nfsd: Fix handling of hidden/system during Open/Create
When an NFSv4.n client specifies settings for the archive,
hidden and/or system attributes during a Open/Create, the
Open/Create fails for ZFS. This is caused by ZFS doing
a secpolicy_xvattr() call, which fails for non-root.
If this check is bypassed, ZFS panics.
This patch resolves the problem by disabling va_flags
for the VOP_CREATE() call in the NFSv4.n server and
then setting the flags with a subsequent VOP_SETATTR().
This problem only affects FreeBSD-15 and main, since the
archive, system and hidden attributes are not enabled
for FreeBSD-14.
I think a similar problem exists for the NFSv4.n
Open/Create/Exclusive_41, but that will be resolved
in a future commit.
[8 lines not shown]
netinet6: free in6_ifextra with epoch_call(9)
This is expected to fix the old in6_selecthlim() panics. The nature of
the panic is that a packet sending thread will obtain the struct ifnet
pointer locklessly and then pick the if_inet6 pointer from it and
dereference it. While the struct ifnet is freed via epoch_call(9), the
struct in6_ifextra until this change was not. For the forwarded packets,
or locally originated non-TCP packets we were probably safe due to the old
if_dead trick. But locally originated TCP packets may dereference
in6_ifextra via direct call into in6_selecthlim() from the tcp_output(),
before ip6_output().
NB: hypothetically a similar problem also applies to IPv4's if_inet pointer,
but there are no known panics, yet.
PR: 279653
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D54728
netinet6: embed struct mld_ifsoftc into struct in6_ifextra
In mld_domifdetach() don't search the global list.
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D54727
netinet6: store ND context directly in struct in6_ifextra
Stop using struct nd_ifinfo for that, because it is an API struct for
SIOCGIFINFO_IN6. The functional changes are isolated to the protocol
attach and detach: in6_ifarrival(), nd6_ifattach(), in6_ifdeparture(),
nd6_ifdetach(), as well as to the nd6_ioctl(), nd6_ra_input(),
nd6_slowtimo() and in6_ifmtu().
The dad_failures member was just renamed to match the rest. The M_IP6NDP
malloc(9) type declaration moved to files that actually use it.
The rest of the changes are mechanical substitution of double pointer
dereference via ND_IFINFO() to a single pointer dereference. This was
achieved with a sed(1) script:
s/ND_IFINFO\(([a-z0-9>_.-]+)\)->(flags|linkmtu|basereachable|reachable|retrans|chlim)/\1->if_inet6->nd_\2/g
s/nd_chlim/nd_curhoplimit/g
Reviewed by: tuexen, madpilot
Differential Revision: https://reviews.freebsd.org/D54725
netinet6: use in6_ifmtu() instead of IN6_LINKMTU() macro
There should be no functional change. If there are any performance
concerns with a function call, with the future changes, that would move
ND6 bits into in6_ifextra, this function would be easily inline-able.
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D54724
netinet6: embed struct nd_ifinfo into struct in6_ndireq
There is no functional change here, but we'd like to emphasize that the
nd_ifinfo structure is not a actually a kernel ND6 software context,
despite being actively used like this way, but an API/ABI structure for
ioctl(2). This should prevent from a ABI breakages like in 31ec8b6407fd.
This also is a step towards stopping using it as a kernel software
context.
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D54722
MAINTAINERS: Remove some stale entries
Remove some stale entries, preen some others. Longer term, we need a
better format. Also, if there's mistakes, let us know: we want it to be
useful to people seeking review, not be perscriptive about who can do
what.
Reviewed by: srcmgr@
libc++ inttypes.h: define __STDC_CONSTANT_MACROS and __STDC_LIMIT_MACROS
Before transitively including the base version of inttypes.h, define
__STDC_CONSTANT_MACROS and __STDC_LIMIT_MACROS, because the base
inttypes.h directly includes sys/stdint.h, instead of going through the
'regular' stdint.h.
The libc++ version of the latter does define those macros, to ensure
things like UINT64_C() and SIZE_MAX are defined even in C++98 or C++03.
MFC after: 3 days
Fix SATA NCQ error recovery after 25375b1415
Since that commit ahci(4), siis(4) and mvs(4) drivers ended up
using wrong command to fetch error information for NCQ commands.
Since ATA errors are not very informative to begin with, the only
noticeable effect is a lack of retries on those errors by CAM.
MFC after: 1 week
PR: 279978
(cherry picked from commit 87085c12ba8fa51f777bc636df67008b45e20d1c)
arm/gic: Detect broken configurations
Some virtualization platforms provide broken configurations. There
is a GIC interrupt controller, however accessing the CPU interface
registers leads to an external data abort. As these are needed to
handle interrupts we are unable to boot further.
Detect this misconfiguration and panic to tell the user the issue.
Reviewed by: emaste
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D54832
capsicum.4: Replace 'fi' ligature and smart quotation mark
While here, wrap the line to 80 characters.
Reviewed by: jlduran
Fixes: c54534e60263 ("capsicum.4: Add some more detail from the Capsicum paper")
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D54761
