pfg [Fri, 10 Jun 2016 22:07:17 +0000 (22:07 +0000)]
MFC r300301, r300319:
GCC: Add support for named initializers for anonymous structs/unions.
This is a C11 feature that is starting to get used in places such as Mesa.
This implementation takes a different approach to upstream and is
therefore not covered by GPLv3.
ngie [Fri, 10 Jun 2016 18:34:31 +0000 (18:34 +0000)]
MFC r295618,r300100,r300531:
r295618 (by cem):
NTB: workaround for high traffic hardware hang
This patch comes from Dave Jiang's Linux tree, davejiang/ntb. It hasn't
been accepted into Linus' tree, so I do not have an authoritative SHA1
to point at. Original commit log:
=====================================================================
A hardware errata causes the NTB to hang when heavy bi-directional
traffic in addition to the usage of BAR0/1 (where the registers reside,
including the doorbell registers to trigger interrupts).
This workaround is only available on Haswell and Broadwell platform.
The workaround is to enable split BAR in the BIOS to allow the 64bit
BAR4 to be split into two 32bit BAR4 and BAR5. The BAR4 shall be pointed
to LAPIC region of the remote host. We will bypass the db mechanism and
directly trigger the MSIX interrupts. The offsets and vectors are
exchanged during transport scratch pad negotiation. The scratch pads are
now overloaded in order to allow the exchange of the information. This
gets around using the doorbell and prevents the lockup with additional
pcode changes in BIOS.
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
=====================================================================
Notable changes in the FreeBSD version of this patch:
* The MSIX BAR is configurable, like hw.ntb.b2b_mw_idx (msix_mw_idx).
The Linux version of the patch only uses BAR4.
* MSIX negotiation aborts if the link goes down.
Obtained from: Linux (Dual BSD/GPL driver)
r300100 (by cem):
ntb_hw(4): Add sysctls for administrative/test link config, state
dev.ntb_hw.0.admin_up=0/1: Like ifconfig UP/DOWN.
dev.ntb_hw.0.active=0/1: Like ifconfig 'status'
r300531 (by cem):
ntb_hw(4): Only record the first three MSIX vectors
Don't overrun the msix_data array by reading the (unused) link state
interrupt information.
ngie [Fri, 10 Jun 2016 18:21:05 +0000 (18:21 +0000)]
MFC r299513,r299515:
r299513 (by cem):
rtadvd(8): Don't use-after-free
This whole block of code as committed fully formed in r224144. I'm not really
sure what the intent was, but it seems plausible that !persist ifis could need
other member cleanup. Don't free the object until after we've finished
cleaning its members.
ngie [Fri, 10 Jun 2016 18:10:32 +0000 (18:10 +0000)]
MFC r299510:
r299510 (by cem):
libmp: Fix trivial buffer overrun
fgetln yields a non-NUL-terminated buffer and its length. This routine
attempted to NUL-terminate it, but did not allocate space for the NUL. So,
allocate space for the NUL.
ngie [Fri, 10 Jun 2016 18:02:51 +0000 (18:02 +0000)]
MFC r299507:
r299507 (by cem):
rtadvd(8): Fix a typo in full msg receive logic
Check against the size of the struct, not the pointer. Previously, a message
with a cm_len between 9 and 23 (inclusive) could cause int msglen to underflow
and read(2) to be invoked with msglen size (implicitly cast to signed),
overrunning the caller-provided buffer.
All users of cm_recv() supply a stack buffer.
On the other hand, the rtadvd control socket appears to only be writable by the
owner, who is probably root.
While here, correct some types to be size_t or ssize_t.
CID: 1008477
Security: unix socket remotes may overflow stack in rtadvd
ngie [Fri, 10 Jun 2016 17:57:50 +0000 (17:57 +0000)]
MFC r300836:
Quell false positives in svc_vc_create and svc_vc_create_conn with cd and xprt
Both cd and xprt will be non-NULL after their respective malloc(9) wrappers are
called (mem_alloc and svc_xprt_alloc, which calls mem_alloc) as mem_alloc
always gets called with M_WAITOK|M_ZERO today. Thus, testing for them being
non-NULL is incorrect -- it misleads Coverity and it misleads the reader.
Remove some unnecessary NULL initializations as a follow up to help solidify
the fact that these pointers will be initialized properly in sys/rpc/.. with
the interfaces the way they are currently.
ngie [Fri, 10 Jun 2016 15:47:20 +0000 (15:47 +0000)]
MFC r299503,r299504:
r299503 (by cem):
snd_hda(4): Don't pass bogus sizeof()s to unused sysctl arg2 parameter
None of the sysctl handlers in hdaa use the arg2 parameter, so just pass zero
instead. Additionally, the sizes being passed in were suspect (size of the
pointer rather than the value).
ngie [Fri, 10 Jun 2016 14:48:10 +0000 (14:48 +0000)]
MFC r299495:
r299495 (by cem):
libkrb5: Fix potential double-free
If krb5_make_principal fails, tmp_creds.server may remain a pointer to freed
memory and then be double-freed. After freeing it the first time, initialize
it to NULL, which causes subsequent krb5_free_principal calls to do the right
thing.
ngie [Fri, 10 Jun 2016 14:40:41 +0000 (14:40 +0000)]
MFC r299491:
r299491 (by cem):
route6d(8): Fix potential double-free
In the case that the subsequent sysctl(3) call failed, 'buf' could be free(3)ed
repeatedly. It isn't clear to me that that case is possible, but be clear and
do the right thing in case it is.
ngie [Fri, 10 Jun 2016 14:08:41 +0000 (14:08 +0000)]
MFC r299460:
r299460 (by cem):
fsck_ffs: Don't overrun mount device buffer
Maybe this case is impossible. Either way, when attempting to "/dev/"-prefix a
non-global device name, check that we do not overrun the f_mntfromname buffer.
In this case, truncating (with strlcpy or similar) would not be useful, since
the f_mntfromname result of getmntpt() is passed directly to open(2) later.
* Articles, Papers and Presentations
<http://caia.swin.edu.au/freebsd/aqm/papers.html>
* Patches and Tools <http://caia.swin.edu.au/freebsd/aqm/downloads.html>
Overview
Recent years have seen a resurgence of interest in better managing
the depth of bottleneck queues in routers, switches and other places
that get congested. Solutions include transport protocol enhancements
at the end-hosts (such as delay-based or hybrid congestion control
schemes) and active queue management (AQM) schemes applied within
bottleneck queues.
The notion of AQM has been around since at least the late 1990s
(e.g. RFC 2309). In recent years the proliferation of oversized
buffers in all sorts of network devices (aka bufferbloat) has
stimulated keen community interest in four new AQM schemes -- CoDel,
FQ-CoDel, PIE and FQ-PIE.
The IETF AQM working group is looking to document these schemes,
and independent implementations are a corner-stone of the IETF's
process for confirming the clarity of publicly available protocol
descriptions. While significant development work on all three schemes
has occured in the Linux kernel, there is very little in FreeBSD.
Project Goals
This project began in late 2015, and aims to design and implement
functionally-correct versions of CoDel, FQ-CoDel, PIE and FQ_PIE
in FreeBSD (with code BSD-licensed as much as practical). We have
chosen to do this as extensions to FreeBSD's ipfw/dummynet firewall
and traffic shaper. Implementation of these AQM schemes in FreeBSD
will:
* Demonstrate whether the publicly available documentation is
sufficient to enable independent, functionally equivalent implementations
* Provide a broader suite of AQM options for sections the networking
community that rely on FreeBSD platforms
Program Members:
* Rasool Al Saadi (developer)
* Grenville Armitage (project lead)
Acknowledgements:
This project has been made possible in part by a gift from the
Comcast Innovation Fund.
[Remove some code that was added to the mq_append() inline function in
HEAD by r258457, which was not merged to stable/10. The AQM patch
moved mq_append() from ip_dn_io.c to the new file ip_dn_private.h, so
we need to remove that copy of the r258457 changes.]
------------------------------------------------------------------------
r300781 | truckman | 2016-05-26 14:44:52 -0700 (Thu, 26 May 2016) | 7 lines
Modify BOUND_VAR() macro to wrap all of its arguments in () and tweak
its expression to work on powerpc and sparc64 (gcc compatibility).
Cast some expressions that multiply a long long constant by a
floating point constant to int64_t. This avoids the runtime
conversion of the the other operand in a set of comparisons from
int64_t to floating point and doing the comparisions in floating
point.
Replace constant expressions that contain multiplications by
fractional floating point values with integer divides. This will
eliminate any chance that the compiler will generate code to evaluate
the expression using floating point at runtime.
Suggested by: bde
Submitted by: Rasool Al-Saadi <ralsaadi@swin.edu.au>
MFC after: 8 days (with r300779 and r300949)
ngie [Wed, 8 Jun 2016 18:22:54 +0000 (18:22 +0000)]
MFC r300625:
Remove unnecessary memset(.., 0, ..)'s
The mem_alloc macro calls calloc (userspace) / malloc(.., M_WAITOK|M_ZERO)
under the covers, so zeroing out memory is already handled by the underlying
calls
ngie [Wed, 8 Jun 2016 17:49:03 +0000 (17:49 +0000)]
MFC r294507,r294567,r299466:
r294507 (by harti):
Fill the ifAlias leaf of the ifXTable with the interface description
if there is one available and it fits into the maximum size (64 characters).
r294567 (by bz):
Change the variable to a #define in order to make gcc happy which
otherwise will complain about "variably modified 'alias' at file scope".
Unbreaks the build on gcc platforms.
r299466 (by cem):
bsnmpd: Fix size of trapsink::comm to match other community arrays
This fixes a number of possible strcpy() buffer overruns between the various
community strings in trap.c.
ngie [Wed, 8 Jun 2016 17:43:04 +0000 (17:43 +0000)]
MFC r256678,r256680,r260986,r272878,r286402:
r256678 (by syrinx):
Fix SNMP Error response PDUs and properly encode them when using v3 auth/encryption.
r256680 (by syrinx):
Fix the -Wconversion warnings produced when compiling the SNMP agent.
r260986 (by harti):
Fix a problem with OBJECT IDENTIFIER encoding: need to check the
second subid to be less than 40, not the first when the first
subid is 0 or 1.
r272878 (by syrinx):
Fix a bug in decoding string indexes in snmp_target(3), thus causing
bsnmpd(1) to not send v3 notifications properly; while here add two
missing return statements which could lead to abort() in case of a
rollback
r286402 (by araujo):
Fix variable 'old' is used uninitialized whenever '&&' condition is false.
Spotted by clang.
ngie [Wed, 8 Jun 2016 17:34:37 +0000 (17:34 +0000)]
MFC r299701:
Move _bsnmptools_debug extern from bsnmpmap.c to bsnmptools.h
It was used in bsnmpmap.c but was stored in bsnmptools.c; moving the extern
to the header allows us to cover all of our bases for the variable, and allows
_bsnmptools_debug to be used in the future elsewhere -- not just bsnmpmap.c.
ngie [Wed, 8 Jun 2016 17:32:41 +0000 (17:32 +0000)]
MFC r299778:
Use a consistent errno save/restore pattern before running strtoul
- Save errno
- Set errno to 0
- Call strtoul
- Test errno (optional, but many calls to strtoul did this afterwards)
Some of the code was setting errno = 0 after calling strtoul, not setting
errno = 0, or setting errno to saved_errno after the call, but before the
test. These all have unwanted behavioral side-effects, depending on the
initial value of errno and whether or not the input to strtoul was correct
or incorrect.
ngie [Wed, 8 Jun 2016 17:30:29 +0000 (17:30 +0000)]
MFC r299766:
Fix logically dead code pointed out by clang/Coverity
parse_context, parse_user_security: test for validity of results from
parse_ascii(..) with by casting to int32_t and comparing to -1; comparing
unsigned types to negative values will always be false.
- getaddrinfo() sets res = NULL on failure and freeaddrinfo() always
dereferences its argument, so we should only free the address list after
a successful call.
- Address a second potential leak caused by getaddrinfo(AF_INET6)
overwriting the address list returned by getaddrinfo(AF_INET).
X-MFC-With: r300941
r300973:
Follow up to r300932
In the event MK_INET6 != no in userspace, but is disabled in the
kernel, or if there aren't any IPv6 addresses configured in userspace
(for lo0 and all physical interfaces), rpcbind would terminate
immediately instead of silently failing on
Skip over the IPv6 block to its respective cleanup with freeifaddrs if
creating the socket failed instead of terminating rpcbind immediately
ngie [Wed, 8 Jun 2016 14:07:43 +0000 (14:07 +0000)]
MFC r300939:
Use require.progs with bc instead of require.files with /usr/bin/bc
This will make things more flexible if the program path changes in the future,
and the test in and of itself doesn't call /usr/bin/bc -- it just calls bc
ngie [Wed, 8 Jun 2016 13:58:47 +0000 (13:58 +0000)]
MFC r300620,r300621:
r300620:
Use reallocf instead of malloc to fix leak with outbuf_pmap
The previous code overwrote outbuf_pmap's memory with malloc once per
loop iteration, which leaked its memory; use reallocf instead to ensure
that memory is properly free'd each loop iteration.
Add a outbuf_pmap = NULL in the failure case to avoid a double-free
at the bottom of the function.
ngie [Wed, 8 Jun 2016 13:49:59 +0000 (13:49 +0000)]
MFC r300430:
Wrap EXPAND(..) macro with a do-while(0) loop and put a single statement on each line
As a positive side-effect, this eliminates the double semicolons reported by Coverity:
the macro contained a trailing semicolon, in addition to the semicolon placed on
each line where EXPAND(..) was called.
ngie [Wed, 8 Jun 2016 13:40:07 +0000 (13:40 +0000)]
MFC r299844,r300931:
r299844:
Make hostid_save depend on hostid
r300931:
Make netif REQUIRE hostid
As noted in the PR, if etc/rc.d/zvol is removed, netif will be run before
hostid, and the MAC address generated for any bridge devices will be
non-deterministic. Make the MAC address generated be deterministic for
bridge devices by explicitly REQUIRE'ing hostid.
This fixes up the rest of the PR, inadvertently committed in r299844
truckman [Wed, 8 Jun 2016 01:17:22 +0000 (01:17 +0000)]
MFC r301139
The (i < PROMPTLEN - 1) test added by r300442 in the code for the default
case of \c in the prompt format string is a no-op. We already passed
this test at the top of the loop, and i has not yet been incremented in
this path. Change this test to (i < PROMPTLEN - 2).
truckman [Tue, 7 Jun 2016 16:56:15 +0000 (16:56 +0000)]
MFC r300564
Fix CID 1006692 in /usr/sbin/pw pw_log() function and other fixes
The length of the name returned from the $LOGNAME and $USER can be
very long and it was being concatenated to a fixed length buffer
with no bounds checking. Fix this problem by limiting the length
of the name copied.
Additionally, this name is actually used to create a format string
to be used in adding log file entries so embedded % characters in
the name could confuse *printf(), and embedded whitespace could
confuse a log file parser. Handle the former by escaping each %
with an additional %, and handle the latter by simply stripping it
out.
Clean up the code by moving the variable declarations to the top
of the function, formatting them to conform with style, and moving
intialization elsewhere.
Reduce code indentation by returning early in a couple of places.
ache [Sun, 5 Jun 2016 14:31:36 +0000 (14:31 +0000)]
MFC: r300956
1) Unifdef USE_WEAK_SEEDING since it is too obsolete to support and makes
reading hard.
2) Instead of doing range transformation in each and every function here,
do it single time directly in do_rand(). One "mod" operation overhead is not
a big deal, but the code looks nicer and possible future functions additions
or PRNG change do not miss range transformations neither have unneeded ones.
3) Use POSIX argument types for visible functions (cosmetic).
ache [Sun, 5 Jun 2016 14:04:54 +0000 (14:04 +0000)]
Prepare for merge of r300956. One year old r288030 which fix prototypes
can't be merged without conflicts and require merging of other versions
too and I don't want to go deep in that unmerged commits chain.
ache [Sun, 5 Jun 2016 13:39:31 +0000 (13:39 +0000)]
MFC: r300953
1) Unifdef USE_WEAK_SEEDING it is too obsolete to support and makes reading
harder.
2) ACM paper require seed to be in [1, 2^31-2] range, so use the same range
shifting as already done for rand(3). Also protect srandomdev() + TYPE_0 case
(non default) from negative seeds.
3) Don't check for valid "type" range in setstate(), it is always valid as
calculated. Instead add a check that rear pointer not exceeed end pointer.
MFC: r300965
Micro optimize: C standard guarantees that right shift for unsigned value
fills left bits with zero, and we have exact 32bit unsigned value
(uint32_t), so there is no reason to add "& 0x7fffffff" here.
projects / FreeBSD / stable / 10.git / log