Martin Matuska [Wed, 19 Feb 2020 01:46:43 +0000 (01:46 +0000)]
MFC r356212,r356366,r356416,r357785
Update libarchive to version 3.4.2
Relevant vendor changes (r356212):
Issue #351: Refactor and implement private state logic for write filters
PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482)
PR #1255: zip writer - don't append unused NUL for directories
PR #1260: Fix sparse file offset overflow on 32-bit systems
PR #1263: UNICODE filename support for reading lha/lzh format
Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs()
PR #1288: Add the "xattrhdr" option to pax write options
PR #1295: 7z reader - fix reading archives with digests in PackInfo
PR #1296: RAR5 reader - verify window size for multivolume archives
PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files
Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs()
OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error
Fix possible off-by-one when dealing with readlink(2)
Relevant vendor changes (r356366):
Issue #1302: Plug memory leak on failure of archive_write_client_open()
Relevant vendor changes (r356416):
Issue #1302: Re-do fix for archive_write_client_open()
Relevant vendor changes (r357785):
PR #1289: atomic extraction support (bsdtar -x --safe-writes)
PR #1308: big endian fix for UTF16 support in LHA reader
PR #1326: reject RAR5 files that declare invalid header flags
Issue #987: fix support 7z archive entries with Delta filter
Issue #1317: fix compression output buffer handling in XAR writer
Issue #1319: fix uname or gname longer than 32 characters in pax writer
Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR
Use localtime_r() and gmtime_r() instead of localtime() and gmtime()
Brooks Davis [Tue, 18 Feb 2020 21:36:54 +0000 (21:36 +0000)]
MFC r357788:
Mark hme(4) as deprecated.
It was saved from the initial purge of drivers in fcp-101 due to being
the onboard Ethernet device on a number of sparc64 machines. Now that
sparc64 is gone, it serves little purpose (PCI cards exist, but are rare
and are unlikely to have been deployed outside Sun systems).
Dimitry Andric [Tue, 18 Feb 2020 18:17:03 +0000 (18:17 +0000)]
MFC r357976:
Merge r357970 from the clang1000-import branch:
Fix the following -Werror warning from clang 10.0.0 in hptmv(4):
sys/dev/hptmv/ioctl.c:240:4: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation]
_vbus_p=pArray->pVBus;
^
sys/dev/hptmv/ioctl.c:237:10: note: previous statement is here
if(!mIsArray(pArray))
^
This is because the return statement after the if statement was not
indented. (Note that this file has been idented assuming 4-space tabs.)
Dimitry Andric [Tue, 18 Feb 2020 18:15:33 +0000 (18:15 +0000)]
MFC r357873:
Merge r357864 from the clang1000-import branch:
Fix the following -Werror warning from clang 10.0.0 in sconfig:
sbin/sconfig/sconfig.c:909:5: error: misleading indentation; statement is not part of the previous 'else' [-Werror,-Wmisleading-indentation]
exit (-1);
^
sbin/sconfig/sconfig.c:907:6: note: previous statement is here
} else
^
The intent was to group the exit() call with the previous fprintf()
call.
Alexander Motin [Tue, 18 Feb 2020 01:21:56 +0000 (01:21 +0000)]
MFC r357502: Few microoptimizations to dbuf layer.
Move db_link into the same cache line as db_blkid and db_level.
It allows significantly reduce avl_add() time in dbuf_create() on
systems with large RAM and huge number of dbufs per dnode.
Avoid few accesses to dbuf_caches[].size, which is highly congested
under high IOPS and never stays in cache for a long time. Use local
value we are receiving from zfs_refcount_add_many() any way.
Remove cache_size_bytes_max bump from dbuf_evict_one(). I don't see
a point to do it on dbuf eviction after we done it on insertion in
dbuf_rele_and_unlock().
Rick Macklem [Mon, 17 Feb 2020 19:32:54 +0000 (19:32 +0000)]
MFC: r357149
Fix a crash in the NFSv4 server.
The PR reported a crash that occurred when a file was removed while
client(s) were actively doing lock operations on it.
Since nfsvno_getvp() will return NULL when the file does not exist,
the bug was obvious and easy to fix via this patch. It is a little
surprising that this wasn't found sooner, but I guess the above
case rarely occurs.
Colin Percival [Fri, 14 Feb 2020 02:31:20 +0000 (02:31 +0000)]
MFC r353022:
Switch EC2 AMIs from using the dual-dhclient script to using the new
dual-dhclient-daemon daemon. This makes it possible to stop/restart
the dhclients.
Kyle Evans [Fri, 14 Feb 2020 02:27:01 +0000 (02:27 +0000)]
MFC r357756: backup-passwd: mask out all passwords in the diff
The previous expression borked if a username had a plus or hyphen in it.
This is needlessly restrictive- at leSt a hyphen in the middle is valid.
Instead of playing this game, let's just assume the username can't contain a
colon and mask out the second field.
Alan Somers [Thu, 13 Feb 2020 20:49:45 +0000 (20:49 +0000)]
MFC r357235:
Speed up "zpool import" in the presence of many zvols
By default, zpools may not be backed by zvols (that can be changed with the
"vfs.zfs.vol.recursive" sysctl). When that sysctl is set to 0, the kernel
does not attempt to read zvols when looking for vdevs. But the zpool command
still does. This change brings the zpool command into line with the kernel's
behavior. It speeds "zpool import" when an already imported pool has many
zvols, or a zvol with many snapshots.
PR: 241083
Reported by: Martin Birgmeier <d8zNeCFG@aon.at>
Reviewed by: mav, Ryan Moeller <ryan@freqlabs.com>
Sponsored by: Axcient
Differential Revision: https://reviews.freebsd.org/D22077
Alan Somers [Thu, 13 Feb 2020 20:45:32 +0000 (20:45 +0000)]
MFC r356809:
setextattr: Increase stdin buffer size to 4096
Extended attribute values can potentially be quite large. One test for ZFS
is supposed to set a 200MB xattr. However, the buffer size for reading
values from stdin with setextattr -i is so small that the test times out
waiting for tiny chunks of data to be buffered and appended to an sbuf.
Increasing the buffer size should help alleviate some of the burden of
reallocating larger sbufs when writing large extended attributes.
Submitted by: Ryan Moeller <ryan@freqlabs.com>
Sponsored by: iXsystems, Inc.
Differential Revision: https://reviews.freebsd.org/D23211
Alan Somers [Thu, 13 Feb 2020 20:40:36 +0000 (20:40 +0000)]
MFC r355430:
ses: sanitize illegal strings in SES element descriptors
The SES4r3 standard requires that element descriptors may only contain ASCII
characters in the range 0x20 to 0x7e. Some SuperMicro expanders violate
that rule. This patch adds a sanity check to ses(4). Descriptors in
violation will be replaced by "<invalid>".
This patch fixes "sesutil --libxo xml" on such systems. Previously it would
generate non-well-formed XML output.
Alan Somers [Thu, 13 Feb 2020 20:32:05 +0000 (20:32 +0000)]
MFC r355431:
gmultipath: add ATF tests
Add ATF tests for most gmultipath operations. Add some dtrace probes too,
primarily for configuration changes that happen in response to provider
errors.
Kyle Evans [Thu, 13 Feb 2020 03:13:29 +0000 (03:13 +0000)]
MFC r357284, r357419: stdio unlocked
r357284:
stdio: provide _unlocked variants of fflush, fputc, fputs, fread, fwrite
fflush_unlocked is currently desired in ports by sysutils/metalog, and
redefined as the locked fflush.
fputc_unlocked, fputs_unlocked, fread_unlocked, and fwrite_unlocked are
currently desired in ports by devel/elfutils, and redefined as the locked
fputs, fread, and fwrite respectively.
r357419:
libc: provide fputc_unlocked
Among the same justification as the other stdio _unlocked; in addition to an
inline version in <stdio.h>, we must provide a function in libc as well for
the functionality. This fixes the lang/gcc* builds, which want to use the
symbol from libc.
Kyle Evans [Wed, 12 Feb 2020 02:17:20 +0000 (02:17 +0000)]
MFC r357665: geli taste: allow GELIBOOT tagged providers as well
Currently the installer will tag geliboot partitions with both BOOT and
GELIBOOT; the former allows the kernel to taste it at boot, while the latter
is what loaders keys off of.
However, it seems reasonable to assume that if a provider's been tagged with
GELIBOOT that the kernel should also take that as a hint to taste/attach at
boot. This would allow us to stop tagging GELIBOOT partitions with BOOT in
bsdinstall, but I'm not sure that there's a compelling reason to do so any
time soon.
O_SEARCH is defined by POSIX [0] to open a directory for searching, skipping
permissions checks on the directory itself after the initial open(). This is
close to the semantics we've historically applied for O_EXEC on a directory,
which is UB according to POSIX. Conveniently, O_SEARCH on a file is also
explicitly undefined behavior according to POSIX, so O_EXEC would be a fine
choice. The spec goes on to state that O_SEARCH and O_EXEC need not be
distinct values, but they're not defined to be the same value.
This was pointed out as an incompatibility with other systems that had made
its way into libarchive, which had assumed that O_EXEC was an alias for
O_SEARCH.
This defines compatibility O_SEARCH/FSEARCH (equivalent to O_EXEC and FEXEC
respectively) and expands our UB for O_EXEC on a directory. O_EXEC on a
directory is checked in vn_open_vnode already, so for completeness we add a
NOEXECCHECK when O_SEARCH has been specified on the top-level fd and do not
re-check that when descending in namei.
r357461:
namei: preserve errors from fget_cap_locked
Most notably, we want to make sure we don't clobber any capabilities-related
errors. This is a regression from r357412 (O_SEARCH) that was picked up by
the capsicum tests.
r357580:
O_SEARCH test: drop O_SEARCH|O_RDWR local diff
In FreeBSD's O_SEARCH implementation, O_SEARCH in conjunction with O_RDWR or
O_WRONLY is explicitly rejected. In this case, O_RDWR was not necessary
anyways as the file will get created with or without it.
This was submitted upstream as misc/54940 and committed in rev 1.8 of the
file.
r357584:
Record-only MFV of r357583: netbsd-tests: import upstreamed changes
The changes in question originated in FreeBSD/head; no further action is
required.
r357636:
MFV r357635: imnport v1.9 of the O_SEARCH tests
The RCSID data was wrong, so this is effectively a record-only merge
with correction of said data. No further changes should be needed in this
area, as we've now upstreamed our local changes to this specific test.
r357671:
O_SEARCH test: mark revokex an expected fail on NFS
The revokex test does not work when the scratch directory is created on NFS.
Given the nature of NFS, it likely can never work without looking like a
security hole since O_SEARCH would rely on the server knowing that the
directory did have +x at the time of open and that it's OK for it to have
been revoked based on POSIX specification for O_SEARCH.
This does mean that O_SEARCH is only partially functional on NFS in general,
but I suspect the execute bit getting revoked in the process is likely not
common.
r357688:
MFV r357687: Import NFS fix for O_SEARCH tests
The version that ended upstream was ultimately slightly different than the
version committed here; notably, statvfs() is used but it's redefined
appropriately to statfs() on FreeBSD since we don't provide the fstypename
for the former interface.
Kyle Evans [Sun, 9 Feb 2020 19:20:20 +0000 (19:20 +0000)]
MFC r357572: wc(1): account for possibility of file == NULL
file could reasonably be NULL here if we we're using stdin. Albeit less
likely in normal usage, one could actually hit either of these warnings on
stdin.
Alexander Motin [Sat, 8 Feb 2020 21:55:56 +0000 (21:55 +0000)]
MFC r353678 (by avg):
provide a way to assign taskqueue threads to a kernel process
This can be used to group all threads belonging to a single logical
entity under a common kernel process.
I am planning to use the new interface for ZFS threads.
Kyle Evans [Fri, 7 Feb 2020 21:55:45 +0000 (21:55 +0000)]
MFC r357509-r357510: small psm cleanup
r357509:
psm: release resources on attach failure
In exactly 1/3 cases we'll release resources on failure; touch up the other
two to do so as well.
r357510:
psm: use make_dev_s instead of make_dev
This most importantly reduces duplication, but it also removes any potential
race with usage of dev->si_drv1 since it's now set prior to the device being
constructed enough to be accessible.
Kyle Evans [Fri, 7 Feb 2020 19:00:43 +0000 (19:00 +0000)]
MFC r355248: tty: implement TIOCNOTTY
Generally, it's preferred that an application fork/setsid if it doesn't want
to keep its controlling TTY, but it could be that a debugger is trying to
steal it instead -- so it would hook in, drop the controlling TTY, then do
some magic to set things up again. In this case, TIOCNOTTY is quite handy
and still respected by at least OpenBSD, NetBSD, and Linux as far as I can
tell.
I've dropped the note about obsoletion, as I intend to support TIOCNOTTY as
long as it doesn't impose a major burden.
Kyle Evans [Thu, 6 Feb 2020 18:40:37 +0000 (18:40 +0000)]
MFC r357195, r357556: O_SEARCH test fixes
r357195:
netbsd-tests: libc: use correct modes in O_SEARCH tests
The current code clearly intended for these to be octal based on the values
used, but the octal prefix was forgotten. Add it now for correctness, but
note that we don't currently execute these tests.
This has been submitted upstream as misc/54902, so I've omitted the standard
FreeBSD markers that we tend to put into netbsd-tests for upstream-candidate
identification.
r357556:
O_SEARCH tests: plug trivial fd leak
Coverity correctly reports this as a resource leak. It's an admittedly minor
one, but plug it anyways.
Kyle Evans [Thu, 6 Feb 2020 18:37:38 +0000 (18:37 +0000)]
MFC r357193: caroot: blacklisted: automatically pick up *.pem in the tree
This kind of automagica got picked up in trusted/ prior to the initial
commit, but never got applied over in blacklisted. Ideally no one will be
using blacklisted/ to store arbitrary certs that they don't intend to
blacklist, so we should just install anything that's in here rather than
force consumer to first copy cert into place and then modify the file
listing in the Makefile.
Wise man once say: "it is better to restrict too much, than not enough.
sometimes."
Kyle Evans [Wed, 5 Feb 2020 21:30:31 +0000 (21:30 +0000)]
MFC r357410-r357411: Avoid duplicating VEXEC checks in VOP_CACHEDLOOKUP
r357410: pseudofs: don't do VEXEC check in VOP_CACHEDLOOKUP
VOP_CACHEDLOOKUP should assume that the appropriate VEXEC check has been
done in the caller (vfs_cache_lookup), so it does not belong here.
r357411: zfs: light refactor to indicate cachedlookup in zfs_lookup
If we come from VOP_CACHEDLOOKUP, we must skip the VEXEC check as it will
have been done in the caller (vfs_cache_lookup). This is a part of D23247,
which may skip the earlier VEXEC check as well if the root fd was opened
with O_SEARCH.
This one required slightly more work as zfs_lookup may also be called
indirectly as VOP_LOOKUP or a couple of other places where we must do the
check.
MFCr356926:
Even when the MK_CASPER is set to "no" we still want to install man pages
and the headers. If the user decides to install the system without Casper
support, then the Casper functions are mocked, but they still exist in
the system.
Cy Schubert [Wed, 5 Feb 2020 20:55:59 +0000 (20:55 +0000)]
MFC r356949:
Fix build when WITHOUT_WPA_SUPPLICANT_EAPOL option used.
The build failure was discoved by Michael Dexter's recent Build Options
Survey run, at https://callfortesting.org/results/bos-2020-01-16/\
WITHOUT_WPA_SUPPLICANT_EAPOL-small.txt.
Reported by: Michael Dexter <editor@callfortesting.org> via emaste
r356249-r356250, r356313:
Reduce memory footprint of fsck_msdosfs.
This utility was initially written for FAT12/16, which were inherently
small. When FAT32 support was added, the old data structure and
algorithms remain used with minimal changes.
With growing size of FAT32 media, the current data structure that
requires 4 32-bit variables per each FAT32 table entry would consume up
to 4 GiB of RAM, which can be too big for systems with limited RAM
available.
Address this by taking a different approach of validating the FAT.
The FAT is essentially a set of linked lists of chains that was
referenced by directory entries, and the checker needs to make sure that
the linked chains of clusters do not have cross-linked chains, and every
chain were referenced by one and only one directory entry. Instead of
keeping track of the chain's 'head' cluster number, the size of the
chain, the used status of the chain and the "next" pointer which is
content of the FAT table, we create accessors for the FAT table data
for the "next" pointer, and keep only one bit to indicate if the
current cluster is a 'head' node of a cluster chain, in a bitmap.
We further overhaul the FAT checker to find out the possible head nodes
by excluding ones that are not (in other words, nodes that have some
other nodes claiming them as the next node) instead of marking the head
nodes for each node on the chain. This approach greatly reduced the
complexiety of computation from O(N^2) worst case, to an O(N) scan for
worst case. The file (cluster chain) length is not useful for the FAT
checker, so don't bother to calculate them in the FAT checker and
instead leave the task to the directory structure check, at which point
we would have non-crossed cluster chains, and we are guaranteed that
each cluster will be visited for at most one time.
When checking the directory structures, we use the head node indicator
to as the visited (used) flag: every cluster chain can only be
referenced by one directory entry, so we clear them when calculating
the length of the chain, and we can immediately tell if there are
anomalies in the directory entry.
As a result, the required RAM size is now 1 bit per each entry of
the FAT table, plus memory needed to hold the FAT table in memory,
instead of 16 bytes (=128 bits) per each entry. For FAT12 and FAT16,
we will load the whole FAT table into memory as they are smaller than
128KiB, and for FAT32, we first attempt to mmap() it into memory, and
when that fails, we would fall back to a simple LRU cache of 4 MiB of
RAM.
sbin/fsck_msdosfs/boot.c:
- Added additional sanity checks for valid FAT32/FAT16/FAT12 cluster
number.
- FAT32: check if root directory starts with a valid cluster number,
moved from dir.c. There is no point to proceed if the filesystem
is already damaged beyond repair.
sbin/fsck_msdosfs/check.c:
- Combine phase 1 and phase 2, now that the readfat() is able to
detect cross chains.
sbin/fsck_msdosfs/dir.c:
- Refactor code to use FAT accessor instead of accessing the internal
representation of FAT table.
- Make use of the cluster chain head bitmap.
- Clarify and simplify directory entry check, remove unnecessary
checks that are would be done at a later time (for example, whether
the directory's second cluster is a valid one, which is examined
more throughly in a later checkchain() and does not prevent us
from proceeding further).
sbin/fsck_msdosfs/dosfs.h:
- Remove internal representation of FAT table, which is replaced by
the head bitmap that is opaque to other code.
- Added a special CLUST_DEAD cluster type to indicate errors.
sbin/fsck_msdosfs/ext.h:
- Added a flag that overrides mmap(2) setting. The corresponding
command line option, -M is intentionally undocumented as we do not
expect users to need it.
- Added accessors for FAT table and convert existing interface to use
it.
sbin/fsck_msdosfs/fat.c:
- Added head bitmap to represent whether a cluster is a head cluster.
- Converted FAT internal representation to accessors.
- Implemented a LRU cache for FAT32 when mmap(2) should not or can not
be used.
- _readfat: Attempt a mmap(2) and fall back to regular read for
non-FAT32 file systems; use the LRU cache for FAT32 and prepopulate
the cache with the first 4MiB of the entries.
- readfat: Added support of head bitmap and use the population scan to
detect bogus chains.
- clusterdiff: removed, FATs are copied from the checked copy via
writefat()/copyfat().
- checkchain: calculates the length of a cluster chain and make sure
that it ends with a valid EOF marker.
- clearchain: follow and clear a chain and maintain the free cluster
count.
- checklost: convert to use head bitmap. At the end of all other scans,
the remaining 'head' nodes are leaders of lost cluster chains.
sbin/fsck_msdosfs/fat.c:
- Added a new -M option which is intentionally undocumented, to disable
the use of mmap().
r356434:
fsck_msdosfs.8: document -M.
r356657:
Tighten FAT checks and fix off-by-one error in corner case.
sbin/fsck_msdosfs/fat.c:
- readfat:
* Only truncate out-of-range cluster pointers (1, or greater than
NumClusters but smaller than CLUST_RSRVD), as the current cluster
may contain some data. We can't fix reserved cluster pointers at
this pass, because we do no know the potential cluster preceding
it.
* Accept valid cluster for head bitmap. This is a no-op, and mainly
to improve code readability, because the 1 is already handled in
the previous else if block.
- truncate_at: absorbed into checkchain.
- checkchain: save the previous node we have traversed in case that we
have a chain that ends with a special (>= CLUST_RSRVD) cluster, or is
free. In these cases, we need to truncate at the cluster preceding the
current cluster, as the current cluster contains a marker instead of
a next pointer and can not be changed to CLUST_EOF (the else case can
happen if the user answered "no" at some point in readfat()).
- clearchain: correct the iterator for next cluster so that we don't
stop after clearing the first cluster.
- checklost: If checkchain() thinks the chain have no cluster, it
doesn't make sense to reconnect it, so don't bother asking.
r357421:
Diff reduction against NetBSD, no functional change.
Alexander Motin [Wed, 5 Feb 2020 00:47:03 +0000 (00:47 +0000)]
MFC r356993: Update route MTUs for bridge, lagg and vlan interfaces.
Those interfaces may implicitly change their MTU on addition of parent
interface in addition to normal SIOCSIFMTU ioctl path, where the route
MTUs are updated normally.
Dimitry Andric [Tue, 4 Feb 2020 20:09:25 +0000 (20:09 +0000)]
MFC r357349:
Merge r357348 from the clang 10.0.0 import branch:
Disable new clang 10.0.0 warnings about converting the result of shift
operations to a boolean in tpm(4):
sys/dev/tpm/tpm_crb.c:301:32: error: converting the result of '<<' to a boolean; did you mean '(1 << (0)) != 0'? [-Werror,-Wint-in-bool-context]
WR4(sc, TPM_CRB_CTRL_CANCEL, !TPM_CRB_CTRL_CANCEL_CMD);
^
sys/dev/tpm/tpm_crb.c:73:34: note: expanded from macro 'TPM_CRB_CTRL_CANCEL_CMD'
#define TPM_CRB_CTRL_CANCEL_CMD BIT(0)
^
sys/dev/tpm/tpm20.h:60:19: note: expanded from macro 'BIT'
#define BIT(x) (1 << (x))
^
Such warnings can be useful in C++ contexts, but not so much in kernel
drivers, where this type of bit twiddling is commonplace. So disable it
for this case.
MFC r357366:
Revert r357349, since the clang 10.0.0 warning was actually correct, and
the ! operator should have been a ~ instead:
Merge r357348 from the clang 10.0.0 import branch:
Disable new clang 10.0.0 warnings about converting the result of
shift operations to a boolean in tpm(4):
sys/dev/tpm/tpm_crb.c:301:32: error: converting the result of '<<' to a boolean; did you mean '(1 << (0)) != 0'? [-Werror,-Wint-in-bool-context]
WR4(sc, TPM_CRB_CTRL_CANCEL, !TPM_CRB_CTRL_CANCEL_CMD);
^
sys/dev/tpm/tpm_crb.c:73:34: note: expanded from macro 'TPM_CRB_CTRL_CANCEL_CMD'
#define TPM_CRB_CTRL_CANCEL_CMD BIT(0)
^
sys/dev/tpm/tpm20.h:60:19: note: expanded from macro 'BIT'
#define BIT(x) (1 << (x))
^
Such warnings can be useful in C++ contexts, but not so much in kernel
drivers, where this type of bit twiddling is commonplace. So disable
it for this case.
Noticed by: cem
MFC r357367:
Fix new clang 10.0.0 warnings about converting the result of shift
operations to a boolean in tpm(4):
sys/dev/tpm/tpm_crb.c:301:32: error: converting the result of '<<' to a boolean; did you mean '(1 << (0)) != 0'? [-Werror,-Wint-in-bool-context]
WR4(sc, TPM_CRB_CTRL_CANCEL, !TPM_CRB_CTRL_CANCEL_CMD);
^
sys/dev/tpm/tpm_crb.c:73:34: note: expanded from macro 'TPM_CRB_CTRL_CANCEL_CMD'
#define TPM_CRB_CTRL_CANCEL_CMD BIT(0)
^
sys/dev/tpm/tpm20.h:60:19: note: expanded from macro 'BIT'
#define BIT(x) (1 << (x))
^
In this case, the intent was to clear the zeroth bit, and leave the rest
unaffected. Therefore, the ~ operator should be used instead.
Noticed by: cem
MFC r357388:
Amend r357367 by using register values from the TPM datasheet.
As Ian Lepore noted, writing ~1 to a register might have a completely
different effect than doing a regular read-modify-write operation.
Follow the TCG_PC_Client_Platform_TPM_Profile_PTP_2.0_r1.03_v22
datasheet instead, and use the actual values mentioned there:
(uint32_t)1 to cancel the command, (uint32_t)0 to clear the field.
Dimitry Andric [Tue, 4 Feb 2020 19:51:26 +0000 (19:51 +0000)]
MFC r357346:
Merge r357342 from the clang1000-import branch:
Work around two -Werror warning issues in googletest, which have been
solved upstream in the mean time.
The first issue is because one of googletest's generated headers contain
classes with a user-declared copy assignment operator, but rely on the
generation by the compiler of an implicit copy constructor, which is now
deprecated:
/usr/obj/usr/src/amd64.amd64/tmp/usr/include/private/gtest/internal/gtest-param-util-generated.h:5284:8: error: definition of implicit copy constructor for 'CartesianProductHolder3<testing::internal::ParamGenerator<bool>, testing::internal::ValueArray3<int, int, int>, testing::internal::ValueArray4<cache_mode, cache_mode, cache_mode, cache_mode> >' is deprecated because it has a user-declared copy assignment operator [-Werror,-Wdeprecated-copy]
void operator=(const CartesianProductHolder3& other);
^
/usr/obj/usr/src/amd64.amd64/tmp/usr/include/private/gtest/gtest-param-test.h:1277:10: note: in implicit copy constructor for 'testing::internal::CartesianProductHolder3<testing::internal::ParamGenerator<bool>, testing::internal::ValueArray3<int, int, int>, testing::internal::ValueArray4<cache_mode, cache_mode, cache_mode, cache_mode> >' first required here
return internal::CartesianProductHolder3<Generator1, Generator2, Generator3>(
^
/usr/src/tests/sys/fs/fusefs/io.cc:534:2: note: in instantiation of function template specialization 'testing::Combine<testing::internal::ParamGenerator<bool>, testing::internal::ValueArray3<int, int, int>, testing::internal::ValueArray4<cache_mode, cache_mode, cache_mode, cache_mode> >' requested here
Combine(Bool(), /* async read */
^
For now, silence the warning using -Wno-deprecated-copy.
The second issue is because one of the googlemock test programs attempts
to use "unsigned wchar_t" and "signed wchar_t", which are non-standard
and at best, hazily defined:
contrib/googletest/googlemock/test/gmock-actions_test.cc:111:37: error: 'wchar_t' cannot be signed or unsigned [-Wsigned-unsigned-wchar]
EXPECT_EQ(0U, BuiltInDefaultValue<unsigned wchar_t>::Get());
^
contrib/googletest/googlemock/test/gmock-actions_test.cc:112:36: error: 'wchar_t' cannot be signed or unsigned [-Wsigned-unsigned-wchar]
EXPECT_EQ(0, BuiltInDefaultValue<signed wchar_t>::Get());
^
For now, silence the warning using -Wno-signed-unsigned-wchar.
Dimitry Andric [Tue, 4 Feb 2020 19:46:29 +0000 (19:46 +0000)]
MFC r357340:
Merge r357339 from the clang1000-import branch:
Fix the following -Werror warning from clang 10.0.0 in bsnmpd:
usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c:1661:4: error: misleading indentation; statement is not part of the previous 'else' [-Werror,-Wmisleading-indentation]
return (-1);
^
usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c:1658:5: note: previous statement is here
} else
^
The intent was to group the return statement with the previous syslog()
call.
Dimitry Andric [Tue, 4 Feb 2020 19:31:01 +0000 (19:31 +0000)]
MFC r357268:
Merge r357260 from the clang1000-import branch:
Fix the following -Werror warning from clang 10.0.0 in procstat:
usr.bin/procstat/procstat_sigs.c:79:3: error: misleading indentation; statement is not part of the previous 'else' [-Werror,-Wmisleading-indentation]
xo_close_container(name);
^
usr.bin/procstat/procstat_sigs.c:77:4: note: previous statement is here
} else
^
The intent was to group the xo_close_container() call to the previous
snprintf() call.
Dimitry Andric [Tue, 4 Feb 2020 19:24:10 +0000 (19:24 +0000)]
MFC r357269:
Merge r357267 from the clang1000-import branch:
Fix the following -Werror warning from clang 10.0.0 in tip:
usr.bin/tip/tip/tip.c:428:4: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation]
if (gch == EOF)
^
usr.bin/tip/tip/tip.c:426:5: note: previous statement is here
} else if (!cumode && gch == character(value(FORCE)))
^
The intent was to have the EOF check grouped with the getchar() call
just above it. This was accidentally introduced in r354624.
Dimitry Andric [Tue, 4 Feb 2020 19:01:17 +0000 (19:01 +0000)]
MFC r357227:
Merge r357225 from the clang1000-import branch:
Fix the following -Werror warning from clang 10.0.0 in newfs_msdos:
sbin/newfs_msdos/newfs_msdos.c:181:2: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation]
if (o.align) {
^
sbin/newfs_msdos/newfs_msdos.c:179:5: note: previous statement is here
if (argc < 1 || argc > 2)
^
Toomas Soome [Tue, 4 Feb 2020 07:15:33 +0000 (07:15 +0000)]
MFC r357442:
loader: bc_add can not use any other probes than ah=0x4b
CD boot is broken for some systems since bioscd and biosdisk merge. The issue is that we can not use anything else than int 13 ah=0x4b to query cd information.
The patch does restore the same probe as was originally used in bioscd.c. Additionally extra buffer padding is used to avoid memory corruption caused by some systems.
Kristof Provost [Tue, 4 Feb 2020 04:29:54 +0000 (04:29 +0000)]
MFC r357234, r357365, r357375:
tests: Test for an epair panic
if_epair abused the ifr_data field to insert its second interface in
IFC_IFLIST. If userspace provides a value for ifr_data it would get
dereferenced by the kernel leading to a panic.
Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Philip Paeps [Sun, 2 Feb 2020 08:46:29 +0000 (08:46 +0000)]
MFC r357292:
acpi_ibm: add support for ThinkPad PrivacyGuard
ThinkPad PrivacyGuard is a built-in toggleable privacy filter that
restricts viewing angles when on. It is an available on some new
ThinkPad models such as the X1 Carbon 7th gen (as an optional HW
upgrade).
The privacy filter can be enabled/disabled via an ACPI call. This commit
adds a sysctl under dev.acpi_ibm that allows for getting and setting the
PrivacyGuard state.
Dimitry Andric [Fri, 31 Jan 2020 20:04:32 +0000 (20:04 +0000)]
MFC r357226:
Merge r357224 from the clang1000-import branch:
Fix the following -Werror warning from clang 10.0.0 in binutils:
contrib/binutils/bfd/peicode.h:1356:3: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation]
if (efi)
^
contrib/binutils/bfd/peicode.h:1353:8: note: previous statement is here
if (pe_arch (bfd_target_efi_arch (*target_ptr)) != arch)
^
contrib/binutils/bfd/peicode.h:1370:3: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation]
if (!efi)
^
contrib/binutils/bfd/peicode.h:1367:8: note: previous statement is here
if (pe_arch (bfd_target_pei_arch (*target_ptr)) != arch)
^
Warner Losh [Fri, 31 Jan 2020 13:18:25 +0000 (13:18 +0000)]
MFC r354922
> Author: imp <imp@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
> Date: Wed Nov 20 23:45:31 2019 +0000
>
> Create /etc/os-release file.
>
> Each boot, regenerate /var/run/os-release based on the currently running
> system. Create a /etc/os-release symlink pointing to this file (so that this
> doesn't create a new reason /etc can not be mounted read-only).
>
> This is compatible with what other systems do and is what the sysutil/os-release
> port attempted to do, but in an incomplete way. Linux, Solaris and DragonFly all
> implement this natively as well. The complete standard can be found at
> https://www.freedesktop.org/software/systemd/man/os-release.html
>
> Moving this to the base solves both the non-standard location problem with the
> port, as well as the lack of update of this file on system update.
>
> Bump __FreeBSD_version to 1300060
>
> PR: 238953
> Differential Revision: https://reviews.freebsd.org/D22271
Kristof Provost [Fri, 31 Jan 2020 10:34:36 +0000 (10:34 +0000)]
MFC r357233:
epair: Do not abuse params to register the second interface
if_epair used the 'params' argument to pass a pointer to the b interface
through if_clone_create().
This pointer can be controlled by userspace, which means it could be abused to
trigger a panic. While this requires PRIV_NET_IFCREATE
privileges those are assigned to vnet jails, which means that vnet jails
could panic the system.
Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Alexander Motin [Thu, 30 Jan 2020 16:11:19 +0000 (16:11 +0000)]
MFC r343111,343113-343115 (by mckusick):
Create new EINTEGRITY error with message "Integrity check failed".
An integrity check such as a check-hash or a cross-correlation failed.
The integrity error falls between EINVAL that identifies errors in
parameters to a system call and EIO that identifies errors with the
underlying storage media. EINTEGRITY is typically raised by intermediate
kernel layers such as a filesystem or an in-kernel GEOM subsystem when
they detect inconsistencies. Uses include allowing the mount(8) command
to return a different exit value to automate the running of fsck(8)
during a system boot.
These changes make no use of the new error, they just add it. Later
commits will be made for the use of the new error number and it will
be added to additional manual pages as appropriate.
Kristof Provost [Thu, 30 Jan 2020 09:56:56 +0000 (09:56 +0000)]
MFC r356816:
Fix pfdenied not returning any results
When _a is empty we end up with an invalid invocation of pfctl, and no output.
We must add quotes to make it clear to pfctl that we're passing an empty anchor
name.