Commit Graph

234907 Commits

Author SHA1 Message Date
Warner Losh
060679ef9c Collapse zfsloader functionality back down into loader.
We no longer really need a separate zfsloader. It was useful when we
were first supporting ZFS and had limited ability to properly boot off
of ZFS without the special boot loader. Now that the boot loader has
matured, go the way loader.efi pioneered and just build one
binary. Change the name of the loader to load in the secondary boot
blocks to be just /boot/loader. Provide a symbolic link from zfsloader
to loader so people who have not upgraded their boot blocks are not
affected. This has the happy benefit of making coexistence easier as
well (fewer binaries in the matrix).

Discussed with: allanjude@, kevans@
RelNotes: Yes
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D16361
2018-07-20 05:17:37 +00:00
Cy Schubert
dfbd3c8d91 Remove a redundant declaration.
While at it add a blank line, conforming with the convention
used in this file.

X-MFC-with:	r336203
2018-07-20 02:25:39 +00:00
Cy Schubert
64987377c2 To reduce our diff between our sources and our upline, sync up
with upline. Also making it easier to read.

Obtained from:	diffing base with ports
X-MFC-with:	r336203
2018-07-20 02:17:19 +00:00
Cy Schubert
e581761876 MFV: r336486
Prevent reinstallation of an already in-use group key.
Upline git commit cb5132bb35698cc0c743e34fe0e845dfc4c3e410.

Obtained from:	https://w1.fi/security/2017-1/\
		rebased-v2.6-0002-Prevent-reinstallation-\
		of-an-already-in-use-group-ke.patch
X-MFC-with:	r336203
2018-07-20 02:04:10 +00:00
Cy Schubert
84c260fb1b Revert r336501. It was a of the wrong rev from the vendor branch. 2018-07-20 01:53:28 +00:00
Conrad Meyer
e236f904b2 cryptocheck: Correct mismatch between OpenSSL use and OCF Blake2
This corrects a mistake introduced to the cryptocheck tool in r331418.

Our CRYPTO_BLAKE2B and CRYPTO_BLAKE2S algorithms refer to either the plain,
unkeyed hashes (specified with cri_klen = 0), or a Blake2-specific keyed MAC
(when a cri_key is provided).

In contrast, OpenSSL's Blake2 algorithms only provide the plain hash.
Cryptocheck's T_HMAC corresponds to OpenSSL's HMAC() routine, which is the
ordinary HMAC construction applied to any plain, unkeyed hash.  We don't
have any HMAC-Blake2 cipher modes in OCF, so fix the test to only test
Blake2 as a plain hash.

(Ideally we would test keyed Blake2 as well, but that is left as future
work.)

PR:		229795
2018-07-20 01:51:05 +00:00
Ian Lepore
07b9533326 Add ntpd to the list of users/groups to check before installing. 2018-07-20 00:44:04 +00:00
Ian Lepore
3496c981ac Make it possible to run ntpd as a non-root user, add ntpd uid and gid.
Code analysis and runtime analysis using truss(8) indicate that the only
privileged operations performed by ntpd are adjusting system time, and
(re-)binding to privileged UDP port 123. These changes add a new mac(4)
policy module, mac_ntpd(4), which grants just those privileges to any
process running with uid 123.

This also adds a new user and group, ntpd:ntpd, (uid:gid 123:123), and makes
them the owner of the /var/db/ntp directory, so that it can be used as a
location where the non-privileged daemon can write files such as the
driftfile, and any optional logfile or stats files.

Because there are so many ways to configure ntpd, the question of how to
configure it to run without root privs can be a bit complex, so that will be
addressed in a separate commit. These changes are just what's required to
grant the limited subset of privs to ntpd, and the small change to ntpd to
prevent it from exiting with an error if running as non-root.

Differential Revision:	https://reviews.freebsd.org/D16281
2018-07-19 23:55:29 +00:00
Warner Losh
dbe8ed38bf Note big endian arm removal. 2018-07-19 23:54:18 +00:00
Emmanuel Vadot
b32c7d0cf5 arm64: Add vt_efifb to GENERIC
We can now have efifb being setup correctly.
Enjoy video output on some boards when you couldn't before.

Tested-On:  Pine64
Tested-On:  Pine64-LTS
Tested-On:  Pinebook
2018-07-19 21:59:52 +00:00
Emmanuel Vadot
c54fe25dcb Raise the size of L3 table for early devmap on arm64
Some driver (like efifb) needs to map more than the current L2_SIZE
Raise the size so we can map the framebuffer setup by the bootloader.

Reviewed by:	cognet
2018-07-19 21:58:06 +00:00
Justin Hibbits
038c615929 Revert r336509. Fails buildworld.
I had naively assumed that building kernel would be sufficient to test that
the header is sane.  However, it turns out this now needs -fms-extensions to
build.  Rather than sprinkling -fms-extensions all over the place, revert
for now, and revisit with a better fix.
2018-07-19 21:06:58 +00:00
Justin Hibbits
1dbd2e8c7c ofwfb: Check for /chosen/stdout-path in addition to /chosen/stdout
Some platforms use /chosen/stdout-path as the property containing the path to
the stdout node, not /chosen/stdout.
2018-07-19 20:22:46 +00:00
Michael Tuexen
0053ed28ff Whitespace changes due to changes in ident. 2018-07-19 20:16:33 +00:00
Justin Hibbits
7fb935da15 Merge the md_page structs for AIM and Book-E into a single unioned struct
Summary:
Ports like sysutils/lsof troll through kernel structures, and
therefore include kernel headers and all the dirty secrets involved.  struct
vm_page includes the struct md_page inline, which currently is only defined
if AIM or BOOKE is defined.  Thus, by default, sysutils/lsof cannot build,
due to the struct md_page having an incomplete type.  Fix this by merging
the two struct definitions into an anonymous struct-union.

A similar change could be made to unify the pmap structures as well.

Reviewed By: nwhitehorn
Differential Revision: https://reviews.freebsd.org/D16232
2018-07-19 20:13:33 +00:00
Michael Tuexen
b0471b4b95 Revert https://svnweb.freebsd.org/changeset/base/336503
since I also ran the export script with different parameters.
2018-07-19 20:11:14 +00:00
Mark Johnston
bf923a556d Delete an XXX comment addressed by r336505.
X-MFC with:	r336505
Sponsored by:	The FreeBSD Foundation
2018-07-19 20:11:08 +00:00
Cy Schubert
1b911983db MFV r336490:
Prevent installation of an all-zero TK.
This is also upline git commit 53bb18cc8b7a4da72e47e4b3752d0d2135cffb23.

Obtained from:	https://w1.fi/security/2017-1/\
		rebased-v2.6-0004-Prevent-installation-\
		of-an-all-zero-TK.patch
X-MFC-with:	r336203
2018-07-19 20:10:34 +00:00
Mark Johnston
483f692ea6 Have preload_delete_name() free pages backing preloaded data.
On i386 and amd64, add a vm_phys segment for physical memory used to
store the kernel binary and other preloaded data.  This makes it
possible to free such memory back to the system once it is no longer
needed, e.g., when a preloaded kernel module is unloaded.  Previously,
it would have remained unused.

Reviewed by:	kib, royger
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D16330
2018-07-19 20:00:28 +00:00
Mark Johnston
73624a804a Provide the full module path to preload_delete_name().
The basename will never match against the preload metadata, so these
calls previously had no effect.

Reviewed by:	kib, royger
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D16330
2018-07-19 19:50:42 +00:00
Michael Tuexen
7679e49dd4 Whitespace changes due to change if ident. 2018-07-19 19:33:42 +00:00
Cy Schubert
e2b89ca9cb MFV: r336486
Prevent reinstallation of an already in-use group key.
Upline git commit cb5132bb35698cc0c743e34fe0e845dfc4c3e410.

Obtained from:	https://w1.fi/security/2017-1/\
		rebased-v2.6-0002-Prevent-reinstallation-\
		of-an-already-in-use-group-ke.patch
X-MFC-with:	r336203
2018-07-19 19:22:26 +00:00
Dimitry Andric
c422fbac00 Revert r336497 for now, as it breaks on architectures using gcc, with:
cc1: warnings being treated as errors
/usr/src/lib/msun/src/s_cpow.c: In function 'cpow':
/usr/src/lib/msun/src/s_cpow.c:63: warning: implicit declaration of function 'CMPLX'
2018-07-19 19:07:25 +00:00
Cy Schubert
8d6dfc9ece MFV: r336485
Address: hostapd: Avoid key reinstallation in FT handshake

Obtained from:	https://w1.fi/security/2017-1/\
		rebased-v2.6-0001-hostapd-Avoid-key-\
		reinstallation-in-FT-handshake.patch
X-MFC-with:	r336203
2018-07-19 19:04:30 +00:00
Konstantin Belousov
53e20b2702 When reporting an error, print the errno value.
Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
2018-07-19 19:03:18 +00:00
Dimitry Andric
2ae9055f49 Fix powl, cpow, cpowf, and cpowl imports from OpenBSD
This is a follow-up to r336299.

* lib/msun/Makefile:
  . Remove polevll.c

* lib/msun/ld80/e_powl.c:
  . Copy contents of polevll.c to here.  This is the only consumer of
    these functions.  Make functions 'static inline'.
  . Make reducl a 'static inline' function.

* lib/msun/man/exp.3:
  . Remove BUGS section that no longer applies.

* lib/msun/src/math_private.h:
  . Remove prototypes of __p1evll() and __polevll()

* lib/msun/src/s_cpow.c:
* lib/msun/src/s_cpowf.c:
* lib/msun/src/s_cpowl.c
  . Use the CMPLX macro from either C99 or math_private.h (depends of
    compiler support) instead of the problematic use of complex I.

Submitted by:	Steve Kargl <sgk@troutmask.apl.washington.edu>
PR:		229876
MFC after:	1 week
2018-07-19 18:44:10 +00:00
Andrew Turner
acfbf59013 Stop writing past the end of the buffer in the msgget_limit test. The value
in i is already correct to write to the last item in the buf array.

Obtained from:	CheriBSD
Sponsored by:	DARPA, AFRL
2018-07-19 17:13:46 +00:00
Alan Cox
103cc0f6ea Revert r329254. The underlying cause for the copy-on-write problem in
multithreaded programs that was addressed by r329254 was in the
implementation of pmap_enter() on some architectures, notably, amd64.
kib@, markj@ and I have audited all of the pmap_enter() implementations,
and fixed the broken ones, specifically, amd64 (r335784, r335971), i386
(r336092), mips (r336248), and riscv (r336294).

To be clear, the reason to address the problem within pmap_enter() and
revert r329254 is not just a matter of principle.  An effect of r329254
was that a copy-on-write fault actually entailed two page faults, not
one, even for single-threaded programs.  Now, in the expected case for
either single- or multithreaded programs, we are back to a single page
fault to complete a copy-on-write operation.  (In extremely rare
circumstances, a multithreaded program could suffer two page faults.)

Reviewed by:	kib, markj
Tested by:	truckman
MFC after:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D16301
2018-07-19 17:01:10 +00:00
Cy Schubert
d8b7f52b51 Import upline security patch: Prevent installation of an all-zero TK
This is also upline git commit 53bb18cc8b7a4da72e47e4b3752d0d2135cffb23.

Obtained from:	https://w1.fi/security/2017-1/\
		rebased-v2.6-0004-Prevent-installation-\
		of-an-all-zero-TK.patch
2018-07-19 16:58:20 +00:00
Conrad Meyer
7bdbd012c6 newsyslog.8: Remove cutesy nonsense
Sponsored by:	Dell EMC Isilon
2018-07-19 16:03:20 +00:00
Bruce Evans
b7092eef4d Fix spurious and extra underflows and resulting inaccuracies for some cases
with 1 huge component and 1 tiny (but nowhere near denormal) component.
Rescale earlier so that a scale factor of 2 can be combined with a non-
scale divisor of 2, so that the division doesn't shift out a bit.  In the
usual case where the scale factor is just 1, the division may shift out a
bit, but then the underflow is not spurious and the inaccuracies are harder
to fix.
2018-07-19 15:04:10 +00:00
Cy Schubert
d221b2962e Import upline security patch: Extend protection of GTK/IGTK
reinstallation of WNM-Sleep Mode cases.  This git commit
87e2db16bafcbc60b8d0016175814a73c1e8ed45.

Obtained from:	https://w1.fi/security/2017-1/\
		rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-\
		reinstallation-of-WNM-.patch
2018-07-19 14:41:46 +00:00
Cy Schubert
259b356d97 Import upline security patch to prevent an alreadi in use group ke.
Obtained from:	https://w1.fi/security/2017-1/\
		rebased-v2.6-0002-Prevent-reinstallation-\
		of-an-already-in-use-group-ke.patch
2018-07-19 14:37:32 +00:00
Cy Schubert
190650c714 Import upline hostapd-avoid-key-reinstallation security patch.
Obtained from:	https://w1.fi/security/2017-1/\
		rebased-v2.6-0001-hostapd-Avoid-key-\
		reinstallation-in-FT-handshake.patch
2018-07-19 14:35:27 +00:00
Bruce Evans
50c8bd4e53 Oops, r336412 undid the fix of the overflow threshold in r323003. Restore
the previous overflow threshold and adjust comments.
2018-07-19 14:24:48 +00:00
Mateusz Piotrowski
17e98da88e Describe how to prevent *.core files from being created using ulimit.
While here, pet mandoc.

Reviewed by:	eadler (previous revision), jilles (previous revision), mat (mentor)
Approved by:	manpages (jilles), mat (mentor)
Differential Revision:	https://reviews.freebsd.org/D15609
2018-07-19 13:09:29 +00:00
Ruslan Bukin
73ce26a22b PROFILE, TESTS and CXX build options are no longer broken for RISC-V.
Sponsored by:	DARPA, AFRL
2018-07-19 13:02:29 +00:00
Mateusz Piotrowski
9c4b1419f0 Update mentor and mentee information.
Reviewed by:	mat (mentor)
Approved by:	mat (mentor)
Differential Revision:	https://reviews.freebsd.org/D16295
2018-07-19 12:58:10 +00:00
Ruslan Bukin
27c2ac11aa Add a GCC 7.1.0 no-error warning flag.
This is required to build libdevdctl.

Note this flag is not required for GCC 8.1.0.

Sponsored by:	DARPA, AFRL
2018-07-19 12:56:54 +00:00
Emmanuel Vadot
413d07ea3e fdt_pinctrl: Add some TSLOG annotations
While we see the time spent in the pin controller attach via the hooks in
DEVICE_ATTACH, it is useful to see the time spent configuring the pins.
2018-07-19 11:41:53 +00:00
Emmanuel Vadot
41a76289e6 cpufreq_dt: Add operating-points-v2 support
Oppv2 add more flexibility on regulator value for the core voltage amongst
other new thing.
For now only shared opp table is supported as I don't have hardware with
non-shared opp table.

Tested-On: OrangePi One (with oppv1 and oppv2)
Tested-On: Pine64-LTS
2018-07-19 11:31:49 +00:00
Emmanuel Vadot
326867616f kern_cpu: When adding abs frequency allow for unordered insertion
Keep the list ordered as some code assume that it is but allow for
unordered cf_settings sets.
2018-07-19 11:28:14 +00:00
Emmanuel Vadot
6185fb0f81 arm: Implement cpu_est_clockrate for armv[67] 2018-07-19 11:27:11 +00:00
Roger Pau Monné
b21c72b69d xen: add missing file from r336474 2018-07-19 10:14:52 +00:00
Roger Pau Monné
b0663c33c2 xen: implement early init helper for PVHv2
In order to setup an initial environment and jump into the generic
hammer_time initialization function. Some of the code is shared with
PVHv1, while other code is PVHv2 specific.

This allows booting FreeBSD as a PVHv2 DomU and Dom0.

Sponsored by:	Citrix Systems R&D
2018-07-19 08:44:52 +00:00
Roger Pau Monné
07c2711fbf xen: allow very early initialization of the hypercall page
Allow the hypercall page to be initialized very early, even before
vtophys is functional. Also make the function global so it can be
called by other files.

This will be needed in order to perform the early bringup on PVHv2
guests.

Sponsored by: Citrix Systems R&D
2018-07-19 08:13:41 +00:00
Roger Pau Monné
3653af112f xen: attach the PV CPU if no CPU device is present
When booted as PVHv2, there's no ACPI CPU object, so attach the PV CPU
device in order to take it's place.

This is required in case some device or driver tries to poke at the
PCPU device field.

Sponsored by: Citrix Systems R&D
2018-07-19 08:00:52 +00:00
Roger Pau Monné
fa60904232 xen: do not limit PV console usage to PV guests
The Xen PV console is also available to HVM and PVHv2 guests, so don't
limit the console usage to PV guests only.

Sponsored by: Citrix Systems R&D
2018-07-19 07:58:24 +00:00
Roger Pau Monné
cfa0b7b82f xen: remove direct usage of HYPERVISOR_start_info
HYPERVISOR_start_info is only available to PV and PVHv1 guests, HVM
and PVHv2 guests get this data from HVM parameters that are fetched
using a hypercall.

Instead provide a set of helper functions that should be used to fetch
this data. The helper functions have different implementations
depending on whether FreeBSD is running as PVHv1 or HVM/PVHv2 guest
type.

This helps to cleanup generic Xen code by removing quite a lot of
xen_pv_domain and xen_hvm_domain macro usages.

Sponsored by:	Citrix Systems R&D
2018-07-19 07:54:45 +00:00
Roger Pau Monné
f2577f25c1 xen: add PVHv2 entry point
The PVHv2 entry point is fairly similar to the multiboot1 one. The
kernel is started in protected mode with paging disabled. More
information about the exact BSP state can be found in the pvh.markdown
document on the Xen tree.

This entry point is going to be joined with the native entry point at
hammer_time, and in order to do so the BSP needs to be bootstrapped
into long mode with the same set of page tables as used on bare metal.

Sponsored by:	Citrix Systems R&D
2018-07-19 07:39:35 +00:00