blacklistd: Fix RFC1918 typo
This is a direct commit to the stable/14 branch, partially cherry picked
from commit 5a6d9479ae2271a97dd23ceee8ad284770302874, as the stable/14
branch only has blacklistd.
The address in the configuration file example was intended to be from
the 192.168.0.0/16 range of IPv4 private addresses (RFC1918).
Reported on mastodon.social at
https://mastodon.social/@asmodai/116316630762241486.
Fix submitted upstream by emaste@. Fixing locally first.
Reported by: asmodai
Reviewed by: emaste
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56773
libc: correct posix_spawn_file_actions_init ENOMEM error
The return value of posix_spawn_file_actions_init() is an error number.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D56911
tests/carp: make a 0.2 second pause before configuring second jail
for all scenarios where both jails have same priority/advskew. There is a
tiny chance that on both sides carp_master_down() will be executed in
parallel and advertisements will also fly through the bridge(4) in
parallel, thus both sides will switch to MASTER before receiving the
announcement from peer. This makes the test to fail. So far this
flakyness was observed for carp:vrrp_v4 only, but in theory it is possible
for any of the patched scenarios.
Note that this sleep does not prolong execution of the tests, as the first
jail is already configured, and if we slept before configuring the second,
we would sleep less in wait_for_carp().
(cherry picked from commit 27ff90cd3d8d2ac8198f30cbebeefb15a49d41bc)
tests/carp: Rework unicast_v4
For unicast tests, it is sufficient to use wait_for_carp() to verify
the setup is sane. Additional sanity checks are not necessarily
required but can serve purpose for redundancy.
For some unclear reason routed(8) is advertising route to carp BACKUP.
That makes the test flaky. Also routed(8) is marked deprecated and may
be removed from base in the future. Let's just add static route entry
manually for additional sanity checks.
Other noticeable changes:
1. Add atf_check to configuration steps to prevent potential failure
on setup. That helps diagnosing on failure.
2. Shorten the names of jails to improve readability.
3. Prefer `[ifconfig|route|sysctl] -j` over `jexec [ifconfig|route|sysctl]`
to make the lines shorter.
MFC note: At the time writing, routed(8) does not know carp addresses
[10 lines not shown]
tests/carp: make sleep interval in the wait loop smaller
Makes tests to finish slightly faster.
(cherry picked from commit e353cbffd600ae3c00c8584dddcabf9d0ae1202a)
tests/carp: kill routed(8) before destroying interfaces
Otherwise routed logs a warning:
"MCAST_LEAVE_GROUP ALLROUTERS: Can't assign requested address"
that may be misinterpreted as a problem.
(cherry picked from commit 8596810d02a1e361e0312d116339aa106aca4b19)
pf: do not reject rules with colliding hashes
We insert rules in pf_krule_global solely for the benefit of the
'keepcounters' feature. Failing to insert (beause the rule hash
collides, or an identical rule already exists) would be worse than
restoring counts to the wrong rule (or failing to restore them at all).
PR: 282863, 294860, 294859, 294858
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D56745
(cherry picked from commit a0e4c65f1814a7a677364dc29bb703f84323d175)
pci: use uint32_t for eecp
eecp holds the extended capability offset. If that offset is larger
than 0xff, storing it in uint8_t truncates it, which can make the
early EHCI/XHCI capability walk read the wrong location and loop during
boot.
Seen on AMD device 1022:151e, where HCCPARAMS1 = 0x0118ffc5 and the
first xHCI extended capability offset is 0x460. Widen eecp to uint32_t
in xhci_early_takeover(), matching xhci_pci_take_controller().
Signed-off-by: Gisle Nes <gisle at gisle.net>
Reviewed by: zlei, aokblast
MFC after: 3 days
Pull Request: https://github.com/freebsd/freebsd-src/pull/2127
Closes: https://github.com/freebsd/freebsd-src/pull/2127
BSD.root.dist: Correct tag for /etc/sysctl.kld.d
This is only used by rc.subr and belongs in rc, not runtime.
Fixes: fa6d67cd16b5 ("BSD.root.dist: Add package tag for all directories")
MFC after: 3 days
Reviewed by: ivy
Differential Revision: https://reviews.freebsd.org/D56900
pf: do not reject rules with colliding hashes
We insert rules in pf_krule_global solely for the benefit of the
'keepcounters' feature. Failing to insert (beause the rule hash
collides, or an identical rule already exists) would be worse than
restoring counts to the wrong rule (or failing to restore them at all).
PR: 282863, 294860, 294859, 294858
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D56745
(cherry picked from commit a0e4c65f1814a7a677364dc29bb703f84323d175)
fsck_msdosfs: fix FAT header correction not persisting in cache mode
When fsck_msdosfs runs with FAT32 cache mode (used for large
filesystems that cannot be mmap'd), a detected FAT header correction
was written into the in-memory buffer but the corresponding cache
entry (fat32_cache_allentries[0]) was never marked dirty. As a
result, fat_flush_fat32_cache_entry() skipped it, the corrected
bytes were never written to disk, and copyfat() propagated the
uncorrected on-disk data to all backup FAT copies. Every subsequent
fsck run would repeat the same "FAT starts with odd byte sequence /
FIXED" cycle indefinitely.
Fix by marking fat32_cache_allentries[0].dirty = true after applying
the in-memory correction, ensuring the chunk is flushed before
copyfat() runs.
Obtained from: https://android-review.googlesource.com/c/platform/external/fsck_msdos/+/4047981
MFC after: 3 days
Merge commit 871038759afb from llvm git (by Marco Elver):
Thread Safety Analysis: Fix pointer handling of variables with deprecated attributes (#148974)
de10e44b6fe7 ("Thread Safety Analysis: Support warning on
passing/returning pointers to guarded variables") added checks for
passing pointer to guarded variables. While new features do not
necessarily need to support the deprecated attributes (`guarded_var`,
and `pt_guarded_var`), we need to ensure that such features do not cause
the compiler to crash.
As such, code such as this:
struct {
int v __attribute__((guarded_var));
} p;
int *g() {
return &p.v; // handleNoMutexHeld() with POK_ReturnPointer
[24 lines not shown]
sys/time: appease gcc -Wtype-limits
In environments where time_t is 32 bits, including the 32-bit library
build on amd64, the overflow being tested for cannot happen, and gcc
complains with -Wtype-limits, causing the gcc build to fail. Work
around this by ifdef'ing out the saturation code on i386.
Reviewed by: imp, jfree
Discussed with: markj
Fixes: e3799530b3ba ("sys/time: Add saturating sbt conversions")
Differential Revision: https://reviews.freebsd.org/D56369
(cherry picked from commit 00dccc3164c6dff38350a1baeeea7238acf2efc3)
Make "make update-packages" idempotent
If the user runs "make update-packages" without bumping BRANCH, then it
isn't possible to copy packages from the old location to the new one
(because the two locations are the same). So just skip that step.
Sponsored by: ConnectWise
PR: 295085
MFC after: 1 week
Reviewed by: ivy, emaste
Differential Revision: https://reviews.freebsd.org/D56872
Define stdint.h macros unconditionally
Similar to glibc, define all the stdint.h macros such as `SIZE_MAX`,
`UINT64_C`, etc unconditionally. I.e. no longer check whether
`__STDC_CONSTANT_MACROS` or `__STDC_LIMIT_MACROS` are defined. See also
<https://sourceware.org/bugzilla/show_bug.cgi?id=15366>.
This is part of reverting base 00bee6fcd77f, which reverted an upstream
libc++ commit that eliminated libc++'s stdint.h wrapper header.
Submitted by: Nikolas Klauser <nikolasklauser at berlin.de>
MFC after: 1 week
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D56746
(cherry picked from commit 966fb94cb3575ccd39da211165d0858fd0eb0ef2)
Define stdint.h macros unconditionally
Similar to glibc, define all the stdint.h macros such as `SIZE_MAX`,
`UINT64_C`, etc unconditionally. I.e. no longer check whether
`__STDC_CONSTANT_MACROS` or `__STDC_LIMIT_MACROS` are defined. See also
<https://sourceware.org/bugzilla/show_bug.cgi?id=15366>.
This is part of reverting base 00bee6fcd77f, which reverted an upstream
libc++ commit that eliminated libc++'s stdint.h wrapper header.
Submitted by: Nikolas Klauser <nikolasklauser at berlin.de>
MFC after: 1 week
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D56746
(cherry picked from commit 966fb94cb3575ccd39da211165d0858fd0eb0ef2)
