tests: kqueue: add a basic test for CPONFORK
Just copy over a timer and a write-filter, be sure that we can observe
both in the child. Maybe the timer should check for a minimum time
passed, but I don't know that we'd be likely to get that wrong.
This also adds a negative test with a kqueue that is *not* set for
CPONFORK being added to the first one, made readable, and confirming
that we don't see a knote for it in the child.
Some other improvements to the test noted in the review are planned in
the short term, but they're not particularly worth blocking adding this
as a basic sanity check.
Reviewed by: kib, markj
(cherry picked from commit 0c9cec8b66e7033f50059329704515d5222b9ff4)
kqueue: don't leak file refs on failure to knote_attach()
We'll subsequently just knote_free() since the knote is barely
constructed, but that bypasses any logic that might release references
on owned files/fops. Defer clearing those until the knote actually owns
them and update the comment to draw the line more clearly.
Reviewed by: kib
(cherry picked from commit 0bf4d22c37083170961c31694b90551538901a1c)
libc: fix memfd_create's HUGETLB handling
The 'simplification' commit referenced below actually broke one aspect
of MFD_HUGETLB: the caller isn't supposed to be required to specify a
size. MFD_HUGETLB by itself without a shift mask just requests a large
page, so we revert that part of memfd_create() back.
While we're here, fix up the related parts of the manpages a little bit,
since MFD_HUGETLB is actually supported. The manpage claims that we
would return ENOSYS if forced mappings weren't supported, but this was
actually not true. However, that seems like a very important
distinction to make between ENOSYS and EOPNOTSUPP, so fix the
implementation to match the docs.
Reviewed by: kib, markj
(cherry picked from commit 9a8d333368baef356f0a611b47ec592568dd14f9)
kqueue: slightly clarify the flow in knlist_cleardel()
This is purely a cosmetic change to make it a little easier on the eyes,
rather than jumping back to the else branch up top. Re-flow it to use
another loop on the outside and just inline the re-lock before we repeat
after awaking from fluxwait.
The !killkn path should maybe issue a wakeup if there's a thread in
KQ_SLEEP so that userland can observe the EOF, but this isn't a
practical problem today: pretty much every case of knlist_clear is tied
to a file descriptor and called in the close(2) path. As a consequence,
potentially affected knotes are almost always destroyed before we even
get to knlist_clear().
Reviewed by: kib, markj
(cherry picked from commit c6dd40f2d35d596ca60a5d87616c3e4a0fd4f676)
lualoader: allow the local module to filter out the BE list
This allows something like the following local.lua to install a filter
to implement its own notion of hidden BEs using a naming convention of
a leading dot to hide them:
-- file: /boot/lua/local.lua
local core = require("core")
local function be_hide(be)
if core.isSingleUserBoot() then
-- All BEs are accepted for single-user
return true
end
local name = be:match("/([^/]+)$")
if not name then
-- Accept malformed BEs, for whatever reason
return true
[16 lines not shown]
kqueue: compare against the size in kqueue_expand
This is a cosmetic change, rather than a functional one: comparing the
knlistsize against the fd requires a little bit of mental gymnastics to
confirm that this is fine and not doing unnecessary work in some cases.
Notably, one must consider that kq_knlistsize only grows in KQEXTENT
chunks, which means that concurrent threads trying to grow the kqueue
to consecutive fds will usually not result in the list being replaced
twice. One can also more clearly rule out classes of arithmetic
problems in the final `else` branch.
Reviewed by: kib, markj
(cherry picked from commit 0b4f0e0515d0c7ec855cd654ae5dc562f4931cae)
kqueue: add some kn_knlist assertions around knlist_(add|remove)
We currently assert that kn_status is accurate, but there's more room
for error. Neither of these are very likely, but currently we'd blow up
in SLIST*() macros instead of providing more obvious diagnostics. It's
perhaps only worth testing these because knlist_remove() requires
getting logic across both f_attach() and f_detach() correct.
Reviewed by: kib, markj
(cherry picked from commit 306c9049c642da6a59a5dc088589605a9aa38b87)
kqueue: avoid a possible fork-deadlock
kqueue_fork_copy() is likely to have transitioned at least one knote
through a flux state, so we should check whether we need to wake
anything up on the way out to avoid a possible deadlock.
This was a part of D56210, but we'll close the review with the next
commit.
Reviewed by: kib, markj
(cherry picked from commit 14d0baf2e89202cec3f9cb03a573372ccbc568b2)
kqueue: simplify knote_fdclose()
The influx logic in knote_fdclose() is a little misguided, the resulting
wakeup() call should always be redundant: knote_drop_detached() will
always issue a wakeup before it returns, so anything waiting on *that*
knote that had entered fluxwait should have been woken up then. This is
the obvious divergence from the other influx/wakeup pattern in the
implementation, which will kn_influx-- and then issue the wakeup after
it has processed all of the knotes it can make progress on.
While we're here, the kq_knlist cannot shrink, so we can avoid that
condition in the loop and avoid potentially excessive wakeups from
fluxwait on kqueues that we didn't touch.
Reviewed by: kib, markj
(cherry picked from commit ff1050d2a366bd288a6ebbf63f98003272513f92)
vm_fault: Reset m_needs_zeroing properly
- When allocating a page, we should only consider the PG_ZERO flag when
handling the top-level page.
- Unconditionally reset the flag when restarting the fault handler.
Previously, vm_fault_busy_sleep() would fail to reset it.
PR: 294039
Reviewed by: kib
Tested by: Peter Much <pmc at citylink.dinoex.sub.org>
MFC after: 3 days
Fixes: cff67bc43df1 ("vm_fault: only rely on PG_ZERO when the page was newly allocated")
Differential Revision: https://reviews.freebsd.org/D56234
(cherry picked from commit 04132e01004316ddd0e0cde6ef15b100b7b1844d)
kqueue: Fix a race when adding an fd-based knote to a queue
When registering a new kevent backed by a file descriptor, we first look
up the file description with fget(), then lock the kqueue, then see if a
corresponding knote is already registered. If not, and KN_ADD is
specified, we add the knote to the kqueue.
closefp_impl() interlocks with this process by calling knote_fdclose(),
which locks each kqueue and checks to see if the fd is registered with a
knote. But, if userspace closes an fd while a different thread is
registering it, i.e., after fget() succeeds but before the kqueue is
locked, then we may end up with a mismatch in the knote table, where the
knote kn_fp field points to a different file description than the knote
ident.
Fix the problem by double-checking before registering a knote. Add a
new fget_noref_unlocked() helper for this purpose. It is a clone of
fget_noref(). We could simply use fget_noref(), but I like having an
explicit unlocked variant.
[7 lines not shown]
vm_fault: Reset m_needs_zeroing properly
- When allocating a page, we should only consider the PG_ZERO flag when
handling the top-level page.
- Unconditionally reset the flag when restarting the fault handler.
Previously, vm_fault_busy_sleep() would fail to reset it.
PR: 294039
Reviewed by: kib
Tested by: Peter Much <pmc at citylink.dinoex.sub.org>
MFC after: 3 days
Fixes: cff67bc43df1 ("vm_fault: only rely on PG_ZERO when the page was newly allocated")
Differential Revision: https://reviews.freebsd.org/D56234
(cherry picked from commit 04132e01004316ddd0e0cde6ef15b100b7b1844d)
kqueue: Fix a race when adding an fd-based knote to a queue
When registering a new kevent backed by a file descriptor, we first look
up the file description with fget(), then lock the kqueue, then see if a
corresponding knote is already registered. If not, and KN_ADD is
specified, we add the knote to the kqueue.
closefp_impl() interlocks with this process by calling knote_fdclose(),
which locks each kqueue and checks to see if the fd is registered with a
knote. But, if userspace closes an fd while a different thread is
registering it, i.e., after fget() succeeds but before the kqueue is
locked, then we may end up with a mismatch in the knote table, where the
knote kn_fp field points to a different file description than the knote
ident.
Fix the problem by double-checking before registering a knote. Add a
new fget_noref_unlocked() helper for this purpose. It is a clone of
fget_noref(). We could simply use fget_noref(), but I like having an
explicit unlocked variant.
[7 lines not shown]
kqueue: Fix a race when adding an fd-based knote to a queue
When registering a new kevent backed by a file descriptor, we first look
up the file description with fget(), then lock the kqueue, then see if a
corresponding knote is already registered. If not, and KN_ADD is
specified, we add the knote to the kqueue.
closefp_impl() interlocks with this process by calling knote_fdclose(),
which locks each kqueue and checks to see if the fd is registered with a
knote. But, if userspace closes an fd while a different thread is
registering it, i.e., after fget() succeeds but before the kqueue is
locked, then we may end up with a mismatch in the knote table, where the
knote kn_fp field points to a different file description than the knote
ident.
Fix the problem by double-checking before registering a knote. Add a
new fget_noref_unlocked() helper for this purpose. It is a clone of
fget_noref(). We could simply use fget_noref(), but I like having an
explicit unlocked variant.
[7 lines not shown]
vm_fault: Avoid creating clean, writeable superpage mappings
The pmap layer requires writeable superpage mappings to be dirty.
Otherwise, during demotion, we may miss a hw update of the PDE which
sets the dirty bit.
When creating a managed superpage mapping without promotion, i.e., with
pmap_enter(psind == 1), we must therefore ensure that a writeable
mapping is created with the dirty bit pre-set. To that end,
vm_fault_soft_fast(), when handling a map entry with write permissions,
checks whether all constituent pages are dirty, and if so, converts the
fault to a write fault, so that pmap_enter() does the right thing. If
one or more pages is not dirty, we simply create a 4K mapping.
vm_fault_populate(), which may also create superpage mappings, did not
do this, and thus could create mappings which violate the invariant
described above. Modify it to instead check whether all constituent
pages are already dirty, and if so, convert the fault to a write fault.
Otherwise the mapping is downgraded to read-only.
[7 lines not shown]
nfsid.h: Put the nfsd_idargs structure in a new .h
This patch moves the definition of the nfsd_idargs
structure out of nfs.h and into a new file called
nfsid.h.
This is being done so that it can be included in
nfs_diskless.c in a future commit.
There should be no semantics change from this
commit.
(cherry picked from commit e6db4dd9d7216067388ae91ac73c3917a93f9420)
mk: Disable blacklist when disabling blocklist
WITHOUT_BLOCKLIST, when set, should enforce WITHOUT_BLACKLIST.
This fixes the build when WITHOUT_BLOCKLIST=yes is set.
Reported by: ivy
Reviewed by: ivy
Fixes: 7238317403b9 ("blocklist: Rename blacklist to blocklist")
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D56118
(cherry picked from commit 0d9676e1ca92febd42fbebef8d6833a0939d3f7c)
crypto/openssl: update from 3.0.16 to 3.0.20
### Description
This particular change contains all functional and security fixes made
between 3.0.16 and 3.0.20, with the net-resulting security issues being
the ones addressed in 3.0.20 [1] [2].
This is a direct commit to stable/14 as stable/15 and later use OpenSSL
3.5, as of writing, and thus this change could not have been merged
through main and stable/15 since the 3.0.17+ was released after :main
switched to OpenSSL 3.5.
This does not contain any merge commits as any MFV changes are banned
unless they go through :main.
### Process used when updating the component
1. Run the subtree merge command in a staging tree.
[12 lines not shown]
gpart: More nuance for GPT support
A careful reading of the GPT standard shows that one may have fewer than
128 entries in your GPT table. While the standard requires that we
reserve enough space (32 512-byte-LBAs or 4 4096-byte-LBAs), it also
explicitly allows one to specify fewer actual partitions (since that
controls what is in the CRC). It requires that the first LBA to be 32
(512 sectors) or 6 (4k sectors) or larger. That requirement is not
enforced (it's not listed as one of validation criteria for the GPT).
We should likely do so in the future.
To that end, allow a default number of entries to use (defent) on
creation to be different (larger) than the minimum number of legal
entries. For gpt, these numbers work out to 128 and 1 respectively. For
all the others, make minent == defent so this is a nop for those
partitioning schemes.
Sponsored by: Netflix
Reviewed by: zlei, emaste
[3 lines not shown]
gpart: Add warning when the start sector is too low.
Add a warning if the starting sector is too low. The standard requires
that at least 16k is reserved for the GPT Partition Array, but some
tools produce GPT images with fewer than the required number of reserved
sectors.
PR: 274312
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D42247
(cherry picked from commit 2cbda736cea8f82cfc5caab0f6099f0fbfe28537)
fork.2: note that all methods to pre-resolve symbols have consequences
Reviewed by: imp
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D56362
flua: Always build as a bootstrap tool
We want to use flua from the source tree (not the host) during package
build, firstly to protect us from breaking changes in lua or libucl,
and secondly to allow (in future) cross-building of packages from
Linux or macOS.
Since we don't know if the user will be building packages during the
bootstrap phase, and because flua is fairly small and generally useful,
build it as a bootstrap tool unconditionally.
MFC after: 2 weeks
Reviewed by: kevans, emaste
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D56270
(cherry picked from commit 50de0bf50512aa98d18f21ac1347941396596944)
tools/build/Makefile: Always add md4.h to SYSINCS
Since libmd was added to the bootstrap, building main on stable/14
fails because of an incompatibility in its old md4.h. Fix this by
always including md4.h in the bootstrap headers, instead of only
doing so when building on a non-FreeBSD host.
Fixes: 50de0bf50512 ("flua: Always build as a bootstrap tool")
Reported by: olce
Reviewed by: olce, kevans
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D56327
(cherry picked from commit 0dd9c4abf0e56b9d4f6f7204a68b1475f2bbf1fc)
lockf.1: Organize and provide error numbers
Add error numbers to the exit codes so that readers can decode them
without having to use a separate utility. Organize exits by error code.
Mark up the error constants with the error constant macro, even though
this is really not very helpful because people will search for the error
code, the macro is explicitly for the constants and not the codes.
While where, align and alphabetize the options list as well, fix
misaligned padding in an example, and a one-sentance-per-line error.
MFC after: 3 days
Reported by: Antranig Vartanian <antranigv at freebsd.am>
Differential Revision: https://reviews.freebsd.org/D48470
(cherry picked from commit dd201e407e48ba59bdfa1f71d41acfdac1a9c562)