mav [Thu, 25 Jun 2015 07:11:48 +0000 (07:11 +0000)]
MFC r284640: Bring per-port LUN enable/disable code up to date:
- remove last remnants of never implemented multiple targets support;
- implement missing support for LUN mapping in this area.
Due to existing locking constraints LUN mapping code is practically
unlocked at this point. Hopefully it is not racy enough to live until
somebody get idea how to call sleeping fronend methods under lock also
taken by the same frontend in non-sleepable context. :(
mav [Thu, 25 Jun 2015 07:08:46 +0000 (07:08 +0000)]
MFC r284641:
Fix REPORT LUNS command output for the case when same LUN mapped to same
port several times. While it is unusual configuration, it is not illegal.
mav [Thu, 25 Jun 2015 07:07:32 +0000 (07:07 +0000)]
MFC r284622: Remove device queue freeze handling and replace it with dummy.
At this point CTL has no known use case for device queue freezes.
Same time existing (considered to be broken) code was found to cause
modify-after-free issues.
gshapiro [Thu, 25 Jun 2015 01:49:44 +0000 (01:49 +0000)]
MFC: An additional fix for the openssl Weak DH remediation:
The import of openssl to address the FreeBSD-SA-15:10.openssl security
advisory includes a change which rejects handshakes with DH parameters
below 768 bits. sendmail releases prior to 8.15.2 (not yet released),
defaulted to a 512 bit DH parameter setting for client connections.
The first fix committed last week changed the default to 1024 bits.
This commit fixes the case where the DHParameters option is set to a
file which doesn't exist, which is the case on newer versions of
FreeBSD which enable STARTTLS by default by auto-creating TLS
certificates.
gjb [Wed, 24 Jun 2015 18:58:42 +0000 (18:58 +0000)]
MFC r284683:
Enable ttyu1, ttyu2, ttyu3 for arm installations.
This should make all consoles available, whether it
is VGA, HDMI, serial, or JTAG, but more importantly
enables all consoles when ttyu0 is not predictable.
For example, the Pandaboard ES apparently has three
consoles available, but the DB9/RS232 serial port is
ttyu2, so not available by default after the system
boots.
gjb [Wed, 24 Jun 2015 18:56:28 +0000 (18:56 +0000)]
MFC r284660, r284676:
r284660:
Remove the Azure-local vm_extra_create_disk(), since we no longer
need qemu-img to convert the final VHD image to an Azure-compatible
format.
Although the waagent utility is installed from ports, create the
symlink to /usr/sbin, pending investigation on where this is
hard-coded, so it can be reported upstream.
r284676:
Append the hour and minute to the snapshot suffix for EC2
AMIs and Azure VM images. This is particularly helpful for
testing to avoid name collisions, but also useful for cases
where a necessary rebuild is done before the date changes.
marcel [Wed, 24 Jun 2015 18:40:34 +0000 (18:40 +0000)]
MFC r284269, r284270, r284655, r284656, r284658:
VHD fixes for Microsoft Azure:
1. Round the image size to the VHD geometry and then round to a
multiple of 1MB.
2. Change the creator OS from "FBSD" to "Wi2k". It matters...
3. Bump the VHD tool version and the mkimg version.
gallatin [Tue, 23 Jun 2015 22:31:04 +0000 (22:31 +0000)]
Fix r284612: As pointed out by jhb, in stable branches, if_baudrate
is 32b on 32b platforms. So rather than a simple MFC of r284612,
we need to use if_initbaudrate() to properly express a 40Gb speed.
kib [Tue, 23 Jun 2015 06:30:36 +0000 (06:30 +0000)]
Revert part of the r283303 (by jhb):
Revert MFC of r270223, which bumped MAXCPU on amd64 from 64 to 256.
The cpuset_getaffinity(2) and cpuset_setaffinity(2) check minimum set
size, which now fails for binaries compiled on 10.0 with MAXCPU == 64.
dteske [Tue, 23 Jun 2015 04:03:54 +0000 (04:03 +0000)]
MFC r283863:
Fix a debug statement. Only the callback function (performing the
incrementing of dpv_overall_oread) knows what its purpose is (and
often times it was bytes, not lines).
MFC r283975 (araujo):
Clean up unused variable and silence clang warnings.
dteske [Tue, 23 Jun 2015 03:56:05 +0000 (03:56 +0000)]
MFC r284672 (antoine):
Install version.4th.8 again
It was disconnected from installation in r281081, but was never removed
from the tree or added to ObsoleteFiles.inc
tuexen [Mon, 22 Jun 2015 06:06:38 +0000 (06:06 +0000)]
When using KTRACE, set a variable to the appropriate value and don't
leave it initialized at NULL.
Since the affected functions where moved from sys/kern/uipc_syscalls.c
to sys/netinet/sctp_syscalls.c it was not possible to MFC r284613.
Therefore, this is a direct commit with the corresponding changes of r284613.
trasz [Sun, 21 Jun 2015 06:28:26 +0000 (06:28 +0000)]
MFC r282213:
Add kern.racct.enable tunable and RACCT_DISABLED config option.
The point of this is to be able to add RACCT (with RACCT_DISABLED)
to GENERIC, to avoid having to rebuild the kernel to use rctl(8).
MFC r282901:
Build GENERIC with RACCT/RCTL support by default. Note that it still
needs to be enabled by adding "kern.racct.enable=1" to /boot/loader.conf.
Note those two are MFC-ed together, because the latter one changes the
name of RACCT_DISABLED option to RACCT_DEFAULT_TO_DISABLED. Should have
committed the renaming separately...
Relnotes: yes
Sponsored by: The FreeBSD Foundation
markj [Sun, 21 Jun 2015 00:36:02 +0000 (00:36 +0000)]
MFC r284127:
witness: don't warn about matrix inconsistencies without holding the mutex
Lock order checking is done without the witness mutex held, so multiple
threads that are racing to establish a new lock order may read matrix
entries that are in an inconsistent state. Don't print a warning in this
case, but instead just redo the check after taking the witness lock.
rmacklem [Sat, 20 Jun 2015 23:15:57 +0000 (23:15 +0000)]
MFC: r284531
Document that a forced dismount of an NFSv3 mount when the
NLM (rpc.lockd) is running can crash the system.
Unfortunately this is not easy to fix, but I have left
PR#200585 open.
dim [Sat, 20 Jun 2015 13:25:28 +0000 (13:25 +0000)]
MFC r284167:
Merge r283870 from amd64:
Remove unneeded NULL checks in trap_fatal().
Since td_name is an array member of struct thread, it can never be NULL,
so the check can be removed. In addition, curproc can never be NULL,
so remove the if statement, and splice the two printfs() together.
While here, remove the u_long cast, and use the correct printf format
specifier for curproc->p_pid.
kp [Thu, 18 Jun 2015 21:23:41 +0000 (21:23 +0000)]
Merge r284222, r284260
pf: address family must be set when creating a pf_fragment
Fix a panic when handling fragmented ip4 packets with 'drop-ovl' set.
In that scenario we take a different branch in pf_normalize_ip(), taking us to
pf_fragcache() (rather than pf_reassemble()). In pf_fragcache() we create a
pf_fragment, but do not set the address family. This leads to a panic when we
try to insert that into pf_frag_tree because pf_addr_cmp(), which is used to
compare the pf_fragments doesn't know what to do if the address family is not
set.
Simply ensure that the address family is set correctly (always AF_INET in this
path).
When we try to look up a pf_fragment with pf_find_fragment() we compare (see
pf_frag_compare()) addresses (and family), but also protocol. We failed to
save the protocol to the pf_fragment in pf_fragcache(), resulting in failing
reassembly.
kp [Thu, 18 Jun 2015 21:21:52 +0000 (21:21 +0000)]
Merge r278874, r278925, r278868
- Improve INET/INET6 scope.
- style(9) declarations.
- Make couple of local functions static.
- Even more fixes to !INET and !INET6 kernels.
In collaboration with pluknet
- Toss declarations to fix regular build and NO_INET6 build.
kp [Thu, 18 Jun 2015 20:59:48 +0000 (20:59 +0000)]
Merge r281536
pf: Fix forwarding detection
If the direction is not PF_OUT we can never be forwarding. Some input packets
have rcvif != ifp (looped back packets), which lead us to ip6_forward() inbound
packets, causing panics.
Equally, we need to ensure that packets were really received and not locally
generated before trying to ip6_forward() them.
kp [Thu, 18 Jun 2015 20:57:21 +0000 (20:57 +0000)]
Merge r281234
Evaluate packet size after the firewall had its chance
Defer the packet size check until after the firewall has had a look at it. This
means that the firewall now has the opportunity to (re-)fragment an oversized
packet.
kp [Thu, 18 Jun 2015 20:43:16 +0000 (20:43 +0000)]
Merge r281164
pf: Skip firewall for refragmented ip6 packets
In cases where we scrub (fragment reassemble) on both input and output
we risk ending up in infinite loops when forwarding packets.
Fragmented packets come in and get collected until we can defragment. At
that point the defragmented packet is handed back to the ip stack (at
the pfil point in ip6_input(). Normal processing continues.
Eventually we figure out that the packet has to be forwarded and we end
up at the pfil hook in ip6_forward(). After doing the inspection on the
defragmented packet we see that the packet has been defragmented and
because we're forwarding we have to refragment it.
In pf_refragment6() we split the packet up again and then ip6_forward()
the individual fragments. Those fragments hit the pfil hook on the way
out, so they're collected until we can reconstruct the full packet, at
which point we're right back where we left off and things continue until
we run out of stack.
Break that loop by marking the fragments generated by pf_refragment6()
as M_SKIP_FIREWALL. There's no point in processing those packets in the
firewall anyway. We've already filtered on the full packet.
kp [Thu, 18 Jun 2015 20:41:55 +0000 (20:41 +0000)]
Merge r280956
pf: Deal with runt packets
On Ethernet packets have a minimal length, so very short packets get padding
appended to them. This padding is not stripped off in ip6_input() (due to
support for IPv6 Jumbograms, RFC2675).
That means PF needs to be careful when reassembling fragmented packets to not
include the padding in the reassembled packet.
While here also remove the 'Magic from ip_input.' bits. Splitting up and
re-joining an mbuf chain here doesn't make any sense.
kp [Thu, 18 Jun 2015 20:40:36 +0000 (20:40 +0000)]
Merge r280955
Preserve IPv6 fragment IDs accross reassembly and refragmentation
When forwarding fragmented IPv6 packets and filtering with PF we
reassemble and refragment. That means we generate new fragment headers
and a new fragment ID.
We already save the fragment IDs so we can do the reassembly so it's
straightforward to apply the incoming fragment ID on the refragmented
packets.
kp [Thu, 18 Jun 2015 20:34:39 +0000 (20:34 +0000)]
Merge r278843, r278858
In the forwarding case refragment the reassembled packets with the same
size as they arrived in. This allows the sender to determine the optimal
fragment size by Path MTU Discovery.
Roughly based on the OpenBSD work by Alexander Bluhm.
arybchik [Thu, 18 Jun 2015 15:50:42 +0000 (15:50 +0000)]
MFC: r283679
sfxge: do not use DEBUG_FLAGS to enable extra debug checks
DEBUG_FLAGS are set to DEBUG option value when kernel is built.
For example, it is -g in GENERIC config to have debug symbols.
Also DEBUG_FLAGS are used to determine if ctfconvert should keep
debug symbols.
Since we redefined DEBUG_FLAGS, debug symbols were always missing.
ctfconvert complains about it during kernel build.
It is incorrect to append DEBUG_FLAGS, since if DEBUG has no -g (or
similar), we'll have no debug symbols and ctfconvert will complain.
If it incorrect to always have -g in our DEBUG_FLAGS, since debug
symbols presence should be controllable by kernel config.
So, just add disabled by default addition of -DDEBUG=1 to CFLAGS.
Reviewed by: imp
Sponsored by: Solarflare Communications, Inc.
arybchik [Thu, 18 Jun 2015 15:41:09 +0000 (15:41 +0000)]
sfxge: use if_initbaudrate() to set interface baudrate
It is required to cope with u_long limit for 10 Gbps in a right way.
It is a direct commit to stable/10 since head differs (head does not
have if_initbaudrate(), if_baudrate is simply uint64_t).
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D2849
delphij [Wed, 17 Jun 2015 19:12:18 +0000 (19:12 +0000)]
MFC r264038 (theraven):
Fix an issue where the locale and rune locale could become out of sync,
causing mb* functions (and similar) to be called with the wrong data
(possibly a null pointer, causing a crash).
tuexen [Wed, 17 Jun 2015 09:39:40 +0000 (09:39 +0000)]
MFC r284384:
Stop the heartbeat timer when removing a net.
Thanks to the reporter of
https://code.google.com/p/sctp-refimpl/issues/detail?id=14
for reporting the issue.
hselasky [Wed, 17 Jun 2015 07:41:53 +0000 (07:41 +0000)]
MFC r284012:
Disable VGA PCI interrupts until a chipset driver is loaded for VGA
PCI devices. Else unhandled display adapter interrupts might freeze
the CPU or consume a lot of CPU.
hselasky [Wed, 17 Jun 2015 07:21:43 +0000 (07:21 +0000)]
MFC r280991:
Extend fixes made in r278103 and r38754 by copying the complete packet
header and not only partial flags and fields. Firewalls can attach
classification tags to the outgoing mbufs which should be copied to
all the new fragments. Else only the first fragment will be let
through by the firewall. This can easily be tested by sending a large
ping packet through a firewall. It was also discovered that VLAN
related flags and fields should be copied for packets traversing
through VLANs. This is all handled by "m_dup_pkthdr()".
Regarding the MAC policy check in ip_fragment(), the tag provided by
the originating mbuf is copied instead of using the default one
provided by m_gethdr().
gshapiro [Wed, 17 Jun 2015 02:39:10 +0000 (02:39 +0000)]
MFC: The import of openssl to address the FreeBSD-SA-15:10.openssl security
advisory includes a change which rejects handshakes with DH parameters
below 768 bits. sendmail releases prior to 8.15.2 (not yet released),
defaulted to a 512 bit DH parameter setting for client connections.
This commit chages that default to 1024 bits. sendmail 8.15.2, when
released well use a default of 2048 bits.
marcel [Wed, 17 Jun 2015 02:30:12 +0000 (02:30 +0000)]
MFC 284165:
Move contrib/top/top.X to contrib/top/top.xs and move
contrib/top/top.local.H to contrib/top/top.local.hs.
Change the makefile accordingly.
emaste [Tue, 16 Jun 2015 18:39:11 +0000 (18:39 +0000)]
MFC r281930 by jhb:
Update this driver to not save copies of registers that are no longer
used after r281874. While here, also update it to always write the
parent's PCI bus number to the primary bus register.
sbruno [Tue, 16 Jun 2015 12:10:55 +0000 (12:10 +0000)]
MFC r283923
Simplify hang detection by stealing the techniques used in ixl(4) and
applying them to em(4).
Rely on iterations through the local timer, and the tx queue state to
determine if an actual hang has occurred. Any time a descriptor is used
(packet sent), the tx queue is flagged as busy. Then when txeof runs, it
either clears the flag when all is clean, or resets it to 1 if ANY are
cleaned, if nothing is cleaned it increments the flag.
Local timer simply checks to see if busy ever reaches MAX (10, which
is compile time configurable), and then sets it as HUNG, at that point
there is one more timer cycle in which to have any cleans, if not a
watchdog reset will occur.
tuexen [Tue, 16 Jun 2015 08:36:57 +0000 (08:36 +0000)]
MFC r284351:
Simplify printaddr(). No functional change.
MFC r284352:
Allow more than one socket entry for a file descriptor. This is needed
for supporting 1-to-many style SCTP sockets. For other sochets, there
is no functional change.
MFC r284353:
Allow more than one local or remote address per socket. This is needed to
support SCTP (and MPTCP in the future). No functional change for existing
protocols.
MFC r284354:
Add support for SCTP.
MFC r284355:
When using -L the code skips a socket if the local or foreign
address is loopback. So it is shown if both are not loopback.
The man page says that it is shown if the local or foreign
address is not loopback. Change the man page to reflect the
code.
ken [Tue, 16 Jun 2015 02:31:11 +0000 (02:31 +0000)]
MFC, r284192:
------------------------------------------------------------------------
r284192 | ken | 2015-06-09 15:39:38 -0600 (Tue, 09 Jun 2015) | 102 lines
Add support for reading MAM attributes to camcontrol(8) and libcam(3).
MAM is Medium Auxiliary Memory and is most commonly found as flash
chips on tapes.
This includes support for reading attributes and decoding most
known attributes, but does not yet include support for writing
attributes or reporting attributes in XML format.
libsbuf/Makefile:
Add subr_prf.c for the new sbuf_hexdump() function. This
function is essentially the same function.
libsbuf/Symbol.map:
Add a new shared library minor version, and include the
sbuf_hexdump() function.
libsbuf/Version.def:
Add version 1.4 of the libsbuf library.
libutil/hexdump.3:
Document sbuf_hexdump() alongside hexdump(3), since it is
essentially the same function.
camcontrol/Makefile:
Add attrib.c.
camcontrol/attrib.c:
Implementation of READ ATTRIBUTE support for camcontrol(8).
camcontrol/camcontrol.8:
Document the new 'camcontrol attrib' subcommand.
camcontrol/camcontrol.c:
Add the new 'camcontrol attrib' subcommand.
camcontrol/camcontrol.h:
Add a function prototype for scsiattrib().
share/man/man9/sbuf.9:
Document the existence of sbuf_hexdump() and point users to
the hexdump(3) man page for more details.
sys/cam/scsi/scsi_all.c:
Add a table of known attributes, text descriptions and
handler functions.
Add a new scsi_attrib_sbuf() function along with a number
of other related functions that help decode attributes.
scsi_attrib_ascii_sbuf() decodes ASCII format attributes.
scsi_attrib_int_sbuf() decodes binary format attributes, and
will pass them off to scsi_attrib_hexdump_sbuf() if they're
bigger than 8 bytes.
scsi_attrib_vendser_sbuf() decodes the vendor and drive
serial number attribute.
scsi_attrib_volcoh_sbuf() decodes the Volume Coherency
Information attribute that LTFS writes out.
sys/cam/scsi/scsi_all.h:
Add a number of attribute-related structure definitions and
other defines.
Add function prototypes for all of the functions added in
scsi_all.c.
sys/kern/subr_prf.c:
Add a new function, sbuf_hexdump(). This is the same as
the existing hexdump(9) function, except that it puts the
result in an sbuf.
This also changes subr_prf.c so that it can be compiled in
userland for includsion in libsbuf.
We should work to change this so that the kernel hexdump
implementation is a wrapper around sbuf_hexdump() with a
statically allocated sbuf with a drain. That will require
a drain function that goes to the kernel printf() buffer
that can take a non-NUL terminated string as input.
That is because an sbuf isn't NUL-terminated until it is
finished, and we don't want to finish it while we're still
using it.
We should also work to consolidate the userland hexdump and
kernel hexdump implemenatations, which are currently
separate. This would also mean making applications that
currently link in libutil link in libsbuf.
sys/sys/sbuf.h:
Add the prototype for sbuf_hexdump(), and add another copy
of the hexdump flag values if they aren't already defined.
Ideally the flags should be defined in one place but the
implemenation makes it difficult to do properly. (See
above.)
delphij [Mon, 15 Jun 2015 18:16:23 +0000 (18:16 +0000)]
MFC r283889,r283891:
Clear p_stops when doing PT_DETACH and PROCFS_CTL_DETACH.
Without this, if a process was being traced by truss(1), which
uses different p_stops bits than gdb(1), the latter would
misbehave because of the unexpected bits.
Reported by: jceel
Submitted by: sef
Sponsored by: iXsystems, Inc.
gshapiro [Mon, 15 Jun 2015 04:20:32 +0000 (04:20 +0000)]
MFC: Add a quick (?) note for users who may be having sendmail interoperability issues
due to the recent (FreeBSD-SA-15:10.openssl) OpenSSL change to reject 512 bit
DH parameters. Affects 11-CURRENT and 10-STABLE.