After going through the signal work list, during which do_sigwork()
is called and essentially does nothing because -s and -R were
specified on the command line, newsyslog will sleep for 10 seconds
as the (verbose) code says: "Pause 10 seconds to allow daemon(s)
to close log file(s)".
However, the man page verbiage for -R (and -s) seems quite clear
that this sleep() is unnecessary because the daemon was expected
to have already closed the log file before calling newsyslog.
PR: 210020
Submitted by: David A. Bright <david_a_bright@dell.com>
MFC after: 1 week
Sponsored by: Dell Inc.
Differential Revision: https://reviews.freebsd.org/D6727
The first file in these lists will generate everything else so only
it should be getting a .meta file. With bmake's missing=yes meta
feature these would otherwise cause a rebuild without the
.NOMETA hint.
Sponsored by: EMC / Isilon Storage Division
Install the blacklistd.conf man page, missed in the original commit.
Submitted by: Herbert J. Skuhra ( herbert at mailbox.org )
Reviewed by: rpaulo
Approved by: rpaulo
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D6702
for the CONFS issue with dma.conf and ppp.conf.
Thank you very much to Bryan Drewery for looking into the
problem and providing this fix.
Pointyhat: gjb
Sponsored by: The FreeBSD Foundation
Files listed in 'CONFS' are not properly included in new
installations (missing from base.txz), for reasons I still
do not fully understand.
This reverts the change excluding /etc/ppp/ppp.conf from
a new installation. /etc/dma/dma.conf is also affected,
but requires a different solution, still being investigated.
Reported by: Ben Woods
Sponsored by: The FreeBSD Foundation
If tzsetup UTC is run then it successfully configured the system for UTC
including installing /etc/localtime however if the user ran just tzsetup
for interactive configuration and select UTC no /etc/localtime was installed
which resulted in failures for utilities which require said file.
Change set_zone_utc to call install_zoneinfo("UTC") to ensure that
/etc/localtime is created for interactive UTC selection.
Users who have previously run tzsetup in interactive mode and select UTC
can install the missing /etc/localtime by running tzsetup -r.
Also correct static miss-match for set_zone_utc.
MFC after: 2 weeks
Relnotes: Yes
Sponsored by: Multiplay
Comparing a character array against NULL serves no purpose. In any case
we are always asigning a value just before using the value so obviate
the comparison altogether.
Reviewed by: ngie
Differential Revision: https://reviews.freebsd.org/D6651
CID: 1008422
In the event MK_INET6 != no in userspace, but is disabled in the
kernel, or if there aren't any IPv6 addresses configured in userspace
(for lo0 and all physical interfaces), rpcbind would terminate
immediately instead of silently failing on
Skip over the IPv6 block to its respective cleanup with freeifaddrs if
creating the socket failed instead of terminating rpcbind immediately
MFC after: 6 days
X-MFC with: r300932
Reported by: O. Hartmann <ohartman@zedat.fu-berlin.de>
Sponsored by: EMC / Isilon Storage Division
- getaddrinfo() sets res = NULL on failure and freeaddrinfo() always
dereferences its argument, so we should only free the address list after
a successful call.
- Address a second potential leak caused by getaddrinfo(AF_INET6)
overwriting the address list returned by getaddrinfo(AF_INET).
X-MFC-With: r300941
POSIX requires that the argument of dirname() is of type "char *". In
other words, the input buffer can be modified by the function to store
the directory name.
Pull a copy of the string before calling dirname(). We don't care about
freeing up the memory afterwards, as this is done at the very bottom of
main(), right before the program terminates.
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D6628
- malloc failing will result in a delayed segfault
- socket failing will result in delayed failures with setsockopt
Exit in the event that either of these high-level conditions are met.
Reported by: Coverity
CID: 976288, 976321, 976858
Sponsored by: EMC / Isilon Storage Division
When bhyve cannot open a backing file, it now says explicitly which file
could not be opened
Note that the change has only be maed in block_if.c and not in
pci_virtio_block.c as the error will always be catched by the first
PR: 202321 (different patch)
Reviewed by: grehan
MFC after: 3 day
Sponsored by: Gandi.net
Differential Revision: https://reviews.freebsd.org/D6576
Passing MAKEOBJDIRPREFIX to the main prog build (rescue) would confuse
WITH_AUTO_OBJ and cause it to create a recursed object directory that
then broke the actual prog build. This is normally not a problem since
we do not call 'make -f prog.mk obj' before building anything in it.
Crunchgen(1) also assumes that if -o is not passed then if an object
directory does not already exist then it should build in the source
directories. The normal buildworld process will have already ran 'make
obj' in each of the component directories so this is not a problem.
With WITH_AUTO_OBJ though this is not the case. So we must tell
crunchgen(1) that MK_AUTO_OBJ=yes will create the directory and to not
require it be present before generating its Makefile.
Sponsored by: EMC / Isilon Storage Division
The POSIX basename() function is allowed to modify its input buffer,
which means its argument is "char *". Pull a copy of the input string
before computing the base.
Reviewed by: jtl
Differential Revision: https://reviews.freebsd.org/D6465
At line 479 of ldapclient.c in client_build_req(), the error return
leaks ldap_attrs (CID 1340544). It looks like this can happen if
the first utoa() call in aldap_get_stringset() fails. It looks
like other leaks can happen if other utoa() calls fail since scanning
this array when it is freed stops when the first NULL is encountered.
Fix these problems by not storing NULL in the array when utoa()
fails, and by freeing ret and returning NULL if nothing is stored
in the array. That way the caller will never see the
ldap_attrs[0] == NULL case, so delete that check.
The ber_printf_element() calls ber_free_elements() on its ber
argument and returns NULL on failure. When each of its callers
detects failure, they do a goto fail, which then calls ber_free_elements()
with the same pointer (CID 1340543). Fix is to delete the
ber_free_elements() from ber_printf_element()
Reported by: Coverity
CID: 1340543, 1340544
Reviewed by: araujo
Differential Revision: https://reviews.freebsd.org/D6550
1199380 (Resource leak).
load_dsdt() calls strncpy() to copy a filename and Coverity warns
that the destination buffer may not be NUL terminated. Fix this
by using strlcpy() instead. If silent truncation occurs, then the
filename was not valid anyway.
load_dsdt() leaks an fd (CID 978405) and a memory region allocated
using mmap() (CID 1199380) when it returns. Fix these by calling
close() and munmap() as appropriate.
Don't bother fixing the minor memory leak "list", allocated by
AcGetAllTablesFromFile() (CID 1355191).
Check for truncation when creating the temp file name.
Set a flag to indicate that the temp file should be unlinked.
Relying on a strcmp() test could delete the input file in contrived
cases.
Reported by: Coverity
CID: 1011279, 978405, 1199380
Reviewed by: jkim
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D6368
Coverity reports that a buffer used for temporary file generation
might not be NUL terminated by strncpy(). This is probably not
true because the input gets passed through realpath(), but if the
path name is sufficiently long the name could be truncated and cause
other problems. The code for generating the temp file names is
also overly complex. Instead of a bunch of calls to strncpy() and
and strncat(), simplify the code by using snprintf() and add checks
for unexpected truncation.
The output file created by iasl -d is predictable. Fix this by
using mkdtemp() to create a directory to hold the iasl input and
output files.
Check the return values of more syscalls.
Reported by: Coverity
CID: 1011278
Reviewed by: jkim
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D6360
The length of the name returned from the $LOGNAME and $USER can be
very long and it was being concatenated to a fixed length buffer
with no bounds checking. Fix this problem by limiting the length
of the name copied.
Additionally, this name is actually used to create a format string
to be used in adding log file entries so embedded % characters in
the name could confuse *printf(), and embedded whitespace could
confuse a log file parser. Handle the former by escaping each %
with an additional %, and handle the latter by simply stripping it
out.
Clean up the code by moving the variable declarations to the top
of the function, formatting them to conform with style, and moving
intialization elsewhere.
Reduce code indentation by returning early in a couple of places.
Reported by: Coverity
CID: 1006692
Reviewed by: markj (previous version)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D6490
The currently used idiom for clearing the part of a ccb after its
header generates one or two Coverity errors for each time it is
used. All instances generate an Out-of-bounds access (ARRAY_VS_SINGLETON)
error because of the treatment of the header as a two element array,
with a pointer to the non-existent second element being passed as
the starting address to bzero(). Some instances also alsp generate
Out-of-bounds access (OVERRUN) errors, probably because the space
being cleared is larger than the sizeofstruct ccb_hdr).
In addition, this idiom is difficult for humans to understand and
it is error prone. The user has to chose the proper struct ccb_*
type (which does not appear in the surrounding code) for the sizeof()
in the length calculation. I found several instances where the
length was incorrect, which could cause either an actual out of
bounds write, or incompletely clear the ccb.
A better way is to write the code to clear the ccb itself starting
at sizeof(ccb_hdr) bytes from the start of the ccb, and calculate
the length based on the specific type of struct ccb_* being cleared
as specified by the union ccb member being used. The latter can
normally be seen in the nearby code. This is friendlier for Coverity
and other static analysis tools because they will see that the
intent is to clear the trailing part of the ccb.
Wrap all of the boilerplate code in a convenient macro that only
requires a pointer to the desired union ccb member (or a pointer
to the union ccb itself) as an argument.
Reported by: Coverity
CID: 1007578, 1008684, 1009724, 1009773, 1011304, 1011306
CID: 1011307, 1011308, 1011309, 1011310, 1011311, 1011312
CID: 1011313, 1011314, 1011315, 1011316, 1011317, 1011318
CID: 1011319, 1011320, 1011321, 1011322, 1011324, 1011325
CID: 1011326, 1011327, 1011328, 1011329, 1011330, 1011374
CID: 1011390, 1011391, 1011392, 1011393, 1011394, 1011395
CID: 1011396, 1011397, 1011398, 1011399, 1011400, 1011401
CID: 1011402, 1011403, 1011404, 1011405, 1011406, 1011408
CID: 1011409, 1011410, 1011411, 1011412, 1011413, 1011414
CID: 1017461, 1018387, 1086860, 1086874, 1194257, 1229897
CID: 1229968, 1306229, 1306234, 1331282, 1331283, 1331294
CID: 1331295, 1331535, 1331536, 1331539, 1331540, 1341623
CID: 1341624, 1341637, 1341638, 1355264, 1355324
Reviewed by: scottl, ken, delphij, imp
MFH: 1 month
Differential Revision: https://reviews.freebsd.org/D6496
Do not set canmount=noauto on the boot environment at create time, because
this causes / to not be mounted, and since the chroot is read only, new
mountpoints cannot be created.
The property is set later, when other properties are adjusted
Reported by: HardenedBSD
Sponsored by: ScaleEngine Inc.
In this configuration, a separate bootpool is not required.
This allows ZFS Boot Environments to be used with GELI encrypted ZFS pools.
Support for GPT+EFI+GELI is planned for the future.
Tested by: Joseph Mingrone, HardenedBSD
Relnotes: yes
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D5869
As a positive side-effect, this eliminates the double semicolons reported by Coverity:
the macro contained a trailing semicolon, in addition to the semicolon placed on
each line where EXPAND(..) was called.
MFC after: 1 week
Reported by: Coverity
CID: 1194269
Sponsored by: EMC / Isilon Storage Division
The root file system is mounted early via vfs.root.mountfrom.
The canmount=noauto property only affects the zfs rc.d script.
This ensures that the 'default' BE is not mounted overtop of another BE when
one is selected from the beastie menu
Sponsored by: ScaleEngine Inc.
periodic(8) already handles the security_show_{success,info,badconfig}
variables correctly. However, those variables aren't explicitly set in
/etc/defaults/periodic.conf or anywhere else, which suggests to the user
that they shouldn't be used.
etc/defaults/periodic.conf
Explicitly set defaults for security_show_{success,info,badconfig}
usr.sbin/periodic/periodic.sh
Update usage string
usr.sbin/periodic/periodic.8
Minor man page updates
One thing I'm _not_ doing is recommending setting security_output to
/var/log/security.log or adding that file to /etc/newsyslog.conf, because
periodic(8) would create it with default permissions, usually 644, and
that's probably a bad idea.
Reviewed by: brd
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D6477
usr.sbin/camdd/camdd.c:
In camdd_probe_file(), fix an error case after fstat where
we were bailing out and leaving two lines of cleanup code
unexecuted. Instead, just goto bailout_error.
In camdd_probe_pass(), fail if the sector size is 0.
Sponsored by: Spectra Logic
MFC after: 3 days
This change includes support for SCSI SMR drives (which conform to the
Zoned Block Commands or ZBC spec) and ATA SMR drives (which conform to
the Zoned ATA Command Set or ZAC spec) behind SAS expanders.
This includes full management support through the GEOM BIO interface, and
through a new userland utility, zonectl(8), and through camcontrol(8).
This is now ready for filesystems to use to detect and manage zoned drives.
(There is no work in progress that I know of to use this for ZFS or UFS, if
anyone is interested, let me know and I may have some suggestions.)
Also, improve ATA command passthrough and dispatch support, both via ATA
and ATA passthrough over SCSI.
Also, add support to camcontrol(8) for the ATA Extended Power Conditions
feature set. You can now manage ATA device power states, and set various
idle time thresholds for a drive to enter lower power states.
Note that this change cannot be MFCed in full, because it depends on
changes to the struct bio API that break compatilibity. In order to
avoid breaking the stable API, only changes that don't touch or depend on
the struct bio changes can be merged. For example, the camcontrol(8)
changes don't depend on the new bio API, but zonectl(8) and the probe
changes to the da(4) and ada(4) drivers do depend on it.
Also note that the SMR changes have not yet been tested with an actual
SCSI ZBC device, or a SCSI to ATA translation layer (SAT) that supports
ZBC to ZAC translation. I have not yet gotten a suitable drive or SAT
layer, so any testing help would be appreciated. These changes have been
tested with Seagate Host Aware SATA drives attached to both SAS and SATA
controllers. Also, I do not have any SATA Host Managed devices, and I
suspect that it may take additional (hopefully minor) changes to support
them.
Thanks to Seagate for supplying the test hardware and answering questions.
sbin/camcontrol/Makefile:
Add epc.c and zone.c.
sbin/camcontrol/camcontrol.8:
Document the zone and epc subcommands.
sbin/camcontrol/camcontrol.c:
Add the zone and epc subcommands.
Add auxiliary register support to build_ata_cmd(). Make sure to
set the CAM_ATAIO_NEEDRESULT, CAM_ATAIO_DMA, and CAM_ATAIO_FPDMA
flags as appropriate for ATA commands.
Add a new get_ata_status() function to parse ATA result from SCSI
sense descriptors (for ATA passthrough over SCSI) and ATA I/O
requests.
sbin/camcontrol/camcontrol.h:
Update the build_ata_cmd() prototype
Add get_ata_status(), zone(), and epc().
sbin/camcontrol/epc.c:
Support for ATA Extended Power Conditions features. This includes
support for all features documented in the ACS-4 Revision 12
specification from t13.org (dated February 18, 2016).
The EPC feature set allows putting a drive into a power power mode
immediately, or setting timeouts so that the drive will
automatically enter progressively lower power states after various
idle times.
sbin/camcontrol/fwdownload.c:
Update the firmware download code for the new build_ata_cmd()
arguments.
sbin/camcontrol/zone.c:
Implement support for Shingled Magnetic Recording (SMR) drives
via SCSI Zoned Block Commands (ZBC) and ATA Zoned Device ATA
Command Set (ZAC).
These specs were developed in concert, and are functionally
identical. The primary differences are due to SCSI and ATA
differences. (SCSI is big endian, ATA is little endian, for
example.)
This includes support for all commands defined in the ZBC and
ZAC specs.
sys/cam/ata/ata_all.c:
Decode a number of additional ATA command names in ata_op_string().
Add a new CCB building function, ata_read_log().
Add ata_zac_mgmt_in() and ata_zac_mgmt_out() CCB building
functions. These support both DMA and NCQ encapsulation.
sys/cam/ata/ata_all.h:
Add prototypes for ata_read_log(), ata_zac_mgmt_out(), and
ata_zac_mgmt_in().
sys/cam/ata/ata_da.c:
Revamp the ada(4) driver to support zoned devices.
Add four new probe states to gather information needed for zone
support.
Add a new adasetflags() function to avoid duplication of large
blocks of flag setting between the async handler and register
functions.
Add new sysctl variables that describe zone support and paramters.
Add support for the new BIO_ZONE bio, and all of its subcommands:
DISK_ZONE_OPEN, DISK_ZONE_CLOSE, DISK_ZONE_FINISH, DISK_ZONE_RWP,
DISK_ZONE_REPORT_ZONES, and DISK_ZONE_GET_PARAMS.
sys/cam/scsi/scsi_all.c:
Add command descriptions for the ZBC IN/OUT commands.
Add descriptions for ZBC Host Managed devices.
Add a new function, scsi_ata_pass() to do ATA passthrough over
SCSI. This will eventually replace scsi_ata_pass_16() -- it
can create the 12, 16, and 32-byte variants of the ATA
PASS-THROUGH command, and supports setting all of the
registers defined as of SAT-4, Revision 5 (March 11, 2016).
Change scsi_ata_identify() to use scsi_ata_pass() instead of
scsi_ata_pass_16().
Add a new scsi_ata_read_log() function to facilitate reading
ATA logs via SCSI.
sys/cam/scsi/scsi_all.h:
Add the new ATA PASS-THROUGH(32) command CDB. Add extended and
variable CDB opcodes.
Add Zoned Block Device Characteristics VPD page.
Add ATA Return SCSI sense descriptor.
Add prototypes for scsi_ata_read_log() and scsi_ata_pass().
sys/cam/scsi/scsi_da.c:
Revamp the da(4) driver to support zoned devices.
Add five new probe states, four of which are needed for ATA
devices.
Add five new sysctl variables that describe zone support and
parameters.
The da(4) driver supports SCSI ZBC devices, as well as ATA ZAC
devices when they are attached via a SCSI to ATA Translation (SAT)
layer. Since ZBC -> ZAC translation is a new feature in the T10
SAT-4 spec, most SATA drives will be supported via ATA commands
sent via the SCSI ATA PASS-THROUGH command. The da(4) driver will
prefer the ZBC interface, if it is available, for performance
reasons, but will use the ATA PASS-THROUGH interface to the ZAC
command set if the SAT layer doesn't support translation yet.
As I mentioned above, ZBC command support is untested.
Add support for the new BIO_ZONE bio, and all of its subcommands:
DISK_ZONE_OPEN, DISK_ZONE_CLOSE, DISK_ZONE_FINISH, DISK_ZONE_RWP,
DISK_ZONE_REPORT_ZONES, and DISK_ZONE_GET_PARAMS.
Add scsi_zbc_in() and scsi_zbc_out() CCB building functions.
Add scsi_ata_zac_mgmt_out() and scsi_ata_zac_mgmt_in() CCB/CDB
building functions. Note that these have return values, unlike
almost all other CCB building functions in CAM. The reason is
that they can fail, depending upon the particular combination
of input parameters. The primary failure case is if the user
wants NCQ, but fails to specify additional CDB storage. NCQ
requires using the 32-byte version of the SCSI ATA PASS-THROUGH
command, and the current CAM CDB size is 16 bytes.
sys/cam/scsi/scsi_da.h:
Add ZBC IN and ZBC OUT CDBs and opcodes.
Add SCSI Report Zones data structures.
Add scsi_zbc_in(), scsi_zbc_out(), scsi_ata_zac_mgmt_out(), and
scsi_ata_zac_mgmt_in() prototypes.
sys/dev/ahci/ahci.c:
Fix SEND / RECEIVE FPDMA QUEUED in the ahci(4) driver.
ahci_setup_fis() previously set the top bits of the sector count
register in the FIS to 0 for FPDMA commands. This is okay for
read and write, because the PRIO field is in the only thing in
those bits, and we don't implement that further up the stack.
But, for SEND and RECEIVE FPDMA QUEUED, the subcommand is in that
byte, so it needs to be transmitted to the drive.
In ahci_setup_fis(), always set the the top 8 bits of the
sector count register. We need it in both the standard
and NCQ / FPDMA cases.
sys/geom/eli/g_eli.c:
Pass BIO_ZONE commands through the GELI class.
sys/geom/geom.h:
Add g_io_zonecmd() prototype.
sys/geom/geom_dev.c:
Add new DIOCZONECMD ioctl, which allows sending zone commands to
disks.
sys/geom/geom_disk.c:
Add support for BIO_ZONE commands.
sys/geom/geom_disk.h:
Add a new flag, DISKFLAG_CANZONE, that indicates that a given
GEOM disk client can handle BIO_ZONE commands.
sys/geom/geom_io.c:
Add a new function, g_io_zonecmd(), that handles execution of
BIO_ZONE commands.
Add permissions check for BIO_ZONE commands.
Add command decoding for BIO_ZONE commands.
sys/geom/geom_subr.c:
Add DDB command decoding for BIO_ZONE commands.
sys/kern/subr_devstat.c:
Record statistics for REPORT ZONES commands. Note that the
number of bytes transferred for REPORT ZONES won't quite match
what is received from the harware. This is because we're
necessarily counting bytes coming from the da(4) / ada(4) drivers,
which are using the disk_zone.h interface to communicate up
the stack. The structure sizes it uses are slightly different
than the SCSI and ATA structure sizes.
sys/sys/ata.h:
Add many bit and structure definitions for ZAC, NCQ, and EPC
command support.
sys/sys/bio.h:
Convert the bio_cmd field to a straight enumeration. This will
yield more space for additional commands in the future. After
change r297955 and other related changes, this is now possible.
Converting to an enumeration will also prevent use as a bitmask
in the future.
sys/sys/disk.h:
Define the DIOCZONECMD ioctl.
sys/sys/disk_zone.h:
Add a new API for managing zoned disks. This is very close to
the SCSI ZBC and ATA ZAC standards, but uses integers in native
byte order instead of big endian (SCSI) or little endian (ATA)
byte arrays.
This is intended to offer to the complete feature set of the ZBC
and ZAC disk management without requiring the application developer
to include SCSI or ATA headers. We also use one set of headers
for ioctl consumers and kernel bio-level consumers.
sys/sys/param.h:
Bump __FreeBSD_version for sys/bio.h command changes, and inclusion
of SMR support.
usr.sbin/Makefile:
Add the zonectl utility.
usr.sbin/diskinfo/diskinfo.c
Add disk zoning capability to the 'diskinfo -v' output.
usr.sbin/zonectl/Makefile:
Add zonectl makefile.
usr.sbin/zonectl/zonectl.8
zonectl(8) man page.
usr.sbin/zonectl/zonectl.c
The zonectl(8) utility. This allows managing SCSI or ATA zoned
disks via the disk_zone.h API. You can report zones, reset write
pointers, get parameters, etc.
Sponsored by: Spectra Logic
Differential Revision: https://reviews.freebsd.org/D6147
Reviewed by: wblock (documentation)
The CMSG_ family of macros take care of alignment, so we don't need r299830
at all, even if it was correct. Put NO_WCAST_ALIGN into Makefile.
Together with: peter
The generation number is uint32_t so we can fit the complete range
of random(3). We could have used arc4random() but the result would
be unpredictable and it would prohibit reproducible builds.
While here add a comment where seeding is done: this affects
reproducible builds and might have to be re-visited to use a
release dependent value.
MFC after: 2 weeks
rework might be needed to support asymetrical limits, but this should be
ok for now.
Obtained from: Mellanox Technologies (earlier version)
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
freeaddrinfo() on it to indicate that it doesn't point to a valid
addrinfo list. This fixes this Coverity issues:
1006368 Uninitialized pointer read
1018506 Double free
1305590 Resource leak
that can be triggered in the hp->hostname[0] != '\0' case.
Don't treat a character as a boolean.
Fix these Coverity issues:
1009293 Unchecked return value from library
1194246 Wrong size argument
by tweaking the status file extend code.
Reported by: Coverity
CID: 1006368, 1018506, 1305590, 1009293, 1194246
Reviewed by: rmacklem
Feedback from: hrs
MFC after: 1 week
Differential Revision: D6398
previous line to prevent buffer overflow. This turns out to not be
important because the upstream xdr code already capped the object
size at the proper value. Using the correct limit here looks a lot
less scary and should please Coverity.
Reported by: Coverity
CID: 1199309, 1199310
MFC after: 1 week
some kind of UTF-8 validation, but actually didn't, but instead, for
malformed UTF-8 input, caused buffer overruns in some cases and caused
skipping of valid ASCII characters in other cases.
Obtained from: OpenBSD (cvs 1.32)
Similar to r299802, it was noted that using nitems on scalar pointers is
invalid.
Use strdup instead of malloc + strlcpy (which is what the old code was doing
anyhow).
MFC after: 1 week
Pointyhat to: ngie
Sponsored by: EMC / Isilon Storage Division
nitems was wrong too, as it was being tested against a pointer instead of a buffer on
the stack.
Since the old code was just doing malloc, then strlcpy'ing the contents of the source
buffer into the destination buffer, replace it all with a call to strdup..
Reported by: bde
MFC after: 1 week
X-MFC with: r299764, r299770
Supersized Duncecap to: ngie
Sponsored by: EMC / Isilon Storage Division
get_token(..) returns int32_t, not enum tok, and in many cases tests for items
not in enum tok (e.g. '('). Make the typing consistent with get_token, which
includes a domino effect of changing enum tok to int32_t.
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
- Save errno
- Set errno to 0
- Call strtoul
- Test errno (optional, but many calls to strtoul did this afterwards)
Some of the code was setting errno = 0 after calling strtoul, not setting
errno = 0, or setting errno to saved_errno after the call, but before the
test. These all have unwanted behavioral side-effects, depending on the
initial value of errno and whether or not the input to strtoul was correct
or incorrect.
MFC after: 3 weeks
Sponsored by: EMC / Isilon Storage Division
How errno is saved before and restored after strtoul calls needs a rethink
MFC after: 1 week
Reported by: gcc 5.x
Sponsored by: EMC / Isilon Storage Division
I meant to use nitems, not sizeof(..) with the destination buffer. Using sizeof(..)
on a pointer will always truncate the output in the destination buffer incorrectly
Pointyhat to: ngie
MFC after: 1 week
X-MFC with: r299764
Sponsored by: EMC / Isilon Storage Division
rc cannot be negative -- that was already tested for earlier on in
the function
MFC after: 1 week
Reported by: clang, gcc
Sponsored by: EMC / Isilon Storage Division
parse_context, parse_user_security: test for validity of results from
parse_ascii(..) with by casting to int32_t and comparing to -1; comparing
unsigned types to negative values will always be false.
Reported by: clang, Coverity
CID: 1011432, 1011433
MFC after: 3 weeks
Sponsored by: EMC / Isilon Storage Division
Increase the size of `string` by 1 to account for the '\0' terminator. In the event
that `str` doesn't contain any non-alpha chars, i would be set to MAXSTR, and
the subsequent strlcpy call would overflow by a character.
Remove unnecessary `string[i] = '\0'` -- this is already handled by strlcpy.
MFC after: 1 week
Reported by: clang
Sponsored by: EMC / Isilon Storage Division
Technically this is a no-op, but mute the clang warning in case the malloc call
above for fstring ever changes in the future
Reported by: clang
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
This is a no-op as the malloc above set the size of the buffer to the size used
below, but this keeps things consistent in case the malloc call changes somehow.
MFC after: 1 week
Reported by: clang
Sponsored by: EMC / Isilon Storage Division
The "- 1" is there specifically to enable checking for NUL termination.
I should also admit the rest change was mostly cosmetic and the
overruns can't occur in practice: still I leave them to pacify
static analyzers.
Pointed out by: bde
- By definition, `enum snmp_tc` can't be false (the implied starting sequence
index for the enum is 0). Don't test for it being < 0.
- Staticize `struct snmp_text_conv` to mute a -Wmissing-variable-declarations
warning from clang.
- Remove set but unused variable, ptr, in parse_bridge_id(..) and
parse_bport_id(..) to mute warning from gcc 4.9+.
- Mark value and string unused in snmp_inetaddr2oct(..) and parse_inetaddr(..)
as they're just stub functions.
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
It was used in bsnmpmap.c but was stored in bsnmptools.c; moving the extern
to the header allows us to cover all of our bases for the variable, and allows
_bsnmptools_debug to be used in the future elsewhere -- not just bsnmpmap.c.
MFC after: 3 weeks
Sponsored by: EMC / Isilon Storage Division
may make Coverity think that other negative values of cmd (used
as an index) are possible. Testing < 0 is a more common idiom
in any case.
Reported by: Coverity
CID: 1305629
NUL terminated. The source and destination buffers are the same
size and the source *should* be NUL terminated, but be paranoid.
Reported by: Coverity
CID: 1011274
MFC after: 1 week
terminated. Don't bother checking for truncation since the subsequent
quota_read() should detect that and fail.
Reported by: Coverity
CID: 1009980
MFC after: 1 week
ensure that the latter is NUL terminated since it is passed
as an argument to *printf().
Warn about NIS domains that are too long.
Reported by: Coverity
CID: 1009620, 1009621
MFH: 1 week
cm_send() closes 'fd' on error. In that case, bail out early without trying to
recv from or close 'fd' again.
Reported by: Coverity
CID: 1006078
Sponsored by: EMC / Isilon Storage Division
This whole block of code as committed fully formed in r224144. I'm not really
sure what the intent was, but it seems plausible that !persist ifis could need
other member cleanup. Don't free the object until after we've finished
cleaning its members.
Reported by: Coverity
CID: 1006079
Sponsored by: EMC / Isilon Storage Division
Check against the size of the struct, not the pointer. Previously, a message
with a cm_len between 9 and 23 (inclusive) could cause int msglen to underflow
and read(2) to be invoked with msglen size (implicitly cast to signed),
overrunning the caller-provided buffer.
All users of cm_recv() supply a stack buffer.
On the other hand, the rtadvd control socket appears to only be writable by the
owner, who is probably root.
While here, correct some types to be size_t or ssize_t.
Reported by: Coverity
CID: 1008477
Security: unix socket remotes may overflow stack in rtadvd
Sponsored by: EMC / Isilon Storage Division
In the case that the subsequent sysctl(3) call failed, 'buf' could be free(3)ed
repeatedly. It isn't clear to me that that case is possible, but be clear and
do the right thing in case it is.
Reported by: Coverity
CID: 272537
Sponsored by: EMC / Isilon Storage Division
Coverity really should have figured this out from the exit(3) call at the end
of the routine, but just make it explicit.
No functional change.
Reported by: Coverity
CID: 1304866 (false positive double-close of 'baz')
Sponsored by: EMC / Isilon Storage Division
after r298107
Summary of changes:
- Replace all instances of FILES/TESTS with ${PACKAGE}FILES. This ensures that
namespacing is kept with FILES appropriately, and that this shouldn't need
to be repeated if the namespace changes -- only the definition of PACKAGE
needs to be changed
- Allow PACKAGE to be overridden by callers instead of forcing it to always be
`tests`. In the event we get to the point where things can be split up
enough in the base system, it would make more sense to group the tests
with the blocks they're a part of, e.g. byacc with byacc-tests, etc
- Remove PACKAGE definitions where possible, i.e. where FILES wasn't used
previously.
- Remove unnecessary TESTSPACKAGE definitions; this has been elided into
bsd.tests.mk
- Remove unnecessary BINDIRs used previously with ${PACKAGE}FILES;
${PACKAGE}FILESDIR is now automatically defined in bsd.test.mk.
- Fix installation of files under data/ subdirectories in lib/libc/tests/hash
and lib/libc/tests/net/getaddrinfo
- Remove unnecessary .include <bsd.own.mk>s (some opportunistic cleanup)
Document the proposed changes in share/examples/tests/tests/... via examples
so it's clear that ${PACKAGES}FILES is the suggested way forward in terms of
replacing FILES. share/mk/bsd.README didn't seem like the appropriate method
of communicating that info.
MFC after: never probably
X-MFC with: r298107
PR: 209114
Relnotes: yes
Tested with: buildworld, installworld, checkworld; buildworld, packageworld
Sponsored by: EMC / Isilon Storage Division
Two new functions are provided, bit_ffs_at() and bit_ffc_at(), which allow
for efficient searching of set or cleared bits starting from any bit offset
within the bit string.
Performance is improved by operating on longs instead of bytes and using
ffsl() for searches within a long. ffsl() is a compiler builtin in both
clang and gcc for most architectures, converting what was a brute force
while loop search into a couple of instructions.
All of the bitstring(3) API continues to be contained in the header file.
Some of the functions are large enough that perhaps they should be uninlined
and moved to a library, but that is beyond the scope of this commit.
sys/sys/bitstring.h:
Convert the majority of the existing bit string implementation from
macros to inline functions.
Properly protect the implementation from inadvertant macro expansion
when included in a user's program by prefixing all private
macros/functions and local variables with '_'.
Add bit_ffs_at() and bit_ffc_at(). Implement bit_ffs() and
bit_ffc() in terms of their "at" counterparts.
Provide a kernel implementation of bit_alloc(), making the full API
usable in the kernel.
Improve code documenation.
share/man/man3/bitstring.3:
Add pre-exisiting API bit_ffc() to the synopsis.
Document new APIs.
Document the initialization state of the bit strings
allocated/declared by bit_alloc() and bit_decl().
Correct documentation for bitstr_size(). The original code comments
indicate the size is in bytes, not "elements of bitstr_t". The new
implementation follows this lead. Only hastd assumed "elements"
rather than bytes and it has been corrected.
etc/mtree/BSD.tests.dist:
tests/sys/Makefile:
tests/sys/sys/Makefile:
tests/sys/sys/bitstring.c:
Add tests for all existing and new functionality.
include/bitstring.h
Include all headers needed by sys/bitstring.h
lib/libbluetooth/bluetooth.h:
usr.sbin/bluetooth/hccontrol/le.c:
Include bitstring.h instead of sys/bitstring.h.
sbin/hastd/activemap.c:
Correct usage of bitstr_size().
sys/dev/xen/blkback/blkback.c
Use new bit_alloc.
sys/kern/subr_unit.c:
Remove hard-coded assumption that sizeof(bitstr_t) is 1. Get rid of
unrb.busy, which caches the number of bits set in unrb.map. When
INVARIANTS are disabled, nothing needs to know that information.
callapse_unr can be adapted to use bit_ffs and bit_ffc instead.
Eliminating unrb.busy saves memory, simplifies the code, and
provides a slight speedup when INVARIANTS are disabled.
sys/net/flowtable.c:
Use the new kernel implementation of bit-alloc, instead of hacking
the old libc-dependent macro.
sys/sys/param.h
Update __FreeBSD_version to indicate availability of new API
Submitted by: gibbs, asomers
Reviewed by: gibbs, ngie
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D6004
extattr/rmextattr.c
When printing hex output, treat all attribute values as unsigned
char arrays instead of sign extending them to 32 bit values.
extattr/tests/extattr_test.sh
Add a regression test
PR: 209039
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Add the -i option to setextattr. This option allow extended attribute data
to be provided via stdin. Add a -qq option to getextattr, which omits the
trailing newline. Together these options can be used to work with extended
attributes whose values are large and/or binary.
usr.sbin/extattr/Makefile:
Link against libsbuf which is used for processing stdin data.
usr.sbin/extattr/rmextattr.8:
Document setextattr's -i option, getextattr's -qq option, and remove
the BUG about setextattr only being useful for strings.
usr.sbin/extattr/rmextattr.c:
For setextattr operations, buffer attribute data in an sbuf. If -i
is specified, pull the data from stdin, otherwise from the
appropriate argurment.
Update usage text and argument validation code for setextattr's -i
option.
usr.sbin/extattr/tests/extattr_test.sh
Add tests for -q and -i.
Reviewed by: wblock (manpage)
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D6090
Fix a related typo while here.
Note, this change results in the Kyuafile inclusion in the runtime
package, which needs to be fixed, however addresses the PR as far
as I can tell in my tests.
PR: 209114
Submitted by: ngie
Sponsored by: The FreeBSD Foundation
Instead of copy-pasting the string literal for "UTC" 3 times and using
strlen, use a static char[3] buffer and sizeof(..).
MFC after: 3 days
X-MFC with: r298507
Submitted by: kib
Sponsored by: EMC / Isilon Storage Division
usr.sbin/extattr/tests/Makefile
Add boiler plate required by 298107 but omitted by 298483. These
two changes passed through CR in parallel. I think this should get
the full test suite running in Jenkins again.
MFC after: 22 days
X-MFC-with: 298483
Sponsored by: Spectra Logic Corp
'devctl delete' can be used to delete a device that is no longer present.
As an anti-foot-shooting measure, 'delete' will not delete a device
unless it's parent bus says it is no longer present. This can be
overridden by passing the force ('-f') flag.
Note that this command should be used with care. If a device is deleted
that is actually present it can't be resurrected unless the parent bus
device's driver supports rescans.
Differential Revision: https://reviews.freebsd.org/D6019
The BUS_RESCAN() method rescans a single bus device checking for devices
that have been added or removed from the bus. A new 'rescan' command is
added to devctl(8) to trigger a rescan.
Differential Revision: https://reviews.freebsd.org/D6016
The POSIX version of basename() doesn't use a 'const char *' argument;
the function may overwrite its input buffer. Instead of copying the
input string, let's just simplify this code by using our getprogname()
function that already returns the name of the application in the right
format.
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D6094
sysvmsg, sysvsem, and sysvshm, with the following bahavior:
inherit: allow full access to the IPC primitives. This is the same as
the current setup with allow.sysvipc is on. Jails and the base system
can see (and moduly) each other's objects, which is generally considered
a bad thing (though may be useful in some circumstances).
disable: all no access, same as the current setup with allow.sysvipc off.
new: A jail may see use the IPC objects that it has created. It also
gets its own IPC key namespace, so different jails may have their own
objects using the same key value. The parent jail (or base system) can
see the jail's IPC objects, but not its keys.
PR: 48471
Submitted by: based on work by kikuchan98@gmail.com
MFC after: 5 days
Previously, many errors (such as the PCI device not being attached
to the ppt(4) driver) resulted in bhyve silently exiting without
starting the virtual machine. Now any errors encountered when
configuring a virtual slot for a PCI passthru device should be noted
on stderr.
Reviewed by: neel
Differential Revision: https://reviews.freebsd.org/D5990
Installs both pmbr+gptzfsboot as well as boot1.efifat in separate partitions
The resulting system can be booted with either UEFI or BIOS/CSM.
Preference is controlled by the user's firmware boot settings.
This is now the default for zfsboot installs
PR: 208629
Submitted by: Galael LAPLANCHE <ganael.laplanche@corp.ovh.com> (original version)
fgetln(3) will returns NULL if cannot get a line from a stream.
strsep(3) it will returns NULL if the end of the string was reached.
jemalloc(3) malloc will returns NULL if it cannot allocate memory.
fgetln(3) it will returns NULL if it cannot get a line from a stream.
MFC after: 4 weeks
fopen(3) returns NULL in case it can't open the STREAM.
fgetln(3) returns NULL if it can't get a line from a STREAM.
malloc returns NULL if it can't allocate memory.
fopen(3) will return NULL in case it can't open the STREAM.
The malloc will return a pointer to the allocated memory if successful,
otherwise a NULL pointer is returned.
Also add an extra DEBUG1 to print out the error to open a file.
Reviewed by: ed
Differential Revision: https://svnweb.freebsd.org/changeset/base/297959
If the PBA shares a page with the MSI-X table, map the shared page via
/dev/mem and emulate accesses to the portion of the PBA in the shared
page by accessing the mapped page.
Reviewed by: grehan
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D5919
If a user requested encrypted swap, but 0 sized, it would still be added to fstab
PR: 208630
Submitted by: Ganael LAPLANCHE <ganael.laplanche@corp.ovh.com>
MFC after: 2 weeks
Sponsored by: ScaleEngine Inc.
We were setting an incorrect/undefined size and as it came out the st
struct was not really being used at all. This was actually a bug but
by sheer luck it had no visual effect.
CID: 1194320
Reviewed by: grehan
ncq was not being inititialized properly but it was not actually
necessary either, so make the code smaller by removing it.
CID: 1248842
Reviewed by: grehan
- Group the output so that it follows the capability register set more
closely. The first line now contains device information and the
second line contains link information. As a result, ARI status is now
output on the first line, and the link width is moved down to the second
line of link information.
- Only read the DEVICE_CAP2 register to check for ARI if the capability
version is >= 2.
- Don't output any link information if the link capability and status
registers are zero.
- Label the MSI interrupt index value as "MSI" instead of "IRQ".
case 'g' makes use of value n, which is initialized for case 'b'
and passe through to case 'g'. If case 'g' is called directly
value 'n' is not initialized.
Avoid the issue by initializing n before entering the switch.
CID: 1006375
Reviewed by: bms
On some architectures, u_long isn't large enough for resource definitions.
Particularly, powerpc and arm allow 36-bit (or larger) physical addresses, but
type `long' is only 32-bit. This extends rman's resources to uintmax_t. With
this change, any resource can feasibly be placed anywhere in physical memory
(within the constraints of the driver).
Why uintmax_t and not something machine dependent, or uint64_t? Though it's
possible for uintmax_t to grow, it's highly unlikely it will become 128-bit on
32-bit architectures. 64-bit architectures should have plenty of RAM to absorb
the increase on resource sizes if and when this occurs, and the number of
resources on memory-constrained systems should be sufficiently small as to not
pose a drastic overhead. That being said, uintmax_t was chosen for source
clarity. If it's specified as uint64_t, all printf()-like calls would either
need casts to uintmax_t, or be littered with PRI*64 macros. Casts to uintmax_t
aren't horrible, but it would also bake into the API for
resource_list_print_type() either a hidden assumption that entries get cast to
uintmax_t for printing, or these calls would need the PRI*64 macros. Since
source code is meant to be read more often than written, I chose the clearest
path of simply using uintmax_t.
Tested on a PowerPC p5020-based board, which places all device resources in
0xfxxxxxxxx, and has 8GB RAM.
Regression tested on qemu-system-i386
Regression tested on qemu-system-mips (malta profile)
Tested PAE and devinfo on virtualbox (live CD)
Special thanks to bz for his testing on ARM.
Reviewed By: bz, jhb (previous)
Relnotes: Yes
Sponsored by: Alex Perez/Inertial Computing
Differential Revision: https://reviews.freebsd.org/D4544
The buffer length should be checked to avoid overflow, but there
is no API to get the slot length, so the hardcoded value is used.
Return the currently-first request chain back to the available
queue if there are no more packets.
Report the link as up if we managed to open vale port.
Use consistent coding style.
Submitted by: btw
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D5595
- Try to guess what is provided as a pin spec for -t or for get/set
operation: number or name. Fails in case of ambiguity.
- Add -p and -N switches to force pin specification interpretation:
-p forces spec to be pin number, -N forces it to be name
Submitted by: Emmanuel Vadot <manu@bidouilliste.com>
Differential Revision: https://reviews.freebsd.org/D5201
