234871 Commits

Author SHA1 Message Date
Ben Woods
368455ec95 geli init: Allow initialization of multiple geli providers at once if
they use same passphrase and keyfiles.

Unique salt will be randomly generated for each provider to ensure the
Master Key for each is unique.

This change follows on from r335673 and r336602, which allowed multiple
providers to be attached in a single command.

Reviewed by:	asomers
Approved by:	sobomax
Differential Revision:	https://reviews.freebsd.org/D16115
2018-07-23 23:04:43 +00:00
Warner Losh
663472df5a Say a little more about the new protocol.
Requested by: emaste@
2018-07-23 22:15:36 +00:00
Ed Maste
83722abcb6 arch.7: fix whitespace from r336435
Previously armeb's Final Release rendered as 'Ta 11.x'.

Sponsored by:	The FreeBSD Foundation
2018-07-23 21:09:57 +00:00
Warner Losh
b43c6042c3 Finalize the boot manager protocol support for next-stage boot
loading.

If we are booting in a conforming UEFI Boot Manager Environment, then
use the BootCurrent variable to find the BootXXXX we're using. Once we
find that, then if it contains more than one EFI_DEVICE_PATH in its
what to boot section, try to use the last one as the kernel to
load. This will also set the default root partition as well. If
there's only one path, or if there's an error along the way, assume
that nothing specific was specified and revert to the old
algorithm. If something was specified, but not found, then fail the
boot. Otherwise you that, specific thing. On FreeBSD, this can be set
using efibootmgr -l <loader> -k <kernel>. We try a few variations of
kernel to cope with the fact that UEFI comes from a DOS world where
paths might be upper case and/or contain back-slashes.

Note: In an ideal world, we'd work out where we are in chain loading
by looking at the passed-in image handle and doing name
matching. However, that's unreliable since at least boot1.efi booted
images don't have that, hence the assumption that loader.efi needs to
load the last thing on the list, if possible.

The reason we fail for something specific is so that we can fully
participate in the UEFI Boot Manager Protocol and fail over to the
next item in the list of BootOrder choices when something goes wrong
at this stage.

This implements was was talked about in freebsd-arch@ last year
https://docs.freebsd.org/cgi/getmsg.cgi?fetch=3576+0+archive/2017/freebsd-arch/20171022.freebsd-arch
and documented in full (after changed resulting from the discussion) in
https://docs.google.com/document/d/1aK9IqF-60JPEbUeSAUAkYjF2W_8EnmczFs6RqCT90Jg/edit#
although one or two minor details may have been modified in this
implementation to make it work, and the ZFS MEDIA PATH extension isn't
implemented. This does not yet move things to ESP:\efi\freebsd\loader.efi.

RelNotes: Yes
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D16403
2018-07-23 20:36:59 +00:00
Warner Losh
00a47597a3 Implement efiblk_get_pdinfo_by_device_path
Lookup a block device by it's device path. We use a 'loose' lookup
whereby we scan forward to the first Media Path portion of the device
path, then look at all our handles for one whose first Media Path
matches. This will also work if the device path pointed to has a
following file path (or paths) as that's ignored. It assumes that
there's only one media path node that describes the entire device,
which is true as of the latest UEFI spec (2.7 Errata A) as far as I've
been able to determine.

Sponsored by: Netflix
2018-07-23 20:36:54 +00:00
Warner Losh
c6c2a73c0c Implement efi_devpath_length
Return the total length, in bytes, of the device path (including the
terminating node at the end).

Sponsored by: Netflix
2018-07-23 20:36:50 +00:00
Warner Losh
13850b362f Implement efi_devpath_match_node
Returns true if the first node pointed to by devpath1 is identical to
the first node pointed to by devpath2, with care taken to not read
past the end of the valid parts of either devpath1 or
devpath2. Otherwise, returns false.

Sponsored by: Netflix
2018-07-23 20:36:45 +00:00
Warner Losh
3ef81aa0f5 Store the number of handles we get back in efipart_nhandles rather
than the number of bytes. Don't divide by the element size every time
we have to iterate. Eliminate now-unused variables.

Sponsored by: Netflix
2018-07-23 20:36:41 +00:00
Warner Losh
ee4e1d5807 Implement efi_devpath_to_media_path
Takes a generic device path as its input. Scans through it to find the
first media_path node in it and returns a pointer to it. If none is
found, NULL is returned.

Sponsored by: Netflix
2018-07-23 20:36:25 +00:00
Li-Wen Hsu
03154ade2a Use __riscv to determine building for RISC-V
Reviewed by:	br
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D16398
2018-07-23 19:49:54 +00:00
Ed Maste
f84d8f0ce5 arch.7: Clarify architecture-specific macro use
Compilers may define multiple variants of architecture-specific macros
(for example, both __x86_64 and __x86_64__).  Add a note that the macros
documented in arch.7 are the preferred ones for FreeBSD.

Sponsored by:	The FreeBSD Foundation
2018-07-23 19:39:20 +00:00
Warner Losh
da8e85391f Now that we set the busy_detect bit in the bas to support setting it
for the console, set our override in the bas as well.

Tested by: emaste@
2018-07-23 19:27:11 +00:00
John Baldwin
6f77212f27 Support compressed crash dumps in crashinfo(8).
Temporarily decompress a copy of a crash dump compressed with either
gzip or zstd and run various tools against the decompressed copy while
generating the crash information.  The uncompressed copy is deleted when
the script exits.

Note that crashinfo is enabled by default, so this will attempt to
decompress the most recent compressed crash dump after a crash that
generates a compressed crash dump.  Users who wish to only do offline
analysis of compressed crash dumps can disable crashinfo in rc.conf.

Tested by:	ler
Reviewed by:	markj
MFC after:	2 weeks
2018-07-23 18:08:56 +00:00
Ian Lepore
c798532ffa Revert r336619, it appears to cause problems with ssh, and probably other
things which use pw_scan().
2018-07-23 17:26:38 +00:00
Andriy Gapon
dc8240f0da fix incorrect operator in the AUDITPIPE_SET_QLIMIT bounds check
PR:		229983
Submitted by:	Aniket Pandey <aniketp@iitk.ac.in>
Reported by:	Aniket Pandey <aniketp@iitk.ac.in>
MFC after:	1 week
2018-07-23 16:56:49 +00:00
Brad Davis
a9e8c5c4b0 Add the initial DIRS infrastructure for creating directories with the
necessary owner, group, mode and flags.

Approved by:	bapt (mentor)
Differential Revision:	https://reviews.freebsd.org/D16405
2018-07-23 16:11:03 +00:00
Andriy Gapon
2559473944 follow-up to r336635, update TAILQ to CK_SLIST for ie_handlers
arm, mips and sparc64 were affected.
2018-07-23 15:36:55 +00:00
Ian Lepore
d05db9a4ff Revert r336625 until I figure out why it worked with simple testing but
reportedly fails the kyua tests and causes other real-world problems.

Reported by:	cy@ asomers@
2018-07-23 14:58:44 +00:00
Andriy Gapon
111b043cdf change interrupt event's list of handlers from TAILQ to CK_SLIST
The primary reason for this commit is to separate mechanical and nearly
mechanical code changes from an upcoming fix for unsafe teardown of
shared interrupt handlers that have only filters (see D15905).

The technical rationale is that SLIST is sufficient.  The only operation
that gets worse performance -- O(n) instead of O(1) is a removal of a
handler,  but it is not a critical operation and the list is expected to
be rather short.

Additionally, it is easier to reason about SLIST when considering the
concurrent lock-free access to the list from the interrupt context and
the interrupt thread.

CK_SLIST is used because the upcoming change depends on the memory order
provided by CK_SLIST insert and the fact that CL_SLIST remove does not
trash the linkage in a removed element.

While here, I also fixed a couple of whitespace issues, made code under
ifdef notyet compilable, added a lock assertion to ithread_update() and
made intr_event_execute_handlers() static as it had no external callers.

Reviewed by:	cem (earlier version)
MFC after:	4 weeks
Differential Revision: https://reviews.freebsd.org/D16016
2018-07-23 12:51:23 +00:00
Andriy Gapon
725de58112 MFV CK@r336629: Import CK as of commit 1c1f9901c2dea7a883342cd03d3906a1bc482583
This adds CK_SLIST_INSERT_PREVPTR and CK_SLIST_REMOVE_PREVPTR macros
as well as ck_pr_dec_is_zero family of functions.

MFC after:	3 weeks
2018-07-23 11:21:43 +00:00
Ruslan Bukin
8eca6e4855 Fix setjmp for RISC-V:
o The correct value for _JB_SIGMASK is 27.
o The storage size for double-precision floating
  point register is 8 bytes.

Submitted by:	"James Clarke" <jrtc4@cam.ac.uk>
Reviewed by:	markj@
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D16344
2018-07-23 09:54:28 +00:00
Hans Petter Selasky
79449a9a7f Update modify counter when setting a mixer control.
PR:		229969
MFC after:	1 week
2018-07-23 09:16:23 +00:00
Ulrich Spörlein
2dc17d149e Remove duplicated entry 2018-07-23 08:52:57 +00:00
Andriy Gapon
5ffae39d54 Import CK as of commit 1c1f9901c2dea7a883342cd03d3906a1bc482583
This adds CK_SLIST_INSERT_PREVPTR and CK_SLIST_REMOVE_PREVPTR macros
as well as ck_pr_dec_is_zero family of functions.
2018-07-23 07:31:37 +00:00
Eugene Grosbein
804771f553 epair(4): make sure we do not duplicate MAC addresses
in case of reused if_index.

PR:		229957
Tested by:	O. Hartmann <ohartmann@walstatt.org>
Approved by:	avg (mentor)
2018-07-23 07:11:58 +00:00
Warner Losh
afe7cf8749 Fix the attempt to see if we're overriding the console in the command
line args. I had thought console would be NULL, but it's efi. Set it
to efi (as a clue) before we initialize the console, then test it to
see if it changed on the command line to do the automatic
override. This gets my serial console back.
2018-07-23 06:38:48 +00:00
Warner Losh
3b74102205 Older zfs boot blocks don't support symlinks. install the link to
zfsloader as a hard link. While newer ones do, the whole point of the
link was to transition to the new world order smoothly. A hard link is
less flexible, but it works and will result in fewer bumps. Adjust
UPDATING entry to match.
2018-07-23 06:04:05 +00:00
Ian Lepore
1a61d99330 Make pw(8) showuser work the same with or without -R <path> for non-root
users.  Without -R, pw(8) uses getpwnam(3), which will open master.passwd
for the root user or passwd for non-root users.  With -R <path> pw(8) was
always opening <path>/master.passwd, which would fail for a non-root user,
then falsely claim the userid you're trying to show doesn't exist.

Now for a non-root user it opens <path>/passwd and zeroes out the 3 fields
that aren't available in the passwd file, which duplicates the behavior of
getpwnam(3).  The net effect is that the showuser output is identical
whether using -R or not.
2018-07-22 23:41:40 +00:00
Matt Macy
38c0c78e50 fix use of empty in Makefile.ec2
empty() takes a variable name - not the expanded value

Reported by:	sjg
2018-07-22 23:33:48 +00:00
Matt Macy
f30f0f2b47 Add busy detect quirk to list of console options
This change allows one to set the busy_detect flag
required by the synopsys UART at the loader prompt.
This is needed by the EPYC 3000 SoC.

This will give users a working console up to the point where getty is required:
hw.uart.console="mm:0xfedc9000,rs:2,bd:1"

Reviewed by:	imp
MFC after:	4 weeks
Differential Revision:	https://reviews.freebsd.org/D16399
2018-07-22 23:32:21 +00:00
Matt Macy
16bb9a49ad Correctly reference SRCTOP, avoid multiple invocations of svn
Reported by:	sjg
2018-07-22 23:20:24 +00:00
Matt Macy
87faf66318 fix build non-svn checkouts post r336593
The change made in r336593 assumes that the build is happening in a
svn checkout resulting in misleading debug output. Check that we're
actually working in an svn checkout before proceeding to call svn.
2018-07-22 22:57:52 +00:00
Li-Wen Hsu
8407faa1b3 Add udma_barrier definitions for RISC-V
Reviewed by:	kib
Sponsored by:	The FreeBSD Foundation
2018-07-22 22:35:17 +00:00
Ian Lepore
cbc397fd10 Set the pw_class field to NULL when scanning the non-master passwd file.
This avoids a null pointer deref in pw_dup(), which assumes that all
pointers are either NULL or valid.
2018-07-22 22:34:20 +00:00
Alan Somers
75b9becc2c Temporarily disable the sys/acl/00 and sys/acl/02 tests
These tests are failing due to PR 229930.  Unfortunately, TAP tests can't be
marked as expected failures.

PR:		229930
Reported by:	Jenkins
2018-07-22 21:00:11 +00:00
Matt Macy
e5e3e746fe Fix a potential use after free in getsockopt() access to inp_options
Discussed with: jhb
Reviewed by:	sbruno, transport
MFC after:	2 weeks
Sponsored by:	Limelight Networks
Differential Revision:	https://reviews.freebsd.org/D14621
2018-07-22 20:02:14 +00:00
Mark Johnston
84f0fb8a93 Use the right buffer size when calling snprintf().
PR:	229952
2018-07-22 18:31:15 +00:00
Mark Johnston
6984a7b8bb Add a regression test for PR 131876.
PR:		131876
MFC after:	1 week
2018-07-22 18:07:08 +00:00
Alan Somers
6e3b0894a5 auditd(8): Log a better error when no hostname is set in audit_control
Cherry-pick from https://github.com/openbsm/openbsm/commit/01ba03b

Reviewed by:	cem
Obtained from:	OpenBSM
MFC after:	2 weeks
Pull Request:	https://github.com/openbsm/openbsm/pull/38
2018-07-22 18:06:42 +00:00
Marius Strobl
7474544bac Use the maximum of isc_tx_{nsegments,tso_segments_max} for MAX_TX_DESC.
Since r336313, TSO support for LEM-class devices is removed again as it
was before the conversion of {l,}em(4) to iflib(4) in r311849 and as a
result, isc_tx_tso_segments_max is 0 for LEM-class devices now. Thus,
inappropriate watermarks were used for this class.

This is really only a band-aid, though, because so far iflib(9) doesn't
fully take into account that DMA engines can support different maxima
of segments for transfers of TSO and non-TSO packets. For example, the
DESC_RECLAIMABLE macro is based on isc_tx_nsegments while MAX_TX_DESC
used isc_tx_tso_segments_max only. For most in-tree consumers that
doesn't make a difference as the maxima are the same for both kinds of
transfers (that is, apart from the fact that TSO may require up to 2
sentinel descriptors but also not with every MAC supported). However,
isc_tx_nsegments is 8 but isc_tx_tso_segments_max is 85 by default
with ixl(4).
2018-07-22 17:51:11 +00:00
Marius Strobl
8b8d90931d - Given that the controlling expression of the receive loop in iflib_rxeof()
tests for avail > 0, avail can never be 0 within that loop. Thus, move
  decrementing avail and budget_left into the loop and before the code which
  checks for additional descriptors having become available in case all the
  previous ones have been processed but there still is budget left so the
  latter code works as expected. [1]
- In iflib_{busdma_load_mbuf_sg,parse_header}(), remove dead stores to m
  and n respectively. [2, 3]
- In collapse_pkthdr(), ensure that m_next isn't NULL before dereferencing
  it. [4]
- Remove a duplicate assignment of segs in iflib_encap().

Reported by:	Coverity
CID:		1356027 [1], 1356047 [2], 1368205 [3], 1356028 [4]
2018-07-22 17:45:44 +00:00
Marius Strobl
9820d94555 o In em_if_update_admin_status():
- Don't bother calling if_setbaudrate(9) as iflib_link_state_change(9)
    takes care of that,
  - correctly check for E1000_CTRL_EXT_LINK_MODE_GMII in E1000_CTRL_EXT [1],
  - properly convert the uint16_t link_speed to a uint64_t baudrate by
    using IF_Mbps() which contains an appropriate cast [2],
  - remove the duplicate link down announcement when bootverbose isn't
    zero and bring the remaining one in line with the other link state
    messages.
o Remove a dead store to rid in em_if_msix_intr_assign(). [3]
o Or in the DMA coalescing Rx threshold so the other bits set in E1000_DMACR
  remain intact as intended in igb_init_dmac(). [4]

Reported by:	Coverity
CID:		1378464 [1], 1368765 [2], 1381681 [3], 1304929 [4]
2018-07-22 17:40:13 +00:00
Alan Somers
ca2d3691c3 Fix several Coverity warnings in tftp
Some of the changes are in the libexec/tftpd directory, but to functions that
are only used by tftp(1) (they share some code).

* strcpy => strlcpy (1006793, 1006794, 1006796, 1006741)
* Unchecked return value and TOCTTOU (1009314)
* NULL pointer dereference (1018035, 1018036)

Reported by:	Coverity
CID:		1006793, 1006794, 1006796, 1006741, 1009314, 1018035
CID:		1018036
MFC after:	2 weeks
2018-07-22 17:10:12 +00:00
Ian Lepore
9898e6dff2 Alpha-sort the list of user/group IDs to check at install time. 2018-07-22 16:51:11 +00:00
Ian Lepore
fd46d8a8c6 Remove the .if ${MK_FOO} wrappers around the user/group ID checks. These
names are referenced in mtree files without any conditional logic, so the
users/groups must exist even if the corresponding tool(s) are disabled.
2018-07-22 16:42:22 +00:00
Ian Lepore
9a23cbc4d4 Add ntpd to the list of users not allowed to log into ftp. 2018-07-22 16:17:45 +00:00
Alan Somers
3c0fa26534 Fix multiple Coverity warnings in tftpd(8)
* Initialize uninitialized variable (CID 1006502)
* strcpy => strlcpy (CID 1006792, 1006791, 1006790)
* Check function return values (CID 1009442, 1009441, 1009440)
* Delete dead code in receive_packet (not reported by Coverity)
* Remove redundant alarm(3) in receive_packet (not reported by Coverity)

Reported by:	Coverity
CID: 1006502, 1006792, 1006791, 1006790, 1009442, 1009441, 1009440
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D11287
2018-07-22 16:14:30 +00:00
Alan Somers
12395dc9f6 Fix audit of chflagsat, lgetfh, and setfib
These syscalls were always supposed to have been auditted, but due to
oversights never were.

PR:		228374
Reported by:	aniketp
Reviewed by:	aniketp
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D16388
2018-07-22 14:11:52 +00:00
Ganbold Tsagaankhuu
002d00355c dtb/allwinner: Build sun8i-h2-plus-orangepi-r1.dts
We have a u-boot port for this board so add the dtb to the build.
2018-07-22 14:01:49 +00:00
Ben Woods
4b8e4d53fa geli attach: Fix exit codes and errors not being printed after r335673
Now that multiple providers can be attached at once, exit codes and
error messages must be handled correctly if there are failures in on
any of the providers.

Reported by:	asomers (Kyua test failures via continuous integration)
Reviewed by:	asomers
Approved by:	allanjude
Differential Revision:	https://reviews.freebsd.org/D16386
2018-07-22 13:40:52 +00:00