cross-build: Define __*int*_t and include sys/cdefs.h
FreeBSD assumes that sys/types.h includes sys/cdefs.h, so add it here.
FreeBSD also needs __*int*_t defined for software we bootstrap (a lot of
it). GLIBC defines these, but musl does not, so we have to define them
here, even though it looks backwards. There's no good #define to key off
of, so use !defined GLIBC since on Linux defacto there's only two libc
implementations.
Co-authored-by: Val Packett <val at packett.cool>
Sponsored by: Netflix
Pull Request: https://github.com/freebsd/freebsd-src/pull/1066
Reviewed by: val_packett.cool
Differential Revision: https://reviews.freebsd.org/D45354
(cherry picked from commit 3c5f0da5106bee21ab3726f608b5c377da92a733)
if_clone: Make ifnet_detach_sxlock opaque to consumers
The change e133271fc1b5e introduced ifnet_detach_sxlock, and change
6d2a10d96fb5 widened its coverage, but there are still consumers,
net80211 and tuntap e.g., want it. Instead of sprinkling it everywhere,
make it opaque to consumers.
Out of tree drivers shall also benefit from this change.
Reviewed by: kp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D56298
ifnet: Move SIOCSIFVNET from ifhwioctl() to ifioctl()
SIOCSIFVNET is not a hardware ioctl. Move it to where it belongs.
Where here, rewrite the logic of checking whether we are moving the
interface from and to the same vnet or not, since it is obviously not
stable to access the interface's vnet, given the current thread may
race with other threads those running if_vmove().
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D55880
ifnet: vnet_if_return(): Avoid unnecessary recursive acquisition of ifnet_detach_sxlock
vnet_if_return() will be invocked by vnet_sysuninit() on vnet destructing,
while the lock ifnet_detach_sxlock has been acquired in vnet_destroy()
already.
With this change the order of locking is more clear. There should be no
functional change.
Reviewed by: pouria
Fixes: 868bf82153e8 if: avoid interface destroy race
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56288
tests: kqueue: add a basic test for CPONFORK
Just copy over a timer and a write-filter, be sure that we can observe
both in the child. Maybe the timer should check for a minimum time
passed, but I don't know that we'd be likely to get that wrong.
This also adds a negative test with a kqueue that is *not* set for
CPONFORK being added to the first one, made readable, and confirming
that we don't see a knote for it in the child.
Some other improvements to the test noted in the review are planned in
the short term, but they're not particularly worth blocking adding this
as a basic sanity check.
Reviewed by: kib, markj
(cherry picked from commit 0c9cec8b66e7033f50059329704515d5222b9ff4)
kqueue: don't leak file refs on failure to knote_attach()
We'll subsequently just knote_free() since the knote is barely
constructed, but that bypasses any logic that might release references
on owned files/fops. Defer clearing those until the knote actually owns
them and update the comment to draw the line more clearly.
Reviewed by: kib
(cherry picked from commit 0bf4d22c37083170961c31694b90551538901a1c)
libc: fix memfd_create's HUGETLB handling
The 'simplification' commit referenced below actually broke one aspect
of MFD_HUGETLB: the caller isn't supposed to be required to specify a
size. MFD_HUGETLB by itself without a shift mask just requests a large
page, so we revert that part of memfd_create() back.
While we're here, fix up the related parts of the manpages a little bit,
since MFD_HUGETLB is actually supported. The manpage claims that we
would return ENOSYS if forced mappings weren't supported, but this was
actually not true. However, that seems like a very important
distinction to make between ENOSYS and EOPNOTSUPP, so fix the
implementation to match the docs.
Reviewed by: kib, markj
(cherry picked from commit 9a8d333368baef356f0a611b47ec592568dd14f9)
kqueue: slightly clarify the flow in knlist_cleardel()
This is purely a cosmetic change to make it a little easier on the eyes,
rather than jumping back to the else branch up top. Re-flow it to use
another loop on the outside and just inline the re-lock before we repeat
after awaking from fluxwait.
The !killkn path should maybe issue a wakeup if there's a thread in
KQ_SLEEP so that userland can observe the EOF, but this isn't a
practical problem today: pretty much every case of knlist_clear is tied
to a file descriptor and called in the close(2) path. As a consequence,
potentially affected knotes are almost always destroyed before we even
get to knlist_clear().
Reviewed by: kib, markj
(cherry picked from commit c6dd40f2d35d596ca60a5d87616c3e4a0fd4f676)
lualoader: allow the local module to filter out the BE list
This allows something like the following local.lua to install a filter
to implement its own notion of hidden BEs using a naming convention of
a leading dot to hide them:
-- file: /boot/lua/local.lua
local core = require("core")
local function be_hide(be)
if core.isSingleUserBoot() then
-- All BEs are accepted for single-user
return true
end
local name = be:match("/([^/]+)$")
if not name then
-- Accept malformed BEs, for whatever reason
return true
[16 lines not shown]
kqueue: compare against the size in kqueue_expand
This is a cosmetic change, rather than a functional one: comparing the
knlistsize against the fd requires a little bit of mental gymnastics to
confirm that this is fine and not doing unnecessary work in some cases.
Notably, one must consider that kq_knlistsize only grows in KQEXTENT
chunks, which means that concurrent threads trying to grow the kqueue
to consecutive fds will usually not result in the list being replaced
twice. One can also more clearly rule out classes of arithmetic
problems in the final `else` branch.
Reviewed by: kib, markj
(cherry picked from commit 0b4f0e0515d0c7ec855cd654ae5dc562f4931cae)
kqueue: add some kn_knlist assertions around knlist_(add|remove)
We currently assert that kn_status is accurate, but there's more room
for error. Neither of these are very likely, but currently we'd blow up
in SLIST*() macros instead of providing more obvious diagnostics. It's
perhaps only worth testing these because knlist_remove() requires
getting logic across both f_attach() and f_detach() correct.
Reviewed by: kib, markj
(cherry picked from commit 306c9049c642da6a59a5dc088589605a9aa38b87)
kqueue: avoid a possible fork-deadlock
kqueue_fork_copy() is likely to have transitioned at least one knote
through a flux state, so we should check whether we need to wake
anything up on the way out to avoid a possible deadlock.
This was a part of D56210, but we'll close the review with the next
commit.
Reviewed by: kib, markj
(cherry picked from commit 14d0baf2e89202cec3f9cb03a573372ccbc568b2)
kqueue: simplify knote_fdclose()
The influx logic in knote_fdclose() is a little misguided, the resulting
wakeup() call should always be redundant: knote_drop_detached() will
always issue a wakeup before it returns, so anything waiting on *that*
knote that had entered fluxwait should have been woken up then. This is
the obvious divergence from the other influx/wakeup pattern in the
implementation, which will kn_influx-- and then issue the wakeup after
it has processed all of the knotes it can make progress on.
While we're here, the kq_knlist cannot shrink, so we can avoid that
condition in the loop and avoid potentially excessive wakeups from
fluxwait on kqueues that we didn't touch.
Reviewed by: kib, markj
(cherry picked from commit ff1050d2a366bd288a6ebbf63f98003272513f92)
vm_fault: Reset m_needs_zeroing properly
- When allocating a page, we should only consider the PG_ZERO flag when
handling the top-level page.
- Unconditionally reset the flag when restarting the fault handler.
Previously, vm_fault_busy_sleep() would fail to reset it.
PR: 294039
Reviewed by: kib
Tested by: Peter Much <pmc at citylink.dinoex.sub.org>
MFC after: 3 days
Fixes: cff67bc43df1 ("vm_fault: only rely on PG_ZERO when the page was newly allocated")
Differential Revision: https://reviews.freebsd.org/D56234
(cherry picked from commit 04132e01004316ddd0e0cde6ef15b100b7b1844d)
kqueue: Fix a race when adding an fd-based knote to a queue
When registering a new kevent backed by a file descriptor, we first look
up the file description with fget(), then lock the kqueue, then see if a
corresponding knote is already registered. If not, and KN_ADD is
specified, we add the knote to the kqueue.
closefp_impl() interlocks with this process by calling knote_fdclose(),
which locks each kqueue and checks to see if the fd is registered with a
knote. But, if userspace closes an fd while a different thread is
registering it, i.e., after fget() succeeds but before the kqueue is
locked, then we may end up with a mismatch in the knote table, where the
knote kn_fp field points to a different file description than the knote
ident.
Fix the problem by double-checking before registering a knote. Add a
new fget_noref_unlocked() helper for this purpose. It is a clone of
fget_noref(). We could simply use fget_noref(), but I like having an
explicit unlocked variant.
[7 lines not shown]
vm_fault: Reset m_needs_zeroing properly
- When allocating a page, we should only consider the PG_ZERO flag when
handling the top-level page.
- Unconditionally reset the flag when restarting the fault handler.
Previously, vm_fault_busy_sleep() would fail to reset it.
PR: 294039
Reviewed by: kib
Tested by: Peter Much <pmc at citylink.dinoex.sub.org>
MFC after: 3 days
Fixes: cff67bc43df1 ("vm_fault: only rely on PG_ZERO when the page was newly allocated")
Differential Revision: https://reviews.freebsd.org/D56234
(cherry picked from commit 04132e01004316ddd0e0cde6ef15b100b7b1844d)
kqueue: Fix a race when adding an fd-based knote to a queue
When registering a new kevent backed by a file descriptor, we first look
up the file description with fget(), then lock the kqueue, then see if a
corresponding knote is already registered. If not, and KN_ADD is
specified, we add the knote to the kqueue.
closefp_impl() interlocks with this process by calling knote_fdclose(),
which locks each kqueue and checks to see if the fd is registered with a
knote. But, if userspace closes an fd while a different thread is
registering it, i.e., after fget() succeeds but before the kqueue is
locked, then we may end up with a mismatch in the knote table, where the
knote kn_fp field points to a different file description than the knote
ident.
Fix the problem by double-checking before registering a knote. Add a
new fget_noref_unlocked() helper for this purpose. It is a clone of
fget_noref(). We could simply use fget_noref(), but I like having an
explicit unlocked variant.
[7 lines not shown]
kqueue: Fix a race when adding an fd-based knote to a queue
When registering a new kevent backed by a file descriptor, we first look
up the file description with fget(), then lock the kqueue, then see if a
corresponding knote is already registered. If not, and KN_ADD is
specified, we add the knote to the kqueue.
closefp_impl() interlocks with this process by calling knote_fdclose(),
which locks each kqueue and checks to see if the fd is registered with a
knote. But, if userspace closes an fd while a different thread is
registering it, i.e., after fget() succeeds but before the kqueue is
locked, then we may end up with a mismatch in the knote table, where the
knote kn_fp field points to a different file description than the knote
ident.
Fix the problem by double-checking before registering a knote. Add a
new fget_noref_unlocked() helper for this purpose. It is a clone of
fget_noref(). We could simply use fget_noref(), but I like having an
explicit unlocked variant.
[7 lines not shown]
vm_fault: Avoid creating clean, writeable superpage mappings
The pmap layer requires writeable superpage mappings to be dirty.
Otherwise, during demotion, we may miss a hw update of the PDE which
sets the dirty bit.
When creating a managed superpage mapping without promotion, i.e., with
pmap_enter(psind == 1), we must therefore ensure that a writeable
mapping is created with the dirty bit pre-set. To that end,
vm_fault_soft_fast(), when handling a map entry with write permissions,
checks whether all constituent pages are dirty, and if so, converts the
fault to a write fault, so that pmap_enter() does the right thing. If
one or more pages is not dirty, we simply create a 4K mapping.
vm_fault_populate(), which may also create superpage mappings, did not
do this, and thus could create mappings which violate the invariant
described above. Modify it to instead check whether all constituent
pages are already dirty, and if so, convert the fault to a write fault.
Otherwise the mapping is downgraded to read-only.
[7 lines not shown]
nfsid.h: Put the nfsd_idargs structure in a new .h
This patch moves the definition of the nfsd_idargs
structure out of nfs.h and into a new file called
nfsid.h.
This is being done so that it can be included in
nfs_diskless.c in a future commit.
There should be no semantics change from this
commit.
(cherry picked from commit e6db4dd9d7216067388ae91ac73c3917a93f9420)
mk: Disable blacklist when disabling blocklist
WITHOUT_BLOCKLIST, when set, should enforce WITHOUT_BLACKLIST.
This fixes the build when WITHOUT_BLOCKLIST=yes is set.
Reported by: ivy
Reviewed by: ivy
Fixes: 7238317403b9 ("blocklist: Rename blacklist to blocklist")
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D56118
(cherry picked from commit 0d9676e1ca92febd42fbebef8d6833a0939d3f7c)
crypto/openssl: update from 3.0.16 to 3.0.20
### Description
This particular change contains all functional and security fixes made
between 3.0.16 and 3.0.20, with the net-resulting security issues being
the ones addressed in 3.0.20 [1] [2].
This is a direct commit to stable/14 as stable/15 and later use OpenSSL
3.5, as of writing, and thus this change could not have been merged
through main and stable/15 since the 3.0.17+ was released after :main
switched to OpenSSL 3.5.
This does not contain any merge commits as any MFV changes are banned
unless they go through :main.
### Process used when updating the component
1. Run the subtree merge command in a staging tree.
[12 lines not shown]
gpart: More nuance for GPT support
A careful reading of the GPT standard shows that one may have fewer than
128 entries in your GPT table. While the standard requires that we
reserve enough space (32 512-byte-LBAs or 4 4096-byte-LBAs), it also
explicitly allows one to specify fewer actual partitions (since that
controls what is in the CRC). It requires that the first LBA to be 32
(512 sectors) or 6 (4k sectors) or larger. That requirement is not
enforced (it's not listed as one of validation criteria for the GPT).
We should likely do so in the future.
To that end, allow a default number of entries to use (defent) on
creation to be different (larger) than the minimum number of legal
entries. For gpt, these numbers work out to 128 and 1 respectively. For
all the others, make minent == defent so this is a nop for those
partitioning schemes.
Sponsored by: Netflix
Reviewed by: zlei, emaste
[3 lines not shown]
gpart: Add warning when the start sector is too low.
Add a warning if the starting sector is too low. The standard requires
that at least 16k is reserved for the GPT Partition Array, but some
tools produce GPT images with fewer than the required number of reserved
sectors.
PR: 274312
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D42247
(cherry picked from commit 2cbda736cea8f82cfc5caab0f6099f0fbfe28537)
fork.2: note that all methods to pre-resolve symbols have consequences
Reviewed by: imp
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D56362
