diff options
29 files changed, 490 insertions, 537 deletions
diff --git a/Makefile.inc1 b/Makefile.inc1 index e341599ac505..81af336ecfa2 100644 --- a/Makefile.inc1 +++ b/Makefile.inc1 @@ -471,7 +471,7 @@ SUBDIR+= ${_DIR} # by calling 'makedb' in share/man. This is only relevant for # install/distribute so they build the whatis file after every manpage is # installed. -.if make(installworld) || make(install) +.if make(installworld) || make(install) || make(distributeworld) || make(distribute) SUBDIR+=.WAIT .endif SUBDIR+=etc @@ -27,6 +27,11 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 16.x IS SLOW: world, or to merely disable the most expensive debugging functionality at runtime, run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20251102: + Commit e5aa60d06958 changed the internal KAPI between + the NFS modules. As such, they all need to be rebuilt + from sources. __FreeBSD_version was bumped to 1600004 for this. + 20251025: flua(1) has moved to the new FreeBSD-flua package. If you use flua, you may want to install this package if it's not otherwise installed diff --git a/contrib/tzcode/localtime.c b/contrib/tzcode/localtime.c index 1668475ea646..58099d234e2b 100644 --- a/contrib/tzcode/localtime.c +++ b/contrib/tzcode/localtime.c @@ -1583,15 +1583,15 @@ tzdata_is_fresh(void) struct timespec now; if (clock_gettime(CLOCK_MONOTONIC, &now) < 0) - return 0; + return 1; - if ((now.tv_sec - last_checked >= __tz_change_interval) || - (last_checked > now.tv_sec)) { + if (last_checked == 0 || last_checked > now.tv_sec || + now.tv_sec - last_checked >= __tz_change_interval) { last_checked = now.tv_sec; - return 1; + return 0; } - return 0; + return 1; } #endif /* DETECT_TZ_CHANGES */ @@ -1642,7 +1642,7 @@ tzset_unlocked_name(char const *name) ? lcl_is_set < 0 : 0 < lcl_is_set && strcmp(lcl_TZname, name) == 0) #ifdef DETECT_TZ_CHANGES - if (tzdata_is_fresh() == 0) + if (tzdata_is_fresh()) #endif /* DETECT_TZ_CHANGES */ return; # ifdef ALL_STATE diff --git a/lib/libsys/pathconf.2 b/lib/libsys/pathconf.2 index 5a983a3a13e2..5348128be706 100644 --- a/lib/libsys/pathconf.2 +++ b/lib/libsys/pathconf.2 @@ -25,7 +25,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd August 6, 2025 +.Dd October 31, 2025 .Dt PATHCONF 2 .Os .Sh NAME @@ -180,7 +180,8 @@ Return 1 if named attributes are enabled for the file system, otherwise 0. .It Li _PC_HAS_NAMEDATTR Return 1 if one or more named attributes exist for the file, otherwise 0. .It Li _PC_HAS_HIDDENSYSTEM -Return 1 if both +Return 1 if all of the +.Dv UF_ARCHIVE , .Dv UF_HIDDEN and .Dv UF_SYSTEM @@ -192,6 +193,9 @@ Returns the block size required for block cloning via .Xr copy_file_range 2 for a file system if block cloning is supported, otherwise 0. +.It Li _PC_CASE_INSENSITIVE +Return 1 if the file system performs case insensitive lookups, +otherwise 0. .El .Sh RETURN VALUES If the call to diff --git a/release/tools/gce.conf b/release/tools/gce.conf index a7ccfc27a75c..b0a65c2981e1 100644 --- a/release/tools/gce.conf +++ b/release/tools/gce.conf @@ -21,7 +21,7 @@ vm_extra_install_base() { echo 'search google.internal' > ${DESTDIR}/etc/resolv.conf echo 'nameserver 169.254.169.254' >> ${DESTDIR}/etc/resolv.conf echo 'nameserver 8.8.8.8' >> ${DESTDIR}/etc/resolv.conf - metalog_add ./etc/resolv.conf + metalog_add_data ./etc/resolv.conf } vm_extra_pre_umount() { diff --git a/share/man/man7/d.7 b/share/man/man7/d.7 index 4b00d3d71c79..59b3389b121b 100644 --- a/share/man/man7/d.7 +++ b/share/man/man7/d.7 @@ -198,6 +198,130 @@ The number of nanoseconds since the Epoch Suitable for timestamping logs. .El .Sh BUILT-IN FUNCTIONS +.\" Keep the indentation wide enough for the reader to be able to skim through +.\" function names quickly. +.Bl -tag -width "size_t strlen" +.It Ft string Fn strchr "string s" "char c" +Return a substring of +.Fa s +starting at the first occurance of +.Fa c +in +.Fa s . +Return +.Dv NULL +if +.Fa c +does not occur in +.Fa s . +.Pp +For example, +.Bd -literal -compact -offset indent +strchr("abc", 'b'); +.Ed +returns +.Ql "bc" +and +.Bd -literal -compact -offset indent +strchr("abc", 'd'); +.Ed +returns +.Dv NULL . +.It Ft string Fn strjoin "string s1" "string s2" +Return a string resulting from concatenating +.Fa s1 +and +.Fa s2 . +.Pp +For example, +.Bd -literal -compact -offset indent +strjoin("abc", "def") +.Ed +returns +.Ql abcdef . +.It Ft string Fn strrchr "string s" "char c" +Return a substring of +.Fa s +starting at the last occurance of +.Fa c +in +.Fa s . +Similar to +.Fn strchr . +.It Ft string Fn strstr "string haystack" "string needle" +Return a substring of +.Fa haystack +starting at the first occurrence of +.Fa needle . +Return +.Dv NULL +if +.Fa needle +is not a substring of +.Fa haystack . +.Pp +For example, +.Bd -literal -compact -offset indent +strstr("abc1bc2", "bc") +.Ed +returns +.Ql bc1bc2 +and +.Bd -literal -compact -offset indent +strstr("abc", "xy") +.Ed +returns +.Dv NULL . +.It Ft string Fn strtok "string s" "string separators" +Tokenize +.Fa s +with +.Fa separators . +.Pp +For example, +.Bd -literal -compact -offset indent +strtok("abcdefg", "xyzd") +.Ed +returns +.Ql abc . +.It Ft size_t Fn strlen "string s" +Return the length of string +.Fa s . +.It Ft string Fn substr "string s" "int position" "[int length]" +Return a +substring of string +.Fa s +starting at +.Fa position . +The substring will be at most +.Fa length Ns -long . +If +.Fa length +is not specified, use the rest of the string. +If +.Fa position +is greater than +the size of +.Fa s , +return an empty string. +.Pp +For example, +.Bd -literal -compact -offset indent +substr("abcd", 2) +.Ed +returns +.Ql cd , +.Bd -literal -compact -offset indent +substr("abcd", 2, 1) +.Ed +returns +.Ql c , +and +.Bd -literal -compact -offset indent +substr("abcd", 99) +.Ed +returns an empty string. +.El .Ss Aggregation Functions .Bl -tag -compact -width "llquantize(value, factor, low, high, nsteps)" .It Fn avg value diff --git a/share/man/man9/atomic.9 b/share/man/man9/atomic.9 index c9133c6311a5..b027a0ff0bca 100644 --- a/share/man/man9/atomic.9 +++ b/share/man/man9/atomic.9 @@ -182,35 +182,42 @@ This variant is the default. The second variant has acquire semantics, and the third variant has release semantics. .Pp -When an atomic operation has acquire semantics, the operation must have +An atomic operation can only have +.Em acquire +semantics if it performs a load +from memory. +When an atomic operation has acquire semantics, a load performed as +part of the operation must have completed before any subsequent load or store (by program order) is performed. Conversely, acquire semantics do not require that prior loads or stores have -completed before the atomic operation is performed. -An atomic operation can only have acquire semantics if it performs a load -from memory. +completed before a load from the atomic operation is performed. To denote acquire semantics, the suffix .Dq Li _acq is inserted into the function name immediately prior to the .Dq Li _ Ns Aq Fa type suffix. -For example, to subtract two integers ensuring that the subtraction is +For example, to subtract two integers ensuring that the load of +the value from memory is completed before any subsequent loads and stores are performed, use .Fn atomic_subtract_acq_int . .Pp +An atomic operation can only have +.Em release +semantics if it performs a store to memory. When an atomic operation has release semantics, all prior loads or stores -(by program order) must have completed before the operation is performed. -Conversely, release semantics do not require that the atomic operation must +(by program order) must have completed before a store executed as part of +the operation that is performed. +Conversely, release semantics do not require that a store from the atomic +operation must have completed before any subsequent load or store is performed. -An atomic operation can only have release semantics if it performs a store -to memory. To denote release semantics, the suffix .Dq Li _rel is inserted into the function name immediately prior to the .Dq Li _ Ns Aq Fa type suffix. For example, to add two long integers ensuring that all prior loads and -stores are completed before the addition is performed, use +stores are completed before the store of the result is performed, use .Fn atomic_add_rel_long . .Pp When a release operation by one thread @@ -235,6 +242,33 @@ section. However, they will not prevent the compiler or processor from moving loads or stores into the critical section, which does not violate the semantics of a mutex. +.Ss Architecture-dependent caveats for compare-and-swap +The +.Fn atomic_[f]cmpset_<type> +operations, specifically those without explicitly specified memory +ordering, are defined as relaxed. +Consequently, a thread's accesses to memory locations different from +that of the atomic operation can be reordered in relation to the +atomic operation. +.Pp +However, the implementation on the +.Sy amd64 +and +.Sy i386 +architectures provide sequentially consistent semantics. +In particular, the reordering mentioned above cannot occur. +.Pp +On the +.Sy arm64/aarch64 +architecture, the operation may include either acquire +semantics on the constituent load or release semantics +on the constituent store. +This means that accesses to other locations in program order +before the atomic, might be observed as executed after the load +that is the part of the atomic operation (but not after the store +from the operation due to release). +Similarly, accesses after the atomic might be observed as executed +before the store. .Ss Thread Fence Operations Alternatively, a programmer can use atomic thread fence operations to constrain the reordering of accesses. diff --git a/sys/fs/nfs/nfs_commonsubs.c b/sys/fs/nfs/nfs_commonsubs.c index f580a394a735..707ad5749ab2 100644 --- a/sys/fs/nfs/nfs_commonsubs.c +++ b/sys/fs/nfs/nfs_commonsubs.c @@ -658,7 +658,7 @@ nfscl_fillsattr(struct nfsrv_descript *nd, struct vattr *vap, NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_TIMECREATE); (void) nfsv4_fillattr(nd, vp->v_mount, vp, NULL, vap, NULL, 0, &attrbits, NULL, NULL, 0, 0, 0, 0, (uint64_t)0, NULL, - false, false, false, 0); + false, false, false, 0, NULL, false); break; } } @@ -1706,11 +1706,18 @@ nfsv4_loadattr(struct nfsrv_descript *nd, vnode_t vp, attrsum += NFSX_UNSIGNED; break; case NFSATTRBIT_CASEINSENSITIVE: - NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED); + NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED); if (compare) { if (!(*retcmpp)) { - if (*tl != newnfs_false) - *retcmpp = NFSERR_NOTSAME; + if (vp == NULL || VOP_PATHCONF(vp, + _PC_CASE_INSENSITIVE, + &has_pathconf) != 0) + has_pathconf = 0; + if ((has_pathconf != 0 && + *tl != newnfs_true) || + (has_pathconf == 0 && + *tl != newnfs_false)) + *retcmpp = NFSERR_NOTSAME; } } else if (pc != NULL) { pc->pc_caseinsensitive = @@ -2690,7 +2697,8 @@ nfsv4_fillattr(struct nfsrv_descript *nd, struct mount *mp, vnode_t vp, nfsattrbit_t *attrbitp, struct ucred *cred, NFSPROC_T *p, int isdgram, int reterr, int supports_nfsv4acls, int at_root, uint64_t mounted_on_fileno, struct statfs *pnfssf, bool xattrsupp, bool has_hiddensystem, - bool has_namedattr, uint32_t clone_blksize) + bool has_namedattr, uint32_t clone_blksize, fsid_t *fsidp, + bool has_caseinsensitive) { int bitpos, retnum = 0; u_int32_t *tl; @@ -2865,10 +2873,12 @@ nfsv4_fillattr(struct nfsrv_descript *nd, struct mount *mp, vnode_t vp, break; case NFSATTRBIT_FSID: NFSM_BUILD(tl, u_int32_t *, NFSX_V4FSID); + if (fsidp == NULL) + fsidp = &mp->mnt_stat.f_fsid; *tl++ = 0; - *tl++ = txdr_unsigned(mp->mnt_stat.f_fsid.val[0]); + *tl++ = txdr_unsigned(fsidp->val[0]); *tl++ = 0; - *tl = txdr_unsigned(mp->mnt_stat.f_fsid.val[1]); + *tl = txdr_unsigned(fsidp->val[1]); retnum += NFSX_V4FSID; break; case NFSATTRBIT_UNIQUEHANDLES: @@ -2914,8 +2924,11 @@ nfsv4_fillattr(struct nfsrv_descript *nd, struct mount *mp, vnode_t vp, retnum += NFSX_UNSIGNED; break; case NFSATTRBIT_CASEINSENSITIVE: - NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED); - *tl = newnfs_false; + NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED); + if (has_caseinsensitive) + *tl = newnfs_true; + else + *tl = newnfs_false; retnum += NFSX_UNSIGNED; break; case NFSATTRBIT_CASEPRESERVING: diff --git a/sys/fs/nfs/nfs_var.h b/sys/fs/nfs/nfs_var.h index 16a76c060e78..7db3952ecf5c 100644 --- a/sys/fs/nfs/nfs_var.h +++ b/sys/fs/nfs/nfs_var.h @@ -398,7 +398,7 @@ void nfsrv_wcc(struct nfsrv_descript *, int, struct nfsvattr *, int, int nfsv4_fillattr(struct nfsrv_descript *, struct mount *, vnode_t, NFSACL_T *, struct vattr *, fhandle_t *, int, nfsattrbit_t *, struct ucred *, NFSPROC_T *, int, int, int, int, uint64_t, struct statfs *, bool, bool, - bool, uint32_t); + bool, uint32_t, fsid_t *, bool); void nfsrv_fillattr(struct nfsrv_descript *, struct nfsvattr *); struct mbuf *nfsrv_adj(struct mbuf *, int, int); void nfsrv_postopattr(struct nfsrv_descript *, int, struct nfsvattr *); @@ -740,7 +740,7 @@ int nfsvno_updfilerev(vnode_t, struct nfsvattr *, struct nfsrv_descript *, int nfsvno_fillattr(struct nfsrv_descript *, struct mount *, vnode_t, struct nfsvattr *, fhandle_t *, int, nfsattrbit_t *, struct ucred *, NFSPROC_T *, int, int, int, int, uint64_t, bool, bool, - bool, uint32_t); + bool, uint32_t, bool); int nfsrv_sattr(struct nfsrv_descript *, vnode_t, struct nfsvattr *, nfsattrbit_t *, NFSACL_T *, NFSPROC_T *); int nfsv4_sattr(struct nfsrv_descript *, vnode_t, struct nfsvattr *, nfsattrbit_t *, diff --git a/sys/fs/nfsclient/nfs_clrpcops.c b/sys/fs/nfsclient/nfs_clrpcops.c index b61218958550..f5deef183efb 100644 --- a/sys/fs/nfsclient/nfs_clrpcops.c +++ b/sys/fs/nfsclient/nfs_clrpcops.c @@ -5452,7 +5452,7 @@ nfsrpc_setaclrpc(vnode_t vp, struct ucred *cred, NFSPROC_T *p, NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_ACL); (void) nfsv4_fillattr(nd, vp->v_mount, vp, aclp, NULL, NULL, 0, &attrbits, NULL, NULL, 0, 0, 0, 0, (uint64_t)0, NULL, false, false, - false, 0); + false, 0, NULL, false); error = nfscl_request(nd, vp, p, cred); if (error) return (error); diff --git a/sys/fs/nfsclient/nfs_clstate.c b/sys/fs/nfsclient/nfs_clstate.c index aa9d01fc4632..712d49c7160c 100644 --- a/sys/fs/nfsclient/nfs_clstate.c +++ b/sys/fs/nfsclient/nfs_clstate.c @@ -3701,7 +3701,8 @@ nfscl_docb(struct nfsrv_descript *nd, NFSPROC_T *p) if (!error) (void) nfsv4_fillattr(nd, NULL, NULL, NULL, &va, NULL, 0, &rattrbits, NULL, p, 0, 0, 0, 0, - (uint64_t)0, NULL, false, false, false, 0); + (uint64_t)0, NULL, false, false, false, 0, + NULL, false); break; case NFSV4OP_CBRECALL: NFSCL_DEBUG(4, "cbrecall\n"); diff --git a/sys/fs/nfsclient/nfs_clvnops.c b/sys/fs/nfsclient/nfs_clvnops.c index f80cf30669ca..795a8d106051 100644 --- a/sys/fs/nfsclient/nfs_clvnops.c +++ b/sys/fs/nfsclient/nfs_clvnops.c @@ -4677,12 +4677,13 @@ nfs_pathconf(struct vop_pathconf_args *ap) clone_blksize = 0; if ((NFS_ISV34(vp) && (ap->a_name == _PC_LINK_MAX || ap->a_name == _PC_NAME_MAX || ap->a_name == _PC_CHOWN_RESTRICTED || - ap->a_name == _PC_NO_TRUNC)) || + ap->a_name == _PC_NO_TRUNC || + ap->a_name == _PC_CASE_INSENSITIVE)) || (NFS_ISV4(vp) && (ap->a_name == _PC_ACL_NFS4 || ap->a_name == _PC_HAS_NAMEDATTR || ap->a_name == _PC_CLONE_BLKSIZE))) { /* - * Since only the above 4 a_names are returned by the NFSv3 + * Since only the above 5 a_names are returned by the NFSv3 * Pathconf RPC, there is no point in doing it for others. * For NFSv4, the Pathconf RPC (actually a Getattr Op.) can * be used for _PC_ACL_NFS4, _PC_HAS_NAMEDATTR and @@ -4849,6 +4850,9 @@ nfs_pathconf(struct vop_pathconf_args *ap) case _PC_CLONE_BLKSIZE: *ap->a_retval = clone_blksize; break; + case _PC_CASE_INSENSITIVE: + *ap->a_retval = pc.pc_caseinsensitive; + break; default: error = vop_stdpathconf(ap); diff --git a/sys/fs/nfsserver/nfs_nfsdport.c b/sys/fs/nfsserver/nfs_nfsdport.c index 9fe3f4426124..841ec2315f1c 100644 --- a/sys/fs/nfsserver/nfs_nfsdport.c +++ b/sys/fs/nfsserver/nfs_nfsdport.c @@ -2114,7 +2114,7 @@ nfsvno_fillattr(struct nfsrv_descript *nd, struct mount *mp, struct vnode *vp, struct ucred *cred, struct thread *p, int isdgram, int reterr, int supports_nfsv4acls, int at_root, uint64_t mounted_on_fileno, bool xattrsupp, bool has_hiddensystem, bool has_namedattr, - uint32_t clone_blksize) + uint32_t clone_blksize, bool has_caseinsensitive) { struct statfs *sf; int error; @@ -2135,7 +2135,7 @@ nfsvno_fillattr(struct nfsrv_descript *nd, struct mount *mp, struct vnode *vp, error = nfsv4_fillattr(nd, mp, vp, NULL, &nvap->na_vattr, fhp, rderror, attrbitp, cred, p, isdgram, reterr, supports_nfsv4acls, at_root, mounted_on_fileno, sf, xattrsupp, has_hiddensystem, has_namedattr, - clone_blksize); + clone_blksize, NULL, has_caseinsensitive); free(sf, M_TEMP); NFSEXITCODE2(0, nd); return (error); @@ -2468,7 +2468,7 @@ nfsrvd_readdirplus(struct nfsrv_descript *nd, int isdgram, int bextpg0, bextpg1, bextpgsiz0, bextpgsiz1; size_t atsiz; long pathval; - bool has_hiddensystem, has_namedattr, xattrsupp; + bool has_caseinsensitive, has_hiddensystem, has_namedattr, xattrsupp; if (nd->nd_repstat) { nfsrv_postopattr(nd, getret, &at); @@ -2949,6 +2949,7 @@ ateof: xattrsupp = false; has_hiddensystem = false; has_namedattr = false; + has_caseinsensitive = false; clone_blksize = 0; if (nvp != NULL) { supports_nfsv4acls = @@ -2978,6 +2979,11 @@ ateof: &pathval) != 0) pathval = 0; clone_blksize = pathval; + if (VOP_PATHCONF(nvp, + _PC_CASE_INSENSITIVE, + &pathval) != 0) + pathval = 0; + has_caseinsensitive = pathval > 0; NFSVOPUNLOCK(nvp); } else supports_nfsv4acls = 0; @@ -2999,7 +3005,7 @@ ateof: supports_nfsv4acls, at_root, mounted_on_fileno, xattrsupp, has_hiddensystem, has_namedattr, - clone_blksize); + clone_blksize, has_caseinsensitive); } else { dirlen += nfsvno_fillattr(nd, new_mp, nvp, nvap, &nfh, r, &attrbits, @@ -3007,7 +3013,7 @@ ateof: supports_nfsv4acls, at_root, mounted_on_fileno, xattrsupp, has_hiddensystem, has_namedattr, - clone_blksize); + clone_blksize, has_caseinsensitive); } if (nvp != NULL) vrele(nvp); @@ -6405,7 +6411,7 @@ nfsrv_setacldsdorpc(fhandle_t *fhp, struct ucred *cred, NFSPROC_T *p, * the same type (VREG). */ nfsv4_fillattr(nd, NULL, vp, aclp, NULL, NULL, 0, &attrbits, NULL, - NULL, 0, 0, 0, 0, 0, NULL, false, false, false, 0); + NULL, 0, 0, 0, 0, 0, NULL, false, false, false, 0, NULL, false); error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred, NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL); if (error != 0) { diff --git a/sys/fs/nfsserver/nfs_nfsdserv.c b/sys/fs/nfsserver/nfs_nfsdserv.c index 67af0cf71175..394b63c2ab07 100644 --- a/sys/fs/nfsserver/nfs_nfsdserv.c +++ b/sys/fs/nfsserver/nfs_nfsdserv.c @@ -252,7 +252,7 @@ nfsrvd_getattr(struct nfsrv_descript *nd, int isdgram, struct thread *p = curthread; size_t atsiz; long pathval; - bool has_hiddensystem, has_namedattr, xattrsupp; + bool has_caseinsensitive, has_hiddensystem, has_namedattr, xattrsupp; uint32_t clone_blksize; if (nd->nd_repstat) @@ -336,6 +336,10 @@ nfsrvd_getattr(struct nfsrv_descript *nd, int isdgram, &pathval) != 0) pathval = 0; clone_blksize = pathval; + if (VOP_PATHCONF(vp, _PC_CASE_INSENSITIVE, + &pathval) != 0) + pathval = 0; + has_caseinsensitive = pathval > 0; mp = vp->v_mount; if (nfsrv_enable_crossmntpt != 0 && vp->v_type == VDIR && @@ -371,7 +375,8 @@ nfsrvd_getattr(struct nfsrv_descript *nd, int isdgram, isdgram, 1, supports_nfsv4acls, at_root, mounted_on_fileno, xattrsupp, has_hiddensystem, - has_namedattr, clone_blksize); + has_namedattr, clone_blksize, + has_caseinsensitive); vfs_unbusy(mp); } vrele(vp); diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index 267b60ffb5bc..523b7e314a10 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -3047,6 +3047,8 @@ do_jail_attach(struct thread *td, struct prison *pr, int drflags) setsugid(p); #ifdef RACCT racct_proc_ucred_changed(p, oldcred, newcred); +#endif +#ifdef RCTL crhold(newcred); #endif PROC_UNLOCK(p); diff --git a/sys/kern/kern_loginclass.c b/sys/kern/kern_loginclass.c index 55db6c28a1db..0c111c4f78d8 100644 --- a/sys/kern/kern_loginclass.c +++ b/sys/kern/kern_loginclass.c @@ -225,6 +225,8 @@ sys_setloginclass(struct thread *td, struct setloginclass_args *uap) proc_set_cred(p, newcred); #ifdef RACCT racct_proc_ucred_changed(p, oldcred, newcred); +#endif +#ifdef RCTL crhold(newcred); #endif PROC_UNLOCK(p); diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index a4c5bcc52529..3c145851b683 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -696,7 +696,7 @@ kern_setcred(struct thread *const td, const u_int flags, gid_t *groups = NULL; gid_t smallgroups[CRED_SMALLGROUPS_NB]; int error; - bool cred_set; + bool cred_set = false; /* Bail out on unrecognized flags. */ if (flags & ~SETCREDF_MASK) @@ -839,17 +839,32 @@ kern_setcred(struct thread *const td, const u_int flags, if (cred_set) { setsugid(p); to_free_cred = old_cred; +#ifdef RACCT + racct_proc_ucred_changed(p, old_cred, new_cred); +#endif +#ifdef RCTL + crhold(new_cred); +#endif MPASS(error == 0); } else error = EAGAIN; unlock_finish: PROC_UNLOCK(p); + /* * Part 3: After releasing the process lock, we perform cleanups and * finishing operations. */ +#ifdef RCTL + if (cred_set) { + rctl_proc_ucred_changed(p, new_cred); + /* Paired with the crhold() just above. */ + crfree(new_cred); + } +#endif + #ifdef MAC if (mac_set_proc_data != NULL) mac_set_proc_finish(td, proc_label_set, mac_set_proc_data); @@ -982,6 +997,8 @@ sys_setuid(struct thread *td, struct setuid_args *uap) proc_set_cred(p, newcred); #ifdef RACCT racct_proc_ucred_changed(p, oldcred, newcred); +#endif +#ifdef RCTL crhold(newcred); #endif PROC_UNLOCK(p); @@ -1390,6 +1407,8 @@ sys_setreuid(struct thread *td, struct setreuid_args *uap) proc_set_cred(p, newcred); #ifdef RACCT racct_proc_ucred_changed(p, oldcred, newcred); +#endif +#ifdef RCTL crhold(newcred); #endif PROC_UNLOCK(p); @@ -1536,6 +1555,8 @@ sys_setresuid(struct thread *td, struct setresuid_args *uap) proc_set_cred(p, newcred); #ifdef RACCT racct_proc_ucred_changed(p, oldcred, newcred); +#endif +#ifdef RCTL crhold(newcred); #endif PROC_UNLOCK(p); diff --git a/sys/kern/kern_racct.c b/sys/kern/kern_racct.c index 2aab151aba08..17b64ad00bb5 100644 --- a/sys/kern/kern_racct.c +++ b/sys/kern/kern_racct.c @@ -1236,16 +1236,20 @@ racct_updatepcpu_containers(void) racct_updatepcpu_post, NULL, NULL); } +static bool +racct_proc_to_skip(const struct proc *p) +{ + PROC_LOCK_ASSERT(p, MA_OWNED); + return (p->p_state != PRS_NORMAL || (p->p_flag & P_IDLEPROC) != 0); +} + static void racctd(void) { struct proc *p; - struct proc *idle; ASSERT_RACCT_ENABLED(); - idle = STAILQ_FIRST(&cpuhead)->pc_idlethread->td_proc; - for (;;) { racct_decay(); @@ -1253,12 +1257,7 @@ racctd(void) FOREACH_PROC_IN_SYSTEM(p) { PROC_LOCK(p); - if (p == idle) { - PROC_UNLOCK(p); - continue; - } - if (p->p_state != PRS_NORMAL || - (p->p_flag & P_IDLEPROC) != 0) { + if (racct_proc_to_skip(p)) { PROC_UNLOCK(p); continue; } @@ -1284,7 +1283,7 @@ racctd(void) */ FOREACH_PROC_IN_SYSTEM(p) { PROC_LOCK(p); - if (p->p_state != PRS_NORMAL) { + if (racct_proc_to_skip(p)) { PROC_UNLOCK(p); continue; } diff --git a/sys/kern/subr_syscall.c b/sys/kern/subr_syscall.c index d5b3b62f0821..48896529f685 100644 --- a/sys/kern/subr_syscall.c +++ b/sys/kern/subr_syscall.c @@ -55,8 +55,8 @@ syscallenter(struct thread *td) struct proc *p; struct syscall_args *sa; struct sysent *se; - int error, traced; - bool sy_thr_static; + int error; + bool sy_thr_static, traced; VM_CNT_INC(v_syscall); p = td->td_proc; @@ -219,7 +219,7 @@ syscallret(struct thread *td) struct proc *p; struct syscall_args *sa; ksiginfo_t ksi; - int traced; + bool traced; KASSERT(td->td_errno != ERELOOKUP, ("ERELOOKUP not consumed syscall %d", td->td_sa.code)); @@ -250,9 +250,9 @@ syscallret(struct thread *td) } #endif - traced = 0; + traced = false; if (__predict_false(p->p_flag & P_TRACED)) { - traced = 1; + traced = true; PROC_LOCK(p); td->td_dbgflags |= TDB_SCX; PROC_UNLOCK(p); diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 79c77c105d9e..edc6c8f29cc0 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -3058,154 +3058,6 @@ db_print_inconninfo(struct in_conninfo *inc, const char *name, int indent) ntohs(inc->inc_fport)); } -static void -db_print_inpflags(int inp_flags) -{ - int comma; - - comma = 0; - if (inp_flags & INP_RECVOPTS) { - db_printf("%sINP_RECVOPTS", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & INP_RECVRETOPTS) { - db_printf("%sINP_RECVRETOPTS", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & INP_RECVDSTADDR) { - db_printf("%sINP_RECVDSTADDR", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & INP_HDRINCL) { - db_printf("%sINP_HDRINCL", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & INP_HIGHPORT) { - db_printf("%sINP_HIGHPORT", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & INP_LOWPORT) { - db_printf("%sINP_LOWPORT", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & INP_ANONPORT) { - db_printf("%sINP_ANONPORT", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & INP_RECVIF) { - db_printf("%sINP_RECVIF", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & INP_MTUDISC) { - db_printf("%sINP_MTUDISC", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & INP_RECVTTL) { - db_printf("%sINP_RECVTTL", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & INP_DONTFRAG) { - db_printf("%sINP_DONTFRAG", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & INP_BINDANY) { - db_printf("%sINP_BINDANY", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & INP_INHASHLIST) { - db_printf("%sINP_INHASHLIST", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & INP_RECVTOS) { - db_printf("%sINP_RECVTOS", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & IN6P_IPV6_V6ONLY) { - db_printf("%sIN6P_IPV6_V6ONLY", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & IN6P_PKTINFO) { - db_printf("%sIN6P_PKTINFO", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & IN6P_HOPLIMIT) { - db_printf("%sIN6P_HOPLIMIT", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & IN6P_HOPOPTS) { - db_printf("%sIN6P_HOPOPTS", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & IN6P_DSTOPTS) { - db_printf("%sIN6P_DSTOPTS", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & IN6P_RTHDR) { - db_printf("%sIN6P_RTHDR", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & IN6P_RTHDRDSTOPTS) { - db_printf("%sIN6P_RTHDRDSTOPTS", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & IN6P_TCLASS) { - db_printf("%sIN6P_TCLASS", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & IN6P_AUTOFLOWLABEL) { - db_printf("%sIN6P_AUTOFLOWLABEL", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & INP_ONESBCAST) { - db_printf("%sINP_ONESBCAST", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & INP_DROPPED) { - db_printf("%sINP_DROPPED", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & INP_SOCKREF) { - db_printf("%sINP_SOCKREF", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & INP_RESERVED_0) { - db_printf("%sINP_RESERVED_0", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & INP_BOUNDFIB) { - db_printf("%sINP_BOUNDFIB", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & IN6P_RFC2292) { - db_printf("%sIN6P_RFC2292", comma ? ", " : ""); - comma = 1; - } - if (inp_flags & IN6P_MTU) { - db_printf("IN6P_MTU%s", comma ? ", " : ""); - comma = 1; - } -} - -static void -db_print_inpvflag(u_char inp_vflag) -{ - int comma; - - comma = 0; - if (inp_vflag & INP_IPV4) { - db_printf("%sINP_IPV4", comma ? ", " : ""); - comma = 1; - } - if (inp_vflag & INP_IPV6) { - db_printf("%sINP_IPV6", comma ? ", " : ""); - comma = 1; - } - if (inp_vflag & INP_IPV6PROTO) { - db_printf("%sINP_IPV6PROTO", comma ? ", " : ""); - comma = 1; - } -} - void db_print_inpcb(struct inpcb *inp, const char *name, int indent) { @@ -3216,38 +3068,36 @@ db_print_inpcb(struct inpcb *inp, const char *name, int indent) indent += 2; db_print_indent(indent); - db_printf("inp_flow: 0x%x\n", inp->inp_flow); + db_printf("inp_flow: 0x%x inp_label: %p\n", inp->inp_flow, + inp->inp_label); db_print_inconninfo(&inp->inp_inc, "inp_conninfo", indent); db_print_indent(indent); - db_printf("inp_label: %p inp_flags: 0x%x (", - inp->inp_label, inp->inp_flags); - db_print_inpflags(inp->inp_flags); - db_printf(")\n"); + db_printf("inp_flags: 0x%b\n", inp->inp_flags, INP_FLAGS_BITS); db_print_indent(indent); - db_printf("inp_sp: %p inp_vflag: 0x%x (", inp->inp_sp, - inp->inp_vflag); - db_print_inpvflag(inp->inp_vflag); - db_printf(")\n"); + db_printf("inp_sp: %p inp_vflag: 0x%b\n", inp->inp_sp, + inp->inp_vflag, INP_VFLAGS_BITS); db_print_indent(indent); db_printf("inp_ip_ttl: %d inp_ip_p: %d inp_ip_minttl: %d\n", inp->inp_ip_ttl, inp->inp_ip_p, inp->inp_ip_minttl); - db_print_indent(indent); #ifdef INET6 if (inp->inp_vflag & INP_IPV6) { + db_print_indent(indent); db_printf("in6p_options: %p in6p_outputopts: %p " "in6p_moptions: %p\n", inp->in6p_options, inp->in6p_outputopts, inp->in6p_moptions); + db_print_indent(indent); db_printf("in6p_icmp6filt: %p in6p_cksum %d " "in6p_hops %u\n", inp->in6p_icmp6filt, inp->in6p_cksum, inp->in6p_hops); } else #endif { + db_print_indent(indent); db_printf("inp_ip_tos: %d inp_ip_options: %p " "inp_ip_moptions: %p\n", inp->inp_ip_tos, inp->inp_options, inp->inp_moptions); diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h index 7d41e3d690e0..60f129bce216 100644 --- a/sys/netinet/in_pcb.h +++ b/sys/netinet/in_pcb.h @@ -539,6 +539,9 @@ void inp_4tuple_get(struct inpcb *inp, uint32_t *laddr, uint16_t *lp, #define INP_IPV6 0x2 #define INP_IPV6PROTO 0x4 /* opened under IPv6 protocol */ +/* inp_vflags description for use with printf(9) %b identifier. */ +#define INP_VFLAGS_BITS "\20\1INP_IPV4\2INP_IPV6\3INP_IPV6PROTO" + /* * Flags for inp_flags. */ @@ -582,6 +585,17 @@ void inp_4tuple_get(struct inpcb *inp, uint32_t *laddr, uint16_t *lp, IN6P_TCLASS|IN6P_AUTOFLOWLABEL|IN6P_RFC2292|\ IN6P_MTU) +/* inp_flags description for use with printf(9) %b identifier. */ +#define INP_FLAGS_BITS "\20" \ + "\1INP_RECVOPTS\2INP_RECVRETOPTS\3INP_RECVDSTADDR\4INP_HDRINCL" \ + "\5INP_HIGHPORT\6INP_LOWPORT\7INP_ANONPORT\10INP_RECVIF" \ + "\11INP_MTUDISC\12INP_FREED\13INP_RECVTTL\14INP_DONTFRAG" \ + "\15INP_BINDANY\16INP_INHASHLIST\17INP_RECVTOS\20IN6P_IPV6_V6ONLY" \ + "\21IN6P_PKTINFO\22IN6P_HOPLIMIT\23IN6P_HOPOPTS\24IN6P_DSTOPTS" \ + "\25IN6P_RTHDR\26IN6P_RTHDRDSTOPTS\27IN6P_TCLASS\30IN6P_AUTOFLOWLABEL" \ + "\31INP_INLBGROUP\32INP_ONESBCAST\33INP_DROPPED\34INP_SOCKREF" \ + "\35INP_RESERVED_0\36INP_BOUNDFIB\37IN6P_RFC2292\40IN6P_MTU" + /* * Flags for inp_flags2. */ diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c index c4a54646f3a2..4d1a6455d09e 100644 --- a/sys/netinet/tcp_usrreq.c +++ b/sys/netinet/tcp_usrreq.c @@ -2799,258 +2799,6 @@ db_print_tstate(int t_state) } static void -db_print_tflags(u_int t_flags) -{ - int comma; - - comma = 0; - if (t_flags & TF_ACKNOW) { - db_printf("%sTF_ACKNOW", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_DELACK) { - db_printf("%sTF_DELACK", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_NODELAY) { - db_printf("%sTF_NODELAY", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_NOOPT) { - db_printf("%sTF_NOOPT", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_SENTFIN) { - db_printf("%sTF_SENTFIN", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_REQ_SCALE) { - db_printf("%sTF_REQ_SCALE", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_RCVD_SCALE) { - db_printf("%sTF_RECVD_SCALE", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_REQ_TSTMP) { - db_printf("%sTF_REQ_TSTMP", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_RCVD_TSTMP) { - db_printf("%sTF_RCVD_TSTMP", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_SACK_PERMIT) { - db_printf("%sTF_SACK_PERMIT", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_NEEDSYN) { - db_printf("%sTF_NEEDSYN", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_NEEDFIN) { - db_printf("%sTF_NEEDFIN", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_NOPUSH) { - db_printf("%sTF_NOPUSH", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_PREVVALID) { - db_printf("%sTF_PREVVALID", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_WAKESOR) { - db_printf("%sTF_WAKESOR", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_GPUTINPROG) { - db_printf("%sTF_GPUTINPROG", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_MORETOCOME) { - db_printf("%sTF_MORETOCOME", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_SONOTCONN) { - db_printf("%sTF_SONOTCONN", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_LASTIDLE) { - db_printf("%sTF_LASTIDLE", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_RXWIN0SENT) { - db_printf("%sTF_RXWIN0SENT", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_FASTRECOVERY) { - db_printf("%sTF_FASTRECOVERY", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_WASFRECOVERY) { - db_printf("%sTF_WASFRECOVERY", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_SIGNATURE) { - db_printf("%sTF_SIGNATURE", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_FORCEDATA) { - db_printf("%sTF_FORCEDATA", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_TSO) { - db_printf("%sTF_TSO", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_TOE) { - db_printf("%sTF_TOE", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_CLOSED) { - db_printf("%sTF_CLOSED", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_SENTSYN) { - db_printf("%sTF_SENTSYN", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_LRD) { - db_printf("%sTF_LRD", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_CONGRECOVERY) { - db_printf("%sTF_CONGRECOVERY", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_WASCRECOVERY) { - db_printf("%sTF_WASCRECOVERY", comma ? ", " : ""); - comma = 1; - } - if (t_flags & TF_FASTOPEN) { - db_printf("%sTF_FASTOPEN", comma ? ", " : ""); - comma = 1; - } -} - -static void -db_print_tflags2(u_int t_flags2) -{ - int comma; - - comma = 0; - if (t_flags2 & TF2_PLPMTU_BLACKHOLE) { - db_printf("%sTF2_PLPMTU_BLACKHOLE", comma ? ", " : ""); - comma = 1; - } - if (t_flags2 & TF2_PLPMTU_PMTUD) { - db_printf("%sTF2_PLPMTU_PMTUD", comma ? ", " : ""); - comma = 1; - } - if (t_flags2 & TF2_PLPMTU_MAXSEGSNT) { - db_printf("%sTF2_PLPMTU_MAXSEGSNT", comma ? ", " : ""); - comma = 1; - } - if (t_flags2 & TF2_LOG_AUTO) { - db_printf("%sTF2_LOG_AUTO", comma ? ", " : ""); - comma = 1; - } - if (t_flags2 & TF2_DROP_AF_DATA) { - db_printf("%sTF2_DROP_AF_DATA", comma ? ", " : ""); - comma = 1; - } - if (t_flags2 & TF2_ECN_PERMIT) { - db_printf("%sTF2_ECN_PERMIT", comma ? ", " : ""); - comma = 1; - } - if (t_flags2 & TF2_ECN_SND_CWR) { - db_printf("%sTF2_ECN_SND_CWR", comma ? ", " : ""); - comma = 1; - } - if (t_flags2 & TF2_ECN_SND_ECE) { - db_printf("%sTF2_ECN_SND_ECE", comma ? ", " : ""); - comma = 1; - } - if (t_flags2 & TF2_ACE_PERMIT) { - db_printf("%sTF2_ACE_PERMIT", comma ? ", " : ""); - comma = 1; - } - if (t_flags2 & TF2_HPTS_CPU_SET) { - db_printf("%sTF2_HPTS_CPU_SET", comma ? ", " : ""); - comma = 1; - } - if (t_flags2 & TF2_FBYTES_COMPLETE) { - db_printf("%sTF2_FBYTES_COMPLETE", comma ? ", " : ""); - comma = 1; - } - if (t_flags2 & TF2_ECN_USE_ECT1) { - db_printf("%sTF2_ECN_USE_ECT1", comma ? ", " : ""); - comma = 1; - } - if (t_flags2 & TF2_TCP_ACCOUNTING) { - db_printf("%sTF2_TCP_ACCOUNTING", comma ? ", " : ""); - comma = 1; - } - if (t_flags2 & TF2_HPTS_CALLS) { - db_printf("%sTF2_HPTS_CALLS", comma ? ", " : ""); - comma = 1; - } - if (t_flags2 & TF2_MBUF_L_ACKS) { - db_printf("%sTF2_MBUF_L_ACKS", comma ? ", " : ""); - comma = 1; - } - if (t_flags2 & TF2_MBUF_ACKCMP) { - db_printf("%sTF2_MBUF_ACKCMP", comma ? ", " : ""); - comma = 1; - } - if (t_flags2 & TF2_SUPPORTS_MBUFQ) { - db_printf("%sTF2_SUPPORTS_MBUFQ", comma ? ", " : ""); - comma = 1; - } - if (t_flags2 & TF2_MBUF_QUEUE_READY) { - db_printf("%sTF2_MBUF_QUEUE_READY", comma ? ", " : ""); - comma = 1; - } - if (t_flags2 & TF2_DONT_SACK_QUEUE) { - db_printf("%sTF2_DONT_SACK_QUEUE", comma ? ", " : ""); - comma = 1; - } - if (t_flags2 & TF2_CANNOT_DO_ECN) { - db_printf("%sTF2_CANNOT_DO_ECN", comma ? ", " : ""); - comma = 1; - } - if (t_flags2 & TF2_PROC_SACK_PROHIBIT) { - db_printf("%sTF2_PROC_SACK_PROHIBIT", comma ? ", " : ""); - comma = 1; - } - if (t_flags2 & TF2_IPSEC_TSO) { - db_printf("%sTF2_IPSEC_TSO", comma ? ", " : ""); - comma = 1; - } - if (t_flags2 & TF2_NO_ISS_CHECK) { - db_printf("%sTF2_NO_ISS_CHECK", comma ? ", " : ""); - comma = 1; - } -} - -static void -db_print_toobflags(char t_oobflags) -{ - int comma; - - comma = 0; - if (t_oobflags & TCPOOB_HAVEDATA) { - db_printf("%sTCPOOB_HAVEDATA", comma ? ", " : ""); - comma = 1; - } - if (t_oobflags & TCPOOB_HADDATA) { - db_printf("%sTCPOOB_HADDATA", comma ? ", " : ""); - comma = 1; - } -} - -static void db_print_bblog_state(int state) { switch (state) { @@ -3114,14 +2862,10 @@ db_print_tcpcb(struct tcpcb *tp, const char *name, int indent, bool show_bblog, db_printf(")\n"); db_print_indent(indent); - db_printf("t_flags: 0x%x (", tp->t_flags); - db_print_tflags(tp->t_flags); - db_printf(")\n"); + db_printf("t_flags: 0x%b\n", tp->t_flags, TF_BITS); db_print_indent(indent); - db_printf("t_flags2: 0x%x (", tp->t_flags2); - db_print_tflags2(tp->t_flags2); - db_printf(")\n"); + db_printf("t_flags2: 0x%b\n", tp->t_flags2, TF2_BITS); db_print_indent(indent); db_printf("snd_una: 0x%08x snd_max: 0x%08x snd_nxt: 0x%08x\n", @@ -3168,9 +2912,8 @@ db_print_tcpcb(struct tcpcb *tp, const char *name, int indent, bool show_bblog, tp->t_rttupdated, tp->max_sndwnd, tp->t_softerror); db_print_indent(indent); - db_printf("t_oobflags: 0x%x (", tp->t_oobflags); - db_print_toobflags(tp->t_oobflags); - db_printf(") t_iobc: 0x%02x\n", tp->t_iobc); + db_printf("t_oobflags: 0x%b t_iobc: 0x%02x\n", tp->t_oobflags, + TCPOOB_BITS, tp->t_iobc); db_print_indent(indent); db_printf("snd_scale: %u rcv_scale: %u request_r_scale: %u\n", diff --git a/sys/netinet/tcp_var.h b/sys/netinet/tcp_var.h index c3be95c80798..f9297be46af7 100644 --- a/sys/netinet/tcp_var.h +++ b/sys/netinet/tcp_var.h @@ -795,6 +795,17 @@ tcp_packets_this_ack(struct tcpcb *tp, tcp_seq ack) #define TF_WASCRECOVERY 0x40000000 /* was in congestion recovery */ #define TF_FASTOPEN 0x80000000 /* TCP Fast Open indication */ +/* t_flags description for use with printf(9) %b identifier. */ +#define TF_BITS "\20" \ + "\1TF_ACKNOW\2TF_DELACK\3TF_NODELAY\4TF_NOOPT" \ + "\5TF_SENTFIN\6TF_REQ_SCALE\7TF_RCVD_SCALE\10TF_REQ_TSTMP" \ + "\11TF_RCVD_TSTMP\12TF_SACK_PERMIT\13TF_NEEDSYN\14TF_NEEDFIN" \ + "\15TF_NOPUSH\16TF_PREVVALID\17TF_WAKESOR\20TF_GPUTINPROG" \ + "\21TF_MORETOCOME\22TF_SONOTCONN\23TF_LASTIDLE\24TF_RXWIN0SENT" \ + "\25TF_FASTRECOVERY\26TF_WASFRECOVERY\27TF_SIGNATURE\30TF_FORCEDATA" \ + "\31TF_TSO\32TF_TOE\33TF_CLOSED\34TF_SENTSYN" \ + "\35TF_LRD\36TF_CONGRECOVERY\37TF_WASCRECOVERY\40TF_FASTOPEN" + #define IN_FASTRECOVERY(t_flags) (t_flags & TF_FASTRECOVERY) #define ENTER_FASTRECOVERY(t_flags) t_flags |= TF_FASTRECOVERY #define EXIT_FASTRECOVERY(t_flags) t_flags &= ~TF_FASTRECOVERY @@ -815,6 +826,9 @@ tcp_packets_this_ack(struct tcpcb *tp, tcp_seq ack) #define TCPOOB_HAVEDATA 0x01 #define TCPOOB_HADDATA 0x02 +/* t_oobflags description for use with printf(9) %b identifier. */ +#define TCPOOB_BITS "\20\1TCPOOB_HAVEDATA\2TCPOOB_HADDATA" + /* * Flags for the extended TCP flags field, t_flags2 */ @@ -842,6 +856,21 @@ tcp_packets_this_ack(struct tcpcb *tp, tcp_seq ack) #define TF2_IPSEC_TSO 0x00200000 /* IPSEC + TSO supported */ #define TF2_NO_ISS_CHECK 0x00400000 /* Don't check SEG.ACK against ISS */ +/* t_flags2 description for use with printf(9) %b identifier. */ +#define TF2_BITS "\20" \ + "\1TF2_PLPMTU_BLACKHOLE\2TF2_PLPMTU_PMTUD" \ + "\3TF2_PLPMTU_MAXSEGSNT\4TF2_LOG_AUTO" \ + "\5TF2_DROP_AF_DATA\6TF2_ECN_PERMIT" \ + "\7TF2_ECN_SND_CWR\10TF2_ECN_SND_ECE" \ + "\11TF2_ACE_PERMIT\12TF2_HPTS_CPU_SET" \ + "\13TF2_FBYTES_COMPLETE\14TF2_ECN_USE_ECT1" \ + "\15TF2_TCP_ACCOUNTING\16TF2_HPTS_CALLS" \ + "\17TF2_MBUF_L_ACKS\20TF2_MBUF_ACKCMP" \ + "\21TF2_SUPPORTS_MBUFQ\22TF2_MBUF_QUEUE_READY" \ + "\23TF2_DONT_SACK_QUEUE\24TF2_CANNOT_DO_ECN" \ + "\25TF2_PROC_SACK_PROHIBIT\26TF2_IPSEC_TSO" \ + "\27TF2_NO_ISS_CHECK" + /* * Structure to hold TCP options that are only used during segment * processing (in tcp_input), but not held in the tcpcb. diff --git a/sys/netinet6/mld6.c b/sys/netinet6/mld6.c index a825658bd9ee..5dfe48908a4f 100644 --- a/sys/netinet6/mld6.c +++ b/sys/netinet6/mld6.c @@ -3267,6 +3267,7 @@ mld_init(void *unused __unused) mld_po.ip6po_hbh = &mld_ra.hbh; mld_po.ip6po_prefer_tempaddr = IP6PO_TEMPADDR_NOTPREFER; mld_po.ip6po_flags = IP6PO_DONTFRAG; + mld_po.ip6po_valid = IP6PO_VALID_HLIM | IP6PO_VALID_HBH; callout_init(&mldslow_callout, 1); callout_reset(&mldslow_callout, hz / MLD_SLOWHZ, mld_slowtimo, NULL); diff --git a/sys/netpfil/ipfw/pmod/tcpmod.c b/sys/netpfil/ipfw/pmod/tcpmod.c index 0338dc792c64..50074ee98cca 100644 --- a/sys/netpfil/ipfw/pmod/tcpmod.c +++ b/sys/netpfil/ipfw/pmod/tcpmod.c @@ -57,7 +57,8 @@ VNET_DEFINE_STATIC(uint32_t, tcpmod_setmss_eid) = 0; #define V_tcpmod_setmss_eid VNET(tcpmod_setmss_eid) static int -tcpmod_setmss(struct mbuf **mp, struct tcphdr *tcp, int tlen, uint16_t mss) +tcpmod_setmss(struct mbuf **mp, struct tcphdr *tcp, int tlen, uint16_t mss, + int *done) { struct mbuf *m; u_char *cp; @@ -72,8 +73,10 @@ tcpmod_setmss(struct mbuf **mp, struct tcphdr *tcp, int tlen, uint16_t mss) * TCP header with options. */ *mp = m = m_pullup(m, m->m_pkthdr.len); - if (m == NULL) + if (m == NULL) { + *done = 1; return (ret); + } } /* Parse TCP options. */ for (tlen -= sizeof(struct tcphdr), cp = (u_char *)(tcp + 1); @@ -114,7 +117,7 @@ tcpmod_setmss(struct mbuf **mp, struct tcphdr *tcp, int tlen, uint16_t mss) #ifdef INET6 static int -tcpmod_ipv6_setmss(struct mbuf **mp, uint16_t mss) +tcpmod_ipv6_setmss(struct mbuf **mp, uint16_t mss, int *done) { struct ip6_hdr *ip6; struct ip6_hbh *hbh; @@ -142,13 +145,13 @@ tcpmod_ipv6_setmss(struct mbuf **mp, uint16_t mss) /* We must have TCP options and enough data in a packet. */ if (hlen <= sizeof(struct tcphdr) || hlen > plen) return (IP_FW_DENY); - return (tcpmod_setmss(mp, tcp, hlen, mss)); + return (tcpmod_setmss(mp, tcp, hlen, mss, done)); } #endif /* INET6 */ #ifdef INET static int -tcpmod_ipv4_setmss(struct mbuf **mp, uint16_t mss) +tcpmod_ipv4_setmss(struct mbuf **mp, uint16_t mss, int *done) { struct tcphdr *tcp; struct ip *ip; @@ -162,7 +165,7 @@ tcpmod_ipv4_setmss(struct mbuf **mp, uint16_t mss) /* We must have TCP options and enough data in a packet. */ if (hlen <= sizeof(struct tcphdr) || hlen > plen) return (IP_FW_DENY); - return (tcpmod_setmss(mp, tcp, hlen, mss)); + return (tcpmod_setmss(mp, tcp, hlen, mss, done)); } #endif /* INET */ @@ -206,19 +209,23 @@ ipfw_tcpmod(struct ip_fw_chain *chain, struct ip_fw_args *args, switch (args->f_id.addr_type) { #ifdef INET case 4: - ret = tcpmod_ipv4_setmss(&args->m, htons(icmd->arg1)); + ret = tcpmod_ipv4_setmss(&args->m, htons(icmd->arg1), + done); break; #endif #ifdef INET6 case 6: - ret = tcpmod_ipv6_setmss(&args->m, htons(icmd->arg1)); + ret = tcpmod_ipv6_setmss(&args->m, htons(icmd->arg1), + done); break; #endif } /* * We return zero in both @ret and @done on success, and ipfw_chk() * will update rule counters. Otherwise a packet will not be matched - * by rule. + * by rule. We passed @done around above in case we hit a fatal error + * somewhere, we'll return non-zero but signal that rule processing + * cannot succeed. */ return (ret); } diff --git a/sys/sys/param.h b/sys/sys/param.h index 957f1762a17c..bdfe4a1cfde3 100644 --- a/sys/sys/param.h +++ b/sys/sys/param.h @@ -74,7 +74,7 @@ * cannot include sys/param.h and should only be updated here. */ #undef __FreeBSD_version -#define __FreeBSD_version 1600003 +#define __FreeBSD_version 1600004 /* * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD, diff --git a/usr.bin/id/id.c b/usr.bin/id/id.c index 5f9d2670caa3..7ba07daad11e 100644 --- a/usr.bin/id/id.c +++ b/usr.bin/id/id.c @@ -67,19 +67,13 @@ main(int argc, char *argv[]) { struct group *gr; struct passwd *pw; -#ifdef USE_BSM_AUDIT - bool Aflag; -#endif - bool Gflag, Mflag, Pflag; + bool Aflag, Gflag, Mflag, Pflag; bool cflag, dflag, gflag, nflag, pflag, rflag, sflag, uflag; int ch, combo, error, id; const char *myname, *optstr; char loginclass[MAXLOGNAME]; -#ifdef USE_BSM_AUDIT - Aflag = false; -#endif - Gflag = Mflag = Pflag = false; + Aflag = Gflag = Mflag = Pflag = false; cflag = dflag = gflag = nflag = pflag = rflag = sflag = uflag = false; myname = getprogname(); diff --git a/usr.bin/sockstat/main.c b/usr.bin/sockstat/main.c index 07663e54534d..1f174d827e1a 100644 --- a/usr.bin/sockstat/main.c +++ b/usr.bin/sockstat/main.c @@ -88,6 +88,7 @@ static bool opt_A; /* Show kernel address of pcb */ static bool opt_b; /* Show BBLog state */ static bool opt_C; /* Show congestion control */ static bool opt_c; /* Show connected sockets */ +static bool opt_F; /* Show sockets for selected user only */ static bool opt_f; /* Show FIB numbers */ static bool opt_I; /* Show spliced socket addresses */ static bool opt_i; /* Show inp_gencnt */ @@ -115,6 +116,12 @@ static size_t default_numprotos = nitems(default_protos); static int *protos; /* protocols to use */ static size_t numprotos; /* allocated size of protos[] */ +/* + * Show sockets for user username or UID specified + */ +static char *filter_user_optarg = NULL; /* saved optarg for username/UID resolving */ +static uid_t filter_user_uid; /* UID to show sockets for */ + struct addr { union { struct sockaddr_storage address; @@ -217,6 +224,18 @@ _enforce_ksize(size_t received_size, size_t expected_size, const char *struct_na } #define enforce_ksize(_sz, _struct) (_enforce_ksize(_sz, sizeof(_struct), #_struct)) +static inline bool +filtered_uid(uid_t i_uid) +{ + return ((i_uid) == filter_user_uid); +} + +static inline bool +need_nosocks(void) +{ + return !(opt_F || (opt_j >= 0)); +} + static int get_proto_type(const char *proto) { @@ -758,7 +777,8 @@ gather_inet(int proto) if (sock->socket != 0) RB_INSERT(socks_t, &socks, sock); else - SLIST_INSERT_HEAD(&nosocks, sock, socket_list); + if (need_nosocks()) + SLIST_INSERT_HEAD(&nosocks, sock, socket_list); } out: free(buf); @@ -862,6 +882,8 @@ getfiles(void) struct xfile *xfiles; size_t len, olen; + int filenum = 0; + olen = len = sizeof(*xfiles); if ((xfiles = malloc(len)) == NULL) xo_err(1, "malloc()"); @@ -880,14 +902,23 @@ getfiles(void) if ((files = malloc(nfiles * sizeof(struct file))) == NULL) xo_err(1, "malloc()"); + /* Fill files structure, optionally for specified user */ for (int i = 0; i < nfiles; i++) { - files[i].xf_data = xfiles[i].xf_data; - files[i].xf_pid = xfiles[i].xf_pid; - files[i].xf_uid = xfiles[i].xf_uid; - files[i].xf_fd = xfiles[i].xf_fd; - RB_INSERT(files_t, &ftree, &files[i]); + if (opt_F && !filtered_uid(xfiles[i].xf_uid)) + continue; + files[filenum].xf_data = xfiles[i].xf_data; + files[filenum].xf_pid = xfiles[i].xf_pid; + files[filenum].xf_uid = xfiles[i].xf_uid; + files[filenum].xf_fd = xfiles[i].xf_fd; + RB_INSERT(files_t, &ftree, &files[filenum]); + filenum++; } + /* Adjust global nfiles to match the number of files we + * actually filled into files[] array + */ + nfiles = filenum; + free(xfiles); } @@ -1584,6 +1615,24 @@ display_sock(struct sock *s, struct col_widths *cw, char *buf, size_t bufsize) static void display(void) { + static const char *__HDR_USER="USER", + *__HDR_COMMAND="COMMAND", + *__HDR_PID="PID", + *__HDR_FD="FD", + *__HDR_PROTO="PROTO", + *__HDR_LOCAL_ADDRESS="LOCAL ADDRESS", + *__HDR_FOREIGN_ADDRESS="FOREIGN ADDRESS", + *__HDR_PCB_KVA="PCB KVA", + *__HDR_FIB="FIB", + *__HDR_SPLICE_ADDRESS="SPLICE ADDRESS", + *__HDR_ID="ID", + *__HDR_ENCAPS="ENCAPS", + *__HDR_PATH_STATE="PATH STATE", + *__HDR_CONN_STATE="CONN STATE", + *__HDR_BBLOG_STATE="BBLOG STATE", + *__HDR_STACK="STACK", + *__HDR_CC="CC"; + struct passwd *pwd; struct file *xf; struct sock *s; @@ -1598,23 +1647,23 @@ display(void) if (!is_xo_style_encoding) { cw = (struct col_widths) { - .user = strlen("USER"), + .user = strlen(__HDR_USER), .command = 10, - .pid = strlen("PID"), - .fd = strlen("FD"), - .proto = strlen("PROTO"), - .local_addr = opt_w ? strlen("LOCAL ADDRESS") : 21, - .foreign_addr = opt_w ? strlen("FOREIGN ADDRESS") : 21, + .pid = strlen(__HDR_PID), + .fd = strlen(__HDR_FD), + .proto = strlen(__HDR_PROTO), + .local_addr = opt_w ? strlen(__HDR_LOCAL_ADDRESS) : 21, + .foreign_addr = opt_w ? strlen(__HDR_FOREIGN_ADDRESS) : 21, .pcb_kva = 18, - .fib = strlen("FIB"), - .splice_address = strlen("SPLICE ADDRESS"), - .inp_gencnt = strlen("ID"), - .encaps = strlen("ENCAPS"), - .path_state = strlen("PATH STATE"), - .conn_state = strlen("CONN STATE"), - .bblog_state = strlen("BBLOG STATE"), - .stack = strlen("STACK"), - .cc = strlen("CC"), + .fib = strlen(__HDR_FIB), + .splice_address = strlen(__HDR_SPLICE_ADDRESS), + .inp_gencnt = strlen(__HDR_ID), + .encaps = strlen(__HDR_ENCAPS), + .path_state = strlen(__HDR_PATH_STATE), + .conn_state = strlen(__HDR_CONN_STATE), + .bblog_state = strlen(__HDR_BBLOG_STATE), + .stack = strlen(__HDR_STACK), + .cc = strlen(__HDR_CC), }; calculate_column_widths(&cw); } else @@ -1625,34 +1674,34 @@ display(void) xo_open_list("socket"); if (!opt_q) { xo_emit("{T:/%-*s} {T:/%-*s} {T:/%*s} {T:/%*s} {T:/%-*s} " - "{T:/%-*s} {T:/%-*s}", cw.user, "USER", cw.command, - "COMMAND", cw.pid, "PID", cw.fd, "FD", cw.proto, - "PROTO", cw.local_addr, "LOCAL ADDRESS", - cw.foreign_addr, "FOREIGN ADDRESS"); + "{T:/%-*s} {T:/%-*s}", cw.user, __HDR_USER, cw.command, + __HDR_COMMAND, cw.pid, __HDR_PID, cw.fd, __HDR_FD, cw.proto, + __HDR_PROTO, cw.local_addr, __HDR_LOCAL_ADDRESS, + cw.foreign_addr, __HDR_FOREIGN_ADDRESS); if (opt_A) - xo_emit(" {T:/%-*s}", cw.pcb_kva, "PCB KVA"); + xo_emit(" {T:/%-*s}", cw.pcb_kva, __HDR_PCB_KVA); if (opt_f) /* RT_MAXFIBS is 65535. */ - xo_emit(" {T:/%*s}", cw.fib, "FIB"); + xo_emit(" {T:/%*s}", cw.fib, __HDR_FIB); if (opt_I) xo_emit(" {T:/%-*s}", cw.splice_address, - "SPLICE ADDRESS"); + __HDR_SPLICE_ADDRESS); if (opt_i) - xo_emit(" {T:/%*s}", cw.inp_gencnt, "ID"); + xo_emit(" {T:/%*s}", cw.inp_gencnt, __HDR_ID); if (opt_U) - xo_emit(" {T:/%*s}", cw.encaps, "ENCAPS"); + xo_emit(" {T:/%*s}", cw.encaps, __HDR_ENCAPS); if (opt_s) { if (show_path_state) xo_emit(" {T:/%-*s}", cw.path_state, - "PATH STATE"); - xo_emit(" {T:/%-*s}", cw.conn_state, "CONN STATE"); + __HDR_PATH_STATE); + xo_emit(" {T:/%-*s}", cw.conn_state, __HDR_CONN_STATE); } if (opt_b) - xo_emit(" {T:/%-*s}", cw.bblog_state, "BBLOG STATE"); + xo_emit(" {T:/%-*s}", cw.bblog_state, __HDR_BBLOG_STATE); if (opt_S) - xo_emit(" {T:/%-*s}", cw.stack, "STACK"); + xo_emit(" {T:/%-*s}", cw.stack, __HDR_STACK); if (opt_C) - xo_emit(" {T:/%-*s}", cw.cc, "CC"); + xo_emit(" {T:/%-*s}", cw.cc, __HDR_CC); xo_emit("\n"); } cap_setpassent(cappwd, 1); @@ -1684,7 +1733,7 @@ display(void) xo_close_instance("socket"); } } - if (opt_j >= 0) + if (!need_nosocks()) goto out; SLIST_FOREACH(s, &nosocks, socket_list) { if (!check_ports(s)) @@ -1775,11 +1824,44 @@ jail_getvnet(int jid) return (vnet); } +/* + * Parse username and/or UID + */ +static bool +parse_filter_user(void) +{ + struct passwd *pwd; + char *ep; + uid_t uid; + bool rv = false; + + uid = (uid_t)strtol(filter_user_optarg, &ep, 10); + + /* Open and/or rewind capsicumized password file */ + cap_setpassent(cappwd, 1); + + if (*ep == '\0') { + /* We have an UID specified, check if it's valid */ + if ((pwd = cap_getpwuid(cappwd, uid)) == NULL) + goto out; + filter_user_uid = uid; + } else { + /* Check if we have a valid username */ + if ((pwd = cap_getpwnam(cappwd, filter_user_optarg)) == NULL) + goto out; + filter_user_uid = pwd->pw_uid; + } + + rv = true; +out: + return (rv); +} + static void usage(void) { xo_error( -"usage: sockstat [--libxo ...] [-46AbCcfIiLlnqSsUuvw] [-j jid] [-p ports]\n" +"usage: sockstat [--libxo ...] [-46AbCcfIiLlnqSsUuvw] [-F uid/username] [-j jid] [-p ports]\n" " [-P protocols]\n"); exit(1); } @@ -1789,8 +1871,8 @@ main(int argc, char *argv[]) { cap_channel_t *capcas; cap_net_limit_t *limit; - const char *pwdcmds[] = { "setpassent", "getpwuid" }; - const char *pwdfields[] = { "pw_name" }; + const char *pwdcmds[] = { "setpassent", "getpwuid", "getpwnam" }; + const char *pwdfields[] = { "pw_name", "pw_uid" }; int protos_defined = -1; int o, i, err; @@ -1803,7 +1885,7 @@ main(int argc, char *argv[]) is_xo_style_encoding = true; } opt_j = -1; - while ((o = getopt(argc, argv, "46AbCcfIij:Llnp:P:qSsUuvw")) != -1) + while ((o = getopt(argc, argv, "46AbCcF:fIij:Llnp:P:qSsUuvw")) != -1) switch (o) { case '4': opt_4 = true; @@ -1823,6 +1905,11 @@ main(int argc, char *argv[]) case 'c': opt_c = true; break; + case 'F': + /* Save optarg for later use when we enter capabilities mode */ + filter_user_optarg = optarg; + opt_F = true; + break; case 'f': opt_f = true; break; @@ -1934,6 +2021,9 @@ main(int argc, char *argv[]) if (cap_pwd_limit_fields(cappwd, pwdfields, nitems(pwdfields)) < 0) xo_err(1, "Unable to apply pwd commands limits"); + if (opt_F && !parse_filter_user()) + xo_errx(1, "Invalid username or UID specified"); + if ((!opt_4 && !opt_6) && protos_defined != -1) opt_4 = opt_6 = true; if (!opt_4 && !opt_6 && !opt_u) diff --git a/usr.bin/sockstat/sockstat.1 b/usr.bin/sockstat/sockstat.1 index 1498fb1d88f7..b0fae81ee566 100644 --- a/usr.bin/sockstat/sockstat.1 +++ b/usr.bin/sockstat/sockstat.1 @@ -25,7 +25,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd October 14, 2025 +.Dd October 29, 2025 .Dt SOCKSTAT 1 .Os .Sh NAME @@ -35,6 +35,7 @@ .Nm .Op Fl -libxo .Op Fl 46AbCcfIiLlnqSsUuvw +.Op Fl F Ar user .Op Fl j Ar jail .Op Fl p Ar ports .Op Fl P Ar protocols @@ -73,6 +74,10 @@ Display the congestion control module, if applicable. This is currently only implemented for TCP. .It Fl c Show connected sockets. +.It Fl F Ar user +Show sockets for specified +.Ar user +(user name or UID) only. .It Fl f Show the FIB number of each socket. .It Fl I |