Building tests/sys/fs/fusefs with clang 18 results the following
warning:
tests/sys/fs/fusefs/cache.cc:145:14: error: variable length arrays in C++ are a Clang extension [-Werror,-Wvla-cxx-extension]
145 | uint8_t buf[bufsize];
| ^~~~~~~
Because we do not particularly care that this is a clang extension,
suppress the warning.
MFC after: 3 days
(cherry picked from commit dc0b4094abf6784bf1a9492c2fea3fb91116b014)
Building share/examples/tests with clang 18 results in a few warnings
like:
share/examples/tests/tests/plain/printf_test.c:67:6: error: 'snprintf' will always be truncated; specified size is 10, but format string expands to at least 17 [-Werror,-Wformat-truncation]
67 | if (snprintf(buffer, sizeof(buffer), "0123456789abcdef") != 16)
| ^
Since these tests are meant as an example of testing snprintf overflow,
suppress the warnings.
MFC after: 3 days
(cherry picked from commit 69c8025a498450b6bc4cc9e97ba779ed1c2e7f4b)
Commit 428879dc9110 adds a requirement for a new upcall for the
gssd(8). This patch adds that upcall.
Unfortunately, the old gssd.c would not build against the new
patched gssd.x.
This patch will fix the build.
(cherry picked from commit 82ea0132c8b17a7a6067c8a36c6434e587ede6de)
During recent testing related to the IETF NFSv4 Bakeathon, it was
discovered that Kerberized NFSv4.1/4.2 mounts to pNFS servers
(sec=krb5[ip],pnfs mount options) was broken.
The FreeBSD client was using the "service principal" for
the MDS to try and establish a rpcsec_gss credential for a DS,
which is incorrect. (A "service principal" looks like
"nfs@<fqdn-of-server>" and the <fqdn-of-server> for the DS is not
the same as the MDS for most pNFS servers.)
To fix this, the rpcsec_gss code needs to be able to do a
reverse DNS lookup of the DS's IP address. A new kgssapi upcall
to the gssd(8) daemon is added by this patch to do the reverse DNS
along with a new rpcsec_gss function to generate the "service
principal".
A separate patch to the gssd(8) will be committed, so that this
patch will fix the problem. Without the gssd(8) patch, the new
upcall fails and current/incorrect behaviour remains.
This bug only affects the rare case of a Kerberized (sec=krb5[ip],pnfs)
mount using pNFS.
This patch changes the internal KAPI between the kgssapi and
nfscl modules, but since I did a version bump a few days ago,
I will not do one this time.
(cherry picked from commit dd7d42a1fae5a4879b62689a165238082421f343)
A future commit needs a new upcall function that can do reverse
DNS in order to generate a "service principal".
This patch adds the file.
(cherry picked from commit 428879dc9110240ad0940c7ac8cd69bcaf6e686e)
xpt_path_string() is now a wrapper around xpt_path_sbuf(). Using it
to than concatenate result to another sbuf makes no sense. Just call
xpt_path_sbuf() directly.
MFC after: 1 month
(cherry picked from commit 8c4ee0b22c98fc1e208dd133f617bd329cd10728)
This makes code cleaner, plus fixes such nonsense as humanized JSON
and XML, making all numbers raw without quotes, spaces, suffixes, etc.
MFC after: 2 weeks
(cherry picked from commit 1f36ca5de596f7c2eb446df5b8e06877901d727a)
Raw numbers can be seen in json/xml or with --libxo=no-humanize.
MFC after: 2 weeks
(cherry picked from commit 598d1ac85e87d9312b9fd3266908ab6a6768edc6)
The previous code would correctly parse strings including quotation
marks (") or backslash (/), but the tests when creating the export
includes them in the final string. This prevents exporting paths
with embedded spaces, for example "/exports/with space". Trying
results in log lines resembling:
mountd[1337]: bad exports list line '/exports/with\ space':
/exports/with\ space: lstat() failed: No such file or directory.
Turns out that when creating its exports list, zfs escapes strings
in a format compatible with vis(3). Since I expect that zfs sharenfs
is the dominating use case for generating an exports list, use
strunvis(3) to parse the export path. The result is lines like the
following allowing spaces:
/exports/with\040space -network 192.168.0 -mask 255.255.255.0
A man page update will be done as a separate commit.
(cherry picked from commit 7c5146da128688ba2bb6bdad5e98716087a47281)
Rather than calling calloc() to allocate space for a page size array to
pass to getpagesizes(), just follow the getpagesizes() implementation
and allocate MAXPAGESIZES elements on the stack. This avoids the need
for the allocation.
While this does mean that a new libc is required to take advantage of a
new huge page size, that was already true due to getpagesizes() using a
static buffer of MAXPAGESIZES elements.
Reviewed by: kevans, imp, emaste
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D42710
(cherry picked from commit c96772227b7dfcaf4eec4d07acb5c916643aca3a)
Due to memfd_create(3)'s construction of a path to pass to shm_open2(2),
it has a much larger than typical dependency footprint for a system
call wrapper (the list currently includes calloc, memset, sprintf, and
strlen). As such, split it off into its own file under libc/gen to
lighten libc/sys's dependency list.
Reviewed by: kevans, imp, emaste
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D42709
(cherry picked from commit c3207e2d2554c8e36f9cf5950f8cd52a19fedfd5)
Most all of the memory used by the cards in the mpr(4) and mps(4)
drivers is required, according to the specs and Broadcom developers,
to be within a 4GB segment of memory.
This includes:
System Request Message Frames pool
Reply Free Queues pool
ReplyDescriptorPost Queues pool
Chain Segments pool
Sense Buffers pool
SystemReply message pool
We got a bug report from Dwight Engen, who ran into data corruption
in the BAE port of FreeBSD:
> We have a port of the FreeBSD mpr driver to our kernel and recently
> I found an issue under heavy load where a DMA may go to the wrong
> address. The test system is a Supermicro X10SRH-CLN4F with the
> onboard SAS3008 controller setup with 2 enterprise Micron SSDs in
> RAID 0 (striped). I have debugged the issue and narrowed down that
> the errant DMA is one that has a segment that crosses a 4GB
> physical boundary. There are more details I can provide if you'd
> like, but with the attached patch in place I can no longer
> re-create the issue.
> I'm not sure if this is a known limit of the card (have not found a
> datasheet/programming docs for the chip) or our system is just
> doing something a bit different. Any helpful info or insight would
> be welcome.
> Anyway, just thought this might be helpful info if you want to
> apply a similar fix to FreeBSD. You can ignore/discard the commit
> message as it is my internal commit (blkio is our own tool we use
> to write/read every block of a device with CRC verification which
> is how I found the problem).
The commit message was:
> [PATCH 8/9] mpr: fix memory corrupting DMA when sg segment crosses
> 4GB boundary
> Test case was two SSD's in RAID 0 (stripe). The logical disk was
> then partitioned into two partitions. One partition had lots of
> filesystem I/O and the other was initially filled using blkio with
> CRCable data and then read back with blkio CRC verify in a loop.
> Eventually blkio would report a bad CRC block because the physical
> page being read-ahead into didn't contain the right data. If the
> physical address in the arq/segs was for example 0x500003000 the
> data would actually be DMAed to 0x400003000.
The original patch was against mpr(4) before busdma templates were
introduced, and only affected the buffer pool (sc->buffer_dmat) in
the mpr(4) driver. After some discussion with Dwight and the
LSI/Broadcom developers and looking through the driver, it looks
like most of the queues in the driver are ok, because they limit
the memory used to memory below 4GB. The buffer queue and the chain
frames seem to be the exceptions.
This is pretty much the same between the mpr(4) and mps(4) drivers.
So, apply a 4GB boundary limitation for the buffer and chain frame pools
in the mpr(4) and mps(4) drivers.
Reported by: Dwight Engen <dwight.engen@gmail.com>
Reviewed by: imp
Obtained from: Dwight Engen <dwight.engen@gmail.com>
Differential Revision: <https://reviews.freebsd.org/D43008>
(cherry picked from commit 264610a86e14f8e123d94c3c3bd9632d75c078a3)
This adds a protocol extension to improve the integrity of the SSH
transport protocol, particular in and around the initial key exchange
(KEX) phase.
Full details of the extension are in the PROTOCOL file.
OpenBSD-Commit-ID: 2a66ac962f0a630d7945fee54004ed9e9c439f14
Approved by: so (implicit)
Obtained from: https://anongit.mindrot.org/openssh.git/patch/?id=1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5
Security: CVE-2023-48795
(cherry picked from commit 92f58c69a14c0afe910145f177c0e8aeaf9c7da4)
syzbot reported a single boot-time crash in g_event_procbody(), a page
fault when dereferencing g_event_td. g_event_td is initialized by the
kproc_kthread_add() call which creates the GEOM event thread:
kproc_kthread_add(g_event_procbody, NULL, &g_proc, &g_event_td,
RFHIGHPID, 0, "geom", "g_event");
I believe that the caller of kproc_kthread_add() was preempted after
adding the new thread to the scheduler, and before setting *newtdp,
which is equal to g_event_td. Thus, since the first action of the GEOM
event thread is to lock itself, it ended up dereferencing a NULL
pointer.
Fix the problem simply by initializing *newtdp earlier. I see no harm
in that, and it matches kproc_create1(). The scheduler provides
sufficient synchronization to ensure that the store is visible to the
new thread, wherever it happens to run.
Reported by: syzbot+5397f4d39219b85a9409@syzkaller.appspotmail.com
Reviewed by: kib
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D42986
(cherry picked from commit ae77041e0714627f9ec8045ca9ee2b6ea563138e)
The VFP code expects the kernel to boot with VFP disabled, but some
boards will boot with it enabled. Make sure that vfp_init() disables
the VFP on each CPU during boot.
PR: 273752
Reviewed by: andrew
Diagnosed by: Thomas Skibo <thomas-bsd@skibo.net>
MFC after: 1 week
(cherry picked from commit ce2f34ade8b787b068085fa8a8ddd295b06c2737)
vfp_bounce() is called when handling an undefined instruction exception,
to see if we need to enable the VFP. Previously it would
unconditionally panic if the exception came from the kernel, which was
simply wrong, and it did not permit lazy initialization of VFP state in
the kernel. However, this functionality can be useful and is supported
by arm's fpu_kern_enter() implementation. Thus, relax assertions and
consume the exception if the thread was in an FPU section.
Based on a patch from Stormshield.
Reviewed by: andrew
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D42971
(cherry picked from commit 03a07de0d5ee7d58069152070c42d55f7ec32b7c)
Only panic if no undefined instruction handler matched the exception.
This can arise in practice if the VFP is enabled lazily.
While here, fix the panic string to not include a newline.
Reviewed by: andrew
Obtained from: Stormshield
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D42970
(cherry picked from commit ecc2e6deae71b69a30bf3b7e3354aba002a37d69)
This enables the use of some out-of-tree crypto libraries on arm.
No functional change intended, there are no callers of this function in
the tree currently.
Reviewed by: andrew
MFC after: 1 week
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D42969
(cherry picked from commit a6a481eaa2e0f02e24b874f1a08bb494a68972c0)
Commit 6aded1e6b2e5 fixed a rare case when handling an NFSv4
Rename reply when delegations are in use. This patch fixes the
associated comment.
(cherry picked from commit 0a958aa16fed1978879d64e3b225f1d232cc5a98)
When delegations are enabled (they are not by default in
the FreeBSD NFSv4 server), rename will check for and return
delegations. If the second of these DelegReturn operations
were to fail (they rarely do), then the code would not retry
the rename with returning delegations, as it is intended to do.
The patch fixes the problem, since the DelegReturn reply status
is the second iteration of the loop and not the first iteration.
As noted, this bug would have rarely manifested a problem, since
DelegReturn operations do not normally fail.
(cherry picked from commit 6aded1e6b2e5549120031032e1c7f8b002882327)
The iostat(8) manual page should be more specific when using
options. Also extented the BUGS section.
PR: 153012
Reviewed by: bcr
Differential Revision: https://reviews.freebsd.org/D42633
(cherry picked from commit 502e8f44fcc18bfc6dadca56801d66cbce4c07ec)
Improve Proportional Rate Reduction (RFC6937) by using a
heuristic, which automatically chooses between
conservative CRB and more aggressive SSRB modes.
Only when snd_una advances (a partial ACK), SSRB may be
used. Also, that ACK must not have any indication of
ongoing loss - using the addition of new holes into the
scoreboard as proxy for such an event.
MFC after: 4 weeks
Reviewed By: #transport, kbowling, rrs
Sponsored By: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D28822
(cherry picked from commit 49a6fbe38728173da74d5b497f700178e2a6c830)
Inherit the setting from the listener socket in syncache_socket.
MFC after: 2 weeks
Reviewed By: tuexen, #transport
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D42874
(cherry picked from commit f071abd92e726fc12e9256662e1f286f364252ee)
IETF is no longer serving leap-seconds.list. Point at IANA instead.
This fixes "service ntpd fetch".
(cherry picked from commit b1c95af45488bef649e9a84890e2414ff80b3a00)
This tests that with RTLD_DEEPBIND, symbols are looked up in all of the
object's needed objects before the global object.
PR: 275393
Reviewed by: kib
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
(cherry picked from commit d9c543b6b0cabea6e6679d70b4e701018e7eab80)
Convert waitsec to a long long to be able to hold the full domain of
alarm(3) timeout on all platforms, and let strtonum(3) handle the input
validation. strtonum(3) also happens to provide a neater interface for
error handling, and it already includes our pre-existing empty input
check.
Sponsored by: Klara, Inc.
(cherry picked from commit e4967d4d48b0a7d873e4f778c0a6e560e09d4dc3)
This is most useful inside a shell script, allowing one to lock just
portions of a script rather than having to wrap the entire script in a
lock.
PR: 262738
Reviewed by: 0mp, allanjude (both previous versions)
Co-authored-by: Daniel O'Connor <darius@dons.net.au>
Sponsored by: Klara, Inc.
(cherry picked from commit 09a7fe0a5523d53ff6c26ddef9a947f293e18c22)
Provide basic coverage for the existing options, nothing deeper (e.g.,
pipe closing behavior) is tested in this set.
Reviewed by: allanjude
Feedback from: des
Sponsored by: Klara, Inc.
(cherry picked from commit 296a5a4db1fc8203f5f6aa8f68321e6ab4652b56)
None of these are essential in the lockf monitor (parent post-fork), so
close them to maintain the illusion that lockf hasn't been inserted into
the pipeline. This ensures that the correct effects happen on other
programs in the pipeline if the locked command closes or redirects these
elsewhere.
The original patch used -s to close stdout/stderr rather than closing
them unconditionally, but it's not clear that we really care that much.
kevans dropped that part when taking the patch, patch is otherwise by
listed author.
PR: 112379
Reviewed by: 0mp, allanjude (both earlier version), kevans
Feedback from: des
Sponsored by: Klara, Inc.
(cherry picked from commit 18425c19cae08cbe41801845457ed67285806688)
The error message is expected, allow -s to suppress just that one since
it would loosely fall under the definition of "failure to acquire the
lock" described in the manpage for the -s option.
Reviewed by: 0mp, allanjude
Feedback from: des
Sponsored by: Klara, Inc.
(cherry picked from commit 3041e6950d07f0d11c9f91fefbf3c273cbbe4407)
The -w flag was added without being noted in the usage statement; fix
that now.
While we're here, re-sort the getopt() string.
Reviewed by: 0mp, allanjude, des
Sponsored by: Klara, Inc.
(cherry picked from commit 35095fd23f071d03633312b91a5b460eaf811efa)
This grows the block enough to fit a 4K 32-bit depth framebuffer; some
firmware would present smaller GOP modes to be able to boot with a
smaller framebuffer on these devices, but the Windows Devkit firmware
is simply not that nice. Instead, it offers exactly one GOP mode that
matches the current resolution of the attached display, so with limited
control over resolution on most of my displays it'd be nice if we could
Just Work(TM) at 4K.
andrew notes that he has some ideas for removing PMAP_MAPDEV_EARLY_SIZE
entirely, so this limitation could end up removed altogether in the
future.
Reviewed by: andrew, emaste
(cherry picked from commit a3ceeef26bc880b86f4e181bddd9924a2b5e0691)
Abstract out the details of the FreeBSD build into a $TINFO_OBJDIR that
external builds can override if they orchestrate the build a bit
differently and have a different objdir layout as a result. This makes
the ncurses build a little bit more flexible without requiring weird
backflips.
Reviewed by: bapt, sjg
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
(cherry picked from commit c086d1cbc3d13967c031e6420831349967dbcfa2)
