loader.efi: add stride & offset for MacBookPro3,1
Note that there are three variants of this MacBook. We only have the
stride and offset values for the 17" 1680x1050 model.
Reviewed by: vexeduxr
Pull Request: https://github.com/freebsd/freebsd-src/pull/1584
manuals: Correct some sysctl markup
This enables additional searching the manual by sysctl variable.
This syntax is standardized in style.mdoc(5).
Reported by: bapt
MFC after: 3 days
pf: Avoid taking the pf rules write lock in a couple of ioctls
The DIOCGETRULES ioctl handlers has taken the write lock ever since
fine-grained locking was merged to pf, but I believe it's unneeded. Use
the read lock instead.
DIOCGETRULENV takes the write lock as well but I believe this is only
required when clearing rule counters. Acquire the read lock if that is
not the case.
Reviewed by: kp, allanjude
MFC after: 2 weeks
Sponsored by: OPNsense
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54292
(cherry picked from commit ae96ff302f8ae50903a96d3a1857f9acf243f3c4)
pf: Fix state handling when ICMP packets are diverted
Commit 66f2f1c83247 ("pf: handle divert packets") missed a case that I
happened to hit while testing something.
Add a regression test for the ICMP case, based on the existing test.
Fix a buglet in the existing test (missing whitespace after "[").
Reviewed by: kp
Sponsored by: OPNsense
Sponsored by: Klara, Inc.
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D54321
(cherry picked from commit 15178d8ed2904d5c4fa31a1531e60dcb1e0f9209)
ifconfig: Fix the -L flag when using netlink
By default, when ifconfig shows a v6 address derived from a
router-advertised prefix, it shows the initial preferred and valid
lifetimes. When -L is specified, it is supposed to show the remaining
lifetimes, but this was broken in the conversion to netlink.
Fix that, and add a regression test which validates ifconfig output
before and after a short-lived address expires.
Reported by: Franco Fichtner <franco at opnsense.org>
Reviewed by: melifaro, allanjude, Seyed Pouria Mousavizadeh Tehrani
Fixes: 4c91a5dfe483 ("ifconfig: make interface and address listing use Netlink as transport")
MFC after: 2 weeks
Sponsored by: OPNsense
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54294
(cherry picked from commit df6861d755c8f72380ae7fb8df535b27eba8c0be)
cxgbe.4: Update for recent HARDWARE
Adjust document description, description section, and hardware section
to include Chelsio T7. Since this driver now supports many generations,
order reverse chronologically. Compare language to ice.4 and bnxt.4,
the other terabit ethernet drivers.
This list of HARDWARE is obtained from the Chelsio prouduct selector.
MFC after: 3 days (T7 support shipped with 15.0)
Discussed with: jhb, np
Differential Revision: https://reviews.freebsd.org/D54276
exports.5: Typo: "auomatically" => "automatically"
Fixes: 9d975e47d5a3 ("exports.5: Clarify that exported dirs should be local mount points")
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 7521dc5dce35159add70003340e1555456721a2d)
setcred(2): Fix a panic on too many groups from latest commit
kern_setcred_copyin_supp_groups() is documented to always set
'sc_supp_groups', but did not do it if there are more supplementary
groups than 'ngroups_max'. Also, that case was omitted from the herald
comment. Add it there, also including it as a case where
'sc_supp_groups_nb' is reset to 0 as a security measure.
Initially, kern_setcred_copyin_supp_groups() had the usual property that
nothing had to be freed on it returning an error, but was then converted
to relying on the caller to free() even on error, and this part was
missed during the conversion. The benefits of this unusual convention
are that we can zero or NULLify groups-related attributes in advance,
preventing inadvertent use of stale data (defensive security measure),
and we can avoid some small code duplication (no need to have two same
calls to free()). This makes sense as kern_setcred_copyin_supp_groups()
is meant to be a private sub-routine of user_setcred() only. While
here, rename kern_setcred_copyin_supp_groups() =>
user_setcred_copyin_supp_groups().
[6 lines not shown]
MAC: Use the current thread's user ABI to determine the layout of struct mac
This removes mac_label_copyin32() as mac_label_copyin() can now handle
both native and 32-bit struct mac objects.
Reviewed by: olce, brooks
Obtained from: CheriBSD
Sponsored by: AFRL, DARPA
Differential Revision: https://reviews.freebsd.org/D53755
(cherry picked from commit 134d00bd2c910cc7cc21c11fba093ff82bbb9344)
setcred(): Remove an optimization for when cr_groups[0] was the egid
Because setcred() has (always) treated the effective GID separately from
the supplementary groups, when cr_groups[0] was storing the effective
GID, it internally needed to build an array containing both the
effective GID and the specified supplementary groups to eventually call
crsetgroups_internal().
As kern_setcred() was only used to actually implement
user_setcred()/sys_setcred(), which need to allocate a buffer to copy in
the userland groups array into, some optimization was put in place where
these would allocate an array with one more element than
'wc_supp_groups', copyin() the latter into the subarray starting at
index 1 and pass the pointer to the whole array to kern_setcred() in
'preallocated_groups'. This would allow kern_setcred() not to have to
allocate memory again to make room for the additional effective GID.
Since commit be1f7435ef21 ("kern: start tracking cr_gid outside of
cr_groups[]"), crsetgroups_internal() only takes supplementary groups,
[10 lines not shown]
setcred: Move initial copyin of struct setcred out to per-ABI syscall
This is the more typical approach used in the tree for system calls
with per-ABI structure layouts.
Reviewed by: olce, brooks
Obtained from: CheriBSD
Sponsored by: AFRL, DARPA
Differential Revision: https://reviews.freebsd.org/D53756
(cherry picked from commit 6292eecfd95c78abc1ab14f20ceaa507ab9c636a)
kern: RACCT: Keep process credentials alive via references
In system calls changing process credentials, on RACCT, calls to
racct_proc_ucred_changed() must be issued on the new credentials.
Currently, this is done after the new credentials have been installed on
the process via proc_set_cred() or proc_set_cred_enforce_proc_lim(),
which modifies 'p_ucred'. Only the process lock guarantees that the new
credentials pointed to by 'p_ucred' cannot themselves be concurrently
modified, which would cause their 'struct ucred' to potentially lose its
last reference from the process before the call to
racct_proc_ucred_changed(), which needs one.
For better code understandability and to avoid errors in future
modifications, stop relying on proc_set_cred*() storing the passed
'struct ucred' in the process 'p_ucred' and on the process lock to avoid
the reference taken by proc_set_cred*() to vanish. Instead, ensure that
a reference is held when racct_proc_ucred_changed() is called.
As racct_proc_ucred_changed() is actually passed explicit pointers to
[26 lines not shown]
proc_set_cred(): Allow 'newcred' to have multiple references
This is an extension needed by next commit, where some additional
reference is kept on the credentials to be set on a process in order to
keep these credentials alive even after the process lock is released (an
intervening reset of process credentials could release the reference
that the process holds).
Only 'cr_users' is incremented, as the reference (counted in 'cr_ref')
comes from the caller, who passes it to the process.
Reviewed by: kib, markj
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53636
(cherry picked from commit 5d46d11772c3280fd1c8ae09f20ce6c57f631c30)
mdo(1): Avoid calling getgroups() in some unnecessary cases
If the basis for supplementary groups are the current ones, we do not
need to fetch them when they are to be replaced entirely (which we
already have been doing), as in the '!start_from_current_groups' case,
but specifically also when they are not going to be touched at all.
This change in passing makes the modified code block's comment saying
that SETCREDF_SUPP_GROUPS need not be set here correct.
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53771
(cherry picked from commit b92b1b47583036bd02e656564ff22c92b8949077)
setpgid(): Fix space before TAB in herald comment
No functional change.
With this tiny change, all the file becomes whitespace-clean.
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
(cherry picked from commit d05ab93913f340c5590eafa4cc09cc84aa86282e)
uma_core: Rely on domainset iterator to wait on M_WAITOK
Commit 8b987a77691d ("Use per-domain keg locks.") removed the need to
lock the keg entirely, replacing it with per-domain keg locks. In
particular, it removed the need to hold a lock over waiting for a domain
to grow free memory.
Simplify the code of keg_fetch_slab() and uma_prealloc() by removing the
M_WAITOK -> M_NOWAIT downgrade and the local call to vm_wait_doms()
(which used to necessitate temporary dropping the keg lock) which the
iterator machinery already handles on M_WAITOK (and compatibly with
vm_domainset_iter_ignore() at that, although that does not matter now).
Reviewed by: bnovkov, markj
Tested by: bnovkov
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52441
(cherry picked from commit 781802df7a2bfe224ef17596d56cf83c49517655)
libsa: smbios: Detect less-than-64-bit platforms via __SIZEOF_SIZE_T__
What we really want here is to know if pointers can refer to 64-bit
addresses, regardless of whether they also hold other information (such
as capabilities in CHERI). __SIZEOF_SIZE_T__ is probably the closest
indication to that piece of information, so let's use it. __ILP32__
wasn't wrong in practice though, as we don't support 32-bit CHERI
hardware (and likely never will).
Consistently with this change, test whether we can actually address the
64-bit SMBIOS's structure table by converting the end address to
'size_t' and checking whether its value is preserved.
Suggested by: jhb (for the __ILP32__ => __SIZEOF_SIZE_T__ part)
Reviewed by: jhb, imp
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D49318
(cherry picked from commit d3bfcd66409befc2d545e5449963b41c25c369a9)
bsd.sys.mk: suppress another gcc warning for libc++
Similar to base 63d1c3c43690, suppress -Wc++20-extensions for gcc.
Otherwise libc++ headers will lead to many -Werror warnings, due to our
use of -Wsystem-headers, which is not officially supported upstream.
MFC after: 3 days
(cherry picked from commit 62a7fdc13ab45b48977424ef77bbc0f11f601e39)
