Commit Graph

9082 Commits

Author SHA1 Message Date
Warner Losh
c99e4e6b8b Retire support for -DMINIMALISTIC
We've not used this in years since we retired sysinstall, and it
hasn't compiled in at least a year. A full camcontrol is only 180k, so
making it smaller is not as important as it once was.

OK'd by: ken@, scottl@
2019-07-12 05:35:45 +00:00
Kirk McKusick
daba4da81d Add a new "untrusted" option to the mount command. Its purpose
is to notify the kernel that the file system is untrusted and it
should use more extensive checks on the file-system's metadata
before using it. This option is intended to be used when mounting
file systems from untrusted media such as USB memory sticks or other
externally-provided media.

It will initially be used by the UFS/FFS file system, but should
likely be expanded to be used by other file systems that may appear
on external media like msdosfs, exfat, and ext2fs.

Reviewed by:  kib
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D20786
2019-07-01 23:22:26 +00:00
John Baldwin
82334850ea Add an external mbuf buffer type that holds multiple unmapped pages.
Unmapped mbufs allow sendfile to carry multiple pages of data in a
single mbuf, without mapping those pages.  It is a requirement for
Netflix's in-kernel TLS, and provides a 5-10% CPU savings on heavy web
serving workloads when used by sendfile, due to effectively
compressing socket buffers by an order of magnitude, and hence
reducing cache misses.

For this new external mbuf buffer type (EXT_PGS), the ext_buf pointer
now points to a struct mbuf_ext_pgs structure instead of a data
buffer.  This structure contains an array of physical addresses (this
reduces cache misses compared to an earlier version that stored an
array of vm_page_t pointers).  It also stores additional fields needed
for in-kernel TLS such as the TLS header and trailer data that are
currently unused.  To more easily detect these mbufs, the M_NOMAP flag
is set in m_flags in addition to M_EXT.

Various functions like m_copydata() have been updated to safely access
packet contents (using uiomove_fromphys()), to make things like BPF
safe.

NIC drivers advertise support for unmapped mbufs on transmit via a new
IFCAP_NOMAP capability.  This capability can be toggled via the new
'nomap' and '-nomap' ifconfig(8) commands.  For NIC drivers that only
transmit packet contents via DMA and use bus_dma, adding the
capability to if_capabilities and if_capenable should be all that is
required.

If a NIC does not support unmapped mbufs, they are converted to a
chain of mapped mbufs (using sf_bufs to provide the mapping) in
ip_output or ip6_output.  If an unmapped mbuf requires software
checksums, it is also converted to a chain of mapped mbufs before
computing the checksum.

Submitted by:	gallatin (earlier version)
Reviewed by:	gallatin, hselasky, rrs
Discussed with:	ae, kp (firewalls)
Relnotes:	yes
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D20616
2019-06-29 00:48:33 +00:00
Luiz Otavio O Souza
4e4cedb00b Add the 'drop tagged' flag support for ethernet switch ports.
This is intended to drop all 802.1q tagged packets on a port.

Sponsored by:	 Rubicon Communications, LLC (Netgate)
2019-06-28 22:12:43 +00:00
Kyle Evans
d05fa0d949 bectl(8): create non-recursive boot environments
bectl advertises that it has the ability to create recursive and
non-recursive boot environments. This patch implements that functionality
using the be_create_depth API provided by libbe. With this patch, bectl now
works as bectl(8) describes in regards to creating recursive/non-recursive
boot environments.

Submitted by:	Rob Fairbanks <rob.fx907 gmail com> (with minor changes)
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D20240
2019-06-27 14:03:32 +00:00
Cy Schubert
015cb6cde4 Create a link to the ipmon.conf.5 man page as documented in ipmon.5.
Add its corresponding optional removal entry.

PR:		238816
MFC after:	1 week
2019-06-27 12:37:44 +00:00
Cy Schubert
74bc7fc0b4 Add the ipmon.5 man page.
PR/238816 initially addressed updates to usage() however the PR has
morphed into a shopping list of updates to usage() and man pages.

PR:		238816 (I added to the list during discussion)
MFC after:	1 week
2019-06-27 02:43:26 +00:00
Mark Johnston
5baf985da7 Free DHCP options with length zero.
Otherwise they are leaked, allowing an attacker to trigger memory
exhaustion.

This is options.c rev. 1.70 from OpenBSD.

admbugs:	552
Obtained from:	OpenBSD
MFC after:	3 days
2019-06-26 20:19:48 +00:00
Mark Johnston
a3ae40c7a4 Avoid a divide-by-zero when bad checksum counters overflow.
A mixture of IP or UDP packets with valid and invalid checksum could
cause {ip,udp}_packets_bad_checksum to wrap around to 0, resulting
in a division by zero.

This is packet.c rev. 1.27 from OpenBSD.

admbugs:	552
Obtained from:	OpenBSD
MFC after:	3 days
2019-06-26 20:11:52 +00:00
Andrey V. Elsukov
55507128b9 Restore ipfw(8)'s compact output support broken after r331668.
Also modify it a bit. Now -c option omits only 'from any to any' part
and works for different protocols (not just for ip).

Reported by:	Dmitry Selivanov <dseliv at gmail>
MFC after:	1 week
2019-06-25 09:08:24 +00:00
Warner Losh
91211c46ac Replay r349341 by imp accidentally reverted by r349352
Use ata_param_fixup instead of a custom copy here
2019-06-25 06:14:26 +00:00
Warner Losh
f5a95d9a07 Remove NAND and NANDFS support
NANDFS has been broken for years. Remove it. The NAND drivers that
remain are for ancient parts that are no longer relevant. They are
polled, have terrible performance and just for ancient arm
hardware. NAND parts have evolved significantly from this early work
and little to none of it would be relevant should someone need to
update to support raw nand. This code has been off by default for
years and has violated the vnode protocol leading to panics since it
was committed.

Numerous posts to arch@ and other locations have found no actual users
for this software.

Relnotes:	Yes
No Objection From: arch@
Differential Revision: https://reviews.freebsd.org/D20745
2019-06-25 04:50:09 +00:00
Warner Losh
6506ca91d2 Use ata_param_fixup instead of a custom copy here 2019-06-24 20:19:03 +00:00
Doug Moore
9035b2257f You can't use block special nodes for swap, so don't let that happen.
Fix a style violation with regard to header file arrangement.

Improved by: alc
Approved by: markj, kib (mentor)
Differential Revision: https://reviews.freebsd.org/D20723
2019-06-22 19:27:09 +00:00
Doug Moore
a616b25342 Modify swapon(8) to invoke BIO_DELETE to trim swap devices, either if
'-E' appears on the swapon command line, or if "trimonce" appears as
an fstab option.

Discussed at: BSDCAN
Tested by: markj
Reviewed by: markj
Approved by: markj (mentor)
Differential Revision:https://reviews.freebsd.org/D20599
2019-06-22 03:16:01 +00:00
Andrey V. Elsukov
978f2d1728 Add "tcpmss" opcode to match the TCP MSS value.
With this opcode it is possible to match TCP packets with specified
MSS option, whose value corresponds to configured in opcode value.
It is allowed to specify single value, range of values, or array of
specific values or ranges. E.g.

 # ipfw add deny log tcp from any to any tcpmss 0-500

Reviewed by:	melifaro,bcr
Obtained from:	Yandex LLC
MFC after:	1 week
Sponsored by:	Yandex LLC
2019-06-21 10:54:51 +00:00
Xin LI
0b253f2ba4 In ask(): override default option if any of alwaysyes/alwaysno/rdonly is
set.

MFC after:	2 weeks
2019-06-15 07:23:06 +00:00
Xin LI
1e3ffe6590 Blankspace. No actual code change.
MFC after:	2 weeks
2019-06-15 06:51:46 +00:00
Kirk McKusick
e924cb6ff9 Clarify that the -r and -R options can be used only to create level 0 dumps.
Suggested by: phk
MFC after:    3 days
2019-06-14 06:10:15 +00:00
Warner Losh
07810343ee Increase the timeout for READ NATIVE MAX
READ NATIVE MAX can take longer than a second if the queued NCQ I/Os
take longer than a second to drain.
2019-06-13 05:19:36 +00:00
Xin LI
bf6ed41692 Avoid out of boundary access when checking invalid long filenames.
Obtained from:	OpenBSD (dir.c,v 1.25)
MFC after:	3 days
2019-06-11 22:21:29 +00:00
Xin LI
669d33ef98 preen should work independently with alwaysyes and alwaysno.
PR:		238375
MFC after:	2 weeks
2019-06-07 01:38:51 +00:00
Xin LI
51a1c26a18 Don't increment cl after increment.
MFC after:	3 days
2019-06-04 07:02:20 +00:00
Kyle Evans
7c08a497ba bectl(8): Don't accept jid=0 from jail_getid
This will trivially exist, but we don't want it - none of our jailed BEs
will have jid=0.

MFC after:	3 days
2019-06-02 14:05:51 +00:00
Mark Johnston
8e9105dbae acpi_dock(4): Notify devd(8) on dock status change.
PR:		238138
Submitted by:	Muhammad Kaisar Arkhan <hi@yukiisbo.red>
MFC after:	2 weeks
2019-05-31 15:44:33 +00:00
Kyle Evans
515fa27bb0 bectl(8): Address Coverity complaints
CID 1400451: case 0 is missing a break/return and falling through to the
default case.  waitpid(0, ...) makes little sense in the child, we likely
wanted to terminate immediately.

CID 1400453: size argument uses sizeof(char **) instead of sizeof(char *)
and is assigned to a char **; sizeof's match but "this isn't a portable
assumption".

CID:	1400451, 1400453
MFC after:	3 days
2019-05-28 16:12:16 +00:00
Andrey V. Elsukov
09899450ed Remove unused token that was added in r348235.
MFC after:	2 weeks
2019-05-27 06:34:36 +00:00
Andrey V. Elsukov
05ab1ef64e Add missing and or-flush options to "ipfw table <NAME> create"
command to simplify firewall reloading.

The `missing` option suppresses EEXIST error code, but does check that
existing table has the same parameters as new one. The `or-flush` option
implies `missing` option and additionally does flush for table if it
is already exist.

Submitted by:	lev
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D18339
2019-05-24 11:06:24 +00:00
Kyle Evans
22554a341e bectl(8): Add a test for jail/unjail of numeric BE names
Fixed by r348215, bectl ujail first attempts the trivial fetch of a jid by
passing the first argument to 'ujail' to jail_getid(3) in case a jid/name
have been passed in instead of a BE name. For numerically named BEs, this
was doing the wrong thing: instead of failing to locate the jid specified
and falling back to mountpath search, jail_getid(3) would return the input
as-is.

While here, I've fixed bectl_jail_cleanup which still used a hard-coded pool
name that was overlooked w.r.t. other work that was in-flight around the
same time.

MFC after:	3 days
2019-05-24 01:53:45 +00:00
Conrad Meyer
8298529226 EKCD: Add Chacha20 encryption mode
Add Chacha20 mode to Encrypted Kernel Crash Dumps.

Chacha20 does not require messages to be multiples of block size, so it is
valid to use the cipher on non-block-sized messages without the explicit
padding AES-CBC would require.  Therefore, allow use with simultaneous dump
compression.  (Continue to disallow use of AES-CBC EKCD with compression.)

dumpon(8) gains a -C cipher flag to select between chacha and aes-cbc.
It defaults to chacha if no -C option is provided.  The man page documents this
behavior.

Relnotes:	sure
Sponsored by:	Dell EMC Isilon
2019-05-23 20:12:24 +00:00
Kyle Evans
55ece394c2 bectl(8): add description for create subcommand
In commit r345845, a portion of documentation for the create subcommand was
removed. Specifically, for creating a snapshot of an existing boot
environment. bectl even has a test-case for this functionality.

Removing the sub-command description was discussed in PR 235850.

This patch brings back the second "create" description that was originally
in place. Albeit, with a few wording/clarifying changes.

Submitted by:	Rob Fairbanks <rob.fx907 gmail com>
Reviewed by:	kevans
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D20249
2019-05-22 23:07:40 +00:00
Mark Johnston
48faa24b09 Update the example added in r348082 to specify a dump device priority.
Event:	Waterloo Hackathon 2019
2019-05-22 03:52:39 +00:00
Mark Johnston
73cc16949a Provide an example of using dhclient-script(5) to configure netdump.
Reviewed by:	cem
MFC after:	1 week
Event:		Waterloo Hackathon 2019
Differential Revision:	https://reviews.freebsd.org/D20345
2019-05-22 03:49:38 +00:00
Kirk McKusick
bfc5d3f9c2 This revision began as a simple change to eliminate an uninitialized warning
found by Coverity. However, upon closer inspection the implementation of
fsck_ffs's fsck_readdir() and dircheck() functions is both nearly impossible
to follow and fails to check / fix directories in several cases. So, this
revision is an entire rewrite of these two functions to clarify what they
are doing and also to get something that works properly.

Referred by:  cem
Reviewed by:  kib, David G Lawrence
MFC after:    3 days
CID 1401317:  namlen may be used uninitialized
2019-05-21 22:24:38 +00:00
Brooks Davis
ffda67901e Change ed(4), ep(4), and fxp(4) examples to em(4).
ed(4) and ep(4) have been removed. fxp(4) remains popular in older
systems, but isn't as future proof as em(4).

Reviewed by:	bz, jhb
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D20311
2019-05-18 21:01:36 +00:00
Conrad Meyer
276b25f172 Add DragonFly's partition number to fdisk(8) and diskmbr.h
This change doesn't make any attempt to add support for these slices to the
relevent GEOM classes.  Just register the number in fdisk and the canonical
list of kernel macros (diskmbr.h).

Obtained from:	DragonFlyBSD (794d80aa519b394b3174f20776a) (small subset of)
2019-05-18 00:22:28 +00:00
Scott Long
8212cecdde Better formatting for the logpage section 2019-05-17 18:15:47 +00:00
Kyle Evans
6a68e95de8 ifconfig(8): Add kld mappings for ipsec/enc
Additionally, providing mappings makes the comparison for already loaded
modules a little more strict. This should have been done at initial
introduction, but there was no real reason- however, it proves necessary for
enc which has a standard enc -> if_enc mapping but there also exists an
'enc' module that's actually CAM. The mapping lets us unambiguously
determine the correct module.

Discussed with:	ae
MFC after:	4 days
2019-05-10 13:18:22 +00:00
Kyle Evans
56f76a10c6 ifconfig(8): Partial revert of r347241
r347241 introduced an ifname <-> kld mapping table, mostly so tun/tap/vmnet
can autoload the correct module on use. It also inadvertently made bogus
some previously valid uses of sizeof().

Revert back to ifkind on the stack for simplicity sake. This reduces the
diff from the previous version of ifmaybeload for easiser auditing.
2019-05-09 12:58:33 +00:00
Kyle Evans
251a32b5b2 tun/tap: merge and rename to tuntap
tun(4) and tap(4) share the same general management interface and have a lot
in common. Bugs exist in tap(4) that have been fixed in tun(4), and
vice-versa. Let's reduce the maintenance requirements by merging them
together and using flags to differentiate between the three interface types
(tun, tap, vmnet).

This fixes a couple of tap(4)/vmnet(4) issues right out of the gate:
- tap devices may no longer be destroyed while they're open [0]
- VIMAGE issues already addressed in tun by kp

[0] emaste had removed an easy-panic-button in r240938 due to devdrn
blocking. A naive glance over this leads me to believe that this isn't quite
complete -- destroy_devl will only block while executing d_* functions, but
doesn't block the device from being destroyed while a process has it open.
The latter is the intent of the condvar in tun, so this is "fixed" (for
certain definitions of the word -- it wasn't really broken in tap, it just
wasn't quite ideal).

ifconfig(8) also grew the ability to map an interface name to a kld, so
that `ifconfig {tun,tap}0` can continue to autoload the correct module, and
`ifconfig vmnet0 create` will now autoload the correct module. This is a
low overhead addition.

(MFC commentary)

This may get MFC'd if many bugs in tun(4)/tap(4) are discovered after this,
and how critical they are. Changes after this are likely easily MFC'd
without taking this merge, but the merge will be easier.

I have no plans to do this MFC as of now.

Reviewed by:	bcr (manpages), tuexen (testing, syzkaller/packetdrill)
Input also from:	melifaro
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D20044
2019-05-08 02:32:11 +00:00
Conrad Meyer
6b6e2954dd List-ify kernel dump device configuration
Allow users to specify multiple dump configurations in a prioritized list.
This enables fallback to secondary device(s) if primary dump fails.  E.g.,
one might configure a preference for netdump, but fallback to disk dump as a
second choice if netdump is unavailable.

This change does not list-ify netdump configuration, which is tracked
separately from ordinary disk dumps internally; only one netdump
configuration can be made at a time, for now.  It also does not implement
IPv6 netdump.

savecore(8) is already capable of scanning and iterating multiple devices
from /etc/fstab or passed on the command line.

This change doesn't update the rc or loader variables 'dumpdev' in any way;
it can still be set to configure a single dump device, and rc.d/savecore
still uses it as a single device.  Only dumpon(8) is updated to be able to
configure the more complicated configurations for now.

As part of revving the ABI, unify netdump and disk dump configuration ioctl
/ structure, and leave room for ipv6 netdump as a future possibility.
Backwards-compatibility ioctls are added to smooth ABI transition,
especially for developers who may not keep kernel and userspace perfectly
synced.

Reviewed by:	markj, scottl (earlier version)
Relnotes:	maybe
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D19996
2019-05-06 18:24:07 +00:00
Alexander Motin
1aed499575 Decode Deallocate Logical Block Features.
MFC after:	1 week
2019-05-05 15:47:21 +00:00
Kirk McKusick
0061238fb0 This update eliminates a kernel stack disclosure bug in UFS/FFS
directory entries that is caused by uninitialized directory entry
padding written to the disk. It can be viewed by any user with read
access to that directory. Up to 3 bytes of kernel stack are disclosed
per file entry, depending on the the amount of padding the kernel
needs to pad out the entry to a 32 bit boundry. The offset in the
kernel stack that is disclosed is a function of the filename size.
Furthermore, if the user can create files in a directory, this 3
byte window can be expanded 3 bytes at a time to a 254 byte window
with 75% of the data in that window exposed. The additional exposure
is done by removing the entry, creating a new entry with a 4-byte
longer name, extracting 3 more bytes by reading the directory, and
repeating until a 252 byte name is created.

This exploit works in part because the area of the kernel stack
that is being disclosed is in an area that typically doesn't change
that often (perhaps a few times a second on a lightly loaded system),
and these file creates and unlinks themselves don't overwrite the
area of kernel stack being disclosed.

It appears that this bug originated with the creation of the Fast
File System in 4.1b-BSD (Circa 1982, more than 36 years ago!), and
is likely present in every Unix or Unix-like system that uses
UFS/FFS. Amazingly, nobody noticed until now.

This update also adds the -z flag to fsck_ffs to have it scrub
the leaked information in the name padding of existing directories.
It only needs to be run once on each UFS/FFS filesystem after a
patched kernel is installed and running.

Submitted by: David G. Lawrence <dg@dglawrence.com>
Reviewed by:  kib
MFC after:    1 week
2019-05-03 21:54:14 +00:00
Andrew Gallatin
35961dce98 Select lacp egress ports based on NUMA domain
This change creates an array of port maps indexed by numa domain
for lacp port selection. If we have lacp interfaces in more than
one domain, then we select the egress port by indexing into the
numa port maps and picking a port on the appropriate numa domain.

This is behavior is controlled by the new ifconfig use_numa flag
and net.link.lagg.use_numa sysctl/tunable (both modeled after the
existing use_flowid), which default to enabled.

Reviewed by:	bz, hselasky, markj (and scottl, earlier version)
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D20060
2019-05-03 14:43:21 +00:00
Ian Lepore
be1ef9be42 Update the manpage text to show the output generated by the first-stage
bootloader these days (x86 instead of i386).
2019-04-30 17:42:05 +00:00
Andrey V. Elsukov
761618de05 Handle HAVE_PROTO flag and print "proto" keyword for O_IP4 and O_IP6
opcodes when it is needed.
This should fix the problem, when printed by `ipfw show` rule could not
be added due to missing "proto" keyword.

MFC after:	2 weeks
2019-04-29 09:52:53 +00:00
Andrey V. Elsukov
aee793eec9 Add GRE-in-UDP encapsulation support as defined in RFC8086.
This GRE-in-UDP encapsulation allows the UDP source port field to be
used as an entropy field for load-balancing of GRE traffic in transit
networks. Also most of multiqueue network cards are able distribute
incoming UDP datagrams to different NIC queues, while very little are
able do this for GRE packets.

When an administrator enables UDP encapsulation with command
`ifconfig gre0 udpencap`, the driver creates kernel socket, that binds
to tunnel source address and after udp_set_kernel_tunneling() starts
receiving of all UDP packets destined to 4754 port. Each kernel socket
maintains list of tunnels with different destination addresses. Thus
when several tunnels use the same source address, they all handled by
single socket.  The IP[V6]_BINDANY socket option is used to be able bind
socket to source address even if it is not yet available in the system.
This may happen on system boot, when gre(4) interface is created before
source address become available. The encapsulation and sending of packets
is done directly from gre(4) into ip[6]_output() without using sockets.

Reviewed by:	eugen
MFC after:	1 month
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D19921
2019-04-24 09:05:45 +00:00
Steven Hartland
3bed0179ee Add ATA power mode support to camcontrol
Add the ability to report ATA device power mode with the cmmand 'powermode'
to compliment the existing ability to set it using idle, standby and sleep
commands.

MFC after:	2 weeks
Sponsored by:	Multiplay
2019-04-23 07:46:38 +00:00
Benedict Reuschling
da343996fa Typo fix in ipfw.8: amd -> and
There is an (obvious) typo in the following sentence:

"Please note, that keep-state amd limit imply implicit check-state for ..."

Replace the "amd" with "and", bump .Dd.

PR:			237438
Submitted by:		michael@galassi.us
MFC after:		3 days
2019-04-21 18:27:13 +00:00
Kristof Provost
7296d6c9bf pfctl: Fix ifgroup check
We cannot just assume that any name which ends with a letter is a group
That's not been true since we allowed renaming of network interfaces. It's also
not true for things like epair0a.

Try to retrieve the group members for the name to check, since we'll get ENOENT
if the group doesn't exist.

MFC after:	1 week
Event:		Aberdeen hackathon 2019
2019-04-19 10:52:54 +00:00