r359241:
Remove the link to libl which only contains a stub function
on yywrap, if the flex is told yywrap is not in use, then this linkage becomes
unnecessary
When deleting a user, if its home directory does not belong to it, it should
not be removed. This is the promise that the manpage makes, the tool should
ensure that it respects that promise.
Add a regression test about it
PR: 244967
Submitted by: Eric Hanneken <eric@erichanneken.com>
pfctl: improve rule load times with thousands of interfaces
r343287 / D18759 introduced ifa_add_groups_to_map() which is now run by
ifa_load/ifa_lookup/host_if. When loading an anchor or ruleset via pfctl that
does NOT contain ifnames as hosts, host() still ends up iterating all
interfaces twice, grabbing SIOCGIFGROUP ioctl twice for each. This adds an
unnecessary amount of time on systems with thousands or tens of thousands of
interfaces.
Prioritize the IPv4/6 check over the interface name lookup, which skips loading
the iftab and iterating all interfaces when the configuration does not contain
interface names.
MFC r359439:
Evaluate modifier keys before the regular keys, so that if a modifier
key is pressed at the same time as a regular key, that means key with
modifier is output. Some automated USB keyboards like Yubikeys need this.
Alexander Motin [Thu, 2 Apr 2020 00:30:01 +0000 (00:30 +0000)]
MFC r359112: MFOpenZFS: make zil max block size tunable
We've observed that on some highly fragmented pools, most metaslab
allocations are small (~2-8KB), but there are some large, 128K
allocations. The large allocations are for ZIL blocks. If there is a
lot of fragmentation, the large allocations can be hard to satisfy.
The most common impact of this is that we need to check (and thus load)
lots of metaslabs from the ZIL allocation code path, causing sync writes
to wait for metaslabs to load, which can take a second or more. In the
worst case, we may not be able to satisfy the allocation, in which case
the ZIL will resort to txg_wait_synced() to ensure the change is on
disk.
To provide a workaround for this, this change adds a tunable that can
reduce the size of ZIL blocks.
External-issue: DLPX-61719 Reviewed-by: George Wilson <george.wilson@delphix.com> Reviewed-by: Paul Dagnelie <pcd@delphix.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Matthew Ahrens <mahrens@delphix.com>
Closes #8865
openzfs/zfs@b8738257c2607c73c731ce8e0fd73282b266d6ef
MFC r359095:
Add pci_iov_if.h header as a dependency for Linuxkpi consumers.
MFC note: this is not a true merge of r359095, but an adaptation of the
committed bit from r359378, which was MFC r359185. The functional part
of the change should be same.
Ed Maste [Mon, 30 Mar 2020 22:02:27 +0000 (22:02 +0000)]
MFC r339880 (arichardson): Fix get_maxfds() in jevents
If RLIM_INFINITY == -1ULL (such as on macOS) the min() call will result
in a value of less than 1 being returned. This causes nftw() to fail
with EINVAL.
While touching this file also fix includes to work on Linux/macOS and don't
declare snprintf since it may have different attributes in the system
headers there.
acpi: Fix stalled value returned by acpi_get_device() after device deletion
Newbus device reference attached to ACPI handle is not cleared when newbus
device is deleted with devctl(8) delete command. Fix that with calling of
AcpiDetachData() from "child_deleted" bus method like acpi_pci driver does.
MFC r358819:
acpi: Export functions required by upcoming acpi_iicbus driver.
MFC r358820:
iicbus(4): Add support for ACPI-based children enumeration
When iicbus is attached as child of Designware I2C controller it scans all
ACPI nodes for "I2C Serial Bus Connection Resource Descriptor" described
in section 19.6.57 of ACPI specs.
If such a descriptor is found, I2C child is added to iicbus, it's I2C
address, IRQ resource and ACPI handle are added to ivars. Existing
ACPI bus-hosted child is deleted afterwards.
The driver also installs so called "I2C address space handler" which is
disabled by default as nontested.
Set hw.iicbus.enable_acpi_space_handler loader tunable to 1 to enable it.
Ed Maste [Fri, 27 Mar 2020 19:08:10 +0000 (19:08 +0000)]
MFC r358314: style.9: update C99 commentary
Make style.9 read as a current statement of C99 preferences, rather than a
description of ongoing changes to our preferred style. Alsu use the short
form "ISO C99" on the 2nd and later instances rather than repeating the
unwieldy `ISO/IEC 9899:1999 ("ISO C99")` each time.
CMSG_DATA.3: Fix formatting of printf escape sequences
Escape sequences like "\n" have to be escaped twice in examples in our
mdoc(7)-based manual pages in order to be displayed properly. The problem
is that otherwise they are interpreted by mdoc(7), which results in:
Navdeep Parhar [Fri, 27 Mar 2020 03:58:00 +0000 (03:58 +0000)]
MFC r359159:
cxgbe(4): Split sge_nm_rxq into three cachelines.
This reduces the lines bouncing around between the driver rx ithread and
the netmap rxsync thread. There is no net change in the size of the
struct (it continues to waste a lot of space).
This kind of split was originally proposed in D17869 by Marc De La
Gueronniere @ Verisign, Inc.
Alexander Motin [Thu, 26 Mar 2020 00:42:31 +0000 (00:42 +0000)]
MFC r359146: Fix SES on device slots without phys after r349321.
Broadcom 9400-8i8e HBAs report virtual SES device, where slots representing
external connectors are reported having no phys. Since sasdev_phys is NULL
there and proto_hdr is a union, ses_paths_iter() misinterpreted them as ATA.
Add explicit protocol check to properly differentiate them.
Navdeep Parhar [Thu, 26 Mar 2020 00:39:36 +0000 (00:39 +0000)]
MFC r359057:
Remove spurious warning about invalid VPD data.
The warning used to be displayed for valid VPDs about 512B or above in
size. Fix the size check and add a break while here so that the routine
stops if if detects any problem.
Ryan Moeller [Wed, 25 Mar 2020 16:24:28 +0000 (16:24 +0000)]
MFC r359072-r359073
loader: Add a "kernel.loaded" hook
This hook can be useful, for example to run a local function to choose
different modules to load when a user has picked a different kernel
from the menu.
There is an example in tail(1) manual page explaining how to use tail(1) to
track the contents of /var/log/messages. The example uses the -f flag to
follow the file. The problem with the -f flag is that it cannot handle the
situation where /var/log/messages is rotated. Hence, use -F instead in the
example.
Kyle Evans [Wed, 25 Mar 2020 00:31:42 +0000 (00:31 +0000)]
MFC r358553: hexdump: tests: take into account byte order
Hexdump test was failling on big endian systems when testing decimal, octal
and hexa outputs as the tests were designed on a little endian system. This
revision adds the two distinct flavors of output expected and determines at
runtime which to compare against.
Two arguments were reversed in calls to cam_strvis() in
nvme_da.c. This was found by a Coverity scan of this code within Dell
(Isilon). These are also marked in the FreeBSD Coverity scan as CIDs 1400526 & 1400531.
Alan Somers [Sun, 22 Mar 2020 15:24:25 +0000 (15:24 +0000)]
MFC r358867:
fusefs: avoid cache corruption with buggy fuse servers
The FUSE protocol allows the client (kernel) to cache a file's size, if the
server (userspace daemon) allows it. A well-behaved daemon obviously should
not change a file's size while a client has it cached. But a buggy daemon
might. If the kernel ever detects that that has happened, then it should
invalidate the entire cache for that file. Previously, we would not only
cache stale data, but in the case of a file extension while we had the size
cached, we accidentally extended the cache with zeros.
PR: 244178
Reported by: Ben RUBSON <ben.rubson@gmx.com>
Reviewed by: cem
Differential Revision: https://reviews.freebsd.org/D24012
Alan Somers [Sun, 22 Mar 2020 15:16:59 +0000 (15:16 +0000)]
MFC r358798:
fusefs: fix fsync for files with multiple open handles
We were reusing a structure for multiple operations, but failing to
reinitialize one member. The result is that a server that cares about FUSE
file handle IDs would see one correct FUSE_FSYNC operation, and one with the
FHID unset.
I reported this in https://bugs.llvm.org/show_bug.cgi?id=44715, and
initially reverted the upstream change in r357259 to work around it.
However, after some discussion with Fangrui Song in the upstream ticket,
I think we can classify this as an unfortunate interaction between using
-Ttext=0 in combination with --no-rosegment. (We added the latter
in r332090, because btxld does not correctly handle input with more
than 2 PT_LOAD segments.)
Fangrui suggested to use a linker script instead, and Warner was already
attempting this in r305353, but had to revert it due to "crypto-using
boot problems" (not sure what those were :).
This review updates the stand/i386/boot.ldscript to handle more
sections, inserts some symbols like _edata and such that we use in
libsa, and also discards any .interp section.
It uses ORG which is defined on the linker command line using
--defsym ORG=value to set the start of all the sections.
Ed Maste [Thu, 19 Mar 2020 18:17:43 +0000 (18:17 +0000)]
MFC r346085: Add Cirrus CI config file to support CI builds
Also followup commits:
r346121: Cirrus-CI: pass OVMF env var to test script for upcoming changes
r350302: cirrus.yml: use OVMF.fd from uefi-edk2-qemu-x86_64 package
r350449: cirrus.yml: stop fetching OVMF.fd now that we're using the pkg
r356867: Cirrus-CI: bump VM image to FreeBSD 12.1
Ed Maste [Thu, 19 Mar 2020 18:15:09 +0000 (18:15 +0000)]
MFC r346080: Add a smoke test QEMU boot script for CI
And followon commits:
r346317 (ian): Allow this test script to be run from within src/tools/boot
r346329: Install some entropy for QEMU CI smoke test
r346330: Put QEMU CI smoke test boot log in /tmp if TMPDIR not set
r346748 (bcran): Fix tools/boot/ci-qemu-test.sh and make some improvements
r346961: revert QEMU q35 platform use from r346748
r352063: ci-qemu-test: if firmware is not available, hint at pkg to install
r358472: CI: print wired page count on boot
Toomas Soome [Thu, 19 Mar 2020 16:51:57 +0000 (16:51 +0000)]
MFC r354240, r354252, r358906
libi386/comconsole.c updates:
We don't support configuring serial PCI cards in EFI. Make this clearer in the
source rather than obfuscaring it behind NO_PCI (nothing else declares that,
so it's not making the ifdefs clearer).
libi386/comconsole.c cstyle cleanup
test if port does exist via using scratch register
Cy Schubert [Thu, 19 Mar 2020 03:37:02 +0000 (03:37 +0000)]
MFC r358070:
This commit makes significant changes to pam_login_access(8) to bring it
up to par with the Linux pam_access(8).
Like the Linux pam_access(8) our pam_login_access(8) is a service module
for pam(3) that allows a administrator to limit access from specified
remote hosts or terminals. Unlike the Linux pam_access, pam_login_access
is missing some features which are added by this commit:
Access file can now be specified. The default remains /etc/access.conf.
The syntax is consistent with Linux pam_access.
By default usernames are matched. If the username fails to match a match
against a group name is attempted. The new nodefgroup module option will
only match a username and no attempt to match a group name is made.
Group names must be specified in brackets, "()" when nodefgroup is
specified. Otherwise the old backward compatible behavior is used.
This is consistent with Linux pam_access.
A new field separator module option allows the replacement of the default
colon (:) with any other character. This facilitates potential future
specification of X displays. This is also consistent with Linux pam_access.
A new list separator module option to replace the default space/comma/tab
with another character. This too is consistent with Linux pam_access.
Linux pam_access options not implemented in this commit are the debug
and audit options. These will be implemented at a later date.
Cy Schubert [Thu, 19 Mar 2020 03:31:12 +0000 (03:31 +0000)]
MFC r358066:
When pam_login_access(5) fails to match a username it attempts to
match the primary group a user belongs to. This commit extends the
match to secondary groups a user belongs to as well, just as the Linux
pam_access(5) does.
Cy Schubert [Thu, 19 Mar 2020 03:29:46 +0000 (03:29 +0000)]
MFC r358065:
The words ALL, LOCAL, and EXCEPT have special meaning and are documented
as in the login.access(5) man page. However strcasecmp() is used to compare
for these special strings. Because of this User accounts and groups with
the corresponding lowercase names are misintrepreted to have special
whereas they should not.
This commit fixes this, conforming to the man page and to how the Linux
pam_access(8) handles these special words.
Alexander Motin [Wed, 18 Mar 2020 23:53:07 +0000 (23:53 +0000)]
MFC r349011 (by imp):
Don't print the request we may be aborting in ciss_notify_abort as
part of ciss_detach. It's a left-over debug that isn't needed and also
discloses a kernel address. Only root could provoke as part of a
devctl or kldunload.
Hiroki Sato [Wed, 18 Mar 2020 18:21:58 +0000 (18:21 +0000)]
MFC of r358404, r358410, r358412, and r358413:
Fix broken STARTTLS when SharedMemoryKey is enabled.
OpenSSL 1.1 API patch for sendmail had a bug which
prevented sm_RSA_generate_key() function from working.
This function is used to generate a temporary RSA key
for a shared memory region used for TLS processing.
Note that 12.0 and 12.1-RELEASE include this bug.
This affects only if SM_CONF_SHM compile-time
option (enabled by default) and SharedMemoryKey
run-time option (not enabled by default) in a .cf file are
specified. The latter corresponds to confSHARED_MEMORY_KEY in
a .mc file.
Fix style inconsistencies.
Do not free p and g parameters after calling DH_set0_pqg(3).
Hiroki Sato [Wed, 18 Mar 2020 18:10:44 +0000 (18:10 +0000)]
MFC of r358152 and r328235:
Improve performance of "read" built-in command when using a seekable fd.
The read built-in command calls read(2) with a 1-byte buffer because
newline characters need to be detected even on a byte stream which
comes from a non-seekable file descriptor. Because of this, the
following script calls >6,000 read(2) to show a 6-KiB file:
while read IN; do echo "$IN"; done < /COPYRIGHT
When the input byte stream is seekable, it is possible to read a data
block and then reposition the file pointer to where a newline
character found. This change adds a small buffer to do this and
reduces the number of read(2) calls.
Theoretically, multiple built-in commands reading the same seekable
byte stream in a single pipe chain can share the buffer. However,
this change just makes a single invocation of the read built-in
allocate a buffer and deallocate it every time for simplicity.
Although this causes read(2) to read the same regions multiple times,
the performance penalty should be small compared to the reduction of
read(2) calls.
Hiroki Sato [Wed, 18 Mar 2020 18:02:33 +0000 (18:02 +0000)]
MFC of r355574, r358095, and r358395:
Add ACPI battery subsystem man page.
Add _BIX (Battery Information Extended) object support.
ACPI Control Method Batteries have a _BIF and/or _BIX object which
provide static properties of the battery. FreeBSD acpi_cmbat module
supported _BIF object only, which was deprecated as of ACPI 4.0.
_BIX is an extended version of _BIF defined in ACPI 4.0 or later.
As of writing, _BIX has two revisions. One is in ACPI 4.0 (rev.0) and
another is in ACPI 6.0 (rev.1). It seems that hardware vendors still
stick to _BIF only or _BIX rev.0 + _BIF for the maximum compatibility.
Microsoft requires _BIX rev.0 for Windows machines, so there are some
laptop machines with _BIX rev.0 only. In this case, FreeBSD does not
recognize the battery information.
After this change, the acpi_cmbat module gets battery information from
_BIX or _BIF object and internally uses _BIX rev.1 data structure as
the primary information store in the kernel. ACPIIO_BATT_GET_BI[FX]
returns an acpi_bi[fx] structure built by using information obtained
from a _BIF or a _BIX object found on the system. The revision number
field can be used to check which field is available. The acpiconf(8)
utility will show additional information if _BIX is available.
Although ABIs of ACPIIO_BATT_* were changed, the existing APIs for
userland utilities are not changed and the backward-compatible ABIs
are provided. This means that older versions of acpiconf(8) can also
work with the new kernel. The (union acpi_battery_ioctl_arg) was
padded to 256 byte long to avoid another ABI change in the future.
A _BIX object with its revision number >1 will be treated as
compatible with the rev.1 _BIX format.
Add workaround for models which do not follow the ACPI specification strictly.
Extra objects are now simply ignored instead of rejecting everything.
Hiroki Sato [Wed, 18 Mar 2020 17:42:18 +0000 (17:42 +0000)]
MFC of r358061:
Use 0x5c for the scan code 0x7d.
Japanese keyboards traditionally use 0x5c for
both Japanese yen sign key and backslash key.
While a Japanese yen sign is depicted on the keytop,
most of Japanese expect that the scan code 0x7d gives
a backslash (0x5c), not a Japanese yen sign (0xa5).
This is because JIS X 0201 encoding (aka ISO/IEC 646-JA,
an extended version of ASCII which is very popular
in Japan) has Japanese yen sign at 0x5c and
no backslash. On the other hand, ISO/IEC 8859-1
has Japanese yen sign at 0xa5. This difference has
caused a confusion after Unicode became popular since
ISO/IEC 10646 adopted 8859-1 for the plane 0.
Hiroki Sato [Wed, 18 Mar 2020 17:35:35 +0000 (17:35 +0000)]
MFC from r347887:
Fix hostname to be returned in an ICMPv6 NI Reply message defined
in RFC 4620, ICMPv6 Node Information Queries. A vnet jail with an
IPv6 address sent a hostname of the host environment, not the
jail, even if another hostname was set to the jail.
This change can be tested by the following commands:
Kyle Evans [Wed, 18 Mar 2020 01:55:27 +0000 (01:55 +0000)]
MFC r358993: libssp: don't compile with -fstack-protector*
This similarly matches what we do in libc; compiling libssp with
-fstack-protector* is actively harmful. For instance, if the canary ctor
ends up with a stack protector then it will trivially trigger a false
positive as the canary's being initialized.
This was noted by the reporter as irc/ircd-hybrid started crashing at start
after our libssp was MFC'd to stable/11, as its build will explicitly link
in libssp. On FreeBSD, this isn't necessary as SSP bits are included in
libc, but it should absolutely not trigger runtime breakage -- it does mean
that the canary will get initialized twice, but as this is happening early
on in application startup it should just be redundant work.
Ed Maste [Tue, 17 Mar 2020 19:53:03 +0000 (19:53 +0000)]
MFC r358512: Move ELF feature note tool to usr.bin/elfctl
elfctl is a tool for modifying the NT_FREEBSD_FEATURE_CTL ELF note,
which contains a set of flags for enabling or disabling vulnerability
mitigations and other features.
Also merge follow-on commits:
r358518 elfctl: initialize features
r358546 elfctl: tiny style(9) cleanup, use bool where appropriate
r358622 elfctl: style(9): use C99 uintX_t types
r358623 elfctl: check read return value
r358889 elfctl: remove memory leak