When trying to use a VLAN device (e.g. "em0.123") with a dot
the library fails to parse the interface correctly. The former
pattern is much too restrictive given that almost all characters
can be coerced into a device name via ifconfig.
Remove the particularly restrictive validation. Some characters
still cannot be used as an interface name as they are used as
delimiters in the syntax, but this allows to be able to use most
of them without an issue.
Submitted by: franco@opnsense.org
Differential Revision: https://reviews.freebsd.org/D42485
Reviewed by: vmaffione
(cherry picked from commit ad874544d9)
Set _shell like later versions of bmake so that .SHELL
does not appear in conditionals.
This avoids errors when an older version of bmake parses this makefile
such as when doing src upgrade from stable/12 or older.
Direct commit to stable/13 since this is the only branch where
this issue arrises.
PR: 281151
Stop shipping a log file for etcupdate. This is a source of
non-reproducability as it uses mktemp thereby guaranteeing the output is
different each run.
Differential Revision: https://reviews.freebsd.org/D46317
(cherry picked from commit e972e408d1)
RFC8275 defines a new attribute as an extension to NFSv4.2
called MODE_UMASK. This patch adds the attribute number
to nfsproto.h.
Future patches will add optional support for the attribute.
This patch does not cause any semantics change.
(cherry picked from commit 10d5b43424)
The format for CTLTYPE_UINT is "IU" instead of "UI" as specified
in sysctl.9.
Reviewed by: cc, zlei
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D46408
(cherry picked from commit 498286d4e8)
Originally, a SYN-cache entry was always allocated and later freed,
when not needed anymore. Then the allocation was avoided, when no
SYN-cache entry was needed, and a copy on the stack was used.
But the logic regarding freeing was not updated.
This patch doesn't re-check conditions (which may have changed) when
deciding to insert or free the entry, but uses the result of
the earlier check.
This simplifies the code and improves also consistency.
Reviewed by: glebius
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D46410
(cherry picked from commit e41364711c)
There will at most lro_entries entries in the LRO hash table. So no
need to take lro_mbufs into account, which only results in the
LRO hash table being too large and therefore wasting memory.
Reviewed by: rrs
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D46378
(cherry picked from commit aa6c490bf8)
There's a huge variety of situations when booting with UEFI. Document
more of them, hopefully better.
Feedback from: jrtc27
MFC After: 3 days
Sponsored by: Netflix
(cherry picked from commit 871911a4ab)
Some SCTP implementations will abort connections and then later re-use the same
port numbers (i.e. both src and dst) for a new connection, before pf has fully
purged the old connection.
Apply the same hack we already have for similarly misbehaving TCP
implementations and forcibly remove the old state so we can create a new one.
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 82e021443a)
Previously 3 bytes of data from the heap could be leaked to ctl
consumers.
Reported by: Synacktiv
Reviewed by: asomers, mav
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46091
(cherry picked from commit db87c98168)
(cherry picked from commit 131b7dcb2f)
Try to be a little more explicit about the path translation mechanism
accessing /compat/linux/<path> then falling back to /<path>.
As suggested by martin@lispworks.com, refer to the compat path
explicitly, and correct an existing grammaro.
PR: 277804
Reviewed by: fernape
Sponsored by: The FreeBSD Foundation
(cherry picked from commit f66e71fa78)
(cherry picked from commit d1daec3d35)
(cherry picked from commit 226c733737)
Adds support for AMD Ryzen 7 "Phoenix" processors (family 0x19,
model 0x70-0x7f) to the amdsmn(4) and amdtemp(4) drivers. This
enables temperature readings of these CPUs via sysctl.
The sensors function identically to those for the "Raphael" processors
(model 0x60-0x6f); only the PCI device ID differs.
PR: kern/280942
Relnotes: yes
MFC after: 3 days
(cherry picked from commit ef3f8aa0a0)
sys/netinet/libalias/alias_db.c has internal static function UseLink()
that passes a link to CleanupLink() to verify if the link has expired.
If so, UseLink() may return NULL.
_FindLinkIn()'s usage of UseLink() is not quite correct.
Assume there is "redirect_port udp" configured to forward incoming
traffic for specific port to some internal address.
Such a rule creates partially specified permanent link.
After first such incoming packet libalias creates new fully specified
temporary LINK_UDP with default timeout of 60 seconds.
Also, in case of low traffic libalias may assign "timestamp"
for this new temporary link way in the past because
LibAliasTime is updated seldom and can keep old value
for tens of seconds, and it will be used for the temporary link.
It may happen that next incoming packet for redirected port
passed to _FindLinkIn() results in a call to UseLink()
that returns NULL due to detected expiration.
Immediate return of NULL results in broken translation:
either a packet is dropped (deny_incoming mode) or delivered to
original destination address instead of internal one.
Fix it with additional check for NULL to proceed with a search
for original partially specified link. In case of UDP,
it also recreates temporary fully specified link
with a call to ReLink().
Practical examples are "redirect_port udp" rules for unidirectional
SYSLOG protocol (port 514) or some low volume VPN encapsulated in UDP.
Thanks to Peter Much for initial analysis and first version of a patch.
Reported by: Peter Much <pmc@citylink.dinoex.sub.org>
PR: 269770
(cherry picked from commit 8132e95909)
(cherry picked from commit e5b8538083)
Upstream unbound includes a backup configure file which is distributed
in the upstream tarball. It must be created by their release process and
not deleted prior to packaging the tarball. I've received two emails so
far asking about it. Let's remove it so nobody else asks about it.
(cherry picked from commit 51c8a9c1be)
[MFC note: We're making the same changes for 13.4.]
Remove archivers/unzip (now in base) and emulators/linux_base-c7 (old
and unlikely to be useful without other linux packages being installed),
ports-mgmt/portmaster (now largely obsolete and discouraged in favour
of using pkg and binary packages) and x11-drivers/xf86-video-vmware
(questionably useful).
Replace devel/git with devel/git@lite (sufficient for most purposes),
and adjust the "ensure the ports exist to sanitize the list" code to
ignore the @lite part when checking that /usr/ports/devel/git exists.
Add sysutils/seatd and x11-wm/sway for wayland support.
MFC after: 1 minute
Differential Revision: https://reviews.freebsd.org/D45278
Many of the tests create temporary files. pid files, log files, tcpdump
captures, ... We should take care to ensure they're stored in the temporary
working directory Kyua creates rather than in the root directory.
This ensures there are no conflicts between simultaneously running tests, and
also keeps the root directory clean.
MFC after: 1 month
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit b0fcf4d522)
When removing a user's home directory, if the directory is a ZFS
dataset, it cannot be removed. If the directory has been emptied,
use "zfs destroy" to destroy it. This complements the automatic
dataset creation in adduser. Note that datasets within the directory
and snapshots are not handled, as the complete path is not constructed.
While here, add waitpid() calls to rmat() and pw_user_del().
Reviewed by: des
Differential Revision: https://reviews.freebsd.org/D45348
(cherry picked from commit d2f1f71ec8)
Currently, if the prefix of the new home directory is a subdirectory
of a ZFS dataset, adduser will create a new dataset up one or more
levels from the intended destination. "pw useradd" will then create
a normal directory in the desired location, leaving an unused dataset.
Check for this situation when determining whether to create a dataset,
and let pw create the directory.
Reviewed by: des
Differential Revision: https://reviews.freebsd.org/D45229
MFC after: 3 days
(cherry picked from commit 0b39b2e2dd)
(e.g. traceroute with icmp)
ok henning, jsing
Also extend the test case to cover this scenario.
PR: 280701
Obtained from: OpenBSD
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 89f6723288)
In 534ee17e6 pf state checking for ICMP(v6) was made stricter. This change
failed to correctly set the pf_pdesc for ICMP-in-ICMP lookups, resulting in ICMP
error packets potentially being dropped incorrectly.
Specially, it copied the ICMP header into a separate variable, not into the
pf_pdesc.
Populate the required pf_pdesc fields for the embedded ICMP packet's state lookup.
PR: 280701
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 2da98eef1f)
The DHCP server in EC2 knows exactly which system should be using
which IP address (and in fact EC2 has source IP filtering on by
default) so there's no point ARPing an address before using it.
The preceding commits (changing the ARP wait time from 2 s to 250 ms)
and this one (eliminating the wait entirely in EC2) reduce the time
required for a newly launched FreeBSD/EC2 instance to launch by 2
seconds.
Discussed with: icattard
MFC after: 10 days
Sponsored by: Amazon
(cherry picked from commit 54a543d5ea)
Add new dhclient_arpwait option to rc.conf.5, with information about
what it does, and cases in which it could be disabled.
Sponsored by: Google LLC (GSoC 2024)
Signed-off-by: Isaac Cilia Attard <icattard@FreeBSD.org>
MFC after: 10 days
Reviwed by: cperciva, brooks, Tom Hukins, Alexander Ziaee
Pull Request: https://github.com/freebsd/freebsd-src/pull/1368
(cherry picked from commit e4482bfde9)
Introduce a new rc.conf option to not wait for ARP resolution within
dhclient. This is plausible on many modern networks where it is possible
to trust the DHCP server to know whether an IP address is available.
Sponsored by: Google LLC (GSoC 2024)
Signed-off-by: Isaac Cilia Attard <icattard@FreeBSD.org>
MFC after: 10 days
Reviwed by: cperciva, brooks, Tom Hukins, Alexander Ziaee
Pull Request: https://github.com/freebsd/freebsd-src/pull/1368
(cherry picked from commit 503adcdf1d)
Document new n flag for disabling ARP resolution within dhclient.
Sponsored by: Google LLC (GSoC 2024)
Signed-off-by: Isaac Cilia Attard <icattard@FreeBSD.org>
MFC after: 10 days
Reviwed by: cperciva, brooks, Tom Hukins, Alexander Ziaee
Pull Request: https://github.com/freebsd/freebsd-src/pull/1368
(cherry picked from commit 84fce4b67a)
Make arp_timeout available to dhclient.c, set the default timeout to 250
ms, and provide a new command-line argument, 'n' for setting the timeout
to 0.
Sponsored by: Google LLC (GSoC 2024)
Signed-off-by: Isaac Cilia Attard <icattard@FreeBSD.org>
MFC after: 10 days
Reviwed by: cperciva, brooks, Tom Hukins, Alexander Ziaee
Pull Request: https://github.com/freebsd/freebsd-src/pull/1368
(cherry picked from commit b51569ad3c)
Change the use of time() to clock_gettime() to have millisecond-accurate
rather than second-accurate timeouts.
Sponsored by: Google LLC (GSoC 2024)
Signed-off-by: Isaac Cilia Attard <icattard@FreeBSD.org>
MFC after: 10 days
Reviwed by: cperciva, brooks, Tom Hukins, Alexander Ziaee
Pull Request: https://github.com/freebsd/freebsd-src/pull/1368
(cherry picked from commit f0a38976b0)
Use the new add_timeout_timespec() API to handle timeouts for
state_selecting within dhclient.c. No functional change intended.
Sponsored by: Google LLC (GSoC 2024)
Signed-off-by: Isaac Cilia Attard <icattard@FreeBSD.org>
MFC after: 10 days
Reviwed by: cperciva, brooks, Tom Hukins, Alexander Ziaee
Pull Request: https://github.com/freebsd/freebsd-src/pull/1368
(cherry picked from commit 76e0ffd9f8)
Introduce a new function, add_timeout_timespec(), to use timespec
structs to handle timeouts. Make add_timeout() into a wrapper for the
latter function to retain compatibility with the rest of the codebase.
No functional change intended.
Sponsored by: Google LLC (GSoC 2024)
Signed-off-by: Isaac Cilia Attard <icattard@FreeBSD.org>
MFC after: 10 days
Reviwed by: cperciva, brooks, Tom Hukins, Alexander Ziaee
Pull Request: https://github.com/freebsd/freebsd-src/pull/1368
(cherry picked from commit 16a235f23c)
The maximum cluster number was calculated based on the number of data
cluters that fit in the givem partition size and the size of the FAT
area. This limit did not take into account that the highest 10 cluster
numbers are reserved and must not be used for files.
PR: 280347
Reported by: pho@FreeBSD.org
(cherry picked from commit 45d4e82bf6)
When the various loaders under stand/efi are built, the resulting
binaries differ over multiple runs, even if WITH_REPRODUCIBLE_BUILD is
used. This is caused by lld multithreading and the custom linker scripts
for the loaders, and affects the following binaries:
* loader_4th.efi
* loader_4th.sym
* loader_4th.sym.full
* loader_lua.efi
* loader_lua.sym
* loader_lua.sym.full
* loader_simp.efi
* loader_simp.sym
* loader_simp.sym.full
Work around this by disabling lld threading for these binaries.
Reviewed by: emaste
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D46271
(cherry picked from commit f5ce3f4ef5)
[utils/TableGen/X86CompressEVEXTablesEmitter.cpp] Make sure the tablegen output for the `checkPredicate` function is deterministic (#84533)
The output for the `checkPredicate` function was depending on a
`std::map` iteration that was non-deterministic from run to run, because
the keys were pointer values.
Make a change so that the keys are `StringRef`s so the ordering is
stable.
This avoids non-determinism in llvm-tblgen output, which could cause
differences in the generated X86GenCompressEVEXTables.inc file. Although
these differences are not influencing the meaning of the generated code,
they still change a few bytes in libllvm. This in turn influences all
the binaries linked with libllvm, such as clang, ld.lld, etc.
Reported by: cperciva
MFC after: 3 days
(cherry picked from commit 7a8d05ba19)
This fixes a number of clang 19 warnings:
sys/contrib/dev/ath/ath_hal/ar9300/ar9300_eeprom.c:709:25: error: comparison of different enumeration types ('HAL_BOOL' and 'HAL_FREQ_BAND') [-Werror,-Wenum-compare]
709 | freq_array[i] = FBIN2FREQ(p_freq_bin[i], is_2ghz);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sys/contrib/dev/ath/ath_hal/ar9300/ar9300eep.h:148:11: note: expanded from macro 'FBIN2FREQ'
148 | (((y) == HAL_FREQ_BAND_2GHZ) ? (2300 + x) : (4800 + 5 * x))
| ~~~ ^ ~~~~~~~~~~~~~~~~~~
sys/contrib/dev/ath/ath_hal/ar9300/ar9300_eeprom.c:745:25: error: comparison of different enumeration types ('HAL_BOOL' and 'HAL_FREQ_BAND') [-Werror,-Wenum-compare]
745 | freq_array[i] = FBIN2FREQ(p_freq_bin[i], is_2ghz);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sys/contrib/dev/ath/ath_hal/ar9300/ar9300eep.h:148:11: note: expanded from macro 'FBIN2FREQ'
148 | (((y) == HAL_FREQ_BAND_2GHZ) ? (2300 + x) : (4800 + 5 * x))
| ~~~ ^ ~~~~~~~~~~~~~~~~~~
sys/contrib/dev/ath/ath_hal/ar9300/ar9300_eeprom.c:781:25: error: comparison of different enumeration types ('HAL_BOOL' and 'HAL_FREQ_BAND') [-Werror,-Wenum-compare]
781 | freq_array[i] = FBIN2FREQ(p_freq_bin[i], is_2ghz);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sys/contrib/dev/ath/ath_hal/ar9300/ar9300eep.h:148:11: note: expanded from macro 'FBIN2FREQ'
148 | (((y) == HAL_FREQ_BAND_2GHZ) ? (2300 + x) : (4800 + 5 * x))
| ~~~ ^ ~~~~~~~~~~~~~~~~~~
The `FBIN2FREQ()` and `FREQ2FBIN()` macros in `ar9300eep.h` are invoked
in most places around the `ath_hal` code with a (effectively) boolean
second argument, corresponding to "is this 2GHz?". But in the code that
is warned about, the value `HAL_FREQ_BAND_2GHZ` is of a different
non-boolean type, `HAL_FREQ_BAND`.
Update the `FBIN2FREQ()` and `FREQ2FBIN()` macros to interpret the
second argument as boolean value, and rename the macro parameter names
to better describe their meaning.
Reviewed by: adrian, bz
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D46201
(cherry picked from commit 82246ac5d8)
Initialize V_ts_offset_secret for each vnet, not only for the
default vnet, since it is vnet specific.
Reviewed by: Peter Lei
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D46246
(cherry picked from commit 9b569353e0)
acl_copyin did not validate the return value of acl_copy_oldacl_into_acl
which could lead to uninitialized acl structure memory reads.
Reported by: Synacktiv
Reviewed by: markj, emaste
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46125
(cherry picked from commit 6ee6c7b146)
(cherry picked from commit 6bf5c32ad8)
In pipe_build_write_buffer we increment uio_iov but did not update
uio_iovcnt. This would not cause an OOB read (thanks to to uio_resid)
but is inconsistent and could be an issue if other code changes are made
in the future.
Reported by: Synacktiv
Reviewed by: jhb, markj, brooks
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45999
(cherry picked from commit d8ff42e816)
(cherry picked from commit cbbc8d6730)
They are functionally equivalent, but the updated form mirrors the tests
in sys/net/ethernet.h and avoids confusion.
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D21037
(cherry picked from commit a1295b2484)
(cherry picked from commit 6fb0634bc4)
As of e67975d331 ("Fix 'calendar -a' in several ways."), `calendar -a`
will now fork off a new process for each user and do all of its own
processing in the user's own context.
As a side-effect, calendar(1) started calling setlogin(2) in each of the
forked processes and inadvertently hijacked the login name for the
session it was running under, which was typically not a fresh session
but rather that of whatever cron/periodic run spawned it. Thus, daily
and security e-mails started coming from completely arbitrary user.
We could create a new session, but it appears that nothing calendar(1)
does really needs the login name to be clobbered; opt to just avoid the
setlogin(2) call entirely rather than incur the overhead of a new
session for each process.
PR: 280418
Reviewed by: des, olce
Fixes: e67975d331 ("Fix 'calendar -a' in several ways.")
(cherry picked from commit 6cb8b61efe)