Cy Schubert [Tue, 11 Dec 2018 01:49:06 +0000 (01:49 +0000)]
As part of the general cleanup of the ipfilter code, special cases
are committed separately to document fixing them separately from
the general cleanup. In this case we don't want to hide the utter
brokenness of what is being fixed.
Clean up a discombobulated block of #if's, with one block unreachable.
ip_fil.c is used in ipftest which is used to dry-run test ipfilter
rules in userspace without loading them in the kernel. The call to
(*ifp->if_output) matches that in the FreeBSD kernel.
Further testing and work will be required to make ipftest fully
functional.
Prevent periodic/etc/weekly/340.noid from descending into root directories
of jails. Jails have their own user/group databases and this script
can produce multiple false warnings, not to mention significant extra
load in case of large jailed subtrees. Leave this check for jailed
invocations of the same script.
Eugene Grosbein [Mon, 10 Dec 2018 14:09:15 +0000 (14:09 +0000)]
MFC r340321: Move definition of $jail_conf variable to /etc/defaults/rc.conf
from jail startup script so it can be successfully queried
with the command "sysrc jail_conf".
Eugene Grosbein [Mon, 10 Dec 2018 13:41:28 +0000 (13:41 +0000)]
MFC r340319: jail(8): introduce new command option -e to exhibit
a list of configured non-wildcard jails with their parameters,
no matter running or not.
The option -e takes separator argument that is used
to separate printed parameters. It will be used with following
additions to system periodic scripts to differentiate parts
of directory tree belonging jails as opposed to host's.
If word in ${param?word} is missing, the shell shall write a default error
message. So expanding ${param?} when param is not set should write an error
message like
Matcher function incorrectly assumed that moffset that we get from
findmust is in bytes. Fix this by introducing a stepback function,
taking short path if MB_CUR_MAX is 1, and going back byte-by-byte,
checking if we have a legal character sequence otherwise.
Cy Schubert [Sat, 8 Dec 2018 17:50:00 +0000 (17:50 +0000)]
MFC r341377, r341388 (fixup):
Restore handling of PMTU discovery, removed through an unifdef(1)
following the MFV of r254219 into r255332. In addition the 'FreeBSD'
macro was never defined in ipfilter 5.1.2 thus it never would have
been enabled in the first place.
This work is prompted by a general cleanup of the IP Filter code
prompted by working to resolve a PR. More to follow.
Cy Schubert [Sat, 8 Dec 2018 17:28:52 +0000 (17:28 +0000)]
MFC r341384:
Remove IFF_DRVRLOCK as it is used in IRIX only (and we all know IRIX
is dead). This includes collaterally removing code shared by HP/UX,
SGI, and Linux, where IP Filter will in all likelihood for various
reasons never run again.
Mike Karels [Sat, 8 Dec 2018 14:54:33 +0000 (14:54 +0000)]
MFC r340474:
Fix flags collision causing inability to enable CBQ in ALTQ
The CBQ BORROW flag conflicts with the RMCF_CODEL flag; the
two sets of definitions actually define the same things. The symptom
is that a kernel with CBQ support and not CODEL fails to load a QoS
policy with the obscure error "pfctl: DIOCADDALTQ: Cannot allocate memory."
If ALTQ_DEBUG is enabled, the error becomes a little clearer:
"rmc_newclass: CODEL not configured for CBQ!" is printed by the kernel.
There really shouldn't be two sets of macros that have to be defined
consistently, but the include structure isn't right for exporting
CBQ flags to altq_rmclass.h. Re-align the definitions, and add
CTASSERTs in the kernel to ensure that the definitions are consistent.
MFC r341008:
Fix possible panic during ifnet detach in rtsock.
The panic can happen, when some application does dump of routing table
using sysctl interface. To prevent this, set IFF_DYING flag in
if_detach_internal() function, when ifnet under lock is removed from
the chain. In sysctl_rtsock() take IFNET_RLOCK_NOSLEEP() to prevent
ifnet detach during routes enumeration. In case, if some interface was
detached in the time before we take the lock, add the check, that ifnet
is not DYING. This prevents access to memory that could be freed after
ifnet is unlinked.
MFC r341334:
Adapt the fix in r341008 to correctly work with EBR.
IFNET_RLOCK_NOSLEEP() is epoch_enter_preempt() in FreeBSD 12+. Holding
it in sysctl_rtsock() doesn't protect us from ifnet unlinking, because
unlinking occurs with IFNET_WLOCK(), that is rw_wlock+sx_xlock, and it
doesn check that concurrent code is running in epoch section. But while
we are in epoch section, we should be able to do access to ifnet's
fields, even it was unlinked. Thus do not change if_addr and if_hw_addr
fields in ifnet_detach_internal() to NULL, since rtsock code can do
access to these fields and this is allowed while it is running in epoch
section.
This should fix the race, when ifnet_detach_internal() unlinks ifnet
after we checked it for IFF_DYING in sysctl_dumpentry.
Move free(ifp->if_hw_addr) into ifnet_free_internal(). Also remove the
NULL check for ifp->if_description, since free(9) can correctly handle
NULL pointer.
Yuri Pankov [Thu, 6 Dec 2018 10:48:46 +0000 (10:48 +0000)]
MFC r340204:
Cleanup locale tools:
- Simplify the source dir specification, and update README
appropriately
- Drop the LC (doonly) processing, it's broken, and even if fixed, not
really useful
- Don't remove the target directories while installing new data as it
removes Makefile.depend which we don't manage; only rm the files we
are going to add/replace/delete instead
- Restrict adding bsd.endian.mk to colldef and ctypedef Makefiles, it's
not needed in other (text-only) categories
- GC unused scripts; they don't seem to be particularly helpful standalone
as well
Yuri Pankov [Thu, 6 Dec 2018 10:41:22 +0000 (10:41 +0000)]
MFC r340144:
Add hybrid C.UTF-8 locale being identical to default C locale except
that it uses the same ctype maps and functions as other UTF-8 locales.
Yuri Pankov [Wed, 5 Dec 2018 17:10:06 +0000 (17:10 +0000)]
MFC r339827:
localedef: define characters in "space" class also as "print", except
for the known conflicts ("control" characters can't be "print"able).
POSIX doesn't explicitly forbid this, and actually includes <space>
character in "print".
Michael Tuexen [Tue, 4 Dec 2018 22:14:18 +0000 (22:14 +0000)]
MFC r340782:
A TCP stack is required to check SEG.ACK first, when processing a
segment in the SYN-SENT state as stated in Section 3.9 of RFC 793,
page 66. Ensure this is also done by the TCP RACK stack.
Reviewed by: rrs@
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D18034
Michael Tuexen [Tue, 4 Dec 2018 22:11:41 +0000 (22:11 +0000)]
MFC r340777:
Ensure that the default RTT stack can make an RTT measurement if
the TCP connection was initiated using the RACK stack, but the
peer does not support the TCP RACK extension.
This ensures that the TCP behaviour on the wire is the same if
the TCP connection is initated using the RACK stack or the default
stack.
Reviewed by: rrs@
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D18032
Michael Tuexen [Tue, 4 Dec 2018 22:05:36 +0000 (22:05 +0000)]
MFC r340738:
Improve two KASSERTs in the TCP RACK stack.
There are two locations where an always true comparison was made in
a KASSERT. Replace this by an appropriate check and use a consistent
panic message. Also use this code when checking a similar condition.
Gordon Tetlow [Tue, 4 Dec 2018 18:31:21 +0000 (18:31 +0000)]
MFC r341484
Always treat firmware request and response sizes as unsigned.
This fixes an incomplete bounds check on the guest-supplied request
size where a very large request size could be interpreted as a negative
value and not be caught by the bounds check.
Submitted by: jhb
Reported by: Reno Robert
Approved by: so
Security: FreeBSD-SA-18:14.bhyve
Security: CVE-2018-17160
Eugene Grosbein [Tue, 4 Dec 2018 07:39:54 +0000 (07:39 +0000)]
MFC r340135: Make ng_pptpgre(8) netgraph node be able to restore order
for packets reordered in transit instead of dropping them altogether.
It uses sequence numbers of PPtPGRE packets.
A set of new sysctl(8) added to control this ability or disable it:
net.graph.pptpgre.reorder_max (1) defines maximum length of node's
private reorder queue used to keep data waiting for late packets.
Zero value disables reordering. Default value 1 allows the node to restore
the order for two packets swapped in transit. Greater values allow the node
to deliver packets being late after more packets in sequence
at cost of increased kernel memory usage.
net.graph.pptpgre.reorder_timeout (1) defines time value in miliseconds
used to wait for late packets. It may be useful to increase this
if reordering spot is distant.
Stephen Hurd [Mon, 3 Dec 2018 15:18:35 +0000 (15:18 +0000)]
MFC r341156:
Fix first-packet completion
The first packet after the ring is initialized was never
completed as isc_txd_credits_update() would not include it in the
count of completed packets. This caused netmap to never complete
a batch. See PR 233022 for more details.
This is the same fix as the r340310 for e1000
PR: 233607
Reported by: lev
Reviewed by: lev
Sponsored by: Limelight Networks
Differential Revision: https://reviews.freebsd.org/D18368
Ian Lepore [Mon, 3 Dec 2018 04:07:18 +0000 (04:07 +0000)]
MFC r341071, r341160
r341071:
Restore the ability to override the disk unit/partition at the boot: prompt
in gptboot.
When arch-independent geli support was added, a new static 'gdsk' struct
was added, but there was still a static 'dsk' struct, and when you typed
in an alternate disk/partition, the string was parsed into that struct,
which was then never used for anything. Now the string gets parsed into
gdsk.dsk, the struct that's actually used.
r341160:
Add comments describing the bootargs handoff between loader(8) and gptboot
or zfsboot, when loader(8) is the BTX loader. No functional changes.
Ed Maste [Mon, 3 Dec 2018 02:32:39 +0000 (02:32 +0000)]
MFC r340095: Remove apparently unused 0-byte files that cause grief on Windows
r235274 added a sort regression test (it operates by comparing output
against GNU sort). The commit included a number of 0-byte files, one
of which ends in a trailing . which reportedly breaks svn/git checkouts
on Windows.
It appears these were added accidentally, so just remove them.
Cy Schubert [Fri, 30 Nov 2018 06:44:32 +0000 (06:44 +0000)]
MFC r340754:
Allow forced start of ipmon in special cases where testing is desired
(or other special cases) and when ipfilter is disabled in rc.conf but
started by other means.
David Bright [Fri, 30 Nov 2018 01:45:54 +0000 (01:45 +0000)]
MFC r341068:
Make whitespace more consistent in libkqueue tests.
After r337820, which "corrected" some spaces-instead-of-tab whitespace
issues in the libkqueue tests, jmg@ pointed out that these files were
originally space-based, not tab-spaced, and so the correction should
have been to get rid of the tabs that had been introduced in previous
changes, not the spaces. This change does that. This is a whitespace
only change; no functional change is intended.
Marius Strobl [Thu, 29 Nov 2018 21:10:18 +0000 (21:10 +0000)]
MFV: r341039, MFC: r341041
Import CK as of 21d3e319407d19dece16ee317c757ffc54a452bc, which makes its
sparcv9 atomics compatible with the FreeBSD kernel by using instructions
which access the appropriate address space.
Atomic operations within the kernel must access the nucleus address space
instead of the default primary one. Without this change but the increased
use of CK in the kernel, machines started to panic after some minutes of
uptime due to an unresolvable fault in ck_pr_cas_64_value().
Marius Strobl [Thu, 29 Nov 2018 20:48:38 +0000 (20:48 +0000)]
MFC: r341016
- Add a belated UPDATING entry for the ixlv(4) -> iavf(4) rename in r339338.
- Likewise, add ixlv.4.gz to OLD_FILES,
- and link if_ixlv.ko to if_iavf.ko in order to aid a bit in the transition.
Ed Maste [Thu, 29 Nov 2018 15:48:36 +0000 (15:48 +0000)]
MFC r340984: Do not install GNU ld if lld is /usr/bin/ld
GNU binutils ld.bfd 2.17.50 does not support ifuncs and produces broken
binaries when ifuncs are in use. When LLD_IS_LD is default we have an
ifunc-capable system linker and can just avoid installing ld.bfd.
Merged to stable/12 as libc's ifunc use has been merged there; ifunc use
has not been merged to releng/12.0 so this change does not need to be
either.
Toomas Soome [Thu, 29 Nov 2018 13:55:57 +0000 (13:55 +0000)]
MFC r340049:
loader: biosdisk should check if the media is present
The bd_print/bd_open/bd_strategy need to make sure the device does have
media, before getting into performing IO operations. Some systems can
hung if the device without a media is accessed.
Toomas Soome [Thu, 29 Nov 2018 13:54:07 +0000 (13:54 +0000)]
MFC r339959:
loader: issue edd probe before legacy ah=08 and detect no media
while probing for drives, use int13 extended info before standard one and
provide workaround for case we are not getting needed information in case
of floppy drive.
In case of INT13 errors, there are (at least) 3 error codes appearing in case
of missing media - 20h, 31h and 80h. Flag the no media and do not print an
error.
Toomas Soome [Thu, 29 Nov 2018 13:44:37 +0000 (13:44 +0000)]
MFC r339658:
loader: biosdisk interface should be able to cope with 4k sectors
The 4kn support in current bios specific biosdisk.c is broken, as the code
is only implementing the support for the 512B sector size.
This work is building the support for custom size sectors, we still do assume
the requested data to be multiple of 512B blocks and we only do address the
biosdisk.c interface here.
For reference, see also:
https://www.illumos.org/issues/8303
https://www.illumos.org/rb/r/547
As the GELI is moved above biosdisk "layer", the GELI should just work
Toomas Soome [Thu, 29 Nov 2018 13:01:21 +0000 (13:01 +0000)]
MFC: r340240:
loader: ptable_open() check for ptable_cd9660read result is wrong
The ptable_*read() functions return NULL on read errors (and partition table
closed as an side effect). The ptable_open must check the return value and
act properly.
Sean Eric Fagan [Thu, 29 Nov 2018 01:04:24 +0000 (01:04 +0000)]
MFC r340442
mountd has no way to configure the listen queue depth; rather than add a new
option, we pass -1 down to listen, which causes it to use the
kern.ipc.soacceptqueue sysctl.
MFC r339506, r339508, r340064 (by markj), r340546 (by alc):
Tidy up code to merge vm_entry neighbors and simplify related checks.
r339506:
Reduce code duplication in merging vm_entry neighbors.
r339508:
Unindent.
r340064:
Initialize the eflags field of vm_map headers.
r340546:
Tidy up vm_map_simplify_entry() and its recently introduced helper functions.