ian [Tue, 31 May 2016 17:15:57 +0000 (17:15 +0000)]
MFC r297323,r297324, r297325, r297326:
Set only one default route for nfsroot mount, the one associated with the
interface that will be used to mount the rootfs (and never a self-ip proxy
arp route). Made up of the following related changes...
Set ifctx->gotrootpath=1 only when the root path came from the dhcp/bootp
server (and not when it came from a fallback method such as the ROOTDEVNAME
option). This makes the code in bootpc_init() choose the first interface
that provided a rootpath name. Previously it was choosing the first
interface that got an IP address, which could be on a different and
potentially unreachable subnet than the server providing the rootfs.
If the rootpath name actually does come from a fallback source, then the
code continues to use the first interface in the list that got configured.
Note that this wasn't directly reported in the PR cited below, but was
discovered while working on that PR.
Switch bootpc_adjust_interface() from returning int to void. Its one caller
doesn't check for errors, and all the errors that can happen result in it
calling panic anyway, except for one that's really more of a warning (and
is going to disappear on an upcoming commit anyway).
Stop setting the default route to the IP of the interface itself when the
bootp/dhcp server doesn't provide a router option. Doing so prevents
setting defaultrouter=<ip> in rc.conf (it fails because there's already
a bogus default route installed by bootpc_init).
When an admin wants to use this style of proxy arp on an interface, the
proper mechanism is to set the "use-lease-addr-for-default-route" flag
in the dhcp server config. That causes the lease address to be delivered
in the routers option, and the normal handling of the routers option will
then install the self-ip as the default route.
Do not try to install a default route for each interface found, because
only the first one will actually work and all the others just result in
errors (which would get printed but otherwise ignored).
Instead, wait until we make a choice of which interface will be used to
mount the rootfs, and install the default route associated with it (if any).
After doing the md_mount() call to obtain the needed info, remove the
default route again, and transcribe the route info into the nfs_diskless
structure. If the system eventually chooses to mount the nfs rootfs, the
default route will be installed again when the nfs_diskless code
re-initializes the interface.
ian [Tue, 31 May 2016 17:01:54 +0000 (17:01 +0000)]
MFC r297147, r297148, r297149, r297150, r297151:
Make both the loader and kernel use the interface-mtu option if the
dhcp server provides it. Made up of these (semi-)related changes...
[kernel...] If the dhcp server provides an interface-mtu option, parse
the value and set that mtu on the interface.
[libstand...]
Garbage collect the bswap routines from libstand, use sys/endian.h.
If the dhcp server delivers an interface-mtu option, parse it and store
the value in a new global intf_mtu for use by the application.
[loader...]
If the dhcp server provided an interface-mtu option, transcribe the value
to the boot.netif.mtu env var, which will be picked up by pre-existing code
in nfs_mountroot() and used to configure the interface accordingly.
rmacklem [Sun, 29 May 2016 23:30:36 +0000 (23:30 +0000)]
MFC: r299872
Fix fuse for "cp" of a mode 0444 file to the file system.
When "cp" of a file with read-only (mode 0444) to a fuse mounted
file system was attempted it would fail with EACCES. This was because
fuse would attempt to open the file WRONLY and the open would fail.
This patch changes the fuse_vnop_open() to test for an extant read-write
open and use that, if it is available.
This makes the "cp" of a read-only file to the fuse mounted file system
work ok.
There are simpler ways to fix this than adding the fuse_filehandle_validrw()
function, but this function is useful for future patches related to
exporting a fuse filesystem via NFS.
rmacklem [Sun, 29 May 2016 23:05:14 +0000 (23:05 +0000)]
MFC: r299816
Fix fuse so that stale buffer cache data isn't read.
When I/O on a file under fuse is switched from buffered to DIRECT_IO,
it was possible to read stale (before a recent modification) data from
the buffer cache. This patch invalidates the buffer cache for the
file to fix this.
pfg [Sun, 29 May 2016 16:32:21 +0000 (16:32 +0000)]
MFC r300378:
libc/regex: fix two buffer underruns.
Fix some rather complex regex issues found on OpenBSD as part of some
ongoing work to fix a sed(1) bug.
Curiously the OpenBSD tests don't trigger segfaults on FreeBSD but the
bugs were confirmed by running a port of FreeBSD's regex under OpenBSD's
malloc. Huge thanks to Ingo for confirming the behavior.
jah [Sun, 29 May 2016 07:14:51 +0000 (07:14 +0000)]
MFC r300258:
iic_rdwr_data->nmsgs is uint32_t, so limit the allowable number of messages to
prevent memory exhaustion and short allocations on 32-bit systems. Since
iicrdwr is intended to be a workalike of a Linux i2c-dev call, use the same
limit of 42 that Linux uses.
Also check the return value of copyin(9) to prevent unnecessary allocation in
the failure case.
ache [Sun, 29 May 2016 06:46:17 +0000 (06:46 +0000)]
MFC: r300397
1) POSIX prohibits printing errors to stderr here and require
returning NULL:
"Upon successful completion, initstate() and setstate() shall return a
pointer to the previous state array; otherwise, a null pointer shall
be returned.
Although some implementations of random() have written messages to
standard error, such implementations do not conform to POSIX.1-2008."
2) Move error detections earlier to prevent state modifying.
rmacklem [Sat, 28 May 2016 22:42:56 +0000 (22:42 +0000)]
MFC: r299753
Fix fuse to use DIRECT_IO when required.
When a file is opened write-only and a partial block was written,
buffered I/O would try and read the whole block in. This would
result in a hung thread, since there was no open (fuse filehandle)
that allowed reading. This patch avoids the problem by forcing
DIRECT_IO for this case.
It also sets DIRECT_IO when the file system specifies the FN_DIRECTIO
flag in its reply to the open.
kadesai [Thu, 26 May 2016 12:00:14 +0000 (12:00 +0000)]
MFC r299666 - r299672
r299666: Takes care of any firmware command timeout scenarios by initiating OCR.
r299667: Similar to RAID map for Logical Drives, now JBOD map has been introduced
r299668: This patch implements driver support for 1MB IO size.
r299669: Implemented interrupt Config Hook in mrsas(4) to defer some of the tasks, like:
registering AEN, creating cdev.
r299670: Added support for Avago Intruder controller.
r299671: bugs fixed as part of this patch in kdump and some NULL pointer dereference
r299672: Version update patch.
ken [Wed, 25 May 2016 15:10:07 +0000 (15:10 +0000)]
MFC r300327:
------------------------------------------------------------------------
r300327 | ken | 2016-05-20 13:30:52 -0600 (Fri, 20 May 2016) | 11 lines
Add the density code for LTO-7 to libmt and the mt(1) man page.
The density code and bits per mm values were obtained from an
actual drive density report.
The number of tracks were obtained from an LTO-7 hardware
announcement on IBM's web site.
------------------------------------------------------------------------
Sponsored by: Spectra Logic
ken [Wed, 25 May 2016 14:30:33 +0000 (14:30 +0000)]
MFC r300224:
------------------------------------------------------------------------
r300224 | ken | 2016-05-19 13:13:43 -0600 (Thu, 19 May 2016) | 12 lines
Adjust a couple of error cases in camdd(8).
usr.sbin/camdd/camdd.c:
In camdd_probe_file(), fix an error case after fstat where
we were bailing out and leaving two lines of cleanup code
unexecuted. Instead, just goto bailout_error.
In camdd_probe_pass(), fail if the sector size is 0.
------------------------------------------------------------------------
jhb [Tue, 24 May 2016 23:04:16 +0000 (23:04 +0000)]
MFC 299310:
Don't store generated firmware object files in the source directory.
Trim the leading directory of a firmware source file from the resulting
target object file name so the object file is stored in the object
directory. Previously, using 'FIRMWS= /path/to/fw.bin:fw.bin' would
store the generated 'fw.bin.fwo' file in the /path/to directory. Now
it stores it in the object directory of the kernel module being built.
kib [Tue, 24 May 2016 10:46:23 +0000 (10:46 +0000)]
MFC r300084:
Do enable io accounting for read-only mounts and mounts which are
remounted to writeable after initial read-only. Assign to
dev->si_mountpt earlier to account the accesses done at the mount
time.
mav [Tue, 24 May 2016 07:21:23 +0000 (07:21 +0000)]
MFC r299373: Allow sleepable allocations in enclosure daemon threads.
There were at least two places where M_NOWAIT was used without NULL check.
This change should fix NULL-dereference panic there and possibly improve
operation in other ways under memory pressure.
Use the size of the destination buffer, not the source buffer.
Technically this is a no-op, but mute the clang warning in case the malloc call
above for fstring ever changes in the future
r299765:
Fix theoretical buffer overflow issues in snmp_oid2asn_oid
Increase the size of `string` by 1 to account for the '\0' terminator. In the event
that `str` doesn't contain any non-alpha chars, i would be set to MAXSTR, and
the subsequent strlcpy call would overflow by a character.
Remove unnecessary `string[i] = '\0'` -- this is already handled by strlcpy.
r299767:
Mute sign compare warning by casting rc to u_int to match nbindings' type
rc cannot be negative -- that was already tested for earlier on in
the function
r299769:
Use the size of the destination buffer instead of the malloc size, repeated, in order
to mute a -Wstrlcpy-strlcat-size warning
r299770:
Fix up r299764
I meant to use nitems, not sizeof(..) with the destination buffer. Using sizeof(..)
on a pointer will always truncate the output in the destination buffer incorrectly
Pointyhat to: ngie
r299774:
Do minimal work necessary to cure a -Wunused-but-set-variable warning from gcc
How errno is saved before and restored after strtoul calls needs a rethink
r299802:
Fix up both r299764 and r299770
nitems was wrong too, as it was being tested against a pointer instead of a buffer on
the stack.
Since the old code was just doing malloc, then strlcpy'ing the contents of the source
buffer into the destination buffer, replace it all with a call to strdup..
Supersized Duncecap to: ngie
r299803:
Replace malloc + memset(.., 0, ..) with calloc calls
r299805:
Fix up r299769
Similar to r299802, it was noted that using nitems on scalar pointers is
invalid.
Use strdup instead of malloc + strlcpy (which is what the old code was doing
anyhow).
Pointyhat to: ngie
r299814:
Replace malloc + memset(.., 0, ..) with calloc calls
pfg [Tue, 24 May 2016 03:08:32 +0000 (03:08 +0000)]
sed: rewrite the main loop.
Rewrite the main loop of the "sed s/..." command, shortening it by ten
lines and simplifying it by removing the switch statement implementing
/g, /1, and /2 separately and repetitively.
This will be needed to bring a fix from OpenBSD later.
ngie [Mon, 23 May 2016 06:01:04 +0000 (06:01 +0000)]
MFC r299710,r299711,r299763,r299783,r299811:
r299710:
Staticize global variables only used in bsnmpimport.c to fix
-Wmissing-variable-declarations warnings
r299711:
Fold two malloc + memset(.., 0, ..) calls into equivalent calloc calls
r299763:
Mute -Wstrlcpy-strlcat-size warning by using nitems with the size of the buffer
This is a no-op as the malloc above set the size of the buffer to the size used
below, but this keeps things consistent in case the malloc call changes somehow.
r299783:
Convert tok from enum tok to int32_t in function calls
get_token(..) returns int32_t, not enum tok, and in many cases tests for items
not in enum tok (e.g. '('). Make the typing consistent with get_token, which
includes a domino effect of changing enum tok to int32_t.
ngie [Mon, 23 May 2016 05:41:53 +0000 (05:41 +0000)]
MFC r299712,r299759,r299760,r299761,r299762:
r299712:
Fix some trivial clang/gcc warnings in bsnmptc.c
- By definition, `enum snmp_tc` can't be false (the implied starting sequence
index for the enum is 0). Don't test for it being < 0.
- Staticize `struct snmp_text_conv` to mute a -Wmissing-variable-declarations
warning from clang.
- Remove set but unused variable, ptr, in parse_bridge_id(..) and
parse_bport_id(..) to mute warning from gcc 4.9+.
- Mark value and string unused in snmp_inetaddr2oct(..) and parse_inetaddr(..)
as they're just stub functions.
r299759:
Use calloc instead of memset(.., 0, ..) + malloc
r299760:
Sort variables in parse_ascii(..) per style(9)
r299761:
parse_ascii: make count size_t to mute a -Wsign-compare issue
count is always unsigned.
r299762:
Mark snmptoolctx unused in parse_authentication(..), parse_privacy(..),
parse_context(..), and parse_user_security(..).
truckman [Mon, 23 May 2016 05:38:40 +0000 (05:38 +0000)]
MFC r299988
Set ai2 to NULL in in find_host() before the loop and after calling
freeaddrinfo() on it to indicate that it doesn't point to a valid
addrinfo list. This fixes this Coverity issues: 1006368 Uninitialized pointer read 1018506 Double free 1305590 Resource leak
that can be triggered in the hp->hostname[0] != '\0' case.
Don't treat a character as a boolean.
Fix these Coverity issues: 1009293 Unchecked return value from library 1194246 Wrong size argument
by tweaking the status file extend code.
truckman [Mon, 23 May 2016 05:27:31 +0000 (05:27 +0000)]
MFC r299986
Actually use the loop interation limit so carefully computed on the
previous line to prevent buffer overflow. This turns out to not be
important because the upstream xdr code already capped the object
size at the proper value. Using the correct limit here looks a lot
less scary and should please Coverity.
ngie [Mon, 23 May 2016 05:11:31 +0000 (05:11 +0000)]
MFC r299654:
Read the contents of the snapshot files properly
- Use fgetln instead of fgets; localize complexity related to fgetln(3)
inside the loop.
- Skip over blank lines.
- Skip over lines (properly) that start with a "#"
truckman [Mon, 23 May 2016 05:11:08 +0000 (05:11 +0000)]
MFC r299926
Hoist the getpwnam() call outside the first if/else block in
pam_sm_chauthtok(). Set user = getlogin() inside the true
branch so that it is initialized for the following PAM_LOG()
call. This is how it is done in pam_sm_authenticate().
rmacklem [Sun, 22 May 2016 20:44:11 +0000 (20:44 +0000)]
MFC: r299242
Make "-S" a default option for mountd.
After a discussion on freebsd-fs@ there seemed to be a consensus that
the "-S" option for mountd should become the default.
Since the only known issue w.r.t. using "-S" was fixed by r299201,
this commit adds "-S" to the default mountd_flags.
rmacklem [Sat, 21 May 2016 20:50:25 +0000 (20:50 +0000)]
MFC: r299226
Don't increment srvrpccnt[] for the NFSv4.1 operations.
When support for NFSv4.1 was added to the NFS server, it broke
the server rpc count stats, since newnfsstats.srvrpccnt[] doesn't
have entries for the new NFSv4.1 operations.
Without this patch, the code was incrementing bogus entries in
newnfsstats for the new NFSv4.1 operations.
This patch is an interim fix. The nfsstats structure needs to be
updated and that will come in a future commit.
emaste [Fri, 20 May 2016 19:14:15 +0000 (19:14 +0000)]
MFC r292000: Remove historical GNUC test
The requirement is for a GCC-compatible compiler and not necessarily
GCC itself. However, we currently expect any compiler used for building
the whole of FreeBSD to be GCC-compatible and many things will break if
not; there's no longer a need to have an explicit test for this in csu.
Since rdata is only used as an argument to the immediately following
call to res_nopt_rdata(), revert r299879 and fix CID 603941 by moving
rdata = &buf[n];
inside the if block.
truckman [Fri, 20 May 2016 06:41:26 +0000 (06:41 +0000)]
MFC r299591
Always return either a dynamically allocated string or NULL from
expand(). Never return the name parameter, which could be a the buf[]
buffer which is allocated on the stack by getdeadletter() and which
would then be used after getdeadletter() has returned.
truckman [Fri, 20 May 2016 06:35:14 +0000 (06:35 +0000)]
MFC r299581
Use strlcpy() instead of strncpy() to ensure that qf->fsname is NUL
terminated. Don't bother checking for truncation since the subsequent
stat() call should detect that and fail.
truckman [Fri, 20 May 2016 06:33:02 +0000 (06:33 +0000)]
MFC r299580
Use strlcpy() instead of strncpy() to ensure that ret->name is
NUL terminated. The source and destination buffers are the same
size and the source *should* be NUL terminated, but be paranoid.
truckman [Fri, 20 May 2016 06:27:58 +0000 (06:27 +0000)]
MFC r299579
Use strlcpy() instead of strncpy() to ensure that qup->fsname is NUL
terminated. Don't bother checking for truncation since the subsequent
quota_read() should detect that and fail.
Avoid Coverity NUL termination warning about strncpy() by using
memcpy() instead. It's probably a bit more optimal in this case
anyway. [1]
The program logic leading up to the creation of the strncpy/memcpy
destination buffer is a bit hairy. Add a call to assert() to make
it clear what is happening here and detect any potential buffer
overruns in the future.
Check a couple syscall error returns. Ignore the EEXIST error from
link() to preserve existing behavior. [2] [3]
Instead of ignoring the EEXIST from link(), unconditionally unlink
the terget before calling link(). This should prevent links to an
old copy of the file from being retained.
Use strlcpy() instead of strncpy() when copying to dom_domain to
ensure that the latter is NUL terminated since it is passed
as an argument to *printf().