lualoader: fix pruning of non-existent default kernel
Removing the kernel from the list of available kernels is sufficient to
avoid rendering it in the list, but we need more for booting to actually
work. Notably, the 'kernel' loader.conf var was left intact to its
default value, so if one didn't use the kernel selector in the menu then
we'd try to boot the nonexistent 'kernel' instead of the new default
(first autodetected).
There's room to improve the error messages here, but for now let's just
make it actually work correctly.
PR: 292232
Fixes: d04415c520b03 ("loader: lua: remove the default kernel [...]")
(cherry picked from commit e30086ab4c8778ea70a3b19e83546ce1b4a16492)
bectl: log modifying functions to zpool history
Modeled directly after the method used by the zfs/zpool commands: flag
commands with a "please log me" flag, and when there, reconstruct the
command line. On success, call the library function to add it to the
log.
(Majority of the change by Rob; minor edits by kevans@)
Signed-off-by: Rob Norris <rob.norris at klarasystems.com>
Co-authored-by: Kyle Evans <kevans at FreeBSD.org>
Sponsored by: Modirum MDPay
Sponsored by: Klara, Inc.
(cherry picked from commit 2a87929671e6e6919c18f2c25d60f2c73c3d18f4)
makedev(9): drop an additional note about cdevpriv dtors
These were previously somewhat safe to call destroy_dev(9), but will now
also cause a deadlock in the same fashion that d_close doing so would
previously. Amend the note to point it out, in case it's useful for
someone.
Reviewed by: imp, kib, markj
(cherry picked from commit 90314c04f10f583c37c59ec51fd628e3deaf3622)
libc: report _SC_NPROCESSORS_ONLN more accurately in cpu-limited jails
We don't support CPU hotplug, but we do support cpuset(8) restrictions
on jails (including prison0, which uses cpuset 1). The process cannot
widen its cpuset beyond its root set, so it makes sense to instead
report the number of cpus enabled there rather than the total number
in the system.
This change is effectively a nop for the majority of systems and jails
in the wild, though it does reduce the performance of this query now
that we can't take advantage of AT_NCPUS being provided in the auxinfo.
The implementation here is notably different than Linux, which would not
take cgroups into account. They do, however, take CPU hotplug into
account, so the possibility for it to diverge from (and be lower than)
the # configured count to reflect what the process can actually be
scheduled on doesn't really diverge in semantics.
Reviewed by: kib
[2 lines not shown]
libutil: defer setting the MAC label until after the login class
MAC policies, like mac_biba(4), may forbid changing the login class once
a label has been applied. For setting up the initial login context,
this isn't really expected and in-fact may break some class-based
configuration.
Defer setting the MAC label until after the login class is set, and
remove the requirement that we have a pwd entry since the label is
pulled from the login class -- we only use pwd for syslog in this path.
Patch is largely by Kevin Barry, with some modifications and this commit
message by kevans@.
PR: 177698
Reviewed by: des, olce
Co-authored-by: Kevin Barry <ta0kira gmail com>
(cherry picked from commit 98edcbcce0a4650084bd86e704cfa38bf590250c)
libc: fix description issues in mac_text(3)/mac_free(3)mac_text(3) as-written would seem to indicate that a `mac_t` should be
freed with free(3), but this isn't the case. One can derive from
context from when the change was introduced and COMPATIBILITY that this
was intended to talk about *text in `mac_to_text`, so move the comment
there.
PR: 179832
Co-authored-by: Priit Järv <priit cc ttu ee>
(cherry picked from commit 081218b7a2006e5b6783e51f66fd751871ac1272)
lualoader: fix pruning of non-existent default kernel
Removing the kernel from the list of available kernels is sufficient to
avoid rendering it in the list, but we need more for booting to actually
work. Notably, the 'kernel' loader.conf var was left intact to its
default value, so if one didn't use the kernel selector in the menu then
we'd try to boot the nonexistent 'kernel' instead of the new default
(first autodetected).
There's room to improve the error messages here, but for now let's just
make it actually work correctly.
PR: 292232
Fixes: d04415c520b03 ("loader: lua: remove the default kernel [...]")
(cherry picked from commit e30086ab4c8778ea70a3b19e83546ce1b4a16492)
bectl: log modifying functions to zpool history
Modeled directly after the method used by the zfs/zpool commands: flag
commands with a "please log me" flag, and when there, reconstruct the
command line. On success, call the library function to add it to the
log.
(Majority of the change by Rob; minor edits by kevans@)
Signed-off-by: Rob Norris <rob.norris at klarasystems.com>
Co-authored-by: Kyle Evans <kevans at FreeBSD.org>
Sponsored by: Modirum MDPay
Sponsored by: Klara, Inc.
(cherry picked from commit 2a87929671e6e6919c18f2c25d60f2c73c3d18f4)
makedev(9): drop an additional note about cdevpriv dtors
These were previously somewhat safe to call destroy_dev(9), but will now
also cause a deadlock in the same fashion that d_close doing so would
previously. Amend the note to point it out, in case it's useful for
someone.
Reviewed by: imp, kib, markj
(cherry picked from commit 90314c04f10f583c37c59ec51fd628e3deaf3622)
libc: report _SC_NPROCESSORS_ONLN more accurately in cpu-limited jails
We don't support CPU hotplug, but we do support cpuset(8) restrictions
on jails (including prison0, which uses cpuset 1). The process cannot
widen its cpuset beyond its root set, so it makes sense to instead
report the number of cpus enabled there rather than the total number
in the system.
This change is effectively a nop for the majority of systems and jails
in the wild, though it does reduce the performance of this query now
that we can't take advantage of AT_NCPUS being provided in the auxinfo.
The implementation here is notably different than Linux, which would not
take cgroups into account. They do, however, take CPU hotplug into
account, so the possibility for it to diverge from (and be lower than)
the # configured count to reflect what the process can actually be
scheduled on doesn't really diverge in semantics.
Reviewed by: kib
[2 lines not shown]
libutil: defer setting the MAC label until after the login class
MAC policies, like mac_biba(4), may forbid changing the login class once
a label has been applied. For setting up the initial login context,
this isn't really expected and in-fact may break some class-based
configuration.
Defer setting the MAC label until after the login class is set, and
remove the requirement that we have a pwd entry since the label is
pulled from the login class -- we only use pwd for syslog in this path.
Patch is largely by Kevin Barry, with some modifications and this commit
message by kevans@.
PR: 177698
Reviewed by: des, olce
Co-authored-by: Kevin Barry <ta0kira gmail com>
(cherry picked from commit 98edcbcce0a4650084bd86e704cfa38bf590250c)
libc: fix description issues in mac_text(3)/mac_free(3)mac_text(3) as-written would seem to indicate that a `mac_t` should be
freed with free(3), but this isn't the case. One can derive from
context from when the change was introduced and COMPATIBILITY that this
was intended to talk about *text in `mac_to_text`, so move the comment
there.
PR: 179832
Co-authored-by: Priit Järv <priit cc ttu ee>
(cherry picked from commit 081218b7a2006e5b6783e51f66fd751871ac1272)
jail(3): fix common usage after mac.label support
Nobody else's mac.conf(5) has any entries for jails, so they get a
trivial ENOENT and we fail before we can fetch any jail parameters.
Most notably, this breaks `jls -s` / `jls -n` if you do not have any
loaded policy that applies jail labels.
Add an entry that works for everyone, and hardcode that as an ENOENT
fallback in libjail to provide a smoother transition. This is probably
not harmful to leave in long-term, since mac.conf(5) will override it.
This unearthed one additional issue, in that mac_get_prison() in the
MAC framework handled the no-label-policies bit wrong. We don't want
to break jail utilities enumerating jail parameters automatically, so
we must ingest the label in all cases -- we can still use it as a small
optimization to avoid trying to copy out any label. We will break
things if a non-optional element is specified in the copied in label,
but that's expected.
[8 lines not shown]
mac(4): also list jails in the example enumeration of objects
The prison may also be considered part of the subject by way of its
ucred association, but I don't think this is significantly different
enough today than before recent work -- policies could have always
taken them into account, and some did (e.g., mac_bsdextended).
Reported by: olce
Reviewed by: olce, ziaee
Differential Revision: https://reviews.freebsd.org/D54748
pfctl(8): change default limiter action from no-match to block
pf(4) users who use limiters in current should update the rules
accordingly to reflect the change in default behavior. The existing
rule which reads as follows:
pass in from any to any state limiter test
needs to be changed to:
pass in from any to any state limiter test (no-match)
OK dlg@
Obtained from: OpenBSD, sashan <sashan at openbsd.org>, c600931321
Sponsored by: Rubicon Communications, LLC ("Netgate")
sctp: improve compilation as module
When compiling SCTP as a module, don't compile sctp_crc32.c into
the module. This avoids code and variable duplication since
sctp_crc32.c is compiled into the kernel. In particular, the variable
system_base_info is not duplicated. This fixes the handling of the
statistic counters sctps_sendhwcrc and sctps_sendswcrc when using
sctp_delayed_cksum.
MFC after: 3 days
Remove obsolete BUGS section from zgrep(1) man page, add test
I forgot to check/update the man page with D54217. While here add
a test for multiple -e flags.
Reviewed by: markj
Approved by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D54632
(cherry picked from commit da5d94d29a5ec29817476c39ae2b2ad1666c3f06)
Remove obsolete BUGS section from zgrep(1) man page, add test
I forgot to check/update the man page with D54217. While here add
a test for multiple -e flags.
Reviewed by: markj
Approved by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D54632
(cherry picked from commit da5d94d29a5ec29817476c39ae2b2ad1666c3f06)
libthr: add pthread_tryjoin_np()
Similar to the same glibc function.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D54766
acpi: Fix not calling AcpiLeaveSleepState() in S3 path
When resuming from ACPI suspend, the ACPI_SS_SLP_PREP bit in slp_state
was being checked and subsequently unset when calling resumeclock().
This bit was also being checked for the AcpiLeaveSleepState() call in
the non-s2idle path, but having just been unset, it was never actually
being called.
Change this so that resumeclock() is always being called (since we never
goto breakout between suspendclock() and resumeclock() anyway) and
ACPI_SS_SLP_PREP is purely used for AcpiEnterSleepStatePrep() and
AcpiLeaveSleepState() in the non-s2idle paths.
PR: 292568
Reported by: Marek Zarychta
Reviewed by: olce
Tested by: Marek Zarychta
Approved by: olce
Fixes: 7669cbd0f064 (“acpi: Suspend-to-idle support (s2idle)”)
[2 lines not shown]
