Add myself (aokblast@) as a new src committer with lwhsu@ and markj@ as my
mentor.
Accepted By: markj (mentor), lwhsu (mentor)
Differential Revision: https://reviews.freebsd.org/D51130
Some errors in ether_gen_addr() caused us to generate MAC addresses out
of range, and the ones that were within range had other errors causing
the pool of addresses that we might actually generate to shrink.
Fix both prblems by using only two bytes of the digest and then OR'ing
against the mask, which has the appropriate byte set for the fourth
octet of the range already; essentially, our digest is only contributing
the last two octets.
Change is the author, but any blame for the commit message goes to
kevans.
PR: 256850
Relnotes: yes
Ethernet MAC addresses are currently generated by concatenating the
first bytes of a SHA1 digest. However the digest buffer is defined as a
signed char buffer, which means that any digest digit greater than 0x80
will be promoted to a negative int before the concatenation.
As a result, any digest digit greater than 0x80 will overwrite the
previous ones throught the application of the bitwise-or with its 0xFF
higher bytes, effectively reducing the entropy of addresses generated
and significantly increasing the risk of conflict.
Defining the digest buffer as unsigned ensures there will be no unwanted
consequences during integer promotion and the concatenation will work as
expected.
Signed-off-by: Quentin Thébault <quentin.thebault@defenso.fr>
Closes: https://github.com/freebsd/freebsd-src/pull/1750
This broke `make makeman` by unconditionally adding output to all top
level targets. Lacking an obvious and trivial workaround, it makes
sense to back it out and rethink.
This reverts commit afa70490ee.
PR: 287274
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D51119
This way it is clear which type uses which members.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D51127
Commit 50e733f19b broke kernel builds without "options UFS_ACL".
This patch fixes it.
Reviewed by: kib, markj
Differential Revision: https://reviews.freebsd.org/D51131
Fixes: 50e733f19b ("nfscl: Use delegation ACE when mounted with nocto")
When patching, we use the querydiffs endpoint to get a name and email
for the revision's author. It's possible that this info isn't recorded,
in which case the results after post-processing are just "null".
However, if the diff has multiple revisions, the endpoint returns an
entry for each one, some of which may contain author info, others not.
So, the deleted code which tries to filter out "null" isn't sufficient,
since the value in question might be something like "<valid
name>\nnull".
Try to make this filtering a bit smarter to avoid generating incorrect
author info.
Reviewed by: jlduran
Reported by: des
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D51065
When looking up symbol values, we map ifunc symbols to the value
returned by the resolver. However, the returned symbol size is still
that of the resolver. Be consistent and provide the size of the
implementation symbol as well.
This fixes an inconsistency in dtrace's FBT provider, which enumerates
all function symbols and disassembles their values, using the symbol
size as the bound for the disassembly loop. In particular, for ifuncs,
we were not creating return probes.
Reviewed by: kib
MFC after: 2 weeks
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D50683
In normal operation, we get an FTS_D entry when we enter a directory
and a matching FTS_DP entry when we leave it. However, if an error
occurs either changing to or reading a directory, we may get an FTS_D
entry followed by FTS_DNR or even FTS_ERR instead. Since FTS_ERR can
also occur for non-directory entries, the only reliable way to keep
track of when we leave a directory is to compare fts_level to our own
depth counter.
This fixes a rare assertion when attempting to recursively copy a
directory tree containing a directory which is either not readable or
not searchable.
While here, also add a test case for directory loops.
Fixes: 82fc0d09e8
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D51096
When VHE isn't implemented then the HCR_EL2.E2H field should be 0. Move
setting it to the VHE path of the early boot code so it is only set
when supported.
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D51103
Now we have a macro to check if a feature is supported in an ID
register we can use it to see if VHE is supported.
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D51102
Set the pointer authentication ID fields and HWCAPs for userspace when
it is present.
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D50982
`pfctl -a foo' would do nothing with the non-existent anchor and exit 0.
This implements behaviour as documented in pfctl(8):
-a anchor
Apply flags -f, -F, and -s only to the rules in the specified
anchor.
While here, hoist a duplicate "_" check by using the more mnemonic `mode'.
OK henning sashan
Obtained from: OpenBSD, kn <kn@openbsd.org>, 574cdb686a
Sponsored by: Rubicon Communications, LLC ("Netgate")
This has been unused for years.
While here, zap the duplicate function signature from pfctl.h (already
present in pfctl_parser.h); spotted by sashan, thanks.
OK sashan
Obtained from: OpenBSD, kn <kn@openbsd.org>, f0bb6ca5dd
Sponsored by: Rubicon Communications, LLC ("Netgate")
Instead of masking the host address in two different ways, just fill it
no matter the address family. In case of AF_INET, setting the extra 96 bit
does not hurt.
While here, stop resetting `af' for no reason and move up the variable
declaration.
OK benno sashan
Obtained from: OpenBSD, kn <kn@openbsd.org>, 53f568abff
Sponsored by: Rubicon Communications, LLC ("Netgate")
A script that does the following:
cd "${dir}" || exit 1
would incorrectly remain in the current directory when `${dir}` is
an empty string under the current implementation. This behavior,
while historical, is potentially dangerous, as it is likely not
what the script author intended.
Change the command to treat an empty string as an error and emit a
diagnostic message to standard error, as required by
IEEE Std 1003.1-2024.
PR: standards/287440
Test Plan: kyua test bin/sh
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D50974
MFC after: 3 days
Reviewed by: Pau Amma <pauamma@gundo.com>
Reviewed by: Felix Johnson <felix.the.red@gmail.com>
Differential Revision: https://reviews.freebsd.org/D51117
When -t parameter is used, bectl prints a complementary message "for
next boot" on a second line. Change it to print entire message on a
single line.
Reviewed by: kevans
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D49439
Commit 2ec2ba7e231d added O_NAMEDATTR for support
of the Solaris style extended attribute mechanism.
This patch adds O_XATTR as a synonym so that
software that has Solaris extended attribute support
can be built easily.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D51099
Replace "ifconfig -ul" with "ifconfig -n" because netlink-enabled
/sbin/ifconfig utility has sub-optimal performance for listing.
Combined with the commit b1b17432aa,
these changes mostly eliminate performance regression of the command
"service devd start" for a system having hundreds of network interfaces
created before devd starts, after FreeBSD 14+ switched
/sbin/ifconfig to netlink(4)
PR: 287872
MFC-after: 2 weeks
This change produced by melifaro and the commit is concerted with him
as he is pretty busy IRL these days.
The change restores performance of /sbin/ifconfig utility
for non-listing case after it switched from rtsock to netlink(4) API
in FreeBSD 14+.
PR: 287872
MFC-after: 2 weeks
In bootstrap-tools we search for some tools to copy into the obj tree.
If the tool is missing in the host environment then the '[ ! -e ... ]'
check will fail as which will print '<tool> not found'.
There is an issue that which will also return an error so we never get
to the check and don't print the error message. As which outputs an
invalid path on failure we can just add || true to ensure make
continues.
Reviewed by: kevans
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D51075
And apparantly the CI env already has an md device so be relaxed about which md device is added.
PR: 186252
Reported by: markj
Fixes: 1ee33e3a57 "swapon: parse md.eli device for encrypted swapfile from fstab"
Pull Request: https://github.com/freebsd/freebsd-src/pull/1747
Commits 171f66b0c2 and 8e2a90ac80 changed the internal
api between nfscommon.ko and the other nfs modules.
Bump __FreeBSD_version to 1500049 for this.
All NFS related modules must be rebuilt from up-to-date
sources.
Instead of doing the same dance with every caller, check for user provided
mask or address familiy specific maximum inside the function itself.
Feedback and OK claudio
Obtained from: OpenBSD, kn <kn@openbsd.org>, c04427dd30
Sponsored by: Rubicon Communications, LLC ("Netgate")
This brings it in line with host() and host_dns().
OK sashan miko
Obtained from: OpenBSD, kn <kn@openbsd.org>, d127311405
Sponsored by: Rubicon Communications, LLC ("Netgate")
This avoids a duplicate strrchr() call and makes the function consistent
with host_v6() regarding mask handling.
While here, use the destination's size in memcpy instead of hardcoding its
type.
OK sashan
Obtained from: OpenBSD, kn <kn@openbsd.org>, a7ede25358
Sponsored by: Rubicon Communications, LLC ("Netgate")
Simply defer checks whether a mask has been specified to where it's set in
host_*(); this is to reduce address family specific code.
OK sashan
Obtained from: OpenBSD, kn <kn@openbsd.org>, 17e25e9423
Sponsored by: Rubicon Communications, LLC ("Netgate")
This is simpler than checking three cases for `q' and gives nicer error
messages. While here, use `v6mask' as maximum netmask instead of hardcoding
it.
OK sashan
Obtained from: OpenBSD, kn <kn@openbsd.org>, e351e6cba3
Sponsored by: Rubicon Communications, LLC ("Netgate")
This simply puts the wiggle around inet_ntop() from four into one location.
OK benno
Obtained from: OpenBSD, kn <kn@openbsd.org>, 88d4e2f324
Sponsored by: Rubicon Communications, LLC ("Netgate")
`error' is not used so drop it and jump to the end.
OK sashan
Obtained from: OpenBSD, kn <kn@openbsd.org>, da7f49d74e
Sponsored by: Rubicon Communications, LLC ("Netgate")
For NFSv4.1/4.2, there is an ACE in the delegation reply.
Without this patch, this ACE is ignored by the NFSv4 client.
This patch enables use of the ACE to avoid the need for
Access RPCs when the "nocto" option is specified.
This requires a NFSv4.1/4.2 server that does not reply
with a bogus ACE that is too generous w.r.t. access permissions.
Note that the recent commit 0d51adee30 added use of the NFSv4
ACL for generation of the ACE in the reply. This patch might be
needed for this client change to work correctly if NFSv4 ACLs are
being used on the NFSv4.1/4.2 exported file systems.
This only affects NFSv4 mounts with the "nocto" mount option
and only if NFSv4 servers are issuing delegations with ACEs
that specify access. Some NFSv4 servers, such as the Linux
knfsd reply with ACEs that do not allow any access, so this
patch has no effect for them.
Tiny left over from 2003 when it was removed. Twist the logic by checking
for `show' and `test' to make it even simpler.
OK sashan henning
Obtained from: OpenBSD, kn <kn@openbsd.org>, 764778e2ff
Sponsored by: Rubicon Communications, LLC ("Netgate")
