git-mfc: Allow merging merge commits
In order to merge merge commits (such as vendor imports), we need to
tell git cherry-pick which of the two branches referenced in the commit
is the mainline. In our case, it is always the first.
Approved by: markj
pf: revert netlink commands back to enum
Revert pf_nl.h part of 017690e50913 and use new libsysdecode build glue
that parses enums.
Reviewed by: kp, glebius
Differential Revision: https://reviews.freebsd.org/D57866
dtrace tests: Fix finding multiple process results
When looking up self process we can use `ps -p $$` directly rather
than grep which may find other processes ending in the expected PID.
Sponsored by: Dell Inc.
Reviewed by: markj, vangyzen
Differential Revision: https://reviews.freebsd.org/D58019
acl_from_text.c: Allow negative uid/gid numbers to be handled
getfacl / acl_to_text() incorrectly prints uid/gid numbers as signed integers.
This causes uid / gid numbers larger than 2G (2147483648) to print as
negative numbers.
The libc acl_from_text() function does not handle negative numbers.
This diff adds a backwards compatiblity fix to allow negative numbers...
Reviewed by: rmacklem
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D57180
if_ovpn: Fix memory leak in VNET during unload
Unloading if_ovpn while it's in use by other vnets causes
memory leaks and panics.
Fix this by reverting VNET_SYSUNINIT and adjusting the SI_SUB
initialization order.
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D54175
libllvmminimal: Fix building with LLVM < 21 on riscv64
On most architectures we end up not needing ABIBreak.cpp as, although
some of the sources here do reference EnableABIBreakingChecks (or, if
assertions are disabled, DisableABIBreakingChecks) at a source level, we
compile with -ffunction-sections and -fdata-sections, and link with
--gc-sections, and it happens to be the case that all references can be
GC'ed. However, prior to LLVM 21, the RISC-V backend did not apply
-fdata-sections to .sdata, where references to these symbols end up, and
for some files we're building with such references we end up not being
able to GC .sdata due to the other unrelated data in it, meaning that we
do in fact need to build ABIBreak.cpp.
Whilst we could make this conditional on the architecture, it's a tiny
file, and it's a bit fragile to rely on GC behaviour, so just include it
unconditionally.
Reviewed by: dim, emaste
Fixes: 770cf0a5f02d ("Fixups after llvm-project main llvmorg-21-init-19288-gface93e724f4 merge")
[2 lines not shown]
vfs: Fix resource leaks in kern_symlinkat()
Fixes: 2ec2ba7e232d ("vfs: Add VFS/syscall support for Solaris style extended attributes")
Reported by: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li,
and Ke Xu from Tsinghua University using GLM-5.2 from Z.ai
Reviewed by: rmacklem, kib
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D58053
arm64/vmm: Make remaining registers use hypctx_*_sys_reg
Move vgic, timer and trapframe registers into sys_regs to handle them
in the same way as all the other registers.
Signed-off-by: Kajetan Puchalski <kajetan.puchalski at arm.com>
Reviewed by: andrew
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D56556
arm64/vmm: Refactor vmm_hyp.c
Refactor vmm_hyp.c to split register reload logic by type of register,
streamline the implementation and improve readability.
Signed-off-by: Kajetan Puchalski <kajetan.puchalski at arm.com>
Reviewed by: andrew
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D56553
arm64/vmm: Move vttbr_el2 & vtimer into struct hypctx
Move vttbr_el2 & vtimer from struct hyp into struct hypctx to streamline
the logic and handle them in the same way as other *_el2 registers are
already being handled.
Signed-off-by: Kajetan Puchalski <kajetan.puchalski at arm.com>
Reviewed by: andrew
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D56554
arm64/vmm: Move host-side EL2 regs into sys_regs
Move EL2 host registers that are not visible to the guest into
hypctx->sys_regs. Prefix them with HOST_ to distinguish from EL2
registers which are part of the guest's own state (e.g. in VNCR).
Signed-off-by: Kajetan Puchalski <kajetan.puchalski at arm.com>
Reviewed by: andrew
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D56555
arm64/vmm: Store non-VNCR registers in an array
Move non-VNCR EL0 and EL1 registers into a dedicated array inside of
hypctx. This enables uniform accesses to both VNCR and non-VNCR guest
register state through hypctx_[read|write]_sys_reg().
The accessors are _not_ used for non-VNCR EL2 registers in order to
create a clear separation between guest-visible and guest-invisible
register state.
Signed-off-by: Kajetan Puchalski <kajetan.puchalski at arm.com>
Reviewed by: andrew
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D56552
arm64/vmm: Use the VNCR_EL2 memory page to store guest registers
Wherever possible, move the storage space for guest register values from
the hypctx struct into a preallocated memory page matching the layout of
the page pointed to by VNCR_EL2.
This will streamline implementing support for nested virtualization, but
the implementation itself is not reliant on the presence of nested
virtualization architecture features.
Signed-off-by: Kajetan Puchalski <kajetan.puchalski at arm.com>
Reviewed by: andrew
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D56551
arm64/vmm: Add FEAT_NV2 definitions
Add the definitions for the VNCR_EL2 register and all of the offsets
to registers in memory relative to the page stored in VNCR_EL2.
Signed-off-by: Kajetan Puchalski <kajetan.puchalski at arm.com>
Reviewed by: andrew
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D56550
cpu: cpu_get_pcpuid(): Fix typo in herald comment
Fixes: c3c8f4d9e662 ("cpu: New cpu_get_pcpuid(), retrieves internal CPU ID")
Sponsored by: The FreeBSD Foundation
dtrace: Fix DOF section-specific validation
The entry size of the probe section is assumed to be at least
sizeof(dof_probe_t) by the loop further below.
enoff_sec->dofs_entsize was not being validated at all.
When multiplying an index by a table entry size, make sure the
multiplication can't overflow.
Fix an off-by-one when validating the translated probe argument array.
Make sure that the probe argument argvs are valid string offsets
even if the argument count is zero.
Reviewed by: christos
MFC after: 2 weeks
Sponsored by: CHERI Research Centre
Differential Revision: https://reviews.freebsd.org/D57979
dtrace: Improve DOF string table validation
The check for a nul terminator implicitly assumes that the section size
is positive. Make the assumption explicit.
Reviewed by: christos
MFC after: 2 weeks
Sponsored by: CHERI Research Centre
Differential Revision: https://reviews.freebsd.org/D57977
dtrace: Fix DOF section bounds validation
We must ensure that each DOF section does not overlap with the DOF
header or section table. Otherwise the relocations processed in the
second pass over sections can manipulate DOF metadata, leading to OOB
writes.
Reviewed by: christos
MFC after: 2 weeks
Sponsored by: CHERI Research Centre
Differential Revision: https://reviews.freebsd.org/D57976
dtrace: Improve DOF section size validation
The loop which validates each DOF section assumes that the section
header is present, so the section size must be at least as large as the
header, otherwise a small OOB access is possible.
Reviewed by: christos
MFC after: 2 weeks
Sponsored by: CHERI Research Centre
Differential Revision: https://reviews.freebsd.org/D57975
ee: Handle EINTR when waiting for a character
Otherwise one can't easily attach gdb to ee.
Reviewed by: bapt
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57997
ee: Improve handling of malformed UTF-8 characters
In delete(), when copying the deleted character to the d_char buffer,
don't assume that it fits. utf8_prev() may return a sequence of more
than 5 bytes.
In insert_utf8(), fix the copy-up of the line. We extended the line by
"len" bytes, so "temp" has to be repositioned accordingly. Compare with
plain insert().
Use sizeof when copying to buffers instead of hard-coding buffer sizes.
Don't dynamically allocate d_char, there is no need.
Fixes: 62fba0054d9e ("ee: add unicode support")
Reported by: Sayono Hiragi (overflow in delete())
Reviewed by: bapt
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57996
jaildesc: Publish the new fd only after the jaildesc is initialized
jaildesc_alloc() finishes initializing the file structure only after it
is made visible from the file descriptor table via finit(). In that
window, other threads could try to perform operations on the descriptor
and thus access an incompletely initialized jaildesc.
Defer the finit() call until locks are initialized. While here,
simplify the error path for falloc_caps().
Reported by: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li,
and Ke Xu from Tsinghua University using GLM-5.2 from Z.ai
Reviewed by: jamie
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D58049
inotify: Unconditionally generate IN_IGNORED events for files/dirs
The implementation previously only generated an IN_IGNORED event for a
deleted watched file if the watch explicitly requested IN_DELETE_SELF.
This is not correct, IN_IGNORED should always be raised when the watched
subject is deleted. Adjust the implementation of inotify_log_one()
accordingly.
This also fixes a problem where a deleted watched file's watch
would not be removed if IN_DELETE_SELF was not in the watch's event
mask, in which case the unlinked vnode would linger until the inotify
descriptor itself is closed.
Add a regression test.
Reported by: jrtc27
Reviewed by: jrtc27
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D58050
libc/resolv: Add no-debug and no-rotate options
These are simply the reverse of the debug and rotate options.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57926
libc/resolv: Reimplement the sortlist parser
When we switched from the BIND4 resolver to the BIND9 resolver, the
sortlist parser was inadvertently disabled due to a missing #define, and
nobody seemed to notice. The sorting code remained enabled in the
resolver, but there was no way to set a sort order.
Reimplement the sortlist parser, but correctly, and update the manual
accordingly. The new parser accepts IPv4 and IPv6 addresses with or
without a mask or prefix length, just like the old one, except IPv6
support was a bit wonky in the original code.
Fixes: 5342d17f09a8 ("Update the resolver in libc to BIND9's one.")
Relnotes: yes
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57925