pkgbase: Fix OSVERSION specification when creating a repo
-o OSVERSION= needs to appear before the "repo" verb, otherwise it has
no effect. In this case, recent pkg-devel fails to create the repo,
saying that ABI cannot be specified without OSVERSION.
Reviewed by: kevans, manu
MFC after: 2 weeks
Fixes: 188fe88ec50e ("pkgbase: force OSVERSION")
Differential Revision: https://reviews.freebsd.org/D48518
(cherry picked from commit f9097705fb1c8d9c1f8946d1c1897d606bdbd517)
vm_pageout: Add a chicken switch for multithreaded PQ_INACTIVE scanning
Right now we have the vm.pageout_cpus_per_thread tunable which controls
the number of threads to start up per CPU per NUMA domain, but after
booting, it's not possible to disable multi-threaded scanning.
There is at least one workload where this mechanism doesn't work well;
let's make it possible to disable it without a reboot, to simplify
troubleshooting.
Reviewed by: dougm, kib
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Sponsored by: Modirum MDPay
Differential Revision: https://reviews.freebsd.org/D48377
(cherry picked from commit 55b343f4f9bc586eba5e26a2524a35f04dd60c65)
pkgbase: Fix OSVERSION specification when creating a repo
-o OSVERSION= needs to appear before the "repo" verb, otherwise it has
no effect. In this case, recent pkg-devel fails to create the repo,
saying that ABI cannot be specified without OSVERSION.
Reviewed by: kevans, manu
MFC after: 2 weeks
Fixes: 188fe88ec50e ("pkgbase: force OSVERSION")
Differential Revision: https://reviews.freebsd.org/D48518
(cherry picked from commit f9097705fb1c8d9c1f8946d1c1897d606bdbd517)
inpcb: Further restrict binding to a port owned by a different UID
See commit 4f02a7d739b3 for more background.
I cannot see a good reason to continue ignoring mismatching UIDs when
binding to INADDR_ANY. Looking at the sdr.V2.4a7n sources (mentioned in
bugzilla PR 7713), there is a CANT_MCAST_BIND hack wherein the
application binds to INADDR_ANY instead of a multicast address, but
CANT_MCAST_BIND isn't defined for FreeBSD builds.
It seems unlikely that we still have a use-case for allowing sockets
from different UIDs to bind to the same port when binding to the
unspecified address. And, as noted in D47832, applications like sdr
would have been broken by the inverted SO_REUSEPORT check removed in
that revision, apparently without any bug reports. Let's break
compatibility and simply disallow this case outright.
Also, add some comments, remove a hack in a regression test which tests
this funtionality, and add a new regression test to exercise the
[8 lines not shown]
pf: fix IPv6 route lookup for nat64
The route lookup in pf_route6() (for the nat64 case) had the src/dst for bcopy()
swapped around, so any nat64 setup that passed via a gateway on the IPv6 side
was broken.
Fix this, add 'const' to make this error actually fail to compile and add a
test case.
Sponsored by: Rubicon Communications, LLC ("Netgate")
sound tests: Fix 32bit calculation detection in pcm_read_write
Fix a mistake in the pcm_read_write test that would result in not
properly detecting 32bit calculation on 32bit architectures like i386.
As a consequence, the wrong values would be checked, thus failing the
test.
Reported by: CI
Fixes: 27ef5d48c729 ("sound: Unit test the pcm sample read and write macros")
MFC after: 1 week
Reviewed by: christos
Differential Revision: https://reviews.freebsd.org/D48617
kern_sysctl: Make name2oid() non-destructive to the name
It is not the first time I see it panicking while trying to modify
const memory. Lets make it safer and easier to use. While there,
mark few functions using it also const.
MFC after: 10 days
(cherry picked from commit f80babf906b7be51b2a031ef26525893c7bf4e31)
(cherry picked from commit 1a1a1728e0bec6e5b978e6c5c7433ca91596b389)
kern_sysctl: Make name2oid() non-destructive to the name
It is not the first time I see it panicking while trying to modify
const memory. Lets make it safer and easier to use. While there,
mark few functions using it also const.
MFC after: 10 days
(cherry picked from commit f80babf906b7be51b2a031ef26525893c7bf4e31)
sysctl: Add flags to filter jail prison and vnet variables
So users do not have to contact the source code to tell whether a
variable is a jail prison / vnet one or not.
Reviewed by: cy (previous version), markj, jamie (for #jails)
MFC after: 2 weeks
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D47107
(cherry picked from commit 5ec83c660acaf30c1d6b9417dbd8c80dfa9d56ac)
sysctl: Fix usage() and SYNOPSIS section of man page
I forgot to update the usage() and SYNOPSIS section of man page when
adding the two options -J and -V.
While here, fix the options sort order in SYNOPSIS section.
Fixes: 5ec83c660aca sysctl: Add flags to filter jail prison and vnet variables
MFC after: 1 day
Use ffs_sbget() to replace open-coded superblock reload.
No functional change intended.
Tested-by: Peter Holm
(cherry picked from commit c18a6c15f4152029b6d1d0f64aa1ff36faceb9b2)
rtwn: bring the RTL8192EU RF read/write routines in line with rtl8xxxu
The Linux rtl8xxxu driver has more delays in the RF read and write
path.
It looks like for writes it's ensuring the hardware is out of
power save and that the transition has properly occured.
And it looks for reads that it wants a delay after some bit setting,
likely some shifting into the RF register space is occuring with
a bit set/clear to trigger a load.
See rtl8xxxu_write_rfreg() and rtl8xxxu_read_rfreg() for more
information.
Differential Revision: https://reviews.freebsd.org/D48512
Obtained from: Linux rtl8xxxu
rtwn: fix RTL8192EU power-down / power-up hanging
The RTL8192EU NIC (on older USB 2/USB 3 ports, not on newer
USB 3 ports, that still needs to be fixed!) will attach, scan,
associate fine. However, restarting wpa_supplicant results in the
NIC hanging until you disconnect it.
It turns out early in the power_on sequence - BUT only after a
power_off - the NIC would suddenly stop responding to any USB
transfers. It doesn't require the MCU to be available for USB
transfers - the hardware itself does that - so something had to be
going very sideways.
I traced it down to these steps during the power_off sequence.
They don't exist in the Linux rtl8xxxu driver, and there are commits
earlier in their RTL8192EU bring-up that suggest the author was
facing similar power sequencing / re-sequencing issues.
This likely won't fix the actual channel programming /
[6 lines not shown]
rtwn: add workaround sleep in r92e_set_chan()
It /looks/ like there's some weirdness in initial frame send after
the chip programming / channel change. Linux rtl8xxxu has no sleeps
here, instead it just retries the auth frame a few times.
My guess is there's some sequencing going on here between finishing
the programming, doing a calibration run and then sending the initial
frame.
Instead of doing sleeps on every write during the RF channel change,
this 10ms sleep at the end is enough to reliably associate in my
test environment (12-core intel laptop, USB-3 port.) It's not
required for an earlier 2-core haswell laptop w/ USB-3.
See the PR for more information.
PR: kern/247528
Differential Revision: https://reviews.freebsd.org/D48517
fwget: Simplify logic
Summary:
Use log() to print messages that should be supressed when -q is in use.
No functional changes intended.
Differential Revision: https://reviews.freebsd.org/D48393
Reviewed By: manu
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit fb98fc4755def2cb8ca145751b0e54485d5e2f4a)
fwget: Silence log() when -q is used
Summary:
Silence log function when -q parameter is used to prevent undesired output
PR: 283939
Reviewed By: manu
Differential Revision: https://reviews.freebsd.org/D48391
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 19a6bc9f51e5c5705a2b396b0da61e6536acb4cb)
Add option to clear caller-used registers on function return.
The WITH_ZEROREGS option for src.conf will zero caller-used register
contents just before returning from a function, ensuring that
temporary values are not leaked beyond the function boundary. This
means that register contents are less likely to be available for side
channel attacks and information exposures.
It reduces all except 1 of the simple "write-what-where" ROP gadgets in
/lib:
grep "Gadget found" /tmp/before_lib* | wc -l
197
grep "Gadget found" /tmp/after_lib* | wc -l
1
grep "Gadget found" /tmp/after_lib*
/tmp/after_libbsdxml.so.4.txt: [+] Gadget found: 0x1b3f1 mov qword ptr [rdi], rcx ; pop rbp ; ret
To reproduce:
for lib in *.so.*; do
[161 lines not shown]
Remove publickey(5) stuff
This uses DES and it's likely that nobody uses that in 2025.
If somebody uses this we help them by deprecating and removing this.
Reviewed by: bapt, emaste
Differential Revision: https://reviews.freebsd.org/D30683
Deprecate publickey(5) stuff
This uses DES and it's likely that nobody uses that in 2025.
If somebody uses this we help them by deprecating and removing this.
Reviewed by: bapt, emaste
Differential Revision: https://reviews.freebsd.org/D30682
