lualoader: fix pruning of non-existent default kernel
Removing the kernel from the list of available kernels is sufficient to
avoid rendering it in the list, but we need more for booting to actually
work. Notably, the 'kernel' loader.conf var was left intact to its
default value, so if one didn't use the kernel selector in the menu then
we'd try to boot the nonexistent 'kernel' instead of the new default
(first autodetected).
There's room to improve the error messages here, but for now let's just
make it actually work correctly.
PR: 292232
Fixes: d04415c520b03 ("loader: lua: remove the default kernel [...]")
(cherry picked from commit e30086ab4c8778ea70a3b19e83546ce1b4a16492)
bectl: log modifying functions to zpool history
Modeled directly after the method used by the zfs/zpool commands: flag
commands with a "please log me" flag, and when there, reconstruct the
command line. On success, call the library function to add it to the
log.
(Majority of the change by Rob; minor edits by kevans@)
Signed-off-by: Rob Norris <rob.norris at klarasystems.com>
Co-authored-by: Kyle Evans <kevans at FreeBSD.org>
Sponsored by: Modirum MDPay
Sponsored by: Klara, Inc.
(cherry picked from commit 2a87929671e6e6919c18f2c25d60f2c73c3d18f4)
makedev(9): drop an additional note about cdevpriv dtors
These were previously somewhat safe to call destroy_dev(9), but will now
also cause a deadlock in the same fashion that d_close doing so would
previously. Amend the note to point it out, in case it's useful for
someone.
Reviewed by: imp, kib, markj
(cherry picked from commit 90314c04f10f583c37c59ec51fd628e3deaf3622)
libc: report _SC_NPROCESSORS_ONLN more accurately in cpu-limited jails
We don't support CPU hotplug, but we do support cpuset(8) restrictions
on jails (including prison0, which uses cpuset 1). The process cannot
widen its cpuset beyond its root set, so it makes sense to instead
report the number of cpus enabled there rather than the total number
in the system.
This change is effectively a nop for the majority of systems and jails
in the wild, though it does reduce the performance of this query now
that we can't take advantage of AT_NCPUS being provided in the auxinfo.
The implementation here is notably different than Linux, which would not
take cgroups into account. They do, however, take CPU hotplug into
account, so the possibility for it to diverge from (and be lower than)
the # configured count to reflect what the process can actually be
scheduled on doesn't really diverge in semantics.
Reviewed by: kib
[2 lines not shown]
libutil: defer setting the MAC label until after the login class
MAC policies, like mac_biba(4), may forbid changing the login class once
a label has been applied. For setting up the initial login context,
this isn't really expected and in-fact may break some class-based
configuration.
Defer setting the MAC label until after the login class is set, and
remove the requirement that we have a pwd entry since the label is
pulled from the login class -- we only use pwd for syslog in this path.
Patch is largely by Kevin Barry, with some modifications and this commit
message by kevans@.
PR: 177698
Reviewed by: des, olce
Co-authored-by: Kevin Barry <ta0kira gmail com>
(cherry picked from commit 98edcbcce0a4650084bd86e704cfa38bf590250c)
libc: fix description issues in mac_text(3)/mac_free(3)mac_text(3) as-written would seem to indicate that a `mac_t` should be
freed with free(3), but this isn't the case. One can derive from
context from when the change was introduced and COMPATIBILITY that this
was intended to talk about *text in `mac_to_text`, so move the comment
there.
PR: 179832
Co-authored-by: Priit Järv <priit cc ttu ee>
(cherry picked from commit 081218b7a2006e5b6783e51f66fd751871ac1272)
lualoader: fix pruning of non-existent default kernel
Removing the kernel from the list of available kernels is sufficient to
avoid rendering it in the list, but we need more for booting to actually
work. Notably, the 'kernel' loader.conf var was left intact to its
default value, so if one didn't use the kernel selector in the menu then
we'd try to boot the nonexistent 'kernel' instead of the new default
(first autodetected).
There's room to improve the error messages here, but for now let's just
make it actually work correctly.
PR: 292232
Fixes: d04415c520b03 ("loader: lua: remove the default kernel [...]")
(cherry picked from commit e30086ab4c8778ea70a3b19e83546ce1b4a16492)
bectl: log modifying functions to zpool history
Modeled directly after the method used by the zfs/zpool commands: flag
commands with a "please log me" flag, and when there, reconstruct the
command line. On success, call the library function to add it to the
log.
(Majority of the change by Rob; minor edits by kevans@)
Signed-off-by: Rob Norris <rob.norris at klarasystems.com>
Co-authored-by: Kyle Evans <kevans at FreeBSD.org>
Sponsored by: Modirum MDPay
Sponsored by: Klara, Inc.
(cherry picked from commit 2a87929671e6e6919c18f2c25d60f2c73c3d18f4)
makedev(9): drop an additional note about cdevpriv dtors
These were previously somewhat safe to call destroy_dev(9), but will now
also cause a deadlock in the same fashion that d_close doing so would
previously. Amend the note to point it out, in case it's useful for
someone.
Reviewed by: imp, kib, markj
(cherry picked from commit 90314c04f10f583c37c59ec51fd628e3deaf3622)
libc: report _SC_NPROCESSORS_ONLN more accurately in cpu-limited jails
We don't support CPU hotplug, but we do support cpuset(8) restrictions
on jails (including prison0, which uses cpuset 1). The process cannot
widen its cpuset beyond its root set, so it makes sense to instead
report the number of cpus enabled there rather than the total number
in the system.
This change is effectively a nop for the majority of systems and jails
in the wild, though it does reduce the performance of this query now
that we can't take advantage of AT_NCPUS being provided in the auxinfo.
The implementation here is notably different than Linux, which would not
take cgroups into account. They do, however, take CPU hotplug into
account, so the possibility for it to diverge from (and be lower than)
the # configured count to reflect what the process can actually be
scheduled on doesn't really diverge in semantics.
Reviewed by: kib
[2 lines not shown]
libutil: defer setting the MAC label until after the login class
MAC policies, like mac_biba(4), may forbid changing the login class once
a label has been applied. For setting up the initial login context,
this isn't really expected and in-fact may break some class-based
configuration.
Defer setting the MAC label until after the login class is set, and
remove the requirement that we have a pwd entry since the label is
pulled from the login class -- we only use pwd for syslog in this path.
Patch is largely by Kevin Barry, with some modifications and this commit
message by kevans@.
PR: 177698
Reviewed by: des, olce
Co-authored-by: Kevin Barry <ta0kira gmail com>
(cherry picked from commit 98edcbcce0a4650084bd86e704cfa38bf590250c)
libc: fix description issues in mac_text(3)/mac_free(3)mac_text(3) as-written would seem to indicate that a `mac_t` should be
freed with free(3), but this isn't the case. One can derive from
context from when the change was introduced and COMPATIBILITY that this
was intended to talk about *text in `mac_to_text`, so move the comment
there.
PR: 179832
Co-authored-by: Priit Järv <priit cc ttu ee>
(cherry picked from commit 081218b7a2006e5b6783e51f66fd751871ac1272)
jail(3): fix common usage after mac.label support
Nobody else's mac.conf(5) has any entries for jails, so they get a
trivial ENOENT and we fail before we can fetch any jail parameters.
Most notably, this breaks `jls -s` / `jls -n` if you do not have any
loaded policy that applies jail labels.
Add an entry that works for everyone, and hardcode that as an ENOENT
fallback in libjail to provide a smoother transition. This is probably
not harmful to leave in long-term, since mac.conf(5) will override it.
This unearthed one additional issue, in that mac_get_prison() in the
MAC framework handled the no-label-policies bit wrong. We don't want
to break jail utilities enumerating jail parameters automatically, so
we must ingest the label in all cases -- we can still use it as a small
optimization to avoid trying to copy out any label. We will break
things if a non-optional element is specified in the copied in label,
but that's expected.
[8 lines not shown]
mac(4): also list jails in the example enumeration of objects
The prison may also be considered part of the subject by way of its
ucred association, but I don't think this is significantly different
enough today than before recent work -- policies could have always
taken them into account, and some did (e.g., mac_bsdextended).
Reported by: olce
Reviewed by: olce, ziaee
Differential Revision: https://reviews.freebsd.org/D54748
[Clang] Check enable_if attribute without delayed diagnostics (#176080)
We ensure immediate access control checking when evaluating the
enable_if attribute to rule out inaccessible constructors during
potential overload resolution, treating them as SFINAE errors rather
than hard errors, making the behavior more preferable with the nature of
the enable_if attribute.
Compared to the last patch, we now avoid switching the DC directly
because there are cases where we're checking enable_if attribute within
a lambda and getCurLambda() requires a lambda context to distinguish
from template instantiation.
This reapplies #175899
Fixes https://github.com/llvm/llvm-project/issues/175895
[Clang] Ensure a lambda DeclContext in BuildLambdaExpr (#176319)
Since 5f9630b388, we only remove the LSI after the evaluation context is
popped. The TreeTransform of immediate functions may call getCurLambda,
which requires both the paired LSI and the lambda DeclContext. In
TransformLambdaExpr, we already switched the context, but this is not
the case when parsing a lambda expression.
No release note, as this is a regression from 22.
Fixes https://github.com/llvm/llvm-project/issues/176045
Add clustered share_info.tdb handling
This commit ensures our utilities to manipulate samba's share_info.tdb
file are suitably agnostic as to whether the database is clustered.
math/octave-forge-instrument-control: New port.
Octave low level I/O functions for serial, i2c, parallel, tcp, gpib,
udp and usbtmc interfaces. Not vxi11 as there doesn't seem to be
FreeBSD support.
workflows/release-lit: Update workflow and enable trusted publishing with pypi (#174907)
This makes some small improvements to the workflow including using some
more modern python packaging modules and also enables the trusted
publishing for pypi. This will allow us to publish lit packages to pypi
without needing to use an access token.
This action also now uses the pypi environment which will only publish
files when triggered by an llvm-* tag.
Update to use jdk-11:
* Set the jdk version to 11 only and adjust startup scripts so that
java does not need to be in the path to run.
* Skip tests using jaxb which was removed in jdk11
ok tb@
