devd: Use PF_LOCAL instead of PF_INET
Avoid dependency on INET (IPv4) by using PF_LOCAL,
allowing media check to work on systems without INET support.
PR: 295045
Reviewed by: kevans
MFC after: 1 week
jail: open the fstab files with fopen("re")
This protects against accidentally leaking them past fork()+exec()
in future refactorings.
PR: 295052
Reviewed by: kevans
jail: avoid leaking jail config fds to exec.* hooks
The jail(8) command must not leave parsed configuration files open
since the file descriptors will be leaked to child processes
including the untrusted exec.start or exec.stop hooks.
While fopen() doesn't provide direct access to O_CLOEXEC, it does
provide access to FD_CLOEXEC via "e" in the mode string which
provides the desired defense in depth against leaking file descriptors
into exec.* hooks since those always execve() into a shell.
Jail configuration is potentially sensitive and some hooks execute from
within the jail context, leaving some opening for the jail to exfiltrate
information about the host environment.
(Commit message wordsmithed by kevans)
PR: 295052
Reviewed by: kevans
MFC after: 3 days
Unskip test sys.netinet6.frag6.frag6_07.frag6_07
This is now consistently passing with 100+ consecutive runs.
Signed-off-by: Siva Mahadevan <me at svmhdvn.name>
PR: 244170
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 681e9d3e391f30a512c523514f69a63c9782a901)
tests/if_lagg_test: unskip 'witness' testcase
This testcase passes consistently (in 100+ runs) now.
Signed-off-by: Siva Mahadevan <me at svmhdvn.name>
PR: 244163, 251726
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 7a83fedc116d827cc9c6d8e049b785f1d7b68dcd)
nuageninit: modify the test to show the issue fixed inc316ec259011
Ensure the script used is invalid when parsed by libyaml which
highlight the issue revealed in PR295062
while at here validate the mode of the file is properly changed
PR: 295062
MFC After: 1 day
kobj: Use M_WAITOK in kobj_init
Blocking allocation is safe in all of the current callers of kobj_init
(most of them do a M_WAITOK malloc of the structure passed as the
first argument to kobj_init just before calling it). kobj_init
doesn't return an error code but instead panics if the nested malloc
in kobj_class_compile1 fails, so using M_WAITOK here is more robust.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D56625
mlx5en: destroy TIR before DEK during TLS RX teardown
Reorder the TLS RX teardown sequence so the TIR is destroyed before
the DEK. DESTROY_TIR for a TLS-enabled TIR issues a TRA RX fence
that drains all in-flight packets from the crypto pipeline. If the
DEK is destroyed first, packets still in flight hit a TPT encryption
error (vendor syndrome 0x55) because the key they reference is
already gone.
Reviewed by: kib
Sponsored by: Nvidia networking
MFC after: 1 week
nuageinit: only parse user_data as yaml when necessary
This fixes a regression introduced in cae280931c9e which prevents
user_data as a shell script to be used
PR: 295062
Reported by: Ross McKelvie <ross at exitzero.uk>
MFC After: 1 day
sys/cdefs.h: Introduce __maybe_unused attribute
The __maybe_unused attribute should be used for variables which may or
may not be used, such as when their only use is in an assertion. This
attribute is functionally identical to __unused, suppressing compiler
warnings for particular variable if it remains unused.
Reviewed by: Minsoo Choo <minsoo at minsoo.io>, imp
Differential Revision: https://reviews.freebsd.org/D56517
rtadvd(8): Honor pltime/vltime in interface declarations
Currently rtadvd ignores interface pltime/vltime specifications
unless the (static) address range is also included in the config file.
This extends the validity of a pltime and/or vltime stanza in
the config file for an interface to delegated addresses from
an upstream provider.
Signed-off-by: tickerguy <karl at denninger.net>
PR: 288426
Reviewed by: pouria
Pull Request: https://github.com/freebsd/freebsd-src/pull/1863
Makefile.vm: Split error condition
Make it clear which of two possible cases applies.
Reviewed by: cperciva
Differential Revision: https://reviews.freebsd.org/D56837
bhyve/virtio-scsi: Don't invoke iov_to_buf() in an assert() expression
If anyone would build bhyve with -DNDEBUG, any code in the expression
in assert() won't be executed. Instead put the return value in a
temporary variable to assert that it has the expected value.
Reviewed by: emaste, markj (earlier version)
Fixes: 2a514d377b37 ("bhyve/virtio-scsi: Preallocate all I/O requests")
Differential Revision: https://reviews.freebsd.org/D55803
ZTS: Remove threadsappend_001_pos exception
Commit f828a80c may have resolved the underlying cause for
the occasional CI failures observed for this test. Remove
the exception to ensure any new occurrences are noticed.
Reviewed-by: Tony Hutter <hutter2 at llnl.gov>
Reviewed-by: Tino Reichardt <milky-zfs at mcmilk.de>
Signed-off-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Closes #6136
Closes #18495
Zstd: rework ZSTD_isError symbol renaming
The import of Zstd v1.5.7 in a2ac9cd606ce2428c23cc89cec6f0392424e82c9
added an unconditional renaming of ZSTD_isError to zfs_ZSTD_isError
with an asm directive. Instead, do it with a define that is conditioned
on whether zstd_compat_wrapper.h is actually in use. Also add a define
to that header so that it can be detected. This allows the build to
work without using the compat wrapper.
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Ryan Libby <rlibby at FreeBSD.org>
Closes #18483
linux: verify stale znodes in legacy fallocate
The mode=0 and FALLOC_FL_KEEP_SIZE preallocation path can reach
zfs_freesp() directly and call zfs_statvfs() before going through the
normal zpl_enter_verify_zp() boundary.
When zfs_rezget() tears down a failed SA reload, a stale inode may
remain alive in the VFS with z_sa_hdl cleared. The unchecked
fallocate path can then reach sa_lookup(zp->z_sa_hdl, ...) through
zfs_statvfs() or zfs_freesp() and crash on a NULL SA handle.
Use zfs_enter_verify_zp() in zfs_statvfs() so stale znodes are
rejected under the teardown lock for both fallocate and statfs.
Also wrap the direct zfs_freesp() call in
zpl_enter_verify_zp()/zfs_exit() so this path follows the same
validation rules as the other Linux ZPL file operations.
Fixes: f734301d2267
("linux: add basic fallocate(mode=0/2) compatibility")
[4 lines not shown]
lockf: Avoid spinning when operating on an fd
When operating on a file descriptor, acquire_lock() would ignore the
flags argument and always operate in non-blocking mode, resulting in
unnecessary busy-looping.
Approved by: re (cperciva)
PR: 294832
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56722
(cherry picked from commit d90513ea85693da0ca5955173609f4e81e38ae16)
(cherry picked from commit 651b82e64ef4f753d8f4c1793f359de39744526c)
tail(1): Fix -r (reverse) to work on pseudo filesystems
Pseudo filesystems (e.g., procfs) advertise a zero file size.
Fix reverse() to handle such a case similarly as forward() so
that '-r' works on pseudo filesystems.
Approved by: re (cperciva)
Signed-off-by: Aaron LI <aly at aaronly.me>
Reviewed by: pouria, Ricardo Branco <rbranco at suse.de>, des
Fixes: 1fb3caee7 ("tail: Do not trust st_size if it equals zero.")
Pull-Request: https://github.com/freebsd/freebsd-src/pull/2080
(cherry picked from commit 4feeca3193c316c18472cd40f215446fda3bd739)
(cherry picked from commit 771a65210018c68198ea413df10225e87a0ea909)
vt_core: don't draw the splash if a panic occurred
The shutdown splash draws over all the useful info if ddb(4) is
disabled. Don't draw the splash screen if we're rebooting because of a
panic.
Approved by: re (cperciva)
MFC after: 3 days
(cherry picked from commit bc83f414583ccaf337ef3b7c019df7727d6a3aae)
(cherry picked from commit 3aabec5c8c6a74a4e50640b399a825d9f7adca9a)
nfs_clsubs.c: Fix ncl_getcookie() when "pos" is negative
In ncl_getcookie(), a very large value for "off" for
a directory can result in "pos" being set to a bogus
value (including a negative one), due to truncation.
When "pos" is negative, is can skip past the
while (pos >= NFSNUMCOOKIES) loop and return a
bogus pointer instead of NULL.
This patch changes the type to u_int and also adds
a sanity check for a very large "off" to ensure that
a NULL pointer is returned for this case.
This bug has been in the code for decades and I am
not aware of any report of it causing a problem for
users.
Reviewed by: markj
Reported by: Joshua Rogers of AISLE Research Team
[2 lines not shown]
eventhandler: Fix the NODEBUG build
Reported by: Michael Butler <imb at protected-networks.net>
Fixes: 735b16d490ae ("eventhandler: Fix a race when pruning eventhandlers")
devmatch: read linker.hints from all module paths
Previously, devmatch would stop at the first linker.hints file
found in kern.module_path. This meant modules installed in
/boot/modules/ were invisible to devmatch if /boot/kernel/
contained a linker.hints file (which it always does).
Merge hints from all directories in kern.module_path.
This allows third-party or out-of-tree kernel modules in
/boot/modules/ to be auto-loaded by devmatch just like
built-in modules.
Reviewed by: imp
Differential Revivion: https://reviews.freebsd.org/D56847
man: Kill off MANSUBDIRs
Three architecture dependent manuals are installed to MANSUBDIRs,
creating at least two empty manual page directories on everyone's
boxxen. Move those manuals to their canonical area, enhancing clarity,
grepability, removing useless inodes, and increasing consistency with
the rest of the architecture dependent manuals which are unconditionally
installed, and noted at the top of the rendered manual.
MFC after: 3 days
(cherry picked from commit 809504f331fd3588e36b54255196379bdb59890a)
