rmacklem [Sat, 7 May 2016 21:34:04 +0000 (21:34 +0000)]
MFC: r298523
Allow the NFSv4 server to reply NFSERR_WRONGSEC for the SetClientID operation.
It was reported via email that a Linux client couldn't do a Kerberized
NFS mount when only "sec=krb5" was specified for the exports. The Linux
client attempted a mount via krb5i and the server replied NFSERR_SERVERFAULT.
Although NFSERR_WRONGSEC isn't listed as an error for SetClientID, I
think it is the correct reply, so this patch enables that.
I do not know if this fixes the mount attempt, but adding "krb5i" to the
list of allowed security flavours does allow the mount to work.
dchagin [Sat, 7 May 2016 08:26:05 +0000 (08:26 +0000)]
MFC r298519:
Fix streams and svr4 module dependency. Both modules are complaining about
undefined symbol svr4_delete_socket which was moved from streams to the svr4 module
in r160558 that created a two-way dependency between them.
MFC r298520:
Allow to build svr4 module with SYSV support separatelly from the kernel build.
rmacklem [Sat, 7 May 2016 00:07:03 +0000 (00:07 +0000)]
MFC: r297869
If the VOP_SETATTR() call that saves the exclusive create verifier failed,
the NFS server would leave the newly created vnode locked. This could
result in a file system that would not unmount and processes wedged,
waiting for the file to be unlocked.
Since this VOP_SETATTR() never fails for most file systems, this bug
doesn't normally manifest itself. I found it during testing of an
exported GlusterFS file system, which can fail.
This patch adds the vput() and changes the error to the correct NFS one.
rmacklem [Fri, 6 May 2016 23:55:28 +0000 (23:55 +0000)]
MFC: r297837
Bruce Evans reported that there was a performance regression between
the old and new NFS clients. He did a good job of isolating the problem
which was caused by the new NFS client not setting the post write mtime
correctly. The new NFS client code was cloned from the old client, but
was incorrect, because the mtime in the nfs vnode's cache wasn't yet
updated. This patch fixes this problem. The patch also adds missing mutex
locking.
jtl [Fri, 6 May 2016 01:27:01 +0000 (01:27 +0000)]
MFC r298408:
Prevent underflows in tp->snd_wnd if the remote side ACKs more than
tp->snd_wnd. This can happen, for example, when the remote side responds
to a window probe by ACKing the one byte it contains.
ngie [Wed, 4 May 2016 00:35:41 +0000 (00:35 +0000)]
MFstable/10 r299022:
MFC r298450:
Simplify always evaluated branch (`e != NULL`)
- xalloc(..) ensures that e will be non-null via malloc + err.
- `e` is already dereferenced above, so logically it's impossible
to hit the lower test without crashing if it was indeed NULL.
MFC r297967:
Ensure the received IP header gets 32-bits aligned.
The FreeBSD's TCP/IP stack assumes that the IP-header is 32-bits aligned
when decoding it. Else unaligned 32-bit memory access can happen, which
not all processor architectures support.
When downing a mlxen network adapter we need to check the port_up variable
to ensure we don't continue to transmit data or restart timers which can
reside in freed memory.
MFC r298521;
regex: prevent two improbable signed integer overflows.
In matcher() we used an integer to index nsub of type size_t.
In print() we used an integer to index nstates of type sopno,
typedef'd long.
In both cases the indexes never take negative values.
MFC r297820:
Fix the problem, when gpart(8) can't write both bootcode and partcode
in one command due to wrong file size limit. Do not use bootcode size
to calculate partsize limit.
Also add report message about successful partcode writing.
1. Process tx completions in bxe_periodic_callout_func() and restart
transmissions if possible.
2. For SIOCSIFFLAGS call bxe_init_locked() only if !BXE_STATE_DISABLED
3. remove code not needed in bxe_init_internal_common()
- Update superblock and inode structs for ext4.
- Update comment: Linux does set a randomized generation number of an inode
on ext2/3/4. While here use arc4random() instead of random().
MFC r294520:
LinuxKPI atomic fixes:
- Fix implementation of atomic_add_unless(). The atomic_cmpset_int()
function returns a boolean and not the previous value of the atomic
variable.
- The atomic counters should be signed according to Linux.
- Some minor cosmetics and styling while at it.
Reviewed by: alfred @
Sponsored by: Mellanox Technologies
MFC r296934:
Fix crash in krping when run as a client due to NULL pointer access.
Initialize pointer in question which is used only when fast registers
mode is selected.
MFC r296910:
Use hardware computed Toeplitz hash for incoming flowids
Use the Toeplitz hash value as source for the flowid. This makes the
hash value more suitable for so-called hash bucket algorithms which
are used in the FreeBSD's TCP/IP stack when RSS is enabled.
MFC r296909:
Fix witness panic in the ipoib_ioctl() function when unloading the
ipoib module.
The bpfdetach() function is trying to turn off promiscious mode on the
network interface it is attached to while holding a mutex. The fix
consists of ignoring any further calls to the ipoib_ioctl() function
when the network interface is going to be detached. The ipoib_ioctl()
function might sleep.
MFC r296342:
Allow for overlapping quirk device ranges. Prior to this patch only
the first device entry matching the USB vendor, product and revision
would be searched for quirks. After this patch all device entries will
be searched for quirks.
dim [Wed, 30 Mar 2016 22:12:07 +0000 (22:12 +0000)]
MFC r297212:
For C++, expose long long types and functions (lldiv_t, llabs, lldiv,
etc) in stdlib.h. These will be needed for newer versions of libc++,
which uses them for defining overloaded versions of abs() and div().
pfg [Fri, 25 Mar 2016 00:40:04 +0000 (00:40 +0000)]
MFC r296394:
xdr: Fix xdr_rpc* defines.
The defines for xdr_rpc* in xdr.h are wrong. It could be
very well that Solaris did strip the '_t' from xdr_u_int32_t,
but Solaris has a xdr_u_int32 function, we don't have this.
So all of this defines will lead to an unresolved symbol.
This explains why we do not use these functions in FreeBSD
while they are used in Illumos/Solaris.
glebius [Wed, 16 Mar 2016 22:36:02 +0000 (22:36 +0000)]
Merge r296956:
Due to invalid use of a signed intermediate value in the bounds checking
during argument validity verification, unbound zero'ing of the process LDT
and adjacent memory can be initiated from usermode.
cy [Wed, 16 Mar 2016 02:01:17 +0000 (02:01 +0000)]
Don't assume checksums will be calculated later when fastfoward is
enabled.
This is a direct commit to the stable/9 because this branch uses
ipfilter 4.1.28 whereas head has ipfilter 5.1.2. This corresponds
to r292518 and r292813 in head and r292979 and r292811 in stable/10.
ngie [Mon, 14 Mar 2016 00:40:57 +0000 (00:40 +0000)]
MFstable/10 r296814:
MFC r293621,r293622,r293815:
r293621:
- Delete non-TAP testcases
- Add a conf.sh file for executing common functions with geom_gate
- Use attach_md for attaching md(4) devices
- Don't hardcode /tmp for temporary files, which violates the kyua sandbox
- Add/increase sleeps to try and improve synchronization
- Add debug output for when checksums fail
test-1.t:
- Use pkill for killing ggated
r293622:
Remove Makefile now that the testcases are all TAP based and
prove -rv can be used on them
dim [Sun, 13 Mar 2016 18:32:18 +0000 (18:32 +0000)]
Pull in r219512 from upstream llvm trunk (by Hal Finkel):
[MiSched] Fix a logic error in tryPressure()
Fixes a logic error in the MachineScheduler found by Steve Montgomery
(and confirmed by Andy). This has gone unfixed for months because the
fix has been found to introduce some small performance regressions.
However, Andy has recommended that, at this point, we fix this to
avoid further dependence on the incorrect behavior (and then
follow-up separately on any regressions), and I agree.
Fixes PR18883.
This fixes a possible "ran out of registers" error when compiling
www/firefox 45.0 on i386.
Direct commit to stable/9, because head already has this fix since the
llvm/clang 3.6.0 import.
ngie [Sun, 13 Mar 2016 02:09:01 +0000 (02:09 +0000)]
MFstable/10 r296787:
MFC r293443:
- Make test-1.sh into a TAP testable testcase
- Delete test-2.sh as it was an incomplete testcase, and the contents were
basically a subset of test-1.sh
- Add a conf.sh file for executing common functions with geom_uzip
- Use attach_md for attaching md(4) devices
- Don't hardcode /tmp for temporary files, which violates the kyua sandbox
ngie [Sun, 13 Mar 2016 02:08:23 +0000 (02:08 +0000)]
MFstable/10 r296786:
MFC r293442:
- Add a geom_stripe specific cleanup function and trap on that function at
exit so things are cleaned up properly
- Use attach_md for attaching md(4) devices
- Don't hardcode /tmp for temporary files, which violates the kyua sandbox
ngie [Sun, 13 Mar 2016 02:07:45 +0000 (02:07 +0000)]
MFstable/10 r296785:
MFC r293441:
- Add a geom_shsec specific cleanup function and trap on that function at
exit so things are cleaned up properly
- Use attach_md for attaching md(4) devices
- Don't hardcode /tmp for temporary files, which violates the kyua sandbox
ngie [Sun, 13 Mar 2016 02:06:57 +0000 (02:06 +0000)]
MFstable/10 r296784:
MFC r293438:
- Add a geom_raid3 specific cleanup function and trap on that function at
exit so things are cleaned up properly
- Use attach_md for attaching md(4) devices
- Don't hardcode /tmp for temporary files, which violates the kyua sandbox
ngie [Sun, 13 Mar 2016 02:06:09 +0000 (02:06 +0000)]
MFstable/10 r296783:
MFC r293437:
- Add a conf.sh file for executing common functions with gnop
- Use attach_md for attaching md(4) devices
- Don't hardcode /tmp for temporary files, which violates the kyua sandbox
ngie [Sun, 13 Mar 2016 02:05:16 +0000 (02:05 +0000)]
MFstable/10 r296782:
MFC r293436:
- Add a conf.sh file for executing common functions with geli
-- Use linear probing to find the first unique md(4) device, unlike the other
code which uses attach_md, as geli(8) allocates the md(4) devices itself
- Don't hardcode /tmp for temporary files, which violates the kyua sandbox
ngie [Sat, 12 Mar 2016 23:12:23 +0000 (23:12 +0000)]
MFstable/10 r296777:
MFC r293434:
- Use attach_md for memory disks so they can be tracked.
- Add a geom_concat specific cleanup function and trap on that function at
exit so things are cleaned up properly
- Don't hardcode /tmp for temporary files, which violates the kyua sandbox
bdrewery [Sat, 12 Mar 2016 19:07:08 +0000 (19:07 +0000)]
MFC r296286,r296470,r296472,r296473,r296575:
r296286:
Remove filemon->lock wrappers.
r296470:
Only call bwillwrite() for logging to vnodes, as other fo_write() calls do.
r296472:
Require kldunload -f to unload.
r296473:
Add missing break for r296472.
r296575:
FILEMON_SET_FD: Disallow changing the fd.
jkim [Fri, 11 Mar 2016 22:45:23 +0000 (22:45 +0000)]
Link ntp-keygen(8) with pthread. Note this is a direct commit to stable/9
because head and stable/10 were fixed differently with r280849 and r285612,
respectively.
delphij [Mon, 7 Mar 2016 16:18:07 +0000 (16:18 +0000)]
Fix multiple OpenSSL vulnerabilities as published in
OpenSSL advisory on 2016/03/01:
constant-time MOD_EXP_CTIME_COPY_FROM_PREBUF.
[CVE-2016-0702, upstream d6482a8. 5ea08bd, d6d422e, 8fc8f48317be63 skipped intentionally as we are not
using the code on FreeBSD. Backport done by jkim@.
Fix memory issues in BIO_*printf functions.
[CVE-2016-0799, upstream d889682, a801bf2].
Disable SSLv2 in default negotiation and weak ciphers.
[CVE-2016-0800 "DROWN", upstream 56f1acf5]. Note that
support of SSLv2 is not removed in order to preserve
ABI compatibility, and application may still explicitly
ask for vulnerable protocol or ciphers.
pfg [Mon, 7 Mar 2016 15:20:59 +0000 (15:20 +0000)]
Revert r286714: Add a new option "-fstack-protector-strong".
The stack-protector-strong option was causing problems when building
perl5. This was never within the official featureset of the older GCC
4.x toolchain so just drop it to avoid patching the perl port.
hselasky [Mon, 7 Mar 2016 10:02:31 +0000 (10:02 +0000)]
MFC r295928:
Configure the correct bMaxPacketSize for control endpoints before
requesting the initial complete device descriptor and not as part of
the subsequent babble error recovery. Babble means that the received
USB packet was bigger than than configured maximum packet size. This
only affects enumeration of FULL speed USB devices which use a
bMaxPacketSize different from 8 bytes. This patch might help fix
enumeration of USB devices which exhibit USB I/O errors in dmesg
during boot.
dim [Mon, 7 Mar 2016 07:57:57 +0000 (07:57 +0000)]
MFC r296419 (by kib):
In the link_elf_obj.c, handle sections of type SHT_AMD64_UNWIND same
as SHT_PROGBITS. This is needed after the clang 3.8 import, which
generates that type for .eh_frame section, which had SHT_PROGBITS type
before.
Reported by: Nikolai Lifanov <lifanov@mail.lifanov.com>
PR: 207729
Tested by: dim (previous version)
Sponsored by: The FreeBSD Foundation
MFC r296428:
Since kernel modules can now contain sections of type SHT_AMD64_UNWIND,
the boot loader should not skip over these anymore while loading images.
Otherwise the kernel can still panic when it doesn't find the .eh_frame
section belonging to the .rela.eh_frame section.
Unfortunately this will require installing boot loaders from sys/boot
before attempting to boot with a new kernel.