Emmanuel Vadot [Wed, 20 Jun 2018 16:07:35 +0000 (16:07 +0000)]
Add pmap_mapdev_attr for arm64
This is needed for efifb.
arm and ricv pmap (the two arch with arm64 that uses subr_devmap) have very
different implementation so for now only add this for arm64.
Tested with efifb on Pine64 with a few other patches.
Emmanuel Vadot [Wed, 20 Jun 2018 15:27:09 +0000 (15:27 +0000)]
if_rk_dwc: Disable setting delays for now
The values for tx/rx delays differs accross the different DTS.
Mainline Linux set it to 0x24/0x18
Mostly-Vendor u-boot (the one maintained and developped) to 0x18/0x18
Mostly-Vendor linux (the one maintained and developped) to 0x26/0x11
By experience only 0x18/0x18 works so until the issue is resolved rely on
the bootloader settings.
Emmanuel Vadot [Wed, 20 Jun 2018 14:45:26 +0000 (14:45 +0000)]
if_rk_dwc: Fix delays handling
The property are named {t,r}x_delay and not {t,r}-delay.
The upper bits of the register are a mask of which bits is allowed
to be written, set it otherwise we write nothing.
OF_getencprop returns <0 = for an error.
Pointy Hat: myself
Reported by: jmcneill (delay and mask bits)
Justin Hibbits [Wed, 20 Jun 2018 13:30:35 +0000 (13:30 +0000)]
Attach dev.cpu nodes on powerpc SMT cores, using only the first found thread
Summary: In order to use cpufreq(4), a dev.cpu attachment must be created. If
the IBM property is found denoting SMT, attach only to the first thread setup,
so that a cpufreq device can bind.
Andrew Turner [Wed, 20 Jun 2018 11:13:10 +0000 (11:13 +0000)]
Move the SYSINIT to allow userspace access to the ARM generic timer later
in the boot. It doesn't need to be early, so move it to the SI_ORDER_ANY
stage of SI_SUB_SMP.
Fix build breakage in veriexec for 32-bit architectures.
fsid_t and ino_t are 64-bit entities, use uintmax_t typecast to ensure we
can print it on 32-bit or 64-bit architectures by using the %ju format for
prints.
Kyle Evans [Wed, 20 Jun 2018 03:31:19 +0000 (03:31 +0000)]
sort(1): Fix -m when only implicit stdin is used for input
Observe:
printf "a\nb\nc\n" > /tmp/foo
# Next command results in no output
cat /tmp/foo | sort -m
# Next command results in proper output
cat /tmp/foo | sort -m -
# Also works:
sort -m /tmp/foo
Some const'ification was done to simplify the actual solution of adding "-"
explicitly to the file list if we didn't have any file arguments left over.
This application (veriexecctl) handles reading a fingerprints file
containing paths, fingerprints, and optional option flags which in turn
get pushed into the MAC/veriexec meta-data store via the veriexec device.
The format of the fingerprints file is as follows:
path type fingerprint options
The type of fingerprint supported depends on what MAC/veriexec fingerprint
modules have been loaded into the system. The veriexecctl application is
able to determine which ones are available by consulting the
security.mac.veriexec.algorithms sysctl.
The following options are currently supported in MAC/veriexec and by the
veriexecctl application:
indirect
If this option is set then the executable cannot be invoked directly, it
can only be used as an interpreter in shell scripts.
file
Indicates that the fingerprint is associated with a file, not an
executable. Files have their fingerprints verified during open(2) and are
automatically made read only. This option may be used to verify shared
libraries have not been tampered with.
no_ptrace
If this option is set then the executable cannot be traced with the
ptrace(2) process tracing and debugging call.
trusted
If this option is set then the executable is allowed to write to the
mem(4) devices. By default, when verified execution is enforced, no
process is allowed to write to the mem(4) devices.
Device for user space to interface with MAC/veriexec.
The veriexec device features the following ioctl commands:
VERIEXEC_ACTIVE
Activate veriexec functionality
VERIEXEC_DEBUG_ON
Enable debugging mode and increment or set the debug level
VERIEXEC_DEBUG_OFF
Disable debugging mode
VERIEXEC_ENFORCE
Enforce veriexec fingerprinting (and acitvate if not already)
VERIEXEC_GETSTATE
Get current veriexec state
VERIEXEC_LOCK
Lock changes to veriexec meta-data store
VERIEXEC_LOAD
Load veriexec fingerprint if secure level is not raised (and passes the
checks for VERIEXEC_SIGNED_LOAD)
VERIEXEC_SIGNED_LOAD
Load veriexec fingerprints from loader that supports signed manifest
(and thus we can be more lenient about secure level being raised.)
Fingerprints can be loaded if the meta-data store is not locked. Also
securelevel must not have been raised or some fingerprints must have
already been loaded, otherwise it would be dangerous to allow loading.
(Note: this assumes that the fingerprints in the meta-data store at
least cover the fingerprint loader.)
MAC/veriexec implements a verified execution environment using the MAC
framework.
The code is organized into a few distinct pieces:
* The meta-data store (in veriexec_metadata.c) which maps a file system
identifier, file identifier, and generation key tuple to veriexec
meta-data record.
* Fingerprint management (in veriexec_fingerprint.c) which deals with
calculating the cryptographic hash for a file and verifying it. It also
manages the loadable fingerprint modules.
* MAC policy implementation (in mac_veriexec.c) which implements the
following MAC methods:
mpo_init
Initializes the veriexec state, meta-data store, fingerprint modules,
and registers mount and unmount EVENTHANDLERs
mpo_syscall
Implements the following per-policy system calls:
MAC_VERIEXEC_CHECK_FD_SYSCALL
Check a file descriptor to see if the referenced file has a valid
fingerprint.
MAC_VERIEXEC_CHECK_PATH_SYSCALL
Check a path to see if the referenced file has a valid fingerprint.
mpo_kld_check_load
Check if loading a kld is allowed. This checks if the referenced vnode
has a valid fingerprint.
mpo_mount_destroy_label
Clears the veriexec slot data in a mount point label.
mpo_mount_init_label
Initializes the veriexec slot data in a mount point label.
The file system identifier is saved in the veriexec slot data.
mpo_priv_check
Check if a process is allowed to write to /dev/kmem and /dev/mem
devices.
If a process is flagged as trusted, it is allowed to write.
mpo_proc_check_debug
Check if a process is allowed to be debugged. If a process is not
flagged with VERIEXEC_NOTRACE, then debugging is allowed.
mpo_vnode_check_exec
Check is an exectuable is allowed to run. If veriexec is not enforcing
or the executable has a valid fingerprint, then it is allowed to run.
NOTE: veriexec will complain about mismatched fingerprints if it is
active, regardless of the state of the enforcement.
mpo_vnode_check_open
Check is a file is allowed to be opened. If verification was not
requested, veriexec is not enforcing, or the file has a valid
fingerprint, then veriexec will allow the file to be opened.
mpo_vnode_copy_label
Copies the veriexec slot data from one label to another.
mpo_vnode_destroy_label
Clears the veriexec slot data in a vnode label.
mpo_vnode_init_label
Initializes the veriexec slot data in a vnode label.
The fingerprint status for the file is stored in the veriexec slot data.
* Some sysctls, under security.mac.veriexec, for setting debug level,
fetching the current state in a human-readable form, and dumping the
fingerprint database are implemented.
* The MAC policy implementation source file also contains some utility
functions.
* A set of fingerprint modules for the following cryptographic hash
algorithms:
RIPEMD-160, SHA1, SHA2-256, SHA2-384, SHA2-512
* Loadable module builds for MAC/veriexec and fingerprint modules.
WARNING: Using veriexec with NFS (or other network-based) file systems is
not recommended as one cannot guarantee the integrity of the files
served, nor the uniqueness of file system identifiers which are
used as key in the meta-data store.
Allan Jude [Wed, 20 Jun 2018 00:14:54 +0000 (00:14 +0000)]
Revert r335276
This was causing issues for people booting.
I will likely bring this back as an optional feature, similar to
boot0sio, like gptboot-serial or something.
PR: 221526
Reported by: O. Hartmann <ohartmann@walstatt.org>, Thomas Laus <lausts@acm.org>
Bryan Drewery [Tue, 19 Jun 2018 23:39:55 +0000 (23:39 +0000)]
Fix X_COMPILER_* and X_LINKER_* not being passed to installworld environment.
This could lead to 'sh: head: not found' warnings which were a symptom
of running 'ld --version' during installworld. This was only happening
with XCC or XLD set. It is intended that cc and ld do not run during
installworld. The metadata for these are already stored in
compiler-metadata.mk added in r316794.
This also removes redundant CROSSENV additions that were for
WITH_SYSTEM_COMPILER, WITHOUT_CROSS_COMPILER, and WITHOUT_TOOLCHAIN
which all don't have a cc or ld in their PATH during install.
Ed Maste [Tue, 19 Jun 2018 21:26:23 +0000 (21:26 +0000)]
linuxulator: handle V3 capget/capset
Linux 2.6.26 introduced 64-bit capability sets. Extend our stub
implementation to handle both 32- and 64-bit. (We still report no
capabilities in capget, and disallow any in capset.)
Ed Maste [Tue, 19 Jun 2018 17:28:05 +0000 (17:28 +0000)]
usr.bin/ar: use standard 2-Clause FreeBSD license
Many licenses on ar files contained small variations from the standard
FreeBSD license text. To avoid license proliferation switch to the usual
standard 2-clause FreeBSD license for those files where I have obtained
permission from all of the listed copyright holders.
Ilya Bakulin [Tue, 19 Jun 2018 11:23:48 +0000 (11:23 +0000)]
Set MMC_DATA_MULTI flag when doing multi-block transfers
Lower layers (MMC / SDHCI controller drivers) may make certain decisions
based on the presence of this flag. The fact that sdhci.c doesn't
look at this flag is another problem that should be fixed separately.
Found when adding MMCCAM support to AllWinner MMC controller driver
where the presence of this flag actually matters.
Randall Stewart [Tue, 19 Jun 2018 05:28:14 +0000 (05:28 +0000)]
Move the tp set back to where it was before
we started playing with the VNET sets. This
way we have verified the INP settings before
we go to the trouble of de-referencing it.
Reviewed by: and suggested by lstewart
Sponsored by: Netflix Inc.
Matt Macy [Tue, 19 Jun 2018 01:54:00 +0000 (01:54 +0000)]
convert inpcbinfo hash and info rwlocks to epoch + mutex
- Convert inpcbinfo info & hash locks to epoch for read and mutex for write
- Garbage collect code that handled INP_INFO_TRY_RLOCK failures as
INP_INFO_RLOCK which can no longer fail
When running 64 netperfs sending minimal sized packets on a 2x8x2 reduces
unhalted core cycles samples in rwlock rlock/runlock in udp_send from 51% to
3%.
Overall packet throughput rate limited by CPU affinity and NIC driver design
choices.
On the receiver unhalted core cycles samples in in_pcblookup_hash went from
13% to to 1.6%
Navdeep Parhar [Tue, 19 Jun 2018 00:50:27 +0000 (00:50 +0000)]
cxgbe(4): Some mailbox commands require access to the Tx pipeline and
can time out if it's backed up due to a non-stop deluge of PAUSE frames
from a misbehaving peer. Detect this situation and toggle MPS TxEn
to allow forward progress.
Warner Losh [Tue, 19 Jun 2018 00:27:30 +0000 (00:27 +0000)]
Add my script for coping with git-svn and the need to rebase
changes for different branches. It's a bit rough right now,
but should be good enough for most people to try to use. It's
definitely 'tools' tree quality.
Warner Losh [Mon, 18 Jun 2018 23:16:47 +0000 (23:16 +0000)]
Switch to creating UEFI ESPs using loader.efi instead of boot1.efi.
Cope for the fact that laoder.efi, not being boot1, doesn't read
/boot.config by setting boot_serial and force the serial console.
Also add sysctl so we can display the boot method.
Provide a variable, do_boot1_efi, if you want to use boot1 for
testing. But since it's transient, it's just a variable and not
available on the command line.
Michael Tuexen [Mon, 18 Jun 2018 18:35:29 +0000 (18:35 +0000)]
The IP, TCP, and UDP provider report IP addresses as strings.
In some cases, the required information is not available and the
UDP provider reported an empty string in this case and the IP
and TCP provider reported a NULL pointer.
This patch changes the value provided in this case to the string
"<unknown>". This make the behaviour consistent and in-line with
the behaviour of Solaris.
Warner Losh [Mon, 18 Jun 2018 16:24:42 +0000 (16:24 +0000)]
stand: move libgeliboot into libsa.
Reduce by 1 the number of crazy libraries we need in stand by moving
geli into libsa (where architecturally it belonged all along). This
just moves things around without any code changes.
Randall Stewart [Mon, 18 Jun 2018 14:10:12 +0000 (14:10 +0000)]
Move to using the inp->vnet pointer has suggested by lstewart.
This is far better since the hpts system is using the inp
as its basis anyway. Unfortunately his comments came late.
Ed Schouten [Mon, 18 Jun 2018 06:01:28 +0000 (06:01 +0000)]
Fix bad logic in iovlist_truncate().
To conform to RFC 5426, this function is intended to truncate messages
if they exceed the message size limits. Unfortunately, the amount of
space was computed the wrong way around, causing messages to be
truncated entirely.
Reported by: Michael Grimm on stable@
MFC after: 3 days
Devin Teske [Sun, 17 Jun 2018 22:09:43 +0000 (22:09 +0000)]
bsdconfig: Fix a bug when editing users
The usermgmt API was stomping on a global ($user_gid to be specific)
so things would appear to work fine until you tried to make a second
pass into the API with the now-tainted variable contents.
Fixed by localizing menu-specific contents as to not leak outside API.
PR: bin/208774
Reported by: Martin Waschbuesch <martin@waschbuesch.de>
MFC after: 1 week
X-MFC-to: stable/11, stable/10
Sponsored by: Smule, Inc.