Also, add a missing LIBPANEL dependency for lldb
Approved by: rpaulo (mentor)
Suggested by: brooks
MFC after: 5 days
Phabric: D675 (as part of a larger diff)
PR: 192762
The executable itself doesn't contain any privileged information.
An example of where this is useful is when makefs(8) is creating an image
that includes /sbin/shutdown. This can now be done without root privileges.
Reviewed by: delphij
Discussed with: delphij, des
CR: https://reviews.freebsd.org/D662
Sometimes nmount(2) will fail without setting errmsg. The previous (ignored)
error would then be shown as the reason for the failed call if the next
nmount(2) also fails without [ENOENT,ENOTSUP].
An example is when there is a tmpfs mounted with -o size. vfs_filteropt() adds
'size' as an error in errmsg due to 'size' not being in tmpfs_updateopts. Then
tmpfs_mount returns [ENOTSUP] from nmount(2), which is then ignored. The next
call may race with an unmount causing an invalid [EINVAL] that then does log an
error, with the tmpfs errmsg.
The race itself is a separate issue to fix as it is expected to have an
[ENOENT] returned instead.
In this example the mount being shown is actually nullfs, not tmpfs that the
error is from.
mountd[740]: can't delete exports for /poudriere/data/.m/exp-head-commit-test-devel/04/.npkg: Invalid argument mount option <size> is unknown
It should only show:
mountd[740]: can't delete exports for /poudriere/data/.m/exp-head-commit-test-devel/04/.npkg: Invalid argument
MFC after: 2 weeks
1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other
build-only utility libraries.
2. Another 40% is fixed by generating _pic.a variants of various libraries.
3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR)
where it never would work anyhow, such as csu or loader. This suggests
there may be better ways of adding support to the tree. Many of these
cases can be fixed such that -fPIE will work but there is really no
reason to have it in those cases.
4. Some of the uses are working around hacks done to some Makefiles that are
really building libraries but have been using bsd.prog.mk because the code
is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have
been needed.
We likely do want to enable PIE by default (opt-out) for non-tree consumers
(such as ports). For in-tree though we probably want to only enable PIE
(opt-in) for common attack targets such as remote service daemons and setuid
utilities. This is also a great performance compromise since ASLR is expected
to reduce performance. As such it does not make sense to enable it in all
utilities such as ls(1) that have little benefit to having it enabled.
Reported by: kib
UNIX systems, eg. MacOS X and Solaris. It uses Sun-compatible map format,
has proper kernel support, and LDAP integration.
There are still a few outstanding problems; they will be fixed shortly.
Reviewed by: allanjude@, emaste@, kib@, wblock@ (earlier versions)
Phabric: D523
MFC after: 2 weeks
Relnotes: yes
Sponsored by: The FreeBSD Foundation
Add the ACPI MCFG table to advertise the extended config memory window.
Introduce a new flag MEM_F_IMMUTABLE for memory ranges that cannot be deleted
or moved in the guest's address space. The PCI extended config space is an
example of an immutable memory range.
Add emulation for the "movzw" instruction. This instruction is used by FreeBSD
to read a 16-bit extended config space register.
CR: https://phabric.freebsd.org/D505
Reviewed by: jhb, grehan
Requested by: tychon
Make sure everything linking to a privatelib and/or an internallib does it directly
from the OBJDIR rather than DESTDIR.
Add src.libnames.mk so bsd.libnames.mk is not polluted by libraries not existsing
in final installation
Introduce the LD* variable which is what ld(1) is expecting (via LDADD) to link to
internal/privatelib
Directly link to the .so in case of private library to avoid having to complexify
LDFLAGS.
Phabric: https://phabric.freebsd.org/D553
Reviewed by: imp, emaste
null terminate.
Temporarily use "From: $user@$hostname" rather than "From: $user".
The latter exposes incompatible behavior if using dma(8). sendmail(8)
(and other alternatives) canonify either form on submission (even
if masquerading), but dma will leak a non-compliant address to
the internet.
This allows for CARP interfaces to be used in jails e.g.
ip4.addr = "em0|10.10.1.20/32 vhid 1 pass MyPass advskew 100"
Before this change using exec.prestart to configure a CARP address
would result in the wrong MAC being broadcast on startup as jail creates
IP aliases to support ip[4|6].addr before exec.prestart is executed.
PR: 191832
Reviewed by: jamie
MFC after: 1 week
X-MFC-With: r269340
Phabric: D528
Sponsored by: Multiplay
expect (require) data on stdin. The effect of this is that, when
backgrounded, $! returns the pid of an Xdialog(1) instance instead of
an sh(1) instance -- the difference being a later kill of $! will reach
the Xdialog(1) instance whereas without the exec the kill succeeds on
the sh(1) instance leaving Xdialog(1) open.
ability to specify the the full path name of the keymap file.
Instead leave the original search order intact, but insert the path for
newcons-specific fonts (if run on a system using newcons):
- KEYMAP_PATH in environment
- full path name
- /usr/share/vt/keymaps (only if newcons is in use!)
- /usr/share/syscons/keymaps (also as fall-back for newcons)
MFC after: 1 week
newcons specific keymap files, not prefix[2]. The result of this bug was
that kbdcontrol ignored the files in the syscons keymap directory, which
apparently still work under newcons, for most locales.
MFC after: 1 week
change 0 means success and non-zero means failure.
This also helps to eliminate VMEXIT_POWEROFF and VMEXIT_RESET as return values
from VM-exit handlers.
CR: D480
Reviewed by: grehan, jhb
The faulting instruction needs to be restarted when the exception handler
is done handling the fault. bhyve now does this correctly by setting
'vmexit[vcpu].inst_length' to zero so the %rip is not advanced.
A minor complication is that the fault injection APIs are used by instruction
emulation code that is shared by vmm.ko and bhyve. Thus the argument that
refers to 'struct vm *' in kernel or 'struct vmctx *' in userspace needs to
be loosely typed as a 'void *'.
properly clustered.
Change `fixedsize' to `fixedsize = true' to satisfy newer versions of dot(1)
generating error "Warning: <stdin>: syntax error in line 27 near ','".
Remove bounding cluster surrounding various include-groupings, allowing
groups of include files to float freely to the greatest consumer (reducing
the density of rendered diagrams).
While here, change the bgcolor of include clusters from white to X11 color
`thistle' (a light purple).
Also, add the word "Subroutines" after include cluster labels.
Do not terminate the digraph definition with a semi-colon [;] after the
ending brace to satisfy newer versions of dot(1) generating error "Warning:
<stdin>: syntax error in line 940 near ';'".
MFC after: 3 days
X-MFC-to: stable/10, stable/9
a list of packages using the bsdconfig(8) API, providing dialog(8) based
user experience (versus plain console output were you to use pkg(8)
directly to install the same list of packages).
Remove example script `browse_packages_ftp.sh', made obsolete because
the digests.txz and packagesite.txz databases for pkg(8) are not
available via FTP (HTTP only to pkg.freebsd.org SRV hosts).
Update example script `browse_packages_http.sh', made to work with new
pkg(8) demonstrating how to generate a local package repository.
Fix a bug in `bsdconfig packages' where packages were listed twice. This
fix requires pkg(8) version 1.2.7_4 or higher.
NB: It is the introduction of pkg(8) 1.2.7_4 wherein I am also able to
drastically reduce the generation time of package dependencies prior to
the dialog display (by utilizing the new `-I' flag to pkg-rquery(8)).
While here, fix a positional argument nit for f_index_initialize() of
`packages/index.subr' include (the one and only argument is positional
argument 1 to state the by-ref handle, indicating the variable to set
in the caller's namespace; the nit I'm fixing here is that we were
querying positional argument 2 for this information incorrectly; caused
by a missing hunk back around SVN r257795).
Fix a bug in sysrc(8) described by PR bin/187458 "sysrc(8) silently and
unexpectedly bootstraps pkg". This was caused by an explicit entry in
`/usr/share/bsdconfig/common.subr' (used by sysrc(8)) that called pkg(8)
to populate the $PKG_ABI global (called in a way that allows implicit
bootstrap of pkg(8)). The solution to which was to find every place in
bsdconfig(8) that requires the $PKG_ABI global and add a layer of
protection by way of introducing the new API call f_musthavepkg_init()
(provided by new include, `/usr/share/bsdconfig/packages/musthavepkg.subr'
intented to mirror `/usr/share/bsdconfig/mustberoot.subr'). When the
$PKG_ABI global is required, you can use `f_musthavepkg_init' to cause
graceful premature termination in the event that pkg(8) has not yet been
bootstrapped, and thus cannot be used to populate $PKG_ABI.
NB: If running interactively ($nonInteractive is NULL or unset), the
f_musthavepkg_init() API call will attempt to bootstrap pkg(8), but only
if the user chooses "Yes" to a Yes/No dialog confirming it is ok to
bootstrap.
While here, simplify an if-conditional in `media/http.subr' include to
use sh(1) inline assignment-with-break.
Also, fix a bug in `media/http.subr' and `media/httpproxy.subr' wherein
the error messages for various HTTP failures were not finding their way
to the console (needed to pass stdout to pass-thru descriptor).
While here, remove the executable bit from `packages/categories.subr',
`packages/index.subr', and `packages/packages.subr' includes.
Fix issues where pkg(8) complains about PACKAGESITE being defined.
Previously, we would set $PACKAGESITE and export it. Now we only set
$PACKAGESITE for invocations of "pkg update" -- getting rid of all the
spurious warnings about PACKAGESITE being deprecated (it's still used
in the case of "pkg update" for simplicity versus having to configure
a config-file).
Remove the leading argument from invocations of f_index_initialize() in
`packages/packages.subr' include. The leading argument no longer means
what it used to, pre SVN r257995).
PR: bin/187458
Reviewed by: nwhitehorn
MFC after: 1 week
X-MFC-to: stable/10, stable/9
A nested exception condition arises when a second exception is triggered while
delivering the first exception. Most nested exceptions can be handled serially
but some are converted into a double fault. If an exception is generated during
delivery of a double fault then the virtual machine shuts down as a result of
a triple fault.
vm_exit_intinfo() is used to record that a VM-exit happened while an event was
being delivered through the IDT. If an exception is triggered while handling
the VM-exit it will be treated like a nested exception.
vm_entry_intinfo() is used by processor-specific code to get the event to be
injected into the guest on the next VM-entry. This function is responsible for
deciding the disposition of nested exceptions.
+ Make `sysrc -x foo' produce error status if foo is unset.
NB: Reported by lme (everything else ``while I'm at it'')
+ Remove mention of SYSRC_VERBOSE from `sysrc --help' output.
NB: False documentation leftover from an ancient precursor.
+ Make `sysrc -qc foo' work the same as `sysrc -ic foo' when foo is unset
NB: For syntax convenience (my fingers know `-q' more than `-i').
+ Update description of `-c' flag in help message/manual.
+ Update description of `-q' flag in help message/manual.
+ Make `sysrc -vc foo' work as documented in the manual
NB: Show message stating whether foo is currently set.
+ Make `sysrc -vc foo=1' work as documented in the manual
NB: Show message stating how value of foo would be changed (if at all).
+ Remove odd usage of parentheses in `-R dir' section of manual.
+ Clarify syntax section of manual w/respect to sysctl(8) similarities.
+ Add new/missing people to the `THANKS TO' section of the manual.
Reported by: lme
MFC after: 3 days
X-MFC-to: stable/10, stable/9, ports
variants. This allows usable file system images (i.e. those with both a
shell and an editor) to be created with only one copy of the curses library.
Exp-run: antoine
PR: 189842
Discussed with: bapt
Sponsored by: DARPA, AFRL
To use tmux in an rc.d script, use the new-session flag "-d".
To use screen in an rc.d script, use the "-dm" flag.
If you really need to launch an attached session, manually
export TERM=xterm (FreeBSD 9.0 or higher) or export TERM=cons25
for older releases.
Reported by: bdrewery
Discussed on: src-committers, svn-src-all, svn-src-head
PR: bin/191869
This allows to clone VMs and move them between LUNs inside one storage
host without generating extra network traffic to the initiator and back,
and without being limited by network bandwidth.
LUNs participating in copy operation should have UNIQUE NAA or EUI IDs set.
For LUNs without these IDs VMWare will use traditional copy operations.
Beware: the above LUN IDs explicitly set to values non-unique from the VM
cluster point of view may cause data corruption if wrong LUN is addressed!
MFC after: 2 weeks
Sponsored by: iXsystems, Inc.
would behave differently when utilizing rc-script was invoked manually vs.
service(8). The issue being that these utilities require the TERM environ
variable to be set and service(8) was not passing it down.
Reported by: Michael Dexter <editor@callfortesting.org>
PR: bin/191869
Reviewed by: allanjude
MFC after: 3 days
X-MFC-to: stable/10, stable/9
This includes:
o All directories named *ia64*
o All files named *ia64*
o All ia64-specific code guarded by __ia64__
o All ia64-specific makefile logic
o Mention of ia64 in comments and documentation
This excludes:
o Everything under contrib/
o Everything under crypto/
o sys/xen/interface
o sys/sys/elf_common.h
Discussed at: BSDcan
teardown, and new port creation during `service ctld restart`.
Close it by returning iSCSI port internal state, that allows to identify
dying ports, which should not be counted as existing, from really alive.
Previously ISID was changed every time, that made impossible correct
persistent reservation, because reconnected session was identified as
completely new one.
Reviewed by: trasz
MFC after: 1 week
Instead make ports provide wanted port and target IDs, and LUNs provide
wanted LUN IDs. After that core Device ID VPD code only had to link all
of them together and add relative port and port group numbers.
LUN ID for iSCSI LUNs no longer created by CTL, but by ctld, and passed
to CTL as "scsiname" LUN option. This makes LUNs to report the same set
of IDs, independently from the port through which it is accessed, as
required by SCSI specifications.
Having single port for all iSCSI connections makes problematic implementing
some more advanced SCSI functionality in CTL, that require proper ports
enumeration and identification.
This change extends CTL iSCSI API, making ctld daemon to control list of
iSCSI ports in CTL. When new target is defined in config fine, ctld will
create respective port in CTL. When target is removed -- port will be
also removed after all active commands through that port properly aborted.
This change require ctld to be rebuilt to match the kernel.
As a minor side effect, this allows to have iSCSI targets without LUNs.
While that may look odd and not very useful, that is not incorrect.
partitions of types other than "freebsd-boot" (in particular, "efi").
This allows the removal of some nasty hacks for supporting PowerPC systems,
in particular aliasing freebsd-boot to apple-boot on APM and an IBM-specific
code on MBR.
This changes the installer to use the correct names, which also breaks a
degeneracy in the meaning of "freebsd-boot" that allows the addition
of support for some newer IBM systems that can boot from GPT in addition to
MBR. Since I have no idea how to detect which those systems are, leave
the default on IBM PPC systems as MBR for now.
As sc(4) and vt(4) coexist and are both enabled in GENERIC, the existence
of a vt(4) sysctl is not sufficient to determine that vt(4) is in use.
Reported by: Trond Endrestøl
retrieve the sensor temperature.
This also avoid the overflow that could happen on sysctlnametomib(3)
because the code was not checking the length of the mib array.
CID: 1222504
Previuosly given 'foo,bar' members, removing 'foo' would result in an
infinite loop.
PR: 191427
Submitted by: Voradesh Yenbut <yenbut cs.washington.edu>
MFC after: 1 week
similar to -g.)
- Document -U to set the SMBIOS UUID.
- Add missing options to the usage output and to the manpage Synopsis.
- Don't claim that bvmdebug is amd64-only (it is also a device, not an
option).
Previously the sizes were inferred indirectly based on the size of the mappings
at 0 and 4GB respectively. This works fine as long as size of the allocation is
identical to the size of the mapping in the guest's address space. However, if
the mapping is disjoint then this assumption falls apart (e.g., due to the
legacy BIOS hole between 640KB and 1MB).
running at the same time causing problems w/ wifi not working..
the patch will be submitted upstream... The next step if someone wants
to push it upstream is to break os_unix.c up so that all these other
utilities don't need libutil..
Reviewed by: rpaulo
separate argument structure with added level_type field for
CPUID_CPUID_COUNT request.
Reviewed by: attilio (previous version)
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
performing cpuid calls.
Add also a new way to specify the level type to cpucontrol(8) as
reported in the manpage.
Sponsored by: EMC / Isilon storage division
Reviewed by: bdrewery, gcooper
Testerd by: bdrewery
Before this it was impossible to use all 16 bytes of serial number, and
client always got serial number NULL-terminated, that is not required.
MFC after: 2 weeks
This is currently an opt-in build flag. Once ASLR support is ready and stable
it should changed to opt-out and be enabled by default along with ASLR.
Each application Makefile uses opt-out to ensure that ASLR will be enabled by
default in new directories when the system is compiled with PIE/ASLR. [2]
Mark known build failures as NO_PIE for now.
The only known runtime failure was rtld.
[1] http://www.bsdcan.org/2014/schedule/events/452.en.html
Submitted by: Shawn Webb <lattera@gmail.com>
Discussed between: des@ and Shawn Webb [2]
register pairs where two 32-bit registers make up a larger logical
size. Support those access by splitting the quad-word into two
double-words.
Reviewed by: grehan
remove the now-redundant checks for RELEASE_CRUNCH. This originally
was defined for building smaller sysinstall images, but was later also
used by picobsd builds for a similar purpose. Now that we've moved
away from sysinstall, picobsd is the only remaining consumer of this
interface. Adding these two options reduces the RELEASE_CRUNCH
special cases in the tree by half.
the system.
Together with lm75(4) this module allows easy temperature monitoring over
SNMP, specially for embedded systems.
Manual page reviewed by: brueffer (D128)
to 16. This is arbitrary and is used to ensure that a vcpu goes back into
the vm_run() loop to process interrupts or rendezvous events in a timely
fashion.
Found with: Coverity Scan
CID: 1216436
it implicitly in vmm.ko.
Add ioctl VM_GET_CPUS to get the current set of 'active' and 'suspended' cpus
and display them via /usr/sbin/bhyvectl using the "--get-active-cpus" and
"--get-suspended-cpus" options.
This is in preparation for being able to reset virtual machine state without
having to destroy and recreate it.
Put the superblock in the correct possition for UFS2... There is a bug
in FFS that if we don't put it here (for UFS2), it will forcefully
relocate the superblock, and I believe cause data loss..
I have a fix for that, but w/ how many releases are broken, we won't be
able to switch to the better _FLOPPY (block 0) for this for a while..
o Teach vidcontrol(1) to distinct which virtual terminal system is running now.
o Load vt(4) fonts from different location.
o Add $FreeBSD$ tag for path.h.
Tested by: Claude Buisson <clbuisson@orange.fr>
MFC after: 7 days
Sponsored by: The FreeBSD Foundation
fault on the destination buffer.
Prior to this change a page fault would be detected in vm_copyout(). This
was done after the I/O port access was done. If the I/O port access had
side-effects (e.g. reading the uart FIFO) then restarting the instruction
would result in incorrect behavior.
Fix this by validating the guest linear address before doing the I/O port
emulation. If the validation results in a page fault exception being injected
into the guest then the instruction can now be restarted without any
side-effects.
API function 'vie_calculate_gla()'.
While the current implementation is simplistic it forms the basis of doing
segmentation checks if the guest is in 32-bit protected mode.
of the guest linear address space. These APIs in turn use a new ioctl
'VM_GLA2GPA' to convert the guest linear address to guest physical.
Use the new copyin/copyout APIs when emulating ins/outs instruction in
bhyve(8).
'struct vm_guest_paging'.
Check for canonical addressing in vmm_gla2gpa() and inject a protection
fault into the guest if a violation is detected.
If the page table walk is restarted in vmm_gla2gpa() then reset 'ptpphys' to
point to the root of the page tables.
the UART FIFO.
The emulation is constrained in a number of ways: 64-bit only, doesn't check
for all exception conditions, limited to i/o ports emulated in userspace.
Some of these constraints will be relaxed in followup commits.
Requested by: grehan
Reviewed by: tychon (partially and a much earlier version)
an embedded newline appearing within the options string surrounded by
double-quotes. Rework the logic that goes into setting dataset options on
the root pool dataset while we're here -- added two new variables (which
can be altered via scripting) ZFSBOOT_POOL_CREATE_OPTIONS and also
ZFSBOOT_BOOT_POOL_CREATE_OPTIONS for setting pool/dataset attributes at
the time of pool creation. The former is for setting options on the root
pool (zroot) and the latter is for setting options on the optional separate
boot pool (bootpool) implicitly enabled when using either GELI or MBR. The
default value for the root pool variable (ZFSBOOT_POOL_CREATE_OPTIONS) is
"-O compress=lz4 -O atime=off" and the default value for separate boot pool
variable (ZFSBOOT_BOOT_POOL_CREATE_OPTIONS) is NULL (no additional options
for the separate boot pool dataset).
Reviewed by: allanjude
MFC after: 7 days
X-MFC-with: r266107-266109
default for newsyslog(8).
The /usr/local/etc/newsyslog.conf.d will give packages an opportunity to
install a default configuration to handle their own log files.
MFC after: 2 weeks
Relnotes: yes
