kevlo [Sat, 8 Oct 2016 14:57:21 +0000 (14:57 +0000)]
In case of removal of m_copy() the macro should remain named M_COPY()
in ip_compat.h after r305824. Leaving as vanilla as possible aids in
future maintenance and upgrades.
jilles [Sat, 8 Oct 2016 13:40:12 +0000 (13:40 +0000)]
sh: Do not import IFS's value from the environment.
Per Austin group issue #884, always set IFS to $' \t\n'. As before, IFS will
be exported iff it was in the environment.
Most shells (e.g. bash, ksh93 and mksh) already did this. This change
improves predictability, in that scripts can simply rely on the default
value.
However, the effect on security is little, since applications should not be
calling the shell with attacker-controlled environment variable names in the
first place and other security-sensitive variables such as PATH should be
and are imported by the shell.
When using a new sh with an old (before 10.2) libc wordexp(), IFS is no
longer passed on. Otherwise, wordexp() continues to pass along IFS from the
environment per its documentation.
adrian [Sat, 8 Oct 2016 01:12:29 +0000 (01:12 +0000)]
[net80211] extend the ieee80211_rx_stats struct to include more information.
There are a variety of more interesting RX statistics that we should
keep track of but we don't. This is a starting point for adding more
information.
Specifically:
* now the RX rate information and some of the packet status is
passed up;
* The 32 bit or 64 bit TSF is passed up;
* the PHY mode is passed up;
* the "I'm decap'ed AMSDU!" state is passed up;
* number of RX chains is bumped to 4.
This is all mostly a placeholder for getting the data into the RX status
before we pass it up to net80211 - unfortunately we don't yet enforce
that drivers provide it, nor do we pass the provided info back up the
stack so anyone can use the data.
We're going to need to use some of this data moving forward.
Notably, now that some hardware can do AMSDU decap for us (the intel iwm
driver can do it when we flip it on; the ath10k port I'm doing does
it for us) then we need to pass it up through the stack so the duplicate
RX sequence numbers and crypto/IV details don't cause the packet to
be dropped and/or counted against a replay counter.
It's also the beginning of being able to do more interesting node
accounting in net80211. Specifically, once drivers start populating
per-packet rate information, AMPDU information, timestamps, etc,
we can start providing histograms of rate-versus-RSSI, account
for receive time spent per node and other such interesting things.
(Note: I'm also hoping to include ranging and RTT information for
future chipset support; and it's likely going to include it in
this kind of fashion.)
markj [Fri, 7 Oct 2016 21:10:53 +0000 (21:10 +0000)]
Lock the ND prefix list and add refcounting for prefixes.
This change extends the nd6 lock to protect the ND prefix list as well
as the list of advertising routers associated with each prefix. To handle
cases where the nd6 lock must be dropped while iterating over either the
prefix or default router lists, a generation counter is used to track
modifications to the lists. Additionally, a new mutex is used to serialize
prefix on-link/off-link transitions. This mutex must be acquired before
the nd6 lock and is held while updating the routing table in
nd6_prefix_onlink() and nd6_prefix_offlink().
emaste [Fri, 7 Oct 2016 20:01:59 +0000 (20:01 +0000)]
portsnap: use lam on the known good hash list
This change is equivalent to the approach committed in r306417, but if
sed has a bug it could be exploited by the untrusted tar file. Instead,
generate the expected tar content and compare that with find's output.
convert the expected hash list to the expected tar content filesystem
layout, and compare that with find's output.
andrew [Fri, 7 Oct 2016 16:17:51 +0000 (16:17 +0000)]
The bootloader self relocation code was slightly wrong for the
R_AARCH64_RELATIVE relocation found on arm64. It would try to add the
contents of the memory location being relocated to the base address and
the relocation addend. This worked when the contents was zero, however
this now seems to be set to the value of the addend so we add this twice.
Fix this by just setting the memory to the computed value.
marcel [Fri, 7 Oct 2016 15:42:20 +0000 (15:42 +0000)]
In order to allow mkimg(1) (and other tools) to become a build tool
that can be compiled on various OSes (including on older versions
of FreeBSD), make it possible to have it include the partitioning
scheme definitions without pulling in FreeBSD specifics.
In particular this means:
o move the scheme definitions iand related defines to header files
under sys/disk,
o make them (more) portable by using uint#_t (where applicable)
and renaming defines so that they at least have a good prefix,
o make the new headers stand-alone so that they don't need FreeBSD
definitions, like struct uuid(*)
o keep the original headers for compatibility, but rewrite them to
get the scheme definitions from <sys/disk/$scheme.h>.
(*) since UUID/GUID type definitions are non-portable and the GPT
scheme uses them, make it possible to have the scheme definitions
use an external type by allowing consumers of the header to set
GPT_UUID_TYPE. When GPT_UUID_TYPE has not been defined, the header
will use it's own type definition, which is the same as struct uuid.
The gpt_uuid_t typedef is created to abstract the details and allows
consumers to refer to a single type.
There is not conflict between the partitioning scheme headers and
what is defined in them. All headers can be included in the same
source files.
Note: consumers of the old headers have not been changed yet. Such
will be done if and when needed/beneficial.
kib [Fri, 7 Oct 2016 13:41:28 +0000 (13:41 +0000)]
When making a pause after detecting hard kill of the single-user
shell, ensure that we do sleep for at least the specified time, in
presence of signals.
Interrupted sleep(3) is followed by _exit(), which might cause 'Going
nowhere without my init' panic if init(8) exits before the reboot(2)
really started, or before SIGTSTP stopped init(8) (both events are
initiated by the parallel reboot(8) operation).
I do not see other calls to sleep(STALL_TIMEOUT) as having the same
disasterous consequences and kept them as is until the similar change
is proven required.
Reported and tested by: Andy Farkas <chuzzwassa@gmail.com>
Sponsored by: The FreeBSD Foundation
MFC after: 3 weeks
emaste [Fri, 7 Oct 2016 12:57:35 +0000 (12:57 +0000)]
Improvements to BSD-licensed DTC.
- Numerous crash and bug fixes
- Improved warning and error messages
- Permit multiple labels on nodes and properties
- Fix node@address references
- Add support for /delete-node/
- Consume whitespace after a node
- Read the next token before the second /memreserve/
- Fix parsing of whitespace
- Clean up /delete-node/ and add support for /delete-property/
- Handle /delete-node/ specifying a unit address
kib [Fri, 7 Oct 2016 11:38:28 +0000 (11:38 +0000)]
Limit scope of the optimization in r306608 to dounmount() caller only.
Other uses of cache_purgevfs() do rely on the cache purge for correct
operations, when paths are invalidated without unmount.
Reported and tested by: jkim
Discussed with: mjg
Sponsored by: The FreeBSD Foundation
avg [Fri, 7 Oct 2016 06:29:24 +0000 (06:29 +0000)]
implement zfs_vptocnp() using z_parent property
This should allow vn_fullpath() to work even when vfs name cache is
disabled for zfs, which is the case when zfs properties like
casesensitivity and normalization are set non-default values.
The new code should be 100% reliable for directories and "mostly"
reliable for files, that is, when hardlinks across directories are
not used.
bapt [Thu, 6 Oct 2016 19:51:30 +0000 (19:51 +0000)]
localedef: Improve cc_list parsing
original commit log:
=====
I had originally suspected the parsing of ctype definition files as being
the source of the ctype flag mis-definitions, but it wasn't. In the
process, I simplified the cc_list parsing so I'm committing the no-impact
improvement separately. It removes some parsing redundancies and
won't parse partial range definitions anymore.
====
This commit is from John Marino in dragonfly with the following commit log:
====
This was a CTYPE encoding error involving consecutive points of the same
ctype. It was reported by myself to Illumos over a year ago but I was
unsure if it was only happening on BSD. Given the cause, the bug is also
present on Illumos.
Basically, if consecutive points were of the exact same ctype, they would
be defined as a range regardless. For example, all of these would be
considered equivalent:
<A> ... <C>, <H> (converts to <A> .. <H>)
<A>, <B>, <H> (converts to <A> .. <H>)
<A>, <J> ... <H> (converts to <A> .. <H>)
So all the points that shouldn't have been defined got "bridged" by the
extreme points.
The effects were recently reported to FreeBSD on PR 213013. There are
countless places were the ctype flags are misdefined, so this is a major
fix that has to be MFC'd.
====
This reveals a bad change I did on the testsuite: while 0x07FF is a valid
unicode it is not used yet (reserved for future use)
cem [Thu, 6 Oct 2016 14:55:15 +0000 (14:55 +0000)]
write(1): Capsicumify
Enter Capsicum capability sandbox pretty early in this setuid program.
Some minor modifications were needed to cache directory fds and use
relative lookups.
Rights restriction of the stdio descriptors is unfortunately pretty messy
because we need an ioctl capability not present in the current libcapsicum
helpers (FIODGNAME).
cem [Thu, 6 Oct 2016 05:16:44 +0000 (05:16 +0000)]
savecore(8): Fix buffer overrun inspecting disks with varying sector size
A premature optimization lead to caching a native-sector sized memory
allocation. If the program examined a 512 byte sector disk, then a 4096
byte sector disk, the program would overrun the cached 512 byte buffer.
Just remove the optimization to fix the bug. This was introduced with the 4Kn
dump support in r298076.
markj [Thu, 6 Oct 2016 00:13:55 +0000 (00:13 +0000)]
gmirror: Write an updated syncid before queuing writes.
When a syncid bump is pending, any write to the mirror results in the
updated syncid being written to each component's metadata block. However,
the update was only being performed after the writes to the mirror
componenents were queued. Instead, synchronously update the metadata block
first.
markj [Thu, 6 Oct 2016 00:05:45 +0000 (00:05 +0000)]
gmirror: Bump the syncid if broken disks are found during startup.
Consider a mirror with two components, m1 and m2. Suppose a hardware error
results in the removal of m2, with m1's genid bumped. Suppose further that
a replacement mirror component m3 is created and synchronized, after which
the system is shut down uncleanly. During a subsequent bootup, if gmirror
tastes m1 and m2 first, m2 will be removed from the mirror because it is
broken, but the mirror will be started without bumping the syncid on m1
because all elements of the mirror are accounted for. Then m3 will be
added to the already-running mirror with the same syncid as m1, so the
components will not be synchronized despite the unclean shutdown.
Handle this scenario by bumping the syncid of healthy components if any
broken mirrors are discovered during mirror startup.
sevan [Wed, 5 Oct 2016 20:28:04 +0000 (20:28 +0000)]
Document the history of fdisk based on the original post to comp.unix.bsd by Julian Elischer [1] and the Mach 2.5 Installation notes [2].
I was unable to pin point the exact version of Mach the fdisk utility appeared as I could not find documentation older than version 2.5 & no source code or repo history.
fdisk utility appears as a separate utility[3] in v2.5. Due to this, I have avoided stating the exact version fdisk first appeared in Mach.
Add authors section.
sevan [Wed, 5 Oct 2016 20:21:06 +0000 (20:21 +0000)]
Document the history of fdisk based on the original post to comp.unix.bsd by Julian Elischer [1] and the Mach 2.5 Installation notes [2].
I was unable to pin point the exact version of Mach the fdisk utility appeared as I could not find documentation older than version 2.5 & no source code or repo history.
fdisk utility appears as a separate utility[3] in v2.5. Due to this, I have avoided stating the exact version fdisk first appeared in Mach.
Add authors section.
Make correction pointed by igor
[1] https://groups.google.com/d/topic/comp.unix.bsd/Hhi45vAHxDg/discussion
[2] ftp://ftp.mcs.vuw.ac.nz/doc/misc/mach-i386-doc/i386_install.ps
[3] ftp://ftp.mcs.vuw.ac.nz/doc/misc/mach-i386-doc/i386_manpages.ps
PR: 212469
Approved by: bcr (mentor)
MFC after: 5 days
Differential Revision: https://reviews.freebsd.org/D8104
sevan [Wed, 5 Oct 2016 19:56:10 +0000 (19:56 +0000)]
Add history section for bsdlabel(8)
http://minnie.tuhs.org/cgi-bin/utree.pl?file=4.3BSD-Tahoe/usr/man/cat8/disklabel.0
Remove tab after space, highlighted by igor
sevan [Wed, 5 Oct 2016 19:16:55 +0000 (19:16 +0000)]
Add history section for echo(1)
Sourced using the draft copy of the second edition manual
http://www.tuhs.org/Archive/PDP-11/Distributions/research/1972_stuff/unix_2nd_edition_manual.pdf
loos [Wed, 5 Oct 2016 19:09:27 +0000 (19:09 +0000)]
if_cpsw overhaul:
- Fix RX and TX teardown:
. TX teardown would not reclaim the abandoned descriptors;
. Interrupt storms in RX teardown;
. Fixed the acknowledge of the teardown completion interrupt.
- Remove temporary lists for the descriptors;
- Simplified the descriptor handling (less writes and reads from
descriptors where possible);
- Better debug;
- Add support for the RX threshold interrupts:
With interrupt moderation only, an RX overrun is likely to happen. The
RX threshold is set to trigger a non paced interrupt everytime your RX
free buffers are under the minimum threshold, helping to prevent the rx
overrun.
The NIC now survive when pushed over its limits (where previously it would
lock up in a few seconds).
uFW (600MHz SoC) can now forward up to 560Mb/s of UDP traffic (netmap
pkt-gen as source and sink). TCP forwarding rate is over 350Mb/s.
No difference (other than CPU use) was seen on Beaglebone black (1GHz SoC)
for his fast ethernet.
Tested on: uFW, BBB
Sponsored by: Rubicon Communications, LLC (Netgate)
alc [Wed, 5 Oct 2016 17:32:06 +0000 (17:32 +0000)]
Make the page daemon's notion of what kind of pass is being performed
by vm_pageout_scan() local to vm_pageout_worker(). There is no reason
to store the pass in the NUMA domain structure.
markj [Wed, 5 Oct 2016 17:18:24 +0000 (17:18 +0000)]
CAM ccbq sanity: checks on insert and remove
KASSERT in cam_ccbq_insert_ccb that only XPT_FC_QUEUED ops are queued,
and XPT_FC_USER_CCB ops are not. Otherwise cam_ccbq_ccb_done may be
skipped.
Bounds check the index used for camq_remove in order to panic instead
of scribble on removal of an out-of-bounds index (e.g. consider the
effect of camq_remove of CAM_UNQUEUED_INDEX).
KASSERT in cam_ccbq_remove_ccb that the ccb removed by index was the
one sought.
emaste [Wed, 5 Oct 2016 17:03:22 +0000 (17:03 +0000)]
abort in srandomdev if kern.arandom sysctl fails
The sysctl cannot fail. If it does fail on some FreeBSD derivative or
after some future change, just abort() so that the problem will be found
and fixed.
While abort() is not normally suitable for a library, it makes sense
here.
This is akin to r306636 for arc4random.
Reviewed by: ed
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D8077
alc [Wed, 5 Oct 2016 16:15:26 +0000 (16:15 +0000)]
Change vm_pageout_scan() to return a value indicating whether the free page
target was met.
Previously, vm_pageout_worker() itself checked the length of the free page
queues to determine whether vm_pageout_scan(pass >= 1)'s inactive queue scan
freed enough pages to meet the free page target. Specifically,
vm_pageout_worker() used vm_paging_needed(). The trouble with
vm_paging_needed() is that it compares the length of the free page queues to
the wakeup threshold for the page daemon, which is much lower than the free
page target. Consequently, vm_pageout_worker() could conclude that the
inactive queue scan succeeded in meeting its free page target when in fact
it did not; and rather than immediately triggering an all-out laundering
pass over the inactive queue, vm_pageout_worker() would go back to sleep
waiting for the free page count to fall below the page daemon wakeup
threshold again, at which point it will perform another limited (pass == 1)
scan over the inactive queue.
Changing vm_pageout_worker() to use vm_page_count_target() instead of
vm_paging_needed() won't work because any page allocations that happen
concurrently with the inactive queue scan will result in the free page count
being below the target at the end of a successful scan. Instead, having
vm_pageout_scan() return a value indicating success or failure is the most
straightforward fix.
mmel [Wed, 5 Oct 2016 12:17:43 +0000 (12:17 +0000)]
ARM: Disconnect elf_trampoline.c from ARMv6 build.
The trampoline code never functioned properly for Cortex CPUs,
and its functionality is already provided by ubldr.
jhibbits [Wed, 5 Oct 2016 04:40:48 +0000 (04:40 +0000)]
Fix e500mc/derivatives cpu idle
Setting the doze registers wasn't actually working, and was being masked by a
bad #ifdef. Since the #ifdef was fixed, now e500mc-based SoCs hang at idle.
Fix this by using the intended wait.