diff options
30 files changed, 651 insertions, 479 deletions
diff --git a/libexec/rc/rc.d/Makefile b/libexec/rc/rc.d/Makefile index 03f0933533ca..f6d1a34ceb9e 100644 --- a/libexec/rc/rc.d/Makefile +++ b/libexec/rc/rc.d/Makefile @@ -4,6 +4,7 @@ CONFDIR= /etc/rc.d CONFGROUPS= CONFS CONFSPACKAGE= rc +# Files which are always installed and go in the -rc package. CONFS= DAEMON \ FILESYSTEMS \ LOGIN \ @@ -47,8 +48,6 @@ CONFS= DAEMON \ netoptions \ netwait \ noshutdown \ - ${_nscd} \ - ${_opensm} \ os-release \ pwcheck \ quota \ @@ -77,218 +76,258 @@ CONFS= DAEMON \ var_run \ watchdogd -CONFGROUPS+= DEVD -DEVD= devd -DEVDPACKAGE= devd - -CONFGROUPS+= DEVMATCH -DEVMATCH= devmatch -DEVMATCHPACKAGE= devmatch - -CONFGROUPS+= DHCLIENT -DHCLIENT= dhclient -DHCLIENTPACKAGE= dhclient - -CONFGROUPS+= GEOM -GEOM= geli \ - geli2 \ - gptboot -GEOMPACKAGE= geom - -CONFGROUPS+= GGATED -GGATED= ggated -GGATEDPACKAGE= ggate - -CONFGROUPS+= RESOLVCONF -RESOLVCONF= resolv -RESOLVCONFPACKAGE= resolvconf - -CONFGROUPS+= CRON -CRON+= cron -CRONPACKAGE= cron - -CONFGROUPS+= CTL -CTL= ctld -CTLPACKAGE= ctl - -CONFGROUPS+= NFS -NFS= lockd \ - mountd \ - nfscbd \ - nfsclient \ - nfsd \ - nfsuserd \ - statd -NFSPACKAGE= nfs - -CONFGROUPS+= NEWSYSLOG -NEWSYSLOG= newsyslog -NEWSYSLOGPACKAGE= newsyslog - -CONFGROUPS+= POWERD -POWERD= powerd -POWERDPACKAGE= powerd - -CONFGROUPS+= PPPOED -PPPOED= pppoed -PPPOEDPACKAGE= ppp - -CONFGROUPS+= SYSLOGD -SYSLOGD= syslogd -SYSLOGDPACKAGE= syslogd - -CONFGROUPS+= RCMDS -RCMDS= rwho -RCMDSPACKAGE= rcmds +# Groups for files which don't go in -rc, or which depend on src.conf knobs. .if ${MK_ACCT} != "no" || ${MK_UTMPX} != "no" -CONFGROUPS+= ACCT -ACCTPACKAGE= acct +CONFGROUPS+= ACCT +ACCTPACKAGE= acct .if ${MK_ACCT} != "no" -ACCT+= accounting +ACCT= accounting .endif .if ${MK_UTMPX} != "no" ACCT+= utx .endif .endif -.if ${MK_ACPI} != "no" -CONFGROUPS+= ACPI +CONFGROUPS.${MK_ACPI}+= ACPI +ACPIPACKAGE= acpi ACPI= power_profile -ACPIPACKAGE= acpi -.endif -.if ${MK_APM} != "no" -CONFGROUPS+= APM -APM+= apm +CONFGROUPS.${MK_APM}+= APM +APMPACKAGE= apm +APM= apm .if ${MACHINE} == "i386" APM+= apmd .endif -APMPACKAGE= apm -.endif -.if ${MK_AUDIT} != "no" -CONFGROUPS+= AUDIT -AUDIT+= auditd -AUDIT+= auditdistd -AUDITPACKAGE= audit -.endif +CONFGROUPS.${MK_AUDIT}+= AUDIT +AUDITPACKAGE= audit +AUDIT= auditd \ + auditdistd -.if ${MK_AUTOFS} != "no" -CONFGROUPS+= AUTOFS +CONFGROUPS.${MK_AUTOFS}+= AUTOFS +AUTOFSPACKAGE= autofs AUTOFS= automount \ automountd \ autounmountd -AUTOFSPACKAGE= autofs -.endif -.if ${MK_BLACKLIST} != "no" -CONFGROUPS+= BLOCKLIST +CONFGROUPS.${MK_BLACKLIST}+= BLOCKLIST +BLOCKLISTPACKAGE= blocklist BLOCKLIST= blacklistd -BLOCKLISTPACKAGE=blocklist -.endif -.if ${MK_BLUETOOTH} != "no" -CONFGROUPS+= BLUETOOTH -BLUETOOTH+= bluetooth \ +CONFGROUPS.${MK_BLUETOOTH}+= BLUETOOTH +BLUETOOTHPACKAGE= bluetooth +BLUETOOTH= bluetooth \ bthidd \ hcsecd \ rfcomm_pppd_server \ sdpd \ ubthidhci -BLUETOOTHPACKAGE= bluetooth -.endif -.if ${MK_BOOTPARAMD} != "no" -CONFS+= bootparams -.endif +CONFGROUPS.${MK_BOOTPARAMD}+= BOOTPARAMD +BOOTPARAMD= bootparams -.if ${MK_BSNMP} != "no" -CONFGROUPS+= BSNMP -BSNMP+= bsnmpd -BSNMPPACKAGE= bsnmp -.endif +CONFGROUPS.${MK_BSNMP}+= BSNMP +BSNMPPACKAGE= bsnmp +BSNMP= bsnmpd -.if ${MK_CCD} != "no" -CONFGROUPS+= CCD +CONFGROUPS.${MK_CCD}+= CCD +CCDPACKAGE= ccdconfig CCD= ccd -CCDPACKAGE= ccdconfig -.endif -.if ${MK_CUSE} != "no" -CONFGROUPS+= VOSS -VOSS= virtual_oss -VOSSPACKAGE= sound -.endif +CONFGROUPS+= DEVD +DEVDPACKAGE= devd +DEVD= devd + +CONFGROUPS+= DEVMATCH +DEVMATCHPACKAGE= devmatch +DEVMATCH= devmatch + +CONFGROUPS+= DHCLIENT +DHCLIENTPACKAGE= dhclient +DHCLIENT= dhclient + +CONFGROUPS+= CRON +CRONPACKAGE= cron +CRON= cron -.if ${MK_KERBEROS_SUPPORT} != "no" -CONFGROUPS+= GSSD +CONFGROUPS+= CTL +CTLPACKAGE= ctl +CTL= ctld + +CONFGROUPS+= GEOM +GEOMPACKAGE= geom +GEOM= geli \ + geli2 \ + gptboot + +CONFGROUPS+= GGATED +GGATEDPACKAGE= ggate +GGATED= ggated + +CONFGROUPS.${MK_KERBEROS_SUPPORT}+=GSSD +GSSDPACKAGE= gssd GSSD= gssd -GSSDPACKAGE= gssd -.endif -.if ${MK_HAST} != "no" -CONFGROUPS+= HAST +CONFGROUPS.${MK_HAST}+= HAST +HASTPACKAGE= hast HAST= hastd -HASTPACKAGE= hast -.endif -.if ${MK_INETD} != "no" -CONFGROUPS+= INETD +CONFGROUPS.${MK_INETD}+= INETD +INETDPACKAGE= inetd INETD= inetd -INETDPACKAGE= inetd -.endif -.if ${MK_IPFILTER} != "no" -CONFGROUPS+= IPF +CONFGROUPS.${MK_IPFILTER}+= IPF +IPFPACKAGE= ipf IPF= ipfilter \ ipfs \ ipmon \ ipnat \ ippool -IPFPACKAGE= ipf -.endif -.if ${MK_IPFW} != "no" -CONFGROUPS+= IPFW -IPFW= ipfw dnctl +CONFGROUPS.${MK_IPFW}+= IPFW +IPFWPACKAGE= ipfw +IPFW= ipfw \ + dnctl .if ${MK_NETGRAPH} != "no" IPFW+= ipfw_netflow .endif -IPFWPACKAGE= ipfw -# natd is only built when ipfw is built -CONFGROUPS+= NATD -NATD+= natd -NATDPACKAGE= natd -.endif - -.if ${MK_ISCSI} != "no" -CONFGROUPS+= ISCSI +CONFGROUPS.${MK_ISCSI}+= ISCSI +ISCSIPACKAGE= iscsi ISCSI= iscsictl \ iscsid -ISCSIPACKAGE= iscsi -.endif -.if ${MK_JAIL} != "no" -CONFGROUPS+= JAIL -JAIL+= jail -JAILPACKAGE= jail -.endif +# natd is only built when ipfw is built +CONFGROUPS.${MK_IPFW}+= NATD +NATDPACKAGE= natd +NATD= natd + +CONFGROUPS.${MK_JAIL}+= JAIL +JAILPACKAGE= jail +JAIL= jail + +CONFGROUPS.${MK_LPR}+= LP +LPPACKAGE= lp +LP= lpd + +CONFGROUPS+= NEWSYSLOG +NEWSYSLOGPACKAGE= newsyslog +NEWSYSLOG= newsyslog + +CONFGROUPS+= NFS +NFSPACKAGE= nfs +NFS= lockd \ + mountd \ + nfscbd \ + nfsclient \ + nfsd \ + nfsuserd \ + statd + +CONFGROUPS.${MK_NIS}+= NIS +NISPACKAGE= yp +NIS= ypbind \ + ypldap \ + yppasswdd \ + ypserv \ + ypset \ + ypupdated \ + ypxfrd \ + nisdomain -.if ${MK_LEGACY_CONSOLE} != "no" -CONFGROUPS+= CONSOLE -CONSOLE+= moused -CONSOLE+= msconvd -CONSOLE+= syscons -CONSOLEPACKAGE= console-tools -.endif +CONFGROUPS.${MK_NS_CACHING}+= NSCD +NSCD= nscd -.if ${MK_LPR} != "no" -CONFGROUPS+= LP -LP+= lpd -LPPACKAGE= lp -.endif +CONFGROUPS.${MK_NTP}+= NTP +NTPPACKAGE= ntp +NTP= ntpd \ + ntpdate + +CONFGROUPS.${MK_NUAGEINIT}+= NUAGEINIT +NUAGEINITPACKAGE= nuageinit +NUAGEINIT= nuageinit \ + nuageinit_post_net \ + nuageinit_user_data_script + +CONFGROUPS.${MK_OFED_EXTRA}+= OPENSM +OPENSM= opensm + +CONFGROUPS.${MK_PF}+= PF +PFPACKAGE= pf +PF= pf \ + pflog \ + pfsync \ + ftp-proxy + +CONFGROUPS+= POWERD +POWERDPACKAGE= powerd +POWERD= powerd + +CONFGROUPS.${MK_PPP}+= PPP +PPPPACKAGE= ppp +PPP= ppp + +CONFGROUPS+= PPPOED +PPPOEDPACKAGE= ppp +PPPOED= pppoed + +CONFGROUPS+= SYSLOGD +SYSLOGDPACKAGE= syslogd +SYSLOGD= syslogd + +CONFGROUPS+= RCMDS +RCMDSPACKAGE= rcmds +RCMDS= rwho + +CONFGROUPS+= RESOLVCONF +RESOLVCONFPACKAGE= resolvconf +RESOLVCONF= resolv + +CONFGROUPS.${MK_SENDMAIL}+= SENDMAIL +SENDMAILPACKAGE= sendmail +SENDMAIL= sendmail + +CONFGROUPS.${MK_OPENSSH}+= SSH +SSHPACKAGE= ssh +SSH= sshd + +CONFGROUPS.${MK_UNBOUND}+= UNBOUND +UNBOUNDPACKAGE= unbound +UNBOUND= local_unbound + +CONFGROUPS.${MK_VI}+= VI +VIPACKAGE= vi +VI= virecover + +CONFGROUPS.${MK_CUSE}+= VOSS +VOSSPACKAGE= sound +VOSS= virtual_oss + +CONFGROUPS.${MK_WIRELESS}+= HOSTAPD +HOSTAPDPACKAGE= hostapd +HOSTAPD= hostapd + +CONFGROUPS.${MK_WIRELESS}+= WPA +WPAPACKAGE= wpa +WPA= wpa_supplicant + +CONFGROUPS.${MK_ZFS}+= ZFS +ZFSPACKAGE= zfs +ZFS= zfs \ + zfsbe \ + zfsd \ + zfskeys \ + zpool \ + zpoolreguid \ + zpoolupgrade \ + zvol + +CONFGROUPS.${MK_LEGACY_CONSOLE}+=SYSCONS +SYSCONSPACKAGE= console-tools +SYSCONS= moused \ + msconvd \ + syscons .if ${MK_KERBEROS} != "no" .if ${MK_MITKRB5} == "no" @@ -318,58 +357,10 @@ KRB5PACKAGE= kerberos-kdc .endif # ${MK_MITKRB5} .endif # ${MK_KERBEROS} -.if ${MK_NIS} != "no" -CONFGROUPS+= YP -YP= ypbind \ - ypldap \ - yppasswdd \ - ypserv \ - ypset \ - ypupdated \ - ypxfrd \ - nisdomain -YPPACKAGE= yp -.endif - -.if ${MK_NS_CACHING} != "no" -_nscd= nscd -.endif - -.if ${MK_NTP} != "no" -CONFGROUPS+= NTP -NTP+= ntpd \ - ntpdate -NTPPACKAGE= ntp -.endif - -.if ${MK_OFED_EXTRA} != "no" -_opensm= opensm -.endif - .if ${MK_OPENSSL} != "no" && ${MK_OPENSSL_KTLS} != "no" -CONFS+= tlsclntd \ - tlsservd -.endif - -.if ${MK_OPENSSH} != "no" -CONFGROUPS+= SSH -SSH= sshd -SSHPACKAGE= ssh -.endif - -.if ${MK_PF} != "no" -CONFGROUPS+= PF -PF= pf \ - pflog \ - pfsync \ - ftp-proxy -PFPACKAGE= pf -.endif - -.if ${MK_PPP} != "no" -CONFGROUPS+= PPP -PPP= ppp -PPPPACKAGE= ppp +CONFGROUPS+= KTLS +KTLS= tlsclntd \ + tlsservd .endif .if ${MK_INET6} != "no" || ${MK_ROUTED} != "no" @@ -384,57 +375,9 @@ RIP+= routed .endif .endif -.if ${MK_SENDMAIL} != "no" -CONFGROUPS+= SMRCD -SMRCD= sendmail -SMRCDPACKAGE= sendmail -.endif - -.if ${MK_NUAGEINIT} != "no" -CONFGROUPS+= NIUAGEINIT -NIUAGEINIT= nuageinit \ - nuageinit_post_net \ - nuageinit_user_data_script -NIUAGEINITPACKAGE= nuageinit -.endif - -.if ${MK_UNBOUND} != "no" -CONFGROUPS+= UNBOUND -UNBOUND+= local_unbound -UNBOUNDPACKAGE= unbound -.endif - -.if ${MK_VI} != "no" -CONFGROUPS+= VI -VI+= virecover -VIPACKAGE= vi -.endif - -.if ${MK_WIRELESS} != "no" -CONFGROUPS+= HOSTAPD -HOSTAPD= hostapd -HOSTAPDPACKAGE= hostapd - -CONFGROUPS+= WPA -WPA= wpa_supplicant -WPAPACKAGE= wpa -.endif - -.if ${MK_ZFS} != "no" -CONFGROUPS+= ZFS -ZFS+= zfs -ZFS+= zfsbe -ZFS+= zfsd -ZFS+= zfskeys -ZFS+= zpool -ZFS+= zpoolreguid -ZFS+= zpoolupgrade -ZFS+= zvol -ZFSPACKAGE= zfs -.endif - -.for fg in ${CONFGROUPS} +.for fg in ${CONFGROUPS} ${CONFGROUPS.yes} ${fg}MODE?= ${BINMODE} +${fg}PACKAGE?= rc .endfor .include <bsd.prog.mk> diff --git a/libexec/rc/rc.d/zpoolreguid b/libexec/rc/rc.d/zpoolreguid index f94630d9283f..c19f52d3d702 100755 --- a/libexec/rc/rc.d/zpoolreguid +++ b/libexec/rc/rc.d/zpoolreguid @@ -2,7 +2,7 @@ # PROVIDE: zpoolreguid # REQUIRE: zpool -# BEFORE: mountcritlocal +# BEFORE: FILESYSTEMS # KEYWORD: firstboot nojail . /etc/rc.subr diff --git a/libexec/rc/rc.d/zpoolupgrade b/libexec/rc/rc.d/zpoolupgrade index 1435cba7199c..5e623a9c2bf0 100755 --- a/libexec/rc/rc.d/zpoolupgrade +++ b/libexec/rc/rc.d/zpoolupgrade @@ -2,7 +2,7 @@ # PROVIDE: zpoolupgrade # REQUIRE: zpool -# BEFORE: mountcritlocal +# BEFORE: FILESYSTEMS # KEYWORD: firstboot nojail . /etc/rc.subr diff --git a/libexec/rc/tests/rc_subr_test.sh b/libexec/rc/tests/rc_subr_test.sh index fe6d3b8264c9..9ddd13b61a7c 100644 --- a/libexec/rc/tests/rc_subr_test.sh +++ b/libexec/rc/tests/rc_subr_test.sh @@ -26,6 +26,17 @@ # SUCH DAMAGE. # +atf_test_case no_cycles +no_cycles_head() +{ + atf_set "descr" "Verify that /etc/rc.d/* contains no cycles" +} + +no_cycles_body() +{ + atf_check -e empty -o ignore rcorder /etc/rc.d/* +} + atf_test_case oomprotect_all oomprotect_all_head() { @@ -130,6 +141,7 @@ EOF atf_init_test_cases() { + atf_add_test_case no_cycles atf_add_test_case oomprotect_all atf_add_test_case oomprotect_yes atf_add_test_case wait_for_pids_progress diff --git a/release/arm64/RPI.conf b/release/arm64/RPI.conf index b973687c535d..d418dae28d3a 100644 --- a/release/arm64/RPI.conf +++ b/release/arm64/RPI.conf @@ -3,8 +3,9 @@ # DTB_DIR="/usr/local/share/rpi-firmware" -DTB="bcm2710-rpi-2-b.dtb bcm2710-rpi-3-b.dtb bcm2710-rpi-3-b-plus.dtb bcm2710-rpi-cm3.dtb \ - bcm2711-rpi-4-b.dtb bcm2711-rpi-cm4-io.dtb bcm2711-rpi-cm4.dtb" +DTB="bcm2710-rpi-2-b.dtb bcm2710-rpi-3-b.dtb bcm2710-rpi-3-b-plus.dtb \ + bcm2710-rpi-cm3.dtb bcm2710-rpi-zero-2-w.dtb bcm2711-rpi-4-b.dtb \ + bcm2711-rpi-cm4-io.dtb bcm2711-rpi-cm4.dtb" EMBEDDED_TARGET_ARCH="aarch64" EMBEDDED_TARGET="arm64" EMBEDDEDBUILD=1 diff --git a/release/packages/generate-set-ucl.lua b/release/packages/generate-set-ucl.lua index ab8765c8cf2d..9ba7026b75df 100755 --- a/release/packages/generate-set-ucl.lua +++ b/release/packages/generate-set-ucl.lua @@ -1,4 +1,10 @@ #!/usr/libexec/flua +-- +-- Copyright (c) 2024-2025 Baptiste Daroussin <bapt@FreeBSD.org> +-- Copyright (c) 2025 Lexi Winter <ivy@FreeBSD.org> +-- +-- SPDX-License-Identifier: BSD-2-Clause +-- --[[ usage: generate-set-ucl.lua <template> [<variablename> <variablevalue>] diff --git a/release/scripts/make-oci-image.sh b/release/scripts/make-oci-image.sh index 6e5ad69741f7..f8ea679bfd18 100644 --- a/release/scripts/make-oci-image.sh +++ b/release/scripts/make-oci-image.sh @@ -39,10 +39,18 @@ install_packages() { local abi=$1; shift local workdir=$1; shift local rootdir=${workdir}/rootfs + + # Make sure we have the keys needed for verifying package integrity if + # not already added by a parent image. if [ ! -d ${rootdir}/usr/share/keys/pkg/trusted ]; then mkdir -p ${rootdir}/usr/share/keys/pkg/trusted fi - cp /usr/share/keys/pkg/trusted/* ${rootdir}/usr/share/keys/pkg/trusted + for i in ${curdir}/../share/keys/pkg/trusted/pkg.*; do + if [ ! -f ${rootdir}/usr/share/keys/pkg/trusted/$(basename $i) ]; then + cp $i ${rootdir}/usr/share/keys/pkg/trusted + fi + done + # We install the packages and then remove repository metadata (keeping the # metadata for what was installed). This trims more than 40Mb from the # resulting image. diff --git a/release/tools/oci-image-runtime.conf b/release/tools/oci-image-runtime.conf index 93aad1e39250..db99e5640040 100644 --- a/release/tools/oci-image-runtime.conf +++ b/release/tools/oci-image-runtime.conf @@ -9,6 +9,10 @@ OCI_BASE_IMAGE=dynamic oci_image_build() { set_cmd ${workdir} /bin/sh + # The static image installed termcap.small into /usr/share/misc/termcap + # and we are replacing it with the full termcap file. We remove the + # small one first to avoid creating a .pkgsave file. + rm ${workdir}/rootfs/usr/share/misc/termcap install_packages ${abi} ${workdir} \ FreeBSD-runtime \ FreeBSD-certctl \ diff --git a/sbin/rcorder/rcorder.c b/sbin/rcorder/rcorder.c index 87b0e873c7ae..3d2a67c82a5a 100644 --- a/sbin/rcorder/rcorder.c +++ b/sbin/rcorder/rcorder.c @@ -980,9 +980,11 @@ do_file(filenode *fnode, strnodelist *stack_ptr) fnode->last->next = fnode->next; } - if (fnode->issues_count) - warnx("`%s' was seen in circular dependencies for %d times.", - fnode->filename, fnode->issues_count); + if (fnode->issues_count) { + warnx("`%s' was seen in circular dependencies %d time%s.", + fnode->filename, fnode->issues_count, + fnode->issues_count > 1 ? "s" : ""); + } DPRINTF((stderr, "nuking %s\n", fnode->filename)); } diff --git a/share/man/man4/aacraid.4 b/share/man/man4/aacraid.4 index 3bf683ac40c8..0f64f36c493a 100644 --- a/share/man/man4/aacraid.4 +++ b/share/man/man4/aacraid.4 @@ -1,3 +1,6 @@ +.\" +.\" SPDX-License-Identifier: BSD-2-Clause +.\" .\" Copyright (c) 2013 Achim Leubner .\" All rights reserved. .\" @@ -21,12 +24,12 @@ .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. -.Dd June 19, 2015 +.Dd September 29, 2025 .Dt AACRAID 4 .Os .Sh NAME .Nm aacraid -.Nd Adaptec AACRAID Controller driver +.Nd Adaptec Series 6/7/8 6G and 12G SAS+SATA RAID controller driver .Sh SYNOPSIS To compile this driver into the kernel, place the following lines in your @@ -78,9 +81,10 @@ Linux-compatible interface for the management device will be enabled and will allow Linux-based management applications to control the card. .Sh HARDWARE -Controllers supported by the +The .Nm -driver include: +driver supports the following +Adaptec 6G and 12G SAS/SATA RAID controllers: .Pp .Bl -bullet -compact .It diff --git a/share/man/man7/arch.7 b/share/man/man7/arch.7 index 5de441aed699..668f5aa23155 100644 --- a/share/man/man7/arch.7 +++ b/share/man/man7/arch.7 @@ -48,23 +48,35 @@ and later, unless otherwise noted. .Fx uses a flat address space. Variables of types -.Vt unsigned long , -.Vt uintptr_t , +.Vt unsigned long and .Vt size_t -and pointers all have the same representation. +have the same representation. .Pp In order to maximize compatibility with future pointer integrity mechanisms, manipulations of pointers as integers should be performed via .Vt uintptr_t or .Vt intptr_t -and no other types. -In particular, -.Vt long +and no other types as these types are the only integer types where the +C standard guarantees that a pointer may be cast to it and then cast back +to the original type. +On CHERI systems, +.Vt uintptr_t and -.Vt ptrdiff_t -should be avoided. +.Vt intptr_t +are defined as +.Vt __uintcap_t +and +.Vt __intcap_t +which represent capabilities that can be manipulated by integer operations. +Pointers should not be cast to +.Vt long , +.Vt ptrdiff_t , +or +.Vt size_t +if they will later be cast back to a pointer that is expected to be +dereferencable as they remain bare integer types on all architectures. .Pp On some architectures, e.g., AIM variants of @@ -85,11 +97,13 @@ release to support each architecture. .Bl -column -offset indent "Architecture" "Initial Release" .It Sy Architecture Ta Sy Initial Release .It aarch64 Ta 11.0 +.It aarch64c Ta 16.0 (planned) .It amd64 Ta 5.1 .It armv7 Ta 12.0 .It powerpc64 Ta 9.0 .It powerpc64le Ta 13.0 .It riscv64 Ta 12.0 +.It riscv64c Ta 16.0 (planned) .El .Pp Discontinued architectures are shown in the following table. @@ -123,21 +137,33 @@ architectures use some variant of the ELF (see .Xr elf 5 ) .Sy Application Binary Interface (ABI) for the machine processor. -All supported ABIs can be divided into two groups: -.Bl -tag -width "Dv ILP32" +Supported ABIs can be divided into three main groups: +.Bl -tag -width "Dv L64PC128" .It Dv ILP32 .Vt int , +.Vt intptr_t , .Vt long , +and .Vt void * types machine representations all have 4-byte size. .It Dv LP64 .Vt int type machine representation uses 4 bytes, while -.Vt long +.Vt intptr_t , +.Vt long , and .Vt void * are 8 bytes. +.It Dv L64PC128 +.Vt int +type machine representation uses 4 bytes. +.Vt long +type machine representation uses 8 bytes. +.Vt intptr_t +and +.Vt void * +are 16 byte capabilities. .El .Pp Some machines support more than one @@ -169,12 +195,23 @@ Binaries targeting and earlier are no longer supported by .Fx . .Pp +Architectures with 128-bit capabilities support both a +.Dq native +.Dv L64PC128 +execution environment and a +.Dv LP64 +environment: +.Bl -column -offset indent "aarch64c" "LP64 counterpart" +.It Sy L64PC128 Ta Sy LP64 counterpart +.It Dv aarch64c Ta Dv aarch64 +.It Dv riscv64c Ta Dv riscv64 +.El +.Pp On all supported architectures: .Bl -column -offset indent "long long" "Size" .It Sy Type Ta Sy Size .It short Ta 2 .It int Ta 4 -.It long Ta sizeof(void*) .It long long Ta 8 .It float Ta 4 .It double Ta 8 @@ -188,17 +225,19 @@ The sole exception is that requires only 4-byte alignment for 64-bit integers. .Pp Machine-dependent type sizes: -.Bl -column -offset indent "Architecture" "void *" "long double" "time_t" -.It Sy Architecture Ta Sy void * Ta Sy long double Ta Sy time_t -.It aarch64 Ta 8 Ta 16 Ta 8 -.It amd64 Ta 8 Ta 16 Ta 8 -.It armv7 Ta 4 Ta 8 Ta 8 -.It i386 Ta 4 Ta 12 Ta 4 -.It powerpc Ta 4 Ta 8 Ta 8 -.It powerpcspe Ta 4 Ta 8 Ta 8 -.It powerpc64 Ta 8 Ta 8 Ta 8 -.It powerpc64le Ta 8 Ta 8 Ta 8 -.It riscv64 Ta 8 Ta 16 Ta 8 +.Bl -column -offset indent "Architecture" "long" "void *" "long double" "time_t" +.It Sy Architecture Ta Sy long Ta Sy void * Ta Sy long double Ta Sy time_t +.It aarch64 Ta 8 Ta 8 Ta 16 Ta 8 +.It aarch64c Ta 8 Ta 16 Ta 16 Ta 8 +.It amd64 Ta 8 Ta 8 Ta 16 Ta 8 +.It armv7 Ta 4 Ta 4 Ta 8 Ta 8 +.It i386 Ta 4 Ta 4 Ta 12 Ta 4 +.It powerpc Ta 4 Ta 4 Ta 8 Ta 8 +.It powerpcspe Ta 4 Ta 4 Ta 8 Ta 8 +.It powerpc64 Ta 8 Ta 8 Ta 8 Ta 8 +.It powerpc64le Ta 8 Ta 8 Ta 8 Ta 8 +.It riscv64 Ta 8 Ta 8 Ta 16 Ta 8 +.It riscv64c Ta 8 Ta 16 Ta 16 Ta 8 .El .Pp .Sy time_t @@ -207,6 +246,7 @@ is 8 bytes on all supported architectures except i386. .Bl -column -offset indent "Architecture" "Endianness" "char Signedness" .It Sy Architecture Ta Sy Endianness Ta Sy char Signedness .It aarch64 Ta little Ta unsigned +.It aarch64c Ta little Ta unsigned .It amd64 Ta little Ta signed .It armv7 Ta little Ta unsigned .It i386 Ta little Ta signed @@ -215,11 +255,13 @@ is 8 bytes on all supported architectures except i386. .It powerpc64 Ta big Ta unsigned .It powerpc64le Ta little Ta unsigned .It riscv64 Ta little Ta signed +.It riscv64c Ta little Ta signed .El .Ss Page Size .Bl -column -offset indent "Architecture" "Page Sizes" .It Sy Architecture Ta Sy Page Sizes .It aarch64 Ta 4K, 64K, 2M, 1G +.It aarch64c Ta 4K, 64K, 2M, 1G .It amd64 Ta 4K, 2M, 1G .It armv7 Ta 4K, 1M .It i386 Ta 4K, 2M (PAE), 4M @@ -228,11 +270,13 @@ is 8 bytes on all supported architectures except i386. .It powerpc64 Ta 4K .It powerpc64le Ta 4K .It riscv64 Ta 4K, 2M, 1G +.It riscv64c Ta 4K, 2M, 1G .El .Ss User Address Space Layout .Bl -column -offset indent "riscv64 (Sv48)" "0x0001000000000000" "NNNU" .It Sy Architecture Ta Sy Maximum Address Ta Sy Address Space Size .It aarch64 Ta 0x0001000000000000 Ta 256TiB +.It aarch64c Ta 0x0001000000000000 Ta 256TiB .It amd64 (LA48) Ta 0x0000800000000000 Ta 128TiB .It amd64 (LA57) Ta 0x0100000000000000 Ta 64PiB .It armv7 Ta 0xbfc00000 Ta 3GiB @@ -242,7 +286,9 @@ is 8 bytes on all supported architectures except i386. .It powerpc64 Ta 0x000fffffc0000000 Ta 4PiB .It powerpc64le Ta 0x000fffffc0000000 Ta 4PiB .It riscv64 (Sv39) Ta 0x0000004000000000 Ta 256GiB +.It riscv64c (Sv39) Ta 0x0000004000000000 Ta 256GiB .It riscv64 (Sv48) Ta 0x0000800000000000 Ta 128TiB +.It riscv64c (Sv48) Ta 0x0000800000000000 Ta 128TiB .El .Pp The layout of a process' address space can be queried via the @@ -287,6 +333,7 @@ currently supports Sv39 and Sv48 and defaults to using Sv39. .Bl -column -offset indent "Architecture" "float, double" "long double" .It Sy Architecture Ta Sy float, double Ta Sy long double .It aarch64 Ta hard Ta soft, quad precision +.It aarch64c Ta hard Ta soft, quad precision .It amd64 Ta hard Ta hard, 80 bit .It armv7 Ta hard Ta hard, double precision .It i386 Ta hard Ta hard, 80 bit @@ -295,6 +342,7 @@ currently supports Sv39 and Sv48 and defaults to using Sv39. .It powerpc64 Ta hard Ta hard, double precision .It powerpc64le Ta hard Ta hard, double precision .It riscv64 Ta hard Ta hard, quad precision +.It riscv64c Ta hard Ta hard, quad precision .El .Ss Default Tool Chain .Fx @@ -321,12 +369,12 @@ when referring to the kernel, interfaces dependent on a specific type of kernel or similar things like boot sequences. .Bl -column -offset indent "Dv MACHINE" "Dv MACHINE_CPUARCH" "Dv MACHINE_ARCH" .It Dv MACHINE Ta Dv MACHINE_CPUARCH Ta Dv MACHINE_ARCH -.It arm64 Ta aarch64 Ta aarch64 +.It arm64 Ta aarch64 Ta aarch64, aarch64c .It amd64 Ta amd64 Ta amd64 .It arm Ta arm Ta armv7 .It i386 Ta i386 Ta i386 .It powerpc Ta powerpc Ta powerpc, powerpcspe, powerpc64, powerpc64le -.It riscv Ta riscv Ta riscv64 +.It riscv Ta riscv Ta riscv64, riscv64c .El .Ss Predefined Macros The compiler provides a number of predefined macros. @@ -340,17 +388,40 @@ cc -x c -dM -E /dev/null .Ed .Pp Common type size and endianness macros: -.Bl -column -offset indent "BYTE_ORDER" "Meaning" +.Bl -column -offset indent "__SIZEOF_POINTER__" "Meaning" .It Sy Macro Ta Sy Meaning +.It Dv __SIZEOF_LONG__ Ta size in bytes of long +.It Dv __SIZEOF_POINTER__ Ta size in bytes of intptr_t and pointers +.It Dv __SIZEOF_SIZE_T__ Ta size in bytes of size_t .It Dv __LP64__ Ta 64-bit (8-byte) long and pointer, 32-bit (4-byte) int .It Dv __ILP32__ Ta 32-bit (4-byte) int, long and pointer +.It Dv __CHERI__ Ta 128-bit (16-byte) capability pointer, 64-bit (8-byte) long .It Dv BYTE_ORDER Ta Either Dv BIG_ENDIAN or Dv LITTLE_ENDIAN . .El .Pp +Because systems were historically either +.Dv __ILP32__ +or +.Dv __LP64__ +it has been common for programmers to test only one and assume the other +one in an else branch. +With the arrival of CHERI architectures, this is no longer the case. +.Dv __SIZEOF_*__ +macros should be used instead. +New uses of +.Dv __ILP32__ +and +.Dv __LP64__ +should be avoided. +Compilers for CHERI targets do not define +.Dv __LP64__ +as their pointers are 128-bit capabilities. +.Pp Architecture-specific macros: .Bl -column -offset indent "Architecture" "Predefined macros" .It Sy Architecture Ta Sy Predefined macros .It aarch64 Ta Dv __aarch64__ +.It aarch64c Ta Dv __aarch64__ , Dv __CHERI__ .It amd64 Ta Dv __amd64__ , Dv __x86_64__ .It armv7 Ta Dv __arm__ , Dv __ARM_ARCH >= 7 .It i386 Ta Dv __i386__ @@ -359,6 +430,7 @@ Architecture-specific macros: .It powerpc64 Ta Dv __powerpc__ , Dv __powerpc64__ .It powerpc64le Ta Dv __powerpc__ , Dv __powerpc64__ .It riscv64 Ta Dv __riscv , Dv __riscv_xlen == 64 +.It riscv64c Ta Dv __riscv , Dv __riscv_xlen == 64 , Dv __CHERI__ .El .Pp Compilers may define additional variants of architecture-specific macros. diff --git a/sys/dev/nvme/nvme_private.h b/sys/dev/nvme/nvme_private.h index 52f9e12f8f9a..52e9fcbbebcd 100644 --- a/sys/dev/nvme/nvme_private.h +++ b/sys/dev/nvme/nvme_private.h @@ -463,13 +463,13 @@ static __inline void nvme_completion_poll(struct nvme_completion_poll_status *status) { int timeout = ticks + 10 * hz; - sbintime_t delta_t = SBT_1US; + sbintime_t delta = SBT_1US; while (!atomic_load_acq_int(&status->done)) { if (timeout - ticks < 0) panic("NVME polled command failed to complete within 10s."); - pause_sbt("nvme", delta_t, 0, C_PREL(1)); - delta_t = min(SBT_1MS, delta_t * 3 / 2); + pause_sbt("nvme", delta, 0, C_PREL(1)); + delta = min(SBT_1MS, delta + delta / 2); } } diff --git a/sys/geom/part/g_part.c b/sys/geom/part/g_part.c index 4c0d0c3aa902..1e4236507fa4 100644 --- a/sys/geom/part/g_part.c +++ b/sys/geom/part/g_part.c @@ -122,13 +122,13 @@ struct g_part_alias_list { { "ntfs", G_PART_ALIAS_MS_NTFS }, { "openbsd-data", G_PART_ALIAS_OPENBSD_DATA }, { "prep-boot", G_PART_ALIAS_PREP_BOOT }, - { "solaris-boot", G_PART_ALIAS_SOLARIS_BOOT }, - { "solaris-root", G_PART_ALIAS_SOLARIS_ROOT }, - { "solaris-swap", G_PART_ALIAS_SOLARIS_SWAP }, - { "solaris-backup", G_PART_ALIAS_SOLARIS_BACKUP }, - { "solaris-var", G_PART_ALIAS_SOLARIS_VAR }, - { "solaris-home", G_PART_ALIAS_SOLARIS_HOME }, - { "solaris-altsec", G_PART_ALIAS_SOLARIS_ALTSEC }, + { "solaris-boot", G_PART_ALIAS_SOLARIS_BOOT }, + { "solaris-root", G_PART_ALIAS_SOLARIS_ROOT }, + { "solaris-swap", G_PART_ALIAS_SOLARIS_SWAP }, + { "solaris-backup", G_PART_ALIAS_SOLARIS_BACKUP }, + { "solaris-var", G_PART_ALIAS_SOLARIS_VAR }, + { "solaris-home", G_PART_ALIAS_SOLARIS_HOME }, + { "solaris-altsec", G_PART_ALIAS_SOLARIS_ALTSEC }, { "solaris-reserved", G_PART_ALIAS_SOLARIS_RESERVED }, { "u-boot-env", G_PART_ALIAS_U_BOOT_ENV }, { "vmware-reserved", G_PART_ALIAS_VMRESERVED }, diff --git a/sys/vm/uma_core.c b/sys/vm/uma_core.c index 679b2e20e88b..b80b5cc781f7 100644 --- a/sys/vm/uma_core.c +++ b/sys/vm/uma_core.c @@ -4009,21 +4009,15 @@ restart: /* * Use the keg's policy if upper layers haven't already specified a * domain (as happens with first-touch zones). - * - * To avoid races we run the iterator with the keg lock held, but that - * means that we cannot allow the vm_domainset layer to sleep. Thus, - * clear M_WAITOK and handle low memory conditions locally. */ rr = rdomain == UMA_ANYDOMAIN; + aflags = flags; if (rr) { - aflags = (flags & ~M_WAITOK) | M_NOWAIT; if (vm_domainset_iter_policy_ref_init(&di, &keg->uk_dr, &domain, &aflags) != 0) return (NULL); - } else { - aflags = flags; + } else domain = rdomain; - } for (;;) { slab = keg_fetch_free_slab(keg, domain, rr, flags); @@ -4053,13 +4047,8 @@ restart: if ((flags & M_WAITOK) == 0) break; vm_wait_domain(domain); - } else if (vm_domainset_iter_policy(&di, &domain) != 0) { - if ((flags & M_WAITOK) != 0) { - vm_wait_doms(&keg->uk_dr.dr_policy->ds_mask, 0); - goto restart; - } + } else if (vm_domainset_iter_policy(&di, &domain) != 0) break; - } } /* @@ -5245,7 +5234,7 @@ uma_prealloc(uma_zone_t zone, int items) KEG_GET(zone, keg); slabs = howmany(items, keg->uk_ipers); while (slabs-- > 0) { - aflags = M_NOWAIT; + aflags = M_WAITOK; if (vm_domainset_iter_policy_ref_init(&di, &keg->uk_dr, &domain, &aflags) != 0) panic("%s: Domainset is empty", __func__); @@ -5266,7 +5255,8 @@ uma_prealloc(uma_zone_t zone, int items) break; } if (vm_domainset_iter_policy(&di, &domain) != 0) - vm_wait_doms(&keg->uk_dr.dr_policy->ds_mask, 0); + panic("%s: Cannot allocate from any domain", + __func__); } } } diff --git a/sys/x86/x86/mca.c b/sys/x86/x86/mca.c index 4b40f343ac90..735efe307215 100644 --- a/sys/x86/x86/mca.c +++ b/sys/x86/x86/mca.c @@ -46,9 +46,11 @@ #include <sys/malloc.h> #include <sys/mutex.h> #include <sys/proc.h> +#include <sys/sbuf.h> #include <sys/sched.h> #include <sys/smp.h> #include <sys/sysctl.h> +#include <sys/syslog.h> #include <sys/systm.h> #include <sys/taskqueue.h> #include <machine/intr_machdep.h> @@ -135,6 +137,11 @@ SYSCTL_INT(_hw_mca, OID_AUTO, fake_bank, CTLFLAG_RW, "Bank to use for artificial MCAs (testing purpose only)"); #endif +static bool mca_uselog = false; +SYSCTL_BOOL(_hw_mca, OID_AUTO, uselog, CTLFLAG_RWTUN, &mca_uselog, 0, + "Should the system send non-fatal machine check errors to the log " + "(instead of the console)?"); + static STAILQ_HEAD(, mca_internal) mca_freelist; static int mca_freecount; static STAILQ_HEAD(, mca_internal) mca_records; @@ -147,12 +154,40 @@ static struct timeout_task mca_scan_task; static struct mtx mca_lock; static bool mca_startup_done = false; -/* Statistics on number of MCA events by type, updated atomically. */ +/* Static buffer to compose messages while in an interrupt context. */ +static char mca_msg_buf[1024]; +static struct mtx mca_msg_buf_lock; + +/* Statistics on number of MCA events by type, updated with the mca_lock. */ static uint64_t mca_stats[MCA_T_COUNT]; SYSCTL_OPAQUE(_hw_mca, OID_AUTO, stats, CTLFLAG_RD | CTLFLAG_SKIP, mca_stats, MCA_T_COUNT * sizeof(mca_stats[0]), "S", "Array of MCA events by type"); +/* Variables to track and control message rate limiting. */ +static struct timeval mca_last_log_time; +static struct timeval mca_log_interval; +static int mca_log_skipped; + +static int +sysctl_mca_log_interval(SYSCTL_HANDLER_ARGS) +{ + int error; + u_int val; + + val = mca_log_interval.tv_sec; + error = sysctl_handle_int(oidp, &val, 0, req); + if (error != 0 || req->newptr == NULL) + return (error); + mca_log_interval.tv_sec = val; + return (0); +} +SYSCTL_PROC(_hw_mca, OID_AUTO, log_interval, + CTLTYPE_UINT | CTLFLAG_RWTUN | CTLFLAG_MPSAFE, &mca_log_interval, 0, + sysctl_mca_log_interval, "IU", + "Minimum number of seconds between logging correctable MCAs" + " (0 = no limit)"); + static unsigned int mca_ia32_ctl_reg(int bank) { @@ -448,98 +483,111 @@ mca_mute(const struct mca_record *rec) /* Dump details about a single machine check. */ static void -mca_log(const struct mca_record *rec) +mca_log(enum scan_mode mode, const struct mca_record *rec, bool fatal) { + int error, numskipped; uint16_t mca_error; enum mca_stat_types event_type; + struct sbuf sb; + bool uncor, using_shared_buf; if (mca_mute(rec)) return; - if (!log_corrected && (rec->mr_status & MC_STATUS_UC) == 0 && - (!tes_supported(rec->mr_mcg_cap) || + uncor = (rec->mr_status & MC_STATUS_UC) != 0; + + if (!log_corrected && !uncor && (!tes_supported(rec->mr_mcg_cap) || ((rec->mr_status & MC_STATUS_TES_STATUS) >> 53) != 0x2)) return; - printf("MCA: Bank %d, Status 0x%016llx\n", rec->mr_bank, + /* Try to use an allocated buffer when not in an interrupt context. */ + if (mode == POLLED && sbuf_new(&sb, NULL, 512, SBUF_AUTOEXTEND) != NULL) + using_shared_buf = false; + else { + using_shared_buf = true; + mtx_lock_spin(&mca_msg_buf_lock); + sbuf_new(&sb, mca_msg_buf, sizeof(mca_msg_buf), SBUF_FIXEDLEN); + } + + sbuf_printf(&sb, "MCA: Bank %d, Status 0x%016llx\n", rec->mr_bank, (long long)rec->mr_status); - printf("MCA: Global Cap 0x%016llx, Status 0x%016llx\n", + sbuf_printf(&sb, "MCA: Global Cap 0x%016llx, Status 0x%016llx\n", (long long)rec->mr_mcg_cap, (long long)rec->mr_mcg_status); - printf("MCA: Vendor \"%s\", ID 0x%x, APIC ID %d\n", cpu_vendor, - rec->mr_cpu_id, rec->mr_apic_id); - printf("MCA: CPU %d ", rec->mr_cpu); + sbuf_printf(&sb, "MCA: Vendor \"%s\", ID 0x%x, APIC ID %d\n", + cpu_vendor, rec->mr_cpu_id, rec->mr_apic_id); + sbuf_printf(&sb, "MCA: CPU %d ", rec->mr_cpu); if (rec->mr_status & MC_STATUS_UC) - printf("UNCOR "); + sbuf_printf(&sb, "UNCOR "); else { - printf("COR "); + sbuf_printf(&sb, "COR "); if (cmci_supported(rec->mr_mcg_cap)) - printf("(%lld) ", ((long long)rec->mr_status & + sbuf_printf(&sb, "(%lld) ", ((long long)rec->mr_status & MC_STATUS_COR_COUNT) >> 38); if (tes_supported(rec->mr_mcg_cap)) { switch ((rec->mr_status & MC_STATUS_TES_STATUS) >> 53) { case 0x1: - printf("(Green) "); + sbuf_printf(&sb, "(Green) "); break; case 0x2: - printf("(Yellow) "); + sbuf_printf(&sb, "(Yellow) "); break; } } } if (rec->mr_status & MC_STATUS_EN) - printf("EN "); + sbuf_printf(&sb, "EN "); if (rec->mr_status & MC_STATUS_PCC) - printf("PCC "); + sbuf_printf(&sb, "PCC "); if (ser_supported(rec->mr_mcg_cap)) { if (rec->mr_status & MC_STATUS_S) - printf("S "); + sbuf_printf(&sb, "S "); if (rec->mr_status & MC_STATUS_AR) - printf("AR "); + sbuf_printf(&sb, "AR "); } if (rec->mr_status & MC_STATUS_OVER) - printf("OVER "); + sbuf_printf(&sb, "OVER "); mca_error = rec->mr_status & MC_STATUS_MCA_ERROR; event_type = MCA_T_COUNT; switch (mca_error) { /* Simple error codes. */ case 0x0000: - printf("no error"); + sbuf_printf(&sb, "no error"); event_type = MCA_T_NONE; break; case 0x0001: - printf("unclassified error"); + sbuf_printf(&sb, "unclassified error"); event_type = MCA_T_UNCLASSIFIED; break; case 0x0002: - printf("ucode ROM parity error"); + sbuf_printf(&sb, "ucode ROM parity error"); event_type = MCA_T_UCODE_ROM_PARITY; break; case 0x0003: - printf("external error"); + sbuf_printf(&sb, "external error"); event_type = MCA_T_EXTERNAL; break; case 0x0004: - printf("FRC error"); + sbuf_printf(&sb, "FRC error"); event_type = MCA_T_FRC; break; case 0x0005: - printf("internal parity error"); + sbuf_printf(&sb, "internal parity error"); event_type = MCA_T_INTERNAL_PARITY; break; case 0x0006: - printf("SMM handler code access violation"); + sbuf_printf(&sb, "SMM handler code access violation"); event_type = MCA_T_SMM_HANDLER; break; case 0x0400: - printf("internal timer error"); + sbuf_printf(&sb, "internal timer error"); event_type = MCA_T_INTERNAL_TIMER; break; case 0x0e0b: - printf("generic I/O error"); + sbuf_printf(&sb, "generic I/O error"); event_type = MCA_T_GENERIC_IO; if (rec->mr_cpu_vendor_id == CPU_VENDOR_INTEL && (rec->mr_status & MC_STATUS_MISCV)) { - printf(" (pci%d:%d:%d:%d)", + sbuf_printf(&sb, " (pci%d:%d:%d:%d)", (int)((rec->mr_misc & MC_MISC_PCIE_SEG) >> 32), (int)((rec->mr_misc & MC_MISC_PCIE_BUS) >> 24), (int)((rec->mr_misc & MC_MISC_PCIE_SLOT) >> 19), @@ -548,7 +596,8 @@ mca_log(const struct mca_record *rec) break; default: if ((mca_error & 0xfc00) == 0x0400) { - printf("internal error %x", mca_error & 0x03ff); + sbuf_printf(&sb, "internal error %x", + mca_error & 0x03ff); event_type = MCA_T_INTERNAL; break; } @@ -557,14 +606,16 @@ mca_log(const struct mca_record *rec) /* Memory hierarchy error. */ if ((mca_error & 0xeffc) == 0x000c) { - printf("%s memory error", mca_error_level(mca_error)); + sbuf_printf(&sb, "%s memory error", + mca_error_level(mca_error)); event_type = MCA_T_MEMORY; break; } /* TLB error. */ if ((mca_error & 0xeff0) == 0x0010) { - printf("%sTLB %s error", mca_error_ttype(mca_error), + sbuf_printf(&sb, "%sTLB %s error", + mca_error_ttype(mca_error), mca_error_level(mca_error)); event_type = MCA_T_TLB; break; @@ -572,19 +623,19 @@ mca_log(const struct mca_record *rec) /* Memory controller error. */ if ((mca_error & 0xef80) == 0x0080) { - printf("%s channel ", mca_error_mmtype(mca_error, - &event_type)); + sbuf_printf(&sb, "%s channel ", + mca_error_mmtype(mca_error, &event_type)); if ((mca_error & 0x000f) != 0x000f) - printf("%d", mca_error & 0x000f); + sbuf_printf(&sb, "%d", mca_error & 0x000f); else - printf("??"); - printf(" memory error"); + sbuf_printf(&sb, "??"); + sbuf_printf(&sb, " memory error"); break; } /* Cache error. */ if ((mca_error & 0xef00) == 0x0100) { - printf("%sCACHE %s %s error", + sbuf_printf(&sb, "%sCACHE %s %s error", mca_error_ttype(mca_error), mca_error_level(mca_error), mca_error_request(mca_error)); @@ -594,77 +645,129 @@ mca_log(const struct mca_record *rec) /* Extended memory error. */ if ((mca_error & 0xef80) == 0x0280) { - printf("%s channel ", mca_error_mmtype(mca_error, - &event_type)); + sbuf_printf(&sb, "%s channel ", + mca_error_mmtype(mca_error, &event_type)); if ((mca_error & 0x000f) != 0x000f) - printf("%d", mca_error & 0x000f); + sbuf_printf(&sb, "%d", mca_error & 0x000f); else - printf("??"); - printf(" extended memory error"); + sbuf_printf(&sb, "??"); + sbuf_printf(&sb, " extended memory error"); break; } /* Bus and/or Interconnect error. */ if ((mca_error & 0xe800) == 0x0800) { - printf("BUS%s ", mca_error_level(mca_error)); + sbuf_printf(&sb, "BUS%s ", mca_error_level(mca_error)); event_type = MCA_T_BUS; switch ((mca_error & 0x0600) >> 9) { case 0: - printf("Source"); + sbuf_printf(&sb, "Source"); break; case 1: - printf("Responder"); + sbuf_printf(&sb, "Responder"); break; case 2: - printf("Observer"); + sbuf_printf(&sb, "Observer"); break; default: - printf("???"); + sbuf_printf(&sb, "???"); break; } - printf(" %s ", mca_error_request(mca_error)); + sbuf_printf(&sb, " %s ", mca_error_request(mca_error)); switch ((mca_error & 0x000c) >> 2) { case 0: - printf("Memory"); + sbuf_printf(&sb, "Memory"); break; case 2: - printf("I/O"); + sbuf_printf(&sb, "I/O"); break; case 3: - printf("Other"); + sbuf_printf(&sb, "Other"); break; default: - printf("???"); + sbuf_printf(&sb, "???"); break; } if (mca_error & 0x0100) - printf(" timed out"); + sbuf_printf(&sb, " timed out"); break; } - printf("unknown error %x", mca_error); + sbuf_printf(&sb, "unknown error %x", mca_error); event_type = MCA_T_UNKNOWN; break; } - printf("\n"); + sbuf_printf(&sb, "\n"); if (rec->mr_status & MC_STATUS_ADDRV) { - printf("MCA: Address 0x%llx", (long long)rec->mr_addr); + sbuf_printf(&sb, "MCA: Address 0x%llx", + (long long)rec->mr_addr); if (ser_supported(rec->mr_mcg_cap) && (rec->mr_status & MC_STATUS_MISCV)) { - printf(" (Mode: %s, LSB: %d)", + sbuf_printf(&sb, " (Mode: %s, LSB: %d)", mca_addres_mode(rec->mr_misc), (int)(rec->mr_misc & MC_MISC_RA_LSB)); } - printf("\n"); + sbuf_printf(&sb, "\n"); } if (rec->mr_status & MC_STATUS_MISCV) - printf("MCA: Misc 0x%llx\n", (long long)rec->mr_misc); + sbuf_printf(&sb, "MCA: Misc 0x%llx\n", (long long)rec->mr_misc); + if (event_type < 0 || event_type >= MCA_T_COUNT) { KASSERT(0, ("%s: invalid event type (%d)", __func__, event_type)); event_type = MCA_T_UNKNOWN; } - atomic_add_64(&mca_stats[event_type], 1); + numskipped = 0; + if (!fatal && !uncor) { + /* + * Update statistics and check the rate limit for + * correctable errors. The rate limit is only applied + * after the system records a reasonable number of errors + * of the same type. The goal is to reduce the impact of + * the system seeing and attempting to log a burst of + * similar errors, which (especially when printed to the + * console) can be expensive. + */ + mtx_lock_spin(&mca_lock); + mca_stats[event_type]++; + if (mca_log_interval.tv_sec > 0 && mca_stats[event_type] > 50 && + ratecheck(&mca_last_log_time, &mca_log_interval) == 0) { + mca_log_skipped++; + mtx_unlock_spin(&mca_lock); + goto done; + } + numskipped = mca_log_skipped; + mca_log_skipped = 0; + mtx_unlock_spin(&mca_lock); + } + + error = sbuf_finish(&sb); + if (fatal || !mca_uselog) { + if (numskipped > 0) + printf("MCA: %d events skipped due to rate limit\n", + numskipped); + if (error) + printf("MCA: error logging message (sbuf error %d)\n", + error); + else + sbuf_putbuf(&sb); + } else { + if (numskipped > 0) + log(LOG_ERR, + "MCA: %d events skipped due to rate limit\n", + numskipped); + if (error) + log(LOG_ERR, + "MCA: error logging message (sbuf error %d)\n", + error); + else + log(uncor ? LOG_CRIT : LOG_ERR, "%s", sbuf_data(&sb)); + } + +done: + sbuf_delete(&sb); + if (using_shared_buf) + mtx_unlock_spin(&mca_msg_buf_lock); } static bool @@ -825,7 +928,7 @@ mca_record_entry(enum scan_mode mode, const struct mca_record *record) if (rec == NULL) { mtx_unlock_spin(&mca_lock); printf("MCA: Unable to allocate space for an event.\n"); - mca_log(record); + mca_log(mode, record, false); return; } STAILQ_REMOVE_HEAD(&mca_freelist, link); @@ -982,7 +1085,7 @@ mca_scan(enum scan_mode mode, bool *recoverablep) if (*recoverablep) mca_record_entry(mode, &rec); else - mca_log(&rec); + mca_log(mode, &rec, true); } #ifdef DEV_APIC @@ -1066,7 +1169,7 @@ mca_process_records(enum scan_mode mode) mtx_unlock_spin(&mca_lock); STAILQ_FOREACH(mca, &tmplist, link) - mca_log(&mca->rec); + mca_log(mode, &mca->rec, false); mtx_lock_spin(&mca_lock); while ((mca = STAILQ_FIRST(&tmplist)) != NULL) { @@ -1231,6 +1334,7 @@ mca_setup(uint64_t mcg_cap) mca_banks = mcg_cap & MCG_CAP_COUNT; mtx_init(&mca_lock, "mca", NULL, MTX_SPIN); + mtx_init(&mca_msg_buf_lock, "mca_msg_buf", NULL, MTX_SPIN); STAILQ_INIT(&mca_records); STAILQ_INIT(&mca_pending); mca_tq = taskqueue_create_fast("mca", M_WAITOK, diff --git a/tests/sys/mac/ipacl/Makefile b/tests/sys/mac/ipacl/Makefile index e083f6c1a69c..93b29e250ea5 100644 --- a/tests/sys/mac/ipacl/Makefile +++ b/tests/sys/mac/ipacl/Makefile @@ -6,4 +6,9 @@ ATF_TESTS_SH+= ipacl_test ${PACKAGE}FILES+= utils.subr +.for t in ${ATF_TESTS_SH} +TEST_METADATA.$t+= required_kmods="mac_ipacl" +TEST_METADATA.$t+= is_exclusive="true" +.endfor + .include <bsd.test.mk> diff --git a/tests/sys/mac/ipacl/ipacl_test.sh b/tests/sys/mac/ipacl/ipacl_test.sh index 0de1b414857b..892f4c154b66 100644 --- a/tests/sys/mac/ipacl/ipacl_test.sh +++ b/tests/sys/mac/ipacl/ipacl_test.sh @@ -40,6 +40,9 @@ ipacl_v4_body() { ipacl_test_init + prev_ipacl_ipv4="$(sysctl -n security.mac.ipacl.ipv4)" + prev_ipacl_rules="$(sysctl -n security.mac.ipacl.rules)" + epairA=$(vnet_mkepair) epairB=$(vnet_mkepair) epairC=$(vnet_mkepair) @@ -130,8 +133,9 @@ ipacl_v4_body() atf_check -s not-exit:0 -e ignore \ jexec A ifconfig ${epairA}b 203.0.113.1/24 up - # Reset rules OID. - sysctl security.mac.ipacl.rules= + # Reset sysctls. + sysctl security.mac.ipacl.rules="${prev_ipacl_rules}" + sysctl security.mac.ipacl.ipv4="${prev_ipacl_ipv4}" } ipacl_v4_cleanup() @@ -151,6 +155,9 @@ ipacl_v6_body() { ipacl_test_init + prev_ipacl_ipv6="$(sysctl -n security.mac.ipacl.ipv6)" + prev_ipacl_rules="$(sysctl -n security.mac.ipacl.rules)" + epairA=$(vnet_mkepair) epairB=$(vnet_mkepair) epairC=$(vnet_mkepair) @@ -265,8 +272,9 @@ ipacl_v6_body() atf_check -s not-exit:0 -e ignore jexec A ifconfig \ ${epairA}b inet6 2001:db8::abcd/32 up - # Reset rules OID. - sysctl security.mac.ipacl.rules= + # Reset sysctls. + sysctl security.mac.ipacl.rules="${prev_ipacl_rules}" + sysctl security.mac.ipacl.ipv6="${prev_ipacl_ipv6}" } ipacl_v6_cleanup() diff --git a/tests/sys/mac/ipacl/utils.subr b/tests/sys/mac/ipacl/utils.subr index 1d80414bafea..2fff8b1862da 100644 --- a/tests/sys/mac/ipacl/utils.subr +++ b/tests/sys/mac/ipacl/utils.subr @@ -5,10 +5,6 @@ ipacl_test_init() { vnet_init - - if ! kldstat -q -m mac_ipacl; then - atf_skip "mac_ipacl is not loaded" - fi } ipacl_test_cleanup() diff --git a/tests/sys/mac/portacl/Makefile b/tests/sys/mac/portacl/Makefile index 856a85d331d5..28c3a5cd71ce 100644 --- a/tests/sys/mac/portacl/Makefile +++ b/tests/sys/mac/portacl/Makefile @@ -8,6 +8,7 @@ TAP_TESTS_SH+= nobody_test TAP_TESTS_SH+= root_test .for t in ${TAP_TESTS_SH} +TEST_METADATA.$t+= required_kmods="mac_portacl" TEST_METADATA.$t+= required_user="root" TEST_METADATA.$t+= timeout="450" TEST_METADATA.$t+= is_exclusive="true" diff --git a/tests/sys/mac/portacl/misc.sh b/tests/sys/mac/portacl/misc.sh index a1b729c87777..4d3f18fce1c1 100644 --- a/tests/sys/mac/portacl/misc.sh +++ b/tests/sys/mac/portacl/misc.sh @@ -1,15 +1,5 @@ #!/bin/sh -sysctl security.mac.portacl >/dev/null 2>&1 -if [ $? -ne 0 ]; then - echo "1..0 # SKIP MAC_PORTACL is unavailable." - exit 0 -fi -if [ $(id -u) -ne 0 ]; then - echo "1..0 # SKIP testcases must be run as root" - exit 0 -fi - ntest=1 check_bind() { @@ -95,6 +85,7 @@ bind_test() { sysctl security.mac.portacl.rules= >/dev/null } +portacl_enabled=$(sysctl -n security.mac.portacl.enabled) reserved_high=$(sysctl -n net.inet.ip.portrange.reservedhigh) suser_exempt=$(sysctl -n security.mac.portacl.suser_exempt) port_high=$(sysctl -n security.mac.portacl.port_high) @@ -103,4 +94,5 @@ restore_settings() { sysctl -n net.inet.ip.portrange.reservedhigh=${reserved_high} >/dev/null sysctl -n security.mac.portacl.suser_exempt=${suser_exempt} >/dev/null sysctl -n security.mac.portacl.port_high=${port_high} >/dev/null + sysctl -n security.mac.portacl.enabled=${portacl_enabled} >/dev/null } diff --git a/tests/sys/mac/portacl/nobody_test.sh b/tests/sys/mac/portacl/nobody_test.sh index 7e64f68113ea..a3f2168dc81d 100644 --- a/tests/sys/mac/portacl/nobody_test.sh +++ b/tests/sys/mac/portacl/nobody_test.sh @@ -13,6 +13,7 @@ trap restore_settings EXIT INT TERM sysctl security.mac.portacl.suser_exempt=1 >/dev/null sysctl net.inet.ip.portrange.reservedhigh=78 >/dev/null +sysctl security.mac.portacl.enabled=1 >/dev/null bind_test fl fl uid nobody tcp 77 bind_test ok ok uid nobody tcp 7777 diff --git a/tests/sys/mac/portacl/root_test.sh b/tests/sys/mac/portacl/root_test.sh index daa5b147b4fa..d8898ff4f80e 100644 --- a/tests/sys/mac/portacl/root_test.sh +++ b/tests/sys/mac/portacl/root_test.sh @@ -10,6 +10,7 @@ echo "1..48" trap restore_settings EXIT INT TERM sysctl security.mac.portacl.suser_exempt=1 >/dev/null +sysctl security.mac.portacl.enabled=1 >/dev/null bind_test ok ok uid root tcp 77 bind_test ok ok uid root tcp 7777 diff --git a/tools/build/Makefile b/tools/build/Makefile index 09351900599a..fdec5f11311d 100644 --- a/tools/build/Makefile +++ b/tools/build/Makefile @@ -85,6 +85,10 @@ INCS+= stdlib.h SRCS+= reallocarray.c .endif +.if !exists(${HOST_INCLUDE_ROOT}/stdckdint.h) +INCS+= stdckdint.h +.endif + .if exists(${HOST_INCLUDE_ROOT}/sys/stat.h) _WITH_UTIMENS!= grep -c utimensat ${HOST_INCLUDE_ROOT}/sys/stat.h || true .else diff --git a/tools/build/cross-build/include/common/sys/cdefs.h b/tools/build/cross-build/include/common/sys/cdefs.h index 3f9b7866141f..faad5eccb3af 100644 --- a/tools/build/cross-build/include/common/sys/cdefs.h +++ b/tools/build/cross-build/include/common/sys/cdefs.h @@ -270,6 +270,16 @@ #define __ISO_C_VISIBLE 2011 #define __EXT1_VISIBLE 1 +/* + * Macro to test if we're using a specific version of gcc or later. + */ +#if defined(__GNUC__) +#define __GNUC_PREREQ__(ma, mi) \ + (__GNUC__ > (ma) || __GNUC__ == (ma) && __GNUC_MINOR__ >= (mi)) +#else +#define __GNUC_PREREQ__(ma, mi) 0 +#endif + /* Alignment builtins for better type checking and improved code generation. */ /* Provide fallback versions for other compilers (GCC/Clang < 10): */ #if !__has_builtin(__builtin_is_aligned) diff --git a/tools/tools/crypto/cryptocheck.c b/tools/tools/crypto/cryptocheck.c index 6506671455ac..46a364b0453c 100644 --- a/tools/tools/crypto/cryptocheck.c +++ b/tools/tools/crypto/cryptocheck.c @@ -362,9 +362,11 @@ enable_user_soft(void) size_t cursize = sizeof(curstate); if (sysctlbyname(CRYPT_SOFT_ALLOW, &curstate, &cursize, - &on, sizeof(on)) == 0) { + &on, sizeof(on)) == 0) { if (curstate == 0) atexit(reset_user_soft); + } else { + err(1, "sysctl(%s)", CRYPT_SOFT_ALLOW); } } @@ -373,7 +375,10 @@ crlookup(const char *devname) { struct crypt_find_op find; - if (strncmp(devname, "soft", 4) == 0) { + if (strncmp(devname, "soft", 4) == 0 || + strncmp(devname, "ossl", 4) == 0 || + strncmp(devname, "aesni", 5) == 0 || + strncmp(devname, "armv8crypto", 11) == 0) { enable_user_soft(); return CRYPTO_FLAG_SOFTWARE; } diff --git a/usr.bin/sockstat/main.c b/usr.bin/sockstat/main.c index 3b989c4283e4..a917672120d5 100644 --- a/usr.bin/sockstat/main.c +++ b/usr.bin/sockstat/main.c @@ -1230,40 +1230,40 @@ calculate_sock_column_widths(struct col_widths *cw, struct sock *s) { .socket = s->splice_socket }); if (sp != NULL) { len = formataddr(&sp->laddr->address, - NULL, 0); + NULL, 0); cw->splice_address = MAX( - cw->splice_address, len); + cw->splice_address, len); } } } if (opt_i) { - if (s->proto == IPPROTO_TCP || s->proto == IPPROTO_UDP) - { + if (s->proto == IPPROTO_TCP || + s->proto == IPPROTO_UDP) { len = snprintf(NULL, 0, - "%" PRIu64, s->inp_gencnt); + "%" PRIu64, s->inp_gencnt); cw->inp_gencnt = MAX(cw->inp_gencnt, len); } } if (opt_U) { if (faddr != NULL && - ((s->proto == IPPROTO_SCTP && - s->state != SCTP_CLOSED && - s->state != SCTP_BOUND && - s->state != SCTP_LISTEN) || - (s->proto == IPPROTO_TCP && - s->state != TCPS_CLOSED && - s->state != TCPS_LISTEN))) { + ((s->proto == IPPROTO_SCTP && + s->state != SCTP_CLOSED && + s->state != SCTP_BOUND && + s->state != SCTP_LISTEN) || + (s->proto == IPPROTO_TCP && + s->state != TCPS_CLOSED && + s->state != TCPS_LISTEN))) { len = snprintf(NULL, 0, "%u", - ntohs(faddr->encaps_port)); + ntohs(faddr->encaps_port)); cw->encaps = MAX(cw->encaps, len); } } if (opt_s) { if (faddr != NULL && - s->proto == IPPROTO_SCTP && - s->state != SCTP_CLOSED && - s->state != SCTP_BOUND && - s->state != SCTP_LISTEN) { + s->proto == IPPROTO_SCTP && + s->state != SCTP_CLOSED && + s->state != SCTP_BOUND && + s->state != SCTP_LISTEN) { len = strlen(sctp_path_state(faddr->state)); cw->path_state = MAX(cw->path_state, len); } @@ -1271,21 +1271,22 @@ calculate_sock_column_widths(struct col_widths *cw, struct sock *s) if (first) { if (opt_s) { if (s->proto == IPPROTO_SCTP || - s->proto == IPPROTO_TCP) { + s->proto == IPPROTO_TCP) { switch (s->proto) { case IPPROTO_SCTP: len = strlen( sctp_conn_state(s->state)); cw->conn_state = MAX( - cw->conn_state, len); + cw->conn_state, len); break; case IPPROTO_TCP: if (s->state >= 0 && s->state < TCP_NSTATES) { - len = strlen( - tcpstates[s->state]); - cw->conn_state = MAX( - cw->conn_state, len); + len = strlen( + tcpstates[s->state]); + cw->conn_state = MAX( + cw->conn_state, + len); } break; } @@ -1462,8 +1463,8 @@ display_sock(struct sock *s, struct col_widths *cw, char *buf, size_t bufsize) cw->splice_address, buf); } if (opt_i) { - if (s->proto == IPPROTO_TCP || s->proto == IPPROTO_UDP) - { + if (s->proto == IPPROTO_TCP || + s->proto == IPPROTO_UDP) { snprintf(buf, bufsize, "%" PRIu64, s->inp_gencnt); xo_emit(" {:id/%*s}", cw->inp_gencnt, buf); @@ -1472,29 +1473,29 @@ display_sock(struct sock *s, struct col_widths *cw, char *buf, size_t bufsize) } if (opt_U) { if (faddr != NULL && - ((s->proto == IPPROTO_SCTP && - s->state != SCTP_CLOSED && - s->state != SCTP_BOUND && - s->state != SCTP_LISTEN) || - (s->proto == IPPROTO_TCP && - s->state != TCPS_CLOSED && - s->state != TCPS_LISTEN))) { + ((s->proto == IPPROTO_SCTP && + s->state != SCTP_CLOSED && + s->state != SCTP_BOUND && + s->state != SCTP_LISTEN) || + (s->proto == IPPROTO_TCP && + s->state != TCPS_CLOSED && + s->state != TCPS_LISTEN))) { xo_emit(" {:encaps/%*u}", cw->encaps, - ntohs(faddr->encaps_port)); + ntohs(faddr->encaps_port)); } else if (!is_xo_style_encoding) xo_emit(" {:encaps/%*s}", cw->encaps, "??"); } if (opt_s) { if (faddr != NULL && - s->proto == IPPROTO_SCTP && - s->state != SCTP_CLOSED && - s->state != SCTP_BOUND && - s->state != SCTP_LISTEN) { + s->proto == IPPROTO_SCTP && + s->state != SCTP_CLOSED && + s->state != SCTP_BOUND && + s->state != SCTP_LISTEN) { xo_emit(" {:path-state/%-*s}", cw->path_state, - sctp_path_state(faddr->state)); + sctp_path_state(faddr->state)); } else if (!is_xo_style_encoding) xo_emit(" {:path-state/%-*s}", cw->path_state, - "??"); + "??"); } if (first) { if (opt_s) { @@ -1503,40 +1504,40 @@ display_sock(struct sock *s, struct col_widths *cw, char *buf, size_t bufsize) switch (s->proto) { case IPPROTO_SCTP: xo_emit(" {:conn-state/%-*s}", - cw->conn_state, - sctp_conn_state(s->state)); + cw->conn_state, + sctp_conn_state(s->state)); break; case IPPROTO_TCP: if (s->state >= 0 && - s->state < TCP_NSTATES) + s->state < TCP_NSTATES) xo_emit(" {:conn-state/%-*s}", - cw->conn_state, - tcpstates[s->state]); + cw->conn_state, + tcpstates[s->state]); else if (!is_xo_style_encoding) xo_emit(" {:conn-state/%-*s}", - cw->conn_state, "??"); + cw->conn_state, "??"); break; } } else if (!is_xo_style_encoding) xo_emit(" {:conn-state/%-*s}", - cw->conn_state, "??"); + cw->conn_state, "??"); } if (opt_b) { if (s->proto == IPPROTO_TCP) xo_emit(" {:bblog-state/%-*s}", - cw->bblog_state, - bblog_state(s->bblog_state)); + cw->bblog_state, + bblog_state(s->bblog_state)); else if (!is_xo_style_encoding) xo_emit(" {:bblog-state/%-*s}", - cw->bblog_state, "??"); + cw->bblog_state, "??"); } if (opt_S) { if (s->proto == IPPROTO_TCP) xo_emit(" {:stack/%-*s}", - cw->stack, s->stack); + cw->stack, s->stack); else if (!is_xo_style_encoding) xo_emit(" {:stack/%-*s}", - cw->stack, "??"); + cw->stack, "??"); } if (opt_C) { if (s->proto == IPPROTO_TCP) @@ -1551,8 +1552,8 @@ display_sock(struct sock *s, struct col_widths *cw, char *buf, size_t bufsize) faddr = faddr->next; if (!is_xo_style_encoding && (laddr != NULL || faddr != NULL)) xo_emit("{:user/%-*s} {:command/%-*s} {:pid/%*s}" - " {:fd/%*s}", cw->user, "??", cw->command, "??", - cw->pid, "??", cw->fd, "??"); + " {:fd/%*s}", cw->user, "??", cw->command, "??", + cw->pid, "??", cw->fd, "??"); first = false; } xo_emit("\n"); @@ -1613,7 +1614,7 @@ display(void) xo_emit(" {T:/%*s}", cw.fib, "FIB"); if (opt_I) xo_emit(" {T:/%-*s}", cw.splice_address, - "SPLICE ADDRESS"); + "SPLICE ADDRESS"); if (opt_i) xo_emit(" {T:/%*s}", cw.inp_gencnt, "ID"); if (opt_U) @@ -1644,15 +1645,15 @@ display(void) if (opt_n || (pwd = cap_getpwuid(cappwd, xf->xf_uid)) == NULL) xo_emit("{:user/%-*lu}", cw.user, - (u_long)xf->xf_uid); + (u_long)xf->xf_uid); else xo_emit("{:user/%-*s}", cw.user, pwd->pw_name); if (!is_xo_style_encoding) xo_emit(" {:command/%-*.10s}", cw.command, - getprocname(xf->xf_pid)); + getprocname(xf->xf_pid)); else xo_emit(" {:command/%-*s}", cw.command, - getprocname(xf->xf_pid)); + getprocname(xf->xf_pid)); xo_emit(" {:pid/%*lu}", cw.pid, (u_long)xf->xf_pid); xo_emit(" {:fd/%*d}", cw.fd, xf->xf_fd); display_sock(s, &cw, buf, bufsize); @@ -1667,8 +1668,8 @@ display(void) xo_open_instance("socket"); if (!is_xo_style_encoding) xo_emit("{:user/%-*s} {:command/%-*s} {:pid/%*s}" - " {:fd/%*s}", cw.user, "??", cw.command, "??", - cw.pid, "??", cw.fd, "??"); + " {:fd/%*s}", cw.user, "??", cw.command, "??", + cw.pid, "??", cw.fd, "??"); display_sock(s, &cw, buf, bufsize); xo_close_instance("socket"); } @@ -1680,8 +1681,8 @@ display(void) xo_open_instance("socket"); if (!is_xo_style_encoding) xo_emit("{:user/%-*s} {:command/%-*s} {:pid/%*s}" - " {:fd/%*s}", cw.user, "??", cw.command, "??", - cw.pid, "??", cw.fd, "??"); + " {:fd/%*s}", cw.user, "??", cw.command, "??", + cw.pid, "??", cw.fd, "??"); display_sock(s, &cw, buf, bufsize); xo_close_instance("socket"); } diff --git a/usr.sbin/bsdinstall/bsdinstall.8 b/usr.sbin/bsdinstall/bsdinstall.8 index 6175d26b4fd3..ee141e1d4296 100644 --- a/usr.sbin/bsdinstall/bsdinstall.8 +++ b/usr.sbin/bsdinstall/bsdinstall.8 @@ -247,7 +247,7 @@ Extracts the distributions listed in .Ev DISTRIBUTIONS into .Ev BSDINSTALL_CHROOT . -.It Cm pkgbase Op Fl --jail +.It Cm pkgbase Op Fl -jail Fetch and install base system packages to .Ev BSDINSTALL_CHROOT . Packages are fetched according to repository configuration in @@ -256,7 +256,7 @@ if set, or .Lk pkg.freebsd.org otherwise. If the -.Fl --jail +.Fl -jail option is passed, no kernel is installed, and the .Dq jail variant of each package set will be selected where applicable. diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8 index d44b7f66a64e..9aed9b671b9e 100644 --- a/usr.sbin/jail/jail.8 +++ b/usr.sbin/jail/jail.8 @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd September 15, 2025 +.Dd October 8, 2025 .Dt JAIL 8 .Os .Sh NAME @@ -705,8 +705,8 @@ The super-user is enabled by default. Allow privileged processes in the jail to manipulate filesystem extended attributes in the system namespace. .It Va allow.adjtime -Allow privileged processes in the jail to slowly adjusting global operating system -time. +Allow privileged processes in the jail to slowly adjusting global operating +system time. For example through utilities like .Xr ntpd 8 . .It Va allow.settime @@ -1009,7 +1009,7 @@ jail is removed. .It Va ip4.addr In addition to the IP addresses that are passed to the kernel, an interface, netmask and additional parameters (as supported by -.Xr ifconfig 8 Ns ) +.Xr ifconfig 8 ) may also be specified, in the form .Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar netmask param ... . If an interface is given before the IP address, an alias for the address @@ -1023,11 +1023,12 @@ adding the IP alias. .It Va ip6.addr In addition to the IP addresses that are passed to the kernel, an interface, prefix and additional parameters (as supported by -.Xr ifconfig 8 Ns ) +.Xr ifconfig 8 ) may also be specified, in the form .Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar prefix param ... . .It Va vnet.interface -A list of network interfaces to give to a vnet-enabled jail after is it created. +A comma separated list of network interfaces to give to a vnet-enabled jail +after is it created. The interfaces will automatically be released when the jail is removed. .It Va zfs.dataset A list of ZFS datasets to be attached to the jail. diff --git a/usr.sbin/pw/pwupd.c b/usr.sbin/pw/pwupd.c index 89c1553c8c92..845a607ab1cb 100644 --- a/usr.sbin/pw/pwupd.c +++ b/usr.sbin/pw/pwupd.c @@ -119,7 +119,7 @@ pw_update(struct passwd * pwd, char const * user) */ if (pw_mkdb(pw != NULL ? pw->pw_name : NULL) == -1) { pw_fini(); - err(1, "pw_mkdb()"); + errx(1, "pw_mkdb()"); } free(pw); pw_fini(); diff --git a/usr.sbin/unbound/setup/local-unbound-setup.sh b/usr.sbin/unbound/setup/local-unbound-setup.sh index d57d74952fc7..25cfef48b6f0 100755 --- a/usr.sbin/unbound/setup/local-unbound-setup.sh +++ b/usr.sbin/unbound/setup/local-unbound-setup.sh @@ -261,6 +261,7 @@ gen_unbound_conf() { if [ "${use_tls}" = "yes" ] ; then echo " tls-cert-bundle: /etc/ssl/cert.pem" fi + echo " so-sndbuf: 0" echo "" if [ -f "${forward_conf}" ] ; then echo "include: ${forward_conf}" |