This fixes the build on CHERI architectures where the compiler warns
about a direct cast between uint64_t and const void * inside of
__DECONST. However, GCC would also complain about this on 32-bit
kernels due to uint64_t not being the same size as a pointer. Also,
a direct cast to uintptr_t to right-size the cookie value is more
direct than using __DECONST given that there is no "const" pointer
involved in the expression.
Reviewed by: brooks, glebius
Obtained from: CheriBSD
Sponsored by: AFRL, DARPA
Differential Revision: https://reviews.freebsd.org/D54797
If an error occurs during attach after ofw_pcib_init() runs, the device
is torn down, leaving the rmans embedded in the softc attached to the
rman list, thus corrupting the rman list. Fix this by undoing
everything that was done by this point.
MFC after: 1 week
On multithreaded cores (e6500) the CPU ID in the device tree (reg[0]) is
the primary core, which may not match the cpuid, until Book-E threading
is added.
If cpu-handle property doesn't exist simply iterate and assign the CPUs
in sequence rather than following the convoluted search which may not
bear fruit in some cases. If cpu-handle doesn't exist for one portal it
probably doesn't exist for any of them.
Extend PAM integration beyond account checks to include credential
establishment and session management, allowing PAM modules to configure
the execution environment for user cron jobs.
Previously, cron only called pam_acct_mgmt() to verify account validity
but immediately terminated the PAM handle before job execution. This
prevented PAM modules from establishing sessions, setting credentials
(e.g., Kerberos tickets), or exporting environment variables needed by
jobs.
The PAM handle now persists in the intermediate process throughout the
job execution, enabling proper session open/close pairing. Credentials
are established and sessions opened while still running as root, before
dropping privileges in the grandchild. PAM environment variables are
exported in the job process with user crontab variables taking precedence.
A session rule (pam_permit.so) is added to /etc/pam.d/cron to enable
session support without changing default behavior. Administrators can
replace this with other modules as needed.
System crontab entries continue to bypass all PAM operations.
PR: bin/244844
Reviewed by: des
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D54415
Name caching must be handled somewhat differently
for case insensitive file systems. Negative name
caching does not work and, for rename, all names
associated with the rename'd vnode must be disabled.
For a case insensitive ZFS file system that is exported,
the unpatched code did work, since the change in mtime
or ctime of the directory when other case names were
created or rename'd would disable the false name cache
hit. However, an export of an msdosfs file system
breaks the NFS client, because it only works if ctime/mtime
is changed whenever a name is added/removed. Depending
on what the server file system is, this may not happen,
due to clock resolution or lack of support for these
attributes.
This patch checks to see if the server file system is
case insensitive and modifies the name caching to handle
this.
There is still a problem if a case insensitive file system
is a subtree of a non-case insensitive is exported by the
NFSv4 server. This can be fixed someday, when the NFSv4
client gets support for submounts within the mount.
Suggested by: kib
MFC after: 2 weeks
The p_ktrioparms are freed on termination of tracing. Any ktr requests
added to the queue after that would hang there and leak on the struct
proc recycling, or trigger an assert in the process destructor for debug
builds.
Reported and tested by: pho
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D54804
lkpi_nl80211_band_name() is only available under LINUXKPI_DEBUG_80211.
IMPROVE in theory should be as well or defined to nothing but we cannot
do that in cfg80211.h mac80211.h where we possibly (re-)define this.
Put an #ifdef around the IMPROVE call for now (untested).
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Fixes: 768332d619
Reported by: CI
Binaries require the runtime loader to use shared libraries, and
removing the runtime loader in `make delete-old` while leaving the
libraries around makes it impossible to use those shared libraries.
Treat rtld as a de facto dependency of shared libraries to ensure it
is not removed until the corresponding shared libraries are removed.
Differential Revision: https://reviews.freebsd.org/D52210
Mimic c99bb5747f ("nanobsd: minor formatting cleanup") and cleanup
_create_code_slice(), somehow I missed it when rebasing.
No functional change intended.
Fixes: ecc039be7f ("nanobsd: Add a NO_ROOT build option")
MFC after: 3 days
Prefer to use NANO_DEF_UNAME and NANO_DEF_GNAME instead of a fixed
"root/wheel".
Fixes: 61ac7309c3 ("nanobsd: Add a provisional populate_part function")
MFC after: 3 days
We used to return the result of (*ic_send_action) directly but
ieee80211_ampdu_request() returns 1 on success and 0 on error,
which is contrary to the result of (*ic_send_action). Deal with
that accordingly and update the documentation of the function.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D54794
I was looking at rate work for another problem and found more flags
in ath9k (which we will likely never need). The documentation then
revealed the "mandatory" flags as well and with discussions about
cfg80211 going on I decided to use the momentum and split our
"supp_rates" setup between lkpi_lsta_alloc() and wiphy_register().
There should be no functional change.
While there also initialize max_rc_amsdu_len.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Do not cast and then access potentially unaligned uint64_t in the BT_CP()
macro. Use freebsd32_uint64_t type and FU64_CP() for the frac member.
Noted by: des
Reviewed by: des, emaste
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D54663
uint64_t is 4-byte aligned on i386, but is 8-bytes aligned on all other
32bit arches FreeBSD supports. Provide the freebsd32_uint64_t type and
the FU64_CP() macro, which are intended to be used where 32bit ABI uses
(u)int64_t type, and do proper layout and copying for the aggregate type.
Reviewed by: des, emaste
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D54663
Add symbols found in the port but not in base. This requires replacing
a shared libkrb5profile.so with libkrb5profile.a (with -fPIC so it can
be used by shared libraries). We do this by making libkrb5profile
INTERNALLIB.
Base currently has libkrb5profile in a shared library. The patch moves
those functions to the various "consumer" libraries as the port does.
Symbols that should be in the other libraries are in libkrb5profile.so.
This is causing some ports issues.
PR: 291695
Reported by: michaelo, markj, Chris Inacio <inacio@andrew.cmu.edu>
Tested by: michaelo
Fixes: ae07a5805b
Reviewed by: michaelo (previous version)
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D54323
This patch adds the same functionality for the IPv4 header checksum
as was done erlier for the SCTP/TCP/UDP transport checksum.
When the IP implementation sends a packet, it does not compute the
corresponding checksum but defers that. It will determine whether the
network interface selected for the packet has the requested capability
and computes the checksum in software, if the selected network
interface does not have the requested capability.
Do this not only for packets being sent by the local IP stack, but
also when forwarding packets. Furthermore, when such packets are
delivered to a local IP stack, do not compute or validate the checksum,
since such packets have never been on the wire. This allows to support
checksum offloading also in the case of local virtual machines or
jails. Support for epair interfaces will be added in a separate commit.
Reviewed by: pouria, tuexen
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D54455
Nobody else's mac.conf(5) has any entries for jails, so they get a
trivial ENOENT and we fail before we can fetch any jail parameters.
Most notably, this breaks `jls -s` / `jls -n` if you do not have any
loaded policy that applies jail labels.
Add an entry that works for everyone, and hardcode that as an ENOENT
fallback in libjail to provide a smoother transition. This is probably
not harmful to leave in long-term, since mac.conf(5) will override it.
This unearthed one additional issue, in that mac_get_prison() in the
MAC framework handled the no-label-policies bit wrong. We don't want
to break jail utilities enumerating jail parameters automatically, so
we must ingest the label in all cases -- we can still use it as a small
optimization to avoid trying to copy out any label. We will break
things if a non-optional element is specified in the copied in label,
but that's expected.
The APIs dedicated to jaildescs remain unphased, since they won't be
used in the same way.
Fixes: db3b39f063 ("libjail: extend struct handlers [...]")
Fixes: bd55cbb50c ("kern: add a mac.label jail parameter")
Reported by: jlduran (on behalf of Jenkins)
Reviewed by: jlduran
Differential Revision: https://reviews.freebsd.org/D54786
The prison may also be considered part of the subject by way of its
ucred association, but I don't think this is significantly different
enough today than before recent work -- policies could have always
taken them into account, and some did (e.g., mac_bsdextended).
Reported by: olce
Reviewed by: olce, ziaee
Differential Revision: https://reviews.freebsd.org/D54748
pf(4) users who use limiters in current should update the rules
accordingly to reflect the change in default behavior. The existing
rule which reads as follows:
pass in from any to any state limiter test
needs to be changed to:
pass in from any to any state limiter test (no-match)
OK dlg@
Obtained from: OpenBSD, sashan <sashan@openbsd.org>, c600931321
Sponsored by: Rubicon Communications, LLC ("Netgate")
When compiling SCTP as a module, don't compile sctp_crc32.c into
the module. This avoids code and variable duplication since
sctp_crc32.c is compiled into the kernel. In particular, the variable
system_base_info is not duplicated. This fixes the handling of the
statistic counters sctps_sendhwcrc and sctps_sendswcrc when using
sctp_delayed_cksum.
MFC after: 3 days
Similar to the same glibc function.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D54766
It is guarded by #ifdef KTR, so the warning does not show up under usual
kernel configs.
Fixes: ed85203fb7
Sponsored by: The FreeBSD Foundation
Differential revision: https://reviews.freebsd.org/D54781
When resuming from ACPI suspend, the ACPI_SS_SLP_PREP bit in slp_state
was being checked and subsequently unset when calling resumeclock().
This bit was also being checked for the AcpiLeaveSleepState() call in
the non-s2idle path, but having just been unset, it was never actually
being called.
Change this so that resumeclock() is always being called (since we never
goto breakout between suspendclock() and resumeclock() anyway) and
ACPI_SS_SLP_PREP is purely used for AcpiEnterSleepStatePrep() and
AcpiLeaveSleepState() in the non-s2idle paths.
PR: 292568
Reported by: Marek Zarychta
Reviewed by: olce
Tested by: Marek Zarychta
Approved by: olce
Fixes: 7669cbd0f0 (“acpi: Suspend-to-idle support (s2idle)”)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D54777
First, the CMCI entry index is APIC_LVT_MAX, so it was excluded
unconditionall [1].
Second, the number of entries is reported by the version register, and
we must not access past the last reported entry.
Reported by: olivier [1]
Fixes: 11f954b021
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D54773
that calculates the max index of the present LVT entry from the value of
the LAPIC version register.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D54773
On amd64, a hack sets td_critnest to 1 in hammer_time(), and then clear
it before returning from hammer_time(), which is too early. Instead,
set TDP_NOFAULTING for thread0, and clear the flag after vm_init() finished.
Noted by: adrian
Reviewed by: adrian (previous version), markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D54768
When adding the IFLIB_GET_MBUF/FLAGS, I neglected to NULL out the
mbuf in the descriptor ring. I didn't think this should matter as
the I thought this code was only used when the ring was about
to be freed. But I was wrong, and leaving a stale mbuf in there can
cause panics.
Reported by: Marek Zarychta (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292547)
Fixes: 14d93f612f
Sponsored by: Netflix
This is based on an initial implementation by michaelo in
https://reviews.freebsd.org/D54361.
PR: 270497
Reported by: michaelo
Reviewed by: michaelo
Tested by: michaelo
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D54606
The KERN_OPTS:MDEV_ACPI checks are fine for as long as we are building
modules along the kernel. If one wants to just build the module
standalone out of the module directory this would fail.
Add the missing include for kmod.opts.mk (as was done for tcp
in 1319a76179).
Sponsored by: The FreeBSD Foundation
Reported by: Tassilo Philipp (tphilipp potion-studios.com)
Fixes: f5a77dc8f8 ("improve module Makefile dependency on ACPI")
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D54769
If APIC is left in somewhat bad state, with some source hot (not masked
and active, e.g. timers after kexec or due to BIOS bug), we get the
interrupt too early.
Reported by: jmg
Reviewed by: markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D54543