Decrease the anti-congestion sleep in 480.leapfile-ntpd to 1 hour
24 hours is too long. Periodic scripts are executed serially, so when
combined with the sleep in 410.pkg-audit periodic could actually take more
than 24 hours and block the next invocation.
MFC r305421:
Resolve deadlock between device_detach() and usbd_do_request_flags()
by reviving the SX control request lock and refining which lock
protects the common scratch area in "struct usb_device".
The SX control request lock was removed by r246759 because it caused a
lock order reversal with the USB enumeration lock inside
usbd_transfer_setup() as a function of r246616. It was thought that
reducing the number of locks would resolve the LOR, but because some
USB device drivers use usbd_do_request_flags() inside callback
functions, like in taskqueues, a deadlock may occur when these are
drained from device_detach(). By restoring the SX control request
lock usbd_do_request_flags() is allowed to complete its execution
when a USB device driver is detaching. By using the SX control request
lock to protect the scratch area, the LOR introduced by r246616 is
also resolved.
Bump the FreeBSD version while at it to force recompilation of all USB
kernel modules.
MFC r304571:
Make the UKBD USB transfers double buffered and set them up one by one,
so they are memory independent which allows for handling panics
triggered by the keyboard driver itself, typically via CTRL+ALT+ESC
sequences. Or if the USB keyboard driver was processing a key at the
moment of panic. Allow UKBD to be attached while keyboard polling is active.
MFC r305284:
Fix array size issue when using the pre-scaling feature for
ISOCHRONOUS USB transfers. Make sure enough length and buffer pointers
are allocated when setting up the libusb transfer structure to support
the maximum number of frames the kernel can handle.
MFC r303893, r303894:
misc replacements of comma with semicolon when pertinent.
Uses of commas instead of a semicolons can easily go undetected. The comma
can serve as a statement separator but this shouldn't be abused when
statements are meant to be standalone.
MFC r303889:
libc/rpc: replace comma with semicolon when pertinent.
Uses of commas instead of a semicolons can easily go undetected. The comma
can serve as a statement separator but this shouldn't be abused when
statements are meant to be standalone.
MFC r303891, r303892:
sys: replace comma with semicolon when pertinent.
Uses of commas instead of a semicolons can easily go undetected. The comma
can serve as a statement separator but this shouldn't be abused when
statements are meant to be standalone.
MFC r281499:
Modify the return value of the uhci/ehci/xhci PCI probe routines to
'BUS_PROBE_DEFAULT'. This allows bhyve's 'ppt' driver to claim ownership
of the device and pass it through to the guest.
In the common case where there are no competing drivers for USB controllers
this change is a no-op.
2) Prevent out of bounds access to ws[-1] (passed buffer) which happens
when the first mb sequence is incomplete and there are not enougn chars in
the read buffer. ws[-1] may lead to memory faults or false results, in
case the memory here contains '\n'.
3) Fix n == 1 case. Here should be no physical read (fill buffer) attempt
(we read n - 1 chars with the room for NUL, see fgets()),
and no NULL return.
In existing implementations including FreeBSD, there is no reason to use
readdir_r() in the common case where potentially multiple threads each list
their own directory. Code using readdir() is simpler.
What's more, although readdir_r() can safely be used on FreeBSD because
NAME_MAX is forced to 255, it cannot be used safely on systems where
{NAME_MAX} is not fixed. As a concrete example, FAT/NTFS filenames can be up
to 255 UTF-16 code units long, which can be up to 765 UTF-8 bytes.
Deprecating readdir_r() in POSIX has been proposed in
http://www.austingroupbugs.net/view.php?id=696
and glibc wants to deprecate it as well.
dim [Wed, 7 Sep 2016 19:25:08 +0000 (19:25 +0000)]
MFC r305389:
With clang 3.9.0, compiling sys/netinet/igmp.c results in the following
warning:
sys/netinet/igmp.c:546:21: error: implicit conversion from 'int' to 'char' changes value from 148 to -108 [-Werror,-Wconstant-conversion]
p->ipopt_list[0] = IPOPT_RA; /* Router Alert Option */
~ ^~~~~~~~
sys/netinet/ip.h:153:19: note: expanded from macro 'IPOPT_RA'
#define IPOPT_RA 148 /* router alert */
^~~
This is because ipopt_list is an array of char, so IPOPT_RA is wrapped
to a negative value. It would be nice to change ipopt_list to an array
of u_char, but it changes the signature of the public struct ipoption,
so add an explicit cast to suppress the warning.
dim [Wed, 7 Sep 2016 19:17:03 +0000 (19:17 +0000)]
MFC r305360:
With clang 3.9.0, compiling cxgb results in the following warning:
sys/dev/cxgb/cxgb_sge.c:2873:44: error: implicit conversion from 'int'
to 'char' changes value from 128 to -128 [-Werror,-Wconstant-conversion]
*mtod(m, char *) = CPL_ASYNC_NOTIF;
~ ^~~~~~~~~~~~~~~
This is because CPL_ASYNC_NOTIF is 0x80, so the plain char argument is
wrapped to a negative value. Fix this by using uint8_t instead.
dim [Wed, 7 Sep 2016 19:02:47 +0000 (19:02 +0000)]
MFC r305345:
With clang 3.9.0, compiling ppbus(4) results in the following warnings:
sys/dev/ppbus/ppb_1284.c:296:46: error: implicit conversion from 'int'
to 'char' changes value from 144 to -112 [-Werror,-Wconstant-conversion]
if ((error = do_peripheral_wait(bus, SELECT | nBUSY, 0))) {
~~~~~~~~~~~~~~~~~~ ~~~~~~~^~~~~~~
sys/dev/ppbus/ppb_1284.c:785:48: error: implicit conversion from 'int'
to 'char' changes value from 240 to -16 [-Werror,-Wconstant-conversion]
if (do_1284_wait(bus, nACK | SELECT | PERROR | nBUSY,
~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~
sys/dev/ppbus/ppb_1284.c:786:29: error: implicit conversion from 'int'
to 'char' changes value from 240 to -16 [-Werror,-Wconstant-conversion]
nACK | SELECT | PERROR | nBUSY)) {
~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~
This is because nBUSY is 0x80, so the plain char argument is wrapped to
a negative value. Fix this in a minimal fashion, by using uint8_t in a
few places.
dim [Wed, 7 Sep 2016 18:33:18 +0000 (18:33 +0000)]
MFC r305085:
Fix warnings in tnftp about invalid constant conversions, e.g.:
contrib/tnftp/src/ftp.c:2067:11: error: implicit conversion from 'int'
to 'char' changes value from 255 to -1 [-Werror,-Wconstant-conversion]
buf[0] = IAC;
~ ^~~
/usr/include/arpa/telnet.h:39:13: note: expanded from macro 'IAC'
#define IAC 255 /* interpret as command: */
^~~
contrib/tnftp/src/ftp.c:2068:11: error: implicit conversion from 'int'
to 'char' changes value from 244 to -12 [-Werror,-Wconstant-conversion]
buf[1] = IP;
~ ^~
/usr/include/arpa/telnet.h:50:12: note: expanded from macro 'IP'
#define IP 244 /* interrupt process--permanently */
^~~
dim [Wed, 7 Sep 2016 18:22:08 +0000 (18:22 +0000)]
MFC r305077:
Squelch clang 3.9.0 warnings about BASE (which is 32768) being converted
to -32768 when it is used as an argument to mp_itom(), in both libtelnet
and newkey. This code has been wrong since r26238 (!), so after almost
20 years it is rather useless to try to correct it.
MFC r305086:
Fix warnings in telnet about invalid constant conversions, e.g.:
contrib/telnet/telnet/commands.c:2914:13: error: implicit conversion
from 'int' to 'char' changes value from 137 to -119
[-Werror,-Wconstant-conversion]
*lsrp++ = IPOPT_SSRR;
~ ^~~~~~~~~~
/usr/include/netinet/ip.h:152:21: note: expanded from macro 'IPOPT_SSRR'
#define IPOPT_SSRR 137 /* strict source route */
^~~
contrib/telnet/telnet/commands.c:2916:13: error: implicit conversion
from 'int' to 'char' changes value from 131 to -125
[-Werror,-Wconstant-conversion]
*lsrp++ = IPOPT_LSRR;
~ ^~~~~~~~~~
/usr/include/netinet/ip.h:148:21: note: expanded from macro 'IPOPT_LSRR'
#define IPOPT_LSRR 131 /* loose source route */
^~~
MFC r303799, r303800:
ext2fs: Add defines for some missing ext4 features and inode flags.
These are currently unused in our implementation and some even appear to
have not been implemented yet on linux but it is good to keep them for
reference.
MFC r305269: cron: use existing maximum username constant MAXLOGNAME
Previously cron had its own maximum username length limit, which was
smaller than the system's MAXLOGNAME. This could lead to crontab -u
updating the wrong user's crontab (if the name was truncated, and
matched another user).
fgetwc(3) may set both __SEOF and __SERR at once (in case of incomplete
sequence near EOF), so we can't just check for
(wc == WEOF && !__sfeof(fp)) and must relay on __sferror(fp) with
__SERR clearing/restoring.
Fix building usr.bin/tar/tests with PIE symbol building enabled by
removing CFLAGS+= -static
`CFLAGS+= -static` was a carryover from pre-r289195 with
usr.bin/tar/test/Makefile that should have been specified in LDFLAGS
There doesn't seem to be an apparent need for static compilation
of the test binaries.
Replace alpha reference in getconf(1) with amd64 [*]
PR: 211300 [*]
r304693:
Clean up trailing whitespace
r304694:
Add `MIN_HOLE_SIZE` pathconf(2) support to getconf
This allows shell programs to programmatically determine whether
or not a filesystem supports sparse files
r304698:
Add support for _PC_ACL_NFS4 as TRUSTEDBSD_ACL_NFS4
The TRUSTEDBSD prefix was chosen for consistency with the other
related `_PC_ACL*` prefixed variables.
r305226:
MFC r304809:
Add non-TRUSTEDBSD prefixed knobs for the _PC_ACL* and {CAP,INF,MAC}_PRESENT knobs
It's not necessarily intuitive that the variables to query contain TRUSTEDBSD
in the prefix. Add non-TRUSTEDBSD prefixed knobs for querying things like
"_PC_ACL_NFS4".
MFC r304075,r304989:
Sync libarchive with vendor including security fixes
Vendor issues fixed:
Issue #731: Reject tar entries >= INT64_MAX
Issue #744: Very long pathnames evade symlink checks
Issue #748: libarchive can compress, but cannot decompress zip some files
PR #750: ustar: fix out of bounds read on empty string ("") filename
PR #755: fix use of acl_get_flagset_np() on FreeBSD
Issue #767: Buffer overflow printing a filename
Issue #770: Zip read: be more careful about extra_length
MFC r304874:
Temporarily disable two libarchive tests that have not yet been fixed by
vendor. Tests will be re-enabled after a fix has been merged.
Follow-up to r304953, in which I broke the build: apparently the SOLARIS
macro is defined in lots of different places in ipfilter, so replace all
of the nonportable definitions with portable ones.
badger [Tue, 30 Aug 2016 13:39:42 +0000 (13:39 +0000)]
MFC r304184:
sem_post(): wake up the sleeper only after adjusting has_waiters
If the caller of sem_post() wakes up a thread sleeping via sem_wait()
before it clears the has_waiters flag, the caller of sem_wait() has no way of
knowing when it is safe to destroy the semaphore and reuse the memory. This is
because the caller of sem_post() may be interrupted between the wake step and
the clearing of has_waiters. It will then write into the has_waiters flag in
userspace after being preempted for some unknown amount of time.
Approved by: vangyzen (mentor)
Sponsored by: Dell Inc.
ache [Tue, 30 Aug 2016 00:57:57 +0000 (00:57 +0000)]
MFC r304911
The formal behavior of qsort is unstable with regard to objects that
are equal. Unfortunately, RFC 3484 requires that otherwise equal objects
remain in the order supplied by the DNS server. The present code attempts
to deal with this by returning -1 for objects that are equal (i.e.,
returns that the first parameter is less then the second parameter).
Unfortunately, the qsort API does not state that the first parameter
passed in is in any particular position in the list.
hselasky [Mon, 29 Aug 2016 08:51:27 +0000 (08:51 +0000)]
MFC r304629:
Don't separate the status stage of the XHCI USB control transfers into
its own job because this breaks the simplified QEMU XHCI TRB parser,
which expects the complete USB control transfer as a series of back to
back TRBs. The old behaviour is kept under #ifdef in case this change
breaks enumeration of any USB devices.
hselasky [Mon, 29 Aug 2016 08:42:37 +0000 (08:42 +0000)]
MFC r304597:
Fix for invalid use of bits in input context. Basically split
configuring of EP0 and non-EP0 into xhci_cmd_evaluate_ctx() and
xhci_cmd_configure_ep() respectivly. This resolves some errors when
using XHCI under QEMU and gets is more in line with the XHCI
specification.
kib [Sat, 27 Aug 2016 10:56:04 +0000 (10:56 +0000)]
MFC r264388 (by davide):
Define SBT_MAX.
MFC r267896 (by davide):
Improve r264388.
MFC note. The SBT_MAX definition already existed on stable/10, but without
the refinement from r267896. Also, consumers of SBT_MAX were not converted,
since r264388 was not merged properly.
ache [Sat, 27 Aug 2016 10:34:01 +0000 (10:34 +0000)]
MFC r304607,r304641,r304819,r304811
1) Don't forget to set __SERR on __slbexpand() error.
2) Remove "Fast path" from fgetwc()/fputwc() since it can't detect
encoding errors and ignores them all.
One of affected encoding example: US-ASCII
3) Original fgetln() from 44lite return success for line tail errors,
i.e. partial line, but set __SERR and errno in the same time, which
is inconsistent.
Now both OpenBSD and NetBSD return failure, i.e. no line and set error
indicators for such case, so make our fgetln() and fgetwln()
(as its wide version) compatible with the rest of *BSD.
ache [Sat, 27 Aug 2016 09:58:06 +0000 (09:58 +0000)]
MFC r304810
Don't check for __SERR which may stick from one of any previous stdio
functions.
__SERR is for user and the rest of stdio code do not check it
for error sensing internally, only set it.
In vf(w)printf.c here it is more easy to save __SERR, clear and restore it.
cy [Sat, 27 Aug 2016 02:53:21 +0000 (02:53 +0000)]
MFC r304779, r304780, r304781, r304782, r304802
r304779:
Revert r298887 (spelling fix) and remove $FreeBSD$ because text changes
to leap-seconds invaldidates validation hash at the end of the file.
Remove svn:keywords and replace with fbsd:nokeywords=yes to
support this change.
r304780:
Change the algorithm by which /var/db/leap-seconds is updated.
1. Use the leap-seconds version number (update time) to determine
whether to update the file or not.
2. If the version numbers of the files is the same, use the later
expiry date to determine which file to use.
Suggested by: ian@
r304781:
Add logic to replace the working ntp leap-seconds file in /var/db
if it contains a $FreeBSD$ header. The header will cause the file
to fail checksum of the hash causing ntpd to ignore the file.
r304782:
Make validation of the leap-seconds file unconditional.
r304802:
Remove the gratuitous check for $FreeBSD$ and rename the function
to ntpd_init_leapfile, to ensure a copy exists in /var/db if a copy
isn't already there.
ache [Fri, 26 Aug 2016 21:19:23 +0000 (21:19 +0000)]
MFC r304703, r304755
1) _locale.h
LC_*_MASK bit shifting order was partially broken from the initial commit
time at year 2012. Only LC_COLLATE_MASK and LC_CTYPE_MASK are in the
right order.
The order here should match XLC_* from "xlocale_private.h" which, in turn,
match LC_* publicly visible order from <locale.h> which determines how
locale components are stored in the structure.
LC_*_MASK -> XLC_* translation done as "ffs(mask) - 1" in the querylocale()
and equivalent shift loop in the newlocale(), so mapped to some wrong
components (excluding two mentioned above).
Formally the fix is ABI breakage, but old code using those masks
never works properly in any case.
Only newlocale() and querylocale() are affected.
2) msgcat.c
Use current locale (f.e. set by thread). It was global locale always
previously.
hselasky [Fri, 26 Aug 2016 12:06:43 +0000 (12:06 +0000)]
MFC r304342:
Add support for setting blocking and non-blocking mode on /dev/rdma_cm
by returning success on FIONBIO and FIOASYNC IOCTLs. The actual flags
handling is done by the kern_ioctl() function.
Reported by: Alex Bowden <alex.bowden@outlook.com>
Sponsored by: Mellanox Technologies
sephe [Fri, 26 Aug 2016 06:19:12 +0000 (06:19 +0000)]
MFC 303766
tcp/lro: If timestamps mismatch or it's a FIN, force flush.
This keeps the segments/ACK/FIN delivery order.
Before this patch, it was observed: if A sent FIN immediately after
an ACK, B would deliver FIN first to the TCP stack, then the ACK.
This out-of-order delivery causes one unnecessary ACK sent from B.
ticks are signed int and if statistics is not updated for a long time
(more than INT_MAX ticks, but less than UINT_MAX) difference becomes
negative and less than hz for a long time.
Other option to repeat is simply load driver (which initializes
timestamps to 0) when ticks are negative.
kib [Tue, 23 Aug 2016 07:54:14 +0000 (07:54 +0000)]
MFC r304231:
On unwind after failed block allocation in ffs_balloc_ufs{1,2}, assert
that recorded allocated blocks numbers match the physical block numbers
of dandling buffers which are released.
When finally freeing the blocks during unwind, assert that dandling
buffers where not re-allocated.
kib [Tue, 23 Aug 2016 07:52:07 +0000 (07:52 +0000)]
MFC r304228:
When block allocation fails in UFS_BALLOC(), and the volume does not
have SU enabled, there is no point in calling softdep_request_cleanup().
jhb [Mon, 22 Aug 2016 17:52:10 +0000 (17:52 +0000)]
MFC 304476: Fix various nits in the aio operation manpages.
- Avoid double use of "request" in a single sentence. Instead, describe
aio_sigevent as being used to request notification of the associated
operation's completion. This matches the language used to describe
aio_sigevent in aio(4).
- Simplify the prohibition on modifying buffers while requests are in
flight.
- Fix case mismatch.
- Drop note about not using stack variables. C programmers should be able
to figure out if a stack variable is safe based on the later warning
about the life cycle requirements of control blocks.
- Remove prohibition on modifying the I/O buffer for aio_fsync() since
it does not use an I/O buffer. For aio_mlock(), prohibit modifications
to the mapping (e.g. due to mprotect, munmap, mmap, etc.) but do not
prohibit modifications to the memory backing the buffer (stores into
the pages backing the buffer).
sephe [Mon, 22 Aug 2016 02:11:30 +0000 (02:11 +0000)]
MFC 304251
hyperv/storvsc: Deliver CAM_SEL_TIMEOUT upon SRB status error.
SRB status is set to 0x20 by the hypervisor, if the specified LUN is
unaccessible, and even worse the INQUIRY response will not be set by
the hypervisor at all under this situation. Additionally, SRB status
is 0x20 too, for TUR on an unaccessible LUN.
Deliver CAM_SEL_TIMEOUT to CAM upon SRB status errors as suggested by
Scott Long, other values seems improper.
This commit fixes the Hyper-V disk hotplug support.
Submitted by: Hongjiang Zhang <honzhan microsoft com>
Sponsored by: Microsoft
Differential Revision: https://reviews.freebsd.org/D7521