Sync GhostBSD releng/15.0 with FreeBSD releng/15.0 #377
+124,228
−86,457
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Make sure the entirety of x is zero before flipping the sign bit. Otherwise the sign would be wrong for small values of x when x is negative and |n*y| > |x| Approved by: re (cperciva) Reported by: alfredo PR: 251091 Reviewed by: kargl MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D53023 (cherry picked from commit 25cca51) (cherry picked from commit 583e976)
The introduction of OpenZFS moved some sysctls, and legacy compat shims were added. For example: Old (legacy) name: vfs.zfs.min_auto_ashift New name: vfs.zfs.vdev.min_auto_ashift Upstream OpenZFS removed these, but we've temporarily restored them in FreeBSD. Note that l2arc sysctls use generic sysctl functions (e.g. SYSCTL_UQUAD) and thus cannot trivially have warnings added, so they are not handled. Approved by: re (cperciva) PR: 266374 Reviewed by: jlduran Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D53033 (cherry picked from commit 654a3aa) (cherry picked from commit f003387)
When the received authentication message had more than XU_NGROUPS, we would write group IDs beyond the end of cr_groups[] in the 'struct xucred' being filled (as 'ngroups_max' is always greater than XU_NGROUPS). For robustness, prevent various OOB accesses that would result from a change of value of XU_NGROUPS or a 'struct xucred' with an invalid 'cr_ngroups' field, even if these cases are unlikely. Approved by: re (cperciva) Reviewed by: rmacklem Fixes: dfdcada ("Add the new kernel-mode NFS Lock Manager.") MFC after: 2 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52960 (cherry picked from commit 47e9c81) (cherry picked from commit 9492a1e)
As, respectively, the maximum number of "supplementary" groups and the maximum hostname size allowed in the credentials structure for AUTH_SYS (aka, AUTH_UNIX). Will be used in subsequent commits. Approved by: re (cperciva) Reviewed by: rmacklem MFC after: 2 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52961 (cherry picked from commit f7c4f80) (cherry picked from commit 37aeac4)
Consistently with the XDR_INLINE() variant of xdr_authunix_parms()
(_svcauth_unix() in 'svc_auth_unix.c'), reject messages with credentials
having a machine name length in excess of AUTH_SYS_MAX_HOSTNAME or more
than AUTH_SYS_MAX_GROUPS supplementary groups, which do not conform to
RFC 5531. This is done mainly because we cannot store excess groups
anyway, even if at odds with the robustness principle ("be liberal in
what you accept").
While here, make sure the current code is immune to AUTH_SYS_MAX_GROUPS
changing value (in future RFCs?) even if that seems improbable.
Approved by: re (cperciva)
Reviewed by: rmacklem
Fixes: dfdcada ("Add the new kernel-mode NFS Lock Manager.")
MFC after: 2 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52962
(cherry picked from commit b119ef0)
(cherry picked from commit 34fc205)
Remove local defines from 'svc_auth_unix.c' and use the new limit macros instead. Approved by: re (cperciva) Reviewed by: rmacklem MFC after: 2 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52963 (cherry picked from commit e665c0f) (cherry picked from commit 9763e76)
In the inline version (_svcauth_unix()), fix multiple possible OOB reads when the credentials part of a request is too short to contain mandatory fields or with respect to the hostname length or number of groups it advertises. The previously existing check was arriving too late and relied on possibly wrong data coming from earlier OOB reads. While here, use 'uint32_t' as the length/size type, as it is more than enough and removes the need for conversions, explicit or implicit. While here, factor out setting 'stat' to AUTH_BADCRED and then jumping to 'done' on error, through the new 'badcred' label. While here, through comments, refer to what the non-inline version is doing (xdr_authunix_parms() in 'authunix_prot.c') and the reasons. Approved by: re (cperciva) Reviewed by: rmacklem Fixes: dfdcada ("Add the new kernel-mode NFS Lock Manager.") MFC after: 2 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52964 (cherry picked from commit d4cc791) (cherry picked from commit 45e671c)
xdr_authunix_parms() does not allocate any auxiliary memory, so we can simply support XDR_FREE by just returning TRUE. Although there are currently no callers passing XDR_FREE, this makes us immune to such a change in a way that doesn't cost more but is more constructive than a mere KASSERT(). Approved by: re (cperciva) Suggested by: rmacklem MFC after: 2 days Sponsored by: The FreeBSD Foundation (cherry picked from commit 4ae70c3) (cherry picked from commit b27688a)
Remove the printf() stances added in commit d4cc791 ("sys/rpc: UNIX auth: Fix OOB reads on too short message"). Even if it can be helpful to know why an authentication message is rejected, printing explanatory messages on each request attempt is a remote log filler that could be triggered by accident, and the generic RPC code generally does not do that. These printf() calls should be restored only after some limiting or configuration mechanism is devised. Approved by: re (cperciva) MFC with: d4cc791 ("sys/rpc: UNIX auth: Fix OOB reads on too short message") Sponsored by: The FreeBSD Foundation (cherry picked from commit 2110ae0) (cherry picked from commit fb8a978)
The FreeBSD-base pkg repository is currrently dominated by a handful of
large packages: Out of a compressed repository size of ~960 MB, about
160 MB is taken up by the FreeBSD-src package, 128 MB (on amd64) is
used by the FreeBSD-kernel-generic-dbg package, and 91 MB is used by
the FreeBSD-src-sys package. Consequently, running 'make packages -jN'
provides less benefit than one might hope, as most of the packages
finish building quickly, ultimately leaving the FreeBSD-src package
building by itself for a couple minutes while all the other CPUs are
idle.
Pass -T${PKG_CTHREADS} to the 'pkg create' commands (with a default
of -T0) in order to instruct pkg's zstd compression to use multiple
threads.
Testing on an EC2 r7i.48xlarge instance with -j192, this reduces the
time taken by 'make packages' from 6m17s to 1m39s; package creation
time itself (excluding the initial process of installing into world
and kernel staging directories) dropped from 5m37s to 59s.
Approved by: re (cperciva)
Reviewed by: ivy
MFC after: 3 days
Sponsored by: https://www.patreon.com/cperciva
Differential Revision: https://reviews.freebsd.org/D53053
(cherry picked from commit 16155cc)
(cherry picked from commit 3d8ec32)
As recently fixed in sockstat (9934558), having tests/Makefile include files from the parent directory with SRCS= ../foo.c results in a race condition as the parent build and the tests build try to produce the same object file but contain different paths. Use .PATH to tell make to find sockstat.c in the parent directory but place the object file in the current object directory. Approved by: re (cperciva) Reviewed by: emaste, jrtc27, kevans MFC after: 3 days Sponsored by: https://www.patreon.com/cperciva Differential Revision: https://reviews.freebsd.org/D53075 (cherry picked from commit 3c9a2f3) (cherry picked from commit a7c1d6b)
Normally in BETAs the DVD images get packages from the latest quarterly package build; but aarch64 does not yet have a quarterly package set built for 15.x, and this made the BETA1 aarch64 builds fail. Switch back to using packages from the "latest" package set. Direct commit to releng/15.0; will be reverted before the release. Approved by: re (cperciva) Sponsored by: https://www.patreon.com/cperciva
Include /packages in the METALOG used to create dvd1.iso. Previously we used an expression ^./packages/ (with a trailing /) which did not match /packages itself, and then with no METALOG entry /packages on dvd1.iso ended up with mode d---------. Approved by: re (cperciva) PR: 290222 Reviewed by: cperciva MFC after: 1 minute Sponsored by: The FreeBSD Foundation (cherry picked from commit 2db11dd) (cherry picked from commit ecd943a)
Theoretically METALOG should include everything which needs to go into disk images; unfortunately there are still a few bugs which are resulting in directories not being listed -- and if METALOG has files in unrecorded directories, the directories end up being created with 000 permissions. Oddly enough, systems where / has 000 permissions are not very usable. As a temporary hack, compare the staging tree against METALOG and add entries for any unrecorded directories. This will hopefully be reverted before 15.0-RELEASE. Approved by: re (cperciva) Reviewed by: bapt, emaste, ivy Sponsored by: https://www.patreon.com/cperciva MFC after: 5 minutes Differential Revision: https://reviews.freebsd.org/D53153 (cherry picked from commit 71b2f98) (cherry picked from commit 7ce5d90)
The send operations are waiting on the peer's socket buffer, but we shall use our timeout value. Provide a test for that. Approved by: re (cperciva) Reported by: phk Reviewed by: asomers Differential Revision: https://reviews.freebsd.org/D53081 Fixes: d157927 (cherry picked from commit ead7219) (cherry picked from commit bbfaff2)
Create a chapter on every important socket type: stream, datagram, seqpacket. Always list what protocol families do support what kinds of sockets. Improve some statements possessing language from the specification [1]. Reduce some statements that are mostly specific to TCP. Provide more external links and references to various important syscalls that can be used on sockets. Add a paragrph on non-blocking mode. The big factual change is documentation of SOCK_SEQPACKET. In FreeBSD 15 this socket now fully follows the specification and is a stream socket with record boundaries. [1] https://pubs.opengroup.org/onlinepubs/9799919799/functions/V2_chap02.html#tag_16_10_06 Approved by: re (cperciva) Differential Revision: https://reviews.freebsd.org/D52771 (cherry picked from commit 86d1723) (cherry picked from commit ad13fd5) (cherry picked from commit a091d69)
Showing the path state column is only useful, if there is at least one SCTP endpoint shown, which is not in the state CLOSED or LISTEN. Don't show it when it is not useful. Approved by: re (cperciva) Reviewed by: rrs Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D52986 (cherry picked from commit 746eade) (cherry picked from commit 9a0a114)
Only suppress the path state column when producing traditional text output. When generating html output, always include the column. Please note that when generating json or xml output, optional fields like the path state are only generated if they is applicable. This has not been changed. The changes in this patch were suggested by asomers. Approved by: re (cperciva) Reviewed by: asomers Fixes: 746eade ("sockstat: show path state column only when useful") Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D53005 (cherry picked from commit 97e858f) (cherry picked from commit f6923c0)
Otherwise we print a bogus path for anonymous objects. Approved by: re (cperciva) Reviewed by: kib MFC after: 1 week Sponsored by: Modirum MDPay Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D52997 (cherry picked from commit 13d866b) (cherry picked from commit 55ad7c5)
Approved by: re (cperciva) Reviewed by: alc, kib MFC after: 1 week Sponsored by: Modirum MDPay Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D53008 (cherry picked from commit ffca0c4) (cherry picked from commit 2eaee0d)
Approved by: re (cperciva) Reviewed by: alc, kib MFC after: 1 week Sponsored by: Modirum MDPay Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D53008 (cherry picked from commit f66bb82) (cherry picked from commit 5bc5ce6)
- Fix a typo. - Provide the default path. Approved by: re (cperciva) Reviewed by: des MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D53001 (cherry picked from commit ec8e07e) (cherry picked from commit 1de0622)
When trying to find the address of a VNET variable from a debugger, it helps to have the original address of the VNET section. In particular, given the address of a vnet_entry_foo symbol, one wants to easily find the linker file that the symbol belongs to. In link_elf_obj.c, the section address for VNET and DPCPU sections is overwritten in link_elf_link_preload() and link_elf_load_file(). Add an "origaddr" field to store the original absolute address of the section base. In link_elf.c the elf_file_t already has the fields we want, but they were not getting filled out for the kernel itself. Fix that too, since that simplifies things for debuggers and improves consistency. Approved by: re (cperciva) Reviewed by: kib MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D52730 (cherry picked from commit 07747af) (cherry picked from commit 5a926b3)
Approved by: re (implicit) Sponsored by: https://www.patreon.com/cperciva
+ arm/RPI-B.conf no longer exists, adjust for arm64/RPI.conf + document default CHROOTDIR, also add to FILES list + tag SPDX Approved by: re (cperciva) MFC after: 3 days Reviewed by: cperciva Differential Revision: https://reviews.freebsd.org/D53078 (cherry picked from commit 8a9f1a2) (cherry picked from commit be9b7d8)
Approved by: re (cperciva) MFC after: 3 days Reviewed by: dab Differential Revision: https://reviews.freebsd.org/D52867 (cherry picked from commit 7f5267a) (cherry picked from commit 795f4ee)
This allows in higher throughput values with default settings. In the review I was proposing using 16 MB, but in the transport call today we settled on a more conservative value of 8. Bumping it further will be done in combination with mitigations for mbuf exhaustion attacks. Approved by: re (cperciva) Reviewed by: rscheff, cc, glebius, Nick Banks, Peter Lei, jtl, thj, rrs Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D52872 (cherry picked from commit 9dd4742) (cherry picked from commit 7d29554)
This allows in higher throughput values with default settings. In the review I was proposing using 16 MB, but in the transport call today we settled on a more conservative value of 8. Bumping it further will be done in combination with mitigations for mbuf exhaustion attacks. Approved by: re (cperciva) Reviewed by: rscheff, Peter Lei, jtl, thj Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D52871 (cherry picked from commit baeff75) (cherry picked from commit c3cc822)
Azure requires the first 1 MB (2,048 sectors) of the OS disk to remain empty for VM images: https://learn.microsoft.com/partner-center/marketplace-offers/azure-vm-certification-faq#vm-images-must-have-1-mb-of-free-space Also append the BOOTPARTSOFFSET suffix for aarch64 images, which only has an ESP partition for booting. Co-authored-by: Brad Davis <brd@FreeBSD.org> Approved by: re (cperciva) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D53628 (cherry picked from commit 36095c9) (cherry picked from commit 7261760)
Approved by: re (implicit) Sponsored by: https://www.patreon.com/cperciva
libcrypto's Makefile.inc used PACKAGE=openssl, which overrides the PACKAGE=tests in libcrypto/tests/Makefile. Use PACKAGE?=openssl instead to avoid this. This puts the OpenSSL tests in the tests package where they belong. Approved by: re (cperciva) MFC after: 1 day Reviewed by: manu, ngie Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D53595 (cherry picked from commit c3b853f) (cherry picked from commit 4e672f6)
Commit 9065390 moved atf to its own package, but mistakenly moved the tests as well. Put the tests back into the test package. Approved by: re (cperciva) Fixes: 9065390 ("packages: Remove the tests-dev package") MFC after: 1 day Reviewed by: emaste Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D53594 (cherry picked from commit 4b34283) (cherry picked from commit cdfa913)
The access of vq->vq_ring.used->idx needs to be volatile-qualified, otherwise the compiler may optimize virtqueue_poll() into an infinite loop if there is no data available upon the first poll. Prior to commit ad17789 this wasn't a problem since an external function call after each poll inhibited the optimization. Approved by: re (cperciva) PR: 289930 MFC after: 3 days Sponsored by: Klara, Inc. Fixes: ad17789 ("virtio: Remove the unused poll method") (cherry picked from commit f999ffd) (cherry picked from commit 72c7604)
We have NO_ROOT here, so we need WITHOUT_QEMU to avoid problems. 15.0 candidate. Approved by: re (cperciva) Reviewed by: emaste, markj MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D53637 (cherry picked from commit f89aa18) (cherry picked from commit 2e2a460)
Unbootstrapped pkg will ignore -N if -r is specified first. Flip the order. Prior to commit 66c75fa this worked by accident. Approved by: re (cperciva) PR: 290393 Reported by: olgeni MFC after: 3 days Fixes: 66c75fa ("freebsd-update: Fix the pkgbase check") (cherry picked from commit 6453523) (cherry picked from commit addc055)
and one that will be with us in the long-term future. (this helps reduce diffs in the future and for down-stream users that trim entropy sources). Also, move deprecated (removed in 16.0) sources to the bottom of the list to reduce changes to 15.x. Approved by: re (cperciva) Reviewed by: glebius Obtained from: Juniper Networks Differential Revision: https://reviews.freebsd.org/D53311 (cherry picked from commit 9f3886347c1750cf80a82314470fc7186088eb9a) (cherry picked from commit e224f2c)
The second and third members of struct bsddialog_menuitem are `bool on` and `unsigned int depth`. The newfs dialog options in bsdinstall's partition tool had these two swapped, so the default selection did not work. Approved by: re (cperciva) PR: 290857 Reviewed by: asiciliano Fixes: 50e2449 ("bsdinstall/partedit: Replace libdialog with libbsddialog") Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D53639 (cherry picked from commit 4e36942) (cherry picked from commit 980aa8d)
When a SYN ACK is received for a listening socket, just drop it instead of killing the SYN-cache entry and send a RST. This closes the possibility to kill a TCP connection during its handling in the SYN-cache. Approved by: re (cperciva) Reviewed by: Nick Banks, Peter Lei Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D53540 (cherry picked from commit 239464e) (cherry picked from commit e082156)
According to section 5.1.6.2.1 of version 1.3 of the virtio specification, the driver MUST NOT set VIRTIO_NET_HDR_F_DATA_VALID in the flags. So don't do that. Approved by: re (cperciva) Reviewed by: Timo Völker Differential Revision: https://reviews.freebsd.org/D53650 (cherry picked from commit 836b3cd) (cherry picked from commit 0ef06b5)
Transmit segment offloading depends on transmit checksum offloading. Enforce that constraint. This also fixes a bug, since if_hwassist bits are from the CSUM_ space, not from the IFCAP_ space. Approved by: re (cperciva) PR: 290773 Reviewed by: Timo Völker Tested by: lg@efficientip.com Differential Revision: https://reviews.freebsd.org/D53629 (cherry picked from commit 4c50ac6) (cherry picked from commit 0fb0ba5)
This is consistent with other operating systems and with bsdinstall's UFS config and with bsdinstall's ZFS config prior to commit 0b7472b. Approved by: re (cperciva) PR: 290857 Fixes: 0b7472b ("Mount the EFI system partition (ESP) on newly-installed systems.") Reviewed by: imp Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D53642 (cherry picked from commit 4109cdf) (cherry picked from commit 65e347d)
When starting to scan and ending a scan we clear/set the hardware to idle. Similarly we set the hw to idle when we remove the channel context but when starting we only set it to non-idle when we went from assoc to run. This apparently was not a problem most of the time as the switch from a failed hardware scan to a software scan was racing against net80211. ad4ddc8 fixed that specifically for rtw88 and while we were more consistently scanning, this broke authentication as the setting of idle at the end of the scan was now happening reliably. Move the unsetting of idle from assoc_to_run to scan_to_auth for when we create the chanctx to keep it symmetrical. This makes authentication work again for rtw88 (though not for everyone due to other possible problems with net80211). This likely also fixes the problems in the listed PRs. iwlwifi(4) mvm and mld driver parts do not use this information at all and were never affected. Approved by: re (cperciva) Sponsored by: The FreeBSD Foundation PR: 290850, 288186, 281979 PR: 272145 (the non skb-mem-limit parts) (cherry picked from commit b568711) (cherry picked from commit a77abd5)
We need to specify the correct image names -- *.vhdf, not *.vhd -- in order for them to upload. 15.0 candidate Approved by: re (cperciva) Reviewed by: lwhsu MFC after: 2 days Differential Revision: https://reviews.freebsd.org/D53684 (cherry picked from commit df84867) (cherry picked from commit eee3386)
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
The pull request #377 has too many files changed.
The GitHub API will only let us fetch up to 300 changed files, and this pull request has 2105.
|
Thank you for taking the time to contribute to FreeBSD!
Please review CONTRIBUTING.md, then update and push your branch again. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.