openssh: Request the OpenSSL 1.1 API
Upstream OpenSSH commit f51423bda ("request 1.1x API compatibility for
OpenSSL >=3.x") requests OPENSSL_API_COMPAT version 0x10100000L (OpenSSL
1.1.0), in order to avoid warnings about deprecated functions.
Do the same here, to avoid getting those warnings.
Reviewed by: emaste
Approved by: emaste (mentor)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D49517
(cherry picked from commit d4f438357e90ee1cb12819d092913fdbce813626)
Revert "mccomphy: add support for YT8531"
The new code makes use of FDT/OFW types and interfaces, and obviously
fails to build on amd64. Revert to fix.
Pointy-hat-to: mhorne
This reverts commit e69623451ea62d2c3c76e0d0e775aa3f7317f2eb.
arm64: add a GPIO driver for Apple Silicon
This is a ported version of OpenBSD's work, modulo interrupt
functionality. We won't need GPIO interrupts until we start to get
closer to audio support, and the existing version is sufficient for,
e.g., pcie.
Reviewed by: andrew
Differential Revision: https://reviews.freebsd.org/D49630
kern_mkdirat(): unconditionally provide the out label
Needed for the MAC-less kernel configs.
Fixes: 2ec2ba7e232dd126df0617194fd07be78c7a2ab9
Sponsored by: The FreeBSD Foundation
vnode.h: Delete VA_NAMEDATTR_TYPE
Commit 2ec2ba7e232d added a new va_vaflags called VA_NAMEDATTR_TYPE.
This is not needed, since a new flag will be committed by D49651
when it is committed.
This patch reverts the definition of this flag value.
Discussed with: kib
vfs: Add VFS/syscall support for Solaris style extended attributes
Some systems, such as Solaris, represent extended attributes as
a set of files in a directory associated with a file object. This
allows extended attributes to be acquired/modified via regular
file system operations, such as read(2), write(2), lseek(2) and
ftruncate(2).
Since ZFS already has the capability to do this, this patch allows
system calls (and the NFSv4 client/server) such access to extended
attributes.
This permits handling of large extended attributes and allows the NFSv4
server to provide the service to NFSv4 clients that want it, such as
Windows, MacOS and Solaris.
The top level syscall change is a new open(2)/openat(2) flag I called
O_NAMEDATTR that allows the named attribute directory or any attribute
within that directory to be open'd.
[17 lines not shown]
efirt: add a tunable to disable printing faults during EFIRT calls
PR: 285797
Reported and tested by: Bakul Shah <bakul at iitbombay.org>
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D49592
EC2: Set PCIe eject timeout to 0
Since PCIe device detaching is done via API, there is no opportunity
to "press the attention button a second time" and thus the 5 second
timeout mandated by PCIe serves no purpose.
MFC after: 2 weeks
Sponsored by: Amazon
pci: Make PCIe Eject timeout configurable
PCIe mandates a 5 second delay between when the "Attention Button" is
pressed and when the associated device is detached; this is to allow
for the button to be pressed a second time to cancel the ejection. On
some systems this 5 second delay may not be desireable; so introduce a
hw.pci.pcie_hp_detach_timeout sysctl (which can also be set as a loader
tunable) which specifies the timeout in milliseconds (default 5000).
If set to zero, the device is detached immediately.
Reviewed by: jhb
MFC after: 2 weeks
Sponsored by: Amazon
Differential Revision: https://reviews.freebsd.org/D49585
pci.4: Update the information on pci_bar_mmap to match pciio.h
Reviewed by: kib,markj,ziaee
MFC after: 1 week
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D49639
tests/netinet: enable test against kern/189088
This test was created together with the bug, however after fixing commit
9fdbf7eef5c0 it was not enabled. Also, the test has a mistake: the second
netstat check would fail cause it would see the route remaining from the
first run. Workaround that by running the second run in a separate pair
of fibs to the first one.
pfctl: fix recursive printing of NAT rules
pfctl_show_nat() is called recursively to print nat anchors. This passes the
anchor path, but this path was modified by pfctl_show_nat(), leading to issues
printing the anchors.
Make a copy of the path ('npath') before we modify it. Ensure we do this
correctly by sprinking in 'const', and add a test case to verify that we do now
print things correctly.
Reported by: Thomas Pasqualini <thomas.pasqualini at orange.com>
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
depend-cleanup: Handle ctld moving from C to C++
Reviewed by: asomers
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D49140
ctld: Convert to C++
This is the minimal set of changes need to compile as C++ so git can
handle the rename correctly.
Reviewed by: asomers
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D49139
ctl_ioctl.h: Do not use enums for bit fields of flags
C++ does not permit treating enum values as individual bits used with
the bitwise operators. For types that are a mask of flags, switch the
typedef to an unsigned int and use preprocessor macros for flag
constants.
Reviewed by: imp, asomers
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D49138
libiscsiutil: Fix header to work with C++
Reviewed by: asomers
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D49137
eqos: Add StarFive JH7110 variant
Found on the VisionFive v2 SBC, and similar.
Reviewed by: mhorne
Tested by: mhorne
Discussed with: sos
Differential Revision: https://reviews.freebsd.org/D45600
MAC/do: Rules: <from> and <to> parts now to be separated by '>'
Previously, we would accept only ':' as the separator, which makes
parsing of the rule specification harder for humans, especially those
people that are used to UNIX systems where ':' is used as the separator
in PATH. With ':', the <from> and <to> parts can look like two
different elements that are unrelated, especially to these eyes.
Change parse_single_rule() so that '>' is also accepted as a separator
between <from> and <to>, and promote it as the one to use. During
a transition period, we will still allow the use of ':' for backwards
compatibility.
The manual page update comes from separate revision D49628. ':' has
been completely removed from it on purpose.
Reviewed by: bapt, manpages (ziaee)
MFC after: 5 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D49627
ktrace tests: don't use INADDR_ANY as a destination for sendto(2)
The INADDR_ANY is a broadcast address, and with recent changes its use as
destination for UDP sendto(2) was disallowed unless SO_BROADCAST is set.
Use just a localhost address for a successful sendto(2).
While here convert a couple checks that happen in the parent to use normal
ATF_REQUIRE() instead of CHILD_REQUIRE().
PR: 285851
Fixes: 3b281d1421a78b588c5fc4182009ce62d8823d95
Correct CTLTYPE of SYSCTL_SBINTIME_MSEC etc
These should be CTLTYPE_S64, not CTLTYPE_INT, since they handle 64-bit
values.
Reviewed by: imp
Fixes: 003ffd57fee1 ("Add sysctl_usec_to_sbintime [...]")
MFC after: 2 weeks
Sponsored by: Amazon
Differential Revision: https://reviews.freebsd.org/D49584
libdtrace: Fix an off-by-one in CPU ID handling
The illumos-specific _SC_CPUID_MAX is the largest CPU ID in the system. This
was mapped to _SC_NPROCESSORS_CONF, which is the total number of CPUs recognized
by the kernel. If CPU IDs are contiguous, as is the case on amd64 and arm64,
this value is one greater than the maximum ID. As a result, when consuming
per-CPU dtrace buffers, libdtrace tries to fetch from a non-existent CPU. This
is mostly harmless in practice, but still wrong.
As we don't have a sysconf value for the maximum CPU ID, add a wrapper which
fetches it using the kern.smp.maxid sysctl.
MFC after: 2 weeks
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D49243
(cherry picked from commit 9a30c8d347bf9aaa89277b6e5a275f737be8edce)
dtrace/arm64: Fix dtrace_gethrtime()
This routine returns a monotonic count of the number of nanoseconds elapsed
since the previous call. On arm64 it uses the generic system timer. The
implementation multiplies the counter value by 10**9 then divides by the counter
frequency, but this multiplication can overflow. This can result in trace
records with non-monotonic timestamps, which breaks libdtrace's temporal
ordering algorithm.
An easy fix is to reverse the order of operations, since the counter frequency
will in general be smaller than 10**9. (In fact, it's mandated to be 1Ghz in
ARMv9, which makes life simple.) However, this can give a fair bit of error.
Adopt the calculation used on amd64, with tweaks to handle frequencies as low as
1MHz: the ARM generic timer documentation suggests that ARMv8 timers are
typically in the 1MHz-50MHz range, which is true on arm64 systems that I have
access to.
MFC after: 2 weeks
Sponsored by: Innovate UK
[3 lines not shown]
libdtrace: Fix an off-by-one in the priority queue implementation
The zero'th index in the array is unused, so a priority queue of N elements
needs N+1 array slots. Fix the allocation.
Also fix the assertion in dt_pq_insert(): the assertion needs to be checked
after incrementing the count of items in the priority queue, otherwise it can
miss an overflow.
Reported by: CHERI
MFC after: 2 weeks
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D49242
(cherry picked from commit 7ee1bdd094d376fdc547e8ca33e472f1d37a7d79)
tests: Require allow_network_access for tests needing name resolution
Tests that require working name resolution or network access now mandate that
the kuya variable allow_network_access be set.
PR: 285826
Reported by: ngie
Reviewed by: igoro
Approved by: lwhsu
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D49633
tests: fix test for NULL encription
After 04207850a9b9 it is required that key length is not zero.
Add some key to avoid error.
Reported by: markj
(cherry picked from commit b6708045590712930c533e916e3d6fdfe48ec5ba)
tests: fix test for NULL encription
After 04207850a9b9 it is required that key length is not zero.
Add some key to avoid error.
Reported by: markj
(cherry picked from commit b6708045590712930c533e916e3d6fdfe48ec5ba)
