git: cb57f50e6404 - main - defaults: oomprotect sshd and local_unbound

2023-11-13 Thread Alexander Leidinger
The branch main has been updated by netchild:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=cb57f50e6404389e4314025caea487d63ddf0ee4

commit cb57f50e6404389e4314025caea487d63ddf0ee4
Author: Alexander Leidinger 
AuthorDate: 2023-11-13 08:48:51 +
Commit: Alexander Leidinger 
CommitDate: 2023-11-13 08:48:51 +

defaults: oomprotect sshd and local_unbound

Add sshd and local_unbound to the oom protected services.
syslogd is protected by default already, document it.

This was discussed on arch@, see

https://lists.freebsd.org/archives/freebsd-arch/2023-November/000543.html

sshd is protected to be able to investigate and fix oom issues on systems
which don't have out-of-band console access.
local_unbound is protected as it may be enabled for local use and without
DNS a lot grinds to a halt (including sshd).

Relnotes:   yes
MFC after:  1 month
Differential Revision:  https://reviews.freebsd.org/D42544
---
 libexec/rc/rc.conf   |  2 ++
 share/man/man5/rc.conf.5 | 20 +++-
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/libexec/rc/rc.conf b/libexec/rc/rc.conf
index 26e189953044..3269288728b6 100644
--- a/libexec/rc/rc.conf
+++ b/libexec/rc/rc.conf
@@ -318,6 +318,7 @@ ggated_config="/etc/gg.exports" # ggated(8) exports 
file.
 ggated_flags=""# Extra parameters like which port to 
bind to.
 ctld_enable="NO"   # CAM Target Layer / iSCSI target daemon.
 local_unbound_enable="NO"  # Local caching DNS resolver
+local_unbound_oomprotect="YES" # Don't kill local_unbound when swap space is 
exhausted.
 local_unbound_tls="NO" # Use DNS over TLS
 blacklistd_enable="NO" # Run blacklistd daemon (YES/NO).
 blacklistd_flags=""# Optional flags for blacklistd(8).
@@ -364,6 +365,7 @@ pppoed_provider="*" # Provider and ppp(8) config 
file entry.
 pppoed_flags="-P /var/run/pppoed.pid"  # Flags to pppoed (if enabled).
 pppoed_interface="em0" # The interface that pppoed runs on.
 sshd_enable="NO"   # Enable sshd
+sshd_oomprotect="YES"  # Don't kill sshd when swap space is exhausted.
 sshd_program="/usr/sbin/sshd"  # path to sshd, if you want a different one.
 sshd_flags=""  # Additional flags for sshd.
 ftpd_enable="NO"   # Enable stand-alone ftpd.
diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5
index a76cb1a04e0a..ad84bcbd576c 100644
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@@ -22,7 +22,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd September 18, 2023
+.Dd November 13, 2023
 .Dt RC.CONF 5
 .Os
 .Sh NAME
@@ -2318,6 +2318,12 @@ If set to
 run the
 .Xr syslogd 8
 daemon.
+Note, the
+.Va syslogd_oomprotect
+variable is set to
+.Dq Li YES
+by default in
+.Pa /etc/defaults/rc.conf .
 .It Va syslogd_program
 .Pq Vt str
 Path to
@@ -2381,6 +2387,12 @@ If set to
 run the
 .Xr unbound 8
 daemon as a local caching DNS resolver.
+Note, the
+.Va local_unbound_oomprotect
+variable is set to
+.Dq Li YES
+by default in
+.Pa /etc/defaults/rc.conf .
 .It Va nscd_enable
 .Pq Vt bool
 Set to
@@ -3840,6 +3852,12 @@ Set to
 to start
 .Xr sshd 8
 at system boot time.
+Note, the
+.Va sshd_oomprotect
+variable is set to
+.Dq Li YES
+by default in
+.Pa /etc/defaults/rc.conf .
 .It Va sshd_flags
 .Pq Vt str
 If



Re: git: 0aa93010c571 - main - arm64: do not register elf32 brand if hardware cannot exec aarch32

2023-11-16 Thread Alexander Leidinger

Am 2023-11-16 23:06, schrieb Konstantin Belousov:


commit 0aa93010c571b88a6402405be22745fa05a5baab



Commit: Konstantin Belousov 
CommitDate: 2023-11-16 22:04:40 +

arm64: do not register elf32 brand if hardware cannot exec aarch32


Would it make sense to add FEATURE(elf32, "...") and FEATURE(elf64, 
"...") to be able to query for it from userland?


Bye,
Alexander.

--
http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.orgnetch...@freebsd.org  : PGP 0x8F31830F9F2772BF


signature.asc
Description: OpenPGP digital signature


git: aeb91e95cfc2 - main - Log euid, rgid and jail on listen queue overflow

2022-03-26 Thread Alexander Leidinger
The branch main has been updated by netchild:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=aeb91e95cfc2d86e6f5eea4114247d2987ba06b6

commit aeb91e95cfc2d86e6f5eea4114247d2987ba06b6
Author: Alexander Leidinger 
AuthorDate: 2022-03-26 10:14:16 +
Commit: Alexander Leidinger 
CommitDate: 2022-03-26 10:17:55 +

Log euid, rgid and jail on listen queue overflow

If you have numerous jails with multiple similar services running,
this helps to narrow down which services this log is referring to.
---
 sys/kern/uipc_socket.c | 24 ++--
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c
index ab8e5d6e1b69..4c4fde0d6a26 100644
--- a/sys/kern/uipc_socket.c
+++ b/sys/kern/uipc_socket.c
@@ -699,12 +699,24 @@ sonewconn(struct socket *head, int connstatus)
}
KASSERT(sbuf_len(&descrsb) > 0,
("%s: sbuf creation failed", __func__));
-   log(LOG_DEBUG,
-   "%s: pcb %p (%s): Listen queue overflow: "
-   "%i already in queue awaiting acceptance "
-   "(%d occurrences)\n",
-   __func__, head->so_pcb, sbuf_data(&descrsb),
-   qlen, overcount);
+   if (head->so_cred == 0) {
+   log(LOG_DEBUG,
+   "%s: pcb %p (%s): Listen queue overflow: "
+   "%i already in queue awaiting acceptance "
+   "(%d occurrences)\n",
+   __func__, head->so_pcb, sbuf_data(&descrsb),
+   qlen, overcount);
+   } else {
+   log(LOG_DEBUG, "%s: pcb %p (%s): Listen queue 
overflow: "
+   "%i already in queue awaiting acceptance "
+   "(%d occurrences), euid %d, rgid %d, jail 
%s\n",
+   __func__, head->so_pcb, sbuf_data(&descrsb),
+   qlen, overcount,
+   head->so_cred->cr_uid, 
head->so_cred->cr_rgid,
+   head->so_cred->cr_prison ?
+   head->so_cred->cr_prison->pr_name :
+   "not_jailed");
+   }
sbuf_delete(&descrsb);
 
overcount = 0;



Re: git: 0dfaefa97547 - main - depend-cleanup.sh: Simplify the logic, and clean bootstrap tools.

2023-02-08 Thread Alexander Leidinger
Quoting Dag-Erling Smørgrav  (from Wed, 8 Feb 2023  
22:59:33 GMT):



The branch main has been updated by des:

URL:  
https://cgit.FreeBSD.org/src/commit/?id=0dfaefa975477cee2ec3155c3e0689ba1fcdde9a


commit 0dfaefa975477cee2ec3155c3e0689ba1fcdde9a
Author: Dag-Erling Smørgrav 
AuthorDate: 2023-02-08 22:58:51 +
Commit: Dag-Erling Smørgrav 
CommitDate: 2023-02-08 22:59:13 +

depend-cleanup.sh: Simplify the logic, and clean bootstrap tools.

* There's no need to check if the file exists before grepping  
it; if it does not exist, grep will fail, which is what we want.   
Just redirect the error message to /dev/null.


You change from "no fork+exec if the file doesn't exist" (due to "if"  
and "[" being shell-builtins) to "always fork+exec". On fast machines  
surely not an issue, on slow ones, it may make a difference (I have an  
old amd64 machine at an ISP which takes days to do a buildworld with  
-j2 due to not much memory, only 2 cores, old HDs, and other stuff  
going on in parallel).


While the .depend.* namespace is surely controlled by us, would it  
make sense to change the glob to ".{o,pico}" instead of ".*o" instead  
to prevent unexpected surprises in the future?



--- a/tools/build/depend-cleanup.sh
+++ b/tools/build/depend-cleanup.sh
@@ -28,18 +28,8 @@ fi
 # $3 source extension
 clean_dep()
 {
-   if [ -e "$OBJTOP"/$1/.depend.$2.pico ] && \
-   egrep -qw "$2\.$3" "$OBJTOP"/$1/.depend.$2.pico; then \
-   echo "Removing stale dependencies and objects for $2.$3"; \
-   rm -f \
-   "$OBJTOP"/$1/.depend.$2.* \
-   "$OBJTOP"/$1/$2.*o \
-   "$OBJTOP"/obj-lib32/$1/.depend.$2.* \
-   "$OBJTOP"/obj-lib32/$1/$2.*o
-   fi
-   if [ -e "$OBJTOP"/$1/.depend.$2.o ] && \
-   egrep -qw "$2\.$3" "$OBJTOP"/$1/.depend.$2.o; then \
-   echo "Removing stale dependencies and objects for $2.$3"; \
+   if egrep -qw "$2\.$3" "$OBJTOP"/$1/.depend.$2.*o 2>/dev/null; then
+   echo "Removing stale dependencies and objects for $2.$3"
rm -f \
"$OBJTOP"/$1/.depend.$2.* \
"$OBJTOP"/$1/$2.*o \


Bye,
Alexander.

--
http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.orgnetch...@freebsd.org  : PGP 0x8F31830F9F2772BF


pgp_TeR5pCoJI.pgp
Description: Digitale PGP-Signatur


Re: git: 0dfaefa97547 - main - depend-cleanup.sh: Simplify the logic, and clean bootstrap tools.

2023-02-09 Thread Alexander Leidinger
Quoting Dag-Erling Smørgrav  (from Thu, 09 Feb 2023  
10:46:49 +0100):



Alexander Leidinger  writes:

You change from "no fork+exec if the file doesn't exist" (due to "if"
and "[" being shell-builtins) to "always fork+exec". On fast machines
surely not an issue, on slow ones, it may make a difference (I have an
old amd64 machine at an ISP which takes days to do a buildworld with
-j2 due to not much memory, only 2 cores, old HDs, and other stuff
going on in parallel).


Have you measured this?  Because the whole point of clean_dep() is that


No, I haven't measured, for this reason I used "may".


the file it looks for nearly always exists.  It's the grep we're not
sure of.  So checking if the file exists is nearly always a waste.


Thanks for clarifying that.


While the .depend.* namespace is surely controlled by us, would it
make sense to change the glob to ".{o,pico}" instead of ".*o" instead
to prevent unexpected surprises in the future?


Our sh does not support the {} syntax.  Besides, what would it change?
What else would match .*o but not .{o,pico}?


My point here is, that making this more specific (we can also list the  
files explicitely), we _maybe_ can prevent foot-shooting in the  
_future_, in case there is something else added. I've seen enough  
cases where wildcarded removals caused harm after a little change in  
some other place. I have no doubts that you checked that this  
_currently_ is working fine. Based upon my experience in  
troubleshooting issues with "lost files" after an innocent change  
somewhere else, I prefer to at least ask about it.


Bye,
Alexander.

--
http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.orgnetch...@freebsd.org  : PGP 0x8F31830F9F2772BF


pgpVgO_3zVeBo.pgp
Description: Digitale PGP-Signatur


git: b45f09ac5756 - main - periodic: switch lockf to silent operation.

2023-02-28 Thread Alexander Leidinger
The branch main has been updated by netchild:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=b45f09ac57567de5c99a98941e5e06ecd5074871

commit b45f09ac57567de5c99a98941e5e06ecd5074871
Author: Alexander Leidinger 
AuthorDate: 2023-02-28 08:38:42 +
Commit: Alexander Leidinger 
CommitDate: 2023-02-28 08:38:42 +

periodic: switch lockf to silent operation.

This fixes duplicate mails (one from cron, one from periodic)
when a periodic run is not finished bfore the next one starts.

The man page states that the intended use case is cron, and
the error handling of the lockf invocation handles this case
explicitely, as such no error message for the "interactive"
use was considered.
---
 usr.sbin/periodic/periodic.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/usr.sbin/periodic/periodic.sh b/usr.sbin/periodic/periodic.sh
index 26413c4ab51e..cdbd1b3b57fb 100644
--- a/usr.sbin/periodic/periodic.sh
+++ b/usr.sbin/periodic/periodic.sh
@@ -53,7 +53,7 @@ if [ $1 != "LOCKED" ]; then
 ret=0
 for arg; do
 lockfile=/var/run/periodic.${arg##*/}.lock
-lockf -t 0 "${lockfile}" /bin/sh $0 LOCKED "$arg"
+lockf -s -t 0 "${lockfile}" /bin/sh $0 LOCKED "$arg"
 case $? in
 0) ;;
 73) #EX_CANTCREATE



Re: git: 72a1cb05cd23 - main - rc(8): Add a zpoolupgrade rc.d script

2022-11-07 Thread Alexander Leidinger


Quoting Li-Wen Hsu  (from Mon, 7 Nov 2022 03:39:19 GMT):


The branch main has been updated by lwhsu:

URL:  
https://cgit.FreeBSD.org/src/commit/?id=72a1cb05cd230ce0d12a7180ae65ddbba2e0cb6d


commit 72a1cb05cd230ce0d12a7180ae65ddbba2e0cb6d
Author: Li-Wen Hsu 
AuthorDate: 2022-11-07 03:30:09 +
Commit: Li-Wen Hsu 
CommitDate: 2022-11-07 03:30:09 +

rc(8): Add a zpoolupgrade rc.d script

If a zpool is created by makefs(8), its version is 5000, i.e., all
feature flags are off.  Introduce an rc script to run `zpool upgrade`
over the assigned zpools on the first boot.  This is useful to the
ZFS based VM images built from release(7).



diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5
index f9ceabc83120..43fa44a5f1cb 100644
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd August 28, 2022
+.Dd November 7, 2022
 .Dt RC.CONF 5
 .Os
 .Sh NAME
@@ -2109,6 +2109,13 @@ A space-separated list of ZFS pool names for  
which new pool GUIDs should be

 assigned upon first boot.
 This is useful when using a ZFS pool copied from a template, such  
as a virtual

 machine image.
+.It Va zpool_upgrade
+.Pq Vt str
+A space-separated list of ZFS pool names for which version should  
be upgraded

+upon first boot.
+This is useful when using a ZFS pool generated by
+.Xr makefs 8
+utility.


For someone who knows ZFS well, it is clear that only a zpool upgrade  
is done. Not so experienced people may assume there is a combination  
of zpool upgrade and zfs upgrade (more so for people which do not know  
what the difference is). Maybe you want to add some explicit  
documentation, that zfs upgrade + feature flags needs to be done by  
hand.


And this brings me to a second topic, we don't have an explicit list  
of features which are supported by the bootloader (I had a look at the  
zfs and the boot related man pages, if I overlooked a place, then the  
other places should reference this important part with some text).


Bye,
Alexander.

--
http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.orgnetch...@freebsd.org  : PGP 0x8F31830F9F2772BF


pgpoHuSpLGESZ.pgp
Description: Digitale PGP-Signatur


Re: git: 72a1cb05cd23 - main - rc(8): Add a zpoolupgrade rc.d script

2022-11-08 Thread Alexander Leidinger

 Quoting Warner Losh  (from Mon, 7 Nov 2022 14:23:11 -0700):


 

   On Mon, Nov 7, 2022 at 4:15 AM Alexander Leidinger  
 wrote:



Quoting Li-Wen Hsu  (from Mon, 7 Nov 2022 03:39:19 GMT):


The branch main has been updated by lwhsu:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=72a1cb05cd230ce0d12a7180ae65ddbba2e0cb6d

commit 72a1cb05cd230ce0d12a7180ae65ddbba2e0cb6d
Author:     Li-Wen Hsu 
AuthorDate: 2022-11-07 03:30:09 +
Commit:     Li-Wen Hsu 
CommitDate: 2022-11-07 03:30:09 +

     rc(8): Add a zpoolupgrade rc.d script

     If a zpool is created by makefs(8), its version is 5000, i.e., all
     feature flags are off.  Introduce an rc script to run `zpool upgrade`
     over the assigned zpools on the first boot.  This is useful to the
     ZFS based VM images built from release(7).



diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5
index f9ceabc83120..43fa44a5f1cb 100644
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@@ -24,7 +24,7 @@
  .\"
  .\" $FreeBSD$
  .\"
-.Dd August 28, 2022
+.Dd November 7, 2022
  .Dt RC.CONF 5
  .Os
  .Sh NAME
@@ -2109,6 +2109,13 @@ A space-separated list of ZFS pool names for 
which new pool GUIDs should be
  assigned upon first boot.
  This is useful when using a ZFS pool copied from a template, such 
as a virtual
  machine image.
+.It Va zpool_upgrade
+.Pq Vt str
+A space-separated list of ZFS pool names for which version should 
be upgraded
+upon first boot.
+This is useful when using a ZFS pool generated by
+.Xr makefs 8
+utility.


For someone who knows ZFS well, it is clear that only a zpool upgrade 
is done. Not so experienced people may assume there is a combination 
of zpool upgrade and zfs upgrade (more so for people which do not know 
what the difference is). Maybe you want to add some explicit 
documentation, that zfs upgrade + feature flags needs to be done by 
hand.

And this brings me to a second topic, we don't have an explicit list 
of features which are supported by the bootloader (I had a look at the 
zfs and the boot related man pages, if I overlooked a place, then the 
other places should reference this important part with some text).


 
There is a fixed list of features we support in the boot loader:
 
/*
 * List of ZFS features supported for read
 */
static const char *features_for_read[] = {
        "org.illumos:lz4_compress",
        "com.delphix:hole_birth",
        "com.delphix:extensible_dataset",
        "com.delphix:embedded_data",
        "org.open-zfs:large_blocks",
        "org.illumos:sha512",
        "org.illumos:skein",
        "org.zfsonlinux:large_dnode",
        "com.joyent:multi_vdev_crash_dump",
        "com.delphix:spacemap_histogram",
        "com.delphix:zpool_checkpoint",
        "com.delphix:spacemap_v2",
        "com.datto:encryption",
        "com.datto:bookmark_v2",
        "org.zfsonlinux:allocation_classes",
        "com.datto:resilver_defer",
        "com.delphix:device_removal",
        "com.delphix:obsolete_counts",
        "com.intel:allocation_classes",
        "org.freebsd:zstd_compress",
        "com.delphix:bookmark_written",
        "com.delphix:head_errlog",
        "org.openzfs:blake3",
        NULL
};
 
Any feature not on this list will cause the boot loader to  
reject the pool.

 
Whether or not it should do that by default, always, or never is an open
question. I've thought there should be a 'shoot footing'  
override that isn't

there today.
 


Thanks for the list. For those interested, it is in
    $SRC/stand/libsa/zfs/zfsimpl.c

Just to make my opinion expressed before explicit again, this should  
be documented in a boot / bootloader related man-page, but isn't.


Should the above list be sorted in some way? Maybe in the same order  
as the zpool-features lists them (sort by feature name after the  
colon), or alphabetical?


As Mark already mentioned some flags, I checked the features marked as  
read only (I checked in the zpool-features man page, including the  
dependencies documented there) and here are those not listed in  
zfsimpl.c. I would assume as they are read-only compatible, we should  
add them:

    com.delphix:async_destroy
    com.delphix:bookmarks
    org.openzfs:device_rebuild
    com.delphix:empty_bpobj
    com.delphix:enable_txg
    com.joyent:filesystem_limits
    com.delphix:livelist
    com.delphix:log_spacemap
    com.zfsonlinux:project_quota
    com.zfsonlinux:userobj_accounting
    com.openzfs:zilsaxattr

Bye,
Alexander.
--
http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.orgnetch...@freebsd.org  : PGP 0x8F31830F9F2772BF


pgp7ZpjmbBmnx.pgp
Description: Digitale PGP-Signatur


git: f993fff68979 - main - Sort list of supported features for more easy handling in the future.

2022-11-10 Thread Alexander Leidinger
The branch main has been updated by netchild:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=f993fff6897946077a3f9604b7dcbe59f5ce5135

commit f993fff6897946077a3f9604b7dcbe59f5ce5135
Author: Alexander Leidinger 
AuthorDate: 2022-11-10 08:47:23 +
Commit: Alexander Leidinger 
CommitDate: 2022-11-10 08:47:23 +

Sort list of supported features for more easy handling
in the future.

Reviewed by:imp
---
 stand/libsa/zfs/zfsimpl.c | 32 
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/stand/libsa/zfs/zfsimpl.c b/stand/libsa/zfs/zfsimpl.c
index 6b961f3110ae..36c90613e827 100644
--- a/stand/libsa/zfs/zfsimpl.c
+++ b/stand/libsa/zfs/zfsimpl.c
@@ -118,29 +118,29 @@ static vdev_list_t zfs_vdevs;
  * List of ZFS features supported for read
  */
 static const char *features_for_read[] = {
-   "org.illumos:lz4_compress",
-   "com.delphix:hole_birth",
-   "com.delphix:extensible_dataset",
-   "com.delphix:embedded_data",
-   "org.open-zfs:large_blocks",
-   "org.illumos:sha512",
-   "org.illumos:skein",
-   "org.zfsonlinux:large_dnode",
-   "com.joyent:multi_vdev_crash_dump",
-   "com.delphix:spacemap_histogram",
-   "com.delphix:zpool_checkpoint",
-   "com.delphix:spacemap_v2",
-   "com.datto:encryption",
"com.datto:bookmark_v2",
-   "org.zfsonlinux:allocation_classes",
+   "com.datto:encryption",
"com.datto:resilver_defer",
+   "com.delphix:bookmark_written",
"com.delphix:device_removal",
+   "com.delphix:embedded_data",
+   "com.delphix:extensible_dataset",
+   "com.delphix:head_errlog",
+   "com.delphix:hole_birth",
"com.delphix:obsolete_counts",
+   "com.delphix:spacemap_histogram",
+   "com.delphix:spacemap_v2",
+   "com.delphix:zpool_checkpoint",
"com.intel:allocation_classes",
+   "com.joyent:multi_vdev_crash_dump",
"org.freebsd:zstd_compress",
-   "com.delphix:bookmark_written",
-   "com.delphix:head_errlog",
+   "org.illumos:lz4_compress",
+   "org.illumos:sha512",
+   "org.illumos:skein",
+   "org.open-zfs:large_blocks",
"org.openzfs:blake3",
+   "org.zfsonlinux:allocation_classes",
+   "org.zfsonlinux:large_dnode",
NULL
 };
 



Re: git: b9cb80883bce - main - Don't omit bsd.compiler.mk for the nested delete-old in buildworld.

2022-11-21 Thread Alexander Leidinger

Quoting John Baldwin  (from Sat, 19 Nov 2022 04:13:10 GMT):


The branch main has been updated by jhb:

URL:  
https://cgit.FreeBSD.org/src/commit/?id=b9cb80883bce6dc992cf05ae2e59089a60d311ec


commit b9cb80883bce6dc992cf05ae2e59089a60d311ec
Author: John Baldwin 
AuthorDate: 2022-11-19 04:11:07 +
Commit: John Baldwin 
CommitDate: 2022-11-19 04:11:07 +

Don't omit bsd.compiler.mk for the nested delete-old in buildworld.

src.opts.mk will need bsd.compiler.mk to determine if CXX is
supported.  Without this, src.opts.mk always marks CXX as broken and
attempts to delete all dependencies of MK_CXX from WORLDTMP.


Is this the reason why a buildworld directly after a successful  
buildworld was (re-)building parts of llvm (without doing _any_ change  
in between)? I noticed this just last week but didn't took the time to  
have a look or discuss somewhere (well, I thought "maybe it's a  
feature of the bootstrap, it would surely get noticed if not").


Bye,
Alexander.

--
http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.orgnetch...@freebsd.org  : PGP 0x8F31830F9F2772BF


pgpw_zs1Mx0k3.pgp
Description: Digitale PGP-Signatur


git: ff0c7816db69 - main - Remove UPDATING entries from old branches.

2022-11-25 Thread Alexander Leidinger
The branch main has been updated by netchild:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=ff0c7816db696d31adc437134dcad45a70ad5889

commit ff0c7816db696d31adc437134dcad45a70ad5889
Author: Alexander Leidinger 
AuthorDate: 2022-11-25 09:17:14 +
Commit: Alexander Leidinger 
CommitDate: 2022-11-25 09:17:14 +

Remove UPDATING entries from old branches.

We only support updates from major version N to N+1:
stable/13 was branched on 20210122, remove all old entries from stable/10
branch point in 2013 to 20210122.
---
 UPDATING | 2175 --
 1 file changed, 2175 deletions(-)

diff --git a/UPDATING b/UPDATING
index 3782692c2a49..83e97246b964 100644
--- a/UPDATING
+++ b/UPDATING
@@ -275,2181 +275,6 @@ 
https://lists.freebsd.org/archives/freebsd-current/2021-June/000153.html
Please update your drm-kmod port to after the __FreeBSD_version 143
update.
 
-20210108:
-   PC Card attachments for all devices have been removed. In the case of
-   wi and cmx, the entire drivers were removed because they were only
-   PC Card devices. FreeBSD_version 1300134 should be used for this
-   since it was bumped so recently.
-
-20210107:
-   Transport-independent parts of HID support have been split off the USB
-   code in to separate subsystem.  Kernel configs which include one of
-   ums, ukbd, uhid, atp, wsp, wmt, uaudio, ugold or ucycom drivers should
-   be updated with adding of "device hid" line.
-
-20210105:
-   ncurses installation has been modified to only keep the widechar
-   enabled version.  Incremental build is broken for that change, so it
-   requires a clean build.
-
-20201223:
-   The FreeBSD project has migrated from Subversion to Git. Temporary
-   instructions can be found at
-   https://github.com/bsdimp/freebsd-git-docs/blob/main/src-cvt.md
-   and other documents in that repo.
-
-20201216:
-   The services database has been updated to cover more of the basic
-   services expected in a modern system. The database is big enough
-   that it will cause issues in mergemaster in Releases previous to
-   12.2 and 11.3, or in very old current systems from before r358154.
-
-20201215:
-   Obsolete in-tree GDB 6.1.1 has been removed.  GDB (including kgdb)
-   may be installed from ports or packages.
-
-20201124:
-   ping6 has been merged into ping.  It can now be called as "ping -6".
-   See ping(8) for details.
-
-20201108:
-   Default value of net.add_addr_allfibs has been changed to 0.
-   If you have multi-fib configuration and rely on existence of all
-   interface routes in every fib, you need to set the above sysctl to 1.
-
-20201030:
-   The internal pre-processor in the calendar(1) program has been
-   extended to support more C pre-processor commands (e.g. #ifdef, #else,
-   and #undef) and to detect unbalanced conditional statements.
-   Error messages have been extended to include the filename and line
-   number if processing stops to help fixing malformed data files.
-
-20201026:
-   All the data files for the calendar(1) program, except calendar.freebsd,
-   have been moved to the deskutils/calendar-data port, much like the
-   jewish calendar entries were moved to deskutils/hebcal years ago. After
-   make delete-old-files, you need to install it to retain full
-   functionality. calendar(1) will issue a reminder for files it can't
-   find.
-
-20200923:
-   LINT files are no longer generated. We now include the relevant NOTES
-   files. Note: This may cause conflicts with updating in some cases.
-   find sys -name LINT\* -delete
-   is suggested across this commit to remove the generated LINT files.
-
-   If you have tried to update with generated files there, the svn
-   command you want to un-auger the tree is
-   cd sys/amd64/conf
-   svn revert -R .
-   and then do the above find from the top level. Substitute 'amd64'
-   above with where the error message indicates a conflict.
-
-20200824:
-   OpenZFS support has been integrated. Do not upgrade root pools until
-   the loader is updated to support zstd. Furthermore, we caution against
-   'zpool upgrade' for the next few weeks. The change should be transparent
-   unless you  want to use new features.
-
-   Not all "NO_CLEAN" build scenarios work across these changes. Many
-   scenarios have been tested and fixed, but rebuilding kernels without
-   rebuilding world may fail.
-
-   The ZFS cache file has moved from /boot to /etc to match the OpenZFS
-   upstream default. A fallback to /boot has been added for mountroot.
-
-   Pool auto import behavior at boot has been moved from the kernel module
-   to an explici

git: 17101a25f98e - main - Revert "Remove UPDATING entries from old branches."

2022-11-27 Thread Alexander Leidinger
The branch main has been updated by netchild:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=17101a25f98e3e4b21bf19b2e6807ea0c4563f8a

commit 17101a25f98e3e4b21bf19b2e6807ea0c4563f8a
Author: Alexander Leidinger 
AuthorDate: 2022-11-27 21:10:09 +
Commit: Alexander Leidinger 
CommitDate: 2022-11-27 21:12:20 +

Revert "Remove UPDATING entries from old branches."

This reverts commit ff0c7816db696d31adc437134dcad45a70ad5889 as more
history than just from branch N-1 to N is requested/needed by some
downstram consumers.

Requested by:   imp
---
 UPDATING | 2175 ++
 1 file changed, 2175 insertions(+)

diff --git a/UPDATING b/UPDATING
index 83e97246b964..3782692c2a49 100644
--- a/UPDATING
+++ b/UPDATING
@@ -275,6 +275,2181 @@ 
https://lists.freebsd.org/archives/freebsd-current/2021-June/000153.html
Please update your drm-kmod port to after the __FreeBSD_version 143
update.
 
+20210108:
+   PC Card attachments for all devices have been removed. In the case of
+   wi and cmx, the entire drivers were removed because they were only
+   PC Card devices. FreeBSD_version 1300134 should be used for this
+   since it was bumped so recently.
+
+20210107:
+   Transport-independent parts of HID support have been split off the USB
+   code in to separate subsystem.  Kernel configs which include one of
+   ums, ukbd, uhid, atp, wsp, wmt, uaudio, ugold or ucycom drivers should
+   be updated with adding of "device hid" line.
+
+20210105:
+   ncurses installation has been modified to only keep the widechar
+   enabled version.  Incremental build is broken for that change, so it
+   requires a clean build.
+
+20201223:
+   The FreeBSD project has migrated from Subversion to Git. Temporary
+   instructions can be found at
+   https://github.com/bsdimp/freebsd-git-docs/blob/main/src-cvt.md
+   and other documents in that repo.
+
+20201216:
+   The services database has been updated to cover more of the basic
+   services expected in a modern system. The database is big enough
+   that it will cause issues in mergemaster in Releases previous to
+   12.2 and 11.3, or in very old current systems from before r358154.
+
+20201215:
+   Obsolete in-tree GDB 6.1.1 has been removed.  GDB (including kgdb)
+   may be installed from ports or packages.
+
+20201124:
+   ping6 has been merged into ping.  It can now be called as "ping -6".
+   See ping(8) for details.
+
+20201108:
+   Default value of net.add_addr_allfibs has been changed to 0.
+   If you have multi-fib configuration and rely on existence of all
+   interface routes in every fib, you need to set the above sysctl to 1.
+
+20201030:
+   The internal pre-processor in the calendar(1) program has been
+   extended to support more C pre-processor commands (e.g. #ifdef, #else,
+   and #undef) and to detect unbalanced conditional statements.
+   Error messages have been extended to include the filename and line
+   number if processing stops to help fixing malformed data files.
+
+20201026:
+   All the data files for the calendar(1) program, except calendar.freebsd,
+   have been moved to the deskutils/calendar-data port, much like the
+   jewish calendar entries were moved to deskutils/hebcal years ago. After
+   make delete-old-files, you need to install it to retain full
+   functionality. calendar(1) will issue a reminder for files it can't
+   find.
+
+20200923:
+   LINT files are no longer generated. We now include the relevant NOTES
+   files. Note: This may cause conflicts with updating in some cases.
+   find sys -name LINT\* -delete
+   is suggested across this commit to remove the generated LINT files.
+
+   If you have tried to update with generated files there, the svn
+   command you want to un-auger the tree is
+   cd sys/amd64/conf
+   svn revert -R .
+   and then do the above find from the top level. Substitute 'amd64'
+   above with where the error message indicates a conflict.
+
+20200824:
+   OpenZFS support has been integrated. Do not upgrade root pools until
+   the loader is updated to support zstd. Furthermore, we caution against
+   'zpool upgrade' for the next few weeks. The change should be transparent
+   unless you  want to use new features.
+
+   Not all "NO_CLEAN" build scenarios work across these changes. Many
+   scenarios have been tested and fixed, but rebuilding kernels without
+   rebuilding world may fail.
+
+   The ZFS cache file has moved from /boot to /etc to match the OpenZFS
+   upstream default. A fallback to /boot has been added for mountroot.
+
+   Pool auto import behavior at boot has been moved from the ker

Re: git: 5faf90050e6c - main - committers-ports.dot: Bring file up to date.

2023-03-30 Thread Alexander Leidinger
Quoting Fernando Apesteguía  (from Thu, 30 Mar  
2023 12:22:37 GMT):



The branch main has been updated by fernape:

URL:  
https://cgit.FreeBSD.org/src/commit/?id=5faf90050e6c280c314bca58ee61707d8bfdbaf3


commit 5faf90050e6c280c314bca58ee61707d8bfdbaf3
Author: Fernando Apesteguía 
AuthorDate: 2023-03-30 10:03:00 +
Commit: Fernando Apesteguía 
CommitDate: 2023-03-30 12:17:10 +

committers-ports.dot: Bring file up to date.

Many listed committers are actually alumni.

Related to this change: 52f576459855

Approved by:bcr@
Differential Revision:  https://reviews.freebsd.org/D39340


I think I noticed some people to be put into the alumi section, which  
are still active src committers (e.g. gnn). Given the recent  
discussion about some relaxed handling of the commit bits (sort of:  
all or nothing, but seek review when in an unfamiliar area): do we  
really want to put someone into the X-alumni section, if this person  
is still active in the Y-area?


From a bean-counting perspective, I understand that ports!=src, but  
people looking at ports-alumni may understand that a particular person  
may have left the project, instead of not doing something anymore in a  
particular subset of the project.


Bye,
Alexander.

--
http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.orgnetch...@freebsd.org  : PGP 0x8F31830F9F2772BF


pgp0uimzerbR2.pgp
Description: Digitale PGP-Signatur


Re: git: f5f277728ade - main - nfsd: Fix NFS access to .zfs/snapshot snapshots

2023-11-23 Thread Alexander Leidinger

Am 2023-11-23 16:25, schrieb Rick Macklem:

The branch main has been updated by rmacklem:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=f5f277728adec4c5b3e840a1fb16bd16f8cc956d


commit f5f277728adec4c5b3e840a1fb16bd16f8cc956d
Author: Rick Macklem 
AuthorDate: 2023-11-23 15:23:33 +
Commit: Rick Macklem 
CommitDate: 2023-11-23 15:23:33 +

nfsd: Fix NFS access to .zfs/snapshot snapshots

When a process attempts to access a snapshot under
//.zfs/snapshot, the snapshot is automounted.
However, without this patch, the automount does not
set mnt_exjail, which results in the snapshot not being
accessible over NFS.

This patch defines a new function called vfs_exjail_clone()
which sets mnt_exjail from another mount point and
then uses that function to set mnt_exjail in the snapshot
automount.  A separate patch that is currently a pull request
for OpenZFS, calls this function to fix the problem.


May the same/similar fix like for ZFS be needed / useful for nullfs 
mounted stuff?


I have a ZFS dataset which is mounted via nullfs into a jail. This 
nullfs-mount is then exported via samba. In samba I have the shadow-copy 
stuff enabled, but it doesn't work, as the jails can't access the 
snapshot.


Bye,
Alexander.

--
http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.orgnetch...@freebsd.org  : PGP 0x8F31830F9F2772BF


signature.asc
Description: OpenPGP digital signature


Re: git: b1c95af45488 - main - rc.conf: correct $ntp_leapfile_sources

2023-12-08 Thread Alexander Leidinger

Am 2023-12-08 06:10, schrieb Warner Losh:

On Thu, Dec 7, 2023 at 6:07 PM Steffen Nurpmeso  
wrote:



What i mean is, the FreeBSD project and its pkg database, isn't
this a natural place for such a thing?  With guaranteed /
controlled availability.


The ntp leap stuff does pre-date the pkg by a decade. Having a package
for it might be a natural evolution,


Quick and dirty:

---snip---

PORTNAME=   leapsecondfile
DISTVERSION=20230328
CATEGORIES= sysutils
MASTER_SITES=   https://data.iana.org/time-zones/tzdb/
DISTFILES=  leap-seconds.list

MAINTAINER= security-offi...@freebsd.org
COMMENT=Time Zone Database leap seconds file
WWW=https://data.iana.org/time-zones/tzdb

LICENSE=PD

PLIST_FILES=etc/leap-seconds.list

NO_ARCH=yes
NO_BUILD=   yes
NO_EXTRACT= yes
EXTRACT_CMD=cp
EXTRACT_BEFORE_ARGS=
EXTRACT_AFTER_ARGS=${WRKDIR}/

do-install:
${INSTALL_DATA} ${WRKDIR}/leap-seconds.list 
${STAGEDIR}/${PREFIX}/etc/leap-seconds.list


.include 

---snip---

make makesum

echo "NTP leap seconds file" > pkg-descr

Bye,
Alexander.

--

http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.orgnetch...@freebsd.org  : PGP 0x8F31830F9F2772BF

signature.asc
Description: OpenPGP digital signature


Re: git: 2c24ad3377a6 - main - ifconfig: abort if loading a module fails other than for ENOENT

2023-01-19 Thread Alexander Leidinger
Quoting Alan Somers  (from Thu, 19 Jan 2023  
10:11:38 -0700):



Ugh, it looks like kldload(2) is doing the privilege check before the
file existence check.  I'm not sure of the best solution:
* Change kern_kldload to check for file existence first.  This would
ring some alarm bells among security folks, and it isn't totally easy
to do, either.
* Change ifconfig(8) to do an existence check of its own.  This  
would be ugly.

* Change ifconfig(8) so that it doesn't attempt to load modules when
just listing an interface.  This might be incomplete, but is probably
worth doing anyway.


Isn't this affecting all ifconfig operations in a _vnet_ jail, not  
only listing an interface?


Would it be sensible to revert the commit until there is a solution?

From a quick look I have the impression it makes sense to set noload  
to true in a jail (in that case ifmaybeload returns and the problem  
should go away).


Bye,
Alexander.

--
http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.orgnetch...@freebsd.org  : PGP 0x8F31830F9F2772BF


pgpKhUqu23Hif.pgp
Description: Digitale PGP-Signatur


git: 194e059bb803 - main - service: Add -E option to set environment variables before starting a service.

2023-06-19 Thread Alexander Leidinger
The branch main has been updated by netchild:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=194e059bb80334e6f4f791a186015b20d7f6f4b8

commit 194e059bb80334e6f4f791a186015b20d7f6f4b8
Author: Alexander Leidinger 
AuthorDate: 2022-11-30 18:31:41 +
Commit: Alexander Leidinger 
CommitDate: 2023-06-19 17:45:54 +

service: Add -E option to set environment variables before starting a 
service.

This allows for quicker testing/debugging of rc scripts and is a pre-req
for automatic service jails.

Differential Revision:  https://reviews.freebsd.org/D40369
Reviewed by:se
---
 usr.sbin/service/service.8  | 12 
 usr.sbin/service/service.sh | 23 ++-
 2 files changed, 26 insertions(+), 9 deletions(-)

diff --git a/usr.sbin/service/service.8 b/usr.sbin/service/service.8
index 9902ae3c8574..c2be0e0af037 100644
--- a/usr.sbin/service/service.8
+++ b/usr.sbin/service/service.8
@@ -48,6 +48,7 @@
 .Nm
 .Op Fl j Ar jail
 .Op Fl v
+.Op Fl E Ar var=value
 .Ar script
 .Ar command
 .Sh DESCRIPTION
@@ -67,6 +68,13 @@ the scripts using various criteria.
 .Pp
 The options are as follows:
 .Bl -tag -width F1
+.It Fl E Ar var=value
+Set the environment variable
+.Ar var
+to the specified
+.Ar value
+before starting the script.
+This option can be used multiple times.
 .It Fl e
 List services that are enabled.
 The list of scripts to check is compiled using
@@ -117,6 +125,9 @@ to
 which is how they are set in
 .Pa /etc/rc
 at boot time.
+If the
+.Fl E
+option is used, the corresponding variable is set accordingly.
 .Sh EXIT STATUS
 .Ex -std
 .Sh EXAMPLES
@@ -126,6 +137,7 @@ command:
 .Bd -literal -offset -ident
 service named status
 service -j dns named status
+service -E LC_ALL=C.UTF-8 named start
 service -rv
 .Ed
 .Pp
diff --git a/usr.sbin/service/service.sh b/usr.sbin/service/service.sh
index f056c43d3c98..5f232955bdff 100755
--- a/usr.sbin/service/service.sh
+++ b/usr.sbin/service/service.sh
@@ -37,21 +37,23 @@ usage () {
echo "${0##*/} [-j ] -e"
echo "${0##*/} [-j ] -R"
echo "${0##*/} [-j ] [-v] -l | -r"
-   echo "${0##*/} [-j ] [-v]  
start|stop|etc."
+   echo "${0##*/} [-j ] [-v] [-E var=value]  
start|stop|etc."
echo "${0##*/} -h"
echo ''
-   echo "-jPerform actions within the named jail"
-   echo '-eShow services that are enabled'
-   echo "-RStop and start enabled $local_startup services"
-   echo "-lList all scripts in /etc/rc.d and $local_startup"
-   echo '-rShow the results of boot time rcorder'
-   echo '-vVerbose'
+   echo "-jPerform actions within the named jail"
+   echo "-E n=val  Set variable n to val before executing the rc.d script"
+   echo '-eShow services that are enabled'
+   echo "-RStop and start enabled $local_startup services"
+   echo "-lList all scripts in /etc/rc.d and 
$local_startup"
+   echo '-rShow the results of boot time rcorder'
+   echo '-vVerbose'
echo ''
 }
 
-while getopts 'j:ehlrRv' COMMAND_LINE_ARGUMENT ; do
+while getopts 'j:E:ehlrRv' COMMAND_LINE_ARGUMENT ; do
case "${COMMAND_LINE_ARGUMENT}" in
j)  JAIL="${OPTARG}" ;;
+   E)  VARS="${VARS} ${OPTARG}" ;;
e)  ENABLED=eopt ;;
h)  usage ; exit 0 ;;
l)  LIST=lopt ;;
@@ -72,6 +74,9 @@ if [ -n "${JAIL}" ]; then
[ -n "${RCORDER}" ] && args="${args} -r"
[ -n "${RESTART}" ] && args="${args} -R"
[ -n "${VERBOSE}" ] && args="${args} -v"
+   for var in ${VARS}; do
+   args="${args} -E ${var}"
+   done
 
# Call jexec(8) with the rebuild args and any positional args that
# were left in $@
@@ -171,7 +176,7 @@ cd /
 for dir in /etc/rc.d $local_startup; do
if [ -x "$dir/$script" ]; then
[ -n "$VERBOSE" ] && echo "$script is located in $dir"
-   exec env -i -L -/daemon HOME=/ 
PATH=/sbin:/bin:/usr/sbin:/usr/bin "$dir/$script" "$@"
+   exec env -i -L -/daemon HOME=/ 
PATH=/sbin:/bin:/usr/sbin:/usr/bin ${VARS} "$dir/$script" "$@"
fi
 done
 



git: b75644771aa8 - main - Add nullfs specific nocache option.

2022-04-22 Thread Alexander Leidinger
The branch main has been updated by netchild:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=b75644771aa8bd362b9d22bc66c6bd6cc2beaf8a

commit b75644771aa8bd362b9d22bc66c6bd6cc2beaf8a
Author: Alexander Leidinger 
AuthorDate: 2022-04-22 08:22:26 +
Commit: Alexander Leidinger 
CommitDate: 2022-04-22 08:22:26 +

Add nullfs specific nocache option.
---
 sbin/mount_nullfs/mount_nullfs.8 | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/sbin/mount_nullfs/mount_nullfs.8 b/sbin/mount_nullfs/mount_nullfs.8
index f2969209e240..87cdeb288d83 100644
--- a/sbin/mount_nullfs/mount_nullfs.8
+++ b/sbin/mount_nullfs/mount_nullfs.8
@@ -33,7 +33,7 @@
 .\" @(#)mount_null.8   8.6 (Berkeley) 5/1/95
 .\" $FreeBSD$
 .\"
-.Dd October 3, 2016
+.Dd April 22, 2022
 .Dt MOUNT_NULLFS 8
 .Os
 .Sh NAME
@@ -80,6 +80,12 @@ flag followed by a comma separated string of options.
 See the
 .Xr mount 8
 man page for possible options and their meanings.
+Additionally the following option is supported:
+.Bl -tag -width indent
+.It Cm nocache
+Disable caching in the null layer.
+Some lower-layer file systems may force this option.
+.El
 .El
 .Pp
 The null layer has two purposes.



git: b29fb6cffd02 - main - Improve description of the nocache option.

2022-05-06 Thread Alexander Leidinger
The branch main has been updated by netchild:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=b29fb6cffd025dea9fb51e7c61c7f8e4f380ff4e

commit b29fb6cffd025dea9fb51e7c61c7f8e4f380ff4e
Author: Alexander Leidinger 
AuthorDate: 2022-05-06 11:00:37 +
Commit: Alexander Leidinger 
CommitDate: 2022-05-06 11:03:30 +

Improve description of the nocache option.

Discussed with: pstef
---
 sbin/mount_nullfs/mount_nullfs.8 | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/sbin/mount_nullfs/mount_nullfs.8 b/sbin/mount_nullfs/mount_nullfs.8
index 87cdeb288d83..756b13a7ffdf 100644
--- a/sbin/mount_nullfs/mount_nullfs.8
+++ b/sbin/mount_nullfs/mount_nullfs.8
@@ -33,7 +33,7 @@
 .\" @(#)mount_null.8   8.6 (Berkeley) 5/1/95
 .\" $FreeBSD$
 .\"
-.Dd April 22, 2022
+.Dd May 6, 2022
 .Dt MOUNT_NULLFS 8
 .Os
 .Sh NAME
@@ -83,8 +83,10 @@ man page for possible options and their meanings.
 Additionally the following option is supported:
 .Bl -tag -width indent
 .It Cm nocache
-Disable caching in the null layer.
+Disable metadata caching in the null layer.
 Some lower-layer file systems may force this option.
+Depending on the access pattern,
+this may result in increased lock contention.
 .El
 .El
 .Pp



Re: git: 87ee63bac69d - main - locks: add a runtime check for missing turnstile

2024-07-16 Thread Alexander Leidinger

Am 2024-07-15 22:13, schrieb John Baldwin:

bugs might have been useful in the log as well.  I think it's fine if 
we want
to have some checks that are always on, but it's currently quite rare 
so

needs a bit more rationale in the log than other changes is all.


Is this a "we want to keep this permanent" change, or is this a "we see 
bugs, we don't know more, let's add this to have more people stumble 
upon it with more info until we know what is causing this and then 
remove it together with a fix" change? I would tend to understand it as 
the later (which maybe should lead to a commit to comment this part as 
such).


Bye,
Alexander.

--
http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.orgnetch...@freebsd.org  : PGP 0x8F31830F9F2772BF


signature.asc
Description: OpenPGP digital signature


git: 2efbd480f1d3 - main - rc: add service jails framework

2024-05-22 Thread Alexander Leidinger
The branch main has been updated by netchild:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=2efbd480f1d37cbadc5af4476a87e5336c493910

commit 2efbd480f1d37cbadc5af4476a87e5336c493910
Author: Alexander Leidinger 
AuthorDate: 2024-05-22 13:28:11 +
Commit: Alexander Leidinger 
CommitDate: 2024-05-22 13:41:48 +

rc: add service jails framework

This takes a rc.d-service and starts it in a jail which shares the same
root-path as the host (or parent jail) and may inherit the network from
the host (or parent jail). Per service there is the possibility to
specify some arguments which give more permissions (e.g. netv4, netv6,
sysvipc...).
Reviewed by:bcr (man page)
Relnotes:   yes
Differential Revision:  https://reviews.freebsd.org/D40370
---
 libexec/rc/rc.subr   | 155 +++
 share/man/man5/rc.conf.5 | 112 +-
 2 files changed, 255 insertions(+), 12 deletions(-)

diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr
index 6ed9d24fdf5c..23651cbf8e58 100644
--- a/libexec/rc/rc.subr
+++ b/libexec/rc/rc.subr
@@ -50,6 +50,9 @@ PROTECT="/usr/bin/protect"
 ID="/usr/bin/id"
 IDCMD="if [ -x $ID ]; then $ID -un; fi"
 PS="/bin/ps -ww"
+SERVICE=/usr/sbin/service
+JAIL_CMD=/usr/sbin/jail
+_svcj_generic_params="path=/ mount.nodevfs host=inherit"
 JID=0
 CPUSET="/bin/cpuset"
 
@@ -521,6 +524,16 @@ _find_processes()

$_procname|$_procnamebn|${_procnamebn}:|"(${_procnamebn})"|"[${_procnamebn}]")'
fi
 
+   if checkyesno ${name}_svcj && [ "${_rc_svcj}" != jailing ]; then
+   JID=$(/usr/sbin/jls -j svcj-${name} jid 2>/dev/null)
+
+   case ${JID} in
+   ''|*[!0-9]*)
+   # svcj-jail doesn't exist, fallback to host-check
+   JID=0
+   ;;
+   esac
+   fi
_proccheck="\
$PS 2>/dev/null -o pid= -o jid= -o command= $_psargs"' |
while read _npid _jid '"$_fp_args"'; do
@@ -1138,6 +1151,18 @@ run_rc_command()
_cpusetcmd="$CPUSET -l $_cpuset"
fi
 
+   # If a specific jail has a specific svcj request, honor it (YES/NO).
+   # If not (variable empty), evaluate the global svcj catch-all.
+   # A global YES can be overriden by a specific NO, and a global NO is 
overriden
+   # by a specific YES.
+   eval _svcj=\$${name}_svcj
+   if [ -z "$_svcj" ]; then
+   _svcj=${svcj_all_enable}
+   if [ -z "$_svcj" ]; then
+   eval ${name}_svcj=NO
+   fi
+   fi
+
# setup pid check command
if [ -n "$_procname" ]; then
if [ -n "$pidfile" ]; then
@@ -1174,7 +1199,7 @@ run_rc_command()
_prepend=\$${name}_prepend  
_login_class=\${${name}_login_class:-daemon} \
_limits=\$${name}_limits_oomprotect=\$${name}_oomprotect \
_setup=\$${name}_setup  _env_file=\$${name}_env_file \
-   _umask=\$${name}_umask
+   _umask=\$${name}_umask  _svcj_options=\$${name}_svcj_options
 
if [ -n "$_env_file" ] && [ -r "${_env_file}" ]; then   # load env from 
file
set -a
@@ -1188,6 +1213,45 @@ run_rc_command()
fi
fi
 
+   if [ -n "$_svcj_options" ]; then# translate service jail options
+   _svcj_cmd_options=""
+
+   for _svcj_option in $_svcj_options; do
+   case "$_svcj_option" in
+   mlock)
+   _svcj_cmd_options="allow.mlock 
${_svcj_cmd_options}"
+   ;;
+   netv4)
+   _svcj_cmd_options="ip4=inherit 
allow.reserved_ports ${_svcj_cmd_options}"
+   ;;
+   netv6)
+   _svcj_cmd_options="ip6=inherit 
allow.reserved_ports ${_svcj_cmd_options}"
+   ;;
+   net_basic)
+   _svcj_cmd_options="ip4=inherit 
ip6=inherit allow.reserved_ports ${_svcj_cmd_options}"
+   ;;
+   net_raw)
+   _svcj_cmd_options="allow.raw_sockets 
${_svcj_cmd_options}"
+   ;;
+   net_all)
+

git: f99f0ee14e3a - main - rc.d: add a service jails config to all base system services

2024-05-22 Thread Alexander Leidinger
The branch main has been updated by netchild:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=f99f0ee14e3af81c23150a6a340259ca8a33d01a

commit f99f0ee14e3af81c23150a6a340259ca8a33d01a
Author: Alexander Leidinger 
AuthorDate: 2024-05-22 13:31:47 +
Commit: Alexander Leidinger 
CommitDate: 2024-05-22 13:41:49 +

rc.d: add a service jails config to all base system services

This gives more permissions to services (e.g. network access to
services which require this) when they are started as an automatic
service jail.

The sshd patch is important for the sshd-related functionality as
described in the man-page in the service jails part.

The location of the added env vars is supposed to allow overriding them
in rc.conf, and to hard-disable the use of svcj for some parts where it
doesn't make sense or will not work.

Only a subset of all of the services are fully tested (I'm running this
since more than a year with various services started as service jails).
The untested parts should be most of the time ok, in some edge-cases
more permissions are needed inside the service jail.
Differential Revision:  https://reviews.freebsd.org/D40371
---
 libexec/rc/rc.d/accounting |  4 
 libexec/rc/rc.d/adjkerntz  |  4 
 libexec/rc/rc.d/apm|  4 
 libexec/rc/rc.d/apmd   |  4 
 libexec/rc/rc.d/auditd |  4 
 libexec/rc/rc.d/auditdistd |  2 ++
 libexec/rc/rc.d/automount  |  4 
 libexec/rc/rc.d/automountd |  4 
 libexec/rc/rc.d/autounmountd   |  4 
 libexec/rc/rc.d/bgfsck |  4 
 libexec/rc/rc.d/blacklistd |  3 +++
 libexec/rc/rc.d/bluetooth  |  3 +++
 libexec/rc/rc.d/bootparams |  2 ++
 libexec/rc/rc.d/bridge |  4 
 libexec/rc/rc.d/bsnmpd |  2 ++
 libexec/rc/rc.d/bthidd |  3 +++
 libexec/rc/rc.d/ccd|  4 
 libexec/rc/rc.d/cfumass|  4 
 libexec/rc/rc.d/cleanvar   |  4 
 libexec/rc/rc.d/cleartmp   |  4 
 libexec/rc/rc.d/cron   |  5 +
 libexec/rc/rc.d/ctld   |  4 
 libexec/rc/rc.d/ddb|  3 +++
 libexec/rc/rc.d/defaultroute   |  4 
 libexec/rc/rc.d/devd   |  4 
 libexec/rc/rc.d/devfs  |  4 
 libexec/rc/rc.d/devmatch   |  4 
 libexec/rc/rc.d/dhclient   |  3 +++
 libexec/rc/rc.d/dmesg  |  4 
 libexec/rc/rc.d/dnctl  |  3 +++
 libexec/rc/rc.d/dumpon |  4 
 libexec/rc/rc.d/fsck   |  4 
 libexec/rc/rc.d/ftp-proxy  |  2 ++
 libexec/rc/rc.d/ftpd   | 10 --
 libexec/rc/rc.d/geli   |  4 
 libexec/rc/rc.d/geli2  |  4 
 libexec/rc/rc.d/ggated |  3 +++
 libexec/rc/rc.d/gptboot|  4 
 libexec/rc/rc.d/growfs |  4 
 libexec/rc/rc.d/growfs_fstab   |  4 
 libexec/rc/rc.d/gssd   |  2 ++
 libexec/rc/rc.d/hastd  |  4 
 libexec/rc/rc.d/hcsecd |  3 +++
 libexec/rc/rc.d/hostapd|  4 
 libexec/rc/rc.d/hostid |  4 
 libexec/rc/rc.d/hostid_save|  4 
 libexec/rc/rc.d/hostname   |  4 
 libexec/rc/rc.d/inetd  |  2 ++
 libexec/rc/rc.d/iovctl |  4 
 libexec/rc/rc.d/ip6addrctl |  4 
 libexec/rc/rc.d/ipfilter   |  3 +++
 libexec/rc/rc.d/ipfs   |  4 
 libexec/rc/rc.d/ipfw   |  3 +++
 libexec/rc/rc.d/ipfw_netflow   |  3 +++
 libexec/rc/rc.d/ipmon  |  3 +++
 libexec/rc/rc.d/ipnat  |  3 +++
 libexec/rc/rc.d/ippool |  4 
 libexec/rc/rc.d/ipropd_master  | 12 
 libexec/rc/rc.d/ipropd_slave   | 14 +-
 libexec/rc/rc.d/ipsec  |  4 
 libexec/rc/rc.d/iscsictl   |  4 
 libexec/rc/rc.d/iscsid |  4 
 libexec/rc/rc.d/jail   |  4 
 libexec/rc/rc.d/kadmind| 10 +++---
 libexec/rc/rc.d/kdc|  1 +
 libexec/rc/rc.d/keyserv|  2 ++
 libexec/rc/rc.d/kfd|  8 ++--
 libexec/rc/rc.d/kld|  4 
 libexec/rc/rc.d/kldxref|  4 
 libexec/rc/rc.d/kpasswdd   | 10 +++---
 libexec/rc/rc.d/ldconfig   |  4 
 libexec/rc/rc.d/linux  |  4 
 libexec/rc/rc.d/local  |  4 
 libexec/rc/rc.d/local_unbound  |  1 +
 libexec/rc/rc.d/localpkg   |  6 ++
 libexec/rc/rc.d/lockd  |  7 +--
 libexec/rc/rc.d/lpd|  2 ++
 libexec/rc/rc.d/mdconfig   |  3 +++
 libexec/rc/rc.d/mdconfig2  |  3 +++
 libexec/rc/rc.d/mixer  |  4 
 libexec/rc/rc.d/motd   |  4 
 libex

git: a70ecfb11757 - main - rc.subr: add new sysv option for service jails

2024-06-14 Thread Alexander Leidinger
The branch main has been updated by netchild:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=a70ecfb11757812cd97b6499dc4b73984c310681

commit a70ecfb11757812cd97b6499dc4b73984c310681
Author: Alexander Leidinger 
AuthorDate: 2024-06-14 18:05:52 +
Commit: Alexander Leidinger 
CommitDate: 2024-06-14 18:15:45 +

rc.subr: add new sysv option for service jails

Clarify that the "sysvipc" svcj option inherits from the host / parent.
Add "sysvipcnew" which creates a new SysV namespace for the service
jail.
Sanity check that only one of them is used.
---
 libexec/rc/rc.subr   | 11 +++
 share/man/man5/rc.conf.5 |  8 ++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr
index 2380d1aeabc3..f9d8bf9a3cc3 100644
--- a/libexec/rc/rc.subr
+++ b/libexec/rc/rc.subr
@@ -1219,6 +1219,7 @@ run_rc_command()
if [ -n "$_svcj_options" ]; then# translate service jail options
_svcj_cmd_options=""
 
+   _svcj_sysvipc_x=0
for _svcj_option in $_svcj_options; do
case "$_svcj_option" in
mlock)
@@ -1243,8 +1244,13 @@ run_rc_command()
_svcj_cmd_options="allow.nfsd 
enforce_statfs=1 ${_svcj_cmd_options}"
;;
sysvipc)
+   _svcj_sysvipc_x=$((${_svcj_sysvipc_x} + 
1))
_svcj_cmd_options="sysvmsg=inherit 
sysvsem=inherit sysvshm=inherit  ${_svcj_cmd_options}"
;;
+   sysvipcnew)
+   _svcj_sysvipc_x=$((${_svcj_sysvipc_x} + 
1))
+   _svcj_cmd_options="sysvmsg=new 
sysvsem=new sysvshm=new ${_svcj_cmd_options}"
+   ;;
vmm)
_svcj_cmd_options="allow.vmm 
${_svcj_cmd_options}"
;;
@@ -1253,6 +1259,11 @@ run_rc_command()
;;
esac
done
+   if [ ${_svcj_sysvipc_x} -gt 1 ]; then
+   echo -n "ERROR: more than one sysvipc option is "
+   echo "specified in ${name}_svcj_options: $_svcj_options"
+   return 1
+   fi
fi
 
[ -z "$autoboot" ] && eval $_pidcmd # determine the pid if necessary
diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5
index 9f32cfa5ab82..3fa20fe3cf0c 100644
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@@ -4977,8 +4977,11 @@ to them.
 .It nfsd
 Allows to run nfsd and affiliated daemons.
 .It sysvipc
-Allows access to SysV semaphores, SysV shared memory and
-SysV messages.
+Inherits the SysV semaphores, SysV shared memory and
+SysV messages from the host or the parent jail.
+.It sysvipcnew
+Creates a new namespace for SysV semaphores, SysV shared memory
+and SysV messages for this particular service jail.
 .It vmm
 Allows access to
 .Xr vmm 4 .
@@ -4988,6 +4991,7 @@ is enabled in the kernel.
 .El
 
 All non-network options can be combined with all other options.
+From the SysV options only one option can be specified.
 
 If the
 .Ao Ar name Ac Ns Va _svcj



git: 2d08f6b577e9 - main - rc.subr: add some sanity checks for service jails

2024-06-14 Thread Alexander Leidinger
The branch main has been updated by netchild:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=2d08f6b577e9d58848cd7734dc979e60fe6f0165

commit 2d08f6b577e9d58848cd7734dc979e60fe6f0165
Author: Alexander Leidinger 
AuthorDate: 2024-06-14 18:10:07 +
Commit: Alexander Leidinger 
CommitDate: 2024-06-14 18:15:46 +

rc.subr: add some sanity checks for service jails

Add some sanity checks when service jails are used in jails:
 - children.max > 0
 - children.max - children.cur > 0

The nesting is too deep at those places to have a sane formatting, so no
line wrapping at the usual column.
If someone has a better idea how to format this: feel free to go ahead.
---
 libexec/rc/rc.subr | 39 ++-
 1 file changed, 34 insertions(+), 5 deletions(-)

diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr
index f9d8bf9a3cc3..e540d8f7d207 100644
--- a/libexec/rc/rc.subr
+++ b/libexec/rc/rc.subr
@@ -1332,11 +1332,28 @@ run_rc_command()
start)
if [ "${_rc_svcj}" != jailing ]; then
_return=1
-   $JAIL_CMD -c 
$_svcj_generic_params $_svcj_cmd_options \
-   exec.start="${SERVICE} -E 
_rc_svcj=jailing ${name} ${_rc_prefix}start $rc_extra_args" \
-   exec.stop="${SERVICE} -E 
_rc_svcj=jailing ${name} ${_rc_prefix}stop $rc_extra_args" \
-   
exec.consolelog="/var/log/svcj_${name}_console.log" \
-   name=svcj-${name} && 
_return=0
+   _do_jailing=1
+
+   if check_jail jailed; then
+   if [ $(${SYSCTL_N} 
security.jail.children.max) -eq 0 ]; then
+   echo ERROR: 
jail parameter children.max is set to 0, can not create a new service jail.
+   _do_jailing=0
+   else
+   
_free_jails=$(($(${SYSCTL_N} security.jail.children.max) - $(${SYSCTL_N} 
security.jail.children.cur)))
+   if [ 
${_free_jails} -eq 0 ]; then
+   echo 
ERROR: max number of jail children reached, can not create a new service jail.
+   
_do_jailing=0
+
+   fi
+   fi
+   fi
+   if [ ${_do_jailing} -eq 1 ]; 
then
+   $JAIL_CMD -c 
$_svcj_generic_params $_svcj_cmd_options \
+   
exec.start="${SERVICE} -E _rc_svcj=jailing ${name} ${_rc_prefix}start 
$rc_extra_args" \
+   
exec.stop="${SERVICE} -E _rc_svcj=jailing ${name} ${_rc_prefix}stop 
$rc_extra_args" \
+   
exec.consolelog="/var/log/svcj_${name}_console.log" \
+   name=svcj-${name} 
&& _return=0
+   fi
else
_run_rc_doit "$_cpusetcmd $_cmd 
$rc_extra_args" || _return=1
fi
@@ -1432,6 +1449,18 @@ run_rc_command()
 
if checkyesno ${name}_svcj; then
if [ "${_rc_svcj}" != jailing ]; then
+   if check_jail jailed; then
+   if [ $(${SYSCTL_N} 
security.jail.children.max) -eq 0 ]; then
+   echo ERROR: jail 
parameter children.max is set to 0, can not create a new service jail.
+   return 1
+   else
+   
_free_jails=$(($(${SYSCTL_N} security.jail.children.max) - $(${SYSCTL_N} 
security.jail.children.cur)))
+   if [ ${_free_jails} -eq 
0 ]; then
+  

Re: git: d3bb35d4e51b - main - jail: allow adjustment of host time

2024-06-28 Thread Alexander Leidinger

Am 2024-06-28 12:25, schrieb Mariusz Zaborski:

The branch main has been updated by oshogbo:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=d3bb35d4e51b06488b731071e7841f549bd5d26f


commit d3bb35d4e51b06488b731071e7841f549bd5d26f
Author: Mariusz Zaborski 
AuthorDate: 2024-06-28 10:23:31 +
Commit: Mariusz Zaborski 
CommitDate: 2024-06-28 10:23:31 +

jail: allow adjustment of host time

Add a special permission to the jail to adjust and to set the host 
time.

This can be useful if we want to compartmentalize the NTP daemon
from the rest of the system.


Do you plan to add a setting to service jails (rc.subr + 
rc.conf-man-page) for this, e.g.

---snip---
case "$_svcj_option" in
chtime)
_svcj_cmd_options="allow.adjtime 
allow.settime ${_svcj_cmd_options}"

;;
---snip---
and change the ntpd start script to use it (removing ntpd_svcj="NO" and 
adding ntpd_svcj_options="net_basic chtime" ... maybe net_raw is needed 
too, TBD)?


Like this ntpd could be compartmentalized with "sysrc ntpd_svcj=YES".

Bye,
Alexander.

--
http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.orgnetch...@freebsd.org  : PGP 0x8F31830F9F2772BF


signature.asc
Description: OpenPGP digital signature


git: e0dfe185cbca - main - jail(8): add support for ZFS datasets

2024-01-16 Thread Alexander Leidinger
The branch main has been updated by netchild:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=e0dfe185cbcae48b4c4493ed4c2626c46181eb80

commit e0dfe185cbcae48b4c4493ed4c2626c46181eb80
Author: Alexander Leidinger 
AuthorDate: 2024-01-17 07:40:40 +
Commit: Alexander Leidinger 
CommitDate: 2024-01-17 07:40:40 +

jail(8): add support for ZFS datasets

Add zfs.dataset to jail(8) to add a list of ZFS datasets.
Bump FreeBSD version for jail managers to switch to native
dataset support.

Datasets are attached to the jail after the jail creation and
before the execution of any start command. Unlike current
implementations in jail managers which attach datasets after
the start command, this allows the zfs rc.d script to mount
the datasets on start.

Discussed with: jamie
---
 sys/sys/param.h |  2 +-
 usr.sbin/jail/command.c | 29 +++--
 usr.sbin/jail/config.c  |  1 +
 usr.sbin/jail/jail.8| 12 +++-
 usr.sbin/jail/jail.c|  1 +
 usr.sbin/jail/jailp.h   |  1 +
 6 files changed, 42 insertions(+), 4 deletions(-)

diff --git a/sys/sys/param.h b/sys/sys/param.h
index f912d193bc4a..b5a5398497e0 100644
--- a/sys/sys/param.h
+++ b/sys/sys/param.h
@@ -73,7 +73,7 @@
  * cannot include sys/param.h and should only be updated here.
  */
 #undef __FreeBSD_version
-#define __FreeBSD_version 1500010
+#define __FreeBSD_version 1500011
 
 /*
  * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD,
diff --git a/usr.sbin/jail/command.c b/usr.sbin/jail/command.c
index 8ffcca8039ac..60893444e9de 100644
--- a/usr.sbin/jail/command.c
+++ b/usr.sbin/jail/command.c
@@ -291,9 +291,9 @@ run_command(struct cfjail *j)
login_cap_t *lcap;
const char **argv;
char *acs, *cs, *comcs, *devpath;
-   const char *jidstr, *conslog, *path, *ruleset, *term, *username;
+   const char *jidstr, *conslog, *fmt, *path, *ruleset, *term, *username;
enum intparam comparam;
-   size_t comlen;
+   size_t comlen, ret;
pid_t pid;
cpusetid_t setid;
int argc, bg, clean, consfd, down, fib, i, injail, sjuser, timeout;
@@ -590,6 +590,31 @@ run_command(struct cfjail *j)
}
break;
 
+   case IP_ZFS_DATASET:
+   argv = alloca(4 * sizeof(char *));
+   jidstr = string_param(j->intparams[KP_JID]) ?
+   string_param(j->intparams[KP_JID]) :
+   string_param(j->intparams[KP_NAME]);
+   fmt = "if [ $(/sbin/zfs get -H -o value jailed %s) = on ]; then 
/sbin/zfs jail %s %s || echo error, attaching %s to jail %s failed; else echo 
error, you need to set jailed=on for dataset %s; fi";
+   comlen = strlen(fmt)
+   + 2 * strlen(jidstr)
+   + 4 * comstring->len
+   - 6 * 2 /* 6 * "%s" */
+   + 1;
+   comcs = alloca(comlen);
+   ret = snprintf(comcs, comlen, fmt, comstring->s,
+   jidstr, comstring->s, comstring->s, jidstr,
+   comstring->s);
+   if (ret >= comlen) {
+   jail_warnx(j, "internal error in ZFS dataset handling");
+   exit(1);
+   }
+   argv[0] = _PATH_BSHELL;
+   argv[1] = "-c";
+   argv[2] = comcs;
+   argv[3] = NULL;
+   break;
+
case IP_COMMAND:
if (j->name != NULL)
goto default_command;
diff --git a/usr.sbin/jail/config.c b/usr.sbin/jail/config.c
index 63adc9652145..3af0088626c9 100644
--- a/usr.sbin/jail/config.c
+++ b/usr.sbin/jail/config.c
@@ -93,6 +93,7 @@ static const struct ipspec intparams[] = {
 [IP_MOUNT_FSTAB] = {"mount.fstab", PF_INTERNAL},
 [IP_STOP_TIMEOUT] ={"stop.timeout",PF_INTERNAL | 
PF_INT},
 [IP_VNET_INTERFACE] =  {"vnet.interface",  PF_INTERNAL},
+[IP_ZFS_DATASET] = {"zfs.dataset", PF_INTERNAL},
 #ifdef INET
 [IP__IP4_IFADDR] = {"ip4.addr",PF_INTERNAL | PF_CONV | PF_REV},
 #endif
diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8
index 1f745caa5e7c..e49c3fe95e7f 100644
--- a/usr.sbin/jail/jail.8
+++ b/usr.sbin/jail/jail.8
@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd November 29, 2023
+.Dd January 17, 2024
 .Dt JAIL 8
 .Os
 .Sh NAME
@@ -918,6 +918,15 @@ may also be specified, in the form
 .It Va vnet.interface
 A network interface to give to a vnet-enabled jail after is it created.
 The interface will automatically be released when the jail is removed.
+.It Va zfs.dataset
+A list of ZFS datasets to be attached to the jail.
+This requires

git: 0b49e504a32d - main - rc.d/jail: add legacy compatibility for zfs.dataset

2024-01-17 Thread Alexander Leidinger
The branch main has been updated by netchild:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=0b49e504a32d90ccd6785841bced2ca8c93a87e6

commit 0b49e504a32d90ccd6785841bced2ca8c93a87e6
Author: Alexander Leidinger 
AuthorDate: 2024-01-17 12:32:39 +
Commit: Alexander Leidinger 
CommitDate: 2024-01-17 12:38:00 +

rc.d/jail: add legacy compatibility for zfs.dataset

Evaluate the jail_${jailname}_zfs_dataset variable for legacy
jail managers.

This variable can take a space separated list of datasets.
The singular was used specially to allow unmaintained jail
managers like ezjail to use this (simply rename
jail_${jailname}_zfs_datasets in the ezjail config to
jail_${jailname}_zfs_dataset).
---
 libexec/rc/rc.d/jail | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/libexec/rc/rc.d/jail b/libexec/rc/rc.d/jail
index f12dae280bb0..e24d6f8e21e0 100755
--- a/libexec/rc/rc.d/jail
+++ b/libexec/rc/rc.d/jail
@@ -268,6 +268,13 @@ parse_options()
extract_var $_jv enforce_statfs enforce_statfs - 2
extract_var $_jv osreldate osreldate
extract_var $_jv osrelease osrelease
+
+   _zfs_dataset="$(eval echo \$jail_${_jv}_zfs_dataset)"
+   if [ -n "$_zfs_dataset" ]; then
+   for ds in $_zfs_dataset; do
+   echo "  zfs.dataset += ${ds};"
+   done
+   fi
for _p in $_parameters; do
echo "  ${_p%\;};"
done



git: b9a60d36ba04 - main - RELNOTES: mention ZFS dataset support for jail(8)

2024-01-17 Thread Alexander Leidinger
The branch main has been updated by netchild:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=b9a60d36ba043f313ab98b8dd058d49559254791

commit b9a60d36ba043f313ab98b8dd058d49559254791
Author: Alexander Leidinger 
AuthorDate: 2024-01-17 12:59:03 +
Commit: Alexander Leidinger 
CommitDate: 2024-01-17 12:59:03 +

RELNOTES: mention ZFS dataset support for jail(8)
---
 RELNOTES | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/RELNOTES b/RELNOTES
index adb9ca67aa0c..69a464d71873 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -10,6 +10,16 @@ newline.  Entries should be separated by a newline.
 
 Changes to this file should not be MFCed.
 
+0b49e504a32d:
+   rc.d/jail now supports the legacy variable jail_${jailname}_zfs_dataset
+   to allow unmaintained jail managers like ezjail to make use of this
+   feature (simply rename jail_${jailname}_zfs_datasets in the ezjail
+   config to jail_${jailname}_zfs_dataset.
+
+e0dfe185cbca:
+   jail(8) now support zfs.dataset to add a list of ZFS datasets to a
+jail.
+
 61174ad88e33:
newsyslog(8) now supports specifying a global compression method 
directly
at the beginning of the newsyslog.conf file, which will make 
newsyslog(8)



Re: git: f239db4800ee - main - ktrace: Remove CAPFAIL from default trace points

2024-04-24 Thread Alexander Leidinger

Am 2024-04-24 02:29, schrieb Jake Freeland:

The branch main has been updated by jfree:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=f239db4800ee9e7ff8485f96b7a68e6c38178c3b


commit f239db4800ee9e7ff8485f96b7a68e6c38178c3b
Author: Jake Freeland 
AuthorDate: 2024-04-24 00:26:14 +
Commit: Jake Freeland 
CommitDate: 2024-04-24 00:26:14 +

ktrace: Remove CAPFAIL from default trace points

The CAPFAIL tracepoint was recently extended to report ECAPMODE
capability  violations for processes that do not enter capability 
mode.

This allows developers that are interested in Capsicumizing their
programs to determine where violations are being raised.

Previously, CAPFAIL only produced output for processes using 
Capsicum(4)
capabilties. Thus, most ktrace users never received log output from 
the

trace point. With the recent changes, this is no longer the case.

Having this trace point enabled by default will produce output for 
all
processes that use syscalls that are not permitted in capability 
mode.

This may lead to confusion for users that are not familiar with the
feature. Remove KTRFAC_CAPFAIL from ktrace's default points to 
avoid

this.


Thanks for the opt-in instead of the opt-out! I stumbled over this a few 
hours ago and I can confirm that I was confused at first look... until I 
remembered a commit message about adding more info in this regard.


Bye,
Alexander.

--
http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.orgnetch...@freebsd.org  : PGP 0x8F31830F9F2772BF


signature.asc
Description: OpenPGP digital signature


Re: git: ca63710d3668 - main - linux: ignore setsockopt(IPV6_RECVERR)

2024-04-27 Thread Alexander Leidinger

Am 2024-04-23 06:52, schrieb Warner Losh:

The branch main has been updated by imp:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=ca63710d3668cf6f3cb4faf065d8b4eeffa028ad


commit ca63710d3668cf6f3cb4faf065d8b4eeffa028ad
Author: Lexi Winter 
AuthorDate: 2024-04-22 21:58:11 +
Commit: Warner Losh 
CommitDate: 2024-04-23 04:36:34 +

linux: ignore setsockopt(IPV6_RECVERR)


Add support for ignoring IPV6_RECVERR, controlled by the same 
sysctl.

This fixes DNS in Linux when using IPv6 resolvers.


And all applications which depend upon a working DNS in an IPv6 enabled 
system (e.g. biology/linux-foldingathome started to work again for me).


Any MFC target for this?

Bye,
Alexander.

--
http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.orgnetch...@freebsd.org  : PGP 0x8F31830F9F2772BF


signature.asc
Description: OpenPGP digital signature


Re: git: fce03f85c5bf - main - TCP can be subject to Sack Attacks lets fix this issue.

2024-05-06 Thread Alexander Leidinger

Am 2024-05-05 15:10, schrieb Randall Stewart:

The branch main has been updated by rrs:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=fce03f85c5bfc0d73fb5c43ac1affad73efab11a


commit fce03f85c5bfc0d73fb5c43ac1affad73efab11a
Author: Randall Stewart 
AuthorDate: 2024-05-05 13:08:47 +
Commit: Randall Stewart 
CommitDate: 2024-05-05 13:08:47 +

TCP can be subject to Sack Attacks lets fix this issue.

There is a type of attack that a TCP peer can launch on a 
connection. This is for sure in Rack or BBR and probably even the 
default stack if it uses lists in sack processing. The idea of the 
attack is that the attacker is driving you to look at 100's of sack 
blocks that only update 1 byte. So for example if you have 1 - 10,000 
bytes outstanding the attacker sends in something like:


ACK 0 SACK(1-512) SACK(1024 - 1536), SACK(2048-2536), SACK(4096 - 
4608), SACK(8192-8704)

This first sack looks fine but then the attacker sends

ACK 0 SACK(1-512) SACK(1025 - 1537), SACK(2049-2537), SACK(4097 - 
4609), SACK(8193-8705)
ACK 0 SACK(1-512) SACK(1027 - 1539), SACK(2051-2539), SACK(4099 - 
4611), SACK(8195-8707)

...
These blocks are making you hunt across your linked list and split 
things up so that you have an entry for every other byte. Has your list 
grows you spend more and more CPU running through the lists. The idea 
here is the attacker chooses entries as far apart as possible that make 
you run through the list. This example is small but in theory if the 
window is open to say 1Meg you could end up with 100's of thousands 
link list entries.


Would it make sense to use a tree list (generic example: 
https://commons.apache.org/proper/commons-collections/apidocs/org/apache/commons/collections4/list/TreeList.html) 
instead of a linked list additional/independently to what you committed?


diff --git a/sys/netinet/tcp_stacks/sack_filter.c 
b/sys/netinet/tcp_stacks/sack_filter.c

index e82fcee2ffac..fc9ee8454a1e 100644
--- a/sys/netinet/tcp_stacks/sack_filter.c
+++ b/sys/netinet/tcp_stacks/sack_filter.c



 #ifndef _KERNEL
+
+static u_int tcp_fixed_maxseg(const struct tcpcb *tp)
+{
+   /* Lets pretend their are timestamps on for user space */
+   return (tp->t_maxseg - 12);
+}


Typo in the comment?

Bye,
Alexander.

--
http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.orgnetch...@freebsd.org  : PGP 0x8F31830F9F2772BF


signature.asc
Description: OpenPGP digital signature


Re: git: fce03f85c5bf - main - TCP can be subject to Sack Attacks lets fix this issue.

2024-05-06 Thread Alexander Leidinger

Am 2024-05-06 13:11, schrieb Gary Jennejohn:

On Mon, 06 May 2024 09:27:31 +0200
Alexander Leidinger  wrote:


Am 2024-05-05 15:10, schrieb Randall Stewart:



> diff --git a/sys/netinet/tcp_stacks/sack_filter.c
> b/sys/netinet/tcp_stacks/sack_filter.c
> index e82fcee2ffac..fc9ee8454a1e 100644
> --- a/sys/netinet/tcp_stacks/sack_filter.c
> +++ b/sys/netinet/tcp_stacks/sack_filter.c

>  #ifndef _KERNEL
> +
> +static u_int tcp_fixed_maxseg(const struct tcpcb *tp)
> +{
> +  /* Lets pretend their are timestamps on for user space */
> +  return (tp->t_maxseg - 12);
> +}

Typo in the comment?



Yes.  Should be Let's as a contraction of Let us.


As a non-native english speaker I also would change "their" in this 
place and reword "timestamps on for user space".


Bye,
Alexander.

--
http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.orgnetch...@freebsd.org  : PGP 0x8F31830F9F2772BF


signature.asc
Description: OpenPGP digital signature


Re: git: 0ecf0b26a750 - main - timerfd_create: fix after cf742faa39a58a9b43b671c66097e6880459d4ae

2024-03-06 Thread Alexander Leidinger

Am 2024-03-06 18:29, schrieb Baptiste Daroussin:

The branch main has been updated by bapt:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=0ecf0b26a750582b804e238e6446db55188d7fdc


commit 0ecf0b26a750582b804e238e6446db55188d7fdc
Author: Baptiste Daroussin 
AuthorDate: 2024-03-06 17:28:02 +
Commit: Baptiste Daroussin 
CommitDate: 2024-03-06 17:28:02 +

timerfd_create: fix after cf742faa39a58a9b43b671c66097e6880459d4ae

Remove the include that crept in by accident
Clang complains about CLOCK_BOOTTIME being the same for now as
CLOCK_UPTIME, so remove CLOCK_BOOTTIME and leave a comment for
what to do when CLOCK_BOOTTIME will be different for real.


What about a compile time assert CLOCK_BOOTTIME == CLOCK_UPTIME, to make 
sure that someone knows to look at this piece if they want to make it 
different for other reasons?


Bye,
Alexander.

--
http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.orgnetch...@freebsd.org  : PGP 0x8F31830F9F2772BF


signature.asc
Description: OpenPGP digital signature


git: 1c2ae9233b0e - main - Limit some cc options based upon features

2025-01-31 Thread Alexander Leidinger
The branch main has been updated by netchild:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=1c2ae9233b0ed4f6b92c59c0e4026f6ddc073e4a

commit 1c2ae9233b0ed4f6b92c59c0e4026f6ddc073e4a
Author: Alexander Leidinger 
AuthorDate: 2025-01-31 12:11:06 +
Commit: Alexander Leidinger 
CommitDate: 2025-01-31 12:15:29 +

Limit some cc options based upon features

Limit the use of stack clash protection and zeroregs based upon
compiler features:
 - switch unconditional use of stack clash protection into a compiler
   feature
 - limit the use of stack clash protection on unsupported architectures
   (I did not wade into the source of each compiler to determine when
   support arrived for each architecture, I used the compiler version
   when it was introduced with what is supported currently)
 - add a safeguard for stack clash protection in places where we have no
   SSP provisions (we may not need it, but better safe than sorry when
   something changes or is overridden by the user)
 - limit the use of zeroregs the same way, so that even specifying it
   will not lead to build failures (useful for universe builds when
   WITH_ZEROREGS is specified in src.conf)

Differential Revision:  https://reviews.freebsd.org/D48724
---
 share/mk/bsd.compiler.mk | 13 -
 share/mk/bsd.lib.mk  | 10 +-
 share/mk/bsd.sys.mk  |  4 
 3 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/share/mk/bsd.compiler.mk b/share/mk/bsd.compiler.mk
index bf6ef3956d7d..f93d3495b1aa 100644
--- a/share/mk/bsd.compiler.mk
+++ b/share/mk/bsd.compiler.mk
@@ -24,6 +24,7 @@
 # - retpoline: supports the retpoline speculative execution vulnerability
 #  mitigation.
 # - init-all:  supports stack variable initialization.
+# - stackclash:supports stack clash protection
 # - zeroregs:  supports zeroing used registers on return
 # - aarch64-sha512: supports the AArch64 sha512 intrinsic functions.
 #
@@ -264,8 +265,18 @@ ${X_}COMPILER_FEATURES+=   compressed-debug
 ${X_}COMPILER_FEATURES+=   fileprefixmap
 .endif
 
+.if (${${X_}COMPILER_TYPE} == "clang" && ${${X_}COMPILER_VERSION} >= 7 \
+   && ${MACHINE_ARCH:Mriscv*} != "" && ${MACHINE_ARCH:Mpower*} != "") || \
+   (${${X_}COMPILER_TYPE} == "gcc" && ${${X_}COMPILER_VERSION} >= 81000 \
+   && ${MACHINE_ARCH:Mriscv*} != "")
+${X_}COMPILER_FEATURES+=   stackclash
+.endif
+
+
 .if (${${X_}COMPILER_TYPE} == "clang" && ${${X_}COMPILER_VERSION} >= 15) 
|| \
-   (${${X_}COMPILER_TYPE} == "gcc" && ${${X_}COMPILER_VERSION} >= 11)
+   (${${X_}COMPILER_TYPE} == "gcc" && ${${X_}COMPILER_VERSION} >= 11) 
&& \
+   ${MACHINE_ARCH:Mriscv*} != "" && ${MACHINE_ARCH:Mpower*} != "" && \
+   ${MACHINE_ARCH:Marmv7*} != "" 
 ${X_}COMPILER_FEATURES+=   zeroregs
 .endif
 
diff --git a/share/mk/bsd.lib.mk b/share/mk/bsd.lib.mk
index cf4140d0b3e6..cf8057907a1f 100644
--- a/share/mk/bsd.lib.mk
+++ b/share/mk/bsd.lib.mk
@@ -170,7 +170,7 @@ PO_FLAG=-pg
${CTFCONVERT_CMD}
 
 .c.nossppico:
-   ${CC} ${PICFLAG} -DPIC 
${SHARED_CFLAGS:C/^-fstack-protector.*$//:C/^-fsanitize.*$//} 
${CFLAGS:C/^-fstack-protector.*$//:C/^-fsanitize.*$//} -c ${.IMPSRC} -o 
${.TARGET}
+   ${CC} ${PICFLAG} -DPIC 
${SHARED_CFLAGS:C/^-fstack-protector.*$//:C/^-fstack-clash-protection.*$//:C/^-fsanitize.*$//}
 
${CFLAGS:C/^-fstack-protector.*$//:C/^-fstack-clash-protection.*$//:C/^-fsanitize.*$//}
 -c ${.IMPSRC} -o ${.TARGET}
${CTFCONVERT_CMD}
 
 .c.pieo:
@@ -184,7 +184,7 @@ PO_FLAG=-pg
${CXX} ${PICFLAG} -DPIC ${SHARED_CXXFLAGS} ${CXXFLAGS} -c ${.IMPSRC} -o 
${.TARGET}
 
 .cc.nossppico .C.nossppico .cpp.nossppico .cxx.nossppico:
-   ${CXX} ${PICFLAG} -DPIC 
${SHARED_CXXFLAGS:C/^-fstack-protector.*$//:C/^-fsanitize.*$//} 
${CXXFLAGS:C/^-fstack-protector.*$//:C/^-fsanitize.*$//} -c ${.IMPSRC} -o 
${.TARGET}
+   ${CXX} ${PICFLAG} -DPIC 
${SHARED_CXXFLAGS:C/^-fstack-protector.*$//:C/^-fstack-clash-protection.*$//:C/^-fsanitize.*$//}
 
${CXXFLAGS:C/^-fstack-protector.*$//:C/^-fstack-clash-protection.*$//:C/^-fsanitize.*$//}
 -c ${.IMPSRC} -o ${.TARGET}
 
 .cc.pieo .C.pieo .cpp.pieo .cxx.pieo:
${CXX} ${PIEFLAG} ${SHARED_CXXFLAGS} ${CXXFLAGS} -c ${.IMPSRC} -o 
${.TARGET}
@@ -198,7 +198,7 @@ PO_FLAG=-pg
${CTFCONVERT_CMD}
 
 .f.nossppico:
-   ${FC} ${PICFLAG} -DPIC ${FFLAGS:C/^-fstack-protector.*$//} -o 
${.TARGET} -c ${.IMPSRC}
+   ${FC} ${PICFLAG} -DPIC 
${FFLAGS:C/^-fstack-protector.*$//:C/^-fstack-clash-protection.*$//} -o 
${.TARGET} -c ${.IMPSRC}
${CTFCONVERT_CMD}
 
 .s.po .s.pico .s.nossppico .s.pieo:
@@ -217,7 +217,7 @@ PO_FLAG=-pg
 
 .asm.nossppico:
${CC:N${CCACHE_BIN}} -x assembler-with-cpp 

git: e91117fa8ed2 - main - Improve the stack clash protection description.

2025-01-29 Thread Alexander Leidinger
The branch main has been updated by netchild:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=e91117fa8ed2d00ae520454d6fecfce8abae0664

commit e91117fa8ed2d00ae520454d6fecfce8abae0664
Author: Alexander Leidinger 
AuthorDate: 2025-01-29 08:32:00 +
Commit: Alexander Leidinger 
CommitDate: 2025-01-29 13:39:24 +

Improve the stack clash protection description.

Despite not being mentioned in the docs of gcc and clang, the stack
clash protection is architecture / implementation dependent.
Reported by:jrtc27
---
 share/man/man7/mitigations.7 | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/share/man/man7/mitigations.7 b/share/man/man7/mitigations.7
index 4db6589cdcf1..c3c6ab55c480 100644
--- a/share/man/man7/mitigations.7
+++ b/share/man/man7/mitigations.7
@@ -28,7 +28,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd January 25, 2025
+.Dd January 29, 2025
 .Dt MITIGATIONS 7
 .Os
 .Sh NAME
@@ -244,8 +244,9 @@ and it is possible that some applications may not function 
correctly.
 .Fx
 supports stack overflow protection using the Stack Smashing Protector
 .Pq SSP
-compiler feature,
-and stack clash protection.
+compiler feature.
+Stack clash protection is also enabled,
+if supported by the compiler for the given architecture.
 In userland, SSP adds a per-process randomized canary at the end of every stack
 frame which is checked for corruption upon return from the function,
 and stack probing in



Re: git: f934e629dc22 - main - Add stack clash protection to the WITH_SSP flag

2025-01-29 Thread Alexander Leidinger

Am 2025-01-28 14:42, schrieb Ed Maste:
On Sun, 26 Jan 2025 at 07:38, Alexander Leidinger 
 wrote:


Am 2025-01-25 20:21, schrieb Jessica Clarke:

> It looks like with Clang we end up using -Qunused-arguments so the
> warning/error is suppressed. That at least means the build doesn’t
> fail, which I suppose is good, but I’m not sure we should be promising
> that WITH_SSP will protect against stack clash then having the compiler
> silently emit unprotected code (for which we’re to blame, by telling it
> to ignore the fact it’s not supported). This at least needs to be
> documented that the protection will only be provided if supported by
> the compiler.


I suppose we should add support for stack clash to COMPILER_FEATURES
in bsd.compiler.mk and add the flag only if supported.


I will submit a review for this later (testing some arch limits for 
zeroregs at the same time, seems it has similar restrictions).



function correctly.
  supports stack overflow protection using the Stack Smashing 
Protector

  .Pq SSP
  compiler feature,
-and stack clash protection.
+and stack clash protection (if supported by the compiler for the 
given

architecture).


To make it explicitly clear that the "if supported" applies only to
stack clash protection, maybe make it a separate sentence.

... SSP compiler feature. Stack clash protection is also enabled, if
supported by the compiler for the given architecture.

Looks good to me either way.


Committed.

Bye,
Alexander.

--
http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.orgnetch...@freebsd.org  : PGP 0x8F31830F9F2772BF


signature.asc
Description: OpenPGP digital signature


git: 2a44cccd404d - main - Add option to clear caller-used registers on function return.

2025-01-22 Thread Alexander Leidinger
The branch main has been updated by netchild:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=2a44cccd404d94c273c78e279df3fdc5531d25a2

commit 2a44cccd404d94c273c78e279df3fdc5531d25a2
Author: Alexander Leidinger 
AuthorDate: 2025-01-11 12:48:50 +
Commit: Alexander Leidinger 
CommitDate: 2025-01-22 18:33:23 +

Add option to clear caller-used registers on function return.

The WITH_ZEROREGS option for src.conf will zero caller-used register
contents just before returning from a function, ensuring that
temporary values are not leaked beyond the function boundary. This
means that register contents are less likely to be available for side
channel attacks and information exposures.

It reduces all except 1 of the simple "write-what-where" ROP gadgets in
/lib:
grep "Gadget found" /tmp/before_lib* | wc -l
 197
grep "Gadget found" /tmp/after_lib* | wc -l
   1
grep "Gadget found" /tmp/after_lib*
/tmp/after_libbsdxml.so.4.txt:  [+] Gadget found: 0x1b3f1 mov qword ptr 
[rdi], rcx ; pop rbp ; ret

To reproduce:
for lib in *.so.*; do
echo $lib:
ROPgadget --ropchain --binary /tmp/be_mount.Sx87/lib/$lib | sed -n 
'/Step 1/,/Step 2/p' >! /tmp/before_$lib.txt
ROPgadget --ropchain --binary $lib | sed -n '/Step 1/,/Step 2/p' >! 
 /tmp/after_$lib.txt
done

Additionally, in some cases this reduces the number of all ROP gadgets
(quick check with /libs only):
libalias.so.7: reduction 10.000%
libavl.so.2: reduction 13.900%
libbsdxml.so.4: reduction 37.500%
libc.so.7: reduction 10.000%
libc++.so.1: reduction 14.800%
libcam.so.7: reduction 50.700%
libcap_netdb.so.1: reduction 5.800%
libcasper.so.1: reduction 14.600%
libcrypto.so.30: reduction 7.500%
libdtrace.so.2: reduction 3.900%
libelf.so.2: reduction 15.800%
libgcc_s.so.1: reduction 32.700%
libibverbs.so.1: reduction 5.300%
libicp.so.3: reduction 2.100%
libipt.so.0: reduction 28.200%
libirdma.so.1: reduction 1.600%
libkiconv.so.4: reduction 0%
libm.so.5: reduction 21.900%
libmd.so.6: reduction 0%
libmd.so.7: reduction 3.100%
libncursesw.so.9: reduction 11.200%
libnvpair.so.2: reduction 40.200%
libpcap.so.8: reduction 11.400%
libpjdlog.so.0: reduction 27.400%
libsbuf.so.6: reduction 2.900%
libspl.so.2: reduction 42.300%
libsys.so.7: reduction 2.700%
libthr.so.3: reduction 21.000%
libuutil.so.2: reduction 13.100%
libz.so.6: reduction 5.600%
libzpool.so.2: reduction 15.100%

In some cases it adds some ROP gadgets despite removing the simple ROP
gadgets:
lib80211.so.1: reduction -32.700%
libbe.so.1: reduction -22.300%
libbegemot.so.4: reduction -20.500%
libcap_dns.so.2: reduction -58.000%
libcap_fileargs.so.1: reduction -28.200%
libcap_grp.so.1: reduction -54.000%
libcap_net.so.1: reduction -28.800%
libcap_pwd.so.1: reduction -38.800%
libcap_sysctl.so.2: reduction -71.100%
libcap_syslog.so.1: reduction -15.000%
libcrypt.so.5: reduction -14.600%
libctf.so.2: reduction -.300%
libcxxrt.so.1: reduction -14.000%
libdevstat.so.7: reduction -1.600%
libedit.so.8: reduction -4.200%
libgeom.so.5: reduction -16.500%
libicp_rescue.so.3: reduction -2.300%
libipsec.so.4: reduction -31.800%
libjail.so.1: reduction -21.700%
libkvm.so.7: reduction -5.300%
libmlx5.so.1: reduction -6.300%
libmt.so.5: reduction -23.000%
libnv.so.1: reduction -.400%
librss.so.1: reduction -3.800%
librt.so.1: reduction -24.000%
libssp.so.0: reduction -21.100%
libstats.so.0: reduction -9.000%
libtinfow.so.9: reduction -3.500%
libtpool.so.2: reduction -36.500%
libufs.so.8: reduction -11.900%
libulog.so.0: reduction -67.400%
libumem.so.2: reduction -2.000%
libutil.so.9: reduction -7.200%
libxo.so.0: reduction -9.000%
libzdb.so.2: reduction -11.700%
libzfs_core.so.2: reduction -17.700%
libzfs.so.4: reduction -.300%
libzfsbootenv.so.1: reduction -26.900%
libzutil.so.2: reduction -5.600%

To reproduce:
for lib in *.so.*; do
echo -n $lib:
before="$(ROPgadget --nosys --nojop --binary 
/tmp/be_mount.Sx87/lib/$lib | tail -n1 | cut -d : -f 2)"
after="$(ROPgadget --nosys --nojop --binary $lib | tail -n1 | cut 
-d : -f 2)"
echo " reduction" $(bc -S 3 -e "(1-${after}/${before})*100")%
done >/tmp/reduction.txt

Most of the time the size difference is very small (<1% for >50% of the
files and >10% for only 2 files):
lib80211.so.1: size change .100%
libalias.so.7: size change 0%
libavl.so.2: size change 0%
libbe.so.1: size change .100%
libbegemot.so.4: siz

Re: git: 2a44cccd404d - main - Add option to clear caller-used registers on function return.

2025-01-22 Thread Alexander Leidinger

Am 2025-01-22 19:39, schrieb Alexander Leidinger:

The branch main has been updated by netchild:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=2a44cccd404d94c273c78e279df3fdc5531d25a2


commit 2a44cccd404d94c273c78e279df3fdc5531d25a2
Author: Alexander Leidinger 
AuthorDate: 2025-01-11 12:48:50 +
Commit: Alexander Leidinger 
CommitDate: 2025-01-22 18:33:23 +

Add option to clear caller-used registers on function return.


I forgot to add: https://reviews.freebsd.org/D48427

Bye,
Alexander.

--
http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.orgnetch...@freebsd.org  : PGP 0x8F31830F9F2772BF


signature.asc
Description: OpenPGP digital signature


git: f934e629dc22 - main - Add stack clash protection to the WITH_SSP flag

2025-01-25 Thread Alexander Leidinger
The branch main has been updated by netchild:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=f934e629dc22b859efabd3cdebc23b63b04fa2bb

commit f934e629dc22b859efabd3cdebc23b63b04fa2bb
Author: Alexander Leidinger 
AuthorDate: 2025-01-25 12:43:39 +
Commit: Alexander Leidinger 
CommitDate: 2025-01-25 12:45:53 +

Add stack clash protection to the WITH_SSP flag

Some background info availabe in:

https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html

https://developers.redhat.com/blog/2020/05/22/stack-clash-mitigation-in-gcc-part-3
https://blog.llvm.org/posts/2021-01-05-stack-clash-protection/

Reviewed by:emaste
Differential Revision:  https://reviews.freebsd.org/D48651
---
 share/man/man7/mitigations.7 | 14 ++
 share/mk/bsd.sys.mk  |  2 +-
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/share/man/man7/mitigations.7 b/share/man/man7/mitigations.7
index c487e4e1000b..4db6589cdcf1 100644
--- a/share/man/man7/mitigations.7
+++ b/share/man/man7/mitigations.7
@@ -28,7 +28,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd July 23, 2024
+.Dd January 25, 2025
 .Dt MITIGATIONS 7
 .Os
 .Sh NAME
@@ -244,9 +244,13 @@ and it is possible that some applications may not function 
correctly.
 .Fx
 supports stack overflow protection using the Stack Smashing Protector
 .Pq SSP
-compiler feature.
+compiler feature,
+and stack clash protection.
 In userland, SSP adds a per-process randomized canary at the end of every stack
-frame which is checked for corruption upon return from the function.
+frame which is checked for corruption upon return from the function,
+and stack probing in
+.Dv PAGE_SIZE
+chunks.
 In the kernel, a single randomized canary is used globally except on aarch64,
 which has a
 .Dv PERTHREAD_SSP
@@ -264,7 +268,9 @@ When
 .Va WITH_SSP
 is enabled, which is the default, world is built with the
 .Fl fstack-protector-strong
-compiler option.
+and
+.Fl fstack-clash-protection
+compiler options.
 The kernel is built with the
 .Fl fstack-protector
 option.
diff --git a/share/mk/bsd.sys.mk b/share/mk/bsd.sys.mk
index 63774e857167..06f8e6e9fe78 100644
--- a/share/mk/bsd.sys.mk
+++ b/share/mk/bsd.sys.mk
@@ -304,7 +304,7 @@ CXXFLAGS.clang+= -Wno-c++11-extensions
 FORTIFY_SOURCE?=   0
 .if ${MK_SSP} != "no"
 # Don't use -Wstack-protector as it breaks world with -Werror.
-SSP_CFLAGS?=   -fstack-protector-strong
+SSP_CFLAGS?=   -fstack-protector-strong -fstack-clash-protection
 CFLAGS+=   ${SSP_CFLAGS}
 .endif # SSP
 .if ${FORTIFY_SOURCE} > 0



Re: git: f934e629dc22 - main - Add stack clash protection to the WITH_SSP flag

2025-01-26 Thread Alexander Leidinger

Am 2025-01-25 20:21, schrieb Jessica Clarke:


It looks like with Clang we end up using -Qunused-arguments so the
warning/error is suppressed. That at least means the build doesn’t
fail, which I suppose is good, but I’m not sure we should be promising
that WITH_SSP will protect against stack clash then having the compiler
silently emit unprotected code (for which we’re to blame, by telling it
to ignore the fact it’s not supported). This at least needs to be
documented that the protection will only be provided if supported by
the compiler.


Like this?

diff --git share/man/man7/mitigations.7 share/man/man7/mitigations.7
index 4db6589cdcf1..82a8e3a2c1c2 100644
--- share/man/man7/mitigations.7
+++ share/man/man7/mitigations.7
@@ -28,7 +28,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
OF

 .\" SUCH DAMAGE.
 .\"
-.Dd January 25, 2025
+.Dd January 26, 2025
 .Dt MITIGATIONS 7
 .Os
 .Sh NAME
@@ -245,7 +245,7 @@ and it is possible that some applications may not 
function correctly.

 supports stack overflow protection using the Stack Smashing Protector
 .Pq SSP
 compiler feature,
-and stack clash protection.
+and stack clash protection (if supported by the compiler for the given 
architecture).
 In userland, SSP adds a per-process randomized canary at the end of 
every stack

 frame which is checked for corruption upon return from the function,
 and stack probing in

Bye,
Alexander.
--
http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.orgnetch...@freebsd.org  : PGP 0x8F31830F9F2772BF


signature.asc
Description: OpenPGP digital signature


git: 582c8de016f8 - main - Fix the date for the ROCKCHIP option.

2025-01-27 Thread Alexander Leidinger
The branch main has been updated by netchild:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=582c8de016f88c74eab5b34ba3764c18df4c36e0

commit 582c8de016f88c74eab5b34ba3764c18df4c36e0
Author: Alexander Leidinger 
AuthorDate: 2025-01-27 19:57:52 +
Commit: Alexander Leidinger 
CommitDate: 2025-01-27 19:58:52 +

Fix the date for the ROCKCHIP option.
---
 UPDATING | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/UPDATING b/UPDATING
index 3eccd089d808..7329837c48ee 100644
--- a/UPDATING
+++ b/UPDATING
@@ -27,7 +27,7 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 15.x IS SLOW:
world, or to merely disable the most expensive debugging functionality
at runtime, run "ln -s 'abort:false,junk:false' /etc/malloc.conf".)
 
-20240106:
+20250106:
A new SOC_ROCKCHIP options appeared, so if you have a custom kernel 
configuration
targetting Rockchip SoC you need to add it so shared and mandatory 
drivers for
this SoC familly will be selected.



Re: git: f934e629dc22 - main - Add stack clash protection to the WITH_SSP flag

2025-01-25 Thread Alexander Leidinger

Am 2025-01-25 19:32, schrieb Jessica Clarke:
On 25 Jan 2025, at 13:08, Alexander Leidinger  
wrote:


The branch main has been updated by netchild:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=f934e629dc22b859efabd3cdebc23b63b04fa2bb


commit f934e629dc22b859efabd3cdebc23b63b04fa2bb
Author: Alexander Leidinger 
AuthorDate: 2025-01-25 12:43:39 +
Commit: Alexander Leidinger 
CommitDate: 2025-01-25 12:45:53 +

   Add stack clash protection to the WITH_SSP flag

   Some background info availabe in:
   
https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
   
https://developers.redhat.com/blog/2020/05/22/stack-clash-mitigation-in-gcc-part-3

   https://blog.llvm.org/posts/2021-01-05-stack-clash-protection/

   Reviewed by:emaste
   Differential Revision:  https://reviews.freebsd.org/D48651


Uh, it does require architecture-specific compiler support, which isn’t
implemented for all architectures in LLVM at least. RISC-V has only
recently (as in 1.5 months ago so not even released yet) gained
support, for example. So this is just going to spew out
-Wunused-command-line-argument warnings, and errors with -Werror, no?


The online docs for gcc 
(https://gcc.gnu.org/onlinedocs/gcc//Instrumentation-Options.html) tell 
this:

---snip---
Most targets do not fully support stack clash protection. However, on 
those targets -fstack-clash-protection will protect dynamic stack 
allocations. -fstack-clash-protection may also provide limited 
protection for static stack allocations if the target supports 
-fstack-check=specific.

---snip---

I read this as it should not spill such warnings. Additionally other 
options there are listed as limited to some architectures, but this one 
is not listed as such.


The online docs of clang 
(https://clang.llvm.org/docs/ClangCommandLineReference.html) do not 
limit this option for some architectures while for other options (e.g. 
-fzero-call-used-regs) it tells about architecture limits.


In a discussion on -current in November there was the opinion it may 
depend on run time support, as I've searched but I've read only that 
this option depends on stack guard pages in the kernel. I have not found 
info about any required run-time support in e.g. libc or such (like for 
-fstack-protector(-strong)).


If those docs are missing listing limits for this option, we can off 
course enable this with a little bit of code in bsd.compiler.mk only for 
those architectures where we do not get such warnings.


Bye,
Alexander.

--
http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.orgnetch...@freebsd.org  : PGP 0x8F31830F9F2772BF


signature.asc
Description: OpenPGP digital signature


git: 6fbd1bed6e7b - main - rc.subr: add ${svc}_svcj_ipaddrs option

2025-04-14 Thread Alexander Leidinger
The branch main has been updated by netchild:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=6fbd1bed6e7bf880a6cc579b06bdc6476983613a

commit 6fbd1bed6e7bf880a6cc579b06bdc6476983613a
Author: Lexi Winter 
AuthorDate: 2025-03-23 06:00:50 +
Commit: Alexander Leidinger 
CommitDate: 2025-04-14 13:11:06 +

rc.subr: add ${svc}_svcj_ipaddrs option

setting ${svc}_svcj_ipaddrs to a list of IP addresses causes rc.subr to
set ip6.addr and/or ip4.addr when starting the jail, restricting it to
those IP addresses rather than inheriting all IP addresses.

for example:

inetd_enable=YES
inetd_svcj=YES
inetd_svcj_options="net_basic"
inetd_svcj_ipaddrs="::1 127.0.0.1 2001:db8::1"

if not specified, the default value is unchanged (inherit all addresses
if networking is enabled).

Reviewed by:netchild
---
 libexec/rc/rc.subr   | 36 +---
 share/man/man5/rc.conf.5 | 35 ++-
 2 files changed, 55 insertions(+), 16 deletions(-)

diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr
index b7f8953012d7..29ed0eb05824 100644
--- a/libexec/rc/rc.subr
+++ b/libexec/rc/rc.subr
@@ -1196,7 +1196,8 @@ run_rc_command()
_prepend=\$${name}_prepend  
_login_class=\${${name}_login_class:-daemon} \
_limits=\$${name}_limits_oomprotect=\$${name}_oomprotect \
_setup=\$${name}_setup  _env_file=\$${name}_env_file \
-   _umask=\$${name}_umask  _svcj_options=\$${name}_svcj_options
+   _umask=\$${name}_umask  _svcj_options=\$${name}_svcj_options \
+   _svcj_ipaddrs=\$${name}_svcj_ipaddrs
 
if [ -n "$_env_file" ] && [ -r "${_env_file}" ]; then   # load env from 
file
set -a
@@ -1210,9 +1211,30 @@ run_rc_command()
fi
fi
 
-   if [ -n "$_svcj_options" ]; then# translate service jail options
-   _svcj_cmd_options=""
+   _svcj_ip="inherit"
+   _svcj_ip4_addrs=""
+   _svcj_ip6_addrs=""
+
+   for addr in $_svcj_ipaddrs; do
+   case $addr in
+   *:*) _svcj_ip6_addrs="$addr,${_svcj_ip6_addrs}" ;;
+   *) _svcj_ip4_addrs="$addr,${_svcj_ip4_addrs}" ;;
+   esac
+   done
+
+   _svcj_cmd_options=""
 
+   if [ -n "$_svcj_ip4_addrs" ]; then
+   _svcj_cmd_options="ip4.addr=${_svcj_ip4_addrs%*,} 
${_svcj_cmd_options}"
+   _svcj_ip="new"
+   fi
+
+   if [ -n "$_svcj_ip6_addrs" ]; then
+   _svcj_cmd_options="ip6.addr=${_svcj_ip6_addrs%*,} 
${_svcj_cmd_options}"
+   _svcj_ip="new"
+   fi
+
+   if [ -n "$_svcj_options" ]; then# translate service jail options
_svcj_sysvipc_x=0
for _svcj_option in $_svcj_options; do
case "$_svcj_option" in
@@ -1220,19 +1242,19 @@ run_rc_command()
_svcj_cmd_options="allow.mlock 
${_svcj_cmd_options}"
;;
netv4)
-   _svcj_cmd_options="ip4=inherit 
allow.reserved_ports ${_svcj_cmd_options}"
+   _svcj_cmd_options="ip4=${_svcj_ip} 
allow.reserved_ports ${_svcj_cmd_options}"
;;
netv6)
-   _svcj_cmd_options="ip6=inherit 
allow.reserved_ports ${_svcj_cmd_options}"
+   _svcj_cmd_options="ip6=${_svcj_ip} 
allow.reserved_ports ${_svcj_cmd_options}"
;;
net_basic)
-   _svcj_cmd_options="ip4=inherit 
ip6=inherit allow.reserved_ports ${_svcj_cmd_options}"
+   _svcj_cmd_options="ip4=${_svcj_ip} 
ip6=${_svcj_ip} allow.reserved_ports ${_svcj_cmd_options}"
;;
net_raw)
_svcj_cmd_options="allow.raw_sockets 
${_svcj_cmd_options}"
;;
net_all)
-   _svcj_cmd_options="allow.socket_af 
allow.raw_sockets allow.reserved_ports ip4=inherit ip6=inherit 
${_svcj_cmd_options}"
+   _svcj_cmd_options="allow.socket_af 
allow.raw_sockets allow.reserved_ports ip4=${_svcj_ip} ip6=${_svcj_ip} 
${_svcj_cmd_options}"
   

Re: git: 225639e7db68 - main - vt: Disable bell by default

2021-10-23 Thread Alexander Leidinger via dev-commits-src-all
Quoting Emmanuel Vadot  (from Fri, 22 Oct 2021  
22:55:40 +0200):



 I honestly thought that this setting was something that you setup once
when you installed a new machine (which doesn't happens very often) and
forget about it, you know another "ah crap yes I forgot about this, why
do we have such insane default. Oh well now that I disabled it locally
I don't have to think about it and won't change the default". Instead
this time I didn't say to myself that I won't change it and I did.


May I offer another perspective into this? Something outside of 0 and 1...

I wonder if it is really the default of bell=on is what is crap, or if  
the bug Warner found is what makes it crap, or if the frequency of the  
current setting is what makes it crap (or the two last items together).


Personally I dislike the bell, but not as much that I want to disable  
it. I don't mind to have it disabled (I simply enabled it directly in  
sysctl.conf even as I haven't updated to past the commit), as I think  
it gives usefull feedback. It may not give useful feedback in all  
cases where it goes off, but that's something we have influence on,  
don't we?


What I don't like about the bell is the noise it makes. So what about  
changing the noise it makes to something more pleasant and asking if  
this is better and maybe acceptable to those which don't like the bell?


I also think that disabling a feature you know it exists but you don't  
like is much more easy than to enable a feature you don't know exists.


Basically I question in this email the problem you want to solve by  
disabling the bell. Does it really need to be disabled, or would a  
change of the sound and volume make it acceptable for you (you = all  
people which complain or agree to "the current one is crap -> disable  
it"  which basically means we would need to make some kind of  
usability test what sounds better before deciding if it shall be  
disabled or not)?


For me the issue with the bell would be solved if it sounds "better"  
and is less loud. I assume we could even make it configurable to some  
extend (override a hardcoded frequency and volume with a sysctl).


Bye,
Alexander.

--
http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.orgnetch...@freebsd.org  : PGP 0x8F31830F9F2772BF