226394 Commits

Author SHA1 Message Date
Conrad Meyer
3cd1f90972 chpass(1): Check crypt(3) return and handle error appropriately
This change is spiritually similar to the earlier r231994.

PR:		222756
Submitted by:	Lubos Boucek <bouceklubos AT gmail.com>
Obtained from:	DragonflyBSD 2020c8fec4168a5020f984a093224fade3074b25
2017-10-04 01:12:26 +00:00
Brooks Davis
5e12225140 Remove an unneeded and incorrect memset().
On Variant I TLS architectures (aarch64, arm, mips, powerpc, and riscv)
the __libc_allocate_tls function allocates thread local storage memory
with calloc(). It then copies initialization data over the portions with
non-zero initial values. Before this change it would then pointlessly
zero the already zeroed remainder of the storage. Unfortunately the
calculation was wrong and it would zero TLS_TCB_SIZE (2*sizeof(void *))
additional bytes.

In practice, this overflow only matters if the TLS segment is sized such
that calloc() allocates a less than TLS_TCB_SIZE extra memory. Even
then, the likely result will be zeroing part of the next bucket. This
coupled with the impact being confined to Tier II platforms means there
will be no security advisory for this issue.

Reviewed by:	kib, dfr
Discussed with:	security-officer (delphij)
MFC after:	1 week
Found by:	CHERI
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D12547
2017-10-03 22:57:19 +00:00
Alan Somers
780dc32b31 Fix copy/paste error in diskinfo.8 from r320555
MFC after:	1 week
Sponsored by:	Spectra Logic Corp
2017-10-03 17:00:01 +00:00
Maxim Konovalov
5a64575e73 o FreeBSD 10.4 happened after 11.1, adjust the branches accordingly.
o The current FreeBSD branch is 12 not 13.

Suggested by:	lidl
2017-10-03 14:23:49 +00:00
Maxim Konovalov
fff2980dad FreeBSD 10.4 release added. 2017-10-03 13:31:22 +00:00
Edward Tomasz Napierala
3cfa7c6e48 Make procstat(1) recognize process descriptors, so that it shows
"P" instead of "?" in "procstat -af" output. Note that there are
still a few more DTYPE_* kinds we don't decode yet.

Reported by:	rwatson
MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D12426
2017-10-03 11:45:24 +00:00
Ruslan Ermilov
a470b2750f Fixed description of msg_name/msg_namelen in recvmsg(). 2017-10-03 11:13:25 +00:00
Conrad Meyer
2c9a33f557 Correct sense of crypt(3) NULL checks in init(8) and lock(1)
In r231994, an attempt was made to fix crypt(3) failure returns (NULL).
However, instead of treating crypt(3) failure as authentication failure,
some of the changes treated crypt(3) failure as authentication success.
This is wrong.

r324225 fixed this for ppp, which also inspired this review.  The other
changes in the 231994 revision were audited for correctness and look ok.

Reviewed by:	jhb
Security:	yes
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D12571
2017-10-03 00:53:11 +00:00
John Baldwin
61d53d8fce Flesh out pathconf() on UDF.
- Return 64 bits for _PC_FILESIZEBITS.
- Handle _PC_SYMLINK_MAX.
- Defer _PC_PATH_MAX to vop_stdpathconf().

Sponsored by:	Chelsio Communications
2017-10-02 23:31:11 +00:00
Gleb Smirnoff
0e229f343f Hide struct socket and struct unpcb from the userland.
Violators may define _WANT_SOCKET and _WANT_UNPCB respectively and
are not guaranteed for stability of the structures.  The violators
list is the the usual one: libprocstat(3) and netstat(1) internally
and lsof in ports.

In struct xunpcb remove the inclusion of kernel structure and add
a bunch of spare fields.  The xsocket already has socket not included,
but add there spares as well.  Embed xsockbuf into xsocket.

Sort declarations in sys/socketvar.h to separate kernel only from
userland available ones.

PR:		221820 (exp-run)
2017-10-02 23:29:56 +00:00
John Baldwin
9d1d1d1900 Return 64 for pathconf(_PC_FILESIZEBITS) on tmpfs.
Sponsored by:	Chelsio Communications
2017-10-02 23:23:12 +00:00
Conrad Meyer
af3b49ef41 ppp(8): Fix various bugs in NOPAM section of auth_CheckPasswd
* pw is not initialized before use
* success is returned if crypt(3) errors

These bugs were introduced in r231994, which attempted to adopt DragonflyBSD
f4a9869feb646aafe72de6e5d61051a023a02676.  The original author of the
Dragonfly change also noticed these mistakes and filed the PR.

PR:		222620
Submitted by:	Lubos Boucek <bouceklubos AT gmail.com>
Obtained from:	DragonflyBSD f4a9869feb646aafe72de6e5d61051a023a02676
2017-10-02 23:14:29 +00:00
John Baldwin
eb3d4ccc48 Handle _PC_FILESIZEBITS and _PC_SYMLINK_MAX pathconf() requests in cd9660.
cd9660 only supports symlinks with Rock Ridge extensions, so
_PC_SYMLINK_MAX is conditional on Rock Ridge.

Sponsored by:	Chelsio Communications
2017-10-02 23:12:02 +00:00
Alan Somers
d22f655459 MFV r319743: 8108 zdb -l fails to read labels 2 and 3
illumos/illumos-gate@22c8b9583d
22c8b9583d

https://www.illumos.org/issues/8108

Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed by: Toomas Soome <tsoome@me.com>
Reviewed by: Igor Kozhukhov <igor@dilos.org>
Reviewed by: Andrew Stormont <andyjstormont@gmail.com>
Approved by: Robert Mustacchi <rm@joyent.com>
Author: Yuri Pankov <yuri.pankov@nexenta.com>

MFC after:	3 weeks
2017-10-02 22:39:12 +00:00
Alan Somers
58dde1c585 MFV r316863: 3871 fix issues introduced by 3604
illumos/illumos-gate@de05b58863
de05b58863

https://www.illumos.org/issues/3871
  GCC 4.5.3 on Gentoo Linux did not like a few of the changes made in the issue
  3604 patch. It printed an error and a couple of warnings:
  ../../cmd/zdb/zdb.c: In function 'dump_bpobj':
  ../../cmd/zdb/zdb.c:1257:3: error: 'for' loop initial declarations are only
  allowed in C99 mode
  ../../cmd/zdb/zdb.c:1257:3: note: use option -std=c99 or -std=gnu99 to compile
  your code
  ../../cmd/zdb/zdb.c: In function 'dump_deadlist':
  ../../cmd/zdb/zdb.c:1323:8: warning: too many arguments for format
  ../../cmd/zdb/zdb.c:1323:8: warning: too many arguments for format

Reviewed by: Paul Dagnelie <pcd@delphix.com>
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed by: Serapheim Dimitropoulos <serapheim@delphix.com>
Approved by: Dan McDonald <danmcd@omniti.com>
Author: Richard Yao <ryao@gentoo.org>

MFC after:	3 weeks
2017-10-02 22:35:35 +00:00
Alan Somers
2091d1c3b9 MFV r316861: 6866 zdb -l should return non-zero if it fails to find any label
illumos/illumos-gate@64723e3611
64723e3611

https://www.illumos.org/issues/6866
  Need this for .
  To be generally more scripting-friendly, overload this issue with adding '-q'
  option which should skip printing any label information.

Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed by: John Kennedy <john.kennedy@delphix.com>
Approved by: Robert Mustacchi <rm@joyent.com>
Author: Yuri Pankov <yuri.pankov@nexenta.com>

MFC after:	3 weeks
2017-10-02 22:13:20 +00:00
Alan Somers
66eafdf052 MFC r316858 7280 Allow changing global libzpool variables in zdb
7280 Allow changing global libzpool variables in zdb and ztest through command line

illumos/illumos-gate@0e60744c98
0e60744c98

https://www.illumos.org/issues/7280
  zdb is very handy for diagnosing problems with a pool in a safe and
  quick way. When a pool is in a bad shape, we often want to disable some
  fail-safes, or adjust some tunables in order to open them. In the
  kernel, this is done by changing public variables in mdb. The goal of
  this feature is to add the same capability to zdb and ztest, so that
  they can change libzpool tuneables from the command line.

Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed by: Dan Kimmel <dan.kimmel@delphix.com>
Approved by: Robert Mustacchi <rm@joyent.com>
Author: Pavel Zakharov <pavel.zakharov@delphix.com>

MFC after:	3 weeks
2017-10-02 22:02:04 +00:00
Michael Zhilin
37a6f46190 [libthr] revert change of visibility of _thread_keytable to unbreak debugger
Fix regression by r318539. The sysutils/pstack uses library libthread_db to
read information about threads state. The function pt_ta_new makes lookup of
several key symbols including _thread_keytable. But r318539 mades this field
static. It causes silent ignore of libthr library by pstack and as result
sysutils/pstack doesn't output any thread information.

This fix changes this field back to non-static.

MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D11738
2017-10-02 20:33:16 +00:00
Michael Tuexen
ab1d48801b Whitespace changes: Remove leading spaces followed by a tab. 2017-10-02 20:02:25 +00:00
Emmanuel Vadot
d3609450aa Allwinner H3 CCU: Fix build on ARM64
ccu_h3.c is also used on ARM64 as it provides clocks for the H5 SoC.
Since ARM64 doesn't have sys/gun/dts/include in it's include path, use
the full name for the sun8i-h3-ccu.h include.

Reported by:	andreast
2017-10-02 19:17:09 +00:00
Michael Tuexen
945906384d Fix a bug which avoided that rules for matching port numbers for SCTP
packets where actually matched.
While there, make clean in the man-page that SCTP port numbers are
supported in rules.

MFC after:	1 month
2017-10-02 18:25:30 +00:00
Emmanuel Vadot
7bc85edd15 Allwinner GPIO: Fail if we cannot enable a clock
If we cannot enable a clock (which is required to have the device
working), do not attach the device as it will not work.
2017-10-02 17:20:07 +00:00
Emmanuel Vadot
4168a6e9f1 Allwinner: Remove a10_gpio.h
a10_gpio.h isn't used since a long time, remove it from the tree.
2017-10-02 16:39:12 +00:00
Eugene Grosbein
8942852cbc rsh: introduce new option -N disabling shutdown of socket sending path.
This prevents premature disconnection of rsh session with protocol
implementation confused by "end-of-file" condition for standard
input stream. For example, modern Cisco IOS (15.x) versions
can be managed with "rsh -N" cron jobs having /dev/null as stdin.

PR:		205144
Approved by:	avg (mentor)
MFC after:	1 week
2017-10-02 16:33:04 +00:00
Emmanuel Vadot
d8ffc6fb25 Allwinner A31 ccu: Use clock/reset IDs from dt-bindings
Do not redefines resets and clocks ID which are already in the
dt-bindings include directory. Those files are under dual licenced
under GPL2/MIT so use them directly.
2017-10-02 16:21:20 +00:00
Emmanuel Vadot
f5bb8f4aaf Allwinner A64 ccu: Use clock/reset IDs from dt-bindings
Do not redefines resets and clocks ID which are already in the
dt-bindings include directory. Those files are under dual licenced
under GPL2/MIT so use them directly.
2017-10-02 16:12:06 +00:00
Glen Barber
54a13912f6 Bump armv6 SoC images to 2.25GB. RPI-B is full, so increase all
image sizes for consistency.

Submitted by:	manu
Sponsored by:	The FreeBSD Foundation
2017-10-02 15:56:45 +00:00
Emmanuel Vadot
5aefde1fa8 Allwinner H3 ccu: Use clock/reset IDs from dt-bindings
Do not redefines resets and clocks ID which are already in the
dt-bindings include directory. Those files are under dual licence
GPL2/MIT so use them directly.
2017-10-02 15:48:39 +00:00
Andrew Turner
5cf1f313c4 Add a memory barrier to ensure the atomic write is visible to the other
CPUs before waking them up.

Sponsored by:	DARPA, AFRL
2017-10-02 14:22:35 +00:00
Allan Jude
f78bd12d6d bsdinstall(8) hardening menu: Utilize new kern.randompid=1 behaviour
Enabling the PID randomization option in bsdinstall(8)'s hardening menu
now randomizes the effective value of kern.randompid on each boot.

Previous behaviour:
When kern.randompid was enabled via the the bsdinstall(8) hardening menu,
a random value was generated and placed in the systems /etc/sysctl.conf as
kern.randompid=value
This makes the value of kern.randompid static across reboots.

New behaviour:
When kern.randompid is enabled via the bsdinstall(8) hardening menu, the
line kern.randompid=1 is placed in the systems /etc/sysctl.conf.
This takes advantage of a new kernel feature and makes the value of
kern.randompid be randomized by the kernel on each reboot.

Submitted by:	Marie Helene Kvello-Aune <marieheleneka@gmail.com>
Reviewed by:	des
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D12433
2017-10-02 14:19:31 +00:00
Hans Petter Selasky
e5d6b589ce Make sure the doorbell lock is valid for the i386 version
of the mlx5en(4) driver.

Tested by:		gallatin @
MFC after:		1 week
Sponsored by:		Mellanox Technologies
2017-10-02 12:20:55 +00:00
Hans Petter Selasky
62afbce910 Setup mbuf hash type properly when receiving IP packets in the mlx4en(4) driver.
Submitted by:		sephe@
Differential Revision:	https://reviews.freebsd.org/D12229
MFC after:		1 week
Sponsored by:		Mellanox Technologies
2017-10-02 12:11:43 +00:00
Hans Petter Selasky
29d6b8abb4 Implement SIOCGIFRSS{KEY,HASH} for the mlx4en(4) driver.
Differential Revision:	https://reviews.freebsd.org/D12176
MFC after:		1 week
Sponsored by:		Mellanox Technologies
2017-10-02 12:05:38 +00:00
Edward Tomasz Napierala
2b4490a5d3 Clear G_CF_ORPHAN when attaching. This fixes cases where the same
GEOM consumer can be orphaned, and then reattach to another provider.

From a user point of view, this makes gmountver(4) work again.

Reviewed by:	avg, mav
MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D12228
2017-10-02 11:57:00 +00:00
Andriy Gapon
620c2c801b MFV r323913: 8600 ZFS channel programs - snapshot
illumos/illumos-gate@2840dce1a0
2840dce1a0

https://www.illumos.org/issues/8600
  ZFS channel programs should be able to create snapshots.
  In addition to the base snapshot functionality, this will likely entail adding
  extra logic to handle edge cases which were formerly not possible, such as
  creating then destroying a snapshot in the same transaction sync.

Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed by: John Kennedy <john.kennedy@delphix.com>
Reviewed by: Brad Lewis <brad.lewis@delphix.com>
Approved by: Robert Mustacchi <rm@joyent.com>
Author: Chris Williamson <chris.williamson@delphix.com>

MFC after:	5 weeks
X-MFC after:	r324163
2017-10-02 11:32:08 +00:00
Andriy Gapon
a1f65a15ce MFV r323912: 8592 ZFS channel programs - rollback
illumos/illumos-gate@000cce6b6f
000cce6b6f

https://www.illumos.org/issues/8592
  ZFS channel programs should be able to perform a rollback. This logic will
  probably look pretty similar to zfs.sync.destroy().

Reviewed by: Chris Williamson <chris.williamson@delphix.com>
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Approved by: Robert Mustacchi <rm@joyent.com>
Author: Brad Lewis <brad.lewis@delphix.com>

MFC after:	5 weeks
X-MFC after:	r324163
2017-10-02 11:23:31 +00:00
Andriy Gapon
8cdc315e9e MFV r323795: 8604 Avoid unnecessary work search in VFS when unmounting snapshots
illumos/illumos-gate@ed992b0aac
ed992b0aac

https://www.illumos.org/issues/8604
  Every time we want to unmount a snapshot (happens during snapshot deletion or
  renaming) we unnecessarily iterate through all the mountpoints in the VFS layer
  (see zfs_get_vfs).
  Ideally we would just put a hold on the snapshot and access its respective VFS
  resource directly.

Reviewed by: Matt Ahrens <mahrens@delphix.com>
Reviewed by: George Wilson <george.wilson@delphix.com>
Reviewed by: Andy Stormont <astormont@racktopsystems.com>
Approved by: Robert Mustacchi <rm@joyent.com>
Author: Serapheim Dimitropoulos <serapheim@delphix.com>

FreeBSD note: I added a FreeBSD specific function getzfsvfs_ref() which
is like getzfsvfs() but returns a filesystem referenced, not busied.
We want a busied filesystem in most cases, because we access its private
data and, thus, we need to prevent the filesystem from being unmounted
and its private data destroyed.  But in some cases we can either get
away with just a referenced filesystem or we must not busy the
filesystem.  Unmounting the filesystem is one of such cases.

MFC after:	5 weeks
X-MFC after:	r324163
2017-10-02 11:15:32 +00:00
Andriy Gapon
55b73eb9c5 fix incorrect use of getzfsvfs_impl in r324163, ZFS Channel Programs
getzfsvfs_impl() returns a referenced, not busied, filesystem,
so the matching call is vfs_rel, not vfs_unbusy.

MFC after:	4 weeks
X-MFC with:	r324163
2017-10-02 11:07:48 +00:00
Julien Charbon
5fcd2d9bfc Forgotten bits in r324179: Include sys/syslog.h if INVARIANTS is not defined
MFC after:	1 week
X-MFC with:	r324179
Pointy hat to:	jch
2017-10-02 09:45:17 +00:00
Konstantin Belousov
9674d76346 Hide kernel stuff from userspace.
Sponsored by:	Mellanox Technologies
2017-10-02 08:37:43 +00:00
Alan Cox
0c0e1e96c6 Use vm_page_active() rather than directly accessing the page's queue
field.

Reviewed by:	kib, markj
MFC after:	2 weeks
X-MFC with:	r324146
2017-10-02 07:30:21 +00:00
Alan Cox
d9ccb9a89f When mdstart_swap() accesses a page that is already in the active queue,
mark the page as referenced rather than calling vm_page_activate().  This
allows the page's act_count to grow beyond ACT_INIT and better reflect
its usage.  (See also r324146, which modified a function used by tmpfs,
uiomove_object_page(), to behave in the same way.)

Reviewed by:	kib, markj
MFC after:	2 weeks
2017-10-02 07:14:32 +00:00
Wojciech Macek
10b980e75b PPC: increase MAX_PICS to 32
Previous value was too low on dual-socket POWER8 system.

Submitted by:          Wojciech Macek <wma@freebsd.org>
Reviewed by:           nwhitehorn
Obtained from:         Semihalf
Sponsored by:          QCM Technologies
Differential revision: https://reviews.freebsd.org/D12540
2017-10-02 06:05:19 +00:00
Ian Lepore
74eb18b6cc Define a single instance of ahci_devclass and reference it from all the
attachment code for various SOCs and busses.  Remove all the static and
should-have-been-static and named-differently instances of it.

This should eliminate the recently-grown build warnings about multiple
definitions when building arm kernels.
2017-10-02 02:58:28 +00:00
Ian Lepore
8fb0ef085c Enhance the interrupt capabilities of ti_pruss driver.
The existing ti_pruss driver for the PRUSS Hardware provided by the AM335x
ARM CPU has basic interrupt capabilities.  This updated driver provides some
more options:

 - Sysctl based configuration for the interrupts (for some examples, see the
   test plan in the phabricator review cited below).

 - A device file (/dev/pruss0.irqN) for each enabled interrupt. This file
   can be read and the device blocks if no irq has happened or returns an
   uint64_t timestamp based on nanouptime().

 - Each interrupt device file provides kqueue-based event notification,
   blocking read(), or select().

Submitted by:	Manuel Stuhn <freebsdnewbie@freenet.de>
Differential Revision:	https://reviews.freebsd.org/D11959
2017-10-02 01:03:18 +00:00
Ian Lepore
c5765d84ac Allow Raspberry Pi platform and drivers to be configured with upstream DTBs.
- Added more compatibility strings to drivers not yet converted
 - Added new RPI platform code compatibility string to match the ones used
   upstream
 - Adapted RPI and RPI2 DTS to match the new platform code compatibility
   string

The goal is to use the upstream DTBs as a replacement for our custom one.
This is now possible with these changes.

Additionally, as the RPI firmware automatically chooses the right DTB for
us, this would allow to have one common armv6 kernel for RPI0 and RPI1
(BCM2835-based), and one common armv7 kernel for RPI2 v1.1 (BCM2836-based),
and RPI2 v1.2 / RPI3 (BCM2837-based).

Submitted by:	Sylvain Garrigues <sylgar@gmail.com>
Differential Revision:	https://reviews.freebsd.org/D12360
2017-10-02 00:49:33 +00:00
Patrick Kelsey
3f43239f21 The soisconnected() call removed from syncache_socket() in r307966 was
not extraneous in the TCP Fast Open (TFO) passive-open case.  In the
TFO passive-open case, syncache_socket() is being called during
processing of a TFO SYN bearing a valid cookie, and a call to
soisconnected() is required in order to allow the application to
immediately consume any data delivered in the SYN and to have a chance
to generate response data to accompany the SYN-ACK.  The removal of
this call to soisconnected() effectively converted all TFO passive
opens to having the same RTT cost as a standard 3WHS.

This commit adds a call to soisconnected() to syncache_tfo_expand() so
that it is only in the TFO passive-open path, thereby restoring TFO
passve-open RTT performance and preserving the non-TFO connection-rate
performance gains realized by r307966.

MFC after:	1 week
Sponsored by:	Limelight Networks
2017-10-01 23:37:17 +00:00
Julien Charbon
dfa1f80ce9 Fix an infinite loop in tcp_tw_2msl_scan() when an INP_TIMEWAIT inp has
been destroyed before its tcptw with INVARIANTS undefined.

This is a symmetric change of r307551:

A INP_TIMEWAIT inp should not be destroyed before its tcptw, and INVARIANTS
will catch this case.  If INVARIANTS is undefined it will emit a log(LOG_ERR)
and avoid a hard to debug infinite loop in tcp_tw_2msl_scan().

Reported by:		Ben Rubson, hselasky
Submitted by:		hselasky
Tested by:		Ben Rubson, jch
MFC after:		1 week
Sponsored by:		Verisign, inc
Differential Revision:	https://reviews.freebsd.org/D12267
2017-10-01 21:20:28 +00:00
Andriy Gapon
6a2f82bdf8 unbreak kernel builds on sparc64 and powerpc after r324163, ZFS Channel Programs
The custom iscntrl() in ZFS Lua code expects a signed argumnet, so
remove the harmful cast.

Reported by:	ian
MFC after:	5 weeks
X-MFC with:	r324163
2017-10-01 20:12:30 +00:00
Andrew Turner
0e73a61997 To prepare for adding EFI runtime services support on arm64 move the
machine independent parts of the existing code to a new file that can be
shared between amd64 and arm64.

Reviewed by:	kib (previous version), imp
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D12434
2017-10-01 19:52:47 +00:00