and MK_LLDB=no, so set those explicitly (now that we can do
that). Simplify tests for these variables as well, since we know they
will always be defined regardless of the phase of the build.
install it as fmake. This defaults to no. This should be viewed as the
first step towards evental migration of this historic code to ports
and removal from the tree.
If e_shnum or e_shstrndx are at least SHN_LORESERVE (0xff00) then an
escape value is used to indicate that the actual value is found in one
of section 0's fields.
Sponsored by: DARPA, AFRL
This actually completes r264743 so that width and precision
specifiers work properly with %n$. These keeps consistency
with ksh93 and zsh.
Requested by: jilles
Obtained from: Garrett D'Amore (Illumos)
MFC after: 4 days
sector granularity for both offset and length. Have all schemes
use mkimg_write() instead of mkimg_seek() followed by write(2).
Now that schemes don't use lseek(2) nor write(2) directly, it's
easier to support output formats other than raw disks.
instead of from /usr/share/mk.
I'm not sure that this will let buildworld complete on a system with
no installed src.opts.mk (make buildworld is still running), but the
tinderbox builds are all failing earlyon without this patch.
build world, so it is the only make we build or install. fmake is
still in the tree, but disconnected, and upgrades from older systems
that still have bmake has not been removed, but its state has not been
tested (it should work given how minimal the work to upgrade to bmake
is).
same events that tcpstat's tcps_rcvmemdrop counter counts.
- Rename tcps_rcvmemdrop to tcps_rcvreassfull and improve its
description in netstat(1) output.
Sponsored by: Netflix
Sponsored by: Nginx, Inc.
netstat has two options for printing multicast tables:
sysctl (the default one for live systems) and kvm-based one (for cores).
It looks like kvm-based one hasn't been working since it's been introduced
in r190012 due to absence of mfctablesize kernel symbol.
Check for all ipv4-multicast symbols being correctly resolved was introduced
in r259638 regardless of 'live' value leading to "No IPv4 MROUTING" error
message.
Reported by: Olivier Cochard-Labbé
MFC after: 1 week
- Introduce a separate usage() function.
- Don't use argv[0]. Directly name the application, as we do elsewhere.
- Don't prepend the application name.
- Don't print two newlines.
Add a new %n$ option to change the order of the parameters as
done in the ksh93 builtin printf (among others).
For example:
%printf '%2$1d %1$s\n' one 2 three 4
2 one
4 three
The feature was written by Garret D'Amore under a
BSD license for Nexenta/illumos.
Reference:
http://garrett.damore.org/2010/10/new-implementation-of-printf.html
PR: bin/152934
Obtained from: Illumos
MFC after: 2 weeks
For 10 years, the "DIALUP <tty>, <user>" message has required having a
hostname (-h) instead of not having a hostname; therefore, it is never
logged. Given that dialup is obsolete and this has not been fixed, remove
the log message.
Note that LOGALL, which is defined by default, logs a message for all
logins, including dialup logins.
For increased compatibility with GNU units: support a -v option which
produces more verbose output when spitting out the answer.
GNU -v does additional work in the version, information, and check output which
we do not (yet?) replicate.
and finish the job. ncurses is now the only Makefile in the tree that
uses it since it wasn't a simple mechanical change, and will be
addressed in a future commit.
As per POSIX, the -exec ... {} + primary always returns true, but a non-zero
exit status causes find to return a non-zero exit status itself. GNU does
the same, and also for -execdir ... {} +.
It does not make much sense to return false from the primary only when the
child process happens to be run.
The behaviour for -exec/-execdir ... ; remains unchanged: the primary
returns true or false depending on the exit status, and find's exit status
is unaffected.
The units program is likely little used. It is even less likely that a script
will want the units program to print out its version number by passing -v.
GNU units uses -V for version and -v for verbosity.
Increase compatibility between these two versions (written by the same author)
by switching our flag as well.
Take this opportunity to remove bogus information about the version number and
just call it 'FreeBSD units'.
Discussed with: cperciva, rwatson
fts_read() leaves errno unchanged on EOF and sets it on error, so set errno
to 0 before calling it. Also, don't trust finish_execplus() to leave errno
unchanged.
These were originally deleted as "not important" but, actually we need them
in place if we want to be able to use autoconf on software that provides
atf-based tests. (That includes being able to rebuild autotest from scratch
on the Kyua cluster machines, as the automated setup does.)
This is useful for debugging compat modules.
Sponsored by: EMC / Isilon Storage Division
Obtained from: Isilon OneFS (based on work by Jeff Hughes)
MFC after: 2 weeks
all the SUBDIR entries in parallel, instead of serially. Apply this
option to a selected number of Makefiles, which can greatly speed up the
build on multi-core machines, when using make -j.
This can be extended to more Makefiles later on, whenever they are
verified to work correctly with parallel building.
I tested this on a 24-core machine, with make -j48 buildworld (N = 6):
before stddev after stddev
======= ====== ======= ======
real time 1741.1 16.5 959.8 2.7
user time 12468.7 16.4 14393.0 16.8
sys time 1825.0 54.8 2110.6 22.8
(user+sys)/real 8.2 17.1
E.g. the build was approximately 45% faster in real time. On machines
with less cores, or with lower -j settings, the speedup will not be as
impressive. But at least you can now almost max out a machine with
buildworld!
Submitted by: jilles
MFC after: 2 weeks
well over 8 years...
roll the clock forward 16 years since there have been other changes
deserving of a bump, but never happened..
Submitted by: feld
Obtained from: 1 week
This targets the existing ARMv6 and ARMv7 SoCs that contain a VFP unit.
This is an optional coprocessors may not be present in all devices, however
it appears to be in all current SoCs we support.
armv6hf targets the VFP variant of the ARM EABI and our copy of gcc is too
old to support this. Because of this there are a number of WITH/WITHOUT
options that are unsupported and must be left as the default value. The
options and their required value are:
* WITH_ARM_EABI
* WITHOUT_GCC
* WITHOUT_GNUCXX
In addition, without an external toolchain, the following need to be left
as their default:
* WITH_CLANG
* WITH_CLANG_IS_CC
As there is a different method of passing float and double values to
functions the ABI is incompatible with existing armv6 binaries. To use
this a full rebuild of world is required. Because no floating point values
are passed into the kernel an armv6 kernel with VFP enabled will work with
an armv6hf userland and vice versa.
Note that these tests are for fmake, not bmake, and thus they are not
installed nor run when bmake is selected (the default). Yes, I have
wasted a *ton* of time on moving tests for no real reason other than
ensuring they are not left behind.
But maybe, just maybe, it was not work in vain: the majority of these
tests also work with bmake and the few that don't may point at broken
stuff. For example, the tests for the "archive" feature do not work
with bmake, but bmake's manpage and source tree seem to imply that they
should. So... to be investigated later; need to poke sjg@.
- Retire long time unused (basically always unused) sys__umtx_lock()
and sys__umtx_unlock() syscalls
- struct umtx and their supporting definitions
- UMUTEX_ERROR_CHECK flag
- Retire UMTX_OP_LOCK/UMTX_OP_UNLOCK from _umtx_op() syscall
__FreeBSD_version is not bumped yet because it is expected that further
breakages to the umtx interface will follow up in the next days.
However there will be a final bump when necessary.
Sponsored by: EMC / Isilon storage division
Reviewed by: jhb
I'm starting with the easy cases. The leftovers need to be looked at a
bit more closely.
Note that this change _does_ modify the code of the old tests. This is
required in order to allow the code to locate the data files in the
source directory instead of the current directory, because Kyua
automatically changes the latter to a temporary directory.
Also note that at least one test is known to be broken here. Actually,
the test is not really broken: it's marked as a TODO but unfortunately
Kyua's TAP parser currently does not understand that. Will have to be
fixed separately.
This change was originally going to only migrate the usr.sbin tests but, as
it turns out, the usr.sbin/sa/ tests require files from usr.bin/lastcomm/
so it's better to just also migrate the latter at the same time. The other
usr.bin tests will be moved separately.
To make these tests work within the test suite, some of them have required
changes to prevent modifying the source directory and instead just rely on
the current directory for file manipulation.
copied to userspace. Failing to do this would result in entries at the bottom
of the ktrdump output to be more recent than entries at the top.
With this change the timestamps are monotonically decreasing going from the
top to the bottom of the ktrdump output.
KTR buffer.
This happens when 'i' tries to wrap around from 0 to 'entries - 1'. Since 'i'
is a signed integer the modulo operation actually returns a negative number.
Fix this by computing the next index to use "by hand" instead of relying
on the modulo operator.
Change {atf,plain,tap}.test.mk to be internal implementation details of
bsd.test.mk. Makefiles that build tests should now only include bsd.test.mk
and declaratively specify what they want to build, without worrying about
the internal implementation of the mk files.
The reason for this change is to permit building test programs of different
interfaces from a single directory, which is something I had a need for
while porting tests over from src/tools/regression/.
Additionally, this change makes it possible to perform some other requested
changes to bsd.test.mk in an easier manner. Coming soon.
AppleTalk was a network transport protocol for Apple Macintosh devices
in 80s and then 90s. Starting with Mac OS X in 2000 the AppleTalk was
a legacy protocol and primary networking protocol is TCP/IP. The last
Mac OS X release to support AppleTalk happened in 2009. The same year
routing equipment vendors (namely Cisco) end their support.
Thus, AppleTalk won't be supported in FreeBSD 11.0-RELEASE.
IPX was a network transport protocol in Novell's NetWare network operating
system from late 80s and then 90s. The NetWare itself switched to TCP/IP
as default transport in 1998. Later, in this century the Novell Open
Enterprise Server became successor of Novell NetWare. The last release
that claimed to still support IPX was OES 2 in 2007. Routing equipment
vendors (e.g. Cisco) discontinued support for IPX in 2011.
Thus, IPX won't be supported in FreeBSD 11.0-RELEASE.
interface, in the r241616 a crutch was provided. It didn't work well, and
finally we decided that it is time to break ABI and simply make if_baudrate
a 64-bit value. Meanwhile, the entire struct if_data was reviewed.
o Remove the if_baudrate_pf crutch.
o Make all fields of struct if_data fixed machine independent size. The
notion of data (packet counters, etc) are by no means MD. And it is a
bug that on amd64 we've got a 64-bit counters, while on i386 32-bit,
which at modern speeds overflow within a second.
This also removes quite a lot of COMPAT_FREEBSD32 code.
o Give 16 bit for the ifi_datalen field. This field was provided to
make future changes to if_data less ABI breaking. Unfortunately the
8 bit size of it had effectively limited sizeof if_data to 256 bytes.
o Give 32 bits to ifi_mtu and ifi_metric.
o Give 64 bits to the rest of fields, since they are counters.
__FreeBSD_version bumped.
Discussed with: emax
Sponsored by: Netflix
Sponsored by: Nginx, Inc.
- Use counter(9) for rt_pksent (former rt_rmx.rmx_pksent). This
removes another cache trashing ++ from packet forwarding path.
- Create zini/fini methods for the rtentry UMA zone. Via initialize
mutex and counter in them.
- Fix reporting of rmx_pksent to routing socket.
- Fix netstat(1) to report "Use" both in kvm(3) and sysctl(3) mode.
The change is mostly targeted for stable/10 merge. For head,
rt_pksent is expected to just disappear.
Discussed with: melifaro
Sponsored by: Netflix
Sponsored by: Nginx, Inc.
In certain situations when creating an authorized_key file on a Linux machine
restorecon(1) may need to be called. Therefore, attempt to run it if it exists.
MFC After: 1 week
Idea from: https://bugzilla.redhat.com/show_bug.cgi?id=739989
To help avoid confusion: when attempting to send a key file check to see if a
file of the same name exists with a '.pub' suffix and send that instead. This
mimics the behavior of other ssh-copy-id scripts.
Add -v passthrough.
Reported by: dweimer <dweimer@dweimer.net>
Reported by: feld
MFC After: 1 week
Highlights include (upstream revs in parens):
- Improvements to the remote GDB protocol client
(r196610, r197579, r197857, r200072, and others)
- Bug fixes for big-endian targets
(r196808)
- Initial support for libdispatch (GCD) queues in the debuggee
(r197190)
- Add "step-avoid-libraries" setting
(r199943)
- IO subsystem improvements (including initial work on a curses gui)
(r200263)
- Support hardware watchpoints on FreeBSD
(r201706)
- Improved unwinding through hand-written assembly functions
(r201839)
- Handle DW_TAG_unspecified_parameters for variadic functions
(r202061)
- Fix Ctrl+C interrupting a running inferior process
(r202086, r202154)
- Various bug fixes for memory leaks, LLDB segfaults, the C++ demangler,
ELF core files, DWARF debug info, and others.
Sponsored by: DARPA, AFRL
is no iSER support in ctld and/or kernel; should the user make that mistake,
the output from "iscsictl -L" is enough to determine what the problem is.
Sponsored by: The FreeBSD Foundation
items), so it is more obvious that we aren't going to indirect through
a NULL pointer.
PR: 144723
Submitted by: Garrett Cooper <yaneurabeya at gmail.com>
Obtained from: NetBSD r1.19
MFC after: 2 weeks
Highlights:
* Security fix for apache server plugin that we don't build or use
* sqlite performance improvements.
* bug fixes for edge cases and some other less common operations.
This commit largely restores the lldb source to the upstream r196259
snapshot with the addition of threaded inferior support and a few bug
fixes.
Specific upstream lldb revisions restored include:
SVN git
181387 779e6ac
181703 7bef4e2
182099 b31044e
182650 f2dcf35
182683 0d91b80
183862 15c1774
183929 99447a6
184177 0b2934b
184948 4dc3761
184954 007e7bc
186990 eebd175
Sponsored by: DARPA, AFRL
When the user supplies an invalid number of days provide a useful error message
instead of segfaulting.
PR: bin/186697
Reported by: kaltheat <kaltheat@gmail.com>
Submitted by: oliver <oliver@beefrankly.org> (older version)
all of the features in the current working draft of the upcoming C++
standard, provisionally named C++1y.
The code generator's performance is greatly increased, and the loop
auto-vectorizer is now enabled at -Os and -O2 in addition to -O3. The
PowerPC backend has made several major improvements to code generation
quality and compile time, and the X86, SPARC, ARM32, Aarch64 and SystemZ
backends have all seen major feature work.
Release notes for llvm and clang can be found here:
<http://llvm.org/releases/3.4/docs/ReleaseNotes.html>
<http://llvm.org/releases/3.4/tools/clang/docs/ReleaseNotes.html>
MFC after: 1 month
- Note that kernel options are required
- Shift parameters around in SYNOPSIS to make it more clear that there are
different modes
- For all literal symbols such as 'process' or 'loginclass' or 'wallclock',
etc, make them into bold symbols with .Sy
- For each subject:subject-id:etc: use .Em to underline to make it more clear
they relate to the rule syntax
- Document how devd(8) support works
- Move RSS warning to BUGS and replace RSS with 'memoryuse' since 'RSS' is not
defined in the manpage
- Add more examples around listing existing rules
- Make rule syntax into a list to improve readability
- Add a list of subjects and their corresponding subject-id same as
RESOURCES/ACTIONS have lists
- Note that rctl(8) takes affect on all current and future processes
- Note that amount can take human numbers
- Add reference to login.conf(5) in few places login class is mentioned
Reviewed by: trasz
Approved by: bapt (mentor)
MFC after: 1 week
patch supplied by Allan Jude <freebsd@allanjude.com>. Add xref to
pam_passwdqc(8), where that testing is now done.
PR: docs/184482
Submitted by: Ryan Gerstenkorn <ryan_gerstenkorn@fastmail.fm>
Reviewed by: jilles, eadler
MFC after: 3 days
insert flow entry. During the route lookup the critical section is
exited. It may happen, that after route lookup we will be executed
on an other CPU that already has such flowentry. Before this change
we simply freed the flowentry and returned to ip_output() with
failure.
Actually there is nothing wrong with using previously allocated
flow entry, updating it properly. Thus, make flowentry_insert()
return the new either old fle, and make use of it.
Count reuses as "collisions" and real inserts as "inserts".
Reviewed by: adrian
Sponsored by: Netflix
Sponsored by: Nginx, Inc.
Some of the collisions that are occuring are due to flowtable lookups
that succeed but have an invalid lle - typically because the L2 adjacency
lookup hasn't completed. This would lead to a follow-up insert which
would then fail (ie, collision) and the code would fall through to doing
a slow-path L2/L3 lookup in the netinet/netinet6 code.
This patch simply aborts storing a new flowtable entry if the lle isn't
yet valid.
Whilst I'm here, add a new pcpu counter for the item so the number of
failures can be tracked separately from generic "collisions."
Reviewed by: glebius
MFC after: 10 days
Sponsored by: Netflix, Inc.
- ip_output() and ip_output6() simply call flowtable_lookup(),
passing mbuf and address family. That's the only code under
#ifdef FLOWTABLE in the protocols code now.
o Revamp statistics gathering and export.
- Remove hand made pcpu stats, and utilize counter(9).
- Snapshot of statistics is available via 'netstat -rs'.
- All sysctls are moved into net.flowtable namespace, since
spreading them over net.inet isn't correct.
o Properly separate at compile time INET and INET6 parts.
o General cleanup.
- Remove chain of multiple flowtables. We simply have one for
IPv4 and one for IPv6.
- Flowtables are allocated in flowtable.c, symbols are static.
- With proper argument to SYSINIT() we no longer need flowtable_ready.
- Hash salt doesn't need to be per-VNET.
- Removed rudimentary debugging, which use quite useless in dtrace era.
The runtime behavior of flowtable shouldn't be changed by this commit.
Sponsored by: Netflix
Sponsored by: Nginx, Inc.
report the actual number of RPCs issued, not the theoretical number
that would be issued if all caching was disabled.
Reviewed by: rmacklem
MFC after: 2 weeks
commit c1acf022c533c5ae27e0cd556977eafe3f5959eb
Author: Brooks Davis <brooks@one-eyed-alien.net>
Date: Fri Jan 17 21:46:44 2014 +0000
Add an option WITHOUT_NCURSESW to suppress building and linking to
libncursesw. While wide character support it useful we'd like to
only need one ncurses library on embedded systems.
MFC after: 4 weeks
Sponsored by: DARPA, AFRL
propagate the buffer size to libc, which uses a 1 kB buffer by default,
negating any hypothetical benefit of increasing fetch(1)'s buffer size.
MFC after: 3 days
This avoids leaving stale entries in utmpx after the connection is closed on
an open login session. It also allows a clean way (SIGTERM) to forcibly
terminate a user's terminal session.
This does not affect the situation for "hung" processes after the connection
is closed. The foreground process group receives SIGHUP and the tty becomes
inaccessible.
Also replace all use of the obsolete signal() function with sigaction() (not
only the part where it is actually required: SIGHUP and SIGTERM must mask
the other as well when caught).
PR: misc/183495
Reviewed by: ed
killall confusing killall -INT with killall -I (interactive
confirmation) which resulted in the wrong signal (TERM)
being delivered to the process(s).
Discussed with: delphij
MFC after: 2 weeks
Do this by generating misc_helpers explicitly, without using the
ATF_TESTS_SH functionality.
While this script is technically an atf-sh test program, it is not intended
to be run as a test and therefore it mustn't end up in the Kyuafile. Using
ATF_TESTS_SH means that misc_helpers ended up registered in the Kyuafile
and then failed to run as a test.
The alternative would be to supply an explicit Kyuafile from this directory
that lists the known test files, but doing it the way described above will
be easier to maintain.
MFC after: 3 days
These files are required to get packages in ports to build against atf and
also to get a couple of currently-failing tests to pass.
I'm following the approach already used by the libusb pkg-config files
installed by the system regarding the location and the install rules.
MFC after: 5 days
fts(3) detects directories even in FTS_NOSTAT mode (so it can descend into
them).
No functional change is intended, but find commands that use -type d but no
primaries that still require stat/lstat calls make considerably fewer system
calls.
* Do not match symlinks that are followed because of -H or -L. This is
explicitly documented in GNU find's info file and is like -type l.
* Fix matching symlinks in subdirectories when fts changes directories.
Also, avoid some readlink() calls on files that are obviously not symlinks
(because of fts(3) restrictions, not all of them).
MFC after: 1 week
The code did not take into account that readlink() does not add a
terminating '\0', and therefore did not work reliably.
As before, symlinks of length PATH_MAX or more are not handled correctly.
(These can only be created on other operating systems.)
PR: bin/185393
Submitted by: Ben Reser (original version)
MFC after: 1 week
clang-specific or gcc-specific flags, introduce the following new
variables for use in Makefiles:
CFLAGS.clang
CFLAGS.gcc
CXXFLAGS.clang
CXXFLAGS.gcc
In bsd.sys.mk, these get appended to the regular CFLAGS or CXXFLAGS for
the right compiler.
MFC after: 1 week
necessary symbols needed per subsystem. Main kvm(3) init is now delayed
as much as possbile. This finally fixes performance issues reported in
kern/167204.
Some non-working code (ng_socket.ko symbol addresses calculation) removed.
Some global variables eliminated.
PR: kern/167204
MFC after: 4 weeks
to casperd, but we cannot access the service we need we exit with an error.
This should not happen and just indicates some configuration error which
should be fixed, so we force the user to do it by failing.
Discussed with: emaste
instead of peeking inside in-kernel radix via kget.
This permits us to change kernel structures without breaking userland.
Additionally, this change provide more reliable and faster output.
`Refs` and `Use` fields available in IPv4 by default (and via -W
for other families) were removed. `Refs` is radix-specific thing
which is not informative for users. `Use` field value is handy sometimes,
but a) current API does not support it and b) I'm not sure we will
support per-rte pcpu counters in near future.
Old method of retrieving data is still supported (either by defining
NewTree=0 or running netstat with -A). However, Refs/Use fields are
hidden.
Sponsored by: Yandex LLC
MFC after: 4 weeks
PR: kern/167204
is given to convert uids and gids to user names and group names even when
running in capability mode sandbox.
While here log on stderr when we successfully enter the sandbox.
Sponsored by: The FreeBSD Foundation
Prior to the addition of cpp support into calendar itself
#include </usr/share/calendar/calendar.all>
was a legal construction in a calendar file.
Permit this again
intentionally undocumented and its only purpose is that
we do not bail out when used as a drop-in replacement of
a different implementation.
PR: docs/184550
MFC after: 2 weeks
set up a pipe and allow a jr user to watch what I'm doing
by running 'script -F pipefile' on it.
While here, spell out the month in the .Dd tag like other
manual pages.
contrib/byacc/makefile.in ("add YYPATCH here so it can be tested by
applications") so that applications have a hope of detecting newer
FreeBSD YACC output from an older one.
Submitted by: Juniper Networks
a very hard time to fully understand) with much more intuitive rights:
CAP_EVENT - when set on descriptor, the descriptor can be monitored
with syscalls like select(2), poll(2), kevent(2).
CAP_KQUEUE_EVENT - When set on a kqueue descriptor, the kevent(2)
syscall can be called on this kqueue to with the eventlist
argument set to non-NULL value; in other words the given
kqueue descriptor can be used to monitor other descriptors.
CAP_KQUEUE_CHANGE - When set on a kqueue descriptor, the kevent(2)
syscall can be called on this kqueue to with the changelist
argument set to non-NULL value; in other words it allows to
modify events monitored with the given kqueue descriptor.
Add alias CAP_KQUEUE, which allows for both CAP_KQUEUE_EVENT and
CAP_KQUEUE_CHANGE.
Add backward compatibility define CAP_POLL_EVENT which is equal to CAP_EVENT.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
'Sponsored by:' in the FreeBSD commit template.
Support for this has already existed ^/head/contrib/subversion
but it was not enabled in usr.bin/svn/svn/Makefile.
To use the pre-populated 'Sponsored by:' entry, set ORGANIZATION
in make.conf(5), for example:
ORGANIZATION= "The FreeBSD Foundation"
Reviewed by: peter
Sponsored by: The FreeBSD Foundation
There is no reason to keep the two knobs separate: if tests are
enabled, the ATF libraries are required; and if tests are disabled,
the ATF libraries are not necessary. Keeping the two just serves
to complicate the build.
Reviewed by: freebsd-testing
Approved by: rpaulo (mentor)
KERN_PROC_PID to obtain the parent process pathname and command, used
to determine the calling shell.
Submitted by: Stefan Neudorf
PR: bin/183484
MFC after: 1 week
Instead, change arguments of internal function digest_update() to accept
signed char arguments.
Remove MAP_FAILED fallback definition and casts of MAP_FAILED.
Thanks to bde@ for looking over this and doing the code analysis.
in order to be consistent with iSCSI terminology. Besides, calling the
option '-h' was just wrong.
This changes usage for newly added iscsictl(8), and two newly added
subcommands to ctladm(8). This breaks POLA between CURRENT and 10,
but since 10.0 has not been released yet, it's still ok to do.
MFC after: 3 days
Discussed with: re (glebius)
Sponsored by: FreeBSD Foundation
user. Kqueue now saves the ucred of the allocating thread, to
correctly decrement the counter on close.
Under some specific and not real-world use scenario for kqueue, it is
possible for the kqueues to consume memory proportional to the square
of the number of the filedescriptors available to the process. Limit
allows administrator to prevent the abuse.
This is kernel-mode side of the change, with the user-mode enabling
commit following.
Reported and tested by: pho
Discussed with: jmg
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
This was not broken on architectures such as ARM where char is unsigned.
Also, remove the first non-portable character from the output. POSIX does
not require this, and printing the first byte may yield an invalid byte
sequence with UTF-8.
PR: bin/165988
Reported by: Nicolas Rachinsky
Things like Makefile.inc1 resort to parsing /usr/include/osreldate.h with
awk because this isn't easily available by other means. The separation
of user and kernel versions is important for jail/chroot environments.
libkvm digging in kernel memory. This is possible since r231506 made
getifaddrs(3) to supply if_data for each ifaddr.
The pros of this change is that now netstat(1) doesn't know about kernel
struct ifnet and struct ifaddr. And these structs are about to change
significantly in head soon. New netstat binary will work well with 10.0
and any future kernel.
The cons is that now it isn't possible to obtain interface statistics
from a vmcore.
Functions intpr() and sidewaysintpr() were rewritten from scratch.
The output of netstat(1) has underwent the following changes:
1) The MTU is not printed for protocol addresses, since it has no notion.
Dash is printed instead. If there would be a strong desire to return
previous output, it is doable.
2) Output interface queue drops are not printed. Currently this data isn't
available to userland via any API. We plan to drop 'struct ifqueue' from
'struct ifnet' very soon, so old kvm(3) access to queue drops is soon
to be broken, too. The plan is that drivers would handle their queues
theirselves and a new field in if_data would be updated in case of drops.
3) In-kernel reference count for multicast addresses isn't printed. I doubt
that anyone used it. Anyway, netstat(1) is sysadmin tool, not kernel
debugger.
Sponsored by: Netflix
Sponsored by: Nginx, Inc.
architectures where they are known not to work. For SVN itself, use
the least common denominator and disable them across the board. This
allows svnlite to build and run on all FreeBSD architectures.
Approved by: re (gjb)
- prince Johan Friso passed away in 2013
- correct status of queen Maxima and crown princess Catharina-Amalia
- language fixes
Approved by: remko (mentor)
Approved by: re (gjb)
MFC after: 3 days
- Ask only once for "Apply anyway". [1]
- Tell user what file have failed patch rather than just how
many hunks failed.
Reported by: jmg via pfg [1]
Tested by: pfg [1]
Approved by: re (gjb)
This connects LLDB to the build, but it is disabled by default. Add
WITH_LLDB= to src.conf to build it.
Note that LLDB requires a C++11 compiler so is disabled on platforms
using GCC.
Approved by: re (gjb)
Sponsored by: DARPA, AFRL
exhausted.
- Add a new protect(1) command that can be used to set or revoke protection
from arbitrary processes. Similar to ktrace it can apply a change to all
existing descendants of a process as well as future descendants.
- Add a new procctl(2) system call that provides a generic interface for
control operations on processes (as opposed to the debugger-specific
operations provided by ptrace(2)). procctl(2) uses a combination of
idtype_t and an id to identify the set of processes on which to operate
similar to wait6().
- Add a PROC_SPROTECT control operation to manage the protection status
of a set of processes. MADV_PROTECT still works for backwards
compatability.
- Add a p_flag2 to struct proc (and a corresponding ki_flag2 to kinfo_proc)
the first bit of which is used to track if P_PROTECT should be inherited
by new child processes.
Reviewed by: kib, jilles (earlier version)
Approved by: re (delphij)
MFC after: 1 month
Otherwise, you would get errors similar to:
$ svn co svn://svn.freebsd.org/base/head test
A test/lib
A test/lib/libutil
svn: E200014: Checksum mismatch for
'/home/dim/test/lib/libutil/kinfo_getproc.3':
expected: 0882097a545210d88edff8f63b328602
actual: b378eb08a0f4d4c97c513c4b17207f59
Approved by: re (gjb, marius)
- Don't treat an options argument of 0 to wait4() as an error in
kdump.
- Decode the wait options passed to wait4() and wait6() in truss
and decode the returned rusage and exit status.
Approved by: re (kib)
MFC after: 1 week
an address in the first 2GB of the process's address space. This flag should
have the same semantics as the same flag on Linux.
To facilitate this, add a new parameter to vm_map_find() that specifies an
optional maximum virtual address. While here, fix several callers of
vm_map_find() to use a VMFS_* constant for the findspace argument instead of
TRUE and FALSE.
Reviewed by: alc
Approved by: re (kib)
in the future in a backward compatible (API and ABI) way.
The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.
The structure definition looks like this:
struct cap_rights {
uint64_t cr_rights[CAP_RIGHTS_VERSION + 2];
};
The initial CAP_RIGHTS_VERSION is 0.
The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.
The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.
To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.
#define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL)
We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:
#define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL)
#define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL)
#define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP)
There is new API to manage the new cap_rights_t structure:
cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
void cap_rights_set(cap_rights_t *rights, ...);
void cap_rights_clear(cap_rights_t *rights, ...);
bool cap_rights_is_set(const cap_rights_t *rights, ...);
bool cap_rights_is_valid(const cap_rights_t *rights);
void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);
Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:
cap_rights_t rights;
cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);
There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:
#define cap_rights_set(rights, ...) \
__cap_rights_set((rights), __VA_ARGS__, 0ULL)
void __cap_rights_set(cap_rights_t *rights, ...);
Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:
cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);
Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.
This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.
Sponsored by: The FreeBSD Foundation
As promised, drop the option to make the older GNU patch
the default.
GNU patch is still being built but something drastic may
happen to it to it before Release.
Notable new features:
* Elliptic Curve Digital Signature Algorithm keys and signatures in
DNSSEC are now supported per RFC 6605. [RT #21918]
* Introduces a new tool "dnssec-verify" that validates a signed zone,
checking for the correctness of signatures and NSEC/NSEC3 chains.
[RT #23673]
* BIND now recognizes the TLSA resource record type, created to
support IETF DANE (DNS-based Authentication of Named Entities)
[RT #28989]
* The new "inline-signing" option, in combination with the
"auto-dnssec" option that was introduced in BIND 9.7, allows
named to sign zones completely transparently.
Approved by: delphij (mentor)
MFC after: 3 days
Sponsored by: DK Hostmaster A/S
address alignment of mappings.
- MAP_ALIGNED(n) requests a mapping aligned on a boundary of (1 << n).
Requests for n >= number of bits in a pointer or less than the size of
a page fail with EINVAL. This matches the API provided by NetBSD.
- MAP_ALIGNED_SUPER is a special case of MAP_ALIGNED. It can be used
to optimize the chances of using large pages. By default it will align
the mapping on a large page boundary (the system is free to choose any
large page size to align to that seems best for the mapping request).
However, if the object being mapped is already using large pages, then
it will align the virtual mapping to match the existing large pages in
the object instead.
- Internally, VMFS_ALIGNED_SPACE is now renamed to VMFS_SUPER_SPACE, and
VMFS_ALIGNED_SPACE(n) is repurposed for specifying a specific alignment.
MAP_ALIGNED(n) maps to using VMFS_ALIGNED_SPACE(n), while
MAP_ALIGNED_SUPER maps to VMFS_SUPER_SPACE.
- mmap() of a device object now uses VMFS_OPTIMAL_SPACE rather than
explicitly using VMFS_SUPER_SPACE. All device objects are forced to
use a specific color on creation, so VMFS_OPTIMAL_SPACE is effectively
equivalent.
Reviewed by: alc
MFC after: 1 month
This is the gsoc-2011 project to clean up and backport multibyte support
from other nvi forks in a form we can use.
USE_WIDECHAR is on unless building for the rescue crunchgen. This should
allow editing in the native locale encoding.
USE_ICONV depends on make.conf having 'WITH_ICONV=YES' for now. This
adds the ability to do things like edit a KOI8-R file while having $LANG
set to (say) en_US.UTF-8. iconv is used to transcode the characters for
display.
Other points:
* It uses gencat and catopen/etc instead of homegrown msg catalog stuff.
* A lot of stuff has been trimmed out, eg: the perl and tcl bindings which
we could never use in base anyway.
* It uses ncursesw when in widechar mode. This could be interesting.
GSoC info: http://www.google-melange.com/gsoc/proposal/review/google/gsoc2011/zy/1
Repo at: https://github.com/lichray/nvi2
Obtained from: Zhihao Yuan <lichray@gmail.com>
Formerly, a command like find dir1/dir2 -delete would delete everything
under dir1/dir2 but not dir1/dir2 itself.
When -L is not specified and "." can be opened, the fts(3) code underlying
find(1) is careful to avoid following symlinks or being dropped in different
locations by moving the directory fts is currently traversing. If a
problematic concurrent modification is detected, fts will not enter the
directory or abort. Files found in the search are returned via the current
working directory and a pathname not containing a slash.
For paranoia, find(1) verifies this when -delete is used. However, it is too
paranoid about the root of the traversal. It is already assumed that the
initial pathname does not refer to directories or symlinks that might be
replaced by untrusted users; otherwise, the whole traversal would be unsafe.
Therefore, it is not necessary to do the check for fts_level ==
FTS_ROOTLEVEL.
Deleting the pathnames given as arguments can be prevented without error
messages using -mindepth 1 or by changing directory and passing "." as
argument to find. This works in the old as well as the new version of find.
Tested by: Kurt Lidl
Reviewed by: jhb
components: apr-1.4.6 -> 1.4.8 and apr-util-1.4.1 -> 1.5.2.
This is a post point-zero bug-fix / fix-sharp-edges release, including
some workarounds for UTF-8 for people who haven't yet turned on WITH_ICONV.
The BSD-licensed patch(1) command has matured and it's behaviour
can be considered equivalent to the older version of GNU patch
in the tree.
The switch has been extensively tested [1] and only two ports
presented regressions, which have since been fixed.
For convenience a new WITH_GNU_PATCH option is available,
but it will likely be removed in the near future.
PR: 176313
Approved by: portmgr
structure is used, but they already have equal fields in the struct
newipsecstat, that was introduced with FAST_IPSEC and then was merged
together with old ipsecstat structure.
This fixes kernel stack overflow on some architectures after migration
ipsecstat to PCPU counters.
Reported by: Taku YAMAMOTO, Maciej Milewski
Properly handle input lines containing NUL characters such that pgets()
accurately fills the read buffer.
Callers of pgets() still mis-process the buffer contents if the read line
contains NUL characters, but this at least makes pgets() accurate.
Make it so that 'patch < FUBAR' and 'patch -i FUBAR' operate the same.
The former makes a copy of stdin, but was not accurately putting the
content of stdin into a temp file. This lead to the undercounting
the number of lines in hunks containing NUL characters when reading
from stdin. Thus resulting in "unexpected end of file in patch" errors.
- Reconnect with some minor modifications, in particular now selsocket()
internals are adapted to use sbintime units after recent'ish calloutng
switch.
In BSD, fgetln() available in libc but in Illumos the Solaris port had to
include it internally. It also seems to have caused problems [1].
Aid portability by using getline() instead.
Reference:
https://www.illumos.org/issues/3820 [1]
Submitted by: Johann 'Myrkraverk' Oskarsson <johann@myrkraverk.com>
Reviewed by: dds
MFC after: 2 weeks
This is actually a fully functional build except:
* All internal shared libraries are static linked to make sure there
is no interference with ports (and to reduce build time).
* It does not have the python/perl/etc plugin or API support.
* By default, it installs as "svnlite" rather than "svn".
* If WITH_SVN added in make.conf, you get "svn".
* If WITHOUT_SVNLITE is in make.conf, this is completely disabled.
To be absolutely clear, this is not intended for any use other than
checking out freebsd source and committing, like we once did with cvs.
It should be usable for small scale local repositories that don't
need the python/perl plugin architecture.
This checks that every node that has children specifies their register sizes.
This is not enabled by default, as the default sizes are sometimes required
(including by some DTS in the tree), but can help when writing new device
trees so that you can check that you actually meant the defaults.
Explicitly use GNU cpp for preprocessing.
Remove explicit debugging code.
Change some variable names to be less confusing.
Improve some comments.
Improve indentation.
PR: 162211
168785
MFC after: 2 weeks
to 999.99% CPU. It still won't be aligned if you have a multithreaded
process using more than 1000% CPU (e.g. idle process on an idle 12-way
system), but 100% is a common case.
Submitted by: Jeremy Chadwick (partial)
MFC after: 1 week
sockaddr_in6 structures. getnameinfo(3) does the same thing, but it is
also able to represent a scope zone id as described in the RFC 4007.
MFC after: 2 weeks
The option tells kdump to convert numeric UIDs and GIDs into user and
group names plus to convert times and dates into locallized versions.
This all needs opening various files at various occasions.
Make use of Capsicum to protect kdump(1), as it might be used to parse data
from untrusted sources:
- Sandbox kdump(1) using capability mode.
- Limit stdin descriptor (where opened file is moved to) to only
CAP_READ and CAP_FSTAT rights.
- Limit stdout descriptor to only CAP_WRITE, CAP_FSTAT and CAP_IOCTL.
Plus limit allowed ioctls to TIOCGETA only, which is needed for
isatty() to work.
- Limit stderr descriptor to only CAP_WRITE and CAP_FSTAT. In addition
if the -s option is not given, grant CAP_IOCTL right, but allow for
TIOCGWINSZ ioctl only, as we need screen width to dump the data.
- Before entering capability mode call catopen("libc", NL_CAT_LOCALE),
which opens message catalogs and caches data, so that strerror(3)
and strsignal(3) can work in a sandbox.
Sponsored by: The FreeBSD Foundation
Discussed with: rwatson
Rearrange the code so we don't call ioctl(TIOCGWINSZ) if the -s option is given,
as the result won't be used then.
Sponsored by: The FreeBSD Foundation
fclose() being skipped. Fix this by using boolean "&" and "|" instead of
short-cut operators "&&" and "||".
While here, increment the last part of the version string. The reason is
the fixed output file selection logic in pch.c, which was committed as
r250943, yesterday.
Reviewed by: pfg
Instead of using the file with the least order of path name components,
shortest filename and finally the shortest basename (with the search
stopping as soon as one of these conditions is true), the first filename
checked was used as the reference, and another filename was only selected
if all of the above comparisons are in favour of the latter file.
This was wrong, because filenames with path less components were only
considered, if both of the other conditions were true as well. In fact,
the first filename to be checked had good chances to be selected in the
end, since it only needed to be better with regard to any one of the
three criteria ...
Reviewed by: delphij@freebsd.org
Alexander Botero-Lowry
Born June 2, 1986 in Austin, Texas
Died August 24, 2012 in San Francisco, California
Thank you for your contributions, you will be
greatly missed.
kernel-based POSIX semaphore descriptors to userland via procstat(1) and
fstat(1):
- Change sem file descriptors to track the pathname they are associated
with and add a ksem_info() method to copy the path out to a
caller-supplied buffer.
- Use the fo_stat() method of shared memory objects and ksem_info() to
export the path, mode, and value of a semaphore via struct kinfo_file.
- Add a struct semstat to the libprocstat(3) interface along with a
procstat_get_sem_info() to export the mode and value of a semaphore.
- Teach fstat about semaphores and to display their path, mode, and value.
MFC after: 2 weeks
Alexander de nieuwe koning. Koningsdag is op 27 April.
On 30 April 2013 queen Beatrix resigned and crownprince Willem
Alexander became the new king. King's day is on 27 April.
MFC after: 1 week
- use const where appropriate
- use static where appropriate
- use explicit checks checks for error conditions
Reviewed by: sbruno
Approved by: cperciva (mentor)
Obtained by: DragonFlyBSD
info from a process core file.
So now one can run procstat(1) on a process core e.g. to get a list of
files opened by a process when it crashed:
root@lisa:/ # procstat -f /root/vi.core
PID COMM FD T V FLAGS REF OFFSET PRO NAME
658 vi text v r r-------- - - - /usr/bin/vi
658 vi ctty v c rw------- - - - /dev/pts/0
658 vi cwd v d r-------- - - - /root
658 vi root v d r-------- - - - /
658 vi 0 v c rw------- 11 3208 - /dev/pts/0
658 vi 1 v c rw------- 11 3208 - /dev/pts/0
658 vi 2 v c rw------- 11 3208 - /dev/pts/0
658 vi 3 v r r----n-l- 1 0 - /tmp/vi.0AYKz3Lps7
658 vi 4 v r rw------- 1 0 - /var/tmp/vi.recover/vi.GaGYsz
658 vi 5 v r rw------- 1 0 - -
PR: kern/173723
Suggested by: jhb
MFC after: 1 month
This compiler flag enforces that that people either mark variables
static or use an external declarations for the variable, similar to how
-Wmissing-prototypes works for functions.
Due to the fact that Yacc/Lex generate code that cannot trivially be
changed to not warn because of this (lots of yy* variables), add a
NO_WMISSING_VARIABLE_DECLARATIONS that can be used to turn off this
specific compiler warning.
Announced on: toolchain@
upcoming 3.3 release (branching and freezing expected in a few weeks).
Preliminary release notes can be found at the usual location:
<http://llvm.org/docs/ReleaseNotes.html>
An MFC is planned once the actual 3.3 release is finished.