Obtain proper capsicum rights for dump files so rotation of such files works when requested. This is equivalent to cherry picking the following upstream commits:
MFC r276439 (by alc):
Make the creation of the free lists dynamic, i.e., it is based on the
available physical memory at boot time. For amd64 systems with 64 GB
or more of physical memory, create free lists for managing pages with
physical addresses below 4 GB.
PR: 185727
Requested by: alc
Approved by: re (gjb)
Use the monotonic (uptime) counter rather than time-of-day to measure
elapsed time between ntp_adjtime() clock offset adjustments. This
eliminates spurious frequency steering after a large clock step (such
as a 1970->2015 step on a system with no battery-backed clock hardware).
This problem was discovered after the import of ntpd 4.2.8, which does
things in a slightly different (but still correct) order than the 4.2.4
we had previously. In particular, 4.2.4 would step the clock then
immediately after use ntp_adjtime() to set the frequency and offset to
zero, which captured the post-step time-of-day as a side effect. In
4.2.8, ntpd sets frequency and offset to zero before any initial clock
step, capturing the time as 1970-ish, then when it next calls
ntp_adjtime() it's with a non-zero offset measurement. This non-zero
value gets multiplied by the apparent 45-year interval, which blows up
into a completely bogus frequency steer. That gets clamped to 500ppm,
but that's still enough to make the clock drift so fast that ntpd has
to keep stepping it every few minutes to compensate.
Fix if_loop so bpfwrite() can use it regardless of the state of
bd_hdrcmplt. As if_loop does not use link-level headers, its behavior
when used by bpfwrite() should be the same regardless of the state of
bd_hdrcmplt. Without this change, libpcap (and other BPF users that
work like it) fail when writing to loopback interfaces.
MFC r285088:
Fix broken implementation of "kvasprintf()" function by adding missing
kmalloc() call. Make function global instead of static inline to fix
compiler warnings about passing variable argument lists to inline
functions.
Sponsored by: Mellanox Technologies
Approved by: re, gjb
Fix two remaining issues with the arm UFS mount issue:
- Add the GEOM_PART_GPT option and enable MSDOSFS in the GUMSTIX
kernel. [1]
- Add GEOM_LABEL to the PANDABOARD kernel, that should have been
included included in r285132. I confused the kernel configuration
used for the WANDBOARD and PANDABOARD, which the former uses the
IMX6 kernel configuration, along with the CUBOX-HUMMINGBOARD.
This is a direct commit to stable/10, as was r285132.
[1] I do not actually have the GUMSTIX board, but I suspect it will
fail to boot in the same way as the others have been.
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation
By default, sendmail 8.15 uses uncompressed IPv6 addresses. Keep
current FreeBSD 10 and earlier behavior of using compressed IPv6
addresses in configuration, maps, rulesets, etc. (FreeBSD 11 and
later will use the new default of uncompressed IPv6 addresses.)
Make calendar(1) usable again. rework the calendar parser so that it is
compatible with documented format:
Support includes surrounded by '"' or '<' '>'
Print warnings about bad syntax
Correctly navigate through include directories to find calendar files
Correctly support multiple includes
While here:
MFC: 262011 (by eadler)
calendar(1): don't segfault in invalid input
When the user supplies an invalid number of days provide a useful error message
instead of segfaulting.
MFC r273489 (cperciva):
Populate the GELI passphrase cache with the kern.geom.eli.passphrase
variable (if any) provided in the boot environment. Unset it from
the kernel environment after doing this, so that the passphrase is
no longer present in kernel memory once we enter userland.
This will make it possible to provide a GELI passphrase via the boot
loader.
Note: head and stable/10 differ as a result of r273174, which renames
the getenv(), setenv(), and unsetenv() functions with kern_getenv(),
kern_setenv(), and kern_unsetenv(), which was reverted in the relevant
parts of this change in 10-STABLE.
PR: 200448
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation
MFC r273489 (cperciva):
Populate the GELI passphrase cache with the kern.geom.eli.passphrase
variable (if any) provided in the boot environment. Unset it from
the kernel environment after doing this, so that the passphrase is
no longer present in kernel memory once we enter userland.
This will make it possible to provide a GELI passphrase via the boot
loader.
PR: 200448
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation
Fault in the buffer prior to writing to workaround poor performance due
to interaction with kernel fs deadlock avoidance code. See the comment
prior to vn_io_fault_doio() in sys/kern/vfs_vnops.c for details of the
issue.
On my stable/10 desktop with a 16MB obj.o and "ar r out.a obj.o" I see
the following run times (seconds):
x ar.r284891
+ ar.patched
+----------------------------------------------------------------------+
|+ |
|+ x|
|+ xx|
|A |A|
+----------------------------------------------------------------------+
N Min Max Median Avg Stddev
x 3 1.307 1.321 1.315 1.3143333 0.0070237692
+ 3 0.020 0.023 0.022 0.021666667 0.0015275252
Difference at 95.0% confidence
-1.29267 +/- 0.0115203
-98.3515% +/- 0.876513%
(Student's t, pooled s = 0.00508265)
Thanks to kib for diagnosing and explaining the issue and suggesting
the workaround.
Approved by: re (gjb)
Sponsored by: The FreeBSD Foundation
des [Mon, 6 Jul 2015 13:23:27 +0000 (13:23 +0000)]
MFH (r276605, r282089): upgrade to latest Unbound
MFH (r276699, r276702, r277057): local control socket
MFH (r276599, r276612, r282087, r282088): build fixes
This brings in Unbound 1.5.3 from head. Local control sockets are now
supported and will be used by default for new installations. Existing
systems will continue to use TCP control sockets until the automated
setup script is re-run ("service local_unbound setup") and the service
restarted ("service local_unbound restart").
When passwd or group information is changed (by pw, vipw, chpass, ...)
temporary file is created and then a rename() call move it to official file.
This operation didn't have any check to make sure data was written to disk
and if a power cycle happens system could end up with a 0 length passwd
or group database.
There is a pfSense bug with more information about it:
https://redmine.pfsense.org/issues/4523
The following changes were made to protect passwd and group operations:
* lib/libutil/gr_util.c:
- Replace mkstemp() by mkostemp() with O_SYNC flag to create temp file
- After rename(), fsync() call on directory for faster result
* lib/libutil/pw_util.c
- Replace mkstemp() by mkostemp() with O_SYNC flag to create temp file
* usr.sbin/pwd_mkdb/pwd_mkdb.c
- Added O_SYNC flag on dbopen() calls
- After rename(), fsync() call on directory for faster result
* lib/libutil/pw_util.3
- pw_lock() returns a file descriptor to master password file on success
MFC r284593: MFV r284412: 5911 ZFS "hangs" while deleting file
illumos/illumos-gate@46e1baa6cf6d5432f5fd231bb588df8f9570c858
https://www.illumos.org/issues/5911
Sometimes ZFS appears to hang while deleting a file. It is actually
making slow progress at the file deletion, but other operations
(administrative and writes via the data path) "hang" until the file
removal completes, which can take a long time if the file has many
blocks. The deletion (or most of it) happens in a single txg, and the
sync thread spends most of its time reading indirect blocks...
Reviewed by: Bayard Bell <buffer.g.overflow@gmail.com>
Reviewed by: Alek Pinchuk <alek@nexenta.com>
Reviewed by: Simon Klinkert <simon.klinkert@gmail.com>
Reviewed by: Dan McDonald <danmcd@omniti.com>
Approved by: Richard Lowe <richlowe@richlowe.net>
Author: Matthew Ahrens <mahrens@delphix.com>
marius [Sun, 5 Jul 2015 20:16:38 +0000 (20:16 +0000)]
MFC: r281337
Don't enable RX and TX before their initial configuration is done, i. e.
after setting up interrupt moderation but before turning interrupts on.
This matches what Realtek's r8168 Linux driver does as of version 8.039.00
and fixes problems with certain incarnations of certain MAC revisions
like the interface requiring an extra up/down-cycle after boot to start
working or DMA configuration not being adhered to.
marius [Sun, 5 Jul 2015 19:32:10 +0000 (19:32 +0000)]
MFC: r281751
Refine the workaround for Intel HSD131 [1] added in r269052 (MFCed to
stable/10 in r269592):
- Use the full mask described by the erratum as with a sufficiently high
number of these false-positives, the overflow bit (bit 62) additionally
gets set [7].
- HSD131 has been brought into several other Haswell-derived CPUs including
to the next generation, i. e. Intel Broadwell. Thus, also skip reporting of
these benign errors by default on CPU models affected by HSM142, HSW131 and
BDM48 [2 - 5], describing the HSD131 silicon bug for additional models.
Also, Celeron 2955U with a CPU ID of 0x45 have been reported to be covered
by this fault [6], with the specification update concerned with HSM142 [2]
only referring to 0x3c and 0x46.
Submitted by: David Froehlich [7]
Approved by: re (kib)
Add the GEOM_LABEL option to the BEAGLEBONE, GUMSTIX, and RPI-B
kernel configuration files, resolving an issue where the UFS and
MSDOSFS partitions would not mount as set in fstab(5).
This is a direct commit to stable/10, as the GEOM_LABEL option
is handled differently in head for arm/armv6. The WANDBOARD
and PANDABOARD already have this kernel option entry via the IMX6
kernel configuration file, so do not need to be changed.
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation