These system calls exist to decouple the Linux filesystem credentials
from the effective credentials, avoiding signal exposure during
privilege transitions.
The signal permission model that motivated this was revised
in Linux 2.0, making these syscalls obsolete for new applications.
Implement both syscalls as no-ops that return the current effective
UID/GID as the previous filesystem UID/GID.
Linux returns the previous filesystem UID/GID for these syscalls
with no error indication.
Same for the equivalent setfsuid16() & setfsgid16() system calls.
Signed-off-by: Ricardo Branco <rbranco@suse.de>
PR: 294879
Reviewed by: kib, pouria
Pull-Request: https://github.com/freebsd/freebsd-src/pull/2175
We note a reason why you might need it, but there's an equally important
reason you may need to omit it: interpreted programs. Add a note
accordingly, along with the workaround configuration if there's reason
you can't help it.
PR: 294780
Reviewed by: Jan Bramkamp <crest_freebsd_rlwinm.de>, kib
Differential Revision: https://reviews.freebsd.org/D56704
Besides being a little hard to parse through visually, this had its own
bug of inspecting st->st_mode to determine what to pass to devname(3),
which is only correct for st_rdev.
For st_dev, you're likely to be looking at files or directories and
attempting to assess what device they're located on, so the mode is
meaningless- we just have to assume that our filesystems are on
character devices and attempt to resolve st_dev as such.
Reviewed by: des, kib (previous version)
Differential Revision: https://reviews.freebsd.org/D56565
The getgroups test is a NetBSD tests, so just apply our larger hammer
and disable the feature entirely. The audit test can take a more
surgical approach and use __ssp_real() appropriately, since it's a local
one.
PR: 294881
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56735
Annex K specifies an interface for handling constraint violations from
gets_s, but we previously broke this for some classes of get_s misuse.
Provide a more nuanced version that tries to dodge errors that would
trigger a constraint handler while still providing value. Notably, we
don't want to trigger a failure unless the passed-in length reasonably
fits within an RSIZE_MAX, because gets_s will immediately call larger
lengths bogus and fail.
PR: 294881
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56734
For native files we can do more minimal fixes to avoid this large of a
hammer, but for third party files it may not be worth the effort to try
and patch them. NetBSD has the original _FORTIFY_SOURCE implementation
that ours is based on, for instance, but tests sourced from there can't
do an __ssp_real(foo) without being certain that `foo` actually has a
fortified definition.
This change does always define _FORTIFY_SOURCE as a result, so gate it
on CFLAGS not already containing _FORTIFY_SOURCE definitions.
PR: 294881
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56733
in cases there is no page pressure or when the user lost patience
waiting for very large allocation. Other case is already handled by
vm_wait_intr().
Reported by: "Lizzie from Eden Emulator project"
Reviewed by: adrian, markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D56725
Bring in upstream commit 2e75f0d93 fixing two CVEs. Upstream commit
log is:
In parse_nego_message(), check the result of the second call to
vector_base() before dereferencing it. In parse_message(), check for
a short header_len to prevent an integer underflow when calculating
the remaining message length.
Reported by Cem Onat Karagun.
CVE-2026-40355:
In MIT krb5 release 1.18 and later, if an application calls
gss_accept_sec_context() on a system with a NegoEx mechanism
registered in /etc/gss/mech, an unauthenticated remote attacker can
trigger a null pointer dereference, causing the process to terminate.
CVE-2026-40356:
In MIT krb5 release 1.18 and later, if an application calls
gss_accept_sec_context() on a system with a NegoEx mechanism
registered in /etc/gss/mech, an unauthenticated remote attacker can
trigger a read overrun of up to 52 bytes, possibly causing the process
to terminate. Exfiltration of the bytes read does not appear
possible.
Earlier work (40bcad56f - powerpc/pic: Add a PIC_AP_INIT() to
set up AP PIC info) broke booting my dual G5 powermac.
After much digging, jhibbits@ and I discovered that the openpic
implementation for the memory/bus controller used in the G5 CPUs
doesn't implement /all/ of the openpic specification.
Notably it sticks the WHOAMI register in a different location.
This is reading 0x0 back for all the PICs which is .. very not great.
So to restore the previous behaviour, use a quick for now that jhibbits@
can set appropriately to trust WHOAMI.
I've tested this on my dual G5 PPC and it boots/runs fine.
Fixes: 40bcad56f
Reviewed by: jhibbits
Differential Revision: https://reviews.freebsd.org/D56751
Get the next hops of the specified route.
route.8 manual will be updated when other actions for
this option are implemented.
Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D56191
Added tests:
* Test for creating multiple routes.
* Test for merge multiple nexthops into a single nexthop group.
* Test for nexthop expirations from a nexthop group.
Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D56190
Before this patch, netlink never returned RTA_MULTIPATH.
Also, add RTA_MULTIPATH attribute in way that don't confuse
non-mpath support consumers.
Differential Revision: https://reviews.freebsd.org/D56188
Routing subsystem allows creating new multipath routes by
nexthop groups (e.g RTA_MULTIPATH in netlink), in case of
a second nexthop group on the same route, don't panic and
merge the existing nhgrp with new one.
Reviewed by: melifaro (except one comment)
Differential Revision: https://reviews.freebsd.org/D56187
The only use for callbacks for NFSv4.0 is delegations
and delegations rarely work well for NFSv4.0 anyhow.
Therefore, this patch disables callbacks for the
NFSv4.0 client. This is the same behavior as
occurred when the nfscbd(8) daemon was not running.
This change allowed a function called nfscl_getmyip()
to be removed from the kernel, which is nice since
maintaining this function was bothersome, due to its
use of routing, etc.
MFC after: 2 weeks
Add an example for allowing members of the network group to read from
bpf devices. In particular, this allows members of the network group
to monitor traffic without running with root privileges.
Reviewed by: markj, glebius
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D56742
Instead of printing the driver version over and over again if multiple
controllers are used, set a sysctl name for the used driver version.
Approved by: imp, ziaee
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D56110
Kernel timestamps are relative to kern.boottime.
With -t, kern.boottime is added and converted to either
a default format or the one specified using the -f option.
Signed-off-by: Andre Albsmeier <mail@ghub.e4m.org>
Reviewed by: kib, pouria
Discussed with: imp
Pull-Request: https://github.com/freebsd/freebsd-src/pull/1985
* Don't iterate over each string three times; once is enough.
* Reject control characters (anything below space) in addition to the
double quote and backslash.
* If an unsafe character is encountered, discard the string instead of
rejecting the entire lease.
* If backslashes are encountered in the file name option, convert them
to forward slashes instead of rejecting the option.
* Tweak the warning messages a bit. Looking through the rest of the
code, it seems to me that notes generally end with a period while
warnings generally don't.
Fixes: 8008e4b88d ("dhclient: Check for unexpected characters in some DHCP server options")
PR: 294886
MFC after: 1 week
Reviewed by: brooks, markj
Differential Revision: https://reviews.freebsd.org/D56740
Apply the appropriate quirk. Also, introduce a new uaudio_vendor_audio
table, similar to uaudio_vendor_midi, which includes non-standard USB
audio devices. The Roland UA-33 needs this, bceause it comes with
bInterfaceClass = 0xff (vendor-specific), so snd_uaudio(4) doesn't
detect it.
PR: 294814
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: emaste
Pull Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/24
Which contains only the source code file.
While here, remove trailing empty lines in the end of the page.
Reviewed by: mhorne
Differential Revision: https://reviews.freebsd.org/D56659
This macro will return non-zero if there are threads waiting for this
lock; otherwise, it will return zero.
The function assumes (but does not assert) that the caller already holds
the lock and that it is interested in other threads waiting for it to
release the lock.
The motivation to add this is the implementation of
`rwsem_is_contended()` in linuxkpi.
This Linux function indicates the same thing to the caller: if other
threads are waiting for this semaphore.
The amdgpu DRM driver started to use `rwsem_is_contended()` in Linux
6.12.
Reviewed by: bz, olce
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56443
They use another set of constants and macros in <asm/intel-family.h>.
All these macros are defined regardless of the architecture, even though
they are specific to x86. Perhaps we should restrict them using #ifdefs.
The amdgpu DRM driver started to used `VFM_MODEL()` and the
`INTEL_*LAKE*` constants in Linux 6.12.x.
Reviewed by: bz, olce
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56585
Due to misplacement of the second -L argument of diff command, it is
treated by getopt_long as an error.
Also add -l option for a diff command that alters the way it shows
differences. Instead of printing full diff, it reports changed file
the same way as added/removed files are reported.
Reviewed by: imp
Obtained from: Yandex LLC
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56708
In order to improve the efficiency of block read/write calls, Intel has
introduced a block buffer. Instead of generating an interrupt after
receiving/sending a single byte, the data is buffered in the block buffer. It
allows the SMBus controller to generate a single interrupt for the whole
transfer. At the moment, we don't support that and don't expect the SMBus
controller to behave in that way. Unfortunately, BIOS code can also access the
SMBus controller and may enable the block buffer. Poorly written BIOS code may
also keep the block buffer enabled breaking our driver. Therefore, we should
check if the device supports a block buffer and disable it for every request
because we don't know if some BIOS code has reconfigured the SMBus controller
in between.
Reviewed by: emaste
MFC after: 1 week
Sponsored by: Beckhoff Automation GmbH & Co. KG
Pull Request: https://github.com/freebsd/freebsd-src/pull/2161
For some reason, we've incorrectly calculated the size of the CRB data buffer
register. There's no need to divide the CRB data buffer size by 4. We should
allow access to the whole buffer instead.
Reviewed by: markj
MFC after: 1 week
Sponsored by: Beckhoff Automation GmbH & Co. KG
Pull Request: https://github.com/freebsd/freebsd-src/pull/2169
In Linux 7.1, `__copy_from_user_inatomic_nocache()` was renamed to
`copy_from_user_inatomic_nontemporal()`. This change was backported to
several LTS branches.
This includes Linux 6.12.x and the i915 DRM driver started to use it in
that version.
Reviewed by: bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56719
The `DEFINE_XARRAY*()` macros are used to declare a static xarray.
As the structure embeds a mutex(9), we also need to declare the static
mutex after the `struct xarray`. Thus the slightly awkward definition
of `DEFINE_XARRAY_FLAGS()`.
The DRM generic code started to use `DEFINE_XARRAY_ALLOC()` in Linux
6.12.
Reviewed by: bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56446
The `xa_alloc*()` functions family takes a `struct xa_limit` to describe
the range of IDs the caller wants to allocate. We were using a single
mask to qualify a maximum ID only.
This commit changes that to use the same `struct xa_limit`. The logic
did not change, except it now supports a minimum ID as well.
The definition of `XA_LIMIT()` macro is adapted, as well as the
definitions of `xa_limit_*` (only `xa_limit_32b` existed, the other two
are added with this commit).
The DRM generic code started to use this `struct xa_limit` in Linux
6.12.
Reviewed by: bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56445
This is the DDB equivalent of the debug.dump_modinfo sysctl which
outputs pretty-printed bootloader metadata.
Move sbuf_db_printf_drain to subr_prf.c and expose it for general use.
Reviewed By: jmg
Differential Revision: https://reviews.freebsd.org/D53763
Probe SMC keys at attach time to detect hardware capabilities,
supporting all Intel Apple machines without per-model entries.
Sensors are discovered by scanning sorted SMC key ranges for
known prefixes and types. Capabilities such as SMS, fan safe
speed, and ambient light are detected by key presence.
A global key description table provides human-readable names
for well-known temperature sensors.
Tested on:
- MacBook Pro (Early 2007, Mid 2014, Mid 2015)
- MacBook Air (Early 2015, Mid 2017)
- iMac (Mid 2011, Late 2013)
- Mac mini (Mid 2011)
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D56405