ae [Fri, 24 May 2019 11:06:24 +0000 (11:06 +0000)]
Add `missing` and `or-flush` options to "ipfw table <NAME> create"
command to simplify firewall reloading.
The `missing` option suppresses EEXIST error code, but does check that
existing table has the same parameters as new one. The `or-flush` option
implies `missing` option and additionally does flush for table if it
is already exist.
Submitted by: lev
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D18339
delphij [Fri, 24 May 2019 02:44:15 +0000 (02:44 +0000)]
cryptodeflate: Drop z_stream zbuf.state->dummy from SDT probe.
For older versions of zlib, dummy was a workaround for compilers that do not
handle opaque type definition well; on FreeBSD, it's representing a value
that is not really useful for monitoring purposes, and the field would be gone
in newer zlib versions.
PR: 229763
Submitted by: Yoshihiro Ota <ota at j.email.ne.jp>
Differential Revision: https://reviews.freebsd.org/D20222
kevans [Fri, 24 May 2019 01:53:45 +0000 (01:53 +0000)]
bectl(8): Add a test for jail/unjail of numeric BE names
Fixed by r348215, bectl ujail first attempts the trivial fetch of a jid by
passing the first argument to 'ujail' to jail_getid(3) in case a jid/name
have been passed in instead of a BE name. For numerically named BEs, this
was doing the wrong thing: instead of failing to locate the jid specified
and falling back to mountpath search, jail_getid(3) would return the input
as-is.
While here, I've fixed bectl_jail_cleanup which still used a hard-coded pool
name that was overlooked w.r.t. other work that was in-flight around the
same time.
kevans [Fri, 24 May 2019 01:28:07 +0000 (01:28 +0000)]
jail_getid(3): validate jid string input
Currently, if jail_getid(3) is passed in a numeric string, it assumes that
this is a jid string and passes it back converted to an int without checking
that it's a valid/existing jid. This breaks consumers that might use
jail_getid(3) to see if it can trivially grab a jid from a name if that name
happens to be numeric but not actually the name/jid of the jail. Instead of
returning -1 for the jail not existing, it'll return the int version of the
input and the consumer will not fallback to trying other methods.
Pass the numeric input to jail_get(2) as the jid for validation, rather than
the name. This works well- the kernel enforces that jid=name if name is
numeric, so doing the safe thing and checking numeric input as a jid will
still DTRT based on the description of jail_getid.
jhb [Fri, 24 May 2019 00:34:13 +0000 (00:34 +0000)]
Add support for writing to guest memory in the debug server.
- Add a write_mem counterpart to read_mem to handle writes to MMIO.
- Add support for the GDB 'M' packet to write bytes to the guest's
memory. For MMIO writes, attempt to batch writes up into words.
This is imprecise, but if you write a single 2 or 4-byte aligned
word, it should be treated as a single MMIO write operation.
- While here, tidy up the parsing of the 'm' command used for reading
memory to match 'M'.
jhb [Thu, 23 May 2019 22:31:55 +0000 (22:31 +0000)]
Add deprecation warnings for weaker algorithms to geli(4).
- Triple DES has been formally deprecated in Kerberos (RFC 8429)
and is soon to be deprecated in IPsec (RFC 8221).
- Blowfish is deprecated. FreeBSD doesn't support its successor
(Twofish).
- MD5 is generally considered a weak digest that has known attacks.
geli refuses to create new volumes using these algorithms via 'geli
init'. It also warns when attaching to existing volumes or creating
temporary volumes via 'geli onetime' . The plan is to fully remove
support for these algorithms in FreeBSD 13.
Note that none of these algorithms have ever been the default
algorithm used by geli(8). Users would have had to explicitly select
these algorithms when creating volumes in the past.
jhb [Thu, 23 May 2019 22:06:57 +0000 (22:06 +0000)]
Add deprecation warnings for IPsec algorithms deprecated in RFC 8221.
All of these algorithms are either explicitly marked MUST NOT, or they
are implicitly MUST NOTs by virtue of not being included in IETF's
list of protocols at all despite having assignments from IANA.
Specifically, this adds warnings for the following ciphers:
- des-cbc
- blowfish-cbc
- cast128-cbc
- des-deriv
- des-32iv
- camellia-cbc
Warnings for the following authentication algorithms are also added:
- hmac-md5
- keyed-md5
- keyed-sha1
- hmac-ripemd160
cem [Thu, 23 May 2019 21:02:27 +0000 (21:02 +0000)]
random(4): deduplicate explicit_bzero() in harvest
Pull the responsibility for zeroing events, which is general to any
conceivable implementation of a random device algorithm, out of the
algorithm-specific Fortuna code and into the callers. Most callers
indirect through random_fortuna_process_event(), so add the logic there.
Most callers already explicitly bzeroed the events they provided, so the
logic in Fortuna was mostly redundant.
Add one missing bzero in randomdev_accumulate(). Also, remove a redundant
bzero in the same function -- randomdev_hash_finish() is obliged to bzero
the hash state.
cem [Thu, 23 May 2019 20:12:24 +0000 (20:12 +0000)]
EKCD: Add Chacha20 encryption mode
Add Chacha20 mode to Encrypted Kernel Crash Dumps.
Chacha20 does not require messages to be multiples of block size, so it is
valid to use the cipher on non-block-sized messages without the explicit
padding AES-CBC would require. Therefore, allow use with simultaneous dump
compression. (Continue to disallow use of AES-CBC EKCD with compression.)
dumpon(8) gains a -C cipher flag to select between chacha and aes-cbc.
It defaults to chacha if no -C option is provided. The man page documents this
behavior.
cperciva [Thu, 23 May 2019 19:55:53 +0000 (19:55 +0000)]
Use ACPI SPCR on x86
This takes the SPCR code currently in uart_cpu_arm64.c, moves it into
a new uart_cpu_acpi.c (with some associated refactoring), and uses it
from both arm64 and x86.
An SPCR serial port address AccessWidth field value of 0 ("reserved")
is now treated as 1 ("byte access") in order to work around a buggy
SPCR table on Amazon EC2 i3.metal instances.
Reviewed by: manu, Greg V
MFC after: 3 days
Sponsored by: https://www.patreon.com/cperciva
Differential Revision: https://reviews.freebsd.org/D20357
manu [Thu, 23 May 2019 19:26:50 +0000 (19:26 +0000)]
loader: Add pnp functions for autoloading modules based on linker.hints
This adds some new commands to loader :
- pnpmatch
This takes a pnpinfo string as argument and tries to find a kernel module
associated with it. -v and -d option are available and are the same as in
devmatch (v is verbose, d dumps the hints).
- pnpload
This takes a pnpinfo string as argument and tries to load a kernel module
associated with it.
- pnpautoload
This will attempt to load every kernel module for each buses. Each buses are
probed, the probe function will generate pnpinfo string and load kernel module
associated with it if it exists.
Only simplebus for FDT system is implemented for now.
Since we need the dtb and overlays to be applied before searching the tree
fdt_devmatch_next will load and apply the dtb + overlays.
All the pnp parsing code comes from devmatch and is the same at 99%.
manu [Thu, 23 May 2019 17:36:19 +0000 (17:36 +0000)]
arm: allwinner: clk: Use the new frac clock
Some clocks used the NM type but this clock is for the ones with the
formula "clk = clkin / n / m" and not "clk = clkin * n / m"
Use the new frac clock for them.
manu [Thu, 23 May 2019 17:35:40 +0000 (17:35 +0000)]
arm: allwinner: clk: Add new clock aw_clk_frac
Add a clock driver for clock that can either be used in integer mode
with one N factor and one M divider or in fractional mode where the
output frequency is chosen between two predifined output.
imp [Thu, 23 May 2019 17:18:48 +0000 (17:18 +0000)]
Implement "VARS_ONLY=1" via special command line args
Add -v to print TYPE REVISION BRANCH RELEASE VERSION RELDATE variables
Add -V var to print var's value
Both of these in ${var}="${val}" format suitable for
eval $(sh newvers.sh -v)
in shell scripts / makefiles.
Add -c to print the copyright / license comment text only.
Document these, and remove soon-to-be obsolete comment.
Minor code motion as well bunded here to put functions after
VARS_ONLY and command line argument parsing.
ian [Thu, 23 May 2019 15:59:50 +0000 (15:59 +0000)]
Use the new FDTCOMPAT_PNP_INFO() macro to define SPIBUS_FDT_PNP_INFO().
Also rename SPIBUS_PNP_INFO -> SPIBUS_FDT_PNP_INFO because there could be
other kinds of pnpinfo for other (non-fdt) bus attachments.
imp [Thu, 23 May 2019 15:53:41 +0000 (15:53 +0000)]
Add warning that the PNP info has to follow the module declaration.
Due to how the linker.hints file is laid out, we'll associate the pnp
info with the wrong module if the module declaration comes after the
pnp info. Until that limiation is removed, we need to have this
ordering. Ideally, we'd also enforce the ordering somehow, but I've
come up with no way to do that yet...
ian [Thu, 23 May 2019 15:47:30 +0000 (15:47 +0000)]
Define macros making it easier to define bus-specific pnpinfo for FDT systems.
Pnpinfo is bus-specific and requires the bus name. The FDTCOMPAT_PNP_INFO()
macro makes it easier to define new FDT-based pnpinfo for busses other than
simplebus.
ian [Thu, 23 May 2019 14:02:39 +0000 (14:02 +0000)]
Mark i2c slave devices busy while they own the bus.
Many i2c slave drivers are in modules that can be unloaded. If they detach
while IO is in progress the bus would be hung forever. Conversely,
lower-layer drivers (iicbus and the hardware driver) also live in modules
and other kinds of bad things happen if they get detached while IO is in
progress. Because device_busy() propagates up to parents, marking the slave
device busy while it owns the bus solves both kinds of problems that come
with detaching i2c devices while IO is in progress.
avg [Thu, 23 May 2019 12:51:13 +0000 (12:51 +0000)]
add mrsas_shutdown method
It should be safer to flush controller and disk caches on the shutdown.
And to gracefully shut down the controller as well.
It seems that the Linux driver has been doing that for a long time.
avg [Thu, 23 May 2019 11:15:22 +0000 (11:15 +0000)]
gpioled: add a new hint for initial state
hint.gpioled.%d.state determines the initial state of the LED when the
driver takes control over it:
0 - the LED is off
1 - the LED is on
-1 - the LED is kept as it was
jhibbits [Thu, 23 May 2019 03:47:25 +0000 (03:47 +0000)]
powerpc/mpc85xx: Use the proper (EREF) form of writing to DBCR0
DBCR0, according to the Freescale EREF, is guaranteed to be updated, and
changes take effect, after an isync plus change of MSR[DE] from 0 to 1.
Otherwise it's guaranteed to be updated "eventually". Use the expected
synchronization sequence to write it for resetting.
This prevents "Reset failed" from being printed immediately before the CPU
resets.
jhibbits [Thu, 23 May 2019 03:40:48 +0000 (03:40 +0000)]
powerpc/booke: It helps to set variables before using them
Actually set the source and destination VA's before using them. Fixes a
bizarre panic on 32-bit Book-E. Not sure why this wasn't caught by the
compiler.
ian [Thu, 23 May 2019 01:41:49 +0000 (01:41 +0000)]
Handle the driftfile option correctly when ntpd_flags is empty.
The logic I originally wrote to detect whether a driftfile option was in the
set of flags was based on the result of removing the pattern *flag* being an
empty string. That didn't handle the case where the string was empty to
begin with. Doh! So now it also specifically checks for an empty string.
The result of the bad check was that ntpd would run without a driftfile, but
it would do so only if it was running as root instead of the non-priveleged
ntpd user, which isn't a typical case. Ntpd runs fine without a driftfile,
although it does take it longer to stabilize the clock frequency at startup.
Reported by: avg@
Pointy hat: ian@
MFC after: some testing
dougm [Wed, 22 May 2019 23:11:16 +0000 (23:11 +0000)]
Cleanups made necessary by r348115, or reactions to it:
1. Change size_t to vm_size_t in some places.
2. Rename vm_map_entry_resize_free to drop the _free part.
3. Fix whitespace errors.
4. Fix screwups in patch-conflict-management that left out important
changes related to growing and shrinking objects.
kevans [Wed, 22 May 2019 23:07:40 +0000 (23:07 +0000)]
bectl(8): add description for create subcommand
In commit r345845, a portion of documentation for the create subcommand was
removed. Specifically, for creating a snapshot of an existing boot
environment. bectl even has a test-case for this functionality.
Removing the sub-command description was discussed in PR 235850.
This patch brings back the second "create" description that was originally
in place. Albeit, with a few wording/clarifying changes.
Submitted by: Rob Fairbanks <rob.fx907 gmail com>
Reviewed by: kevans
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D20249
cem [Wed, 22 May 2019 21:47:17 +0000 (21:47 +0000)]
save-entropy(8), rc.d/random: Set nodump flag
Tag saved entropy files as "nodump," to signal that the files should not be
backed up by dump(8) or other automated backup software that honors the file
flag.
Do not produce an error if the target file resides on a filesystem that does
not support file flags (e.g., msdos /boot).
melifaro [Wed, 22 May 2019 21:20:15 +0000 (21:20 +0000)]
Fix gateway setup for the interface routes.
Currently rinit1() and its IPv6 counterpart
nd6_prefix_onlink_rtrequest() uses dummy null_sdl gateway address
during route insertion and change it afterwards. This behaviour
brings complications to the routing stack and the users of its
upcoming notification system.
This change fixes both rinit1() and nd6_prefix_onlink_rtrequest()
by filling in proper gateway in the beginning. It does not change any
of the userland notifications as in both cases, they happen after
the insertion and fixup process (rt_newaddrmsg_fib() and nd6_rtmsg()).
ian [Wed, 22 May 2019 21:06:10 +0000 (21:06 +0000)]
Add a new 'tr' (transfer) mode to i2c(8) to support more i2c controllers.
Some i2c controller hardware does not provide a way to do individual START,
REPEAT-START and STOP actions on the i2c bus. Instead, they can only do
a complete transfer as a single operation. Typically they can do either
START-data-STOP or START-data-REPEATSTART-data-STOP. In the i2c driver
framework, this corresponds to the iicbus_transfer method. In the userland
interface they are initiated with the I2CRDWR ioctl command.
These changes add a new 'tr' mode which can be specified with the '-m'
command line option. This mode should work on all hardware; when an i2c
controller driver doesn't directly support the iicbus_transfer method,
code in the i2c driver framework uses the lower-level START/REPEAT/STOP
methods to implement the transfer. After this new mode has gotten some
testing on various hardware, the 'tr' mode should probably become the
new default mode.
mav [Wed, 22 May 2019 18:43:48 +0000 (18:43 +0000)]
Allocate buffers smaller then ABD chunk size as linear.
This allows to reduce memory waste by letting UMA to put multiple small
buffers into one memory page slab. The page sharing means that UMA
may not be able to free memory page when some of buffers are freed, but
alternatively memory used by that buffer would just be wasted from the
beginning.
This change follows alike change in ZoL, but unlike Linux (according to
my understanding of it from comments) FreeBSD never shares slabs bigger
then one memory page, so this should be even less invasive then there.
dougm [Wed, 22 May 2019 17:40:54 +0000 (17:40 +0000)]
Passing a parameter to vm_map_entry_resize_free that describes the
amount of resizing reduces the number of functions changing the vm_map
invariants regarding the max_free field of map entries.
zeising [Wed, 22 May 2019 16:59:22 +0000 (16:59 +0000)]
Fix ObsoleteFiles after ethernet driver removal
Fix OpsoleteFiles.inc after removal of ethernet drivers. The drivers have
manual pages, and manual pages are generally stored compressed, with a .gz
suffix, but this is not reflected in ObsoleteFiles and make delete-old fails
to remove them.
avg [Wed, 22 May 2019 08:30:03 +0000 (08:30 +0000)]
acpi_hpet: restore support for timers defined only in HPET table
This fixes a regress introduced in r339754.
After that change the code required that there is a HPET device
in the ACPI namespace.
The problem has been noticed on an PC Engines apu2 system.
sobomax [Wed, 22 May 2019 04:51:08 +0000 (04:51 +0000)]
Make aacraid(4) working on ASR8805 & ASR8402 in particular. This patch
has been in the PR system for 5 months and then on reviews for another 5.
Nobody came with any cases where it fails, while many people cried for
it to be commited & merged.
PR: 209468
Submitted by: Prasad B M <prasad.munirathnam@microsemi.com>
Reported by: Steven Peterson <scp@mainstream.net>
Approved by: scottl
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D18408
cem [Wed, 22 May 2019 01:22:33 +0000 (01:22 +0000)]
pmc: Fix stack std::string lifetime
It's invalid to reference a C++ string's c_str() buffer after the object
goes out of scope. Adjust the scope of the string to match the use in
write(2) to fix the misuse.
kib [Tue, 21 May 2019 22:56:21 +0000 (22:56 +0000)]
Do not call hw_mds_recalculate() from initializecpu().
If MDS mitigation is enabled by the tunable but MDS microcode is not
early-loaded, software mitigation is selected. This causes
initializecpu() to try to allocate memory which makes boot process
very unhappy.
Create SYSINIT that runs sufficiently late to succeed.
Reported by: naddy
PR: 237968
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
mckusick [Tue, 21 May 2019 22:24:38 +0000 (22:24 +0000)]
This revision began as a simple change to eliminate an uninitialized warning
found by Coverity. However, upon closer inspection the implementation of
fsck_ffs's fsck_readdir() and dircheck() functions is both nearly impossible
to follow and fails to check / fix directories in several cases. So, this
revision is an entire rewrite of these two functions to clarify what they
are doing and also to get something that works properly.
Referred by: cem
Reviewed by: kib, David G Lawrence
MFC after: 3 days
CID 1401317: namlen may be used uninitialized