The reported problem is that some geli commands exit with a
success status when they should exit with a failed status.
The gctl_error() function is defined differently in the kernel
(in sys/geom/geom_ctl.c) versus in the geom user facilities (in
sbin/geom/misc/subr.c). In the kernel, calling gctl_error() causes
an error return to be set while in the user version it does not.
It was only by a quirk that had been added to the user geom return
processing that I "cleaned up" that the lack of the user implementaion
to set the error return showed up.
This patch adds the missing setting of the error code when calling
the user facility gctl_error().
Reported by: Jenkins
Debugging by: Alan Somers
Debugging by: Cy Schubert
Debugging by: Li-Wen Hsu
The BSD style commands (with names not ending in "sum") ignored the -c
options and the passed digest value when invoked with -q.
The man page stated that -q causes only the calculated digest to be
printed, but did not consider the case of both the -q and -c being
used in combination.
Since there is no warning that -c will be ignored when the -q option
is used, users night (and did) expect that the exit code would reflect
the matching of the calculated digest and the argument passed with -c.
This update implements and documents this expected behavior.
PR: 265461
Reported by: Dmitrij <bugs.freebsd@1fff.net>
MFC after: 2 weeks
The setvlantag() and setvlanproto() functions are used in two scenarios:
when we create a new vlan interface and when we update an existing
interface.
These are distinguished by the getvlan() at the end of the functions. If
this fails we assume that is because the interface doesn't exist (so
we're creating a new one). We only update the 'params' struct, and
expect the settings to be applied when we vlan_create().
However, if we're updating an existing interface we do not retrieve the
current settings, and can end up invalidating settings.
Fix this by using the settings we retrieved while checking which
scenario we're in.
Note that we do not address this for setvlandev(), because if_vlan does
not allow the vlan parent device to be changed without disassociating it
first (with ifconfig vlanX -vlandev).
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D35848
Only the UFS2 filesystem has support for storing information needed
to find alternate superblocks. If that information is inadvertently
left in place when building a UFS1 filesystem, fsck_ffs may stumble
across it and attempt to use it to recover the UFS1 filesystem
which can only end poorly.
During software installation, use veriexec -S to strictly
enforce certificate validity checks (notBefore, notAfter).
Otherwise ignore certificate validity period.
It is generally unacceptible for the Internet to stop working
just because someone did not upgrade their infrastructure for a decade.
Sponsored by: Juniper Networks, Inc.
Reviewed by: sebastien.bini_stormshield.eu
Differential Revision: https://reviews.freebsd.org/D35758
Generally, access to the kernel debugger is considered to be unsafe from
a security perspective since it presents an unrestricted interface to
inspect or modify the system state, including sensitive data such as
signing keys.
However, having some access to debugger functionality on production
systems may be useful in determining the cause of a panic or hang.
Therefore, it is desirable to have an optional policy which allows
limited use of ddb(4) while disabling the functionality which could
reveal system secrets.
This loadable MAC module allows for the use of some ddb(4) commands
while preventing the execution of others. The commands have been broadly
grouped into three categories:
- Those which are 'safe' and will not emit sensitive data (e.g. trace).
Generally, these commands are deterministic and don't accept
arguments.
- Those which are definitively unsafe (e.g. examine <addr>, search
<addr> <value>)
- Commands which may be safe to execute depending on the arguments
provided (e.g. show thread <addr>).
Safe commands have been flagged as such with the DB_CMD_MEMSAFE flag.
Commands requiring extra validation can provide a function to do so.
For example, 'show thread <addr>' can be used as long as addr can be
checked against the system's list of process structures.
The policy also prevents debugger backends other than ddb(4) from
executing, for example gdb(4).
Reviewed by: markj, pauamma_gundo.com (manpages)
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D35371
Historically, GEOM utilities (gpart(8), gstripe(8), gmirror(8),
etc) used the gctl_error() routine to report errors. If they called
gctl_error() they would exit with EXIT_FAILURE, otherwise they would
return with EXIT_SUCCESS. If they used gctl_error() to output an
informational message, for example when run with the -v (verbose)
option, they would mistakenly exit with EXIT_FAILURE. A further
limitation of the gctl_error() function was that it could only be
called once. Messages from any additional calls to gctl_error()
would be silently discarded.
To resolve these problems a new function, gctl_msg() has been added.
It can be called multiple times to output multiple messages. It
also has an additional errno argument which should be zero if it is
an informational message or an errno value (EINVAL, EBUSY, etc) if
it is an error. When done the gctl_post_messages() function should
be called to indicate that all messages have been posted. If any
of the messages had a non-zero errno, the utility will EXIT_FAILURE.
If only informational messages (with zero errno) were posted, the
utility will EXIT_SUCCESS.
Tested by: Peter Holm
PR: 265184
MFC after: 1 week
Replace ppp(4) removed since FreeBSD 8.0-RELEASE with vlan(4).
While here, remove commented out reference to non-existing "egress"
interface group hiding since initial import of interface groups
from OpenBSD in 2006.
Jails without VNET have complete access to the ipfilter rules, NAT,
pools and logs. This is insecure. Only allow jails to manipulate
ipfilter rules, NAT tables and ippools if the jail has its own VNET.
Otherwise a jail can affect the global system.
This patch brings ipfilter in line with ipfw's support of VNET jails and
non-support of non-VNET jails.
MFC after: 1 week
If the "intr" and/or "soft" mount options are used for
NFSv4 mounts, the protocol can be broken when the
operation returns without waiting for the RPC reply.
The likelyhood of failure increases for NFSv4.1/4.2
mounts, since the session slot will be broken when
an RPC reply is not processed.
This is mentioned in the BUGS section of "man mount_nfs",
but there was no specific mention of the session slot
problem. This patch adds a sentence for this case.
PR: 260011
Reviewed by: gbe
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D35693
If the "intr" and/or "soft" mount options are used for
NFSv4 mounts, the protocol can be broken when the
operation returns without waiting for the RPC reply.
The likelyhood of failure increases for NFSv4.1/4.2
mounts, since the session slot will be broken when
an RPC reply is not processed.
This is mentioned in the BUGS section of "man mount_nfs",
but more needs to be done. This patch adds code that
generates a warning message when the mount is done.
PR: 260011
Reviewed by: emaste
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D35407
Provide more robust parameter parsing in veriexec. Do a little cleanup as well.
Differential revision: https://reviews.freebsd.org/D33246
Obtained from: Semihalf
Reviewed by: sjg, sebastien.bini_stormshield.eu
When growing a UFS/FFS filesystem, the size of the summary information
may expand into additional blocks. These blocks must be removed from
fs_dsize which records the number of blocks in the filesystem that can
be used to hold filesystem data.
While here also update the fs_old_dsize and fs_old_size fields for
compatibility with kernels that were compiled before the addition
of UFS2.
Reported by: Edward Tomasz Napiera
MFC after: 1 week
Any field that starts with # is a commented out field (there as a place
holder only, the data in that place holder is completely ignored). The
previous code improperly detected this using strcmp. Instead, any field
whose names starts with '#' is ignored.
Differential Reivsion: https://reviews.freebsd.org/D34633
named(8) hasn't been in base for some time. Remove all references to it in
manual pages.
Approved by: manpages (Pau Amma)
Differential Revision: https://reviews.freebsd.org/D35586
It may happen that "adjkerntz -a" called from jailed root crontab.
In that case it spams logs with a line:
sysctl(set: "machdep.wall_cmos_clock"): Operation not permitted
Be silent in that case.
MFC after: 1 month
The current situation is fairly confusing, where an integer is interpreted
as a percent until you slap a decimal on it and magically it becomes an
absolute value.
Let's have a flag day in 14.0 and remove this shim entirely. Setting with
percent can still be useful, so allow a trailing '%' to indicate as such.
As a side effect, we tighten down the format allowed in the volume a little
bit by ensuring there's no trailing garbage after the value once it's
separated into left and right components.
Reviewed by: christos, hselasky, pauamma_gundo.com (manpages)
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D35101
Honor -q parameter and do not display any warning messages when -q is
specified.
Approved by: dfr
MFC after: 2 weeks
Sponsored by: Resulta, s.r.o.
Differential Revision: https://reviews.freebsd.org/D35511
It may not be known at compile time so we should detect it at run time.
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35118
If isc-dhcp44-server is not installed (as is the case the project's CI
servers) we don't create ngctl.shutdown, causing the 'rm' to fail.
That in turn causes the cleanup function to return non-zero, which
causes kyua to consider the test failed.
Use 'rm -f' instead, so we don't error even if the file doesn't exist.
Sponsored by: Rubicon Communications, LLC ("Netgate")
They are no longer needed, but were likely missed simply because they
don't show up in a grep for 'mips'.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D35475
This avoids the need to drop into the ddb to figure out vnode
usage per file system. It helps to see if they are or are not
being freed. Suggestion to report active vnode count was from
kib@
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D35436
By analogy with IP address matching, add a way to use ipfw radix
tables for MAC matching. This is implemented using new ipfw table
with mac:radix type. Also there are src-mac and dst-mac lookup
commands added.
Usage example:
ipfw table 1 create type mac
ipfw table 1 add 11:22:33:44:55:66/48
ipfw add skipto tablearg src-mac 'table(1)'
ipfw add deny src-mac 'table(1, 100)'
ipfw add deny lookup dst-mac 1
Note: sysctl net.link.ether.ipfw=1 should be set to enable ipfw
filtering on L2.
Reviewed by: melifaro
Obtained from: Yandex LLC
MFC after: 1 month
Relnotes: yes
Sponsored by: Yandex LLC
Differential Revision: https://reviews.freebsd.org/D35103
mount_nfs creates entries in the mounttab file and umount removes
them. Entries in the mounttab file ae used by rpc.umntall to
notify the NFS server that NFSv3 entries need to be removed when
they have not been removed by umount.
Without this patch, an enty will be created in the mounttab file,
even if the nmount(2) syscall fails for the mount. This patch
modifies the code so that the mounttab entry is only created
after nmount(2) succeeds.
This change only affects NFSv3 and only affects how showmount
displays NFSv3 mounts.
MFC after: 2 weeks
Provide sticky ARP flag for network interface which marks it as the
"sticky" one similarly to what we have for bridges. Once interface is
marked sticky, any address resolved using the ARP will be saved as a
static one in the ARP table. Such functionality may be used to prevent
ARP spoofing or to decrease latencies in Ethernet networks.
The drawbacks include potential limitations in usage of ARP-based
load-balancers and high-availability solutions such as carp(4).
The implemented option is disabled by default, therefore should not
impact the default behaviour of the networking stack.
Sponsored by: Conclusive Engineering sp. z o.o.
Reviewed By: melifaro, pauamma_gundo.com
Differential Revision: https://reviews.freebsd.org/D35314
MFC after: 2 weeks
This tests both both normal (untagged), and pcp tagged (VLAN 0)
networks which are now common for fiber ISPs.
Reviewed by: markj, kp
Differential Revision: https://reviews.freebsd.org/D35178
/etc/rc.d/jail no longer creates /dev/log as a symbolic link since
commit 84b354cb9a.
PR: 228351
Reviewed by: jamie, mark
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D34563
