1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-11 09:50:12 +00:00
Commit Graph

1892 Commits

Author SHA1 Message Date
Alexander V. Chernikov
2cef62886d pf: convert state retrieval to netlink
Use netlink to export pf's state table.

The primary motivation is to improve how we deal with very large state
stables. With the previous implementation we had to build the entire
list (both in the kernel and in userspace) before we could start
processing. With netlink we start to get data in userspace while the
kernel is still generating more. This reduces peak memory consumption
(which can get to the GB range once we hit millions of states).

Netlink also makes future extension easier, in that we can easily add
fields to the state export without breaking userspace. In that regard
it's similar to an nvlist-based approach, except that it also deals
with transport to userspace and that it performs significantly better
than nvlists. Testing has failed to measure a performance difference
between the previous struct-copy based ioctl and the netlink approach.

Differential Revision:	https://reviews.freebsd.org/D38888
2023-10-10 11:48:21 +02:00
Warner Losh
5d51862412 Restrict the glibc compat cookie open functions to __BSD_VISIBLE
Sponsored by:		Netflix
2023-09-17 09:11:57 -06:00
Doug Rabson
78847e1e59 pkgbase: Move headers and libs out of runtime and utilities
Headers from src/include were in the runtime-dev package but
subdirectories of src/include ended up in utilities-dev by default.
Neither package is a good choice - the headers in src/include are not
useful without the libraries contained in clibs-dev.

This moves the standard C headers to clibs-dev (C++ headers are already
in this package). While working on this, I found that various clang
libraries and headers were also bundled into utilities-dev by default
so these are also moved to clang-dev.

I also added a FreeBSD-build-essential meta package to make it simple to
install all the toolchain parts.

PR:		254173
Reviewed byb:	manu
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D41815
2023-09-12 13:22:21 +01:00
Dag-Erling Smørgrav
e6615b1034 include: Implement N2867.
This adds macros for checked addition, subtraction, and multiplication with semantics similar to the builtins gcc and clang have had for years.

Reviewed by:	kib, emaste
Differential Revision:	https://reviews.freebsd.org/D41734
2023-09-07 06:40:14 +00:00
Dag-Erling Smørgrav
8091b82e29 time.h: Fix visibility check for C11 and C23 features.
__BSD_VISIBLE is always defined; we need to check if it's true.

Fixes:		d02489d11a 9b5d724cad
MFC after:	3 days
Reviewed by:	brooks, imp
Differential Revision:	https://reviews.freebsd.org/D41733
2023-09-06 03:38:01 +02:00
Simon J. Gerraty
1554ba03b6 Add mac_grantbylabel
This module allows controlled privilege escallation via mac labels
securely associated with a process via mac_veriexec.

There are over 700 PRIV_* but we can compress many of them into
a single GBL_* thus constraining the size of gbl labels.

The goal is to allow a daemon to run as an unprivileged process while
still being able a set of privileged operations needed.

We add APIs to libveriexec so that userland processes can check labels
and an exec_script API that allows a suitably labeled process to run
something like a python interpreter directly if necessary;
overcomming the 'indirect' flag applied to the interpreter.

Add -l option to sbin/veriexec to report labels.

Reviewed by:	stevek
Sponsored by:	Juniper Networks, Inc.
Differential Revision:	https://reviews.freebsd.org/D41431
2023-08-24 17:42:11 -07:00
Dag-Erling Smørgrav
9b5d724cad libc: Add timespec_getres(3) as per C23.
This also adds support for TIME_MONOTONIC to timespec_get(3).

Reviewed by:	allanjude
Differential Revision:	https://reviews.freebsd.org/D41524
2023-08-24 21:31:54 +00:00
Warner Losh
9524e274b5 Remove $FreeBSD$: one-line xdr pattern
Remove /^\s*%\s*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
2023-08-16 11:55:47 -06:00
Warner Losh
d0b2dbfa0e Remove $FreeBSD$: one-line sh pattern
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
2023-08-16 11:55:03 -06:00
Warner Losh
2a63c3be15 Remove $FreeBSD$: one-line .c comment pattern
Remove /^/[*/]\s*\$FreeBSD\$.*\n/
2023-08-16 11:54:29 -06:00
Warner Losh
42b388439b Remove $FreeBSD$: one-line .h pattern
Remove /^\s*\*+\s*\$FreeBSD\$.*$\n/
2023-08-16 11:54:23 -06:00
Warner Losh
b3e7694832 Remove $FreeBSD$: two-line .h pattern
Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/
2023-08-16 11:54:16 -06:00
Mike Karels
d5d97bed4a arm64 lib32: prepare arm64 headers to redirect to arm
In order to compile lib32 libraries and other 32-bit code on arm64,
<machine/foo.h> needs to be redirected to an arm header rather
than arm64 when building with -m32.  Ifdef the arm64 headers that
are installed in /usr/include/machine and used by user-level software
(including references from /usr/include/*.h) so that if __arm__ is
defined when including the arm64 version, <arm/foo.h> is included
rather than using the rest of the file's contents.  Some arm headers
had no arm64 equivalent; headers were added just to do the redirection.
These files use #error if __arm__ is not defined to guard against
confusion.  Also add an include/arm Makefile, and modify Makefiles
as needed to install everything, including the arm files in
/usr/include/arm.  fenv.h comes from lib/msun/arm/fenv.h.

The new arm64 headers are:
    acle-compat.h
    cpuinfo.h
    sysreg.h

Reviewed by:	jrtc27, imp
Differential Revision:	https://reviews.freebsd.org/D40944
2023-07-25 18:59:26 -05:00
Jessica Clarke
d3748fc0c2 include: Migrate from COMPAT_32BIT to generic COMPAT_libcompat
See commit 8fad2cda93 ("bsd.compat.mk: Provide new CPP and sub-make
variables") for the context behind this change.

Reviewed by:	emaste, brooks, jhb
Differential Revision:	https://reviews.freebsd.org/D40924
2023-07-09 18:48:54 +01:00
Jessica Clarke
be01082b86 elf-hints.h: Allow rtld_paths.h to be included before it
Currently rtld_paths.h will #undef _PATH_ELF_HINTS in order to override
this to the right value if included afterwards, but the other way round
does not work as elf-hints.h tries to define an already-defined macro to
a potentially different value. Thus, guard the definition here so that
rtld_paths.h's definition continues to take precedence.

Note that, although all in-tree uses of _PATH_ELF_HINTS have included
rtld_paths.h already, pax-utils wants _PATH_ELF_HINTS from elf-hints.h
and so we cannot just drop the define. In-tree uses must just continue
to make sure that they include rtld_paths.h to get the right value for
libcompat builds as is already required.

Reviewed by:	kib, brooks, jhb, imp
Differential Revision:	https://reviews.freebsd.org/D40918
2023-07-09 18:45:42 +01:00
John Baldwin
1aaa8f670a nvme: Don't install nvme_private.h in /usr/include.
Reviewed by:	chuck, imp
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D40394
2023-06-26 20:30:45 -07:00
Warner Losh
eebd9d5366 spdx: Simplify BSD-2-Clause AND BSD-2-Clause
After removing the -FreeBSD and -NetBSD, we're left with a nuber of
BSD-2-Clause AND BSD-2-Clause, so tidy that up.

Discussed with:		pfg
MFC After:		3 days
Sponsored by:		Netflix
2023-05-12 10:44:04 -06:00
Warner Losh
b61a573019 spdx: The BSD-2-Clause-NetBSD identifier is obsolete, drop -NetBSD
The SPDX folks have obsoleted the BSD-2-Clause-NetBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.

Discussed with:		pfg
MFC After:		3 days
Sponsored by:		Netflix
2023-05-12 10:44:04 -06:00
Warner Losh
4d846d260e spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD
The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.

Discussed with:		pfg
MFC After:		3 days
Sponsored by:		Netflix
2023-05-12 10:44:03 -06:00
Ed Maste
b6271cc0d0 includes: avoid installing if_wg.h twice
if_wg.h was installed via dev/wg in LSUBDIRS and also explicitly.  We
want to install only wg/if_wg.h not the other headers, so add dev/wg to
the skip list in the copies and symlinks targets.

PR:		271266
Reviewed by:	kevans
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40031
2023-05-09 21:09:39 -04:00
Hans Petter Selasky
bb8e8e230d Revert "libc: Implement bsort(3) a bitonic type of sorting algorithm."
Some points for the future:
 - libc is not the right place for sorting algorithms.
   Probably libutil is better suited for this purpose or
   a dedicated libsort. Should move all sorting algorithms
   away from libc eventually.
 - CheriBSD uses capabilities for memory access, and could
   benefit from a standard memswap() function.
 - Do something about qsort() in FreeBSD's libc like:
   - Mark it deprecated on FreeBSD, as a first step,
     due to missing limits on CPU time.
   - Audit the use of qsort() in the FreeBSD base system
     and consider swapping to other existing sorting
     algorithms.

Discussed with:	brooks@

Differential Revision:	https://reviews.freebsd.org/D36493

This reverts commit a7469c9c0a.
This reverts commit 7d65a450cd.
This reverts commit 8dcf3a82c5.
2023-04-20 19:16:14 +02:00
Hans Petter Selasky
a7469c9c0a libc: bsort_s() requires both __BSD_VISIBLE and __EXT1_VISIBLE
Fixes build of Python:
/usr/include/stdlib.h:409:1: error: unknown type name 'errno_t'
errno_t  bsort_s(void *, rsize_t, rsize_t,

Reported by:	vishwin@
MFC after:	1 week
Sponsored by:	NVIDIA Networking
Differential Revision:	https://reviews.freebsd.org/D36493
2023-04-19 22:12:04 +02:00
Brooks Davis
1a2249ff0b include: add a check-ldirs target
This target ensures all LDIRS, LSUBDIRS, and LSUBSUBDIRS actually exist.

Sponsored by:	DARPA
Differential Revision:	https://reviews.freebsd.org/D39006
2023-04-19 16:58:06 +01:00
Hans Petter Selasky
8dcf3a82c5 libc: Implement bsort(3) a bitonic type of sorting algorithm.
The bsort(3) algorithm works by swapping objects, similarly to qsort(3),
and does not require any significant amount of additional memory.

The bsort(3) algorithm doesn't suffer from the processing time issues
known the plague the qsort(3) family of algorithms, and is bounded by
a complexity of O(log2(N) * log2(N) * N), where N is the number of
elements in the sorting array. The additional complexity compared to
mergesort(3) is a fair tradeoff in situations where no memory may
be allocated.

The bsort(3) APIs are identical to those of qsort(3), allowing for
easy drop-in and testing.

The design of the bsort(3) algorithm allows for future parallell CPU
execution when sorting arrays. The current version of the bsort(3)
algorithm is single threaded. This is possible because fixed areas
of the sorting data is compared at a time, and can easily be divided
among different CPU's to sort large arrays faster.

Reviewed by:	gbe@, delphij@, pauamma_gundo.com (manpages)
Sponsored by:	NVIDIA Networking
Differential Revision:	https://reviews.freebsd.org/D36493
2023-04-19 14:04:22 +02:00
Simon J. Gerraty
d9a4274795 Update/fix Makefile.depend for userland 2023-04-18 17:14:23 -07:00
Val Packett
f9c7fb7cae arpa: garbage collect ns_newmsg/ns_rdata decls
These were brought in by the libbind import, but these functions were
never actually implemented anywhere, only header declarations and symbol
map entries were imported.

Fixes: 046c3635cd ("Bring final version of libbind:")
Fixes: e45764721a ("Update our stub resolver to final version of ...")
Reported by:	ld.lld 16 being --no-undefined-version by default
Sponsored by:	https://www.patreon.com/valpackett
Reviewed by:	emaste
Pull request:	https://github.com/freebsd/freebsd-src/pull/700
Differential Revision: https://reviews.freebsd.org/D38407
2023-03-22 14:58:23 -04:00
Warner Losh
a06761e3f4 secure_getenv: Put under __BSD_VISIBLE
Sponsored by:		Netflix
Reviewed by:		delphij
Differential Revision:	https://reviews.freebsd.org/D39076
2023-03-14 17:43:13 -06:00
lucy
adeca21464 Add GNU glibc compatible secure_getenv
Add mostly glibc and msl compatible secure_getenv. Return NULL if
issetugid() indicates the process is tainted, otherwise getenv(x).  The
rational behind this is the fact that many Linux applications use this
function instead of getenv() as it's widely consider a, "best
practice".

Reviewed by: imp, mjg (feedback)
Pull Request: https://github.com/freebsd/freebsd-src/pull/686
Signed-off-by: Lucy Marsh <seafork@disroot.org>
2023-03-13 22:19:24 -06:00
Michael Butler
21735dfaeb include: Remove no longer existing netgraph/atm
Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D39005
2023-03-09 21:39:41 +00:00
Dag-Erling Smørgrav
a9a38dea37 libc: Remove prototype and documentation for tzsetwall().
PR:		269445
Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D38481
2023-03-07 17:20:49 +00:00
Elyes Haouas
ce7db385f5 include: Fix typos
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
2023-02-22 11:52:57 -05:00
John Baldwin
e5dc40935f Revert "stdlib.h: Fix qsort_r compatibility with GCC 12."
This reverts commit 43703bc489.

Reviewed by:	jrtc27
Differential Revision:	https://reviews.freebsd.org/D38216
2023-01-26 16:28:03 -08:00
Warner Losh
1761b09bf4 byteswap.h: Add a glibc/linux compatible byteswap.h
For endian.h to work instead of sys/endian.h, some software needs
byteswap.h available. It must define {__,}byteswap_{16,32,64}.
Included sys/_endian.h to get an appropriate __byteswap16, etc
and defines the new macros in terms of them. Enhance _endian.h
to allow it to be included from here too.

Sponsored by:		Netflix
Reviewed by:		markj
Differential Revision:	https://reviews.freebsd.org/D32051
2023-01-20 16:37:39 -07:00
Warner Losh
30e0d2a510 linux: For better compatibility, provide compatible endian.h
Add endian.h. This includes sys/endian.h and then adds extra defines
that glibc defines with double underscores for our
_{BIG,BYTE,LITTLE,PDP}_ENDIAN macros. We also define __FLOAT_WORD_ORDER
to be the same as _BYTE_ENDIAN since FreeBSD doesn't currently define
this, and the default with glibc is exactly this for our platforms.
Move common parts of endian.h and sys/endian.h into sys/_endian.h
to limit namespace pollution from endian.h

All this gives us good compatibility with Linux. There may be one or two
upstreams that haven't integrated the patches I tried to send up.

There are some minor differences:
	o The extra glibc macros are not defined. These are all
	  controlled with either __ at the start, or only defined
	  when glibc is being built. We also don't define macros
	  that are used internally in glibc that would pollute
	  the namespace.
	o For complete compatibility, this change must also be
	  paired with providing a glibc-compatible byteswap.h.

Sponsored by:		Netflix
Reviewed by:		mhorne, markj, jhb
Differential Revision:	https://reviews.freebsd.org/D31962
2023-01-20 16:32:45 -07:00
John Baldwin
43703bc489 stdlib.h: Fix qsort_r compatibility with GCC 12.
GCC 12 (unlike GCC 9) does not match a function argument passed to the
old qsort_r() API (as is used in the qsort_r_compat test) to a
function pointer type via __generic.  It treats the function type as a
distinct type from a function pointer.  As a workaround, add a second
definition of qsort_r for GCC 12 which uses the bare function type.

Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D37410
2023-01-19 14:48:52 -08:00
Kyle Evans
8b8babf044 include: put includes into -dev packages
The includes build is kind of funky, as we support either copying or
symlinking files into /usr/include.  For `copies`, we were supplying
the include/ ${TAG_ARGS}, which puts packages into `FreeBSD-runtime`,
without any consideration to the fact that we're installing headers.

Let's copy the approach that the `symlinks` target uses for now, and
add ",dev" to the TAG_ARGS so that headers at least end up in
FreeBSD-runtime-dev, which is more appropriate.  Some of these includes
are actually technically supposed to be in *other* packages and their
INCSGROUP's PACKAGE setting is actually correct, but this is less
trivial to solve.  This is a bandaid to fix the immediate problem of
some headers ending up in two different packages.

PR:		267526
Reviewed by:	dfr, manu
Differential Revision:	https://reviews.freebsd.org/D37256
2022-11-09 22:20:38 -06:00
Dag-Erling Smørgrav
817f1f3064 libc: Don't warn about RRSIG replies.
PR:		213178
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D37303
2022-11-09 17:41:47 +01:00
Mike Karels
1443613866 getaddrinfo: distinguish missing addrs from unresolvable names
Rework getaddrinfo(3) to return different error values for unresolvable
names (same as before, EAI_NONAME) and those without a requested addr
(EAI_ADDRFAMILY) when using DNS.  This is implemented via an added
error in the nsswitch layer, NS_ADDRFAMILY, which is used only by
getaddrinfo().  The error is passed through nsdispatch(3), but that
routine has no changes to handle this error.  The error originates in
the getaddrinfo DNS layer called via nsdispatch(), and is processed
by the search layer that calls nsdispatch().

While here, add a little style to returns near those that were
modified.

Reviewed in https://reviews.freebsd.org/D37139 with related changes.

Reviewed by:    bz
MFC after:      1 month
2022-11-02 11:03:31 -05:00
Mike Karels
40e4e12bd8 netdb.h: re-enable EAI_ADDRFAMILY, EAI_NODATA
EAI_ADDRFAMILY and EAI_NODATA are not in RFC 3493, but are available
and used in many other systems.  It is desirable to have at least one
of them in order to distinguish between names that do not resolve and
those that do not have the requested address type.  A change to
getaddrinfo() will use EAI_ADDRFAMILY.  Both were "#if 0"; re-enable,
conditioned on __BSD_VISIBLE, and update comments.  Also add comments
and __BSD_VISIBLE conditional for the last three EAI errors, which
are not in the RFC or POSIX.  Note, all of these are available in
NetBSD and OpenBSD, and EAI_ADDRFAMILY and EAI_NODATA are available
in Linux (glibc).

Reviewed in https://reviews.freebsd.org/D37139 with related changes.

Reviewed by:	bz
MFC after:	1 month
2022-11-02 11:03:30 -05:00
John Baldwin
744bfb2131 Import the WireGuard driver from zx2c4.com.
This commit brings back the driver from FreeBSD commit
f187d6dfbf plus subsequent fixes from
upstream.

Relative to upstream this commit includes a few other small fixes such
as additional INET and INET6 #ifdef's, #include cleanups, and updates
for recent API changes in main.

Reviewed by:	pauamma, gbe, kevans, emaste
Obtained from:	git@git.zx2c4.com:wireguard-freebsd @ 3cc22b2
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D36909
2022-10-28 13:36:12 -07:00
Alexander V. Chernikov
11ca01e9aa netlink: add headers installation 2022-10-01 16:31:58 +00:00
Ed Schouten
af3c78886f Alter the prototype of qsort_r(3) to match POSIX, which adopted the
glibc-based interface.

Unfortunately, the glibc maintainers, despite knowing the existence
of the FreeBSD qsort_r(3) interface in 2004 and refused to add the
same interface to glibc based on grounds of the lack of standardization
and portability concerns, has decided it was a good idea to introduce
their own qsort_r(3) interface in 2007 as a GNU extension with a
slightly different and incompatible interface.

With the adoption of their interface as POSIX standard, let's switch
to the same prototype, there is no need to remain incompatible.

C++ and C applications written for the historical FreeBSD interface
get source level compatibility when building in C++ mode, or when
building with a C compiler with C11 generics support, provided that
the caller passes a fifth parameter of qsort_r() that exactly matches
the historical FreeBSD comparator function pointer type and does not
redefine the historical qsort_r(3) prototype in their source code.

Symbol versioning is used to keep old binaries working.

MFC:			never
Relnotes:		yes
Reviewed by:		cem, imp, hps, pauamma
Differential revision:	https://reviews.freebsd.org/D17083
2022-09-30 15:26:30 -07:00
Hajimu UMEMOTO
10d872339a corrected RFC numbers in comments to proper ones 2022-09-29 19:57:59 +09:00
John Baldwin
a2e41a585b libc rpc: Fix mismatches in prototypes for array bounds.
Various RPC functions used a bare pointer in function prototypes to
describe fixed-length buffer arguments but used a fixed-length array
in the function definition.  The manual page for these functions
describes the parameters as being fixed-length buffers, so update
the prototypes to match the definitions.

Reviewed by:	imp, emaste
Reported by:	GCC -Warray-parameter
Differential Revision:	https://reviews.freebsd.org/D36757
2022-09-28 14:01:36 -07:00
Aymeric Wibo
05c9a0158f libc: Add strverscmp(3) and versionsort(3)
Add a strverscmp(3) function to libc, a GNU extension I implemented by
reading its glibc manual page. It orders strings following a much more
natural ordering (e.g. "ent1 < ent2 < ent10" as opposed to
"ent1 < ent10 < ent2" with strcmp(3)'s lexicographic ordering).

Also add versionsort(3) for use as scandir(3)'s compar argument.

Update manual page for scandir(3) and add one for strverscmp(3).

Reviewed by:	pstef, gbe, kib
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D35807
2022-08-25 03:29:03 +03:00
Konstantin Belousov
9fb8e8eede libc: add scandirat(3)
Reviewed by:	emaste, imp, kevans, markj, Aymeric Wibo <obiwac@gmail.com>
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D36301
2022-08-24 22:26:00 +03:00
Brooks Davis
1a2ff852e3 include/i386: fix release builds
Add a target to ensure the presence of /usr/include/i386
before we try to install files.  In the buildworld/installworld path
it gets created different ways, but for distribute (used in releases)
we need it in the subdir.

(Creating of this the x86, pc, powerpc directories is far too complex.
We should look for ways to simplify it.)

Reported by:	lwhsu
Fixes:		a09ea2bbc3
2022-06-13 21:37:34 +01:00
Dmitry Ovsyannikov
9f48eea366 rpcbind: get contact addr from xprt members
Addition to D31491 in order to actually resolve the top root cause.

Currently rpcbind gets contact address from connectionless xprt->xp_p2
member of a transport and will fail to get it when working over
connection oriented transport, leading to a guess game in terms of
contact address on rpcinfo requests like RPCBPROC_GETVERSADDR or
RPCBPROC_GETADDRLIST and poor returns which may influence a user
of a call and specifically reported on OSX clients, which tend to
not provide address hint from rpcinfo request to a server.

MFC after:	1 week
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D35220
2022-06-13 08:54:08 -05:00
Brooks Davis
5ea3094e6a amd64: -m32 support for machine/md_var.h
Install the i386 md_var.h under /usr/include/i386 on amd64 and include
when targeting i386.

This is a mostly kernel-only header required by procstat's ZFS support.
It is pulled in by the i386 machine/counter.h.

Reviewed by:	jhb, imp
2022-06-13 18:35:40 +01:00
Brooks Davis
8dc3fdfe69 amd64: -m32 support for machine/counter.h
Install the i386 counter.h under /usr/include/i386 on amd64 and include
when targeting i386.

This is a kernel-only header required by procstat's ZFS support.

Reviewed by:	jhb, imp
2022-06-13 18:35:40 +01:00