Fix LOCAL_PEERCRED in 32-bit compat mode
Previously the cr_pid field would be incorrectly copied to userland, due
to a size mismatch between the structure as defined in 32-bit vs 64-bit
builds. Fix it by converting the structure before copying it to
userland.
PR: 294833
Sponsored by: ConnectWise
MFC after: 1 week
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D56675
nullfs: Clear inotify flags during reclaim
The inotify flags are copied from the lower vnode into the nullfs vnode
so that the INOTIFY() macro will invoke VOP_INOTIFY on the nullfs vnode;
this is then bypassed to the lower vnode. However, when a nullfs vnode
is reclaimed we should clear these flags, as the vnode is now doomed and
no longer forwards VOPs to the lower vnode.
Add regression tests. Remove a test in vn_inotify_revoke() which is no
longer needed after this change.
Approved by: re (cperciva)
PR: 292495
Reviewed by: kib
Reported by: Jed Laundry <jlaundry at jlaundry.com>
Fixes: f1f230439fa4 ("vfs: Initial revision of inotify")
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56639
[2 lines not shown]
tests/socket_afinet: Fix the bind_connected_port test
The test verifies that a socket can bind to a local address assigned by
connect(2) to a different socket. It was however trying to bind to the
wrong address, and the check of the result was inverted, so this went
unnoticed. It also needs to set SO_REUSEADDR for this to succeed.
Approved by: re (cperciva)
Reported by: glebius
MFC after: 1 week
(cherry picked from commit d3d0466cae546254c50c80cf3e0c060bbbbba53c)
(cherry picked from commit 9e8d7d83ecfbf8b34b785d7981a29dda567d0bc6)
jail: avoid leaking jail config fds to exec.* hooks
The jail(8) command must not leave parsed configuration files open
since the file descriptors will be leaked to child processes
including the untrusted exec.start or exec.stop hooks.
While fopen() doesn't provide direct access to O_CLOEXEC, it does
provide access to FD_CLOEXEC via "e" in the mode string which
provides the desired defense in depth against leaking file descriptors
into exec.* hooks since those always execve() into a shell.
Jail configuration is potentially sensitive and some hooks execute from
within the jail context, leaving some opening for the jail to exfiltrate
information about the host environment.
(Commit message wordsmithed by kevans)
Approved by: re (cperciva)
PR: 295052
[4 lines not shown]
rtadvd(8): Honor pltime/vltime in interface declarations
Currently rtadvd ignores interface pltime/vltime specifications
unless the (static) address range is also included in the config file.
This extends the validity of a pltime and/or vltime stanza in
the config file for an interface to delegated addresses from
an upstream provider.
Approved by: re (cperciva)
Signed-off-by: tickerguy <karl at denninger.net>
PR: 288426
Reviewed by: pouria
Pull Request: https://github.com/freebsd/freebsd-src/pull/1863
(cherry picked from commit 103f9883d1ed7431c432caa6ab9c61cd4d0831d0)
(cherry picked from commit 18caefe847086a9e89812db600c852b225467090)
certctl: Unstickify (un)trusted certificates
Ever since certctl was rewritten in C, the rehash command has reingested
TRUSTDESTDIR / UNTRUSTDESTDIR in addition to TRUSTPATH / UNTRUSTPATH.
This seemed like a good idea at the time but was, in retrospect, a
mistake, as it means a (un)trusted certificate remains (un)trusted
forever (or at least until it expires) even if it is removed from
(UN)TRUSTPATH. Among other issues, it causes ports QA to fail for any
port that either installs certificates or depends on a port that does.
Although this behavior was undocumented, the change may surprise users
who have added certificates manually, so update the manual page to point
it out and add prominent warnings to the trust and untrust commands.
Approved by: re (cperciva)
PR: 290078
MFC after: 1 week
Reviewed by: kevans, bcr
Differential Revision: https://reviews.freebsd.org/D56617
[3 lines not shown]
vis.3: Try to better describe VIS_SAFE
The current text fails to draw the reader's attention to the fact that
VIS_SAFE essentially exempts certain characters from being encoded.
While here, fix some markup nits.
Approved by: re (cperciva)
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56716
(cherry picked from commit 8acc4c16c6635c3cd8871d0ee1221b62d48d71b9)
(cherry picked from commit b21f08f97ba0c1e254b55e2ac66ec6853ad281f7)
stat: fix use of devname(3)
Besides being a little hard to parse through visually, this had its own
bug of inspecting st->st_mode to determine what to pass to devname(3),
which is only correct for st_rdev.
For st_dev, you're likely to be looking at files or directories and
attempting to assess what device they're located on, so the mode is
meaningless- we just have to assume that our filesystems are on
character devices and attempt to resolve st_dev as such.
Approved by: re (cperciva)
Reviewed by: des, kib (previous version)
Differential Revision: https://reviews.freebsd.org/D56565
(cherry picked from commit 4d4acdbfc22c84081037f31cff4fb03d18373036)
stat: The devname test case requires root
[26 lines not shown]
nuageinit: only parse user_data as yaml when necessary
This fixes a regression introduced in cae280931c9e which prevents
user_data as a shell script to be used
Approved by: re (cperciva)
PR: 295062
Reported by: Ross McKelvie <ross at exitzero.uk>
MFC After: 1 day
(cherry picked from commit c316ec259011e9e22e40eaa72d834f3bfac95c28)
(cherry picked from commit 4211f280ba087c75dcd84f9b592238b2eae33af9)
rtadvd(8): Honor pltime/vltime in interface declarations
Currently rtadvd ignores interface pltime/vltime specifications
unless the (static) address range is also included in the config file.
This extends the validity of a pltime and/or vltime stanza in
the config file for an interface to delegated addresses from
an upstream provider.
Signed-off-by: tickerguy <karl at denninger.net>
PR: 288426
Reviewed by: pouria
Pull Request: https://github.com/freebsd/freebsd-src/pull/1863
(cherry picked from commit 103f9883d1ed7431c432caa6ab9c61cd4d0831d0)
vis.3: Try to better describe VIS_SAFE
The current text fails to draw the reader's attention to the fact that
VIS_SAFE essentially exempts certain characters from being encoded.
While here, fix some markup nits.
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56716
(cherry picked from commit 8acc4c16c6635c3cd8871d0ee1221b62d48d71b9)
certctl: Unstickify (un)trusted certificates
Ever since certctl was rewritten in C, the rehash command has reingested
TRUSTDESTDIR / UNTRUSTDESTDIR in addition to TRUSTPATH / UNTRUSTPATH.
This seemed like a good idea at the time but was, in retrospect, a
mistake, as it means a (un)trusted certificate remains (un)trusted
forever (or at least until it expires) even if it is removed from
(UN)TRUSTPATH. Among other issues, it causes ports QA to fail for any
port that either installs certificates or depends on a port that does.
Although this behavior was undocumented, the change may surprise users
who have added certificates manually, so update the manual page to point
it out and add prominent warnings to the trust and untrust commands.
PR: 290078
MFC after: 1 week
Reviewed by: kevans, bcr
Differential Revision: https://reviews.freebsd.org/D56617
(cherry picked from commit 2fef18ff594328a771b6aa659e8ffa5a7e076540)
vis.3: Try to better describe VIS_SAFE
The current text fails to draw the reader's attention to the fact that
VIS_SAFE essentially exempts certain characters from being encoded.
While here, fix some markup nits.
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56716
(cherry picked from commit 8acc4c16c6635c3cd8871d0ee1221b62d48d71b9)
md5: Don't generate test cases just to skip them
Don't waste time generating Perl test cases for algorithms that are not
supported in Perl mode only to skip them when they are run.
MFC after: 1 week
Reviewed by: ngie
Differential Revision: https://reviews.freebsd.org/D56687
(cherry picked from commit fd386e76fa2b29d99525c246cbfc05768a1f4a76)
stat: fix use of devname(3)
Besides being a little hard to parse through visually, this had its own
bug of inspecting st->st_mode to determine what to pass to devname(3),
which is only correct for st_rdev.
For st_dev, you're likely to be looking at files or directories and
attempting to assess what device they're located on, so the mode is
meaningless- we just have to assume that our filesystems are on
character devices and attempt to resolve st_dev as such.
Reviewed by: des, kib (previous version)
Differential Revision: https://reviews.freebsd.org/D56565
(cherry picked from commit 4d4acdbfc22c84081037f31cff4fb03d18373036)
stat: The devname test case requires root
Fixes: 4d4acdbfc22c ("stat: fix use of devname(3)")
[24 lines not shown]
stat: Expand devname test case
Test what happens when we ask for the rdev of a non-device.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D56838
smartpqi: Add runtime sysctl for debug_level and log device state changes
The smartpqi driver did not log device add/remove or controller events
to syslog, and hw.smartpqi.debug_level could only be set at boot via
loader.conf with no runtime sysctl interface.
Add a read-write sysctl at dev.smartpqi.N.debug_level for runtime
debug level changes. Add device_printf calls for device addition,
removal, and controller events (hotplug, hardware, physical/logical
device, AIO state/config changes) so state changes always appear in
dmesg. Add DBG_DISC logging for discovery state transitions. Fix
spelling errors in strings and comments across the driver.
Bump driver version to 14.4691.1.2000 / 15.2.1.2000.
PR: 294161
Reviewed by: imp
Approved by: imp
MFC after: 2 weeks
[2 lines not shown]
stand/libsa/zfs: disable ZSTD_TRACE and DYNAMIC_BMI2 code paths
Enabling ZSTD_TRACE leaves behind undefined weak symbols, which causes a
problem for gcc builds. The bfd linker emits an obscure error about
overlapping FDEs. We don't need ZSTD_TRACE for libsa, so just disable
it.
Also disable BMI2 instruction optimizations. The addition of the
optional BMI2 code paths caused the boot loader binaries to grow larger
(28 KiB for clang, 32 KiB for gcc). The boot loader binaries are size
constrained, and this pushed the gcc-generated lua_loader.bin over the
500000 byte limit, and the clang one to within 4k of the limit.
Fixes: 8a62a2a5659d ("zfs: merge openzfs/zfs at f8e5af53e")
Reviewed by: delphij, imp, mm
Differential Revision: https://reviews.freebsd.org/D56866
jail: avoid leaking jail config fds to exec.* hooks
The jail(8) command must not leave parsed configuration files open
since the file descriptors will be leaked to child processes
including the untrusted exec.start or exec.stop hooks.
While fopen() doesn't provide direct access to O_CLOEXEC, it does
provide access to FD_CLOEXEC via "e" in the mode string which
provides the desired defense in depth against leaking file descriptors
into exec.* hooks since those always execve() into a shell.
Jail configuration is potentially sensitive and some hooks execute from
within the jail context, leaving some opening for the jail to exfiltrate
information about the host environment.
(Commit message wordsmithed by kevans)
PR: 295052
Reviewed by: kevans
[2 lines not shown]
jail: avoid leaking jail config fds to exec.* hooks
The jail(8) command must not leave parsed configuration files open
since the file descriptors will be leaked to child processes
including the untrusted exec.start or exec.stop hooks.
While fopen() doesn't provide direct access to O_CLOEXEC, it does
provide access to FD_CLOEXEC via "e" in the mode string which
provides the desired defense in depth against leaking file descriptors
into exec.* hooks since those always execve() into a shell.
Jail configuration is potentially sensitive and some hooks execute from
within the jail context, leaving some opening for the jail to exfiltrate
information about the host environment.
(Commit message wordsmithed by kevans)
PR: 295052
Reviewed by: kevans
[2 lines not shown]
