Commit Graph

299752 Commits

Author SHA1 Message Date
Brooks Davis b15f5c8fa5 src.libnames.mk: add LIBSYS_PIC
Make it possible to find libsys_pic.a.

Reviewed by:	jhb
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D50474
2025-05-24 00:33:27 +01:00
Brooks Davis 83812c4ecc bsd.suffixes-extra.mk: rewrap long lines
Group CFLAGS variables together either on one line or all separate
depending on length.

Reviewed by:	jhb
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D50463
2025-05-24 00:32:05 +01:00
Gleb Smirnoff 51ac5ee0d5 unix/stream: refactor sendfile(2) logic to work without M_BLOCKER flag
This flag was initially an INVARIANT thing back in 2014, but we got
stuck with it until today.  A bug with sendfile(2) headers/trailers
fixed as a side effect of refactoring.
2025-05-23 15:04:39 -07:00
Gleb Smirnoff 46c6446201 tests/unix_seqpacket: add couple tests for shutdown(2)
- A test against recent syzkaller discovery.
- A test that remote peer shutdown(2) will unblock our recv(2)
2025-05-23 15:04:38 -07:00
Gleb Smirnoff c44d6f43a6 unix/stream: provide uipc_cantrcvmore()
and use it the pr_shutdown method.  While unix/dgram can still use generic
socket socantrcvmore(), the stream versions need a specific one.  This fixes
a panic reported by syzkaller.  While here inline unp_shutdown() into
uipc_shutdown().

Reported-by:	syzbot+86c18f0886f70a3509c6@syzkaller.appspotmail.com
2025-05-23 15:04:38 -07:00
Gleb Smirnoff 0b52d6c6cc unix/stream: factor out uipc_wakeup() from pr_soreceive method
It is also needed for shutdown(2).  No functional change.
2025-05-23 15:04:38 -07:00
Lexi Winter 9a79f1b8c3 Remove vestiges of keyserv(8)
This daemon has been removed; also remove things which reference it.

Reviewed by:	manu, des, emaste
Approved by:	des (mentor)
Differential Revision:	https://reviews.freebsd.org/D50441
2025-05-23 22:59:33 +01:00
Ed Maste 26064d3e74 Makefile.inc1: Remove unused non-NO_ROOT support
As of commit 41adc5f29b ("release: Always use NO_ROOT for distribute*
and package*") this packagekernel code path is never used, so remove it.

Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50361
2025-05-23 17:50:38 -04:00
Lexi Winter da2dbdc297 bridge: check allow_llz_overlap before member_ifaddrs
When adding a new interface to a bridge and allow_llz_overlap=0, which
is the default value, if_bridge checks if the interface has IPv6 link
local addresses assigned, and if it does, it calls in6_ifdetach() to
remove all IPv6 addresses from the interface.

This means it was possible to do this:

	% ifconfig bridge1 create inet6 -ifdisabled auto_linklocal up
	% ifconfig epair20 create inet6 -ifdisabled auto_linklocal up
	% ifconfig bridge1 addm epair20a

... with the result that the link-local address on epair20a would be
removed, then the interface would be added to the bridge.

If member_ifaddrs=0, which is also the default value, this no longer
works:

	% ifconfig bridge1 addm epair20a
	ifconfig: BRDGADD epair20a: Invalid argument

This is because the member_ifaddrs check runs before allow_llz_overlap
does its thing, and returns EINVAL since the new interface has IP
addresses on it.

To restore the previous behaviour, reverse the order of these two
checks, so the IPv6 addresses are removed before we check whether
the interface has IPv6 addresses.

MFC after:	1 week
Reviewed by:	kevans, kp
Approved by:	kevans (mentor)
Differential Revision:	https://reviews.freebsd.org/D50477
2025-05-23 19:08:14 +01:00
Mark Johnston 14ec281a09 namei: Remove a now-unused variable
Reported by:	bapt
Fixes:		7587f6d484 ("namei: Make stackable filesystems check harder for jail roots")
2025-05-23 16:08:21 +00:00
Isaac Freund 0a86a8ace3 bsdinstall: support offline pkgbase installation
Reviewed by:	bapt, emaste
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50347
2025-05-23 09:41:49 -04:00
Isaac Freund 0bfa8a4596 bsdinstall: improve pkgbase target retry prompts
These now use bsddialog rather than prompting the user for input on the
console.

Reviewed by:	emaste
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50270
2025-05-23 09:40:12 -04:00
Kristof Provost 0a16f62701 icmp6: zero out pad space
In icmp6_redirect_output() we potentially add padding, but failed to clear this
memory. This triggered a KMSAN panic during the sys/netinet/carp:unicast_v6
test.

Reviewed by:	zlei
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D50461
2025-05-23 15:06:33 +02:00
Mark Johnston 7587f6d484 namei: Make stackable filesystems check harder for jail roots
Suppose a process has its cwd pointing to a nullfs directory, where the
lower directory is also visible in the jail's filesystem namespace.
Suppose that the lower directory vnode is moved out from under the
nullfs mount.  The nullfs vnode still shadows the lower vnode, and
dotdot lookups relative to that directory will instantiate new nullfs
vnodes outside of the nullfs mountpoint, effectively shadowing the lower
filesystem.

This phenomenon can be abused to escape a chroot, since the nullfs
vnodes instantiated by these dotdot lookups defeat the root vnode check
in vfs_lookup(), which uses vnode pointer equality to test for the
process root.

Fix this by extending nullfs and unionfs to perform the same check,
exploiting the fact that the passed componentname is embedded in a
nameidata structure to avoid changing the VOP_LOOKUP interface.  That
is, add a flag to indicate that containerof can be used to get the full
nameidata structure, and perform the root vnode check on the lower vnode
when performing a dotdot lookup.

PR:		262180
Reviewed by:	olce, kib
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D50418
2025-05-23 13:03:38 +00:00
Li-Wen Hsu fb1749cc64 wtap(4): Clean up includes
Sponsored by:	The FreeBSD Foundation
2025-05-23 15:49:50 +08:00
Simon J. Gerraty 2982c70852 stand allow for local.defs.mk
This allows us to change the VERSION_FILE used for loaders
as well as set NEWVERS_DATE and BUILD_UTC to reflect the publish
date of loaders for secure-boot.

Sponsored by:	Juniper Networks, Inc.

Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D50478
2025-05-22 15:47:21 -07:00
Gleb Smirnoff 4814de3243 unix/stream: fix bugs in sendfile(2) operation
- In send(2) don't update sb_acc if appending behind uxst_fnrdy
- In recv(2) don't read beyond uxst_fnrdy
- In the debug code allow ready, but blocked mbufs beyond uxst_fnrdy
2025-05-22 14:49:37 -07:00
Isaac Freund 3c3dd62966 bsdinstall: add pkgbase component selection dialog
This matches the style of the component selection dialog for traditional
tarball-based installations. The only difference is that there is
currently no ports component offered when using pkgbase.

Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50178
2025-05-22 14:59:47 -04:00
Lexi Winter c8d8cac2a8 mac_do(4): allow compiling into kernel
The manual page says this is possible, but it's not.  Make it possible.

Reviewed by:	olce, kevans
Approved by:	kevans (mentor)
Differential Revision:	https://reviews.freebsd.org/D50451
2025-05-22 17:59:32 +01:00
Zhenlei Huang 098b5d4dc7 ifnet: Initialize the address family dependent data region earlier
if_link_ifnet() adds the interface to the global network interface list,
and it is a natural synchronization point. With this change, any threads
that obtain the reference of the interface via ifunit(), ifunit_ref() etc.,
will be guaranteed to see the address family dependent data rightly.

The issue [1] reported by Mike Belanger also hints the potential race.

MFC note: this change depends on e64fe5ad3a, as calculating the max
IPv6 MTU through all the interfaces requires the current interface to
be added to the global network interface list firstly.

[1] https://lists.freebsd.org/archives/freebsd-net/2025-May/006817.html

Reviewed by:	glebius
MFC after:	1 month
MFC with:	e64fe5ad3a netinet6: Remove a set but not used global variable in6_maxmtu
Differential Revision:	https://reviews.freebsd.org/D49358
2025-05-22 23:00:05 +08:00
Mark Johnston 903d29469e vnode_if: Remove some branching around SDT probes in VOP wrappers
Now that SDT is implemented using hot-patching, SDT_PROBE* no longer
introduces a branch instruction, so the SDT_PROBES_ENABLED() check in
each VOP_*_APV() is not really worth preserving.

Reviewed by:	olce, kib
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D50423
2025-05-22 14:37:49 +00:00
Christos Margiolis 30fd79b0c0 sndctl(8): Fix dp->realtime
Currently it's automatically set to 0 in read_dev() as a result of
allocating dp with calloc().

Sponsored by:	The FreeBSD Foundation
MFC after:	1 day
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D50400
2025-05-21 21:31:28 +02:00
Christos Margiolis 52c4263274 sndctl(8): Allow read-only sysctls
Needed by follow-up patch.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 day
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D50398
2025-05-21 21:31:23 +02:00
Christos Margiolis ac86e65e0e sndctl(8): Remove unnecessary val variable from sysctl functions
No functional change intended.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 day
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D50397
2025-05-21 21:31:17 +02:00
Philip Paeps 23a0c88b03 zoneinfo: don't install version
The commit teaching the build to install tzdata.zi for libcxx also
instals version.  It turns out this makes at least one piece of third
party software cry: rubygem-tzinfo expects any file in zoneinfo to be at
least 44 bytes long.  Clearly this is a bug in rubygem-tzinfo but since
nothing actually uses version, we may as well not install it ... as we
did previously.

Reported by:	delphij
Fixes:		91506dba7f zoneinfo: also install tzdata.zi and version
MFC after:	1 day
2025-05-22 01:17:49 +08:00
Alexander Ziaee bbc0b39ef7 make.conf.5: add CPUTYPE?= note from UPDATING
Cross-compilation needs CPUTYPE to be set with ?= to be overideable via
make targets. This has historically been mentioned in the FOOTNOTES of
UPDATING. Note that in the CPUTYPE documentation in make.conf(5) for
discoverability. Leave it in UPDATING for now to create no regression in
the doc there.

MFC after:		3 days
Reviewed by:		carlavilla, ivy
Approved by:		carlavilla (mentor)
Differential Revision:	https://reviews.freebsd.org/D50277
2025-05-21 12:43:39 -04:00
Alexander Ziaee 1a060e4f1b build.7: PORTS_MODULES incompatible with pkgbase
Add a note until we can fix this.

Reviewed by:		carlavilla, emaste, ivy
Approved by:		carlavilla (mentor)
Differential Revision:	https://reviews.freebsd.org/D50355
2025-05-21 12:40:29 -04:00
Alexander Ziaee 7098712bbf SPDX: Tag BSD-4.3TAHOE
TIL traceroute.8 has one of the oldest liceses, predating BSD-4-Clause!
The SPDX tag was not even on Wikipedia. These are all the files I could
find in the tree with git grep that look like the license reported on
the SPDX website, including one that was misfiled.

Ref:			https://spdx.org/licenses/BSD-4.3TAHOE.html
MFC after:		3 days
Reported by:		brooks
Reviewed by:		brooks, carlavilla, imp, ivy
Approved by:		carlavilla (mentor)
Differential Revision:	https://reviews.freebsd.org/D50362
2025-05-21 12:37:10 -04:00
Alexander Ziaee 22348fb999 bhyvectl.8: Polish
+ Add how to find open VMs in the example, linking `apropos Pa=/dev/vmm`
+ Move note about additional bhyve options after options for flow
+ Reclaim some space by shortening <filename> to <file>
+ Align options list width, tested at MANWIDTH 59 and 80
+ Remove unnecessary roff quoting and tag SPDX

MFC after:		3 days
Reviewed by:		carlavilla, markj, mhorne
Approved by:		carlavilla, mhorne (mentors)
Differential Revision:	https://reviews.freebsd.org/D48401
2025-05-21 12:33:37 -04:00
Ed Maste 366a9fb9e7 release: Add ${PKGBASE_REPO} dependency for dvd
A user may build only dvd1.iso, which would fail if the pkgbase-repo
did not already exist.  Builds using `make release` build disc1 before
dvd1 so that case would work, but it must be possible to build only
one artifact.

Fixes: 62d18f8c4c ("release: Add -DPKGBASE option to include pkgbase packages")
Sponsored by:	The FreeBSD Foundation
2025-05-21 08:48:50 -04:00
Zhenlei Huang c485a58f51 UPDATING: Add an entry for the removal of in6_maxmtu 2025-05-21 18:11:03 +08:00
Zhenlei Huang e64fe5ad3a netinet6: Remove a set but not used global variable in6_maxmtu
and its setter in6_setmaxmtu().

This variable was introduced by the KAME projec [1]. It holds the max
IPv6 MTU through all the interfaces, but is never used anywhere.

[1] 82cd038d51 KAME netinet6 basic part(no IPsec,no V6 Multicast
                 Forwarding, no UDP/TCP for IPv6 yet)

Reviewed by:	glebius
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D49357
2025-05-21 18:09:01 +08:00
Lexi Winter 59ee9260e6 ifconfig: reject netmask and broadcast for inet6
We don't support setting netmask or broadcast address for INET6
addresses, and trying to do crashes ifconfig.  Handle this the
same way as af_link, by rejecting attempts to configure these
parameters.

PR:	286910
Reported by:	Hayzam Sherif <hayzam@alchemilla.io>
MFC after:	3 days
Reviewed by:	zlei, kevans, des, cy
Approved by:	kevans (mentor)
Differential Revision:	https://reviews.freebsd.org/D50413
2025-05-21 06:46:17 +01:00
Ed Maste 059fbe9a71 elf.5: Add NT_FREEBSD_FCTL_LA48 and NT_FREEBSD_FCTL_LA57
Reviewed by:	kib
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50443
2025-05-20 23:19:29 -04:00
Gleb Smirnoff eafe5967ac unix: fix EVFILT_WRITE when peer close(2)s and shutdown(2)s
For the close(2) case restore reporting the event with EV_EOF set.  This
fixes bug 286692.

For the shutdown(2) case restore original behavior, but leave comment that
we may want to change that.  The d157927807 was not intended to bring in
functional API changes.

Provide tests for both cases.

PR:			286692
Fixes:			d157927807
2025-05-20 19:54:51 -07:00
Gleb Smirnoff d5566d7556 rpc.tlsservd: fix on a machine with just one CPU
Reported by:		rmacklem
Fixes:			8e5f80da89
2025-05-20 19:54:38 -07:00
Kyle Evans 137de4b34d Merge commit '2a7e45eef31292cf9dd82caf3346eb2acb5b6225'
Update wireguard-tools to the latest version, which has some stubbed out support
for incremental Allowed-IPs updates that we would need to add kernel support
for.
2025-05-20 20:36:07 -05:00
Kyle Evans 2a7e45eef3 wireguard-tools: update to v1.0.20250521
This includes the following notable changes:
 - Fix for "wg show all endpoints"
 - Fix for INET6-only FreeBSD kernels rolled in
 - Some stubs for incremental updates of AllowedIPs
 - Handling of strdup(3) failure in config bits
2025-05-20 20:34:11 -05:00
Jasper Tran O'Leary 3d2957336c gve: Add callout to detect and handle TX timeouts
A TX timeout occurs when the driver allocates resources on a TX queue
for a packet to be sent, prompts the hardware to send the packet, but
does not receive a completion for the packet within a given timeout
period. An accumulation of TX timeouts can cause one or more queues to
run out of space and cause the entire driver to become stuck.

This commit adds a lockless timer service that runs periodically and
checks queues for timed out packets. In the event we detect a timeout,
we prompt the completion phase taskqueue to process completions. Upon
the next inspection of the queue we still detect timed out packets, if
the last "kick" occurred within a fixed cooldown window, we opt to
reset the driver, even if the prior kick successfully freed timed out
packets.

Signed-off-by: Jasper Tran O'Leary <jtranoleary@google.com>

Reviewed by:	markj, ziaee
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D50385
2025-05-20 23:50:59 +00:00
Jasper Tran O'Leary b044f12537 gve: Use load-acquire to fetch generation bits
When running the driver using the DQO queue format, we must load the
generation bit and check it before possibly reading the rest of the
descriptor's fields.

Previously, we guarded against reordering of reads using an explicit
thread fence. This commit changes the thread fence to a load with
acquire semantics. Because the tx and rx generation fields are in a
bitfield, we cannot explicitly address them in an atomic load. Instead
we load the respective containing bytes in the descriptor and mask them
appropriately.

Signed-off-by: Jasper Tran O'Leary <jtranoleary@google.com>

Reviewed by:	markj
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D50384
2025-05-20 23:50:59 +00:00
Jose Luis Duran ac62b97951 openssh: Add ${SKSRCS} to libssh
sshkey.c references sshsk_sign(), which is defined in ${SKSRCS}.

Due to how FreeBSD builds libssh, or put differently, due to upstream
not building a shared libssh.so, we need to partially revert
65d8491719 ("secure: Adapt Makefile to ssh-sk-client everywhere"), and
add ${SKSRCS} back, to avoid linking problems, especially when building
with GCC:

    /usr/local/bin/ld:
    /usr/obj/usr/src/amd64.amd64/secure/lib/libssh/libprivatessh.so:
    undefined reference to `sshsk_sign'
    collect2: error: ld returned 1 exit status`

Put the sources in a separate line, to maintain line-by-line
compatibility with upstream Makefile.in

PR:		286580
Reviewed by:	emaste
Approved by:	emaste (mentor)
Fixes:	65d8491719 ("secure: Adapt Makefile to ssh-sk-client everywhere")
Differential Revision:	https://reviews.freebsd.org/D50020
2025-05-20 22:58:23 +00:00
Ed Maste 5b29ffe614 release.7: Document PKGBASE option
Reviewed by:	ziaee
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50382
2025-05-20 16:33:22 -04:00
Isaac Freund 62d18f8c4c release: Add -DPKGBASE option to include pkgbase packages
If this option is set, an offline repo of pkgbase packages corresponding
to base.txz and kernel.txz will be included in the disc1 release media
rather than the base.txz and kernel.txz tarballs.

Reviewed by:	bapt
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50346
2025-05-20 16:30:12 -04:00
Mark Johnston 1f922483cc capsicum: Statically initialize commonly used capability rights
Rather than initializing all of these sets during boot, define a macro
which can do so at compile-time.  This lets us get rid of the silly
sysinit and furthermore allows the sets to live in .rodata, where they
ought to be anyway.

The CAP_RIGHTS_INITIALIZER2 macro can create a set out of up to two
capsicum rights.  This could be made more general, but we currently
don't have any use for a more abstract implementation, so just keep it
simple for now.

Also remove the unused cap_chflags_rights symbol.

No functional change intended.

Reviewed by:	olce, oshogbo, kib
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D50420
2025-05-20 20:19:47 +00:00
Mark Johnston 5319cb2161 file: Qualify pointers to capsicum rights as const
File descriptor lookup routines typically take a set of capsicum rights
as input to the lookup, so that the fd's rights can be atomically
checked.  This set should be qualified with const.

No functional change intended.

Reviewed by:	olce, oshogbo, brooks, kib
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D50419
2025-05-20 20:19:30 +00:00
Ed Maste 084046ad8f usbhid.4: Add cross-references to "other USB HID drivers"
Reviewed by:	ziaee
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50437
2025-05-20 12:38:41 -04:00
Simon J. Gerraty 41cf74fe8c loader - guard against empty rootdev
At least one instance of u-boot pretending to be EFI
is passing empty rootdev to loader which does not end well.

A simple precaution is harmless.

Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D50334
2025-05-20 09:10:50 -07:00
Zhenlei Huang 0693c3f7cb ifnet: Integrate if_unroute() into if_down()
if_unroute() is static since 2004 and is not used anywhere except for
if_down().

This also makes it easier to grep by the pattern `if_flags &= ~IFF_UP`.

No functional change intended.

Reviewed by:	glebius
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D49356
2025-05-20 23:45:20 +08:00
Andriy Gapon 0d2fd5b99c ns8250: use LSR_THRE instead of LSR_TEMT for checking tx flush
LSR_TEMT bit is set if both transmit hold and shift registers are
empty, but the flush command flushes only the hold register.

While here, update the diagnostic message to report which registers
could not be flushed.

MFC after:	2 weeks
2025-05-20 17:55:18 +03:00
Bojan Novković 964b0ece79 makefs: Add tests for the -T flag
Add tests for the -T flag to each makefs backend. This includes tests
for both mtree and directory scan options.

PR:             285630
Sponsored by:   Klara, Inc.
Sponsored by:   The FreeBSD Foundation
Reviewed by:    markj, emaste, kevans, jlduran
Differential Revision:  https://reviews.freebsd.org/D49492
2025-05-20 11:50:31 +02:00