When the nfsd was vnet'd, the VNET macros were hidden
behind macros that had the NFSD_ prefix on them.
This was done because, at the time, it was thought
that something other than vnet might be used for this.
That has not happened and probably will not happen,
so this patch replaces these obscuring macros with
the regular vnet ones.
There should be no semantics change caused by
this commit.
Discussed with: bz, glebius
MFC after: 1 month
libzpool had a number of undefined symbols related to xxhash after
xxhash.c was removed from the build.
Fixes: 8a62a2a565 ("zfs: merge openzfs/zfs@f8e5af53e")
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D56770
Without this patch, all upcalls to the gssd daemon are
done in vnet0 (outside of any vnet jail). This does
not work well, because a user principal's credential
cache can be within the jail (/tmp/krb5cc_NNN in the
jail's namespace).
This patch modifies the client so that RPCs done
from within vnet jails does an upcall to a gssd
daemon running within the vnet jail. It required
that the cache of uid->credential shorthands in
the rpcsec_gss be vnet'd.
The situation is still less than ideal and sec=krb5[ip]
mounts that are visible within vnet jails is still
not something I would recommend, but it can work ok
with this patch.
Vnet'ng the NFS client so that mounts can be done
within vnet jails is probably more useful, but that
will require additional work.
Discussed with: glebius
MFC after: 1 month
Various places in CTL assume that initiator IDs are not larger than
CTL_MAX_INIT_PER_PORT. Other IDs such as lun IDs are validated in
places such as ctl_scsiio_precheck, but initiator IDs submitted by
userland were not previously validated.
PR: 291059
Reported by: Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
Reviewed by: asomers
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D56628
The ATF-python test program was attempting to list test cases that
require scapy. But it attempted to import the scapy module before the
test cases had been listed, resulting in an ImportError that kyua
interpreted as a test program crash.
Fix this behavior by handling that ImportError well enough to list test
cases, but not run them. If scapy isn't present, Kyua will refuse to
run the test cases. But it needs to be able to list them in order to
know to skip them.
Sponsored by: ConnectWise
MFC after: 2 weeks
Reviewed by: maxim
Differential Revision: https://reviews.freebsd.org/D56765
Replaced the old pattern of using a ternary to force addition
(raising exceptions for sNaN's) with a new one using a volatile
variable. The _mag_num family was already implemented with this pattern
PR: 294719
Reviewed by: fuz, kargl
MFC after: 1 month
RFC 792 defines the ICMP Originate Timestamp field as milliseconds
since midnight UTC. However, ping(8) currently derives this value
from CLOCK_MONOTONIC, which represents time since an unspecified
starting point and is not related to UTC.
The issue was introduced by commit 1ad76f1b60, which replaced
gettimeofday(2) with clock_gettime(CLOCK_MONOTONIC) for timekeeping
in ping(8).
Fix this by using CLOCK_REALTIME when generating the ICMP originate
timestamp.
Before:
$ ping -Mt -c1 127.0.0.1
ICMP_TSTAMP
PING 127.0.0.1 (127.0.0.1): 56 data bytes
<...> time=0.061 ms tso=16:50:31 tsr=17:38:28 tst=17:38:28
(note the tso is off)
After:
$ ping -Mt -c1 127.0.0.1
ICMP_TSTAMP
PING 127.0.0.1 (127.0.0.1): 56 data bytes
<...> time=0.038 ms tso=17:42:09 tsr=17:42:09 tst=17:42:09
Reviewed by: asomers, glebius
Fixes: 1ad76f1b60
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D56759
Some of the LLVM binary utilities were included in the Clang package
(because they did not set an explicit PACKAGE).
Add a new Makefile under clang/toolchain to create the symlinks and man
links for ar, c++filt, nm, and so on (without the llvm-* prefix) when
LLVM_BINUTILS is enabled (as it is by default).
PR: 293610
Reviewed by: bapt, ivy, brooks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D55692
* refactor the dmamap allocation / setup path for future code changes
to align with arm64 busdma code;
* free the dmamap allocation if the dma segment list can't be allocated;
* free the dmamap allocation during the busdma dmamem allocation path
if the actual memory allocation itself fails.
Locally tested:
* POWER9 ppc64le native boot, Raptor Engineering Blackbird
* POWER8 ppc6le, IBM POWER S822LC
https://reviews.freebsd.org/D56244
Shuffle some of the declarations around to match other implementations.
Expected to be a no-op.
Differential Revision: https://reviews.freebsd.org/D56243
* Implement the basic tag domain set routine
* Set the domain to the parent domain if provided
This is just plumbing for eventual work to re-allocate things into
the currently configured domain.
Differential Revision: https://reviews.freebsd.org/D55315
This is a straight port of the code and doesn't yet handle
different implementations (which will be in a subsequent commit.)
Locally tested:
* G5 SMP (2x PPC970mp)
* power8 / power9 pseries QEMU VM
* power8 powernv
Differential Revision: https://reviews.freebsd.org/D55313
D40479 changed namei() so that an absolute symlink target
encountered during an ABI-root lookup restarts from the native root.
This helps the native fallback case, but it also makes successful
lookups inside an ABI root escape that root while following absolute
symlinks.
Only switch absolute symlink lookup to the native root after namei()
is already in the restarted/native fallback pass.
Do not mark the lookup as restarted merely because an absolute
symlink was encountered while still resolving inside the ABI root.
This preserves the intended native fallback behavior while keeping
absolute symlinks within a successfully resolved ABI-root path in
the ABI namespace.
Signed-off-by: Ricardo Branco <rbranco@suse.de>
PR: 289739
Reviewed by: kib
Fixes: cea7c564c7 ("namei: Reset the lookup to ...")
Pull-Request: https://github.com/freebsd/freebsd-src/pull/2166
After base 966fb94cb3, this revert is no longer necessary: stdint.h
will unconditionally define macros such as `SIZE_MAX`, `UINT64_C`, and
others.
Submitted by: Nikolas Klauser <nikolasklauser@berlin.de>
MFC after: 1 month
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D56746
Similar to glibc, define all the stdint.h macros such as `SIZE_MAX`,
`UINT64_C`, etc unconditionally. I.e. no longer check whether
`__STDC_CONSTANT_MACROS` or `__STDC_LIMIT_MACROS` are defined. See also
<https://sourceware.org/bugzilla/show_bug.cgi?id=15366>.
This is part of reverting base 00bee6fcd7, which reverted an upstream
libc++ commit that eliminated libc++'s stdint.h wrapper header.
Submitted by: Nikolas Klauser <nikolasklauser@berlin.de>
MFC after: 1 week
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D56746
These system calls exist to decouple the Linux filesystem credentials
from the effective credentials, avoiding signal exposure during
privilege transitions.
The signal permission model that motivated this was revised
in Linux 2.0, making these syscalls obsolete for new applications.
Implement both syscalls as no-ops that return the current effective
UID/GID as the previous filesystem UID/GID.
Linux returns the previous filesystem UID/GID for these syscalls
with no error indication.
Same for the equivalent setfsuid16() & setfsgid16() system calls.
Signed-off-by: Ricardo Branco <rbranco@suse.de>
PR: 294879
Reviewed by: kib, pouria
Pull-Request: https://github.com/freebsd/freebsd-src/pull/2175
We note a reason why you might need it, but there's an equally important
reason you may need to omit it: interpreted programs. Add a note
accordingly, along with the workaround configuration if there's reason
you can't help it.
PR: 294780
Reviewed by: Jan Bramkamp <crest_freebsd_rlwinm.de>, kib
Differential Revision: https://reviews.freebsd.org/D56704
Besides being a little hard to parse through visually, this had its own
bug of inspecting st->st_mode to determine what to pass to devname(3),
which is only correct for st_rdev.
For st_dev, you're likely to be looking at files or directories and
attempting to assess what device they're located on, so the mode is
meaningless- we just have to assume that our filesystems are on
character devices and attempt to resolve st_dev as such.
Reviewed by: des, kib (previous version)
Differential Revision: https://reviews.freebsd.org/D56565
The getgroups test is a NetBSD tests, so just apply our larger hammer
and disable the feature entirely. The audit test can take a more
surgical approach and use __ssp_real() appropriately, since it's a local
one.
PR: 294881
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56735
Annex K specifies an interface for handling constraint violations from
gets_s, but we previously broke this for some classes of get_s misuse.
Provide a more nuanced version that tries to dodge errors that would
trigger a constraint handler while still providing value. Notably, we
don't want to trigger a failure unless the passed-in length reasonably
fits within an RSIZE_MAX, because gets_s will immediately call larger
lengths bogus and fail.
PR: 294881
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56734
For native files we can do more minimal fixes to avoid this large of a
hammer, but for third party files it may not be worth the effort to try
and patch them. NetBSD has the original _FORTIFY_SOURCE implementation
that ours is based on, for instance, but tests sourced from there can't
do an __ssp_real(foo) without being certain that `foo` actually has a
fortified definition.
This change does always define _FORTIFY_SOURCE as a result, so gate it
on CFLAGS not already containing _FORTIFY_SOURCE definitions.
PR: 294881
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56733
in cases there is no page pressure or when the user lost patience
waiting for very large allocation. Other case is already handled by
vm_wait_intr().
Reported by: "Lizzie from Eden Emulator project"
Reviewed by: adrian, markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D56725
Bring in upstream commit 2e75f0d93 fixing two CVEs. Upstream commit
log is:
In parse_nego_message(), check the result of the second call to
vector_base() before dereferencing it. In parse_message(), check for
a short header_len to prevent an integer underflow when calculating
the remaining message length.
Reported by Cem Onat Karagun.
CVE-2026-40355:
In MIT krb5 release 1.18 and later, if an application calls
gss_accept_sec_context() on a system with a NegoEx mechanism
registered in /etc/gss/mech, an unauthenticated remote attacker can
trigger a null pointer dereference, causing the process to terminate.
CVE-2026-40356:
In MIT krb5 release 1.18 and later, if an application calls
gss_accept_sec_context() on a system with a NegoEx mechanism
registered in /etc/gss/mech, an unauthenticated remote attacker can
trigger a read overrun of up to 52 bytes, possibly causing the process
to terminate. Exfiltration of the bytes read does not appear
possible.
Earlier work (40bcad56f - powerpc/pic: Add a PIC_AP_INIT() to
set up AP PIC info) broke booting my dual G5 powermac.
After much digging, jhibbits@ and I discovered that the openpic
implementation for the memory/bus controller used in the G5 CPUs
doesn't implement /all/ of the openpic specification.
Notably it sticks the WHOAMI register in a different location.
This is reading 0x0 back for all the PICs which is .. very not great.
So to restore the previous behaviour, use a quick for now that jhibbits@
can set appropriately to trust WHOAMI.
I've tested this on my dual G5 PPC and it boots/runs fine.
Fixes: 40bcad56f
Reviewed by: jhibbits
Differential Revision: https://reviews.freebsd.org/D56751
Get the next hops of the specified route.
route.8 manual will be updated when other actions for
this option are implemented.
Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D56191
Added tests:
* Test for creating multiple routes.
* Test for merge multiple nexthops into a single nexthop group.
* Test for nexthop expirations from a nexthop group.
Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D56190
Before this patch, netlink never returned RTA_MULTIPATH.
Also, add RTA_MULTIPATH attribute in way that don't confuse
non-mpath support consumers.
Differential Revision: https://reviews.freebsd.org/D56188
Routing subsystem allows creating new multipath routes by
nexthop groups (e.g RTA_MULTIPATH in netlink), in case of
a second nexthop group on the same route, don't panic and
merge the existing nhgrp with new one.
Reviewed by: melifaro (except one comment)
Differential Revision: https://reviews.freebsd.org/D56187
The only use for callbacks for NFSv4.0 is delegations
and delegations rarely work well for NFSv4.0 anyhow.
Therefore, this patch disables callbacks for the
NFSv4.0 client. This is the same behavior as
occurred when the nfscbd(8) daemon was not running.
This change allowed a function called nfscl_getmyip()
to be removed from the kernel, which is nice since
maintaining this function was bothersome, due to its
use of routing, etc.
MFC after: 2 weeks
Add an example for allowing members of the network group to read from
bpf devices. In particular, this allows members of the network group
to monitor traffic without running with root privileges.
Reviewed by: markj, glebius
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D56742
Instead of printing the driver version over and over again if multiple
controllers are used, set a sysctl name for the used driver version.
Approved by: imp, ziaee
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D56110
Kernel timestamps are relative to kern.boottime.
With -t, kern.boottime is added and converted to either
a default format or the one specified using the -f option.
Signed-off-by: Andre Albsmeier <mail@ghub.e4m.org>
Reviewed by: kib, pouria
Discussed with: imp
Pull-Request: https://github.com/freebsd/freebsd-src/pull/1985