From nobody Sun May 21 20:03:04 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QPWj474P8z4CQ0B;
	Sun, 21 May 2023 20:03:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QPWj46t66z44W8;
	Sun, 21 May 2023 20:03:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1684699384;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=KVrZeX7ULZqsxXzObAXHMPmu2bCW1OTLaqydbiJVvog=;
	b=VWtsd2RgpWLxjrEBuo6ICvuUB9WJYGXkP1jF9KMci+T8meaH0g/GhRr6gp+CZn3bx9XlFe
	Ia1D2PvlF8OnGk/67wCGNREuhmRptlhB0v/opN/8neP7qnS6ex3ZvDG5w17S9LxZLfVujO
	rTCi/nGtKNmx8lCOd6iIBFPYvKO1vosfI8ogLLeQjECliJSteJdIYVMZoHHd7XRVIyD1CD
	HTc+CdcEL2CXdP1FZ4XtKsBADWWL6Ixp2UgQ558Pu69FAYK/61O3iArtp6M/KZaQkI/6wk
	iSdRcMM/GA5idJdwiV+IIY+wBec+wtU6ErfEGyRiK1B/1CcmBJjU+4YrDvrqWw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1684699384;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=KVrZeX7ULZqsxXzObAXHMPmu2bCW1OTLaqydbiJVvog=;
	b=KUXW4WVzD3HW+cnw9P15sRK4s0csgtsNJjtUE4C1hgdDXdCl/Qig8DYLwd7cF0kaFjptY8
	AO3obEfSwAhZnetJQn/cTe4UIZDDUpQ6iuZcQCDdVAQ1apHjk/tKtK03/eac2uodSMY5ZE
	0SGjOb809JccaFjHL8OrMtpAbfsSfJk6kfJ423eQVYZMOxjwZj4RahecUoVMQkKJmj11Su
	SviTKL4GE9YXTogNmDKGSS3X+Nl+kOOyQv4JX6492Z/D54hjIAQxwye42wp6RCF7Gp5r0y
	XazTp/JqiUpOzKWV3Zcw9Wc6M1gIHdA23a/6nGN80iPn4+kLnksA+DKY1CPsuA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1684699384; a=rsa-sha256; cv=none;
	b=dyGk67oNIk6CoR4CSdQH0z3pzz4hXk8j5m5r3GiSVumTSh9f+ihhPkSaiGgWvdMtsThNcT
	z6hhBUBWH3Nkz2OF6rRinTYDuY8uE7pn0micCg1/e2SmFgSNy3KZI7q5YTXXUaifjOWtmq
	7jVa4tp5hnyrq7iOcvV5hTCXVdXsTBrtNvdNRPGlyGpqQyyPWiJVyBJhR5VCWwo3vqctJL
	tnsVZcU+pKo0c+5KbXnWkuSpSLn1ZFYO2VWjhC1C+DLUbEKoscMLq7gwioFObMvjzgGVat
	yY0SL1r54K+yhbA5JwkKCdoqQpWTQJLekX6DVW6I5gK93I02k68KdyNlrPyPRA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QPWj45xltz14f9;
	Sun, 21 May 2023 20:03:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34LK34Na028855;
	Sun, 21 May 2023 20:03:04 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34LK349X028854;
	Sun, 21 May 2023 20:03:04 GMT
	(envelope-from git)
Date: Sun, 21 May 2023 20:03:04 GMT
Message-Id: <202305212003.34LK349X028854@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: 5832d5f03e0f - stable/13 - vfs_export: Add mnt_exjail to control exports done in prisons
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 5832d5f03e0f2626818a9f39df63840289fdfa88
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=5832d5f03e0f2626818a9f39df63840289fdfa88

commit 5832d5f03e0f2626818a9f39df63840289fdfa88
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-02-21 21:00:42 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-05-21 19:58:14 +0000

    vfs_export: Add mnt_exjail to control exports done in prisons
    
    If there are multiple instances of mountd(8) (in different
    prisons), there will be confusion if they manipulate the
    exports of the same file system.  This patch adds mnt_exjail
    to "struct mount" so that the credentials (and, therefore,
    the prison) that did the exports for that file system can
    be recorded.  If another prison has already exported the
    file system, vfs_export() will fail with an error.
    If mnt_exjail == NULL, the file system has not been exported.
    mnt_exjail is checked by the NFS server, so that exports done
    from within a different prison will not be used.
    
    The patch also implements vfs_exjail_destroy(), which is
    called from prison_cleanup() to release all the mnt_exjail
    credential references, so that the prison can be removed.
    Mainly to avoid doing a scan of the mountlist for the case
    where there were no exports done from within the prison,
    a count of how many file systems have been exported from
    within the prison is kept in pr_exportcnt.
    
    Changing the new argument for vfs_export() to "int" and
    moving the prototype for vfs_exjail_delete() to jail.h
    were both necessary to allow libprocstat to build.
    
    (cherry picked from commit 88175af8b75ea8850757cc9dca68b6d336b82675)
---
 sys/fs/nfsserver/nfs_nfsdport.c |  24 ++++--
 sys/kern/kern_jail.c            |   1 +
 sys/kern/vfs_export.c           | 164 +++++++++++++++++++++++++++++++++++++++-
 sys/kern/vfs_mount.c            |   9 ++-
 sys/sys/jail.h                  |   4 +-
 sys/sys/mount.h                 |   4 +-
 6 files changed, 192 insertions(+), 14 deletions(-)

diff --git a/sys/fs/nfsserver/nfs_nfsdport.c b/sys/fs/nfsserver/nfs_nfsdport.c
index 4247177a3fc0..e75c238b7117 100644
--- a/sys/fs/nfsserver/nfs_nfsdport.c
+++ b/sys/fs/nfsserver/nfs_nfsdport.c
@@ -3270,8 +3270,16 @@ nfsvno_checkexp(struct mount *mp, struct sockaddr *nam, struct nfsexstuff *exp,
 {
 	int error;
 
-	error = VFS_CHECKEXP(mp, nam, &exp->nes_exflag, credp,
-	    &exp->nes_numsecflavor, exp->nes_secflavors);
+	error = 0;
+	*credp = NULL;
+	MNT_ILOCK(mp);
+	if (mp->mnt_exjail == NULL ||
+	    mp->mnt_exjail->cr_prison != curthread->td_ucred->cr_prison)
+		error = EACCES;
+	MNT_IUNLOCK(mp);
+	if (error == 0)
+		error = VFS_CHECKEXP(mp, nam, &exp->nes_exflag, credp,
+		    &exp->nes_numsecflavor, exp->nes_secflavors);
 	if (error) {
 		if (NFSD_VNET(nfs_rootfhset)) {
 			exp->nes_exflag = 0;
@@ -3305,8 +3313,14 @@ nfsvno_fhtovp(struct mount *mp, fhandle_t *fhp, struct sockaddr *nam,
 		/* Make sure the server replies ESTALE to the client. */
 		error = ESTALE;
 	if (nam && !error) {
-		error = VFS_CHECKEXP(mp, nam, &exp->nes_exflag, credp,
-		    &exp->nes_numsecflavor, exp->nes_secflavors);
+		MNT_ILOCK(mp);
+		if (mp->mnt_exjail == NULL ||
+		    mp->mnt_exjail->cr_prison != curthread->td_ucred->cr_prison)
+			error = EACCES;
+		MNT_IUNLOCK(mp);
+		if (error == 0)
+			error = VFS_CHECKEXP(mp, nam, &exp->nes_exflag, credp,
+			    &exp->nes_numsecflavor, exp->nes_secflavors);
 		if (error) {
 			if (NFSD_VNET(nfs_rootfhset)) {
 				exp->nes_exflag = 0;
@@ -3476,7 +3490,7 @@ nfsrv_v4rootexport(void *argp, struct ucred *cred, struct thread *p)
 	struct nameidata nd;
 	fhandle_t fh;
 
-	error = vfs_export(NFSD_VNET(nfsv4root_mnt), &nfsexargp->export);
+	error = vfs_export(NFSD_VNET(nfsv4root_mnt), &nfsexargp->export, 0);
 	if ((nfsexargp->export.ex_flags & MNT_DELEXPORT) != 0)
 		NFSD_VNET(nfs_rootfhset) = 0;
 	else if (error == 0) {
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 622b9f6c7cb9..0203dcd0faf1 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -3035,6 +3035,7 @@ prison_cleanup(struct prison *pr)
 {
 	sx_assert(&allprison_lock, SA_XLOCKED);
 	mtx_assert(&pr->pr_mtx, MA_NOTOWNED);
+	vfs_exjail_delete(pr);
 	shm_remove_prison(pr);
 	(void)osd_jail_call(pr, PR_METHOD_REMOVE, NULL);
 }
diff --git a/sys/kern/vfs_export.c b/sys/kern/vfs_export.c
index cab37ce205ad..e9676799062f 100644
--- a/sys/kern/vfs_export.c
+++ b/sys/kern/vfs_export.c
@@ -52,6 +52,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/mbuf.h>
 #include <sys/mount.h>
 #include <sys/mutex.h>
+#include <sys/proc.h>
 #include <sys/rmlock.h>
 #include <sys/refcount.h>
 #include <sys/signalvar.h>
@@ -296,12 +297,18 @@ vfs_free_addrlist(struct netexport *nep)
  * and the passed in netexport.
  * Struct export_args *argp is the variable used to twiddle options,
  * the structure is described in sys/mount.h
+ * The do_exjail argument should be true if *mp is in the mountlist
+ * and false if not.  It is not in the mountlist for the NFSv4 rootfs
+ * fake mount point just used for exports.
  */
 int
-vfs_export(struct mount *mp, struct export_args *argp)
+vfs_export(struct mount *mp, struct export_args *argp, int do_exjail)
 {
 	struct netexport *nep;
+	struct ucred *cr;
+	struct prison *pr;
 	int error;
+	bool new_nep;
 
 	if ((argp->ex_flags & (MNT_DELEXPORT | MNT_EXPORTED)) == 0)
 		return (EINVAL);
@@ -312,6 +319,7 @@ vfs_export(struct mount *mp, struct export_args *argp)
 		return (EINVAL);
 
 	error = 0;
+	pr = curthread->td_ucred->cr_prison;
 	lockmgr(&mp->mnt_explock, LK_EXCLUSIVE, NULL);
 	nep = mp->mnt_export;
 	if (argp->ex_flags & MNT_DELEXPORT) {
@@ -319,6 +327,21 @@ vfs_export(struct mount *mp, struct export_args *argp)
 			error = ENOENT;
 			goto out;
 		}
+		MNT_ILOCK(mp);
+		if (mp->mnt_exjail != NULL && mp->mnt_exjail->cr_prison != pr &&
+		    pr == &prison0) {
+			MNT_IUNLOCK(mp);
+			/* EXDEV will not get logged by mountd(8). */
+			error = EXDEV;
+			goto out;
+		} else if (mp->mnt_exjail != NULL &&
+		    mp->mnt_exjail->cr_prison != pr) {
+			MNT_IUNLOCK(mp);
+			/* EPERM will get logged by mountd(8). */
+			error = EPERM;
+			goto out;
+		}
+		MNT_IUNLOCK(mp);
 		if (mp->mnt_flag & MNT_EXPUBLIC) {
 			vfs_setpublicfs(NULL, NULL, NULL);
 			MNT_ILOCK(mp);
@@ -330,18 +353,51 @@ vfs_export(struct mount *mp, struct export_args *argp)
 		free(nep, M_MOUNT);
 		nep = NULL;
 		MNT_ILOCK(mp);
+		cr = mp->mnt_exjail;
+		mp->mnt_exjail = NULL;
 		mp->mnt_flag &= ~(MNT_EXPORTED | MNT_DEFEXPORTED);
 		MNT_IUNLOCK(mp);
+		if (cr != NULL) {
+			atomic_subtract_int(&pr->pr_exportcnt, 1);
+			crfree(cr);
+		}
 	}
 	if (argp->ex_flags & MNT_EXPORTED) {
+		new_nep = false;
+		MNT_ILOCK(mp);
+		if (mp->mnt_exjail == NULL) {
+			MNT_IUNLOCK(mp);
+			if (do_exjail && nep != NULL) {
+				vfs_free_addrlist(nep);
+				memset(nep, 0, sizeof(*nep));
+				new_nep = true;
+			}
+		} else if (mp->mnt_exjail->cr_prison != pr) {
+			MNT_IUNLOCK(mp);
+			error = EPERM;
+			goto out;
+		} else
+			MNT_IUNLOCK(mp);
 		if (nep == NULL) {
-			nep = malloc(sizeof(struct netexport), M_MOUNT, M_WAITOK | M_ZERO);
+			nep = malloc(sizeof(struct netexport), M_MOUNT,
+			    M_WAITOK | M_ZERO);
 			mp->mnt_export = nep;
+			new_nep = true;
 		}
 		if (argp->ex_flags & MNT_EXPUBLIC) {
-			if ((error = vfs_setpublicfs(mp, nep, argp)) != 0)
+			if ((error = vfs_setpublicfs(mp, nep, argp)) != 0) {
+				if (new_nep) {
+					mp->mnt_export = NULL;
+					free(nep, M_MOUNT);
+				}
 				goto out;
+			}
+			new_nep = false;
 			MNT_ILOCK(mp);
+			if (do_exjail && mp->mnt_exjail == NULL) {
+				mp->mnt_exjail = crhold(curthread->td_ucred);
+				atomic_add_int(&pr->pr_exportcnt, 1);
+			}
 			mp->mnt_flag |= MNT_EXPUBLIC;
 			MNT_IUNLOCK(mp);
 		}
@@ -349,9 +405,18 @@ vfs_export(struct mount *mp, struct export_args *argp)
 			argp->ex_numsecflavors = 1;
 			argp->ex_secflavors[0] = AUTH_SYS;
 		}
-		if ((error = vfs_hang_addrlist(mp, nep, argp)))
+		if ((error = vfs_hang_addrlist(mp, nep, argp))) {
+			if (new_nep) {
+				mp->mnt_export = NULL;
+				free(nep, M_MOUNT);
+			}
 			goto out;
+		}
 		MNT_ILOCK(mp);
+		if (do_exjail && mp->mnt_exjail == NULL) {
+			mp->mnt_exjail = crhold(curthread->td_ucred);
+			atomic_add_int(&pr->pr_exportcnt, 1);
+		}
 		mp->mnt_flag |= MNT_EXPORTED;
 		MNT_IUNLOCK(mp);
 	}
@@ -371,6 +436,97 @@ out:
 	return (error);
 }
 
+/*
+ * Get rid of credential references for this prison.
+ */
+void
+vfs_exjail_delete(struct prison *pr)
+{
+	struct mount *mp;
+	struct ucred *cr;
+	int error, i;
+
+	/*
+	 * Since this function is called from prison_cleanup() after
+	 * all processes in the prison have exited, the value of
+	 * pr_exportcnt can no longer increase.  It is possible for
+	 * a dismount of a file system exported within this prison
+	 * to be in progress.  In this case, the file system is no
+	 * longer in the mountlist and the mnt_exjail will be free'd
+	 * by vfs_mount_destroy() at some time.  As such, pr_exportcnt
+	 * and, therefore "i", is the upper bound on the number of
+	 * mnt_exjail entries to be found by this function.
+	 */
+	i = atomic_load_int(&pr->pr_exportcnt);
+	KASSERT(i >= 0, ("vfs_exjail_delete: pr_exportcnt negative"));
+	if (i == 0)
+		return;
+	mtx_lock(&mountlist_mtx);
+tryagain:
+	TAILQ_FOREACH(mp, &mountlist, mnt_list) {
+		MNT_ILOCK(mp);
+		if (mp->mnt_exjail != NULL &&
+		    mp->mnt_exjail->cr_prison == pr) {
+			MNT_IUNLOCK(mp);
+			error = vfs_busy(mp, MBF_MNTLSTLOCK | MBF_NOWAIT);
+			if (error != 0) {
+				/*
+				 * If the vfs_busy() fails, we still want to
+				 * get rid of mnt_exjail for two reasons:
+				 * - a credential reference will result in
+				 *   a prison not being removed
+				 * - setting mnt_exjail NULL indicates that
+				 *   the exports are no longer valid
+				 * The now invalid exports will be deleted
+				 * when the file system is dismounted or
+				 * the file system is re-exported by mountd.
+				 */
+				cr = NULL;
+				MNT_ILOCK(mp);
+				if (mp->mnt_exjail != NULL &&
+				    mp->mnt_exjail->cr_prison == pr) {
+					cr = mp->mnt_exjail;
+					mp->mnt_exjail = NULL;
+				}
+				MNT_IUNLOCK(mp);
+				if (cr != NULL) {
+					crfree(cr);
+					i--;
+				}
+				if (i == 0)
+					break;
+				continue;
+			}
+			cr = NULL;
+			lockmgr(&mp->mnt_explock, LK_EXCLUSIVE, NULL);
+			MNT_ILOCK(mp);
+			if (mp->mnt_exjail != NULL &&
+			    mp->mnt_exjail->cr_prison == pr) {
+				cr = mp->mnt_exjail;
+				mp->mnt_exjail = NULL;
+				mp->mnt_flag &= ~(MNT_EXPORTED | MNT_DEFEXPORTED);
+				MNT_IUNLOCK(mp);
+				vfs_free_addrlist(mp->mnt_export);
+				free(mp->mnt_export, M_MOUNT);
+				mp->mnt_export = NULL;
+			} else
+				MNT_IUNLOCK(mp);
+			lockmgr(&mp->mnt_explock, LK_RELEASE, NULL);
+			if (cr != NULL) {
+				crfree(cr);
+				i--;
+			}
+			mtx_lock(&mountlist_mtx);
+			vfs_unbusy(mp);
+			if (i == 0)
+				break;
+			goto tryagain;
+		}
+		MNT_IUNLOCK(mp);
+	}
+	mtx_unlock(&mountlist_mtx);
+}
+
 /*
  * Set the publicly exported filesystem (WebNFS). Currently, only
  * one public filesystem is possible in the spec (RFC 2054 and 2055)
diff --git a/sys/kern/vfs_mount.c b/sys/kern/vfs_mount.c
index d5b137e7ffab..c43385b9736b 100644
--- a/sys/kern/vfs_mount.c
+++ b/sys/kern/vfs_mount.c
@@ -618,6 +618,11 @@ vfs_mount_destroy(struct mount *mp)
 #endif
 	if (mp->mnt_opt != NULL)
 		vfs_freeopts(mp->mnt_opt);
+	if (mp->mnt_exjail != NULL) {
+		atomic_subtract_int(&mp->mnt_exjail->cr_prison->pr_exportcnt,
+		    1);
+		crfree(mp->mnt_exjail);
+	}
 	if (mp->mnt_export != NULL) {
 		vfs_free_addrlist(mp->mnt_export);
 		free(mp->mnt_export, M_MOUNT);
@@ -1236,7 +1241,7 @@ vfs_domount_update(
 			} else
 				export_error = EINVAL;
 			if (export_error == 0)
-				export_error = vfs_export(mp, &export);
+				export_error = vfs_export(mp, &export, 1);
 			free(export.ex_groups, M_TEMP);
 			break;
 		case (sizeof(export)):
@@ -1258,7 +1263,7 @@ vfs_domount_update(
 			else
 				export_error = EINVAL;
 			if (export_error == 0)
-				export_error = vfs_export(mp, &export);
+				export_error = vfs_export(mp, &export, 1);
 			free(grps, M_TEMP);
 			break;
 		default:
diff --git a/sys/sys/jail.h b/sys/sys/jail.h
index f4d4e521d7de..eee971c3b5ce 100644
--- a/sys/sys/jail.h
+++ b/sys/sys/jail.h
@@ -190,7 +190,8 @@ struct prison {
 	int		 pr_enforce_statfs;		/* (p) statfs permission */
 	int		 pr_devfs_rsnum;		/* (p) devfs ruleset */
 	enum prison_state pr_state;			/* (q) state in life cycle */
-	int		 pr_spare[2];
+	volatile int	 pr_exportcnt;			/* (r) count of mount exports */
+	int		 pr_spare;
 	int		 pr_osreldate;			/* (c) kern.osreldate value */
 	unsigned long	 pr_hostid;			/* (p) jail hostid */
 	char		 pr_name[MAXHOSTNAMELEN];	/* (p) admin jail name */
@@ -468,6 +469,7 @@ void prison_racct_foreach(void (*callback)(struct racct *racct,
 struct prison_racct *prison_racct_find(const char *name);
 void prison_racct_hold(struct prison_racct *prr);
 void prison_racct_free(struct prison_racct *prr);
+void vfs_exjail_delete(struct prison *);
 
 #endif /* _KERNEL */
 #endif /* !_SYS_JAIL_H_ */
diff --git a/sys/sys/mount.h b/sys/sys/mount.h
index 9a69240ddba5..7049dc5f1d05 100644
--- a/sys/sys/mount.h
+++ b/sys/sys/mount.h
@@ -222,7 +222,7 @@ struct mount {
 	int		mnt_writeopcount;	/* (i) write syscalls pending */
 	struct vfsoptlist *mnt_opt;		/* current mount options */
 	struct vfsoptlist *mnt_optnew;		/* new options passed to fs */
-	u_int		mnt_pad0;		/* was mnt_maxsymlinklen */
+	struct ucred	*mnt_exjail;		/* (i) jail which did exports */
 	struct statfs	mnt_stat;		/* cache of filesystem stats */
 	struct ucred	*mnt_cred;		/* credentials of mounter */
 	void *		mnt_data;		/* private data */
@@ -986,7 +986,7 @@ int	vfs_setpublicfs			    /* set publicly exported fs */
 void	vfs_periodic(struct mount *, int);
 int	vfs_busy(struct mount *, int);
 int	vfs_export			 /* process mount export info */
-	    (struct mount *, struct export_args *);
+	    (struct mount *, struct export_args *, int);
 void	vfs_free_addrlist(struct netexport *);
 void	vfs_allocate_syncvnode(struct mount *);
 void	vfs_deallocate_syncvnode(struct mount *);

From nobody Sun May 21 20:06:34 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QPWn65qTxz4CQQ1;
	Sun, 21 May 2023 20:06:34 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QPWn656JTz44Tw;
	Sun, 21 May 2023 20:06:34 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1684699594;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=cCzPUAouCVxvr1DIGjr/MPMmJlauXSXncxnLJFzhqoQ=;
	b=iNgWF69txJsq9OMfOc32+kC8MTWVIwozAZ2Vz04Eaqx+PTHBfl/W4c2JAMKq8TMELqmNVy
	HpcB/MPN7B0FS5rfJszDoZS2r+jelT4a/O59pk6cH3vAPK88rpddWPCT/4MDvoGqwls2KG
	T51USpXX2JvLlLRD7QauilK1j5dYdkV0NnXwfWrCpHIJj1Et+0LrcSQpR3RCXzsHDVSAUi
	fcsCX6IBILLayVKxuHaKYwSw4GF8MNUoXCDH2XkWGfylq2b6uKTStSKsKybqlsK6gXjWtL
	Vw9IJ4ssAV6GfvwmxlOSMO0DSwPiyPNf/JAiyAfSTC3IG6sk0U7bFBdj54V+8Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1684699594;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=cCzPUAouCVxvr1DIGjr/MPMmJlauXSXncxnLJFzhqoQ=;
	b=jimK0i2mHsEknVx1aElSCQzu322aTbgiHU2B5oX2ALRelpDSMhqFGocn9gDEibiYY7sPi8
	LWY0p+kUZYtoN9MxJRi620CipDTe5Xd3Winj3iSIYM+Ekx/YW4HTqQ7SVjaVZTkHCyYVBN
	12aWn2lpCjFqLJXjKra3s56HMFmT79Urztahc8cnH3qIaXN4Z5F/KYEX8pI7W+XgVBAdG6
	kxJhwUzH6C8RlA6JDGhga+JNGkyMSNpDf8XQrITGkEV7Q1KEusQKo/GBQsZpt1HqBhoCVX
	rV3LtbFXX4O7bKfA+Ft2rG6TGBahh4FfyCxwi/Rx6bXFrEbnwMmdE33XjXZVIw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1684699594; a=rsa-sha256; cv=none;
	b=fn1y8i65ye1IPGBvvftK1LTaNdyoAS0nnGM/MQ/nG+3z98BhNs5d23ctKJLUsAWpJWt55F
	q/76aJrTpGo85FaTJNi5p5oUALWdl9SayTJ9Z6oIepdwYpByARZcYns/nGn7AL6pGCdoLM
	1bqrRnq5JfHAUkdws4DFaTaxFKzKAjBtg1w8dFS7u7xjxdvCfELWXl/ncU/3Ej7N/2ArnX
	D+cNA7tKgkmeZshSeV3pwHNV0fT7tSn1mx+9pWLVKppJNEiSHHCRq7K6SOcU6n0hKCDNec
	hqtvs8O2MwmCk3o/rpi6G7+3d1RTaaLWqBtKBebC9PqRLJYrKmx/GyzL6wMiyg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QPWn644h5z14t7;
	Sun, 21 May 2023 20:06:34 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34LK6Y5v029398;
	Sun, 21 May 2023 20:06:34 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34LK6YIn029397;
	Sun, 21 May 2023 20:06:34 GMT
	(envelope-from git)
Date: Sun, 21 May 2023 20:06:34 GMT
Message-Id: <202305212006.34LK6YIn029397@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: dc52667a928a - stable/13 - vfs_mount.c: Allow mountd(8) to do exports in a vnet prison
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: dc52667a928a40d85bf781e8fa9d9f2d0674ed52
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=dc52667a928a40d85bf781e8fa9d9f2d0674ed52

commit dc52667a928a40d85bf781e8fa9d9f2d0674ed52
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-03-02 21:09:01 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-05-21 20:03:48 +0000

    vfs_mount.c: Allow mountd(8) to do exports in a vnet prison
    
    To run mountd in a vnet prison, three checks in vfs_domount()
    and vfs_domount_update() related to doing exports needed
    to be changed, so that a file system visible within the
    prison but mounted outside the prison can be exported.
    
    I did all three in a minimal way, only changing the checks for
    the specific case of a process (typically mountd) doing exports
    within a vnet prison and not updating the mount point in other
    ways.  The changes are:
    - Ignore the error return from vfs_suser(), since the file
      system being mounted outside the prison will cause it to fail.
    - Use the priv_check(PRIV_NFS_DAEMON) for this specific case
      within a prison.
    - Skip the call to VFS_MOUNT(), since it will return an error,
      due to the "from" argument not being set correctly.  VFS_MOUNT()
      does not appear to do anything for the case of doing exports only.
    
    (cherry picked from commit 4bbbd5875d32f3cbe76235d90243f713eff9b9d0)
---
 sys/kern/vfs_mount.c | 107 ++++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 93 insertions(+), 14 deletions(-)

diff --git a/sys/kern/vfs_mount.c b/sys/kern/vfs_mount.c
index c43385b9736b..0b4b3d31cb10 100644
--- a/sys/kern/vfs_mount.c
+++ b/sys/kern/vfs_mount.c
@@ -76,7 +76,8 @@ __FBSDID("$FreeBSD$");
 #define	VFS_MOUNTARG_SIZE_MAX	(1024 * 64)
 
 static int	vfs_domount(struct thread *td, const char *fstype, char *fspath,
-		    uint64_t fsflags, struct vfsoptlist **optlist);
+		    uint64_t fsflags, bool jail_export,
+		    struct vfsoptlist **optlist);
 static void	free_mntarg(struct mntarg *ma);
 
 static int	usermount = 0;
@@ -663,7 +664,7 @@ vfs_donmount(struct thread *td, uint64_t fsflags, struct uio *fsoptions)
 	struct vfsopt *opt, *tmp_opt;
 	char *fstype, *fspath, *errmsg;
 	int error, fstypelen, fspathlen, errmsg_len, errmsg_pos;
-	bool autoro;
+	bool autoro, has_nonexport, jail_export;
 
 	errmsg = fspath = NULL;
 	errmsg_len = fspathlen = 0;
@@ -699,15 +700,37 @@ vfs_donmount(struct thread *td, uint64_t fsflags, struct uio *fsoptions)
 		goto bail;
 	}
 
+	/*
+	 * Check to see that "export" is only used with the "update", "fstype",
+	 * "fspath", "from" and "errmsg" options when in a vnet jail.
+	 * These are the ones used to set/update exports by mountd(8).
+	 * If only the above options are set in a jail that can run mountd(8),
+	 * then the jail_export argument of vfs_domount() will be true.
+	 * When jail_export is true, the vfs_suser() check does not cause
+	 * failure, but limits the update to exports only.
+	 * This allows mountd(8) running within the vnet jail
+	 * to export file systems visible within the jail, but
+	 * mounted outside of the jail.
+	 */
 	/*
 	 * We need to see if we have the "update" option
 	 * before we call vfs_domount(), since vfs_domount() has special
 	 * logic based on MNT_UPDATE.  This is very important
 	 * when we want to update the root filesystem.
 	 */
+	has_nonexport = false;
+	jail_export = false;
 	TAILQ_FOREACH_SAFE(opt, optlist, link, tmp_opt) {
 		int do_freeopt = 0;
 
+		if (jailed(td->td_ucred) &&
+		    strcmp(opt->name, "export") != 0 &&
+		    strcmp(opt->name, "update") != 0 &&
+		    strcmp(opt->name, "fstype") != 0 &&
+		    strcmp(opt->name, "fspath") != 0 &&
+		    strcmp(opt->name, "from") != 0 &&
+		    strcmp(opt->name, "errmsg") != 0)
+			has_nonexport = true;
 		if (strcmp(opt->name, "update") == 0) {
 			fsflags |= MNT_UPDATE;
 			do_freeopt = 1;
@@ -790,9 +813,10 @@ vfs_donmount(struct thread *td, uint64_t fsflags, struct uio *fsoptions)
 			fsflags |= MNT_SYNCHRONOUS;
 		else if (strcmp(opt->name, "union") == 0)
 			fsflags |= MNT_UNION;
-		else if (strcmp(opt->name, "export") == 0)
+		else if (strcmp(opt->name, "export") == 0) {
 			fsflags |= MNT_EXPORTED;
-		else if (strcmp(opt->name, "automounted") == 0) {
+			jail_export = true;
+		} else if (strcmp(opt->name, "automounted") == 0) {
 			fsflags |= MNT_AUTOMOUNTED;
 			do_freeopt = 1;
 		} else if (strcmp(opt->name, "nocover") == 0) {
@@ -822,7 +846,15 @@ vfs_donmount(struct thread *td, uint64_t fsflags, struct uio *fsoptions)
 		goto bail;
 	}
 
-	error = vfs_domount(td, fstype, fspath, fsflags, &optlist);
+	/*
+	 * If has_nonexport is true or the caller is not running within a
+	 * vnet prison that can run mountd(8), set jail_export false.
+	 */
+	if (has_nonexport || !jailed(td->td_ucred) ||
+	    !prison_check_nfsd(td->td_ucred))
+		jail_export = false;
+
+	error = vfs_domount(td, fstype, fspath, fsflags, jail_export, &optlist);
 	if (error == ENOENT) {
 		error = EINVAL;
 		if (errmsg != NULL)
@@ -840,7 +872,8 @@ vfs_donmount(struct thread *td, uint64_t fsflags, struct uio *fsoptions)
 		printf("%s: R/W mount failed, possibly R/O media,"
 		    " trying R/O mount\n", __func__);
 		fsflags |= MNT_RDONLY;
-		error = vfs_domount(td, fstype, fspath, fsflags, &optlist);
+		error = vfs_domount(td, fstype, fspath, fsflags, jail_export,
+		    &optlist);
 	}
 bail:
 	/* copyout the errmsg */
@@ -1114,6 +1147,7 @@ vfs_domount_update(
 	struct thread *td,		/* Calling thread. */
 	struct vnode *vp,		/* Mount point vnode. */
 	uint64_t fsflags,		/* Flags common to all filesystems. */
+	bool jail_export,		/* Got export option in vnet prison. */
 	struct vfsoptlist **optlist	/* Options local to the filesystem. */
 	)
 {
@@ -1125,6 +1159,7 @@ vfs_domount_update(
 	int error, export_error, i, len;
 	uint64_t flag;
 	gid_t *grps;
+	bool vfs_suser_failed;
 
 	ASSERT_VOP_ELOCKED(vp, __func__);
 	KASSERT((fsflags & MNT_UPDATE) != 0, ("MNT_UPDATE should be here"));
@@ -1153,7 +1188,20 @@ vfs_domount_update(
 	 * Only privileged root, or (if MNT_USER is set) the user that
 	 * did the original mount is permitted to update it.
 	 */
+	/*
+	 * For the case of mountd(8) doing exports in a jail, the vfs_suser()
+	 * call does not cause failure.  vfs_domount() has already checked
+	 * that "root" is doing this and vfs_suser() will fail when
+	 * the file system has been mounted outside the jail.
+	 * jail_export set true indicates that "export" is not mixed
+	 * with other options that change mount behaviour.
+	 */
+	vfs_suser_failed = false;
 	error = vfs_suser(mp, td);
+	if (jail_export && error != 0) {
+		error = 0;
+		vfs_suser_failed = true;
+	}
 	if (error != 0) {
 		vput(vp);
 		return (error);
@@ -1183,11 +1231,26 @@ vfs_domount_update(
 		error = EBUSY;
 		goto end;
 	}
-	mp->mnt_flag &= ~MNT_UPDATEMASK;
-	mp->mnt_flag |= fsflags & (MNT_RELOAD | MNT_FORCE | MNT_UPDATE |
-	    MNT_SNAPSHOT | MNT_ROOTFS | MNT_UPDATEMASK | MNT_RDONLY);
-	if ((mp->mnt_flag & MNT_ASYNC) == 0)
-		mp->mnt_kern_flag &= ~MNTK_ASYNC;
+	if (vfs_suser_failed) {
+		KASSERT((fsflags & (MNT_EXPORTED | MNT_UPDATE)) ==
+		    (MNT_EXPORTED | MNT_UPDATE),
+		    ("%s: jailed export did not set expected fsflags",
+		     __func__));
+		/*
+		 * For this case, only MNT_UPDATE and
+		 * MNT_EXPORTED have been set in fsflags
+		 * by the options.  Only set MNT_UPDATE,
+		 * since that is the one that would be set
+		 * when set in fsflags, below.
+		 */
+		mp->mnt_flag |= MNT_UPDATE;
+	} else {
+		mp->mnt_flag &= ~MNT_UPDATEMASK;
+		mp->mnt_flag |= fsflags & (MNT_RELOAD | MNT_FORCE | MNT_UPDATE |
+		    MNT_SNAPSHOT | MNT_ROOTFS | MNT_UPDATEMASK | MNT_RDONLY);
+		if ((mp->mnt_flag & MNT_ASYNC) == 0)
+			mp->mnt_kern_flag &= ~MNTK_ASYNC;
+	}
 	rootvp = vfs_cache_root_clear(mp);
 	MNT_IUNLOCK(mp);
 	mp->mnt_optnew = *optlist;
@@ -1198,7 +1261,17 @@ vfs_domount_update(
 	 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they
 	 * get.  No freeing of cn_pnbuf.
 	 */
-	error = VFS_MOUNT(mp);
+	/*
+	 * For the case of mountd(8) doing exports from within a vnet jail,
+	 * "from" is typically not set correctly such that VFS_MOUNT() will
+	 * return ENOENT. It is not obvious that VFS_MOUNT() ever needs to be
+	 * called when mountd is doing exports, but this check only applies to
+	 * the specific case where it is running inside a vnet jail, to
+	 * avoid any POLA violation.
+	 */
+	error = 0;
+	if (!jail_export)
+		error = VFS_MOUNT(mp);
 
 	export_error = 0;
 	/* Process the export option. */
@@ -1336,6 +1409,7 @@ vfs_domount(
 	const char *fstype,		/* Filesystem type. */
 	char *fspath,			/* Mount path. */
 	uint64_t fsflags,		/* Flags common to all filesystems. */
+	bool jail_export,		/* Got export option in vnet prison. */
 	struct vfsoptlist **optlist	/* Options local to the filesystem. */
 	)
 {
@@ -1353,7 +1427,11 @@ vfs_domount(
 	if (strlen(fstype) >= MFSNAMELEN || strlen(fspath) >= MNAMELEN)
 		return (ENAMETOOLONG);
 
-	if (jailed(td->td_ucred) || usermount == 0) {
+	if (jail_export) {
+		error = priv_check(td, PRIV_NFS_DAEMON);
+		if (error)
+			return (error);
+	} else if (jailed(td->td_ucred) || usermount == 0) {
 		if ((error = priv_check(td, PRIV_VFS_MOUNT)) != 0)
 			return (error);
 	}
@@ -1434,7 +1512,8 @@ vfs_domount(
 		}
 		free(pathbuf, M_TEMP);
 	} else
-		error = vfs_domount_update(td, vp, fsflags, optlist);
+		error = vfs_domount_update(td, vp, fsflags, jail_export,
+		    optlist);
 
 out:
 	NDFREE(&nd, NDF_ONLY_PNBUF);

From nobody Sun May 21 20:09:10 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QPWr71Jqxz4CQSn;
	Sun, 21 May 2023 20:09:11 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QPWr66LFVz44vm;
	Sun, 21 May 2023 20:09:10 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1684699750;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=RDuBrAd8e34goQDngL09GLiqNvIDmbLZGAlsdvr3ivE=;
	b=LesKUhGqzxRzPRsSPluowpQFL2fJOa7pviAAE+/8tugNS3/eZyikVTJZq3xWthMQZOrJue
	Gox8OQN7Qr+JqbTKZlg88W9hxMLKSYk1TTV8KPe27vDZ7/soWvNN/8YqRiW3li3Bub+DKy
	lppHkLVIMjuk5xGp4ax98v2YSQotQyB7vUfYf5BKjOuu85ZC+OU0jUVrgygOjxleIcoxRV
	VrwTUivQR2zi+LfZKq6ovAymT1bDRlQskUiyf3mNIx4s3O7jd78Gp1DwTRjnz+zpBgERC+
	SeHaaNL85LiuwpcQ2rLIQqy0kLQ5NH2/RrpQgdJIKkB3PoFGOESs690zadX/Xw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1684699750;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=RDuBrAd8e34goQDngL09GLiqNvIDmbLZGAlsdvr3ivE=;
	b=PozMnil4XE6tS2iHV+l7s23jpv4nEqDAb/Lseg31+SaDSZQ4Sh+2VG2dJHzlF40NJNg+iE
	hCcYaZAgKfQ3XrXhgLPexrnxOnJbH9btSf2Z1OODdR2KIGA1qaodWFCRd4htLZPpCso9mH
	zV+xtWlCPOUCK4/7Y1o7Oj8UznUjkyHOxZOHaV5CjHuhVtS5H+n2LoJRGZkxU5ScKssBJF
	zWDx+8P19EXvLp3qzG10o2zccxCaG+XNfWLgYy1zGk3xkpGTGGsoinSX3D3vsSqkaoKcqb
	/caoaKL3Y8gUt2gJcPZ6jxaN13Hb6Pr71bGwp6va4twJSj2JcVlT244VK2eN9A==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1684699750; a=rsa-sha256; cv=none;
	b=eCzim/UmDeajw/sHdAkMJ8nBR9eleIh86yMYc2N1xW9DRduLmeVQ5Jgl4R6/ivFGLklhAZ
	hdcZW2lq4I3Y2nf1p5XEdVcj/ZxzhzMj8ZVPt3gOsDzZoiakkpwh8f5RsQnXijeQWQ0znX
	AeoncK+YxTb9nnFpGCNkvGkjMoftBMzycVEk5C/pxdTZIQ5+4u5IKcqbqHRrYgBW8zbBiQ
	jGK8xLQoBaNFZ6dMr4r/oTD/FMghegbojfbPx67OQasRrr3mj4azOssevLvwGr7DKuHytS
	ExDz60e0myWeANDGh+gGJBOskZF7rdUuJcM33iqTqcIchibxnDuWuD5xn9Z3xw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QPWr657Jsz14qg;
	Sun, 21 May 2023 20:09:10 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34LK9A4n029803;
	Sun, 21 May 2023 20:09:10 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34LK9AtE029802;
	Sun, 21 May 2023 20:09:10 GMT
	(envelope-from git)
Date: Sun, 21 May 2023 20:09:10 GMT
Message-Id: <202305212009.34LK9AtE029802@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: 9bccb454ae96 - stable/13 - kern_jail.c: Remove #ifdefs for VNET_NFSD
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 9bccb454ae9653105469568dda57b5ff9064f7d1
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=9bccb454ae9653105469568dda57b5ff9064f7d1

commit 9bccb454ae9653105469568dda57b5ff9064f7d1
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-03-02 21:13:24 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-05-21 20:07:14 +0000

    kern_jail.c: Remove #ifdefs for VNET_NFSD
    
    The consensus was that VNET_NFSD was not needed.
    This patch removes it from kern_jail.c.
    
    With this patch, support for the "allow.nfsd"
    jail parameter is enabled in the kernel for
    kernels built with "options VIMAGE".
    
    (cherry picked from commit cbbb22031f9b957967c03dc8e685392f7d7e7fb8)
---
 sys/kern/kern_jail.c | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 0203dcd0faf1..d43d2326cfec 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -216,7 +216,7 @@ static struct bool_flags pr_flag_allow[NBBY * NBPW] = {
 	{"allow.unprivileged_proc_debug", "allow.nounprivileged_proc_debug",
 	 PR_ALLOW_UNPRIV_DEBUG},
 	{"allow.suser", "allow.nosuser", PR_ALLOW_SUSER},
-#if defined(VNET_NFSD) && defined(VIMAGE) && defined(NFSD)
+#ifdef VIMAGE
 	{"allow.nfsd", "allow.nonfsd", PR_ALLOW_NFSD},
 #endif
 };
@@ -1888,12 +1888,10 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags)
 	}
 #endif
 
-#ifdef VNET_NFSD
 	if (born && pr != &prison0 && (pr->pr_allow & PR_ALLOW_NFSD) != 0 &&
 	    (pr->pr_root->v_vflag & VV_ROOT) == 0)
 		printf("Warning jail jid=%d: mountd/nfsd requires a separate"
 		   " file system\n", pr->pr_id);
-#endif
 
 	drflags &= ~PD_KILL;
 	td->td_retval[0] = pr->pr_id;
@@ -3473,12 +3471,7 @@ prison_priv_check(struct ucred *cred, int priv)
 	case PRIV_NFS_DAEMON:
 	case PRIV_VFS_GETFH:
 	case PRIV_VFS_MOUNT_EXPORTED:
-#ifdef VNET_NFSD
 		if (!prison_check_nfsd(cred))
-#else
-		printf("running nfsd in a prison requires a kernel "
-		    "built with ''options VNET_NFSD''\n");
-#endif
 			return (EPERM);
 #ifdef notyet
 	case PRIV_NFS_LOCKD:
@@ -4230,7 +4223,7 @@ SYSCTL_JAIL_PARAM(_allow, unprivileged_proc_debug, CTLTYPE_INT | CTLFLAG_RW,
     "B", "Unprivileged processes may use process debugging facilities");
 SYSCTL_JAIL_PARAM(_allow, suser, CTLTYPE_INT | CTLFLAG_RW,
     "B", "Processes in jail with uid 0 have privilege");
-#if defined(VNET_NFSD) && defined(VIMAGE) && defined(NFSD)
+#ifdef VIMAGE
 SYSCTL_JAIL_PARAM(_allow, nfsd, CTLTYPE_INT | CTLFLAG_RW,
     "B", "Mountd/nfsd may run in the jail");
 #endif

From nobody Mon May 22 18:25:04 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QQ5TX5jTBz4CJ0P;
	Mon, 22 May 2023 18:25:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QQ5TX29Lrz3vK0;
	Mon, 22 May 2023 18:25:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1684779904;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=u7BcREEELk6ZJRe59ne8jbM/EA+mQlDskBuX79qaRGQ=;
	b=Li8iWZtt7L/u4naOEMiRC79YeI8bZ1mb5HhltvvMr1iNxZw/xTXu7sRPhWKy2HnJd7UBcD
	9V9uoI8+57MZ40B/w3KTUykPzPCCXgNjfZnVAOKM6fX/Tu87dsencg7rn6ld41iGIiauzC
	noYOFiztBGrKO/kDzfxC70Q3MjWJAyj75gJ28x+XnPMC0r1JLf9Uti2eyvy82dFRx5J9dr
	wj9cA+eNMXfNFYP9o07MWwAGnIh4CDEvjnpF1yFGEMSGrtZsnBuhf6TaUi/Gs35VwzHnid
	r6r0tyv0enP3si0NiteP6EFDFLQdHBURg6nH2DCbMmX5YwfVPrduYiBBZVxy8g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1684779904;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=u7BcREEELk6ZJRe59ne8jbM/EA+mQlDskBuX79qaRGQ=;
	b=w5jQYo5oYD0U2pn3VI4r4Q+8/lMWdUAZPJKQDH8BY3f5XHCklrcQsNcscNrdTT3It2h1bL
	SWYcK3Y01q7mQsw4Rldbk7Dzte3uT41C/QwhpxiLBTfh9Gz1pzovRRzhnnicQFLc2hQlFH
	ZJiu6JCEHD9kAXyld4J1vfOHjVBp03Oj1vf2RVqKMoiILvapD6F9ERmo8AtovS5xRWH/4o
	r1ojBOQCjpAUKU1z7tnujG11V/rrbv2O8eYT2H8fTaWW4ZS07utxWqPBH5V4THupd+tUjM
	yqXG97N0TK1KYHnoGyB7+YTlQJCU/NN11wpwmCe9L07SZGlIykL6pk0n80Ytzg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1684779904; a=rsa-sha256; cv=none;
	b=Ku3UQj1MsYsx8EwHULD4b1FRDelw/Si8EVmEQwKC+Sng889vx6sTRzelfao4oisjMIxfcX
	Q6QYV/aQZ7ToBe1jUgYHfh9T6fYM8hKqhwc+ySM9CQ7xxjv3WN/T1zYwERw4tXZbN1SWbi
	+D9kCPQH4/zblG/WmeQ1FOav2mpP1/B9qmUn65nFDJg4iwUZ7ybGZYV0M2LUwtxJNzStFl
	x2lIYISnhDF73PxOzuOei/2j4XO5LaKjr0rpVULXwfc/CS26DwQwwc0C/wnJqRdXV8qSm7
	/NAlJMS0Pyj5R/rgS+AwAlsQF5eWbUPurFKWLSVI4atCI8nMgRSgrrByZ4b3xw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QQ5TX1CyvzSKr;
	Mon, 22 May 2023 18:25:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34MIP4O6038004;
	Mon, 22 May 2023 18:25:04 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34MIP40N038003;
	Mon, 22 May 2023 18:25:04 GMT
	(envelope-from git)
Date: Mon, 22 May 2023 18:25:04 GMT
Message-Id: <202305221825.34MIP40N038003@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: 5d574146b0b2 - stable/13 - rc.d: Fix NFS server startup scripts to enable vnet prison use
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 5d574146b0b299b64cf07fff8aee4182b7729709
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=5d574146b0b299b64cf07fff8aee4182b7729709

commit 5d574146b0b299b64cf07fff8aee4182b7729709
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-03-12 21:34:25 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-05-22 18:23:58 +0000

    rc.d: Fix NFS server startup scripts to enable vnet prison use
    
    Now that commit cbbb22031f9b is in main,
    it is possible to run nfsd(8), nfsuserd(8), mountd(8),
    gssd(8) and rpc.tlsservd(8) in an appropriately configured vnet
    prison if the "allow.nfsd" option is specified in jail.conf.
    
    This patch fixes the rc scripts for this.
    Mostly just replaces the "nojail" KEYWORD with "nojailvnet",
    but also avoids setting vfs.nfsd.srvmaxio in a prison, since it
    must be set outside of the prisons and applies to all
    nfsd(8) instances.
    
    (cherry picked from commit 0bb08f21cc5c62d0e2dfcea500521fa801058dd3)
---
 libexec/rc/rc.d/gssd     | 2 +-
 libexec/rc/rc.d/mountd   | 2 +-
 libexec/rc/rc.d/nfsd     | 4 ++--
 libexec/rc/rc.d/nfsuserd | 2 +-
 libexec/rc/rc.d/tlsservd | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/libexec/rc/rc.d/gssd b/libexec/rc/rc.d/gssd
index 79dbf10ca575..8d67a3689b3c 100755
--- a/libexec/rc/rc.d/gssd
+++ b/libexec/rc/rc.d/gssd
@@ -6,7 +6,7 @@
 # PROVIDE: gssd
 # REQUIRE: root mountcritlocal NETWORKING kdc
 # BEFORE: mountcritremote
-# KEYWORD: nojail shutdown
+# KEYWORD: nojailvnet shutdown
 
 . /etc/rc.subr
 
diff --git a/libexec/rc/rc.d/mountd b/libexec/rc/rc.d/mountd
index d75416736245..69391fe78e47 100755
--- a/libexec/rc/rc.d/mountd
+++ b/libexec/rc/rc.d/mountd
@@ -5,7 +5,7 @@
 
 # PROVIDE: mountd
 # REQUIRE: NETWORKING rpcbind quota mountlate
-# KEYWORD: nojail shutdown
+# KEYWORD: nojailvnet shutdown
 
 . /etc/rc.subr
 
diff --git a/libexec/rc/rc.d/nfsd b/libexec/rc/rc.d/nfsd
index b746cf7cea9d..6c2d5c22d963 100755
--- a/libexec/rc/rc.d/nfsd
+++ b/libexec/rc/rc.d/nfsd
@@ -5,7 +5,7 @@
 
 # PROVIDE: nfsd
 # REQUIRE: mountcritremote mountd hostname gssd nfsuserd
-# KEYWORD: nojail shutdown
+# KEYWORD: nojailvnet shutdown
 
 . /etc/rc.subr
 
@@ -28,7 +28,7 @@ nfsd_precmd()
 	# oids are available.
 	load_kld nfsd || return 1
 
-	if [ -n "${nfs_server_maxio}" ]; then
+	if [ -n "${nfs_server_maxio}" ] && ! check_jail jailed; then
 		if ! sysctl vfs.nfsd.srvmaxio=${nfs_server_maxio} >/dev/null; then
 			warn "Failed to set server max I/O"
 		fi
diff --git a/libexec/rc/rc.d/nfsuserd b/libexec/rc/rc.d/nfsuserd
index 804b1243a4c4..6c9293a52c09 100755
--- a/libexec/rc/rc.d/nfsuserd
+++ b/libexec/rc/rc.d/nfsuserd
@@ -5,7 +5,7 @@
 
 # PROVIDE: nfsuserd
 # REQUIRE: NETWORKING
-# KEYWORD: nojail shutdown
+# KEYWORD: nojailvnet shutdown
 
 . /etc/rc.subr
 
diff --git a/libexec/rc/rc.d/tlsservd b/libexec/rc/rc.d/tlsservd
index cca28ed60ffe..95a62060fe32 100755
--- a/libexec/rc/rc.d/tlsservd
+++ b/libexec/rc/rc.d/tlsservd
@@ -6,7 +6,7 @@
 # PROVIDE: tlsservd
 # REQUIRE: NETWORKING root mountcritlocal sysctl
 # BEFORE: nfsd
-# KEYWORD: nojail shutdown
+# KEYWORD: nojailvnet shutdown
 
 . /etc/rc.subr
 

From nobody Mon May 22 18:27:04 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QQ5Wr3b6Kz4CJB1;
	Mon, 22 May 2023 18:27:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QQ5Wr3109z3vjQ;
	Mon, 22 May 2023 18:27:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1684780024;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=vZWOgXEnPaPhEL3ylX/Hkm7+GrZGywB3uijOh1xr0v8=;
	b=t1V62ieEFrwXaKztMQjoiVqtcvyUAY1me6E2/qg2yi9yv4O4va7FrdJOdVJCCQquARZbHq
	nZnAOuutY+FcL7mZ5LJko2aXRGCCFI1KiTTZ+Ek9vlnQ2tFhNyMTm4Vv5eV5zqYdYSqyQI
	YMbZsqkKzmYFVrFf4r0P0nE4NSBSz27NT1JyPxof8QY03tvy7hElBw8GZsQrHLuygLk+Tw
	sZoky48u6v6kXC+TZLMKCHBwp2HuIL2TRm5ZiaJA3CweoK3jXadvOBP3W231WTOEuuV/+f
	4bmWCUvQfKcgRgXTUc3sgBP6sT9GOYOQ1SUkAdrCaRA23VCNEj9ClkmstSi9mg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1684780024;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=vZWOgXEnPaPhEL3ylX/Hkm7+GrZGywB3uijOh1xr0v8=;
	b=s+Y012KBVRHveYIqXsCDQLDXaYHUOVoYMIJ6xPt8ueLGeQQTCsLrkzR/VrXvV4geZHm+V9
	flTGvhW1382PnnFRlghKr6h9xIdQbrcKwM+wojibkVIrmC6ke34rGAX7AyO8CIGiTa1gPa
	Fj2wyiWTEmExP+afWxofhLObSGWtUcIg84wBisd9ePOKHykgfFLzZaGEfZsgvnLw3ZsQ7C
	kYRskGnqVYugqw1aIpr3BLut+xgHlz39YDoiMdXA9Fit1d9zo0I92LNY3wXEMft5++LJs7
	s+3HeB49N2L7o65Pd7EU1NbCM4KpU3AvtvlOLncuQquUAo+4+ZyKjoe+7yODMQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1684780024; a=rsa-sha256; cv=none;
	b=tSHRmlPJyabc/u56qw6WGgSVw2I/qmGzZ5IbmC+X81/4lpSTWyfNUxhyvgE9klHS4ToAlb
	ZRlNjG4gE+CH8SMOVgDpxNAUauO6eRZq2fqwczpu+L/AG+xqV9XeDBvL+bQTD2Vue04rgS
	9CL75oatzJLtQKfqcHsrO1z47wwrdf6EZEuf2zXtEUgbSVZhA4TKY9ZdlIeGvcTKG8vGKf
	RaMF+r/G2wfbKsRGYZ+fHGJ98tD4xWZ1AGCKkko6mHXtN6lTROkgBIDNOHxbzc0ON4n7OC
	4Vs7b+6nVPXEzg+FxhsnvU/WflkIttnYlVcQ/2Jh2RBRdeeddlzJjl6twvau2g==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QQ5Wr23ywzSl6;
	Mon, 22 May 2023 18:27:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34MIR487038384;
	Mon, 22 May 2023 18:27:04 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34MIR4dT038383;
	Mon, 22 May 2023 18:27:04 GMT
	(envelope-from git)
Date: Mon, 22 May 2023 18:27:04 GMT
Message-Id: <202305221827.34MIR4dT038383@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: ffcdd031d797 - stable/13 - jail.8: Update the man page for allow.nfsd
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: ffcdd031d7970d15e6edd24903c1927c86e06356
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=ffcdd031d7970d15e6edd24903c1927c86e06356

commit ffcdd031d7970d15e6edd24903c1927c86e06356
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2022-12-17 21:54:33 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-05-22 18:26:03 +0000

    jail.8: Update the man page for allow.nfsd
    
    Commit bba7a2e89602 added "allow.nfsd" to optionally allow
    mountd/nfsd to be run inside a vnet prison when the kernel
    is built with "options VNET_NFSD".
    
    This patch updates the man page for this change.
    
    This is a content change.
    
    (cherry picked from commit d4b4f3b9c356938de6140ccea20d502d207b18a7)
---
 usr.sbin/jail/jail.8 | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8
index c1eee3226593..c9d929b89d4a 100644
--- a/usr.sbin/jail/jail.8
+++ b/usr.sbin/jail/jail.8
@@ -25,7 +25,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd July 18, 2022
+.Dd December 11, 2022
 .Dt JAIL 8
 .Os
 .Sh NAME
@@ -584,6 +584,19 @@ or
 memory subject to
 .Va security.bsd.unprivileged_mlock
 and resource limits.
+.It Va allow.nfsd
+The
+.Xr mountd 8
+and
+.Xr nfsd 8
+daemons are permitted to run inside a vnet-enabled jail.
+The kernel must have been compiled with the
+.Sy VNET_NFSD option
+and
+.Sy NFSD option
+as well as the
+.Sy VIMAGE option
+for this to be available.
 .It Va allow.reserved_ports
 The jail root may bind to ports lower than 1024.
 .It Va allow.unprivileged_proc_debug

From nobody Mon May 22 18:28:35 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QQ5Yb4Mqfz4CJBX;
	Mon, 22 May 2023 18:28:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QQ5Yb3pvfz3wj0;
	Mon, 22 May 2023 18:28:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1684780115;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=HAocnlrMNEVI2zfhpz5AdUFs7g/TrZThJbG63K8V5Yg=;
	b=SG6g2PWUmSnHbBTxzbJ9KRT0XenVQ16Pki1APlWAQT3fBOms2FP8K8Gf415QLikNe7IDmL
	JAqvCdjUHxExUp7CZ9gwJ6B3j+rN6v3gOcyHTrIFSKSIpnZ1zSKE0tikovPymcMZ0ecoA4
	Hazgd0PiA1jv8oZKYFUHyj5mmCI9sU+WEo9MdSMxzWbaWSD/meuSm3rRnem3XRKVDqDKdA
	wbWlS4FQjuA/Mz0SpsUdVXHoE35eWUFlYR1Yd4uimIBeDPLCQuc9jSkKroTbhCQFznKSrM
	nV09kusU88h1N2orKZdG36p/ELkRKXU0LrmlUg3c3bhyrbeI7h6eQhUThptQlQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1684780115;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=HAocnlrMNEVI2zfhpz5AdUFs7g/TrZThJbG63K8V5Yg=;
	b=YpzN4EjjidXRglsYr+m+MHa8rT3wjs17YLZJCf2C4Tk38xnOiQiJIlTyd+ek5xqLDBv7Bn
	0Or42+7a6iUgkubn5cNHdgFnohb42PMm1zPSwX7NauXueUYzFzuptwUgEKjfWTjj/JWKX5
	/RtdjtWAnWgOPulrCPq0cCUBjgK/EtHHpI6awYu0PXdJm3cUemaFuzOgSW+uIavsVcAlVX
	rPFXEr97iCJu8mlvbhyVZ/DPnkjg/0oTP7IFimyUBR9cqokOUhDbAJ+oLSQsoxeTF2Nx/J
	q9oYVpq2H6uvO8hXBFsw7LLQerj5hgJ4gfon0HjeojgHnX4QHjdp2xZ/tcfFZA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1684780115; a=rsa-sha256; cv=none;
	b=Mxjbn8Ne0Jta6/kPrNI75VNJyNCR7Jygmtc0sJrjn6l2G50eecNlFdf3fN7n0NW/umdLDY
	Qa4Bs1HahqpklZfRQglVhDsyJd8V/4spRDUVwkWPbxBT7+LE0RE4FI+ematTMt5htkArEn
	6WnZWN+8rL+CKx2Vk/9s5MlL6GM6QGwdDEuaarrAbvztaR/P0b5RXqJdBkAyrPZp0bMO8b
	W9uj73BYNcSSTTCOcLUIY5WV/Qhc+TpwpNFa6JfY2Z2w5c0JSTH+nhN/A8GvCZs6nc8RcZ
	cmWiVttiFv+m4GNGlmikb4T3B7j+iQxAHBzv/9bYECo/pSLHpLNREIubtf3cUg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QQ5Yb2wNlzSjT;
	Mon, 22 May 2023 18:28:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34MISZwV038957;
	Mon, 22 May 2023 18:28:35 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34MISZ7c038956;
	Mon, 22 May 2023 18:28:35 GMT
	(envelope-from git)
Date: Mon, 22 May 2023 18:28:35 GMT
Message-Id: <202305221828.34MISZ7c038956@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: e608f0713da4 - stable/13 - jail.8: Update the allow.nfsd section
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: e608f0713da49a3ef30fd52b56bdb709fc00f77b
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=e608f0713da49a3ef30fd52b56bdb709fc00f77b

commit e608f0713da49a3ef30fd52b56bdb709fc00f77b
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-03-14 22:28:02 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-05-22 18:27:45 +0000

    jail.8: Update the allow.nfsd section
    
    This patch updates the information for "allow.nfsd"
    and adds configuration information.
    
    This is a content change.
    
    (cherry picked from commit c0f94fee0bdddcc07f216f9723544f78ace5155a)
---
 usr.sbin/jail/jail.8 | 54 ++++++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 44 insertions(+), 10 deletions(-)

diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8
index c9d929b89d4a..909abfef2708 100644
--- a/usr.sbin/jail/jail.8
+++ b/usr.sbin/jail/jail.8
@@ -25,7 +25,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd December 11, 2022
+.Dd March 12, 2023
 .Dt JAIL 8
 .Os
 .Sh NAME
@@ -586,17 +586,49 @@ memory subject to
 and resource limits.
 .It Va allow.nfsd
 The
-.Xr mountd 8
+.Xr mountd 8 ,
+.Xr nfsd 8 ,
+.Xr nfsuserd 8 ,
+.Xr gssd 8
 and
-.Xr nfsd 8
-daemons are permitted to run inside a vnet-enabled jail.
-The kernel must have been compiled with the
-.Sy VNET_NFSD option
+.Xr rpc.tlsservd 8
+daemons are permitted to run inside a properly configured vnet-enabled jail.
+The jail's root must be a file system mount point and
+.Va enforce_statfs
+must not be set to 0, so that
+.Xr mountd 8
+can export file systems visible within the jail.
+.Va enforce_statfs
+must be set to 1 if file systems mounted under the
+jail's file system need to be exported by
+.Xr mount 8 .
+For exporting only the jail's file system, a setting of 2
+is sufficient.
+If the kernel configuration does not include the
+.Sy NFSD
+option,
+.Pa nfsd.ko
+must be loaded outside of the jails.
+This is normally done by adding
+.Dq nfsd
+to
+.Va kld_list
+in the
+.Xr rc.conf 5
+file outside of the jails.
+Similarily, if the
+.Xr gssd 8
+is to be run in a jail, either the kernel
+.Sy KGSSAPI
+option needs to be specified or
+.Dq kgssapi
 and
-.Sy NFSD option
-as well as the
-.Sy VIMAGE option
-for this to be available.
+.Dq kgssapi_krb5
+need to be in
+.Va kld_list
+in the
+.Xr rc.conf 5
+file outside of the jails.
 .It Va allow.reserved_ports
 The jail root may bind to ports lower than 1024.
 .It Va allow.unprivileged_proc_debug
@@ -1372,6 +1404,8 @@ environment of the first jail.
 .Xr jexec 8 ,
 .Xr jls 8 ,
 .Xr mount 8 ,
+.Xr mountd 8 ,
+.Xr nfsd 8 ,
 .Xr reboot 8 ,
 .Xr rpcbind 8 ,
 .Xr sendmail 8 ,

From nobody Mon May 22 18:30:36 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QQ5bw3nWlz4CJ8N;
	Mon, 22 May 2023 18:30:36 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QQ5bw3Jn8z3wsD;
	Mon, 22 May 2023 18:30:36 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1684780236;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=VtxhnFs9xdiEmtFLpplyvlO60rg9wRU90Qiup3yV3UY=;
	b=EiouUcGmP0oUf2ZxSDH4IXCA4iX05nEyyNjLzSGEqGdTZ9OZph1aQzhMDrM9DdWTjzveFG
	0aVfbz+KutosWYySS3aD9XGCrYkZDXMCnvppJMSw6CIOF7F/eYq0nGHMRfSwG9ndy8gzcT
	1YhtZn3Pq1X9fhfOrpxyUG6odvw8IoBEL6IadXnSTvPLZ6ffk9QVJqTchunqlpqadD8zuS
	GZ47H+n4cKr2oqES0RlZeqmihviTA74pVCPa6UnJSrBcPvIfkN8nM3rxLuKX5XKwblrgzE
	oOOrEHs6eo1LyuwbgiMyVklEUNDaEL/uiT1rk5KqLum7V3QOsNKzo7ftChaBFg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1684780236;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=VtxhnFs9xdiEmtFLpplyvlO60rg9wRU90Qiup3yV3UY=;
	b=WWkn6LbAHitEJwr2s91sGlY8ykp7s2qrbKyAqFVwL3gIo74dY7bBkAJ2F1ZIaPocqjDFZK
	gpwEsnwlTH0bUMmHx3eVrttJkdYdqTk8GfYDdlL8jh8qC2cj35aiGyO3mYO6SPvToMjb57
	GOxhItnNp4VtuNZ+YKc+OYiNfz4Df9cRZaYtew4EhgNuWaUuz9Aw805XqI4qrw76ISJZrv
	pIB3BZl0TNfTvLohp2k/eMSu6X9V4IlKXiEmdCkoSlfuog/6QJnm22oA6gGgNpbsVsbVLN
	NX7VzM6epnxC9Qi1C886f7Ia58Atkm/dztOZjUdI2fV7+EgmzzBMdGgAn+tXDg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1684780236; a=rsa-sha256; cv=none;
	b=ZAUHPhD8iBrXClMhqWy2p9j1un6SVnUTLrrSNuli04pm03HiblkXfWsHsOgc+jDL6eykTw
	aAgqCtxQQbtDe+8nrkEEfSKLmzu4w0DklAMBOj/8Iy1m55PZpWcYwzm4MzhKFNB6lsfNxV
	lUa+p84mvPD07q9z5M5SeHGC7aJ16N0M+V4L0dQbuARi8KbVEofhddhLrOpEm/gzTn3YJT
	7et8EuGoZLMsNgk4aIKxKYx60E9jxLAEXmDhc+eYgt0S3TXIS6KGnW7sxvUEvbtFYLQASW
	ihPTShAvSVstNrGRb5cH7v1wwA1AzaILy37QRjxTJWrWdUz+9uYeenigB2ce3A==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QQ5bw2GpyzStN;
	Mon, 22 May 2023 18:30:36 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34MIUa79047728;
	Mon, 22 May 2023 18:30:36 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34MIUapC047727;
	Mon, 22 May 2023 18:30:36 GMT
	(envelope-from git)
Date: Mon, 22 May 2023 18:30:36 GMT
Message-Id: <202305221830.34MIUapC047727@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: 12d97150021f - stable/13 - nfsd.8: Update for nfsd running in jails
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 12d97150021f19950fe0627a26573c2dbbcbe03a
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=12d97150021f19950fe0627a26573c2dbbcbe03a

commit 12d97150021f19950fe0627a26573c2dbbcbe03a
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-03-29 21:58:47 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-05-22 18:29:25 +0000

    nfsd.8: Update for nfsd running in jails
    
    Nfsd can now be run in an appropriately
    configured vnet jail.
    
    This man page update adds some information
    for this case.
    
    This is a content change.
    
    (cherry picked from commit a1254dcaa869bba20e46d966c53c7473bb24d02b)
---
 usr.sbin/nfsd/nfsd.8 | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/usr.sbin/nfsd/nfsd.8 b/usr.sbin/nfsd/nfsd.8
index c8a5fea4e6a2..40e75f0a232d 100644
--- a/usr.sbin/nfsd/nfsd.8
+++ b/usr.sbin/nfsd/nfsd.8
@@ -28,7 +28,7 @@
 .\"	@(#)nfsd.8	8.4 (Berkeley) 3/29/95
 .\" $FreeBSD$
 .\"
-.Dd December 20, 2019
+.Dd March 22, 2023
 .Dt NFSD 8
 .Os
 .Sh NAME
@@ -56,6 +56,22 @@ must be running for a machine to operate as a server.
 Unless otherwise specified, eight servers per CPU for UDP transport are
 started.
 .Pp
+When
+.Nm
+is run in an appropriately configured vnet jail, the server is restricted
+to TCP transport and no pNFS service.
+Therefore, the
+.Fl t
+option must be specified and none of the
+.Fl u ,
+.Fl p
+and
+.Fl m
+options can be specified when run in a vnet jail.
+See
+.Xr jail 8
+for more information.
+.Pp
 The following options are available:
 .Bl -tag -width Ds
 .It Fl r
@@ -307,6 +323,7 @@ just do a
 .Xr stablerestart 5 ,
 .Xr gssd 8 ,
 .Xr ipfw 8 ,
+.Xr jail 8 ,
 .Xr mountd 8 ,
 .Xr nfsiod 8 ,
 .Xr nfsrevoke 8 ,

From nobody Mon May 22 18:32:41 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QQ5fK3t3mz4CJLq;
	Mon, 22 May 2023 18:32:41 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QQ5fK2wtLz3xZt;
	Mon, 22 May 2023 18:32:41 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1684780361;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=//K8zNrRba/nY8uqcK5MulMjrp8EAwRoro+qL3hXDdg=;
	b=lSNexJjM9ylnKdZ8/MHPNrVmGYWENeXKUVrImF/wPm51lcGuOuLlYgE18aBxm+kGwAhZ5j
	aogdxUmfyGVYnTZihLcSqURbf9F5uvR6F12AZ2CsjhQ6ULfWf3GWuw+H53OxO0qGkqf11T
	QBxMSmCHG1fUsOgrxKiNac2l0ouosjK2TdvchZzFe6I+S8MSO+nBaDOuUmhmxQzDf31XtK
	j+4N214c1NgE1KlWu7i/Wy3iXwEPcWyMRLwZQ8y/GTFK84Ofmrj+hWpH7LU2Jk7KjWtP4l
	gCJ80efXLE5nko+g+p2tBy5GMqNvoeGLjurXJ85fEsQwlXb6rSwrJZmk0Y8uDQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1684780361;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=//K8zNrRba/nY8uqcK5MulMjrp8EAwRoro+qL3hXDdg=;
	b=vDmJFhouas6AH29puA6GNp27JpGP06Ylkm4hnH5/1lOhLKqxz46qWqJY/95xKOW+lDk6R9
	blqffEp4uWJZUoR+qsRr5V0GoXpJk3adfgA4KZzkSMM2Pqxz8/sMb//8DUve0YFUNihiyj
	kRe0aITQZU2oOd89muGUIIAkEeCB0toO4wEJMnBy9c2GlCbX+1E9CGxFDYWiIp3EgWajhj
	iYhZ9WxP83+8Q/+pdwHepJg0xYUmD3Y6Sd8MYRf6c2XZlHByyjC0lctHqEPTmaQrKrtjA1
	DN22ThnjjeXvh2kgmE+in71M+HEN5m4bobRtrOw92uH7o8+B4bBdzb7CUMmBpA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1684780361; a=rsa-sha256; cv=none;
	b=NqF225WChuaroZtPR1q52yhBDN54GCupP/nFPfNPmMgVhx92/Ri6JPdii58ZA0Kl65DSNy
	ZpkWXhCJH/drdoqiArPZyHMosqN6ToT3k4NvCByW4Z9cjz3zSm1yohgnSTdircKRZUfJak
	r3H2miELICGEwTZtDEJrekYjK4BMwsxIwRe9R5sMuI/9Q3hBBzHcFXDxmDE2yaqwm8FBYl
	y34YmRpKuKG3vgU9CAhItWK38l3OslDDEJ/PNPxFJ1Wl9NWm0syB8/PKsXmsnZDSNwpeHX
	c8DIn0EHpCb4GtFf5q6di8eLADZQFC511roHnQjTQkw9EQrdQCzwVvq2Y8ewAA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QQ5fK1wKhzSrR;
	Mon, 22 May 2023 18:32:41 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34MIWfWi054534;
	Mon, 22 May 2023 18:32:41 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34MIWfDm054533;
	Mon, 22 May 2023 18:32:41 GMT
	(envelope-from git)
Date: Mon, 22 May 2023 18:32:41 GMT
Message-Id: <202305221832.34MIWfDm054533@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: e11c3ae65e96 - stable/13 - mountd.8: Update for mountd running in jails
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: e11c3ae65e96987d05d611a621c185b60b2c59b5
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=e11c3ae65e96987d05d611a621c185b60b2c59b5

commit e11c3ae65e96987d05d611a621c185b60b2c59b5
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-03-20 22:16:03 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-05-22 18:31:50 +0000

    mountd.8: Update for mountd running in jails
    
    Mountd can now be run in an appropriately
    configured vnet jail.
    
    This man page update adds some information
    for this case.
    
    This is a content change.
    
    (cherry picked from commit 9432e798fc6daaad341a496e9abcf9e3b760a63b)
---
 usr.sbin/mountd/mountd.8 | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/usr.sbin/mountd/mountd.8 b/usr.sbin/mountd/mountd.8
index 128b305cb5d9..207b50e3501d 100644
--- a/usr.sbin/mountd/mountd.8
+++ b/usr.sbin/mountd/mountd.8
@@ -28,7 +28,7 @@
 .\"     @(#)mountd.8	8.4 (Berkeley) 4/28/95
 .\" $FreeBSD$
 .\"
-.Dd October 11, 2020
+.Dd March 18, 2023
 .Dt MOUNTD 8
 .Os
 .Sh NAME
@@ -158,7 +158,7 @@ When
 is started,
 it loads the export host addresses and options into the kernel
 using the
-.Xr mount 2
+.Xr nmount 2
 system call.
 After changing the exports file,
 a hangup signal should be sent to the
@@ -172,6 +172,20 @@ check the syslog output to see if
 logged any parsing
 errors in the exports file.
 .Pp
+If multiple instances of
+.Nm
+are being run, either in multiple jails or both within
+and outside of a jail, care must be taken to export
+any given file system in only one of the instances.
+Note that the
+.Va allow.nfsd
+jail parameter is required to allow
+.Nm
+to run in a jail.
+See
+.Xr jail 8
+for more information.
+.Pp
 If
 .Nm
 detects that the running kernel does not include
@@ -185,6 +199,15 @@ If this fails, or no
 KLD was available,
 .Nm
 exits with an error.
+When run in a jail, the
+.Xr kldload 2
+must be done outside the jail, typically by adding
+.Dq nfsd
+to
+.Va kld_list
+in the
+.Xr rc.conf 5
+file on the jail host.
 .Sh FILES
 .Bl -tag -width /var/run/mountd.pid -compact
 .It Pa /etc/exports
@@ -199,6 +222,8 @@ the current list of remote mounted file systems
 .Xr kldload 2 ,
 .Xr nfsv4 4 ,
 .Xr exports 5 ,
+.Xr rc.conf 5 ,
+.Xr jail 8 ,
 .Xr nfsd 8 ,
 .Xr rpcbind 8 ,
 .Xr showmount 8

From nobody Mon May 22 18:44:06 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QQ5vW126cz4CKFM;
	Mon, 22 May 2023 18:44:07 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QQ5vW0PdNz3y0w;
	Mon, 22 May 2023 18:44:07 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1684781047;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=7+oG7JjCvDD6C82bq4jsssCL4SOlvX/1YVK1vjI+wdc=;
	b=jtPLVT0caBZjC4dpiRZk6MDh4rAOhwIVC/zmv5RE8/YwgwMJgPdFGMTfgjDnm8jcWF08Oc
	BXWClnHI3gjAcNSiyDIJrzT/F4S6vtT1LAFWgnHvC7QH2hGvWX89Z1Ea/Y+Nk6oV1r+Ojz
	GKZvpCQzO5ZoyTDJ44pN6qbsziJa3fIn9D05fPLHXM09JEiuRccMePsAMF5vDyO22qKuhY
	00/EvnktGfm/LwMGRi049MUQMvwKELDkZzvyC11dDjNO5Q0/mQAH3OIwHefOxa3EzD0t/K
	3iyNVjL+FsNsmONYKssvktCWMCQGAzXdgSb5bzUanaWACvkJjMlCkrS/ktJuVw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1684781047;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=7+oG7JjCvDD6C82bq4jsssCL4SOlvX/1YVK1vjI+wdc=;
	b=ai60PvKYqfC2fD9kTCR6nztR71xCP/HN6hyN+y6Rq5OFnv8mogevrMIsih/Ne0BlgiIHBQ
	E1+PJRsWiZNU7OwrE0BtWqbnppL+aPIdqL72iDccRggZIdeib+prFuBqGIssXWcyR5xiud
	JIt7YLhbiM9ghtgsBfcRY+JmXvOjy88qp5xvtWP6zVxBvmCRX8zLnDnmbsvEaIb4qM5K2a
	ACGoWyaofK0CkinxnkSErsjUlN74l9xcO+2fDC+++lSFsiJ+wvMpc3Lj20+wN8NQUYBAM0
	5PY0x8qKvITgpjx1N5B5LgXeys9VzpIWMKGstIDZgTqfe7yaUaCG/q7hwyvPDA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1684781047; a=rsa-sha256; cv=none;
	b=G8X6KJdfqLQ+ZLYMNKJc6R62AKRp2rtcjpU/zMjVh/SmfP6ZV/5TTFNb36JdrYDm9iaVyN
	NMe2LoWSgUQqPFAtlDRw5PgG2TwXgNXxrLdQ+nAi9jyOmWAF7Ql7wF6dQQokAAX27qThuJ
	WNEfk7vJXOlKcwjoGaTAqTS15RQjKLR5BwPCjnt5BfrgBXQtUffteztun4n1r5Bf+LwLyy
	K3kceyZeSFpY/j0C5m6u2iuU1SUgdZ15ioIWpUsoUm0zGZbGyuoZH5zhy8LP7E7cm3u8Zc
	LzM2Nou+1NosvPGJqQrIkV9KPrzdDy6jXYOptyFtR1LbNvQIGHn8HHXuhgZsog==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QQ5vV6ZhpzT4p;
	Mon, 22 May 2023 18:44:06 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34MIi6um071094;
	Mon, 22 May 2023 18:44:06 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34MIi6pC071093;
	Mon, 22 May 2023 18:44:06 GMT
	(envelope-from git)
Date: Mon, 22 May 2023 18:44:06 GMT
Message-Id: <202305221844.34MIi6pC071093@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: f72c3ecdd869 - stable/13 - RELNOTES: Add an entry for nfsd running in a vnet jail
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: f72c3ecdd86900f48adee34a8ccd958a1025d376
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=f72c3ecdd86900f48adee34a8ccd958a1025d376

commit f72c3ecdd86900f48adee34a8ccd958a1025d376
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-05-22 18:42:39 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-05-22 18:42:39 +0000

    RELNOTES: Add an entry for nfsd running in a vnet jail
---
 RELNOTES | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/RELNOTES b/RELNOTES
index 7bf18ff9e274..4de47ccafddc 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -10,6 +10,16 @@ newline.  Entries should be separated by a newline.
 
 Changes to this file should not be MFCed.
 
+b4805d577787 and many others:
+	Add support so that nfsd(8), nfsuserd(8), mountd(8), gssd(8)
+	and rpc.tlsservd(8) can be run in an appropriately configured
+	vnet prison.  The vnet prison must be on its own file system,
+	have the "allow.nfsd" jail parameter set on it and enforce_statfs
+	cannot be set to "0".  Use of UDP and pNFS server configurations
+	are not permitted.  (ie. The nfsd command line options "-u", "-p"
+	and "-m" are not supported.)
+	See jail(8), nfsd(8) and mountd(8).
+
 68e86d5265bc,e58dfd0de589,59f5a5cb724e,6e272a78de36,4c4a4fd4a649,ba2ae2cca63a:
 	sendmail has been updated to the latest upstream version (8.17.1).
 	

From nobody Mon May 22 19:01:29 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QQ6HZ1Kyxz4CL2h;
	Mon, 22 May 2023 19:01:30 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QQ6HZ0qPPz4136;
	Mon, 22 May 2023 19:01:30 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1684782090;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=F1u9J5ERH2cLNaK2vHlEr8zFkzij1zKhwsPdKZlX2y0=;
	b=PMoR79bbv1q1l00DTEXvYAs6Y9RE8+s5jRzY7yV6lt8kpKQd6b/5Gfkaw8jPpNd2J9C+9T
	YNs/o7QG7ptJvdTJsHnV/yo+WkDhFmbpMD1XtY2/ue8F7vxvAEcKCftxzicWKncCmGTDUH
	lykNXpeYDb0tA3A63+mPuy0OjGb/m0H+5+G87vZjaSsZ8KVy2wAQe0KHnIIWT0QKayb53K
	XPUpoee8694x3VINNe9Tov8SxmTN90X+0OivHvVNHMYCo7uESp195W11JVPBfIuVpVaCbp
	3ygzHiUOztLnDPes3TaYqrJSozZeWipMYpTKLHUXf5me3lf82Wgz8Ge7Pi5mFw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1684782090;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=F1u9J5ERH2cLNaK2vHlEr8zFkzij1zKhwsPdKZlX2y0=;
	b=HfpJQa/kgQLc5+uOPQQS9Zb3U/tUPQVzHpB5k80D8UglfPUMuTr0KLvcARI+kFduTFiHyF
	C69xE7gHFxOLP3Ei7HtHLa5/BziNDATMFHQY3dAskK3NdwNXGmV/b1LfiexzHppWQEcqhB
	I7vzgPHRRNAG7cv+mShKLGcCi7yQImgdkeLQKOCq7KGo1k5WhH6GpaRS9wfNFVxYeGvDDb
	Zg870zWqYKZ4zLxSuGkI1COypIaYgqE+BRrtU+EzNxQgptK4MnaZFZE0Kj7mcJbgVEH+Wc
	2EyGpfavM5jOvIc8tf+YTo0ivxaN6MKkW4SMikn8nMabAAPhh3F8HyjFrrxQzw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1684782090; a=rsa-sha256; cv=none;
	b=wz8fnfr3O8E8mVqve86xYAIF9aRfJJqNBJ89u8T9Rxl2heywFei9nGeJEJkG3EQ94uRhBC
	EqhkwGgAqaCh6uWhtmi1x1g/5V+IK/07k396CVSB2GP5whRZWRxL/3Gn8gErBFZt3YK1nP
	HAFvWMYDVzSnqS68GWVxZlz7TNQBZHTJc1ZhN6nf6t38tK1t4BaNTNI+NwEcBulpp+ldzp
	/b6Ns1CM4WNz6dhqV/oNQzyH/DF8UyJHo0RQx1ybr5RsVOb6EIyAK4iLIQNSyOcqPHU6xP
	2weKQhU4A3PoGUGydQ9RPuxwzv1KVRE9YnlTYWIpnRNwC6sEKq/YuJaRQ2b5dA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QQ6HY70ZpzV7D;
	Mon, 22 May 2023 19:01:29 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34MJ1TP5002694;
	Mon, 22 May 2023 19:01:29 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34MJ1TgK002693;
	Mon, 22 May 2023 19:01:29 GMT
	(envelope-from git)
Date: Mon, 22 May 2023 19:01:29 GMT
Message-Id: <202305221901.34MJ1TgK002693@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: c7f6408f4820 - stable/13 - nfsd: Fix NFSv3 Readdir/ReaddirPlus reply for large i-node numbers
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: c7f6408f482059d4fb7e5344b49a8d879da73743
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=c7f6408f482059d4fb7e5344b49a8d879da73743

commit c7f6408f482059d4fb7e5344b49a8d879da73743
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-05-05 22:43:55 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-05-22 18:56:03 +0000

    nfsd: Fix NFSv3 Readdir/ReaddirPlus reply for large i-node numbers
    
    If the i-node number (d_fileno) for a file on the server did
    not fit in 32bits, it would be truncated to the low order 32bits
    for the NFSv3 Readdir and ReaddirPlus RPC replies.
    This is no longer correct, given that ino_t is now 64bits.
    
    This patch fixes this by sending the full 64bits of d_fileno
    on the wire in the NFSv3 Readdir/ReaddirPlus RPC reply.
    
    PR:     271174
    
    (cherry picked from commit 648a208ef3a171585f3446464646832f0e0ed3dc)
---
 sys/fs/nfsserver/nfs_nfsdport.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/sys/fs/nfsserver/nfs_nfsdport.c b/sys/fs/nfsserver/nfs_nfsdport.c
index e75c238b7117..a5fcf58b3d9f 100644
--- a/sys/fs/nfsserver/nfs_nfsdport.c
+++ b/sys/fs/nfsserver/nfs_nfsdport.c
@@ -2260,12 +2260,12 @@ again:
 			if (nd->nd_flag & ND_NFSV3) {
 				NFSM_BUILD(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
 				*tl++ = newnfs_true;
-				*tl++ = 0;
+				txdr_hyper(dp->d_fileno, tl);
 			} else {
 				NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 				*tl++ = newnfs_true;
+				*tl = txdr_unsigned(dp->d_fileno);
 			}
-			*tl = txdr_unsigned(dp->d_fileno);
 			(void) nfsm_strtom(nd, dp->d_name, nlen);
 			if (nd->nd_flag & ND_NFSV3) {
 				NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
@@ -2764,8 +2764,7 @@ again:
 			if (nd->nd_flag & ND_NFSV3) {
 				NFSM_BUILD(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
 				*tl++ = newnfs_true;
-				*tl++ = 0;
-				*tl = txdr_unsigned(dp->d_fileno);
+				txdr_hyper(dp->d_fileno, tl);
 				dirlen += nfsm_strtom(nd, dp->d_name, nlen);
 				NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 				txdr_hyper(*cookiep, tl);

From nobody Mon May 22 19:09:28 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QQ6Sm6K1sz4CLRx;
	Mon, 22 May 2023 19:09:28 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QQ6Sm5MKpz41pl;
	Mon, 22 May 2023 19:09:28 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1684782568;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=uwnO0Cw9Gzkgp3GIfSRozgtYD51k6BIDcZWeIgNDf6c=;
	b=BB5WgOH+omXC+Sb7njNbkuTrcIolReh+8fetQdYhfjFO9zeRB180wQl6Gauxt4SEGYAENV
	RShP8L71duZVBk1xbeKve/T9iFn0r4/VNIyXrkqZuDRvdIBR/761dnCwQlulf2t1BXwaN/
	NAsYapen4BKSOHRK1EujGpBLBJVU2NXcshLIIWbFexquPUiZf/b75XJiiJD4veaTYcq8MX
	jmr/roxEvjxbhhzrUADtV9G5FHRIatG+kV+uznNYpocLR/inS34I83ZsTgD67y3VtTIW58
	McMN7nLnGVmfFBTmhyIMVr0ha+xPG8x0eGddIWycreWP2OyKaWwQBFiZuvr80A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1684782568;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=uwnO0Cw9Gzkgp3GIfSRozgtYD51k6BIDcZWeIgNDf6c=;
	b=gsR3jqbe86kpDcvFScsMecthBXYtx12q6MnZdzNYWzQJ04e5Y9DTgP4nBBP7ZyWKgDtH1I
	5ZXBAN4cyxw63VUPgswQ+HgHqsuqbKwup2LuqLLeELqDZeaBqjNE6/NaYVpM0v/oDsteae
	LspAhip25bBsS2qJCVGrIhVbUlv7HWFNc0NSidUbnvn7IVUWG0YvXpkyPXd6hOGzc//fRH
	dxBjJZS6HaGDZz/MVvKdTZnK+Z/CuBBjNHXHyFUETIYfnIJD5LINrAdmTYvr0Pl7Yd5NHj
	8lzO+FZQmQ40YFkDbYihmnQvXUl0RRkEbTD5PlTuBLlSB4SGTTVcUddvzEDRdw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1684782568; a=rsa-sha256; cv=none;
	b=XRN4EYha6vfto/0KniW2r+CEFGk/Nz/M+W9NeJHnJrSWzyGDiRnHFhpfvjVwP5BkxFXbzC
	sU8d5jzZq0WLzrCPLoLWJ64www2pp3AVA+ToXAM7piTHlFU16leMrQIYalcuRwx162J1PY
	88HRPvrjrHxGiTm6ByvTqok41QQvoYvKN7bwLjtznrpTj21a1vbItePp0PiKFStMdfDlv9
	z6wW3/a0GqSGRrGZBFJwcsbrBemZfGCOHr229y1yQU4qFXtiflrmDnjN5g5LVh8Jn77cr2
	rXiyxdd6l1RQGiUZhpXZO2XdsqT/Srv7QcL0p7PhqAiy93U4DNlZ80PvjT99Fg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QQ6Sm42KMzV2f;
	Mon, 22 May 2023 19:09:28 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34MJ9SK4005900;
	Mon, 22 May 2023 19:09:28 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34MJ9SpA005899;
	Mon, 22 May 2023 19:09:28 GMT
	(envelope-from git)
Date: Mon, 22 May 2023 19:09:28 GMT
Message-Id: <202305221909.34MJ9SpA005899@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: 886d82afb035 - stable/12 - nfsd: Fix NFSv3 Readdir/ReaddirPlus reply for large i-node numbers
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/12
X-Git-Reftype: branch
X-Git-Commit: 886d82afb0359c2bb8321eb1f5c6675787840468
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/12 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=886d82afb0359c2bb8321eb1f5c6675787840468

commit 886d82afb0359c2bb8321eb1f5c6675787840468
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-05-05 22:43:55 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-05-22 19:08:30 +0000

    nfsd: Fix NFSv3 Readdir/ReaddirPlus reply for large i-node numbers
    
    If the i-node number (d_fileno) for a file on the server did
    not fit in 32bits, it would be truncated to the low order 32bits
    for the NFSv3 Readdir and ReaddirPlus RPC replies.
    This is no longer correct, given that ino_t is now 64bits.
    
    This patch fixes this by sending the full 64bits of d_fileno
    on the wire in the NFSv3 Readdir/ReaddirPlus RPC reply.
    
    PR:     271174
    
    (cherry picked from commit 648a208ef3a171585f3446464646832f0e0ed3dc)
---
 sys/fs/nfsserver/nfs_nfsdport.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/sys/fs/nfsserver/nfs_nfsdport.c b/sys/fs/nfsserver/nfs_nfsdport.c
index a76f0ff0554c..0bb569bf6d2f 100644
--- a/sys/fs/nfsserver/nfs_nfsdport.c
+++ b/sys/fs/nfsserver/nfs_nfsdport.c
@@ -2017,12 +2017,12 @@ again:
 			if (nd->nd_flag & ND_NFSV3) {
 				NFSM_BUILD(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
 				*tl++ = newnfs_true;
-				*tl++ = 0;
+				txdr_hyper(dp->d_fileno, tl);
 			} else {
 				NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 				*tl++ = newnfs_true;
+				*tl = txdr_unsigned(dp->d_fileno);
 			}
-			*tl = txdr_unsigned(dp->d_fileno);
 			(void) nfsm_strtom(nd, dp->d_name, nlen);
 			if (nd->nd_flag & ND_NFSV3) {
 				NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
@@ -2493,8 +2493,7 @@ again:
 			if (nd->nd_flag & ND_NFSV3) {
 				NFSM_BUILD(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
 				*tl++ = newnfs_true;
-				*tl++ = 0;
-				*tl = txdr_unsigned(dp->d_fileno);
+				txdr_hyper(dp->d_fileno, tl);
 				dirlen += nfsm_strtom(nd, dp->d_name, nlen);
 				NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 				txdr_hyper(*cookiep, tl);

From nobody Wed May 24 02:13:42 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QQvqp3psbz4TLWR;
	Wed, 24 May 2023 02:13:42 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QQvqp399kz3JTX;
	Wed, 24 May 2023 02:13:42 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1684894422;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=SX30hkh0Ss4518bSw+w/DXJMX4eN6Mmi6hSll7e20GE=;
	b=KNEz6OTGWP1TtovPPOzN5qAobiPNwVy84Y9FAbRKnh0rJD14Mq3+tgQ9EzsYFHDTRooOni
	Bvd7ViO6c3LPNMQaE4NuG54YKHJYE4b5AnKZ0iAeBRMAj23eZ5+qolTCrnh91LSN9ecwxu
	1va8tp+wbUxKI6DgtI2PaL/doP+y8rgkTsK3jtPZcghbRvpTuakO0ggMkCcOMNfTEgKtEo
	66g899IdI3oTJaHqdhi7KoVGEGQ9oQ3rNRTsru+GC50fkx2UrG1pIGiVbHr9hp5Mtd3DVS
	s6JJYK/V95PLgEzZ+888HL6pCaDAXkAflHPlxB5DwIyohLLVV6JK6yTUjJF22w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1684894422;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=SX30hkh0Ss4518bSw+w/DXJMX4eN6Mmi6hSll7e20GE=;
	b=KsSbM6RyKgub/cvEj/DFj6f1D8HigxYzYUN8OYlONTROoth7m2H68iViD1xoV6aCV5CisD
	L1bltRkdnY8pxnQoSAULM9EaYMyErkw00oeUTKxPC92+D9zsye38PyJ2/UCYI4/9/oUCam
	1ZMqqT8oQYrbVIYYusQkq5mvMzuKfIPSitxIKw19jVWwbN9MoWQb9SOwwCRM6yqeZ/RG4I
	nG29qrMG1FJLyp8Mu6uubpcavV+767A9ZFaXCCj86P+WdFG9uolLaKMrs439A/9wI7Xb8L
	wpJrYS7ZOI4KD3IIzo3Ep3VBPP4mpk6u8zYE5bqkplVUJTVtblJnCPSLfL9GnA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1684894422; a=rsa-sha256; cv=none;
	b=btUp3l+TerxCAfq7KcTaeYFl7cEk0FBw9Pr0589ZDXCfP4tl17xm3noydz4MohGixgN92x
	vfrkJm8tXe/6RpQYDcYm/xUFTnXyZ3e/+W3DbNeprC09P3Vt3Idg+cYaKEzdM1yYxlCiQC
	rooZB18eTbCdVnj8La7V+bn6YGPOfd/b3Cw752wx2mVerpxmrFFUHh0F8d+QPwAV5ySH/A
	DZyrEHwLDdJ+45q/ymzFWUlKnGWdzS8sKSOlzh6d4MxlLt/AWVvSjium+mUCKRCKv8kbNE
	vrkdpv5hx62dly2f0OJ94r3io6Q9gf5ceweSEKEL/6oU1FN4VBge6hHWoB3CaA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QQvqp2CySzPBX;
	Wed, 24 May 2023 02:13:42 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34O2Dg5q084469;
	Wed, 24 May 2023 02:13:42 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34O2Dg3u084468;
	Wed, 24 May 2023 02:13:42 GMT
	(envelope-from git)
Date: Wed, 24 May 2023 02:13:42 GMT
Message-Id: <202305240213.34O2Dg3u084468@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: 4ce0e24735a1 - stable/13 - nfsd: Return ENXIO instead of EPERM when nfsd(8) already running
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 4ce0e24735a1619f54a22b263518e671256aef7e
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=4ce0e24735a1619f54a22b263518e671256aef7e

commit 4ce0e24735a1619f54a22b263518e671256aef7e
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-02-22 21:19:07 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-05-24 02:07:39 +0000

    nfsd: Return ENXIO instead of EPERM when nfsd(8) already running
    
    The nfsd(8) daemon generates an error message that does not
    indicate that the nfsd daemon is already running when the nfssvc(2)
    syscall fails for the NFSSVC_STABLERESTART.  Also, the check for
    running nfsd(8) in a vnet prison will return EPERM when it fails.
    
    This patch replaces EPERM with ENXIO so that the nfsd(8) daemon
    can generate more reasonable failure messages.  The nfsd(8) daemon
    will be patched in a future commit.
    
    (cherry picked from commit 10dff9da9748b0eadd2d02dded3afd2321d15537)
---
 sys/fs/nfsserver/nfs_nfsdport.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/fs/nfsserver/nfs_nfsdport.c b/sys/fs/nfsserver/nfs_nfsdport.c
index a5fcf58b3d9f..06e6a4147f30 100644
--- a/sys/fs/nfsserver/nfs_nfsdport.c
+++ b/sys/fs/nfsserver/nfs_nfsdport.c
@@ -4018,7 +4018,7 @@ nfssvc_srvcall(struct thread *p, struct nfssvc_args *uap, struct ucred *cred)
 		if (!error && (NFSFPFLAG(fp) & (FREAD | FWRITE)) != (FREAD | FWRITE))
 			error = EBADF;
 		if (!error && NFSD_VNET(nfsrv_numnfsd) != 0)
-			error = EPERM;
+			error = ENXIO;
 		if (!error) {
 			NFSD_VNET(nfsrv_stablefirst).nsf_fp = fp;
 			nfsrv_setupstable(p);

From nobody Wed May 24 02:19:26 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QQvyR1WxVz4TLvT;
	Wed, 24 May 2023 02:19:27 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QQvyR14bbz3Jvy;
	Wed, 24 May 2023 02:19:27 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1684894767;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=rjaQR7R0kwc3rBSHgJhzywMVaDoomGT+EfkAQ4rjIFE=;
	b=rHFxrKDi2+gUG2sSzIaOeAAPDazY/JUMOcvWhJIAi6zHW25TyjOvKWpe4iK3j+zog1+Vt8
	WXb1hcaeyk+VmHnR1KjiqxOyTtLJ6KM50P8cXbjEhmR57aaszOgtyzaBhW6AMv3GzljLKY
	QK2P/cQzkzfBUbagUg7czanEQzsMQRWaUwOitmvL5y8TP/nDYSwu54TcDiDvTirust9h4I
	MvWLsFCiRY1O+xTz6dqgEk1LwNEIbMJkkEm11QC/zEUyep/q6f9+LlLaQvigRRwWMTC7eS
	Kw2G3AeTV4l/vLskjv3m0HvmmIcod7ydAYqEjVGA6T5WcG5WUwJoTUWXNoSy5A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1684894767;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=rjaQR7R0kwc3rBSHgJhzywMVaDoomGT+EfkAQ4rjIFE=;
	b=HszWmm3fpgITicwg9H1/kPZc4qeHGjF6+OHTq37WpaBgMaAiFfLt+OcSY9C3x0jtO5n6+Y
	ITx3dFo4XSRw6E1rz0wvtDJLoRBKxSXNBSFvP8zu1HElTFCThRZY+dFqfNglv3Vh1KnUov
	vqCmmM/Yi9gqh4h5GgCuTPRDsUvY4/87ew+5UxULoPVPOqt8cf4byeG1bdC7x5H1rexpki
	fpK43b9hoaz93hRgvIup87q+lk23YgiX2nbZvbqDBOTwuYxCKiMGFDEUgpseubi3Cr0RvM
	vC5wUnfinQUefG0Cr+2pqINbJNPKTLLYqfVLN8A8JzAwpLPqWk5+LashQmhGnw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1684894767; a=rsa-sha256; cv=none;
	b=O/4wb8meKR96KWT2RoOV+VVSN6pqdaDhUuWR1ncMPJNlOjF8nOFuEbavzck54VmB/oBkO8
	DhW8dJ9bFJpWq7iVzlRAQHKP/5g/aYQO2j/Z4usUAGdNRwBBr56+RFD0WeAXHrquu73429
	q4jWLZAbdyeaUvxZfTgs0dTMSBe1yU9z2LTo9hakidr1gCl/5PQ5SGqAF46Gew7XgthIJh
	C15EColmbM/JtKoGjd/k/6dOjHCV8GxkOTHOVAiXiqRtDjVT9LaMItaH6mx4EmLGPSt4LI
	J/5y2GhQZX66wdg3TGGCVEnDiuh2oLKDzdqNHbpytNAwpu+n9fKzaMXSbT9F0w==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QQvyR08HlzPvd;
	Wed, 24 May 2023 02:19:27 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34O2JQjR085601;
	Wed, 24 May 2023 02:19:26 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34O2JQaI085600;
	Wed, 24 May 2023 02:19:26 GMT
	(envelope-from git)
Date: Wed, 24 May 2023 02:19:26 GMT
Message-Id: <202305240219.34O2JQaI085600@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: 8d92ebe2fa49 - stable/13 - nfsd.c: Log a more meaningful failure message
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 8d92ebe2fa49f6701e6aea7345b9ab9047aaec5b
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=8d92ebe2fa49f6701e6aea7345b9ab9047aaec5b

commit 8d92ebe2fa49f6701e6aea7345b9ab9047aaec5b
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-02-22 22:09:15 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-05-24 02:15:01 +0000

    nfsd.c: Log a more meaningful failure message
    
    For the cases where the nfsd(8) daemon is already running or
    has failed to start within a prison due to an incorrect prison
    configuration, the failure message logged is:
      Can't read stable storage file: operation not permitted
    
    This patch replaces the above with more meaningful messages.
    It depends on commit 10dff9da9748 to differentiate between the
    above two cases, however even without this commit, the messages
    should be an improvement.
    
    (cherry picked from commit fe5c211ba87315b098769a7e6d50b41f00f6fed4)
---
 usr.sbin/nfsd/nfsd.c | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/usr.sbin/nfsd/nfsd.c b/usr.sbin/nfsd/nfsd.c
index 0222d23f2312..3a7f58c7b4e5 100644
--- a/usr.sbin/nfsd/nfsd.c
+++ b/usr.sbin/nfsd/nfsd.c
@@ -170,8 +170,8 @@ main(int argc, char **argv)
 	int udpflag, ecode, error, s;
 	int bindhostc, bindanyflag, rpcbreg, rpcbregcnt;
 	int nfssvc_addsock;
-	int longindex = 0;
-	size_t nfs_minvers_size;
+	int jailed, longindex = 0;
+	size_t jailed_size, nfs_minvers_size;
 	const char *lopt;
 	char **bindhost = NULL;
 	pid_t pid;
@@ -465,7 +465,21 @@ main(int argc, char **argv)
 	/* This system call will fail for old kernels, but that's ok. */
 	nfssvc(NFSSVC_BACKUPSTABLE, NULL);
 	if (nfssvc(NFSSVC_STABLERESTART, (caddr_t)&stablefd) < 0) {
-		syslog(LOG_ERR, "Can't read stable storage file: %m\n");
+		if (errno == EPERM) {
+			jailed = 0;
+			jailed_size = sizeof(jailed);
+			sysctlbyname("security.jail.jailed", &jailed,
+			    &jailed_size, NULL, 0);
+			if (jailed != 0)
+				syslog(LOG_ERR, "nfssvc stablerestart failed: "
+				    "allow.nfsd might not be configured");
+			else
+				syslog(LOG_ERR, "nfssvc stablerestart failed");
+		} else if (errno == ENXIO)
+			syslog(LOG_ERR, "nfssvc stablerestart failed: is nfsd "
+			    "already running?");
+		else
+			syslog(LOG_ERR, "Can't read stable storage file: %m\n");
 		exit(1);
 	}
 	nfssvc_addsock = NFSSVC_NFSDADDSOCK;

From nobody Thu May 25 07:50:12 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QRgFl5m7Yz4CpQT;
	Thu, 25 May 2023 07:50:19 +0000 (UTC)
	(envelope-from manu@bidouilliste.com)
Received: from mx.blih.net (mx.blih.net [212.83.155.74])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "mx.blih.net", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QRgFj55Fyz3Hjn;
	Thu, 25 May 2023 07:50:17 +0000 (UTC)
	(envelope-from manu@bidouilliste.com)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=bidouilliste.com header.s=mx header.b=r3Lyx9IU;
	spf=pass (mx1.freebsd.org: domain of manu@bidouilliste.com designates 212.83.155.74 as permitted sender) smtp.mailfrom=manu@bidouilliste.com;
	dmarc=pass (policy=none) header.from=bidouilliste.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bidouilliste.com;
	s=mx; t=1685001014;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=q5FacnZbcVDX2KGJXQgyPhQqDnT1RToIDKcprd6hHKo=;
	b=r3Lyx9IUAswGqNpi+JRvejIAXF2F86jw0eCSE0WuTrpPbQKJdErwrhkxPvVfMtlMasqfCs
	lwMqsgr13hB3hM1clqzVnssKo9osBUjfEu2PPoGzFhlD2wXGRuwc6tsMig8ZpM1z9B+4n9
	xshzl9ZUqgK1wa3qa9JQ5l+Ud5i/gdE=
Received: from skull.home.blih.net (lfbn-lyo-1-2174-135.w90-66.abo.wanadoo.fr [90.66.97.135])
	by mx.blih.net (OpenSMTPD) with ESMTPSA id d9799f56 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO);
	Thu, 25 May 2023 07:50:13 +0000 (UTC)
Date: Thu, 25 May 2023 09:50:12 +0200
From: Emmanuel Vadot <manu@bidouilliste.com>
To: John Baldwin <jhb@FreeBSD.org>
Cc: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
 dev-commits-src-branches@FreeBSD.org
Subject: Re: git: 8ca78eb03fd4 - stable/13 - LinuxKPI: Make FPU sections
 thread-safe and use the NOCTX flag.
Message-Id: <20230525095012.e9f68cdbab909e6f314e4bd0@bidouilliste.com>
In-Reply-To: <202303221632.32MGWuVT024112@gitrepo.freebsd.org>
References: <202303221632.32MGWuVT024112@gitrepo.freebsd.org>
X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd14.0)
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spamd-Result: default: False [-3.50 / 15.00];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-1.00)[-0.999];
	DMARC_POLICY_ALLOW(-0.50)[bidouilliste.com,none];
	MV_CASE(0.50)[];
	R_SPF_ALLOW(-0.20)[+ip4:212.83.155.74/32];
	R_DKIM_ALLOW(-0.20)[bidouilliste.com:s=mx];
	MIME_GOOD(-0.10)[text/plain];
	ASN(0.00)[asn:12876, ipnet:212.83.128.0/19, country:FR];
	FROM_EQ_ENVFROM(0.00)[];
	MLMMJ_DEST(0.00)[dev-commits-src-all@FreeBSD.org,dev-commits-src-branches@FreeBSD.org];
	DKIM_TRACE(0.00)[bidouilliste.com:+];
	MIME_TRACE(0.00)[0:+];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	TO_DN_SOME(0.00)[];
	RCVD_COUNT_TWO(0.00)[2];
	FREEFALL_USER(0.00)[manu];
	ARC_NA(0.00)[];
	MID_RHS_MATCH_FROM(0.00)[];
	FROM_HAS_DN(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	RCPT_COUNT_THREE(0.00)[4];
	RCVD_TLS_ALL(0.00)[]
X-Rspamd-Queue-Id: 4QRgFj55Fyz3Hjn
X-Spamd-Bar: ---
X-ThisMailContainsUnwantedMimeParts: N


 Hi John,

On Wed, 22 Mar 2023 16:32:56 GMT
John Baldwin <jhb@FreeBSD.org> wrote:

> The branch stable/13 has been updated by jhb:
> 
> URL: https://cgit.FreeBSD.org/src/commit/?id=8ca78eb03fd4b3c9f514ea6c075fc44dc9c02d27
> 
> commit 8ca78eb03fd4b3c9f514ea6c075fc44dc9c02d27
> Author:     Hans Petter Selasky <hselasky@FreeBSD.org>
> AuthorDate: 2021-07-31 13:32:52 +0000
> Commit:     John Baldwin <jhb@FreeBSD.org>
> CommitDate: 2023-03-22 15:32:56 +0000
> 
>     LinuxKPI: Make FPU sections thread-safe and use the NOCTX flag.
>     
>     Reviewed by:    kib
>     Submitted by:   greg@unrelenting.technology
>     Differential Revision:  https://reviews.freebsd.org/D29921
>     MFC after:      1 week
>     Sponsored by:   NVIDIA Networking
>     
>     (cherry picked from commit 469884cf04a9b92677c7c83e229ca6b8814f8b0a)

 This break KBI so drm-kmod will now fail to load properly on
13.2-STABLE, this will also break drm-kmod for 13.3 when it's out (if
ever).
 link_elf_obj: symbol __lkpi_fpu_ctx_level undefined

 Cheers,

-- 
Emmanuel Vadot <manu@bidouilliste.com> <manu@freebsd.org>

From nobody Thu May 25 13:15:43 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QRpTC5Lkmz4TyjB;
	Thu, 25 May 2023 13:15:43 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QRpTC4nJ6z44QZ;
	Thu, 25 May 2023 13:15:43 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1685020543;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=SzvGLFgOpies6O5WL3AaMANDFFmbQvszU99EbgPgmh4=;
	b=mJGHEKoZ306Q8xqk/KFS9bZQKxyvMlk3M7xvJhR18pingWO+87RxK6uAxrU0pK7D+D0mKz
	q9ezY69DK+MSjd/li9GWM1L5/yDz9zUnrvTkj90UwA5t/U+bth9Nv3xprhnBZrOrcYVSD7
	aB031d6nuQ6k58yhBhWC0I5ljyNKBcnpJAeIBMab5ghTzB7FtDAcmtco/l8AwDjD+Ke4Tm
	afyE1jOeolKM5IfjzoZCa3JzTPaSzWq0SmuP7tgBEql6RoVL6jNxSfNZR+auYcNvMEKdyk
	pOCDedFKdALSEgU0/M9amhnFednxa9vshaRfwgLq4gimrC4/mKIpEpfwbvG4Zw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1685020543;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=SzvGLFgOpies6O5WL3AaMANDFFmbQvszU99EbgPgmh4=;
	b=tKck7AmwqfGqZ1s2iqLbmLp8UXfJL1dVZn6DNnzjiL52Q7rWGYUwRSkhOZsZ1/T5wUCUjn
	WWaQ7Z89soH8ii3VYCOf3Bx4I3UhISbDsaAwLSk7Ju4p3AmiUgfuGrXK2zQHH0T5wNZVLT
	//J9p5fVI0cYkdKlgE6s0tMdTpejqCr8YX7FbMswDegYj0I9TIkU5BUjTxpPQNsA6laJhx
	p3xpBdR8i2NPGOTm/Q+lgfzKyKtubIHutAnnmPXyh4RcNOeuslAJPUZjhLos1FWivvXLuV
	tz6cDfFYJjjw56QPc1DsT1O8L0Kdb26vlKsuTU5dzM+OnqVtyfGVUg1gjo1IAA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1685020543; a=rsa-sha256; cv=none;
	b=GBv/6L3YZWVuqgcPBW53HfKipra2fNiB9ga0urFfQPCR/STrRMb0Nyo2DV1doBW7LVR3of
	40kIzJsyu4KDO1e8C++0bq+VU10VHLgR6eaGDzNAWr5rGEdCF1zbu5v3PJx/NtJMWdScBn
	oacCO3BeZ780MYUCGkwHZX4HBq4tuDTXiy4dhzBDNrKZnBh1I6qgaq/8mMNcjkbWDxH9Qn
	88UkBs6MV3aj+Vv/fBEm1xa7r0zrf5yKZXR4E3JH2O4X54PGc4J6uaBGLTrcoAmeGk9DAU
	0vBV9PxWa1RpmZvS2wc9HZXhSS8Z5KoCi3vlak8vIXXBHvj5V2NLCZM/xWz+Ow==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QRpTC3rJxzR20;
	Thu, 25 May 2023 13:15:43 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34PDFh8T047607;
	Thu, 25 May 2023 13:15:43 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34PDFhq9047606;
	Thu, 25 May 2023 13:15:43 GMT
	(envelope-from git)
Date: Thu, 25 May 2023 13:15:43 GMT
Message-Id: <202305251315.34PDFhq9047606@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: 12c83a44794e - stable/13 - pfsync tests: check for the correct IP address
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 12c83a44794e8bab3355a44b1d19b83eb05e7d52
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=12c83a44794e8bab3355a44b1d19b83eb05e7d52

commit 12c83a44794e8bab3355a44b1d19b83eb05e7d52
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2023-05-18 19:37:48 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-05-25 01:56:24 +0000

    pfsync tests: check for the correct IP address
    
    When checking if the state synced over we should look for
    198.51.100.254, not 198.51.100.2. The test worked because the incorrect
    address is a substring of the correct one, but we should fix it anyway.
    
    Reported by:    Naman Sood <naman@freebsdfoundation.org>
    MFC after:      1 week
    
    (cherry picked from commit 0d574d8ba8b244f40c1484123c5042f49ac642b8)
---
 tests/sys/netpfil/pf/pfsync.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/sys/netpfil/pf/pfsync.sh b/tests/sys/netpfil/pf/pfsync.sh
index 748c0b2fcf29..513280331255 100644
--- a/tests/sys/netpfil/pf/pfsync.sh
+++ b/tests/sys/netpfil/pf/pfsync.sh
@@ -87,7 +87,7 @@ common_body()
 	sleep 2
 
 	if ! jexec two pfctl -s states | grep icmp | grep 198.51.100.1 | \
-	    grep 198.51.100.2 ; then
+	    grep 198.51.100.254 ; then
 		atf_fail "state not found on synced host"
 	fi
 }

From nobody Thu May 25 13:15:44 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QRpTD2zKPz4TyjC;
	Thu, 25 May 2023 13:15:44 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QRpTD2Cxzz44HD;
	Thu, 25 May 2023 13:15:44 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1685020544;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=fDsUuq6vfWFxANkLiSZlm1/khQHttdWblWr3YEHzGHA=;
	b=Iy9jAdH9r+sR1eOdIL1QKqF0AolCyKYumOnO39MEkcS6twMVyYDFu7pG8GgP1EsJBtqhva
	ucgXqsH7EHSQ/lE0iRJTvMc8r2mKUui2vNpCJFNbaR2I1nzuBfjm0M9JXScYv7Ps49gbDy
	/kc7zwESz+VxelUAPtOdYJCFkCLCxPs8BON69lfBBZ95pnDFab8WfYgjGhVBf68hT7QQkj
	d0ySLdPt4Llgxqq3f/v2xVcRf92IeXOrlM4oUZSeqB5yxJb2ZFD7cc5htTDUt5cO/nZ0tr
	nE/QLjm6UKC5M6OKCWpLJRiUAJXPcvMW14j6SwXMrAMD+P4HeRWMvmnng3tK/A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1685020544;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=fDsUuq6vfWFxANkLiSZlm1/khQHttdWblWr3YEHzGHA=;
	b=Mti885A24+U4CBtpkvTZkTAu458ATOz5Lx9sXUuJeViJCvYLgo/IkNe2bZmirVHNrE0x/X
	v4uWpqsJF1SuOUVI+xtblYbbPF0ADqVQf2zCm98phoNGpcdBO1MgJk6ZqehDUCMA8IBrKt
	hsvHLMH212kcVDdOz2J75wUrgQvMNj1qUU4ASPY0XxdwvfWB+EaGbx6QBQ5dmJnqG6H3Vm
	2LRiC5fXF/7TSs6dZKmdnb+qGRkiy5kgs48EsK+Ps8Yftxc5Rgw5/84M15LT+KQBrBX0nP
	4eTClTHnHUlQ4VNggYcIo5G7F4mG8aTUWwYCPliPtxre30JZM/zKH2EP2QD6GA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1685020544; a=rsa-sha256; cv=none;
	b=HD5gyE/TyEdiiP4RGTiYC+Z1G0X569BE8viNUrqcDuAIWiuKyMx/RnWAGD9SgVJrrJ66Pe
	OQ78jjb6CSokRAUBo3mdjcPKzY/XCiqrfyAuykM5x4EkPetdGm2WmvB60MAhHvkED2Ab8O
	nxs/msP01e0ZuQpoOE4KSXgbkpf/ji70maWK0flcIEsFmBqNaNQGjpXurnnU3ifKcBPBOg
	IAJulhCv7FEiomwXLZNZ0XihQjpV7jv05H7GyTJn+OMxzBBIEpHdE7oQRRrA8o2zA9EPIb
	yG9mveLlUFl1S3ci99QOVXa2e295+BeR1b/xnRhoXBmPYcLuZEfkES4gl95aig==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QRpTD1L40zQtG;
	Thu, 25 May 2023 13:15:44 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34PDFifc047688;
	Thu, 25 May 2023 13:15:44 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34PDFiQd047687;
	Thu, 25 May 2023 13:15:44 GMT
	(envelope-from git)
Date: Thu, 25 May 2023 13:15:44 GMT
Message-Id: <202305251315.34PDFiQd047687@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: 78c6659238aa - stable/12 - pfsync tests: check for the correct IP address
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/12
X-Git-Reftype: branch
X-Git-Commit: 78c6659238aab99737e3dc03775684b9aec496f4
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/12 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=78c6659238aab99737e3dc03775684b9aec496f4

commit 78c6659238aab99737e3dc03775684b9aec496f4
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2023-05-18 19:37:48 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-05-25 01:56:19 +0000

    pfsync tests: check for the correct IP address
    
    When checking if the state synced over we should look for
    198.51.100.254, not 198.51.100.2. The test worked because the incorrect
    address is a substring of the correct one, but we should fix it anyway.
    
    Reported by:    Naman Sood <naman@freebsdfoundation.org>
    MFC after:      1 week
    
    (cherry picked from commit 0d574d8ba8b244f40c1484123c5042f49ac642b8)
---
 tests/sys/netpfil/pf/pfsync.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/sys/netpfil/pf/pfsync.sh b/tests/sys/netpfil/pf/pfsync.sh
index 748c0b2fcf29..513280331255 100755
--- a/tests/sys/netpfil/pf/pfsync.sh
+++ b/tests/sys/netpfil/pf/pfsync.sh
@@ -87,7 +87,7 @@ common_body()
 	sleep 2
 
 	if ! jexec two pfctl -s states | grep icmp | grep 198.51.100.1 | \
-	    grep 198.51.100.2 ; then
+	    grep 198.51.100.254 ; then
 		atf_fail "state not found on synced host"
 	fi
 }

From nobody Thu May 25 21:22:24 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QS1Gn0x89z4CgDy;
	Thu, 25 May 2023 21:22:25 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QS1Gn0jWFz4SgS;
	Thu, 25 May 2023 21:22:25 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1685049745;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=q2zaKCNyPkjbAKftr4Cc84pQG/f2RENxNFO/fGvXmT4=;
	b=tMxE/kE+d6iCQfm3W42TkhmDvO8SDg2q4MqGv5seaw3y02bPxAEFjg0YOWZL5P0TAJQJew
	5yMX0y/a4FAT71NQcQI+DNEL7lBi5fb6uHWScmTtNBzz/gbkDqm1RVp+O+f7+xX509yyQo
	kOtDzngi3Yz8GyL4pIF8euKPFZ2Zy2mp0aHtfAXP8DeJ4RaVZ3n+xX+8W3g4JjgVyl0lZC
	b+ZetJ4YtSn1143BFtqVbtlYw+qRrd9rnOTa/lhy0Pdv9Lw33b802jLi0zpo1ZdloWI1fR
	ICGhLgx6BTd9FXVpIwZWmCHfj/0/O5yFKuF4gG5+4OHIZ0xP00gypv5n/XETQw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1685049745;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=q2zaKCNyPkjbAKftr4Cc84pQG/f2RENxNFO/fGvXmT4=;
	b=lShVLo2Rj+eWwKbJfiKDdiISscyBmz6jxJjhKjLHvVUw829NmrR+HOt0++0Dc4jPGGbyiX
	EzowRu+yJG5AoxiDvg7vOvpLoJRAqA+hse3CTBDS1O3WL+/cISNHssVkK5aCmPvGYHaBu/
	h/jHHlnQJ+vI6FXKeTnGIHoU73/q/S4opTaJNPWaim7/vHIWBxswW7xR3njONfjgm86p5j
	EA7UXrZC0Aa1IWGjvPg7E0qcSX2YUMziYrWILKmB2BOwTS9tCOwR7RSMzr8WCVvKMUvzD9
	7OpGqsVeACL9G7Ja6pe9IjWG58/KfoOKdF15NFsIEspNYNdyqJUT83dvOTtPcA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1685049745; a=rsa-sha256; cv=none;
	b=n+VRprtJK5Ebv36ViusfLs5p6oZei876aaHlf4u9aKJBH4nTlx096swhGfpeGccffR+8dC
	R9qt9DcGcXhnSpsoYMxmmT1y2/NrOPrmiaPsfKczvF/a+PwW8UhaZk0IkmzyOe0Ema1mu4
	gUBEA6iKoLAOy5ukcUVHRLu4h9y3QyECbFGSyyRVwK4ch46PfCj954RHIe3XwVikKYuGE4
	5GClfqvM0W/+ngj4hYePXlrAcVUbu55C/b1wF26HUfkCP/OkU2/mDPkJD2RihV6ek+HXss
	gLG/7TZBZMGTxHc9FNAvfYrM8AckYf60DNb/jaXbcJVHpwCopHxLAdZLucTBdg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QS1Gm6vXGzgLy;
	Thu, 25 May 2023 21:22:24 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34PLMOve057228;
	Thu, 25 May 2023 21:22:24 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34PLMOGe057227;
	Thu, 25 May 2023 21:22:24 GMT
	(envelope-from git)
Date: Thu, 25 May 2023 21:22:24 GMT
Message-Id: <202305252122.34PLMOGe057227@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: 0644746d5091 - stable/13 - nfscl: Add a new NFSv4.1/4.2 mount option for Kerberized mounts
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 0644746d50916cd1561ccec06afaa883554b98dc
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=0644746d50916cd1561ccec06afaa883554b98dc

commit 0644746d50916cd1561ccec06afaa883554b98dc
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-03-16 22:55:36 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-05-25 21:16:29 +0000

    nfscl: Add a new NFSv4.1/4.2 mount option for Kerberized mounts
    
    Without this patch, a Kerberized NFSv4.1/4.2 mount must provide
    a Kerberos credential for the client at mount time.  This credential
    is typically referred to as a "machine credential".  It can be
    created one of two ways:
    - The user (usually root) has a valid TGT at the time the mount
      is done and this becomes the machine credential.
      There are two problems with this.
      1 - The user doing the mount must have a valid TGT for a user
          principal at mount time.  As such, the mount cannot be put
          in fstab(5) or similar.
      2 - When the TGT expires, the mount breaks.
    - The client machine has a service principal in its default keytab
      file and this service principal (typically called a host-based
      initiator credential) is used as the machine credential.
      There are problems with this approach as well:
      1 - There is a certain amount of administrative overhead creating
          the service principal for the NFS client, creating a keytab
          entry for this principal and then copying the keytab entry
          into the client's default keytab file via some secure means.
      2 - The NFS client must have a fixed, well known, DNS name, since
          that FQDN is in the service principal name as the instance.
    
    This patch uses a feature of NFSv4.1/4.2 called SP4_NONE, which
    allows the state maintenance operations to be performed by any
    authentication mechanism, to do these operations via AUTH_SYS
    instead of RPCSEC_GSS (Kerberos).  As such, neither of the above
    mechanisms is needed.
    
    It is hoped that this option will encourage adoption of Kerberized
    NFS mounts using TLS, to provide a more secure NFS mount.
    
    This new NFSv4.1/4.2 mount option, called "syskrb5" must be used
    with "sec=krb5[ip]" to avoid the need for either of the above
    Kerberos setups to be done by the client.
    
    Note that all file access/modification operations still require
    users on the NFS client to have a valid TGT recognized by the
    NFSv4.1/4.2 server.  As such, this option allows, at most, a
    malicious client to do some sort of DOS attack.
    
    Although not required, use of "tls" with this new option is
    encouraged, since it provides on-the-wire encryption plus,
    optionally, client identity verification via a X.509
    certificate provided to the server during TLS handshake.
    Alternately, "sec=krb5p" does provide on-the-wire
    encryption of file data.
    
    A mount_nfs(8) man page update will be done in a separate commit.
    
    (cherry picked from commit 896516e54a8c39c1c8be3ad918f38fbf196b57ed)
---
 sys/fs/nfs/nfs.h                 |   7 ++
 sys/fs/nfs/nfs_commonkrpc.c      |  86 ++++++++++++++++++++++++-
 sys/fs/nfs/nfs_commonsubs.c      |  17 +++--
 sys/fs/nfs/nfs_var.h             |   5 +-
 sys/fs/nfs/nfsport.h             |   1 +
 sys/fs/nfsclient/nfs_clnode.c    |   4 +-
 sys/fs/nfsclient/nfs_clport.c    |  26 +++++++-
 sys/fs/nfsclient/nfs_clrpcops.c  | 122 +++++++++++++++++++++++++++++------
 sys/fs/nfsclient/nfs_clvfsops.c  | 134 +++++++++++++++++++++++++++++++++++----
 sys/fs/nfsclient/nfs_clvnops.c   |   6 +-
 sys/fs/nfsclient/nfsmount.h      |   3 +
 sys/fs/nfsserver/nfs_nfsdport.c  |   3 +-
 sys/fs/nfsserver/nfs_nfsdserv.c  |  18 +++---
 sys/fs/nfsserver/nfs_nfsdstate.c |   6 +-
 14 files changed, 378 insertions(+), 60 deletions(-)

diff --git a/sys/fs/nfs/nfs.h b/sys/fs/nfs/nfs.h
index ffd612331c1f..eac318512a35 100644
--- a/sys/fs/nfs/nfs.h
+++ b/sys/fs/nfs/nfs.h
@@ -522,6 +522,13 @@ typedef struct {
 	(b)->bits[2] = NFSGETATTRBIT_STATFS2;				\
 } while (0)
 
+#define	NFSROOTFS_GETATTRBIT(b)	do { 					\
+	(b)->bits[0] = NFSGETATTRBIT_STATFS0 | NFSATTRBIT_GETATTR0 |	\
+	    NFSATTRBM_LEASETIME;					\
+	(b)->bits[1] = NFSGETATTRBIT_STATFS1 | NFSATTRBIT_GETATTR1;	\
+	(b)->bits[2] = NFSGETATTRBIT_STATFS2 | NFSATTRBIT_GETATTR2;	\
+} while (0)
+
 #define	NFSISSETSTATFS_ATTRBIT(b) 					\
 		(((b)->bits[0] & NFSATTRBIT_STATFS0) || 		\
 		 ((b)->bits[1] & NFSATTRBIT_STATFS1) ||			\
diff --git a/sys/fs/nfs/nfs_commonkrpc.c b/sys/fs/nfs/nfs_commonkrpc.c
index 9badd8be47d4..f98d9f8df99a 100644
--- a/sys/fs/nfs/nfs_commonkrpc.c
+++ b/sys/fs/nfs/nfs_commonkrpc.c
@@ -162,6 +162,87 @@ static int nfsv2_procid[NFS_V3NPROCS] = {
 	NFSV2PROC_NOOP,
 };
 
+/*
+ * This static array indicates that a NFSv4 RPC should use
+ * RPCSEC_GSS, if the mount indicates that via sec=krb5[ip].
+ * System RPCs that do not use file handles will be false
+ * in this array so that they will use AUTH_SYS when the
+ * "syskrb5" mount option is specified, along with
+ * "sec=krb5[ip]".
+ */
+static bool nfscl_use_gss[NFSV42_NPROCS] = {
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	false,		/* SetClientID */
+	false,		/* SetClientIDConfirm */
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	false,		/* Renew */
+	true,
+	false,		/* ReleaseLockOwn */
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	false,		/* ExchangeID */
+	false,		/* CreateSession */
+	false,		/* DestroySession */
+	false,		/* DestroyClientID */
+	false,		/* FreeStateID */
+	true,
+	true,
+	true,
+	true,
+	false,		/* ReclaimComplete */
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	true,
+	false,		/* BindConnectionToSession */
+	true,
+	true,
+	true,
+	true,
+};
+
 /*
  * Initialize sockets and congestion for a new NFS connection.
  * We do not free the sockaddr if error.
@@ -679,7 +760,8 @@ newnfs_request(struct nfsrv_descript *nd, struct nfsmount *nmp,
 		}
 		NFSUNLOCKSTATE();
 	} else if (nmp != NULL && NFSHASKERB(nmp) &&
-	     nd->nd_procnum != NFSPROC_NULL) {
+	     nd->nd_procnum != NFSPROC_NULL && (!NFSHASSYSKRB5(nmp) ||
+	     nfscl_use_gss[nd->nd_procnum])) {
 		if (NFSHASALLGSSNAME(nmp) && nmp->nm_krbnamelen > 0)
 			nd->nd_flag |= ND_USEGSSNAME;
 		if ((nd->nd_flag & ND_USEGSSNAME) != 0) {
@@ -720,7 +802,7 @@ newnfs_request(struct nfsrv_descript *nd, struct nfsmount *nmp,
 		else
 			secflavour = RPCSEC_GSS_KRB5;
 		srv_principal = NFSMNT_SRVKRBNAME(nmp);
-	} else if (nmp != NULL && !NFSHASKERB(nmp) &&
+	} else if (nmp != NULL && (!NFSHASKERB(nmp) || NFSHASSYSKRB5(nmp)) &&
 	    nd->nd_procnum != NFSPROC_NULL &&
 	    (nd->nd_flag & ND_USEGSSNAME) != 0) {
 		/*
diff --git a/sys/fs/nfs/nfs_commonsubs.c b/sys/fs/nfs/nfs_commonsubs.c
index 00cc8c68e9bf..2565b4edaf23 100644
--- a/sys/fs/nfs/nfs_commonsubs.c
+++ b/sys/fs/nfs/nfs_commonsubs.c
@@ -45,6 +45,7 @@ __FBSDID("$FreeBSD$");
 #include "opt_inet6.h"
 
 #include <fs/nfs/nfsport.h>
+#include <fs/nfsclient/nfsmount.h>
 
 #include <sys/extattr.h>
 
@@ -436,7 +437,7 @@ nfscl_reqstart(struct nfsrv_descript *nd, int procnum, struct nfsmount *nmp,
 		if (nfsv4_opflag[nfsv4_opmap[procnum].op].needscfh > 0) {
 			NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 			*tl = txdr_unsigned(NFSV4OP_PUTFH);
-			(void) nfsm_fhtom(nd, nfhp, fhlen, 0);
+			nfsm_fhtom(nmp, nd, nfhp, fhlen, 0);
 			if (nfsv4_opflag[nfsv4_opmap[procnum].op].needscfh
 			    == 2 && procnum != NFSPROC_WRITEDS &&
 			    procnum != NFSPROC_COMMITDS) {
@@ -466,7 +467,7 @@ nfscl_reqstart(struct nfsrv_descript *nd, int procnum, struct nfsmount *nmp,
 			*tl = txdr_unsigned(nfsv4_opmap[procnum].op);
 		}
 	} else {
-		(void) nfsm_fhtom(nd, nfhp, fhlen, 0);
+		nfsm_fhtom(NULL, nd, nfhp, fhlen, 0);
 	}
 	if (procnum < NFSV42_NPROCS)
 		NFSINCRGLOBAL(nfsstatsv1.rpccnt[procnum]);
@@ -954,12 +955,15 @@ newnfs_init(void)
  * Return the number of bytes output, including XDR overhead.
  */
 int
-nfsm_fhtom(struct nfsrv_descript *nd, u_int8_t *fhp, int size, int set_true)
+nfsm_fhtom(struct nfsmount *nmp, struct nfsrv_descript *nd, u_int8_t *fhp,
+    int size, int set_true)
 {
 	u_int32_t *tl;
 	u_int8_t *cp;
 	int fullsiz, rem, bytesize = 0;
 
+	KASSERT(nmp == NULL || nmp->nm_fhsize > 0,
+	    ("nfsm_fhtom: 0 length fh"));
 	if (size == 0)
 		size = NFSX_MYFH;
 	switch (nd->nd_flag & (ND_NFSV2 | ND_NFSV3 | ND_NFSV4)) {
@@ -974,6 +978,11 @@ nfsm_fhtom(struct nfsrv_descript *nd, u_int8_t *fhp, int size, int set_true)
 		break;
 	case ND_NFSV3:
 	case ND_NFSV4:
+		if (size == NFSX_FHMAX + 1 && nmp != NULL &&
+		    (nmp->nm_privflag & NFSMNTP_FAKEROOTFH) != 0) {
+			fhp = nmp->nm_fh;
+			size = nmp->nm_fhsize;
+		}
 		fullsiz = NFSM_RNDUP(size);
 		rem = fullsiz - size;
 		if (set_true) {
@@ -2741,7 +2750,7 @@ nfsv4_fillattr(struct nfsrv_descript *nd, struct mount *mp, vnode_t vp,
 			retnum += NFSX_UNSIGNED;
 			break;
 		case NFSATTRBIT_FILEHANDLE:
-			retnum += nfsm_fhtom(nd, (u_int8_t *)fhp, 0, 0);
+			retnum += nfsm_fhtom(NULL, nd, (u_int8_t *)fhp, 0, 0);
 			break;
 		case NFSATTRBIT_FILEID:
 			NFSM_BUILD(tl, u_int32_t *, NFSX_HYPER);
diff --git a/sys/fs/nfs/nfs_var.h b/sys/fs/nfs/nfs_var.h
index ef7d0050e1a3..16d82053a961 100644
--- a/sys/fs/nfs/nfs_var.h
+++ b/sys/fs/nfs/nfs_var.h
@@ -325,7 +325,8 @@ int nfsaddr_match(int, union nethostaddr *, NFSSOCKADDR_T);
 int nfsaddr2_match(NFSSOCKADDR_T, NFSSOCKADDR_T);
 int nfsm_strtom(struct nfsrv_descript *, const char *, int);
 int nfsm_mbufuio(struct nfsrv_descript *, struct uio *, int);
-int nfsm_fhtom(struct nfsrv_descript *, u_int8_t *, int, int);
+int nfsm_fhtom(struct nfsmount *, struct nfsrv_descript *, u_int8_t *, int,
+    int);
 int nfsm_advance(struct nfsrv_descript *, int, int);
 void *nfsm_dissct(struct nfsrv_descript *, int, int);
 void newnfs_copycred(struct nfscred *, struct ucred *);
@@ -510,7 +511,7 @@ int nfsrpc_lockt(struct nfsrv_descript *, vnode_t,
 int nfsrpc_lock(struct nfsrv_descript *, struct nfsmount *, vnode_t,
     u_int8_t *, int, struct nfscllockowner *, int, int, u_int64_t,
     u_int64_t, short, struct ucred *, NFSPROC_T *, int);
-int nfsrpc_statfs(vnode_t, struct nfsstatfs *, struct nfsfsinfo *,
+int nfsrpc_statfs(vnode_t, struct nfsstatfs *, struct nfsfsinfo *, uint32_t *,
     struct ucred *, NFSPROC_T *, struct nfsvattr *, int *, void *);
 int nfsrpc_fsinfo(vnode_t, struct nfsfsinfo *, struct ucred *,
     NFSPROC_T *, struct nfsvattr *, int *, void *);
diff --git a/sys/fs/nfs/nfsport.h b/sys/fs/nfs/nfsport.h
index bcfbae857755..50071be4cc06 100644
--- a/sys/fs/nfs/nfsport.h
+++ b/sys/fs/nfs/nfsport.h
@@ -1086,6 +1086,7 @@ void ncl_copy_vattr(struct vattr *dst, struct vattr *src);
 #define	NFSHASONEOPENOWN(n)	(((n)->nm_flag & NFSMNT_ONEOPENOWN) != 0 &&	\
 				    (n)->nm_minorvers > 0)
 #define	NFSHASTLS(n)		(((n)->nm_newflag & NFSMNT_TLS) != 0)
+#define	NFSHASSYSKRB5(n)	(((n)->nm_newflag & NFSMNT_SYSKRB5) != 0)
 
 /*
  * Set boottime.
diff --git a/sys/fs/nfsclient/nfs_clnode.c b/sys/fs/nfsclient/nfs_clnode.c
index 9718c2c36a3c..8807cb2df712 100644
--- a/sys/fs/nfsclient/nfs_clnode.c
+++ b/sys/fs/nfsclient/nfs_clnode.c
@@ -156,8 +156,8 @@ ncl_nget(struct mount *mntp, u_int8_t *fhp, int fhsize, struct nfsnode **npp,
 	 * Are we getting the root? If so, make sure the vnode flags
 	 * are correct 
 	 */
-	if ((fhsize == nmp->nm_fhsize) &&
-	    !bcmp(fhp, nmp->nm_fh, fhsize)) {
+	if (fhsize == NFSX_FHMAX + 1 || (fhsize == nmp->nm_fhsize &&
+	    !bcmp(fhp, nmp->nm_fh, fhsize))) {
 		if (vp->v_type == VNON)
 			vp->v_type = VDIR;
 		vp->v_vflag |= VV_ROOT;
diff --git a/sys/fs/nfsclient/nfs_clport.c b/sys/fs/nfsclient/nfs_clport.c
index 1d2617b2bb9b..6501827e04a8 100644
--- a/sys/fs/nfsclient/nfs_clport.c
+++ b/sys/fs/nfsclient/nfs_clport.c
@@ -140,6 +140,19 @@ nfscl_nget(struct mount *mntp, struct vnode *dvp, struct nfsfh *nfhp,
 	dnp = VTONFS(dvp);
 	*npp = NULL;
 
+	/*
+	 * If this is the mount point fh and NFSMNTP_FAKEROOT is set, replace
+	 * it with the fake fh.
+	 */
+	if ((nmp->nm_privflag & NFSMNTP_FAKEROOTFH) != 0 &&
+	    nmp->nm_fhsize > 0 && nmp->nm_fhsize == nfhp->nfh_len &&
+	    !NFSBCMP(nmp->nm_fh, nfhp->nfh_fh, nmp->nm_fhsize)) {
+		free(nfhp, M_NFSFH);
+		nfhp = malloc(sizeof(struct nfsfh) + NFSX_FHMAX + 1,
+		    M_NFSFH, M_WAITOK | M_ZERO);
+		nfhp->nfh_len = NFSX_FHMAX + 1;
+	}
+
 	hash = fnv_32_buf(nfhp->nfh_fh, nfhp->nfh_len, FNV1_32_INIT);
 
 	error = vfs_hash_get(mntp, hash, lkflags,
@@ -241,8 +254,9 @@ nfscl_nget(struct mount *mntp, struct vnode *dvp, struct nfsfh *nfhp,
 	 * Are we getting the root? If so, make sure the vnode flags
 	 * are correct 
 	 */
-	if ((nfhp->nfh_len == nmp->nm_fhsize) &&
-	    !bcmp(nfhp->nfh_fh, nmp->nm_fh, nfhp->nfh_len)) {
+	if (nfhp->nfh_len == NFSX_FHMAX + 1 ||
+	    (nfhp->nfh_len == nmp->nm_fhsize &&
+	     !bcmp(nfhp->nfh_fh, nmp->nm_fh, nfhp->nfh_len))) {
 		if (vp->v_type == VNON)
 			vp->v_type = VDIR;
 		vp->v_vflag |= VV_ROOT;
@@ -492,9 +506,15 @@ nfscl_loadattrcache(struct vnode **vpp, struct nfsvattr *nap, void *nvaper,
 		 * this reliably with Clang and .c files during parallel build.
 		 * A pcap revealed packet fragmentation and GETATTR RPC
 		 * responses with wholly wrong fileids.
+		 * For the case where the file handle is a fake one
+		 * generated via the "syskrb5" mount option and
+		 * the old fileid is 2, ignore the test, since this might
+		 * be replacing the fake attributes with correct ones.
 		 */
 		if ((np->n_vattr.na_fileid != 0 &&
-		     np->n_vattr.na_fileid != nap->na_fileid) ||
+		     np->n_vattr.na_fileid != nap->na_fileid &&
+		     (np->n_vattr.na_fileid != 2 || !NFSHASSYSKRB5(nmp) ||
+		      np->n_fhp->nfh_len != NFSX_FHMAX + 1)) ||
 		    force_fid_err) {
 			nfscl_warn_fileid(nmp, &np->n_vattr, nap);
 			error = EIDRM;
diff --git a/sys/fs/nfsclient/nfs_clrpcops.c b/sys/fs/nfsclient/nfs_clrpcops.c
index 51c7bb25d357..00c54ce71e28 100644
--- a/sys/fs/nfsclient/nfs_clrpcops.c
+++ b/sys/fs/nfsclient/nfs_clrpcops.c
@@ -227,6 +227,7 @@ static int nfsrpc_copyrpc(vnode_t, off_t, vnode_t, off_t, size_t *,
 static int nfsrpc_seekrpc(vnode_t, off_t *, nfsv4stateid_t *, bool *,
     int, struct nfsvattr *, int *, struct ucred *);
 static struct mbuf *nfsm_split(struct mbuf *, uint64_t);
+static void nfscl_statfs(struct vnode *, struct ucred *, NFSPROC_T *);
 
 int nfs_pnfsio(task_fn_t *, void *);
 
@@ -305,9 +306,22 @@ nfsrpc_accessrpc(vnode_t vp, u_int32_t mode, struct ucred *cred,
 	int error;
 	struct nfsrv_descript nfsd, *nd = &nfsd;
 	nfsattrbit_t attrbits;
+	struct nfsmount *nmp;
+	struct nfsnode *np;
 
 	*attrflagp = 0;
 	supported = mode;
+	nmp = VFSTONFS(vp->v_mount);
+	np = VTONFS(vp);
+	if ((nmp->nm_privflag & NFSMNTP_FAKEROOTFH) != 0 &&
+	    nmp->nm_fhsize == 0) {
+		/* Attempt to get the actual root file handle. */
+		error = nfsrpc_getdirpath(nmp, NFSMNT_DIRPATH(nmp), cred, p);
+		if (error != 0)
+			return (EACCES);
+		if (np->n_fhp->nfh_len == NFSX_FHMAX + 1)
+			nfscl_statfs(vp, cred, p);
+	}
 	NFSCL_REQSTART(nd, NFSPROC_ACCESS, vp, cred);
 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 	*tl = txdr_unsigned(mode);
@@ -1211,7 +1225,20 @@ nfsrpc_getattr(vnode_t vp, struct ucred *cred, NFSPROC_T *p,
 	struct nfsrv_descript nfsd, *nd = &nfsd;
 	int error;
 	nfsattrbit_t attrbits;
+	struct nfsnode *np;
+	struct nfsmount *nmp;
 
+	nmp = VFSTONFS(vp->v_mount);
+	np = VTONFS(vp);
+	if ((nmp->nm_privflag & NFSMNTP_FAKEROOTFH) != 0 &&
+	    nmp->nm_fhsize == 0) {
+		/* Attempt to get the actual root file handle. */
+		error = nfsrpc_getdirpath(nmp, NFSMNT_DIRPATH(nmp), cred, p);
+		if (error != 0)
+			return (EACCES);
+		if (np->n_fhp->nfh_len == NFSX_FHMAX + 1)
+			nfscl_statfs(vp, cred, p);
+	}
 	NFSCL_REQSTART(nd, NFSPROC_GETATTR, vp, cred);
 	if (nd->nd_flag & ND_NFSV4) {
 		NFSGETATTR_ATTRBIT(&attrbits);
@@ -2316,7 +2343,7 @@ nfsrpc_createv4(vnode_t dvp, char *name, int namelen, struct vattr *vap,
 	/* Get the directory's post-op attributes. */
 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 	*tl = txdr_unsigned(NFSV4OP_PUTFH);
-	(void) nfsm_fhtom(nd, np->n_fhp->nfh_fh, np->n_fhp->nfh_len, 0);
+	nfsm_fhtom(nmp, nd, np->n_fhp->nfh_fh, np->n_fhp->nfh_len, 0);
 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
 	(void) nfsrv_putattrbit(nd, &attrbits);
@@ -2517,7 +2544,7 @@ tryagain:
 			*tl++ = dstateid.other[2];
 			*tl = txdr_unsigned(NFSV4OP_PUTFH);
 			np = VTONFS(dvp);
-			(void) nfsm_fhtom(nd, np->n_fhp->nfh_fh,
+			nfsm_fhtom(nmp, nd, np->n_fhp->nfh_fh,
 			    np->n_fhp->nfh_len, 0);
 			NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 			*tl = txdr_unsigned(NFSV4OP_REMOVE);
@@ -2605,7 +2632,7 @@ tryagain:
 				NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 				*tl = txdr_unsigned(NFSV4OP_PUTFH);
 				np = VTONFS(tvp);
-				(void) nfsm_fhtom(nd, np->n_fhp->nfh_fh,
+				nfsm_fhtom(nmp, nd, np->n_fhp->nfh_fh,
 				    np->n_fhp->nfh_len, 0);
 				NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 				*tl = txdr_unsigned(NFSV4OP_DELEGRETURN);
@@ -2625,7 +2652,7 @@ tryagain:
 			NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 			*tl = txdr_unsigned(NFSV4OP_PUTFH);
 			np = VTONFS(fdvp);
-			(void) nfsm_fhtom(nd, np->n_fhp->nfh_fh,
+			nfsm_fhtom(nmp, nd, np->n_fhp->nfh_fh,
 			    np->n_fhp->nfh_len, 0);
 			NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 			*tl = txdr_unsigned(NFSV4OP_SAVEFH);
@@ -2642,7 +2669,7 @@ tryagain:
 		(void) nfsrv_putattrbit(nd, &attrbits);
 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 		*tl = txdr_unsigned(NFSV4OP_PUTFH);
-		(void) nfsm_fhtom(nd, VTONFS(tdvp)->n_fhp->nfh_fh,
+		nfsm_fhtom(nmp, nd, VTONFS(tdvp)->n_fhp->nfh_fh,
 		    VTONFS(tdvp)->n_fhp->nfh_len, 0);
 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
@@ -2653,7 +2680,7 @@ tryagain:
 	}
 	(void) nfsm_strtom(nd, fnameptr, fnamelen);
 	if (!(nd->nd_flag & ND_NFSV4))
-		(void) nfsm_fhtom(nd, VTONFS(tdvp)->n_fhp->nfh_fh,
+		nfsm_fhtom(nmp, nd, VTONFS(tdvp)->n_fhp->nfh_fh,
 			VTONFS(tdvp)->n_fhp->nfh_len, 0);
 	(void) nfsm_strtom(nd, tnameptr, tnamelen);
 	error = nfscl_request(nd, fdvp, p, cred, fstuff);
@@ -2738,7 +2765,7 @@ nfsrpc_link(vnode_t dvp, vnode_t vp, char *name, int namelen,
 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 		*tl = txdr_unsigned(NFSV4OP_PUTFH);
 	}
-	(void) nfsm_fhtom(nd, VTONFS(dvp)->n_fhp->nfh_fh,
+	nfsm_fhtom(VFSTONFS(dvp->v_mount), nd, VTONFS(dvp)->n_fhp->nfh_fh,
 		VTONFS(dvp)->n_fhp->nfh_len, 0);
 	if (nd->nd_flag & ND_NFSV4) {
 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
@@ -2878,7 +2905,7 @@ nfsrpc_mkdir(vnode_t dvp, char *name, int namelen, struct vattr *vap,
 		(void) nfsrv_putattrbit(nd, &attrbits);
 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 		*tl = txdr_unsigned(NFSV4OP_PUTFH);
-		(void) nfsm_fhtom(nd, fhp->nfh_fh, fhp->nfh_len, 0);
+		nfsm_fhtom(nmp, nd, fhp->nfh_fh, fhp->nfh_len, 0);
 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
 		(void) nfsrv_putattrbit(nd, &attrbits);
@@ -4398,8 +4425,8 @@ nfsmout:
  */
 int
 nfsrpc_statfs(vnode_t vp, struct nfsstatfs *sbp, struct nfsfsinfo *fsp,
-    struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp,
-    void *stuff)
+    uint32_t *leasep, struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap,
+    int *attrflagp, void *stuff)
 {
 	u_int32_t *tl = NULL;
 	struct nfsrv_descript nfsd, *nd = &nfsd;
@@ -4414,7 +4441,10 @@ nfsrpc_statfs(vnode_t vp, struct nfsstatfs *sbp, struct nfsfsinfo *fsp,
 		 * For V4, you actually do a getattr.
 		 */
 		NFSCL_REQSTART(nd, NFSPROC_GETATTR, vp, cred);
-		NFSSTATFS_GETATTRBIT(&attrbits);
+		if (leasep != NULL)
+			NFSROOTFS_GETATTRBIT(&attrbits);
+		else
+			NFSSTATFS_GETATTRBIT(&attrbits);
 		(void) nfsrv_putattrbit(nd, &attrbits);
 		nd->nd_flag |= ND_USEGSSNAME;
 		error = nfscl_request(nd, vp, p, cred, stuff);
@@ -4422,8 +4452,8 @@ nfsrpc_statfs(vnode_t vp, struct nfsstatfs *sbp, struct nfsfsinfo *fsp,
 			return (error);
 		if (nd->nd_repstat == 0) {
 			error = nfsv4_loadattr(nd, NULL, nap, NULL, NULL, 0,
-			    NULL, NULL, sbp, fsp, NULL, 0, NULL, NULL, NULL, p,
-			    cred);
+			    NULL, NULL, sbp, fsp, NULL, 0, NULL, leasep, NULL,
+			    p, cred);
 			if (!error) {
 				nmp->nm_fsid[0] = nap->na_filesid[0];
 				nmp->nm_fsid[1] = nap->na_filesid[1];
@@ -4485,10 +4515,22 @@ nfsrpc_pathconf(vnode_t vp, struct nfsv3_pathconf *pc,
 	u_int32_t *tl;
 	nfsattrbit_t attrbits;
 	int error;
+	struct nfsnode *np;
 
 	*attrflagp = 0;
 	nmp = VFSTONFS(vp->v_mount);
 	if (NFSHASNFSV4(nmp)) {
+		np = VTONFS(vp);
+		if ((nmp->nm_privflag & NFSMNTP_FAKEROOTFH) != 0 &&
+		    nmp->nm_fhsize == 0) {
+			/* Attempt to get the actual root file handle. */
+			error = nfsrpc_getdirpath(nmp, NFSMNT_DIRPATH(nmp),
+			    cred, p);
+			if (error != 0)
+				return (EACCES);
+			if (np->n_fhp->nfh_len == NFSX_FHMAX + 1)
+				nfscl_statfs(vp, cred, p);
+		}
 		/*
 		 * For V4, you actually do a getattr.
 		 */
@@ -4675,7 +4717,7 @@ nfsrpc_getdirpath(struct nfsmount *nmp, u_char *dirpath, struct ucred *cred,
 	u_int32_t *tl;
 	struct nfsrv_descript nfsd;
 	struct nfsrv_descript *nd = &nfsd;
-	u_char *cp, *cp2;
+	u_char *cp, *cp2, *fhp;
 	int error, cnt, len, setnil;
 	u_int32_t *opcntp;
 
@@ -4723,9 +4765,17 @@ nfsrpc_getdirpath(struct nfsmount *nmp, u_char *dirpath, struct ucred *cred,
 			len > NFSX_FHMAX) {
 			nd->nd_repstat = NFSERR_BADXDR;
 		} else {
-			nd->nd_repstat = nfsrv_mtostr(nd, nmp->nm_fh, len);
-			if (nd->nd_repstat == 0)
-				nmp->nm_fhsize = len;
+			fhp = malloc(len + 1, M_TEMP, M_WAITOK);
+			nd->nd_repstat = nfsrv_mtostr(nd, fhp, len);
+			if (nd->nd_repstat == 0) {
+				NFSLOCKMNT(nmp);
+				if (nmp->nm_fhsize == 0) {
+					NFSBCOPY(fhp, nmp->nm_fh, len);
+					nmp->nm_fhsize = len;
+				}
+				NFSUNLOCKMNT(nmp);
+			}
+			free(fhp, M_TEMP);
 		}
 	}
 	error = nd->nd_repstat;
@@ -7949,7 +7999,7 @@ nfsrpc_createlayout(vnode_t dvp, char *name, int namelen, struct vattr *vap,
 	/* Get the directory's post-op attributes. */
 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 	*tl = txdr_unsigned(NFSV4OP_PUTFH);
-	nfsm_fhtom(nd, np->n_fhp->nfh_fh, np->n_fhp->nfh_len, 0);
+	nfsm_fhtom(nmp, nd, np->n_fhp->nfh_fh, np->n_fhp->nfh_len, 0);
 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
 	nfsrv_putattrbit(nd, &attrbits);
@@ -8354,7 +8404,7 @@ nfsrpc_copyrpc(vnode_t invp, off_t inoff, vnode_t outvp, off_t outoff,
 	nfsrv_putattrbit(nd, &attrbits);
 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
 	*tl = txdr_unsigned(NFSV4OP_PUTFH);
-	nfsm_fhtom(nd, VTONFS(outvp)->n_fhp->nfh_fh,
+	nfsm_fhtom(nmp, nd, VTONFS(outvp)->n_fhp->nfh_fh,
 	    VTONFS(outvp)->n_fhp->nfh_len, 0);
 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
 	*tl = txdr_unsigned(NFSV4OP_COPY);
@@ -8943,3 +8993,37 @@ nfsmout:
 		printf("nfsrpc_bindconnsess: reply bad xdr\n");
 	m_freem(nd->nd_mrep);
 }
+
+/*
+ * Do roughly what nfs_statfs() does for NFSv4, but when called with a shared
+ * locked vnode.
+ */
+static void
+nfscl_statfs(struct vnode *vp, struct ucred *cred, NFSPROC_T *td)
+{
+	struct nfsvattr nfsva;
+	struct nfsfsinfo fs;
+	struct nfsstatfs sb;
+	struct mount *mp;
+	struct nfsmount *nmp;
+	uint32_t lease;
+	int attrflag, error;
+
+	mp = vp->v_mount;
+	nmp = VFSTONFS(mp);
+	error = nfsrpc_statfs(vp, &sb, &fs, &lease, cred, td, &nfsva,
+	    &attrflag, NULL);
+	if (attrflag != 0)
+		nfscl_loadattrcache(&vp, &nfsva, NULL, NULL, 0, 1);
+	if (error == 0) {
+		NFSLOCKCLSTATE();
+		if (nmp->nm_clp != NULL)
+			nmp->nm_clp->nfsc_renew = NFSCL_RENEW(lease);
+		NFSUNLOCKCLSTATE();
+		mtx_lock(&nmp->nm_mtx);
+		nfscl_loadfsinfo(nmp, &fs);
+		nfscl_loadsbinfo(nmp, &sb, &mp->mnt_stat);
+		mp->mnt_stat.f_iosize = newnfs_iosize(nmp);
+		mtx_unlock(&nmp->nm_mtx);
+	}
+}
diff --git a/sys/fs/nfsclient/nfs_clvfsops.c b/sys/fs/nfsclient/nfs_clvfsops.c
index be863cc9d70a..d60b8f66f8c9 100644
--- a/sys/fs/nfsclient/nfs_clvfsops.c
+++ b/sys/fs/nfsclient/nfs_clvfsops.c
@@ -291,13 +291,37 @@ nfs_statfs(struct mount *mp, struct statfs *sbp)
 	struct nfsstatfs sb;
 	int error = 0, attrflag, gotfsinfo = 0, ret;
 	struct nfsnode *np;
+	char *fakefh;
 
 	td = curthread;
 
 	error = vfs_busy(mp, MBF_NOWAIT);
 	if (error)
 		return (error);
-	error = ncl_nget(mp, nmp->nm_fh, nmp->nm_fhsize, &np, LK_EXCLUSIVE);
+	if ((nmp->nm_privflag & NFSMNTP_FAKEROOTFH) != 0) {
+		if (nmp->nm_fhsize == 0) {
+			error = nfsrpc_getdirpath(nmp, NFSMNT_DIRPATH(nmp),
+			    td->td_ucred, td);
+			if (error != 0) {
+				/*
+				 * We cannot do anything yet.  Hopefully what
+				 * is in mnt_stat is sufficient.
+				 */
+				if (sbp != &mp->mnt_stat)
+					*sbp = mp->mnt_stat;
+				strncpy(&sbp->f_fstypename[0],
+				    mp->mnt_vfc->vfc_name, MFSNAMELEN);
+				vfs_unbusy(mp);
+				return (0);
+			}
+		}
+		fakefh = malloc(NFSX_FHMAX + 1, M_TEMP, M_WAITOK | M_ZERO);
+		error = ncl_nget(mp, fakefh, NFSX_FHMAX + 1, &np, LK_EXCLUSIVE);
+		free(fakefh, M_TEMP);
+	} else {
+		error = ncl_nget(mp, nmp->nm_fh, nmp->nm_fhsize, &np,
+		    LK_EXCLUSIVE);
+	}
 	if (error) {
 		vfs_unbusy(mp);
 		return (error);
@@ -313,8 +337,19 @@ nfs_statfs(struct mount *mp, struct statfs *sbp)
 	} else
 		mtx_unlock(&nmp->nm_mtx);
 	if (!error)
-		error = nfsrpc_statfs(vp, &sb, &fs, td->td_ucred, td, &nfsva,
-		    &attrflag, NULL);
+		error = nfsrpc_statfs(vp, &sb, &fs, NULL, td->td_ucred, td,
+		    &nfsva, &attrflag, NULL);
+	if ((nmp->nm_privflag & NFSMNTP_FAKEROOTFH) != 0 &&
+	    error == NFSERR_WRONGSEC) {
+		/* Cannot get new stats, so return what is in mnt_stat. */
+		if (sbp != &mp->mnt_stat)
+			*sbp = mp->mnt_stat;
+		strncpy(&sbp->f_fstypename[0], mp->mnt_vfc->vfc_name,
+		    MFSNAMELEN);
+		vput(vp);
+		vfs_unbusy(mp);
+		return (0);
+	}
 	if (error != 0)
 		NFSCL_DEBUG(2, "statfs=%d\n", error);
 	if (attrflag == 0) {
@@ -749,7 +784,7 @@ static const char *nfs_opts[] = { "from", "nfs_args",
     "nfsv3", "sec", "principal", "nfsv4", "gssname", "allgssname", "dirpath",
     "minorversion", "nametimeo", "negnametimeo", "nocto", "noncontigwr",
     "pnfs", "wcommitsize", "oneopenown", "tls", "tlscertname", "nconnect",
-    NULL };
+    "syskrb5", NULL };
 
 /*
  * Parse the "from" mountarg, passed by the generic mount(8) program
@@ -1205,6 +1240,8 @@ nfs_mount(struct mount *mp)
 		 */
 		aconn--;
 	}
+	if (vfs_getopt(mp->mnt_optnew, "syskrb5", NULL, NULL) == 0)
+		newflag |= NFSMNT_SYSKRB5;
 	if (vfs_getopt(mp->mnt_optnew, "sec",
 		(void **) &secname, NULL) == 0)
 		nfs_sec_name(secname, &args.flags);
@@ -1387,6 +1424,39 @@ nfs_mount(struct mount *mp)
 		goto out;
 	}
 
+	if ((newflag & NFSMNT_SYSKRB5) != 0 &&
+	    ((args.flags & NFSMNT_NFSV4) == 0 || minvers == 0)) {
+		/*
+		 * This option requires the use of SP4_NONE, which
+		 * is only in NFSv4.1/4.2.
+		 */
+		vfs_mount_error(mp, "syskrb5 should only be used "
+		    "for NFSv4.1/4.2 mounts");
+		error = EINVAL;
+		goto out;
+	}
+
+	if ((newflag & NFSMNT_SYSKRB5) != 0 &&
+	    (args.flags & NFSMNT_KERB) == 0) {
+		/*
+		 * This option modifies the behaviour of sec=krb5[ip].
+		 */
+		vfs_mount_error(mp, "syskrb5 should only be used "
+		    "for sec=krb5[ip] mounts");
+		error = EINVAL;
+		goto out;
+	}
+
+	if ((newflag & NFSMNT_SYSKRB5) != 0 && krbname[0] != '\0') {
+		/*
+		 * This option is used as an alternative to "gssname".
+		 */
+		vfs_mount_error(mp, "syskrb5 should not be used "
+		    "with the gssname option");
+		error = EINVAL;
+		goto out;
+	}
+
 	args.fh = nfh;
 	error = mountnfs(&args, mp, nam, hst, krbname, krbnamelen, dirpath,
 	    dirlen, srvkrbname, srvkrbnamelen, &vp, td->td_ucred, td,
@@ -1448,6 +1518,7 @@ mountnfs(struct nfs_args *argp, struct mount *mp, struct sockaddr *nam,
 	struct nfsclds *dsp, *tdsp;
 	uint32_t lease;
 	bool tryminvers;
+	char *fakefh;
 	static u_int64_t clval = 0;
 #ifdef KERN_TLS
 	u_int maxlen;
@@ -1621,6 +1692,12 @@ mountnfs(struct nfs_args *argp, struct mount *mp, struct sockaddr *nam,
 			error = EINVAL;
 			goto bad;
 		}
+		if (NFSHASSYSKRB5(nmp) && nmp->nm_minorvers == 0) {
+			vfs_mount_error(mp, "syskrb5 should only be used "
+			    "for NFSv4.1/4.2 mounts");
+			error = EINVAL;
+			goto bad;
+		}
 	}
 
 	if (nmp->nm_fhsize == 0 && (nmp->nm_flag & NFSMNT_NFSV4) &&
@@ -1635,10 +1712,13 @@ mountnfs(struct nfs_args *argp, struct mount *mp, struct sockaddr *nam,
 			error = nfsrpc_getdirpath(nmp, NFSMNT_DIRPATH(nmp),
 			    cred, td);
 			NFSCL_DEBUG(3, "aft dirp=%d\n", error);
-			if (error)
+			if (error != 0 && (!NFSHASSYSKRB5(nmp) ||
+			    error != NFSERR_WRONGSEC))
 				(void) nfs_catnap(PZERO, error, "nfsgetdirp");
-		} while (error && --trycnt > 0);
-		if (error)
+		} while (error != 0 && --trycnt > 0 &&
+		    (!NFSHASSYSKRB5(nmp) || error != NFSERR_WRONGSEC));
+		if (error != 0 && (!NFSHASSYSKRB5(nmp) ||
+		    error != NFSERR_WRONGSEC))
 			goto bad;
 	}
 
@@ -1649,16 +1729,27 @@ mountnfs(struct nfs_args *argp, struct mount *mp, struct sockaddr *nam,
 	 * the nfsnode gets flushed out of the cache. Ufs does not have
 	 * this problem, because one can identify root inodes by their
 	 * number == UFS_ROOTINO (2).
+	 * For the "syskrb5" mount, the file handle might not have
+	 * been acquired.  As such, use a "fake" file handle which
+	 * can never be returned by a server for the root vnode.
 	 */
-	if (nmp->nm_fhsize > 0) {
+	if (nmp->nm_fhsize > 0 || NFSHASSYSKRB5(nmp)) {
 		/*
 		 * Set f_iosize to NFS_DIRBLKSIZ so that bo_bsize gets set
 		 * non-zero for the root vnode. f_iosize will be set correctly
 		 * by nfs_statfs() before any I/O occurs.
 		 */
 		mp->mnt_stat.f_iosize = NFS_DIRBLKSIZ;
-		error = ncl_nget(mp, nmp->nm_fh, nmp->nm_fhsize, &np,
-		    LK_EXCLUSIVE);
+		if (nmp->nm_fhsize == 0) {
+			fakefh = malloc(NFSX_FHMAX + 1, M_TEMP, M_WAITOK |
+			    M_ZERO);
+			error = ncl_nget(mp, fakefh, NFSX_FHMAX + 1, &np,
+			    LK_EXCLUSIVE);
+			free(fakefh, M_TEMP);
+			nmp->nm_privflag |= NFSMNTP_FAKEROOTFH;
+		} else
+			error = ncl_nget(mp, nmp->nm_fh, nmp->nm_fhsize, &np,
+			    LK_EXCLUSIVE);
 		if (error)
 			goto bad;
 		*vpp = NFSTOV(np);
@@ -1668,8 +1759,10 @@ mountnfs(struct nfs_args *argp, struct mount *mp, struct sockaddr *nam,
 		 * mountpoint.  This has the side effect of filling in
 		 * (*vpp)->v_type with the correct value.
 		 */
-		ret = nfsrpc_getattrnovp(nmp, nmp->nm_fh, nmp->nm_fhsize, 1,
-		    cred, td, &nfsva, NULL, &lease);
+		ret = ENXIO;
+		if (nmp->nm_fhsize > 0)
+			ret = nfsrpc_getattrnovp(nmp, nmp->nm_fh,
+			    nmp->nm_fhsize, 1, cred, td, &nfsva, NULL, &lease);
 		if (ret) {
 			/*
 			 * Just set default values to get things going.
@@ -1684,7 +1777,7 @@ mountnfs(struct nfs_args *argp, struct mount *mp, struct sockaddr *nam,
 			nfsva.na_vattr.va_gen = 1;
 			nfsva.na_vattr.va_blocksize = NFS_FABLKSIZE;
 			nfsva.na_vattr.va_size = 512 * 1024;
-			lease = 60;
+			lease = 20;
 		}
 		(void) nfscl_loadattrcache(vpp, &nfsva, NULL, NULL, 0, 1);
 		if ((argp->flags & NFSMNT_NFSV4) != 0) {
@@ -1870,9 +1963,20 @@ nfs_root(struct mount *mp, int flags, struct vnode **vpp)
 	struct nfsmount *nmp;
 	struct nfsnode *np;
 	int error;
+	char *fakefh;
 
 	nmp = VFSTONFS(mp);
-	error = ncl_nget(mp, nmp->nm_fh, nmp->nm_fhsize, &np, flags);
+	if ((nmp->nm_privflag & NFSMNTP_FAKEROOTFH) != 0) {
+		/* Attempt to get the actual root file handle. */
+		if (nmp->nm_fhsize == 0)
+			error = nfsrpc_getdirpath(nmp, NFSMNT_DIRPATH(nmp),
+			    curthread->td_ucred, curthread);
+		fakefh = malloc(NFSX_FHMAX + 1, M_TEMP, M_WAITOK | M_ZERO);
+		error = ncl_nget(mp, fakefh, NFSX_FHMAX + 1, &np, flags);
+		free(fakefh, M_TEMP);
+	} else {
+		error = ncl_nget(mp, nmp->nm_fh, nmp->nm_fhsize, &np, flags);
+	}
 	if (error)
 		return error;
 	vp = NFSTOV(np);
@@ -2113,6 +2217,8 @@ void nfscl_retopts(struct nfsmount *nmp, char *buffer, size_t buflen)
 	    &buf, &blen);
 	nfscl_printopt(nmp, (nmp->nm_newflag & NFSMNT_TLS) != 0, ",tls", &buf,
 	    &blen);
+	nfscl_printopt(nmp, (nmp->nm_newflag & NFSMNT_SYSKRB5) != 0,
+	    ",syskrb5", &buf, &blen);
 	nfscl_printopt(nmp, (nmp->nm_flag & NFSMNT_NOCONN) != 0, ",noconn",
 	    &buf, &blen);
 	nfscl_printoptval(nmp, nmp->nm_aconnect + 1, ",nconnect", &buf, &blen);
diff --git a/sys/fs/nfsclient/nfs_clvnops.c b/sys/fs/nfsclient/nfs_clvnops.c
index d1d84b05bbd7..425d75c10586 100644
--- a/sys/fs/nfsclient/nfs_clvnops.c
+++ b/sys/fs/nfsclient/nfs_clvnops.c
@@ -996,7 +996,9 @@ nfs_getattr(struct vop_getattr_args *ap)
 	struct nfsvattr nfsva;
 	struct vattr *vap = ap->a_vap;
 	struct vattr vattr;
+	struct nfsmount *nmp;
 
+	nmp = VFSTONFS(vp->v_mount);
 	/*
 	 * Update local times for special files.
 	 */
@@ -1006,8 +1008,10 @@ nfs_getattr(struct vop_getattr_args *ap)
 	NFSUNLOCKNODE(np);
 	/*
 	 * First look in the cache.
+	 * For "syskrb5" mounts, nm_fhsize might still be zero and
+	 * cached attributes should be ignored.
 	 */
-	if (ncl_getattrcache(vp, &vattr) == 0) {
+	if (nmp->nm_fhsize > 0 && ncl_getattrcache(vp, &vattr) == 0) {
 		ncl_copy_vattr(vap, &vattr);
 
 		/*
diff --git a/sys/fs/nfsclient/nfsmount.h b/sys/fs/nfsclient/nfsmount.h
index a5997e474be9..c9183ebe919f 100644
--- a/sys/fs/nfsclient/nfsmount.h
+++ b/sys/fs/nfsclient/nfsmount.h
@@ -124,9 +124,12 @@ struct	nfsmount {
 #define	NFSMNTP_NOADVISE	0x00000100
 #define	NFSMNTP_NOALLOCATE	0x00000200
 #define	NFSMNTP_DELEGISSUED	0x00000400
+#define	NFSMNTP_NODEALLOCATE	0x00000800
+#define	NFSMNTP_FAKEROOTFH	0x00001000
 
 /* New mount flags only used by the kernel via nmount(2). */
 #define	NFSMNT_TLS		0x00000001
+#define	NFSMNT_SYSKRB5		0x00000002
 
 #define	NFSMNT_DIRPATH(m)	(&((m)->nm_name[(m)->nm_krbnamelen + 1]))
 #define	NFSMNT_SRVKRBNAME(m)						\
diff --git a/sys/fs/nfsserver/nfs_nfsdport.c b/sys/fs/nfsserver/nfs_nfsdport.c
index 06e6a4147f30..b83e51c231b0 100644
--- a/sys/fs/nfsserver/nfs_nfsdport.c
+++ b/sys/fs/nfsserver/nfs_nfsdport.c
@@ -2769,7 +2769,8 @@ again:
 				NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 				txdr_hyper(*cookiep, tl);
 				nfsrv_postopattr(nd, 0, nvap);
-				dirlen += nfsm_fhtom(nd,(u_int8_t *)&nfh,0,1);
+				dirlen += nfsm_fhtom(NULL, nd, (u_int8_t *)&nfh,
+				    0, 1);
 				dirlen += (5*NFSX_UNSIGNED+NFSX_V3POSTOPATTR);
 				if (nvp != NULL)
 					vput(nvp);
diff --git a/sys/fs/nfsserver/nfs_nfsdserv.c b/sys/fs/nfsserver/nfs_nfsdserv.c
index 2d1048d26486..6238160eda13 100644
--- a/sys/fs/nfsserver/nfs_nfsdserv.c
+++ b/sys/fs/nfsserver/nfs_nfsdserv.c
@@ -674,10 +674,10 @@ nfsrvd_lookup(struct nfsrv_descript *nd, __unused int isdgram,
 		goto out;
 	}
 	if (nd->nd_flag & ND_NFSV2) {
-		(void) nfsm_fhtom(nd, (u_int8_t *)fhp, 0, 0);
+		nfsm_fhtom(NULL, nd, (u_int8_t *)fhp, 0, 0);
 		nfsrv_fillattr(nd, &nva);
 	} else if (nd->nd_flag & ND_NFSV3) {
-		(void) nfsm_fhtom(nd, (u_int8_t *)fhp, 0, 0);
+		nfsm_fhtom(NULL, nd, (u_int8_t *)fhp, 0, 0);
 		nfsrv_postopattr(nd, 0, &nva);
 		nfsrv_postopattr(nd, dattr_ret, &dattr);
 	}
@@ -1284,7 +1284,7 @@ nfsrvd_create(struct nfsrv_descript *nd, __unused int isdgram,
 	}
 	if (nd->nd_flag & ND_NFSV2) {
 		if (!nd->nd_repstat) {
-			(void) nfsm_fhtom(nd, (u_int8_t *)&fh, 0, 0);
+			nfsm_fhtom(NULL, nd, (u_int8_t *)&fh, 0, 0);
 			nfsrv_fillattr(nd, &nva);
 		}
 	} else {
@@ -1294,7 +1294,7 @@ nfsrvd_create(struct nfsrv_descript *nd, __unused int isdgram,
 		diraft_ret = nfsvno_getattr(dirp, &diraft, nd, p, 0, NULL);
 		vrele(dirp);
 		if (!nd->nd_repstat) {
-			(void) nfsm_fhtom(nd, (u_int8_t *)&fh, 0, 1);
+			nfsm_fhtom(NULL, nd, (u_int8_t *)&fh, 0, 1);
 			nfsrv_postopattr(nd, 0, &nva);
 		}
 		nfsrv_wcc(nd, dirfor_ret, &dirfor, diraft_ret, &diraft);
*** 73 LINES SKIPPED ***

From nobody Fri May 26 01:07:47 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QS6Gq2PFXz4TF9t;
	Fri, 26 May 2023 01:07:47 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QS6Gq1w8fz3JZ8;
	Fri, 26 May 2023 01:07:47 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1685063267;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Cexfg0lw8OdqHoZEIYDQ2kQDI29hXJBNNP2fb51/aF0=;
	b=itqikBsunMF1kcJESctoupl0yiyP/Zu5hgUkRK/1yYRfhMdkmPCJTm2mOEDNCYMG8TN0cI
	IBV+dSX4Pcb8o+oxj6lqRofv75zP77wd4udvGEFZFDg2tE6baUqcXXMAtsGu70RVrfGVxi
	/j9pjqG4Ymk2OrBfkfY34gPbwcs169oHY+kRzSp6bjRUwIZdV/6IFKFdeI2BLLeH5N9Q3H
	hSb5hjK179BMoHXEMpCtiAQPxDa3qSj5dQe3GL6mPcWHBNIdJ0rp6VOkI1qssJfnkDrNFV
	vgvdwEi82KzisMgYFjy/nJCfAZxFnGjQW44n92qcAV+bZa9O5FiwbqCBuc8ysQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1685063267;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Cexfg0lw8OdqHoZEIYDQ2kQDI29hXJBNNP2fb51/aF0=;
	b=EVFiSfH3knLxnyKwGjqMEV6LMZ4Dw0zJ27wkP2KgbiGhTlPcaWefZV4pwnpa4tfjAOltvD
	nao+hrzg94VxdL6v9bEbMbs/izSPKaA/UzhyS2HWWm5NImNMzS6t0frklQp2sJYMAZ5g2+
	PuC/o8y3/+jJc+KA/ysyW81oXnK1vFasPIK+NtGdA/l9tp0YuBtPuWiaZzjhrVJOqHjWEL
	1gx1cM/dHmOUE6VLxGhPwlwMRWaEryFgcmER1BVjFfioLtAH3lNGHKrEWdYGavznwcv+wc
	3H18eoNPgU/V8QANDFlWaNrCIXbAxp8nZrljsV6e4e40w6eIajrnR+UD3eCBSQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1685063267; a=rsa-sha256; cv=none;
	b=Cnv3LCRaZ10YgXo/TMSI21oZsW963s0+3PdDeInQdbkrBD3vatX/YlB4vNuRNJRQbAZYPv
	y2fPokTd+tgPF6sGIqA26C8FxfFJL1bnSiZF3EXkxPKIOzohjUQot08XkoL9kQMpb8KNO4
	oUgKOSUk6H5jAh61yS+qen5takBEKu8O0tms2zb9OOFU0UE00avd4KTEv7Wsq2tExyg3j/
	rqLuxxV00X7cx4bH42ZngjwQ0Nl73zUaPwUNzHcjnVrM+Pj/3hfpm5NzXBjuwl3HOtfDQL
	wPCyM2U/GTuq3xTdIRrOfuv6kWW3IvbF2tk1e1TPmp0QrEZ7otx9uH04g+6+sQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QS6Gq0zFkzn2r;
	Fri, 26 May 2023 01:07:47 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34Q17l6x020354;
	Fri, 26 May 2023 01:07:47 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34Q17lFR020353;
	Fri, 26 May 2023 01:07:47 GMT
	(envelope-from git)
Date: Fri, 26 May 2023 01:07:47 GMT
Message-Id: <202305260107.34Q17lFR020353@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: 534e904f3857 - stable/13 - nfscl: Make coverity happy
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 534e904f3857a1f24efaaf6042bef68acc01515d
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=534e904f3857a1f24efaaf6042bef68acc01515d

commit 534e904f3857a1f24efaaf6042bef68acc01515d
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-03-29 00:08:45 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-05-26 01:06:10 +0000

    nfscl: Make coverity happy
    
    Coverity does not like code that checks a function's
    return value sometimes.  Add "(void)" in front of the
    function when the return value does not matter to try
    and make it happy.
    
    A recent commit deleted "(void)"s in front of nfsm_fhtom().
    This commit puts them back in.
    
    (cherry picked from commit 695d87bae1ec826fcf796f99b9de9cdd8c37fb8c)
---
 sys/fs/nfs/nfs_commonsubs.c      |  4 ++--
 sys/fs/nfsclient/nfs_clrpcops.c  | 20 ++++++++++----------
 sys/fs/nfsserver/nfs_nfsdserv.c  | 18 +++++++++---------
 sys/fs/nfsserver/nfs_nfsdstate.c |  6 +++---
 4 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/sys/fs/nfs/nfs_commonsubs.c b/sys/fs/nfs/nfs_commonsubs.c
index 2565b4edaf23..af9f66f03488 100644
--- a/sys/fs/nfs/nfs_commonsubs.c
+++ b/sys/fs/nfs/nfs_commonsubs.c
@@ -437,7 +437,7 @@ nfscl_reqstart(struct nfsrv_descript *nd, int procnum, struct nfsmount *nmp,
 		if (nfsv4_opflag[nfsv4_opmap[procnum].op].needscfh > 0) {
 			NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 			*tl = txdr_unsigned(NFSV4OP_PUTFH);
-			nfsm_fhtom(nmp, nd, nfhp, fhlen, 0);
+			(void)nfsm_fhtom(nmp, nd, nfhp, fhlen, 0);
 			if (nfsv4_opflag[nfsv4_opmap[procnum].op].needscfh
 			    == 2 && procnum != NFSPROC_WRITEDS &&
 			    procnum != NFSPROC_COMMITDS) {
@@ -467,7 +467,7 @@ nfscl_reqstart(struct nfsrv_descript *nd, int procnum, struct nfsmount *nmp,
 			*tl = txdr_unsigned(nfsv4_opmap[procnum].op);
 		}
 	} else {
-		nfsm_fhtom(NULL, nd, nfhp, fhlen, 0);
+		(void)nfsm_fhtom(NULL, nd, nfhp, fhlen, 0);
 	}
 	if (procnum < NFSV42_NPROCS)
 		NFSINCRGLOBAL(nfsstatsv1.rpccnt[procnum]);
diff --git a/sys/fs/nfsclient/nfs_clrpcops.c b/sys/fs/nfsclient/nfs_clrpcops.c
index 00c54ce71e28..81fa8415bf7a 100644
--- a/sys/fs/nfsclient/nfs_clrpcops.c
+++ b/sys/fs/nfsclient/nfs_clrpcops.c
@@ -2343,7 +2343,7 @@ nfsrpc_createv4(vnode_t dvp, char *name, int namelen, struct vattr *vap,
 	/* Get the directory's post-op attributes. */
 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 	*tl = txdr_unsigned(NFSV4OP_PUTFH);
-	nfsm_fhtom(nmp, nd, np->n_fhp->nfh_fh, np->n_fhp->nfh_len, 0);
+	(void)nfsm_fhtom(nmp, nd, np->n_fhp->nfh_fh, np->n_fhp->nfh_len, 0);
 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
 	(void) nfsrv_putattrbit(nd, &attrbits);
@@ -2544,7 +2544,7 @@ tryagain:
 			*tl++ = dstateid.other[2];
 			*tl = txdr_unsigned(NFSV4OP_PUTFH);
 			np = VTONFS(dvp);
-			nfsm_fhtom(nmp, nd, np->n_fhp->nfh_fh,
+			(void)nfsm_fhtom(nmp, nd, np->n_fhp->nfh_fh,
 			    np->n_fhp->nfh_len, 0);
 			NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 			*tl = txdr_unsigned(NFSV4OP_REMOVE);
@@ -2632,7 +2632,7 @@ tryagain:
 				NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 				*tl = txdr_unsigned(NFSV4OP_PUTFH);
 				np = VTONFS(tvp);
-				nfsm_fhtom(nmp, nd, np->n_fhp->nfh_fh,
+				(void)nfsm_fhtom(nmp, nd, np->n_fhp->nfh_fh,
 				    np->n_fhp->nfh_len, 0);
 				NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 				*tl = txdr_unsigned(NFSV4OP_DELEGRETURN);
@@ -2652,7 +2652,7 @@ tryagain:
 			NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 			*tl = txdr_unsigned(NFSV4OP_PUTFH);
 			np = VTONFS(fdvp);
-			nfsm_fhtom(nmp, nd, np->n_fhp->nfh_fh,
+			(void)nfsm_fhtom(nmp, nd, np->n_fhp->nfh_fh,
 			    np->n_fhp->nfh_len, 0);
 			NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 			*tl = txdr_unsigned(NFSV4OP_SAVEFH);
@@ -2669,7 +2669,7 @@ tryagain:
 		(void) nfsrv_putattrbit(nd, &attrbits);
 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 		*tl = txdr_unsigned(NFSV4OP_PUTFH);
-		nfsm_fhtom(nmp, nd, VTONFS(tdvp)->n_fhp->nfh_fh,
+		(void)nfsm_fhtom(nmp, nd, VTONFS(tdvp)->n_fhp->nfh_fh,
 		    VTONFS(tdvp)->n_fhp->nfh_len, 0);
 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
@@ -2680,7 +2680,7 @@ tryagain:
 	}
 	(void) nfsm_strtom(nd, fnameptr, fnamelen);
 	if (!(nd->nd_flag & ND_NFSV4))
-		nfsm_fhtom(nmp, nd, VTONFS(tdvp)->n_fhp->nfh_fh,
+		(void)nfsm_fhtom(nmp, nd, VTONFS(tdvp)->n_fhp->nfh_fh,
 			VTONFS(tdvp)->n_fhp->nfh_len, 0);
 	(void) nfsm_strtom(nd, tnameptr, tnamelen);
 	error = nfscl_request(nd, fdvp, p, cred, fstuff);
@@ -2765,7 +2765,7 @@ nfsrpc_link(vnode_t dvp, vnode_t vp, char *name, int namelen,
 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 		*tl = txdr_unsigned(NFSV4OP_PUTFH);
 	}
-	nfsm_fhtom(VFSTONFS(dvp->v_mount), nd, VTONFS(dvp)->n_fhp->nfh_fh,
+	(void)nfsm_fhtom(VFSTONFS(dvp->v_mount), nd, VTONFS(dvp)->n_fhp->nfh_fh,
 		VTONFS(dvp)->n_fhp->nfh_len, 0);
 	if (nd->nd_flag & ND_NFSV4) {
 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
@@ -2905,7 +2905,7 @@ nfsrpc_mkdir(vnode_t dvp, char *name, int namelen, struct vattr *vap,
 		(void) nfsrv_putattrbit(nd, &attrbits);
 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 		*tl = txdr_unsigned(NFSV4OP_PUTFH);
-		nfsm_fhtom(nmp, nd, fhp->nfh_fh, fhp->nfh_len, 0);
+		(void)nfsm_fhtom(nmp, nd, fhp->nfh_fh, fhp->nfh_len, 0);
 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
 		(void) nfsrv_putattrbit(nd, &attrbits);
@@ -7999,7 +7999,7 @@ nfsrpc_createlayout(vnode_t dvp, char *name, int namelen, struct vattr *vap,
 	/* Get the directory's post-op attributes. */
 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 	*tl = txdr_unsigned(NFSV4OP_PUTFH);
-	nfsm_fhtom(nmp, nd, np->n_fhp->nfh_fh, np->n_fhp->nfh_len, 0);
+	(void)nfsm_fhtom(nmp, nd, np->n_fhp->nfh_fh, np->n_fhp->nfh_len, 0);
 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
 	nfsrv_putattrbit(nd, &attrbits);
@@ -8404,7 +8404,7 @@ nfsrpc_copyrpc(vnode_t invp, off_t inoff, vnode_t outvp, off_t outoff,
 	nfsrv_putattrbit(nd, &attrbits);
 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
 	*tl = txdr_unsigned(NFSV4OP_PUTFH);
-	nfsm_fhtom(nmp, nd, VTONFS(outvp)->n_fhp->nfh_fh,
+	(void)nfsm_fhtom(nmp, nd, VTONFS(outvp)->n_fhp->nfh_fh,
 	    VTONFS(outvp)->n_fhp->nfh_len, 0);
 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
 	*tl = txdr_unsigned(NFSV4OP_COPY);
diff --git a/sys/fs/nfsserver/nfs_nfsdserv.c b/sys/fs/nfsserver/nfs_nfsdserv.c
index 6238160eda13..3420a9714805 100644
--- a/sys/fs/nfsserver/nfs_nfsdserv.c
+++ b/sys/fs/nfsserver/nfs_nfsdserv.c
@@ -674,10 +674,10 @@ nfsrvd_lookup(struct nfsrv_descript *nd, __unused int isdgram,
 		goto out;
 	}
 	if (nd->nd_flag & ND_NFSV2) {
-		nfsm_fhtom(NULL, nd, (u_int8_t *)fhp, 0, 0);
+		(void)nfsm_fhtom(NULL, nd, (u_int8_t *)fhp, 0, 0);
 		nfsrv_fillattr(nd, &nva);
 	} else if (nd->nd_flag & ND_NFSV3) {
-		nfsm_fhtom(NULL, nd, (u_int8_t *)fhp, 0, 0);
+		(void)nfsm_fhtom(NULL, nd, (u_int8_t *)fhp, 0, 0);
 		nfsrv_postopattr(nd, 0, &nva);
 		nfsrv_postopattr(nd, dattr_ret, &dattr);
 	}
@@ -1284,7 +1284,7 @@ nfsrvd_create(struct nfsrv_descript *nd, __unused int isdgram,
 	}
 	if (nd->nd_flag & ND_NFSV2) {
 		if (!nd->nd_repstat) {
-			nfsm_fhtom(NULL, nd, (u_int8_t *)&fh, 0, 0);
+			(void)nfsm_fhtom(NULL, nd, (u_int8_t *)&fh, 0, 0);
 			nfsrv_fillattr(nd, &nva);
 		}
 	} else {
@@ -1294,7 +1294,7 @@ nfsrvd_create(struct nfsrv_descript *nd, __unused int isdgram,
 		diraft_ret = nfsvno_getattr(dirp, &diraft, nd, p, 0, NULL);
 		vrele(dirp);
 		if (!nd->nd_repstat) {
-			nfsm_fhtom(NULL, nd, (u_int8_t *)&fh, 0, 1);
+			(void)nfsm_fhtom(NULL, nd, (u_int8_t *)&fh, 0, 1);
 			nfsrv_postopattr(nd, 0, &nva);
 		}
 		nfsrv_wcc(nd, dirfor_ret, &dirfor, diraft_ret, &diraft);
@@ -1494,7 +1494,7 @@ nfsrvd_mknod(struct nfsrv_descript *nd, __unused int isdgram,
 	vrele(dirp);
 	if (!nd->nd_repstat) {
 		if (nd->nd_flag & ND_NFSV3) {
-			nfsm_fhtom(NULL, nd, (u_int8_t *)fhp, 0, 1);
+			(void)nfsm_fhtom(NULL, nd, (u_int8_t *)fhp, 0, 1);
 			nfsrv_postopattr(nd, 0, &nva);
 		} else {
 			NFSM_BUILD(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
@@ -1949,7 +1949,7 @@ nfsrvd_symlink(struct nfsrv_descript *nd, __unused int isdgram,
 
 	if (nd->nd_flag & ND_NFSV3) {
 		if (!nd->nd_repstat) {
-			nfsm_fhtom(NULL, nd, (u_int8_t *)fhp, 0, 1);
+			(void)nfsm_fhtom(NULL, nd, (u_int8_t *)fhp, 0, 1);
 			nfsrv_postopattr(nd, 0, &nva);
 		}
 		nfsrv_wcc(nd, dirfor_ret, &dirfor, diraft_ret, &diraft);
@@ -2074,12 +2074,12 @@ nfsrvd_mkdir(struct nfsrv_descript *nd, __unused int isdgram,
 
 	if (nd->nd_flag & ND_NFSV3) {
 		if (!nd->nd_repstat) {
-			nfsm_fhtom(NULL, nd, (u_int8_t *)fhp, 0, 1);
+			(void)nfsm_fhtom(NULL, nd, (u_int8_t *)fhp, 0, 1);
 			nfsrv_postopattr(nd, 0, &nva);
 		}
 		nfsrv_wcc(nd, dirfor_ret, &dirfor, diraft_ret, &diraft);
 	} else if (!nd->nd_repstat) {
-		nfsm_fhtom(NULL, nd, (u_int8_t *)fhp, 0, 0);
+		(void)nfsm_fhtom(NULL, nd, (u_int8_t *)fhp, 0, 0);
 		nfsrv_fillattr(nd, &nva);
 	}
 
@@ -3463,7 +3463,7 @@ nfsrvd_getfh(struct nfsrv_descript *nd, __unused int isdgram,
 	nd->nd_repstat = nfsvno_getfh(vp, &fh, p);
 	vput(vp);
 	if (!nd->nd_repstat)
-		nfsm_fhtom(NULL, nd, (u_int8_t *)&fh, 0, 0);
+		(void)nfsm_fhtom(NULL, nd, (u_int8_t *)&fh, 0, 0);
 	NFSEXITCODE2(0, nd);
 	return (0);
 }
diff --git a/sys/fs/nfsserver/nfs_nfsdstate.c b/sys/fs/nfsserver/nfs_nfsdstate.c
index 20659bd6214c..6e6d78b4d491 100644
--- a/sys/fs/nfsserver/nfs_nfsdstate.c
+++ b/sys/fs/nfsserver/nfs_nfsdstate.c
@@ -4529,7 +4529,7 @@ nfsrv_docallback(struct nfsclient *clp, int procnum, nfsv4stateid_t *stateidp,
 			m_freem(nd->nd_mreq);
 			goto errout;
 		}
-		nfsm_fhtom(NULL, nd, (u_int8_t *)fhp, NFSX_MYFH, 0);
+		(void)nfsm_fhtom(NULL, nd, (u_int8_t *)fhp, NFSX_MYFH, 0);
 		(void)nfsrv_putattrbit(nd, attrbitp);
 	} else if (procnum == NFSV4OP_CBRECALL) {
 		nd->nd_procnum = NFSV4PROC_CBCOMPOUND;
@@ -4548,7 +4548,7 @@ nfsrv_docallback(struct nfsclient *clp, int procnum, nfsv4stateid_t *stateidp,
 			*tl = newnfs_true;
 		else
 			*tl = newnfs_false;
-		nfsm_fhtom(NULL, nd, (u_int8_t *)fhp, NFSX_MYFH, 0);
+		(void)nfsm_fhtom(NULL, nd, (u_int8_t *)fhp, NFSX_MYFH, 0);
 	} else if (procnum == NFSV4OP_CBLAYOUTRECALL) {
 		NFSD_DEBUG(4, "docallback layout recall\n");
 		nd->nd_procnum = NFSV4PROC_CBCOMPOUND;
@@ -4567,7 +4567,7 @@ nfsrv_docallback(struct nfsclient *clp, int procnum, nfsv4stateid_t *stateidp,
 		else
 			*tl++ = newnfs_false;
 		*tl = txdr_unsigned(NFSV4LAYOUTRET_FILE);
-		nfsm_fhtom(NULL, nd, (uint8_t *)fhp, NFSX_MYFH, 0);
+		(void)nfsm_fhtom(NULL, nd, (uint8_t *)fhp, NFSX_MYFH, 0);
 		NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_HYPER + NFSX_STATEID);
 		tval = 0;
 		txdr_hyper(tval, tl); tl += 2;

From nobody Fri May 26 01:12:41 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QS6NT2wZsz4TFJw;
	Fri, 26 May 2023 01:12:41 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QS6NT2RYRz3KJy;
	Fri, 26 May 2023 01:12:41 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1685063561;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=2fk8qTuj9s6zCpwx+k56Wd/0lYOIxv1hKLqvD1o5v78=;
	b=v5/axvKBXlaAPbG1DUN12ZYO2O4xQ8iP+Lk/eMOIyfPFBmjTKglRmX2rGdrtTO7rdEWpM4
	udCGOiH5y1xLxsvF9WSrJ8k2A5LggTlalJ/2SkxRFJdfHe8YN1JdlRddftXHj2+yi11olR
	36Dph3Aqq+GbRGPfi0DNKyWQFn9R3MtyDZjrKVcVtKz5aKCMhTLoEPVf7RAoc23o9reB2v
	Q4PxX8ewZe4tNHBqi/in2LQ1NxeZ2Gwr2WKcbzKEzMQpwKQx/jUJwVpdswMmWfRbaHFW03
	TSxJw8+ZLObYCIJZR31rTiH474DFpRJmAwVtjC7psQryKNpt5rlInSge8tTuKQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1685063561;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=2fk8qTuj9s6zCpwx+k56Wd/0lYOIxv1hKLqvD1o5v78=;
	b=qqVYDEJxbGSA1WXCUNERz6ONFbXwPWOGfeoZLixQHmeJrLBrjrno7+4o/MqJZKTdR/e6/E
	da9ROOuQlFRQslAImF39DbR8kPAaGviAcLwuKzVSbJjqHlELT1J8+ga5CshREMXj+Dgktr
	FDEm91CDnXeM2p2+5ghhwOZLqRWhPFDN/Twxiy9ifImuynpAj/eDPxNrRSjc0srraQnmAu
	J8dqXc11WQhoWBvx8RUqWMPqnMoEX81puUesren6W/9Zd73abwlU1n0FewAdNYZzU1zHnR
	UADE7Do3/LNfhNmcetbRE/nOnuRltD0hW/5hv/0k2Bt8+6SQYsEK6sUvJUs1sg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1685063561; a=rsa-sha256; cv=none;
	b=RaYEPhqBcytt8raDogOibY3No2yAVu/2IJtIj+fRv1tweHl2tfIy6b++TmGM7MO6Btqxyu
	nEvS7ay3yrpCc4buebSm+EVjX/ovSFZ25x8OV2k3NSTHjWJdC9fD30L8aInGbgr4N9e7hA
	OhTPQkk/Tc2fQiJJouh0LKfTOtQPh2ZsrZpPtTfVH9fqqIsg6SfA2mHeGz5QfIsXMOMovY
	ZtOQWjZsWsknXtZfC/uNShkUzxsPEFhG1UWy6Y0sZRnoUSNdwYrwIjKfDi6r9tTOV+sxGA
	SKRsuTugM+PpDJ0sNMQTNZLYuUGIs6n36j2H9SldRi0OUy2Q1oec+hYkf//fMQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QS6NT1V9sznHL;
	Fri, 26 May 2023 01:12:41 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34Q1CfRS036132;
	Fri, 26 May 2023 01:12:41 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34Q1CfSs036131;
	Fri, 26 May 2023 01:12:41 GMT
	(envelope-from git)
Date: Fri, 26 May 2023 01:12:41 GMT
Message-Id: <202305260112.34Q1CfSs036131@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: a3bd034d3d07 - stable/13 - mount_nfs.8: Update man page for the "syskrb5" option
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: a3bd034d3d0780f0c1c321974e4ca3a05293d711
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=a3bd034d3d0780f0c1c321974e4ca3a05293d711

commit a3bd034d3d0780f0c1c321974e4ca3a05293d711
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-04-11 19:17:09 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-05-26 01:10:45 +0000

    mount_nfs.8: Update man page for the "syskrb5" option
    
    Commit 896516e54a8c added a new NFS mount option
    used for Kerberized NFSv4.1/4.2 mounts. It specifies that
    AUTH_SYS be used for state maintenance (also called system)
    operations. This allows the mount to be done without the
    "gssname" option or a valid Kerberos TGT being held by the
    user doing the mount (so it can be specified in fstab(5) for
    example).
    
    This is a content change.
    
    (cherry picked from commit 61330e494f63ab60a515e3273668a03a7e8b4fee)
---
 sbin/mount_nfs/mount_nfs.8 | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/sbin/mount_nfs/mount_nfs.8 b/sbin/mount_nfs/mount_nfs.8
index c3da26c41c66..4f4b8891f67a 100644
--- a/sbin/mount_nfs/mount_nfs.8
+++ b/sbin/mount_nfs/mount_nfs.8
@@ -28,7 +28,7 @@
 .\"	@(#)mount_nfs.8	8.3 (Berkeley) 3/29/95
 .\" $FreeBSD$
 .\"
-.Dd September 24, 2022
+.Dd April 3, 2023
 .Dt MOUNT_NFS 8
 .Os
 .Sh NAME
@@ -166,7 +166,7 @@ It allows the mount to be performed by
 and avoids problems with
 cached credentials for the system operations expiring.
 The
-.Dq "service-prinicpal-name"
+.Dq "service-principal-name"
 should be specified without instance or domain and is typically
 .Dq "host" ,
 .Dq "nfs"
@@ -441,6 +441,21 @@ A soft mount, which implies that file system calls will fail
 after
 .Ar retrycnt
 round trip timeout intervals.
+.It Cm syskrb5
+This option specifies that a KerberosV NFSv4 minor version 1 or 2 mount
+uses AUTH_SYS for system operations.
+Using this option avoids the need for a KerberosV mount to have a
+host-based principal entry in the default keytab file
+(no
+.Cm gssname
+option) or a requirement for the user doing the mount to have a
+valid KerberosV ticket granting ticket (TGT) when the mount is done.
+This option is intended to be used with the
+.Cm sec Ns = Ns krb5
+and
+.Cm tls
+options and can only be used for
+NFSv4 mounts with minor version 1 or 2.
 .It Cm tcp
 Use TCP transport.
 This is the default option, as it provides for increased reliability on both

From nobody Fri May 26 08:48:07 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QSJV00wD7z4WRkv;
	Fri, 26 May 2023 08:48:08 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QSJTz6ySjz4CjH;
	Fri, 26 May 2023 08:48:07 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1685090888;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=urq0F1Ip3CeH534NKWe4Hnsi9UvHFaNbiZtUZvacH+Q=;
	b=Wp08+VzWLy3ENJB1/S2l16b1Ykti6MROZZht0K4ObbU+v28QfwTiUuLY0ofNGFeJUyVyqL
	DWXndQOjqxNN7xS0rE2wjEtY/MMXaTxRT0Y2m1xPAMkYREY/ypYFym4nJv0+Ym4rDtoODY
	mbZgcrva+XUrd+eF6I/CGOLNQZqvVO/Q4qp43H6WuahxYdQvvZpnAOb+fvqrrSTh3gdN/p
	IyHqE7DQ6mnBOl2aJWmLEGQyb/V79dBPmx/JIF+FAKY6WiVfphHHHBYeHxsOwWAsK4E3Ds
	uhBJp4o29WisZiogiQmy3fHFPC7pnCRphuIhi6hLJmEPrCmN5LkrxS3BS9ylPg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1685090888;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=urq0F1Ip3CeH534NKWe4Hnsi9UvHFaNbiZtUZvacH+Q=;
	b=tisBw/m4RkmbySBjrIWvJ29VpVuOT8F7Id/8bZ+iYqscYzwOHNoioDXxe35j+XsDNI5R5S
	GMe8fZ41HW7Cvuu5kJFK03HqCa21Mac41cr15HoJM8pHQd4C7NbS+hQGNCCFzvH/tdAvVn
	48XLSxRukXg9Yu8/+c9YPdv2l+rsqxr4zerV+tLvzSBAckrV8cdchzGC0cO/CmHew2PFMI
	gMv+SGmU8vdU/EBurVj9ZaPDA8tpS/tTkR+p2v8qAklPIpCJi5wtf4GakP22g6CjhzUalV
	iaJ2NbOLhmmT1Ijbs7vB+mczoJOAJUYRjxak4MTjI4Vyb+NC6GmVW187ncuY/w==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1685090888; a=rsa-sha256; cv=none;
	b=ddEU1+J/ZBKpmSM9sDrSY2tNwPTlt7QFD64BtoJjbQ8fbKKpI/nJ4yYfsTq4shQcgjNRAv
	cjg9jLLBvbEkWm5uyBT6jL1mlAlBDleVt7aX+iQFIdSySxZyFiUQUY/Sw28dEyyK6hh+C8
	4NJHYR2IvbkD+GSyD2JQp12ZN7kAp+NQFavUnmZNZhxe3Qjht8gXKWgFfTQT5twZqoa2+T
	FHz7AenlaWL7/ov3aXmktOhvcbn0imOreVM1ZE99fHu9+Yt8/wk2e8OAS6J6U9nYx7T24/
	pavxi1gY6c86Ec0SMJ9xA62bUo/1ZyQMiNPWsQutDTZLNp8QGbsZxCp9Uxb5GQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QSJTz60ylz116F;
	Fri, 26 May 2023 08:48:07 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34Q8m76G078104;
	Fri, 26 May 2023 08:48:07 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34Q8m7xs078103;
	Fri, 26 May 2023 08:48:07 GMT
	(envelope-from git)
Date: Fri, 26 May 2023 08:48:07 GMT
Message-Id: <202305260848.34Q8m7xs078103@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Dimitry Andric <dim@FreeBSD.org>
Subject: git: 03b5b12c2073 - stable/13 - bsd.compiler.mk: Add a c++20 compiler feature.
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: dim
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 03b5b12c20733e9b9b4121efc87ba59bd3448c7c
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by dim:

URL: https://cgit.FreeBSD.org/src/commit/?id=03b5b12c20733e9b9b4121efc87ba59bd3448c7c

commit 03b5b12c20733e9b9b4121efc87ba59bd3448c7c
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2022-11-19 04:11:59 +0000
Commit:     Dimitry Andric <dim@FreeBSD.org>
CommitDate: 2023-05-26 08:42:09 +0000

    bsd.compiler.mk: Add a c++20 compiler feature.
    
    This is enabled for clang versions 10+ and GCC versions 10+.
    
    Reviewed by:    imp
    Differential Revision:  https://reviews.freebsd.org/D36892
    
    (cherry picked from commit 063b380f54b04eaab8ee26e39d6e8128523d16ad)
---
 share/mk/bsd.compiler.mk | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/share/mk/bsd.compiler.mk b/share/mk/bsd.compiler.mk
index 71f0df70ad25..26f735c579e6 100644
--- a/share/mk/bsd.compiler.mk
+++ b/share/mk/bsd.compiler.mk
@@ -234,6 +234,10 @@ ${X_}COMPILER_FEATURES+=		c++11 c++14
 	(${${X_}COMPILER_TYPE} == "gcc" && ${${X_}COMPILER_VERSION} >= 70000)
 ${X_}COMPILER_FEATURES+=	c++17
 .endif
+.if (${${X_}COMPILER_TYPE} == "clang" && ${${X_}COMPILER_VERSION} >= 100000) || \
+	(${${X_}COMPILER_TYPE} == "gcc" && ${${X_}COMPILER_VERSION} >= 100100)
+${X_}COMPILER_FEATURES+=	c++20
+.endif
 .if ${${X_}COMPILER_TYPE} == "clang"
 ${X_}COMPILER_FEATURES+=	retpoline init-all
 .endif

From nobody Fri May 26 08:48:08 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QSJV11XLZz4WRmp;
	Fri, 26 May 2023 08:48:09 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QSJV10jbLz4Cm1;
	Fri, 26 May 2023 08:48:09 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1685090889;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=prxp6KLkJn88/cJTmk/VwS+kl/L5TpE1mhFIbuPNmEw=;
	b=XAsQUzgfPuLhMRmta7uV1rGWSDfAlg1+xt4qv5rCC6JLI8HN4JSbqfH6IfvVrKyqPy2cLw
	QvpP1m+hy7TysHBmnHGpG1guNdURCtaqILEsCdDeGwInQc3LQ14plcwUAUdPZ1nrVRSMcE
	jdpZhUkR6GmKAyWejr5EmURMFpt3rvCg1IibOWPDrDozkAQSl7y8CG+D8fpNBSk86b7RJV
	Zd/eipVtHO2JW5U6Y31QWphGPaZAoCK8BIe3eUMqVPa0zQMvFRRx/42bszEuqhcds8aROX
	5GLTTNLWHMjuSAf7xXZ5ApsjJWzPigbCWmWGC7FQdxFY2drfaFzljqUpXN2VrA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1685090889;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=prxp6KLkJn88/cJTmk/VwS+kl/L5TpE1mhFIbuPNmEw=;
	b=PnOgwptIhyv7huyOoPLtI7SlXOgRkZU8RA2jtlzlrnYtR8OvFIArfWnqtljJfiY8KhzeHl
	TqhRil7PTy+5N7rjtdvsNAPvk0zYcCpQvIZ2508xmGifj3Lccq7/j2RVKDsuTu3xcTn+Tp
	zU0wCSaCEv1nkowOi8/hKI7cfaPFRt6gkfJ09wegL2BOxoDuANBetqvYjV/VJLcd7qQUEI
	yUv7wvvEi7G/+atTeFXfXvXBF/tRsIQsSIFw7arhjpeFeyGYLUifsb/CRm7mtqUvOCRLJ4
	/QQNkqAaPYejkLFFX6kGr+Fs2K7sEDQY8f7k7rudAA2u35l65rU3zRj073Mpzg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1685090889; a=rsa-sha256; cv=none;
	b=VuKSStRVSwQYQPhAoyHmo952xuzTutY7PBYyI433LKuQuxjr/iM4deZ/oihM1tmnyynisj
	6J7N5eel5aREqM799b110tXlS9mT3/zqApOU8x6r9dijBbQGfR4BOna+ahaiQIskx3QEjF
	5rGjuoaVA0gs4A0DXr2JppHTQ0nfjqCTb3JQODteU4HhnIHWU+btQIgHTS4B9bdLXDIwU5
	YuBs/ECV9rRYGyC5bwRua/r1kKuF68Rg4OBPOBuJT3XqrH43pLkaR75R/mny0VmCmWnDps
	B/QMtB5ObxnJHAmwqcXB32mrkcsqmrDkwLMffnjLPUiGUx4A8JmM96sSokGrNw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QSJV06vpVz118Y;
	Fri, 26 May 2023 08:48:08 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34Q8m8HO078123;
	Fri, 26 May 2023 08:48:08 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34Q8m8xC078122;
	Fri, 26 May 2023 08:48:08 GMT
	(envelope-from git)
Date: Fri, 26 May 2023 08:48:08 GMT
Message-Id: <202305260848.34Q8m8xC078122@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Dimitry Andric <dim@FreeBSD.org>
Subject: git: 9374af1b21e2 - stable/13 - Update -ftrivial-auto-var-init flags for clang >= 16
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: dim
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 9374af1b21e2b87e44050569ad9779d7146467ce
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by dim:

URL: https://cgit.FreeBSD.org/src/commit/?id=9374af1b21e2b87e44050569ad9779d7146467ce

commit 9374af1b21e2b87e44050569ad9779d7146467ce
Author:     Dimitry Andric <dim@FreeBSD.org>
AuthorDate: 2023-05-23 17:40:36 +0000
Commit:     Dimitry Andric <dim@FreeBSD.org>
CommitDate: 2023-05-26 08:42:24 +0000

    Update -ftrivial-auto-var-init flags for clang >= 16
    
    As of clang 16, the -ftrivial-auto-var-init=zero option no longer needs
    -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
    to enable the option. Only add it for older clang versions.
    
    PR:             271047
    Reviewed by:    emaste
    MFC after:      3 days
    Differential Revision: https://reviews.freebsd.org/D40208
    
    (cherry picked from commit 3006f6df025f3afd0fb3cca1b820cdac1f1ed4c9)
---
 share/mk/bsd.lib.mk  | 14 ++++++++------
 share/mk/bsd.prog.mk | 14 ++++++++------
 sys/conf/kern.mk     |  6 ++++--
 3 files changed, 20 insertions(+), 14 deletions(-)

diff --git a/share/mk/bsd.lib.mk b/share/mk/bsd.lib.mk
index 684a3df108fa..5cd5663e1ca7 100644
--- a/share/mk/bsd.lib.mk
+++ b/share/mk/bsd.lib.mk
@@ -95,19 +95,21 @@ LDFLAGS+= -Wl,-zretpolineplt
 # Initialize stack variables on function entry
 .if ${MK_INIT_ALL_ZERO} == "yes"
 .if ${COMPILER_FEATURES:Minit-all}
-CFLAGS+= -ftrivial-auto-var-init=zero \
-    -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
-CXXFLAGS+= -ftrivial-auto-var-init=zero \
-    -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
+CFLAGS+= -ftrivial-auto-var-init=zero
+CXXFLAGS+= -ftrivial-auto-var-init=zero
+.if ${COMPILER_TYPE} == "clang" && ${COMPILER_VERSION} < 160000
+CFLAGS+= -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
+CXXFLAGS+= -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
+.endif
 .else
-.warning InitAll (zeros) requested but not support by compiler
+.warning InitAll (zeros) requested but not supported by compiler
 .endif
 .elif ${MK_INIT_ALL_PATTERN} == "yes"
 .if ${COMPILER_FEATURES:Minit-all}
 CFLAGS+= -ftrivial-auto-var-init=pattern
 CXXFLAGS+= -ftrivial-auto-var-init=pattern
 .else
-.warning InitAll (pattern) requested but not support by compiler
+.warning InitAll (pattern) requested but not supported by compiler
 .endif
 .endif
 
diff --git a/share/mk/bsd.prog.mk b/share/mk/bsd.prog.mk
index a55c2fd103fd..3b9b3277a241 100644
--- a/share/mk/bsd.prog.mk
+++ b/share/mk/bsd.prog.mk
@@ -70,19 +70,21 @@ LDFLAGS+= -Wl,-zretpolineplt
 # Initialize stack variables on function entry
 .if ${MK_INIT_ALL_ZERO} == "yes"
 .if ${COMPILER_FEATURES:Minit-all}
-CFLAGS+= -ftrivial-auto-var-init=zero \
-    -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
-CXXFLAGS+= -ftrivial-auto-var-init=zero \
-    -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
+CFLAGS+= -ftrivial-auto-var-init=zero
+CXXFLAGS+= -ftrivial-auto-var-init=zero
+.if ${COMPILER_TYPE} == "clang" && ${COMPILER_VERSION} < 160000
+CFLAGS+= -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
+CXXFLAGS+= -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
+.endif
 .else
-.warning InitAll (zeros) requested but not support by compiler
+.warning InitAll (zeros) requested but not supported by compiler
 .endif
 .elif ${MK_INIT_ALL_PATTERN} == "yes"
 .if ${COMPILER_FEATURES:Minit-all}
 CFLAGS+= -ftrivial-auto-var-init=pattern
 CXXFLAGS+= -ftrivial-auto-var-init=pattern
 .else
-.warning InitAll (pattern) requested but not support by compiler
+.warning InitAll (pattern) requested but not supported by compiler
 .endif
 .endif
 
diff --git a/sys/conf/kern.mk b/sys/conf/kern.mk
index 25c6ad8d87ac..a79cc5a5ed60 100644
--- a/sys/conf/kern.mk
+++ b/sys/conf/kern.mk
@@ -266,8 +266,10 @@ CFLAGS+=	-mretpoline
 #
 .if ${MK_INIT_ALL_ZERO} == "yes"
 .if ${COMPILER_FEATURES:Minit-all}
-CFLAGS+= -ftrivial-auto-var-init=zero \
-    -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
+CFLAGS+= -ftrivial-auto-var-init=zero
+.if ${COMPILER_TYPE} == "clang" && ${COMPILER_VERSION} < 160000
+CFLAGS+= -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
+.endif
 .else
 .warning InitAll (zeros) requested but not support by compiler
 .endif

From nobody Fri May 26 08:48:09 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QSJV21f19z4WRdq;
	Fri, 26 May 2023 08:48:10 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QSJV212zTz4D7Y;
	Fri, 26 May 2023 08:48:10 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1685090890;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=QMFv3KQ/DJY0NCho8OUW6WIsIoJxgLTeh7W5t1w6V/o=;
	b=LNSDtxf5xUI4kdIvvygYCP9H2yg70O6GT6oeUy6xWgrq/fHmEDs0i2f6+KoF8nD+8bIa+o
	fSSQxD/x53qNnBidfgPATTjHDdhJEbId65PTdBsa7P76fl18l0XoKNUad/XkSyidbWtZgv
	nvckF7s+W13Or07PiV0m/Y4eGseXSnf0y9uBUPxG5Kiba8HRcus5S7cKel8EhArcUucqsX
	4TpqlntxPpPZmwr2N+Htw/gMeFoTuQsFEU+YRBtXVcIm4ISgYejvtwGVmobo09KLtAK8jc
	h04eu4uYxm5Pwt0FOE3t8edgPUqpzIZBAd/2z/1V3Cg9fz0wMpXqk196sXGBOA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1685090890;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=QMFv3KQ/DJY0NCho8OUW6WIsIoJxgLTeh7W5t1w6V/o=;
	b=mk07LSXB8/3hhi/nZFzAoebdDu6zZE9506tfHXmfOigw6yXA4W0REkI24k2tt2OdR5wjLY
	/NnB/dCNbhnONcQ3T2sxZvs7oCjnOctSe+P0kh8TnPNtSqNTR1pEOpuqKIAp9tIJ3i/gEH
	1ovXNl1XNHixaXEzQz8O0sJik2esaBgiDa9e8+B2Py73l4/Qt0AsH/xke6YVGfN1hViVrg
	DEGA/ggVYVoiD1juebBZsjSBb0DPdSPKmCCM+SGsotfGNUSrITrzOvxiJWQQsbdVpJGOD+
	+sSIGzRrol4cNIkI+O18z6+7tax/XLIB1vttpBjCgzV3uVJ5sXZdao62wCn4tg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1685090890; a=rsa-sha256; cv=none;
	b=U/nTTGcYjpiMiqPL4AvNuYkacZzlnAgfCbj662aym/EpKaJpY+PypxfQ28rg5z8q5j2ASx
	FYnQh6AtQNsCp3qCOd3m8CZTaEjYCT/a5vkQk6yJsT5YZA3nLJbknrsIUubHDcE+JCKQbG
	Qg0KllScF80ehqfpN966rH16jOUkYJcS0nruqKzjKyaYTCwZiF7PvP/Maz+eBs8FR5hm9v
	S798z1TbO3DbYd90n/kuCQtrRyVxxRA59TqYnwgHwOe//Zwed5hZaUhfONAOCheFQ6KzmZ
	GJSxTClBrPD4G/epq4OgtO7iMLB3iaKGjrwMF+TgajfduwtYNREGnJK2WhPcRQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QSJV206blz116G;
	Fri, 26 May 2023 08:48:10 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34Q8m9U5078151;
	Fri, 26 May 2023 08:48:09 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34Q8m96C078150;
	Fri, 26 May 2023 08:48:09 GMT
	(envelope-from git)
Date: Fri, 26 May 2023 08:48:09 GMT
Message-Id: <202305260848.34Q8m96C078150@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Dimitry Andric <dim@FreeBSD.org>
Subject: git: 3b5f2c6e7413 - stable/13 - Enable -ftrivial-auto-var-init flags for gcc >= 12
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: dim
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 3b5f2c6e74135c2d881cc18378429d5848717ca4
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by dim:

URL: https://cgit.FreeBSD.org/src/commit/?id=3b5f2c6e74135c2d881cc18378429d5848717ca4

commit 3b5f2c6e74135c2d881cc18378429d5848717ca4
Author:     Dimitry Andric <dim@FreeBSD.org>
AuthorDate: 2023-05-23 17:43:12 +0000
Commit:     Dimitry Andric <dim@FreeBSD.org>
CommitDate: 2023-05-26 08:45:53 +0000

    Enable -ftrivial-auto-var-init flags for gcc >= 12
    
    Now that gcc >= 12 supports -ftrivial-auto-var-init, add it to
    bsd.compiler.mk's "init-all" feature.
    
    PR:             271047
    Reviewed by:    emaste
    MFC after:      3 days
    Differential Revision: https://reviews.freebsd.org/D40208
    
    (cherry picked from commit c32736222cdd92e1497d1154d81c9005757fb308)
---
 share/mk/bsd.compiler.mk | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/share/mk/bsd.compiler.mk b/share/mk/bsd.compiler.mk
index 26f735c579e6..87b8e86156bc 100644
--- a/share/mk/bsd.compiler.mk
+++ b/share/mk/bsd.compiler.mk
@@ -238,8 +238,12 @@ ${X_}COMPILER_FEATURES+=	c++17
 	(${${X_}COMPILER_TYPE} == "gcc" && ${${X_}COMPILER_VERSION} >= 100100)
 ${X_}COMPILER_FEATURES+=	c++20
 .endif
+.if ${${X_}COMPILER_TYPE} == "clang" || \
+	(${${X_}COMPILER_TYPE} == "gcc" && ${${X_}COMPILER_VERSION} >= 120000)
+${X_}COMPILER_FEATURES+=	init-all
+.endif
 .if ${${X_}COMPILER_TYPE} == "clang"
-${X_}COMPILER_FEATURES+=	retpoline init-all
+${X_}COMPILER_FEATURES+=	retpoline
 .endif
 
 .if (${${X_}COMPILER_TYPE} == "clang" && ${${X_}COMPILER_VERSION} >= 130000) || \

From nobody Fri May 26 08:48:11 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QSJV32N5xz4WRds;
	Fri, 26 May 2023 08:48:11 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QSJV31x9Tz4DDx;
	Fri, 26 May 2023 08:48:11 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1685090891;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=C64Om1H+jtorUxAtRd1urtoHIQ90wO263JIVygy52Sg=;
	b=c3IZNhA5ZlPqMI/73wvj/9G4Crb8GSkxCnHhERVvC4nFn4AT6Z3FtPxuB7hwFBYWYWAZ2x
	EvWCNTf7DWoYpEPGT6C6NTjnqezljhH8NUcjiettt3IIMjVARWm2CsD84cAHlp5xHiDibU
	sqne3zdTp4TV9jxIJc73lAbBNFGDOrqciF+8FOzoFreFgjU7yMi04BiOC8/y/e0YMFk/3M
	vRx9vFHwYn7vV517fjoG2VnaMV6I6Pr0V20Y6Y7yTTRmW01x2ZcLkv9nLzoUY/kXGf/BRF
	5azVYxHhOpcFUHu0xaN7exdWpXc2FL4Eo3oPsWV0RiW4AmIop0MvJmqUMfjaLA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1685090891;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=C64Om1H+jtorUxAtRd1urtoHIQ90wO263JIVygy52Sg=;
	b=yRJ2g97R9KvM7N+UN/Fan+QNu/Rk6rNl/gCPR5gUwbk4HNOcgA/EXtO4U7WgVS6wCNccoN
	NHEyRsr1cSmGMEoU8XqFXHM3of+nt+qYBo8erWffQp9Le6WAAMe/icaMA8jhWkHzkzFnf8
	brnJsS3ScH3hLoG0pf1WHfI46WrSclxet3DFL+KEra3H6Z8gVJKPMpCpiYLK4+tKdz+Ec4
	C5mcAtFa7H6JjuV9/r/U1V01rEi+ahMAfc0NvvmZIWjPt5Jge+ZTGB+Xiv2lYrzJAC1zG6
	pDEL0x+S5xKoSWo+ks/PNz8lrQiwylAFo135s8QgOwfp774YSNpyynfMj+g1mQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1685090891; a=rsa-sha256; cv=none;
	b=Mgj8U8SLiGsQfj8n+PL1pKP+WXZox7XWuCysk9S3CdQkmzJJMWe28/WJ3ok3JjbKb50YLo
	/KtqiZS1FRbfd4wiYewSMAzPHQU8H2fCo3s6btRVBWplvh7LBV+V3mKR8LPD4vN49tJPaK
	7t6NM7TIGJFnMImuU/kJsrIun3BguhWxAeYNeWUyc5q77/sFW6kkcJ05Y6k9hUVJFVyMFR
	aSbM2zhfKoZU80yjH7WACmy9rCxgd8qqn1Ggj7oHdr2rr9nyuSjCtpIrN/Z9RFkCTtvWiN
	gq8Ss7Y0pBKY8cj7XNIVUBmpEvx0ASSUY89t9VueJ+pe95jFmKZWnX2t50qpSQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QSJV312yYz115l;
	Fri, 26 May 2023 08:48:11 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34Q8mBXZ078172;
	Fri, 26 May 2023 08:48:11 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34Q8mBUh078171;
	Fri, 26 May 2023 08:48:11 GMT
	(envelope-from git)
Date: Fri, 26 May 2023 08:48:11 GMT
Message-Id: <202305260848.34Q8mBUh078171@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Dimitry Andric <dim@FreeBSD.org>
Subject: git: 4129317bda17 - stable/13 - Fix typo in sys/conf/kern.mk's InitAll warning message
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: dim
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 4129317bda170c8382324e4830ffdd5a272604c1
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by dim:

URL: https://cgit.FreeBSD.org/src/commit/?id=4129317bda170c8382324e4830ffdd5a272604c1

commit 4129317bda170c8382324e4830ffdd5a272604c1
Author:     Dimitry Andric <dim@FreeBSD.org>
AuthorDate: 2023-05-23 17:56:41 +0000
Commit:     Dimitry Andric <dim@FreeBSD.org>
CommitDate: 2023-05-26 08:46:15 +0000

    Fix typo in sys/conf/kern.mk's InitAll warning message
    
    I missed this one in commit 3006f6df025f.
    
    Fixes:          3006f6df025f
    MFC after:      3 days
    
    (cherry picked from commit 3741ffdb14ae6915abfa55307f3e964492b272c3)
---
 sys/conf/kern.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/conf/kern.mk b/sys/conf/kern.mk
index a79cc5a5ed60..7476d70c3234 100644
--- a/sys/conf/kern.mk
+++ b/sys/conf/kern.mk
@@ -271,7 +271,7 @@ CFLAGS+= -ftrivial-auto-var-init=zero
 CFLAGS+= -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
 .endif
 .else
-.warning InitAll (zeros) requested but not support by compiler
+.warning InitAll (zeros) requested but not supported by compiler
 .endif
 .elif ${MK_INIT_ALL_PATTERN} == "yes"
 .if ${COMPILER_FEATURES:Minit-all}

From nobody Fri May 26 21:26:14 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QSdJl0FTQz4THJV;
	Fri, 26 May 2023 21:26:15 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QSdJk3Fydz3Lhb;
	Fri, 26 May 2023 21:26:14 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1685136374;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=EjqiMrIVQ74VL3dqa/1bMEfcJ6R6BhAV3dvzW1Pwkm0=;
	b=K41fZyrHSuoqbrSwQngWdM/e4VofkVEMRMOyJkqAY8MWiWVE/XFwTy8HmcS76vDdXhNgHP
	RsgWpD9o5c6xvon4OY6wUfPVuWAdOiXpL8TxFOb8h/sQfO+/gi5KUxAu8yK6i/vlXPoF8q
	YjtxuYKTUmdY8nRe62FY/+g1kji/2f7AJfXtJ0GE9+WIV6zUMA6+hKPTBAD/RIku6DPSUk
	zTm7/cc6tHY+lqCRpkHK+J3E4SZ+y3x6dPT1KWhVkG3ZtzkUTtMut5pzM2gOO/N1ReD/W6
	wGNO4bW8gZy8eicQiFdw0gywpcJ4i6bhDvbMSitbbmFOGl15CpaIpNwtSAEyGQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1685136374;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=EjqiMrIVQ74VL3dqa/1bMEfcJ6R6BhAV3dvzW1Pwkm0=;
	b=NjyOI+R7qp9OuAXPuf0hjzCMCBi1TNyoTDPmQ8sRgsq7DK3lnmsT8ytxZPBYExp9+bnULU
	bX8RWnKqUKkCKBpOvBneefzXjsDFlbRoUcmyU5z7FgyNiv76lHSEIlCLUu3S4W3C1/MMAs
	/xBKtWrRih4wP5EEcxik5/z1gMxNUNpv55qWSF38N2pG8/MYoSp0Nc5dOPj/6lzIlEdTmZ
	uVUUagiHA/LFoH+QiodPgz2vz5wE0wewfT0VgrNBZqvc8dClVSChc4QGGMptbiAI3LyFUs
	1dLe2QzBI0AtPxY0GFnYGzpp0NjfPtgo4NBE6ucr2BelRre/fmcrvmUqdUtvnw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1685136374; a=rsa-sha256; cv=none;
	b=K7JNcGJOy6zgid0L9PYpfn1Eks0SMT+T/zT6MLzICxGPeqOGolUs4n+PeKapQ+ehPg6sKR
	yED+0dSgDVV0BQUJhcZoznqLxZnWLf0wbPMoIDhJmjgF8YF9M/U9Z6uaU/Xm2h2F9iB30S
	l2Xgxf3oQVkj1oF+NPHPV3ykz9zgowKqXPbxHAsPWRMbcIlVclMwGlclbZ92Rptfxv0yrI
	aNyb9E2q4NytdGGHv6TIo4zqRUqLuguhyP4w8T9UutrMl1rlGtxC0XxoEtqHyl5oZDNRau
	xVghlHR0ClieF+vqGncxEzEfF+hxh6/z4EM4nRx4FYe//s1NacSzdljoxjPXPA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QSdJk2FJRzN9P;
	Fri, 26 May 2023 21:26:14 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34QLQEen028716;
	Fri, 26 May 2023 21:26:14 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34QLQEF3028715;
	Fri, 26 May 2023 21:26:14 GMT
	(envelope-from git)
Date: Fri, 26 May 2023 21:26:14 GMT
Message-Id: <202305262126.34QLQEF3028715@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Kirk McKusick <mckusick@FreeBSD.org>
Subject: git: 4a3834e31fdf - stable/13 - Fix size differences between architectures of the UFS/FFS CGSIZE macro value.
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: mckusick
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 4a3834e31fdf3a3bcd9413fa4d5d1c66cfbe02a2
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by mckusick:

URL: https://cgit.FreeBSD.org/src/commit/?id=4a3834e31fdf3a3bcd9413fa4d5d1c66cfbe02a2

commit 4a3834e31fdf3a3bcd9413fa4d5d1c66cfbe02a2
Author:     Kirk McKusick <mckusick@FreeBSD.org>
AuthorDate: 2023-05-15 19:56:27 +0000
Commit:     Kirk McKusick <mckusick@FreeBSD.org>
CommitDate: 2023-05-26 21:25:50 +0000

    Fix size differences between architectures of the UFS/FFS CGSIZE macro value.
    
    Reported-by:  Tijl Coosemans
    Tested-by:    Tijl Coosemans and Peter Holm
    Sponsored-by: The FreeBSD Foundation
    
    (cherry picked from commit 0a6e34e950cd5889122a199c34519b67569be9cc)
---
 sbin/fsck_ffs/fsutil.c     | 4 ++--
 sbin/fsck_ffs/pass5.c      | 4 ++--
 sbin/growfs/growfs.c       | 2 +-
 sbin/newfs/mkfs.c          | 5 +++--
 sys/ufs/ffs/fs.h           | 7 +++----
 usr.sbin/makefs/ffs/mkfs.c | 2 +-
 6 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/sbin/fsck_ffs/fsutil.c b/sbin/fsck_ffs/fsutil.c
index b5ca478fbc46..bed87299a3cf 100644
--- a/sbin/fsck_ffs/fsutil.c
+++ b/sbin/fsck_ffs/fsutil.c
@@ -1037,7 +1037,7 @@ check_cgmagic(int cg, struct bufarea *cgbp)
 		CHK(cgp->cg_ndblk, !=, sblock.fs_size - cgbase(&sblock, cg),
 		    "%jd");
 	}
-	start = &cgp->cg_space[0] - (u_char *)(&cgp->cg_firstfield);
+	start = sizeof(*cgp);
 	if (sblock.fs_magic == FS_UFS2_MAGIC) {
 		CHK(cgp->cg_iusedoff, !=, start, "%jd");
 	} else if (sblock.fs_magic == FS_UFS1_MAGIC) {
@@ -1097,7 +1097,7 @@ rebuild_cg(int cg, struct bufarea *cgbp)
 		cgp->cg_ndblk = sblock.fs_fpg;
 	else
 		cgp->cg_ndblk = sblock.fs_size - cgbase(&sblock, cg);
-	start = &cgp->cg_space[0] - (u_char *)(&cgp->cg_firstfield);
+	start = sizeof(*cgp);
 	if (sblock.fs_magic == FS_UFS2_MAGIC) {
 		cgp->cg_iusedoff = start;
 	} else if (sblock.fs_magic == FS_UFS1_MAGIC) {
diff --git a/sbin/fsck_ffs/pass5.c b/sbin/fsck_ffs/pass5.c
index 61be54ed54ed..58143a0e8211 100644
--- a/sbin/fsck_ffs/pass5.c
+++ b/sbin/fsck_ffs/pass5.c
@@ -116,7 +116,7 @@ pass5(void)
 			}
 		}
 	}
-	basesize = &newcg->cg_space[0] - (u_char *)(&newcg->cg_firstfield);
+	basesize = sizeof(*newcg);
 	if (sblock.fs_magic == FS_UFS2_MAGIC) {
 		newcg->cg_iusedoff = basesize;
 	} else {
@@ -131,7 +131,7 @@ pass5(void)
 		    fs->fs_old_cpg * sizeof(int32_t);
 		newcg->cg_iusedoff = newcg->cg_old_boff +
 		    fs->fs_old_cpg * fs->fs_old_nrpos * sizeof(u_int16_t);
-		memset(&newcg->cg_space[0], 0, newcg->cg_iusedoff - basesize);
+		memset(&newcg[1], 0, newcg->cg_iusedoff - basesize);
 	}
 	inomapsize = howmany(fs->fs_ipg, CHAR_BIT);
 	newcg->cg_freeoff = newcg->cg_iusedoff + inomapsize;
diff --git a/sbin/growfs/growfs.c b/sbin/growfs/growfs.c
index c7ef0ced4ed6..281eec32836c 100644
--- a/sbin/growfs/growfs.c
+++ b/sbin/growfs/growfs.c
@@ -338,7 +338,7 @@ initcg(int cylno, time_t modtime, int fso, unsigned int Nflag)
 	acg.cg_ndblk = dmax - cbase;
 	if (sblock.fs_contigsumsize > 0)
 		acg.cg_nclusterblks = acg.cg_ndblk / sblock.fs_frag;
-	start = &acg.cg_space[0] - (u_char *)(&acg.cg_firstfield);
+	start = sizeof(acg);
 	if (sblock.fs_magic == FS_UFS2_MAGIC) {
 		acg.cg_iusedoff = start;
 	} else {
diff --git a/sbin/newfs/mkfs.c b/sbin/newfs/mkfs.c
index 1efada0dad17..42866f9b1426 100644
--- a/sbin/newfs/mkfs.c
+++ b/sbin/newfs/mkfs.c
@@ -718,7 +718,7 @@ initcg(int cylno, time_t utime)
 	acg.cg_ndblk = dmax - cbase;
 	if (sblock.fs_contigsumsize > 0)
 		acg.cg_nclusterblks = acg.cg_ndblk / sblock.fs_frag;
-	start = &acg.cg_space[0] - (u_char *)(&acg.cg_firstfield);
+	start = sizeof(acg);
 	if (Oflag == 2) {
 		acg.cg_iusedoff = start;
 	} else {
@@ -746,7 +746,8 @@ initcg(int cylno, time_t utime)
 		    howmany(fragstoblks(&sblock, sblock.fs_fpg), CHAR_BIT);
 	}
 	if (acg.cg_nextfreeoff > (unsigned)sblock.fs_cgsize) {
-		printf("Panic: cylinder group too big\n");
+		printf("Panic: cylinder group too big by %d bytes\n",
+		    acg.cg_nextfreeoff - (unsigned)sblock.fs_cgsize);
 		exit(37);
 	}
 	acg.cg_cs.cs_nifree += sblock.fs_ipg;
diff --git a/sys/ufs/ffs/fs.h b/sys/ufs/ffs/fs.h
index 8069b2db54bd..b2ed2051471c 100644
--- a/sys/ufs/ffs/fs.h
+++ b/sys/ufs/ffs/fs.h
@@ -534,11 +534,11 @@ CTASSERT(sizeof(struct fs) == 1376);
  * cylinder group and the (struct cg) size.
  */
 #define	CGSIZE(fs) \
-    /* base cg */	(sizeof(struct cg) + sizeof(int32_t) + \
+    /* base cg */	(sizeof(struct cg) + \
     /* old btotoff */	(fs)->fs_old_cpg * sizeof(int32_t) + \
     /* old boff */	(fs)->fs_old_cpg * sizeof(u_int16_t) + \
     /* inode map */	howmany((fs)->fs_ipg, NBBY) + \
-    /* block map */	howmany((fs)->fs_fpg, NBBY) +\
+    /* block map */	howmany((fs)->fs_fpg, NBBY) + sizeof(int32_t) + \
     /* if present */	((fs)->fs_contigsumsize <= 0 ? 0 : \
     /* cluster sum */	(fs)->fs_contigsumsize * sizeof(int32_t) + \
     /* cluster map */	howmany(fragstoblks(fs, (fs)->fs_fpg), NBBY)))
@@ -585,8 +585,7 @@ struct cg {
 	u_int32_t cg_ckhash;		/* check-hash of this cg */
 	ufs_time_t cg_time;		/* time last written */
 	int64_t	 cg_sparecon64[3];	/* reserved for future use */
-	u_int8_t cg_space[1];		/* space for cylinder group maps */
-/* actually longer */
+	/* actually longer - space used for cylinder group maps */
 };
 
 /*
diff --git a/usr.sbin/makefs/ffs/mkfs.c b/usr.sbin/makefs/ffs/mkfs.c
index ef745fe3c196..d48dc65aac68 100644
--- a/usr.sbin/makefs/ffs/mkfs.c
+++ b/usr.sbin/makefs/ffs/mkfs.c
@@ -634,7 +634,7 @@ initcg(uint32_t cylno, time_t utime, const fsinfo_t *fsopts)
 	acg.cg_ndblk = dmax - cbase;
 	if (sblock.fs_contigsumsize > 0)
 		acg.cg_nclusterblks = acg.cg_ndblk >> sblock.fs_fragshift;
-	start = &acg.cg_space[0] - (u_char *)(&acg.cg_firstfield);
+	start = sizeof(acg);
 	if (Oflag == 2) {
 		acg.cg_iusedoff = start;
 	} else {

From nobody Fri May 26 21:38:07 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QSdZS3qMSz4TJ3N;
	Fri, 26 May 2023 21:38:08 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QSdZS35Lmz3M6k;
	Fri, 26 May 2023 21:38:08 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1685137088;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=w09RUKiWl+Tsy2VCT5nG9cdenDLQ8hyN9CCgMh8PreM=;
	b=igYKLj6hIMnzwWdLk+Rz1Se4OYs318DHbU4fFoFUB5U77kKDpT1uJgw+VvOppYPXIv2zki
	jCRGFndaGXNmV/UUrY8QnD6JsPYCpmqPO0McKGmDqxZtnzHLI3rSJ1QlXjjzb9fsRrhLpy
	+mTcmddgseE+PbW5M3GSE/PTQGd9Gk6JjtU336dRt0QtYZliSMlxw7U941mvC5cA1ghvkU
	xdWM5kk1fdyO4djzB2yQQCfwWXpCOECC6644Kr5iz6b9JqpowL8auEcnAhFuh5p8HU+6NQ
	AA3C1MnDdPm6k13dgwwS+64hjf9SKnpxLuByRi0u5uKuu9oSpodN7lQEzp3Tcg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1685137088;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=w09RUKiWl+Tsy2VCT5nG9cdenDLQ8hyN9CCgMh8PreM=;
	b=qN65Jkkx07OSrGYS4w02lo6gkDnOroTrnTW+UNByM+hqehgtxwg4Q+WHu3O7WP7cv2QcLB
	lR9VEXxsV0fDMRfdSBzFyy3DqE+NaTJ830iWr165Ma7cegdvNwlFG+tV48atz6e09fHbF9
	W9TyRYK2L2AYY2bPwvGLpconJ/i5hc5gOryZgRFq7PzJsMPMMbHc6OzrcP7yfI0VbJW+HR
	gA0LV/+QzWXLTMGDLe3X6/Gl/T9PopPuQuO+tVpXhIctF7+JnfZ3PURwrrtqi5dTjk3mDD
	hz8j8PiX3kaL6KfJwafewDNm7BwKekLJHFcnWW6SpfZ1BXuYQPwQAolgO2UgaA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1685137088; a=rsa-sha256; cv=none;
	b=RHEPHItRJkaQTaBEOGY1TDJkHBZ5P/9LksVdPN4BjWBuRVhyLKH3nU/69E2FSNFqkmyNkG
	7kl2HSp9JDKSI245OGFtlaFqBlVSkWu7GRM7S+ZuvOYM7g5RPpyQ+hNmTl4Roe543jI+zz
	3EetdMb8TdyLf+sVu5TGgrUpt93k3KTI+/QHk2zapy24zrazLvobJWs+pW4tP6aziTVf5r
	e8oVxLXg6g53+LZqB99mEBq9tt1T1z0zf0IGo8iw0118aHUZnvI89O6LMuWnZ9GoQWsk3R
	ACvl/OgMzTo3w6numywouwEzIzWQ2Rf9pvQbrX/IhEN4T2wTclEIV+n9lbJE5w==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QSdZS0JrrzMlB;
	Fri, 26 May 2023 21:38:07 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34QLc7rL045416;
	Fri, 26 May 2023 21:38:07 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34QLc7gD045415;
	Fri, 26 May 2023 21:38:07 GMT
	(envelope-from git)
Date: Fri, 26 May 2023 21:38:07 GMT
Message-Id: <202305262138.34QLc7gD045415@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Kirk McKusick <mckusick@FreeBSD.org>
Subject: git: b51ac373dd38 - stable/13 - Updates to UFS/FFS superblock integrity checks when reading a superblock.
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: mckusick
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: b51ac373dd38f776b90d69f56652c2a9a6f165f8
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by mckusick:

URL: https://cgit.FreeBSD.org/src/commit/?id=b51ac373dd38f776b90d69f56652c2a9a6f165f8

commit b51ac373dd38f776b90d69f56652c2a9a6f165f8
Author:     Kirk McKusick <mckusick@FreeBSD.org>
AuthorDate: 2023-05-26 21:37:23 +0000
Commit:     Kirk McKusick <mckusick@FreeBSD.org>
CommitDate: 2023-05-26 21:37:23 +0000

    Updates to UFS/FFS superblock integrity checks when reading a superblock.
    
    Reinstall MFC commit 4660b60a00c as it has should now work correctly
    with fix for CGSIZE macro in MFC 4a3834e31fd.
---
 sys/ufs/ffs/ffs_subr.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sys/ufs/ffs/ffs_subr.c b/sys/ufs/ffs/ffs_subr.c
index 1bd298315dd9..4ba452b05ec9 100644
--- a/sys/ufs/ffs/ffs_subr.c
+++ b/sys/ufs/ffs/ffs_subr.c
@@ -449,6 +449,7 @@ validate_sblock(struct fs *fs, int isaltsblk)
 	CHK(fs->fs_old_cgoffset, <, 0, %jd);
 	CHK2(fs->fs_old_cgoffset, >, 0, ~fs->fs_old_cgmask, <, 0, %jd);
 	CHK(fs->fs_old_cgoffset * (~fs->fs_old_cgmask), >, fs->fs_fpg, %jd);
+	CHK(CGSIZE(fs), >, fs->fs_bsize, %jd);
 	/*
 	 * If anything has failed up to this point, it is usafe to proceed
 	 * as checks below may divide by zero or make other fatal calculations.

From nobody Fri May 26 23:06:27 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QSgXN1pX6z4TNcv;
	Fri, 26 May 2023 23:06:28 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QSgXN1JDDz3jdm;
	Fri, 26 May 2023 23:06:28 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1685142388;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=u3zPqeHxK/pwiNUTNcNbYvQkSZXjfHRgZvmSxY8STos=;
	b=Uz4PWn+7zwQB75BCDfusEMOsFUYExrk89WJdBHBL89QGWkn/TfLAYPTdaIUIyC6XilX5PA
	pNNobvHTwOkeZoyhvywn/wKeWve51wEGz97f0hep3dfjljwGxmS2IyGnSz9rMrd0vExt3K
	GpTLnPpbYF12FRTn6hzAOVRNl+FV+pjRnwxzfj4GmkSTzOssEBKFnzNLVPMxsXl67yPKBm
	0T9jY3YWf7+4gXKlaWa6YbVmFeKbF+jg6KHtv2tDK0OtvyfM9R8iFg/lkXwVhkaYHYpYxn
	a0xHJOOnBi0t0cHlDvGJRyJmsO3+WkrzD1TqQSm80qqRXlTeUYr3TO3YIfwqfg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1685142388;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=u3zPqeHxK/pwiNUTNcNbYvQkSZXjfHRgZvmSxY8STos=;
	b=CmoQY8V3K40+9GymEMesJkkFiCVFckX5lFSFGGfCdFEd9lt4cgw+GD/lHBodZmFhTzYlny
	zrOHx3yNR5KI9VNwTXHfe3N874PpbOZSVBMSXtHreWnNvsXM+WMz7ELw1J/eJIXXY4WWJ9
	c8WyHzyeoyUkxexSdiBJ9Hm97Usog+AooVwOCiiRKcx1e2rgVOuZ9beKVMW+Y23LOL5P37
	4BlxiQDWNoUyFfiFlcgr6r9BlAkZXAFZMnzYJ8c1NhVgOeuowDvH08LT9bXEctujqO9hB3
	oEToRtl5ym4GF/oaHmPVoTTY6KN8MMiF52v122ahjGvEPU+/ScnAV4wDhGFJgA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1685142388; a=rsa-sha256; cv=none;
	b=iVjuHvZLogdBPBh4+Kn33cTUM3WEwQOIRWqChpkcXbPE5tYkz1mFgbMk5O3TxpR2/i+wHu
	bZZWg9PWM77zRJ0fQnrn4j5yWup4+XD8dc9F1SGJ+5GOzUzf94OU9FSFpWS5zo7MqsX/ph
	QrBffA+UKcQWSiLxUFbLzt1KWgyvCds2y+0r7YkQANJ9VyeR9cOUBjC/C4XmLfNOQ6/NAj
	5jxGTwu75KXtWeTsYm/6qDuNoSrjdcOTTnzjfZ2NRBwu4ihkd00xbh4j+k2VjtYdSC2lHY
	zDmj0lnoq1cryw+u1k4JBosoXx24rNn6LUJC3TUPSBVhpqi/n2nEIdgSrYIXyg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QSgXN0MWtzQ3f;
	Fri, 26 May 2023 23:06:28 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34QN6RPX093931;
	Fri, 26 May 2023 23:06:27 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34QN6Rdp093930;
	Fri, 26 May 2023 23:06:27 GMT
	(envelope-from git)
Date: Fri, 26 May 2023 23:06:27 GMT
Message-Id: <202305262306.34QN6Rdp093930@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: 823ea1744e96 - stable/13 - RELNOTES: Add an entry for the NFS "syskrb5" mount option
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 823ea1744e96430cb418c384aafd77ee6f916ce4
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=823ea1744e96430cb418c384aafd77ee6f916ce4

commit 823ea1744e96430cb418c384aafd77ee6f916ce4
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-05-26 23:05:00 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-05-26 23:05:00 +0000

    RELNOTES: Add an entry for the NFS "syskrb5" mount option
---
 RELNOTES | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/RELNOTES b/RELNOTES
index 4de47ccafddc..cf6ed985f608 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -10,6 +10,17 @@ newline.  Entries should be separated by a newline.
 
 Changes to this file should not be MFCed.
 
+0644746d5091:
+	Add a new "syskrb5" mount option for Kerberized NFSv4.1/4.2 mounts.
+	Without this patch, a Kerberized NFSv4.1/4.2 mount must provide
+	a Kerberos credential for the client at mount time.
+	This patch uses a feature of NFSv4.1/4.2 called SP4_NONE, which
+	allows the state maintenance operations to be performed by any
+	authentication mechanism, so that these operations may be done via
+	AUTH_SYS instead of RPCSEC_GSS (KerberosV).  As such, no Kerberos
+	credential is required at mount time.
+	See mount_nfs(8).
+
 b4805d577787 and many others:
 	Add support so that nfsd(8), nfsuserd(8), mountd(8), gssd(8)
 	and rpc.tlsservd(8) can be run in an appropriately configured

From nobody Sat May 27 08:33:06 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QSw6B53VDz4Wk5t;
	Sat, 27 May 2023 08:33:06 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QSw6B4WFLz3LWp;
	Sat, 27 May 2023 08:33:06 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1685176386;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=MSi4jTgJvjc65/43w6UDvskFLmQuk5pqt6TNBzMkuVw=;
	b=yQddnJnL6Q4O+2h8ANjK6eC9hJrPfdxnOvq9lh+eeK+k8K4ggNFZUYMdtpfsq/7bkOMTMQ
	hfRY4OeIk56YO9/xWn4j2GTuv0gDnLRCGo9cxRetyXvQWLUuyh4RlPMnvV0p3NDMnx9AEM
	blCmXe8XjIdwtOhEjVdwTgvGPtPzatEKwCd5b4AGjIxyNZbtCojDrbI+z4tqr0FSzwapVZ
	9gEZHluvqIAxJueWkECUHjCQWjMQ6lAiIbZlYPvsnp5xMTnpkwvkovkkacMdJdbEZspSa6
	fqefsQ5MtizTCHMRAw0PWGIqKZge1gza8m7fZi3w0uJSeHzN/F9GfWTydu38zA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1685176386;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=MSi4jTgJvjc65/43w6UDvskFLmQuk5pqt6TNBzMkuVw=;
	b=CJ/Pr+S+q2fXX9LzPW4CiEq/Bhp0tQ6NTMjm6308F29J1uC/cOvUjy7tFn6BtFDAMI6kiy
	u/vUcaJ4WmbQaiTWgmHYAPjoVLmac10K5WxNqJdLl9XdJYGY+f2iGAfkfwJO30iNmuW1Fi
	k5037PJytO53EX5ctNBOHYSkhFEoxb0YqpiBgaZO4ow8hZ4eIyj4EJzU7ID/RPJ6/fHlBj
	UVl7KNoOtlHs1Aw2yZ+yoIJtPzsPCMjPiLMAzXQyV4msrhfToqwEYM7H++cInomMI6C1BK
	1bbffgrDPuHA+1TcMBP7b9cAY+tqJqMawUUMaHE1k3SDxs7XDOIkyDmBmAVs0Q==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1685176386; a=rsa-sha256; cv=none;
	b=aJxPQ4D/c1+n+9zHl1fPYSykw3oWr26FL92+IXtEJPWwFN8g965mAUUF7Cw1qqEaFoVj3z
	yhkCQEunX1/0fQ02Xn1H9Z9kVKVyqTFVkA1tVatWYW8KGdzJizcNtzCFJdceu9TckeRUa9
	B5GHBsFyCbjnaqTo3fHjovp4hAJMPPtVRpqkyBrsDkACnpdUs6DyLklhXdfCt7+8KkiUSi
	E3NWvlLIwIIdVlrxoYNAhQLlrhcIG51lx4cCZLwQpx4GrWNuSZ27fNhlzddWB9X2lZHcmJ
	3uKmgP8w4HwpaEEXp+ofBEYYKU7QfsFnEzwusQA/pd19jXfIBHO6OPRuQkBN4g==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QSw6B3b2Yzhwv;
	Sat, 27 May 2023 08:33:06 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34R8X6Ol041476;
	Sat, 27 May 2023 08:33:06 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34R8X6ha041475;
	Sat, 27 May 2023 08:33:06 GMT
	(envelope-from git)
Date: Sat, 27 May 2023 08:33:06 GMT
Message-Id: <202305270833.34R8X6ha041475@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Marko Zec <zec@FreeBSD.org>
Subject: git: fb31ad53c471 - stable/13 - route.8: mention DXR in FIB_ALGO section
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: zec
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: fb31ad53c471e01ba473b2fb038c0cff6253654b
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by zec:

URL: https://cgit.FreeBSD.org/src/commit/?id=fb31ad53c471e01ba473b2fb038c0cff6253654b

commit fb31ad53c471e01ba473b2fb038c0cff6253654b
Author:     Marko Zec <zec@FreeBSD.org>
AuthorDate: 2023-05-27 08:31:42 +0000
Commit:     Marko Zec <zec@FreeBSD.org>
CommitDate: 2023-05-27 08:31:42 +0000

    route.8: mention DXR in FIB_ALGO section
    
    While here, add a sentence describing DPDK DIR24-8 principle of
    operation.
    
    MFC after:      7 days
---
 sbin/route/route.8 | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/sbin/route/route.8 b/sbin/route/route.8
index afcf55ab44c7..25aaf8087343 100644
--- a/sbin/route/route.8
+++ b/sbin/route/route.8
@@ -28,7 +28,7 @@
 .\"     @(#)route.8	8.3 (Berkeley) 3/19/94
 .\" $FreeBSD$
 .\"
-.Dd March 14, 2023
+.Dd May 27, 2023
 .Dt ROUTE 8
 .Os
 .Sh NAME
@@ -439,7 +439,9 @@ Lockless immutable radix, re-created on every rtable change,
 tailored for a small FIB with <1000 routes.
 .It dpdk_lpm
 DPDK DIR24-8-based lookups, lockless datastructure, optimized
-for a large FIB.
+for large FIBs.
+DIR24-8 relies on a large flat lookup table (64 MB with IPv4) which is
+directly indexed by the more significant portion of the lookup key.
 In order to use the dpdk_lpm algorithm one or both of the
 following kernel modules must be loaded via
 .Xr loader.conf 5 :
@@ -449,6 +451,16 @@ DPDK implementation for IPv4.
 .It dpdk_lpm6.ko
 DPDK implementation for IPv6.
 .El
+.It dxr
+IPv4 only, lockless, compressed lookup structure
+(below 2.5 Bytes per IPv4 prefix for large BGP FIBs)
+which easily fits into modern CPU cache hierarchies,
+lookup throughput scales linearly with CPU cores.
+Loadable as a kernel module at runtime or via
+.Xr loader.conf 5 :
+.Bl -tag -width fib_dxr.ko -compact
+.It fib_dxr.ko
+.El
 .El
 .Pp
 The algorithms are selected automatically based on the size of the routing

From nobody Sat May 27 19:34:19 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QTBn81yXxz4WhLv;
	Sat, 27 May 2023 19:34:20 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QTBn80Kfhz4DZv;
	Sat, 27 May 2023 19:34:20 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1685216060;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=cNENaZyuQeOs9eE8aZGz1ED0/1o7fzVaqUKVFoTZx/0=;
	b=eYxzyQlUal2LM/tcUJ7HQjcqA+wQvWK40yRX7l5z9AJlBltVVmlCbRC2UuMDgzv6cacyRf
	NUQACPh2zsTP0cFgR+VwQ9/XRmNXSMwE0cPdYXvRpK1dxUzdceJ/lgMM7LrLgywD/KQJqi
	eznPFLF0HqOHrq8kokXAz8TpckfZ5sbMBuZHn0PT2xYyC2hBrWgqIW067fNkHwCv26bL2c
	VHuDY02ENPOd5itv8JyNgiI49Ft70cVYuW73o6uu/uK2+hw1TW86KnfM+hm6c0iUWQd1UG
	SedXSRptGmtovVWSmMuUv+FywMTWADLlfPC/C6DJ4Au+NJCQ4YGlLJfzQcjYpQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1685216060;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=cNENaZyuQeOs9eE8aZGz1ED0/1o7fzVaqUKVFoTZx/0=;
	b=sHMNHEochgrl5PAo8InE/h8OecIJR3S5dNG+HflSzlmzVRc1iT7Sx7jAVG7p2DLxlMouCD
	dK9ZQiz6r6WHdwV0Kn5D8xnuIzXSTxlecwl98jtnL/x1cM7Fb6a6iRYK0tJOPTApfiK2MS
	nynhgeVVCkH4syXj/6Ayx40a7FlFgIjks4kbyoFz4HwsmWly9cqg+AvaZdZZHAjivhY+Hc
	kbC6zsi6J6jI1NSBi+omZIOmTvjHrrefEWeCV6QXHyOZSbIIN4ru0/WZYT9lGPYUW78iuU
	Bur6niSoX2PAByAw9ampnHOCdX3S7IBcKQjkhSNrSpIPQqHioC+rCFXNI9bzgw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1685216060; a=rsa-sha256; cv=none;
	b=fQEo0PBrDyY0j62Xh3hSY25Im5YNoKIJC53ibfS+m2MSIaGxmQX+mlyqY0bzsqtuAlH0+V
	Asgs+Kx7ccrSRVRCVmklWXQzYutq0vet80hr7Pe4VEbXnqAUnySXqHO9xH/Gj4AhxqQGWO
	PPdTaHinqbcq9k1gL/UN2Okuzq8nUKw5WdVzrldtyY4EZjj7/a8LwCL2ZwaewpKnl+hwS/
	PSOxMMaBU+k5aQLOQAVrTvcIUhjHZyBxWaG0d6KUrARYfjJOAYMN6FSbT+StselQu3bShS
	U6sEGed1pms1jNmwnv8zrWwnHNVvevux18D/ZrxoHiykhpdKF563+5UjrR7M+g==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QTBn76WPWz11Ws;
	Sat, 27 May 2023 19:34:19 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34RJYJkD029274;
	Sat, 27 May 2023 19:34:19 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34RJYJxJ029273;
	Sat, 27 May 2023 19:34:19 GMT
	(envelope-from git)
Date: Sat, 27 May 2023 19:34:19 GMT
Message-Id: <202305271934.34RJYJxJ029273@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: John Baldwin <jhb@FreeBSD.org>
Subject: git: fa6603d4a725 - stable/13 - Revert "LinuxKPI: Make FPU sections thread-safe and use the NOCTX flag."
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: jhb
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: fa6603d4a7250bef7bc51bd3a2805b0d2ead3541
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=fa6603d4a7250bef7bc51bd3a2805b0d2ead3541

commit fa6603d4a7250bef7bc51bd3a2805b0d2ead3541
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2023-05-27 19:23:20 +0000
Commit:     John Baldwin <jhb@FreeBSD.org>
CommitDate: 2023-05-27 19:23:37 +0000

    Revert "LinuxKPI: Make FPU sections thread-safe and use the NOCTX flag."
    
    This broke part of the KBI used by drm-kmod.
    
    This reverts commit 8ca78eb03fd4b3c9f514ea6c075fc44dc9c02d27.
    
    Reported by:    manu
---
 sys/compat/linuxkpi/common/include/asm/fpu/api.h | 40 ++++++++++++++++++----
 sys/compat/linuxkpi/common/include/linux/sched.h |  3 +-
 sys/compat/linuxkpi/common/src/linux_fpu.c       | 43 ++++++------------------
 sys/conf/files.amd64                             |  3 ++
 sys/conf/files.arm64                             |  4 +++
 sys/conf/files.i386                              |  3 ++
 sys/modules/linuxkpi/Makefile                    |  3 +-
 7 files changed, 56 insertions(+), 43 deletions(-)

diff --git a/sys/compat/linuxkpi/common/include/asm/fpu/api.h b/sys/compat/linuxkpi/common/include/asm/fpu/api.h
index 133754abdc4b..4b598d88be03 100644
--- a/sys/compat/linuxkpi/common/include/asm/fpu/api.h
+++ b/sys/compat/linuxkpi/common/include/asm/fpu/api.h
@@ -28,13 +28,41 @@
 #ifndef	_LINUXKPI_ASM_FPU_API_H_
 #define	_LINUXKPI_ASM_FPU_API_H_
 
-#define	kernel_fpu_begin() \
-   lkpi_kernel_fpu_begin()
+#if defined(__aarch64__) || defined(__amd64__) || defined(__i386__)
 
-#define	kernel_fpu_end() \
-   lkpi_kernel_fpu_end()
+#include <machine/fpu.h>
 
-extern void lkpi_kernel_fpu_begin(void);
-extern void lkpi_kernel_fpu_end(void);
+extern struct fpu_kern_ctx *__lkpi_fpu_ctx;
+extern unsigned int __lkpi_fpu_ctx_level;
+
+static inline void
+kernel_fpu_begin()
+{
+	if (__lkpi_fpu_ctx_level++ == 0) {
+		fpu_kern_enter(curthread, __lkpi_fpu_ctx, FPU_KERN_NORMAL);
+	}
+}
+
+static inline void
+kernel_fpu_end()
+{
+	if (--__lkpi_fpu_ctx_level == 0) {
+		fpu_kern_leave(curthread, __lkpi_fpu_ctx);
+	}
+}
+
+#else
+
+static inline void
+kernel_fpu_begin()
+{
+}
+
+static inline void
+kernel_fpu_end()
+{
+}
+
+#endif
 
 #endif /* _LINUXKPI_ASM_FPU_API_H_ */
diff --git a/sys/compat/linuxkpi/common/include/linux/sched.h b/sys/compat/linuxkpi/common/include/linux/sched.h
index f895cba0d894..6e0a01aa8466 100644
--- a/sys/compat/linuxkpi/common/include/linux/sched.h
+++ b/sys/compat/linuxkpi/common/include/linux/sched.h
@@ -89,8 +89,7 @@ struct task_struct {
 	int bsd_interrupt_value;
 	struct work_struct *work;	/* current work struct, if set */
 	struct task_struct *group_leader;
-	unsigned rcu_section[TS_RCU_TYPE_MAX];
-	unsigned int fpu_ctx_level;
+  	unsigned rcu_section[TS_RCU_TYPE_MAX];
 };
 
 #define	current	({ \
diff --git a/sys/compat/linuxkpi/common/src/linux_fpu.c b/sys/compat/linuxkpi/common/src/linux_fpu.c
index 08f7e075d827..976e55e68ca1 100644
--- a/sys/compat/linuxkpi/common/src/linux_fpu.c
+++ b/sys/compat/linuxkpi/common/src/linux_fpu.c
@@ -30,44 +30,21 @@
 #include <sys/proc.h>
 #include <sys/kernel.h>
 
-#include <linux/sched.h>
-
-#include <asm/fpu/api.h>
-
-#if defined(__aarch64__) || defined(__amd64__) || defined(__i386__)
-
 #include <machine/fpu.h>
 
-/*
- * Technically the Linux API isn't supposed to allow nesting sections
- * either, but currently used versions of GPU drivers rely on nesting
- * working, so we only enter the section on the outermost level.
- */
-
-void
-lkpi_kernel_fpu_begin(void)
-{
-	if ((current->fpu_ctx_level)++ == 0)
-		fpu_kern_enter(curthread, NULL, FPU_KERN_NOCTX);
-}
-
-void
-lkpi_kernel_fpu_end(void)
-{
-	if (--(current->fpu_ctx_level) == 0)
-		fpu_kern_leave(curthread, NULL);
-}
-
-#else
+struct fpu_kern_ctx *__lkpi_fpu_ctx;
+unsigned int __lkpi_fpu_ctx_level = 0;
 
-void
-lkpi_kernel_fpu_begin(void)
+static void
+linux_fpu_init(void *arg __unused)
 {
+	__lkpi_fpu_ctx = fpu_kern_alloc_ctx(0);
 }
+SYSINIT(linux_fpu, SI_SUB_EVENTHANDLER, SI_ORDER_SECOND, linux_fpu_init, NULL);
 
-void
-lkpi_kernel_fpu_end(void)
+static void
+linux_fpu_uninit(void *arg __unused)
 {
+	fpu_kern_free_ctx(__lkpi_fpu_ctx);
 }
-
-#endif
+SYSUNINIT(linux_fpu, SI_SUB_EVENTHANDLER, SI_ORDER_SECOND, linux_fpu_uninit, NULL);
diff --git a/sys/conf/files.amd64 b/sys/conf/files.amd64
index 4ae6fc3f33a1..b967a3be2a4f 100644
--- a/sys/conf/files.amd64
+++ b/sys/conf/files.amd64
@@ -436,6 +436,9 @@ x86/xen/pv.c			optional	xenhvm
 x86/xen/pvcpu_enum.c		optional	xenhvm
 x86/xen/xen_pci_bus.c		optional	xenhvm
 
+compat/linuxkpi/common/src/linux_fpu.c		optional compat_linuxkpi \
+	compile-with "${LINUXKPI_C}"
+
 contrib/openzfs/module/zcommon/zfs_fletcher_avx512.c		optional zfs compile-with "${ZFS_C}"
 contrib/openzfs/module/zcommon/zfs_fletcher_intel.c		optional zfs compile-with "${ZFS_C}"
 contrib/openzfs/module/zcommon/zfs_fletcher_sse.c		optional zfs compile-with "${ZFS_C}"
diff --git a/sys/conf/files.arm64 b/sys/conf/files.arm64
index 3e91db3e22c6..6b96de28128d 100644
--- a/sys/conf/files.arm64
+++ b/sys/conf/files.arm64
@@ -575,6 +575,10 @@ arm64/rockchip/clk/rk3399_pmucru.c		optional fdt soc_rockchip_rk3399
 # Xilinx
 arm/xilinx/uart_dev_cdnc.c			optional uart soc_xilinx_zynq
 
+# Linuxkpi
+compat/linuxkpi/common/src/linux_fpu.c		optional compat_linuxkpi \
+	compile-with "${LINUXKPI_C}"
+
 # Cloudabi
 arm64/cloudabi32/cloudabi32_sysvec.c		optional compat_cloudabi32
 arm64/cloudabi64/cloudabi64_sysvec.c		optional compat_cloudabi64
diff --git a/sys/conf/files.i386 b/sys/conf/files.i386
index 89e1d47987c4..4be98810b32e 100644
--- a/sys/conf/files.i386
+++ b/sys/conf/files.i386
@@ -189,6 +189,9 @@ x86/x86/mptable.c		optional apic
 x86/x86/mptable_pci.c		optional apic pci
 x86/x86/msi.c			optional apic pci
 
+compat/linuxkpi/common/src/linux_fpu.c		optional compat_linuxkpi \
+	compile-with "${LINUXKPI_C}"
+
 # Clock calibration subroutine; uses floating-point arithmetic
 subr_clockcalib.o		standard				\
 	dependency	"$S/kern/subr_clockcalib.c"			\
diff --git a/sys/modules/linuxkpi/Makefile b/sys/modules/linuxkpi/Makefile
index 897c86f51733..2ed6cda98b17 100644
--- a/sys/modules/linuxkpi/Makefile
+++ b/sys/modules/linuxkpi/Makefile
@@ -8,7 +8,6 @@ SRCS=	linux_compat.c \
 	linux_dmi.c \
 	linux_domain.c \
 	linux_firmware.c \
-	linux_fpu.c \
 	linux_hrtimer.c \
 	linux_idr.c \
 	linux_interrupt.c \
@@ -36,7 +35,7 @@ SRCS=	linux_compat.c \
 
 .if ${MACHINE_CPUARCH} == "aarch64" || ${MACHINE_CPUARCH} == "amd64" || \
     ${MACHINE_CPUARCH} == "i386"
-SRCS+=	opt_acpi.h acpi_if.h linux_acpi.c
+SRCS+=	opt_acpi.h acpi_if.h linux_acpi.c linux_fpu.c
 .endif
 
 SRCS+=	opt_ddb.h

From nobody Sat May 27 19:34:20 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QTBn91Pvfz4WhWS;
	Sat, 27 May 2023 19:34:21 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QTBn90wwWz4Dcx;
	Sat, 27 May 2023 19:34:21 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1685216061;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=kBS3/kYgz6WIVjpfTC4TCf/oCdTpcHQv4rSfnA9pR5o=;
	b=mk0oLCdgOhyFw9aEGtrCanZERq3KiBkP4QgNt15YANJBXYc7rVZt0jCshIr0OL6n1QwL4i
	GaWK/44mrevpmaKbUEirt5YvsdnQKmmsfeNzEyGiXaDnNHQCcjWp/LAkRoA2SdzO30n0o9
	gDgpHC99UGHwV8TlzclDMUvi8U/hVho8gRekNfjJ6Pjt7c0Vd2xlUE1Ob0dJ6dj4D5XrDl
	qnv2tB6igEDF/+09ALFteroeg8P1DrHgRqR9hh5y3jtzcyxDhOjSStSg8bbUfuzNiXdbiY
	59Ya/SUIAWA3gL0gU3ho4ijGlScYcMlJbqJ5SplGLs9dmQJQGqzYh75XvNB9Sw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1685216061;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=kBS3/kYgz6WIVjpfTC4TCf/oCdTpcHQv4rSfnA9pR5o=;
	b=xOinme9MKpchk/OR+dE+8S6G4ywjmNCsivevOkwpNVbHJMsesxkXpQWkpSJP6jWU0lL8HX
	ttXU86GbLN2CzC6hxteiW8mcXtFaZrW6cYID/vK59MSYmd4Cm1EDCnbG/mpi1dJ8eylaOo
	10xOnaBA7nx94lM+rGlkeBHL19kJKRFP6kyTnYMuxCCRUcfsCSOOLUFKYxMwiWOJ+napd6
	LkbeGK0u/s4ns4SG7LsaPeafsITSpINLilDMRDJ7Ee+P5MMiJA4K43uCCUH/GBA6RlJl7H
	BYsG5UJYQaTzqZoPSOeLBWI5SaN1NBtk67tF4gbqVKTNkGRUdNTbB35i4/gICA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1685216061; a=rsa-sha256; cv=none;
	b=jUGssJkDMlIrqCJXvrZ/E8ykRXs2gOXD9KODRwHloqSiJ1fXxXYhZ+cwE29lgzYWSAyqmk
	k0jFo+4JHBetXYVKW4muJCnFwNDGapfNYk8bRiXPbz7OmvQIX/BorCG9+OSfXVvM3tMm2h
	YsknTFhGXYqIxY+xpFNng9V6viwIitcVb99mMtuWZpOrwQiHjYr0TMSHMJJjHnOu+6QxUt
	+hMlRqAH7zSr8GyW/cnmWNCsjQ3gLQ35tqfNmbrcAwnYD/0Evqit/XAvGTnxD2S4/DHvR9
	Z3A0a4qxhClfeassv2djZCVjPJHQjWlvHFDMliMxDXWsiMHkvNM75dSoFcym8g==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QTBn873tfz11FJ;
	Sat, 27 May 2023 19:34:20 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34RJYK2p029295;
	Sat, 27 May 2023 19:34:20 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34RJYKUN029294;
	Sat, 27 May 2023 19:34:20 GMT
	(envelope-from git)
Date: Sat, 27 May 2023 19:34:20 GMT
Message-Id: <202305271934.34RJYKUN029294@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: John Baldwin <jhb@FreeBSD.org>
Subject: git: 7ad5c533e5da - stable/13 - LinuxKPI: Use modern function declarations for kernel_fpu_begin/end.
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: jhb
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 7ad5c533e5da64e590193429609d41a8671b009a
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=7ad5c533e5da64e590193429609d41a8671b009a

commit 7ad5c533e5da64e590193429609d41a8671b009a
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2023-05-27 19:32:41 +0000
Commit:     John Baldwin <jhb@FreeBSD.org>
CommitDate: 2023-05-27 19:32:41 +0000

    LinuxKPI: Use modern function declarations for kernel_fpu_begin/end.
    
    This fixes a -Wstrict-prototype error from GCC 12.
    
    This is a direct commit to stable/13 as it was fixed differently in
    main.
---
 sys/compat/linuxkpi/common/include/asm/fpu/api.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/compat/linuxkpi/common/include/asm/fpu/api.h b/sys/compat/linuxkpi/common/include/asm/fpu/api.h
index 4b598d88be03..6fba15d1fd62 100644
--- a/sys/compat/linuxkpi/common/include/asm/fpu/api.h
+++ b/sys/compat/linuxkpi/common/include/asm/fpu/api.h
@@ -36,7 +36,7 @@ extern struct fpu_kern_ctx *__lkpi_fpu_ctx;
 extern unsigned int __lkpi_fpu_ctx_level;
 
 static inline void
-kernel_fpu_begin()
+kernel_fpu_begin(void)
 {
 	if (__lkpi_fpu_ctx_level++ == 0) {
 		fpu_kern_enter(curthread, __lkpi_fpu_ctx, FPU_KERN_NORMAL);
@@ -44,7 +44,7 @@ kernel_fpu_begin()
 }
 
 static inline void
-kernel_fpu_end()
+kernel_fpu_end(void)
 {
 	if (--__lkpi_fpu_ctx_level == 0) {
 		fpu_kern_leave(curthread, __lkpi_fpu_ctx);