Regroup assignments tweaking preprocessor defines/undefs, and separately
those about include directories.
Re-order include directories a bit more logically, and remove redundant
ones.
Separate logical groups by blank lines.
Build artifacts have been verified to stay the same when produced with
an external LLVM 18 toolchain.
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48070
Check if RISC-V SSTC is available and advertise to the guest.
This is needed for Eswin EIC7700 that does not include SSTC.
As we don't have a mechanism for reporting extension presence
from the kernel to userspace, then use vm_cap_type for now.
Reviewed by: mhorne, markj
Differential Revision: https://reviews.freebsd.org/D48058
The general syntax is:
pass in inet from any to 192.168.1.1 af-to inet6 from 2001::1 to 2001::2
In the NAT64 case the "to" is not needed in af-to and the IP is extraced
from the IPv6 dst (assuming a /64 prefix).
Again most work by sperreault@, mikeb@ and reyk@
OK mcbride@, put it in deraadt@
Obtained from: OpenBSD, claudio <claudio@openbsd.org>, 0cde32ce3f
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D47790
Now that we can NAT64 we can have states where the wire and stack address
families (and protocol) are different. Update the state export code to account
for this.
We keep exporting address family and protocol outside of the key, for backwards
compatibility. This'll return misleading information to userspace in the NAT64
case, but it's assumed that userspace will either understand NAT64 (and thus
look for them in the correct place), or not configure it.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D47787
We won't follow this fully, because it involves breaking syntax changes
(removing nat/rdr rules and moving this functionality into regular rules) as
well as behaviour changes because NAT is now done after the rules evaluation,
rather than before it.
We import some related changes anyway, because it paves the way for nat64
support.
This change introduces a new pf_kpool in struct pf_krule, for nat. It is not yet
used (but will be for nat64) and renames the existing 'rpool' to 'rdr'.
Obtained from: OpenBSD, henning <henning@openbsd.org>, 0ef3d4febe
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D47783
This new system call allows to set all necessary credentials of
a process in one go: Effective, real and saved UIDs, effective, real and
saved GIDs, supplementary groups and the MAC label. Its advantage over
standard credential-setting system calls (such as setuid(), seteuid(),
etc.) is that it enables MAC modules, such as MAC/do, to restrict the
set of credentials some process may gain in a fine-grained manner.
Traditionally, credential changes rely on setuid binaries that call
multiple credential system calls and in a specific order (setuid() must
be last, so as to remain root for all other credential-setting calls,
which would otherwise fail with insufficient privileges). This
piecewise approach causes the process to transiently hold credentials
that are neither the original nor the final ones. For the kernel to
enforce that only certain transitions of credentials are allowed, either
these possibly non-compliant transient states have to disappear (by
setting all relevant attributes in one go), or the kernel must delay
setting or checking the new credentials. Delaying setting credentials
could be done, e.g., by having some mode where the standard system calls
contribute to building new credentials but without committing them. It
could be started and ended by a special system call. Delaying checking
could mean that, e.g., the kernel only verifies the credentials
transition at the next non-credential-setting system call (we just
mention this possibility for completeness, but are certainly not
endorsing it).
We chose the simpler approach of a new system call, as we don't expect
the set of credentials one can set to change often. It has the
advantages that the traditional system calls' code doesn't have to be
changed and that we can establish a special MAC protocol for it, by
having some cleanup function called just before returning (this is
a requirement for MAC/do), without disturbing the existing ones.
The mac_cred_check_setcred() hook is passed the flags received by
setcred() (including the version) and both the old and new kernel's
'struct ucred' instead of 'struct setcred' as this should simplify
evolving existing hooks as the 'struct setcred' structure evolves. The
mac_cred_setcred_enter() and mac_cred_setcred_exit() hooks are always
called by pairs around potential calls to mac_cred_check_setcred().
They allow MAC modules to allocate/free data they may need in their
mac_cred_check_setcred() hook, as the latter is called under the current
process' lock, rendering sleepable allocations impossible. MAC/do is
going to leverage these in a subsequent commit. A scheme where
mac_cred_check_setcred() could return ERESTART was considered but is
incompatible with proper composition of MAC modules.
While here, add missing includes and declarations for standalone
inclusion of <sys/ucred.h> both from kernel and userspace (for the
latter, it has been working thanks to <bsm/audit.h> already including
<sys/types.h>).
Reviewed by: brooks
Approved by: markj (mentor)
Relnotes: yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47618
This flag is used in field 'cr_flags', which is never directly visible
outside the kernel. That field is however exported through 'struct
kinfo_proc' objects (field 'ki_cr_flags'), either from the kernel via
sysctls or from libkvm, and is supposed to contain exported flags
prefixed with KI_CRF_ (currently, KI_CRF_CAPABILITY_MODE and
KI_CRF_GRP_OVERFLOW, this second one being a purely userland one
signaling overflow of 'ki_groups').
Make sure that KI_CRF_CAPABILITY_MODE is the flag actually exported and
tested by userland programs, and hide the internal CRED_FLAG_CAPMODE.
As both flags are currently defined to the same value, this doesn't
change the KBI, but of course does change the KPI. A code search via
GitHub and Google fortunately doesn't reveal any outside uses for
CRED_FLAG_CAPMODE.
While here, move assignment of 'ki_uid' to a more logical place in
kvm_proclist(), and definition of XU_NGROUPS as well in 'sys/ucred.h'
(no functional/interface changes intended).
Reviewed by: mhorne
Approved by: markj (mentor)
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46909
Note in the manpage that the 2024 edition finally added ppoll(), and
also add the appropriate declarations for the correct versions of
_POSIX_C_SOURCE (via __POSIX_VISIBLE).
Differential Revision: https://reviews.freebsd.org/D48043
I added a third value for kern.logsigexit to mean 'auto' as an abundance
of caution, but I don't know how much it matters -- that can be easily
consolidated back to boolean-ish.
This is primarily targeted towards people running test suites under CI
(e.g. buildbot, jenkins). Oftentimes tests entail segfaults that are
expected, and logs get spammed -- this can be particularly high volume
depending on the application. Per-process control of this behavior is
desirable because they may still want to be logging legitimate
segfaults, so the system-wide atomic bomb kern.logsigexit=0 is not a
great option.
This adds a process flag to disable it, controllable via
procctl(2)/proccontrol(1); the latter knows it as "sigexitlog" due to
its length, but it's referred to almost everywhere else as
"sigexit_log."
Reviewed by: kib (earlier version), pstef
Differential Revision: https://reviews.freebsd.org/D21903
Note in the manpage that the 2024 edition finally added ppoll(), and
also add the appropriate declarations for the correct versions of
_POSIX_C_SOURCE.
Differential Revision: https://reviews.freebsd.org/D48043
Make it easire to update jemalloc by moving the FreeBSD specific files
and the generated files into lib/libc. This allows us to regenerate them
more easily, and emphasizes a bit that we may have to regenerate stuff
from upstream.
This is necessary to also unthin the import from the vendor branch as
well (which will be needed to simplify the imports in the future since
we are trying to use contrib/jemalloc for two different things).
No functional change.
Sponsored by: Netflix
The more generated things that are in contrib/jemalloc tree, the more
chances for interference goes way up. So, move this file into our
lib/libc tree. I didn't add a 'generated file' line / info, but this is
funky enough I don't think we need that. We do add things to the man
page, and that should be tracked in the contrib/jemalloc tree to allow
better importing experience.
Sponsored by: Netflix
The day-of-week calculation used the raw year value without adjusting
for TM_YEAR_BASE, so it was off by one for 300 years out of every 400;
it just happened to be correct for 1901 through 2000. It also used a
loop where a simple addition would have sufficed.
While here, simplify our version of Gauss's algorithm, and document
that we assume the Gregorian calendar.
MFC after: 1 week
PR: 282916
Reviewed by: imp, allanjude, philip
Differential Revision: https://reviews.freebsd.org/D47977
For some reason return value of the __je_bootstrap_malloc()
is not checked and then de-referenced few lines below, causing
a SEGV if an early allocation fails.
MFC after: 1 month
- Add some missing .Pp macros after the end of literal blocks and some
lists to ensure there is a blank line before the following text.
- Use an indent of Ds for nested lists to reduce excessive indentation and
make the bodies of the nested list items easier to read.
- Various and sundry rewordings and clarifications.
Reviewed by: kib, emaste
Differential Revision: https://reviews.freebsd.org/D47782
The new unit test validates that the range reduction works correctly.
We do not currently validate that there is no bias as that would take
too much time and memory for a unit test.
Reviewed by: cem
Approved by: emaste
Differential Revision: https://reviews.freebsd.org/D47659
Daniel Lemire has published a more efficient range reduction algorithm
for finding a random number in a given range without bias, reducing the
number of divisions to none in the common case and 1 in case the initial
sample is rejected.
This speeds up performance by 22% on amd64, 15% on i386, and 70% on armv7.
os: FreeBSD
arch: amd64
cpu: Intel(R) Core(TM) i7-4910MQ CPU @ 2.90GHz
│ benchmark.out │
│ sec/op │
Arc4random_uniform 56.53n ± 0%
Fast_uniform 44.00n ± 0%
geomean 49.87n
Reviewed by: cem
Approved by: emaste
Differential Revision: https://reviews.freebsd.org/D47659
This change is being done first so any functional changes from the tests
will be clearer to reviewers.
No functional change intended.
MFC after: 2 weeks
Ref: https://reviews.freebsd.org/D47826
This is similar to chroot(2), but takes a file descriptor instead
of path. Same syscall exists in NetBSD and Solaris. It is part of a larger
patch to make absolute pathnames usable in Capsicum mode, but should
be useful in other contexts too.
Reviewed By: brooks
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D41564
It is needed for SSP support.
Reported by: netchild, Shawn Webb
Fixes: 62dab3d016 ("getentropy: Remove fallback code")
Sponsored by: The FreeBSD Foundation
All the other libutil section 3 manpages document this, and although
it's heavily implied by the libutil.h header in the synopsis, we should
still be explicit and consistent.
PR: 280078
Reviewed by: jrtc27
MFC after: 1 week
Our implementation currently diverges from POSIX 2024 in a couple of
ways, as now noted in the BUGS section.
Reviewed by: brooks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47589
The return value is not required to be the difference between the
differing bytes, only less than zero, zero, or greater than zero.
Reviewed by: fuz
Event: Kitchener-Waterloo Hackathon 202406
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47683
We don't in general support running newer libc on an older kernel, but
have occasionally added support for specific functionality on a case-by-
case basis. When we do this it is usually done as an aid for developers
to get across a change that introduced new functionality, as for 64-bit
inodes and the introduction of the getrandom syscall.
The getrandom syscall was added in commit e9ac27430c ("Implement
getrandom(2) and getentropy(3)") in 2018, and exists in all supported
FreeBSD versions. The ECAPMODE special case applied to a few months
worth of kernel versions also in 2018 -- fixed as of commit ed1fa01ac4
("Regen after r337998.").
The backwards-compatibility support is no longer needed, so remove it.
Relnotes: Yes
Reviewed by: brooks, cem, delphij
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47636
getentropy has a comment about a special case to support kernels between
SVN revisions r331280 and r337999. Add the corresponding Git hashes so
there's a usable reference after Subversion infrastructure disappears.
Sponsored by: The FreeBSD Foundation
Also remove some information from HISTORY that is no longer needed (and
could be confusing), now that _Fork is part of a standard.
Reported by: kib
Reviewed by: imp, kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47588
- loader.efi.8: use proper way of printing a backslash.
- usr.bin/gzip/gzip.1: contained a non-breaking space (in utf-8, 0xC2A0).
- lib/libpmc/pmc.*.3: remove two duplicate .Xr lines
Signed-off-by: Graham Percival <gperciva@tarsnap.com>
Reviewed by: mhorne, Alexander Ziaee <concussious.bugzilla@runbox.com>
MFC after: 3 days
Sponsored by: Tarsnap Backup Inc.
Pull Request: https://github.com/freebsd/freebsd-src/pull/1523
