Group CFLAGS variables together either on one line or all separate
depending on length.
Reviewed by: jhb
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D50463
This flag was initially an INVARIANT thing back in 2014, but we got
stuck with it until today. A bug with sendfile(2) headers/trailers
fixed as a side effect of refactoring.
and use it the pr_shutdown method. While unix/dgram can still use generic
socket socantrcvmore(), the stream versions need a specific one. This fixes
a panic reported by syzkaller. While here inline unp_shutdown() into
uipc_shutdown().
Reported-by: syzbot+86c18f0886f70a3509c6@syzkaller.appspotmail.com
This daemon has been removed; also remove things which reference it.
Reviewed by: manu, des, emaste
Approved by: des (mentor)
Differential Revision: https://reviews.freebsd.org/D50441
As of commit 41adc5f29b ("release: Always use NO_ROOT for distribute*
and package*") this packagekernel code path is never used, so remove it.
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50361
When adding a new interface to a bridge and allow_llz_overlap=0, which
is the default value, if_bridge checks if the interface has IPv6 link
local addresses assigned, and if it does, it calls in6_ifdetach() to
remove all IPv6 addresses from the interface.
This means it was possible to do this:
% ifconfig bridge1 create inet6 -ifdisabled auto_linklocal up
% ifconfig epair20 create inet6 -ifdisabled auto_linklocal up
% ifconfig bridge1 addm epair20a
... with the result that the link-local address on epair20a would be
removed, then the interface would be added to the bridge.
If member_ifaddrs=0, which is also the default value, this no longer
works:
% ifconfig bridge1 addm epair20a
ifconfig: BRDGADD epair20a: Invalid argument
This is because the member_ifaddrs check runs before allow_llz_overlap
does its thing, and returns EINVAL since the new interface has IP
addresses on it.
To restore the previous behaviour, reverse the order of these two
checks, so the IPv6 addresses are removed before we check whether
the interface has IPv6 addresses.
MFC after: 1 week
Reviewed by: kevans, kp
Approved by: kevans (mentor)
Differential Revision: https://reviews.freebsd.org/D50477
These now use bsddialog rather than prompting the user for input on the
console.
Reviewed by: emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50270
In icmp6_redirect_output() we potentially add padding, but failed to clear this
memory. This triggered a KMSAN panic during the sys/netinet/carp:unicast_v6
test.
Reviewed by: zlei
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D50461
Suppose a process has its cwd pointing to a nullfs directory, where the
lower directory is also visible in the jail's filesystem namespace.
Suppose that the lower directory vnode is moved out from under the
nullfs mount. The nullfs vnode still shadows the lower vnode, and
dotdot lookups relative to that directory will instantiate new nullfs
vnodes outside of the nullfs mountpoint, effectively shadowing the lower
filesystem.
This phenomenon can be abused to escape a chroot, since the nullfs
vnodes instantiated by these dotdot lookups defeat the root vnode check
in vfs_lookup(), which uses vnode pointer equality to test for the
process root.
Fix this by extending nullfs and unionfs to perform the same check,
exploiting the fact that the passed componentname is embedded in a
nameidata structure to avoid changing the VOP_LOOKUP interface. That
is, add a flag to indicate that containerof can be used to get the full
nameidata structure, and perform the root vnode check on the lower vnode
when performing a dotdot lookup.
PR: 262180
Reviewed by: olce, kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D50418
This allows us to change the VERSION_FILE used for loaders
as well as set NEWVERS_DATE and BUILD_UTC to reflect the publish
date of loaders for secure-boot.
Sponsored by: Juniper Networks, Inc.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D50478
- In send(2) don't update sb_acc if appending behind uxst_fnrdy
- In recv(2) don't read beyond uxst_fnrdy
- In the debug code allow ready, but blocked mbufs beyond uxst_fnrdy
This matches the style of the component selection dialog for traditional
tarball-based installations. The only difference is that there is
currently no ports component offered when using pkgbase.
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50178
The manual page says this is possible, but it's not. Make it possible.
Reviewed by: olce, kevans
Approved by: kevans (mentor)
Differential Revision: https://reviews.freebsd.org/D50451
if_link_ifnet() adds the interface to the global network interface list,
and it is a natural synchronization point. With this change, any threads
that obtain the reference of the interface via ifunit(), ifunit_ref() etc.,
will be guaranteed to see the address family dependent data rightly.
The issue [1] reported by Mike Belanger also hints the potential race.
MFC note: this change depends on e64fe5ad3a, as calculating the max
IPv6 MTU through all the interfaces requires the current interface to
be added to the global network interface list firstly.
[1] https://lists.freebsd.org/archives/freebsd-net/2025-May/006817.html
Reviewed by: glebius
MFC after: 1 month
MFC with: e64fe5ad3a netinet6: Remove a set but not used global variable in6_maxmtu
Differential Revision: https://reviews.freebsd.org/D49358
Now that SDT is implemented using hot-patching, SDT_PROBE* no longer
introduces a branch instruction, so the SDT_PROBES_ENABLED() check in
each VOP_*_APV() is not really worth preserving.
Reviewed by: olce, kib
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D50423
Currently it's automatically set to 0 in read_dev() as a result of
allocating dp with calloc().
Sponsored by: The FreeBSD Foundation
MFC after: 1 day
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D50400
Needed by follow-up patch.
Sponsored by: The FreeBSD Foundation
MFC after: 1 day
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D50398
No functional change intended.
Sponsored by: The FreeBSD Foundation
MFC after: 1 day
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D50397
The commit teaching the build to install tzdata.zi for libcxx also
instals version. It turns out this makes at least one piece of third
party software cry: rubygem-tzinfo expects any file in zoneinfo to be at
least 44 bytes long. Clearly this is a bug in rubygem-tzinfo but since
nothing actually uses version, we may as well not install it ... as we
did previously.
Reported by: delphij
Fixes: 91506dba7f zoneinfo: also install tzdata.zi and version
MFC after: 1 day
Cross-compilation needs CPUTYPE to be set with ?= to be overideable via
make targets. This has historically been mentioned in the FOOTNOTES of
UPDATING. Note that in the CPUTYPE documentation in make.conf(5) for
discoverability. Leave it in UPDATING for now to create no regression in
the doc there.
MFC after: 3 days
Reviewed by: carlavilla, ivy
Approved by: carlavilla (mentor)
Differential Revision: https://reviews.freebsd.org/D50277
Add a note until we can fix this.
Reviewed by: carlavilla, emaste, ivy
Approved by: carlavilla (mentor)
Differential Revision: https://reviews.freebsd.org/D50355
TIL traceroute.8 has one of the oldest liceses, predating BSD-4-Clause!
The SPDX tag was not even on Wikipedia. These are all the files I could
find in the tree with git grep that look like the license reported on
the SPDX website, including one that was misfiled.
Ref: https://spdx.org/licenses/BSD-4.3TAHOE.html
MFC after: 3 days
Reported by: brooks
Reviewed by: brooks, carlavilla, imp, ivy
Approved by: carlavilla (mentor)
Differential Revision: https://reviews.freebsd.org/D50362
+ Add how to find open VMs in the example, linking `apropos Pa=/dev/vmm`
+ Move note about additional bhyve options after options for flow
+ Reclaim some space by shortening <filename> to <file>
+ Align options list width, tested at MANWIDTH 59 and 80
+ Remove unnecessary roff quoting and tag SPDX
MFC after: 3 days
Reviewed by: carlavilla, markj, mhorne
Approved by: carlavilla, mhorne (mentors)
Differential Revision: https://reviews.freebsd.org/D48401
A user may build only dvd1.iso, which would fail if the pkgbase-repo
did not already exist. Builds using `make release` build disc1 before
dvd1 so that case would work, but it must be possible to build only
one artifact.
Fixes: 62d18f8c4c ("release: Add -DPKGBASE option to include pkgbase packages")
Sponsored by: The FreeBSD Foundation
and its setter in6_setmaxmtu().
This variable was introduced by the KAME projec [1]. It holds the max
IPv6 MTU through all the interfaces, but is never used anywhere.
[1] 82cd038d51 KAME netinet6 basic part(no IPsec,no V6 Multicast
Forwarding, no UDP/TCP for IPv6 yet)
Reviewed by: glebius
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D49357
We don't support setting netmask or broadcast address for INET6
addresses, and trying to do crashes ifconfig. Handle this the
same way as af_link, by rejecting attempts to configure these
parameters.
PR: 286910
Reported by: Hayzam Sherif <hayzam@alchemilla.io>
MFC after: 3 days
Reviewed by: zlei, kevans, des, cy
Approved by: kevans (mentor)
Differential Revision: https://reviews.freebsd.org/D50413
For the close(2) case restore reporting the event with EV_EOF set. This
fixes bug 286692.
For the shutdown(2) case restore original behavior, but leave comment that
we may want to change that. The d157927807 was not intended to bring in
functional API changes.
Provide tests for both cases.
PR: 286692
Fixes: d157927807
Update wireguard-tools to the latest version, which has some stubbed out support
for incremental Allowed-IPs updates that we would need to add kernel support
for.
This includes the following notable changes:
- Fix for "wg show all endpoints"
- Fix for INET6-only FreeBSD kernels rolled in
- Some stubs for incremental updates of AllowedIPs
- Handling of strdup(3) failure in config bits
A TX timeout occurs when the driver allocates resources on a TX queue
for a packet to be sent, prompts the hardware to send the packet, but
does not receive a completion for the packet within a given timeout
period. An accumulation of TX timeouts can cause one or more queues to
run out of space and cause the entire driver to become stuck.
This commit adds a lockless timer service that runs periodically and
checks queues for timed out packets. In the event we detect a timeout,
we prompt the completion phase taskqueue to process completions. Upon
the next inspection of the queue we still detect timed out packets, if
the last "kick" occurred within a fixed cooldown window, we opt to
reset the driver, even if the prior kick successfully freed timed out
packets.
Signed-off-by: Jasper Tran O'Leary <jtranoleary@google.com>
Reviewed by: markj, ziaee
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D50385
When running the driver using the DQO queue format, we must load the
generation bit and check it before possibly reading the rest of the
descriptor's fields.
Previously, we guarded against reordering of reads using an explicit
thread fence. This commit changes the thread fence to a load with
acquire semantics. Because the tx and rx generation fields are in a
bitfield, we cannot explicitly address them in an atomic load. Instead
we load the respective containing bytes in the descriptor and mask them
appropriately.
Signed-off-by: Jasper Tran O'Leary <jtranoleary@google.com>
Reviewed by: markj
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D50384
sshkey.c references sshsk_sign(), which is defined in ${SKSRCS}.
Due to how FreeBSD builds libssh, or put differently, due to upstream
not building a shared libssh.so, we need to partially revert
65d8491719 ("secure: Adapt Makefile to ssh-sk-client everywhere"), and
add ${SKSRCS} back, to avoid linking problems, especially when building
with GCC:
/usr/local/bin/ld:
/usr/obj/usr/src/amd64.amd64/secure/lib/libssh/libprivatessh.so:
undefined reference to `sshsk_sign'
collect2: error: ld returned 1 exit status`
Put the sources in a separate line, to maintain line-by-line
compatibility with upstream Makefile.in
PR: 286580
Reviewed by: emaste
Approved by: emaste (mentor)
Fixes: 65d8491719 ("secure: Adapt Makefile to ssh-sk-client everywhere")
Differential Revision: https://reviews.freebsd.org/D50020
If this option is set, an offline repo of pkgbase packages corresponding
to base.txz and kernel.txz will be included in the disc1 release media
rather than the base.txz and kernel.txz tarballs.
Reviewed by: bapt
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50346
Rather than initializing all of these sets during boot, define a macro
which can do so at compile-time. This lets us get rid of the silly
sysinit and furthermore allows the sets to live in .rodata, where they
ought to be anyway.
The CAP_RIGHTS_INITIALIZER2 macro can create a set out of up to two
capsicum rights. This could be made more general, but we currently
don't have any use for a more abstract implementation, so just keep it
simple for now.
Also remove the unused cap_chflags_rights symbol.
No functional change intended.
Reviewed by: olce, oshogbo, kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D50420
File descriptor lookup routines typically take a set of capsicum rights
as input to the lookup, so that the fd's rights can be atomically
checked. This set should be qualified with const.
No functional change intended.
Reviewed by: olce, oshogbo, brooks, kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D50419
At least one instance of u-boot pretending to be EFI
is passing empty rootdev to loader which does not end well.
A simple precaution is harmless.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D50334
if_unroute() is static since 2004 and is not used anywhere except for
if_down().
This also makes it easier to grep by the pattern `if_flags &= ~IFF_UP`.
No functional change intended.
Reviewed by: glebius
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D49356
LSR_TEMT bit is set if both transmit hold and shift registers are
empty, but the flush command flushes only the hold register.
While here, update the diagnostic message to report which registers
could not be flushed.
MFC after: 2 weeks
Add tests for the -T flag to each makefs backend. This includes tests
for both mtree and directory scan options.
PR: 285630
Sponsored by: Klara, Inc.
Sponsored by: The FreeBSD Foundation
Reviewed by: markj, emaste, kevans, jlduran
Differential Revision: https://reviews.freebsd.org/D49492