mav [Thu, 27 Jun 2019 14:26:57 +0000 (14:26 +0000)]
MFC r349376: Fix strsep_quote() on strings without quotes.
For strings without quotes and escapes dstptr and srcptr are equal, so
zeroing *dstptr before checking *srcptr is not a good idea. In practice
it means that in -maproot=65534:65533 everything after the colon is lost.
The problem was there since r293305, but before r346976 it was covered by
improper strsep_quote() usage.
gjb [Tue, 25 Jun 2019 19:35:56 +0000 (19:35 +0000)]
Release notes documentation:
- r338938, oce(4) version 11.0.50.0.
- r341987, mlx4en(4) and mlx5en(4) version 3.5.0.
- r349181, ixl(4) and ixlv(4) version 1.11.9 and 1.5.8.
Approved by: re (implicit)
Sponsored by: Rubicon Communications, LLC (Netgate)
erj [Wed, 19 Jun 2019 00:37:54 +0000 (00:37 +0000)]
MFS r349163: ixl(4)/ixlv(4): Update Intel XL710 PF and VF drivers to ixl-1.11.9 and ixlv-1.5.8
Update the legacy (non-iflib) drivers in stable/11 with recent changes from the
Intel out-of-tree version.
Major changes:
- Support for new BASE-T device with additional link speeds (2.5G and 5G) and EEE
- Additional I2C access methods backported from ixl-iflib
- FW LLDP Agent control with sysctl added for X722 devices (this already
existed for 710 devices)
- MAC/VLAN filters handling has been refactored
- Building and loading if_ixlv as a KLD has been fixed
This commit is not from CURRENT since the driver in 12/13 uses iflib, and the decision was
made to not use iflib in FreeBSD 11 releases.
gjb [Fri, 14 Jun 2019 00:30:52 +0000 (00:30 +0000)]
Post-branch updates to release-related documentation:
- Bump copyright years.
- Note in parenthesis 11.3 may be the last 11.x release.
- Prune stale errata items from 11.2-RELEASE.
- Fix mailing list in the readme page.
- Bump version numbers accordingly.
This has no effect or impact on the in-progress 11.3-RC1
build.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
gjb [Fri, 14 Jun 2019 00:03:48 +0000 (00:03 +0000)]
Copy stable/11@r349022 to releng/11.3 as part of the 11.3-RELEASE
cycle.
Update releng/11.3 from BETA3 to RC1.
Switch the default dvd1.iso pkg(8) repository from latest to
quarterly.
Bump __FreeBSD_version.
Prune vestigial svn:mergeinfo from the new branch.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
hselasky [Tue, 11 Jun 2019 08:50:26 +0000 (08:50 +0000)]
MFC r348797:
Fix for reading the configuration descriptor in libusb. Catch invalid
configuration descriptor reads early on to avoid issues with devices
that don't check for a valid USB configuration read request.
Submitted by: takahiro.kurosawa@gmail.com
PR: 238412
Approved by: re (kib)
kevans [Mon, 10 Jun 2019 16:36:31 +0000 (16:36 +0000)]
MFC r342747 (mmacy): zfsboot: support newer ZFS versions
declare v3 objset size/layout to fix userboot and possibly other loader
issues
- fix for userboot assertion failure in zfs_dev_close in free due to out of
bounds write
- fix for zfs_alloc / zfs_free mismatch assertion failure when booting GPT
on BIOS
kevans [Mon, 10 Jun 2019 15:55:38 +0000 (15:55 +0000)]
MFC r348569: [zfsboot] Fix boot env back compat (#190)
* Fix boot env back compat
zfsboot must try zfsloader before loader in order to remain compatible
with boot environments created prior to zfs functionality being rolled
into loader proper.
* Improve comments in zfsboot
Explain the significance of the load path order, and put the comment
about looping through the paths in the appropriate scope.
slavash [Mon, 10 Jun 2019 13:44:29 +0000 (13:44 +0000)]
MFC r348601:
Fix prio vs. nonprio tagged traffic in RDMACM
In current RDMACM implementation RDMACM server will not find a GID
index when the request was prio-tagged and the sever is non
prio-tagged and vise-versa.
According to 802.1Q-2014, VLAN tagged packets with VLAN id 0 should
be considered as untagged. Treat RDMACM request the same.
hselasky [Mon, 10 Jun 2019 13:36:12 +0000 (13:36 +0000)]
MFC r348631:
In usb(4) fix a lost completion event issue towards libusb(3). It may happen
if a USB transfer is cancelled that we need to fake a completion event.
Implement missing support in ugen_fs_copy_out() to handle this.
This fixes issues with webcamd(8) and firefox.
Approved by: re (gjb)
Sponsored by: Mellanox Technologies
hselasky [Mon, 10 Jun 2019 13:15:49 +0000 (13:15 +0000)]
MFC r348604:
In xhci(4) there is no stream ID in the completion TRB.
Instead iterate all the stream IDs in stream mode to find
the matching USB transfer.
jhb [Thu, 6 Jun 2019 20:03:55 +0000 (20:03 +0000)]
MFC 348542: Add 'device cxgbe' explicitly in the synopsis.
ccr depends on symbols exported by the cxgbe driver as well as having
a runtime dependency. While the runtime depenency was noted in the
manpage already, the compile-time dependency wasn't as clear.
allanjude [Thu, 6 Jun 2019 05:10:32 +0000 (05:10 +0000)]
MFC r348065:
Correct the way remaining battery life is calculated
Previously, if a system had multiple batteries, the remaining life
percentage was calculated as the average of each battery's percent
remaining. This results in rather incorrect values when you consider the
case of the Thinkpad X270 that has a small 3 cell internally battery, and
a hot-swappable 9 cell battery that is used first. Battery 0 is at 100%,
but battery 1 is at 10%, you do not infact have 55% of your capacity
remaining.
The new method calculates the percentage based on remaining capacity
out of total capacity, giving a much more accurate reading.
PR: 229818
Submitted by: Keegan Drake H.P. <kd-dev@pm.me>
Sponsored by: Klara Systems
Event: Waterloo Hackathon 2019
Approved by: re (gjb)
The `zfs userspace` squashes all entries with unresolved numeric
values into a single output entry due to the comparsion always
made by the string name which is empty in case of unresolved IDs.
Fix this by falling to a numerical comparison when either one
of string values is not found. This then compares any numerical
values after all with a name resolved.
Signed-off-by: Pavel Boldin <boldin.pavel@gmail.com> Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reported by: clusteradm
Obtained from: ZFS-on-Linux
cxgbe/t4_tom: adjust the hardware receive window to match changes to the
receive sockbuf's high water mark.
Calculate rx credits on the spot instead of tracking sbused/sb_cc and
rx_credits in the toepcb. The previous method worked when the high
water mark changed due to SB_AUTOSIZE but not when it was adjusted
directly (for example, by the soreserve in nfsrvd_addsock).
This fixes a connection hang while running iozone over an NFS mounted
share where nfsd's TCP sockets are being handled by t4_tom.
Relevant vendor changes:
Issue #795: XAR - do not try to add xattrs without an allocated name
PR #812: non-recursive option for extract and list
PR #958: support reading metadata from compressed files
PR #999: add --exclude-vcs option to bsdtar
Issue #1062: treat empty archives with a GNU volume header as valid
PR #1074: Handle ZIP files with trailing 0s in the extra fields
(Android APK archives)
PR #1109: Ignore padding in Zip extra field data (Android APK archives)
PR #1167: fix problems related to unreadable directories
Issue #1168: fix handling of strtol() and strtoul()
PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter
PR #1174: ZIP reader - fix of MSZIP signature parsing
PR #1175: gzip filter - fix reading files larger than 4GB from memory
PR #1177: gzip filter - fix memory leak with repeated header reads
PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field
PR #1181: RAR5 - fix merge_block() recursion
(OSS-Fuzz 12999, 13029, 13144, 13478, 13490)
PR #1183: fix memory leak when decompressing ZIP files with LZMA
PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817
OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables
OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations
OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables
PR #1186: RAR5 - fix invalid type used for dictionary size mask
(OSS-Fuzz 14537)
PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555)
PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories
(OSS-Fuzz 14574)
PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds
OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry
OSS-Fuzz 14331: RAR5 - fix maximum owner name length
OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check
Additional RAR5 reader changes:
- support symlinks, hardlinks, file owner, file group, versioned files
- change ARCHIVE_FORMAT_RAR_V5 to 0x100000
- set correct mode for readonly directories
- support readonly, hidden and system Windows file attributes
MFC r347999:
Install missing data file for
lib.libarchive.functional_test.test_read_format_zip_utf8_paths
348206:
Add deprecation warnings for weaker algorithms to geli(4).
- Triple DES has been formally deprecated in Kerberos (RFC 8429)
and is soon to be deprecated in IPsec (RFC 8221).
- Blowfish is deprecated. FreeBSD doesn't support its successor
(Twofish).
- MD5 is generally considered a weak digest that has known attacks.
geli refuses to create new volumes using these algorithms via 'geli
init'. It also warns when attaching to existing volumes or creating
temporary volumes via 'geli onetime' . The plan is to fully remove
support for these algorithms in FreeBSD 13.
Note that none of these algorithms have ever been the default
algorithm used by geli(8). Users would have had to explicitly select
these algorithms when creating volumes in the past.
348231:
Correct the argument passed to g_eli_algo2str()
348454:
Remove tests for the deprecated algorithms in r348206
The tests are failing because the return value and output have changed, but
before test code structure adjusted, removing these test cases help people
be able to focus on more important cases.
kevans [Mon, 3 Jun 2019 16:47:51 +0000 (16:47 +0000)]
MFC r348509: jail_getid(3): add special-case immediate return for jid 0
As depicted in the comment: jid 0 always exists, but the lookup will fail as
it does not appear in the kernel's alljails list being a special jail. Some
callers will expect/rely on this, and we have no reason to lie because it
does always exist.
ken [Fri, 31 May 2019 20:36:32 +0000 (20:36 +0000)]
MFC r348247:
------------------------------------------------------------------------
r348247 | ken | 2019-05-24 13:58:29 -0400 (Fri, 24 May 2019) | 57 lines
Fix FC-Tape bugs caused in part by r345008.
The point of r345008 was to reset the Command Reference Number (CRN)
in some situations where a device stayed in the topology, but had
changed somehow.
This can include moving from a switch connection to a direct
connection or vice versa, or a device that temporarily goes away
and comes back. (e.g. moving to a different switch port)
There were a couple of bugs in that change:
- We were reporting that a device had not changed whenever the
Establish Image Pair bit was not set. That is not quite correct.
Instead, if the Establish Image Pair bit stays the same (set or
not), the device hasn't changed in that way.
- We weren't setting PRLI Word0 in the port database when a new
device arrived, so comparisons with the old value for the
Establish Image Pair bit weren't really possible. So, make sure
PRLI Word0 is set in the port database for new devices.
- We were resetting the CRN whenever the Establish Image Pair bit
was set for a device, even when the device had stayed the same
and the value of the bit hadn't changed. Now, only reset the
CRN for devices that have changed, not devices that sayed the
same.
The result of all of this was that if we had a single FC device on
an FC port and it went away and came back, we would wind up
correctly resetting the CRN.
But, if we had multiple devices connected via a switch, and there
was any change in one or more of those devices, all of the devices
that stayed the same would also have their CRN values reset.
The result, from a user standpoint, is that the tape drives, etc.
would all start to time out commands and the initiator would send
aborts.
sys/dev/isp/isp.c:
In isp_pdb_add_update(), look at whether the Establish
Image Pair bit has changed as part of the check to
determine whether a device is still the same. This was
causing erroneous change notifications. Also, when
creating a new port database entry, initialize the
PRLI Word 0 values.
sys/dev/isp/isp_freebsd.c:
In isp_async(), in the changed/stayed case, instead of
looking at the Establish Image Pair bit to determine
whether to reset the CRN, look at the command value.
(Changed vs. Stayed.) Only reset the CRN for devices
that have changed.
------------------------------------------------------------------------
jhb [Fri, 31 May 2019 20:26:56 +0000 (20:26 +0000)]
MFC 348205:
Add deprecation warnings for IPsec algorithms deprecated in RFC 8221.
All of these algorithms are either explicitly marked MUST NOT, or they
are implicitly MUST NOTs by virtue of not being included in IETF's
list of protocols at all despite having assignments from IANA.
Specifically, this adds warnings for the following ciphers:
- des-cbc
- blowfish-cbc
- cast128-cbc
- des-deriv
- des-32iv
- camellia-cbc
Warnings for the following authentication algorithms are also added:
- hmac-md5
- keyed-md5
- keyed-sha1
- hmac-ripemd160
tuexen [Thu, 30 May 2019 16:32:18 +0000 (16:32 +0000)]
MFC r338053:
Don't expose the uptime via the TCP timestamps.
The TCP client side or the TCP server side when not using SYN-cookies
used the uptime as the TCP timestamp value. This patch uses in all
cases an offset, which is the result of a keyed hash function taking
the source and destination addresses and port numbers into account.
The keyed hash function is the same a used for the initial TSN.
The use of
VNET_DEFINE_STATIC(u_char, ts_offset_secret[32]);
had to be replaced by
VNET_DEFINE(u_char, ts_offset_secret[32]);
MFC r348290:
When an ACK segment as the third message of the three way handshake is
received and support for time stamps was negotiated in the SYN/SYNACK
exchange, perform the PAWS check and only expand the syn cache entry if
the check is passed.
Without this check, endpoints may get stuck on the incomplete queue.
Reviewed by: jtl@, rrs@
Approved by: re (kib@))
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D16636
Differential Revision: https://reviews.freebsd.org/D20374
jhb [Wed, 29 May 2019 23:11:07 +0000 (23:11 +0000)]
MFC 347033:
Increase the VirtIO segment count to support modern Windows guests.
The Windows virtio driver ignores the advertized seg_max field and
assumes the host can accept up to 67 segments in indirect descriptors,
triggering an assert in the bhyve process.
This brings back r282922 but with a couple of changes:
- It raises the block interface segment limit to 128 instead of 67.
- Linux's virtio driver assumes that the segment limit is no
larger than the ring size. To avoid breaking Linux guests,
raise the VirtIO ring size to 128, and cap the VirtIO segment
limit at ring size - 2 (effectively 126).
cy [Wed, 29 May 2019 19:11:09 +0000 (19:11 +0000)]
MFC r347642:
The driver list prints "(null)" for the NDIS driver when -h (help) or
an unknown switch is passed outputting the command usage. This is
because the NDIS driver is uninitialized when usage help is printed.
To resolve this we initialize the driver prior to the possibility of
printing the usage help message.
dim [Wed, 29 May 2019 18:32:43 +0000 (18:32 +0000)]
MFC r348288:
Pull in r361696 from upstream llvm trunk (by Sanjay Patel):
[SelectionDAG] soften assertion when legalizing narrow vector FP ops
The test based on PR42010:
https://bugs.llvm.org/show_bug.cgi?id=42010
...may show an inaccuracy for PPC's target defs, but we should not be
so aggressive with an assert here. There's no telling what
out-of-tree targets look like.
This fixes an assertion when building the graphics/mesa-dri port for
PowerPC64.
Approved by: re (kib)
Reported by: Mark Millard <marklmi26-fbsd@yahoo.com>
PR: 238082