pkg/FreeBSD.conf: Fix comments to reflect -kmods
Now that this file lists two repositories, the text "to disable *this*
repository" no longer makes sense. Also, expand the example to list
how to disable both FreeBSD and FreeBSD-kmods repositories.
Reported by: Graham Perrin
MFC after: 3 days
sound: Terminate stream properly when closing vchans
When a channel is closed, dsp_close() either calls vchan_destroy() on vchans,
or chn_abort()/chn_flush() on primary channels. However, the problem with this
is that, when closing a vchan, we end up not terminating the stream properly.
The call sequence we are interested in is the following:
vchan_destroy(vchan) -> chn_kill(vchan) -> chn_trigger(vchan) ->
vchan_trigger(vchan) -> chn_notify(parent)
Even though chn_notify() contains codepaths which call chn_abort(parent),
apparently we do not execute any of those codepaths in this case, so the
DMA remains unterminated, hence why we keep seeing the primary
channel(s) being interrupted even once the application has exited:
root at freebsd:~ # sndctl interrupts
dsp0.play.0.interrupts=1139
dsp0.record.0.interrupts=0
[111 lines not shown]
snd_dummy: Make callout stopping more robust
If the callout gets rescheduled during detach, we might access freed
pcm_channel resources in dummy_chan_io(), which will cause a panic
similar to this:
panic: ASan: Invalid access, 8-byte read at 0xfffffe00479f65d8, UMAUseAfterFree(fd)
cpuid = 1
time = 1747433047
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xa5/frame 0xfffffe0046a8d730
kdb_backtrace() at kdb_backtrace+0xc6/frame 0xfffffe0046a8d890
vpanic() at vpanic+0x226/frame 0xfffffe0046a8da30
panic() at panic+0xb5/frame 0xfffffe0046a8db00
kasan_code_name() at kasan_code_name/frame 0xfffffe0046a8dbd0
__mtx_lock_flags() at __mtx_lock_flags+0xd3/frame 0xfffffe0046a8dcc0
chn_intr() at chn_intr+0x3d/frame 0xfffffe0046a8dce0
dummy_chan_io() at dummy_chan_io+0x9c/frame 0xfffffe0046a8dd10
softclock_call_cc() at softclock_call_cc+0x2bb/frame 0xfffffe0046a8de80
[8 lines not shown]
sound: Terminate stream properly when closing vchans
When a channel is closed, dsp_close() either calls vchan_destroy() on vchans,
or chn_abort()/chn_flush() on primary channels. However, the problem with this
is that, when closing a vchan, we end up not terminating the stream properly.
The call sequence we are interested in is the following:
vchan_destroy(vchan) -> chn_kill(vchan) -> chn_trigger(vchan) ->
vchan_trigger(vchan) -> chn_notify(parent)
Even though chn_notify() contains codepaths which call chn_abort(parent),
apparently we do not execute any of those codepaths in this case, so the
DMA remains unterminated, hence why we keep seeing the primary
channel(s) being interrupted even once the application has exited:
root at freebsd:~ # sndctl interrupts
dsp0.play.0.interrupts=1139
dsp0.record.0.interrupts=0
[108 lines not shown]
mail: tests: reset signal disposition before testing
As a good citizen of the OS, mail(1) won't try to catch signals that
were ignored when it started and it won't reconfigure its signal mask
unless it's going to try and handle a signal. The test should start
mail(1) off in a well-known state for the signal that it's trying to
test in order to get the behavior that's desired.
No functional change, just improves the resilience of the test.
Reviewed by: des
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D50599
mail: don't rewrite buffer sizes as much
Thes buffers are arrays with a known size, just use sizeof() rather than
rewriting their sizes -- no functional change, slightly more resilient
against future possible errors.
Reviewed by: markj
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D50582
pkg.conf: Use kmod repositories
The kmod repositories were added shortly after 14.2-RELEASE. Point at
them here so that users don't need to manually add the configuration
in order to get e.g. working graphics.
Approved by: re (cperciva)
MFC after: 1 minute
Sponsored by: Amazon
Differential Revision: https://reviews.freebsd.org/D50583
(cherry picked from commit 29f076ae0cb536d1e891d3375edf28f1bc82df79)
(cherry picked from commit 8a2ce9f9dd6745e77bdfe78f03e96ddc8ad1b9d7)
pkg.conf: Use kmod repositories
The kmod repositories were added shortly after 14.2-RELEASE. Point at
them here so that users don't need to manually add the configuration
in order to get e.g. working graphics.
MFC after: 1 minute
Sponsored by: Amazon
Differential Revision: https://reviews.freebsd.org/D50583
(cherry picked from commit 29f076ae0cb536d1e891d3375edf28f1bc82df79)
pkg.conf: Use kmod repositories
The kmod repositories were added shortly after 14.2-RELEASE. Point at
them here so that users don't need to manually add the configuration
in order to get e.g. working graphics.
MFC after: 1 minute
Sponsored by: Amazon
Differential Revision: https://reviews.freebsd.org/D50583
devfs: Set eofflag in devfs_readdir()
At least vn_dir_next_dirent() checks that eofflag is set appropriately
when INVARIANTS is enabled, so the omission here could cause an
assertion failure.
Reviewed by: kib
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D50598
OSSL_HTTP_get(): Reset redirection_url in each iteration
Also remove some dead assignments.
Obtained from: openssl (e78c8b791c0e03e750ef7196bc7bfee8e5bd00a0)
MFC after: 2 weeks
Requested by: Phillip Sabatino
Sponsored by: Dell, Inc.
rtld-elf: Pass TCB to allocate_module_tls to avoid re-getting
The only caller already has the current TCB to hand, so just pass it
down rather than get it again. This also makes it clear in the caller
that it depends on the (current) TCB, rather than being storage that
could be assigned to any thread (concurrency issues aside).
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D50594
libc, libthr: Ditch MD __pthread_distribute_static_tls helpers
_libc_get_static_tls_base() is just _tcb_get() followed by adding (for
Variant I) or subtracting (for Variant II) the offset, so just inline
that as the implementation (like we do in rtld-elf) rather than having
another copy (or equivalent) of _tcb_get()'s assembly.
_get_static_tls_base() doesn't even have any MD assembly as it's
reading thr->tcb, the only difference is whether to add or subtract, so
again just inline that.
Whilst here add some missing blank lines to comply with style(9) for
elf_utils.c's includes, and use a pointer type rather than uintptr_t to
reduce the need to cast, as is done in rtld-elf.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D50592
rtld-elf: Pass struct tcb * around rather than struct dtv **
When this code was first written we didn't have even a struct tcb, so to
make it MI a pointer to the DTV pointer in the TCB was passed around.
Now that we have a struct tcb we can simplify the code by instead
passing around a pointer to that, and the MI code can access the tcb_dtv
member wherever it happens to be in the layout. This reduces boilerplate
in all the various callers of tls_get_addr_common/slow and makes it
clearer that tls_get_addr_common/slow are operating on the TCB, rather
than obfuscating it slightly through the double pointer.
Whilst here, clarify the comments in aarch64's TLSDESC dynamic resolver,
which were using tp without clarifying what this was for (previously a
pointer to the DTV pointer, now a pointer to the TCB, which happen to be
the same thing for Variant I TLS, and in the case of AArch64 are what
TPIDR_EL0 point to directly, with no offset/bias).
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D50591
PT_CONTINUE: if pc is set, mark the thread state as modified by user
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differrential revision: https://reviews.freebsd.org/D50556
kern_sig.c: make pt_attach_transparent global
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differrential revision: https://reviews.freebsd.org/D50556
namei: clear internal flags in NDREINIT()
same as it is done for NDRESTART()
Fixes: e05e33041c252
Reported and tested by: pho
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
umb: avoid wild pointer dereference in umb_decap()
When processing messages produced by the USB device, umb_decap() trusts
ptroff and later dlen and doff with pointer arithmetic, without
sufficient sanity checks. The resulting pointer address may be outside
of the valid boundary, causing the wrong memory to be copied or a page
fault.
This fix from Gerhard Roth was obtained after coordination upstream with
OpenBSD. It converts the variables to 64-bit integers, which should
mitigate the risk of overflows.
PR: 284920
Reported by: Robert Morris <rtm at lcs.mit.edu>
Approved by: philip (mentor)
Sponsored by: The FreeBSD Foundation
umb: avoid buffer overflow in umb_getinfobuf()
umb_getinfobuf() is called with offs and size taken from messages sent
by the USB device. The sanity check is not sufficient, due to a possible
integer wrap. This can allow a broken or malicious USB device, or
possibly the network operator, to cause a buffer overflow.
This fix from Gerhard Roth was obtained after coordination upstream with
OpenBSD. It converts the variables to 64-bit integers, which should
mitigate the risk of overflows.
PR: 284906
Reported by: Robert Morris <rtm at lcs.mit.edu>
Approved by: philip (mentor)
Sponsored by: The FreeBSD Foundation
umb: avoid buffer overflow in umb_in_len2mask()
len comes from ipv4elem.prefixlen in a MBIM_CID_IP_CONFIGURATION message
from the USB device, and should not be trusted, as it could be any
uint32_t value. Without this extra check, a potential buffer overflow
could subsequently occur in umb_in_len2mask().
Fix from Gerhard Roth, after coordination upstream with OpenBSD.
PR: 284904
Reported by: Robert Morris <rtm at lcs.mit.edu>
Approved by: philip (mentor)
Sponsored by: The FreeBSD Foundation
pf: remove unused 'dir' argument in pf_reassemble()
pf_reassemble() only uses it to pass to pf_ip2key(), which also does not use it.
Sponsored by: Rubicon Communications, LLC ("Netgate")
snd_dummy: Make callout stopping more robust
If the callout gets rescheduled during detach, we might access freed
pcm_channel resources in dummy_chan_io(), which will cause a panic
similar to this:
panic: ASan: Invalid access, 8-byte read at 0xfffffe00479f65d8, UMAUseAfterFree(fd)
cpuid = 1
time = 1747433047
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xa5/frame 0xfffffe0046a8d730
kdb_backtrace() at kdb_backtrace+0xc6/frame 0xfffffe0046a8d890
vpanic() at vpanic+0x226/frame 0xfffffe0046a8da30
panic() at panic+0xb5/frame 0xfffffe0046a8db00
kasan_code_name() at kasan_code_name/frame 0xfffffe0046a8dbd0
__mtx_lock_flags() at __mtx_lock_flags+0xd3/frame 0xfffffe0046a8dcc0
chn_intr() at chn_intr+0x3d/frame 0xfffffe0046a8dce0
dummy_chan_io() at dummy_chan_io+0x9c/frame 0xfffffe0046a8dd10
softclock_call_cc() at softclock_call_cc+0x2bb/frame 0xfffffe0046a8de80
[6 lines not shown]