This patch will cause geli's boot-time unlock code to attempt unlocking
the container using only the preloaded keyfile(s); and only when that
fails will it prompt for a passphrase.
If a container has a keyfile in one slot and a passphrase in the other,
the boot-time unlock code will get confused and assume they are to be
combined, resulting in a container that cannot be unlocked during boot
when its keyfile is preloaded.
jfv [Tue, 11 Nov 2014 05:00:51 +0000 (05:00 +0000)]
Update the Intel ixl/ixlv drivers to fix a panic in the boot/install
kernel if the system has a fiber-based Intel XL710 adapter installed.
In addition ixl version 1.2.8 and ixlv version 1.1.18 give:
- Improved VF stability (thanks to Ryan Stone for this)
- RSS fixes
- link detection in the ixlv driver
- new sysctl's added
- corrected media reporting
jhb [Mon, 10 Nov 2014 19:53:39 +0000 (19:53 +0000)]
MFstable10 273998:
Rework the EXAMPLES section to be a bit clearer.
- Add an example of using etcupdate diff.
- Create a subsection on bootstrapping that is below the simple
examples. This should make it clearer that 'etcupdate extract' is
a one-time operation and not part of the common workflow. It also
adds more suggestions on when bootstrapping is needed and additional
steps to make future merges simpler.
gjb [Mon, 3 Nov 2014 09:02:08 +0000 (09:02 +0000)]
Update the hardware page to reflect CPU updates/additions
added in head@r273941.
Since the original commit requires changes to the doc/
repository after the release tag had already happened,
(re)define entities in share/xml/release.ent that reflect
doc@r45900 to prevent build breakage.
Requested by: gavin
Approved by: re (implicit, relnotes)
Sponsored by: The FreeBSD Foundation
mav [Tue, 28 Oct 2014 14:01:58 +0000 (14:01 +0000)]
MFS10 r273767 / MFC r273638:
Revert somewhat hackish geom_disk optimization, committed as part of r256880,
and the following r273143 commit, supposed to workaround introduced issue by
quite innocent-looking change.
While there is no clear understanding why, but r273143 is accused in data
corruption in some environments with high I/O load. I personally don't see
any problem in that commit, and possibly it is just a trigger to some other
bug somewhere, but better safe then sorry for now.
gjb [Sun, 26 Oct 2014 17:17:08 +0000 (17:17 +0000)]
MFstable10 r273698:
MFC r273653:
Fix a few issues with creating VOLUME_LABEL for the
installation ISOs:
- TYPE, BRANCH, and REVISION are only defined if
OSRELEASE is not defined, so in situations where
one might set OSRELEASE for an in-house ISO build,
VOLUME_LABEL would be empty.
- makefs(8) limits the volume label to 32 characters,
which for the powerpc64 case, OSRELEASE expands to
FreeBSD-11.0-CURRENT-powerpc-powerpc64. Even with
removing the prefixing 'FreeBSD-', the string is 30
characters long, leaving zero room for suffixing the
type of ISO media (BO for bootonly, CD for cdrom, and
DVD for dvdrom).
Resolve these by defining VOLUME_LABEL when defining
OSRELEASE if unset. If OSRELEASE is defined by the
builder, use the OSRELEASE from that definition as the
VOLUME_LABEL.
In addition, for cases where both TARGET and TARGET_ARCH
are used for the VOLUME_LABEL, use TARGET_ARCH if it
differs from TARGET.
There are probably a few sharp edges here yet, but these
problems are going to affect the powerpc/powerpc64 builds
for 10.1-RELEASE, so the immediate concern is fixing the
underlying problem at hand quickly, and less so about the
elegance of the fix.
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation
gjb [Tue, 21 Oct 2014 23:07:30 +0000 (23:07 +0000)]
MFstable10 r273429:
MFC r273402:
Fix an issue where a FreeBSD virtual machine provisioned in
the Microsoft Azure service does not recognize the second
attached disk on the system.
PR: 194376
Approved by: re (delphij)
Sponsored by: The FreeBSD Foundation
tuexen [Mon, 20 Oct 2014 05:17:16 +0000 (05:17 +0000)]
MFC10 r273275 (r273168 in head):
Fix the reported streams in a SCTP_STREAM_RESET_EVENT, if a
sent incoming stream reset request was responded with failed
or denied.
Thanks to Peter Bostroem from Google for reporting the issue.
emaste [Mon, 20 Oct 2014 01:45:40 +0000 (01:45 +0000)]
MFS10 r273294 (r273178 in HEAD):
Update vt(4) for UEFI defaults and special keys
vt(4) is the default console for UEFI boot [1], and the bitmapped
kern.vt.spclkeys sysctl has been replaced with individual kern.vt.kbd_*
enable sysctls.
jhb [Fri, 17 Oct 2014 20:39:39 +0000 (20:39 +0000)]
MFS10 273238;
Properly set the timeout in a query_state. The global query_timeout
configuration value is an integer count of seconds, it is not a timeval.
Using memcpy() to copy a timeval from it put garbage into the tv_usec
field.
emaste [Fri, 17 Oct 2014 16:32:27 +0000 (16:32 +0000)]
MFS10 r273232 (HEAD r257302 by rea):
binutils/bfd: fix printf-like format strings for "bfd *" arguments
There is a special format argument '%B' that directly handles values
of type 'bfd *', they must be used instead of '%s'. Manifestations
of this bug can be seen in ld(1) error messages, for example,
http://lists.freebsd.org/pipermail/freebsd-current/2013-August/043580.html
http://lists.freebsd.org/pipermail/freebsd-current/2013-October/045404.html
gjb [Thu, 16 Oct 2014 23:25:38 +0000 (23:25 +0000)]
MFstable10 r273198:
MFC r273093, r273096:
r273093:
Merge the following from ^/projects/release-vmimage:
r272436, r272437, r272792:
r272436:
Remove the first argument to panic(), which was initially
intended to be the exit code, however when a non-zero exit
code was returned to release/Makefile, this would prevent
any remaining (and possibly successful) stages from being
attempted.
r272437:
If the vm-base target fails, prevent the vm-image target
from being run since it cannot possibly succeed.
r272792:
Add /usr/local/bin and /usr/local/sbin to PATH, needed
if third-party software needs to use utilities outside
of the base system during post-install stages (indexinfo
is one culprit).
r273096:
Merge the following from ^/projects/release-vmimage:
r273076, r273077, r273079, r273095:
r273076:
Add a separate make(1) target to release/Makefile to
build FreeBSD virtual machine disk images for use on
the Microsoft Azure service.
For now, this target is not directly connected to the
build, however can be manually invoked.
The 'vm-azure' target invokes {amd64,i386}/mk-azure.sh,
which does the heavy lifting to produce proper VHDs.
mk-azure.sh uses a configuration file, defaulting to
tools/azure.conf if otherwise unset.
r273077:
Clear VM_RC_LIST.
r273079:
Fix signal list to trigger umount(8).
r273095:
Output an informational message when mkimg(1) runs, so it
does not appear that the process has stopped while waiting
for a 'y/n' response when waagent is deprovisioned.
Relnotes: yes
Approved by: re (delphij)
Sponsored by: The FreeBSD Foundation
glebius [Thu, 16 Oct 2014 23:03:04 +0000 (23:03 +0000)]
Merge r273184, r273185 from stable/10:
- Use rn_detachhead() instead of direct free(9) for radix tables.
- Free radix mask entries on main radix destroy.
delphij [Thu, 16 Oct 2014 22:20:38 +0000 (22:20 +0000)]
MFS r273191: MFC r273060:
Use write_psize instead of write_asize when doing vdev_space_update.
Without this change the accounting of L2ARC usage would be wrong and
give 16EB free space because the number became negative and overflows.
hrs [Thu, 16 Oct 2014 22:00:24 +0000 (22:00 +0000)]
MFS r272855, 266846:
- Do not override sin6_scope_id in LLA when it is already set to non-zero.
This fixes destination list in output of netstat -r.
- Plug a memory leak.
- Add RTM_VERSION check.
- Fix a bug which can make sysctl() fail when -F is specified.
- Increase WID_IF_DEFAULT() from 6 to 8 (the default for AF_INET6) because
we have interfaces with longer names than 6 chars like epairN{a,b}.
- Style fixes.
MFS r272847:
- Add rwlock to struct dadq. A panic could occur when a large number of
addresses performed DAD at the same time.
MFS r272850:
- Replace Sun RPC license in TI-RPC library with a 3-clause BSD license,
with the explicit permission of Sun Microsystems in 2009.
- Replace Sun Industry Standards Source License for Sun RPC code with a
3-clause BSD license as specified by Oracle America, Inc. in 2010.
This license change was approved by Wim Coekaerts, Senior Vice
President, Linux and Virtualization at Oracle Corporation.
- Replace Sun RPC license with a 3-clause BSD license. This license change
was approved in 2010 by Wim Coekaerts, Senior Vice President, Linux and
Virtualization at Oracle Corporation.
- Replace Sun RPC license for TI-RPC library with a 3-clause BSD license,
with the explicit permission of Sun Microsystems in 2009.
The code in question in this file was copied from
lib/libc/rpc/pmap_getport.c.
MFS r272852,r272853:
- Add relative specification in expiration time.
- Add proto3 option for RTF_PROTO3.
- Use %lu for members of struct rt_metrics.
- Use long explicitly for the time difference.
MFS r272854:
- Return 0 if:
1. "-u N" specified, no -f, and mdN found,
2. no -u, "-f /pathname" specified, and mdN associated with
/pathname found,
3. "-u N" specified, "-f /pathname" specified, and both of them found,
4. "-l" specified and no -f,
5. "-l" specified, "-f /pathname" specified, and /pathname found.
otherwise return -1.
MFS r272856:
- Move configuration of IPv6 NDP flags to a point before handling ifconfig_IF.
This fixes a race that a non-IPv4 interface can get an EUI64 LLA even if it
has IFDISABLED nd6 flag at boot time.
MFS r272857:
- Cancel DAD for an ifa when the ifp has ND6_IFF_IFDISABLED as early as
possible and do not clear IN6_IFF_TENTATIVE. If IFDISABLED was accidentally
set after a DAD started, TENTATIVE could be cleared because no NA was
received due to IFDISABLED, and as a result it could prevent DAD when
manually clearing IFDISABLED after that.
MFS r272858:
- Fix an issue in range specification handling when a "-foo" is specified in
ifconfig_IF_aliasN.
MFS r272859:
- Fix EtherIP. TOS field must be initialized when the inner protocol is
PF_LINK, and multicast/broadcast flag should always be dropped because
the outer protocol uses unicast even when the inner address is not for
unicast. It had been broken since r236951 when gif_output() started to
use IFQ_HANDOFF().
MFS r272860:
- Recover sin6_scope_id of gateway addresses in riprecv() by using the
if_index where a RIP packet was received. This fixes a bug which
prevented gateway addresses in fe80::/64 from being added.
MFS r272861:
- Fix rc.d/gssd script to define the default values in a standard way.
- Use a parameter argument in jls(8) instead of doing grep.
MFS r272862, r272870:
- Restructure rc.d scripts for kerberos5 daemons.
MFS r272863:
- Return false status only when adding a route is failed. It could
erroneously return false due to an afexists() check loop in routing_start().
MFS r272864:
- Use ipv6_prefer when at least one ifconfig_IF_ipv6 is configured.
MFS r272865:
- Fix a bug which prevented mount.fstab parameter from being converted
when jail_JID_devfs_enable=NO.
MFS r272866:
- Fix header output when -P is specified and (ncpus - 1) != maxid.
MFS r272867:
- Fix a bug which could break extended attributes in a dump output.
This occurred when a file was >892kB long and had a large data (>1kB)
in the extended attributes.
MFS r272868, r272869:
- Make net.inet.ip.sourceroute, net.inet.ip.accept_sourceroute, and
net.inet.ip.process_options vnet-aware.
MFS r272871:
- Revert changes in r269180. It could cause -c N option to enter an
infinite loop if no reply packet is received.
MFS r272874:
- Resurrect set_rcvar() as a function to define a rc.conf variable.
It defines a variable and its default value in load_rc_config() just after
rc.conf is loaded. "rcvar" command shows the current and the default
values.
MFS r272960:
- Do not add late flag when file= is specified because it has a bad
side-effect. The specified file should exist before the fstab line.
mjg [Wed, 15 Oct 2014 16:54:18 +0000 (16:54 +0000)]
MFC r273109:
fget_unlocked currently reads 'fde' which is a structure consisting of
serveral fields. In effect the read is inatomic and may result in
obtaining file pointer with stale or incorrect capabilities.
Example race is with dup2.
Side effect is that capability checks can be circumvented.
Fix the problem with introduction of sequence counters.
araujo [Wed, 15 Oct 2014 06:31:08 +0000 (06:31 +0000)]
Make external NFS clients know when files have their attributes changed and
avoid cache the file's state indefinitely. The va_filerev is what is sent
to the client as the "change" attribute, the client is periodically fetching
the attributes and without this option the attribute remains as some garbage
value.
Reported by: Kevin Buhr <buhr@asaurus.net>
Reviewed by: delphij
Approved by: re (gjb), delphij
Obtained from: r272467
tuexen [Tue, 14 Oct 2014 19:38:31 +0000 (19:38 +0000)]
MF10 r273000 (r272750 in head)
Ensure that the number of stream reported in srs_number_streams is
consistent with the amount of data provided in the SCTP_RESET_STREAMS
socket option.
Thanks to Peter Bostroem from Google for drawing my attention to
this part of the code.
MF10 r273001 (r272751 in head):
Ensure that the list of streams sent in a stream reset parameter fits
in an mbuf-cluster.
Thanks to Peter Bostroem for drawing my attention to this part of the code.
MF10 r273002 (r272841 in head):
Ensure that the flags field of sctp_tmit_chunks is initialized.
Thanks to Peter Bostroem from Google for reporting the issue.
dumbbell [Tue, 14 Oct 2014 19:01:11 +0000 (19:01 +0000)]
vt(4): Save/restore keyboard mode & LED states when switching window
MF10: r273036
MFC: r272416
Add new functions to manipulate these mode & state, instead of calling
kbdd_ioctl() everyhere.
This fixes at least two bugs:
1. The state of the Scroll Lock LED and the state of scroll mode
could be out-of-sync. For instance, if one enables scroll mode on
window #1 and switches to window #2, the LED would remain on, but
the window wouldn't be in scroll mode.
Similarily, when switching between a console and an X.Org
session, the LED states could be inconsistent with the real
state.
2. When exiting from an X.Org session, the user could be unable to
type anything. The workaround was to switch to another console
window and come back.
r272234:
Initial commit to include virtual machine images as part
of the FreeBSD release builds.
This adds a make(1) environment variable requirement,
WITH_VMIMAGES, which triggers the virtual machine image
targets when not defined to an empty value.
Relevant user-driven variables include:
o VMFORMATS: The virtual machine image formats to create.
Valid formats are provided by running 'mkimg --formats'
o VMSIZE: The size of the resulting virtual machine
image. Typical compression is roughly 140Mb, regardless
of the target size (10GB, 15GB, 20GB, 40GB sizes have been
tested with the same result).
o VMBASE: The prefix of the virtual machine disk images.
The VMBASE make(1) environment variable is suffixed with
each format in VMFORMATS for each individual disk image, as
well as '.img' for the source UFS filesystem passed to
mkimg(1).
This also includes a new script, mk-vmimage.sh, based on how
the VM images for 10.0-RELEASE, 9.3-RELEASE, and 10.1-RELEASE
were created (mk-vmimage.sh in ^/user/gjb/thermite/).
With the order in which the stages need to occur, as well as
sanity-checking error cases, it makes much more sense to
execute a shell script called from make(1), using env(1) to
set specific parameters for the target image than it does to
do this in make(1) directly.
r272236:
Use VMBASE in place of a hard-coded filename in the CLEANFILES
list.
r272262:
Remove a 'set -x' that snuck in during testing.
r272264:
release/Makefile:
Connect the virtual machine image build to the release
target if WITH_VMIMAGES is set to a non-empty value.
release/release.sh:
Add WITH_VMIMAGES to RELEASE_RMAKEFLAGS.
release/release.conf.sample:
Add commented entries for tuning the release build if the
WITH_VMIMAGES make(1) environment variable is set to
a non-empty value.
r272269:
release/Makefile:
Include .OBJDIR in DESTDIR in the vm-base target.
release/release.sh:
Provide the full path to mddev.
r272271:
Fix UFS label for the root filesystem.
r272272:
Remove comments left in accidentally while testing, so the
VM /etc/fstab is actually created.
r272277:
Remove the UFS label from the root filesystem since it is added
by mkimg(1) as a gpt label, consistent with the fstab(5) entry.
r272279:
Comment cleanup in panic() message when mkimg(1) does not support
the requested disk image format.
r272376:
Separate release/scripts/mk-vmimage.sh to machine-specific
scripts, making it possible to mimic the functionality for
non-x86 targets.
Move echo output if MAKEFLAGS is empty outside of usage().
Remove TARGET/TARGET_ARCH evaluation.
r272380:
Avoid using env(1) to set values passed to mk-vmimage.sh,
and instead pass the values as arguments to the script,
making it easier to run this by hand, without 'make release'.
Add usage_vm_base() and usage_vm_image() usage helpers.
r272381:
After evaluating WITH_VMIMAGES is non-empty, ensure
the mk-vmimage.sh script exists before running it.
r272392:
Add WITH_COMPRESSED_VMIMAGES variable, which when set enables
xz(1) compression of the virtual machine images.
This is intentionally separate to allow more fine-grained
tuning over which images are compressed, especially in cases
where compressing 20GB sparse images can take hours.
r272412:
Document the new 'vm-image' target, and associated release.conf
variables.
r272413:
Remove two stray comments added during the initial iterations
of testing, no longer needed.
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation
gjb [Tue, 14 Oct 2014 12:40:52 +0000 (12:40 +0000)]
- Correct the FreeBSD release displayed on the 10.1-R errata
page.
- Trim stale errata items from 10.0-RELEASE, but keep the
entry regarding FreeBSD/i386 on VirtualBox, as I am unsure
if the underlying cause was identified and/or corrected.
- Fix a few occurances of 'release.prev' macros that should
be 'release.current'. [1]
- Switch release.ent entities to reflect a release, and update
versions where appropriate.
Submitted by: pluknet [1]
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
bdrewery [Mon, 13 Oct 2014 14:52:54 +0000 (14:52 +0000)]
MFS r272577,r272577:
- Add $netif_ipexpand_max to specify the upper limit for the number of
addresses generated by an address range specification. The default value
is 2048. This can be increased by setting $netif_ipexpand_max in rc.conf.
tuexen [Sun, 12 Oct 2014 17:07:15 +0000 (17:07 +0000)]
MFC r272627:
Checksum coverage values larger than 65535 for UDPLite are invalid.
Check for this when the user calls setsockopt using UDPLITE_{SEND,RECV}CSCOV.
MFC r272628:
When plen != ulen, it should only be checked when this is UDP.
MFC r272645:
If the checksum coverage field in the UDPLITE header is the length
of the complete UDPLITE packet, the packet has full checksum coverage.
So fix the condition.
MFC r272660:
UDPLite requires a checksum. Therefore, discard a received packet if
the checksum is 0.
MFC r272661:
The default for UDPLITE_RECV_CSCOV is zero. RFC 3828 recommend
that this means full checksum coverage for received packets.
If an application is willing to accept packets with partial
coverage, it is expected to use the socket option and provide
the minimum coverage it accepts.
MFC r272662:
Fix the checksum computation for UDPLite/IPv6. This requires the
usage of a function computing the checksum only over a part of the function.
Therefore introduce in6_cksum_partial() and implement in6_cksum() based
on that.
While there, ensure that the UDPLite packet contains at least enough bytes
to contain the header.
MFC r272663:
Check for UDP/IPv6 packets that the length in the UDP header is at least
the minimum. Make the check similar to the one for UDPLite/IPv6.
MFC r272664:
UDP/IPv6 and UDPLite/IPv6 require a checksum. So check for it.
MFC r272754:
Fix a bug introduced in
https://svnweb.freebsd.org/base?view=revision&revision=272347
bz [Sun, 12 Oct 2014 10:39:59 +0000 (10:39 +0000)]
MFS r272892 (r272713 in head):
Since introducing the extra mapping in r250103 (head) for architectural performance
events we have actually counted 'Branch Instruction Retired' when people
asked for 'Unhalted core cycles' using the 'unhalted-core-cycles' event mask
mnemonic.
mav [Mon, 6 Oct 2014 20:38:55 +0000 (20:38 +0000)]
MFC r272308: Fix old iSCSI initiator to work with new CAM locking.
This switches code to using xpt_rescan() routine, irrelevant to locking.
Using xpt_action() directly requires knowledge about higher level locks,
that SIM does not need to have.
This code is obsolete, but that is not a reason to crash.
bapt [Mon, 6 Oct 2014 12:08:14 +0000 (12:08 +0000)]
MFC: r272398
Make sure to not skip any argument when converting from deprecated
+POS1, -POS2 to -kPOS1,POS2, so that sort +0n gets translated to sort -k1,1n
as it is expected
PR: 193994
Submitted by: rodrigo
Approved by: re (marius)
hselasky [Mon, 6 Oct 2014 11:05:56 +0000 (11:05 +0000)]
MFC r272349, r272422 and r272479:
- Fix XHCI driver for devices which have more than 15 physical root HUB
ports. The current bitmap array was too small to hold more than 16
bits and would at some point toggle the context size, which then would
trigger an enumeration fault and cause a fallback to the EHCI
companion controller, if any.
- Make sure we always set the maximum number of valid contexts.
- Set default cycle state in case of early interrupts.