ngie [Mon, 16 Jan 2017 07:15:14 +0000 (07:15 +0000)]
MFC r311133:
Move the "MK_* options..." section before the "... MK_*_SUPPORT..." section
For the case that someone set WITHOUT_GSSAPI=, now WITHOUT_KERBEROS_SUPPORT
will be properly set.
This will likely fix the issue for the default case noted in the PR I filed
back in 2011. I am trying to fix the less obvious case documented in the PR
still.
ngie [Mon, 16 Jan 2017 07:10:42 +0000 (07:10 +0000)]
MFC r311140:
Only bake krb5_config.h support in to ssh(3), etc if both MK_GSSAPI and
MK_KERBEROS_SUPPORT != no
This fixes the odd case where someone specified MK_GSSAPI=no and
MK_KERBEROS_SUPPORT=yes (which admittedly, probably doesn't make sense,
but the build system doesn't prevent this case today, and it didn't when
I filed the bug back in 2011 either).
ngie [Mon, 16 Jan 2017 07:03:33 +0000 (07:03 +0000)]
MFC r310655:
Fix bsnmpd sending/receiving with multi-homed configurations or INADDR_ANY used
as the listening address in snmpd_input(..)
Stash the IPv4 address of the receiver via the recv(..) callback and use it in
the send(..) callback for the transport by specifying IP_SENDSRCADDR for the
control message type.
Add sendmsg logic to the UDP transport's send(..) callback and use the
respective send(..) callback for the transport instead of calling sendto in
snmpd_input(..).
ngie [Mon, 16 Jan 2017 06:53:58 +0000 (06:53 +0000)]
MFC r311741,r311761:
r311741:
Add a REVISION section to track changes for the hostres module
There haven't been any changes to the MIB definition, so the REVISION remains
static at the version it was imported at
r311761:
Add a REVISION section to track changes for the BEGEMOT-NETGRAPH MIB file
This change also documents the modification harti made to a handful of
objects in r122758 (the max OCTET STRING width was increased from 15 to
31 octets)
emaste [Mon, 16 Jan 2017 01:38:34 +0000 (01:38 +0000)]
newvers.sh: add options to eliminate kernel build metadata
MFC r310112, r310114, r310273, r310279
r310112: newvers.sh: add option to eliminate kernel build metadata
Build metadata (username, hostname, etc.) prevents the FreeBSD kernel
from building reproducibly. Add an option to disable inclusion of that
metadata but retain the release information and SVN/git VCS details.
See https://reproducible-builds.org/ for additional background.
r310114: newvers.sh: correct typo in comment
r310273: newvers.sh: add -R option to include metadata only for
unmodified src tree
r310279: newvers.sh: consider as modified SVN mixed revision and other cases
The newvers -R option is intended to include build metadata (e.g. user,
host, time) if the build is from an unmodified VCS tree. For subversion
it considered a trailing 'M' as an indication of a modified tree, and
any other version string as modified.
Also include mixed revision checkouts (e.g. 123:126), switched (123S)
and partial (123P) working copies as modified: the revision number is
insufficient to uniquely determine which source was used for the build.
ian [Sun, 15 Jan 2017 22:10:32 +0000 (22:10 +0000)]
MFC r308187, r311660, r311693, r311727, r311797:
Toggle card insert/remove interrupt enable bits on events.
Add a new sdhci interface method, get_card_present().
Now that the PRESENT_STATE register is only used for the inhibit bits loop
in this function, sdhci_start_command(), eliminate the state variable and
restructure the loop to read the register just once at the top of the loop.
Add support for non-removable media, and a quirk to use polling to detect
card insert/remove events on controllers that don't implement the insert
and remove interrupts.
Add sdhci_handle_card_present_locked() that can be called from the interrupt
handler which already holds the mutex, and have sdhci_handle_card_present()
be just a tiny wrapper that does the locking for external callers.
ae [Sun, 15 Jan 2017 15:43:19 +0000 (15:43 +0000)]
MFC r311679:
Add direction argument to ipsec_setspidx_inpcb() function.
This function is used only by ipsec_getpolicybysock() to fill security
policy index selector for locally generated packets (that have INPCB).
The function incorrectly assumes that spidx is the same for both directions.
Fix this by using new direction argument to specify correct INPCB security
policy - sp_in or sp_out. There is no need to fill both policy indeces,
because they are overwritten for each packet.
This fixes security policy matching for outbound packets when user has
specified TCP/UDP ports in the security policy upperspec.
This was meant to be used by a future FORTIFY_SOURCE implementation.
Probably for good, FORTIFY_SOURCE and this particular GCCism were never
well supported by clang or other compilers. Furthermore, the technology
has long since been replaced by either static checkers, sanitizers, or
even just the strong stack protector that was enabled by default.
Drop __gnu_inline to avoid cluttering the headers.
np [Sat, 14 Jan 2017 15:43:04 +0000 (15:43 +0000)]
MFC r311831 and r311832.
r311831:
cxgbe(4): The wraparound logic in start_wrq_wr() should not get involved
in work requests that end at the end of the descriptor ring, even though
the pidx wraps around to 0.
r311832:
cxgbe(4): Enable automatic cidx flush for all control queues.
ngie [Sat, 14 Jan 2017 10:23:05 +0000 (10:23 +0000)]
MFC r309464:
Expect 01:main to fail
Changes were made to ZFS in the past year with respect to how ACLs
are handled, causing failures in this test. Mark it TODO so (hopefully)
someone more knowledgeable (like mav or trasz) will fix the code or the
test.
arybchik [Sat, 14 Jan 2017 10:16:36 +0000 (10:16 +0000)]
MFC r311877
sfxge(4): avoid unnecessary mbuf data prefetch
Unnecessary prefetch just loads HW prefetcher and displaces other
cache entries (which could be really useful).
If we parse mbuf for TSO early and use firmware-assisted TSO, we do not
expect mbuf data access when we compose firmware-assisted TSO (v1 or v2)
option descriptors. If packet header needs to be linearized or finally
FATSO cannot be used because of, for example, too big header, we do not
care about a bit more performance degradation because of prefetch
absence (it is better to optimize more common case).
np [Sat, 14 Jan 2017 04:24:49 +0000 (04:24 +0000)]
MFC r311569, r311657, and r311949.
r311569:
Fix comment in t4_tom. No functional change.
r311657:
cxgbe/t4_tom: Fix tid accounting. An offloaded IPv6 connection uses 2
tids, not 1, in the hardware.
r311949:
cxgbe/tom: Add VIMAGE support to the TOE driver.
Active Open:
- Save the socket's vnet at the time of the active open (t4_connect) and
switch to it when processing the reply (do_act_open_rpl or
do_act_establish).
Passive Open:
- Save the listening socket's vnet in the driver's listen_ctx and switch
to it when processing incoming SYNs for the socket.
- Reject SYNs that arrive on an ifnet that's not in the same vnet as the
listening socket.
CLIP (Compressed Local IPv6) table:
- Add only those IPv6 addresses to the CLIP that are in a vnet
associated with one of the card's ifnets.
Misc:
- Set vnet from the toepcb when processing TCP state transitions.
- The kernel sets the vnet when calling the driver's output routine
so t4_push_frames runs in proper vnet context already. One exception
is when incoming credits trigger tx within the driver's ithread. Set
the vnet explicitly in do_fw4_ack for that case.
jhb [Fri, 13 Jan 2017 21:30:18 +0000 (21:30 +0000)]
MFC 309589: Rework syscall structure lookups.
Avoid always using an O(n^2) loop over known syscall structures with
strcmp() on each system call. Instead, use a per-ABI cache indexed by
the system call number. The first 1024 system calls (which should cover
all of the normal system calls in currently-supported ABIs) use a flat array
indexed by the system call number to find system call structure. For other
system calls, a linked list of structures storing an integer to structure
mapping is stored in the ABI. The linked list isn't very smart, but it
should only be used by buggy applications invoking unknown system calls.
This also fixes handling of unknown system calls which currently trigger
a NULL pointer dereference.
lwhsu [Fri, 13 Jan 2017 19:22:22 +0000 (19:22 +0000)]
MFC r311881:
Replace using of objdump with elfdump
In-tree objdump is too old to dump new ELF headers. But for example if we
use: `make CROSS_TOOLCHAIN=riscv64-gcc TARGET_ARCH=riscv64` and do not specify
CROSS_BINUTILS_PREFIX in env, embed_mfs.sh cannot find the correct objdump.
This patch just replaces using of objdump with elfdump to collect needed
information.
Later we may also put an ELFDUMP in CROSSENV and use it in embed_mfs.sh .
amdmi3 [Fri, 13 Jan 2017 10:28:26 +0000 (10:28 +0000)]
MFC r310718:
bzip2 does not exit after showing license as requested with --version
or --license as most apps would do, instead it waits for data to
compress on stdin. Because of that, if `bzip2 --version' is called,
bogus `bzip2: I won't write compressed data to a terminal' error
message will be displayed, and checking for bzip2 version in scripts
as in
bzip2 --version 2>&1 | grep -o "Version [^,]*"
will hand as bzip2 would wait for data to compress on stdin. Fix
this by exiting right after showing version/license text.
I've tried to push this upstream for more than a year, but author
is unresponsive, so upstream may be considered dead.
ngie [Fri, 13 Jan 2017 09:19:09 +0000 (09:19 +0000)]
MFC r311381:
lsock_init_port: address issues with initializing sockaddr_un object
- Use strlcpy to ensure p->name doesn't overflow sa.sun_path [*].
- Use SUN_LEN(..) instead of spelling out calculation longhand (inspired
by comment by jmallett).
Tested with: dgram and stream support with both bsnmpwalk and snmpwalk
ngie [Fri, 13 Jan 2017 09:11:11 +0000 (09:11 +0000)]
MFC r310586,r310587,r310588:
r310586:
Refactor transport sources a bit to facilitate changes coming down pipeline
Add recv callback to transport layer to better facilitate code reuse and
readability and for symmetry with send callback. Move recv_dgram and
recv_stream to udp_recv and lsock_recv, respectively, and make the
beforementioned functions recv callbacks for the udp and lsock transports,
respectively.
Consolidate the check_priv* functions in their relevant trans*.c source to
limit scope/use.
Note: this code is roughly based content from the submitter, although this
was modified to be more of a direct move from snmpd/main.c to the trans_*.c
sources, and to reduce unnecessary static function declarations.
r310587:
Fix definition for recv_dgram(..); it should be "ssize_t", not "int"
I'm not sure why this wasn't flagged as an issue by the compiler, yet
r310588:
Fix return type for `ret` (recv callback) and sort variables by alignment
Again, for reasons I don't yet understand, this is not being flagged by the
compiler. Unlike the issue addressed in r310587, this problem existed prior
to r310586
ngie [Fri, 13 Jan 2017 09:04:26 +0000 (09:04 +0000)]
MFC r311378:
lm_load: fix string copying issues
- Ensure `section` doesn't overrun section by using strlcpy instead of
strcpy [*].
- Use strdup instead of malloc + strcpy (this wasn't flagged by Coverity,
but is an opportunistic change).
ngie [Fri, 13 Jan 2017 08:59:08 +0000 (08:59 +0000)]
MFC r310892,r310894,r310989:
r310892:
Don't call snmp_pdu_free(..) until finished with the pdu and when ready to
allocate a new one via snmp_pdu_create(..)
This fixes bsnmpwalk, so it no longer crashes after r310729
r310894:
snmp_pdu_free the right object at the right time in snmptool_walk
r310892 was on the right track, but unfortunately it was resolving
the problem incorrectly and accidentally leaking memory in the
process.
- Call snmp_pdu_free on req before calling snmp_pdu_create on it
at the bottom of the outer while loop
- Call snmp_pdu_free on resp after calling snmpwalk_nextpdu_create
in the inner loop
r310989:
Call snmp_pdu_free on req/resp with a consistent, correct pattern
- snmp_pdu_free should be called before snmp_pdu_create is called
again
- snmp_pdu_free should be called on the resp to snmp_dialog when
successful
ngie [Fri, 13 Jan 2017 08:55:41 +0000 (08:55 +0000)]
MFC r310729:
Prevent improper memory accesses after calling snmp_pdu_free and snmp_value_free
snmp_pdu_free: set pdu->nbindings to 0 to limit the damage that
could happen if a pdu was reused after calling the function, and
as both stack and heap allocation types are used in contrib/bsnmp
and usr.sbin/bsnmpd.
snmp_value_free: NULL out value->v.octetstring.octets after calling
free on it to prevent a double-free from occurring.
bridge_do_pfctl: allocate mib_name dynamically using asprintf
This is being done to reduce wasted space, simplify complexity in
the code, and to quell a Coverity warning about buffer overruns.
warning about buffer overruns.
ngie [Fri, 13 Jan 2017 08:48:20 +0000 (08:48 +0000)]
MFC r311268:
Clarify lifetime of child(..) function
Ensure child exits when complete as it's always run in a forked
process.
Add a missing break statement in :pselect_sigmask when calling
child(..) for clarity and to avoid weird domino effects if the
child process somehow does something it's not supposed to do
with the logfiles, file descriptors, etc
jhb [Thu, 12 Jan 2017 22:06:57 +0000 (22:06 +0000)]
MFC 307538,307948,308602,308603,311151: Move kdump's mksubr into libsysdecode.
307538:
Move mksubr from kdump into libsysdecode.
Restructure this script so that it generates a header of tables instead
of a source file. The tables are included in a flags.c source file which
provides functions to decode various system call arguments.
For functions that decode an enumeration, the function returns a pointer
to a string for known values and NULL for unknown values.
For functions that do more complex decoding (typically of a bitmask), the
function accepts a pointer to a FILE object (open_memstream() can be used
as a string builder) to which decoded values are written. If the
function operates on a bitmask, the function returns true if any bits
were decoded or false if the entire value was valid. Additionally, the
third argument accepts a pointer to a value to which any undecoded bits
are stored. This pointer can be NULL if the caller doesn't care about
remaining bits.
Convert kdump over to using decoder functions from libsysdecode instead of
mksubr. truss also uses decoders from libsysdecode instead of private
lookup tables, though lookup tables for objects not decoded by kdump remain
in truss for now. Eventually most of these tables should move into
libsysdecode as the automated table generation approach from mksubr is
less stale than the static tables in truss.
Some changes have been made to truss and kdump output:
- The flags passed to open() are now properly decoded in that one of
O_RDONLY, O_RDWR, O_WRONLY, or O_EXEC is always included in a decoded
mask.
- Optional arguments to open(), openat(), and fcntl() are only printed
in kdump if they exist (e.g. the mode is only printed for open() if
O_CREAT is set in the flags).
- Print argument to F_GETLK/SETLK/SETLKW in kdump as a pointer, not int.
- Include all procctl() commands.
- Correctly decode pipe2() flags in truss by not assuming full
open()-like flags with O_RDONLY, etc.
- Decode file flags passed to *chflags() as file flags (UF_* and SF_*)
rather than as a file mode.
- Fix decoding of quotactl() commands by splitting out the two command
components instead of assuming the raw command value matches the
primary command component.
In addition, truss and kdump now build without triggering any warnings.
All of the sysdecode manpages now include the required headers in the
synopsis.
307948:
Use binary and (&) instead of logical to extract the mask of a capability.
308602:
Generate and use a proper .depend file for tables.h.
308603:
Move libsysdecode-specific hack out of buildworld.
This should fix the lib32 build since it was not removing the generated
ioctl.c. This file is generated by a find(1) call, so cannot use normal
dependency tracking methods.
311151:
Update libsysdecode for getfsstat() 'flags' argument changing to 'mode'.
As a followup to r310638, update libsysdecode (and kdump) to decode the
'mode' argument to getfsstat(). sysdecode_getfsstat_flags() has been
renamed to sysdecode_getfsstat_mode() and now treats the argument as an
enumerated value rather than a mask of flags.
asomers [Thu, 12 Jan 2017 21:41:00 +0000 (21:41 +0000)]
MFC r310118
Fix ls_tests:o_flag with ZFS TMPDIR
Unlike UFS or TMPFS, ZFS sets uarch automatically whenever a file is
updated. The test must explicitly clear uarch to be portable across
filesystems. Also, it doesn't need to run as root.
dim [Wed, 11 Jan 2017 21:01:49 +0000 (21:01 +0000)]
MFC r311688:
Fix logic error in gvinum's gv_set_sd_state()
With clang 4.0.0, I'm getting the following warnings:
sys/geom/vinum/geom_vinum_state.c:186:7: error: logical not is only
applied to the left hand side of this bitwise operator
[-Werror,-Wlogical-not-parentheses]
if (!flags & GV_SETSTATE_FORCE)
^ ~
The logical not operator should obiously be called after masking.
dim [Wed, 11 Jan 2017 20:55:01 +0000 (20:55 +0000)]
MFC r311570:
In tcpdump's print-tcp.c, avoid increasing alignment when taking the
addresses of members of struct ip, which is packed. Since the pointers
are only used for memcmp'ing, they can be pointing to void instead.
Note that upstream has removed the src and dst variables, in the mean
time.
dim [Wed, 11 Jan 2017 20:45:27 +0000 (20:45 +0000)]
MFC r311649:
Fix the following clang 4.0.0 warning in ngatm's snmp_atm.c:
contrib/ngatm/snmp_atm/snmp_atm.c:173:6: error: logical not is only
applied to the left hand side of this bitwise operator
[-Werror,-Wlogical-not-parentheses]
if (!ifmr.ifm_status & IFM_AVALID) {
^ ~
Obviously, the masking needs to be done before the logical not
operation. Add parentheses to make it so.
dim [Wed, 11 Jan 2017 20:29:58 +0000 (20:29 +0000)]
MFC r311530:
Fix clang 4.0.0 warnings about taking the address of a packed member of
struct ip in ping(8):
sbin/ping/ping.c:1684:53: error: taking address of packed member
'ip_src' of class or structure 'ip' may result in an unaligned pointer
value [-Werror,-Waddress-of-packed-member]
(void)printf(" %s ", inet_ntoa(*(struct in_addr *)&ip->ip_src.s_addr));
^~~~~~~~~~~~~~~~~
sbin/ping/ping.c:1685:53: error: taking address of packed member
'ip_dst' of class or structure 'ip' may result in an unaligned pointer
value [-Werror,-Waddress-of-packed-member]
(void)printf(" %s ", inet_ntoa(*(struct in_addr *)&ip->ip_dst.s_addr));
^~~~~~~~~~~~~~~~~
dim [Wed, 11 Jan 2017 20:21:05 +0000 (20:21 +0000)]
MFC r311565:
Link llvm-ar to llvm-ranlib, if WITH_CLANG_EXTRAS is enabled. When
invoked as llvm-ranlib, it can create an archive symbol table for
archives of objects compiled for LTO by an LLVM compiler.
Submitted by: Dan McGregor <danismostlikely@gmail.com>
MFC r311806:
After r311565, also remove llvm-ranlib from ObsoleteFiles.inc.
emaste [Wed, 11 Jan 2017 00:50:19 +0000 (00:50 +0000)]
MFC r310702: btxldr: process all PT_LOAD segments, not just the first two
With default settings GNU ld generates two PT_LOADs for loader.sym while
LLD generates three, because it creates a rodata segment. Previously
btxldr terminated phdr processing after two PT_LOADs. Remove the early
termination to process all PT_LOADs.
mav [Tue, 10 Jan 2017 19:15:07 +0000 (19:15 +0000)]
MFC r309251: Process port interrupt even is PxIS register is zero.
ASMedia ASM1062 AHCI chips with some fancy firmware handling PMP inside
seems sometimes forgeting to set bits in PxIS, causing command timeouts.
Removal of this check fixes the issue by the theoretical cost of slightly
higher CPU usage in some odd cases, but this is what Linux does too.
ae [Tue, 10 Jan 2017 16:30:56 +0000 (16:30 +0000)]
MFC r310258:
ip[6]_tryforward does inbound and outbound packet firewall processing.
This can lead to change of mbuf pointer (packet filter could do m_pullup(),
NAT, etc). Also in case of change of destination address, tryforward can
decide that packet should be handled by local system. In this case modified
mbuf can be returned to the ip[6]_input(). To handle this correctly, check
M_FASTFWD_OURS flag after return from ip[6]_tryforward. And if it is present,
update variables that depend from mbuf pointer and skip another inbound
firewall processing.
jhb [Mon, 9 Jan 2017 23:43:42 +0000 (23:43 +0000)]
MFC 306565,306566: Use timercmp() and timersub() in kdump.
306565:
Use timercmp() and timersub() in kdump.
Previously, kdump used the kernel-only timervalsub() macro which required
defining _KERNEL when including <sys/time.h>. Now, kdump uses the existing
userland API. The timercmp() usage to check for a backwards timestamp is
also clearer and simpler than the previous code which checked the result of
the subtraction for a negative value.
While here, take advantage of the 3-arg timersub() to store the subtraction
results in a tempory timeval instead of overwriting the timestamp in the
ktrace record and then having to restore it.
306566:
Don't declare the 'temp' timeval as static.
dim [Mon, 9 Jan 2017 20:13:50 +0000 (20:13 +0000)]
MFC r311459:
Put proper prototypes in tcpd.h
Clang 4.0.0 complains about tcpd.h's not-really-prototypes, e.g.:
/usr/include/tcpd.h:75:24: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes]
extern int hosts_access(); /* access control */
^
To fix this, turn these declarations into real prototypes. While here,
garbage collect the incompatible rfc931() function from scaffold.c, as
it is never used.
Also remove unnecessary extern keywords from tcpd.h.
Noticed by: kib
MFC r311556:
After r311459, some ports can break, because a few of the newly added
prototypes in <tcpd.h> use FILE. Pull in a minimal forward declaration
of FILE from <stdio.h> to minimize impact. Sorry for the breakage.