Include evdev support and drivers in the amd64 and i386 GENERIC and MINIMAL
kernels. Evdev is used by X and wayland to handle input devices, and this
change, together with upcomming changes in ports will make us handle input
devices better in graphical UIs.
Reviewed by: wulf, bapt, imp
Approved by: imp
Differential Revision: https://reviews.freebsd.org/D17912
And build libdl unconditionally. All supported FreeBSD linkers accept
-F / --filter so there is no need to test for support.
Discussed with: kib
Sponsored by: The FreeBSD Foundation
We need to know actual value for the standard extended features before
ifuncs are resolved.
Reported and tested by: madpilot
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
A kernel panic can occur if the cxgbe interface is DOWN
when activating netmap. This patch prevents the driver
from freeing up cxgbe netmap resources when they have not
been allocated.
Submitted by: Nicolas Witkowski <nwitkowski@verisign.com>
Reviewed by: np
MFC after: 1 week
Sponsored by: Verisign, Inc.
Differential Revision: https://reviews.freebsd.org/D17802
cap_fileargs is a Casper service which helps to sandbox applications that need
access to the filesystem namespace. The main purpose of the service is to make
easy to capsicumize applications that works on multiple files passed in argv.
We have a couple example of using it but we still treat this service as an
experimental one.
Reviewed by: emsate (previous version), jonathan (partially)
Discussed with: many
Differential Revision: https://reviews.freebsd.org/D14407
The vlan interfaces can be created from vnet jails, it seems, so it
sounds logical to allow pcp configuration as well.
Reviewed by: bz, hselasky (previous version)
Sponsored by: Mellanox Technologies
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D17777
Several statistic counters are uint64_t values and are printed by systat
using %lu. This results in displaying wrong numbers. Use PRIu64 instead.
While there, print variables of size_t using %zd.
MFC after:i 3 days
Differential Revision: https://reviews.freebsd.org/D17838
Now an interface name can be specified for nptv6 instance instead of
ext_prefix. The module will track if_addr_ext events and when suitable
IPv6 address will be added to specified interface, it will be configured
as external prefix. When address disappears instance becomes unusable,
i.e. it doesn't match any packets.
Reviewed by: 0mp (manpages)
Tested by: Dries Michiels <driesm dot michiels gmail com>
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D17765
Correct boneheaded assertion I added in r339501. Mea culpa.
The intent is to notice when an M_WAITOK zone allocation would fail during
netdump, not to prevent all use of mbufs during netdump.
Reviewed by: markj
X-MFC-With: r339501
Differential Revision: https://reviews.freebsd.org/D17957
they use 24-hour clock notation. The visible change is that w(1) now
uses 24-hour clock format as it checks for t_fmt_ampm presence.
PR: 231771
Submitted by: Christoph Schönweiler <public2016@hauptsignal.at>
Reviewed by: bapt
Approved by: kib (mentor, implicit)
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D17945
paths.
It was decided that committing the code and drafting of the man page
update is better than allowing the code to rot until wordsmithing
happens.
Reviewed by: jilles (previous version)
Discussed with: brooks, jilles, emaste
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D17714
Exit with a zero status when Postfix reports "Mail queue is empty" so this
section won't appear in the report at all when daily_show_success="NO".
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon
This also removes a lot of #ifdefs and cleans up a warning when the
AUDIT kernel option is defined, but neither KDTRACE_HOOKS nor MAC are.
Reported and tested by: danger
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
The path must have a tail which does not escape starting/topping
directory. The documentation will come shortly, see the man pages
commit message for the reason of separate commit.
Reviewed by: jilles (previous version)
Discussed with: emaste
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D17714
and dependent functions (eg getpwname(3)) get called. This can
improve performance of binaries that perform a lot of name
lookups, such as gssd(8). It also matches documented behaviour
of Linux and Solaris.
The old code is left in place, should anyone need it, guarded
by #ifdef NS_REREAD_CONF.
Reviewed by: imp, bcr
MFC after: 2 weeks
Relnotes: yes
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D17934
The previously activated BE should have canmount=noauto set on it upon
activation of the new BE, but we previously did not touch canmount on either
old or new BE.
PR: 233113
MFC after: 3 days
r336984 exposed the bug fixed in r340241, leading to the initial revert
while the bug was being hunted down. Now that the bug is fixed, we
can revert the revert.
Discussed with: alc
MFC after: 3 days
-P was introduced in 4.4BSD-Lite2 around 1994. It overwrote file contents
with a pass of 0xff, 0x00, then 0xff, in a low effort attempt to "really
delete" files.
It has no user-visible effect; at the end of the day, the file is unlinked via
the filesystem. Furthermore, the utility of overwriting files with patterned
data is extremely limited due to caveats at every layer of the stack[0] and
therefore mostly futile. At the least, three passes is likely wasteful on
modern hardware[1]. It could also be seen as a violation of the "Unix
Philosophy" to do one thing per tiny, composable program.
Since 1994, FreeBSD has left it alone; OpenBSD replaced it with a single
pass of arc4random(3) output in 2012[2]; and NetBSD implemented partial, but
explicitly incomplete support for U.S. DoD 5220.22-M, "National Industrial
Security Program Operating Manual" in 2004[3].
NetBSD's enhanced comment above rm_overwrite makes a strong case for removing
the flag entirely:
> This is an expensive way to keep people from recovering files from your
> non-snapshotted FFS filesystems using fsdb(8). Really. No more.
>
> It is impossible to actually conform to the exact procedure given in
> [NISPOM] if one is overwriting a file, not an entire disk, because the
> procedure requires examination and comparison of the disk's defect lists.
> Any program that claims to securely erase *files* while conforming to the
> standard, then, is not correct.
>
> Furthermore, the presence of track caches, disk and controller write
> caches, and so forth make it extremely difficult to ensure that data have
> actually been written to the disk, particularly when one tries to repeatedly
> overwrite the same sectors in quick succession. We call fsync(), but
> controllers with nonvolatile cache, as well as IDE disks that just plain lie
> about the stable storage of data, will defeat this.
>
> [NISPOM] requires physical media destruction, rather than any technique of
> the sort attempted here, for secret data.
As a first step towards evental removal, make it a placebo. It's not like
it was serving any security function. It is not defined in or mentioned by
POSIX.
If you are security conscious and need to erase your files, use a
woodchipper. At a minimum, the entire disk needs to be overwritten, not
just one file.
[0]: https://www.ru.nl/publish/pages/909282/draft-paper.pdf
[1]: https://commons.erau.edu/cgi/viewcontent.cgi?article=1131&context=jdfsl
[2]: https://github.com/openbsd/src/commit/7c5c57ba81b5fe8ff2d4899ff643af18c
[3]: https://github.com/NetBSD/src/commit/fdf0a7a25e59af958fca1e2159921562cd
Reviewed by: markj, Daniel O'Connor <darius AT dons.net.au> (previous version)
Differential Revision: https://reviews.freebsd.org/D17906
make buildenv can be used for building for the same architecture as
the host (perhaps this is a degenerate case of cross-building).
TARGET and TARGET_ARCH do not need to be set in this case.
Reviewed by: bdrewery
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D10759
Various improvements to the netmap pkt-gen program:
- indentation fixes
- support for IPV6
- fixes to checksum computation
- support for NS_MOREFRAG
- rate limiting in ping mode
Reviewed by: bcr, 0mp
Approved by: gnn (mentor)
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D17698
of jails. Jails have their own user/group databases and this script
can produce multiple false warnings, not to mention significant extra
load in case of large jailed subtrees. Leave this check for jailed
invocations of the same script.
MFC after: 1 month
a list of configured non-wildcard jails with their parameters,
no matter running or not.
The option -e takes separator argument that is used
to separate printed parameters. It will be used with following
additions to system periodic scripts to differentiate parts
of directory tree belonging jails as opposed to host's.
MFC after: 1 month
The new default config will only include files from the following
directories which end with '.conf' and do not beginning with a '.'
character:
- /etc/newsyslog.conf.d/
- /usr/local/etc/newsyslog.conf.d/
This matches the syslog.conf(5) functionality, and also prevents '.sample' or
'.pkgnew' files being included. This is important for ports which install files
in /usr/local/etc/newsyslog.conf.d/ and also for pkgbase.
Approved by: eadler
Approved by: bapt
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D17086
fusefs is inconsistently named. The kernel module is named "fuse", but the
mount helper is named "mount_fusefs" and the jail(8) parameter is named
"allow.mount.fusefs". Special case it in libjail.
Reviewed by: jamie
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D17929
Such fragments are obviously invalid, and when processed may end up
violating the sort order (by offset) of fragments of a given packet.
This doesn't appear to be exploitable, however.
Reviewed by: emaste
Discussed with: jtl
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17914
Maxmem is the highest address for physical memory in the system. It's
measured in pages which, since max() returns a u_int, should allow for up to
2^44 bytes of memory addressable by the system. However, on POWER9 systems
at least, memory addressed by additional socketed CPUs begins at addresses
far above the 2^44 mark, causing issues with memory accesses and DMA, when
memory is addressed on the auxiliary CPUs. Use the MAX() macro instead,
which doesn't convert arguments, so retains Maxmem and all calculations as
its defined long type (64-bit on powerpc64), keeping the maximum address
correct.
Submitted by: mmacy
