cy [Tue, 18 Feb 2020 11:27:08 +0000 (11:27 +0000)]
This commit makes significant changes to pam_login_access(8) to bring it
up to par with the Linux pam_access(8).
Like the Linux pam_access(8) our pam_login_access(8) is a service module
for pam(3) that allows a administrator to limit access from specified
remote hosts or terminals. Unlike the Linux pam_access, pam_login_access
is missing some features which are added by this commit:
Access file can now be specified. The default remains /etc/access.conf.
The syntax is consistent with Linux pam_access.
By default usernames are matched. If the username fails to match a match
against a group name is attempted. The new nodefgroup module option will
only match a username and no attempt to match a group name is made.
Group names must be specified in brackets, "()" when nodefgroup is
specified. Otherwise the old backward compatible behavior is used.
This is consistent with Linux pam_access.
A new field separator module option allows the replacement of the default
colon (:) with any other character. This facilitates potential future
specification of X displays. This is also consistent with Linux pam_access.
A new list separator module option to replace the default space/comma/tab
with another character. This too is consistent with Linux pam_access.
Linux pam_access options not implemented in this commit are the debug
and audit options. These will be implemented at a later date.
cy [Tue, 18 Feb 2020 11:26:56 +0000 (11:26 +0000)]
When pam_login_access(5) fails to match a username it attempts to
match the primary group a user belongs to. This commit extends the
match to secondary groups a user belongs to as well, just as the Linux
pam_access(5) does.
cy [Tue, 18 Feb 2020 11:26:52 +0000 (11:26 +0000)]
The words ALL, LOCAL, and EXCEPT have special meaning and are documented
as in the login.access(5) man page. However strcasecmp() is used to compare
for these special strings. Because of this User accounts and groups with
the corresponding lowercase names are misintrepreted to have special
whereas they should not.
This commit fixes this, conforming to the man page and to how the Linux
pam_access(8) handles these special words.
cy [Tue, 18 Feb 2020 11:26:49 +0000 (11:26 +0000)]
As with ipf(8), give ippool(8) the ability to load IP pools from multiple
files. This allows for loading, during the same invocation of ippool, of
multiple sources of input using multiple tools to concurrently maintain the
files such as fail2ban, macro preprocessors, and manually.
Among the changes from before:
- Add support for extended colors on widechar version
- Enable ncurses extended functions
- Enable version 2 of the extended mouse support
- Enable SCREEN extensions
Modification that differs from upstream:
- _nc_delink_entries used to be exposed and was turn static,
turn it back as dynamic to not break abi
- Adapt our old termcap.c to modern ncurses
hrs [Tue, 18 Feb 2020 01:50:44 +0000 (01:50 +0000)]
Use 0x5c for the scan code 0x7d.
Japanese keyboards traditionally use 0x5c for
both Japanese yen sign key and backslash key.
While a Japanese yen sign is depicted on the keytop,
most of Japanese expect that the scan code 0x7d gives
a backslash (0x5c), not a Japanese yen sign (0xa5).
This is because JIS X 0201 encoding (aka ISO/IEC 646-JA,
an extended version of ASCII which is very popular
in Japan) has Japanese yen sign at 0x5c and
no backslash. On the other hand, ISO/IEC 8859-1
has Japanese yen sign at 0xa5. This difference has
caused a confusion after Unicode became popular since
ISO/IEC 10646 adopted 8859-1 for the plane 0.
chs [Tue, 18 Feb 2020 00:02:20 +0000 (00:02 +0000)]
amd64: keep PTE bitmasks in sync with target pmap during pv reclaim
in reclaim_pv_chunk_domain(), when we switch to a new target pmap from which
we are trying to reclaim a pv chunk, always update the current PTE bitmasks
to match.
dim [Mon, 17 Feb 2020 20:24:21 +0000 (20:24 +0000)]
Merge r358042 from the clang1000-import branch:
Add casts and L suffixes to libc quad support, to work around various
-Werror warnings from clang 10.0.0, such as:
lib/libc/quad/fixdfdi.c:57:12: error: implicit conversion from 'long long' to 'double' changes value from 9223372036854775807 to 9223372036854775808 [-Werror,-Wimplicit-int-float-conversion]
if (x >= QUAD_MAX)
~~ ^~~~~~~~
/usr/obj/usr/src/powerpc.powerpc/tmp/usr/include/sys/limits.h:89:19: note: expanded from macro 'QUAD_MAX'
#define QUAD_MAX (__QUAD_MAX) /* max value for a quad_t */
^~~~~~~~~~
/usr/obj/usr/src/powerpc.powerpc/tmp/usr/include/machine/_limits.h:91:20: note: expanded from macro '__QUAD_MAX'
#define __QUAD_MAX __LLONG_MAX /* max value for a quad_t */
^~~~~~~~~~~
/usr/obj/usr/src/powerpc.powerpc/tmp/usr/include/machine/_limits.h:75:21: note: expanded from macro '__LLONG_MAX'
#define __LLONG_MAX 0x7fffffffffffffffLL /* max value for a long long */
^~~~~~~~~~~~~~~~~~~~
and many instances of:
lib/libc/quad/fixunsdfdi.c:73:17: error: shift count >= width of type [-Werror,-Wshift-count-overflow]
toppart = (x - ONE_HALF) / ONE;
^~~~~~~~
lib/libc/quad/fixunsdfdi.c:45:19: note: expanded from macro 'ONE_HALF'
#define ONE_HALF (ONE_FOURTH * 2.0)
^~~~~~~~~~
lib/libc/quad/fixunsdfdi.c:44:23: note: expanded from macro 'ONE_FOURTH'
#define ONE_FOURTH (1 << (LONG_BITS - 2))
^ ~~~~~~~~~~~~~~~
lib/libc/quad/fixunsdfdi.c:73:29: error: shift count >= width of type [-Werror,-Wshift-count-overflow]
toppart = (x - ONE_HALF) / ONE;
^~~
lib/libc/quad/fixunsdfdi.c:46:15: note: expanded from macro 'ONE'
#define ONE (ONE_FOURTH * 4.0)
^~~~~~~~~~
lib/libc/quad/fixunsdfdi.c:44:23: note: expanded from macro 'ONE_FOURTH'
#define ONE_FOURTH (1 << (LONG_BITS - 2))
^ ~~~~~~~~~~~~~~~
andrew [Mon, 17 Feb 2020 15:32:21 +0000 (15:32 +0000)]
Use EARLY_DRIVER_MODULE in the acpi bus.
We need this to use EARLY_DRIVER_MODULE in child drivers on arm64. This
should be a no-op on x86 as it has DRIVER_MODULE in the nexus driver making
all later drivers attach in the last pass.
markj [Mon, 17 Feb 2020 15:11:07 +0000 (15:11 +0000)]
Remove swblk_t.
It was used only to store the bounds of each swap device. However,
since swblk_t is a signed 32-bit int and daddr_t is a signed 64-bit
int, swp_pager_isondev() may return an invalid result if swap devices
are repeatedly added and removed and sw_end for a device ends up
becoming a negative number.
Note that the removed comment about maximum swap size still applies.
Reviewed by: jeff, kib
Tested by: pho
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D23666
markj [Mon, 17 Feb 2020 15:10:41 +0000 (15:10 +0000)]
Fix a swap block allocation race.
putpages' allocation of swap blocks is done under the global sw_dev
lock. Previously it would drop that lock before inserting the allocated
blocks into the object's trie, creating a window in which swap blocks
are allocated but are not visible to swapoff. This can cause
swp_pager_strategy() to fail and panic the system.
Fix the problem bluntly, by allocating swap blocks under the object
lock.
Reviewed by: jeff, kib
Tested by: pho
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D23665
markj [Mon, 17 Feb 2020 15:09:40 +0000 (15:09 +0000)]
Fix object locking races in swapoff(2).
swap_pager_swapoff_object()'s goal is to allocate pages for all valid
swap blocks belonging to the object, for which there is no resident
page. If the page corresponding to a block is already resident and
valid, the block can simply be discarded.
The existing implementation tries to minimize the number of I/Os used.
For each cluster of swap blocks, it finds maximal runs of valid swap
blocks not resident in memory, and valid resident pages. During this
processing, the object lock may be dropped in several places: when
calling getpages, or when blocking on a busy page in
vm_page_grab_pages(). While the lock is dropped, another thread may
free swap blocks, causing getpages to page in stale data.
Fix the problem following a suggestion from Jeff: use getpages'
readahead capability to perform clustering rather than doing it
ourselves. The simplies the code a bit without reintroducing the old
behaviour of performing one I/O per page.
Reviewed by: jeff
Reported by: dhw, gallatin
Tested by: pho
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D23664
tuexen [Mon, 17 Feb 2020 14:54:21 +0000 (14:54 +0000)]
Don't use uninitialised stack memory if the sysctl variable
net.inet.tcp.hostcache.enable is set to 0.
The bug resulted in using possibly a too small MSS value or wrong
initial retransmission timer settings. Possibly the value used
for ssthresh was also wrong.
kib [Mon, 17 Feb 2020 13:31:30 +0000 (13:31 +0000)]
pciconf: List names of all known extended PCIe capabilities.
Some ids are redundand because the list_ecaps() function decodes them
by explicit switch case. But listing them all makes it easier to not
miss ecaps, while not changing the functionality.
Initial submission by: Dmitry Luhtionov <dmitryluhtionov@gmail.com>
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
bz [Mon, 17 Feb 2020 11:08:50 +0000 (11:08 +0000)]
Partially revert VNET change and expand VNET structure.
Revert parts of r353274 replacing vnet_state with a shutdown flag.
Not having the state flag for the current SI_SUB_* makes it harder to debug
kernel or module panics related to VNET bringup or teardown.
Not having the state also does not allow us to check for other dependency
levels between components, e.g. for moving interfaces.
Expand the VNET structure with the new boolean flag indicating that we are
doing a shutdown of a given vnet and update the vnet magic cookie for the
change.
Update libkvm to compile with a bool in the kernel struct.
Bump __FreeBSD_version for (external) module builds to more easily detect
the change.
hselasky [Mon, 17 Feb 2020 09:46:32 +0000 (09:46 +0000)]
Fix kernel panic while trying to read multicast stream.
When VIMAGE is enabled make sure the "m_pkthdr.rcvif" pointer is set
for all mbufs being input by the IGMP/MLD6 code. Else there will be a
NULL-pointer dereference in the netisr code when trying to set the
VNET based on the incoming mbuf. Add an assert to catch this when
queueing mbufs on a netisr to make debugging of similar cases easier.
Found by: Vladislav V. Prodan
PR: 244002
Reviewed by: bz@
MFC after: 1 week
Sponsored by: Mellanox Technologies
scottl [Sun, 16 Feb 2020 23:10:59 +0000 (23:10 +0000)]
Add rudamentary support for UFS to probe whether a block device supports the
BIO_SPEEDUP command. Add complimentary support to the CAM periphs that
support it. This is a redo of r357710.
kaktus [Sun, 16 Feb 2020 17:11:54 +0000 (17:11 +0000)]
Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (5 of many)
r357614 added CTLFLAG_NEEDGIANT to make it easier to find nodes that are
still not MPSAFE (or already are but aren’t properly marked). Use it in
preparation for a general review of all nodes.
This is non-functional change that adds annotations to SYSCTL_NODE and
SYSCTL_PROC nodes using one of the soon-to-be-required flags.
kib [Sun, 16 Feb 2020 15:43:28 +0000 (15:43 +0000)]
Fix build of some modules for some kernel configs.
Namely, vmm.ko cannot be compiled without 'option SMP', the code uses
IPIs and LAPIC.
Recently systrace was forced over any configs, check for KDTRACE_HOOK
before compiling the dtrace/ modules.
Reviewed by: markj
Discussed with: mjg
Tested by: se (previous version)
Sponsored by: The FreeBSD Foundation (kib)
Differential revision: https://reviews.freebsd.org/D23699
mjg [Sun, 16 Feb 2020 03:33:34 +0000 (03:33 +0000)]
vfs: fix vlrureclaim ->v_object access
The routine was checking for ->v_type == VBAD. Since vgone drops the interlock
early sets this type at the end of the process of dooming a vnode, this opens
a time window where it can clear the pointer while the inerlock-holders is
accessing it.
Another note is that the code was:
(vp->v_object != NULL &&
vp->v_object->resident_page_count > trigger)
With the compiler being fully allowed to emit another read to get the pointer,
and in fact it did on the kernel used by pho.
Use atomic_load_ptr and remember the result.
Note that this depends on type-safety of vm_object.
mjg [Sun, 16 Feb 2020 03:14:55 +0000 (03:14 +0000)]
refcount: add missing release fence to refcount_release_if_gt
The CPU succeeding in releasing the not last reference can still have pending
stores to the object protected by the affected counter. This opens a time
window where another CPU can release the last reference and free the object,
resulting in use-after-free. On top of that this prevents the compiler from
generating more accesses to the object regardless of how atomic_fcmpset_rel_int
is implemented (of course as long as it provides the release semantic).
mmacy [Sun, 16 Feb 2020 00:12:53 +0000 (00:12 +0000)]
Add zfree to zero allocation before free
Key and cookie management typically wants to
avoid information leaks by explicitly zeroing
before free. This routine simplifies that by
permitting consumers to do so without carrying
the size around.
kevans [Sat, 15 Feb 2020 19:47:49 +0000 (19:47 +0000)]
fetch(3): don't leak sockshost on failure
fetch_socks5_getenv will allocate memory for the host (or set it to NULL) in
all cases through the function; the caller is responsible for freeing it if
we end up allocating.
While I'm here, I've eliminated a label that just jumps to the next line...
kevans [Sat, 15 Feb 2020 19:31:40 +0000 (19:31 +0000)]
fetch(3): move bits of fetch_socks5_getenv around
This commit separates out port parsing and validation from grabbing the host
from the env var. The only related bit really is that we need to be more
specific with the delimiter in the IPv6 case.
dim [Sat, 15 Feb 2020 19:15:24 +0000 (19:15 +0000)]
Merge r357970 from the clang1000-import branch:
Fix the following -Werror warning from clang 10.0.0 in hptmv(4):
sys/dev/hptmv/ioctl.c:240:4: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation]
_vbus_p=pArray->pVBus;
^
sys/dev/hptmv/ioctl.c:237:10: note: previous statement is here
if(!mIsArray(pArray))
^
This is because the return statement after the if statement was not
indented. (Note that this file has been idented assuming 4-space tabs.)
kaktus [Sat, 15 Feb 2020 18:57:49 +0000 (18:57 +0000)]
Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (4 of many)
r357614 added CTLFLAG_NEEDGIANT to make it easier to find nodes that are
still not MPSAFE (or already are but aren’t properly marked). Use it in
preparation for a general review of all nodes.
This is non-functional change that adds annotations to SYSCTL_NODE and
SYSCTL_PROC nodes using one of the soon-to-be-required flags.
kaktus [Sat, 15 Feb 2020 18:54:59 +0000 (18:54 +0000)]
Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (2 of many)
r357614 added CTLFLAG_NEEDGIANT to make it easier to find nodes that are
still not MPSAFE (or already are but aren’t properly marked). Use it in
preparation for a general review of all nodes.
This is non-functional change that adds annotations to SYSCTL_NODE and
SYSCTL_PROC nodes using one of the soon-to-be-required flags.
kaktus [Sat, 15 Feb 2020 18:52:12 +0000 (18:52 +0000)]
Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (2 of many)
r357614 added CTLFLAG_NEEDGIANT to make it easier to find nodes that are
still not MPSAFE (or already are but aren’t properly marked). Use it in
preparation for a general review of all nodes.
This is non-functional change that adds annotations to SYSCTL_NODE and
SYSCTL_PROC nodes using one of the soon-to-be-required flags.
kaktus [Sat, 15 Feb 2020 18:48:38 +0000 (18:48 +0000)]
Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (1 of many)
r357614 added CTLFLAG_NEEDGIANT to make it easier to find nodes that are
still not MPSAFE (or already are but aren’t properly marked). Use it in
preparation for a general review of all nodes.
This is non-functional change that adds annotations to SYSCTL_NODE and
SYSCTL_PROC nodes using one of the soon-to-be-required flags.
imp [Sat, 15 Feb 2020 18:14:23 +0000 (18:14 +0000)]
The KASSERT is too strict: revert r357897
It's valid for a periph to be removed with outstanding transactions on the
device. In CAM, multiple periphs attach to a single device. There's no interlock
to prevent one of these going away while other periphs have outstanding CCBs and
it's not an error either. Remove this overly agressive KASSERT to prevent
false-positive panics when devices depart.
kevans [Sat, 15 Feb 2020 18:03:16 +0000 (18:03 +0000)]
fetch(3): Add SOCKS5 support
This change adds SOCKS5 support to the library fetch(3) and updates the man
page.
Details: Within the fetch_connect() function, fetch(3) checks if the
SOCKS5_PROXY environment variable is set. If so, it connects to this host
rather than the end-host. It then initializes the SOCKS5 connection in
accordance with RFC 1928 and returns the resulting conn_t (file descriptor)
for usage by the regular FTP/HTTP handlers.
Design Decision: This change defaults all DNS resolutions through the proxy
by sending all IPs as hostnames. Going forward, another feature might be to
create another environmental variable to toggle resolutions through the
proxy or not..
One may set the SOCKS5_PROXY environment variable in any of the formats:
(note by kevans)
I've since been informed that Void Linux/xbps has a fork of libfetch that
also implements SOCKS5. I may compare/contrast the two in the mid-to-near
future.
melifaro [Sat, 15 Feb 2020 15:39:53 +0000 (15:39 +0000)]
Make ping6(1) return code consistent with the man page.
When every sendto() call originated by ping6(1) fails, current code always
returns 2 ("transmission was successful but no responses were received")
which is incorrect. Return EX_OSERR instead as in many cases it indicates
some kernel-level problems.
mjg [Sat, 15 Feb 2020 13:00:39 +0000 (13:00 +0000)]
vfs: make write suspension mandatory
At the time opt-in was introduced adding yourself as a writer was esrializing
across the mount point. Nowadays it is fully per-cpu, the only impact being
a small single-threaded hit on top of what's there right now.
Vast majority of the overhead stems from the call to VOP_GETWRITEMOUNT which
has is done regardless.
Should someone want to microoptimize this single-threaded they can coalesce
looking the mount up with adding a write to it.
kib [Fri, 14 Feb 2020 23:27:45 +0000 (23:27 +0000)]
Consolidate read code for timecounters and fix possible overflow in
bintime()/binuptime().
The algorithm to read the consistent snapshot of current timehand is
repeated in each accessor, including the details proper rollup
detection and synchronization with the writer. In fact there are only
two different kind of readers: one for bintime()/binuptime() which has
to do the in-place calculation, and another kind which fetches some
member from struct timehand.
Extract the logic into type-checked macros, GETTHBINTIME() for bintime
calculation, and GETTHMEMBER() for safe read of a structure' member.
This way, the synchronization is only written in bintime_off() and
getthmember().
In bintime_off(), use overflow-safe calculation of th_scale *
delta(timecounter). In tc_windup, pre-calculate the min delta value
which overflows and require slow algorithm, into the new timehands
th_large_delta member.
This part with overflow fix was written by Bruce Evans.
Reported by: Mark Millard <marklmi@yahoo.com> (the overflow issue)
Tested by: pho
Discussed with: emaste
Sponsored by: The FreeBSD Foundation (kib)
MFC after: 3 weeks
emaste [Fri, 14 Feb 2020 22:32:33 +0000 (22:32 +0000)]
Update version in openssh FREEBSD-vendor metadata
It appears that FREEBSD-vendor is an idea that never really took off
and we should probably just remove it, but until then we might as well
record the correct version.
This includes a small battery of /memreserve/ fixes to make sure dtc is
properly writing these regions into the output file and reading them back
out.
As of this update, dtc will now also assume common defaults for -I/-O if
only one is specified; namely, dts for one implies dtb for the other and
vice versa (Requested by: jhibbits, preserves GPL dtc behavior too).
mjg [Fri, 14 Feb 2020 13:14:19 +0000 (13:14 +0000)]
amd64: only check for error != 0 in the inlined part of l1d flush check
this replaces the following near the syscall exit:
cmp $0x39,%rax
ja 0xffffffff8108f82c
movabs $0x200001800060005,%rcx
bt %rax,%rcx
jae 0xffffffff8108f82c
projects / FreeBSD / FreeBSD.git / log