Kyle Evans [Mon, 31 Aug 2020 15:07:15 +0000 (15:07 +0000)]
posixshm: fix setting of shm_flags
Noted in D24652, we currently set shmfd->shm_flags on every
shm_open()/shm_open2(). This wasn't properly thought out; one shouldn't be
able to specify incompatible flags on subsequent opens of non-anon shm.
Move setting of shm_flags explicitly to the two places shmfd are created, as
we do with seals, and validate when we're opening a pre-existing mapping
that we've either passed no flags or we've passed the exact same flags as
the first time.
Andrew Gallatin [Mon, 31 Aug 2020 13:53:14 +0000 (13:53 +0000)]
make m_getm2() resilient to zone_jumbop exhaustion
When the zone_jumbop is exhausted, most things using
using sosend* (like sshd) will eventually
fail or hang if allocations are limited to the
depleted jumbop zone. This makes it imossible to
communicate with a box which is under an attach which
exhausts the jumbop zone.
Rather than depending on the page size zone, also try cluster
allocations to satisfy larger requests. This allows me
to ssh to, and serve 100Gb/s of traffic from a server which
under attack and has had its page-sized zone exhausted.
Wei Hu [Mon, 31 Aug 2020 09:05:45 +0000 (09:05 +0000)]
Hyper-V: storvsc: Enhance srb_status code handling.
In hv_storvsc_io_request() when coring, prevent changing of the send channel
from the base channel to another one. storvsc_poll always probes on the base
channel.
Based upon conversations with Microsoft, changed the handling of srb_status
codes. Most we should never get, others yes. All are treated as retry-able
except for two. We should not get these statuses, but if we ever do, the I/O
state is not known.
Kyle Evans [Mon, 31 Aug 2020 01:45:48 +0000 (01:45 +0000)]
ipv6: quit dropping packets looping back on p2p interfaces
To paraphrase the below-referenced PR:
This logic originated in the KAME project, and was even controversial when
it was enabled there by default in 2001. No such equivalent logic exists in
the IPv4 stack, and it turns out that this leads to us dropping valid
traffic when the "point to point" interface is actually a 1:many tun
interface, e.g. with the wireguard userland stack.
Even in the case of true point-to-point links, this logic only avoids
transient looping of packets sent by misconfigured applications or
attackers, which can be subverted by proper route configuration rather than
hardcoded logic in the kernel to drop packets.
In the review, melifaro goes on to note that the kernel can't fix it, so it
perhaps shouldn't try to be 'smart' about it. Additionally, that TTL will
still kick in even with incorrect route configuration.
Rick Macklem [Sun, 30 Aug 2020 21:21:58 +0000 (21:21 +0000)]
Add support for the NFS over TLS exports to mountd.
Three new export flags are added to mountd that will restrict exported
file system mounts to use TLS. Without these flags, TLS is allowed, but not
required.
The exports(5) man page will be updated in a future commit.
Gleb Smirnoff [Sun, 30 Aug 2020 17:13:04 +0000 (17:13 +0000)]
Followup on r364922. Old comment said that the only reason to put
the hook at queue mode was that mn_rx_intr() doesn't run at splnet
level. In today's netgraph the only legitimate reason for queue mode
is recursion avoidance. So I see no reason for queue mode here.
Simon J. Gerraty [Sat, 29 Aug 2020 21:05:43 +0000 (21:05 +0000)]
zalloc_malloc:Free hexdump preceeding buffer when we detect overflow
Move hexdump from stand/common/misc.c to stand/libsa/hexdump.c
(svn cp)
Disable use of pager - causes linking issue for boot1
can be re-enabled by defining HEXDUMP_PAGER.
In Linux, ksize() gets the actual amount of memory allocated for a given
object. This commit adds malloc_usable_size() to FreeBSD KPI which does
the same. It also maps LinuxKPI ksize() to newly created function.
Glen Barber [Sat, 29 Aug 2020 15:30:21 +0000 (15:30 +0000)]
Avoid the build from falling over if devel/git is not installed
on the system. Set a null branch/hash in this case, to avoid
undefined GITREV/GITBRANCH variables from falling over in other
areas.
Reported by: many
Sponsored by: Rubicon Communications, LLC (netgate.com)
Warner Losh [Sat, 29 Aug 2020 04:30:12 +0000 (04:30 +0000)]
Move to using sbuf for some sysctl in newbus
Convert two different sysctl to using sbuf. First, for all the default
sysctls we implement for each device driver that's attached. This is a
pure sbuf conversion.
Second, convert sysctl_devices to fill its buffer with sbuf rather
than a hand-rolled crappy thing I wrote years ago.
Warner Losh [Sat, 29 Aug 2020 04:30:06 +0000 (04:30 +0000)]
Retire devctl_notify_f()
devctl_notify_f isn't needed, so retire it. The flags argument is now
unused, so rather than keep it around, retire it. Convert all old
users of it to devctl_notify(). This path no longer sleeps, so is safe
to call from any context. Since it doesn't sleep, it doesn't need to
know if it is OK to sleep or not.
Warner Losh [Sat, 29 Aug 2020 04:29:53 +0000 (04:29 +0000)]
devctl: move to using a uma zone
Convert the memory management of devctl. Rewrite if to make better
use of memory. This eliminates several mallocs (5? worse case) needed
to send a message. It's now possible to always send a message, though
if things are really backed up the oldest message will be dropped to
free up space for the newest.
Add a static bus_child_{location,pnpinfo}_sb to start migrating to
sbuf instead of buffer + length. Use it in the new code. Other code
will be converted later (bus_child_*_str is only used inside of
subr_bus.c, though implemented in ~100 places in the tree).
Move fib_rte_to_nh_flags() from net/route_var.h to net/route/nhop_ctl.c.
No functional changes.
Initially this function was created to perform runtime flag conversions
for the previous incarnation of fib lookup functions. As these functions
got deprecated, move the function to the file with the only remaining
caller. Lastly, rename it to convert_rt_to_nh_flags() to follow the
naming notation.
Move net/route/shared.h definitions to net/route/route_var.h.
No functional changes.
net/route/shared.h was created in the inital phases of nexthop conversion.
It was intended to serve the same purpose as route_var.h - share definitions
of functions and structures between the routing subsystem components. At
that time route_var.h was included by many files external to the routing
subsystem, which largerly defeats its purpose.
As currently this is not the case anymore and amount of route_var.h includes
is roughly the same as shared.h, retire the latter in favour of the former.
Further split nhop creation and rtable operations.
As nexthops are immutable, some operations such as route attribute changes
require nexthop fetching, forking, modification and route switching.
These operations are not atomic, so they may need to be retried multiple
times in presence of multiple speakers changing the same route.
This change introduces "synchronisation" primitive: route_update_conditional(),
simplifying logic for route changes and upcoming multipath operations.
This changeset introduces the new libnetmap library for writing
netmap applications.
Before libnetmap, applications could either use the kernel API
directly (e.g. NIOCREGIF/NIOCCTRL) or the simple header-only-library
netmap_user.h (e.g. nm_open(), nm_close(), nm_mmap() etc.)
The new library offers more functionalities than netmap_user.h:
- Support for complex netmap options, such as external memory
allocators or per-buffer offsets. This opens the way to future
extensions.
- More flexibility in the netmap port bind options, such as
non-numeric names for pipes, or the ability to specify the netmap
allocator that must be used for a given port.
- Automatic tracking of the netmap memory regions in use across the
open ports.
At the moment there is no man page, but the libnetmap.h header file
has in-depth documentation.
Eric van Gyzen [Fri, 28 Aug 2020 19:50:40 +0000 (19:50 +0000)]
memstat_kvm_uma: fix reading of uma_zone_domain structures
Coverity flagged the scaling by sizeof(uzd). That is the type
of the pointer, so the scaling was already done by pointer arithmetic.
However, this was also passing a stack frame pointer to kvm_read,
so it was doubly wrong.
Move ZDOM_GET into the !_KERNEL section and use it in libmemstat.
Emmanuel Vadot [Fri, 28 Aug 2020 18:25:45 +0000 (18:25 +0000)]
arm: allwinner: clk: Add printfs when we cannot set the correct freq
For some unknown reason this seems to fix this function when we printf
the best variable. This isn't a delay problem as doing a printf without
it doesn't solve this problem.
This is way above my pay grade so add some printf that shouldn't be printed
in 99% of the case anyway.
Fix booting on most Allwinner boards as the mmc IP uses a NM clock.
Reported by: Alexander Mishin <mishin@mh.net.ru>
MFC after: 3 days
X-MFC-With: 363887
Warner Losh [Fri, 28 Aug 2020 17:55:54 +0000 (17:55 +0000)]
Treat the boot loader as the same as the kernel for what's visible
The boot loader will be growing some (limited) support for some kernel
interfaces for some of the timekeeping routines to support zstd code.
Allow the declarations for them to be visible when compiling for the
boot loader, rather than treating it like a user-space environment
(which stand.h already provides to a limited degree).
Warner Losh [Fri, 28 Aug 2020 17:49:56 +0000 (17:49 +0000)]
Allow the pseudo-errnos to be returned as well in boot loader
Expose the pseudo-errno values in _STANDALONE is defined so that code
in the boot loader can make use of them. Nothing uses them today, but
the zstd support that's coming will need them.
Warner Losh [Fri, 28 Aug 2020 17:36:14 +0000 (17:36 +0000)]
Create CFLAGS_EARLY.file for boot loader.
Some external code requires a specific set of include paths to work
properly since it emulates the typical environment the code is used
in. Enable this by creating a CFLAGS_EARLY.file variable that can be
used to build this stack. Otherwise the include stack we build for
stand programs may get in the way. Code that uses this feature has to
tolerate the normal stack of inclues being last on the list (and
presumably unused), though.
Generally, it it should only be used for the specific include
directories. Defines and that sort of thing should be done in the
normal CFLAGS variable. There is a global CFLAGS_EARY hook as well for
everything in a Makefile.
Warner Losh [Fri, 28 Aug 2020 16:40:33 +0000 (16:40 +0000)]
Remove splclock(). It's not useful to keep.
splclock is used in one driver (spkr) to control access to
timer_spkr_* routines. However, nothing else does. So it shows no
useful locking info to someone that would want to lock spkr.
NOTE: I think there's races with timer_spkr_{acquire,release} since
there's no interlock in those routines, despite there being a spin
lock to protect the clock. Current other users appear to use no extra
locking protocol, though they themselves appear to be at least
attempting to make sure that only a single thread calls these
routines. I suspect the right answer is to update these routines to
take/release the clock spin lock since they are short and to the
point, but that's beyond the scope of this commit.
Jilles Tjoelker [Fri, 28 Aug 2020 15:35:45 +0000 (15:35 +0000)]
sh: Keep ignored SIGINT/SIGQUIT after set in a background job
If job control is not enabled, a background job (... &) ignores SIGINT and
SIGQUIT, but this can be reverted using the trap builtin in the same shell
environment.
Using the set builtin to change options would also revert SIGINT and SIGQUIT
to their previous dispositions.
This broke due to r317298. Calling setsignal() reverts the effect of
ignoresig().
Warner Losh [Fri, 28 Aug 2020 15:09:43 +0000 (15:09 +0000)]
remove splbio and splcam
splbio and splcan have been completely removed from the tree. We can
now remove their definitions here. They've been nops for a long time
and were only preserved to give hints on how to lock drivers. All
drivers have been deleted or converted, so they can be deleted now.
Rick Macklem [Thu, 27 Aug 2020 23:57:30 +0000 (23:57 +0000)]
Add flags to enable NFS over TLS to the NFS client and server.
An Internet Draft titled "Towards Remote Procedure Call Encryption By Default"
(soon to be an RFC I think) describes how Sun RPC is to use TLS with NFS
as a specific application case.
Various commits prepared the NFS code to use KERN_TLS, mainly enabling use
of ext_pgs mbufs for large RPC messages.
r364475 added TLS support to the kernel RPC.
This commit (which is the final one for kernel changes required to do
NFS over TLS) adds support for three export flags:
MNT_EXTLS - Requires a TLS connection.
MNT_EXTLSCERT - Requires a TLS connection where the client presents a valid
X.509 certificate during TLS handshake.
MNT_EXTLSCERTUSER - Requires a TLS connection where the client presents a
valid X.509 certificate with "user@domain" in the otherName
field of the SubjectAltName during TLS handshake.
Without these export options, clients are permitted, but not required, to
use TLS.
For the client, a new nmount(2) option called "tls" makes the client do
a STARTTLS Null RPC and TLS handshake for all TCP connections used for the
mount. The CLSET_TLS client control option is used to indicate to the kernel RPC
that this should be done.
Unless the above export flags or "tls" option is used, semantics should
not change for the NFS client nor server.
For NFS over TLS to work, the userspace daemons rpctlscd(8) { for client }
or rpctlssd(8) daemon { for server } must be running.
Mark Johnston [Thu, 27 Aug 2020 17:36:06 +0000 (17:36 +0000)]
Fix writing of the final block of encrypted, compressed kernel dumps.
Previously any residual data in the final block of a compressed kernel
dump would be written unencrypted. Note, such a configuration already
does not work properly when using AES-CBC since the compressed data is
typically not a multiple of the AES block length in size and EKCD does
not implement any padding scheme. However, EKCD more recently gained
support for using the ChaCha20 cipher, which being a stream cipher does
not have this problem.
Jamie Gritton [Thu, 27 Aug 2020 17:04:55 +0000 (17:04 +0000)]
Disregard jails in jail.conf that have bad parameters (parameter/variable
clash, or redefining name/jid). The current behvaior, of merely warning
and moving on, can lead to unexpected behavior when a jail is created
without the offending parameter defined at all.
Cy Schubert [Thu, 27 Aug 2020 14:33:46 +0000 (14:33 +0000)]
/etc/zfs/zpool.cache is the preferred (and new) location of zpool.cache.
Check for it first. Only use /boot/zfs/zpool.cache if the /etc/zfs
version is not found and good.
Emmanuel Vadot [Thu, 27 Aug 2020 08:08:49 +0000 (08:08 +0000)]
arm: ti: Fix Beaglebone black MMC after DTS update
After DTS sync with Linux kernel 5.8 this patch was included:
"ARM: dts: Move am33xx and am43xx mmc nodes to sdhci-omap driver"
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/arch/arm/boot/dts/am33xx-l4.dtsi?h=v5.9-rc2&id=0b4edf111870b83ea77b1d7e16b8ceac29f9f388
Current will not load any driver for MMC and not mount the rootfs.
Simple patch add "ti,am335-sdhci" to compability strings in ti_sdhci.c
Warner Losh [Thu, 27 Aug 2020 05:11:15 +0000 (05:11 +0000)]
Implement FLUSHO
Turn FLUSHO on/off with ^O (or whatever VDISCARD is). Honor that to
throw away output quickly. This tries to remain true to 4.4BSD
behavior (since that was the origin of this feature), with any
corrections NetBSD has done. Since the implemenations are a little
different, though, some edge conditions may be handled differently.
Jamie Gritton [Thu, 27 Aug 2020 00:17:17 +0000 (00:17 +0000)]
Don't allow jail.conf variables to have the same names as jail parameters.
It was already not allowed in many cases, but crashed instead of giving an
error.
Rick Macklem [Wed, 26 Aug 2020 21:49:43 +0000 (21:49 +0000)]
Fix a "v_seqc_users == 0 not met" panic when VFS_STATFS() fails during mount.
r363210 introduced v_seqc_users to the vnodes. This change requires
a vn_seqc_write_end() to match the vn_seqc_write_begin() in
vfs_cache_root_clear().
mjg@ provided this patch which seems to fix the panic.
Tested for an NFS mount where the VFS_STATFS() call will fail.
John Baldwin [Wed, 26 Aug 2020 21:17:18 +0000 (21:17 +0000)]
Simplify compat shims for /dev/crypto.
- Make session handling always use the CIOGSESSION2 structure.
CIOGSESSION requests use a thunk similar to COMPAT_FREEBSD32 session
requests. This permits the ioctl handler to use the 'crid' field
unconditionally.
- Move COMPAT_FREEBSD32 handling out of the main ioctl handler body
and instead do conversions in/out of thunk structures in dedicated
blocks at the start and end of the ioctl function.
Warner Losh [Wed, 26 Aug 2020 19:32:28 +0000 (19:32 +0000)]
Each entry in UPDATING needs a date
It's rare for there to be two updating entries on the same day (once a
decade or so), but we have that here. Add the date to the second one
since devd and zfs are unrelated.
Colin Percival [Wed, 26 Aug 2020 19:26:48 +0000 (19:26 +0000)]
Add -w option to lockf(1).
By default, lockf(1) opens its lock file O_RDONLY|O_EXLOCK. On NFS, if the
file already exists, this is split into opening the file read-only and then
requesting an exclusive lock -- and the second step fails because NFS does
not permit exclusive locking on files which are opened read-only.
The new -w option changes the open flags to O_WRONLY|O_EXLOCK, allowing it
to work on NFS -- at the cost of not working if the file cannot be opened
for writing.
(Whether the traditional BSD behaviour of allowing exclusive locks to be
obtained on a file which cannot be opened for writing is a good idea is
perhaps questionable since it may allow less-privileged users to perform
a local denial of service; however this behaviour has been present for a
long time and changing it now seems like it would cause problems.)