Ed Maste [Wed, 27 Jun 2018 14:45:13 +0000 (14:45 +0000)]
Split kern_break from sys_break and use it in linuxulator
Previously the linuxulator's linux_brk invoked the FreeBSD sys_break
syscall implementation directly. Instead, move the bulk of the existing
implementation to kern_break, and call that from both sys_break and
linux_brk.
This also addresses a minor bug in linux_brk in that we now return the
actual (rounded up) break address, rather than the requested value.
Warner Losh [Wed, 27 Jun 2018 04:11:09 +0000 (04:11 +0000)]
Fix devctl generation for core files.
We have a problem with vn_fullpath_global when the file exists. Work
around it by printing the full path if the core file name starts with /,
or current working directory followed by the filename if not.
While useful as an example, veriexecctl, as it is, has very little practical
use, since there is nothing ensuring the integrity of the manifest of hashes.
A more appropriate set of utilities will replace it.
Alan Somers [Tue, 26 Jun 2018 20:26:57 +0000 (20:26 +0000)]
audit(4): add tests for the process-control audit class
Tested syscalls include rfork(2), chdir(2), fchdir(2), chroot(2),
getresuid(2), getresgid(2), setpriority(2), setgroups(2), setpgrp(2),
setrlimit(2), setlogin(2), mlock(2), munlock(2), minherit(2), rtprio(2),
profil(2), ktrace(2), ptrace(2), fork(2), umask(2), setuid(2), setgid(2),
seteuid(2), and setegid(2). The last six are only tested in the success
case, either because they're infalliable or a failure is difficult to cause
on-demand.
Magic file for dump(8) had this dump and previous dump dates reversed.
Fix order for all three flavours of the dump(8) format.
This fix was committed to upstream repo as magic/Magdir/dump,v 1.17
and will be merged during next vendor import.
Ben Woods [Tue, 26 Jun 2018 18:07:16 +0000 (18:07 +0000)]
geli attach multiple providers
Allow attaching of multiple geli providers at once if they use same
passphrase and keyfiles.
This is helpful when the providers being attached are not used for boot,
and therefore the existing code to first try the cached password when
tasting the providers during boot does not apply.
Multiple providers with the same passphrase and keyfiles can be attached
at the same time during system start-up by adding the following to
rc.conf:
geli_groups="storage backup"
geli_storage_flags="-k /etc/geli/storage.keys"
geli_storage_devices="ada0 ada1"
geli_backup_flags="-j /etc/geli/backup.passfile -k /etc/geli/backup.keys"
geli_backup_devices="ada2 ada3"
There's no need to hold the lock since the cleaning of the interrupt
cannot happen in parallel due to the XNBF_IN_SHUTDOWN flag being set.
Note that the locking in netback needs some improvement or
clarification.
Kyle Evans [Tue, 26 Jun 2018 04:02:25 +0000 (04:02 +0000)]
config(8): Flip the order of concatenation for `hints` and `env`
As previously noted, kernel's processing of these means that the first
appearance of a hint/variable wins. Flipping the order of concatenation
means that later variables override earlier variables, as expected when one
does:
hints x
hints y
Where perhaps x is:
hint.aw_sid.0.disable=1
and y is:
hint.aw_sid.0.disable=0
The expectation would be that a later appearing variable would override an
earlier appearing variable, such as with `device`/`nodevice`, device.hints,
and other similarly structured data files.
Kyle Evans [Tue, 26 Jun 2018 03:56:10 +0000 (03:56 +0000)]
config(8): Make 'env' files consistent with other file-accepting options
Previously, only one 'env' file could be specified. Later 'env' directives
would overwrite earlier 'env' directives. This is inconsistent with every
other file-accepting directives which process files in order, including
hints.
A caveat applies to both hints and env that isn't mentioned: they're
concatenated in the order of appearance, so they're not actually applied in
the way one might think by supplying:
hints x
hints y
Hints in x will take precedence over same-name hints in y due to how
the kernel processes them, stopping at the first line that matches the hint
we're searching for. Future work will flip the order of concatenation so
that later files may still properly override earlier files.
In practice, this likely doesn't matter at all due to the nature of the
beast.
Warner Losh [Tue, 26 Jun 2018 00:39:38 +0000 (00:39 +0000)]
Use buf + strategy rather than bypassing geom_vfs layer
The reference counting that's done in the geom_vfs layer to prevent
delivery of requests to defunct devices only works if all requests go
through that layer. UFS was bypassing that layer for BIO_DELETE requests,
sending them to the geom_consumer directly with g_io_request. Allocate
a buf, fill it in, and call strategy on it instead.
Andrew Turner [Mon, 25 Jun 2018 22:36:25 +0000 (22:36 +0000)]
Make cpu_set_syscall_retval common between the existing FreeBSD ABI and
the Linuxulator. We need to translate error values onto Linux errno values
and return them to userspace when a syscall fails. We also need to preserve
x1 as all registers are preserved other than the return value.
Ed Maste [Mon, 25 Jun 2018 20:33:04 +0000 (20:33 +0000)]
linux64: add arm64 linuxulator build details
The arm64 linuxulator needs different arguments for the objcopy
invocation used to build the linux VDSO. These arguments are both arch-
and OS-dependent, so I did not try to use some common setting for them.
Brooks Davis [Mon, 25 Jun 2018 19:55:15 +0000 (19:55 +0000)]
Normalize the g(eom,cache,part,...) build.
Rather then combining hardlink creation for the geom(8) binary with
shared library build, move libraries to src/lib/geom so they are
built and installed normally. Create a common Makefile.classes
which is included by both lib/geom/Makefile and sbin/geom/Makefile
so the symlink and libraries stay in sync.
The relocation of libraries allows libraries to be build for 32-bit
compat. This also reduces the number of non-standard builds in
the system.
This commit is not sufficent to run a 32-bit /sbin/geom on a 64-bit
system out of the box as it will look in the wrong place for libraries
unless GEOM_LIBRARY_PATH is set appropriatly in the environment.
Kyle Evans [Mon, 25 Jun 2018 17:17:47 +0000 (17:17 +0000)]
config(8): Add `envvar` support
envvar allows adding individual environment variables to the kernel's static
environment without the overhead of pulling in a full file. envvar in a
config looks like:
envvar some_var=5
All envvar-provided variables will be added after the env file is processed,
so envvar keys that exist in the previous env will be overwritten by
whatever value is set here in the kernel configuration directly.
As an aside, envvar lines are intentionally tokenized differently from
basically every other line. We used a named state when ENVVAR is encountered
to gobble up the rest of the line, which will later be cleaned and validated
in post-processing by sanitize_envline. This turns out to be the simplest
and cleanest way to allow the flexibility that kenv does while not
compromising on silly hacks.
Reviewed by: ian (also contributor of sanitize_envline rewrite)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D15962
Brooks Davis [Mon, 25 Jun 2018 16:42:49 +0000 (16:42 +0000)]
Fix a stack overflow in mount_smbfs when hostname is too long.
The local hostname was blindly copied into the to the nn_name array.
When the hostname exceeded 16 bytes, it would overflow. Truncate the
hostname to 15 bytes plus a 0 terminator which is the "workstation name"
suffix.
Use defensive strlcpy() when filling nn_name in all cases.
PR: 228354
Reported by: donald.buchholz@intel.com
Reviewed by: jpaetzel, ian (prior version)
Discussed with: Security Officer (gtetlow)
MFC after: 3 days
Security: Stack overflow with the hostname.
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D15936
Do not leave stray qword on top of stack for interrupts and exceptions
without error code. Doing so it mis-aligned the stack.
Since the only consumer of the SSE instructions with the alignment
requirements is AES-NI module, and since the FPU context cannot be
accessed in interrupts, the only situation where the alignment matter
are the compat32 syscalls, as reported in the PR.
PR: 229222
Reported and tested by: dewayne@heuristicsystems.com.au
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Do not access ISA timer if BIOS reports that there is no legacy
devices present.
On at least one machine where it would matter since the ISA timer is
power gated when booted in the UEFI mode, BIOS still reports that the
legacy devices are present. That is, user still have to manually
disable TSC calibration on such machines. Hopefully it will be more
useful in the future.
Discussed with: Ben Widawsky <benjamin.widawsky@intel.com>
Reviewed by: royger
Sponsored by: The FreeBSD Foundation
Differential revision: https://reviews.freebsd.org/D16004
MFC after: 1 week
Sean Bruno [Sun, 24 Jun 2018 21:19:08 +0000 (21:19 +0000)]
Assuming that the intent (from the white space) is that the fprintf()
be executed in the if() conditional. If its not supposed to be printed
inside the conditional, then the braces should be removed and the extra
tabs on the fprintf() should be removed.
Eitan Adler [Sun, 24 Jun 2018 13:23:27 +0000 (13:23 +0000)]
dhclient: build with WARNS=6
- add static in a number of places
- initialize __progname rather than rely on magical extern values
- use nitems() instead of manually spelling it out
- unshadow 'idi'
- teach 'error' that it is '__dead2'
- add missing 'break'
Eitan Adler [Sun, 24 Jun 2018 05:40:42 +0000 (05:40 +0000)]
newfs: clean up warnings
- remove param: unused since r95357.
- correct definition of usage
- add explicit fallthrough notice. The existing one doesn't work with
our selection of "implicit-fallthrough" strictness.
This results in WARNS=6 building on amd64, but not other arches
Ian Lepore [Sun, 24 Jun 2018 03:29:00 +0000 (03:29 +0000)]
Modernize usage of "restrict" keyword in ntp.conf
It is no longer necessary to specify a -4/-6 flag on any ntp.conf
keyword. The address type is inferred from the address itself as
necessary. "restrict default" statements always apply to both address
families regardless of any -4/-6 flag that may be present.
So this change just tidies up our default config by removing the redundant
restrict -6 statement and comment, and by removing the -6 flag from the
restrict keyword that allows access from localhost.
This change was inspired by the patches provided in PRs 201803 and 210245,
and included some contrib/ntp code inspection to verify that the -4/-6
keywords are basically no-ops in all contexts now.
Ian Lepore [Sat, 23 Jun 2018 23:44:36 +0000 (23:44 +0000)]
Retrieve the bus clock speed and mode (polarity/phase) from the child device
and set up the hardware accordingly on each transfer. This replaces the old
configuration done via sysctl, and allows both fdt configuration data and
userland control via the spigen device to work.
Submitted by: Bob Frazier
Differential Revision: https://reviews.freebsd.org/D15031
Ian Lepore [Sat, 23 Jun 2018 22:55:22 +0000 (22:55 +0000)]
Add spi-max-frequency properties to all spigen nodes. This is a required
property for spi devices, although in the spigen case it's expected that
the speed will be overridden at runtime via the ioctl interface. A very
conservative 500khz speed is used (I've never seen a spi device that
couldn't run at 1mhz).
Fix invalid OF_getencprop_alloc usage in fdt_pinctrl(9)
r332341 introduced OF_getencprop_alloc_multi that should be used
instead of OF_getencprop_alloc to get multi-cell properties.
Fix example to reflect this change.
Conrad Meyer [Sat, 23 Jun 2018 18:20:17 +0000 (18:20 +0000)]
aesni(4): Fix {de,en}crypt operations that allocated a buffer
aesni(4) allocates a contiguous buffer for the data it processes if the
provided input was not already virtually contiguous, and copies the input
there. It performs encryption or decryption in-place.
r324037 removed the logic that then copied the processed data back to the
user-provided input buffer, breaking {de,enc}crypt for mbuf chains or
iovecs with more than a single descriptor.
PR: 228094 (probably, not confirmed)
Submitted by: Sean Fagan <kithrup AT me.com>
Reported by: Emeric POUPON <emeric.poupon AT stormshield.eu>
X-MFC-With: 324037
Security: could result in plaintext being output by "encrypt"
operation
Emmanuel Vadot [Sat, 23 Jun 2018 15:03:54 +0000 (15:03 +0000)]
allwinner: clkng: Correct mux width and flags
The test for checking if the clock have a mux was inverted and the mask
to calculate the parent index was wrong was wrong too.
It means that upon creation the incorrect parent was resolved as the current
one and upon reparent the switch was never made.
Mark Johnston [Sat, 23 Jun 2018 10:41:52 +0000 (10:41 +0000)]
Re-count available PV entries after reclaiming a PV chunk.
The call to reclaim_pv_chunk() in reserve_pv_entries() may free a
PV chunk with free entries belonging to the current pmap. In this
case we must account for the free entries that were reclaimed, or
reserve_pv_entries() may return without having reserved the requested
number of entries.
Jeff Roberson [Sat, 23 Jun 2018 08:10:09 +0000 (08:10 +0000)]
Sort uma_zone fields according to 64 byte cache line with adjacent line
prefetch on 64bit architectures. Prior to this, two lines were needed
for the fast path and each line may fetch an unused adjacent neighbor.
- Move fields used by the fast path into a single line.
- Move constants into the adjacent line which is mostly used for
the spare bucket alloc 'medium path'.
- Unpad the mtx which is only used by the fast path and place it in
a line with rarely used data. This aligns the cachelines better and
eliminates 128 bytes of wasted space.
This gives a 45% improvement on a will-it-scale test on a 24 core machine.
Ian Lepore [Sat, 23 Jun 2018 02:42:08 +0000 (02:42 +0000)]
Use 'mv -f' in rc.d/ntpd to avoid spuriously halting the boot.
The final 'mv' to install a fetched leap-list file can fail (due to a
readonly fs, or schg flags, for example), and that leads to mv(1)
prompting the user, stopping the boot process. Instead, use mv -f
to supress the prompting, and if verbose mode is on, emit a warning
that the existing file cannot be replaced.
Justin Hibbits [Sat, 23 Jun 2018 01:42:34 +0000 (01:42 +0000)]
powerpc64: Fix stack setup in dbtrap
r330610 relocated the DMAP from the base of memory to the base of the fourth
quadrant of memory. This broke synthetic traps, such as KDB forced
breakpoints. Use GET_TOCBASE() so the DMAP offset is handled.
Rick Macklem [Sat, 23 Jun 2018 00:48:45 +0000 (00:48 +0000)]
Set the slotid and ND_HASSLOTID flag for NFSv4.1 sequenced operations.
Most NFSv4.1 compound RPCs start with a Sequence operation. For these
cases, save the slotid and note that it is saved by setting ND_HASSLOTID.
This is used by r335568 to free up the session slot and disable it.
Rick Macklem [Sat, 23 Jun 2018 00:37:15 +0000 (00:37 +0000)]
Define ND_HASSLOTID needed by r335568.
r335568 uses a flag called ND_HASSLOTID to indicate that the slotid is set,
so it can free and invalidate it.
This flag needs to be set, which will be done in a subsequent commit.
Kristof Provost [Fri, 22 Jun 2018 21:59:30 +0000 (21:59 +0000)]
pf: Support "return" statements in passing rules when they fail.
Normally pf rules are expected to do one of two things: pass the traffic or
block it. Blocking can be silent - "drop", or loud - "return", "return-rst",
"return-icmp". Yet there is a 3rd category of traffic passing through pf:
Packets matching a "pass" rule but when applying the rule fails. This happens
when redirection table is empty or when src node or state creation fails. Such
rules always fail silently without notifying the sender.
Allow users to configure this behaviour too, so that pf returns an error packet
in these cases.
Rick Macklem [Fri, 22 Jun 2018 21:37:20 +0000 (21:37 +0000)]
Fix the handling of NFSv4.1 sessions for "soft" mounts.
When a "soft" mount is used for NFSv4.1, an RPC that fails without completing
will leave a slot in the NFSv4.1 session in an indeterminate state.
As such, all that can be done is free up the slot while making is no longer
usable.
A "soft" NFSv4.1 mount is not recommended in general, since it will leave
Open/Lock state in an indeterminate state. An exception is a pNFS mount of
a DS, since there are no Opens/Locks done for them except file creates
where loss of the Open state does not matter.
The patch also makes connections to DSs soft, so that they will fail when
a DS is non-functional or network partitioned, allowing the pNFS MDS to disable
the DS for a mirrored configuration.
This patch should not affect normal "hard" NFSv4.1 mounts.
Rick Macklem [Fri, 22 Jun 2018 21:25:27 +0000 (21:25 +0000)]
Change the NFSv4.1 pNFS client so that it returns the DS error in layoutreturn.
When the NFSv4.1 pNFS client gets an error for a DS I/O operation using a
Flexible File layout, it returns the layout with an error.
This patch changes the code slightly, so that it returns the layout for all
errors except EACCES and lets the MDS decide what to do based on the error.
It also makes a couple of changes to nfscl_layoutrecall() to ensure that
the first layoutreturn(s) will have the error in the reply.
Plus, the patch adds a wakeup() so that the "nfscl" thread won't wait 1sec
before doing the LayoutReturn.
Tested against the pNFS service.
This patch should not affect non-pNFS use of the client.
The unused "dsp" argument will be used by a future patch that disables the
connection to the DS when possible.
Rick Macklem [Fri, 22 Jun 2018 20:58:51 +0000 (20:58 +0000)]
Add "mountcritremote" to the REQUIRE line for nfsd.
For a pNFS MDS server, there must be mounts done to the DSs before the
nfsd is started. Adding the REQUIRE line makes sure these are done.
If there are NFS mounts in /etc/fstab that cannot be completed before
the nfsd starts, the "bg" mount option can still be used to handle that.
I do not believe this should cause problems for non-pNFS NFS servers.
(I have requested a review by rc@, but it is still pending.)