7f72497e emaste March 2, 2021, 2:09 a.m.
Parentheses added to HASZERO macro to avoid a GCC warning, and formatted
with clang-format as we have adopted these and don't consider them
'contrib' code.

Obtained from:	musl (snapshot at commit 4d0a82170a25)
Reviewed by:	kib (libc integration), mjg (both earlier)
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D17630
8742817b kib March 2, 2021, 12:19 a.m.
There are three issues with change that stopped truncating ea area before
write, and resulted in possible zero tail in the ea area:
- Truncate to zero checked i_ea_len after the reference was dropped,
  making the last drop effectively truncate to zero length always.
- Loop to fill uio for zeroing specified too large length, that triggered
  assert in normal situation.
- Integrity check could trip over the tail, instead we must allow
  partial header or header with zero length, and clamp ea image in
  memory at it.

Reported by:	arichardson
Tested by:	arichardson, pho
Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
Fixup:	5e198e7646a27412c0541719f7bf1bbc0bd89223
Differential Revision:	https://reviews.freebsd.org/D28999
a59e2982 mav March 1, 2021, 11:36 p.m.
MFC after:	1 week
a7d593dd emaste March 1, 2021, 10:37 p.m.
Cirrus-CI has been red for some time because we're running out of disk
space on the ephemeral GCP VMs.  For now remove the package + qemu boot,
and just check for build regressions.

This change to be reverted once we have identified and addressed the
underlying issue.

Sponsored by:	The FreeBSD Foundation
05b267e2 oshogbo March 1, 2021, 10:18 p.m.
In the 761d2bb5b9e70cf30f9c2dac62a47a2d2593e83f we added nojailvnet
keyword. The nojailvnet keyword is used to skip startup scripts in
jails that are run without VNET.

The service.sh was omitted in this commit. The service.sh
even documents that this is the same code as in rc - so lets reflect

Submitted by:	Adam Wołk <a.wolk@fudosecurity.com>
Sponsored by:	Fudo Security
94f2e42f rmacklem March 1, 2021, 8:49 p.m.
During a recent virtual NFSv4 testing event, a bug in the FreeBSD client
was detected when doing a File Layout pNFS DS I/O operation.
The size of the I/O operation was smaller than expected.
The I/O size is specified as a stripe unit size in bits 6->31 of nflh_util
in the layout.  I had misinterpreted RFC5661 and had shifted the value
right by 6 bits. The correct interpretation is to use the value as
presented (it is always an exact multiple of 64), clearing bits 0->5.
This patch fixes this.

Without the patch, I/O through the DSs work, but the I/O size is 1/64th
of what is optimal.

MFC after:	2 weeks
c88c1f23 arichardson March 1, 2021, 7:56 p.m.
It appears that the stackframe layout can be slightly different depending on
compiler and target architecture. For example, when using CHERI LLVM for RISC-V
we can actually overflow the buffer by up to 8 bytes without SSP detecting it.
Fix this by increasing the overflow to 15 bytes.

Reviewed By:	ngie, emaste
Differential Revision: https://reviews.freebsd.org/D28997
17cc2009 arichardson March 1, 2021, 7:56 p.m.
ATF now opens the results file (without CLOEXEC), so the child actually
has a valid file descriptor 3. To fix this simply use a large number that
will definitely not be a valid file descriptor.

Reviewed by:	jhb, cem, lwhsu
Differential Revision: https://reviews.freebsd.org/D28889
10321314 arichardson March 1, 2021, 7:56 p.m.
I've run these tests many times in a loop on multiple architectures and
it works reliably for me, maybe it's time to retire these skips?
This also adds an additional waitpid to one of the tests to avoid
a potential race condition (suggested by markj@).

PR:		239397, 244056, 239425, 240510, 220841, 243605
Reviewed By:	markj
Differential Revision: https://reviews.freebsd.org/D28888
96a9e50e arichardson March 1, 2021, 7:55 p.m.
Mostly automatic, using
`CHILD_REQUIRE\(([^|&\n]*) ==` -> `CHILD_REQUIRE_EQ_INT($1,`
`ATF_REQUIRE\(([^|&\n]*) ==` -> `REQUIRE_EQ_INT($1,` followed by
git-clang-format -f and then manually checking ones that contain ||/&&.

Test Plan:
Still getting the same failure but now it prints
`psr.sr_error (0) == EBADF (9) not met` instead of just failing
without printing the values.

PR:		243605
Reviewed By:	jhb
Differential Revision: https://reviews.freebsd.org/D28887
60c4ec80 kevans March 1, 2021, 6:38 p.m.
The default behavior for attaching processes to jails is that the jail's
cpuset augments the attaching processes, so that it cannot be used to
escalate a user's ability to take advantage of more CPUs than the
administrator wanted them to.

This is problematic when root needs to manage jails that have disjoint
sets with whatever process is attaching, as this would otherwise result
in a deadlock. Therefore, if we did not have an appropriate common
subset of cpus/domains for our new policy, we now allow the process to
simply take on the jail set *if* it has the privilege to widen its mask

With the new logic, root can still usefully cpuset a process that
attaches to a jail with the desire of maintaining the set it was given
pre-attachment while still retaining the ability to manage child jails
without jumping through hoops.

A test has been added to demonstrate the issue; cpuset of a process
down to just the first CPU and attempting to attach to a jail without
access to any of the same CPUs previously resulted in EDEADLK and now
results in taking on the jail's mask for privileged users.

PR:		253724
Reviewed by:	jamie (also discussed with)
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D28952
af11c202 emaste March 1, 2021, 4:54 p.m.
CI runs have been encountering disk full errors.  Add a `df` invocation
so that we can see what we're working with.
0b0f8b35 rscheff March 1, 2021, 3:26 p.m.
Reviewed By:	#transport, tuexen
MFC after:	3 days
Sponsored by:	NetApp, Inc.
Differential Revision:	https://reviews.freebsd.org/D28998
066dab17 jrtc27 March 1, 2021, 3:19 p.m.
95da5e13 bapt March 1, 2021, 3:01 p.m.
dialog.h defines MIN and MAX (making sure to undefine the previous
macros if it already exists), but sys/param.h also defines those
macros (without guards) and is included after dialog.h resulting
in both gcc and clang complaining about macro redefiniton

While clang do accept -Wno-macro-redefined to ignore the redefinition
warning, gcc does not [1]

Undefine both macros prior inclusion of sys/param.h to avoid the warning

Reported by:	arichardson