspend
(so no way to select suspend-to-idle). Rewrite in C to take advantage of the
new power interface.
We may want to add a switch to manually override the kern.power.suspend sysctl,
which is otherwise what the power device uses to decide which suspend type to
switch to (suspend-to-idle or firmware suspend), but this will require us to
amend the power interface.
Reviewed by: olce, imp, mhorne, ziaee
Tested by: mhorne
Approved by: olce, imp, mhorne, ziaee
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56918
This includes:
- seg_max, the number of segments allowed in a single command
- {ctl,evt,req}_ringsz, the number of descriptors in a queue
- thr_per_q, the number of processing threads per request queue
- num_queues, the number of request queues
Reviewed by: markj
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D54073
In order to support multiple backends for virtio-scsi, we should isolate
the core of virtio-scsi from the backend-specific code. The existing
interface to CTL will become the new "CTL" backend for virtio-scsi.
Care has been taken to keep compatibility with previous configurations:
The first backend linked (CTL) will be the default backend if none is
specified, and it does provide a default configuration if no further
options such as targets are explicitly configured.
Reviewed by: markj
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D53223
Currently, all I/O requests are queued internally, and a number of
threads will pick I/O requests of the queue and send them to CTL with
a synchronous CTL_IO ioctl. On the other hand, TMF requests are sent
to CTL immediately using the same synchronous ioctl.
Besides being unworkable for non-CTL backends such as for SCSI
passthrough, this simple approach may easily run into situations
where a TMF request operating on a particular I/O request is sent
to CTL while it is still on our queue and thus unknown to CTL.
In addition, for target and/or LUN resets we should really clear
our queue and return all outstanding I/O requests with a proper
status.
Reviewed by: markj
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D53222
Currently, virtio-scsi supports only one target with 16383 LUNs, which
fits nicely with what CTL provides. It would be useful to support more
than that, multiple targets each with 16383 LUNs.
While this can be useful with CTL by attaching each target to another
CTL target port, this will be necessary to support SCSI passthrough.
The new syntax for configuring targets will look like this:
-s X,virtio-scsi,target=/dev/foo,target=/dev/bar,target=4:/dev/baz
This will create the following configuration nodes:
pci.0.X.0.device=virtio-scsi
pci.0.X.0.target.0=/dev/foo
pci.0.X.0.target.1=/dev/bar
pci.0.X.0.target.4=/dev/baz
The existing configuration syntax is still understood for compatibility:
(1) -s X,virtio-scsi
(2) -s X,virtio-scsi,/dev/foo
(3) -s X,virtio-scsi,dev=/dev/foo
This will create the following configuration nodes:
pci.0.X.0.device=virtio-scsi (1, 2, 3)
pci.0.X.0.target.0=/dev/cam/ctl (1)
pci.0.X.0.target.0=/dev/foo (2, 3)
Reviewed by: markj
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D53221
When forwarding a print job to a remote server, we could overflow the
command buffer if a control or data file had a very long name.
MFC after: 1 week
Reported by: Joshua Rogers <joshua@joshua.hu>
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57184
This alias for the -s option has been deprecated since 2002. Time to
drop it from the documentation.
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57183
This has been broken since IPv6 support was added in 2000. We would
validate the port number (which had to be a port number, but can now
also be a service name) and then ignore it.
MFC after: 1 week
Fixes: 08829865f6 ("IPv6 support for lpr.")
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57181
* Instead of an error string, return the usual 0 or -1 and let the caller
figure out what, if anything, to tell the user.
* Avoid string manipulations by opening /dev first and using openat()
with O_RESOLVE_BENEATH.
* Add a boolean argument which, if false, causes ttymsg() to return
without sending the message if the tty's group-writable bit is not
set. This saves programs that respect this setting (like syslogd(8))
from having to check before calling ttymsg().
* Update all callers.
The observable effect of this change is minimal except for slightly
different error messages when ttymsg() fails. However, syslogd(8) will
no longer print spurious error messages on the console after trying and
failing to write a log message to an X11 session.
PR: 295171
MFC after: 1 week
Reviewed by: jfree, markj
Differential Revision: https://reviews.freebsd.org/D57018
Both tools support controllers from both companies, so document it.
Reviewed by: ziaee (via IRC)
MFC after: immediately
Differential Revision: https://reviews.freebsd.org/D57212
nvlist_take_string_array(9) takes ownership of the array and its
strings. casper_ttymsg() freed neither, leaking memory on every
F_CONSOLE and F_TTY message. On long-running systems with high
error-rate syslog traffic routed to /dev/console, syslogd.casper grew
to hundreds of MB.
Use nvlist_get_string_array(9) to borrow the array instead. Update
casper_wallmsg() similarly.
Approved by: src (des)
Closes: https://github.com/freebsd/freebsd-src/pull/2222
Fixes: 61a29eca55 ("syslogd: Log messages using libcasper")
MFC after: 3 days
MFC to: stable/15
PR: 295488
Reported by: Pat Maddox <pat@patmaddox.com>
Reviewed by: markj
Tested by: dch
Make sure the user is part of the audio group to avoid unintended
snooping of loopback audio by unprivileged users.
While here, retire voss_dsp_perm, since we don't use the same value
everywhere now.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: emaste
Pull-Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/26
The f_menu_wpa_scan_results() function returns a list of networks
discovered by a scan. The untrusted network names are evaluated in
f_dialog_menu_wireless_edit. The quoting applied in
f_menu_wpa_scan_results() protects against evaluation of something like
"$(whoami)" but one can add single quotes to defeat that.
Pass the SSID names through f_shell_escape to work around this. Escape
single quotes in f_dialog_wireless_edit() and f_menu_wireless_configs()
too for consistency.
I note that this module doesn't seem to actually work, see e.g.,
bugzilla PR 229883.
Approved by: so
Security: FreeBSD-SA-26:23.bsdinstall
Security: CVE-2026-45255
Reported by: Austin Ralls
Reviewed by: dteske, des
Differential Revision: https://reviews.freebsd.org/D56974
The wlanconfig utility is not careful about handling untrusted network
names, which can contain shell metacharacters. Factor network selection
into a subroutine and use the `set -- "$@"` trick to build up a list of
positional parameters for bsddialog without evaluating them.
Approved by: so
Security: FreeBSD-SA-26:23.bsdinstall
Security: CVE-2026-45255
Reported by: Austin Ralls
Reviewed by: dteske, des, asiciliano
Differential Revision: https://reviews.freebsd.org/D56973
Explicitly copy the pidfile path from the initial configuration file
to the kernel-derived configuration to avoid having to check if the
old path is empty as a special case in conf::apply().
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D56533
Currently the main loop creates an empty config and applies it to
force a shutdown of all of the existing configuration. While this is
functional and does avoid duplicating some code, it is also a bit
clunky and requires a special hack in the pidfile path handling
in the conf::apply method.
Instead, use a dedicated conf::shutdown method which tears down the
CTL ports and LUNs and closes the sockets.
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D56532
These are only invoked from other methods in the conf class.
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D56531
We already run `certctl rehash` at the end, there is no point in asking
users upgrading from 15.0 to 15.1 to manually merge the trust store.
MFC after: 3 days
Reviewed by: cperciva
Differential Revision: https://reviews.freebsd.org/D57028
For Realtek we only add new entries.
For Intel the old way of extracting IDs from the driver no longer
works. The new list is shortened as we drop more specific entries
which were already covered by wildcard entries. The new lists are
also sorted within the groups.
There are 4 entries the new driver no longer carries but are still
present in older versions, so we keep them manually.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days