Jamie Gritton [Tue, 16 Feb 2021 19:19:13 +0000 (11:19 -0800)]
MFC jail: Handle a possible race between jail_remove(2) and fork(2)
jail_remove(2) includes a loop that sends SIGKILL to all processes
in a jail, but skips processes in PRS_NEW state. Thus it is possible
the a process in mid-fork(2) during jail removal can survive the jail
being removed.
Add a prison flag PR_REMOVE, which is checked before the new process
returns. If the jail is being removed, the process will then exit.
Also check this flag in jail_attach(2) which has a similar issue.
Allan Jude [Sun, 14 Feb 2021 18:39:09 +0000 (18:39 +0000)]
Use iflib_if_init_locked() during media change instead of iflib_init_locked().
iflib_init_locked() assumes that iflib_stop() has been called, however,
it is not called for media changes.
iflib_if_init_locked() calls stop then init, so fixes the problem.
PR: 253473
Sponsored by: Juniper Networks, Inc., Klara, Inc.
NOTE 1: There is no need to dump and reload repositories, and the
working copy format is still the same as Subversion 1.8 through 1.13.
NOTE 2: The upstream release also contains a fix for a security issue in
mod_dav_svn (CVE-2020-17525), but since we do not build or use any
Apache modules, it is not an issue for the FreeBSD base system.
Dimitry Andric [Wed, 10 Feb 2021 22:28:43 +0000 (23:28 +0100)]
Fix incorrect hypotl(3) result with subnormal numbers
This adjusts the factor used to scale the subnormal numbers, so it
becomes the right value after adjusting its exponent. Thanks to Steve
Kargl for finding the most elegant fix.
Also enable the hypot tests, and add a test case for this bug.
Fix lib/msun/test builds on platforms without 80-bit long doubles
After d3338f3355a612cf385632291f46c5777bba8d18, the lib/msun test case
'hypotl_near_underflow' would fail to compile on platforms where long
doubles weren't 80 bit, like on x86. Disable this particular test on
such platforms for now.
MFC 12148d4300db:
Fix for locking order reversal in USB audio driver, when using mmap().
Locking the second lock which causes the LOR, can be skipped because
the code updating the shared variables is always executing from the
same USB thread.
lock order reversal:
1st 0xfffff80005cc3840 pcm7:play:dsp7.p0 (pcm play channel, sleep mutex)
@ usb_transfer.c:2342
2nd 0xfffff80005cc3860 pcm7:record:dsp7.r0 (pcm record channel, sleep mutex)
@ uaudio.c:2317
lock order pcm record channel -> pcm play channel established at:
witness_checkorder+0x461
__mtx_lock_flags+0x98
dsp_mmap_single+0x151
vm_mmap_cdev+0x65
devfs_mmap_f+0x143
kern_mmap_req+0x594
sys_mmap+0x46
amd64_syscall+0x12e
fast_syscall_common+0xf8
lock order pcm play channel -> pcm record channel attempted at:
witness_checkorder+0xd82
__mtx_lock_flags+0x98
uaudio_chan_play_callback+0xeb
usbd_callback_wrapper+0x7ec
usb_command_wrapper+0x7e
usb_callback_proc+0x8e
usb_process+0xf3
fork_exit+0x80
fork_trampoline+0xe
Found by: Stefan Ehmann <shoesoft@gmx.net>
Sponsored by: Mellanox Technologies // NVIDIA Networking
Rick Macklem [Mon, 18 Jan 2021 03:00:41 +0000 (19:00 -0800)]
mount_nfs: update man page description for oneopenown
A recent email discussion indicated that a large
accumulation of NFSv4 Opens was occurring on
a mount. This appears to have been caused by a
shared library within the mount being used by
several processes, such that there is always at
least one of these processes running.
A new Open was created by each process and
were not closed, since all the Opens were never
closed. This is alleviated by using the
"oneopenown" mount option.
This man page update attempts to indicate the
use of "oneopenown" for this case.
Ed Maste [Fri, 12 Feb 2021 03:21:40 +0000 (22:21 -0500)]
ssh: remove unused variable
This was introduced in 03f6c5cd93ec, which added use of
sysctl net.inet.ip.portrange.reservedhigh instead of IPPORT_RESERVED,
but it appears the rest of that change was lost in some subsequent
update.
The change should probably be restored, but until then there is no
reason to leave an unused variable around.
Ed Maste [Fri, 12 Feb 2021 14:09:00 +0000 (09:09 -0500)]
ssh: remove ssh-hpn leftovers
This was introduced in 8998619212f3a, and left behind when the hpn-ssh
patches were removed in 60c59fad8806. Although Being able to log
SO_RCVBUF in debug mode might have some small value on its own, it's
not worth carrying an extra diff against upstream.
Reviewed by: kevans
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D28610
Ed Maste [Wed, 29 Jul 2020 00:34:24 +0000 (00:34 +0000)]
sshd: allow UseBlocklist alias for UseBlacklist
blacklistd has been renamed to blocklistd upstream, and a future
import into FreeBSD will follow that change. Support the new name
as an alias in config files.
Reviewed by: bz, delphij
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D25865
Ed Maste [Wed, 15 Jul 2020 15:35:26 +0000 (15:35 +0000)]
openssh: refer to OpenSSL not SSLeay
This change was made upstream between 7.9p1 and 8.0p1. We've made local
changes in the same places for handling the version_addendum; apply the
SSLeay_version to OpenSSL_version change in advance of importing 8.0p1.
Obtained from: OpenSSH-portable a65784c9f9c5
Sponsored by: The FreeBSD Foundation
Ed Maste [Fri, 14 Feb 2020 22:32:33 +0000 (22:32 +0000)]
Update version in openssh FREEBSD-vendor metadata
It appears that FREEBSD-vendor is an idea that never really took off
and we should probably just remove it, but until then we might as well
record the correct version.
Neel Chauhan [Tue, 2 Feb 2021 21:24:17 +0000 (13:24 -0800)]
Allow setting alias port ranges in libalias and ipfw.
This will allow a system to be a true RFC 6598 NAT444 setup, where each
network segment (e.g. user, subnet) can have their own dedicated port
aliasing ranges.
Avoid performing a potentially-blocking malloc for kenv lookups that will only
perform non-destructive integer conversions on the returned buffer. Instead,
perform the strtoq() in-place with the kenv lock held.
While here, factor the logic around kenv_lock acquire and release into
kenv_acquire() and kenv_release(), and use these functions for some light
cleanup. Collapse getenv_string_buffer() into kern_getenv(), as the former
no longer has any other callers and the only additional task performed by
the latter is a WITNESS check that hasn't been useful since r362231.
Kristof Provost [Mon, 8 Feb 2021 09:04:27 +0000 (10:04 +0100)]
Widen ifnet_detach_sxlock coverage
Widen the ifnet_detach_sxlock to cover the entire vnet sysuninit code.
This ensures that we can't end up having the vnet_sysuninit free the UDP
pcb while the detach code is running and trying to purge the UDP pcb.
Navdeep Parhar [Mon, 1 Feb 2021 11:00:09 +0000 (03:00 -0800)]
cxgbe(4): Fixes to tx coalescing.
- The behavior implemented in r362905 resulted in delayed transmission
of packets in some cases, causing performance issues. Use a different
heuristic to predict tx requests.
- Add a tunable/sysctl (hw.cxgbe.tx_coalesce) to disable tx coalescing
entirely. It can be changed at any time. There is no change in
default behavior.
Kyle Evans [Fri, 12 Feb 2021 19:19:43 +0000 (13:19 -0600)]
inetd: fix unix sockaddr's length assignment
unsz was always exactly '1' here due to an unfortunate mispositioning
of closing parenthesis. While it's generally irrelevant because bind(2)
is passed the (accurate) sep->se_ctrladdr_size instead, it's not very
helpful for anything locally that wants to use it rather than assuming
that sep->se_ctrladdr_size perfectly fits the end of sun_path.
Just drop unsz entirely and use the result of SUN_LEN() for it.
Kyle Evans [Wed, 10 Feb 2021 15:10:52 +0000 (09:10 -0600)]
fmtree: add a deprecation notice to the manpage
Note that this mtree(8) is actually installed as fmtree(8), while
mtree(8) is located in ^/contrib/mtree -- thus, the reference to
mtree(8) makes a lot more sense in the context in which folks would
actually notice it. Shout-out to Ravi for pointing out that this may
not be an obvious fact.
57785538c6e0d7e8ca0f161ab95bae10fd304047 change the test for FreeBSD
from __FreeBSD_version to __FreeBSD__. However this test was performed
before sys/param.h was included, therefore __FreeBSD_version was never
defined. As the test was never true opt_random_ip_id.h was never included.
ipfilter: Use the softn (NAT softc) host map size in ip_nat6 calculation.
The ipfilter NAT table host map size is a tunable that defaults to
a macro value defined at build time. HOSTMAP_SIZE is saved in softn
(the ipnat softc) at initialization. It can be tuned (changed) at runtime
using the ipf -T command. If the hostmap_size tunable is adjusted the
calculation to determine where to put new entries in the table was
incorrect. Use the tunable in the NAT softc instead of the static build
time value.
A BIOS bug may apparently cause the BSP to report that it does not
implement CMCI, with some APs reporting that they do. In this scenario,
avoid a NULL pointer dereference that occurs in cmci_monitor() because
cmc_state was not allocated by the BSP.
Kyle Evans [Mon, 8 Feb 2021 18:31:17 +0000 (12:31 -0600)]
grep: fix -A handling in conjunction with -m match limitation
The basic issue here is that grep, when given -m 1, would stop all
line processing once it hit the match count and exit immediately. The
problem with exiting immediately is that -A processing only happens when
subsequent lines are processed and do not match.
The fix here is relatively easy; when bsdgrep matches a line, it resets
the 'tail' of the matching context to the value supplied to -A and
dumps anything that's been queued up for -B. After the current line has
been printed and tail is reset, we check our mcount and do what's
needed. Therefore, at the time that we decide we're doing nothing, we
know that 'tail' of the context is correct and we can simply continue
on if there's still more to pick up.
With this change, we still bail out immediately if there's been no -A
flag. If -A was supplied, we signal that we should continue on. However,
subsequent lines will not even bothere to try and process the line. We
have reached the match count, so even if the next line would match then
we must process it if it hadn't. Thus, the loop in procfile() can
short-circuit and just process the line as a non-match until
procmatches() indicates that it's safe to stop.
A test has been added to reflect both that we should be picking up the
next line and that the next line should be considered a non-match even
if it should have been.
Kyle Evans [Thu, 4 Feb 2021 21:26:45 +0000 (15:26 -0600)]
grep: fix null pattern and empty pattern file behavior
The null pattern semantics were terrible because I tried to match gnugrep,
but I got it wrong. Let's unwind that:
- The null pattern should match every line if neither -w nor -x.
- The null pattern should match empty lines if -x.
- The null pattern should not match any lines if -w.
The first two will stop processing (shortcut) even if additional patterns
are specified. In any other case, we will continue processing other
patterns. If no other patterns are specified beside a null pattern, then
we match if neither -w nor -x or set and do not match if either of those
are specified.
The justification for -w is that it should match on a whole word, but the
null pattern deos not have a whole word to match on.
Empty pattern files should never match anything, and more importantly, -v
should cause everything to be written.
Eric van Gyzen [Thu, 1 Oct 2020 21:48:22 +0000 (21:48 +0000)]
zgrep: fix exit status with multiple files
zgrep should exit with success when given multiple files and the
pattern is found in at least one file. Prior to this change,
it would exit with success only if the pattern was found in _every_ file.
Warner Losh [Mon, 8 Feb 2021 21:43:25 +0000 (14:43 -0700)]
acpi: limit the AMDI0020/AMDI0010 workaround to an option
It appears that production versions of EPYC firmware get the _STA method right
for these nodes. In fact, this workaround breaks on production hardware by
including too many uart nodes. This work around was for pre-release hardware
that wound up not having a large deployment. Move this work around to a kernel
option since the machines that needed it have been powered off and are difficult
to resurrect. Should there be a more significant deployment than is understood,
we can restrict it based on smbios strings.
Discussed with: mmacy@, seanc@, jhb@
MFC After: 3 days
Conrad Meyer [Wed, 2 Oct 2019 19:13:35 +0000 (19:13 +0000)]
nvdimm: Fix error path mis-free
(diff applied manually due to refactoring)
Regression introduced in r343629 when malloc result was renamed from spa to
spa_mapping and the 'spa' name was instead used to iterate a table, but the
free() target was not updated.
Indentation cleanup resulting from the cleanup of #ifdefs.
The conscious decision was made not to perform any indentation or
whitespace cleanup while cleaning out old redunant #ifdefs. The
reason for this was to avoid confusing future readers of history and
diffs with cosmetic changes, making bisection of any possible bugs
introduced more difficult. This commit cleans up the whitespace
detritus left behind from the previous #ifdef cleanup commits.
In the old days when K&R C and STD C were each in use a workaround
(read hack) was required to allow the same code to work on each
without modification. All C compilers support STD C. We can finally
put the __P prototype to rest.
ukbd(4): Push LED events in ioctl handler rather than in xfer callback
If LED state is set through evdev interface, than asynchronous nature
of USB transfer callback can lead to change of order of events echoed
back to userland as it causes LED events to be echoed with some lag.
Fix that with echoing of LED events synchronously in ioctl handler.
Unlike AT keyboards, HID devices are able to send all pc105 key
states within a single report. Let evdev to transmit all key state
changes within a single report too.
Ed Maste [Tue, 2 Feb 2021 21:55:51 +0000 (16:55 -0500)]
Correct description for kern.proc.proc_td
kern.proc.proc_td returns the process table with an entry for each
thread. Previously the description included "no threads", presumably
a cut-and-pasteo in 2648efa621748.
Description suggested by PauAmma.
PR: 253146
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Andrew Gierth [Wed, 5 Feb 2020 04:32:49 +0000 (04:32 +0000)]
service(8): set the environment of the "daemon" class before invoking
As mentioned in r357562, this gives the user a single place to configure
environment variables that need to be used for various services -- the
"daemon" class -- for, e.g., configuring a system-wide HTTP proxy.
Andrew Gierth [Wed, 5 Feb 2020 04:27:44 +0000 (04:27 +0000)]
init(8): set environment variables from the "daemon" class as well
Specifically, when running /etc/rc. This allows one to specify via
login.conf(5) an environment that should be used when running services to
ease, e.g., setting up env vars for an HTTP proxy consistently across cron
and services alike.
Future changes will extend cron(8)/service(8) to use environment vars
pecified in login.conf(5) as well to promote a more cohesive experience.
Alexander Motin [Thu, 21 Jan 2021 02:33:14 +0000 (21:33 -0500)]
Remove FirstBurstLength limit for software iSCSI.
For hardware offload solicited data may potentially be handled more
efficiently than unsolicited due to direct data placement. Or there
can be some unsolicited write buffering limitations. It may create
situations where FirstBurstLength limit is really useful.
Software driver though has no those factors, having to do memcopy()
any way and having no so hard limit on the temporary storage. Same
time more active use of unsolicited transfers allows to avoid some
of Ready To Transfer (R2T) PDU round-trip times and processing.
This change effectively doubles from 64KB to 128KB the maximum size
of write command that can be transferred within one link RTT. Tests
of (64KB, 128KB] QD1 writes mixed with simultaneous QD8 reads over
the same connection, increasing RTT, shows almost double write speed
and half latency, while we should be able to afford few megabytes of
RAM for additional buffering on a target these days.
Warner Losh [Mon, 25 Jan 2021 19:53:31 +0000 (12:53 -0700)]
newvers: tweak uname to be more useful
The current uname is branch-cXXXX-gHASH
Three changes to make uname more useful.
1. Move from using git rev-list --count to git rev-lis --count --first-parent
since that gives a better, incrementing number.
2. Report this count as 'nXXXXX' rather than 'cXXXXX' because c is part of
a hash and we've changed the sematnics of XXXXX
3. Remove g to make HASH cut and pastable.
Durting review, #1 & #3 had the largest consensus. There was a diversity of
opinion on #2, but on the whole it was positive so I'll acknowledge the dissent,
but move forward with something seems to have support since the dissent was all
about what letter to use where I chose 'n'.
Mark Johnston [Wed, 20 Jan 2021 01:34:35 +0000 (20:34 -0500)]
opencrypto: Fix assignment of crypto completions to worker threads
Since r336439 we simply take the session pointer value mod the number of
worker threads (ncpu by default). On small systems this ends up
funneling all completion work through a single thread, which becomes a
bottleneck when processing IPSec traffic using hardware crypto drivers.
(Software drivers such as aesni(4) are unaffected since they invoke
completion handlers synchonously.)
Instead, maintain an incrementing counter with a unique value per
session, and use that to distribute work to completion threads.
Kyle Evans [Sun, 31 Jan 2021 15:51:39 +0000 (09:51 -0600)]
lualoader: position hyphens at the beginning of character classes
According to the Lua 5.4 manual section 6.4.1 ("Patterns"), the interaction
between ranges and classes is not defined and hyphens must be specified at
either the beginning or the end of a set if they are not escaped.
Kyle Evans [Sun, 24 Jan 2021 01:32:38 +0000 (19:32 -0600)]
stand: lua: enhance lfs.dir() to speed up kernels_autodetect
This eliminates a lot of stat() calls that happen when lualoader renders the
menu with the default settings, and greatly speeds up rendering on my
laptop.
ftype is nil if loader/loader.efi hasn't been updated yet, falling back to
lfs.attributes() to test.
This is technically incompatible with lfs, but not in a particularly
terrible way.
Alexander Motin [Sun, 31 Jan 2021 17:46:57 +0000 (12:46 -0500)]
cxgb(4): Remove assumption of physically contiguous mbufs.
Investigation of iSCSI target data corruption reports brought me to
discovery that cxgb(4) expects mbufs to be physically contiguous, that
is not true after I've started using m_extaddref() in software iSCSI
for large zero-copy transmissions. In case of fragmented memory the
driver transmitted garbage from pages following the first one due to
simple use of pmap_kextract() for the first pointer instead of proper
bus_dmamap_load_mbuf_sg(). Seems like it was done as some optimization
many years ago, and at very least it is wrong in a world of IOMMUs.
This patch just removes that optimization, plus limits packet coalescing
for mbufs crossing page boundary, also depending on assumption of one
segment per packet.
Conrad Meyer [Sun, 22 Dec 2019 03:19:17 +0000 (03:19 +0000)]
fstyp(8): Show exFAT volume labels with -l flag
exfat is fundamentally the same design as fat32. The superblock differs
marginally, and there are some additional optional features irrelevant to
fstype(8); the structure of dirents has changed slightly to enable, among
other things, larger files; the directory entries are no longer DOS 8.3
ASCII or local 8-bit encoding, but instead explicitly UCS-2-LE.
(As a result, this change uses iconv to convert a found exfat volume label
to the user's locale.)
Locating the volume label is identical to FAT32: locate the root directory
and walk through dirents until you find a volume label. Like FAT32, follow
the FAT chain between root directory clusters as necessary.
PR: 242225
Reported by: Victor Sudakov <vas AT sibptus.ru>
ixl: Permit 802.1ad frames to pass though the chip
This patch is a quick hack to change the internal Ethertype used
within the chip. All frames with this type are dropped silently.
This patch allows you to overwrite the factory default 0x88a8, which
is used by IEEE 802.1ad VLAN stacking.
Marcin Wojtas [Tue, 26 Jan 2021 10:49:35 +0000 (11:49 +0100)]
marvell: ap806_clock: add missing frequency modes
In the driver init routine the CPU clock frequency
value is obtained from a dedicated register. Until now
only part of the values were handled by the mv_ap806_clock
driver. Fix that by adding missing cases.
ng_tag(4) operate on arbitrary data of mbuf_tags(9). Those structures
are padded to the next multiple of the alignment by the compiler.
Hence a valid argument has be at most as long as the data received.