bjk [Mon, 16 Dec 2013 02:30:56 +0000 (02:30 +0000)]
MFC r259286,259424,259425:
Apply patch from upstream Heimdal for encoding fix
RFC 4402 specifies the implementation of the gss_pseudo_random()
function for the krb5 mechanism (and the C bindings therein).
The implementation uses a PRF+ function that concatenates the output
of individual krb5 pseudo-random operations produced with a counter
and seed. The original implementation of this function in Heimdal
incorrectly encoded the counter as a little-endian integer, but the
RFC specifies the counter encoding as big-endian. The implementation
initializes the counter to zero, so the first block of output (16 octets,
for the modern AES enctypes 17 and 18) is unchanged. (RFC 4402 specifies
that the counter should begin at 1, but both existing implementations
begin with zero and it looks like the standard will be re-issued, with
test vectors, to begin at zero.)
This is upstream's commit f85652af868e64811f2b32b815d4198e7f9017f6,
from 13 October, 2013:
% Fix krb5's gss_pseudo_random() (n is big-endian)
%
% The first enctype RFC3961 prf output length's bytes are correct because
% the little- and big-endian representations of unsigned zero are the
% same. The second block of output was wrong because the counter was not
% being encoded as big-endian.
%
% This change could break applications. But those applications would not
% have been interoperating with other implementations anyways (in
% particular: MIT's).
Bump __FreeBSD_version accordingly and add a note in UPDATING.
pfg [Thu, 12 Dec 2013 16:18:45 +0000 (16:18 +0000)]
MFC r241959:
Fix a number of other clang warnings in libstdc++, which could appear
when building other C++ software with it. Also fix one actual bug in
libsupc++, which was exposed by such a warning. This latter fix is the
only functional change.
This is required for newer versions of gcc and clang which have
stricter warnings about parenthesis in C++ programs.
pfg [Wed, 11 Dec 2013 19:30:27 +0000 (19:30 +0000)]
MFC r256448, r257029;
Make di_blocks unsigned in UFS1 as is the case already for UFS2.
Most of the code between UFS1 and UFS2 is shared so this change
is pretty safe. Not only this makes UFS1 and 2 consistent but it
also matches what NetBSD and MacOS X have for some years now.
UFS2: make di_extsize unsigned.
di_extsize is the EA size and as such it should be unsigned.
Adjust related types for consistency.
delphij [Thu, 28 Nov 2013 22:08:41 +0000 (22:08 +0000)]
MFC r257879:
Fix typo in r256646: We want to generate lists of directories in
INDEX-OLD and INDEX-NEW and compare them, not generate the same
list of directories from INDEX-OLD twice...
Pointy hats to: cperciva & everybody who didn't proofread
EN-13:04 enough
Errata Notice: FreeBSD-EN-13:05.freebsd-update
avg [Mon, 25 Nov 2013 15:40:20 +0000 (15:40 +0000)]
MFC r258353: zfs page_busy: fix the boundaries of the cleared range
This is a fix for a regression introduced in r246293.
vm_page_clear_dirty expects the range to have DEV_BSIZE aligned
boundaries,
otherwise it extends them. Thus it can happen that the whole page is
marked clean while actually having some small dirty region(s).
This commit makes the range properly aligned and ensures that only
the clean data is marked as such.
It would interesting to evaluate how much benefit clearing with
DEV_BSIZE
granularity produces. Perhaps instead we should clear the whole page
when it is completely overwritten and don't bother clearing any bits
if only a portion a page is written.
jhb [Fri, 15 Nov 2013 15:08:58 +0000 (15:08 +0000)]
MFC 256293:
Sanitize the %eflags returned by BIOS routines. Some BIOS routines enter
protected mode and may leave protected-mode-specific flags like PSL_NT set
when they return to real mode. This can cause a fault when BTX re-enters
protected mode after the BIOS mode returns.
jhb [Thu, 14 Nov 2013 21:27:19 +0000 (21:27 +0000)]
MFC 255497:
Fix an off-by-one error when populating mincore(2) entries for
skipped entries. lastvecindex references the last valid byte,
so the new bytes should come after it.
jhb [Wed, 13 Nov 2013 18:35:06 +0000 (18:35 +0000)]
MFC 255248:
Use an unsigned long when indexing into mfchashtbl[] and mf6ctable[]. This
matches the types used when computing hash indices and the type of the
maximum size of mfchashtbl[].
jhb [Wed, 13 Nov 2013 17:10:18 +0000 (17:10 +0000)]
MFC 254699,255030:
Use tvtohz() to convert a socket buffer timeout to a tick value rather
than using a home-rolled version. The home-rolled version could result
in shorter-than-requested sleeps.
jhb [Wed, 6 Nov 2013 21:00:18 +0000 (21:00 +0000)]
MFC 254287: Some small cleanups to the fixes in r180340:
- Set NOTE_TRACKERR before running filt_proc(). If the knote did not
have NOTE_FORK set in fflags when registered, then the TRACKERR event
could miss being posted.
- Don't pass the pid in to filt_proc() for NOTE_FORK events. The special
handling for pids is done knote_fork() directly and no longer in
filt_proc().
jhb [Wed, 6 Nov 2013 19:35:06 +0000 (19:35 +0000)]
MFC 254072:
Don't emit a spurious EVFILT_PROC event with no fflags set on process exit
if NOTE_EXIT is not being monitored. The rationale is that a listener
should only get an event for exit() if they registered interest via
NOTE_EXIT. This matches the behavior on OS X.
- Don't save the exit status on process exit unless NOTE_EXIT is being
monitored.
- Add an internal EV_DROP flag that requests kqueue_scan() to free the
knote without signalling it to userland and use this when a process
exits but the fflags in the knote is zero.
delphij [Tue, 5 Nov 2013 20:00:17 +0000 (20:00 +0000)]
MFC r257539:
When zero'ing out a buffer, make sure we are using right size.
Without this change, in the worst but unlikely case scenario, certain
administrative operations, including change of configuration, set or
delete key from a GEOM ELI provider, may leave potentially sensitive
information in buffer allocated from kernel memory.
We believe that it is not possible to actively exploit these issues, nor
does it impact the security of normal usage of GEOM ELI providers when
these operations are not performed after system boot.
Security: possible sensitive information disclosure
Submitted by: Clement Lecigne <clecigne google com>
jhb [Tue, 5 Nov 2013 19:54:35 +0000 (19:54 +0000)]
MFC 253656: Enhance the description of NOTE_TRACK:
- NOTE_TRACK has never triggered a NOTE_TRACK event from the parent pid.
If NOTE_FORK is set, the listener will get a NOTE_FORK event from
the parent pid, but not a separate NOTE_TRACK event.
- Explicitly note that the event added to monitor the child process
preserves the fflags from the original event.
- Move the description of NOTE_TRACKERR under NOTE_TRACK as it is not a
bit for the user to set (which is what this list pupports to be).
Also, explicitly note that if an error occurs, the NOTE_CHILD event
will not be generated.
edwin [Tue, 5 Nov 2013 06:39:23 +0000 (06:39 +0000)]
MFC of 257681
tzdata2013f
- Jordan goes to winter time on the last Friday in October.
- Tocantins in Brazil will not go into summer time in October.
- Indonesian time zones renames.
- Lots of cleanups in with regarding to links and historical data.
tzdata2013h
- Libya didn't go back to DST.
- Fix Morocco 2038 issue.
- Brazil/Acre and ?Western Amazonas are chaning timezones.
yongari [Mon, 4 Nov 2013 08:48:35 +0000 (08:48 +0000)]
MFC r257307:
Fix regression introduced in r235816.
r235816 triggered kernel panic or hang after warm boot.
Don't blindly restore BCE_EMAC_MODE media configuration in
bce_reset(). If driver is about to shutdown it will invoke
bce_reset() which in turn results in restoring BCE_EMAC_MODE
media configuration. This operation seems to confuse controller
firmware.
hselasky [Wed, 30 Oct 2013 06:16:11 +0000 (06:16 +0000)]
MFC r257206:
Fix a deadlock when trying to power off a USB device. The deadlock
happens because the code in question is trying to modify the parent
USB port registers outside the USB explore thread.
delphij [Sat, 26 Oct 2013 19:54:28 +0000 (19:54 +0000)]
MFC r256646, r256767, r257038:
When installing updates, install new directories first and remove old
directories last.
Allow ~ in file names so libtool droppings in contrib don't break updates.
It has happened twice now, and is likely to happen again.
Be more selective when filtering for lib*.so.N files. These are deleted
at the end of the upgrade process, after warning users to upgrade any
3rd party software (e.g., from the ports tree) which might link to the
libraries being removed.
delphij [Fri, 25 Oct 2013 15:45:29 +0000 (15:45 +0000)]
MFC r253816: MFV r253780:
To quote Illumos #3875:
The problem here is that if we ever end up in the error
path, we drop the locks protecting access to the zfsvfs_t
prior to forcibly unmounting the filesystem. Because z_os
is NULL, any thread that had already picked up the zfsvfs_t
and was sitting in ZFS_ENTER() when we dropped our locks
in zfs_resume_fs() will now acquire the lock, attempt to
use z_os, and panic.
Illumos ZFS issues:
3875 panic in zfs_root() after failed rollback
hselasky [Fri, 25 Oct 2013 06:47:01 +0000 (06:47 +0000)]
MFC r256750:
Improve XHCI stability. When a command timeout happens, the command
should be aborted else the command queue can stop. Refer to section
"4.6.1.2" of the XHCI specification.
dim [Sat, 12 Oct 2013 16:11:57 +0000 (16:11 +0000)]
MFC r255931:
Fix a bug in ld, where indirect symbols are not handled properly during
linking of a shared library, leading to corrupt indexes in the dynamic
symbol table. This should fix the multimedia/ffmpegthumbnailer port.
bdrewery [Thu, 10 Oct 2013 12:47:34 +0000 (12:47 +0000)]
MFC r255944 (partial):
Use MK_SSP=no after including bsd.own.mk to disable SSP instead of user-knob
WITH[OUT]_SSP to avoid hitting an error if user has WITH_SSP in their
make.conf. Ports now use this knob.
make[7]: "/usr/src/share/mk/bsd.own.mk" line 466: WITH_SSP and
WITHOUT_SSP can't both be set.
des [Mon, 7 Oct 2013 08:20:56 +0000 (08:20 +0000)]
MFH (r255243): create /var/authpf with correct ownership and permissions
MFH (r255597): add unbound user to facilitate cross-building
MFH (r256097): add missing entries to ftpusers and reorder
trociny [Thu, 3 Oct 2013 18:53:13 +0000 (18:53 +0000)]
MFC r255714, r255716, r255717:
r255714:
Use cv_broadcast() instead of cv_signal() when waking up threads
waiting on an empty queue as the queue may have several consumers.
Before the fix the following scenario was possible: 2 threads are
waiting on empty queue, 2 threads are inserting simultaneously. The
first inserting thread detects that the queue is empty and is going to
send the signal, but before it sends the second thread inserts
too. When the first sends the signal only one of the waiting threads
receive it while the other one may wait forever.
The scenario above is is believed to be the cause of the observed
cases, when ggate_recv_thread() was getting stuck on taking free
request, while the free queue was not empty.
When updating the map of dirty extents, most recently used extents are
kept dirty to reduce the number of on-disk metadata updates. The
sequence of operations is:
1) acquire the activemap lock;
2) update in-memory map;
3) if the list of keepdirty extents is changed, update on-disk metadata;
4) release the lock.
On-disk updates are not frequent in comparison with in-memory updates,
while require much more time. So situations are possible when one
thread is updating on-disk metadata and another one is waiting for the
activemap lock just to update the in-memory map.
Improve this by introducing additional, on-disk map lock: when
in-memory map is updated and it is detected that the on-disk map needs
update too, the on-disk map lock is acquired and the on-memory lock is
released before flushing the map.
trociny [Thu, 3 Oct 2013 18:50:09 +0000 (18:50 +0000)]
MFC r255521, r255526, r255707:
r255521 (jmg):
add support for writing the pid of the daemon program to a pid file so
that daemon can be used w/ rc.subr and ports can use the additional
functionality, such as keeping the ldap daemon up and running, and have
the proper program to signal to exit.
PR: bin/181341
Submitted by: feld
r255526 (joel):
mdoc: remove EOL whitespace.
r255707:
1. Properly clean pid files in the case of the error.
2. Write the supervisor pid before the restart loop, so we don't
uselessly rewrite it after every child restart.
3. Remove duplicate ppfh and pfh initialization.
hselasky [Tue, 1 Oct 2013 08:41:28 +0000 (08:41 +0000)]
MFC r255768:
Stability fixes for Intel LynxPoint XHCI controllers. Disable XHCI port
routing if we get certain errors. Poll for command completion upon
command timeouts. The XHCI error events might not generate interrupts.
fix a bug where we access a bread buffer after we have brelse'd it...
The kernel normally didn't unmap/context switch away before we accessed
the buffer most of the time, but under heavy I/O pressure and lots of
mount/unmounting this would cause a fault on nofault panic...
NULL stale pointers (should be a no-op as they should no longer be
used)...
MFC r255844:
Ensure that the ERESTART return from the syscall reloads the registers,
to make the restarted syscall instruction pass the correct arguments.
MFC r254742:
Hold mfi_io_lock across calls to xpt_rescan() and xpt_alloc_ccb_nowait().
xpt_rescan() expects the SIM lock to be held, and we trip a mtx_assert if
the driver initiates multiple rescans in quick succession.
MFC r255488:
Don't issue USB resume signalling in USB device mode, if the USB power
mode is ON and suspend is detected. This confuses iPads running in USB
host mode at least.
This bug fix is in a code path in rename taken when there is a
collision between a rename and an open system call for the same
target file. Here, rename releases its vnode references, waits for
the open to finish, and then restarts by reacquiring its needed
vnode locks. In this case, rename was unlocking but failing to
release its reference to one of its held vnodes. The effect was
that even after all the actual references to the vnode had gone,
the vnode still showed active references. For files that had been
removed, their space was not reclaimed until the filesystem was
forcibly unmounted.
This bug manifested itself in the Postgres server which would
leak/lose hundreds of files per day amounting to many gigabytes of
disk space. This bug required shutting down Postgres, forcibly
unmounting its filesystem, remounting its filesystem and restarting
Postgres every few days to recover the lost space.
Reported by: Dan Thomas and Palle Girgensohn
Bug-fix by: kib
Tested by: Dan Thomas and Palle Girgensohn
- Make quirk for reading device descriptor from broken USB devices.
Else they won't enumerate at all:
hw.usb.full_ddesc=1
- Reduce the USB descriptor read timeout from 1000ms to
500ms. Typical value for LOW speed devices is 50-100ms.
- Enumerate USB device a maximum of 3 times when a port
connection change event is detected, before giving up.
Revert parts of r245132 and r245175. We don't need to write to the
IMAN register to clear the pending interrupt status bits. This patch
tries to solve problems seen on the MacBook Air, as reported by
Johannes Lundberg <johannes@brilliantservice.co.jp>
Merge r238990 (manually resolving absence of r237263):
Fix races between in_lltable_prefix_free(), lla_lookup(),
llentry_free() and arptimer():
o Use callout_init_rw() for lle timeout, this allows us safely
disestablish them.
- This allows us to simplify the arptimer() and make it
race safe.
o Consistently use ifp->if_afdata_lock to lock access to
linked lists in the lle hashes.
o Introduce new lle flag LLE_LINKED, which marks an entry that
is attached to the hash.
- Use LLE_LINKED to avoid double unlinking via consequent
calls to llentry_free().
- Mark lle with LLE_DELETED via |= operation istead of =,
so that other flags won't be lost.
o Make LLE_ADDREF(), LLE_REMREF() and LLE_FREE_LOCKED() more
consistent and provide more informative KASSERTs.
The patch is a collaborative work of all submitters and myself.
PR: kern/165863
Submitted by: zont, rstone
Submitted by: Eric van Gyzen <eric_van_gyzen dell.com>
des [Tue, 10 Sep 2013 10:12:09 +0000 (10:12 +0000)]
In IPv6 and NetATM, stop SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR
and SIOCSIFNETMASK at the socket layer rather than pass them on to the
link layer without validation or credential checks. [SA-13:12]
Prevent cross-mount hardlinks between different nullfs mounts of the
same underlying filesystem. [SA-13:13]
MFC r254018:
Pass variables prefixed with both LD_ and LD_32_ to the run-time linker.
This prevents unintentional execution of programs when running ldd(1) on
32-bit Linux binaries.
jilles [Sun, 25 Aug 2013 15:00:34 +0000 (15:00 +0000)]
MFC r250412: posix_spawn_file_actions_addopen(3): Correct error for bad file
descriptor.
As per POSIX.1-2008, posix_spawn_file_actions_add* return [EBADF] if a file
descriptor is negative, not [EINVAL]. The bug was only in the manual page;
the code is correct.
ae [Thu, 22 Aug 2013 06:24:02 +0000 (06:24 +0000)]
MFC r254095:
gpt_entries is used as limit for the number of partition entries in
the GEOM_PART. Instead of just using number of entries from the GPT
header, calculate this limit based on the reserved space between
GPT header and first available LBA.
bryanv [Tue, 20 Aug 2013 19:17:01 +0000 (19:17 +0000)]
MFC r254457
Do not use potentially stale thread in kthread_add()
When an existing process is provided, the thread selected to use
to initialize the new thread could have exited and be reaped.
Acquire the proc lock earlier to ensure the thread remains valid.
tuexen [Thu, 15 Aug 2013 04:35:25 +0000 (04:35 +0000)]
MFC r254338:
Don't send uninitialized memory (two instances of 4 bytes) in
every cookie on the wire. This bug was reported in
https://bugzilla.mozilla.org/show_bug.cgi?id=905080
gshapiro [Thu, 15 Aug 2013 01:40:55 +0000 (01:40 +0000)]
MFC: Temporarily revert sendmail 8.14.7 change to getipnodebyname() flags
to prevent problems between the resolver and Microsoft DNS servers with
AAAA lookups. The upstream open source project will work on a more
permanent fix for the next release. Issue noted by Pavel Timofeev.