gif: use hashalloc(9)
Functional change is that on destruction INVARIANTS checks will run. Also
the mask is no longer hardcoded, so makes it easier to make hash size a
tunable.
Reviewed by: ae
Differential Revision: https://reviews.freebsd.org/D56176
netinet: use hashalloc(9) for IP address hash
While here, slightly restyle ip_vnet_init() and use sparse initializer for
pfil_head_args. There is no functional change wrt to pfil(9) hook
registration.
Differential Revision: https://reviews.freebsd.org/D56175
hash(9): introduce hashalloc()/hashfree() KPI
This is a more extendable version than traditional hashinit(9). It allows
different kinds of slot headers with optional locks.
Implement traditional hashinit()/hashdestroy() on top of it.
Reviewed by: pouria, gallatin
Differential Revision: https://reviews.freebsd.org/D55904
kern/amd64/machdep: Replace memset in wrmsr_early_safe_end
GENERIC-KASAN kernel failed to boot on a Dell PowerEdge C6615 with
an AMD EPYC 8224P CPU; UEFI BIOS caught a #GP exception with %RIP
in kasan_memset where %GS relative pointer (curthread->td_pflags2)
was dereferenced. Investigation led to wrmsr_early_safe_end which
calls memset to clear early #GP IDT entry. Replacing memset with
__builtin_memset_inline still resulted in the compiler emitting a
call to the memset resolver in GENERIC-KASAN build and the kernel
stil faulted during boot. This version which has been successfully
tested with both GENERIC and GENERIC-KASAN kernels uses memset_early.
Signed-off-by: Kristofer Peterson <kris at tranception.com>
Reviewed-by: kib
(cherry picked from commit 615f1b9eb17c921bbcb0cce2b9ad61910361325b)
stand: lua: break out a few more dirent types in lfs
These are non-standard and specific to the version used in loader. We
have some desire to recognize symlinks to avoid filtering out kernel
symlinks in the autodetection bits when they would be perfectly fine to
`load`.
This won't be usable right away, so any impending use will need to be
careful to account for nil.
Reported by: leres
(cherry picked from commit bc531a96c9b28b1cabcd5deb0c9f8f6d815cfebc)
bhyveload: simplify cb_open() and eliminate minor TOCTOU
It's not at all clear why I wrote it like this, but we can do better.
I wouldn't think this really has any meaningful security implications
since the hierarchy in question can't really be modified by the guest
scripts, but it would seem to make it a little more robust.
Reviewed by: bnovkov, markj
(cherry picked from commit 6da9d465c54bf2e3496e83db025c5d22f3b3cc17)
ls: check fts_children() for errors that may not surface otherwise
In particular, if one simply does a non-recursive `ls` on a directory
that is not accessible, there are some classes of errors that may cause
it to fail that wouldn't be surfaced unless we do an fts_read() that
will recurse into the inaccessible directory. Catch those kinds of
errors here since we cannot expect to an FTS_ERR/FTS_DNR entry to follow
up on them.
PR: 287451
Reviewed by: kib
Discusssed with: des
(cherry picked from commit 7bf81e39d83087dc7f984077b5eed5a48df794d4)
tpm20: fix suspend/resume and entropy harvesting
There were a few problem here:
- TPM2_Shutdown results in a response that we need to either process
or ignore, otherwise any tpm20_write or tpm20_harvest call will
trivially hang on an `sc->pending_data_length != 0`
- We should have a matching TPM2_Startup upon resume to restore any
state that should have persisted
- We must drain the harvest task before we suspend to avoid problems
there
This commit is sufficient to avoid breaking suspend/resume.
Co-authored-by: markj
Tested by: garga
(cherry picked from commit 38a4995eb52db21116f8b37ed942e66a8c2f050f)
release: Pass optional VM_IMAGE_CONFIG to vm-image
`make vm-image` calls mk-vmimage.sh, which supports
`-c CONFFILE`. This file gets sourced before building the image.
One example of how to use it is to define
vm_extra_filter_base_packages() to filter the list of packages
installed into the VM image:
# vm-nodbg32.conf
vm_extra_filter_base_packages() {
grep -v -E '(-dbg|lib32)'
}
$ make VM_IMAGE_CONFIG=path/to/vm-nodbg32.conf \
VMFORMATS=raw \
-DWITH_VMIMAGES \
vm-image
[3 lines not shown]
OptionalObsoleteFiles: Add etc/zfs/compatibility.d
If the world is built and installed with WITHOUT_ZFS, then make
-DBATCH_DELETE_OLD_FILES delete-old-dirs will give the error:
> rmdir: /etc/zfs: Directory not empty
because /etc/zfs/compatibility.d is still there. While we're here,
clean out /usr/share/zfs as well.
Co-authored-by: kevans
(cherry picked from commit 5c9d988d865cc4ce849507173c0a2e2f399d0f62)
uart: fix sleeping while holding mutex in uart_tty_detach()
Move swi_remove() call before acquiring the tty lock. swi_remove() calls
intr_event_remove_handler() which may sleep via msleep(), causing a lock
order violation when called with the tty mutex held.
The software interrupt handler removal operates on the interrupt event
structure independently and does not require the tty lock. This matches
the pattern used in other drivers such as tcp_hpts.c where swi_remove()
is called without holding other locks.
Reviewed by: imp, kevans
(cherry picked from commit ed3a2469a71e0ef48cf8e636c35e64a011756da3)
firmware: Fix inverted FIRMWARE_GET_NOWARN logic
The try_binary_file() function has inverted logic for the
FIRMWARE_GET_NOWARN flag. When the flag is set (meaning "don't warn"),
the code sets warn=true and makes noise anyway.
Invert the assignment to warn to correctly suppress warnings when
FIRMWARE_GET_NOWARN is set.
Reviewed by: kevans
(cherry picked from commit fdcd67be8274d237ae2c87d6475d9d34b440b8d8)
rc: run the zfs rc script before tmp
The tmp rc script has much the same problem that the var does: it wants
to test if /tmp is writable, and mount a tmpfs if it's not. This means
that we actually want our zfs datasets mounted first, because we might
have a /tmp dataset that changes the story.
The ordering problem is particularly noticable with a r/o zfs root,
since the write test will fail and we'll mount a tmpfs that later gets
covered by our /tmp dataset. If that /tmp dataset inherited readonly,
then we're still in trouble.
This also fixes `tmpmfs=yes`, which would again get covered by a zfs
dataset with the existing ordering.
Reviewed by: des
(cherry picked from commit d3f21856aa72c28408660ed40ce76bbd0716a991)
vt(4): allow up to _SIG_MAXSIG (128) for VT_SETMODE
VT_SETMODE ioctl currently checks the provided signal numbers with its
own ISSIGVALID macro that uses NSIG (32) as a maximum, although the code
that will actually send the signal in sys/kern/kern_sig.c uses
_SIG_VALID which allows up to _SIG_MAXSIG (128).
This change aligns the vt code with the kernel internals and enables the
use of higher signal numbers so that applications are not limited to
SIGUSR1 and SIGUSR2 for vt release and acquire signals.
Signed-off-by: Quentin Thébault <quentin.thebault at defenso.fr>
Reviewed by: emaste, imp, kevans
(cherry picked from commit 5e1c7867e1b9a8abe7307d01087cddc057e39859)
truncate: fix a minor nit + add a hole-punching test
The struct spacectl_range we use is only really used in these three
lines of code, so re-scope it down to just the dealloc branch. This is
marginally easier to reason about what might be necessary to replace in
porting our truncate(1) to other platforms.
While we're here, add a test for the -d flag to be sure it really does
punch a hole in the file. The test also tries to confirm that it does
not disturb other segments of the file in the process, just to inspire
some confidence that it's not corrupting the file somehow.
Sponsored by: Klara, Inc.
Reviewed by: markj
(cherry picked from commit eacc501eff52db16b7b784c89a3a4a03c9a3ef34)
files.amd64: remove some lines duplicated from files.x86
These were added to files.x86 because they were duplicated in both
files.i386 and files.amd64, but they did not end up removed in the
latter. Garbage collect them now.
Reviewed by: jhibbits
Sponsored by: Klara, Inc.
Sponsored by: NetApp, Inc.
(cherry picked from commit a8c594d27779b95f33c856521ec1039fa552d869)
nuageinit: require lfs where it's needed
nuageinit largely already did this, but one spot was missed -- add the
necessary require() in to get the module loaded.
(cherry picked from commit bb4167463ac44b47ded4e0223a0abd8381ca6cd8)
vfs: handle vfs_init() failures
Most vfs_init implementations will not fail, with the notable current
exception that tmpfs_subr_init() can fail to allocate a new swap pager
type, in which case we probably do not want to proceed and keep it
registered. linsysfs was a potential consumer, but we opted to go a
different direction and move pseudofs init/deinit over to first mount
and last mount instead.
Reviewed by: fuz, kib
(cherry picked from commit 6d33507ff9b877f52516df00b012715b55d4e14f)
stand: add a mechanism to avoid env var propagation to kenv
Our only user of this at the moment is teken.{fg,bg}_color. These are
special because teken is a library common to both the kernel and the
loader, and we want to avoid having special vars to control the loader
vs. the kernel. Ideally, if a user wants a different set of console
colors, then they set the appropriate teken variable and it
Just Works(TM) everywhere. We can't just avoid setting the env vars,
because we specifically want to install a hook to adjust how loader is
drawn.
This allows us to avoid breaking a kernel config(5) that has some
default teken colors set with our defaults. That's a valid
configuration, even if it might seem weird that they don't want to set
colors in both loader and the kernel -- they may not anticipate spending
any time in loader, and thus prefer to just let it do its default
behavior.
NOKENV is expected to be unset if the value is overwritten, rather than
[14 lines not shown]
patch: test for unified diffs with spaces in filenames
The older GNU patch that we had in base did not properly handle spaces
in filenames in unified diffs, but bsdpatch seems to have handled this
fine at least since the version we imported into base initially. Add a
test with spaces in the filename specifically to be sure.
PR: 181272
(cherry picked from commit cc36624b2a8be3fbf180c5ae8d310d86486884bc)
stand: split fg/bg handling up a little further
These can be setup independently, so we should also check them and
initialize each independently. This fixes a pre-existing bug where-in
we may not pickup a bg color specified in the environment if a fg color
wasn't set.
The new version also ensures that we're hooking the color vars properly
if we're using a value that was already there, as the console may need
to adjust if something wants to switch them up again. Otherwise, a
teken.fg_color set in loader could conceivably occur that only changes
the color when you get to the kernel, which could be surprising.
Reviewed by: imp
(cherry picked from commit 95e6fd1fd85a448d2c68473b85a61fba24c9bc4f)
stand: use a common function in gfx_fb for setting up teken colors
These are basically identical, with exception to the hook installed
which is specific to the loader we're building by necessity. Pull these
out into common/gfx_fb.c and just parameterize the hooks to make it
easier to change the logic.
Reviewed by: imp
(cherry picked from commit c43de099d0138b369b705b3af2c3254d3f3afc6e)
if_tuntap: make SIOCIFDESTROY interruptible
There's no good justification to permanently hang a thread until the
tunnel can be destroyed. Make it interruptible so that the admin can
^C it and remedy the situation if something erroneously has the tunnel
open, rather than forcing them to open another shell to resolve it.
Reviewed by: markj
(cherry picked from commit 274bf7c8ae7e7b51853cd541481985f0e687f10e)
top: improve sort field storage/lookup
Switch up comparator mapping to avoid these kinds of errors, use a
simple array of (name, comparator) pairs rather than having to maintain
entries in two separate arrays that must have matching indices.
Reviewed by: obiwac
(cherry picked from commit 5f72125339b1d14d1b04329ac561354f5e8133fe)
ssh: sshd-session: properly save off the privileged gid
Current and traditional FreeBSD behavior means that getegid() here is
the first element in the prior setgroups() call, if any, so we may
inadvertently wipe out our rgid with the unprivileged gid. This is
rendered somewhat harmless by the fact that we're losing the privileged
gid -- we'll still regain it as the egid in restore_uid() later by way
of restoring saved_egroups, rather than by intentionally restoring it
from getgid().
This will be promptly reverted if we can get setgroups(2)/getgroups(2)
changed in FreeBSD 15.0, but it seemed wise to get this technically
correct for previous branches.
Reviewed by: jlduran
(cherry picked from commit 239e8c98636a7578cc67a6f9d54d14c71b095e36)
