Currently, it is possible to execute bhyvectl(8) with mutually exclusive
options, such as "--destroy" and "--suspend", and it will print out
obscure errors, e.g.:
bhyvectl --suspend=/var/run/vms/my_vm --destroy --vm my_vm
connect() failed: Connection refused
Address that by failing early if mutually exclusive options were
specified.
Additionally, move the BHYVE_SNAPSHOT block before the errors are
printed, so its errors are also displayed.
Approved by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D54092
Currently, after suspending, bhyve(8) exits with 0. This code is
also used to indicate that a VM was rebooted. To differentiate
reboot and suspend, use the next available exit code, 5, for suspend.
Approved by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D54087
edk2 PciSioSerialDxe driver setup depends on subclass and function
being set, adding them does make it possible to access pci-uart
serial port from UEFI.
Reviewed by: corvink
Differential Revision: https://reviews.freebsd.org/D54167
Sponsored by: Edgecast Cloud LLC
Further explain that trim(8) is not for trimming free blocks
in populated file systems/ZFS pools, as people still take it wrong sometimes.
MFc after: 1 week
Normally after partitions are created by the installer, the 'mount'
script is used to mount the target disk partitions under /mnt. The
tail end of this script also mounts a couple of additional filesystems
under /mnt so that chrooted programs can work such as devfs and
/packages.
When the "Shell" option is used to permit the user to manually mount
the destination filesystem, the "mount" script is not used as the user
is instructed to mount the target filesystems and construct
/mnt/etc/fstab, etc. However, this means that the user is responsible
for mounting devfs (which is not included in /etc/fstab) and /packages
as well. The help message for the "Shell" option doesn't mention
these requirements, so users may not know to do so. This can lead to
confusing errors as chrooted commands can fail to find needed /dev
entries. For example, running fwget to fetch wireless firmware fails
because /dev/pci doesn't exist.
To make this less painful for users using this option, split out the
bottom half of the 'mount' script that mounts these non-fstab-related
filesystems into a separate 'mount_aux' script. Invoke 'mount_aux'
after using "Shell" to create the filesystem to ensure that these
filesystems are always present.
PR: 290901
Reported by: Peter <freebsd@peterk.org>
Tested by: Peter <freebsd@peterk.org>
Differential Revision: https://reviews.freebsd.org/D53770
There was a reason for this, but it does not apply anymore.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D54031
These days most end users are likely using pre-built packages, not
locally-built ports. Thus be sure to mention this as an important case,
and put it ahead of ports.
Reviewed by: emaste
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D42968
With the reimplementation in C of certctl, the environment variable
previously known as CERTDESTDIR was renamed to TRUSTDESTDIR for
consistency.
Although the previous variable is still valid, prefer the new one, as it
is described in the manual page, while the old one is not.
Reviewed by: des
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D54044
On inital import the name of HCCPARAMS1 was misnamed as HCSPARAMS0.
HCCPARAMS1 is defined in section 5.3.6 of xHCI Specification 1.2b (April
2023).
Reviewed by: adrian
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53895
The quantum cache is disabled, there is no uma.
Intent is to use this for resource allocation in bhyve(8), for start.
Addition of -luvmem to bhyve linking was done to test changes to share/mk.
Reviewed by: bnovkov, markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D27220
Rather than fetching packages directly from the CDN which currently
backs pkgbase.freebsd.org, requests will go to pkg.freebsd.org mirrors
and be 302ed to the correct servers. This adds ~70 seconds to the
process of installing or upgrading a pkgbase system; it also orphans
systems with 15.0-{PRERELEASE,ALPHA*,BETA*} installed since they are
expecting to see pkgbase files signed with the pkg keys, not the new
pkgbase signing keys.
Reviewed by: dch, philip
MFC after: immediately (for 15.0-RELEASE)
With hat: re
Requested by: clusteradm, core
Differential Revision: https://reviews.freebsd.org/D53964
Realtek changed how it styled its name 25 or so years ago, but the old
style persisted in many places. These products use the new styling in
their datasheets.
Signed-off-by: ykla yklaxds@gmail.com
Sponsored by: Chinese FreeBSD Community
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1901
The patch level is not part of the branch per se and should not be
used in constructing the FreeBSD-base.conf file used by bsdinstall.
MFC after: 1 day
When reading by sector (because reading a whole track failed), we can
accidentally fall into the "should not happen" path, which both
(a) emits a spurious error message and (b) fouls up our position
accounting going forward. Ensure we do not inappropriately fall into
that path.
Avoid obscuring the "short after" message in cases where it happens.
Signed-off-by: Matt Jacobson <mhjacobson@me.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1897
When in restricted mode, the slirp-helper process enters a capsicum
sandbox, after which we cannot look up the uid for the "nobody" user.
Reverse the order.
Reported by: kp
Fixes: 0e62ebd201 ("bhyve: Move the slirp backend out into a separate process")
The previous implementation implemented hostfwd rules which would allow
the host to connect to the guest via a NATed TCP connection. libslirp
also permits NAT in the other direction, but this was prevented by
bhyve's capsicum sandbox.
To make the slirp backend more useful, split the backend out into a
separate process which does not enter capability mode if outbound
connections are permitted (enabled by setting the new "open" keyword).
The process communicates with the bhyve network frontend (typically a
virtio network interface) using a unix SOCK_SEQPACKET socket pair. If
the bhyve process exits, the helper will automatically exit.
Aside from this restructuring, there is not much actual change. Many
slirp parameters are still hard-coded for now, though this may change.
The "restricted" feature is toggled by the new "open" keyword; in
particular, the backend is restricted by default for compatibility with
15.0 and 14.3.
Each packet now has to traverse an extra socket, but this overhead
should be acceptable given that the slirp backend cannot be said to
provide high-performance networking. With iperf3 I can get 4Gbps from
the guest to the host on a Zen 4 system.
MFC after: 1 month
Sponsored by: CHERI Research Centre (EPSRC grant UKRI3001)
Differential Revision: https://reviews.freebsd.org/D53454
Use [[:space:]] rather than a white space character to delimit the keys
and the values in the resolv.conf file.
PR: 236079
Reviewed by: des
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D53811
By default, setaudit(8) overwrites the whole audit session state. For
the purpose of overwriting only a single field, e.g., the audit user,
this is inconvenient. Add -U to accomodate this case: when specified,
setaudit(8) will first fetch the current session state block and then
will only overwrite those fields specified on the command line.
Reviewed by: csjp
MFC after: 2 weeks
Sponsored by: Modirum MDPay
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D53672
Unmodified sources from https://github.com/csjayp/setaudit at commit
aa4dd9dfa40b6437030d718834236f4eaeb18ccb.
Some follow-up changes will fix a few issues and make it easier to use
this utility in the rc framework.
Reviewed by: csjp
MFC after: 2 weeks
Sponsored by: Modirum MDPay
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D53669
Users report freebsd-update failing with "The update metadata index is
correctly signed, but failed an integrity check." Add a hint at which
of the cases is failing to help track down the issue.
PR: 264205
Reviewed by: dch
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52222
Floppies have been obsolete for over a decade. Add a deprecation note
now and plan to remove fdc(4) support in 16.
Reviewed by: ziaee
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41549
When performing a pkgbase install, create a configuration file in
/usr/local/etc/pkg/repos/FreeBSD.conf which enables the FreeBSD-base
repository. (This repository is defined in /etc/pkg/FreeBSD.conf as
being disabled by default.)
Reported by: Mark Millard
Reviewed by: markj
MFC after: immediately (needed for 15.0-RC1)
Differential Revision: https://reviews.freebsd.org/D53777
On -CURRENT and -STABLE this gets bits from pkg.freebsd.org; but we get
base system bits from pkgbase.freebsd.org for BETA/RC/RELEASE.
Note that this repository is disabled by default, but can still be used
by explicitly specifying it, e.g. "pkg upgrade -r FreeBSD-base".
With hat: re
MFC after: 8 hours (needed in 15.0-RC1)
When installing e.g. 15.0-RC1, we want to get files from the 15.0-RC1
pkgbase repository; but running 'pkg upgrade' after installation should
get the latest bits build from releng/15.0.
With hat: re
MFC after: 8 hours (needed in 15.0-RC1)
For BETA/RC/RELEASE builds, fetch files from the appropriate repository
on pkgbase.freebsd.org, using the appropriate signing keys. Note that
there is a separate repository for each BETA and RC; this ensures that
someone installing from e.g. a 15.0-RC1 ISO will get 15.0-RC1 bits and
not whatever happens to be the most recent build from releng/15.0.
With hat: re
MFC after: 8 hours (needed in 15.0-RC1)
The keys used for pkgbase signing are going to be placed in
/usr/share/keys/pkgbase-N where N is the FreeBSD major version
number; as such it's not sufficient to copy /usr/share/keys/pkg
into the install chroot, but instead we need /usr/share/keys/*.
With hat: re
MFC after: 8 hours (needed in 15.0-RC1)
Differential Revision: https://reviews.freebsd.org/D53753
* Rewrite the first paragraph to clarify that quot(8) only supports FFS.
* Document which options can or cannot be combined with each other.
MFC after: 1 week
Reviewed by: ziaee
Differential Revision: https://reviews.freebsd.org/D53727
The existing parser was needlessly complicated and wildly inconsistent
in how it handled invalid input. Rewrite using getline() and treat
invalid input consistently: silently ignore lines that don't begin with
a number, and print a warning if the inode number is out of range.
PR: 290992
MFC after: 1 week
Reviewed by: obrien
Differential Revision: https://reviews.freebsd.org/D53726
- Avoid some more registers with read side-effects during regdump.
- mps_tcam_size is 3x the size of T6/T5.
- Update rss_rd_row to work with T7.
Obtained from: Chelsio Communications
MFC after: 1 week
Sponsored by: Chelsio Communications
pccard has been declared obsolete for a long time and also the
support has been removed but the man page still exists. It mentions
being scheduled to be removed before 13.0 but it still exists in the
tree.
[Extracted from review D53434]
Reviewed by: emaste
Fixes: 31b35400c ("pccard: Remove more of the PC Card infrastructure")
This is consistent with other operating systems and with bsdinstall's
UFS config and with bsdinstall's ZFS config prior to commit
0b7472b3d8.
Fixes: 0b7472b3d8 ("Mount the EFI system partition (ESP) on newly-installed systems.")
Reviewed by: imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53642
If we request a /dev/dsp virtual_oss(8) device, we have to replace the
sound(4) one by first disabling hw.snd.basename_clone. This sysctl tells
sound(4) to not create the /dev/dsp alias for the default device. There
are currently two issues with the way this is handled by virtual_oss(8),
however:
1. It uses system(3) instead of sysctlbyname(3).
2. It does not restore hw.snd.basename_clone to its original value, so
if prior to virtual_oss(8) running, hw.snd.basename_clone was enabled
(which is the case by default), and it is closed at some point,
hw.snd.basename_clone stays disabled, which is annoying, because
users have to manually restore it, otherwise applications that open
the default device (i.e., most) will not work.
Fix both issues.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D53621