Disallow attaching preloaded memory disks via ioctl.
- The feature is dangerous because the kernel code didn't check
validity of the memory address provided from user space.
- It seems that mdconfig(8) never really supported attaching preloaded
memory disks.
- Preloaded memory disks are automatically attached during md(4)
initialization. Thus there shouldn't be much use for the feature.
pfg [Fri, 4 Jan 2013 04:03:21 +0000 (04:03 +0000)]
MFC r244941:
libedit: bind the correct command when using "bind -k".
"ed-argument-digit" (i. e. command 0) was incorrectly used
instead.
This bug comes from the original sources imported in 1994
and has been confirmed in upstream NetBSD.
Reported by: Yamagi Burmeister
Submitted by: Christoph Mallon
pfg [Fri, 4 Jan 2013 03:54:05 +0000 (03:54 +0000)]
MFC 244776, 244792:
gcc: avoid generating negative values to DW_AT_byte_size.
There is a bug in gcc (GCC/35998) where dwarf reports
sizes of unsigned -1 (0xffffffff).
On NetBSD this generated a faulty CTF entry which then
caused a segfault in ctfmerge. The issue was worked
around in NetBSD's Dtrace but since the issue originated
in gcc, it seems reasonable to fix it here.
Thanks to Christoph Mallon for pointing out a correct fix.
rmacklem [Thu, 3 Jan 2013 23:15:36 +0000 (23:15 +0000)]
MFC: r244370
Piete.Brooks at cl.cam.ac.uk reported via email a crash which was
caused by use of an invalid kgss_gssd_handle during an upcall to
the gssd daemon when it has exited. This patch seems to avoid the
crashes by holding a reference count on the kgss_gssd_handle until
the upcall is done. It also adds a new mutex kgss_gssd_lock used to
make manipulation of kgss_gssd_handle SMP safe.
rmacklem [Thu, 3 Jan 2013 23:09:16 +0000 (23:09 +0000)]
MFC: r244331
Fix the gssd daemon so that it uses syslog() to report
an error instead of calling err() when it is daemonized,
so that the error gets logged.
wblock [Thu, 3 Jan 2013 21:31:57 +0000 (21:31 +0000)]
MFC r242697,r242704:
r242697:
Add devd.conf(5) and devd(8) to SEE ALSO xrefs. Give users a pointer to
seemingly mysterious actions that are not done by ifconfig itself, but
by devd triggering on events caused by ifconfig.
r242704:
Remove fifteen-year-old notes on media selection (suggested by simon@).
Add commas after "e.g." and "i.e.".
delphij [Tue, 1 Jan 2013 07:00:42 +0000 (07:00 +0000)]
MFC r244369 (jimharris):
Use CAM_DEV_NOT_THERE instead of CAM_SEL_TIMEOUT to report nonexistent
LUNs for the virtual processor device. This removes lots of CAM warnings,
and follows similar recent changes to tws(4) and twa(4) drivers.
Also fix case where CAM_REQ_CMP was getting OR'd with CAM_DEV_NOT_THERE
in the nonexistent LUN case, resulting in different CAM status (CAM_UA_TERMIO)
getting reported to CAM. This issue existing previously, but was more subtle
because it changed CAM_SEL_TIMEOUT to CAM_CMD_TIMEOUT.
Sponsored by: Intel
Reported and tested by: Willem Jan Withagen <wjw@digiware.nl>
dim [Mon, 31 Dec 2012 14:21:31 +0000 (14:21 +0000)]
MFC r244600:
Fix a bug in ld --gc-sections: it strips out .note sections, while it
should never do so. This can cause global constructors and destructors
to not be executed at run-time, resulting in crashes and other strange
behaviour.
markj [Mon, 31 Dec 2012 03:34:52 +0000 (03:34 +0000)]
MFC 244523:
- Make sure that errno isn't modified before calling logerror() in error
conditions.
- Don't check for AF_INET6 when compiled without INET6 support.
gshapiro [Sat, 29 Dec 2012 19:06:04 +0000 (19:06 +0000)]
MFC: Properly define true/false when defining __bool_true_false_are_defined
for filters which pull in mfapi.h before stdbool.h. Issue reported by
Petr Rehor, maintainer of amavisd-milter port.
rmacklem [Fri, 28 Dec 2012 14:06:49 +0000 (14:06 +0000)]
MFC: r244226
The group list for a non-default export entry (a host/subnet one)
was being copied from the wrong place. This patch fixes that.
This could cause access failures for mapped users, when the group
permissions were needed.
PR: 147998
Submitted by: Christopher Key (cjk32@cam.ac.uk)
ume [Fri, 28 Dec 2012 10:58:03 +0000 (10:58 +0000)]
MFC r244770: Fix location of /var/audit/dist and /var/audit/remote.
Note that those who did installworld after r244398 should remove
wrongly created /var/dist and /var/remote.
pfg [Tue, 25 Dec 2012 17:39:37 +0000 (17:39 +0000)]
MFC r244475:
More constant renaming in preparation for newer features.
We also try to make better use of the fs flags instead of
trying adapt the code according to the fs structures. In
the case of subsecond timestamps and birthtime we now
check that the feature is explicitly enabled: previously
we only checked that the reserved space was available and
silently wrote them.
This approach is much safer, especially if the filesystem
happens to use embedded inodes or support EAs.
kib [Mon, 24 Dec 2012 13:29:22 +0000 (13:29 +0000)]
MFC r242476:
The r241025 fixed the case when a binary, executed from nullfs mount,
was still possible to open for write from the lower filesystem. There
is a symmetric situation where the binary could already has file
descriptors opened for write, but it can be executed from the nullfs
overlay.
Handle the issue by passing one v_writecount reference to the lower
vnode if nullfs vnode has non-zero v_writecount.
kib [Mon, 24 Dec 2012 13:22:32 +0000 (13:22 +0000)]
MFC r241025:
Fix the mis-handling of the VV_TEXT on the nullfs vnodes.
Add a set of VOPs for the VV_TEXT query, set and clear operations,
which are correctly bypassed to lower vnode.
kib [Mon, 24 Dec 2012 13:01:07 +0000 (13:01 +0000)]
MFC r240284:
Add a facility for vgone() to inform the set of subscribed mounts
about vnode reclamation. Typical use is for the bypass mounts like
nullfs to get a notification about lower vnode going away.
MFC r241225 (by avg):
mount.h: MNTK_VGONE_UPPER and MNTK_VGONE_WAITER were supposed to be different
kib [Mon, 24 Dec 2012 12:54:12 +0000 (12:54 +0000)]
MFC r240283:
Add MNTK_LOOKUP_EXCL_DOTDOT struct mount flag, which specifies to the
lookup code that dotdot lookups shall override any shared lock
requests with the exclusive one. The flag is useful for filesystems
which sometimes need to upgrade shared lock to exclusive inside the
VOP_LOOKUP or later, which cannot be done safely for dotdot, due to
dvp also locked and causing LOR.
hrs [Mon, 24 Dec 2012 00:40:21 +0000 (00:40 +0000)]
MFC: r232679:
- Clean up extra ${.OBJDIR}.
- Add ${IMAGE} for the supported image files. This fixes the install target
on FreeBSD/pc98.
- Use "mkdir -p" instead of "-mkdir" consistently.
melifaro [Fri, 21 Dec 2012 23:47:22 +0000 (23:47 +0000)]
Merge r238978(approved by luigi), r242631, r242834, r243707
replace inet_ntoa_r with the more standard inet_ntop().
As discussed on -current, inet_ntoa_r() is non standard, has different arguments
in userspace and kernel, and almost unused (no clients in userspace, only
net/flowtable.c, net/if_llatbl.c, netinet/in_pcb.c, netinet/tcp_subr.c
in the kernel)
Use unified print_dyn_rule_flags() function for debugging messages
instead of hand-made printfs in every place.
Simplify sending keepalives.
Prepare ipfw_tick() to be used by other consumers.
Make ipfw dynamic states operations SMP-ready.
* Global IPFW_DYN_LOCK() is changed to per-bucket mutex.
* State expiration is done in ipfw_tick every second.
* No expiration is done on forwarding path.
* hash table resize is done automatically and does not flush all states.
* Dynamic UMA zone is now allocated per each VNET
* State limiting is now done via UMA(9) api.
jh [Fri, 21 Dec 2012 18:25:05 +0000 (18:25 +0000)]
MFC r243333:
- Don't pass geom and provider names as format strings.
- Add __printflike() attributes.
- Remove an extra argument for the g_new_geomf() call in swapongeom_ev().
ae [Thu, 20 Dec 2012 11:10:23 +0000 (11:10 +0000)]
MFC r244360:
Use M_PROTO7 flag for M_IP6_NEXTHOP, because M_PROTO2 was used for
M_AUTHIPHDR.
MFC r244365:
Since we use different flags to detect tcp forwarding, and we share the
same code for IPv4 and IPv6 in tcp_input, we should check both
M_IP_NEXTHOP and M_IP6_NEXTHOP flags.
MFC r244386 (by glebius):
Clear correct flag in INET6 case.
MFC r244387 (by glebius):
Fix !INET6 build after r244365.
dim [Wed, 19 Dec 2012 16:22:46 +0000 (16:22 +0000)]
MFC r243572:
Pull in r168610 from upstream libc++:
When using libc++ headers on FreeBSD, in combination with -std=c++98,
-ansi or -std=c++03, the long long type is not supported. So in this
case, several functions and types, like lldiv_t, strtoll(), are not
declared.
This should make it possible to use the libc++ headers in c++98 mode.
Note: libc++ is originally designed as a c++0x or higher library, so you
should still take care when using it with c++98 or c++03.
dim [Wed, 19 Dec 2012 12:19:45 +0000 (12:19 +0000)]
MFC r243907:
Fix an old bug in devd, where it uses std::sort() to sort the various
lists it reads from its configuration files on the priority field.
Because some items in the lists have the same priority, and std::sort()
is not stable, the exact order in which the items are enumerated does
not have to correspond to the order they appear in the configuration
files.
Apparently this was never noticed with libstdc++, but with libc++ it
could cause the "uhid" entry from /etc/devd/usb.conf to be used instead
of the "ums" entry (which is earlier in the file). This caused the
problem described in the PR: the USB mouse module was never loaded, and
the other actions (such as starting moused) were not executed.
To fix the problem, make devd use std:stable_sort() instead.
Reported by: Jan Beich <jbeich@tormail.org>
PR: bin/172958
rwatson [Tue, 18 Dec 2012 14:32:53 +0000 (14:32 +0000)]
Merge r244181 from head to stable/9:
Fix the location of auditdistd configuration file.
Reported by: Johan Hendriks <joh.hendriks@gmail.com>
Merge remaining unmerged portions of r243752 from head to stable/9; parts
adding the new 'auditdistd' user were previously merged in r243947:
Merge a number of changes required to hook up OpenBSM 1.2-alpha2's
auditdistd (distributed audit daemon) to the build:
- Manual cross references
- Makefile for auditdistd
- rc.d script, rc.conf entrie
- New group and user for auditdistd; associated aliases, etc.
The audit trail distribution daemon provides reliable,
cryptographically protected (and sandboxed) delivery of audit tails
from live clients to audit server hosts in order to both allow
centralised analysis, and improve resilience in the event of client
compromises: clients are not permitted to change trail contents
after submission.
Submitted by: pjd
Sponsored by: The FreeBSD Foundation (auditdistd)
rwatson [Tue, 18 Dec 2012 14:31:55 +0000 (14:31 +0000)]
Apply minor local adjustment to OpenBSM's parse.y due to differences in Yacc
between 10-CURRENT and 9-STABLE; this will allow the soon-to-be-connected
auditdistd to build on 9.x.
rwatson [Tue, 18 Dec 2012 10:34:18 +0000 (10:34 +0000)]
Merge r243800 from head to stable/9:
Specifically point at the Handbook instructions for world updates in
UPDATING by URL.
As there has been some confusion over the need to run "mergemaster -p",
part of our standard upgrade procedure, following the recent addition of
an "auditdistd" user, add a note about it to UPDATING explicitly.
rwatson [Tue, 18 Dec 2012 10:23:58 +0000 (10:23 +0000)]
Merge r243751 from head to stable/9:
Merge OpenBSM 1.2-alpha2 changes from contrib/openbsm to
src/sys/{bsm,security/audit}. There are a few tweaks to help with the
FreeBSD build environment that will be merged back to OpenBSM. No
significant functional changes appear on the kernel side.
Obtained from: TrustedBSD Project
Sponsored by: The FreeBSD Foundation (auditdistd)
rwatson [Tue, 18 Dec 2012 09:32:44 +0000 (09:32 +0000)]
Merge OpenBSM 1.2-alpha3 from head to stable/9, upgrading from the previous
OpenBSM 1.1p2:
OpenBSM 1.2 alpha 3
- Various minor tweaks to the auditdistd build to make it fit the FreeBSD
build environment better.
- AUE_WAIT6 merged from FreeBSD 9.
OpenBSM 1.2 alpha 2
- auditdistd, a distributed audit trail management daemon, has now been
merged. This allows trail files to be securely and reliably synced from
audited hosts to an audit server, and employs TLS encryption. Where
available, it uses Capsicum to sandbox the service. This work was
contributed by Pawel Jakub Dawidek under sponsorship from the FreeBSD
Foundation.
OpenBSM 1.2 alpha 1
- Add Capsicum-related error numbers for FreeBSD: ENOTCAPABLE, ECAPMODE.
- Add Capsicum, process descriptor audit events for FreeBSD.
- Allow 0% minspace.
- Fixes from the clang static analyser.
- Fix expiration of trail files when the host parameter is used.
- Various typo fixes.
- Support for Solaris privilege and privilege set tokens.
- Documentation for getachost(), improvements for getacfilesz().
- Fix a directory descriptor leak that happened when audit trail partitions
filled.
- Support for more Linux distributions with a partial contemporary endian.h.
- Improved escaping of XML-encapsulated BSM.
- A variety of minor documentation, style, and functional.
A separate commit will merge build changes to enable auditdistd, etc.
Obtained from: TrustedBSD Project
Sponsored by: The FreeBSD Foundation (auditdistd)
jilles [Mon, 17 Dec 2012 13:03:13 +0000 (13:03 +0000)]
MFC r239151: ftw(): Do not check the maxfds argument against OPEN_MAX.
Apart from the fact that nothing should have OPEN_MAX as a limit (as opposed
to RLIMIT_NOFILE from getrlimit() or _SC_OPEN_MAX from sysconf()), POSIX
does not require us to check this. POSIX does have a requirement on the
application that maxfds not exceed {OPEN_MAX}, but does not require the
implementation to check it ("may fail").