Debugging boot issues can be helped by
logging each rc.d script as it is run
and being able to selectively enable/disable set -x
debug.sh provides an elaborate framework for debugging shell scripts.
For secure systems, we want to be paranoid about what we read
during boot.
dot() simply reads (.) arg file if it exists
vdot() if mac_veriexec is active, ignore unverified files
otherwise behaves much the same as dot()
safe_dot() in safe_eval.sh allows reading an untrusted file;
limiting the input to simple variable assignments.
In load_rc_config allow caller to provide an option to indicate how to
handle its arg:
-v use vdot()
-s use sdot() which will try to use vdot() and fallback to safe_dot()
The default is to read using dot()
rc_run_scripts()
encapsulate the running of rc.d scripts
so that we can easily call it more than twice.
We vdot local.rc.subr to pick up extensions (like
run_rc_scripts_final) and overrides.
We also allow rc.subr.local or rc.conf to set rc_config_xtra
eg (rc_config_xtra=XXX for historic compatibility)
rc use set -o verify around the reading in of rc.subr
This has no effect if mac_veriexec is not active, but if it is; ensures
rc.subr has not been tampered with.
Reviewed by: imp
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D43671
This socket option was added in 6a2989fd54 together with LOCAL_CREDS.
Both options originate from NetBSD. The LOCAL_CREDS seems to be used by
some software and is covered by our test suite.
The main problem with LOCAL_CONNWAIT is that it doesn't work as
documented. A basic test shows that connect(2) indeed blocks, but
accept(2) on the other side does not wake it up. Indeed, I don't see what
code in the accept(2) path would go into the peer socket of a unix/stream
listener's child and would make wakeup(&so->so_timeo). I tried the test
even on a FreeBSD 6.4-RELEASE and it produced the same results as on
CURRENT.
The other thing that puzzles me is why that option would be useful even if
it worked? Because on unix/stream you can send(2) immediately after
connect(2) and that would put data on the peer receive buffer even before
listener had done accept(2). In other words, one side can do connect(2)
then send(2), only after the remote side would make accept(2) and the
remote would see the data sent before the accept(2). Again this
undocumented feature of unix(4) is present on all versions from FreeBSD 6
to CURRENT.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D43708
This reverts commit 407345752d.
No longer needed since helpers are moved to /lib.
Reviewed by: emaste
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Differential revision: https://reviews.freebsd.org/D43758
At runtime, when rtld loads libc it will also load libsys. For each
symbol that is present in both, the libsys one will override the libc
one. It continues to be the case that program need only link against
libc (usually implicitly). The linkage to libsys is automatic.
Reviewed by: kib, emaste, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/908
libsys provides the FreeBSD kernel interface (auxargs, system calls,
vdso). It can be linked directly for programs using a non-standard
libc and will later be linked as a filter library to libc providing
the actual system call implementation.
Reviewed by: kib, emaste, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/908
Add explaination about console fonts, how to convert them, which subset
of things support them and how to use them.
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1063
NetBSD calls "curproc" "self" and "exe" "file" for proc. Reduce
gratuitous differnces by including them as well.
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/976
Not all of the tree is happy for realinstall to be done in parallel. In
particular, Makefile.inc1 uses .WAIT to force etc to be installed after
earlier subdirectories, since etc calls into share/man's makedb to run
makewhatis on the tree and needs all manpages to have been installed.
Also, libexec/Makefile doesn't set SUBDIR_PARALLEL, and the link from
ld-elf32.1 to ld-elf.1 relies on rtld-elf having been installed before
rtld-elf32, otherwise creating the link will fail.
In general, core behavioural differences like this between NO_ROOT and
"normal" builds are also dangerous and confusing.
If this optimisation is deemed important, it should be reintroduced in a
more limited and robust manner that doesn't break the above situations.
Until then value correctness over slight efficiency gains on high core
count machines, the same machines where you're more likely to encounter
issues from this optimisation.
This reverts commits cd19ecdbdc ("Similar to r296013 for NO_ROOT,
force SUBDIR_PARALLEL for buildworld WORLDTMP staging.") and
b9c6f31681 ("Add more STANDALONE_SUBDIR_TARGETS.").
Found by: CheriBSD Jenkins
Reviewed by: bdrewery, brooks
Fixes: cd19ecdbdc ("Similar to r296013 for NO_ROOT, force SUBDIR_PARALLEL for buildworld WORLDTMP staging.")
Fixes: b9c6f31681 ("Add more STANDALONE_SUBDIR_TARGETS.")
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D43705
This document dates from the KAME days and, among other things,
references the 'prefix' command which has not existed for a long time.
Since IPv6 configuration is now documented in the Handbook, remove this
obsolete file.
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1094
Otherwise these are omitted for -DNO_ROOT builds, whether for disk
images or dist tarballs.
Reviewed by: brooks, emaste
Differential Revision: https://reviews.freebsd.org/D43676
Some hardware setups require a specific sample rate due to devices being
connected to digital ports (AES, S/PDIF, ADAT). Add a per device sysctl
"sample_rate" to let the user override sample rate requests from the pcm
infrastructure, when needed.
Differential Revision: https://reviews.freebsd.org/D43659
Times have changed, and we've diverged somewhat from the original style
guide, while still keeping much of the flavor and flair of its spirit as
the C language has evolved over the last 30 years since 4.4 was
released.
Sponsored by: Netflix
Now that stable/12 is now EOL, there's no reason to do this. They've
been proactively removed from the tree.
Reviewed by: imp, lwhsu
Differential Revision: https://reviews.freebsd.org/D43641
Let the user choose a period (interrupt cadence in samples), in the
official RME drivers this setting is available as "Buffer Size".
Override the period propagated through blocksize by pcm channel latency
settings (see sound(4)), since these are unreliable and differ between
playback and recording channels.
Differential Revision: https://reviews.freebsd.org/D43527
This function was used only in TCP before 446ccdd08e. It was born in
pain in 2016 to plug different complex panics in TCP timers. It wasn't
warmly accepted in phabricator by all of the reviewers and my recollection
of overall agreement was that "if you need this KPI, then you'd better fix
your code to not need it". However, the function served its duty well all
the way to FreeBSD 14. But now that TCP doesn't need it anymore, let's
retire it to reduce complexity of callout code and also to avoid its
further use.
Reviewed by: jhb, markj, kib, rrs
Differential Revision: https://reviews.freebsd.org/D43546
Update the example to include a firmware module in the kernel from npe
to iwn. Npe was deleted 6 years ago so makes a poor example of how to
embed firmware in the kernel.
Sponsored by: Netflix
Add entries about new ports committer (dutra)
Update Mentor and Mentee Information
Approved by: dbaio(mentor), garga(mentor)
Differential Revision: https://reviews.freebsd.org/D43502
device_set_descf() is a printf-like version of device_set_desc().
Allocation code has been transferred from device_set_desc_internal() to
device_set_desc_copy() and device_set_descf() to avoid complicating
device_set_desc_internal(). The "copy" argument in
device_set_desc_internal() has been replaced with a flag which is set
when the description string has been allocated with M_BUS.
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Reviewed by: imp, markj
Differential Revision: https://reviews.freebsd.org/D43370
Only generate ipfix/netflow reports (through pflow) for the rules where
this is enabled. Reports can also be enabled globally through 'set
state-default pflow'.
Obtained from: OpenBSD
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D43108
pflow is a pseudo device to export flow accounting data over UDP.
It's compatible with netflow version 5 and IPFIX (10).
The data is extracted from the pf state table. States are exported once
they are removed.
Reviewed by: melifaro
Obtained from: OpenBSD
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D43106
ADAT connections transport 8, 4 or 2 audio channels depending on the
sample rate. Instead of splitting each physical ADAT port into 4
(potentially unmapped) stereo pcm devices, create just one pcm
device of variable channel width for every ADAT port.
Depending on the sample rate and channel width selected, the pcm
channels may be only partially mapped to ADAT channels and vice versa.
Added flexibility of the new channel mapping is also prerequisite to
introduce more pcm device layouts in follow-up commits.
Reviewed by: br
Differential Revision: https://reviews.freebsd.org/D43393
Update the xen(4) man page to reflect the current support status.
Reported by: kevans
Reviewed by: bcr kevans imp
Differential revision: https://reviews.freebsd.org/D43373
This revision breaks Linux and MacOS cross builds because
TARGET_ENDIANNESS is not define during bootstrapping on these
platforms.
I think the correct approach would be to separate the new
fbsd_ossl_provider_load() and unload functions into their own
library (instead of libroken). This avoids the less desirable
option of including bsd.cpu.mk in secure/lib/Makefile.common,
which does build but could complicate future work.
Reported by: jrtc27
This reverts commit cb350ba7bf.
Weak crypto is provided by the openssl legacy provider which is
not load by default. Load the legacy providers as needed.
When the legacy provider is loaded into the default context the default
provider will no longer be automatically loaded. Without the default
provider the various kerberos applicaions and functions will abort().
PR: 272835
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D43009
Tested by: netchild, Joerg Pulz <Joerg.Pulz@frm2.tum.de>
This option can be used to specify a format to use in DTrace output.
The following formats are supported:
- json
- xml
- html
- none (default DTrace output)
This is implemented using libxo and integrated into libdtrace. Client
code only works with the following API:
- dtrace_oformat_setup(dtrace_hdl_t *) -- to be called when output is starting.
- dtrace_oformat_teardown(dtrace_hdl_t *) -- to be called when output is finished
- dtrace_oformat(dtrace_hdl_t *) -- check if oformat is enabled.
- dtrace_set_outfp(FILE *) -- sets the output file for oformat.
- Ensure that oformat is correctly checked in the drop handler and record
processing callbacks.
This commit also adds tests which check if the generated output is
valid (JSON, XML) and extends the dtrace(1) describing the structured output.
Reviewed by: markj
Discussed with: phil
MFC after: 2 months
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D41745
Fix and more thoroughly describe the attributes object lifecycle.
Also, correct the text about which attributes' values are reported.
Add the ENOMEM error.
While here, rephrase unclear passages, add references and fix the
example's style.
Reviewed by: kib, emaste
Approved by: emaste (mentor)
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D43330
The global hw.igb.rx_process_limit knob never was adhered to by the
in-tree version of this driver but similar functionality is available
via the device-specific dev.igb.N.iflib.rx_budget.
While at it, remove the - besides initialization of tx_process_limit -
unused {r,t}x_process_limit members.
a designated master clock to stay in sync. Add a sysctl setting
to control the preferred clock source for each HDSPe sound card.
Complement this by sysctl values to list available clock sources,
show the currently effective clock source and display the sync
status of all connections. Clock sources are named according to
RME user manuals.
Submitted by: Florian Walpen <dev@submerge.ch>
Differential Revision: https://reviews.freebsd.org/D43252
We used to exclude a lot of extra hooks to allow for local
customizations of the build which couldn't be done outside of sys.mk,
but excluded that support for fmake. Remove those hacks.
Sponsored by: Netflix
Reviewed by: brooks
Pull Request: https://github.com/freebsd/freebsd-src/pull/980
There's no need to support fmake anymore. Always assume we can use
bmake's :tA modifier. The ports tree hasn't supported fmake in about a
decade anyway. Simplify here.
Sponsored by: Netflix
Reviewed by: brooks, emaste
Pull Request: https://github.com/freebsd/freebsd-src/pull/980
Commit 83cb5bae96 added a check for MAKE_VERSION being new enough to
handle CTFCONVERT_CMD being an empty string since fmake of the time
didn't support it until just a few commits before 83cb5bae96. Later,
it was augmented with a check for .PARSEDIR to see if bmake was
running. fmake and boostrapping from fmake haven't worked in maybe 6 or
8 years, so we can remove the check here. If you want to update from
your FreeBSD 7 or FreeBSD 8 systems, you're even more out of luck than
you were before and must jump to an older version before jumping to
current for the source upgrade path.
Sponsored by: Netflix
Reviewed by: brooks, emaste
Pull Request: https://github.com/freebsd/freebsd-src/pull/980