pdrfork(2) tests: enable on x86
Use pfrfork_thread(3) instead of pdrfork(RFSPAWN) to make tests working
on x86.
Tested by: pho
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D55306
pdrfork(2) tests: should wait for the child to exit
Tested by: pho
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D55306
pdrfork(2): do require RFPROCDESC | RFPROC
when RFSPAWN is not specified, as stated in the man page.
rfork(2) cannot modify non-curproc, which is why RFPROC is required,
the syscall cannot act on arbitrary process descriptor.
If RFPROCDESC is not specified, the syscall does not make sense,
use rfork(2).
Reported and tested by: pho
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D55306
pdrfork(2) tests: do not rely on (int *)-1 being invalid address
Explicitly mmap guard and use it as the invalid address instead.
Tested by: pho
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D55306
pdfork.2: add EFAULT as possible error, explain some consequences of it
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D55306
powerpc: document the magic constants for 16MB page size
After discussion with jhibbits@, we pulled out what is supported here
and how it's supported.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55093
powerpc: enable HPT superpages by default
It's time to flip these on and see if anything happens in -HEAD.
It can be turned back off before 16.0-RELEASE if there are problems.
Reviewed by: jhibbits
Differential Revision: https://reviews.freebsd.org/D55071
sys/netinet6: Use atomic(9) for dad_failures counter
Replace counter(9) usage with more lightweight atomic(9) in the
code handling RFC 7217 SLAAC address generation.
Also, use `u_int` types with this. Leaving `dad_failures` local to
`in6_get_stableifid()` as a `uint64_t` to avoid changing the generated
addresses from previous code; this also gives some headroom for
future changes.
While here, moved some `#include` lines to adhere to style(9).
Reviewed by: glebius, jhibbits, jtl, zlei
Approved by: glebius, jtl, zlei
Differential Revision: https://reviews.freebsd.org/D52731
(cherry picked from commit 0c94dc9da7c238603e43c55ca6da64c417fc2204)
Reviewed by: glebius, kp, pouria, zlei
[3 lines not shown]
sys/netinet6: Fix ABI breakage introduced with RFC 7217 support
commit 31ec8b6407fdd5a87d70265762457c67ce618283 added a `dad_failures`
variable to `struct nd_ifinfo`, which broke the netowrking ABI.
This commit fixes it by moving such variable to `struct in6_ifextra`
which is not a public interface, while `struct nd_ifinfo` is back
in its original state.
Thanks to kib, markj and glebious for their help and suggestions
in solving this problem.
Reported by: "Herbert J. Skuhra" <herbert at gojira.at>
Tested by: "Herbert J. Skuhra" <herbert at gojira.at>
Approved by: glebius
Fixes: 31ec8b6407fdd5a87d70265762457c67ce618283
(cherry picked from commit 0ec13430c583830cc4d29640787e2d154b140e31)
[4 lines not shown]
sys/netinet6: Implement RFC 7217
Implement RFC 7217 (A Method for Generating Semantically Opaque
Interface Identifiers with IPv6 Stateless Address Autoconfiguration
(SLAAC)) in our IPv6 stack.
A new ifconfig `stableaddr` flag is added to enable the feature on
interfaces, which defaults to on or off for new interfaces based
on the sysctl `net.inet6.ip6.use_stableaddr` (off by default, so
this commit causes no change in behavior with default settings).
The algorithm follows the RFC in its logic, using SHA256-HMAC as
the algorithm to derive addresses so as to provide code that can
be leveraged by future implentations of RFC 8981, leveraging the
`hostuuid` as the secret.
The source of the hostidentifier can be configured using the sysctl
`net.inet6.ip6.stableaddr_netifsource`, while the number of retries
generating a new address in case of collision can be configured
[17 lines not shown]
sh.1: Fix ordering of Cm and Aq macros
MFC after: 3 days
Reviewed by: ziaee
Fixes: 2711852bd9ac (sh.1: Provide detailed job control documentation)
Differential Revision: https://reviews.freebsd.org/D55194
sh.1: Document the exit status of return
It's not obvious that if `exitstatus` is omitted,
the exit status of the function is taken from the last executed command.
MFC after: 3 days
Reviewed by: jilles, ziaee
Differential Revision: https://reviews.freebsd.org/D55026
bhyve: Fix a misleading error message
The ioctl might fail because it's run in a jail which doesn't have
permission to invoke ppt ioctls.
Reviewed by: jhb
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55070
vmm: Allow the use of PCI passthrough in a jail
After commit e11768e94787 ("vmm: Add PRIV_DRIVER checks for passthru
ioctls"), it is not possible to use PCI passthru from jails, as
PRIV_DRIVER is not granted to jails. Apparently some users expect this
to work, understanding that jailing bhyve provides little security
benefit in this configuration.
I believe we should disable ppt access in jails even when allow.vmm is
configured. To provide an escape hatch for users, add a new
allow.vmm_ppt jail configuration knob, and check it when handling ppt
ioctls in jails. Also add a new PRIV_VMM_PPTDEV to replace the use of
PRIV_DRIVER.
PR: 292750
Reviewed by: corvink
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55066
open.2: stop making impression that fd must be directory
Reviewed by: des, rmacklem
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Differential revision: https://reviews.freebsd.org/D55302
ip6_mroute: Remove an unhelpful comment
ifnets already track if_allmulti() calls in the if_amcount field. That
field is older than the comment, so I'm not exactly sure what the intent
was; let's just remove it.
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
(cherry picked from commit a45fb94801dffd414bdb1981def0e977ef0c774f)
ip6_mroute: Make MF6CFIND a regular function
This is more natural and corresponds more closely to the v4 multicast
routing code. No functional change intended.
Reviewed by: glebius
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54983
(cherry picked from commit b370fcc716b9cfd4d08e291f0009f02452c84d64)
ip_mroute: Make privilege checking more consistent
- The v6 socket option and ioctl handlers had no privilege checks at
all. The socket options, I believe, can only be reached via a raw
socket, but a jailed root user with a raw socket shouldn't be able to
configure multicast routing in a non-VNET jail. The ioctls can only
be used to fetch stats.
- Delete a bogus comment in X_mrt_ioctl(), one can issue multicast
routing ioctls against any socket. Note that the call path is
soo_ioctl()->rtioctl_fib()->mrt_ioctl().
I think all of the mroute privilege checks should be done within the
ip(6)_mroute code, but let's first make the v4 and v6 modules
consistent.
Reviewed by: glebius
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
[3 lines not shown]
atf_python: Run vnet handlers in $HOME
When kyua runs a test, it creates a temp directory and sets $HOME to
point to it. Tests are run with the cwd set to that temp directory.
When a process attaches to a jail, its cwd is set to the root of the
jail. Modify atf_python to cd to $HOME instead, so that it's easier for
tests to share files.
Reviewed by: zlei, ngie
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54971
(cherry picked from commit 07940d1d85eb338853fcba0697c6b9a96412a7f2)
ip6_mroute: Mark functions as static
No functional change intended.
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
(cherry picked from commit a03eabfebbce15d8ce028168969812d3ca2be206)
netstat: Fix whitespace in libxo output for multicast routes
Also fix some bogus libxo format strings in mroute6.c, and close a
couple of lists instead of opening them twice.
Fixes: ade9ccfe211a ("Convert netstat to use libxo.")
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
(cherry picked from commit 34c3e1d718a86436f863b2ae8b91bcf406b37f0e)
