ed [Sun, 24 Jul 2011 19:13:54 +0000 (19:13 +0000)]
MFC r223744:
Improve portability of config(8).
- Use strlen(dp->d_name) instead of the unportable dp->d_namlen. Rename
i to len to make it slightly more descriptive and prevent negative
indexing of the array.
- Replace index() by strchr().
This supposedly fixes compilation on GNU systems.
Submitted by: Robert Millan <rmh debian org> (original patch)
If we can retrieve interface address sleep for one second and try again.
This can happen during start-up, when natd starts before dhclient has a
chance to receive IP address from the upstream provider. Do this only in
background, dynamic mode.
MFC r224180:
Only the USB root HUB thread is allowed to attach and detach drivers
to and from USB devices. Remove related DEVMETHOD() lines from USB
drivers.
MFC r224107:
Clear pending ifnet events, in an attempt at preventing
ng_ether_link_state() from being dispatched after we have
cleared our IFP2NG(ifp).
MFC: r223774
The algorithm used by nfscl_getopen() could have resulted in
multiple instances of the same lock_owner when a process both
inherited an open file descriptor plus opened the same file itself.
Since some NFSv4 servers cannot handle multiple instances of
the same lock_owner string, this patch changes the algorithm
used by nfscl_getopen() in the new NFSv4 client to keep that
from happening. The new algorithm is simpler, since there is
no longer any need to ascend the process's parentage tree because
all NFSv4 Closes for a file are done at VOP_INACTIVE()/VOP_RECLAIM(),
making the Opens indistinct w.r.t. use with Lock Ops.
This problem was discovered at the recent NFSv4 interoperability
Bakeathon.
Add an option to have a fail point term only execute when run by a
specified pid. This is helpful for automated testing involving a global
knob that would otherwise be executed by many other threads.
MFC: r223747
Modify the new NFSv4 client so that it appends a file handle
to the lock_owner4 string that goes on the wire. Also, add
code to do a ReleaseLockOwner Op on the lock_owner4 string
before a Close. Apparently not all NFSv4 servers handle multiple
instances of the same lock_owner4 string, at least not in a
compatible way. This patch avoids having multiple instances,
except for one unusual case, which will be fixed by a future commit.
Found at the recent NFSv4 interoperability Bakeathon.
MFC r223886:
Implement a helper functions to locally set thread-private flag, and
restore it to the previous state. Note that only setting a flag locally
is supported.
MFC r223887:
Use helper functions instead of manually managing TDP_INBDFLUSH.
MFC r223888:
Use 'curthread_pflags' instead of 'thread_pflags' to signify that only
curthread can be operated upon.
Remember to unlock the peripheral prior to notifying the user. Make some
allocations M_NOWAIT so that we don't try and sleep with a nested non-sleepable
lock.
This makes the userland scsi_target begin to function again.
MFC 223870,223937:
- Note that -a, -C, -H, -j, and -z are also toggles.
- Add a leading space to the status messages output after toggling the
'C' and 'H' flags at runtime. This matches messages output for other
toggles which leave the first column in the message blank to hold the
cursor.
MFC 223510:
Don't die if either of INET or INET6 aren't in the running kernel.
Instead, report "protocol not supported" errors at runtime if a user
attempts to use a protocol that the kernel doesn't support.
MFC 223477,223597,223611:
- The recent change to increase the zfsboot size to 64k made a few BIOSes
unhappy (probably they don't handle crossing the 64k boundary, etc.).
Fix this by changing zfsldr to use a loop reading from the disk one
sector at a time. To avoid trashing the saved copy of the MBR which is
used for disk I/O, read zfsboot2 at address 0x9000. This has the
advantage that BTX no longer needs to be relocated as it is read into
the correct location. However, the loop to relocate zfsboot2.bin can
now cross a 64k boundary, so change it to use relative segments instead.
(This will need further work if zfsboot2.bin ever exceeds 64k.)
While here, stop storing a relocated copy of zfsldr at 0x700. This was
only used by the xread hack which has recently been removed (and even
that use was dubious). Also, include the BIOS error code as hex when
reporting read errors to aid in debugging.
- Remove the fake BPB from zfsldr. zfsldr doesn't support booting from
floppies, so it will not be used as the start of an emulated floppy
image on a bootable CD which is what the fake BPB was used for.
- Only check that EDD packet mode is available once at the start of
zfsldr rather than for each disk sector now that we read data in one
sector at a time. As a result, collapse the remaining bits of read
up into nread and rename nread to read.
MFC 223091:
Add location and pnpinfo strings for puc device ports. The location is
announced during boot and contains the port number. The pnpinfo string
lists the port type (PUC_TYPE_* constants).
Make activemap_write_start/complete check the keepdirty list, when
stating if we need to update activemap on disk. This makes keepdirty
serve its purpose -- to reduce number of metadata updates.
Discussed with: pjd
r223655, 223974:
Check the returned value of activemap_write_complete() and update matadata on
disk if needed. This should fix a potential case when extents are cleared in
activemap but metadata is not updated on disk.
MFC r223661:
Improve error reporting. Use corresponding error message when file to be
preprocessed is missing. Also suggest to use absolute pathname if -p
option is specified.
MFC: r223940: If one's message is longer than the buffer size, then we reset
'cnt' at the wrong point and the actual column # get out of sync across the
buffer size.
MFC: r223657
Fix the new NFSv4 client so that it doesn't fill the cached
mode attribute in as 0 when doing writes. The change adds
the Mode attribute plus the others except Owner and Owner_group
to the list requested by the NFSv4 Write Operation. This fixed
a problem where an executable file built by "cc" would get mode
0111 instead of 0755 for some NFSv4 servers.
Found at the recent NFSv4 interoperability Bakeathon.
mm [Tue, 12 Jul 2011 13:16:46 +0000 (13:16 +0000)]
MFC r223623:
Add a new "REFCOMPRESSRATIO" property.
For snapshots, this is the same as COMPRESSRATIO, but for
filesystems/volumes, the COMPRESSRATIO is based on the data "USED" (ie,
includes blocks in children, but not blocks shared with the origin).
This is needed to figure out how much space a filesystem would use if it
were not compressed (ignoring snapshots).
MFC r223862:
Permit ARP to proceed for IPv4 host routes for which the gateway is the
same as the host address. This already works fine for INET6 and ND6.
While here, remove two function pointers from struct lltable which are
only initialized but never used.
In userland, sign extend the offset for JA instructions.
We currently use that to implement "ip6 protochain", and "pc" might be
wider than "pc->k", in which case we need to arrange that "pc->k" be
sign-extended, by casting it to bpf_int32.
r221363:
Add "-a alignment" option to gpart(8). When it specified gpart(8)
tries to align partition start offset and size to be multiple of
alignment value.
r221967:
Some partitioning schemes want to have partitions that are aligned
with geometry. And they do recalculation of user specified parameters.
MBR, PC98, VTOC8, EBR schemes are doing that. For these schemes an
auto alignment feature (ie. gpart add -a alignment) would not work.
But it can work for GPT and BSD schemes. BSD scheme usualy is created
inside MBR, so we can use knowledge about offset of MBR partition to
calculate aligned values for BSD partitions.
Use "offset" attribute of the parent provider for better alignment.
r222263:
Fix calculation of alignment for odd values. Also do not change value
when it is already aligned.
r222264:
Simplify ALIGNDOWN macro.
r222630:
Use stripesize and stripeoffset in the automatic calculation of
partition offsets. If user requests specific alignment and
provider's stripesize is not zero, then use a least common multiple
from the stripesize and user specified value.
Also fix "gpart resize" implementation: do not try to align the partition
size, because the start offset may be not aligned. Instead align the
end offset and then calculate size. Also use stripesize and stripeoffset
for "gpart resize" command.
r222631:
Always use LCM when stripesize > 0.
r222819:
Do not use LCM from stripesize and user specified alignment value.
When user wants have specific alignment - do what user wants.
Use stripesize as alignment value in case, when some of gpart's
arguments are ommitted for automatic calculation.
Suggested by: mav
r223158:
Add "alignment" param to the request before calling gpart_autofill().
r223355:
The "size" param needs no adjusting to stripeoffset.
Log:
LibAliasInit() should allocate memory with M_WAITOK flag. Modify it
and its callers.
Log:
- Rewrite functions that copyin/out NAT configuration, so that they
calculate required memory size dynamically.
- Fix races on chain re-lock.
- Introduce new field to ip_fw_chain - generation count. Now utilized
only in the NAT configuration, but can be utilized wider in ipfw.
- Get rid of NAT_BUF_LEN in ip_fw.h
Add a special mount option "failok" to indicate that the administrator wants
the system to proceed to boot without bailing out into single user mode,
even when the file system can not be successfully mounted.
This option is implemented in mount(8) and not passed into kernel.
MFC: r221333
Remove usr/include/nfs/krpc.h and usr/include/nfs/nfsdiskless.h from
ObsoleteFiles.inc, since these files have been reincarnated in the new
NFS implementation.
Discussed with dim@.
MFC r222808:
Sync ng_nat with recent (r222806) ipfw_nat changes:
Make a behaviour of the libalias based in-kernel NAT a bit closer to
how natd(8) does work. natd(8) drops packets only when libalias returns
PKT_ALIAS_IGNORED and "deny_incoming" option is set, but ipfw_nat
always did drop packets that were not aliased, even if they should
not be aliased and just are going through.
Also add SCTP support: mark response packets to skip firewall processing.
MFC r222806:
Make a behaviour of the libalias based in-kernel NAT a bit closer to
how natd(8) does work. natd(8) drops packets only when libalias returns
PKT_ALIAS_IGNORED and "deny_incoming" option is set, but ipfw_nat
always did drop packets that were not aliased, even if they should
not be aliased and just are going through.
PR: kern/122109, kern/129093, kern/157379
Submitted by: Alexander V. Chernikov (previous version)
MFC: r223441
Plug an mbuf leak in the new NFS client that occurred when a
server replied NFS3ERR_JUKEBOX/NFS4ERR_DELAY to an rpc.
This affected both NFSv3 and NFSv4. Found during testing
at the recent NFSv4 interoperability Bakeathon.
MFC: r223436
Fix the new NFSv4 client so that it uses the same uid as
was used for doing a mount when performing system operations
on AUTH_SYS mounts. This resolved an issue when mounting
a Linux server. Found during testing at the recent
NFSv4 interoperability Bakeathon.
MFC r222582:
O_FORWARD_IP is only action which depends from the result of lookup of
dynamic rules. We are doing forwarding in the following cases:
o For the simple ipfw fwd rule, e.g.
fwd 10.0.0.1 ip from any to any out xmit em0
fwd 127.0.0.1,3128 tcp from any to any 80 in recv em1
o For the dynamic fwd rule, e.g.
fwd 192.168.0.1 tcp from any to 10.0.0.3 3333 setup keep-state
When this rule triggers it creates a dynamic rule, but this
dynamic rule should forward packets only in forward direction.
o And the last case that does not work before - simple fwd rule which
triggers when some dynamic rule is already executed.
MFC r223660:
Initialize elements of state array when creating the GPT table.
This fixes the problem, when the secondary GPT header is not erased when
partition table destroyed. Move equal operations from g_part_gpt_create
and g_part_gpt_recover to the separate function g_gpt_set_defaults.
ALL BIND USERS ARE ENCOURAGED TO UPGRADE IMMEDIATELY
This update addresses the following vulnerability:
CVE-2011-2464
=============
Severity: High
Exploitable: Remotely
Description:
A defect in the affected BIND 9 versions allows an attacker to remotely
cause the "named" process to exit using a specially crafted packet. This
defect affects both recursive and authoritative servers. The code location
of the defect makes it impossible to protect BIND using ACLs configured
within named.conf or by disabling any features at compile-time or run-time.
MFC r223608:
Disable microcode loading for 82550 and 82550C controllers. Loading
the microcode caused SCB timeouts. Linux driver does not allow
microcode loading for these controllers and jfv also confirmed that
there is no need to do and it shouldn't.
MFC: r223382
Change the NFSv4 nfsuserd daemon so that it doesn't preload the
uid<->username mapping cache with an entry when another entry
for that uid is already loaded. This fixes a case where the
mapping of "toor" would replace "root" when the daemon was started,
resulting in no mapping for "root" until the cache entry for "toor"
timed out.
The algorithm is inefficient, but since it is only done once when
the daemon is started up, I don't think that's an issue.
MFC: r223373
Fix the new NFSv4 server so that it checks for VREAD_ACL when
a client does a Getattr for an ACL and not VREAD_ATTRIBUTES.
This was found during the recent NFSv4 interoperability Bakeathon.
MFC: r223349
Fix the new NFSv4 server so that it only allows Lookup of
directories and symbolic links when traversing non-exported
file systems. Found during the recent NFSv4 interoperability
Bakeathon.
MFC: r223348
Fix the new NFSv4 server so that it allows Access and Readlink
operations while traversing non-exported file systems. This is
required for some non-FreeBSD clients to do NFSv4 mounts. Found during
the recent NFSv4 interoperability Bakeathon.
projects / FreeBSD / stable / 8.git / log