kib [Mon, 24 Dec 2012 13:01:07 +0000 (13:01 +0000)]
MFC r240284:
Add a facility for vgone() to inform the set of subscribed mounts
about vnode reclamation. Typical use is for the bypass mounts like
nullfs to get a notification about lower vnode going away.
MFC r241225 (by avg):
mount.h: MNTK_VGONE_UPPER and MNTK_VGONE_WAITER were supposed to be different
kib [Mon, 24 Dec 2012 12:54:12 +0000 (12:54 +0000)]
MFC r240283:
Add MNTK_LOOKUP_EXCL_DOTDOT struct mount flag, which specifies to the
lookup code that dotdot lookups shall override any shared lock
requests with the exclusive one. The flag is useful for filesystems
which sometimes need to upgrade shared lock to exclusive inside the
VOP_LOOKUP or later, which cannot be done safely for dotdot, due to
dvp also locked and causing LOR.
hrs [Mon, 24 Dec 2012 00:40:21 +0000 (00:40 +0000)]
MFC: r232679:
- Clean up extra ${.OBJDIR}.
- Add ${IMAGE} for the supported image files. This fixes the install target
on FreeBSD/pc98.
- Use "mkdir -p" instead of "-mkdir" consistently.
melifaro [Fri, 21 Dec 2012 23:47:22 +0000 (23:47 +0000)]
Merge r238978(approved by luigi), r242631, r242834, r243707
replace inet_ntoa_r with the more standard inet_ntop().
As discussed on -current, inet_ntoa_r() is non standard, has different arguments
in userspace and kernel, and almost unused (no clients in userspace, only
net/flowtable.c, net/if_llatbl.c, netinet/in_pcb.c, netinet/tcp_subr.c
in the kernel)
Use unified print_dyn_rule_flags() function for debugging messages
instead of hand-made printfs in every place.
Simplify sending keepalives.
Prepare ipfw_tick() to be used by other consumers.
Make ipfw dynamic states operations SMP-ready.
* Global IPFW_DYN_LOCK() is changed to per-bucket mutex.
* State expiration is done in ipfw_tick every second.
* No expiration is done on forwarding path.
* hash table resize is done automatically and does not flush all states.
* Dynamic UMA zone is now allocated per each VNET
* State limiting is now done via UMA(9) api.
jh [Fri, 21 Dec 2012 18:25:05 +0000 (18:25 +0000)]
MFC r243333:
- Don't pass geom and provider names as format strings.
- Add __printflike() attributes.
- Remove an extra argument for the g_new_geomf() call in swapongeom_ev().
ae [Thu, 20 Dec 2012 11:10:23 +0000 (11:10 +0000)]
MFC r244360:
Use M_PROTO7 flag for M_IP6_NEXTHOP, because M_PROTO2 was used for
M_AUTHIPHDR.
MFC r244365:
Since we use different flags to detect tcp forwarding, and we share the
same code for IPv4 and IPv6 in tcp_input, we should check both
M_IP_NEXTHOP and M_IP6_NEXTHOP flags.
MFC r244386 (by glebius):
Clear correct flag in INET6 case.
MFC r244387 (by glebius):
Fix !INET6 build after r244365.
dim [Wed, 19 Dec 2012 16:22:46 +0000 (16:22 +0000)]
MFC r243572:
Pull in r168610 from upstream libc++:
When using libc++ headers on FreeBSD, in combination with -std=c++98,
-ansi or -std=c++03, the long long type is not supported. So in this
case, several functions and types, like lldiv_t, strtoll(), are not
declared.
This should make it possible to use the libc++ headers in c++98 mode.
Note: libc++ is originally designed as a c++0x or higher library, so you
should still take care when using it with c++98 or c++03.
dim [Wed, 19 Dec 2012 12:19:45 +0000 (12:19 +0000)]
MFC r243907:
Fix an old bug in devd, where it uses std::sort() to sort the various
lists it reads from its configuration files on the priority field.
Because some items in the lists have the same priority, and std::sort()
is not stable, the exact order in which the items are enumerated does
not have to correspond to the order they appear in the configuration
files.
Apparently this was never noticed with libstdc++, but with libc++ it
could cause the "uhid" entry from /etc/devd/usb.conf to be used instead
of the "ums" entry (which is earlier in the file). This caused the
problem described in the PR: the USB mouse module was never loaded, and
the other actions (such as starting moused) were not executed.
To fix the problem, make devd use std:stable_sort() instead.
Reported by: Jan Beich <jbeich@tormail.org>
PR: bin/172958
rwatson [Tue, 18 Dec 2012 14:32:53 +0000 (14:32 +0000)]
Merge r244181 from head to stable/9:
Fix the location of auditdistd configuration file.
Reported by: Johan Hendriks <joh.hendriks@gmail.com>
Merge remaining unmerged portions of r243752 from head to stable/9; parts
adding the new 'auditdistd' user were previously merged in r243947:
Merge a number of changes required to hook up OpenBSM 1.2-alpha2's
auditdistd (distributed audit daemon) to the build:
- Manual cross references
- Makefile for auditdistd
- rc.d script, rc.conf entrie
- New group and user for auditdistd; associated aliases, etc.
The audit trail distribution daemon provides reliable,
cryptographically protected (and sandboxed) delivery of audit tails
from live clients to audit server hosts in order to both allow
centralised analysis, and improve resilience in the event of client
compromises: clients are not permitted to change trail contents
after submission.
Submitted by: pjd
Sponsored by: The FreeBSD Foundation (auditdistd)
rwatson [Tue, 18 Dec 2012 14:31:55 +0000 (14:31 +0000)]
Apply minor local adjustment to OpenBSM's parse.y due to differences in Yacc
between 10-CURRENT and 9-STABLE; this will allow the soon-to-be-connected
auditdistd to build on 9.x.
rwatson [Tue, 18 Dec 2012 10:34:18 +0000 (10:34 +0000)]
Merge r243800 from head to stable/9:
Specifically point at the Handbook instructions for world updates in
UPDATING by URL.
As there has been some confusion over the need to run "mergemaster -p",
part of our standard upgrade procedure, following the recent addition of
an "auditdistd" user, add a note about it to UPDATING explicitly.
rwatson [Tue, 18 Dec 2012 10:23:58 +0000 (10:23 +0000)]
Merge r243751 from head to stable/9:
Merge OpenBSM 1.2-alpha2 changes from contrib/openbsm to
src/sys/{bsm,security/audit}. There are a few tweaks to help with the
FreeBSD build environment that will be merged back to OpenBSM. No
significant functional changes appear on the kernel side.
Obtained from: TrustedBSD Project
Sponsored by: The FreeBSD Foundation (auditdistd)
rwatson [Tue, 18 Dec 2012 09:32:44 +0000 (09:32 +0000)]
Merge OpenBSM 1.2-alpha3 from head to stable/9, upgrading from the previous
OpenBSM 1.1p2:
OpenBSM 1.2 alpha 3
- Various minor tweaks to the auditdistd build to make it fit the FreeBSD
build environment better.
- AUE_WAIT6 merged from FreeBSD 9.
OpenBSM 1.2 alpha 2
- auditdistd, a distributed audit trail management daemon, has now been
merged. This allows trail files to be securely and reliably synced from
audited hosts to an audit server, and employs TLS encryption. Where
available, it uses Capsicum to sandbox the service. This work was
contributed by Pawel Jakub Dawidek under sponsorship from the FreeBSD
Foundation.
OpenBSM 1.2 alpha 1
- Add Capsicum-related error numbers for FreeBSD: ENOTCAPABLE, ECAPMODE.
- Add Capsicum, process descriptor audit events for FreeBSD.
- Allow 0% minspace.
- Fixes from the clang static analyser.
- Fix expiration of trail files when the host parameter is used.
- Various typo fixes.
- Support for Solaris privilege and privilege set tokens.
- Documentation for getachost(), improvements for getacfilesz().
- Fix a directory descriptor leak that happened when audit trail partitions
filled.
- Support for more Linux distributions with a partial contemporary endian.h.
- Improved escaping of XML-encapsulated BSM.
- A variety of minor documentation, style, and functional.
A separate commit will merge build changes to enable auditdistd, etc.
Obtained from: TrustedBSD Project
Sponsored by: The FreeBSD Foundation (auditdistd)
jilles [Mon, 17 Dec 2012 13:03:13 +0000 (13:03 +0000)]
MFC r239151: ftw(): Do not check the maxfds argument against OPEN_MAX.
Apart from the fact that nothing should have OPEN_MAX as a limit (as opposed
to RLIMIT_NOFILE from getrlimit() or _SC_OPEN_MAX from sysconf()), POSIX
does not require us to check this. POSIX does have a requirement on the
application that maxfds not exceed {OPEN_MAX}, but does not require the
implementation to check it ("may fail").
jilles [Mon, 17 Dec 2012 12:26:10 +0000 (12:26 +0000)]
MFC r239150: nftw(): Do not check the maxfds argument against OPEN_MAX.
Apart from the fact that nothing should have OPEN_MAX as a limit (as opposed
to RLIMIT_NOFILE from getrlimit() or _SC_OPEN_MAX from sysconf()), POSIX
does not require us to check this.
delphij [Mon, 17 Dec 2012 06:35:15 +0000 (06:35 +0000)]
Note that the manual page of less(1) says:
Note that a preprocessor cannot output an empty file, since that
is interpreted as meaning there is no replacement, and the origi-
nal file is used. To avoid this, if LESSOPEN starts with two ver-
tical bars, the exit status of the script becomes meaningful. If
the exit status is zero, the output is considered to be replace-
ment text, even if it empty. If the exit status is nonzero, any
output is ignored and the original file is used. For compatibil-
ity with previous versions of less, if LESSOPEN starts with only
one vertical bar, the exit status of the preprocessor is ignored.
Use two pipe symbols for zless, so that zless'ing a compressed empty
file will give output rather than being interpreted as its compressed
form, which is typically a binary.
Thanks Mark Nudelman for pointing out this difference and the
suggested solution.
Remove redundant call to AUDIT_ARG_UPATH1().
Path will be remembered by the following NDINIT(AUDITVNODE1) call.
Sponsored by: The FreeBSD Foundation (auditdistd)
r243720:
IFp4 @208381:
For VOP_GETATTR() we just need vnode to be shared-locked.
Sponsored by: The FreeBSD Foundation (auditdistd)
r243722:
IFp4 @208382:
Currently on each record write we call VFS_STATFS() to get available space
on the file system as well as VOP_GETATTR() to get trail file size.
We can assume that trail file is only updated by the audit worker, so instead
of asking for file size on every write, get file size on trail switch only
(it should be zero, but it's not expensive) and use global variable audit_size
protected by the audit worker lock to keep track of trail file's size.
This eliminates VOP_GETATTR() call for every write. VFS_STATFS() is satisfied
from in-memory data (mount->mnt_stat), so shouldn't be expensive.
Sponsored by: The FreeBSD Foundation (auditdistd)
r243723:
IFp4 @208383:
Currently when we discover that trail file is greater than configured
limit we send AUDIT_TRIGGER_ROTATE_KERNEL trigger to the auditd daemon
once. If for some reason auditd didn't rotate trail file it will never
be rotated.
Change it by sending the trigger when trail file size grows by the
configured limit. For example if the limit is 1MB, we will send trigger
on 1MB, 2MB, 3MB, etc.
This is also needed for the auditd change that will be committed soon
where auditd may ignore the trigger - it might be ignored if kernel
requests the trail file to be rotated too quickly (often than once a second)
which would result in overwriting previous trail file.
Sponsored by: The FreeBSD Foundation (auditdistd)
r243726:
IFp4 @208451:
Fix path handling for *at() syscalls.
Before the change directory descriptor was totally ignored,
so the relative path argument was appended to current working
directory path and not to the path provided by descriptor, thus
wrong paths were stored in audit logs.
Now that we use directory descriptor in vfs_lookup, move
AUDIT_ARG_UPATH1() and AUDIT_ARG_UPATH2() calls to the place where
we hold file descriptors table lock, so we are sure paths will
be resolved according to the same directory in audit record and
in actual operation.
Sponsored by: The FreeBSD Foundation (auditdistd)
Reviewed by: rwatson
rmacklem [Sun, 16 Dec 2012 14:01:56 +0000 (14:01 +0000)]
MFC: r243782
Add an nfssvc() option to the kernel for the new NFS client
which dumps out the actual options being used by an NFS mount.
This will be used to add a "-m" option to nfsstat(1).
glebius [Sat, 15 Dec 2012 08:29:22 +0000 (08:29 +0000)]
Merge from head r244157:
Fix a crash in tcp_input(), that happens when mbuf has a fwd_tag on it,
but later after processing and freeing the tag, we need to jump back again
to the findpcb label. Since the fwd_tag pointer wasn't NULL we tried to
process and free the tag for second time.
kib [Thu, 13 Dec 2012 06:17:05 +0000 (06:17 +0000)]
MFC r242958:
Add the wait6(2) system call. It takes POSIX waitid()-like process
designator to select a process which is waited for. The system call
optionally returns siginfo_t which would be otherwise provided to
SIGCHLD handler, as well as extended structure accounting for child
and cumulative grandchild resource usage.
Allow to get the current rusage information for non-exited processes
as well, similar to Solaris.
The explicit WEXITED flag is required to wait for exited processes,
allowing for more fine-grained control of the events the waiter is
interested in.
Fix the handling of siginfo for WNOWAIT option for all wait*(2)
family, by not removing the queued signal state.
PR: standards/170346
MFC r243133:
Style fixes for r242958.
MFC r243134:
Alphabetically reorder the forward-declarations of the structures.
Add the declaration for enum idtype, to be used later.
MFC r243135:
Move the definition of the idtype_t from sys/types.h to sys/wait.h.
Fix the bug, use #if __BSD_VISIBLE instead of #if defined(__BSD_VISIBLE),
since __BSD_VISIBLE is always defined.
Reformat the comments from the Solaris style to KNF.
MFC r243136:
Restore the proper handling of the pid 0 for waitpid(2).
Fix the style around.
gjb [Wed, 12 Dec 2012 01:05:19 +0000 (01:05 +0000)]
MFC r244057, r244059:
r244057:
Get 'uname -r' earlier, so it can be used to determine what branch is
being run to set BSDINSTALL_DISTSITE accordingly. This change allows
non-RELEASE branches to use the FTP snapshots directory for bootonly.iso
installations.
jimharris [Wed, 12 Dec 2012 00:39:04 +0000 (00:39 +0000)]
MFC r243904:
Don't call bus_dmamap_load in CAM_DIR_NONE case, since there is nothing
to map, and technically this isn't allowed.
Functionally, it works OK (at least on x86) to call bus_dmamap_load with
a NULL data pointer and zero length, so this is primarily for correctness
and consistency with other drivers.
While here, remove check in isci_io_request_construct for nseg==0.
Previously, bus_dmamap_load would pass nseg==1, even for case where
buffer is NULL and length = 0, which allowed CAM_DIR_NONE CCBs
to get processed. This check is not correct though, and needed to be
removed both for the changes elsewhere in this patch, as well as jeff's
preliminary bus_dmamap_load_ccb patch (which uncovered all of this in
the first place).
MFC r243503:
Illumos 13879:4eac7a87eff2
3329 spa_sync() spends 10-20% of its time in spa_free_sync_cb()
3330 space_seg_t should have its own kmem_cache
3331 deferred frees should happen after sync_pass 1
3335 make SYNC_PASS_* constants tunable
New loader-only tunables:
vfs.zfs.sync_pass_deferred_free
vfs.zfs.sync_pass_dont_compress
vfs.zfs.sync_pass_rewrite
MFC r243524:
Import the zio nop-write improvement from Illumos. To reduce I/O,
nop-write omits overwriting data if the checksum (cryptographically
secure) of new data matches the checksum of existing data.
It also saves space if snapshots are in use.
It currently works only on datasets with enabled compression, disabled
deduplication and sha256 checksums.
glebius [Mon, 10 Dec 2012 12:47:33 +0000 (12:47 +0000)]
Merge r242474:
Remove separate paragraph on ASCII messages and instead
provide this information along with messages documentation,
like this done in manual pages for other netgraph nodes.
grog [Mon, 10 Dec 2012 03:11:19 +0000 (03:11 +0000)]
MFC to r242840:
Add y flag and environment variable LS_SAMESORT to specify the same
sorting order for time and name with the -t option. IEEE Std 1003.2
(POSIX.2) mandates that the -t option sort in descending order, and
that if two files have the same timestamp, they should be sorted in
ascending order of their names. The -r flag reverses both of these
sort orders, so they're never the same. This creates significant
problems for sequentially named files stored on FAT file systems,
where it can be impossible to list them in the order in which they
were created.
Add , (comma) option to print file sizes grouped and separated by
thousands using the non-monetary separator returned by localeconv(3),
typically a comma or period.
eadler [Mon, 10 Dec 2012 02:33:17 +0000 (02:33 +0000)]
MFC r243084:
Add support for a -q flag. While here make the custom argument parsing
use getopt instead of hacking on it more. This change also fixes the
method of silencing the compiler warning about gfn being used
uninitialized.