manu [Thu, 13 Jul 2017 13:40:18 +0000 (13:40 +0000)]
Add an rc.d script to setup a netflow export via ng_netflow
The default is to export netflow data on localhost on the netflow port.
ngtee is used to have the lowest overhead possible.
The ipfw ng hook is the netflow port (it can only be numeric)
Default is netflow version 5.
Add some basic tests for hexdump(1)'s various output flags. Formatting
tests are omitted for this initial run as there are still some bugs to work
out there.
This covers -s flag testing on devices and non-devices that would have
caught breakage found in PR 219173 as well as other subtle breakage caused
locally.
META_MODE: Fix not writing .meta files in the kernel build.
This was a regression in r320220 due to improper porting of the
same logic from share/mk/bsd.dep.mk and having only tested with
-DNO_FILEMON at the time.
Pointyhat to: bdrewery
Reported by: Mark Millard, dhw, O. Hartmann
Sponsored by: Dell EMC Isilon
Make the %b formatter accept number formatting flags. It will now accept
alternate form, precision, and length modifiers. It also now partially
supports field width (but forces left justification).
MFV r320905: Import upstream fix for CVE-2017-11103.
In _krb5_extract_ticket() the KDC-REP service name must be obtained from
encrypted version stored in 'enc_part' instead of the unencrypted version
stored in 'ticket'. Use of the unecrypted version provides an
opportunity for successful server impersonation and other attacks.
ian [Wed, 12 Jul 2017 02:53:54 +0000 (02:53 +0000)]
Support multiple realtime clocks, and remove locking/sleeping restrictions
on clock drivers.
This tracks multiple concurrent realtime clock drivers in a list sorted by
clock resolution. When system time changes (and periodically) the
clock_settime() methods of all registered clocks are invoked.
To initialize system time, each driver is tried in turn from best to worst
resolution, until one succesfully returns a valid time.
The code no longer holds a mutex while calling the clock_settime() and
clock_gettime() methods of the registered clocks. This allows clock drivers
to do whatever kind of locking or sleeping is necessary (this is especially
important for i2c clock chips since i2c drivers often need to sleep).
A new clock_register_flags() function allows the clock driver to pass
flags. The flags currently defined help support drivers that use their own
techniques to avoid roundoff errors (prevents the 4/5 rounding done by the
subr_rtc code). A driver which may need to wait for resources (such as bus
ownership) may pass a flag to indicate that it will obtain system time for
itself after waiting for resources; this is merely an optimization to avoid
the common code retrieving a timespec that will never get used.
ian [Wed, 12 Jul 2017 02:42:57 +0000 (02:42 +0000)]
Protect access to the AT realtime clock with its own mutex.
The mutex protecting access to the registered realtime clock should not be
overloaded to protect access to the atrtc hardware, which might not even be
the registered rtc. More importantly, the resettodr mutex needs to be
eliminated to remove locking/sleeping restrictions on clock drivers, and
that can't happen if MD code for amd64 depends on it. This change moves the
protection into what's really being protected: access to the atrtc date and
time registers.
This change also adds protection when the clock is accessed from
xentimer_settime(), which bypasses the resettodr locking.
Consistently use vop_stdpathconf() for default pathconf values.
Update filesystems not currently using vop_stdpathconf() in pathconf
VOPs to use vop_stdpathconf() for any configuration variables that do
not have filesystem-specific values. vop_stdpathconf() is used for
variables that have system-wide settings as well as providing default
values for some values based on system limits. Filesystems can still
explicitly override individual settings.
As hinted in the commit log message for r259042, this is unnecessary.
Moreover, as a result of that change we may invoke a DSO's atexit handler
after it has been unmapped.
andrew [Tue, 11 Jul 2017 16:30:16 +0000 (16:30 +0000)]
Add external PLATFORM access on arm, and use it in the pl310 driver.
This allows multiple instances of SoCs that use the pl310 driver to be
built within the same kernel:
* Add access to the platform_t object from outside platform.c
* Use this with the pl310 driver
There is a new platform_pl310 interface to replace the existing code. SoCs
need to implement the init method, and if they have special requirements to
write to the two registers we care about will also need to implement the
write_ctrl and write_debug methods.
Make fsck_y_enable default to passing pass -R to fsck_ffs(8) in addition
to -y. To me, fsck_y_enable means "try as hard as possible", and without
-R, it... well, doesn't.
Make sure the mlx4en RX DMA ring gets stamped with software ownership
in order to prevent the flow of QP to error in the firmware once
UPDATE_QP is called.
MFC after: 3 days
Sponsored by: Mellanox Technologies
Create libdl.so.1 as a filter for libc.so.7 which exports public dl*
functions. The functions are resolved from the rtld instead, the goal
of creating library is to avoid errors from the static linker due to
missed libdl. For static binaries, an empty .o is compiled into
libdl.a so that static binaries still get dl stubs from libc.a.
Right now lld cannot create filter objects, disable libdl on arm64
when binutils are not used.
Reviewed by: bdrewery, dim (previos version); emaste
Exp run: PR 220525, done by antoine
Sponsored by: The FreeBSD Foundation
MFC after: 1 month
Differential revision: https://reviews.freebsd.org/D11504
Fix attribute flipping for cut marking in pixel mode. The text-mode
code was used, so the lightness bit was not flipped, so the flipping
was unnecessarily null in some cases. E.g., the unusal color scheme
of lightwhite on white (white = lightgrey in kernelspeak) is not
completely unusable, except null flipping of it gave no visible marks
for cut marking. Now flipping it works in pixel mode only.
Fix text cursor attribute adjustment over cut marking in text mode for
the usual cursor type (non-blinking full block). Apply the flipping
for cut marking first and adjust that instead of vice versa. This
gives a uniform color scheme for the usual text cursor type in text
mode: a white block background with no change to the character
foreground except for variations to avoid collisions. The old order
gave a white character fg with no change in the bg in non-colliding
cases. Versions before r316636 changed the bg to the non-cut-marked
one about half the time using a saveunder bug; this accidentally gave
something resembling a block cursor half the time.
- Delete trailing whitespace.
- Replace 8 single column spaces with hard tabs.
- Delete lines with consisting purely of blank space.
- Add space between `return` and `(`, per style(9).
Special care was taken to not blindly replace 8 single column spaces
with tabs; doing so could break tools that do strict string comparisons
with camcontrol output.
pf_purge_thread() breaks up the work of iterating all states (in
pf_purge_expired_states()) and tracks progress in the idx variable.
If multiple vnets exist this results in pf_purge_thread() only calling
pf_purge_expired_states() for part of the states (the first part of the
first vnet, second part of the second vnet and so on).
Combined with the mark-and-sweep approach to cleaning up old rules (in
V_pf_unlinked_rules) that resulted in pf freeing rules that were still
referenced by states. This in turn caused panics when pf_state_expires()
encounters that state and attempts to access the rule.
We need to track the progress per vnet, not globally, so idx is moved
into a per-vnet V_pf_purge_idx.
Added mmcnull, an emulated lightweight MMC controller
This emulated device attaches to the ISA bus and registers itself as
HBA supporting MMC/SD cards. This allows to develop and test MMC XPT
and MMC / SDIO peripheral drivers even in the VM such as bhyve.
Implement the MMC/SD/SDIO protocol within a CAM framework. CAM's
flexible queueing will make it easier to write non-storage drivers
than the legacy stack. SDIO drivers from both the kernel and as
userland daemons are possible, though much of that functionality will
come later.
Some of the CAM integration isn't complete (there are sleeps in the
device probe state machine, for example), but those minor issues can
be improved in-tree more easily than out of tree and shouldn't gate
progress on other fronts. Appologies to reviews if specific items
have been overlooked.
Reported by: antoine
Tested by: Stefan Ehmann <shoesoft@gmx.net>,
Jan Kokemueller <jan.kokemueller@gmail.com>
PR: 220493
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
manu [Sun, 9 Jul 2017 13:53:32 +0000 (13:53 +0000)]
Update DTS files from Linux 4.12
Notable changes:
Allwinner:
* H3/H5 were merged into a common dtsi file
* include/dt-bindings/sun4i-a10.h is not included anymore
in a lot of dts files
* Add sun8i-h3-nanopi-neo-air board DTS file
Move open coding of construction of attributes for cut regions and
text cursors to functions so that it is easier to fix and improve.
This commit doesn't fix anything except for removing unnecessary
complications and adding comments.
Switch prison check from PROV_DRIVER to PRIV_KMEM_WRITE (like /dev/mem).
Access to the dri device gives effectively access to the entire memory of the machine (you can program
the graphic card to do DMA).
For current/stable/release this is a NOP, as access to memory is not allowed in a jail. This puts the dri
device into the same (in)security class than /dev/mem for future use.
Discussed with: anholt(?) several years ago
Sponsored by: Hackathon Essen 2017
- Extend pr_allow flags visually to 32 bits, to make it more obvious at first look how much flags we still
have available to use in the future.
- Add kmem_access flag as a placeholder (reserve it), not used yet.
Add many bitmaps (now there are 13) for mouse cursors and logic to try
to choose the best one.
The old 9x13 cursor was was sort of correct for CGA 640x200 text mode,
but distorted for all other modes. This mode is still available on
all systems with VGA, but stopped being useful in ~1985. It has very
unsquare pixels with an aspect ratio of 240:100 on 4:3 monitors. On
16:9 monitors, the unsquareness in this mode is reduced to only 180:100
iff the monitor stretches the pixels to the full screen.
Newer modes and systems have smaller distortions, but with many more
variations. Square pixels first became common with VGA 640x480 mode
on 4:3 monitors. However, standard VGA text mode also has 9-bit wide
characters and only 25 lines, so it has 720x400 pixels. This has
unsquare pixels with an aspect ratio of 135:100 on 4:3 monitors. On
16:9 monitors, it gives almost-square pixels with an aspect ration of
101:100 iff the monitor stretches, but in modes that were square on
4:3 monitors square similar monitor stretching breaks the squareness.
Guess the physical aspect ratio using heuristics. The old version of
X that I use is further from doing this using info from PnP monitors
that is unavailable in syscons (X doesn't understand if the monitor
is doing stretching and doesn't even understand how its its own mode
changes affect the pixel size). Monitors with aspect ratio control
should be configured to _not_ stretch 4:3 modes to 16:9. Otherwise,
use the machdep.vga_aspect_scale sysctl to compensate. Only 1 of my
4 monitors/laptops requires this. It always stretches to 16:9.
The mouse data has new aspect ratio fields for selecting the best
cursor and a new name field for display in debugging messages.
Selecting the mouse cursor is now a slow operation so it is not done
for every drawing of the cursor. To avoid a new initialization method,
it is done whenever the text cursor is set or changed. Also remove
dead code in settings of text cursors.
Use larger mouse cursors (sometimes the full 10x16 one) for 8x8 fonts
in cases where this works better (mostly in graphics mode).
SYSTEM_COMPILER: Ensure there is not a stale compiler in WORLDTMP.
In a scenario of cross-building it is possible that an OBJDIR's WORLDTMP
contains an older compiler in WORLDTMP/usr/bin/cc that is not rebuilt
if SYSTEM_COMPILER logic is triggered. This compiler was still
incorrectly used. Address this by removing WORLDTMP/usr/bin/cc and all
of the hardlinked files associated with it. Also do this for c++ for
GCC builds.
Add files to help manage the (vga) syscons mouse cursor.
To mostly fix distortion of mouse cursors by non-square pixels, I
needed 8 variants of the same cursor shape for large fonts and
another 7 variants for small fonts. Some variants are shared,
leaving only 13 variants in 26 glyphs altogether. Keep these in
the BDF source file cursor.bdf. cursor.bdf has another 5 unused
experimental cursors in 10 glyphs. cursor.awk is a simple awk
script for converting this and similar bdf files into C declarations
for copying into scvgarndr.c. syscons doesn't use any of this yet.
Fix handling of one more possible exception on return to usermode.
If %ss is loaded with a segment pointing to a non-present descriptor
by the IRETD instruction, a kernel-mode #SS exception is generated.
Resulting T_STKFLT trap must be checked against doreti_iret_fault
location and handled, otherwise userspace may panic the kernel.
Note that this is i386 variant of FreeBSD-SA-15:21.amd64, but unlike
amd64, there is no swapgs on i386 and the issue is arguably not
exploitable.
Reported by: Maxime Villard <max@m00nbsd.net>
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Fix "mount -uw /" when the filesystem type doesn't match.
This basically makes "mount -uw /" work when the filesystem
mounted on / is NFS, but the one configured in fstab(5) is UFS,
which can happen when you forget to modify fstab.
Note that the whole special case ("else if (argv[0][0] == '/'")
is probably not needed anyway. I'll take a look at removing it
altogether; for now this is a minimally intrusive fix.
After some tests, here are the services that run into a vnet jail:
- defaultroute
- dhclient
- ip6addrctl
- natd
- pf
- pfsync
- pflog (deamon runs, pflog0 interface usable, but /var/log/pflog not filled)
- rarpd
- route6d (do nothing anyway because obsolete)
- routed (do nothing anyway because obsolete)
- rtsold
- static_arp
- static_ndp
Correctly ignore branch operators in the top-level parser when applicable.
An oversight in r320742 caused BREs to become sensitive to the branching operator prematurely, which caused
breakage in some limited situations -- namely, those that tried to use branching in a BRE. Most of these scenarios
had already been corrected beforehand to properly use gsed or grep for GNU extensions, so the damage is
slightly mitigated.
Reported by: antoine
Reported by: antoine
Approved by: emaste (mentor)
Differential Revision: https://reviews.freebsd.org/D11522