kensmith [Mon, 2 Jan 2012 18:50:17 +0000 (18:50 +0000)]
MFC r229304:
> The portion of r225757 that added the packages-9.0-release directory
> was supposed to be MFCed closer to the release but that got missed.
>
> Pointy hat: kensmith
glebius [Mon, 19 Dec 2011 13:14:57 +0000 (13:14 +0000)]
Merge r228472. For the sake of POLA for the whole 9.x timeline add
compatibility support for specifing IPv4 aliases in rc.conf without
the "inet" keyword.
des [Tue, 13 Dec 2011 13:02:31 +0000 (13:02 +0000)]
MFH r228384: validate the service name
Approved by: re (kib)
Security: some poorly thought out programs allow the user to specify
the service name; this patch makes it harder to trick these
programs into loading and executing arbitrary code.
des [Sun, 11 Dec 2011 17:32:37 +0000 (17:32 +0000)]
MFH r228410: check for null passphrases, since openssl doesn't
Approved by: re (kib)
Security: prevents users with unencrypted ssh keys (prohibited
unless the nullok option is specified) from logging in
by providing a bogus non-null passphrase.
hrs [Sat, 3 Dec 2011 22:16:36 +0000 (22:16 +0000)]
MFC r226649, 226651, 226652, 226653:
- Fix an issue that 127/8 is not configured when $ifconfig_DEFAULT is not empty.
- Add description that IPv6 configuration will be ignored if $ifconfig_IF_ipv6
is empty.
- Move a configuration example "inet6 accept_rtadv" to just after the manual
GUA configuration.
- Add an example of $ipv6_prefix_IF.
- Add support for removing addresses added by ipv6_prefix_hostid_addr_up()
upon rc.d/netif stop.
hrs [Sat, 3 Dec 2011 22:15:42 +0000 (22:15 +0000)]
MFC r226446:
Fix a problem that an interface unexpectedly becomes IFF_UP by
just doing "ifconfing inet6 -ifdisabled" when the interface has
ND6_IFF_AUTO_LINKLOCAL flag and no link-local address.
nwhitehorn [Sat, 3 Dec 2011 17:17:32 +0000 (17:17 +0000)]
MFC r228194, MF9 r228240:
Prevent user astonishment by providing the shell option at the end, after
any installer-provided configuration files have been copied. This allows
users to edit their fstab, if desired, and to see what the installer has
placed in rc.conf.
kensmith [Sat, 3 Dec 2011 17:02:51 +0000 (17:02 +0000)]
MFC r228237:
> Add a screen that asks if the user would like to enable crash dumps,
> giving them a very brief description of the trade-offs. Whether the
> user opts in or out add an entry to what will become /etc/rc.conf
> explaining what dumpdev is and how to turn on/off crash dumps. The folks
> who handle interacting with users submitting PRs have asked for this.
>
> Reviewed by: nwhitehorn
dougb [Thu, 1 Dec 2011 21:17:59 +0000 (21:17 +0000)]
Upgrade to BIND 9.8.1-P1 to address the following DDOS bug:
Recursive name servers are failing with an assertion:
INSIST(! dns_rdataset_isassociated(sigrdataset))
At this time it is not thought that authoritative-only servers
are affected, but information about this bug is evolving rapidly.
Because it may be possible to trigger this bug even on networks
that do not allow untrusted users to access the recursive name
servers (perhaps via specially crafted e-mail messages, and/or
malicious web sites) it is recommended that ALL operators of
recursive name servers upgrade immediately.
For more information see:
https://www.isc.org/software/bind/advisories/cve-2011-4313
which will be updated as more information becomes available.
dougb [Thu, 1 Dec 2011 05:47:51 +0000 (05:47 +0000)]
MFC r227482:
The default setting, daily_accounting_compress="NO", was causing
only 1 old file to be saved, so fix this.
While I'm here, fix a very old off-by-one error causing 1 more
file than specified in daily_accounting_save to be saved because
acct.0 was not taken into account (pun intended). Change that, and
use a more thorough method of finding old files to delete. Partly
just because this is the right thing to do, but also to silently
fix the extra log that would have been left behind forever with the
previous method.
marius [Tue, 29 Nov 2011 14:18:19 +0000 (14:18 +0000)]
MFC: r228028
- Based on a report on sparc64@ move V245 to the list of known working
machines.
- Mention that V480 with broken centerplanes have a chance of working with
the WAR in the upcoming 8.3-RELEASE and 9.0-RELEASE.
pluknet [Tue, 29 Nov 2011 12:41:44 +0000 (12:41 +0000)]
MFC r225757,r225764:
Update the default cvs tag for RELENG_9 by merging the following revisions:
r225757 (by kensmith, partial):
Shift head from 9.0-CURRENT to 10.0-CURRENT in preparation for releasing
it from the 9.0-RELEASE release cycle code freeze.
r225764 (by kensmith):
Forgot to add "RELENG_8" to list of CVS tags.
Reported by: Milan Obuch <freebsd-current at dino sk> (cvs tag)
Approved by: re (kib)
marius [Tue, 29 Nov 2011 09:59:55 +0000 (09:59 +0000)]
MFC: r227960
Increase the CDMA sync timeout for Schizo bridges to 15 seconds as used by
OpenSolaris. One second turned out to be not enough for certain loads while
10 seconds were sufficient.
Reported by: Peter Jeremy
rwatson [Mon, 28 Nov 2011 22:30:19 +0000 (22:30 +0000)]
Merge r228057 from head to releng/9.0:
Change the Makefile in cddl/lib/drti to use bsd.lib.mk instead of
bsd.prog.mk -- we need to compile PIC, which requires a library build.
With this change, USDT (userspace DTrace probes) work from within
shared libraries.
PR: kern/159046
Submitted by: Alex Samorukov <samm at os2.kiev.ua>
Comments by: Scott Lystig Fritchie <slfritchie at snookles.com>
rwatson [Mon, 28 Nov 2011 22:13:11 +0000 (22:13 +0000)]
Merge r228039 from head to releng/9.0:
Add an introductory Capsicum man page providing a high-level description of
its mechanisms, pointing at other pertinent man pages, and cautioning about
the experimental status of Capsicum in FreeBSD.
philip [Mon, 28 Nov 2011 20:43:50 +0000 (20:43 +0000)]
Add the sfxge(4) device driver, providing support for 10Gb Ethernet adapters
based on Solarflare SFC9000 family controllers. The driver supports jumbo
frames, transmit/receive checksum offload, TCP Segmentation Offload (TSO),
Large Receive Offload (LRO), VLAN checksum offload, VLAN TSO, and Receive Side
Scaling (RSS) using MSI-X interrupts.
This work was sponsored by Solarflare Communications, Inc.
My sincere thanks to Ben Hutchings for doing a lot of the hard work!
Sponsored by: Solarflare Communications, Inc.
Approved by: re (bz)
lstewart [Mon, 28 Nov 2011 11:14:32 +0000 (11:14 +0000)]
Fast track MFC r228016:
Plug a TCP reassembly UMA zone leak introduced in r226228 by only using the
backup stack queue entry when the zone is exhausted, otherwise we leak a zone
allocation each time we plug a hole in the reassembly queue.
Reported by: many on freebsd-stable@ (thread: "TCP Reassembly Issues")
Tested by: many on freebsd-stable@ (thread: "TCP Reassembly Issues")
Reviewed by: bz (very brief sanity check)
Approved by: re (kib)
marcel [Sun, 27 Nov 2011 20:10:32 +0000 (20:10 +0000)]
MFC rev. 227629, stable/9 rev 228041:
Wire the kernel text RWX, rather than RX. We're not quite ready
for having kernel text non-writable, because we still need to
apply relocations. On top of that, the PBVM page table has all
pages marked as RWX, so it's an inconsistency to begin with.
tuexen [Sun, 27 Nov 2011 19:13:45 +0000 (19:13 +0000)]
MFC r228031:
Fix a warning reported by arundel@.
Fix a bug where the parameter length of a supported address types
parameter is set to a wrong value if the kernel is built with
with either INET or INET6, but not both.
kib [Sun, 27 Nov 2011 19:00:52 +0000 (19:00 +0000)]
MFC r227485:
To limit amount of the kernel memory allocated, and to optimize the
iteration over the fdsets, kern_select() limits the length of the
fdsets copied in by the last valid file descriptor index. If any bit
is set in a mask above the limit, current implementation ignores the
filedescriptor, instead of returning EBADF.
Fix the issue by scanning the tails of fdset before entering the
select loop and returning EBADF if any bit above last valid
filedescriptor index is set. The performance impact of the additional
check is only imposed on the (somewhat) buggy applications that pass
bad file descriptors to select(2) or pselect(2).
marius [Fri, 25 Nov 2011 17:07:27 +0000 (17:07 +0000)]
MFC: r227829, r227844
- Add a DEVMETHOD_END alias for KOBJMETHOD_END so that along with 'driver_t'
and DEVMETHOD() we can fully hide the explicit mention of kobj(9) from
device drivers.
- Update the device driver examples to use DEVMETHOD_END.
rstone [Fri, 25 Nov 2011 12:43:34 +0000 (12:43 +0000)]
MFC r227342. Note that the original commit message, reproduced below, has
error. The final sentence should read "*without* CTF data".
The in-kernel CTF parser caches the result of its first attempt to parse
CTF data from a module. On subsequent attempts to retrieve CTF data for
a module, return an error if there no CTF data.
This fixes a panic if you try to enable fbt probes on a module with CTF
data twice.
bschmidt [Fri, 25 Nov 2011 12:20:14 +0000 (12:20 +0000)]
MFC r227805:
The DC calibration result obtained during initialization can't be
passed over to the runtime firmware on 6050 devices. Instead let
the runtime firmware do the calibration itself. This fixes support
for the 6050 series devices.
pjd [Thu, 24 Nov 2011 07:39:01 +0000 (07:39 +0000)]
MFC r227110,r227111:
r227110:
In zvol_open() if the spa_namespace_lock is already held, it means that
ZFS is trying to open and taste ZVOL as its VDEV. This is not supported,
so return an error instead of panicing on spa_namespace_lock recursion.
Reported by: Robert Millan <rmh@debian.org>
PR: kern/162008
delphij [Wed, 23 Nov 2011 21:41:31 +0000 (21:41 +0000)]
MFC r225849:
Test if the interface is afif in dhcpif() and syncdhcpif(), as
done in ipv6_autoconfif.
This fixes a regression that causes e.g. ifconfig_DEFAULT="DHCP"
to run on non-afif interfaces like pfsync0, which in turn would
cause excessive delay on system startup.
Sponsored by: iXsystems, Inc.
Reviewed by: hrs (freebsd-rc@)
Approved by: re (bz)
kib [Wed, 23 Nov 2011 15:16:05 +0000 (15:16 +0000)]
MFC r227657:
Consistently use process spin lock for protection of the
p->p_boundary_count. Race could cause the execve(2) from the threaded
process to hung since thread boundary counter was incorrect and
single-threading never finished.
gjb [Wed, 23 Nov 2011 12:24:04 +0000 (12:24 +0000)]
MFC r227769, 227770, 227771:
- Add a note to src/Makefile that explains that 'rm' runs twice because
thesecond invocation only needs to operate on files with the immutable
flag set.
- Fix the note in r227769 to be less specific to the immutable flag.
- Replace 'chflags' with 'file flags' in a comment, since 'chflags'is a
command, not a flag itself.
davidxu [Wed, 23 Nov 2011 11:59:01 +0000 (11:59 +0000)]
MFC r227604:
Pass CVWAIT flags to kernel, this should handle
Timeout correctly for pthread_cond_timedwait when
it uses kernel-based condition variable.
marius [Sat, 19 Nov 2011 13:04:17 +0000 (13:04 +0000)]
MFC: r227539
Define curthread as an inline function that loads the thread pointer
directly from g7, the pcpu pointer. This guarantees correct behavior
when the thread migrates to a different CPU.
Commit message stolen from r205431. Additional testing by Peter Jeremy.
marius [Sat, 19 Nov 2011 12:55:34 +0000 (12:55 +0000)]
MFC: r227537
As it turns out, r186347 actually is insufficient to avoid the use of the
curthread-accessing part of mtx_{,un}lock(9) when using a r210623-style
curthread implementation on sparc64, crashing the kernel in its early
cycles as PCPU isn't set up, yet (and can't be set up as OFW is one of the
things we need for that, which leads to a chicken-and-egg problem). What
happens is that due to the fact that the idea of r210623 actually is to
allow the compiler to cache invocations of curthread, it factors out
obtaining curthread needed for both mtx_lock(9) and mtx_unlock(9) to
before the branch based on kobj_mutex_inited when compiling the kernel
without the debugging options. So change kobj_class_compile_static(9)
to just never acquire kobj_mtx, effectively restricting it to its
documented use, and add a kobj_init_static(9) for initializing objects
using a class compiled with the former and that also avoids using mutex(9)
(and malloc(9)). Also assert in both of these functions that they are
used in their intended way only.
While at it, inline kobj_register_method() and kobj_unregister_method()
as there wasn't much point for factoring them out in the first place
and so that a reader of the code has to figure out the locking for
fewer functions missing a KOBJ_ASSERT.
Tested on powerpc{,64} by andreast.
Reviewed by: nwhitehorn (earlier version), jhb
Approved by: re (kib)
Initialize 'rc' properly before using it. This error could lead to infinite
loop when data reconstruction was needed.
r226551:
Don't mark vdev as healthy too soon, so we won't try to use invalid vdevs.
r226552:
Never pass NULL block pointer when reading. This is neither expected nor
handled by lower layers like vdev_raidz, which uses bp for checksum
verification. This bug could lead to NULL pointer reference and resets
during boot.
r226553:
Always pass data size for checksum verification function, as using
physical block size declared in bp may not always be what we want.
For example in case of gang block header physical block size declared
in bp is much larger than SPA_GANGBLOCKSIZE (512 bytes) and checksum
calculation failed. This bug could lead to accessing unallocated
memory and resets/failures during boot.
r226554:
Fix missing return when LOADER_GPT_SUPPORT is defined, but LOADER_MBR_SUPPORT
is not.
r226568:
- Correctly read gang header from raidz.
- Decompress assembled gang block data if compressed.
- Verify checksum of a gang header.
- Verify checksum of assembled gang block data.
- Verify checksum of uber block.
Submitted by: avg
r226569:
With LOADER_MBR_SUPPORT defined and LOADER_GPT_SUPPORT undefined we would
never call disk_openmbr().
- Instead of printing file's content calculate MD5 hash of the file,
so it can be easly compared to the hash calculated via file system.
- Some other minor improvements.
r226612:
Because ZFS boot code was very fragile in the past and real PITA to debug,
introduce zfsboottest.sh script that will verify if it will be possible to boot
from the given pool.
# zfsboottest.sh system
Where "system" is pool name of the pool we want to boot from.
What is being verified by the script:
- Does the pool exist?
- Does it have bootfs property configured?
- Is mountpoint property of the boot dataset set to 'legacy'?
Dataset configured in bootfs property has to be mounted to perform more
checks:
- Does the /boot directory in boot dataset exist?
- Is this dataset configured as root file system in /etc/fstab or set
in vfs.root.mountfrom variable in /boot/loader.conf?
By using zfsboottest tool the script will read all the files in /boot
directory using ZFS boot code and calculate their checksums.
Then, it will walk /boot directory using find(1) though regular file sytem
and also read all the files in /boot directory and calculate their checksums.
If any of the files cannot be looked up, read or checksum is invalid it will
be reported and booting off of this pool is probably not possible.
Some additional checks may be interesting as well. For example if the disks
contain proper pmbr and gptzfsboot code or if all expected files in /boot/
are present.
When upgrading FreeBSD, one should snapshot datasets that contain operating
system, upgrade (install new world and kernel) and use zfsboottest.sh to verify
if it will be possible to boot from new configuration. If all is good one
should upgrade boot blocks, by eg.:
dougb [Fri, 18 Nov 2011 20:51:31 +0000 (20:51 +0000)]
MFC r226863:
Fix svnversion for svn 1.7.x by not looking for .svn in ${SYSDIR}
(since it no longer exists). Instead, run svnversion if we can find
the binary and test that the output looks like a version string.
rmacklem [Thu, 17 Nov 2011 16:38:22 +0000 (16:38 +0000)]
MFC: r227059
Both a crash reported on freebsd-current on Oct. 18 under the
subject heading "mtx_lock() of destroyed mutex on NFS" and
PR# 156168 appear to be caused by clnt_dg_destroy() closing
down the socket prematurely. When to close down the socket
is controlled by a reference count (cs_refs), but clnt_dg_create()
checks for sb_upcall being non-NULL to decide if a new socket
is needed. I believe the crashes were caused by the following race:
clnt_dg_destroy() finds cs_refs == 0 and decides to delete socket
clnt_dg_destroy() then loses race with clnt_dg_create() for
acquisition of the SOCKBUF_LOCK()
clnt_dg_create() finds sb_upcall != NULL and increments cs_refs to 1
clnt_dg_destroy() then acquires SOCKBUF_LOCK(), sets sb_upcall to
NULL and destroys socket
This patch fixes the above race by changing clnt_dg_destroy() so
that it acquires SOCKBUF_LOCK() before testing cs_refs.
Tested by: bz
Reviewed by: dfr
Approved by: re (kib)
dim [Thu, 17 Nov 2011 08:12:12 +0000 (08:12 +0000)]
MFC r227112:
Whenever you boot with nfsv4_server_enable=NO (the default) in rc.conf,
the /etc/rc.d/nfsd script sets vfs.nfsd.server_max_nfsvers to 3.
Then, when you set nfsv4_server_enable=YES in rc.conf, and restart nfsd
via the rc.d script, without rebooting, the sysctl does *not* get reset
to max version 4, so NFSv4 still doesn't work.
Fix this by explicitly setting vfs.nfsd.server_max_nfsvers to 4 when
NFSv4 is requested.
I also added resetting of the nfs_privport sysctls, since this has the
same issue: nfs_reserved_port_only=YES in rc.conf sets the nfs_privport
sysctl to 1, but in the other case, the sysctl doesn't get reset to 0.
Reviewed by: rmacklem
Silence from: rc@
Approved by: re (kib)
bschmidt [Wed, 16 Nov 2011 17:41:31 +0000 (17:41 +0000)]
MFC r226679:
Let net80211 also know about stopped BA sessions. This fixes some issues
where the driver assumed that BA resources are still available due to
net80211 saying so.
ae [Wed, 16 Nov 2011 15:37:13 +0000 (15:37 +0000)]
MFC r227272:
Add reference to gpart(8).
MFC r227280:
Initialize "acc" value inside the loop to reset failed attempts.
PR: misc/162262
MFC r227292:
Improve error reporting when MBR can not be written.
Remove obsolete code which uses DIOCSMBR ioctl.
When writing MBR first check that GEOM_MBR is available, if it is not
available, then try write MBR directly to provider. If both are failed,
then recommend to use gpart(8).
ae [Wed, 16 Nov 2011 15:32:52 +0000 (15:32 +0000)]
MFC r227231:
To be in sync with GEOM_PART_BSD limit the maximum number of supported
partitions to 20.
MFC r227248:
bsdlabel(8) could automatically fill many of disklabel's deprecated
fields, but user could specify some of those fields when edits disklabel
with `bsdlabel -e`. But without -A flag these fields might be
overwritten with default values from the virgin disklabel.
So, don't overwrite such fields if they are not zero. Also add checks
to prevent creating disklabel with less than DEFPARTITIONS and more
than MAXPARTITIONS partitions.
PR: bin/162332
Tested by: Eugene Grosbein
MFC r227262:
Remove unneeded checks.
MFC r227270:
Add recommendation to use gpart(8) when user tries write disklabel
or bootcode to already opened provider.