r305116: recvtftp() is broken for large files, report file size
r306534: cd9660_open should check for padding
r306538: cstyle fix of cd9660_open in libstand
r306552: Fix remaining cstyle issues in libstand/cd9660.c
r306638: Fix remaining bugs in libstand/cd9660.c reported by Bruce Evans.
r306325 by marcel:
Replace the use of linker sets with constructors for both the
formats and schemes. Formats and schemes are registered at
runtime now, rather than collected at link time.
r306329 by marcel:
Eliminate the use of EDOOFUS. The error code was used to signal
programming errors, but is really a poor substitute for assert.
And less portable as well.
r306330 by marcel:
Avoid depending on the <sys/endian.h> header for le*enc and be*enc.
Not only is the header unportable, the encoding/decoding functions
are as well. Instead, duplicate the handful of small inlines we
need into a private header called endian.h.
Aside: an alternative approach is to move the encoding/decoding
functions to a separate system header. While the header is still
nonportable, such an approach would make it possible to re-use the
definitions by playing games with include paths. This may be the
preferred approach if more (build) utilities need this. This
change does not preclude that. In fact, it makes it easier.
r306333 by marcel:
Portability changes:
1. macOS nor Linux have MAP_NOCORE nor MAP_NOSYNC. Define as 0.
2. macOS doesn't have SEEK_DATA nor SEEK_HOLE. Define as -1
so that lseek will return -1 (with errno set to EINVAL).
3. gcc correctly warns that error is assigned but not used in
image_copyout_region(). Fix by returning on the first error.
r306620 by marcel:
Replace STAILQ with TAILQ. TAILQs are portable enough that they can
be used on both macOS and Linux. STAILQs are not. In particular,
STAILQ_LAST does not next on Linux. Since neither STAILQ_FOREACH_SAFE
nor TAILQ_FOREACH_SAFE exist on Linux, replace its use with a regular
TAILQ_FOREACH. The _SAFE variant was only used for having the next
pointer in a local variable.
r306621 by marcel:
Prefer <stdint.h> over <sys/types.h>. While here remove redundant
inclusion of <sys/queue.h>.
Move the inclusion of the disk partitioning headers out of order
and inbetween standard headers and local header. They will change
in a subsequent commit.
r306622 by marcel:
Replace OFF_MAX with INT64_MAX. The former is defined on Linux.
r307544 by marcel:
o Provide a private definition for UUIDs (mkimg_uuid_t) because
UUIDs are not portable.
o Move mkimg_uuid() to a new file and merge both gpt_uuid_enc()
and vhd_uuid_enc() into a single mkimg_uuid_enc() that lives
in the same file.
o Move the OS-specific implementation of generating a UUID to
osdep_uuidgen() and provide the implementations for FreeBSD,
macOS and Linux.
o Expect the partitioning scheme headers to be found by having
a search to the directory in which the headers live. This
avoids conflicts on non-FreeBSD machines.
r307550 by imp:
Add a new flag to mkimg (-a num) to specify the active partition for
those partitioning schemes that have this concept. Implement it as an
override for mbr's setting 0x80 in the flags for the first partition
when we have boot code.
r318137:
mkimg: Add -C argument to specify maximum capacity
Add a -C option to specify a maximum capacity for the final image file.
It is useful to control the size of the generated image for sdcard or
when we will add dynamic size partition.
Add --capacity which is a shorthand to define min and max capacity at
the same time.
r319125:
mkimg: Correct an off by one error in the PMBR size
The PMBR last sector should be number of sector - 1 (As stated in UEFI Spec
2.6 page 118 table 17).
This fixes warning printed by linux tools like parted or fdisk.
Sponsored by: Gandi.net
r319295 by ngie:
Update the usr.bin/mkimg golden test output files after ^/head@r319125
^/head@r319125 changed the location of the backup pmbr, requiring the
output files to be regenerated, since they're binary disk dumps.
The output files were regenerated with "make rebase"--fixed in
^/head@r319294.
mav [Fri, 9 Feb 2018 03:07:12 +0000 (03:07 +0000)]
MFC r328611: Try to preallocate receive memory early.
We may not have enough contiguous memory later, when NTB connection get
established. It is quite likely that NTB windows are symmetric and this
allocation remain, but even if not, we will just reallocate it later.
kevans [Thu, 8 Feb 2018 17:14:56 +0000 (17:14 +0000)]
MFC r309062: Release laundered vnode pages to the head of the inactive
queue.
The swap pager enqueues laundered pages near the head of the inactive queue
to avoid another trip through LRU before reclamation. This change adds
support for this behaviour to the vnode pager and makes use of it in UFS and
ext2fs. Some ioflag handling is consolidated into a common subroutine so
that this support can be easily extended to other filesystems which make use
of the buffer cache. No changes are needed for ZFS since its putpages
routine always undirties the pages before returning, and the laundry
thread requeues the pages appropriately in this case.
iw_cxgbe: Manually backport changes related to QP flush. This fixes a
panic where poll_cq sees an empty RQ while processing an incoming SEND
for a QP that is being taken down.
r303555: bcache should support reads shorter than sector size
r303556: Improve boot loader quote parsing
r303936: Add kernel environment variables under smbios.system
r303962: Add the missing space between .asciz directive and opening quote
for some lines with #ifdef BTXLDR_VERBOSE/#endif
r304317: boot1.efi Free() should check for NULL to provide consistent
behavior
r304532: Replace sprintf -> snprintf for command_errbuf provisioned from
dynamic content.
r305026: Emulate efi_cons_poll when WaitForKey is not available
r305107: Create a hook 'post-initialize' for people that want to define
something to read in .conf files after all other .conf files for the purpose
of overriding.
jhb [Thu, 8 Feb 2018 00:59:56 +0000 (00:59 +0000)]
MFC 319454: Honor the requested crid when running a test.
Otherwise, the kernel is free to choose an aribtrary crypto device
rather than the requested device subverting tests that force the use
of a specific device.
hselasky [Wed, 7 Feb 2018 18:17:10 +0000 (18:17 +0000)]
MFC r328436 and r328731:
Decouple Linux files from the belonging character device right after open
in the LinuxKPI. This is done by calling finit() just before returning a magic
value of ENXIO in the "linux_dev_fdopen" function.
The Linux file structure should mimic the BSD file structure as much as
possible. This patch decouples the Linux file structure from the belonging
character device right after the "linux_dev_fdopen" function has returned.
This fixes an issue which allows a Linux file handle to exist after a
character device has been destroyed and removed from the directory index
of /dev. Only when the reference count of the BSD file handle reaches zero,
the Linux file handle is destroyed. This fixes use-after-free issues related
to accessing the Linux file structure after the character device has been
destroyed.
While at it add a missing NULL check for non-present file operation.
Calling a NULL pointer will result in a segmentation fault.
Fix some recent regressions after r328436 in the LinuxKPI:
1) The OPW() function macro should have the same return type like the
function it executes.
2) The DEVFS I/O-limit should be enforced for all character device reads
and writes.
3) The character device file handle should be passable, same as for
DEVFS based file handles.
r306325 by marcel:
Replace the use of linker sets with constructors for both the
formats and schemes. Formats and schemes are registered at
runtime now, rather than collected at link time.
r306329 by marcel:
Eliminate the use of EDOOFUS. The error code was used to signal
programming errors, but is really a poor substitute for assert.
And less portable as well.
r306330 by marcel:
Avoid depending on the <sys/endian.h> header for le*enc and be*enc.
Not only is the header unportable, the encoding/decoding functions
are as well. Instead, duplicate the handful of small inlines we
need into a private header called endian.h.
Aside: an alternative approach is to move the encoding/decoding
functions to a separate system header. While the header is still
nonportable, such an approach would make it possible to re-use the
definitions by playing games with include paths. This may be the
preferred approach if more (build) utilities need this. This
change does not preclude that. In fact, it makes it easier.
r306333 by marcel:
Portability changes:
1. macOS nor Linux have MAP_NOCORE nor MAP_NOSYNC. Define as 0.
2. macOS doesn't have SEEK_DATA nor SEEK_HOLE. Define as -1
so that lseek will return -1 (with errno set to EINVAL).
3. gcc correctly warns that error is assigned but not used in
image_copyout_region(). Fix by returning on the first error.
r306620 by marcel:
Replace STAILQ with TAILQ. TAILQs are portable enough that they can
be used on both macOS and Linux. STAILQs are not. In particular,
STAILQ_LAST does not next on Linux. Since neither STAILQ_FOREACH_SAFE
nor TAILQ_FOREACH_SAFE exist on Linux, replace its use with a regular
TAILQ_FOREACH. The _SAFE variant was only used for having the next
pointer in a local variable.
r306621 by marcel:
Prefer <stdint.h> over <sys/types.h>. While here remove redundant
inclusion of <sys/queue.h>.
Move the inclusion of the disk partitioning headers out of order
and inbetween standard headers and local header. They will change
in a subsequent commit.
r306622 by marcel:
Replace OFF_MAX with INT64_MAX. The former is defined on Linux.
r307387 by marcel:
Switch to using the portable partition scheme headers.
r307544 by marcel:
o Provide a private definition for UUIDs (mkimg_uuid_t) because
UUIDs are not portable.
o Move mkimg_uuid() to a new file and merge both gpt_uuid_enc()
and vhd_uuid_enc() into a single mkimg_uuid_enc() that lives
in the same file.
o Move the OS-specific implementation of generating a UUID to
osdep_uuidgen() and provide the implementations for FreeBSD,
macOS and Linux.
o Expect the partitioning scheme headers to be found by having
a search to the directory in which the headers live. This
avoids conflicts on non-FreeBSD machines.
r307550 by imp:
Add a new flag to mkimg (-a num) to specify the active partition for
those partitioning schemes that have this concept. Implement it as an
override for mbr's setting 0x80 in the flags for the first partition
when we have boot code.
r318137:
mkimg: Add -C argument to specify maximum capacity
Add a -C option to specify a maximum capacity for the final image file.
It is useful to control the size of the generated image for sdcard or
when we will add dynamic size partition.
Add --capacity which is a shorthand to define min and max capacity at
the same time.
r319125:
mkimg: Correct an off by one error in the PMBR size
The PMBR last sector should be number of sector - 1 (As stated in UEFI Spec
2.6 page 118 table 17).
This fixes warning printed by linux tools like parted or fdisk.
Sponsored by: Gandi.net
r319295 by ngie:
Update the usr.bin/mkimg golden test output files after ^/head@r319125
^/head@r319125 changed the location of the backup pmbr, requiring the
output files to be regenerated, since they're binary disk dumps.
The output files were regenerated with "make rebase"--fixed in
^/head@r319294.
hselasky [Wed, 7 Feb 2018 15:06:54 +0000 (15:06 +0000)]
MFC r328237:
Use the __alloc_size2 attribute where relevant.
This follows the documented use in GCC. It is basically only relevant for
calloc(3), reallocarray(3) and mallocarray(9).
NOTE: Without this change clang 5.0.1 can produce incorrect optimisation
code for static processing of data using the allocated object. For example
this has been seen compiling the mlx4 core module, which allocates a
fixed size array which is then sorted by a fixed order loop. The
optimised result, -O2, is incorrect unless this patch is in place.
Suggested by: Mark Millard
Reference: https://docs.freebsd.org/cgi/mid.cgi?9DE674C6-EAA3-4E8A-906F-446E74D82FC4
MFC r328326:
When IPv6 packet is handled by O_REJECT opcode, convert ICMP code
specified in the arg1 into ICMPv6 destination unreachable code according
to RFC7915.
kevans [Tue, 6 Feb 2018 18:01:41 +0000 (18:01 +0000)]
MFC r308774: loader: beri_sdcard_disk_print() needs to return int.
r308434 did change the return type for dv_print callbacks, but the return
type for beri_sdcard_disk_print() was left unchanged, causing compile errors.
kevans [Tue, 6 Feb 2018 14:04:39 +0000 (14:04 +0000)]
MFC r325116,r325515: Stop masking errors during buildenv
MFC r325116(imp): Return proper status from buildenv.
make buildenv BUILDENV_SHELL=<some command> more useful. Remove '||
true' from the command line so that errors are properly
returned. There appears to be no reason for it, and it dates back to
the original commit by ru@.
MFC r325515 (imp): Note interactive shell errors for make buildenv and add a
warning for people tempted to add back the || true to get rid of them.
vangyzen [Mon, 5 Feb 2018 18:56:34 +0000 (18:56 +0000)]
MFC r328552
ND6: Set the correct state for new neighbor cache entries
Restore state 6. Many of the UNH tests end up exercising this
state, where we have a new neighbor cache entry and a new link-layer
entry is being created for it. The link-layer address is currently
unknown so the initial state of the "llentry" should remain initialized
to ND6_LLINFO_NOSTATE so that the ND code will send a solicitation.
Setting this to ND6_LLINFO_STALE implies that the link-level entry
is valid and can be used (but needs to be refreshed via the Neighbor
Unreachability state machine).
pfg [Mon, 5 Feb 2018 15:02:35 +0000 (15:02 +0000)]
MFC r328567:
libedit: sort the Makefile in line with NetBSD's version.
NetBSD's libedit has been been cleaned-up considerably so the
non-widecharacter version is no longer an option. Re-sorting the
Makefile should make it easier for some brave soul trying to update it.
MFC r328770:
Merge r1.120 from NetBSD:
Fix a pretty simple, yet pretty tragic typo: we should return IPPROTO_DONE,
not IPPROTO_NONE. With IPPROTO_NONE we will keep parsing the header chain
on an mbuf that was already freed.
Reported by: Maxime Villard <max at m00nbsd dot net>
kevans [Mon, 5 Feb 2018 04:00:59 +0000 (04:00 +0000)]
MFC r304321,304753,304754,306751,316077,316110:
SHA512, skein, large block support for loader zfs
MFC r304321: Add SHA512, skein, large blocks support for loader zfs.
MFC r304753: loader: zio_checksum_verify() must test spa for NULL pointer
MFC r304754: r304321 broken bhyve zvol VM bhyveload hang 100% WCPU
MFC r306751: Disable loop unrolling in skein for sys/boot
MFC r316077: Unbreak compilation with gcc 4.2.1
MFC r316110: Use `-Wno-missing-declarations` with CWARNFLAGS for skein.c
mav [Fri, 2 Feb 2018 23:22:58 +0000 (23:22 +0000)]
MFC r303468 (by imp):
Move protocol specific stuff into a linker set object that's
per-protocol. This reduces the number scsi symbols references by
cam_xpt significantly, and eliminates all ata / nvme symbols. There's
still some NVME / ATA specific code for dealing with XPT_NVME_IO and
XPT_ATA_IO respectively, and a bunch of scsi-specific code, but this
is progress.
mav [Fri, 2 Feb 2018 23:19:20 +0000 (23:19 +0000)]
MFC r303467 (by imp):
Switch to linker sets to find the xport callback object. This
eliminates the need to special case everything in cam_xpt for new
transports. It is now a failure to not have a transport object when
registering the bus as well. You can still, however, create a
transport that's unspecified (XPT_)
r306395 by br:
Increase timeouts for geli tests. It takes 2-3x more time to proceed the
tests on MIPS64EB in QEMU.
Sponsored by: DARPA, AFRL
Sponsored by: HEIF5
r327346:
Fix potential TOCTTOU bug in the geli tests
This change mostly reverts r293436, which introduced the bug due to a belief
that geli(8) would allocate md(4) devices by itself. However, that belief is
incorrect. Instead of using linear probing to find available md(4) numbers,
it's best to use the existing attach_md function.
r327347:
geli: factor out some common code in the geli tests
No functional change.
Sponsored by: Spectra Logic Corp
r327352:
Fix a harmless typo from r310786
I copy/pasted a reference to an undefined shell variable.
r327353:
geli: fix the resize test on arm64
The resize test used bsdlabel(8), which is not available on all
architectures. Change it to use gpart(8) instead, which should be available
everywhere.
PR: 221763
Reported by: andrew
r327662:
geli: convert most tests from TAP to ATF
I'm leaving readonly_test and nokey_test alone for now. In a future commit
they should be broken up into several smaller test cases and distributed
between multiple files.
The trick is not to destroy an md(4) device during a test. That can create
a "double-free" situation, because we also destroy md devices during test
cleanup.
r327682:
Fix typo from r327666
X-MFC-With: 327666
r327683:
geli: convert remaining TAP tests to ATF
r327685:
geli: optimize tests
Reduce the geli tests' runtime by about a third:
* In integrity_test:copy, use a file-backed md(4) device instead of a
malloc'd one. That way we can corrupt the underlying storage without
needing to detach and reattach the geli device.
* In integrity_test:{copy, hmac, data} and onetime_test:{onetime,
onetime_a}, move reads of /dev/random out of the loop.
kevans [Fri, 2 Feb 2018 21:25:32 +0000 (21:25 +0000)]
MFC r328504: stand/fdt: Consolidate overlay handling a little further
[This is effectively a direct commit to stable/11 due to path restructuring
in HEAD. The diff against HEAD has simply been applied to the old path]
This should have been done as part of r327350, but due to lack of foresight
it came later. In the different places we apply overlays, we duplicate the
bits that check for fdt_overlays in the environment and supplement that with
any other places we need to check for overlays to load. These "other places"
will be loader specific and are not candidates for consolidation.
Provide an fdt_load_dtb_overlays to capture the common logic, allow passing
in an additional list of overlays to be loaded. This additional list of
overlays is used in practice for ubldr to pull in any fdt_overlays passed to
it from U-Boot environment, but it can be used for any other source of
overlays.
These additional overlays supplement loader.conf(5) fdt_overlays, rather
than replace, so that we're not restricted to specifying overlays in only
one place. This is a change from previous behavior where loader.conf(5)
supplied fdt_overlays would cause us to ignore U-Boot environment, and this
seems nonsensical- user should have sufficient control over both of these
aspects, or lack of control for good reasons.
A knob could be considered in the future to ignore U-Boot supplied overlays,
but the supplemental treatment seems like a good start.
mav [Fri, 2 Feb 2018 18:03:14 +0000 (18:03 +0000)]
MFC r307567 (by sbruno): Assert that we're assigning a non-null taskqueue.
ref: https://github.com/NextBSD/NextBSD/commit/535865d02c162e415d7436899cd6db5000a0cc7b
Fix cpu assignment by assuring stride is non-zero, assert that all tasks
have a valid taskqueue.
ref: https://github.com/NextBSD/NextBSD/commit/db398176234fe3ce9f8e8b671f56000f8276feba
New attribute begemotSnmpdCommunityPermission can be used to specify access
rights: 1 means "read-only" access, 2 means "read-write" access. If
attribute is not specified for some index this means "read-only" rights.
Community strings must be unique, i.e. must not be the same for different
indexes.
mav [Thu, 1 Feb 2018 21:23:42 +0000 (21:23 +0000)]
MFC r326937, r326940 (by imp):
When we're disabling the nvme device, some drives have a controller
bug that requires 'hands off' for a period of time (2.3s) before we
check the RDY bit. Sicne this is a very odd quirk for a very limited
selection of drives, do this as a quirk. This prevented a successful
reset of the card when the card wedged.
Also, make sure that we comply with the advice from section 3.1.5 of
the 1.3 spec says that transitioning CC.EN from 0 to 1 when CSTS.RDY
is 1 or transitioning CC.EN from 1 to 0 when CSTS.RDY is 0 "has
undefined results". Short circuit when EN == RDY == desired state.
Finally, fail the reset if the disable fails. This will lead to a
failed device, which is what we want. (note: nda device needs
work for coping with a failed device).
mav [Thu, 1 Feb 2018 21:14:54 +0000 (21:14 +0000)]
MFC r324978: Report only the valid slots in the firmware log page.
Printing the entire log page is causing confusion over available
slots. Report only those slots that are valid. In the case where the
firmware download isn't supported, assume that only the first slot is
valid (I have no hardware to test this assumption though)
mav [Thu, 1 Feb 2018 21:12:09 +0000 (21:12 +0000)]
MFC r323625 (by imp): Allow multiple TRIMs to be done for nda
Don't call cam_iosched_trim_done or cam_iosched_submit_trim for nda
since its hardware can handle almost an arbitrary number of TRIMs and
we don't have to be careful to only ever do one.
mav [Thu, 1 Feb 2018 21:11:17 +0000 (21:11 +0000)]
MFC r322999 (by imp): Fix NVMe's use of XPT_GDEV_TYPE
This patch changes the way XPT_GDEV_TYPE works for NVMe. The current
ccb_getdev structure includes pointers to the NVMe Identify Controller
and Namespace structures, but these are kernel virtual addresses which
are not accessible from user space.
As an alternative, the patch changes the pointers into padding in
ccb_getdev and adds two new types to ccb_dev_advinfo to retrieve the
Identify Controller (CDAI_TYPE_NVME_CNTRL) and Namespace
(CDAI_TYPE_NVME_NS) data structures.
mav [Thu, 1 Feb 2018 21:04:10 +0000 (21:04 +0000)]
MFC r320522 (by imp):
Fix sign of resid and add a mostly useless cast to cope with signed vs
unsigned check warnings from traditional unix code construsts bogusly
flagged as potentially unsafe.
After review by the WDC engineers, improve how we pull down the
so-called 'e6' logs. The 'c6' logs are obsolete and support for them
has been removed because FreeBSD needed to pull them in chunks, which
is incompatible with the 0xc6 opcode implementation. Rather than leave
the code in place that produces bad log pulls, remove it.
mav [Thu, 1 Feb 2018 19:43:51 +0000 (19:43 +0000)]
MFC r314229 (by imp):
Exit with usage if argv[1] is NULL in dispatch. This fixes core dumps
when a command has subcommands, but the user doesn't give the
parameters on the command line.
mav [Thu, 1 Feb 2018 19:41:46 +0000 (19:41 +0000)]
MFC r313259 (by imp):
Use ssize_t instead of uint32_t to prevent warnings about a comparison
with different signs. Due to the promotion rules, this would only
happen on 32-bit platforms.
mav [Thu, 1 Feb 2018 19:40:51 +0000 (19:40 +0000)]
MFC r313258 (by imp):
Add the ability to dump log pages directly in binary to stdout.
Update man page to include this flag, and an example of dumping a
vendor-specific page while I'm here.
mav [Thu, 1 Feb 2018 19:39:29 +0000 (19:39 +0000)]
MFC r313257 (by imp):
Add some descriptions to the man page for the supported log pages as
well as the new wdc commands. Make wdc be an alias for hgst when
specifying the vendor to use to interpret the page.
mav [Thu, 1 Feb 2018 19:37:50 +0000 (19:37 +0000)]
MFC r313191 (by imp):
Implement 5 wdc-specific nvme control options for their HGST drives:
wdc cap-diag Capture diagnostic data from drive
wdc drive-log Capture drive history data from drive
wdc get-crash-dump Retrieve firmware crash dump from drive
mav [Thu, 1 Feb 2018 19:35:34 +0000 (19:35 +0000)]
MFC r313111 (by imp):
Use aligned buffer for the firmware data. Otherwise, when loading a
MAXPHYS bytes of data, the I/O would require MAXPHYS + PAGE_SIZE worth
of pages to do the I/O and we'd hit an assertion in
vm_fault_quick_hold_pages unless MAXPHYS was larger than 1M +
PAGE_SIZE.
mav [Thu, 1 Feb 2018 19:32:45 +0000 (19:32 +0000)]
MFC r309413 (by imp):
Flag the vendor specific pages as such. This allows different decoding
for the same page number as different vendors encode vendor specific
pages differently.
mav [Thu, 1 Feb 2018 19:31:39 +0000 (19:31 +0000)]
MFC r308869 (by imp):
i386 turns out to not have __uint128_t. So confusingly use 64-bit math
instead. Since we're little endian, we can get away with it. Also,
since the counters in quesitons would require billions of iops for
tens of billions of seconds to overflow, and since such data rates are
unlikely for people using i386 for a while, that's OK. The fastest
cards today can't do even a million IOPs.
mav [Thu, 1 Feb 2018 19:30:37 +0000 (19:30 +0000)]
MFC r308856 (by imp):
Decode the Intel-specific Additional SMART data page (0xca) and print
it in human readable form. Include a pointer to the public spec that
was followed to implement this in the code. Samsung also implements
page 0xca on some of their drives, but the format is slighly
different, so the code skips printing zero keys. Samsung's log page
has additional, unknown data after the end of Intel defined data which
isn't displayed.
mav [Thu, 1 Feb 2018 19:30:02 +0000 (19:30 +0000)]
MFC r308848 (by imp):
Remove check for valid log pages. Let the drive tell us which pages
are valid or not. While many pages are reserved in the standard, that
doesn't make them invalid and future versions of the standard may
define then.