aboutsummaryrefslogtreecommitdiff
path: root/usr.sbin
Commit message (Collapse)AuthorAgeFilesLines
* etcupdate: Chase test case after pwd_mkdb(8) no longer copies comments.Xin LI2 days1-1/+1
| | | | MFC after: 3 days
* bhyve: Fix a buffer overread in the PCI hda device model.John Baldwin12 days1-2/+4
| | | | | | | | | | | | | | | | | | The sc->codecs array contains HDA_CODEC_MAX (15) entries. The guest-supplied cad field in the verb provided to hda_send_command is a 4-bit field that was used as an index into sc->codecs without any bounds checking. The highest value (15) would overflow the array. Other uses of sc->codecs in the device model used sc->codecs_no to determine which array indices have been initialized, so use a similar check to reject requests for uninitialized or invalid cad indices in hda_send_command. PR: 264582 Reported by: Robert Morris <rtm@lcs.mit.edu> Reviewed by: corvink, markj, emaste Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D38128
* bhyve: Fix a global buffer overread in the PCI hda device model.John Baldwin12 days1-5/+5
| | | | | | | | | | | | hda_write did not validate the relative register offset before using it as an index into the hda_set_reg_table array to lookup a function pointer to execute after updating the register's value. PR: 264435 Reported by: Robert Morris <rtm@lcs.mit.edu> Reviewed by: corvink, markj, emaste Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D38127
* bhyve: Remove vmctx argument from PCI device model methods.John Baldwin13 days24-204/+167
| | | | | | | | | Most of these arguments were unused. Device models which do need access to the vmctx in one of these methods can obtain it from the pi_vmctx member of the pci_devinst argument instead. Reviewed by: corvink, markj Differential Revision: https://reviews.freebsd.org/D38096
* bhyve: Avoid triggering false -Wfree-nonheap-object warnings.John Baldwin13 days1-11/+6
| | | | | | | | | | | | | | | XHCI port and slot numbers are 1-based rather than 0-based. To handle this, bhyve was subtracting one item from the pointers saved in the softc so that index 1 accessed index 0 of the allocated array. However, this is UB and confused GCC 12. The compiler noticed that the calls to free() were using an offset and emitted a warning. Rather than storing UB pointers in the softc, push the decrement operation into the existing macros that wrap accesses to the relevant arrays. Reviewed by: corvink, markj Differential Revision: https://reviews.freebsd.org/D36829
* nfs: Fix a common typo in source code commentsGordon Bergling13 days2-2/+2
| | | | | | - s/ingore/ignore/ MFC after: 3 days
* mountd(8): Fix a typo in a source code commentGordon Bergling13 days1-1/+1
| | | | | | - s/ingore/ignore/ MFC after: 3 days
* cxgbetool(8): Fix common typos in sysctl descriptionsGordon Bergling13 days3-3/+3
| | | | | | - s/addres/address/ MFC after: 5 days
* bsnmpget.1: Fix a typo in the man pageGordon Bergling13 days1-1/+1
| | | | | | - s/ingore/ignore/ MFC after: 3 days
* unbound: Fix config file pathJuraj Lutter2023-01-181-1/+1
| | | | | | | | | | | | | | | Commit 1838dec31895fd4752fa8631322ab93be0705a66 changed the config file path to /usr/local/etc/unbound/unbound.conf which is wrong for unbound in base. Reported by: Ihor Antonov <ihor_AT_antonovs_family> Reviewed by: zlei Approved by: zlei Differential Revision: https://reviews.freebsd.org/D38106 Fixes: 1838dec31895fd4752fa8631322ab93be0705a66 MFC after: 1 month X-MFC with: 1838dec31895fd4752fa8631322ab93be0705a66
* bsdconfig: correct name of the wpa_supplicant config fileCeri Davies2023-01-162-8/+8
| | | | | Approved by: maintainer timeout (dteske) Differential Revision: https://reviews.freebsd.org/D37750
* bsdconfig, bsdinstall: Refresh mirrors listDanilo G. Baio2023-01-163-178/+66
| | | | | | | | | | | | | The mirrors list is in sync with the Handbook / Mirrors section [1], which was refreshed a few months ago. Mirrors removed were not responding or had duplicated addresses (aliases) with another mirror. 1 - https://docs.freebsd.org/en/books/handbook/mirrors/ Reviewed by: philip (clusteradm) Approved by: philip MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D38014
* mixer: Fix default_unit switching with mixers that have no devicesMark Johnston2023-01-161-14/+5
| | | | | | | | | | | | | | | | | | | | | Apparently it's possible for a mixer to have no devices: $ mixer -f /dev/mixer2 pcm2:mixer: <USB audio> at ? kld snd_uaudio (rec) $ If this is the default sound device, an attempt to change the default unit using mixer -d fails with a segfault because mod_dunit is called with a NULL device pointer, which is dereferenced to get the parent mixer. ctl_dunit seems to be a dummy, i.e., we don't actually need it and can simply pass the mixer to mod_dunit() directly. This patch removes that structure and associated indirection to fix the crash. Reviewed by: christos, hselasky MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D38060
* unbound: Fix config.hCy Schubert2023-01-151-1/+1
| | | | | | | | | | | | | FreeBSD src does not support HAVE_DECL_EVSIGNAL_ASSIGN. While reviewing the new config.h after regenerating it, this definition was not removed. Updating config.h is a manual process of configuring the port and copying/merging the generated config.h into src. This definition was missed and not removed (#undef'd). Fixes: 1838dec31895fd4752fa8631322ab93be0705a66 MFC after: 1 month X-MFC with: 1838dec31895fd4752fa8631322ab93be0705a66
* unbound: Vendor import 1.17.1Cy Schubert2023-01-151-31/+173
| | | | | | | | | Release notes at https://www.nlnetlabs.nl/news/2023/Jan/12/unbound-1.17.1-released/. MFC after: 1 month Merge commit '7699e1386a16236002b26107ffd2dcbde375e197' into main
* makefs: don't needlessly require directories to existBrooks Davis2023-01-121-1/+17
| | | | | | | | | | | | | | If a type=dir entry exists and all contents are directories, files added with contents=, or symlinks with link= attributes then it doesn't need to exist. Just let openat fail in that case. It's conceivable this will make debugging some cases weird, but it's sufficent to handle the way we add /root/.ssh in CheriBSD VM images. This is a recommit of 794154149f95d0cbc11aade166f9da919747e397 with bugfixes. Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D38029
* Revert "makefs: don't needlessly require directories to exist"Brooks Davis2023-01-121-16/+1
| | | | | | I pushed prematurely and this version is broken. This reverts commit 794154149f95d0cbc11aade166f9da919747e397.
* makefs: don't needlessly require directories to existBrooks Davis2023-01-121-1/+16
| | | | | | | | | | | If a type=dir entry exists and all contents are directories, files added with contents=, or symlinks with link= attributes then it doesn't need to exist. Just let openat fail in that case. It's conceivable this will make debugging some cases weird, but it's sufficent to handle the way we add /root/.ssh in CheriBSD VM images. Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D38029
* makefs: handle mtree link= for ZFSBrooks Davis2023-01-121-6/+14
| | | | | | | | When a link target is specified use it rather than attempting to read a potentially non-existant file. Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D38028
* makefs: handle mtree contents= in zfsBrooks Davis2023-01-121-1/+7
| | | | | | | When a source path is provided use it rather than constructing one. Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D38027
* Revert "gssd: Fix handling of the gssname=<name> NFS mount option"Rick Macklem2023-01-121-1/+1
| | | | | | | | | | | | | | | | | | | | | This reverts commit c33509d49a6fdcf86ef280a78f428d3cb7012c4a. It turns out that the long 27 second delay I saw in the gss_acquire_cred() call was caused by a (mis)configured DNS. Although I did not specify "dns" in /etc/nsswitch.conf, I did have a /etc/resolv.conf file on the system (left there by wpa_supplicant). As such, with no route, it was somehow trying to contact the DNS server, although there was none. Once I got rid of the /etc/resolv.conf file, it worked as expected. Since there is now a large 5 minute timeout on the kernel to gssd(8) upcalls, the gssd(8) daemon will not get terminated when this delay occurs and the only affect is a 30 second delay during the mount. Discussed with: bjk
* iwmbtfw(8): Fix a typo in a kernel messageGordon Bergling2023-01-111-1/+1
| | | | | | - s/succesful/successful/ MFC after: 5 days
* tzcode: Move configuration into separate header.Dag-Erling Smørgrav2023-01-112-4/+2
| | | | | MFC after: 1 week Sponsored by: Klara, Inc.
* Bring our tzcode up to date.Dag-Erling Smørgrav2023-01-109-131/+21
|\ | | | | | | | | | | | | | | | | | | * Replay 2010[acflm] which had been merged but not recorded. * Merge 2010n. * Reorganize (unsplit) the code to match the upstream layout. * Merge 2022[cdefg]. MFC after: 1 week Sponsored by: Klara, Inc.
* | gssd: Fix handling of the gssname=<name> NFS mount optionRick Macklem2023-01-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If an NFS mount using "sec=krb5[ip],gssname=<name>" is done, the gssd daemon fails. There is a long delay (several seconds) in the gss_acquire_cred() call and then it returns success, but the credentials returned are junk. I have no idea how long this has been broken, due to some change in the Heimdal gssapi library call, but I suspect it has been quite some time. Anyhow, it turns out that replacing the "desired_name" argument with GSS_C_NO_NAME fixes the problem. Replacing the argument should not be a problem, since the TGT for the host based initiator credential in the default keytab file should be the only TGT in the gssd'd credential cache (which is not the one for uid 0). I will try and determine if FreeBSD13 and/or FreeBSD12 needs this same fix and will MFC if they need the fix. This problem only affected Kerberized NFS mounts when the "gssname" mount option was used. Other Kerberized NFS mount cases already used GSS_C_NO_NAME and work ok. A workaround if you do not have this patch is to do a "kinit -k host/FQDN" as root on the machine, followed by the Kerberized NFS mount without the "gssname" mount option. MFC after: 1 month
* | pwd_mkdb(8): Don't copy comments from /etc/master.passwd to /etc/passwd.Andre Albsmeier2023-01-051-5/+8
| | | | | | | | | | | | | | | | | | | | | | | | The intention of /etc/passwd was to support legacy applications that are not yet converted to use modern API like getpwent(3). Comments are not defined in the legacy format, so copying them could break these applications. Plus, it could leak sensitive information (e.g. encrypted form of password of an user that was commented out instead of deleted or disabled). PR: bin/144652 MFC after: 1 month
* | newsyslog.conf: Minor formatting fixDavid E. O'Brien2022-12-291-2/+2
| |
* | newsyslog.conf: Sort pathsDavid E. O'Brien2022-12-291-2/+2
| |
* | bsdinstall: s/to small/too small/Mateusz Guzik2022-12-221-1/+1
| | | | | | | | Reported by: Sulev-Madis Silber <ketas@si.pri.ee>
* | rpc.tlsservd: Check for a tls syscall failure.Rick Macklem2022-12-221-1/+10
| | | | | | | | | | | | | | | | Although the tls syscall to set up the upcall should not normally fail, the daemon should check for such a failure. This patch adds a check for that failure. MFC after: 1 week
* | rpc.tlsclntd: Check for a tls syscall failure.Rick Macklem2022-12-211-1/+8
| | | | | | | | | | | | | | | | Although the tls syscall to set up the upcall should not normally fail, the daemon should check for such a failure. This patch adds a check for that failure. MFC after: 1 week
* | bhyve: Simplify spinup_ap_realmode slightly.John Baldwin2022-12-211-5/+4
| | | | | | | | | | | | | | There is no reason to modify the passed in rip variable. Reviewed by: corvink, markj Differential Revision: https://reviews.freebsd.org/D37647
* | bhyve: Tidy vCPU pthread startup.John Baldwin2022-12-211-7/+7
| | | | | | | | | | | | | | | | | | Set the thread affinity in fbsdrun_start_thread next to where the thread name is set. This keeps all the pthread initialization operations at the start of a thread in one place. Reviewed by: corvink, markj Differential Revision: https://reviews.freebsd.org/D37646
* | bhyve: Don't access vcpumap[vcpu] directly in parse_cpuset().John Baldwin2022-12-211-2/+2
| | | | | | | | | | Reviewed by: corvink, markj Differential Revision: https://reviews.freebsd.org/D37645
* | bhyve: Allocate struct vm_exit on the stack in vm_loop.John Baldwin2022-12-211-7/+5
| | | | | | | | | | | | | | | | The global vmexit[] array is no longer needed to smuggle the rip value from fbsdrun_addcpu() to vm_loop(). Reviewed by: corvink, markj Differential Revision: https://reviews.freebsd.org/D37644
* | bhyve: Remove some no-op code for setting RIP.John Baldwin2022-12-211-19/+5
| | | | | | | | | | | | | | | | | | | | fbsdrun_addcpu() read the current vCPU's RIP register from the kernel via vm_get_register() to pass along through some layers to vm_loop() which then set the register via vm_set_register(). However, this is just always setting the value back to itself. Reviewed by: corvink Differential Revision: https://reviews.freebsd.org/D37643
* | bhyve: Simplify setting vCPU capabilities.John Baldwin2022-12-213-28/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Enable VM_CAP_IPI_EXIT in fbsdrun_set_capabilities along with other capabilities enabled on all vCPUs. - Don't call fbsdrun_set_capabilities a second time on the BSP in spinup_vcpu. - To preserve previous behavior, don't unconditionally enable unrestricted guest mode on the BSP (this unbreaks single-vCPU guests on Nehalem systems, though supporting such setups is of dubious value). Other places that enbale UG on the BSP are careful to check the result of the operation and fail if it is not available. - Don't set any capabilities in spinup_ap(). These are now all redundant with earlier settings from spinup_vcpu(). - While here, axe a stale comment from fbsdrun_addcpu(). This function is now always called from the main thread for all vCPUs. Reviewed by: corvink, markj Differential Revision: https://reviews.freebsd.org/D37642
* | bhyve: Remove unused return value from spinup_ap.John Baldwin2022-12-212-4/+2
| | | | | | | | | | Reviewed by: corvink, markj Differential Revision: https://reviews.freebsd.org/D37641
* | bhyve: Remove handler for VM_EXITCODE_SPINUP_AP.John Baldwin2022-12-211-10/+0
| | | | | | | | | | | | | | | | Since commit 0bda8d3e9f7a, bhyve always enables VM_EXITCODE_IPI exits instead, so this handler is no longer used. Reviewed by: corvink, markj Differential Revision: https://reviews.freebsd.org/D37640
* | jail.8: Update the man page for allow.nfsdRick Macklem2022-12-171-1/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit bba7a2e89602 added "allow.nfsd" to optionally allow mountd/nfsd to be run inside a vnet prison when the kernel is built with "options VNET_NFSD". This patch updates the man page for this change. This is a content change. Reviewed by: jamie, bcr (manpages) MFC after: 4 months Differential Revision: https://reviews.freebsd.org/D37665
* | makefs: Add some validation of ZFS pool namesMark Johnston2022-12-161-0/+14
| | | | | | | | Reported by: imp
* | daily 440.status-mailq: avoid error from dma with submit queueMike Karels2022-12-161-1/+1
| | | | | | | | | | | | | | | | | | dma(8) supports mailq, but not mailq -Ac to print the submission queue. Don't try to print that queue from the daily script if mailq -Ac returns an error. Reviewed by: bapt Differential Revision: https://reviews.freebsd.org/D37713
* | daily 150.clean-hoststat: suppress error when using dmaMike Karels2022-12-161-2/+4
| | | | | | | | | | | | | | | | | | | | | | dma(8) does not have hoststat or purgestat, so this script produces an error from the daily script. We could disable this script, but that would mean yet another change to switch back to sendmail. Check for purgestat in mailer.conf before attempting either hoststat or purgestat. Reviewed by: pstef, bapt Differential Revision: https://reviews.freebsd.org/D37712
* | jail: fix a NULL pointer derefence in parsing ip6.addr settings.Jamie Gritton2022-12-151-1/+1
| | | | | | | | | | | | This is the counterpart to bd24e861b4ef, which did the same for ip4. PR: 268377 Reported by: ahkithaama at proton.me
* | bhyve: Remove the unused vcpu argument from all of the I/O port handlers.John Baldwin2022-12-0910-26/+26
| | | | | | | | | | Reviewed by: corvink, markj Differential Revision: https://reviews.freebsd.org/D37653
* | bhyve: Remove unused vcpu argument from PCI read/write methods.John Baldwin2022-12-0913-60/+60
| | | | | | | | | | Reviewed by: corvink, markj Differential Revision: https://reviews.freebsd.org/D37652
* | bhyve: Pass a vCPU ID of 0 to vm_setup_pptdev_msi*.John Baldwin2022-12-091-8/+8
| | | | | | | | | | | | | | | | | | These ioctls are not vCPU-specific and the ioctl now ignores the vCPU ID. 0 is used instead of -1 to provide limited forwards compatibility. Reviewed by: corvink, markj Differential Revision: https://reviews.freebsd.org/D37651
* | bhyve: Remove unused argument from pci_nvme_handle_doorbell.John Baldwin2022-12-091-2/+2
| | | | | | | | | | Reviewed by: corvink, chuck, markj Differential Revision: https://reviews.freebsd.org/D37650
* | imgact_binmisc: Optionally pre-open the interpreter vnodeDoug Rabson2022-12-082-4/+19
| | | | | | | | | | | | | | | | | | | | This allows the use of chroot and/or jail environments which depend on interpreters registed with imgact_binmisc to use emulator binaries from the host to emulate programs inside the chroot. Reviewed by: imp MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D37432
* | ppp: improve MSS clampingMichael Tuexen2022-12-081-14/+62
| | | | | | | | | | | | | | | | | | | | | | | | ppp supports MSS clamping for TCP/IPv4. This patch * improves MSS clamping for TCP/IPv4 by using the MSS as specified in RFC 6691. * adds support for MSS clamping for TCP/IPv6. Reported by: Timo Voelker Reviewed by: thj MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D37624