diff options
44 files changed, 567 insertions, 138 deletions
diff --git a/etc/mtree/BSD.include.dist b/etc/mtree/BSD.include.dist index 454657183c58..ea333a38d889 100644 --- a/etc/mtree/BSD.include.dist +++ b/etc/mtree/BSD.include.dist @@ -127,8 +127,6 @@ .. agp .. - an - .. ciss .. evdev @@ -191,8 +189,6 @@ .. wg .. - wi - .. .. devdctl .. @@ -303,8 +299,6 @@ net80211 .. netgraph - atm - .. bluetooth include .. diff --git a/krb5/include/autoconf.h b/krb5/include/autoconf.h index ed0bf8cacc14..760aca79176b 100644 --- a/krb5/include/autoconf.h +++ b/krb5/include/autoconf.h @@ -691,7 +691,15 @@ #define STDC_HEADERS 1 /* Define to 1 if strerror_r returns char *. */ +#ifdef __linux__ +#include <features.h> +#endif +#ifdef __GLIBC__ +/* Bootstrapping on GNU/Linux */ +#define STRERROR_R_CHAR_P 1 +#else /* #undef STRERROR_R_CHAR_P */ +#endif /* Define if sys_errlist is defined in errno.h */ #define SYS_ERRLIST_DECLARED 1 diff --git a/lib/libutil/mntopts.c b/lib/libutil/mntopts.c index 07d3dd6d98a3..4a064a086fd5 100644 --- a/lib/libutil/mntopts.c +++ b/lib/libutil/mntopts.c @@ -145,6 +145,18 @@ checkpath_allow_file(const char *path, char *resolved) return (0); } +static char * +prependdevtopath(const char *path, char *buf, u_long buflen) +{ + u_long len; + + if ((len = strlen(_PATH_DEV) + strlen(path) + 1) > buflen) + return NULL; + strncpy(buf, _PATH_DEV, len); + strncat(buf, path, len - sizeof(_PATH_DEV)); + return (buf); +} + /* * Get the mount point information for name. Name may be mount point name * or device name (with or without /dev/ preprended). @@ -153,19 +165,27 @@ struct statfs * getmntpoint(const char *name) { struct stat devstat, mntdevstat; - char device[sizeof(_PATH_DEV) - 1 + MNAMELEN]; - char *ddevname; + char *devname; struct statfs *mntbuf, *statfsp; - int i, mntsize, isdev; - u_long len; + int i, len, isdev, mntsize, mntfromnamesize; + char device[sizeof(_PATH_DEV) - 1 + MNAMELEN]; + u_long devlen; - if (stat(name, &devstat) != 0) + devlen = sizeof(device); + /* + * Note that stat(NULL, &statbuf) returns -1 (EBADF) which will + * cause us to return NULL if prependdevtopath() returns NULL. + */ + if (stat(name, &devstat) != 0 && + (name[0] != '/' && + stat(prependdevtopath(name, device, devlen), &devstat) != 0)) return (NULL); if (S_ISCHR(devstat.st_mode) || S_ISBLK(devstat.st_mode)) isdev = 1; else isdev = 0; mntsize = getmntinfo(&mntbuf, MNT_NOWAIT); + mntfromnamesize = sizeof(statfsp->f_mntfromname); for (i = 0; i < mntsize; i++) { statfsp = &mntbuf[i]; if (isdev == 0) { @@ -173,19 +193,20 @@ getmntpoint(const char *name) continue; return (statfsp); } - ddevname = statfsp->f_mntfromname; - if (*ddevname != '/') { - if ((len = strlen(_PATH_DEV) + strlen(ddevname) + 1) > - sizeof(statfsp->f_mntfromname) || - len > sizeof(device)) + devname = statfsp->f_mntfromname; + if (*devname == '/') { + if (stat(devname, &mntdevstat) != 0) + continue; + } else { + devname = prependdevtopath(devname, device, devlen); + if (devname == NULL || + (len = strlen(devname)) > mntfromnamesize) + continue; + if (stat(devname, &mntdevstat) != 0) continue; - strncpy(device, _PATH_DEV, len); - strncat(device, ddevname, len); - if (stat(device, &mntdevstat) == 0) - strncpy(statfsp->f_mntfromname, device, len); + strncpy(statfsp->f_mntfromname, devname, len); } - if (stat(ddevname, &mntdevstat) == 0 && - S_ISCHR(mntdevstat.st_mode) && + if (S_ISCHR(mntdevstat.st_mode) && mntdevstat.st_rdev == devstat.st_rdev) return (statfsp); } diff --git a/release/packages/ucl/caroot.ucl b/release/packages/ucl/caroot.ucl index e43c9d0771f2..f7d0dd8acb7f 100644 --- a/release/packages/ucl/caroot.ucl +++ b/release/packages/ucl/caroot.ucl @@ -4,6 +4,6 @@ deps { } } scripts: { - post-install = "/usr/sbin/certctl -D${PKG_ROOTDIR}/ rehash" - post-uninstall = "/usr/sbin/certctl -D${PKG_ROOTDIR}/ rehash" + post-install = "/usr/sbin/certctl -D${PKG_ROOTDIR}/ ${PKG_METALOG:+-U -M $PKG_METALOG} rehash" + post-uninstall = "/usr/sbin/certctl -D${PKG_ROOTDIR}/ ${PKG_METALOG:+-U -M $PKG_METALOG} rehash" } diff --git a/share/man/man4/snd_dummy.4 b/share/man/man4/snd_dummy.4 index 2b9d26d318ef..172b8ed70729 100644 --- a/share/man/man4/snd_dummy.4 +++ b/share/man/man4/snd_dummy.4 @@ -27,7 +27,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd July 15, 2024 +.Dd October 22, 2025 .Dt SND_DUMMY 4 .Os .Sh NAME @@ -47,11 +47,22 @@ physical sound card. It is intended for testing, so that test programs do not need to rely on hardware being present in the machine in order to run. .Pp -The driver attaches as a regular PCM device, with two channels (one playback -and one recording), as well as a mixer. +The driver attaches as a regular +.Xr sound 4 +device, with two channels (one playback and one recording), as well as a mixer. .Pp Playback works by discarding all input, and recording by returning silence (zeros). +.Sh FILES +.Bl -tag -width "/dev/dsp.dummy" -compact +.It Pa /dev/dsp.dummy +Alias to the device's +.Pa /dev/dsp%d +file created by +.Xr sound 4 . +This makes it easy for tests to open the dummy devic when there are more +devices present in the system. +.El .Sh SEE ALSO .Xr sound 4 , .Xr loader.conf 5 , diff --git a/share/man/man5/src.conf.5 b/share/man/man5/src.conf.5 index 1bb609336532..bab2c3d84abf 100644 --- a/share/man/man5/src.conf.5 +++ b/share/man/man5/src.conf.5 @@ -1,5 +1,5 @@ .\" DO NOT EDIT-- this file is @generated by tools/build/options/makeman. -.Dd October 1, 2025 +.Dd October 22, 2025 .Dt SRC.CONF 5 .Os .Sh NAME @@ -956,12 +956,12 @@ Do not build LLVM's lld linker. Do not build the LLDB debugger. .Pp This is a default setting on -arm/armv7 and riscv/riscv64. +riscv/riscv64. .It Va WITH_LLDB Build the LLDB debugger. .Pp This is a default setting on -amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64 and powerpc/powerpc64le. +amd64/amd64, arm/armv7, arm64/aarch64, i386/i386, powerpc/powerpc64 and powerpc/powerpc64le. .It Va WITHOUT_LLD_BOOTSTRAP Do not build the LLD linker during the bootstrap phase of the build. diff --git a/share/man/man9/uio.9 b/share/man/man9/uio.9 index e6240c4e51d3..b143eb6e8e62 100644 --- a/share/man/man9/uio.9 +++ b/share/man/man9/uio.9 @@ -23,7 +23,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd March 11, 2017 +.Dd October 22, 2025 .Dt UIO 9 .Os .Sh NAME @@ -107,10 +107,14 @@ The I/O vector points into the kernel address space. Do not copy, already in object. .El .It Va uio_rw -The direction of the desired transfer, either -.Dv UIO_READ -or -.Dv UIO_WRITE . +The direction of the desired transfer. +The supported flags are: +.Bl -tag -width "UIO_WRITE" +.It Dv UIO_READ +Transfer data from the buffers into the I/O vectors. +.It Dv UIO_WRITE +Transfer data from the I/O vectors into the buffers. +.El .It Va uio_td The pointer to a .Vt "struct thread" diff --git a/share/misc/bsd-family-tree b/share/misc/bsd-family-tree index b1614c7eb409..b0502dfc7925 100644 --- a/share/misc/bsd-family-tree +++ b/share/misc/bsd-family-tree @@ -479,7 +479,7 @@ FreeBSD 5.2 | | | | | | | | | DragonFly 6.4.1 | | | | | DragonFly 6.4.2 | FreeBSD | | | | - | 14.3 | | | | + | 14.3 | | OpenBSD 7.8 | | | | | | FreeBSD 16 -current | NetBSD -current OpenBSD -current DragonFly -current | | | | | @@ -925,6 +925,7 @@ OpenBSD 7.7 2025-04-28 [OBD] DragonFly 6.4.1 2025-04-30 [DFB] DragonFly 6.4.2 2025-05-09 [DFB] FreeBSD 14.3 2025-06-10 [FBD] +OpenBSD 7.8 2025-10-22 [OBD] Bibliography ------------------------ diff --git a/share/misc/committers-src.dot b/share/misc/committers-src.dot index 6035dd031216..3f3e39635c55 100644 --- a/share/misc/committers-src.dot +++ b/share/misc/committers-src.dot @@ -188,6 +188,7 @@ fjoe [label="Max Khon\nfjoe@FreeBSD.org\n2001/08/06"] flz [label="Florent Thoumie\nflz@FreeBSD.org\n2006/03/30"] freqlabs [label="Ryan Moeller\nfreqlabs@FreeBSD.org\n2020/02/10"] fsu [label="Fedor Uporov\nfsu@FreeBSD.org\n2017/08/28"] +fuz [label="Robert Clausecker\nfuz@FreeBSD.org\n2025/10/21"] gabor [label="Gabor Kovesdan\ngabor@FreeBSD.org\n2010/02/02"] gad [label="Garance A. Drosehn\ngad@FreeBSD.org\n2000/10/27"] gallatin [label="Andrew Gallatin\ngallatin@FreeBSD.org\n1999/01/15"] @@ -789,6 +790,7 @@ markj -> bnovkov markj -> cem markj -> christos markj -> dougm +markj -> fuz markj -> igoro markj -> jfree markj -> lwhsu diff --git a/share/mk/src.opts.mk b/share/mk/src.opts.mk index 446f78a2acf3..e10455cd4e82 100644 --- a/share/mk/src.opts.mk +++ b/share/mk/src.opts.mk @@ -302,7 +302,7 @@ __DEFAULT_NO_OPTIONS+=FDT __DEFAULT_YES_OPTIONS+=FDT .endif -.if ${__T:Marm*} == "" && ${__T:Mriscv64*} == "" +.if ${__T:Mriscv64*} == "" __DEFAULT_YES_OPTIONS+=LLDB .else __DEFAULT_NO_OPTIONS+=LLDB diff --git a/sys/arm/include/ieeefp.h b/sys/arm/include/ieeefp.h index 57dd058b8a95..57719b883d58 100644 --- a/sys/arm/include/ieeefp.h +++ b/sys/arm/include/ieeefp.h @@ -49,4 +49,14 @@ typedef enum { #define fp_except_t int +/* Augment the userland declarations. */ +__BEGIN_DECLS +extern fp_rnd_t fpgetround(void); +extern fp_rnd_t fpsetround(fp_rnd_t); +extern fp_except_t fpgetmask(void); +extern fp_except_t fpsetmask(fp_except_t); +extern fp_except_t fpgetsticky(void); +extern fp_except_t fpsetsticky(fp_except_t); +__END_DECLS + #endif /* _MACHINE_IEEEFP_H_ */ diff --git a/sys/arm64/arm64/elf32_machdep.c b/sys/arm64/arm64/elf32_machdep.c index 8f8a934ad520..4cb8ee5f57ef 100644 --- a/sys/arm64/arm64/elf32_machdep.c +++ b/sys/arm64/arm64/elf32_machdep.c @@ -210,7 +210,7 @@ freebsd32_fetch_syscall_args(struct thread *td) sa->code = *ap++; nap--; } else if (sa->code == SYS___syscall) { - sa->code = ap[1]; + sa->code = ap[_QUAD_LOWWORD]; nap -= 2; ap += 2; } diff --git a/sys/compat/linuxkpi/common/include/linux/bitops.h b/sys/compat/linuxkpi/common/include/linux/bitops.h index 00dd1f9a1ec0..a5a7abd55287 100644 --- a/sys/compat/linuxkpi/common/include/linux/bitops.h +++ b/sys/compat/linuxkpi/common/include/linux/bitops.h @@ -37,13 +37,8 @@ #define BIT(nr) (1UL << (nr)) #define BIT_ULL(nr) (1ULL << (nr)) -#ifdef __LP64__ -#define BITS_PER_LONG 64 -#else -#define BITS_PER_LONG 32 -#endif - -#define BITS_PER_LONG_LONG 64 +#define BITS_PER_LONG (__SIZEOF_LONG__ * __CHAR_BIT__) +#define BITS_PER_LONG_LONG (__SIZEOF_LONG_LONG__ * __CHAR_BIT__) #define BITMAP_FIRST_WORD_MASK(start) (~0UL << ((start) % BITS_PER_LONG)) #define BITMAP_LAST_WORD_MASK(n) (~0UL >> (BITS_PER_LONG - (n))) diff --git a/sys/conf/files.x86 b/sys/conf/files.x86 index 953da7dd1284..21a1b8046f12 100644 --- a/sys/conf/files.x86 +++ b/sys/conf/files.x86 @@ -311,6 +311,7 @@ dev/ntb/test/ntb_tool.c optional ntb_tool dev/nvram/nvram.c optional nvram isa dev/random/ivy.c optional rdrand_rng !random_loadable dev/random/nehemiah.c optional padlock_rng !random_loadable +dev/random/rdseed.c optional rdrand_rng !random_loadable dev/qat_c2xxx/qat.c optional qat_c2xxx dev/qat_c2xxx/qat_ae.c optional qat_c2xxx dev/qat_c2xxx/qat_c2xxx.c optional qat_c2xxx diff --git a/sys/dev/nvme/nvme_ctrlr.c b/sys/dev/nvme/nvme_ctrlr.c index 3a1894bf754d..f212759a5500 100644 --- a/sys/dev/nvme/nvme_ctrlr.c +++ b/sys/dev/nvme/nvme_ctrlr.c @@ -33,6 +33,7 @@ #include <sys/buf.h> #include <sys/bus.h> #include <sys/conf.h> +#include <sys/disk.h> #include <sys/ioccom.h> #include <sys/proc.h> #include <sys/smp.h> @@ -1254,6 +1255,24 @@ nvme_ctrlr_poll(struct nvme_controller *ctrlr) } /* + * Copy the NVME device's serial number to the provided buffer, which must be + * at least DISK_IDENT_SIZE bytes large. + */ +void +nvme_ctrlr_get_ident(const struct nvme_controller *ctrlr, uint8_t *sn) +{ + _Static_assert(NVME_SERIAL_NUMBER_LENGTH < DISK_IDENT_SIZE, + "NVME serial number too big for disk ident"); + + memmove(sn, ctrlr->cdata.sn, NVME_SERIAL_NUMBER_LENGTH); + sn[NVME_SERIAL_NUMBER_LENGTH] = '\0'; + for (int i = 0; sn[i] != '\0'; i++) { + if (sn[i] < 0x20 || sn[i] >= 0x80) + sn[i] = ' '; + } +} + +/* * Poll the single-vector interrupt case: num_io_queues will be 1 and * there's only a single vector. While we're polling, we mask further * interrupts in the controller. @@ -1495,6 +1514,11 @@ nvme_ctrlr_ioctl(struct cdev *cdev, u_long cmd, caddr_t arg, int flag, case NVME_GET_CONTROLLER_DATA: memcpy(arg, &ctrlr->cdata, sizeof(ctrlr->cdata)); break; + case DIOCGIDENT: { + uint8_t *sn = arg; + nvme_ctrlr_get_ident(ctrlr, sn); + break; + } /* Linux Compatible (see nvme_linux.h) */ case NVME_IOCTL_ID: td->td_retval[0] = 0xfffffffful; diff --git a/sys/dev/nvme/nvme_ns.c b/sys/dev/nvme/nvme_ns.c index e84d2066930e..a759181a8c16 100644 --- a/sys/dev/nvme/nvme_ns.c +++ b/sys/dev/nvme/nvme_ns.c @@ -88,6 +88,11 @@ nvme_ns_ioctl(struct cdev *cdev, u_long cmd, caddr_t arg, int flag, gnsid->nsid = ns->id; break; } + case DIOCGIDENT: { + uint8_t *sn = arg; + nvme_ctrlr_get_ident(ctrlr, sn); + break; + } case DIOCGMEDIASIZE: *(off_t *)arg = (off_t)nvme_ns_get_size(ns); break; diff --git a/sys/dev/nvme/nvme_private.h b/sys/dev/nvme/nvme_private.h index 52e9fcbbebcd..04a47d799350 100644 --- a/sys/dev/nvme/nvme_private.h +++ b/sys/dev/nvme/nvme_private.h @@ -563,6 +563,7 @@ void nvme_notify_new_controller(struct nvme_controller *ctrlr); void nvme_notify_ns(struct nvme_controller *ctrlr, int nsid); void nvme_ctrlr_shared_handler(void *arg); +void nvme_ctrlr_get_ident(const struct nvme_controller *ctrlr, uint8_t *sn); void nvme_ctrlr_poll(struct nvme_controller *ctrlr); int nvme_ctrlr_suspend(struct nvme_controller *ctrlr); diff --git a/sys/dev/random/fenestrasX/fx_pool.c b/sys/dev/random/fenestrasX/fx_pool.c index f4ad1e295d54..ec59b97a2070 100644 --- a/sys/dev/random/fenestrasX/fx_pool.c +++ b/sys/dev/random/fenestrasX/fx_pool.c @@ -167,9 +167,6 @@ static const struct fxrng_ent_char { [RANDOM_RANDOMDEV] = { .entc_cls = &fxrng_lo_push, }, - [RANDOM_PURE_OCTEON] = { - .entc_cls = &fxrng_hi_push, /* Could be made pull. */ - }, [RANDOM_PURE_SAFE] = { .entc_cls = &fxrng_hi_push, }, diff --git a/sys/dev/random/ivy.c b/sys/dev/random/ivy.c index fa1e4831f1b9..3eb0f261e6dc 100644 --- a/sys/dev/random/ivy.c +++ b/sys/dev/random/ivy.c @@ -1,6 +1,6 @@ /*- + * Copyright (c) 2013, 2025, David E. O'Brien <deo@NUXI.org> * Copyright (c) 2013 The FreeBSD Foundation - * Copyright (c) 2013 David E. O'Brien <obrien@NUXI.org> * Copyright (c) 2012 Konstantin Belousov <kib@FreeBSD.org> * All rights reserved. * @@ -48,7 +48,6 @@ #define RETRY_COUNT 10 -static bool has_rdrand, has_rdseed; static u_int random_ivy_read(void *, u_int); static const struct random_source random_ivy = { @@ -57,13 +56,7 @@ static const struct random_source random_ivy = { .rs_read = random_ivy_read }; -SYSCTL_NODE(_kern_random, OID_AUTO, rdrand, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, - "rdrand (ivy) entropy source"); static bool acquire_independent_seed_samples = false; -SYSCTL_BOOL(_kern_random_rdrand, OID_AUTO, rdrand_independent_seed, - CTLFLAG_RWTUN, &acquire_independent_seed_samples, 0, - "If non-zero, use more expensive and slow, but safer, seeded samples " - "where RDSEED is not present."); static bool x86_rdrand_store(u_long *buf) @@ -99,45 +92,6 @@ x86_rdrand_store(u_long *buf) return (true); } -static bool -x86_rdseed_store(u_long *buf) -{ - u_long rndval; - int retry; - - retry = RETRY_COUNT; - __asm __volatile( - "1:\n\t" - "rdseed %1\n\t" /* read randomness into rndval */ - "jc 2f\n\t" /* CF is set on success, exit retry loop */ - "dec %0\n\t" /* otherwise, retry-- */ - "jne 1b\n\t" /* and loop if retries are not exhausted */ - "2:" - : "+r" (retry), "=r" (rndval) : : "cc"); - *buf = rndval; - return (retry != 0); -} - -static bool -x86_unimpl_store(u_long *buf __unused) -{ - - panic("%s called", __func__); -} - -DEFINE_IFUNC(static, bool, x86_rng_store, (u_long *buf)) -{ - has_rdrand = (cpu_feature2 & CPUID2_RDRAND); - has_rdseed = (cpu_stdext_feature & CPUID_STDEXT_RDSEED); - - if (has_rdseed) - return (x86_rdseed_store); - else if (has_rdrand) - return (x86_rdrand_store); - else - return (x86_unimpl_store); -} - /* It is required that buf length is a multiple of sizeof(u_long). */ static u_int random_ivy_read(void *buf, u_int c) @@ -148,7 +102,7 @@ random_ivy_read(void *buf, u_int c) KASSERT(c % sizeof(*b) == 0, ("partial read %d", c)); b = buf; for (count = c; count > 0; count -= sizeof(*b)) { - if (!x86_rng_store(&rndval)) + if (!x86_rdrand_store(&rndval)) break; *b++ = rndval; } @@ -158,18 +112,33 @@ random_ivy_read(void *buf, u_int c) static int rdrand_modevent(module_t mod, int type, void *unused) { + struct sysctl_ctx_list ctx; + struct sysctl_oid *o; + bool has_rdrand, has_rdseed; int error = 0; + has_rdrand = (cpu_feature2 & CPUID2_RDRAND); + has_rdseed = (cpu_stdext_feature & CPUID_STDEXT_RDSEED); + switch (type) { case MOD_LOAD: - if (has_rdrand || has_rdseed) { + if (has_rdrand && !has_rdseed) { + sysctl_ctx_init(&ctx); + o = SYSCTL_ADD_NODE(&ctx, SYSCTL_STATIC_CHILDREN(_kern_random), + OID_AUTO, "rdrand", CTLFLAG_RW | CTLFLAG_MPSAFE, 0, + "rdrand (ivy) entropy source"); + SYSCTL_ADD_BOOL(&ctx, SYSCTL_CHILDREN(o), OID_AUTO, + "rdrand_independent_seed", CTLFLAG_RDTUN, + &acquire_independent_seed_samples, 0, + "If non-zero, use more expensive and slow, but safer, seeded samples " + "where RDSEED is not present."); random_source_register(&random_ivy); printf("random: fast provider: \"%s\"\n", random_ivy.rs_ident); } break; case MOD_UNLOAD: - if (has_rdrand || has_rdseed) + if (has_rdrand && !has_rdseed) random_source_deregister(&random_ivy); break; diff --git a/sys/dev/random/random_harvestq.c b/sys/dev/random/random_harvestq.c index 2d7af254c52c..e38fd38c310b 100644 --- a/sys/dev/random/random_harvestq.c +++ b/sys/dev/random/random_harvestq.c @@ -661,11 +661,11 @@ static const char *random_source_descr[ENTROPYSOURCE] = { [RANDOM_UMA] = "UMA", [RANDOM_CALLOUT] = "CALLOUT", [RANDOM_RANDOMDEV] = "RANDOMDEV", /* ENVIRONMENTAL_END */ - [RANDOM_PURE_OCTEON] = "PURE_OCTEON", /* PURE_START */ - [RANDOM_PURE_SAFE] = "PURE_SAFE", + [RANDOM_PURE_SAFE] = "PURE_SAFE", /* PURE_START */ [RANDOM_PURE_GLXSB] = "PURE_GLXSB", [RANDOM_PURE_HIFN] = "PURE_HIFN", [RANDOM_PURE_RDRAND] = "PURE_RDRAND", + [RANDOM_PURE_RDSEED] = "PURE_RDSEED", [RANDOM_PURE_NEHEMIAH] = "PURE_NEHEMIAH", [RANDOM_PURE_RNDTEST] = "PURE_RNDTEST", [RANDOM_PURE_VIRTIO] = "PURE_VIRTIO", diff --git a/sys/dev/random/rdseed.c b/sys/dev/random/rdseed.c new file mode 100644 index 000000000000..af084aab4ed9 --- /dev/null +++ b/sys/dev/random/rdseed.c @@ -0,0 +1,169 @@ +/*- + * Copyright (c) 2013, 2025, David E. O'Brien <deo@NUXI.org> + * Copyright (c) 2013 The FreeBSD Foundation + * Copyright (c) 2012 Konstantin Belousov <kib@FreeBSD.org> + * All rights reserved. + * + * Portions of this software were developed by Konstantin Belousov + * under sponsorship from the FreeBSD Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include <sys/param.h> +#include <sys/kernel.h> +#include <sys/conf.h> +#include <sys/lock.h> +#include <sys/malloc.h> +#include <sys/module.h> +#include <sys/random.h> +#include <sys/sysctl.h> +#include <sys/systm.h> + +#include <machine/md_var.h> +#include <machine/specialreg.h> +#include <x86/ifunc.h> + +#include <dev/random/randomdev.h> + +#define RETRY_COUNT 10 + +static u_int random_rdseed_read(void *, u_int); + +static struct random_source random_rdseed = { + .rs_ident = "Intel Secure Key Seed", + .rs_source = RANDOM_PURE_RDSEED, + .rs_read = random_rdseed_read +}; + +SYSCTL_NODE(_kern_random, OID_AUTO, rdseed, CTLFLAG_RW, 0, + "rdseed (x86) entropy source"); +/* XXX: kern.random.rdseed.enabled=0 also disables RDRAND */ +static bool enabled = true; +SYSCTL_BOOL(_kern_random_rdseed, OID_AUTO, enabled, CTLFLAG_RDTUN, &enabled, 0, + "If zero, disable the use of RDSEED."); + +static bool +x86_rdseed_store(u_long *buf) +{ + u_long rndval; + int retry; + + retry = RETRY_COUNT; + __asm __volatile( + "1:\n\t" + "rdseed %1\n\t" /* read randomness into rndval */ + "jc 2f\n\t" /* CF is set on success, exit retry loop */ + "dec %0\n\t" /* otherwise, retry-- */ + "jne 1b\n\t" /* and loop if retries are not exhausted */ + "2:" + : "+r" (retry), "=r" (rndval) : : "cc"); + *buf = rndval; + return (retry != 0); +} + +/* It is required that buf length is a multiple of sizeof(u_long). */ +static u_int +random_rdseed_read(void *buf, u_int c) +{ + u_long *b, rndval; + u_int count; + + KASSERT(c % sizeof(*b) == 0, ("partial read %d", c)); + b = buf; + for (count = c; count > 0; count -= sizeof(*b)) { + if (!x86_rdseed_store(&rndval)) + break; + *b++ = rndval; + } + return (c - count); +} + +static int +rdseed_modevent(module_t mod, int type, void *unused) +{ + bool has_rdseed; + int error = 0; + + has_rdseed = (cpu_stdext_feature & CPUID_STDEXT_RDSEED); + + switch (type) { + case MOD_LOAD: + if (has_rdseed && enabled) { + random_source_register(&random_rdseed); + printf("random: fast provider: \"%s\"\n", random_rdseed.rs_ident); + } + break; + + case MOD_UNLOAD: + if (has_rdseed) + random_source_deregister(&random_rdseed); + break; + + case MOD_SHUTDOWN: + break; + + default: + error = EOPNOTSUPP; + break; + + } + + return (error); +} + +static moduledata_t rdseed_mod = { + "rdseed", + rdseed_modevent, + 0 +}; + +DECLARE_MODULE(rdseed, rdseed_mod, SI_SUB_RANDOM, SI_ORDER_FOURTH); +MODULE_VERSION(rdseed, 1); +MODULE_DEPEND(rdseed, random_harvestq, 1, 1, 1); + +/* + * Intel's RDSEED Entropy Assessment Report min-entropy claim is 0.6 Shannons + * per bit of data output. Rrefer to the following Entropy Source Validation + * (ESV) certificates: + * + * E#87: Junos OS Physical Entropy Source - Broadwell EP 10-Core Die + * Broadwell-EP-10 FCLGA2011 Intel(R) Xeon(R) E5-2620 V4 Processor + * https://csrc.nist.gov/projects/cryptographic-module-validation-program/entropy-validations/certificate/87 + * (URLs below omitted for brevity but follow same format.) + * + * E#121: Junos OS Physical Entropy Source - Intel Atom C3000 Series + * (Denverton) 16 Core Die with FCBGA1310 Package + * + * E#122: Junos OS Physical Entropy Source - Intel Xeon D-1500 Family + * (Broadwell) 8 Core Die with FCBGA1667 Package + * + * E#123: Junos OS Physical Entropy Source - Intel Xeon D-2100 Series + * (Skylake) 18 Core Die with FCBGA2518 Package + * + * E#141: Junos OS Physical Entropy Source - Intel Xeon D-10 Series + * (Ice Lake-D-10) Die with FCBGA2227 Package + * + * E#169: Junos OS Physical Entropy Source - Intel Xeon AWS-1000 v4 and + * E5 v4 (Broadwell EP) 15 Core Die with FCLGA2011 Package + */ diff --git a/sys/dev/sound/dummy.c b/sys/dev/sound/dummy.c index 4df5b112d3f4..1f2d69708eec 100644 --- a/sys/dev/sound/dummy.c +++ b/sys/dev/sound/dummy.c @@ -346,6 +346,12 @@ dummy_attach(device_t dev) return (ENXIO); mixer_init(dev, &dummy_mixer_class, sc); + /* + * Create an alias so that tests do not need to guess which one is the + * dummy device if there are more devices present in the system. + */ + make_dev_alias(sc->info.dsp_dev, "dsp.dummy"); + return (0); } diff --git a/sys/dev/sound/pcm/dsp.c b/sys/dev/sound/pcm/dsp.c index fe5576baf017..27d5b740b90b 100644 --- a/sys/dev/sound/pcm/dsp.c +++ b/sys/dev/sound/pcm/dsp.c @@ -83,15 +83,15 @@ static d_mmap_t dsp_mmap; static d_mmap_single_t dsp_mmap_single; struct cdevsw dsp_cdevsw = { - .d_version = D_VERSION, - .d_open = dsp_open, - .d_read = dsp_read, - .d_write = dsp_write, - .d_ioctl = dsp_ioctl, - .d_poll = dsp_poll, - .d_mmap = dsp_mmap, - .d_mmap_single = dsp_mmap_single, - .d_name = "dsp", + .d_version = D_VERSION, + .d_open = dsp_open, + .d_read = dsp_read, + .d_write = dsp_write, + .d_ioctl = dsp_ioctl, + .d_poll = dsp_poll, + .d_mmap = dsp_mmap, + .d_mmap_single = dsp_mmap_single, + .d_name = "dsp", }; static eventhandler_tag dsp_ehtag = NULL; diff --git a/sys/fs/nfs/nfs_commonsubs.c b/sys/fs/nfs/nfs_commonsubs.c index ec95716ea485..8d506a5643a9 100644 --- a/sys/fs/nfs/nfs_commonsubs.c +++ b/sys/fs/nfs/nfs_commonsubs.c @@ -641,6 +641,7 @@ nfscl_fillsattr(struct nfsrv_descript *nd, struct vattr *vap, if ((flags & NFSSATTR_FULL) && vap->va_size != VNOVAL) NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_SIZE); if ((flags & NFSSATTR_FULL) && vap->va_flags != VNOVAL) { + NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_ARCHIVE); NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_HIDDEN); NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_SYSTEM); } @@ -1672,9 +1673,17 @@ nfsv4_loadattr(struct nfsrv_descript *nd, vnode_t vp, attrsum += NFSX_UNSIGNED; break; case NFSATTRBIT_ARCHIVE: - NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED); - if (compare && !(*retcmpp)) - *retcmpp = NFSERR_ATTRNOTSUPP; + NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED); + if (compare) { + if (!(*retcmpp) && ((*tl == newnfs_true && + (nap->na_flags & UF_ARCHIVE) == 0) || + (*tl == newnfs_false && + (nap->na_flags & UF_ARCHIVE) != 0))) + *retcmpp = NFSERR_NOTSAME; + } else if (nap != NULL) { + if (*tl == newnfs_true) + nap->na_flags |= UF_ARCHIVE; + } attrsum += NFSX_UNSIGNED; break; case NFSATTRBIT_CANSETTIME: @@ -2804,6 +2813,7 @@ nfsv4_fillattr(struct nfsrv_descript *nd, struct mount *mp, vnode_t vp, if (!has_hiddensystem) { NFSCLRBIT_ATTRBIT(&attrbits, NFSATTRBIT_HIDDEN); NFSCLRBIT_ATTRBIT(&attrbits, NFSATTRBIT_SYSTEM); + NFSCLRBIT_ATTRBIT(&attrbits, NFSATTRBIT_ARCHIVE); } if (clone_blksize == 0) NFSCLRBIT_ATTRBIT(&attrbits, @@ -2888,6 +2898,14 @@ nfsv4_fillattr(struct nfsrv_descript *nd, struct mount *mp, vnode_t vp, *tl = txdr_unsigned(NFSV4ACE_SUPTYPES); retnum += NFSX_UNSIGNED; break; + case NFSATTRBIT_ARCHIVE: + NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED); + if ((vap->va_flags & UF_ARCHIVE) != 0) + *tl = newnfs_true; + else + *tl = newnfs_false; + retnum += NFSX_UNSIGNED; + break; case NFSATTRBIT_CANSETTIME: NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED); if (fsinf.fs_properties & NFSV3FSINFO_CANSETTIME) diff --git a/sys/fs/nfs/nfsproto.h b/sys/fs/nfs/nfsproto.h index d628108bdc1a..13fec8a102a3 100644 --- a/sys/fs/nfs/nfsproto.h +++ b/sys/fs/nfs/nfsproto.h @@ -1135,6 +1135,7 @@ struct nfsv3_sattr { NFSATTRBM_RDATTRERROR | \ NFSATTRBM_ACL | \ NFSATTRBM_ACLSUPPORT | \ + NFSATTRBM_ARCHIVE | \ NFSATTRBM_CANSETTIME | \ NFSATTRBM_CASEINSENSITIVE | \ NFSATTRBM_CASEPRESERVING | \ @@ -1217,6 +1218,7 @@ struct nfsv3_sattr { #define NFSATTRBIT_SETABLE0 \ (NFSATTRBM_SIZE | \ NFSATTRBM_HIDDEN | \ + NFSATTRBM_ARCHIVE | \ NFSATTRBM_ACL) #define NFSATTRBIT_SETABLE1 \ (NFSATTRBM_MODE | \ @@ -1262,6 +1264,7 @@ struct nfsv3_sattr { NFSATTRBM_CHANGE | \ NFSATTRBM_SIZE | \ NFSATTRBM_FSID | \ + NFSATTRBM_ARCHIVE | \ NFSATTRBM_FILEID | \ NFSATTRBM_HIDDEN | \ NFSATTRBM_MAXREAD) @@ -1298,6 +1301,7 @@ struct nfsv3_sattr { NFSATTRBM_CHANGE | \ NFSATTRBM_SIZE | \ NFSATTRBM_FSID | \ + NFSATTRBM_ARCHIVE | \ NFSATTRBM_FILEID | \ NFSATTRBM_HIDDEN | \ NFSATTRBM_MAXREAD) diff --git a/sys/fs/nfsclient/nfs_clrpcops.c b/sys/fs/nfsclient/nfs_clrpcops.c index ad9404a18fc8..d3b83eb8b94b 100644 --- a/sys/fs/nfsclient/nfs_clrpcops.c +++ b/sys/fs/nfsclient/nfs_clrpcops.c @@ -4162,9 +4162,12 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep, NFSATTRBIT_TIMECREATE)) NFSCLRBIT_ATTRBIT(&attrbits, NFSATTRBIT_TIMECREATE); if (!NFSISSET_ATTRBIT(&dnp->n_vattr.na_suppattr, + NFSATTRBIT_ARCHIVE) || + !NFSISSET_ATTRBIT(&dnp->n_vattr.na_suppattr, NFSATTRBIT_HIDDEN) || !NFSISSET_ATTRBIT(&dnp->n_vattr.na_suppattr, NFSATTRBIT_SYSTEM)) { + NFSCLRBIT_ATTRBIT(&attrbits, NFSATTRBIT_ARCHIVE); NFSCLRBIT_ATTRBIT(&attrbits, NFSATTRBIT_HIDDEN); NFSCLRBIT_ATTRBIT(&attrbits, NFSATTRBIT_SYSTEM); } diff --git a/sys/fs/nfsclient/nfs_clvnops.c b/sys/fs/nfsclient/nfs_clvnops.c index e9ae91e046e7..f80cf30669ca 100644 --- a/sys/fs/nfsclient/nfs_clvnops.c +++ b/sys/fs/nfsclient/nfs_clvnops.c @@ -1081,12 +1081,14 @@ nfs_setattr(struct vop_setattr_args *ap) #endif /* - * Only setting of UF_HIDDEN and UF_SYSTEM are supported and + * Only setting of UF_ARCHIVE, UF_HIDDEN and UF_SYSTEM are supported and * only for NFSv4 servers that support them. */ nmp = VFSTONFS(vp->v_mount); if (vap->va_flags != VNOVAL && (!NFSHASNFSV4(nmp) || - (vap->va_flags & ~(UF_HIDDEN | UF_SYSTEM)) != 0 || + (vap->va_flags & ~(UF_ARCHIVE | UF_HIDDEN | UF_SYSTEM)) != 0 || + ((vap->va_flags & UF_ARCHIVE) != 0 && + !NFSISSET_ATTRBIT(&np->n_vattr.na_suppattr, NFSATTRBIT_ARCHIVE)) || ((vap->va_flags & UF_HIDDEN) != 0 && !NFSISSET_ATTRBIT(&np->n_vattr.na_suppattr, NFSATTRBIT_HIDDEN)) || ((vap->va_flags & UF_SYSTEM) != 0 && @@ -4835,6 +4837,8 @@ nfs_pathconf(struct vop_pathconf_args *ap) break; case _PC_HAS_HIDDENSYSTEM: if (NFS_ISV4(vp) && NFSISSET_ATTRBIT(&np->n_vattr.na_suppattr, + NFSATTRBIT_ARCHIVE) && + NFSISSET_ATTRBIT(&np->n_vattr.na_suppattr, NFSATTRBIT_HIDDEN) && NFSISSET_ATTRBIT(&np->n_vattr.na_suppattr, NFSATTRBIT_SYSTEM)) diff --git a/sys/fs/nfsserver/nfs_nfsdport.c b/sys/fs/nfsserver/nfs_nfsdport.c index eb6ba285f8fe..9fe3f4426124 100644 --- a/sys/fs/nfsserver/nfs_nfsdport.c +++ b/sys/fs/nfsserver/nfs_nfsdport.c @@ -3193,7 +3193,8 @@ nfsv4_sattr(struct nfsrv_descript *nd, vnode_t vp, struct nfsvattr *nvap, bitpos = NFSATTRBIT_MAX; } else { bitpos = 0; - if (NFSISSET_ATTRBIT(attrbitp, NFSATTRBIT_HIDDEN) || + if (NFSISSET_ATTRBIT(attrbitp, NFSATTRBIT_ARCHIVE) || + NFSISSET_ATTRBIT(attrbitp, NFSATTRBIT_HIDDEN) || NFSISSET_ATTRBIT(attrbitp, NFSATTRBIT_SYSTEM)) nvap->na_flags = 0; } @@ -3226,9 +3227,11 @@ nfsv4_sattr(struct nfsrv_descript *nd, vnode_t vp, struct nfsvattr *nvap, attrsum += aclsize; break; case NFSATTRBIT_ARCHIVE: - NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED); - if (!nd->nd_repstat) - nd->nd_repstat = NFSERR_ATTRNOTSUPP; + NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED); + if (nd->nd_repstat == 0) { + if (*tl == newnfs_true) + nvap->na_flags |= UF_ARCHIVE; + } attrsum += NFSX_UNSIGNED; break; case NFSATTRBIT_HIDDEN: diff --git a/sys/fs/nfsserver/nfs_nfsdserv.c b/sys/fs/nfsserver/nfs_nfsdserv.c index 921ea4887af1..6f3447f26620 100644 --- a/sys/fs/nfsserver/nfs_nfsdserv.c +++ b/sys/fs/nfsserver/nfs_nfsdserv.c @@ -436,6 +436,7 @@ nfsrvd_setattr(struct nfsrv_descript *nd, __unused int isdgram, /* For NFSv4, only va_uid and va_flags is used from nva2. */ NFSSETBIT_ATTRBIT(&retbits, NFSATTRBIT_OWNER); + NFSSETBIT_ATTRBIT(&retbits, NFSATTRBIT_ARCHIVE); NFSSETBIT_ATTRBIT(&retbits, NFSATTRBIT_HIDDEN); NFSSETBIT_ATTRBIT(&retbits, NFSATTRBIT_SYSTEM); preat_ret = nfsvno_getattr(vp, &nva2, nd, p, 1, &retbits); @@ -569,8 +570,15 @@ nfsrvd_setattr(struct nfsrv_descript *nd, __unused int isdgram, } } if (!nd->nd_repstat && - (NFSISSET_ATTRBIT(&attrbits, NFSATTRBIT_HIDDEN) || + (NFSISSET_ATTRBIT(&attrbits, NFSATTRBIT_ARCHIVE) || + NFSISSET_ATTRBIT(&attrbits, NFSATTRBIT_HIDDEN) || NFSISSET_ATTRBIT(&attrbits, NFSATTRBIT_SYSTEM))) { + if (NFSISSET_ATTRBIT(&attrbits, NFSATTRBIT_ARCHIVE)) { + if ((nva.na_flags & UF_ARCHIVE) != 0) + oldflags |= UF_ARCHIVE; + else + oldflags &= ~UF_ARCHIVE; + } if (NFSISSET_ATTRBIT(&attrbits, NFSATTRBIT_HIDDEN)) { if ((nva.na_flags & UF_HIDDEN) != 0) oldflags |= UF_HIDDEN; @@ -588,6 +596,8 @@ nfsrvd_setattr(struct nfsrv_descript *nd, __unused int isdgram, nd->nd_repstat = nfsvno_setattr(vp, &nva2, nd->nd_cred, p, exp); if (!nd->nd_repstat) { + if (NFSISSET_ATTRBIT(&attrbits, NFSATTRBIT_ARCHIVE)) + NFSSETBIT_ATTRBIT(&retbits, NFSATTRBIT_ARCHIVE); if (NFSISSET_ATTRBIT(&attrbits, NFSATTRBIT_HIDDEN)) NFSSETBIT_ATTRBIT(&retbits, NFSATTRBIT_HIDDEN); if (NFSISSET_ATTRBIT(&attrbits, NFSATTRBIT_SYSTEM)) diff --git a/sys/kern/subr_kdb.c b/sys/kern/subr_kdb.c index 56264a96c9fa..909dd10a6e69 100644 --- a/sys/kern/subr_kdb.c +++ b/sys/kern/subr_kdb.c @@ -330,7 +330,7 @@ kdb_reboot(void) #define KEY_CRTLP 16 /* ^P */ #define KEY_CRTLR 18 /* ^R */ -/* States of th KDB "alternate break sequence" detecting state machine. */ +/* States of the KDB "alternate break sequence" detecting state machine. */ enum { KDB_ALT_BREAK_SEEN_NONE, KDB_ALT_BREAK_SEEN_CR, diff --git a/sys/kern/vfs_cluster.c b/sys/kern/vfs_cluster.c index 2e397b8e9e8f..b674313993c4 100644 --- a/sys/kern/vfs_cluster.c +++ b/sys/kern/vfs_cluster.c @@ -260,8 +260,10 @@ cluster_read(struct vnode *vp, u_quad_t filesize, daddr_t lblkno, long size, */ while (lblkno < (origblkno + maxra)) { error = VOP_BMAP(vp, lblkno, NULL, &blkno, &ncontig, NULL); - if (error) + if (error) { + error = 0; break; + } if (blkno == -1) break; diff --git a/sys/modules/Makefile b/sys/modules/Makefile index 3086be864307..9bc743c0c6d1 100644 --- a/sys/modules/Makefile +++ b/sys/modules/Makefile @@ -347,6 +347,7 @@ SUBDIR= \ rc4 \ ${_rdma} \ ${_rdrand_rng} \ + ${_rdseed_rng} \ re \ rl \ ${_rockchip} \ @@ -820,6 +821,7 @@ _nvram= nvram _padlock= padlock _padlock_rng= padlock_rng _rdrand_rng= rdrand_rng +_rdseed_rng= rdseed_rng .endif _pchtherm = pchtherm _s3= s3 diff --git a/sys/modules/allwinner/aw_sid/Makefile b/sys/modules/allwinner/aw_sid/Makefile index 7d3dad68acb9..2679aa83d09d 100644 --- a/sys/modules/allwinner/aw_sid/Makefile +++ b/sys/modules/allwinner/aw_sid/Makefile @@ -7,6 +7,7 @@ SRCS+= \ bus_if.h \ clknode_if.h \ device_if.h \ - ofw_bus_if.h \ + nvmem_if.h \ + ofw_bus_if.h .include <bsd.kmod.mk> diff --git a/sys/modules/allwinner/aw_thermal/Makefile b/sys/modules/allwinner/aw_thermal/Makefile index 911e6406d947..924b09a3b3c8 100644 --- a/sys/modules/allwinner/aw_thermal/Makefile +++ b/sys/modules/allwinner/aw_thermal/Makefile @@ -7,6 +7,7 @@ SRCS+= \ bus_if.h \ clknode_if.h \ device_if.h \ - ofw_bus_if.h \ + nvmem_if.h \ + ofw_bus_if.h .include <bsd.kmod.mk> diff --git a/sys/modules/rdrand_rng/Makefile b/sys/modules/rdrand_rng/Makefile index 7fa7a8bb8fb9..496fc863033f 100644 --- a/sys/modules/rdrand_rng/Makefile +++ b/sys/modules/rdrand_rng/Makefile @@ -6,9 +6,4 @@ SRCS+= bus_if.h device_if.h CFLAGS+= -I${SRCTOP}/sys -# ld.bfd doesn't support ifuncs invoked non-PIC -.if ${MACHINE_CPUARCH} == "i386" -CFLAGS.gcc= -fPIC -.endif - .include <bsd.kmod.mk> diff --git a/sys/modules/rdseed_rng/Makefile b/sys/modules/rdseed_rng/Makefile new file mode 100644 index 000000000000..6593505546dd --- /dev/null +++ b/sys/modules/rdseed_rng/Makefile @@ -0,0 +1,9 @@ +.PATH: ${SRCTOP}/sys/dev/random + +KMOD= rdseed_rng +SRCS= rdseed.c +SRCS+= bus_if.h device_if.h + +CFLAGS+= -I${SRCTOP}/sys + +.include <bsd.kmod.mk> diff --git a/sys/net/if_vxlan.c b/sys/net/if_vxlan.c index 03184c1fb678..f3a8410a2258 100644 --- a/sys/net/if_vxlan.c +++ b/sys/net/if_vxlan.c @@ -2533,7 +2533,7 @@ vxlan_encap4(struct vxlan_softc *sc, const union vxlan_sockaddr *fvxlsa, ifp = sc->vxl_ifp; srcaddr = sc->vxl_src_addr.in4.sin_addr; - srcport = vxlan_pick_source_port(sc, m); + srcport = htons(vxlan_pick_source_port(sc, m)); dstaddr = fvxlsa->in4.sin_addr; dstport = fvxlsa->in4.sin_port; @@ -2644,7 +2644,7 @@ vxlan_encap6(struct vxlan_softc *sc, const union vxlan_sockaddr *fvxlsa, ifp = sc->vxl_ifp; srcaddr = &sc->vxl_src_addr.in6.sin6_addr; - srcport = vxlan_pick_source_port(sc, m); + srcport = htons(vxlan_pick_source_port(sc, m)); dstaddr = &fvxlsa->in6.sin6_addr; dstport = fvxlsa->in6.sin6_port; diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index dbe48242381d..712ff28768dc 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -2665,10 +2665,13 @@ in_pcbinshash(struct inpcb *inp) INP_PCBPORTHASH(inp->inp_lport, pcbinfo->ipi_porthashmask)]; /* - * Add entry to load balance group. - * Only do this if SO_REUSEPORT_LB is set. + * Ignore SO_REUSEPORT_LB if the socket is connected. Really this case + * should be an error, but for UDP sockets it is not, and some + * applications erroneously set it on connected UDP sockets, so we can't + * change this without breaking compatibility. */ - if ((inp->inp_socket->so_options & SO_REUSEPORT_LB) != 0) { + if (!connected && + (inp->inp_socket->so_options & SO_REUSEPORT_LB) != 0) { int error = in_pcbinslbgrouphash(inp, M_NODOM); if (error != 0) return (error); @@ -2770,6 +2773,10 @@ in_pcbrehash(struct inpcb *inp) connected = !in_nullhost(inp->inp_faddr); } + /* See the comment in in_pcbinshash(). */ + if (connected && (inp->inp_flags & INP_INLBGROUP) != 0) + in_pcbremlbgrouphash(inp); + /* * When rehashing, the caller must ensure that either the new or the old * foreign address was unspecified. diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index be20fb44a820..3cb538f7054d 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -1168,7 +1168,7 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, /* * If listening socket requested TCP digests, check that * received ACK has signature and it is correct. - * If not, drop the ACK and leave sc entry in th cache, + * If not, drop the ACK and leave sc entry in the cache, * because SYN was received with correct signature. */ if (sc->sc_flags & SCF_SIGNATURE) { diff --git a/sys/sys/random.h b/sys/sys/random.h index 2a68f0c99b6d..af6b1e117423 100644 --- a/sys/sys/random.h +++ b/sys/sys/random.h @@ -89,11 +89,11 @@ enum random_entropy_source { RANDOM_ENVIRONMENTAL_END = RANDOM_RANDOMDEV, /* Fast hardware random-number sources from here on. */ RANDOM_PURE_START, - RANDOM_PURE_OCTEON = RANDOM_PURE_START, - RANDOM_PURE_SAFE, + RANDOM_PURE_SAFE = RANDOM_PURE_START, RANDOM_PURE_GLXSB, RANDOM_PURE_HIFN, RANDOM_PURE_RDRAND, + RANDOM_PURE_RDSEED, RANDOM_PURE_NEHEMIAH, RANDOM_PURE_RNDTEST, RANDOM_PURE_VIRTIO, diff --git a/tests/sys/netinet/so_reuseport_lb_test.c b/tests/sys/netinet/so_reuseport_lb_test.c index 0479bd070ca6..393a626af5a4 100644 --- a/tests/sys/netinet/so_reuseport_lb_test.c +++ b/tests/sys/netinet/so_reuseport_lb_test.c @@ -29,6 +29,8 @@ #include <sys/param.h> #include <sys/event.h> +#include <sys/filio.h> +#include <sys/ioccom.h> #include <sys/socket.h> #include <netinet/in.h> @@ -556,6 +558,150 @@ ATF_TC_BODY(connect_bound, tc) close(s); } +/* + * The kernel erroneously permits calling connect() on a UDP socket with + * SO_REUSEPORT_LB set. Verify that packets sent to the bound address are + * dropped unless they come from the connected address. + */ +ATF_TC_WITHOUT_HEAD(connect_udp); +ATF_TC_BODY(connect_udp, tc) +{ + struct sockaddr_in sin = { + .sin_family = AF_INET, + .sin_len = sizeof(sin), + .sin_addr = { htonl(INADDR_LOOPBACK) }, + }; + ssize_t n; + int error, len, s1, s2, s3; + char ch; + + s1 = socket(PF_INET, SOCK_DGRAM, 0); + ATF_REQUIRE(s1 >= 0); + s2 = socket(PF_INET, SOCK_DGRAM, 0); + ATF_REQUIRE(s2 >= 0); + s3 = socket(PF_INET, SOCK_DGRAM, 0); + ATF_REQUIRE(s3 >= 0); + + error = setsockopt(s1, SOL_SOCKET, SO_REUSEPORT_LB, (int[]){1}, + sizeof(int)); + ATF_REQUIRE_MSG(error == 0, + "setsockopt(SO_REUSEPORT_LB) failed: %s", strerror(errno)); + error = bind(s1, (struct sockaddr *)&sin, sizeof(sin)); + ATF_REQUIRE_MSG(error == 0, "bind() failed: %s", strerror(errno)); + + error = bind(s2, (struct sockaddr *)&sin, sizeof(sin)); + ATF_REQUIRE_MSG(error == 0, "bind() failed: %s", strerror(errno)); + + error = bind(s3, (struct sockaddr *)&sin, sizeof(sin)); + ATF_REQUIRE_MSG(error == 0, "bind() failed: %s", strerror(errno)); + + /* Connect to an address not owned by s2. */ + error = getsockname(s3, (struct sockaddr *)&sin, + (socklen_t[]){sizeof(sin)}); + ATF_REQUIRE(error == 0); + error = connect(s1, (struct sockaddr *)&sin, sizeof(sin)); + ATF_REQUIRE_MSG(error == 0, "connect() failed: %s", strerror(errno)); + + /* Try to send a packet to s1 from s2. */ + error = getsockname(s1, (struct sockaddr *)&sin, + (socklen_t[]){sizeof(sin)}); + ATF_REQUIRE(error == 0); + + ch = 42; + n = sendto(s2, &ch, sizeof(ch), 0, (struct sockaddr *)&sin, + sizeof(sin)); + ATF_REQUIRE(n == 1); + + /* Give the packet some time to arrive. */ + usleep(100000); + + /* s1 is connected to s3 and shouldn't receive from s2. */ + error = ioctl(s1, FIONREAD, &len); + ATF_REQUIRE(error == 0); + ATF_REQUIRE_MSG(len == 0, "unexpected data available"); + + /* ... but s3 can of course send to s1. */ + n = sendto(s3, &ch, sizeof(ch), 0, (struct sockaddr *)&sin, + sizeof(sin)); + ATF_REQUIRE(n == 1); + usleep(100000); + error = ioctl(s1, FIONREAD, &len); + ATF_REQUIRE(error == 0); + ATF_REQUIRE_MSG(len == 1, "expected data available"); +} + +/* + * The kernel erroneously permits calling connect() on a UDP socket with + * SO_REUSEPORT_LB set. Verify that packets sent to the bound address are + * dropped unless they come from the connected address. + */ +ATF_TC_WITHOUT_HEAD(connect_udp6); +ATF_TC_BODY(connect_udp6, tc) +{ + struct sockaddr_in6 sin6 = { + .sin6_family = AF_INET6, + .sin6_len = sizeof(sin6), + .sin6_addr = IN6ADDR_LOOPBACK_INIT, + }; + ssize_t n; + int error, len, s1, s2, s3; + char ch; + + s1 = socket(PF_INET6, SOCK_DGRAM, 0); + ATF_REQUIRE(s1 >= 0); + s2 = socket(PF_INET6, SOCK_DGRAM, 0); + ATF_REQUIRE(s2 >= 0); + s3 = socket(PF_INET6, SOCK_DGRAM, 0); + ATF_REQUIRE(s3 >= 0); + + error = setsockopt(s1, SOL_SOCKET, SO_REUSEPORT_LB, (int[]){1}, + sizeof(int)); + ATF_REQUIRE_MSG(error == 0, + "setsockopt(SO_REUSEPORT_LB) failed: %s", strerror(errno)); + error = bind(s1, (struct sockaddr *)&sin6, sizeof(sin6)); + ATF_REQUIRE_MSG(error == 0, "bind() failed: %s", strerror(errno)); + + error = bind(s2, (struct sockaddr *)&sin6, sizeof(sin6)); + ATF_REQUIRE_MSG(error == 0, "bind() failed: %s", strerror(errno)); + + error = bind(s3, (struct sockaddr *)&sin6, sizeof(sin6)); + ATF_REQUIRE_MSG(error == 0, "bind() failed: %s", strerror(errno)); + + /* Connect to an address not owned by s2. */ + error = getsockname(s3, (struct sockaddr *)&sin6, + (socklen_t[]){sizeof(sin6)}); + ATF_REQUIRE(error == 0); + error = connect(s1, (struct sockaddr *)&sin6, sizeof(sin6)); + ATF_REQUIRE_MSG(error == 0, "connect() failed: %s", strerror(errno)); + + /* Try to send a packet to s1 from s2. */ + error = getsockname(s1, (struct sockaddr *)&sin6, + (socklen_t[]){sizeof(sin6)}); + ATF_REQUIRE(error == 0); + + ch = 42; + n = sendto(s2, &ch, sizeof(ch), 0, (struct sockaddr *)&sin6, + sizeof(sin6)); + ATF_REQUIRE(n == 1); + + /* Give the packet some time to arrive. */ + usleep(100000); + + /* s1 is connected to s3 and shouldn't receive from s2. */ + error = ioctl(s1, FIONREAD, &len); + ATF_REQUIRE(error == 0); + ATF_REQUIRE_MSG(len == 0, "unexpected data available"); + + /* ... but s3 can of course send to s1. */ + n = sendto(s3, &ch, sizeof(ch), 0, (struct sockaddr *)&sin6, + sizeof(sin6)); + ATF_REQUIRE(n == 1); + usleep(100000); + error = ioctl(s1, FIONREAD, &len); + ATF_REQUIRE(error == 0); + ATF_REQUIRE_MSG(len == 1, "expected data available"); +} + ATF_TP_ADD_TCS(tp) { ATF_TP_ADD_TC(tp, basic_ipv4); @@ -566,6 +712,8 @@ ATF_TP_ADD_TCS(tp) ATF_TP_ADD_TC(tp, bind_without_listen); ATF_TP_ADD_TC(tp, connect_not_bound); ATF_TP_ADD_TC(tp, connect_bound); + ATF_TP_ADD_TC(tp, connect_udp); + ATF_TP_ADD_TC(tp, connect_udp6); return (atf_no_error()); } diff --git a/usr.sbin/bsdinstall/scripts/jail b/usr.sbin/bsdinstall/scripts/jail index 8e001fc4a027..e4238ac0a687 100755 --- a/usr.sbin/bsdinstall/scripts/jail +++ b/usr.sbin/bsdinstall/scripts/jail @@ -79,7 +79,7 @@ distbase() { : ${DISTRIBUTIONS="base.txz"}; export DISTRIBUTIONS if [ -f $BSDINSTALL_DISTDIR/MANIFEST ]; then - DISTMENU=`cut -f 4,5,6 $BSDINSTALL_DISTDIR/MANIFEST | grep -v -e ^kernel -e ^base` + DISTMENU=$(cut -f 1,5,6 $BSDINSTALL_DISTDIR/MANIFEST | grep -v -e ^kernel -e ^base | sed -E 's/\.txz//g') if [ ! "$nonInteractive" == "YES" ] then diff --git a/usr.sbin/pmcstat/pmcpl_callgraph.c b/usr.sbin/pmcstat/pmcpl_callgraph.c index ade99464a4a3..63684f800bdc 100644 --- a/usr.sbin/pmcstat/pmcpl_callgraph.c +++ b/usr.sbin/pmcstat/pmcpl_callgraph.c @@ -362,7 +362,7 @@ pmcpl_cg_process(struct pmcstat_process *pp, struct pmcstat_pmcrecord *pmcr, * - Find the function that overlaps the return address. * - If found: use the start address of the function. * If not found (say an object's symbol table is not present or - * is incomplete), round down to th gprof bucket granularity. + * is incomplete), round down to the gprof bucket granularity. * - Convert return virtual address to an offset in the image. * - Look for a child with the same {offset,image} tuple, * inserting one if needed. diff --git a/usr.sbin/sndctl/sndctl.c b/usr.sbin/sndctl/sndctl.c index 156c845481c5..6977f0ab0ebe 100644 --- a/usr.sbin/sndctl/sndctl.c +++ b/usr.sbin/sndctl/sndctl.c @@ -830,6 +830,8 @@ mod_play_vchans(struct snd_dev *dp, void *arg) if (dp->from_user) return (-1); + if (!dp->play.pchans) + return (0); snprintf(buf, sizeof(buf), "dev.pcm.%d.play.vchans", dp->unit); @@ -873,6 +875,8 @@ mod_rec_vchans(struct snd_dev *dp, void *arg) if (dp->from_user) return (-1); + if (!dp->rec.pchans) + return (0); snprintf(buf, sizeof(buf), "dev.pcm.%d.rec.vchans", dp->unit); |