Remove additional libtpool and libuutil-related files
This change removes additional library files and tests orphaned in the
commit referenced below.
MFC with: 8b78d412a
Fixes: 8b78d412a ("zfs: world changes after 89f729dcc merge")
cron: Implement full PAM session lifecycle for user jobs
Extend PAM integration beyond account checks to include credential
establishment and session management, allowing PAM modules to configure
the execution environment for user cron jobs.
Previously, cron only called pam_acct_mgmt() to verify account validity
but immediately terminated the PAM handle before job execution. This
prevented PAM modules from establishing sessions, setting credentials
(e.g., Kerberos tickets), or exporting environment variables needed by
jobs.
The PAM handle now persists in the intermediate process throughout the
job execution, enabling proper session open/close pairing. Credentials
are established and sessions opened while still running as root, before
dropping privileges in the grandchild. PAM environment variables are
exported in the job process with user crontab variables taking precedence.
A session rule (pam_permit.so) is added to /etc/pam.d/cron to enable
[10 lines not shown]
pf: fix use of uninitialised variable
In pf_match_rule() we attempt to append matching rules to the end of
'match_rules'. We want to preserve the order to make the multiple
pflog entries easier to understand. So we keep track of the last added
rule item in 'rt'. However, that assumed that 'match_rules' was only
ever added to in that one call to pf_match_rules(). This isn't always
the case, for example if we have match rules in different anchors.
In that case we'd end up using the uninitialised 'rt' variable in the
SLIST_INSERT_AFTER call.
Instead track the match rules and the last matching rule (to enable
easy appending) in the struct pf_test_ctx.
This also allows us to reduce the number of arguments for some
functions, because we passed a ctx to most functions that needed
'match_rules'.
While here also make pf_match_rules() static, because it's only ever
used in pf.c
[5 lines not shown]
sysctl(9): Booleans: Fix old value length discovery
When calling sysctl(3) with a null 'oldp', i.e., length discovery mode,
'oldix' can be equal to 'oldlen', and we should not fail.
More generally, let SYSCTL_OUT() and SYSCTL_IN() handle corner cases,
simply removing the comparisons between 'oldidx' and 'oldlen' and
'newidx' and 'newlen' done by hand as the test just after is an equality
that does not require to know if 'idx' is smaller than 'len'.
PR: 292917
Reported by: cy
Fixes: 406da392ef8d ("sysctl(9): Booleans: Accept integers to ease knob conversion")
Sponsored by: The FreeBSD Foundation
LinuxKPI: string_choices.h: use ternary operator
Switch from using if () else to a direct return (?:) code.
No functional changes.
Suggested by: kib (D55029)
Sponosred by: The FreeBSD Foundation
MFC after: 3 days
Reviewed by: emaste (before removing more () as suggested by him)
Differential Revision: https://reviews.freebsd.org/D55088
heimdal: Pass the correct pointer to free in an error case
This fixes a warning reported by GCC 14 on stable/14:
crypto/heimdal/lib/hdb/keys.c:241:13: warning: 'free' called on pointer 'ext' with nonzero offset 16 [-Wfree-nonheap-object]
241 | free(hist_keys);
| ^~~~~~~~~~~~~~~
crypto/heimdal/lib/hdb/keys.c:234:15: note: returned from 'calloc'
234 | ext = calloc(1, sizeof (*ext));
| ^~~~~~~~~~~~~~~~~~~~~~~~
Reviewed by: rmacklem, cy
Fixes: 5000d023a446 ("heimdal-kadmin: Add support for the -f dump option")
Differential Revision: https://reviews.freebsd.org/D54932
(cherry picked from commit b26a7af438f36dcde86f39a681123cc2140affb2)
heimdal: Add missing function prototypes
This fixes the build with GCC 14 on stable/14 which raises fatal
-Wimplicit-function-declaration warnings.
Reviewed by: rmacklem, cy
Fixes: 5000d023a446 ("heimdal-kadmin: Add support for the -f dump option")
Differential Revision: https://reviews.freebsd.org/D54931
(cherry picked from commit 8a8dc73ef87b538c369abc1b642e2a40b52c53c2)
vmm: Fix a resource leak in an error path
vmmdev_create() increments the VM count as its last step and calls
vmmdev_destroy() if it fails. However, vmmdev_destroy() unconditionally
decrements the count.
Correct this bug by reordering operations.
Fixes: 1092ec8b3375 ("kern: Introduce RLIMIT_VMM")
Reviewed by: bnovkov
Differential Revision: https://reviews.freebsd.org/D55068
LinuxKPI: add str_read_write()
Needed by a wireless driver.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Reviewed by: kib, emaste
Differential Revision: https://reviews.freebsd.org/D55029
nvmecontrol: Pass 1 to uint8_t arg
The rae arg is uint8_t (which we then shift over to the right bit. Pass
'1' instead of 'true' here to match the interface. While true is
promoted to (uint8_t)1, we don't use it as a bool in read_logpage().
Fixes: 5322eec86ae4 ("nvmecontrol: Always set the RAE bit on telemetry-log requests")
Sponsored by: Netflix
Reviewed by: chs
Differential Revision: https://reviews.freebsd.org/D55060
acpi: 'hw.acpi.s4bios' sysctl: Change type to bool, expand description
Another boolean, indicating hardware support, will be introduced in next commit.
Thanks to the previous commit modifying sysctl_handle_bool(), this
change is backwards-compatible with old programs using an integer in and
out of sysctl(3).
Reviewed by: obiwac
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D54626
acpi: Move sysctl tree set up at end of initialization
Setting up the sysctl tree later:
1. Fixes not de-registering sysctl knobs on failure to attach.
2. Avoids having inconsistent knob values exposed during a brief moment.
Reviewed by: imp, obiwac
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D54926
sysctl(9): Booleans: Accept integers to ease knob conversion
In sysctl_handle_bool(), if the output buffer (for the old value) has
room for exactly 4 bytes (sizeof(int)), then output the current boolean
value as an integer rather than a 'uint8_t'. Conversely, if 4 bytes
exactly remain in the input buffer (for the new value), treat them as an
integer and derive the new boolean value from it.
Doing so allows to convert existing integer syscstl knobs that are
interpreted as a boolean into true boolean ones while staying
backwards-compatible.
That brings no drawback as no code currently uses sysctl_handle_bool()
as part of a series of calls to sysctl_handle_*() functions for
(de)serialization of some compound structure. If that case ever
materializes, it can be easily solved, e.g., by creating
a sysctl_handle_bool_strict() variant.
In the future, we might want to go further and generally be more liberal
[10 lines not shown]
amd64: parse_memmap(): Move comment about size at proper place
While here, declare 'size' only in the relevant block.
No functional change (intended).
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
arm64/vmm: Set and use the fine-grained traps
Set the Fine-grained trap registers to trap any features we don't
support. These are expected to be more useful when we support nested
virtualisation, so for now just the base features and GICv3 are not
trapped.
As nested virtualisation will require VHE we only set the fine-grained
trap registers when VHE is used.
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D54687
arm64/vmm: Add HYP_FEAT_FGT{,2}
Add the macros and detection for Fine-grained traps (FEAT_FGT and
FEAT_FGT2).
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D54686
virtio_p9fs: Use VIRTIO_SIMPLE_PNPINFO
This allows us to also use the common VIRTIO_SIMPLE_PROBE and to have
devmatch load the driver when detected.
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D54684
libc/aarch64: Add memset for a 64 byte dc zva
On arm64 we can use the "dc zva" instruction to zero memory. The CPU
tells software if the instruction is implemented, and if so the size
and alignment it will use.
When the size is 64-bytes the Arm Optimized Routines implementation of
memset can use dc zva to zero memory, and has a build flag to skip
checking.
Use this flag to build a version of memset that will be used when this
assumption is true.
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D54776
libc/aarch64: Add a Makefile.inc dependency
If we update Makefile.inc it may be to change the contents of these
files.
Reviewed by: imp
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D54774
libc/aarch64: Split out the MOPS functions
This allows static binaries to only include the functions they
reference.
Reviewed by: imp
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D54775
sockets: let protocols be responsible for socket buffer mutexes
Sockets that implement their own socket buffers (marked with PR_SOCKBUF)
are now also responsible for initialization of socket buffer mutexes in
pr_attach and for destruction in pr_detach (or pr_close).
This removes a big bunch of reported LORs, as now WITNESS is able to see
that tcp(4) socket buffer mutex and netlink(4) socket buffer mutex are two
different things. Distinct names also improve diagnostics for blocked
threads.
This also removes a hack from unix(4), where we used to mtx_destroy().
Also removes an innocent bug from unix(4) where for accept(2)-ed socket
soreserve() was called twice. This one was innocent since first call to
soreserve() was asking for 0 bytes of space.
This slightly increased amount of pasted code in TCP's syncache_socket().
The problem is that while for sockets created with socket(2) it is
pr_attach responsible for call to soreserve() (including !PR_SOCKBUF
[7 lines not shown]
