Most importantly:
* Make local variables local.
* Use `$()` instead of backticks.
* Avoid unsafe use of `-a` and `-o` operators in `test` expressions.
* Remove a hack intended to ease the transition from Perl 22 years ago.
MFC after: 1 week
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D44863
(cherry picked from commit 170d088290)
adduser: A few more improvements.
MFC after: 1 week
Reviewed by: jrm
Differential Revision: https://reviews.freebsd.org/D44871
(cherry picked from commit b37333899b)
adduser: Fix a syntax error
Reported by: Jose Luis Duran <jlduran@gmail.com>
Fixes: b37333899b
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D44871
(cherry picked from commit 5cafc38f11)
On systems utilizing ZFS, default to creating a ZFS dataset for a new
user's home directory if the parent directory resides on a ZFS dataset.
Add a flag that disables this behavior if the administrator explicitly
does not want it.
If run during installation from within a chroot, set mountpoint to legacy
after dataset creation and mount directly into the chroot. Then umount
and reset the mountpoint to inherit from parent.
Also support ZFS default encryption on user's home directory.
Feedback by: delphij
Reviewed by: imp, kevans
Pull Request: https://github.com/freebsd/freebsd-src/pull/881
(cherry picked from commit 215c0a5158)
Add a -w flag to forward terminal resize events on to the child, which
can be useful in some circumstances to avoid terminal corruption.
Reviewed by: des
Co-authored-by: Xavier Beaudouin <xavier.beaudouin@klarasystems.com>
Sponsored by: Modirum MDPay
Sponsored by: Klara, Inc.
(cherry picked from commit 8ceac8e13d)
Fix some nits pointed out by checkstyle9.pl in advance of functional
changes to script(1).
Reviewed by: des
Sponsored by: Modirum MDPay
Sponsored by: Klara, Inc.
(cherry picked from commit 4459abe334)
An initial reading of the preamble of sys_procctl() gives the impression
that no test prevents a malicious user from passing a negative commands
index (in 'uap->com'), which is soon used as an index into the static
array procctl_cmds_info[].
However, a closer examination leads to the conclusion that the existing
code is technically correct. Indeed, the comparison of 'uap->com' to
the nitems() expression, which expands to a ratio of sizeof(), leads to
a conversion of 'uap->com' to an 'unsigned int' as per Usual Arithmetic
Conversions/Integer Promotions applied by '<=', because sizeof() returns
'size_t' values, and we define 'size_t' as an equivalent of 'unsigned
int' (which is not mandated by the standard, the latter allowing, e.g.,
integers of lower ranks).
With this conversion, negative values of 'uap->com' are automatically
ruled-out since they are converted to very big unsigned integers which
are caught by the test. An analysis of assembly code produced by LLVM
16 on amd64 and practical tests confirm that no exploitation is possible.
However, the guard code as written is misleading to readers and might
trip up static analysis tools. Make sure that negative values are
explicitly excluded so that it is immediately clear that EINVAL will be
returned in this case.
Build tested with clang 16 and GCC 12.
Approved by: markj (mentor)
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
(cherry picked from commit afc10f8bba)
Approved by: emaste (mentor)
People still believe that it is essential to run sync(8) a couple of
times before a reboot/halt. Document that this has not been necessary
for a long time now.
Reviewed by: imp, bcr, Pau Amma <pauamma@gundo.com>
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D33233
(cherry picked from commit 177ba18307)
[sanitizer_symbolizer] Cast arguments for format strings in markup (#89815)
When compiling the common sanitizer libraries, there are many warnings
about format specifiers, similar to:
compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_markup.cpp:31:32: warning: format specifies type 'void *' but the argument has type 'uptr' (aka 'unsigned long') [-Wformat]
31 | buffer->AppendF(kFormatData, DI->start);
| ~~~~~~~~~~~ ^~~~~~~~~
compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_markup_constants.h:33:46: note: format string is defined here
33 | constexpr const char *kFormatData = "{{{data:%p}}}";
| ^~
| %lu
compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_markup.cpp:46:43: warning: format specifies type 'void *' but the argument has type 'uptr' (aka 'unsigned long') [-Wformat]
46 | buffer->AppendF(kFormatFrame, frame_no, address);
| ~~~~~~~~~~~~ ^~~~~~~
compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_markup_constants.h:36:48: note: format string is defined here
36 | constexpr const char *kFormatFrame = "{{{bt:%u:%p}}}";
| ^~
| %lu
...
This is because `uptr` is dependent on the platform, and can be either
`unsigned long long`, `unsigned long`, or `unsigned int`.
To fix the warnings, cast the arguments to the expected type of the
format strings.
PR: 276104
Reported by: pstef
MFC after: 3 days
(cherry picked from commit f08bf5a3ac)
As noted in bug 277096, when building a pkgbase repository using
WITHOUT_CROSS_COMPILER and WITHOUT_TOOLCHAIN (which sets WITHOUT_CLANG),
the following residual files are left over:
/usr/lib/clang/18/lib/freebsd/libclang_rt.asan-x86_64.so
/usr/lib/clang/18/share/asan_ignore_list.txt
/usr/lib/clang/18/share/cfi_ignore_list.txt
/usr/lib/clang/18/share/msan_ignore_list.txt
This is because the lib/libclang_rt directory is still descended into,
even if WITHOUT_CLANG is used. Fix it by not descending into the
libclang_rt directory in that case.
PR: 277096
Reported by: Siva Mahadevan <me@svmhdvn.name>
MFC after: 3 days
(cherry picked from commit 514773a548)
This reverts commit f300335d9a.
It turns out that the old code was correct and it was wireshark
that was broken and indicated that the RPC's XDR was bogus.
Found during IETF bakeathon testing this week.
(cherry picked from commit 54c3aa02e9)
Commit 196787f79e erroneously assumed that the client code for
Open/Claim_deleg_cur_FH was broken, but it was not.
It was actually wireshark that was broken and indicated
that the correct XDR was bogus.
This reverts the part of 196787f79e that changed the arguments for
Open/Claim_deleg_cur_FH.
Found during the IETF bakeathon testing event this week.
(cherry picked from commit 8efba70d79)
There are a few spots in which unionfs_lookup() accesses unionfs vnode
private data without holding the corresponding vnode lock or interlock.
Reviewed by: kib, olce
Differential Revision: https://reviews.freebsd.org/D44601
(cherry picked from commit b18029bc59)
This is used by 802.3 Ethernet. (Also be used by 802.4 Token Bus and
802.5 Token Ring, but we don't support those.)
This was accidentally removed along with FDDI support in commit
0437c8e3b1, presumably because comments implied it was used only by
FDDI or Token Ring.
Fixes: 0437c8e3b1 ("Remove support for FDDI networks.")
Reviewed-by: emaste
Signed-off-by: Denny Page <dennypage@me.com>
Pull-request: https://github.com/freebsd/freebsd-src/pull/1166
(cherry picked from commit fcdf9a1989)
Under Linux, the socket options IP_RECVERR and IPV6_RECVERR are used to
receive socket errors via a dedicated 'error queue' which can be
retrieved via recvmsg(). FreeBSD does not support this functionality.
For IPv4, the sysctl compat.linux.ignore_ip_recverr can be set to 1 to
silently ignore attempts to set IP_RECVERR and return success to the
application, which is wrong, but is required for (among other things)
a functional DNS client in recent versions of glibc.
Add support for ignoring IPV6_RECVERR, controlled by the same sysctl.
This fixes DNS in Linux when using IPv6 resolvers.
Reviewed by: imp, Jose Luis Duran
Pull Request: https://github.com/freebsd/freebsd-src/pull/1118
(cherry picked from commit ca63710d36)
This is a smaller version of upstream
1fafd968b48e5cea6c85f126d77071a8de707a55 to address the
issue that less not being able to operate on files
residing in pseudo-filesystems that advertize a zero
size value.
PR: bin/276133
(cherry picked from commit cae336280b)
GCC has used this for some time (since 7.0) and apparently we were
getting away with using the hidden symbol, but when linking with
--no-undefined-version we get an error unless it's properly exported.
(For anyone who wonders at the assymetry, __udivmoddi4 is indeed much
older and was introduced with GCC 3.0.)
MFC after: 3 days
Reviewed by: dim
Differential Revision: https://reviews.freebsd.org/D44878
(cherry picked from commit 44e89340fe)
If access from unreserved ports is disabled, then a remote host can
cause an NFS server to log a message by sending a packet. This is
useful for diagnosing problems but bad for resiliency in the case where
the server is being spammed with a large number of rejected requests.
Limit prints to once per second (racily).
Reviewed by: rmacklem, emaste
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D44819
(cherry picked from commit b7e4666d7b)
Some file flags prevent modification of file times, so they should be
set later. This matches NetBSD's behaviour.
Reviewed by: markj
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/1138
(cherry picked from commit 428f86fd2f)
In ahc_init(), qoutfifo is already assigned to effectively the same
value a couple lines up, except in the first assignment it uses the
proper definition; keep the more descriptive assignment.
ahc_targetcmd_offset() gets the offset wrong entirely; as per the
area of ahc_init() this diff also touches, targetcmds is laid out first
in the shared map and it's followed by the qoutfifo. As a result, we'd
generally be getting negative offsets here. We can't actually do a
partial sync anyways, so there was no consequence to getting this wrong.
Reviewed by: imp, mav
(cherry picked from commit b5e0cc2fa4)
One of the comments in ahc_execute_scb() notes that the CAM direction is
actually w.r.t. the initiator. As a consequence, all of our sync ops
end up being wrong because the direction is flipped from that of the
transfer. Fix it to do proper invalidation and avoid spewing random
garbage out on the SCSI bus.
Reported and tested by: HP van Braam <hp@tmm.cx>
Reviewed by: imp, mav
(cherry picked from commit 9dcf39575e)
The latest ota is the first one in FreeBSD that treats 0 + "0xf" as
being '0' instead of '15'. Don't use this old trick anymore to convert
from hexidecimal to a number. Write a function to do that instead. This
fixes kernel.bin building on arm*. awk on 14 doesn't need this, but to
build FreeBSD stable/14's kernel.bin on 15 we'll need it, so fast MFC.
MFC After: 3 days
Sponsored by: Netflix
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D44801
(cherry picked from commit de22251127)
This tool is typically invoked from within a working tree containing the
desired MFC target branch, which is detected automatically. It also has
a default for when it is invoked from elsewhere. Switch the default to
the most recent branch, stable/14.
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 76a8625bc7)
This is intended to be used with the upcoming ice 1.39.13-k
driver update, but is still backwards compatible with
previous versions of the driver.
Signed-off-by: Eric Joyner <erj@FreeBSD.org>
Sponsored by: Intel Corporation
(cherry picked from commit 768329961d)
The ice(4) driver will add the ability to create extra interfaces
that hang off of the base interface; to do that the driver requires
a method for the subinterface to request hardware interrupt resources
from the base interface.
Signed-off-by: Eric Joyner <erj@FreeBSD.org>
Sponsored by: Intel Corporation
Differential Revision: https://reviews.freebsd.org/D39930
(cherry picked from commit ed34a6b6ea)
Intended to be used with upcoming feature to add sub-interfaces, since
those new interfaces will be dynamically created and will need to have
spare MSI-X interrupts already allocated for them on driver load.
This sysctl is marked as a tunable since it will need to be set before
the driver is loaded since MSI-X interrupt allocation and setup is
done during the attach process.
Signed-off-by: Eric Joyner <erj@FreeBSD.org>
Sponsored by: Intel Corporation
Differential Revision: https://reviews.freebsd.org/D41326
(cherry picked from commit 3c7da27a47)
Add option to send fragmented packets and to properly sniff them by
reassembling them by the sniffer itself.
Reviewed by: kp
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D42354
(cherry picked from commit d7c9de2d68)
pf: Fix packet reassembly
Don't drop fragmented packets when reassembly is disabled, they can be
matched by rules with "fragment" keyword. Ensure that presence of scrub
rules forces old behaviour.
Reviewed by: kp
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D42355
(cherry picked from commit ede5d4ff5b)
pf: Update documentation regarding matching, scrubbing and reassembly
Update pf documentation:
- default behaviour of fragment reassembly
- introduction of scrub option for filter rules
- disadvantages of using the old scrub ruleset
- options supported for match rules
- fix missing list block end
- remove duplicate description of match filter rule
- update example to modern syntax
Reviewed by: kp
Fragments obtained from: OpenBSD
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D42270
(cherry picked from commit 5ed470bdb9)
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D44805
(cherry picked from commit 64d6925d19)
cp: Additional sanity check.
Once we've successfully opened the file we've been asked to copy, check
that it's of the same type as FTS told us it was.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: allanjude, markj
Differential Revision: https://reviews.freebsd.org/D44806
(cherry picked from commit 9075d4cfad)
cp: Use warnc().
MFC after: 1 week
Sponsored by: Klara, Inc.
(cherry picked from commit f070188c3a)
Previously, we would only use a temporary file if explicitly asked to
with the `-S` option, and even then, only if the target file already
existed. This meant that an outside observer looking for the target
file might see a partial file, and might see the file disappear and
then reappear.
With this patch, we always use a temporary file, ensuring atomicity.
The downside is slightly increased disk usage. The upside is never
having to worry about, for instance, cron jobs randomly failing if
they happen to run simultaneously with `make installworld`.
The `-S` option is retained, partly for compatibility, and partly
to control the use of `fsync(2)`, which has a non-negligible cost
(approximately 10% increase in wall time for `make installworld`).
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: 0mp, brooks, imp, markj
Differential Revision: https://reviews.freebsd.org/D44742
(cherry picked from commit e5035d0857)
install: Simplify path construction.
There's no need to copy the path twice to split it into base and dir.
We simply call `basename()` first, then handle the two trivial cases in
which it isn't safe to call `dirname()`.
While here, add an early check that the destination is not an empty
string. This would always fail eventually, so it may as well fail
right away. Also add a test case for this shortcut.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D44743
(cherry picked from commit 17dc7017d7)
install: Don't skip syncing in the common case.
In `copy()`, if no digest was requested (which is the common case), we
use `copy_file_range()` to avoid needlessly copying the contents of the
file into user space and back. When `copy_file_range()` returns
successfully (which, again, is the common case), we simply return, and
therefore never get to the point where we call `fsync()` if the `-S`
option was specified. Fix this.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D44756
(cherry picked from commit 4336161cc9)
install: Remove the mmap(2) option.
We already removed it from cp(1) over a year ago but never followed up
here. Do so now, for the same reasons: significant complexity for
little to no benefit.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D44809
(cherry picked from commit a0439a1b82)
install: Assorted nitpickery.
* Use `errc()` instead of manually setting `errno` before calling `err()`.
* Change one warning into a fatal error.
* Drop some unnecessary casts.
* `strlcat()` bounds checks were off-by-one. This does not matter in
practice because the subsequent code renders an overrun harmless.
* We were passing `SSIZE_MAX` to `copy_file_range()` instead of the
requested size. This only matters if we're asked to install a file
which is still being written to while we are copying it.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D44810
(cherry picked from commit 000a533e6d)
Import upstream 6747e1628:
asn1: Use unsigned bitfields for named bitsets
Signed 1-bit bitfields are undefined in C.
This should fix the following warnings, which for unknown reasons are
errors in CI:
/usr/src/crypto/heimdal/lib/hx509/ca.c:1020:22: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion]
1020 | ku.digitalSignature = 1;
| ^ ~
/usr/src/crypto/heimdal/lib/hx509/ca.c:1021:21: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion]
1021 | ku.keyEncipherment = 1;
| ^ ~
/usr/src/crypto/heimdal/lib/hx509/ca.c:1028:17: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion]
1028 | ku.keyCertSign = 1;
| ^ ~
/usr/src/crypto/heimdal/lib/hx509/ca.c:1029:13: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion]
1029 | ku.cRLSign = 1;
| ^ ~
PR: 276960
Fixes: 1b74875929
MFC after: 1 week
(cherry picked from commit 219b6e4423)
Import upstream 19d378f44:
ASN.1 INTEGERs will now compile to C int64_t or uint64_t, depending
on whether the constraint ranges include numbers that cannot be
represented in 32-bit ints and whether they include negative
numbers.
Template backend support included. check-template is now built with
--template, so we know we're testing it.
Tests included.
Also adjusts the generated files:
* asn1parse.c, asn1parse.h (not strictly necessary, but nice to have)
* der-protos.h, which needs a bunch of new prototypes. I copied these
from a der-protos.h generated by the upstream build system, which
uses a perl script for this.
* adjust printf format strings for int64_t. Upstream uses %lld for this,
but that is not portable, and leads to lots of -Werror warnings.
This should fix target-dependent differences between headers generated
by asn1_compile. For example, when cross compiling world from amd64 to
i386, the generated cms_asn1.h header has:
CMSRC2CBCParameter ::= SEQUENCE {
rc2ParameterVersion INTEGER (0..-1),
iv OCTET STRING,
}
while a native build on i386 has:
CMSRC2CBCParameter ::= SEQUENCE {
rc2ParameterVersion INTEGER (0..2147483647),
iv OCTET STRING,
}
These are _both_ wrong, since the source file, cms.asn1, has:
CMSRC2CBCParameter ::= SEQUENCE {
rc2ParameterVersion INTEGER (0..4294967295),
iv OCTET STRING -- exactly 8 octets
}
PR: 276960
Reviewed by: cy, emaste
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D44814
Differential Revision: https://reviews.freebsd.org/D44815
(cherry picked from commit 1b74875929)
HPTS inserts a softclock for system call return that optimizes performance. However when
no HPTS threads need the help (i.e. when they have less than 100 or so connections) then
there should be little work done i.e. check the counter and return instead of running through
all the threads getting locks etc.ptimize HPTS so that little work is done until we have a hpts
thread that is over the connection threshold.
Reported by: eduardo
Reviewed by: gallatin, glebius, tuexen
Tested by: gallatin
Differential Revision: https://reviews.freebsd.org/D44420
(cherry picked from commit b7b78c1c16)
Ok lets fix up the tcp_in_hpts() so that it also says yes if you
are in the race state moving and you are scheduled to be put in.
This also requires changing the MPASS to be the old version non
inline function of tcp_in_hpts().
This change also adds a new inline macro so that a uint64_t timestamp can be
obtained by a transport (aka Rack will use this).
Reviewed by: glebius, tuexen
Sponsored by: Netflix Inc.
Differential Revision: https://reviews.freebsd.org/D44157
(cherry picked from commit 638b5ae1c7)
So when we call the fast_rsm retransmit path, we should always move
snd_nxt back up to snd_max. In fact during ack-processing if snd_nxt
falls behind it should be moved up there as well. Otherwise what
can happen is we have an incorrect mark on snd_nxt and incorrectly
calculate the offset when we go through the front path (which is
what skzyall was able to do) then when we go to clean up the
send the offset is all wrong and we crash.
Special thanks to Gleb for pointing out the problem and the email
that had the reproducer so I could find the issue.
Reported-by: syzbot+f5061a372f74f021ec02@syzkaller.appspotmail.com
Sponsored by: Netflix Inc
(cherry picked from commit 8818f0f112)
