Commit Graph

237675 Commits

Author SHA1 Message Date
Kevin Bowling
0d909f4ccf powerpc64: reduce GENERIC64 diff versus amd64 GENERIC
Reviewed by:	jhibbits
Approved by:	timur (mentor)
Differential Revision:	https://reviews.freebsd.org/D17515
2018-11-13 09:19:07 +00:00
Kyle Evans
75beb4d46a Add dynamic_kenv assertion to init_static_kenv
Both to formally document the requirement that this not be called after the
dynamic kenv is setup, and to perhaps help static analyzers figure out
what's going on. While calling init_static_kenv this late isn't fatal, there
are some caveats that the caller should be aware of:

- Late calls are effectively a no-op, as far as default FreeBSD is
concerned, as everything will switch to searching the dynamic kenv once it's
available.

- Each of the kern_getenv calls will leak memory, as it's assumed that
these are searching static environment and allocations will not be made.

As such, this usage is not sensible and should be detected.
2018-11-13 04:34:30 +00:00
Ed Maste
7ee126159f Revert r340385, strings capability mode
This needs to be reworked for bootstrapping.
2018-11-13 01:30:31 +00:00
Kyle Evans
851f1a1121 Fix test-dts{,o} targets
There were two main problems here:

1.) sys/dts/Makefile.inc is not included from various */overlays directories
    by default, only ../Makefile.inc
2.) When shelling out for DTS/DTSO, cwd != .CURDIR, so enumeration always
    failed

These changes allow make test-dts and make test-dtso to function in their
respective directories.

Reviewed by:	manu
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D17961
2018-11-12 22:18:11 +00:00
Niclas Zeising
af14df7703 Add evdev support to amd64 and i386 kernels
Include evdev support and drivers in the amd64 and i386 GENERIC and MINIMAL
kernels.  Evdev is used by X and wayland to handle input devices, and this
change, together with upcomming changes in ports will make us handle input
devices better in graphical UIs.

Reviewed by:	wulf, bapt, imp
Approved by:	imp
Differential Revision:	https://reviews.freebsd.org/D17912
2018-11-12 21:01:28 +00:00
Ed Maste
7c807d7708 retire LINKER_FEATURES filter flag
And build libdl unconditionally.  All supported FreeBSD linkers accept
-F / --filter so there is no need to test for support.

Discussed with:	kib
Sponsored by:	The FreeBSD Foundation
2018-11-12 20:44:22 +00:00
Ed Maste
672b07ce30 strings: enter capability mode when operating on stdin
Reviewed by:	oshogbo
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2018-11-12 20:38:43 +00:00
Konstantin Belousov
83813c6696 Apply fix to un-cripple max cpu id on BSP earlier.
We need to know actual value for the standard extended features before
ifuncs are resolved.

Reported and tested by:	madpilot
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2018-11-12 19:17:26 +00:00
Konstantin Belousov
44748aa487 Create namespace for the symbols added during 13-CURRENT cycle.
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2018-11-12 19:12:14 +00:00
Mariusz Zaborski
509e73d483 s/caph_enter_capser/caph_enter_casper/g
Reported by:	npn
2018-11-12 18:43:51 +00:00
Mariusz Zaborski
2607c01b66 Fix typo in the comparison.
This fix build with gcc.

Reported by:	jenkins
2018-11-12 18:37:31 +00:00
Mariusz Zaborski
8e4febf012 s/caph_enter_with_casper/caph_enter_casper/
Reported by:	npn
2018-11-12 18:34:55 +00:00
Mariusz Zaborski
c71292ea35 wc: We should sandbox wc only if Capers is available. 2018-11-12 18:01:36 +00:00
Mariusz Zaborski
3824f650f0 head: sandbox using capsicum
Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D14409
2018-11-12 17:59:15 +00:00
Julien Charbon
23d903a783 cxgbe/netmap: Fix cxgbe netmap when interface is DOWN
A kernel panic can occur if the cxgbe interface is DOWN
when activating netmap. This patch prevents the driver
from freeing up cxgbe netmap resources when they have not
been allocated.

Submitted by:	Nicolas Witkowski <nwitkowski@verisign.com>
Reviewed by:	np
MFC after:	1 week
Sponsored by:	Verisign, Inc.
Differential Revision:	https://reviews.freebsd.org/D17802
2018-11-12 17:57:12 +00:00
Mariusz Zaborski
9e4c5144e6 wc: sandbox wc using capsicum
Reviewed by:	AllanJude, emaste
Differential Revision:	https://reviews.freebsd.org/D14409
2018-11-12 17:47:51 +00:00
Mariusz Zaborski
cdd6ea94b0 libcasper: introduce cap_fileargs service
cap_fileargs is a Casper service which helps to sandbox applications that need
access to the filesystem namespace. The main purpose of the service is to make
easy to capsicumize applications that works on multiple files passed in argv.

We have a couple example of using it but we still treat this service as an
experimental one.

Reviewed by:	emsate (previous version), jonathan (partially)
Discussed with:	many
Differential Revision:	https://reviews.freebsd.org/D14407
2018-11-12 17:40:47 +00:00
Kyle Evans
1cde2e974d dtb.mk: Fix passing of ECHO to make_dtb{,o}.sh 2018-11-12 17:10:44 +00:00
Brooks Davis
23d772ee4e Use ...-freebsd13.0 in -target strings.
Reported by:	Mark Millard
2018-11-12 16:55:20 +00:00
Mariusz Zaborski
509111af21 head: fix style nits
No functional change intended.

Reviewed by:	emaste
MFC after:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D14498
2018-11-12 16:44:26 +00:00
Konstantin Belousov
389474c122 Allow set ether/vlan PCP operation from the VNET jails.
The vlan interfaces can be created from vnet jails, it seems, so it
sounds logical to allow pcp configuration as well.

Reviewed by:	bz, hselasky (previous version)
Sponsored by:	Mellanox Technologies
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D17777
2018-11-12 15:59:32 +00:00
Mariusz Zaborski
752d135e0d libcasper: ange the name of limits in cap_dns so the intentions are obvious.
Reported by:	pjd
MFC after:	3 weeks
2018-11-12 15:52:45 +00:00
Michael Tuexen
970bdbf5d7 Fix printing of 64-bit counters on 32-bit ppc platforms.
Several statistic counters are uint64_t values and are printed by systat
using %lu. This results in displaying wrong numbers. Use PRIu64 instead.
While there, print variables of size_t using %zd.

MFC after:i		3 days
Differential Revision:	https://reviews.freebsd.org/D17838
2018-11-12 13:26:13 +00:00
Andrey V. Elsukov
b2b5660688 Add ability to use dynamic external prefix in ipfw_nptv6 module.
Now an interface name can be specified for nptv6 instance instead of
ext_prefix. The module will track if_addr_ext events and when suitable
IPv6 address will be added to specified interface, it will be configured
as external prefix. When address disappears instance becomes unusable,
i.e. it doesn't match any packets.

Reviewed by:	0mp (manpages)
Tested by:	Dries Michiels <driesm dot michiels gmail com>
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D17765
2018-11-12 11:20:59 +00:00
Xin LI
0f47072b78 Make outfile constant.
MFC after:	2 weeks
2018-11-12 07:14:34 +00:00
Conrad Meyer
0d1467b199 netdump: Fix netdumping with INVARIANTS kernels
Correct boneheaded assertion I added in r339501.  Mea culpa.

The intent is to notice when an M_WAITOK zone allocation would fail during
netdump, not to prevent all use of mbufs during netdump.

Reviewed by:	markj
X-MFC-With:	r339501
Differential Revision:	https://reviews.freebsd.org/D17957
2018-11-12 05:24:20 +00:00
Yuri Pankov
4a2f909992 Use blank am_pm and t_fmt_ampm for de_AT and de_DE locales as apparently
they use 24-hour clock notation.  The visible change is that w(1) now
uses 24-hour clock format as it checks for t_fmt_ampm presence.

PR:		231771
Submitted by:	Christoph Schönweiler <public2016@hauptsignal.at>
Reviewed by:	bapt
Approved by:	kib (mentor, implicit)
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D17945
2018-11-11 13:41:32 +00:00
Konstantin Belousov
5b1fb8ec66 First draft of documentation for AT/O_BENEATH handling of the absolute
paths.

It was decided that committing the code and drafting of the man page
update is better than allowing the code to rot until wordsmithing
happens.

Reviewed by:	jilles (previous version)
Discussed with:	brooks, jilles, emaste
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D17714
2018-11-11 01:46:48 +00:00
Edward Tomasz Napierala
eabc4a4bb3 Update nsswitch.conf(5) man page to make it clear additional sources
might be provided by third party software.

Reviewed by:	bcr
MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D17934
2018-11-11 00:57:13 +00:00
Eric van Gyzen
cf44d7bd57 Fix daily mailq script for Postfix and daily_show_success="NO"
Exit with a zero status when Postfix reports "Mail queue is empty" so this
section won't appear in the report at all when daily_show_success="NO".

MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
2018-11-11 00:39:20 +00:00
Konstantin Belousov
8782eef46f Remove one-use variable.
This also removes a lot of #ifdefs and cleans up a warning when the
AUDIT kernel option is defined, but neither KDTRACE_HOOKS nor MAC are.

Reported and tested by:	danger
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2018-11-11 00:21:28 +00:00
Konstantin Belousov
ade85c5eec Allow absolute paths for O_BENEATH.
The path must have a tail which does not escape starting/topping
directory.  The documentation will come shortly, see the man pages
commit message for the reason of separate commit.

Reviewed by:	jilles (previous version)
Discussed with:	emaste
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D17714
2018-11-11 00:04:36 +00:00
Edward Tomasz Napierala
71ec454d66 Random tweaks to ddb(4) manual page.
MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
2018-11-10 23:49:01 +00:00
Edward Tomasz Napierala
8d113f4aec Don't call stat(2) on nsswitch.conf(5) every time nsdispatch(3)
and dependent functions (eg getpwname(3)) get called. This can
improve performance of binaries that perform a lot of name
lookups, such as gssd(8). It also matches documented behaviour
of Linux and Solaris.

The old code is left in place, should anyone need it, guarded
by #ifdef NS_REREAD_CONF.

Reviewed by:	imp, bcr
MFC after:	2 weeks
Relnotes:	yes
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D17934
2018-11-10 23:07:46 +00:00
Vladimir Kondratyev
236e308af1 wmt(4): Add PNP record so it could be picked by devd/devmatch.
Fix uhid(4) conflict with blacklisting of multitouch HID-usages
in uhid(4) probe handler.

Reviewed by:		imp
No objections from:	hps
MFC after:		1 month
Differential Revision:	https://reviews.freebsd.org/D17689
2018-11-10 22:14:09 +00:00
Emmanuel Vadot
5cc57c208a Update our devicetree to 4.19 for arm and arm64
MFC after:	2 months
2018-11-10 21:02:32 +00:00
Emmanuel Vadot
0bf7de3125 dts: Update our copy to Linux 4.19 2018-11-10 20:44:37 +00:00
Kyle Evans
8d4ce3586f libbe(3): Set canmount properly when activating a new BE
The previously activated BE should have canmount=noauto set on it upon
activation of the new BE, but we previously did not touch canmount on either
old or new BE.

PR:		233113
MFC after:	3 days
2018-11-10 20:42:29 +00:00
Mark Johnston
0e48e06807 Re-apply r336984, reverting r339934.
r336984 exposed the bug fixed in r340241, leading to the initial revert
while the bug was being hunted down.  Now that the bug is fixed, we
can revert the revert.

Discussed with:	alc
MFC after:	3 days
2018-11-10 20:33:08 +00:00
Conrad Meyer
900c4ed3ca rm(1): Formalize non-functional status of -P flag
-P was introduced in 4.4BSD-Lite2 around 1994.  It overwrote file contents
with a pass of 0xff, 0x00, then 0xff, in a low effort attempt to "really
delete" files.

It has no user-visible effect; at the end of the day, the file is unlinked via
the filesystem.  Furthermore, the utility of overwriting files with patterned
data is extremely limited due to caveats at every layer of the stack[0] and
therefore mostly futile.  At the least, three passes is likely wasteful on
modern hardware[1].  It could also be seen as a violation of the "Unix
Philosophy" to do one thing per tiny, composable program.

Since 1994, FreeBSD has left it alone; OpenBSD replaced it with a single
pass of arc4random(3) output in 2012[2]; and NetBSD implemented partial, but
explicitly incomplete support for U.S. DoD 5220.22-M, "National Industrial
Security Program Operating Manual" in 2004[3].

NetBSD's enhanced comment above rm_overwrite makes a strong case for removing
the flag entirely:

> This is an expensive way to keep people from recovering files from your
> non-snapshotted FFS filesystems using fsdb(8).  Really.  No more.
>
> It is impossible to actually conform to the exact procedure given in
> [NISPOM] if one is overwriting a file, not an entire disk, because the
> procedure requires examination and comparison of the disk's defect lists.
> Any program that claims to securely erase *files* while conforming to the
> standard, then, is not correct.
>
> Furthermore, the presence of track caches, disk and controller write
> caches, and so forth make it extremely difficult to ensure that data have
> actually been written to the disk, particularly when one tries to repeatedly
> overwrite the same sectors in quick succession.  We call fsync(), but
> controllers with nonvolatile cache, as well as IDE disks that just plain lie
> about the stable storage of data, will defeat this.
>
> [NISPOM] requires physical media destruction, rather than any technique of
> the sort attempted here, for secret data.

As a first step towards evental removal, make it a placebo.  It's not like
it was serving any security function.  It is not defined in or mentioned by
POSIX.

If you are security conscious and need to erase your files, use a
woodchipper.  At a minimum, the entire disk needs to be overwritten, not
just one file.

[0]: https://www.ru.nl/publish/pages/909282/draft-paper.pdf
[1]: https://commons.erau.edu/cgi/viewcontent.cgi?article=1131&context=jdfsl
[2]: https://github.com/openbsd/src/commit/7c5c57ba81b5fe8ff2d4899ff643af18c
[3]: https://github.com/NetBSD/src/commit/fdf0a7a25e59af958fca1e2159921562cd

Reviewed by:	markj, Daniel O'Connor <darius AT dons.net.au> (previous version)
Differential Revision:	https://reviews.freebsd.org/D17906
2018-11-10 20:26:55 +00:00
Ed Maste
4a23879502 build(7): clarify buildenv target can be used for non-cross builds
make buildenv can be used for building for the same architecture as
the host (perhaps this is a degenerate case of cross-building).
TARGET and TARGET_ARCH do not need to be set in this case.

Reviewed by:	bdrewery
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D10759
2018-11-10 20:26:19 +00:00
Eric van Gyzen
7c5f370d3b Update comment about 'universe' disk usage
It's 167 GB now (or 81 GB with ZFS lz4).

MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
2018-11-10 19:09:48 +00:00
Eugene Grosbein
bcfc8c2779 weekly/340.noid: suppress warning on non-existent jail.conf
MFC after:	1 month
2018-11-10 17:49:19 +00:00
Ben Woods
9c66c1df48 Add UPDATING entry for newsyslog.conf changes introduced by r340318
Approved by:	cem
Differential Revision:	https://reviews.freebsd.org/D17936
2018-11-10 16:58:07 +00:00
Vincenzo Maffione
80ad548dca netmap: pkt-gen: several updates from upstream
Various improvements to the netmap pkt-gen program:

 - indentation fixes
 - support for IPV6
 - fixes to checksum computation
 - support for NS_MOREFRAG
 - rate limiting in ping mode

Reviewed by:	bcr, 0mp
Approved by:	gnn (mentor)
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D17698
2018-11-10 15:10:22 +00:00
Eugene Grosbein
f984e1f8e3 Sigh... Fix another breakage after r340322: spell "sysrc" correctly.
MFC after:	1 month
2018-11-10 14:35:12 +00:00
Eugene Grosbein
2f45576d88 Fix breakage after r340322: add missing "-n" to invocation of sysrc.
MFH:		1 month
2018-11-10 14:25:37 +00:00
Eugene Grosbein
ab478b0185 Prevent periodic/etc/weekly/340.noid from descending into root directories
of jails. Jails have their own user/group databases and this script
can produce multiple false warnings, not to mention significant extra
load in case of large jailed subtrees. Leave this check for jailed
invocations of the same script.

MFC after:	1 month
2018-11-10 14:21:26 +00:00
Eugene Grosbein
7b3c65ba1c Move definition of $jail_conf variable to /etc/defaults/rc.conf
from jail startup script so it can be successfully queried
with the command "sysrc jail_conf".

MFC after:	1 month
2018-11-10 14:11:54 +00:00
Eugene Grosbein
1e1a4743ba jail(8): introduce new command option -e to exhibit
a list of configured non-wildcard jails with their parameters,
no matter running or not.

The option -e takes separator argument that is used
to separate printed parameters. It will be used with following
additions to system periodic scripts to differentiate parts
of directory tree belonging jails as opposed to host's.

MFC after:	1 month
2018-11-10 12:03:57 +00:00