cy [Sun, 15 May 2016 15:26:19 +0000 (15:26 +0000)]
Fix:
IP Filter bug 1835705: It is impossible to delete a state using
SIOCDELST ioctl.
This is a direct commit to the stable/9 branch because this patch was
already included in the ipfilter 5.1.2 import in r254562. It was
ultimately included in ipfilter 4.1.29 (whereas stable/9 uses 4.1.28).
ngie [Fri, 13 May 2016 09:54:15 +0000 (09:54 +0000)]
MFstable/10 r299651:
MFC r298839:
Fix memory allocation edgecases in kvm_argv(..)
- Don't leak nbufp on realloc failure in kvm_argv
- Catch malloc errors with bufp
- Set buflen last in the "buflen == 0" case to ensure that
bufp/nbufp is properly reallocated on the next go around
ngie [Fri, 13 May 2016 09:16:01 +0000 (09:16 +0000)]
MFstable/10 r299638:
MFC r298462:
Return `ret` in op_ifentry(..) to mute a -Wunused-but-set-variable warning
This will also now detect error conditions with
value->var.subs[sub - 1] == LEAF_ifPhysAddress where `string_get(..)`
could fail if iifp->physaddr and/or iifp->physaddrlen were deemed
invalid.
ngie [Fri, 13 May 2016 09:07:42 +0000 (09:07 +0000)]
MFstable/10 r299635:
MFC r298665:
r298665 (by cem):
aacraid(4): Fix some mostly trivial buffer overruns
strcpy(3) emits a trailing nul byte, trampling fields after the intended
destination. Instead, use strncpy(3), intentionally leaving these fields
not nul-terminated.
ngie [Fri, 13 May 2016 08:42:21 +0000 (08:42 +0000)]
MFstable/10 r299623:
MFC r298337:
r298337 (by cem):
pty(4): Use strlcpy to guarantee destination buffer isn't overrun
The devtoname() name is strcpyed into a small stack buffer. Sure, we always
expect the name to be ttyXX (or ptyXX). If that's the case, strlcpy() doesn't
hurt.
ngie [Fri, 13 May 2016 08:25:17 +0000 (08:25 +0000)]
MFstable/10 r299616:
MFC r298333:
r298333 (by cem):
Make Racct macro slightly more gracious given RACCT_UNDEFINED
rctl_string_to_rule could previously index below the zeroth element of
racct_types via the macro. Maybe it shouldn't use the macro on
RACCT_UNDEFINED. But given every other RACCT_ definition is non-negative, it
seems pretty easy to foot-shoot this one without the check.
The facility_initialized and facility arrays are the same size and were
intended to be indexed the same. I believe this mismatch was just a
typo/braino in r208731.
davidcs [Tue, 10 May 2016 02:44:23 +0000 (02:44 +0000)]
MFC r298294
1. modify fwdump (a.k.a grcdump) so that grcdump memory is allocated
and freed on as needed basis.
2. grcdump can be taken at failure points by invoking bxe_grc_dump()
when trigger_grcdump sysctl flag is set. When grcdump is taken
grcdump_done sysctl flag is set.
3. grcdump_done can be monitored by the user to retrieve the grcdump
rmacklem [Sat, 7 May 2016 21:34:04 +0000 (21:34 +0000)]
MFC: r298523
Allow the NFSv4 server to reply NFSERR_WRONGSEC for the SetClientID operation.
It was reported via email that a Linux client couldn't do a Kerberized
NFS mount when only "sec=krb5" was specified for the exports. The Linux
client attempted a mount via krb5i and the server replied NFSERR_SERVERFAULT.
Although NFSERR_WRONGSEC isn't listed as an error for SetClientID, I
think it is the correct reply, so this patch enables that.
I do not know if this fixes the mount attempt, but adding "krb5i" to the
list of allowed security flavours does allow the mount to work.
dchagin [Sat, 7 May 2016 08:26:05 +0000 (08:26 +0000)]
MFC r298519:
Fix streams and svr4 module dependency. Both modules are complaining about
undefined symbol svr4_delete_socket which was moved from streams to the svr4 module
in r160558 that created a two-way dependency between them.
MFC r298520:
Allow to build svr4 module with SYSV support separatelly from the kernel build.
rmacklem [Sat, 7 May 2016 00:07:03 +0000 (00:07 +0000)]
MFC: r297869
If the VOP_SETATTR() call that saves the exclusive create verifier failed,
the NFS server would leave the newly created vnode locked. This could
result in a file system that would not unmount and processes wedged,
waiting for the file to be unlocked.
Since this VOP_SETATTR() never fails for most file systems, this bug
doesn't normally manifest itself. I found it during testing of an
exported GlusterFS file system, which can fail.
This patch adds the vput() and changes the error to the correct NFS one.
rmacklem [Fri, 6 May 2016 23:55:28 +0000 (23:55 +0000)]
MFC: r297837
Bruce Evans reported that there was a performance regression between
the old and new NFS clients. He did a good job of isolating the problem
which was caused by the new NFS client not setting the post write mtime
correctly. The new NFS client code was cloned from the old client, but
was incorrect, because the mtime in the nfs vnode's cache wasn't yet
updated. This patch fixes this problem. The patch also adds missing mutex
locking.
jtl [Fri, 6 May 2016 01:27:01 +0000 (01:27 +0000)]
MFC r298408:
Prevent underflows in tp->snd_wnd if the remote side ACKs more than
tp->snd_wnd. This can happen, for example, when the remote side responds
to a window probe by ACKing the one byte it contains.
ngie [Wed, 4 May 2016 00:35:41 +0000 (00:35 +0000)]
MFstable/10 r299022:
MFC r298450:
Simplify always evaluated branch (`e != NULL`)
- xalloc(..) ensures that e will be non-null via malloc + err.
- `e` is already dereferenced above, so logically it's impossible
to hit the lower test without crashing if it was indeed NULL.
MFC r297967:
Ensure the received IP header gets 32-bits aligned.
The FreeBSD's TCP/IP stack assumes that the IP-header is 32-bits aligned
when decoding it. Else unaligned 32-bit memory access can happen, which
not all processor architectures support.
When downing a mlxen network adapter we need to check the port_up variable
to ensure we don't continue to transmit data or restart timers which can
reside in freed memory.
MFC r298521;
regex: prevent two improbable signed integer overflows.
In matcher() we used an integer to index nsub of type size_t.
In print() we used an integer to index nstates of type sopno,
typedef'd long.
In both cases the indexes never take negative values.
MFC r297820:
Fix the problem, when gpart(8) can't write both bootcode and partcode
in one command due to wrong file size limit. Do not use bootcode size
to calculate partsize limit.
Also add report message about successful partcode writing.
1. Process tx completions in bxe_periodic_callout_func() and restart
transmissions if possible.
2. For SIOCSIFFLAGS call bxe_init_locked() only if !BXE_STATE_DISABLED
3. remove code not needed in bxe_init_internal_common()
- Update superblock and inode structs for ext4.
- Update comment: Linux does set a randomized generation number of an inode
on ext2/3/4. While here use arc4random() instead of random().
MFC r294520:
LinuxKPI atomic fixes:
- Fix implementation of atomic_add_unless(). The atomic_cmpset_int()
function returns a boolean and not the previous value of the atomic
variable.
- The atomic counters should be signed according to Linux.
- Some minor cosmetics and styling while at it.
Reviewed by: alfred @
Sponsored by: Mellanox Technologies
MFC r296934:
Fix crash in krping when run as a client due to NULL pointer access.
Initialize pointer in question which is used only when fast registers
mode is selected.
MFC r296910:
Use hardware computed Toeplitz hash for incoming flowids
Use the Toeplitz hash value as source for the flowid. This makes the
hash value more suitable for so-called hash bucket algorithms which
are used in the FreeBSD's TCP/IP stack when RSS is enabled.
MFC r296909:
Fix witness panic in the ipoib_ioctl() function when unloading the
ipoib module.
The bpfdetach() function is trying to turn off promiscious mode on the
network interface it is attached to while holding a mutex. The fix
consists of ignoring any further calls to the ipoib_ioctl() function
when the network interface is going to be detached. The ipoib_ioctl()
function might sleep.
MFC r296342:
Allow for overlapping quirk device ranges. Prior to this patch only
the first device entry matching the USB vendor, product and revision
would be searched for quirks. After this patch all device entries will
be searched for quirks.
dim [Wed, 30 Mar 2016 22:12:07 +0000 (22:12 +0000)]
MFC r297212:
For C++, expose long long types and functions (lldiv_t, llabs, lldiv,
etc) in stdlib.h. These will be needed for newer versions of libc++,
which uses them for defining overloaded versions of abs() and div().
pfg [Fri, 25 Mar 2016 00:40:04 +0000 (00:40 +0000)]
MFC r296394:
xdr: Fix xdr_rpc* defines.
The defines for xdr_rpc* in xdr.h are wrong. It could be
very well that Solaris did strip the '_t' from xdr_u_int32_t,
but Solaris has a xdr_u_int32 function, we don't have this.
So all of this defines will lead to an unresolved symbol.
This explains why we do not use these functions in FreeBSD
while they are used in Illumos/Solaris.
glebius [Wed, 16 Mar 2016 22:36:02 +0000 (22:36 +0000)]
Merge r296956:
Due to invalid use of a signed intermediate value in the bounds checking
during argument validity verification, unbound zero'ing of the process LDT
and adjacent memory can be initiated from usermode.
cy [Wed, 16 Mar 2016 02:01:17 +0000 (02:01 +0000)]
Don't assume checksums will be calculated later when fastfoward is
enabled.
This is a direct commit to the stable/9 because this branch uses
ipfilter 4.1.28 whereas head has ipfilter 5.1.2. This corresponds
to r292518 and r292813 in head and r292979 and r292811 in stable/10.
ngie [Mon, 14 Mar 2016 00:40:57 +0000 (00:40 +0000)]
MFstable/10 r296814:
MFC r293621,r293622,r293815:
r293621:
- Delete non-TAP testcases
- Add a conf.sh file for executing common functions with geom_gate
- Use attach_md for attaching md(4) devices
- Don't hardcode /tmp for temporary files, which violates the kyua sandbox
- Add/increase sleeps to try and improve synchronization
- Add debug output for when checksums fail
test-1.t:
- Use pkill for killing ggated
r293622:
Remove Makefile now that the testcases are all TAP based and
prove -rv can be used on them
dim [Sun, 13 Mar 2016 18:32:18 +0000 (18:32 +0000)]
Pull in r219512 from upstream llvm trunk (by Hal Finkel):
[MiSched] Fix a logic error in tryPressure()
Fixes a logic error in the MachineScheduler found by Steve Montgomery
(and confirmed by Andy). This has gone unfixed for months because the
fix has been found to introduce some small performance regressions.
However, Andy has recommended that, at this point, we fix this to
avoid further dependence on the incorrect behavior (and then
follow-up separately on any regressions), and I agree.
Fixes PR18883.
This fixes a possible "ran out of registers" error when compiling
www/firefox 45.0 on i386.
Direct commit to stable/9, because head already has this fix since the
llvm/clang 3.6.0 import.
ngie [Sun, 13 Mar 2016 02:09:01 +0000 (02:09 +0000)]
MFstable/10 r296787:
MFC r293443:
- Make test-1.sh into a TAP testable testcase
- Delete test-2.sh as it was an incomplete testcase, and the contents were
basically a subset of test-1.sh
- Add a conf.sh file for executing common functions with geom_uzip
- Use attach_md for attaching md(4) devices
- Don't hardcode /tmp for temporary files, which violates the kyua sandbox
ngie [Sun, 13 Mar 2016 02:08:23 +0000 (02:08 +0000)]
MFstable/10 r296786:
MFC r293442:
- Add a geom_stripe specific cleanup function and trap on that function at
exit so things are cleaned up properly
- Use attach_md for attaching md(4) devices
- Don't hardcode /tmp for temporary files, which violates the kyua sandbox
ngie [Sun, 13 Mar 2016 02:07:45 +0000 (02:07 +0000)]
MFstable/10 r296785:
MFC r293441:
- Add a geom_shsec specific cleanup function and trap on that function at
exit so things are cleaned up properly
- Use attach_md for attaching md(4) devices
- Don't hardcode /tmp for temporary files, which violates the kyua sandbox
ngie [Sun, 13 Mar 2016 02:06:57 +0000 (02:06 +0000)]
MFstable/10 r296784:
MFC r293438:
- Add a geom_raid3 specific cleanup function and trap on that function at
exit so things are cleaned up properly
- Use attach_md for attaching md(4) devices
- Don't hardcode /tmp for temporary files, which violates the kyua sandbox
ngie [Sun, 13 Mar 2016 02:06:09 +0000 (02:06 +0000)]
MFstable/10 r296783:
MFC r293437:
- Add a conf.sh file for executing common functions with gnop
- Use attach_md for attaching md(4) devices
- Don't hardcode /tmp for temporary files, which violates the kyua sandbox
ngie [Sun, 13 Mar 2016 02:05:16 +0000 (02:05 +0000)]
MFstable/10 r296782:
MFC r293436:
- Add a conf.sh file for executing common functions with geli
-- Use linear probing to find the first unique md(4) device, unlike the other
code which uses attach_md, as geli(8) allocates the md(4) devices itself
- Don't hardcode /tmp for temporary files, which violates the kyua sandbox