davidcs [Thu, 19 Oct 2017 17:35:37 +0000 (17:35 +0000)]
MFC r324535
Add sanity checks in ql_hw_send() qla_send() to ensure that empty slots
in Tx Ring map to empty slot in Tx_buf array before Transmits. If the
checks fail further Transmission on that Tx Ring is prevented.
gordon [Thu, 19 Oct 2017 03:18:22 +0000 (03:18 +0000)]
Update wpa_supplicant/hostapd for 2017-01 vulnerability release.
Note this is a different patchset than what was applied to head and
stable/11 due to the much older version of wpa_supplicant/hostapd in
stable/10.
hostapd: Avoid key reinstallation in FT handshake
Prevent reinstallation of an already in-use group key
Extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases
Fix TK configuration to the driver in EAPOL-Key 3/4 retry case
Prevent installation of an all-zero TK
Fix PTK rekeying to generate a new ANonce
TDLS: Reject TPK-TK reconfiguration
WNM: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use
WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode has not been used
WNM: Ignore WNM-Sleep Mode Response without pending request
FT: Do not allow multiple Reassociation Response frames
TDLS: Ignore incoming TDLS Setup Response retries
ngie [Tue, 17 Oct 2017 15:49:36 +0000 (15:49 +0000)]
MFC r324478:
Check the exit code from fsck_ffs instead of relying on MODIFIED being in the output
^/head@r323923 changed when MODIFIED is printed at exit. It's better to follow the
documented way of determining whether or not a filesystem is clean per fsck_ffs, i.e.,
ensure that the exit code is either 0 or 7.
The pass/fail determination is brittle prior to this commit, and ^/head@r323923 made
the issue apparent -- thus this needs to be fixed independent of ^/head@r323923.
hselasky [Tue, 17 Oct 2017 11:20:32 +0000 (11:20 +0000)]
MFC r289568, r300676, r300677, r300719, r300720 and r300721:
Implement LinuxKPI module parameters as SYSCTLs.
The bool module parameter is no longer supported, because there is no
equivalent in FreeBSD 10-stable. These are converted into "int" type.
There are two macros available which control the behaviour of the
LinuxKPI module parameters:
- LINUXKPI_PARAM_PARENT allows the consumer to set the SYSCTL parent
where the modules parameters will be created.
- LINUXKPI_PARAM_PREFIX defines a parameter name prefix, which is
added to all created module parameters.
The LinuxKPI module parameters also have a permissions value.
If any write bits are set we are allowed to modify the module
parameter runtime. Reflect this when creating the static SYSCTL
nodes.
The module_param_call() function is no longer supported.
brooks [Sat, 14 Oct 2017 16:49:39 +0000 (16:49 +0000)]
MFC r324243:
Remove an unneeded and incorrect memset().
On Variant I TLS architectures (aarch64, arm, mips, powerpc, and riscv)
the __libc_allocate_tls function allocates thread local storage memory
with calloc(). It then copies initialization data over the portions with
non-zero initial values. Before this change it would then pointlessly
zero the already zeroed remainder of the storage. Unfortunately the
calculation was wrong and it would zero TLS_TCB_SIZE (2*sizeof(void *))
additional bytes.
In practice, this overflow only matters if the TLS segment is sized such
that calloc() allocates less than TLS_TCB_SIZE extra memory. Even
then, the likely result will be zeroing part of the next bucket. This
coupled with the impact being confined to Tier II platforms means there
will be no security advisory for this issue.
jhb [Fri, 13 Oct 2017 22:40:57 +0000 (22:40 +0000)]
MFC 324039: Don't defer wakeup()s for completed journal workitems.
Normally wakeups() are performed for completed softupdates work items
in workitem_free() before the underlying memory is free()'d.
complete_jseg() was clearing the "wakeup needed" flag in work items to
defer the wakeup until the end of each loop iteration. However, this
resulted in the item being free'd before it's address was used with
wakeup(). As a result, another part of the kernel could allocate this
memory from malloc() and use it as a wait channel for a different
"event" with a different lock. This triggered an assertion failure
when the lock passed to sleepq_add() did not match the existing lock
associated with the sleep queue. Fix this by removing the code to
defer the wakeup in complete_jseg() allowing the wakeup to occur
slightly earlier in workitem_free() before free() is called.
jhb [Fri, 13 Oct 2017 17:11:08 +0000 (17:11 +0000)]
MFC 324072: Add UMA_ALIGNOF().
This is a wrapper around _Alignof() that sets the alignment for a zone
to the alignment required by a given type. This allows the compiler to
determine the proper alignment rather than having the programmer try to
guess.
sephe [Fri, 13 Oct 2017 02:26:39 +0000 (02:26 +0000)]
MFC 324489,324516
324489
hyperv/hn: Workaround erroneous hash type observed on WS2016.
Background:
- UDP 4-tuple hash type is unconditionally enabled in Hyper-V on WS2016,
which is _not_ affected by NDIS_OBJTYPE_RSS_PARAMS.
- Non-fragment UDP/IPv4 datagrams' hash type is delivered to VM as
TCP_IPV4.
Currently this erroneous behavior only applies to WS2016/Windows10.
Force l3/l4 protocol check, if the RXed packet's hash type is TCP_IPV4,
and the Hyper-V is running on WS2016/Windows10. If the RXed packet is
UDP datagram, adjust mbuf hash type to UDP_IPV4.
Sponsored by: Microsoft
324516
hyperv/hn: Workaround erroneous hash type observed on WS2016 for VF.
rmacklem [Wed, 11 Oct 2017 23:42:29 +0000 (23:42 +0000)]
MFC: r324074
Fix a memory leak that occurred in the pNFS client.
When a "pnfs" NFSv4.1 mount was unmounted, it didn't free up the layouts
and deviceinfo structures. This leak only affects "pnfs" mounts and only
when the mount is umounted.
Found while testing the pNFS Flexible File layout client code.
rmacklem [Wed, 11 Oct 2017 23:33:50 +0000 (23:33 +0000)]
MFC: r323978
Change a panic to an error return.
There was a panic() in the NFS server's write operation that didn't
need to be a panic() and could just be an error return.
This patch makes that change.
Found by code inspection during development of the pNFS service.
rmacklem [Wed, 11 Oct 2017 23:21:24 +0000 (23:21 +0000)]
MFC: r323689
Fix bogus FREAD with NFSV4OPEN_ACCESSREAD. No functional change.
The code in nfscl_doflayoutio() bogusly used FREAD instead of
NFSV4OPEN_ACCESSREAD. Since both happen to be defined as "1", this
worked and the patch doesn't result in a functional change.
Found by inspection during development of Flex File Layout support.
hselasky [Wed, 11 Oct 2017 10:20:53 +0000 (10:20 +0000)]
MFC r315405, r323351 and r323364:
Add helper function similar to ip_dev_find() to the LinuxKPI to lookup
a network device by its IPv6 address in the given VNET.
sephe [Tue, 10 Oct 2017 03:29:36 +0000 (03:29 +0000)]
MFC 323728,323729
323728
hyperv/hn: Fix MTU setting
- Add size of an ethernet header to the value configured to NVS. This
does not seem to have any effects if MTU is 1500, but fix hypervisor
side's setting if MTU > 1500.
- Override the MTU setting according to the view from the hypervisor
side.
Sponsored by: Microsoft
Differential Revision: https://reviews.freebsd.org/D12352
323729
hyperv/hn: Incease max supported MTU
Sponsored by: Microsoft
Differential Revision: https://reviews.freebsd.org/D12365
sephe [Tue, 10 Oct 2017 03:21:17 +0000 (03:21 +0000)]
MFC 323727,324316
323727
hyperv/hn: Apply VF's RSS setting
Since in Azure SYN and SYN|ACK go through the synthetic parts while the
rest of the same TCP flow goes through the VF, apply VF's RSS settings
to synthetic parts to have a consistent hash value/type for the same TCP
flow.
Sponsored by: Microsoft
Differential Revision: https://reviews.freebsd.org/D12333
sephe [Tue, 10 Oct 2017 02:35:04 +0000 (02:35 +0000)]
MFC 323170
if: Add ioctls to get RSS key and hash type/function.
It will be needed by hn(4) to configure its RSS key and hash
type/function in the transparent VF mode in order to match VF's
RSS settings. The description of the transparent VF mode and
the RSS hash value issue are here:
https://svnweb.freebsd.org/base?view=revision&revision=322299
https://svnweb.freebsd.org/base?view=revision&revision=322485
These are generic enough to promise two independent IOCs instead
of abusing SIOCGDRVSPEC.
Setting RSS key and hash type/function is a different story,
which probably requires more discussion.
Comment about UDP_{IPV4,IPV6,IPV6_EX} were only in the patch
in the review request; these hash types are standardized now.
Reviewed by: gallatin
Sponsored by: Microsoft
Differential Revision: https://reviews.freebsd.org/D12174
Relevant vendor changes:
PR #905: Support for Zstandard read and write filters
PR #922: Avoid overflow when reading corrupt cpio archive
Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166)
OSS-Fuzz 2936: Place a limit on the mtree line length
OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough
OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502)
avg [Thu, 5 Oct 2017 07:16:31 +0000 (07:16 +0000)]
MFC r323578,r323769: dounmount: do not release the mount point's reference
on the covered vnode
As long as mnt_ref is not zero there can be a consumer that might try
to access mnt_vnodecovered. For this reason the covered vnode must not
be freed until mnt_ref goes to zero.
So, move the release of the covered vnode to vfs_mount_destroy.
ngie [Wed, 4 Oct 2017 16:35:58 +0000 (16:35 +0000)]
MFC r322951:
Respect MK_TCSH with build-tools and native-xtools
This helps reduce the WORLDTMP footprint slightly.
Based on a patch I submitted 5 years ago to GNATS.
PR: 174051
Relnotes: yes (anyone who cross-builds with MK_TCSH=yes will run into
build failures if the host doesn't have tcsh(1))
Reminded by: Fabian Keil <fk@fabiankeil.de>
eugen [Sun, 1 Oct 2017 19:40:29 +0000 (19:40 +0000)]
MFC r323873, r324081: Unprotected modification of ng_iface(4)
private data leads to kernel panic. Fix a race with per-node
read-mostly lock and refcounting for a hook.
- Remove ad hoc inet_ntoa prototype declaration; it's already handled
by the included headers.
- De-K&Rify the function prototypes for eachres_whoami(..),
eachres_getfile(..), and main(..).
Respect MK_TCSH with build-tools and native-xtools
This helps reduce the WORLDTMP footprint slightly.
Based on a patch I submitted 5 years ago to GNATS.
PR: 174051
Relnotes: yes (anyone who cross-builds with MK_TCSH=yes will run into
build failures if the host doesn't have tcsh(1))
Reminded by: Fabian Keil <fk@fabiankeil.de>
Re-apply part of r311585 which was inadvertantly reverted in the upgrade
to 7.3p1. The other part (which adds -DLIBWRAP to sshd's CFLAGS) is
still in place.
MFC r323824
1. ql_hw.c:
In ql_hw_send() return EINVAL when TSO framelength exceeds max
supported length by HW.(davidcs)
2. ql_os.c:
In qla_send() call bus_dmamap_unload before freeing mbuf or
recreating dmmamap.(davidcs)
In qla_fp_taskqueue() Add additional checks for IFF_DRV_RUNNING
Fix qla_clear_tx_buf() call bus_dmamap_sync() before freeing
mbuf.
marius [Fri, 22 Sep 2017 04:57:42 +0000 (04:57 +0000)]
- Akin r302691 in head, synchronize the build stripping for the disc1
image with that of the bootonly image (but similarly modulo games
and groff(1)) as the amd64 disc1 image is overflowing. This also
removes the defunct WITHOUT_ATF.
- Remove the misspelled WITHOUT_INSTALLIB (also in place with correct
spelling, i. e. WITHOUT_INSTALLLIB) from the bootonly image build
stripping.
This is a direct commit to stable/10 as the corresponding knobs have
different names in head and counterparts to e. g. MK_DEBUG_FILES and
MK_TESTS default to off in stable/10 in the first place.
marius [Thu, 21 Sep 2017 19:30:32 +0000 (19:30 +0000)]
MFC: r285215
remove _NORMAL flag which isn't suppose to be used w/ _alloc_ctx...
MFC: r285289
address an issue where consumers, like IPsec, can reuse the same
session in multiple threads w/o locking.. There was a single fpu
context shared per session, if multiple threads were using the session,
and both migrated away, they could corrupt each other's fpu context...
MFC: r285297
upon further examination, it turns out that _unregister_all already
provides the guarantee that no threads will be in the _newsession code..
marius [Wed, 20 Sep 2017 21:22:20 +0000 (21:22 +0000)]
Unbreak netmap(4) support in ixgbe(4) after r315333:
- Both ixgbe_netmap.c and ixv_netmap.c assumed a netmap(4) driver
newer than what's actually in stable/10.
- Additionally, at the bottom line ixv_netmap.c did exactly the same
as ixgbe_netmap.c, i. e. used IXGBE_TDH() as appropriate for PFs
only instead of IXGBE_VFTDH() and tried to configure CRC stripping
although the corresponding registers aren't available to VFs in the
first place.
With these changes, the netmap(4) support in ixgbe(4) is in line
again with the code in sys/dev/netmap/ixgbe_netmap.h as of r295008.
Breakage reported by: Slawa Olhovchenkov
Just like r315333 that never existed in head, this is a direct commit
to stable/10. However, ixgbe(4) in head has a related bug in that it
assumes a netmap(4) driver API older than what's in head and also
does the wrong things for VFs as it uses the PF-only ixgbe_netmap.c
for both PFs and VFs in the first place.
MFC 322270: Fix a NULL pointer dereference in mly_user_command().
If mly_user_command fails to allocate a command slot it jumps to an 'out'
label used for error handling. The error handling code checks for a data
buffer in 'mc->mc_data' to free before checking if 'mc' is NULL. Fix by
just returning directly if we fail to allocate a command and only using
the 'out' label for subsequent errors when there is actual cleanup to
perform.
MFC r323812:
Bootstrap etcupdate(8) and mergemaster(8) databases when creating
virtual machine images and embedded images, similar to what is
done when extracting base.txz to the target root filesystem in
a new installation.
Approved by: re (marius, insta-MFC)
Sponsored by: The FreeBSD Foundation
https://www.illumos.org/issues/8491
The zpool checkpoint feature in DxOS added a new field in the uberblock.
The Multi-Modifier Protection Pull Request from ZoL adds two new fields in the
uberblock (Reference: https://github.com/zfsonlinux/zfs/pull/6279).
As these two changes come from two different sources and once upstreamed and
deployed will introduce an incompatibility with each other we want
to upstream a change that will reserve the padding for both of them so
integration goes smoothly and everyone gets both features.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed by: Olaf Faaland <faaland1@llnl.gov>
Approved by: Gordon Ross <gwr@nexenta.com>
Author: Serapheim Dimitropoulos <serapheim@delphix.com>
https://www.illumos.org/issues/8377
The problem is that when dsl_bookmark_destroy_check() is executed from open
context (the pre-check), it fills in dbda_success based on the existence of the
bookmark.
But the bookmark (or containing filesystem as in this case) can be destroyed
before we get to syncing context. When we re-run dsl_bookmark_destroy_check()
in syncing
context, it will not add the deleted bookmark to dbda_success, intending for
dsl_bookmark_destroy_sync() to not process it. But because the bookmark is
still in dbda_success
from the open-context call, we do try to destroy it.
The fix is that dsl_bookmark_destroy_check() should not modify dbda_success
when called from open context.
Reviewed by: Paul Dagnelie <pcd@delphix.com>
Reviewed by: Pavel Zakharov <pavel.zakharov@delphix.com>
Reviewed by: George Wilson <george.wilson@delphix.com>
Approved by: Robert Mustacchi <rm@joyent.com>
Author: Matthew Ahrens <mahrens@delphix.com>
The upstream change was made before we started to import upstream commits
individually. It was imported into the illumos vendor area as r242733.
That commit was MFV-ed in r260138, but as the commit message says
vdev_file.c was left intact.
This commit actually implements the parallel I/O for vdev_file using a
taskqueue with multiple thread. This implementation does not depend on
the illumos or FreeBSD bio interface at all, but uses zio_t to pass
around all the relevent data. So, the code looks a bit different from
the upstream.
This commit also incorporates ZoL commit
zfsonlinux/zfs/bc25c9325b0e5ced897b9820dad239539d561ec9 that fixed
https://github.com/zfsonlinux/zfs/issues/2270
We need to use a dedicated taskqueue for exactly the same reason as ZoL
as we do not implement TASKQ_DYNAMIC.
MFC r320151: remove bogus declaration of malloc from tcp_wrappers
The declaration was already inactive when INET6 was enabled
and it causes a build error in the other case because of
a conflict with the correct definition in stdlib.h.
MFV r320195: bhyveload: correctly query size of disks
On FreeBSD fstat(2) works fine for querying sizes of plain files,
but not so much for character devices.
So, use DIOCGMEDIASIZE to try to get the correct size for disks
and disk-like devices (e.g. zvols).
MFV r318962: Allow PROBE_SPINUP to fail in CAM ATA transport
The motivation for this is two-fold.
1. Some old WD SATA disks may appear as if they need to be spun up
when they are already spinning. Those disks would respond with
an error to the spin-up request.
2. Even if we really fail to spin up the disk, we still can try to
proceed to the subsequent phases. If we fail later on, then no
difference. Otherwise we get a chance to communicate with the
disk which is better than completely ignoring it, because a user
can try to recover the disk.
https://www.illumos.org/issues/8269
It seems that currently normalization of stddev aggregation is done
incorrectly.
We divide both the sum of values and the sum of their squares by the
normalization factor. But we should divide the sum of squares by the
normalization factor squared to scale the original values properly.
FreeBSD note: the actual change was committed in r316853, this commit
adds the test files and record merge information.
krb5_err.h is generated from a .et file in kerberos5/lib/libkrb5.
As kerberos5/lib/krb5 include files are already referenced it makes
no sense to generate it again here.