Don't mess with reference counts, but use RB_FOREACH_SAFE() so we can safely
delete even wildcard anchors.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Fixes: 029532e77b pf: also allocate ethernet anchors from a UMA zone
Fixes: 31131a9d6a pf: allocate pf_kanchor from a pool
Sponsored by: Rubicon Communications, LLC ("Netgate")
Users of MIT Kerberos expect the MIT pkgconfig files to be installed,
and won't work without them. For example, this breaks anything that
links against libcurl (ftp/curl) when curl is built with base GSSAPI.
Reviewed by: ngie, des, cy
Differential Revision: https://reviews.freebsd.org/D51842
MAP_GUARD was added prior to 12.0. We don't support such old kernels in
userspace so drop the support.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D50731
This was originally added for if_bridge_test:span which uses scapy, but
that requirement is now annotated in the test itself.
Remove the requirement so the remaining bridge tests can run without
Python installed.
Move the options from the VLAN filtering section into the main bridge
section. Some of these (e.g., ifuntagged and ifvlanproto) don't
specifically require VLAN filtering, and it would be confusing to
have only some of the vlan-related options in a separate section.
Differential Revision: https://reviews.freebsd.org/D51758
The ifuntagged option was added as part of the VLAN filtering feature,
but it's useful on its own to be able to place interface traffic in a
VLAN without having to configure every interface for VLAN filtering.
Always do the pvid processing in bridge even if IFBRF_VLANFILTER isn't
enabled, and don't prohibit configuring it.
Add a test for the specific case of setting untagged without vlanfilter.
This has no effect on bridges which don't have at least one interface
configured with ifuntagged.
Differential Revision: https://reviews.freebsd.org/D51760
Following the earlier removal of keyserv, none of this functionality
works since it requires keyserv.
Remove the relevant symbols from libc's Symbol.map. Leave compatibility
symbols for existing applications, but since the functions don't work
without keyserv, stub them out to return an error.
Remove some private symbols that were only used by keyserv; these don't
get compatibility symbols.
Remove the documentation for the old functions.
Remove rpc.ypupdated since it requires DES authentication.
Reviewed by: manu, des, emaste
Differential Revision: https://reviews.freebsd.org/D50442
Split the Kerberos rc scripts into two sections, one for MIT Kerberos
and one for Heimdal. Don't install Heimdal-specific rc scripts (e.g.,
kfd) for the MIT case.
This does not include an OptionalObsoleteFiles change (even though one
is needed) because that will be fixed later in a different way.
Reviewed by: des (previous version)
Differential Revision: https://reviews.freebsd.org/D51830
Currently we install /usr/include/gssapi/gssapi.h twice, once in
krb5/include/gssapi and once in krb5/lib/gssapi.
The version in krb5/include/gssapi is wrong: make searches ${.PATH} and
picks crypto/krb5/src/include/gssapi.h to install, but this is the file
which is supposed to be installed in /usr/include/gssapi.h.
The problem was masked by the fact that we install the correct
gssapi/gssapi.h later in krb5/lib/gssapi.
Remove gssapi.h and the unneeded ${.PATH} entry from krb/include/gssapi
and while here, remove the unused GSSAPI_KRB5 include group.
This change does not affect the ultimate result of installworld,
it just avoids installing the same file twice with different content.
PR: 288594
Reviewed by: brooks, des
Differential Revision: https://reviews.freebsd.org/D51840
When running an rc.d script outside of boot, ${_localbase} isn't set,
and rc.conf hardcodes the default value to /usr/local. Instead, try
to get the localbase from the user.localbase sysctl, and only fall
back to /usr/local if we can't for some reason.
This fixes e.g. /etc/rc.d/ldconfig when localbase has a non-default
value.
Reviewed by: imp, des
Differential Revision: https://reviews.freebsd.org/D51852
The pci_xhci driver requires the USB device version to be known before
allocating a hub port. To support this, we split the original xHCI
initialization into two phases:
1. Probe: Parse the nvlist and determine the device version.
2. Init: Complete initialization and set up the softc details.
This change ensures proper hub port allocation based on accurate device
version.
Approved by: markj (mentor)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D51478
Originally, this was an extra free, but ngie@ suggested this
change. Since that's the whole thing, I've set her as the author for
this ancient review instead of trix@juniper.net.
Sugggested by: ngie
Differential Revision: https://reviews.freebsd.org/D10063
Sponsored by: Netflix
The sleep is not time-bound. More, setting td_rtcgen and not clearing
it would cause future sleeps to be spuriously interrupted.
Reviewed by: imp, markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D51836
Commit 197997a broke handling of the offset
arguments to copy_file_range() when specified non-NULL.
The code fails to update the offsets and, as such, a loop like:
do {
len = copy_file_range(infd, &inpos, outfd, &outpos,
SSIZE_MAX, 0);
} while (len > 0);
becomes an infinite loop, just doing the same copy over and
over again.
This patch fixes it.
The clause "(foffsets_locked || foffsets_set)" in the if is not
actually needed for correctness, but I thought it made the code
a little more readable and might avoid some static
analyzer from throwing a "used before being set" for
the savinoff and savoutoff variables.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D51845
MFC after: 2 weeks
Fixes: 197997a4c3 ("file: Fix offset handling in kern_copy_file_range()")
kib@ noted that having COPY_FILE_RANGE_CLONE defined
in vnode.h was inappropriate, since it is meant to be used from
user space as well as kernel space.
This patch moves it into sys/unistd.h and reverts the addition
of it in vnode.h.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D51838
Fixes: 37b2cb5ecb ("vfs: Add support for file cloning to VOP_COPY_FILE_RANGE")
A very simple implementation as I don't have the patience right now
to write a full SWAR kernel. Should still do the trick if you wish
to opt out of SSE for some reason.
Reported by: Mikael Simonsson <m@mikaelsimonsson.com>
Reviewed by: strajabot
PR: 288321
MFC after: 1 month
This ensures O(1) behaviour if the character is a constant offset
from the end of the string, regardless of how long the string is.
Reported by: Mikael Simonsson <m@mikaelsimonsson.com>
Reviewed by: benni
PR: 288321
MFC after: 1 month
More fallout from a77e1f0f81.
When the tag has an alignment requirement but a small (remaining)
transfer size, the transfer will be rounded up to exceed its bounds,
resulting in memory corruption.
The issue is observed on powerpc as noted in the pull request:
https://github.com/freebsd/freebsd-src/pull/1415
I also observe the issue locally on riscv hardware, with an 8-byte
transfer having 64-byte alignment.
There is some uncertainty about the purpose/need for the alignment
roundup; both its original intention and present effect. Notably, it is
no longer present at all in arm/arm64 implementations. Possibly, this
roundup can be removed altogether, but this requires more careful
analysis of the edge-cases and history of the property.
For now, simply clamp sgsize to be no larger than the remaining buflen,
as this is certain to be correct within the current scheme and fixes
the affected transfers.
Discussed with: jhb, markj
MFC after: 3 weeks
Fixes: a77e1f0f81 ("busdma: better handling of small segment bouncing")
Sponsored by: The FreeBSD Foundation
Pull Request: https://github.com/freebsd/freebsd-src/pull/1415
Signed-off-by: Chattrapat Sangmanee <aomsin27@hotmail.co.th>
Co-authored-by: Chattrapat Sangmanee <aomsin27@hotmail.co.th>
Differential Revision: https://reviews.freebsd.org/D47807
* lib/msun/src/s_ccosh.c:
. Update Copyright years.
. sin() and cos() are needed at the same time, so use sincos() to
compute values. This does argument reduction once instead of twice.
. Replace '* 0.5' with '/ 2'. This reduces diff with s_ccoshf.c.
. For (LDBL_MANT_DIG == 53), add weak references for ccoshl and ccosl.
* lib/msun/src/s_ccoshf.c:
. Update Copyright years.
. sin() and cos() are needed at the same time, so use sincos() to
compute values. This does argument reduction once instead of twice.
. Replace '* 0.5F' with '/ 2'. This reduces diff with s_ccoshf.c.
* lib/msun/src/s_csinh.c:
. Update Copyright years.
. sin() and cos() are needed at the same time, so use sincos() to
compute values. This does argument reduction once instead of twice.
. Replace '* 0.5' with '/ 2'. This reduces diff with s_csinhf.c.
. For (LDBL_MANT_DIG == 53), add weak references for csinhl and csinl.
* lib/msun/src/s_csinhf.c:
. Update Copyright years.
. sin() and cos() are needed at the same time, so use sincos() to
compute values. This does argument reduction once instead of twice.
. Replace '* 0.5F' with '/ 2'. This reduces diff with s_ccoshf.c.
PR: 288740
MFC after: 1 week
Current and traditional FreeBSD behavior means that getegid() here is
the first element in the prior setgroups() call, if any, so we may
inadvertently wipe out our rgid with the unprivileged gid. This is
rendered somewhat harmless by the fact that we're losing the privileged
gid -- we'll still regain it as the egid in restore_uid() later by way
of restoring saved_egroups, rather than by intentionally restoring it
from getgid().
This will be promptly reverted if we can get setgroups(2)/getgroups(2)
changed in FreeBSD 15.0, but it seemed wise to get this technically
correct for previous branches.
Reviewed by: jlduran
Differential Revision: https://reviews.freebsd.org/D51753
Switch up comparator mapping to avoid these kinds of errors, use a
simple array of (name, comparator) pairs rather than having to maintain
entries in two separate arrays that must have matching indices.
Reviewed by: obiwac
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D37083
Several GEOM classes use G_TYPE_NUMBER for options where the argument
(or at least the default value of -1) may be negative.
PR: 288723
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D51834
`seq_read()` is usually called in a loop because the destination buffer
might be smaller than the source. The caller relies on the updated
position to read what is next.
We also use `memcpy()` instead of `strscpy()` because we don't need to
append a NUL character.
Reviewed by: bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D51560
The DRM drivers generic code started to use `HWEIGHT64()` in the
definition of an array field in a structure. Therefore, the array size
needs to be known at compile time. This was not the case with the
`HWEIGHT*()` macros based on `bitcount*()`. The use of
`__builtin_popcountg()` solves that problem.
Reviewed by: bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50995
The <linux/refcount.h> header uses the `spinlock_t` type and some
consumers in the DRM drivers don't include <linux/spinlock.h> directly
or indirectly. This led to compilation errors because the type was
undefined.
On Linux, <linux/refcount.h> includes <linux/spinlock_type.h> as a
comparision.
Reviewed by: emaste, manu
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50994
... from <asm/topology.h>.
The amdgpu DRM driver started to use `topology_num_cores_per_package()`
in Linux 6.9.
Reviewed by: manu
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50993
It is the same as `DEFINE_SHOW_ATTRIBUTE()` with a `write` function
added.
The i915 DRM driver started to use it in Linux 6.9.
Reviewed by: manu
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50992
The amdgpu DRM driver started to use `HW_ERR` in Linux 6.9.
Reviewed by: emaste, manu
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50990
The i915 DRM driver started to display this field in log messages in
Linux 6.9.
Reviewed by: emaste, manu
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50989
The amdgpu DRM driver from Linux 6.9 started to use this function.
Reviewed by: manu
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50988
They are used by the amdgpu DRM driver for quite some time, but new code
using them added to Linux 6.9 made me discover that these functions were
missing and existing code was commentted out.
Reviewed by: manu
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50987
If a blind attacker wants to guess by sending ACK segments if there
exists a TCP connection , this might trigger a challenge ACK on an
existing TCP connection. To make this hit non-observable for the
attacker, also increment the global counter, which would have been
incremented if it would have been a non-hit.
This issue was reported as issue number 11 in Keyu Man et al.:
SCAD: Towards a Universal and Automated Network Side-Channel
Vulnerability Detection
Reviewed by: Nick Banks, Peter Lei
MFC after: 1 week
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D51724
Also rate limit the sending of RST segments in the following cases:
* when receiving data on a closed socket.
* when a socket can not be created at the end of the handshake and
the sysctl-variable net.inet.tcp.syncache.rst_on_sock_fail is 1.
* when an ACK segment is received in SYN SENT state and it does not
acknowledge the SYN segment.
After this change, there is no need anymore to provide a rstreason
to tcp_dropwithreset(), since it is always BANDLIM_TCP_RST.
This will be a follow-up commit, since it will change the code in a
couple of places, but will not change the functionality.
Reviewed by: rrs, Nick Banks, Peter Lei
MFC after: 1 week
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D51815
rstreason is only relevant in the code paths with the label
'dropwithreset', but not in the one with the label 'drop'.
No functional change intended.
Reviewed by: Nick Banks, rrs, Peter Lei, imp
MFC after: 1 week
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D51814
