ufshci: Remove UIC error during initialization
This patch removes the UIC error caused by QEMU not supporting certain
UIC command. Additionally, it removes the unused unipro_version.
Reviewed by: imp (mentor)
Sponsored by: Samsung Electronics
Differential Revision: https://reviews.freebsd.org/D54513
bpf: don't clear pointer from descriptor to the tap on descriptor close
During packet processing the descriptor is looked up using epoch(9) and it
can be accessed after bpf_detachd(). In scenario of descriptor close the
tap point is alive (it actually produces packets) and thus the pointer can
be legitimately dereferenced. This fixes a race on a bpf(4) device close
that would otherwise result in panic.
Differential Revision: https://reviews.freebsd.org/D55064
ipfilter: Fix possible overrun
The destination buffer is FR_GROUPLEN (16 bytes) in length. When
gname is created, the userspace utilities correctly use FR_GROUPLEN
as the buffer length. The kernel should also limit its copy operation to
FR_GROUPLEN bytes to avoid any user written code from exploiting this
vulnerability.
Reported by: Ilja Van Sprundel <ivansprundel at ioactive.com>
MFC after: 1 week
stand: Minor style tweaks
re-wrap the function calls in a couple of ifs in get_zfs_root so they
are more readable. They really didn't need to be wrapped like this in
the first place.
Sponsored by: Netflix
ifconfig: fix gre(4) status
Set `ifr->ifr_name` to display gre options
for the interface.
Reviewed by: glebius, zlei
Approved by: glebius (mentor)
MFC after: 1 day
Differential Revision: https://reviews.freebsd.org/D55099
Remove additional libtpool and libuutil-related files
This change removes additional library files and tests orphaned in the
commit referenced below.
MFC with: 8b78d412a
Fixes: 8b78d412a ("zfs: world changes after 89f729dcc merge")
cron: Implement full PAM session lifecycle for user jobs
Extend PAM integration beyond account checks to include credential
establishment and session management, allowing PAM modules to configure
the execution environment for user cron jobs.
Previously, cron only called pam_acct_mgmt() to verify account validity
but immediately terminated the PAM handle before job execution. This
prevented PAM modules from establishing sessions, setting credentials
(e.g., Kerberos tickets), or exporting environment variables needed by
jobs.
The PAM handle now persists in the intermediate process throughout the
job execution, enabling proper session open/close pairing. Credentials
are established and sessions opened while still running as root, before
dropping privileges in the grandchild. PAM environment variables are
exported in the job process with user crontab variables taking precedence.
A session rule (pam_permit.so) is added to /etc/pam.d/cron to enable
[10 lines not shown]
pf: fix use of uninitialised variable
In pf_match_rule() we attempt to append matching rules to the end of
'match_rules'. We want to preserve the order to make the multiple
pflog entries easier to understand. So we keep track of the last added
rule item in 'rt'. However, that assumed that 'match_rules' was only
ever added to in that one call to pf_match_rules(). This isn't always
the case, for example if we have match rules in different anchors.
In that case we'd end up using the uninitialised 'rt' variable in the
SLIST_INSERT_AFTER call.
Instead track the match rules and the last matching rule (to enable
easy appending) in the struct pf_test_ctx.
This also allows us to reduce the number of arguments for some
functions, because we passed a ctx to most functions that needed
'match_rules'.
While here also make pf_match_rules() static, because it's only ever
used in pf.c
[5 lines not shown]
sysctl(9): Booleans: Fix old value length discovery
When calling sysctl(3) with a null 'oldp', i.e., length discovery mode,
'oldix' can be equal to 'oldlen', and we should not fail.
More generally, let SYSCTL_OUT() and SYSCTL_IN() handle corner cases,
simply removing the comparisons between 'oldidx' and 'oldlen' and
'newidx' and 'newlen' done by hand as the test just after is an equality
that does not require to know if 'idx' is smaller than 'len'.
PR: 292917
Reported by: cy
Fixes: 406da392ef8d ("sysctl(9): Booleans: Accept integers to ease knob conversion")
Sponsored by: The FreeBSD Foundation
LinuxKPI: string_choices.h: use ternary operator
Switch from using if () else to a direct return (?:) code.
No functional changes.
Suggested by: kib (D55029)
Sponosred by: The FreeBSD Foundation
MFC after: 3 days
Reviewed by: emaste (before removing more () as suggested by him)
Differential Revision: https://reviews.freebsd.org/D55088
heimdal: Pass the correct pointer to free in an error case
This fixes a warning reported by GCC 14 on stable/14:
crypto/heimdal/lib/hdb/keys.c:241:13: warning: 'free' called on pointer 'ext' with nonzero offset 16 [-Wfree-nonheap-object]
241 | free(hist_keys);
| ^~~~~~~~~~~~~~~
crypto/heimdal/lib/hdb/keys.c:234:15: note: returned from 'calloc'
234 | ext = calloc(1, sizeof (*ext));
| ^~~~~~~~~~~~~~~~~~~~~~~~
Reviewed by: rmacklem, cy
Fixes: 5000d023a446 ("heimdal-kadmin: Add support for the -f dump option")
Differential Revision: https://reviews.freebsd.org/D54932
(cherry picked from commit b26a7af438f36dcde86f39a681123cc2140affb2)
heimdal: Add missing function prototypes
This fixes the build with GCC 14 on stable/14 which raises fatal
-Wimplicit-function-declaration warnings.
Reviewed by: rmacklem, cy
Fixes: 5000d023a446 ("heimdal-kadmin: Add support for the -f dump option")
Differential Revision: https://reviews.freebsd.org/D54931
(cherry picked from commit 8a8dc73ef87b538c369abc1b642e2a40b52c53c2)
vmm: Fix a resource leak in an error path
vmmdev_create() increments the VM count as its last step and calls
vmmdev_destroy() if it fails. However, vmmdev_destroy() unconditionally
decrements the count.
Correct this bug by reordering operations.
Fixes: 1092ec8b3375 ("kern: Introduce RLIMIT_VMM")
Reviewed by: bnovkov
Differential Revision: https://reviews.freebsd.org/D55068
LinuxKPI: add str_read_write()
Needed by a wireless driver.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Reviewed by: kib, emaste
Differential Revision: https://reviews.freebsd.org/D55029
nvmecontrol: Pass 1 to uint8_t arg
The rae arg is uint8_t (which we then shift over to the right bit. Pass
'1' instead of 'true' here to match the interface. While true is
promoted to (uint8_t)1, we don't use it as a bool in read_logpage().
Fixes: 5322eec86ae4 ("nvmecontrol: Always set the RAE bit on telemetry-log requests")
Sponsored by: Netflix
Reviewed by: chs
Differential Revision: https://reviews.freebsd.org/D55060
acpi: 'hw.acpi.s4bios' sysctl: Change type to bool, expand description
Another boolean, indicating hardware support, will be introduced in next commit.
Thanks to the previous commit modifying sysctl_handle_bool(), this
change is backwards-compatible with old programs using an integer in and
out of sysctl(3).
Reviewed by: obiwac
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D54626
acpi: Move sysctl tree set up at end of initialization
Setting up the sysctl tree later:
1. Fixes not de-registering sysctl knobs on failure to attach.
2. Avoids having inconsistent knob values exposed during a brief moment.
Reviewed by: imp, obiwac
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D54926
sysctl(9): Booleans: Accept integers to ease knob conversion
In sysctl_handle_bool(), if the output buffer (for the old value) has
room for exactly 4 bytes (sizeof(int)), then output the current boolean
value as an integer rather than a 'uint8_t'. Conversely, if 4 bytes
exactly remain in the input buffer (for the new value), treat them as an
integer and derive the new boolean value from it.
Doing so allows to convert existing integer syscstl knobs that are
interpreted as a boolean into true boolean ones while staying
backwards-compatible.
That brings no drawback as no code currently uses sysctl_handle_bool()
as part of a series of calls to sysctl_handle_*() functions for
(de)serialization of some compound structure. If that case ever
materializes, it can be easily solved, e.g., by creating
a sysctl_handle_bool_strict() variant.
In the future, we might want to go further and generally be more liberal
[10 lines not shown]
