We don't need to run this on branch pushes, just pull requests. It's
designed to be a gross filter for incoming commits, not something
perfect we need to keep green. It also doesn't work quite right for
branch pushes anyway and needs adjustment.
Also remove some debugging information. We don't need it anymore.
Noticed by: jrtc27
Sponsored by: Netflix
Connect the checkstyle9.pl script to a github action. This will provide
feedback to people submitting changes when the style is grossly wrong. And
can provide other automated feedback for the commit message in the future.
It already catches the github noreply author.
It pulls the full repo to do this. Optimizations welcome. After messing
with that for a few hours, I decided to punt and commit the slow, working
version and let someone else optimize from here.
Sponsored by: Netflix
TCP endpoints in TIME_WAIT are not handled in a special way anymore.
Therefore, they can be handled now by tcpsso.
Reviewed by: rscheff
MFC after: 1 week
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D43351
Keeping the SACK scoreboard intact after the first RTO
and retransmitting all data anew only on subsequent RTOs
allows a more timely and efficient loss recovery under
many adverse cirumstances.
Reviewed By: tuexen, #transport
MFC after: 10 weeks
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D42906
Add note about configuring the NFSv4-only option.
It is already mentioned in rc.conf(5), but documenting it here makes it
more likely that people see it when they need it.
MFC after: 2 weeks
Pull Request: https://github.com/freebsd/freebsd-src/pull/1008
Put most symbols under __BSD_VISIBLE and limit the namespace of
tcp_[gs]et_flags.
Reviewed by: kib, karels, rscheff
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D43245
Most 64-bit Raspberry Pi models have a variable processor clock
speed that defaults to a slow speed (e.g. 600 MHz for a nominal
1.5 GHz clock). This results in everything running slowly unless
or until powerd is started, and FreeBSD is then thought to be slow.
Enable powerd by default in /etc/rc.conf on the arm64-aarch64-RPI
images. Tested on Raspberry Pi 3B+ and 4B so far.
PR: 256836
MFC after: 1 month
Reviewed by: rgrimes
Differential Revision: https://reviews.freebsd.org/D43296
Specifically, altering the console list with conscontrol has some weird
behavior:
1. If you remove the first configured console, /dev/console will become
unconfigured
2. Any console added becomes the /dev/console
In a multicons situation, #1 is clearly a bug and #2 is perhaps slightly
less clear. If we have ttyu0, ttyv0, then it seems obvious that one
would want ttyv0 to take over the console if ttyu0 is removed. If we
add ttyu0 back in, then it's debatable whether it should take over the
console or not.
Fix it now to make the /dev/console selection more FIFO-ish, with
respect to how conscontrol affects it. A `primary` verb for
conscontrol(8) might be a good addition.
when the parameter allow.mlock was added a way for jails to check
if the parameter was set or now has not been added, this change
covers it.
MFC After: 3 days
Reviewed by: jamie@
Differential Revision: https://reviews.freebsd.org/D43314
userboot has a EXIT_REBOOT code that it uses when the 'reboot' loader
command is executed. Use that and longjmp back to reinit the VM
entirely with a reboot request. This fixes the 'reboot' option in the
loader menu to actually reboot rather than shutdown the VM.
The JMP_* constants are introduced to keep track of why we're doing a
longjmp, though they aren't currently used. We'll notably still do a
complete reload of the interpreter to give the rebooted VM that new
loader smell. It just seemed forward thinking to just keep track of the
different setjmp points.
While we're here, we don't actually need to keep the fd we passed to
fdlopen(3), so let's avoid leaking it.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D43300
In neither case do we need write access to the directories we're working
with; userboot doesn't support fo_write on the host device, and the
bootfd is only ever needed for loader loading.
This improves on 8bf0882e18 ("bhyveload: enter capability mode [...]")
so that arbitrary code in the loader can't open writable fds to either
of the directories we need to maintain access to.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D43315
If there were or are writeable mappings, read-ahead might overwrite the
dirty pages data that is not yet reflected as a delayed write in the
matching buffer state.
Noted by: rmacklem
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Revision e99215a614 reorganized the code in vtruncbuf(), and moved
the logic to flush meta buffers into a dedicated loop. While doing it,
the condition was changed from bp->b_lblkno < 0 (to handle) into
bp->b_lblkno > 0 (to skip), which causes buffer at lblkno to needlessly
flush.
Reviewed by: chs, markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D43261
before ncl_flush() when done to ensure that the server sees our cached
data, because it potentially changes the server response. This is
relevant for copy_file_range(), seek(), and allocate().
Convert LK_SHARED invp lock into LK_EXCLUSIVE if needed to properly call
vm_object_page_clean().
Reported by: asomers
PR: 276002
Noted and reviewed by: rmacklem
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D43250
Otherwise server-side copy makes the client cache inconsistent with the
server data.
Reported by: asomers
PR: 276002
Reviewed by: rmacklem
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D43250
From the release notes,
> This release contains a number of security fixes, some small features
> and bugfixes.
The most significant change in 9.6p1 is a set of fixes for a newly-
discovered weakness in the SSH transport protocol. The fix was already
merged into FreeBSD and released as FreeBSD-SA-23:19.openssh.
Full release notes at https://www.openssh.com/txt/release-9.6
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
setjmp() requires that any stack variables modified between the setjmp
call and the longjmp() must be volatile. This means that 'saveint' in
grabh() must be volatile, since it's modified after the setjmp().
Otherwise, the signal handler is not properly restored, resulting in a
crash (SIGBUS) if ^C is typed twice while composing.
PR: 276119
Reported by: Christopher Davidson <christopher.davidson@gmail.com>
MFC after: 2 weeks
Pull Request: https://github.com/freebsd/freebsd-src/pull/993
Introduce pfctl_add_rule_h(), which takes a pfctl_handle rather than a
file descriptor (which it didn't use). This means that library users can
open the handle while they're running as root, but later drop privileges
and still add rules to pf.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Consumers of libpfctl can (and in future, should) open a handle. This
handle is an opaque object which contains the /dev/pf file descriptor
and a netlink handle. This means that libpfctl users can open the handle
as root, then drop privileges and still access pf.
Already add the handle to pfctl_startstop() and pfctl_get_creatorids()
as these are new in main, and not present on stable branches. Other
calls will have handle-enabled alternatives implemented in subsequent
commits.
Sponsored by: Rubicon Communications, LLC ("Netgate")
If a packet is malformed, it is dropped by pf(4). The rule referenced
in pflog(4) is the default rule. As the default rule is a pass
rule, tcpdump printed "pass" although the packet was actually
dropped. Use the actual action, rather than the rule's action, or an
attempt at guessing the correct action.
Inspired by OpenBSD's 'pflog(4) logs packet dropped by default rule with block.' commit.
Sponsored by: Rubicon Communications, LLC ("Netgate")
If we decide to discard a packet due to unexpected IP options or
unsupported headers we set pd.act.log. However, this can later get
overwritten when we copy the state's saved actions over.
Merge the two log fields to ensure we log as expected.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Version : 1.27.5.0
Date : 10/10/2023
=====================
Fixes
-----
BASE:
- Fixed handling the Remote Fault with AN, causing the link failure.
=====================
Obtained from: Chelsio Communications
MFC after: 2 weeks
Sponsored by: Chelsio Communications
Now that all in-tree callers check for errors (or cast them away), we
can ask the compiler to check that new code does the same. This was
prompted by SA-23:18.nfsclient, which was caused by missing error
handling. This change is a weak mitigation since code can easily fail
to propagate error handling to the right place, but it's better than
nothing.
Reviewed by: kib, jhb
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D43223
This is in preparation for annotating copyin() and related functions
with __result_use_check.
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D43178
In targstart() we are already handling an error and have no go way to
signal the failure to upper layers, so ignore the return value of
suword() there.
This is in preparation for annotating copyin() and related functions
with __result_use_check.
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D43202
This is in preparation for annotating copyin() and related functions
with __result_use_check.
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D43179
On some platforms this static information can be derived directly from
the CPU, and there doesn't seem much use in restricting it.
Reviewed by: emaste, imp, kib
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D43281
This will fail if the reading process is in capability mode. Just copy
the string directly.
PR: 276043
Reviewed by: emaste, imp, kib
Reported and tested by: Ricardo Branco <rbranco@suse.com>
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D43281
The fd is always obtained from nameidata, so just fetch it from there
instead. No functional change intended.
Reviewed by: kib
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D43257
refcount_acquire() returns the old value, just use that. No functional
change intended.
Reviewed by: kib
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D43255
On first read, POSIX may seem ambiguous about the return code for some
scheduling-related pthread functions on invalid arguments. But a more
thorough reading and a bit of standards archeology strongly suggests
that this case should be handled by EINVAL and that ENOTSUP is reserved
for implementations providing only part of the functionality required by
the POSIX option POSIX_PRIORITY_SCHEDULING (e.g., if an implementation
doesn't support SCHED_FIFO, it should return ENOTSUP on a call to, e.g.,
sched_setscheduler() with 'policy' SCHED_FIFO).
This reading is supported by the second sentence of the very definition
of ENOTSUP, as worded in CAE/XSI Issue 5 and POSIX Issue 6: "The
implementation does not support this feature of the Realtime Feature
Group.", and the fact that an additional ENOTSUP case was added to
pthread_setschedparam() in Issue 6, which introduces SCHED_SPORADIC,
saying that pthread_setschedparam() may return it when attempting to
dynamically switch to SCHED_SPORADIC on systems that doesn't support
that.
glibc, illumos and NetBSD also support that reading by always returning
EINVAL, and OpenBSD as well, since it always returns EINVAL but the
corresponding code has a comment suggesting returning ENOTSUP for
SCHED_FIFO and SCHED_RR, which it effectively doesn't support.
Additionally, always returning EINVAL fixes inconsistencies where EINVAL
would be returned on some out-of-range values and ENOTSUP on others.
Reviewed by: markj
Approved by: markj (mentor)
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D43006
