rodrigc [Wed, 4 Dec 2013 07:55:49 +0000 (07:55 +0000)]
MFC 258591
In vnet_route_uninit(), free some memory that is allocated in vnet_route_init().
To reproduce the problem:
(1) Take a GENERIC kernel config, and add options for: VIMAGE, WITNESS,
INVARIANTS.
(2) Run this command in a loop:
jail -l -u root -c path=/ name=foo persist vnet && jexec foo ifconfig lo0 127.0.0.1/8 && jail -r foo
rodrigc [Wed, 4 Dec 2013 07:50:18 +0000 (07:50 +0000)]
MFC r258588
In sys/netpfil/ipfw/ip_fw_nat.c:vnet_ipfw_nat_uninit() we call "IPFW_WLOCK(chain);".
This lock gets deleted in sys/netpfil/ipfw/ip_fw2.c:vnet_ipfw_uninit().
Therefore, vnet_ipfw_nat_uninit() *must* be called before vnet_ipfw_uninit(),
but this doesn't always happen, because the VNET_SYSINIT order is the same for both functions.
In sys/net/netpfil/ipfw/ip_fw2.c and sys/net/netpfil/ipfw/ip_fw_nat.c,
IPFW_SI_SUB_FIREWALL == IPFW_NAT_SI_SUB_FIREWALL == SI_SUB_PROTO_IFATTACHDOMAIN
and
IPFW_MODULE_ORDER == IPFW_NAT_MODULE_ORDER
Consequently, if VIMAGE is enabled, and jails are created and destroyed,
the system sometimes crashes, because we are trying to use a deleted lock.
To reproduce the problem:
(1) Take a GENERIC kernel config, and add options for: VIMAGE, WITNESS,
INVARIANTS.
(2) Run this command in a loop:
jail -l -u root -c path=/ name=foo persist vnet && jexec foo ifconfig lo0 127.0.0.1/8 && jail -r foo
(see http://lists.freebsd.org/pipermail/freebsd-current/2010-November/021280.html )
Fix the problem by increasing the value of IPFW_NAT_SI_SUB_FIREWALL,
so that vnet_ipfw_nat_uninit() runs after vnet_ipfw_uninit().
rodrigc [Wed, 4 Dec 2013 07:46:53 +0000 (07:46 +0000)]
MFC r258737
In keg_dtor(), print out the keg name in the "Freed UMA keg was not empty"
message printed to the console. This makes it easier to track down
the source of certain memory leaks.
tuexen [Tue, 3 Dec 2013 20:55:37 +0000 (20:55 +0000)]
MFC r258574:
Only initialize some mutexes for the default VNET.
In r208160, sctp_it_ctl was made a global variable, across all VNETs.
However, sctp_init() is called for every VNET that is created. This results
in the same global mutexes which are part of sctp_it_ctl being initialized. This can result
in crashes if many jails are created.
To reproduce the problem:
(1) Take a GENERIC kernel config, and add options for: VIMAGE, WITNESS,
INVARIANTS.
(2) Run this command in a loop:
jail -l -u root -c path=/ name=foo persist vnet && jexec foo ifconfig lo0 127.0.0.1/8 && jail -r foo
(see http://lists.freebsd.org/pipermail/freebsd-current/2010-November/021280.html )
Witness will warn about the same mutex being initialized.
Fix the problem by only initializing these mutexes in the default VNET.
MFC r258765:
In
http://svnweb.freebsd.org/changeset/base/258221
I introduced a bug which initialized global locks
whenever the SCTP stack initialized. This was fixed in
http://svnweb.freebsd.org/changeset/base/258574
by rodrigc@. He just initialized the locks for
the default vnet. This fix reverts to the old
behaviour before r258221, which explicitly makes
sure it is only called once, because this works also on
other platforms.
kib [Tue, 3 Dec 2013 19:42:46 +0000 (19:42 +0000)]
MFC r258663:
Use sysctl KERN_PROC_SIGTRAMP to retrieve the signal trampoline
location for the native amd64 ABI. This fixes unwinding over the
signal frame after trampoline was moved to the shared page.
bdrewery [Fri, 29 Nov 2013 21:13:30 +0000 (21:13 +0000)]
MFC r258347,r258349:
Support SNI in libfetch
SNI is Server Name Indentification which is a protocol for TLS that
indicates the host that is being connected to at the start of the
handshake. It allows to use Virtual Hosts on HTTPS.
PR: kern/183583
Approved by: bapt (implicit)
Approved by: re (gjb)
gjb [Fri, 29 Nov 2013 19:44:30 +0000 (19:44 +0000)]
MFC r258537, r258587:
r258537 (hrs):
Add ICONV_{GET,SET}_ILSEQ_INVALID iconvctl. GNU iconv returns
EILSEQ when there is an invalid character in the output codeset
while it is valid in the input. However, POSIX requires iconv()
to perform an implementation-defined conversion on the character.
So, Citrus iconv converts such a character to a special character
which means it is invalid in the output codeset.
This is not a problem in most cases but some software like libxml2
depends on GNU's behavior to determine if a character is output
as-is or another form such as a character entity (&#NNN;).
r258587 (peter):
Move the iconv wrapper source from libc_nonshared to libc/iconv so
that it is all in the one place again. Rename libc/iconv/iconv.c
to bsd_iconv.c. Compile the wrappers into libc.a so that
WITHOUT_DYNAMICROOT works again.
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation
delphij [Thu, 28 Nov 2013 22:06:37 +0000 (22:06 +0000)]
MFC r257879:
Fix typo in r256646: We want to generate lists of directories in
INDEX-OLD and INDEX-NEW and compare them, not generate the same
list of directories from INDEX-OLD twice...
Pointy hats to: cperciva & everybody who didn't proofread
EN-13:04 enough
Errata Notice: FreeBSD-EN-13:05.freebsd-update
Approved by: re (gjb)
dumbbell [Thu, 28 Nov 2013 10:04:53 +0000 (10:04 +0000)]
MFC r258549 and r258553:
drm: Dereference pointers given to qsort_r()'s cmp callback
drm_le_cmp() (qsort_r()'s callback) receives pointers to elements in the
array passed to qsort_r(), not the elements themselves.
Before this fix, the use of qsort_r() shuffled the array, not sorted it,
because the compare callback accessed random memory locations, not the
expected elements.
This bug triggered an infinite loop in KDE/xserver:
1. KDE has a kded module called "randrmonitor" which queries xserver
for current monitors at startup and then listens to RandR
notifications from xserver.
2. xserver handles the query from "randrmonitor" by polling the
video device using the "drm_mode_getconnector()" ioctl. This
ioctl returns a list of connectors and, for those with a
connected monitor, the available modes. Each modes list is sorted
by the kernel before returning. When xserver gets the connectors
list, it sorts the modes lists again.
In the case of this bug, when two modes are equal (in xserver's
compare function PoV), their order is kept stable (ie. the
kernel order is kept for those two modes). And because the list
was shuffled by the kernel, the order of two equal modes was
frequently changed in the final modes list in xserver.
3. xserver compares the returned connectors list with the list
obtained earlier. In particular, it compares the sorted
modes lists for each connector. If a property of a connector
changes (eg. modes), xserver sends a "RRNotify_OutputChange"
notification.
Because of the change of order between equal modes, xserver sent
a notification after each polling of the connectors.
4. "randrmonitor" receives a notification, triggered by its query. The
notification doesn't contain the new connectors list, therefore, it
asks for the new list using the same function: go back to step #2.
dumbbell [Thu, 28 Nov 2013 09:30:05 +0000 (09:30 +0000)]
MFC r258262:
drm: Support DRM_CAP_TIMESTAMP_MONOTONIC capability
This fixes DPMS with KDE and radeonkms. Without this, the display would
freeze when the monitor is put into sleep state, and only resumes after
several dozens of minutes once the monitor is powered on again.
Tested by: Mathias Picker <Mathias.Picker@virtual-earth.de>
Approved by: re (kib)
brooks [Tue, 26 Nov 2013 16:13:48 +0000 (16:13 +0000)]
MFC: r258456
Fix mergemaster -U by forcing FreeBSD 9 compatiblity in mtree when mtree is
nmtree.
The mtree output used by mergemaster in this case was clearly not meant for
computer consumption and an approach based on -f <file1> -f <file2> would
probably be a better idea, but this is a minimal change.
brooks [Tue, 26 Nov 2013 16:12:40 +0000 (16:12 +0000)]
MFC r258437:
Sync with NetBSD. The functional change is to make the output when
comparing a directory to an mtree file more compatible with fmtree when
FreeBSD 9 compatiblity mode is on. This output is clearly intended for
humans not computers, but some tools such as mergemaster's -U option rely
on it.
sys/dev/xen/blkfront/blkfront.c:
On XenServer versions up to an including 6.2, paravirtualized
CDROM support is broken. When running in an HVM domain,
ignore paravirtualized instances of CDROM media, and instead
rely on native drivers attaching to emulated hardware. This
functions correctly on all currently known Xen based
platforms.
------------------------------------------------------------------------
dim [Mon, 25 Nov 2013 22:56:46 +0000 (22:56 +0000)]
MFC r258350:
Pull in r191896 from upstream llvm trunk:
CaptureTracking: Plug a loophole in the "too many uses" heuristic.
The heuristic was added to avoid spending too much compile time in a
specially crafted test case (PR17461, PR16474) with many uses on a
select or bitcast instruction can still trigger the slow case. Add a
check for that case.
This only affects compile time, don't have a good way to test it.
This fixes the excessive compile time spent on a specific file of the
graphics/rawtherapee port.
avg [Mon, 25 Nov 2013 16:31:31 +0000 (16:31 +0000)]
MFC r258353: zfs page_busy: fix the boundaries of the cleared range
This is a fix for a regression introduced in r246293.
vm_page_clear_dirty expects the range to have DEV_BSIZE aligned boundaries,
otherwise it extends them. Thus it can happen that the whole page is
marked clean while actually having some small dirty region(s).
This commit makes the range properly aligned and ensures that only
the clean data is marked as such.
It would interesting to evaluate how much benefit clearing with DEV_BSIZE
granularity produces. Perhaps instead we should clear the whole page
when it is completely overwritten and don't bother clearing any bits
if only a portion a page is written.
emaste [Mon, 25 Nov 2013 15:58:48 +0000 (15:58 +0000)]
MFC r258135: x86: Allow users to change PSL_RF via ptrace(PT_SETREGS...)
Debuggers may need to change PSL_RF. Note that tf_eflags is already stored
in the signal context during signal handling and PSL_RF previously could
be modified via sigreturn, so this change should not provide any new
ability to userspace.
For background see the thread at:
http://lists.freebsd.org/pipermail/freebsd-i386/2007-September/005910.html
emaste [Mon, 25 Nov 2013 15:54:18 +0000 (15:54 +0000)]
MFC r258426: libexecinfo: Include terminating null in byte count
Otherwise, a formatted string with a strlen equal to the remaining
buffer space would have the last character omitted (because vsnprintf
always null-terminates), and later the assert in backtrace_symbols_fmt
would fail.
gber [Mon, 25 Nov 2013 15:34:57 +0000 (15:34 +0000)]
MFC: r258387,r258425
Split raw reading/programming into smaller chunks to avoid allocating too
big chunk of kernel memory. Validate size of data. Add error handling to
avoid calling copyout() when data has not been read correctly. Also MFC of
change r258425 which fixes problem introduced by r258387.
Reviewed by: zbb
Reported by: x90c <geinblues@gmail.com>
Approved by: re
cperciva [Sun, 24 Nov 2013 23:30:23 +0000 (23:30 +0000)]
MFC r258086:
Strip the -pN patch level from the VERSION string which gets encoded into
CTF data. Otherwise FreeBSD Update builds think every kernel file has
changed every time there's a security advisory, since the FreeBSD Update
build code isn't smart enough to look inside CTF data to ignore those
changes.
tijl [Sat, 23 Nov 2013 12:17:05 +0000 (12:17 +0000)]
MFC r258316:
Bug fixes in iconv(3) UTF-7 support.
- Add ' to the list of directly encoded characters and * to the list of
optionally directly encoded characters as per RFC 2152.
- In _citrus_UTF7_mbtoutf16 on end of input when the next output character
has only been partially decoded, save a copy of the buffer of input
characters (not just its length). On the next call with more input
characters this buffer is reprocessed together with the new input to
form a fully decoded output character.
- At the end of a base64 encoded sequence fully discard '-' (BASE64_OUT)
by decrementing psenc->chlen and i. This is needed to make room in
psenc->ch (input buffer) in case the next input character starts a new
base64 encoded sequence. And also, if this is the end of input and no
output character can be returned, this brings the encoder in the initial
state as indicated by _citrus_UTF7_stdenc_get_state_desc_generic which
is used by the caller to distinguish between no output and partial
output.
- In _citrus_UTF7_mbrtowc_priv pass the s parameter (input pointer)
directly to _citrus_UTF7_mbtoutf16 instead of a copy (s0). This way s
is updated correctly in case of errors.
- In _citrus_UTF7_mbrtowc_priv when called with psenc->surrogate set
(previous call did not have enough input), retrieve the previously
decoded UTF-16 character from (psenc->cache >> psenc->bits) instead of
(psenc->cache >> 2).
glebius [Fri, 22 Nov 2013 19:26:52 +0000 (19:26 +0000)]
Merge r258122 from head:
Emphasize that pf(4) in FreeBSD doesn't match pf(4) in
OpenBSD 4.5, but is derived from it, and got some
important local changes.
davidcs [Fri, 22 Nov 2013 00:26:21 +0000 (00:26 +0000)]
MFC r258155
ql_hw.[c,h]: set minimum thresholds on pkt size for lro path.
ql_ioctl.c: validate the length and address of buffer passed to QL_RD_FW_DUMP
MFC r258156
qls_ioctl.c: Validate the buffer and its length passed to QLA_MPI_DUMP.
copyout dump only if qls_mpi_core_dump() is successful.
(like to credit x90c for pointing the issue)
tuexen [Thu, 21 Nov 2013 23:00:09 +0000 (23:00 +0000)]
MFC r256556:
Remove a buggy comparision when setting manually the path MTU.
After fixing, the comparision would have become redundant.
Thanks to Andrew Galante for reporting the issue.
MFC r257272:
Fix compilation if SCTP_DONT_DO_PRIVADDR_SCOPE is defined.
The issue was reported by Andrew Galante.
MFC r257274:
Fix the value of *optlen when calling getsockopt() for
SCTP_REMOTE_UDP_ENCAPS_PORT.
This issue was reported by Andrew Galante.
MFC r257359:
Terminate a debug output with a \n.
MFC r257555:
Changes from upstream to improve compilation when INET or INET6
or none of them is defined.
MFC r257574:
Unlock the lock before destroying it.
This issue was reported by Andrew Galante.
MFC r257800:
Use htons()/ntohs() appropriately.
These issues were reported by Andrew Galante.
MFC r257803:
Make sure that we don't try to build an ASCONF-ACK chunk
larger than what fits in the the mbuf cluster.
This issue was reported by Andrew Galante.
MFC r257804:
Get rid of the artification limitation enforced by
SCTP_AUTH_RANDOM_SIZE_MAX.
This was suggested by Andrew Galante.
MFC r258221:
Cleanups which result in fixes which have been made upstream
and where partially suggested by Andrew Galante.
There is no functional change in FreeBSD.
MFC r258224:
When determining if an address belongs to an stcb, take the address family
into account for wildcard bound endpoints.
MFC r258228:
Remove a stray write operation.
MFC r258235:
Use SCTP_PR_SCTP_TTL when the user provides a positive
timetolive in sctp_sendmsg().
dteske [Thu, 21 Nov 2013 03:38:47 +0000 (03:38 +0000)]
MFC r257755-257756,257780-257785,257787-257793, and
257795,257817,257819,257937-257938,258029,258263-258267:
257755: SRV records
257756: fix spurious error message
257780: Whitespace
257781: Comments and funny syntax
257782: Debug file truncation is optional
257783: f_show_err for debugging
257784: f_eval_catch for debugging
257785: fix size calculations bug
257787: fix broken HTTP "any" media type
257788: more debugging
257789: Comments
257790: fix printf usage bug
257791: f_[v]sprintf added
257792: Comments
257793: fix off-by-one error in size calcs
257795: Replace pkg-tools with pkgng
257817: fix cosmetic typos
257819: Use `pkg -vv' to get ABI
257937: Adjustment to last
257938: Adjustment to last
258029: Comments
258263: Shuffle code around
258264: Remove unused code
258265: Debugging. Use f_eval_catch with pkg
258266: Shutdown media on exit from packages
258267: Fix pkg install from DVD
Reviewed by: many
Discussed on: -current
Approved by: re (hrs)
r258305:
Use the IMAGES variable to determine which image files to remove
as part of 'make -C /usr/src/release clean'.
r258307:
Add a script and configuration files to fetch pre-built packages
from pkg.FreeBSD.org for inclusion on release medium (dvd1.iso).
r258308:
Unconditionally copy the build host /etc/resolv.conf into
the chroot directory, since hostname resolution may be
needed in the case of building a dvd image (with packages)
and also setting 'NOPORTS=1'.
r258309:
Set the PKG_CACHEDIR directory to 'dvd/' instead of 'release/'
in preparation of adding a 'dvd1.iso' target.
r258310:
Add the 'dvd1.iso' target. This mimics the 'release.iso' target,
with the additional step of fetching packages for inclusion on the
dvd image.
The 'pkg-stage' target is used to run 'scripts/pkg-stage.sh' if
the '${TARGET}/pkg-stage.conf' configuration file exists (currently
only amd64 and i386).
Allow dvd1.iso to be skipped if NODVD=1.
r258314:
Fix how ABI is evaluated so it matches more than a dot-zero
case.
r258317:
Document the 'dvdrom' target.
r258319:
Remove WITHOUT_PROFILE=1 for the dvd1.iso medium.
r258320:
Simplify PKG_ABI for pkg-stage.sh.
Approved by: re (hrs)
Sponsored by: The FreeBSD Foundation
Add a note that this file is compiled as part of the kernel and libc.
Requested by: kib
r258149:
Change cap_rights_merge(3) and cap_rights_remove(3) to return pointer
to the destination cap_rights_t structure.
This already matches manual page.
r258150:
Sync return value with actual implementation.
r258151:
Style.
r258152:
Precisely document capability rights here too (they are already documented
in rights(4)).
r258153:
The CAP_LINKAT, CAP_MKDIRAT, CAP_MKFIFOAT, CAP_MKNODAT, CAP_RENAMEAT,
CAP_SYMLINKAT and CAP_UNLINKAT capability rights make no sense without
the CAP_LOOKUP right, so include this rights.
r258154:
- Move CAP_EXTATTR_* and CAP_ACL_* rights to index 1 to have more room
in index 0 for the future.
- Move CAP_BINDAT and CAP_CONNECTAT rights to index 0 so we can include
CAP_LOOKUP right in them.
- Shuffle the bits around so there are no gaps. This is last chance to do
that as all moved rights are not used yet.
r258181:
Replace CAP_POLL_EVENT and CAP_POST_EVENT capability rights (which I had
a very hard time to fully understand) with much more intuitive rights:
CAP_EVENT - when set on descriptor, the descriptor can be monitored
with syscalls like select(2), poll(2), kevent(2).
CAP_KQUEUE_EVENT - When set on a kqueue descriptor, the kevent(2)
syscall can be called on this kqueue to with the eventlist
argument set to non-NULL value; in other words the given
kqueue descriptor can be used to monitor other descriptors.
CAP_KQUEUE_CHANGE - When set on a kqueue descriptor, the kevent(2)
syscall can be called on this kqueue to with the changelist
argument set to non-NULL value; in other words it allows to
modify events monitored with the given kqueue descriptor.
Add alias CAP_KQUEUE, which allows for both CAP_KQUEUE_EVENT and
CAP_KQUEUE_CHANGE.
Add backward compatibility define CAP_POLL_EVENT which is equal to CAP_EVENT.
r258182:
Correct right names.
Sponsored by: The FreeBSD Foundation
Approved by: re (kib)
dim [Mon, 18 Nov 2013 15:13:58 +0000 (15:13 +0000)]
MFC r258016:
Disable building the ctl module for the i386 XEN kernel configuration
for now, since it causes gcc warnings about casting 64 bit bus_addr_t's
to 32 bit pointers, and vice versa.
gjb [Sun, 17 Nov 2013 15:58:13 +0000 (15:58 +0000)]
MFC r258101:
Since the doc/ toolchain conversion to docbook 5.0, JADETEX
is no longer a valid option, so remove 'WITHOUT_JADETEX=yes'
from PBUILD_FLAGS.
While here, also remove 'WITHOUT_X11=yes', since it will
cause a dependency conflict by requiring both print/ghostscript9
and print/ghostscript9-nox11.
Switch to OPTIONSNG format (WITHOUT_* -> OPTIONS_UNSET='FOO'),
and unset the FOP option, which requires Java (although it is
disabled by default). Also unset the 'IGOR' option, since
textproc/igor is a validation tool, not necessarily a dependency
of the doc/ build itself.
While here, reduce the line length of PBUILD_FLAGS.
gjb [Sat, 16 Nov 2013 18:40:44 +0000 (18:40 +0000)]
MFC r257583, r258012, r258013:
r257583 (peter):
Remove the WITH_LIBICONV_COMPAT hack that seems to do more harm
than good. This caused libc to spoof the ports libiconv namespace
and provide a colliding libiconv.so.3 to fool rtld. This should
have been removed some time ago.
r258012:
Remove WITH_LIBICONV_COMPAT file to chase after r257583.
r258013:
Regenerate src.conf.5 after removal of WITH_LIBICONV_COMPAT.
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation
pluknet [Thu, 14 Nov 2013 09:33:54 +0000 (09:33 +0000)]
Merge r257996,r258001,r258069 from head: fixes for HyperV guest.
- Set description string for VM_GUEST_HV (HyperV guest).
- Add a brief comment about VM_GUEST and vm_guest_sysctl_names relationship.
- CTASSERT that vm_guest range is covered by vm_guest_sysctl_names.
pjd [Wed, 6 Nov 2013 23:59:19 +0000 (23:59 +0000)]
Merge r257633:
- Add manual pages for capability rights (rights(4)), cap_rights_init(3)
family of functions and cap_rights_get(3) function.
- Update remaining Capsicum-related manual pages.
Sponsored by: The FreeBSD Foundation
Reviewed by: bdrewery
Approved by: re (glebius)
bdrewery [Wed, 6 Nov 2013 11:42:45 +0000 (11:42 +0000)]
Regenerate src.conf(5) after r257573
Direct commit to stable/10 with no mergeinfo as the head
change to regenerate src.conf(5) for this was missed after
r257440 until r257444 which brought in unrelated changes.
Discussed with: gjb
Approved by: re (gjb, implicit)
delphij [Tue, 5 Nov 2013 19:58:40 +0000 (19:58 +0000)]
MFC r257539:
When zero'ing out a buffer, make sure we are using right size.
Without this change, in the worst but unlikely case scenario, certain
administrative operations, including change of configuration, set or
delete key from a GEOM ELI provider, may leave potentially sensitive
information in buffer allocated from kernel memory.
We believe that it is not possible to actively exploit these issues, nor
does it impact the security of normal usage of GEOM ELI providers when
these operations are not performed after system boot.
Security: possible sensitive information disclosure
Submitted by: Clement Lecigne <clecigne google com>
Approved by: re (glebius)