Commit Graph

252560 Commits

Author SHA1 Message Date
Warner Losh
b9c5b43263 Declare time()
Time is used and was accidentally brought in through header
pollution. Declare it in stand.h directly instead.
2020-08-28 05:40:02 +00:00
Glen Barber
233a5529d1 Add a new line to force a commit to verify if lwhsu did indeed
fix the jenkins build by adding git to the dependency list.

Sponsored by:	Rubicon Communications, LLC (netgate.com)
2020-08-28 02:09:10 +00:00
Rick Macklem
6e4b6ff88f Add flags to enable NFS over TLS to the NFS client and server.
An Internet Draft titled "Towards Remote Procedure Call Encryption By Default"
(soon to be an RFC I think) describes how Sun RPC is to use TLS with NFS
as a specific application case.
Various commits prepared the NFS code to use KERN_TLS, mainly enabling use
of ext_pgs mbufs for large RPC messages.
r364475 added TLS support to the kernel RPC.

This commit (which is the final one for kernel changes required to do
NFS over TLS) adds support for three export flags:
MNT_EXTLS - Requires a TLS connection.
MNT_EXTLSCERT - Requires a TLS connection where the client presents a valid
            X.509 certificate during TLS handshake.
MNT_EXTLSCERTUSER - Requires a TLS connection where the client presents a
            valid X.509 certificate with "user@domain" in the otherName
            field of the SubjectAltName during TLS handshake.
Without these export options, clients are permitted, but not required, to
use TLS.

For the client, a new nmount(2) option called "tls" makes the client do
a STARTTLS Null RPC and TLS handshake for all TCP connections used for the
mount. The CLSET_TLS client control option is used to indicate to the kernel RPC
that this should be done.

Unless the above export flags or "tls" option is used, semantics should
not change for the NFS client nor server.

For NFS over TLS to work, the userspace daemons rpctlscd(8) { for client }
or rpctlssd(8) daemon { for server } must be running.
2020-08-27 23:57:30 +00:00
Kirk McKusick
66ac5b2c5a Add a comment to clarify when and why cached names are deleted
during pathname lookup.

Reviewed by:  kib
MFC after:    3 days
Sponsored by: Netflix
2020-08-27 22:14:58 +00:00
Matt Macy
962619075c ZFS: remove duplicate "com.datto:encryption" from loader 2020-08-27 21:37:35 +00:00
Glen Barber
92fb4f8a61 Merge the projects/release-git branch to head.
This allows building 13.x from Git instead of Subversion.

No MFC to stable branches is planned at this time. [1]

Discussed with:	git working group [1]
Sponsored by:	Rubicon Communications, LLC (netgate.com)
2020-08-27 21:19:16 +00:00
Glen Barber
e25152834c MFH
Sponsored by:	Rubicon Communications, LLC (netgate.com)
2020-08-27 20:25:33 +00:00
Warner Losh
73be5dd2b2 Fix tiny style nit. 2020-08-27 17:46:13 +00:00
Mark Johnston
6255e8c8e2 Fix writing of the final block of encrypted, compressed kernel dumps.
Previously any residual data in the final block of a compressed kernel
dump would be written unencrypted.  Note, such a configuration already
does not work properly when using AES-CBC since the compressed data is
typically not a multiple of the AES block length in size and EKCD does
not implement any padding scheme.  However, EKCD more recently gained
support for using the ChaCha20 cipher, which being a stream cipher does
not have this problem.

Submitted by:	sigsys@gmail.com
Reviewed by:	cem
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D26188
2020-08-27 17:36:06 +00:00
Warner Losh
d0fba0c58a Add note about NO_CLEAN build.
NO_CLEAN doesn't quite work for some scenarios when rebuilding older
kernels, but the kernels build w/o NO_CLEAN.
2020-08-27 17:30:57 +00:00
Jamie Gritton
0eb6603f6b Disregard jails in jail.conf that have bad parameters (parameter/variable
clash, or redefining name/jid).  The current behvaior, of merely warning
and moving on, can lead to unexpected behavior when a jail is created
without the offending parameter defined at all.
2020-08-27 17:04:55 +00:00
Mark Johnston
555e998919 snd_ich(4): Handle errors from ich_init() properly during resume.
ich_init() returns an errno value or 0, but ich_pci_resume() was
comparing the return value with -1 to determine whether an error had
occurred.

PR:		248941
Submitted by:	Tong Zhang <ztong0001@gmail.com>
MFC after:	1 week
2020-08-27 16:36:07 +00:00
Mark Johnston
b3cb04b930 fdc(4): Handle errors from fdc_in() properly.
fdc_in() returns only 0 and 1, some callers were checking incorrectly
for failure.

PR:		248940
Submitted by:	Tong Zhang <ztong0001@gmail.com>
MFC after:	1 week
2020-08-27 16:34:33 +00:00
Mark Johnston
9c325393d5 asmc(4): Handle errors from asmc_key_read() properly.
asmc_key_read() returns only 0 and 1, some callers were checking
incorrectly for failure.

PR:		248939
Submitted by:	Tong Zhang <ztong0001@gmail.com>
MFC after:	1 week
2020-08-27 16:34:20 +00:00
Glen Barber
884ea3e64c Correct the conditional evaluating if git exists.
Pointyhat to:	gjb (myself)
Sponsored by:	Rubicon Communications, LLC (netgate.com)
2020-08-27 14:36:00 +00:00
Cy Schubert
a784185078 /etc/zfs/zpool.cache is the preferred (and new) location of zpool.cache.
Check for it first. Only use /boot/zfs/zpool.cache if the /etc/zfs
version is not found and good.

Reported by:	avg
Suggested by:	avg, kevans
2020-08-27 14:33:46 +00:00
Glen Barber
eade353551 Do not unconditionally build git from ports if it already exists.
Sponsored by:	Rubicon Communications, LLC (netgate.com)
2020-08-27 14:29:06 +00:00
Glen Barber
6e7be14e7f Adjust the logic to locating GIT_CMD.
Use 'git -C' instead of cd(1). [1]

Suggested by:	garga [1]
Sponsored by:	Rubicon Communications, LLC (netgate.com)
2020-08-27 13:33:21 +00:00
Ryan Moeller
cd568e2b1b libzfs: Also add the crypto dependency to Makefile.inc1
Reported by:	kevans
Discussed with:	kevans
Sponsored by:	iXsystems, Inc.
2020-08-27 13:26:36 +00:00
Glen Barber
bee3d446c4 Fix passing OPTIONS_UNSET with multiple options to make(1).
While here, adjust the copyright.

Sponsored by:	Rubicon Communications, LLC (netgate.com)
2020-08-27 13:25:24 +00:00
Ryan Moeller
40d0fd2875 libzfs: Add missing crypto dependency
libzfs_crypto.c uses PKCS5_PBKDF2_HMAC_SHA1 from libcrypto.

Reported by:	John Kennedy
Sponsored by:	iXsystems, Inc.
2020-08-27 13:05:41 +00:00
Hans Petter Selasky
d96e599643 Implement extensible arrays API using the existing radix tree implementation
in the LinuxKPI.

Differential Revision:	https://reviews.freebsd.org/D25101
Reviewed by:	kib @
MFC after:	1 week
Sponsored by:	Mellanox Technologies
2020-08-27 10:28:12 +00:00
Emmanuel Vadot
27998f7a02 arm: ti: Fix Beaglebone black MMC after DTS update
After DTS sync with Linux kernel 5.8 this patch was included:
"ARM: dts: Move am33xx and am43xx mmc nodes to sdhci-omap driver"
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/arch/arm/boot/dts/am33xx-l4.dtsi?h=v5.9-rc2&id=0b4edf111870b83ea77b1d7e16b8ceac29f9f388

Current will not load any driver for MMC and not mount the rootfs.
Simple patch add "ti,am335-sdhci" to compability strings in ti_sdhci.c

Submitted by:	oskar.holmlund@ohdata.se
Reported by:	phk
X-MFC-With:	363853
2020-08-27 08:08:49 +00:00
Mateusz Guzik
84ecea90b7 cache: don't update timestmaps on found entry 2020-08-27 06:31:55 +00:00
Mateusz Guzik
5f08d440b0 cache: assorted clean ups
In particular remove spurious comments, duplicate assertions and the
inconsistently done KTR support.
2020-08-27 06:31:27 +00:00
Mateusz Guzik
12441fcbe2 cache: ncp = NULL early to account for sdt probes in ailure path
CID:	1432106
2020-08-27 06:30:40 +00:00
Warner Losh
cbda6f66f4 Implement FLUSHO
Turn FLUSHO on/off with ^O (or whatever VDISCARD is). Honor that to
throw away output quickly. This tries to remain true to 4.4BSD
behavior (since that was the origin of this feature), with any
corrections NetBSD has done. Since the implemenations are a little
different, though, some edge conditions may be handled differently.

Reviewed by: kib, kevans
Differential Review: https://reviews.freebsd.org/D26148
2020-08-27 05:11:15 +00:00
Greg Lehey
23f93ed79b Update Hong Kong Liberation Day (hah!) 2020-08-27 03:50:34 +00:00
Jamie Gritton
bb4ec28922 Don't allow jail.conf variables to have the same names as jail parameters.
It was already not allowed in many cases, but crashed instead of giving an
error.

PR:		248444
2020-08-27 00:17:17 +00:00
John Baldwin
62cddd0e03 Name the on-stack union of compat thunks.
C does not permit an anonymous union at a top-level scope.

Pointy hat to:	jhb
2020-08-26 22:36:08 +00:00
Rick Macklem
df665abd34 Fix a "v_seqc_users == 0 not met" panic when VFS_STATFS() fails during mount.
r363210 introduced v_seqc_users to the vnodes.  This change requires
a vn_seqc_write_end() to match the vn_seqc_write_begin() in
vfs_cache_root_clear().
mjg@ provided this patch which seems to fix the panic.

Tested for an NFS mount where the VFS_STATFS() call will fail.

Submitted by:	mjg
Reviewed by:	mjg
Differential Revision:	https://reviews.freebsd.org/D26160
2020-08-26 21:49:43 +00:00
John Baldwin
113bcc82a2 Add freebsd32 compat support for CIOCCRYPTAEAD.
Reviewed by:	markj (earlier version)
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D26179
2020-08-26 21:28:47 +00:00
John Baldwin
5612fcb17d Simplify compat shims for /dev/crypto.
- Make session handling always use the CIOGSESSION2 structure.
  CIOGSESSION requests use a thunk similar to COMPAT_FREEBSD32 session
  requests.  This permits the ioctl handler to use the 'crid' field
  unconditionally.

- Move COMPAT_FREEBSD32 handling out of the main ioctl handler body
  and instead do conversions in/out of thunk structures in dedicated
  blocks at the start and end of the ioctl function.

Reviewed by:	markj (earlier version)
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D26178
2020-08-26 21:17:18 +00:00
Mateusz Guzik
4961e997a6 fuse: unbreak after r364814
Reported by:	kevans
2020-08-26 21:13:36 +00:00
Rick Macklem
c5ce27ba24 Add MNT_EXTLSxxx flags that will be used for NFS over TLS exports.
These flags are not currently used, but will be used by future commits to
implement export(5) requirements for the use of NFS over TLS by clients.

Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D26180
2020-08-26 20:56:05 +00:00
Cy Schubert
f1602aff80 To avoid breakage for those who build/install without ZFS only
rely on rc.d/zpool's BEFORE specification.

Reported by:	rpokala
2020-08-26 20:30:00 +00:00
Warner Losh
ea007fee61 Each entry in UPDATING needs a date
It's rare for there to be two updating entries on the same day (once a
decade or so), but we have that here. Add the date to the second one
since devd and zfs are unrelated.
2020-08-26 19:32:28 +00:00
Brandon Bergren
2941010b58 [PowerPC] Fix build failure in sec.c
Fix a typo in r364799 that was breaking powerpc and powerpcspe build.

MFC with:	364799
2020-08-26 19:30:42 +00:00
Colin Percival
bd4fcf75ee Remove whitespace which accidentaly snuck into r364831. 2020-08-26 19:28:30 +00:00
Colin Percival
437bab4828 Add -w option to lockf(1).
By default, lockf(1) opens its lock file O_RDONLY|O_EXLOCK.  On NFS, if the
file already exists, this is split into opening the file read-only and then
requesting an exclusive lock -- and the second step fails because NFS does
not permit exclusive locking on files which are opened read-only.

The new -w option changes the open flags to O_WRONLY|O_EXLOCK, allowing it
to work on NFS -- at the cost of not working if the file cannot be opened
for writing.

(Whether the traditional BSD behaviour of allowing exclusive locks to be
obtained on a file which cannot be opened for writing is a good idea is
perhaps questionable since it may allow less-privileged users to perform
a local denial of service; however this behaviour has been present for a
long time and changing it now seems like it would cause problems.)

Reviewed by:	rmacklem
Differential Revision:	https://reviews.freebsd.org/D26005
2020-08-26 19:26:48 +00:00
Ryan Moeller
507cf10ad5 Move zstd sources from libzfs to libzpool
zstd is kernel code that was not supposed to be in libzfs.

libzpool provides userland shims for kernel code and is where the
zstd code needs to be included.

Reported by:	John Kennedy
Discussed with:	mmacy
Sponsored by:	iXsystems, Inc.
2020-08-26 19:03:15 +00:00
Ryan Moeller
67c97ec2d6 Tidy up libzpool Makefile
Sponsored by:	iXsystems, Inc.
2020-08-26 19:00:17 +00:00
Jamie Gritton
48c376a6f1 Back out r364791 to unbreak jails. Lesson learned: "compile and test" means
running the test on the same executable that you just compiled.

PR:		248444
Pointy hat to:	jamie
2020-08-26 18:35:32 +00:00
Toomas Soome
0fec8f03cf libsa: only skein_block.c is using SKEIN_LOOP
Only use SKEIN_LOOP while compiling skein_block.c
2020-08-26 17:52:32 +00:00
Warner Losh
513575d446 Make sbuf_setpos match the implementation.
sbuf_setpos can only be used to truncate the buffer, never to make it
longer. Update the documentation to reflect this.

Reviewed By: allanjude, phk
Differential Revision: https://reviews.freebsd.org/D26198
2020-08-26 17:06:16 +00:00
Jung-uk Kim
3971092e11 Regen X86 assembly files after r364822. 2020-08-26 16:56:44 +00:00
Jung-uk Kim
63c1bb5162 Fix Clang version detection.
We prepend "FreeBSD" to Clang version string.  This broke compiler test for
AVX instruction support.

Reported by:	jhb
2020-08-26 16:55:28 +00:00
Ryan Moeller
ec45a4d383 Install zfs-events.5
Sponsored by:	iXsystems, Inc.
2020-08-26 15:43:44 +00:00
Mark Johnston
aea9103e06 Use a large kmem arena import size on NUMA systems.
This helps minimize internal fragmentation that occurs when 2MB imports
are interleaved across NUMA domains.  Virtually all KVA allocations on
direct map platforms consume more than one page, so the fragmentation
manifests as runs of 511 4KB page mappings in the kernel.

Reviewed by:	alc, kib
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D26050
2020-08-26 14:31:48 +00:00
Mark Johnston
41c6838786 vmem: Avoid allocating span tags when segments are never released.
vmem uses span tags to delimit imported segments, so that they can be
released if the segment becomes free in the future.  However, the
per-domain kernel KVA arenas never release resources, so the span tags
between imported ranges are unused when the ranges are contiguous.
Furthermore, such span tags prevent coalescing of free segments across
KVA_QUANTUM boundaries, resulting in internal fragmentation which
inhibits superpage promotion in the kernel map.

Stop allocating span tags in arenas that never release resources.  This
saves a small amount of memory and allows free segements to coalesce
across import boundaries.  This manifests as improved kernel superpage
usage during poudriere runs, which also helps to reduce physical memory
fragmentation by reducing the number of broken partially populated
reservations.

Tested by:	pho
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D24548
2020-08-26 14:31:35 +00:00