While boot_single:lower() should always be in {yes,no}, it might not
be. In one place we check == yes, and another ~= no. Make both places ~=
no for consistency. We generally try to test != default.
Sponsored by: Netflix
Remove 'pager' shim that was last not supported in FreeBSD 12.2, which
went EOL on March 31, 2022. People have had enough time to upgrade the
boot loader.
Sponsored by: Netflix
An inbound af-to rule creates a state bypassing outbound pf_test().
In such case increase counters of the outbound interface directly in
pf_route() for post-af-to address family.
For outbound af-to rules ensure that post-af-to address family is used
to increase interface counters.
Reviewed by: kp
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D52448
Increasing counters on "match" rules causes the 1st packet making a
connection to be double-counted, but only for rule counters, not rules'
tables, because those are not increased at all during rule parsing.
Remove "match" rule counter handling during rule parsing, do it only in
pf_counters_inc().
NAT can be performed either by "nat" rules in the NAT ruleset or by "match"
rules. Rules before the NAT rule, and the NAT rule itself match on pre-NAT
addresses, and later rules match on post-NAT addresses. When increasing
counters go over rules in the same order as a packet would and use
source and destination addresses for updating table counters from
appropriate state key, taking into consideration on which rule NAT
happens.
Use AF from state key, so that table counters can be properly updated for
af-to rules.
Synchronize match rule updating behaviour to that of OpenBSD: if rules
match, but state is not created, don't update counters.
Reviewed by: kp
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D52447
The af-to rules on inbound direction create a single state spanning both
the inbound and the outbound interface. Calling pf_test() for the
outbound direction in pf_route() makes the packet pass through state
search, match the existing state, never evaluate the ruleset, and increase
state counters.
Check that the state comes from an af-to rule in inbound direction, and
if yes, skip outbound testing.
Reviewed by: kp
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D52446
Setting ACPI D-states is generally broken on FreeBSD and this change
surfaced an issue. So reverting for the time being whilst I write a
proper fix for this.
This reverts commit 02a8fadd2c.
Reported by: glebius, phk
Tested by: glebius
Sponsored by: The FreeBSD Foundation
Commit c5d671b added netlink support to
server side rpcbind. However it did not add
a case for AF_NETLINK to __rpc_taddr2uaddr_af().
(Reported as PR#289625.)
As such, without this patch the r_addr field of the
netlink rbllist is NULL, which causes a crash in
svc_sendreply() for a Dump query (what rpcinfo
does).
PR: 289625
Reviewed by: glebius
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D52651
Fixes: c5d671b711 ("libc/rpc: add userland side RPC server over netlink(4)")
If a newsyslog.conf(5) has an entry that is configured to be rotated every
hour, and crontab(8) is set to execute newsyslog several times per hour,
the logic of age_old_log() is broken and it would rotate the entry too
often. AFAIU, the extra 1800 seconds were added to allow some leeway for
the previous newsyslog invocation, that could have been too slow and the
timestamp on the old file is newer than actual time of the previous
newsyslog invocation. But 30 minutes of leeway is way to much. Reduce
this down to 3 minutes, which would be a compromise between a potential
need to run newsyslogd every 5 minutes and a situation when newsyslog
takes a significant time to rotate the logs.
Provide a test case for that.
Reviewed by: delphij
Differential Revision: https://reviews.freebsd.org/D52700
Useful when used with syslog-ng, which uses SIGUSR1. Instead of adding
signal number to every new entry, just set it via command line option.
Reviewed by: bcr, delphij
Differential Revision: https://reviews.freebsd.org/D52701
The problem is that fullsocket() creates a socket that has both send and
receive buffers full and as we process messages from the receive buffer we
allow the kernel to continue processing of the send buffer and a new
message may arrive while the test expects that no new messages arrive.
Fix that by creating a socket that has several messages in the receive
buffer, but don't have any in the send buffer.
virtual_oss is part of base as of 9cab9fde5e ("virtual_oss: Port to
base").
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D52322
This patch diverges quite a bit from the current upstream [1] in a few
ways:
1. virtual_oss(8), virtual_bt_speaker(8) and virtual_oss_cmd(8) are
actually separate programs.
2. Backends (lib/virtual_oss) are built as separate shared libraries and
we dlopen() them in virtual_oss(8) and virtual_bt_speaker(8) on
demand.
3. virtual_equalizer(8) and the sndio and bluetooth backends are built
as ports, because they depend on third-party libraries.
4. Use newer libav API in bluetooth backend (see HAVE_LIBAV ifdefs) to
address compiler errors.
[1] https://github.com/freebsd/virtual_oss
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D52308
After f99f0ee14e ("rc.d: add a service jails config to all base system
services"), the FTP service ignores the flags configured in ftpd_flags:
# sysrc ftpd_flags=-B
ftpd_flags: -> -B
# service ftpd enable
ftpd enabled in /etc/rc.conf
# service ftpd start
Starting ftpd.
# pgrep -fl ftpd
1234 /usr/libexec/ftpd -D
Notice the absence of the "-B" flag.
PR: 285600
Reviewed by: 0mp, emaste
Approved by: emaste (mentor)
Fixes: f99f0ee14e ("rc.d: add a service jails config to all base system services")
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D52745
Keep the hwassist flags for transmit checksum offload and transmit
segment offload in sync with the enabled capabilities.
Reported by: Timo Völker
Reviewed by: Timo Völker
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D52765
+ Rewrite SYNOPSIS for consistency
+ Rewrite HARDWARE for HW Relnotes, and add some stragglers
+ Correct mdoc grammar, making sysctls aproposable and linking xrefs
+ Clean up TODO, cannonicalize to CAVEATS, a standard section
+ Editorial pass, tag SPDX
MFC after: 3 days
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D52125
In cloud-init, when a group specified in the 'users.{index}.groups' parameter
does not exist, it is ignored, but the user is created anyway. In the case of
nuageinit, it exits with an exception, since pw(8) expects each group to exist.
Reviewed by: bapt@
Approved by: bapt@
Differential Revision: https://reviews.freebsd.org/D52718
Add initial USB4 code written by Scott Long and originally passed on to
HPS (source: https://github.com/hselasky/usb4), minus the ICM code and
with some small fixes.
For context, older TB chips implemented the connection manager in
firmware (ICM) instead of in the OS (HCM), but maintaining the ICM code
would be a huge burden for not many chips.
Mostly completed work:
- Debug/trace framework.
- NHI controller driver.
- PCIe bridge driver.
- Router and config space layer handling (just reading in this commit).
Link to the email where Scott shared details about the initial USB4
work:
https://lists.freebsd.org/archives/freebsd-hackers/2024-July/003411.html
Glanced at by: emaste, imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D49450
Event: EuroBSDcon 2025
* If TZ starts with TZDIR, strip any additional slashes so relname
does not end up looking like an absolute path. For instance,
TZ=/usr/share/zoneinfo//UTC should result in UTC, not /UTC.
* In the setugid case, we were incorrectly passing name rather than
relname to fstatat().
* Modify the tz_env and tz_env_setugid test cases to exercise both
of these scenarios.
* Also add test cases for invalid values of TZ, which I wrote
earlier but forgot to include in a5f14e4f90.
Reported by: Paul Eggert <eggert@cs.ucla.edu>
MFC after: 3 days
Fixes: 967a49a21a ("Update tzcode to 2025b")
Fixes: a5f14e4f90 ("tzcode: Use -00 only for invalid time zones")
Reviewed by: philip
Differential Revision: https://reviews.freebsd.org/D52753
This hasn't been needed in years and is a maintenance headache.
MFC after: 1 week
Reviewed by: philip
Differential Revision: https://reviews.freebsd.org/D52694
Use the new method for wrmsr that is able to set up fault handler even at
the very early stage of kernel boot. This prevents panic with new
microcode for some new AMD EPYCs, that requires certain patchlevel of
microcode to be already present in the CPU. If BSP patching failed, we
print the message and we don't try to patch APs.
This has been tested only on AMD booted in EFI mode.
Reviewed by: stas, kib
Differential Revision: https://reviews.freebsd.org/D52643
This was retained for KPI compatibility, but I can't find anything which
needs it. Just get rid of it.
Reported by: rwatson
Reviewed by: alc, kib
Differential Revision: https://reviews.freebsd.org/D52708
Prior to this commit, pkgbase-stage.lua used a hard-coded PKG_DBDIR
"./pkgdb"; unfortunately this creates a race condition if we start
building disc1.iso and dvd1.iso at the same time
pkg: sqlite error while executing CREATE TABLE licenses [...]
in file pkgdb.c:2330: table licenses already exists
since pkg checks to see if the pkgdb is initialized and initializes
it if not.
Use separate pkgdb-disc1 and pkgdb-dvd directories.
MFC after: 1 minute
Sponsored by: https://www.patreon.com/cperciva
Differential Revision: https://reviews.freebsd.org/D52755
Allow PM backends to report supported sleep types when registering
through `power_pm_register`. Expose this information through
`kern.power.supported_stype` sysctl, and set defaults for
`power_standby/suspend/hibernate_stype` based on this.
Implement this in ACPI PM backend.
Reviewed by: cy
Approved by: cy
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52727
Event: EuroBSDcon 2025 Devsummit
When writing an ACPI S-state to it it will set kern.power.suspend to the
appropriate sleep type, and when reading from it it will return the
corresponding ACPI S-state to the sleep type in kern.power.suspend.
This is deprecated and kern.power.suspend should be used directly
instead, but add this back because zzz(1) makes use of this and we can't
easily rewrite it just now.
PR: 289634
Reviewed by: cy, markj
Approved by: cy, markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52600
Event: EuroBSDcon 2025 Devsummit
This is as opposed to using ACPI sleep states directly
(`ACPI_STATE_S*`). We now use `POWER_STYPE_*` added in D52036.
This is in preparation for adding support for s2idle, which is not an
ACPI sleep state, but needs to be handled specially by
`acpi_EnterSleepState`.
Reviewed by: cy
Approved by: cy
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52705
Event: EuroBSDcon 2025 Devsummit
Use table attributes to also limit unprivileged access to the EFI
runtime mappings. This is mostly for parity with pmap as this is never
mapped while userspace could execute.
Reviewed by: tuexen
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D52751
FEAT_PAN3 adds the SCTLR_EL1.EPAN field. This tells the hardware to
raise a permission abort when userspace could execute a page, i.e. the
ATTR_S1_UXN field is clear in the page table.
This causes issues for the EFI runtime as we only mark non-executable
pages with this flag leading to a permission fault when accessing it.
Fix this by marking all EFI mappings with ATTR_S1_UXN. The kernel
already had this field set so was already safe.
Reported by: tuexen
Reviewed by: tuexen
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D52750
Enable the handling of the IFCAP_RXCSUM_IPV6 handling by handling
IFCAP_RXCSUM and IFCAP_RXCSUM_IPV6 as a pair. Also make clear, that
software and hardware LRO require receive checksum offload.
Reviewed by: Timo Völker
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D52682
after libc is switched to use public symbols for pre-ino64 syscalls.
Reviewed by: olce
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D52687
same as it was done for setgroups@FBSD_1.0.
Switch from weakref to symver, since GNU as cannot handle version spec
with weakref.
Reviewed by: olce
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D52687
There are no symbols that needs to be namespaced in the header, and it
would not allow to use proper raw syscall names later, where they are
needed.
Reviewed by: olce
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D52687