geom manuals: Clarify units
The gpart manual says that sizes are specified in blocks, unless an SI
unit suffix is provided. This confuses new operators because GEOM uses
binary bytes, a large difference at modern storage pool sizes. Rewrite
suffixes in all GEOM manuals to consistently clarify this, matching what
we and the rest of the industry have been doing in other documentation.
While here, use non-breaking spaces between numbers and units, unless
they are already written with a hyphen.
MFC after: 3 days
Reviewed by: fuz
Reported by: bbaovanc <bbaovanc at bbaovanc.com>
Differential Revision: https://reviews.freebsd.org/D56534
fusefs: better handling for low-memory conditions
Under conditions of low memory, getblk can fail. fusefs was not
handling those failures very systematically. It was always using
PCATCH, which appears to have been originally copy/pasted from the NFS
client code, but isn't always appropriate:
* During fuse_vnode_setsize_immediate, which can be called from many
different VOPs and from the vn_delayed_setsize mechanism, remove
PCATCH. Some of these callers cannot tolerate allocate failure.
* In fuse_inval_buf_range, don't assume that getblk will always succeed.
* When calling fuse_inval_buf_range from VOP_ALLOCATE,
VOP_COPY_FILE_RANGE, or VOP_WRITE (with IO_DIRECT), return EINTR if
the allocation fails.
* When calling fuse_inval_buf_range from VOP_DEALLOCATE, remove PCATCH.
This VOP must not fail with EINTR.
[7 lines not shown]
include/stdbit.h: declare size_t, (u)int*_t, and (u)int_least*_t
These are required by ISO/IEC 9899:2024 § 7.18.1 ¶ 1 but were forgotten
in my initial work.
The current approach leaks intptr_t, uintptr_t, intmax_t, and uintmax_t
through <sys/_stdint.h>. This could be avoided using a more complicated
approach if desired.
PR: 294131
Fixes: 6296500a85c8474e3ff3fe2f8e4a9d56dd0acd64
Reported by: Collin Funk <collin.funk1 at gmail.com>
Reviewed by: imp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56515
amd64: fix INVLPGB range invalidation
AMD64 Architecture Programmer's Manual Volume 3 says the following:
> ECX[15:0] contains a count of the number of sequential pages to
> invalidate in addition to the original virtual address, starting from
> the virtual address specified in rAX. A count of 0 invalidates a
> single page. ECX[31]=0 indicates to increment the virtual address at
> the 4K boundary. ECX[31]=1 indicates to increment the virtual address
> at the 2M boundary. The maximum count supported is reported in
> CPUID function 8000_0008h, EDX[15:0].
ECX[31] being what we call INVLPGB_2M_CNT, signaling to increment the
VA by 2M.
> This instruction invalidates the TLB entry or entries, regardless of
> the page size (4 Kbytes, 2 Mbytes, 4 Mbytes, or 1 Gbyte). [...]
Combined with this, my interpretation of the current code is: if
[20 lines not shown]
membarrier(2): use atomic for lockless read of curproc->p_flag2
Reviewed by: markj, Ricardo Branco <rbranco at suse.com>
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D56507
rtld: fix processing of preloaded z_initfirst objects
After we found some preloaded z_initfirst object, we must process till
the end of the preload list still, not stopping on the first found
object.
Reported by: des
Reviewed by: des, markj, siderop1 at netapp.com
Fixes: 78aaab9f1cf359f3b7325e4369653f6b50593393
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D56466
ctld: Return from the inner "main" loop on EINTR
This ensures that child processes are reaped in the outer loop in
main().
PR: 294035
Reviewed by: asomers
Fixes: 66b107e82b2f ("ctld: Use kevent(2) for socket events rather than select(2)")
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D56525
nvmf_che: Don't leak a socket if an error occurs finalizing the socket
If soreserve() or sosetopt() (to set TCP_NODELAY) fails after claiming
the socket from the file descriptor, explicitly close the socket
before returning failure.
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D55493
security/zeek: Update to 8.0.7
https://github.com/zeek/zeek/releases/tag/v8.0.7
This release fixes the following potential DoS vulnerabilities:
- A series of DNS messages containing long DNS compression chains
can cause Zeek to spend a long time processing packets and
potentially crash. Due to the fact that these packets can be
received from remote hosts, this is a DoS risk.
- A specially-crafted LDAP search request can cause Zeek to spend
a long time processing the packet, resulting in Zeek silently
dropping the LDAP analyzer for the connection. Due to the fact
that these packets can be received from remote hosts, this is
an evasion risk.
- A specially-crafted series of ASN.1 messages in LDAP packets can
cause Zeek to spend a long time processing the packets, resulting
[25 lines not shown]
security/vuxml: Mark security/zeek < 8.0.7 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v8.0.7
This release fixes the following potential DoS vulnerabilities:
- A series of DNS messages containing long DNS compression chains
can cause Zeek to spend a long time processing packets and
potentially crash. Due to the fact that these packets can be
received from remote hosts, this is a DoS risk.
- A specially-crafted LDAP search request can cause Zeek to spend
a long time processing the packet, resulting in Zeek silently
dropping the LDAP analyzer for the connection. Due to the fact
that these packets can be received from remote hosts, this is
an evasion risk.
- A specially-crafted series of ASN.1 messages in LDAP packets can
cause Zeek to spend a long time processing the packets, resulting
[5 lines not shown]
geom_part: Restore the human readable format of size
Prior to the change 4f809ffec69c, the sizes are formated by
humanize_number(3) with the flag HN_DECIMAL, which displays the result
using one decimal place when it is less than 10. That is more accurate
and useful. Add equivalent field modifier hn-decimal to xo_emit() to
restore the previous behavior.
Reported by: Mark Millard
Reviewed by: js
Fixes: 4f809ffec69c gpart: add libxo support for "show" subcommand + man page updates
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56514
pf: Use MTX_DUPOK to initialize hash chain mutexes
pf_udp_mapping_insert() may lock more than one row at a time.
Fixes: cd5ff4e841fb ("pf: use hashalloc(9) for key, id, src-node and udp-endpoint hashes")
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D56501
ntp_adjtime.2: Increase visibility
+ s/ntp/ntpd/ for correctness + apropos results in document description
+ silence a linter warning by escaping a period with a zero-width space
MFC after: 3 days
(cherry picked from commit b49b3ccd40bda02f530c679f23f42ba9e0e4b2e2)
