instead of accepting any character as a delimiter, only accept ':', '.'
and '-', and only permit a single delimiter in an address.
this prevents accepting bizarre addresses like:
ifconfig epair2a link 10.1.2.200/28
... which is particularly problematic on an INET6-only system, in which
case ifconfig defaults to the 'link' family, meaning that:
ifconfig epair2a 10.1.2.200/28
... changes the Ethernet address of the interface.
bump __FreeBSD_version so link_addr() consumers can detect the change.
Reviewed by: kp, des
Approved by: des (mentor)
Differential Revision: https://reviews.freebsd.org/D49936
(cherry picked from commit a121509041)
Note-from-OPNsense: not bumping the FreeBSD version for stable/25.7
this is a re-entrant version of link_ntoa. use an in-out parameter for
the buffer size, so the user requires at most two calls to determine the
needed size.
reimplement link_ntoa using link_ntoa_r with a static buffer.
Reviewed by: des
Approved by: des (mentor)
Differential Revision: https://reviews.freebsd.org/D50202
(cherry picked from commit da509c2908)
for now, since link_addr() has no way to indicate an error, these are
only positive tests which check the outcome of valid inputs.
Reviewed by: ngie, des, adrian
Approved by: des (mentor)
Differential Revision: https://reviews.freebsd.org/D50062
(cherry picked from commit 757e973fb2)
link_addr_test: use <cstddef>, not <sys/stddef.h>
<cstddef> is the correct header; this fixes the GCC build.
while here, sort the headers.
Fixes: 757e973fb2 ("libc tests: add tests for link_addr(3) and link_ntoa(3)")
Reviewed by: des
Approved by: des (mentor)
Differential Revision: https://reviews.freebsd.org/D50189
(cherry picked from commit bbffdfef3b)
Several manual pages for releng/14.3 incorrectly claim that features
were first introduced in FreeBSD 15.0.
I discovered these by running:
git checkout origin/releng/14.3
git grep -F '.Fx 15.0'
Approved by: re (cperciva)
MFC After: 3 days
Reviewed by: imp, ziaee
Pull Request: https://github.com/freebsd/freebsd-src/pull/1685
(cherry picked from commit 5b9660caff)
(cherry picked from commit ef4014882ee1413eba75a78f6e307e16123c63d1)
When the file system does not support symbolic links (like in the case
of MSDOS), symlink() returns -1 and sets errno to EOPNOTSUPP.
Document this behavior.
Reviewed by: glebius, markj
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D49803
(cherry picked from commit dd9e59beeb)
wchar_t is unsigned on ARM platforms, and signed pretty much everywhere
else. On signed platforms, `nm` ends up with bogus upper bits set if we
did in-fact have a valid CS2 or CS3 (MSB set). Mask just the low byte
to avoid sign bit garbage.
Bare basic test of converting a CS2 widechar in eucCN, which would
previously kick back an EILSEQ.
Reviewed by: bapt, rew
Sponsored by: Klara, Inc.
(cherry picked from commit c4c562eadf)
This adds a basic test that __cxa_atexit works, and also adds some tests
for __cxa_atexit handlers registered in the middle of __cxa_finalize.
PR: 285870
(cherry picked from commit ee9ce1078c)
science/dlib-cpp reveals an interesting scenario that works fine on
other platforms but not on FreeBSD; notably, it ends up creating a new
global object from some destructor which is called during
__cxa_finalize. This breaks when libdlib is dlopen()ed and then
subsequently dlclose()ed, as we never end up invoking the created
object's dtor until program exit when the shlib is already unmapped.
Fix it by noting when we're in the middle of __cxa_finalize for a dso,
and then restarting the search if __cxa_atexit() was called in the
middle somewhere.
We wait until we've processed the initial set before starting over and
processing the newly added handlers as if it were a complete set of
handlers added during runtime. The alternative is calling them as
they're added to maintain a LIFO in terms of total ordering, but in
theory a constructor could add another global object that also needs to
be destroyed, and that object needs to be destroyed after the one that
constructed it to avoid creating unexpected lifetime issues.
This manifests in the pdlib PHP extension for dlib crashing, see [0].
[0] https://github.com/goodspb/pdlib/issues/39
PR: 285870
Reviewed by: kevans (also supplied commit message)
(cherry picked from commit 23427c8e1f)
Reviewed by: Alexander Ziaee <concussious@runbox.com>
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48063
(cherry picked from commit b6f4027ad9)
This new system call allows to set all necessary credentials of
a process in one go: Effective, real and saved UIDs, effective, real and
saved GIDs, supplementary groups and the MAC label. Its advantage over
standard credential-setting system calls (such as setuid(), seteuid(),
etc.) is that it enables MAC modules, such as MAC/do, to restrict the
set of credentials some process may gain in a fine-grained manner.
Traditionally, credential changes rely on setuid binaries that call
multiple credential system calls and in a specific order (setuid() must
be last, so as to remain root for all other credential-setting calls,
which would otherwise fail with insufficient privileges). This
piecewise approach causes the process to transiently hold credentials
that are neither the original nor the final ones. For the kernel to
enforce that only certain transitions of credentials are allowed, either
these possibly non-compliant transient states have to disappear (by
setting all relevant attributes in one go), or the kernel must delay
setting or checking the new credentials. Delaying setting credentials
could be done, e.g., by having some mode where the standard system calls
contribute to building new credentials but without committing them. It
could be started and ended by a special system call. Delaying checking
could mean that, e.g., the kernel only verifies the credentials
transition at the next non-credential-setting system call (we just
mention this possibility for completeness, but are certainly not
endorsing it).
We chose the simpler approach of a new system call, as we don't expect
the set of credentials one can set to change often. It has the
advantages that the traditional system calls' code doesn't have to be
changed and that we can establish a special MAC protocol for it, by
having some cleanup function called just before returning (this is
a requirement for MAC/do), without disturbing the existing ones.
The mac_cred_check_setcred() hook is passed the flags received by
setcred() (including the version) and both the old and new kernel's
'struct ucred' instead of 'struct setcred' as this should simplify
evolving existing hooks as the 'struct setcred' structure evolves. The
mac_cred_setcred_enter() and mac_cred_setcred_exit() hooks are always
called by pairs around potential calls to mac_cred_check_setcred().
They allow MAC modules to allocate/free data they may need in their
mac_cred_check_setcred() hook, as the latter is called under the current
process' lock, rendering sleepable allocations impossible. MAC/do is
going to leverage these in a subsequent commit. A scheme where
mac_cred_check_setcred() could return ERESTART was considered but is
incompatible with proper composition of MAC modules.
While here, add missing includes and declarations for standalone
inclusion of <sys/ucred.h> both from kernel and userspace (for the
latter, it has been working thanks to <bsm/audit.h> already including
<sys/types.h>).
Reviewed by: brooks
Approved by: markj (mentor)
Relnotes: yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47618
(cherry picked from commit ddb3eb4efe)
- Use GETENTROPY_MAX instead of hard-coding the value.
- Check for EINVAL instead of EIO
Fixes: 473681a1a5 ("libc: Fix getentropy POSIX 2024 conformance issues")
(cherry picked from commit c5056a3931)
The SUS doesn't mention this error code as a possible one [1]. The FreeBSD
manual page specifies a possible ECONNRESET for close(2):
[ECONNRESET] The underlying object was a stream socket that was
shut down by the peer before all pending data was
delivered.
In the past it had been EINVAL (see 21367f630d), and this EINVAL was
added as a safety measure in 623dce13c6. After conversion to
ECONNRESET it had been documented in the manual page in 78e3a7fdd5, but
I bet wasn't ever tested to actually be ever returned, cause the
tcp-testsuite[2] didn't exist back then. So documentation is incorrect
since 2006, if my bet wins. Anyway, in the modern FreeBSD the condition
described above doesn't end up with ECONNRESET error code from close(2).
The error condition is reported via SO_ERROR socket option, though. This
can be checked using the tcp-testsuite, temporarily disabling the
getsockopt(SO_ERROR) lines using sed command [3]. Most of these
getsockopt(2)s are followed by '+0.00 close(3) = 0', which will confirm
that close(2) doesn't return ECONNRESET even on a socket that has the
error stored, neither it is returned in the case described in the manual
page. The latter case is covered by multiple tests residing in tcp-
testsuite/state-event-engine/rcv-rst-*.
However, the deleted block of code could be entered in a race condition
between close(2) and processing of incoming packet, when connection had
already been half-closed with shutdown(SHUT_WR) and sits in TCPS_LAST_ACK.
This was reported in the bug 146845. With the block deleted, we will
continue into tcp_disconnect() which has proper handling of INP_DROPPED.
The race explanation follows. The connection is in TCPS_LAST_ACK. The
network input thread acquires the tcpcb lock first, sets INP_DROPPED,
acquires the socket lock in soisdisconnected() and clears SS_ISCONNECTED.
Meanwhile, the syscall thread goes through sodisconnect() which checks for
SS_ISCONNECTED locklessly(!). The check passes and the thread blocks on
the tcpcb lock in tcp_usr_disconnect(). Once input thread releases the
lock, the syscall thread observes INP_DROPPED and returns ECONNRESET.
- Thread 1: tcp_do_segment()->tcp_close()->in_pcbdrop(),soisdisconnected()
- Thread 2: sys_close()...->soclose()->sodisconnect()->tcp_usr_disconnect()
Note that the lockless operation in sodisconnect() isn't correct, but
enforcing the socket lock there will not fix the problem.
[1] https://pubs.opengroup.org/onlinepubs/9799919799/
[2] https://github.com/freebsd-net/tcp-testsuite
[3] sed -i "" -Ee '/\+0\.00 getsockopt\(3, SOL_SOCKET, SO_ERROR, \[ECONNRESET\]/d' $(grep -lr ECONNRESET tcp-testsuite)
PR: 146845
Reviewed by: tuexen, rrs, imp
Differential Revision: https://reviews.freebsd.org/D48148
(cherry picked from commit 053a988497)
- Use a typical tagged list for the open flags instead of a literal
block. This permits using markup in the flag descriptions. Also,
drop the offset to avoid indenting the entire list.
- Note that O_RESOLVE_BENEATH only applies to openat(2)
- Use a clearer description of O_CLOEXEC (what it means, not the
internal flag it sets)
- Note that exactly one permission flag is required.
- Split up a paragraph on various flags so that each flag gets its own
paragraph. Some flags already had their own paragraph, so this is
more consistent. It also makes it clearer which flag a sentence is
talking about when a flag has more than one sentence.
- Appease some errors from igor and man2ps
- In the discussion about a returned directory descriptor opened with
O_SEARCH, avoid the use of Fa fd since the descriptor in question is
a return value and not an argument to open or openat.
- Various and sundry markup and language tweaks
Reviewed by: kib, emaste
Differential Revision: https://reviews.freebsd.org/D48253
(cherry picked from commit 826509a3c3)
- Use consistent language to describe user values unchanged by the
kernel.
- Replace passive language with active in a few places.
- Add a history note for kqueuex() and kqueue1().
- Add an MLINK and synopsis for kqueue1().
- Various wording and markup tweaks.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D48203
(cherry picked from commit 9b1585384d)
Clarify the RETURN VALUES section with improved structure,
the condition of the return value 0, and the setting of errno.
PR: 174581
Reviewed by: jhb, ziaee
Approved by: mhorne (mentor)
Differential Revision: https://reviews.freebsd.org/D48955
(cherry picked from commit 571df2c64a)
The SO_SETFIB option can be used to set a socket's FIB number, but there
is no way to retrieve it. Rename SO_SETFIB to SO_FIB and implement a
handler for it for getsockopt(2).
Reviewed by: glebius
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D48834
(cherry picked from commit ee951eb59f)
GETENTROPY_MAX should be defined in limits.h. EINVAL is the return
value for buflen > GETENTROPY_MAX.
PR: 282783
Reviewed by: markj, asomers, jhb
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47689
These tests create a linked list with one entry for every group on the
running system. On a system with about 30,000 groups, the test took 69
seconds to run, and crashed Kyua with the below error:
kyua: E: string or blob too big (sqlite op: sqlite3_bind_blob) (sqlite db: /root/.kyua/store/results.usr_tests.20241231-203317-570235.db).
Fix the test by limiting it to operating on the first 1024 groups.
Apply the same change to getpw_test and getserv_test too, which are
vulnerable to the same problem.
Sponsored by: ConnectWise
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D48275
(cherry picked from commit d11904b350)
We previously claimed that non-page-aligned addresses would return
EINVAL, but the address is in fact rounded down to the page boundary.
Reported by: Harald Eilertsen <haraldei@anduin.net>
Reviewed by: brooks
Sponsored by: The FreeBSD Foundation
Fixes: dabee6fecc ("kern_descrip.c: add fdshare()/fdcopy()")
Differential Revision: https://reviews.freebsd.org/D48465
(cherry picked from commit 9e36aaf0c2)
This matches the man page for qsort_s().
PR: 281828
Signed-off-by: Graham Percival <gperciva@tarsnap.com>
Sponsored by: Tarsnap Backup Inc.
(cherry picked from commit d0a3fd34a0)
- Add some missing .Pp macros after the end of literal blocks and some
lists to ensure there is a blank line before the following text.
- Use an indent of Ds for nested lists to reduce excessive indentation and
make the bodies of the nested list items easier to read.
- Various and sundry rewordings and clarifications.
Reviewed by: kib, emaste
Differential Revision: https://reviews.freebsd.org/D47782
(cherry picked from commit 8277c79017)
These were reported by `mandoc -T lint` as
ERROR: skipping unknown macro
When these pages were rendered with `man`, the "unknown macro" meant
that the entire line was omitted from the output.
Obvious typos in:
lib/libsys/swapon.2
lib/libsys/procctl.2
share/man/man9/firmware.9
lib/libcasper/services/cap_net/cap_net.3: 'mode' describes a function
argument.
lib/libsys/statfs.2: there's no .Tm command ("trademark?"), and
.Tn ("tradename") is deprecated, so remove the macro entirely.
usr.sbin/mfiutil/mfiutil.8: man was interpreting '/dev/' as a macro
(which it didn't recognize).
share/man/man4/qat.4: same issue as above, but with '0'. In this case,
given the context of the previous line, rewriting as "Value '0'"
seemed more appropriate.
usr.sbin/mlx5tool/mlx5tool.8: typo in .Xr
Signed-off-by: Graham Percival <gperciva@tarsnap.com>
Sponsored by: Tarsnap Backup Inc.
Reviewed by: concussious, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1417
(cherry picked from commit 2878d99dfc)
The day-of-week calculation used the raw year value without adjusting
for TM_YEAR_BASE, so it was off by one for 300 years out of every 400;
it just happened to be correct for 1901 through 2000. It also used a
loop where a simple addition would have sufficed.
While here, simplify our version of Gauss's algorithm, and document
that we assume the Gregorian calendar.
MFC after: 1 week
PR: 282916
Reviewed by: imp, allanjude, philip
Differential Revision: https://reviews.freebsd.org/D47977
(cherry picked from commit 4285e024ba)
Moved from libsys to libc for stable/14.
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47556
(cherry picked from commit 36887e0494)
With this patch, it is possible to call fchmod() on a unix socket prior
to binding it to the filesystem namespace, so that the mode is set
atomically. Without this, one has to call chmod() after bind(), leaving
a window where threads can connect to the socket with the default mode.
After bind(), fchmod() reverts to failing with EINVAL.
This interface is copied from Linux.
The behaviour of fstat() is unmodified, i.e., it continues to return the
mode as set by soo_stat().
PR: 282393
Reviewed by: kib
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D47361
(cherry picked from commit bfd03046d1)
