Parse out the VSEC. If the user invokes a second -c command line option,
do a hex dump of the vendor data.
Reviewed by: imp
MFC after: 3 days
Sponsored by: Intel
Differential Revision: http://reviews.freebsd.org/D22808
- Allow the userland hypervisor to intercept breakpoint exceptions
(BP#) in the guest. A new capability (VM_CAP_BPT_EXIT) is used to
enable this feature. These exceptions are reported to userland via
a new VM_EXITCODE_BPT that includes the length of the original
breakpoint instruction. If userland wishes to pass the exception
through to the guest, it must be explicitly re-injected via
vm_inject_exception().
- Export VMCS_ENTRY_INST_LENGTH as a VM_REG_GUEST_ENTRY_INST_LENGTH
pseudo-register. Injecting a BP# on Intel requires setting this to
the length of the breakpoint instruction. AMD SVM currently ignores
writes to this register (but reports success) and fails to read it.
- Rework the per-vCPU state tracked by the debug server. Rather than
a single 'stepping_vcpu' global, add a structure for each vCPU that
tracks state about that vCPU ('stepping', 'stepped', and
'hit_swbreak'). A global 'stopped_vcpu' tracks which vCPU is
currently reporting an event. Event handlers for MTRAP and
breakpoint exits loop until the associated event is reported to the
debugger.
Breakpoint events are discarded if the breakpoint is not present
when a vCPU resumes in the breakpoint handler to retry submitting
the breakpoint event.
- Maintain a linked-list of active breakpoints in response to the GDB
'Z0' and 'z0' packets.
Reviewed by: markj (earlier version)
MFC after: 2 months
Differential Revision: https://reviews.freebsd.org/D20309
The !USE_OPENSSL_CRYPTO_RAND path uses arc4random_buf() correctly.
In general, we should prefer to avoid things OpenSSL does poorly when a good
alternative exists in libc.
This doesn't appear to have some active upstream (and it's a steaming pile of
bad 90s crypto design). Rip out the completely horrible bits and leave the
only mildly less horrible bits. The whole thing should probably be deleted; to
the extent it purports to provide a security feature: it doesn't.
<sys.mk> defines ECHO=echo when not using make -s, and ECHO=true when using
make -s.
export ECHO for ntp products and use it in the mkver script to echo the
version. This suppresses the output as appropriate. ECHO is given a default
value to make sure things still work as expected for anyone that isn't
redefining ECHO.
Reviewed by: cy
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D22101
VFs return zero for the memory enable bit even if it has been set by a
prior write. After r348779 this caused the annoying behavior that a
guest OS would unintentionally disable memory decoding on a future
read-modify-write operation on the command register. Instead, return
the shadow value of the command register for reads. This ensures that
the guest will only toggle the state of the memory enable bit when it
specifically intends to do so.
MFC after: 2 weeks
Sponsored by: Chelsio Communications
Update a bunch of Makefile.depend files as
a result of adding Makefile.depend.options files
Reviewed by: bdrewery
MFC after: 1 week
Sponsored by: Juniper Networks
Differential Revision: https://reviews.freebsd.org/D22494
Leaf directories that have dependencies impacted
by options need a Makefile.depend.options file
to avoid churn in Makefile.depend
DIRDEPS for cases such as OPENSSL, TCP_WRAPPERS etc
can be set in local.dirdeps-options.mk
which can add to those set in Makefile.depend.options
See share/mk/dirdeps-options.mk
Reviewed by: bdrewery
MFC after: 1 week
Sponsored by: Juniper Networks
Differential Revision: https://reviews.freebsd.org/D22469
Previously kbdmap had a localized menu heading ("Choose your keyboard
layout") but not the dialog title ("Keyboard Menu").
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
o Remove All Rights Reserved from my notices
o imp@FreeBSD.org everywhere
o regularize punctiation, eliminate date ranges
o Make sure that it's clear that I don't claim All Rights reserved by listing
All Rights Reserved on same line as other copyright holders (but not
me). Other such holders are also listed last where it's clear.
Some of the printf statements only use LF to get a newline. However, a CR character is also required for the serial console to print debug logs in a nice way.
Fix those code locations that only use LF, by adding a CR character.
Reviewed by: markj, aleksandr.fedorov@itglobal.com
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D22552
When using sysrc to modify a file, the file should be created silently.
However, with the introduction of SVN r335280, an error of "No such file
or directory" would appear despite everything else working as-expected.
The nature of this spurious error is that SVN r335280 did not check if
the file exists first, before trying to fixup the line-endings in the
file just prior to modification.
PR: bin/240875
Reported by: Jose Luis Duran
MFC after: 3 days
foreground.
This allows a separate process to monitor when and how those programs exit.
That process can then restart them if needed.
Submitted by: Alex Burlyga
Reviewed by: bcr, imp
MFC after: 1 week
Sponsored by: Panasas
Differential Revision: https://reviews.freebsd.org/D22474
This reapplies the RISC-V GNU ld workaround from r354896, r354899, and
354900, along with a fix for the build failure during cleandir.
LINKER_TYPE was not being set during cleandir, resulting in
Malformed conditional (${LINKER_TYPE} == "bfd" && ${MACHINE} == "riscv")
from Cirrus-CI.
PR: 242109
Sponsored by: The FreeBSD Foundation
Add code to decode the BootCurrent and BootXXXX variable it points at
to deduce the ESP used to boot the system. By default, it prints the
path to that device. With --unix-path (-p) it will instead print the
current mount point for the ESP, if any (or an error). With
--device-path (-d) it wil print the UEFI device path for the ESP.
Note: This is the best guess based on the UEFI variables. If the ESP
is part of a gmirror, etc, that won't be reported. If by some weird
chance there was a complicated series of chain boots, this may not be
what you want. For setups that don't add layers on top of the raw
devices, it is accurate.
Differential Revision: https://reviews.freebsd.org/D22432
This patch fixes a race condition where the receive callback is called
while the device is being reset. Since the rx_merge variable may change
during reset, the receive callback may operate inconsistently with what
the guest expects.
Also, get rid of the unused rx_vhdrlen variable.
PR: 242023
Reported by: aleksandr.fedorov@itglobal.com
Reviewed by: markj, jhb
MFC with: r354552
Differential Revision: https://reviews.freebsd.org/D22440
error: operator '?:' has lower precedence than '|'; '|' will be evaluated first
I discovered this in CheriBSD after updating our fork of clang to the latest
upstream master.
Reviewed By: ian
Differential Revision: https://reviews.freebsd.org/D22433
Since st_birthtime doesn't exists on Linux (unless you use statx(2)), we
instead populate it with the st_ctime value.
Reviewed By: emaste
Differential Revision: https://reviews.freebsd.org/D22386
Instead of providing ioctl cmd value, which has no meaning to user,
print MSR number. The later is what the user expects in this place
even.
Reported by: pstef
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Instead of calloc()ing (and forgetting to free) in a tight loop, just put
this small array on the stack.
Reported by: Coverity
Coverity CID: 1331665
MFC after: 2 weeks
Sponsored by: Axcient
sesutil would allow the user to toggle an LED that was one past the maximum
element. If he tried, ENCIOC_GETELMSTAT would return EINVAL.
Reported by: Coverity
Coverity CID: 1398940
MFC after: 2 weeks
Sponsored by: Axcient
At the end of both mevent_add() and mevent_update(), mevent_notify()
is called to wakeup the I/O thread, that will call kevent(changelist)
to update the kernel.
A race condition is possible where the client calls mevent_add() and
mevent_update(EV_ENABLE) before the I/O thread has the chance to wake
up and call mevent_build()+kevent(changelist) in response to mevent_add().
The mevent_add() is therefore ignored by the I/O thread, and
kevent(fd, EV_ENABLE) is called before kevent(fd, EV_ADD), resuliting
in a failure of the kevent(fd, EV_ENABLE) call.
PR: 241808
Reviewed by: jhb, markj
MFC with: r354288
Differential Revision: https://reviews.freebsd.org/D22286
via 'diskinfo -v'. This avoids the need to track it down via CAM,
and should also work for disks that don't use CAM. And since it's
inherited thru the GEOM hierarchy, in most cases one doesn't need
to walk the GEOM graph either, eg you can use it on a partition
instead of disk itself.
Reviewed by: allanjude, imp
Sponsored by: Klara Inc
Differential Revision: https://reviews.freebsd.org/D22249
Mergeable rx buffers is a virtio-net feature that allows the hypervisor
to use multiple RX descriptor chains to receive a single receive packet.
Without this feature, a TSO-enabled guest is compelled to publish only
64K (or 32K) long chains, and each of these large buffers is consumed
to receive a single packet, even a very short one. This is a waste of
memory, as a RX queue has room for 256 chains, which means up to 16MB
of buffer memory for each (single-queue) vtnet device.
With the feature on, the guest can publish 2K long chains, and the
hypervisor will merge them as needed.
This change also enables the feature in the netmap backend, which
supports virtio-net offloads. We plan to add support for the
tap backend too.
Note that differently from QEMU/KVM, here we implement one-copy receive,
while QEMU uses two copies.
Reviewed by: jhb
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D21007
If a VM is flooded with more ingress packets than the guest OS
can handle, the current virtio-net code will keep reading those
packets and drop most of them as no space is available in the
receive queue. This is an undesirable receive livelock, which
is a waste of CPU and memory resources and potentially opens to
DoS attacks.
With this change, virtio-net uses the new netbe_rx_disable()
function to disable ingress operation in the backend while the
guest is short on RX buffers. Once the guest makes more buffers
available to the RX virtqueue, ingress operation is enabled again
by calling netbe_rx_enable().
Reviewed by: bryanv, jhb
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D20987
The valectl(4) program is used to manage vale(4) switches.
Add it to the system commands so that it can be used right away.
This program was previously called vale-ctl, and stored in
tools/tools/netmap
Reviewed by: hrs, bcr, lwhsu, kevans
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D22146
whitespace, and also reorder the fields so they are easier to read on
an 80 column display (the lines wrapped even before these changes).
Also fix non-standard nomenclature in the Caps code, and update the
man page.
Reported by: rpokala
standard nomenclature of "device" and "vendor" with the "sub" variants.
This changes the printed format, so anything that scrapes and parses
this will need to be adapted. No compatibility shims are provided,
but this will not be MFC'd.
Reviewed by: jhb, emaste, gtetlow
Approved by: jhb, emaste, gtetlow
Pass the list of user selected disks from zfsboot to bootconfig so that
the latter doesn't rely on ESP autodetection that apparently fails for
some cases, e.g. memstick installation with nvme (boot) and sata drives.
While here, fix printing of debug messages in bootconfig.
Reviewed by: bcran, imp, tsoome
Differential Revision: https://reviews.freebsd.org/D21930
This warning (comparing a pointer against a zero character literal
rather than NULL) has existed since GCC 7.1.0, and was recently added to
Clang trunk.
Almost all of these are harmless, except for fwcontrol's str2node, which
needs to both guard against dereferencing a NULL pointer (though in
practice it appears none of the callers will ever pass one in), as well
as ensure it doesn't parse the empty string as node 0 due to strtol's
awkward interface.
Submitted by: James Clarke <jtrc27@jrtc27.com>
Obtained from: CheriBSD
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D21914
'quarterly' package sets do not exist for head, so explicitly
install the 'latest' configuration file there. Otherwise,
fall back to the original conditional evaluation to determine
if the 'latest' or 'quarterly' configuration file should be
installed.
Reported by: manu
Reviewed by: manu
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC (Netgate)
It seems reasonable to allow, for instance:
$ certctl list
# reviews output -- ah, yeah, I don't trust that one
$ certctl blacklist ce5e74ef.0
$ certctl rehash
We can unambiguously determine what cert "ce5e74ef.0" refers to, and we've
described it to them in `certctl list` output -- I see little sense in
forcing another level of filesystem inspection to determien what cert file
this physically corresponds to.
This change allows to specify a watchdog(9) timeout for a system
shutdown. The timeout is activated when the watchdogd daemon is
stopped. The idea is to a prevent any indefinite hang during late
stages of the shutdown. The feature is implemented in rc.d/watchdogd,
it builds upon watchdogd -x option.
Note that the shutdown timeout is not actiavted when the watchdogd
service is individually stopped by an operator. It is also not
activated for the 'shutdown' to the single-user mode. In those cases it
is assumed that the operator knows what they are doing and they have
means to recover the system should it hang.
Significant subchanges and implementation details:
- the argument to rc.shutdown, completely unused before, is assigned to
rc_shutdown variable that can be inspected by rc scripts
- init(8) passes "single" or "reboot" as the argument, this is not
changed
- the argument is not mandatory and if it is not set then rc_shutdown is
set to "unspecified"
- however, the default jail management scripts and jail configuration
examples have been updated to pass "jail" to rc.shutdown, just in case
- the new timeout can be set via watchdogd_shutdown_timeout rc option
- for consistency, the regular timeout can now be set via
watchdogd_timeout rc option
- watchdogd_shutdown_timeout and watchdogd_timeout override timeout
specifications in watchdogd_flags
- existing configurations, where the new rc options are not set, should
keep working as before
I am not particularly wed to any of the implementation specifics.
I am open to changing or removing any of them as long as the provided
functionality is the same (or very close) to the proposed one.
For example, I think it can be implemented without using watchdogd -x,
by means of watchdog(1) alone. In that case there would be a small
window between stopping watchdogd and running watchdog, but I think that
that is acceptable.
Reviewed by: bcr (man page changes)
MFC after: 5 weeks
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D21221
installer when installing the system on a ZFS root filesystem.
For arm64, zfs_load="YES" does not add opensolaris.ko as a kld
dependency, so add it explicitly to prevent boot-time failures
out-of-box.
PR: 240478
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC (Netgate)
This commit add support for certctl in mergemaster and etcupdate. Both will
either rehash or prompt for rehash as new certificates are
trusted/blacklisted.
This work was done primarily by allanjude@, with minor contributions by
myself.
No objection from: secteam
Differential Revision: https://reviews.freebsd.org/D17389
This is a simple utility to hash all trusted on the system into
/etc/ssl/certs. It also allows the user to blacklist certificates they do
not trust.
This work was done primarily by allanjude@, with minor contributions by
myself.
No objection from: secteam
Differential Revision: https://reviews.freebsd.org/D16857
This avoids PATH conflicts with a real httpd, as a user will likely almost
always prefer the more fully-featured httpd. This also lines up with the
historical name of the program.
picobsd/tinyware has had this compact HTTPD server for a long time, and some
people do use it. Move it out into usr.sbin well in advance of any action
being taken on picobsd.
This has been gated behind an HTTPD option defaulted to *off*, primarily for
two reasons:
1.) This code likely needs a good audit, as it's been living off in picobsd
land for a long time, and
2.) We don't currently ship an httpd and this may not be a welcome surprise.
Reviewed by: eugen
Differential Revision: https://reviews.freebsd.org/D21724
Extend the net backend interface with two functions, namely netbe_rx_disable()
and netbe_rx_enable(), which can be used by the net device emulators to stop
the backend from invoking the receive callback. This is useful for device
emulators, i.e., on hardware resets or to implement receive backpressure.
The mevent module has been extendede to support the addition of a disabled
event. To prevent race conditions, the net backends will start with receive
operation disabled. A follow-up patch will use the new functionalities in
the virtio-net device.
Reviewed by: jhb, markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D20973
- split synopsis into separate options that can't be used together
- sort options
- fix (style) issues reported by mandoc lint
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D21710
This commit adds two new extensions to crontab, ported from OpenBSD:
- -n: suppress mail on succesful run
- -q: suppress logging of command execution
The -q option appears decades old, but -n is relatively new. The
original proposal by Job Snijder can be found here [1], and gives very
convincing reasons for inclusion in base.
This patch is a nearly identical port of OpenBSD cron for -q and -n
features. It is written to follow existing conventions and style of the
existing codebase.
Example usage:
# should only send email, but won't show up in log
* * * * * -q date
# should not send email
* * * * * -n date
# should not send email or log
* * * * * -n -q date
# should send email because of ping failure
* * * * * -n -q ping -c 1 5.5.5.5
[1]: https://marc.info/?l=openbsd-tech&m=152874866117948&w=2
PR: 237538
Submitted by: Naveen Nathan <freebsd_t.lastninja.net>
Reviewed by: bcr (manpages)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D20046
`freebsd-update updatesready' can be used to check if there are any pending
fetched updates that can be installed.
`freebsd-update showconfig' writes freebsd-update's configuration to
stdout.
This also changes the exit code of `freebsd-update install' to 2 in case
there are no updates pending to be installed and there wasn't a fetch phase
in the same invocation. This allows scripts to tell apart these error
conditions without breaking existing jail managers.
See freebsd-update(8) for details.
PR: 240757, 240177, 229346
Reviewed by: manpages (bcr), sectam (emaste), yuripv
Differential Revision: https://reviews.freebsd.org/D21473
message:
On non-x86 systems, use "quarterly" packages.
x86 architectures have "latest" package builds on stable/*, so keep using
those (they'll get switched over to "quarterly" during releases).
The original commit was a direct commit to stable/12, as at the time it
was presumed it would not be necessary for head. However, when it is time
to create a releng branch or switch from PRERELEASE/STABLE to BETA/RC, the
pkg(7) Makefile needs further adjusting. This commit includes those
further adjustments, evaluating the BRANCH variable from release/Makefile
to determine the pkg(7) repository to use.
MFC after: immediate (if possible)
Sponsored by: Rubicon Communications, LLC (Netgate)
igor follows American style guides in the belief that abbreviations i.e.
and e.g. are always followed by a comma. Make that change now so that
future updates to freebsd-update.8 do not complain about this.
Submitted by: grembo
Event: EuroBSDCon Norway FreeBSD DevSummit
log daemon facility now that daemon(8) has syslog support which defaults to
daemon facility, info priority
Reviewed by: bapt
Approved by: bapt
Differential Revision: https://reviews.freebsd.org/D21561
pages to page as necessary.
To restore historic BSD behaviour add the following to ntp.conf:
rlimit memlock 32
Discussed on: freebsd-current@ between Sept 6-9, 2019
Reported by: Users using ASLR with stack gap != 0
Reviewed by: ian, kib, rgrimes (all previous versions)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D21581
This commit fixes bug: command "jail -r" didn't trigger pre/post stop
commands (and others) defined in config file if jid is specified insted of
name. Also it adds basic tests for usr.sbin/jail to avoid regression.
Reviewed by: jamie, kevans, ray
MFC after: 5 days
Differential Revision: https://reviews.freebsd.org/D21328
This only lists the changed type and not other attributes so that it
matches the behavior of -C as done in r66747 for fmtree. The NetBSD
-ff implementation was copied from fmtree.
Reviewed by: imp
MFC after: 2 weeks
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D21623
location.
With newer import of libedit, the path to be able to access readline/readline.h
will also include header which name will conflict with some expected by ntp in
another path and end up breaking the build.
Setting the B_INVALONERR flag before a synchronous write causes the buf
cache to forcibly invalidate contents if the write fails (BIO_ERROR).
This is intended to be used to allow layers above the buffer cache to make
more informed decisions about when discarding dirty buffers without
successful write is acceptable.
As a proof of concept, use in msdosfs to handle failures to mark the on-disk
'dirty' bit during rw mount or ro->rw update.
Extending this to other filesystems is left as future work.
PR: 210316
Reviewed by: kib (with objections)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D21539
All of them are needed to be able to boot to single user and be able
to repair a existing FreeBSD installation so put them directly into
FreeBSD-runtime.
Reviewed by: bapt, gjb
Differential Revision: https://reviews.freebsd.org/D21503
This code has been written as a proof of concept, but I think that it
can be useful in general. It allows to set the status of an enclosure
slot. Practically, this means controlling whatever slot status LEDs the
enclosure provides. At present, the new command does not have sanity
checks or any conveniences. That means that it is possible to issue the
command for an invalid slot and an enclosure. But the worst I have seen
happening is either the command failing or simply being ignored. Also,
at the moment, the status has to be specified as a numeric bit mask.
The bit definitions can be found in sys/dev/mps/mpi/mpi2_init.h, they
are prefixed with MPI2_SEP_REQ_SLOTSTATUS_. The only way to address a
slot is by the enclosure handle and the slot number. Both are readily
available from mpsutil show commands.
So, future enhancements could include alternative ways to address a slot
(e.g., by a disk handle or a disk device name) and human friendly names
for slot statuses.
The new command is useful alternative to 'sas2ircu locate' command.
First, sas2ircu is a proprietary blob. Second, it supports setting only
locate / identify status bit.
Tested on HP H220 running LSI IT firmware 20.x.
Reviewed by: bapt
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D20535
This patch fixes a bug that made the mixer command enter
an infinite loop when instructed to set the value of a device
to an empty string (e.g., `mixer vol ""`).
Additionally, some tests for mixer(8) are being added.
PR: 240039
Reviewed by: hselasky, mav
Approved by: src (hselasky, mav)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D21409
After populating the filesystem, write a FSInfo block with
proper information.
Reviewed by: emaste, cem
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D21363
There is no need to duplicate this file when it can be trivially
shared (just exposing sections previously under #ifdef _KERNEL).
MFC with: r351273
Differential Revision: The FreeBSD Foundation
There is no reason to duplicate this file when it can be trivially
shared (just exposing one section previously under #ifdef _KERNEL).
Reviewed by: imp, cem
MFC with: r351273
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D21346
(The kernel uses caddr_t.)
Suggested by: cem
Reviewed by: cem
MFC with: r351273
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D21348
Add FAT support to makefs by copying some files from sys/fs/msdosfs/ and
updating others with changes from NetBSD.
The six files copied from sys/fs/msdosfs at r348251 and modified are:
denode.h direntry.h fat.h msdosfs_fat.c msdosfs_lookup.c msdosfsmount.h
I would prefer to avoid the duplication, but reluctance to doing so was
expressed in a previous review (D11197); for now copy the files and
revisit in the future.
Submitted by: Siva Mahadevan
Discussed with: cem, imp
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D16438
Apparently using tty for this purpose has been deprecated since 4.4 Lite.
Reviewed by: cy
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D21318
Revision 316342, which introduced the anticongestion feature, failed to
consider that the periodic scripts are executed by a recursive invocation of
periodic. The recursive invocation wrongly cleaned up a temporary file that
should've been cleaned up only by the original invocation. The result is
that if the first script that requests an anticongestion sleep runs after
the security scripts, the sleep won't happen.
Fix this bug by delaying cleanup until the end of the original invocation.
PR: 236564
Submitted by: Yasuhiro KIMURA <yasu@utahime.org>
Reviewed by: imp
MFC after: 1 month
When local support was fixed, it introduced a minor bug in formatting. We don't
increment the lpos by enouogh, so lines are a little too long. Adjust to be
correct now with variable length srcprefix.
Inizialize global variables earlier in the process. It doesn't matter today, but
may in the future if we want to access these lists earlier in config's run.
mkheaders.c hasn't made headers in ~15 years. Belatedly update the comments to
reflect that all it does these days is warn about 'device foo' lines in the
config where we don't know what a 'foo' is.
Remove extra includes too. These also haven't been needed for 15 years and
weren't removed at the time the comment wasn't updated...
Follow-up on r322318 and r322319 and remove the deprecated modules.
Shift some now-unused kernel files into userspace utilities that incorporate
them. Remove references to removed GEOM classes in userspace utilities.
Reviewed by: imp (earlier version)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D21249
rcmds removed in r324351.
Historical references in the README are maintained. There's a paragraph
describing a "980K crunched 'fixit'" that references rsh and rlogin.
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Since YP protocol definition uses the constant to declare
variable-size opaque byte strings, the change should be binary
compatible with existing installations which do not expose keys or
values larger than 1024 bytes.
All uses of local variables with YPMAXRECORD sizes were removed to
avoid insane stack use. On the other hand, variables with static
lifetime should be fine and only result in increased VA use.
Glibc made same change, increasing the allowed length for keys and
values in YP to 16M, in 2013.
Reviewed by: markj
Discussed with: ian
Sponsored by: Mellanox Technologies
MFC after: 3 weeks
Differential revision: https://reviews.freebsd.org/D20900
Summary:
autounmountd(8) uses doubles to handle mount time durations. However,
it must convert to integer types, time_t in particular, to do anything
meaningful. Additionally, even though it's a floating-point value in
seconds, the sub-seconds component is never used, so it's unnecessary.
Switching type to time_t fixes an assertion on powerpc64, which checks
that a sleep value that's not -1.0 is greater than 0. On powerpc64, it
happens that the value of -1.0 gets loaded as a float (perhaps a bug in
gcc), but gets compared to a double. This compares as false, so follows
through the 'sleep != -1.0' path, and fails the assert. Since the
sub-second component isn't used in the double, just drop it and deal
with whole-integer seconds.
Reviewed by: trasz
Differential Revision: https://reviews.freebsd.org/D21109
When transmitting a large TCP packet, the final transmit descriptor
includes the length of the protocol headers to be duplicated on each
segment. The device model was trusting the guest-supplied value
without validating it. A value of zero would result in the guest
being able to indirect a garbage pointer on the stack to overwrite
arbitrary memory in the bhyve process. A value that was non-zero but
too small for the requested parameters resulted in the device model
reading and writing values beyond the end of the on-stack buffer used
to hold the template header.
To fix, validate the supplied length and drop requests to transmit
packets that would overflow the header buffer. While here, initialize
the header pointer to NULL as a preventive measure so that any access
to an unallocated template header crashes they hypervisor
deterministically.
While here, only read the TCP sequence number if the packet being
split is a TCP packet. The e1000 logic supports a segmentation of UDP
frames, and while UDP segmentation requires this part of the header to
be valid (so there is no buffer overflow), only reading the field when
needed is cleaner.
admbugs: 918
Reported by: Reno Robert <renorobert@gmail.com>
Reviewed by: markj
Approved by: so
Security: CVE-2019-5609
The values to report can be set via LUN options. It can be useful for
testing, and also required for Drive Maintenance 2016 feature set.
MFC after: 2 weeks
Add appropriate bounds checks on the epid and streamid fields in the
device doorbell registers.
admbugs: 919
Submitted by: jhb
Reported by: Reno Robert <renorobert@gmail.com>
Reviewed by: markj
Approved by: so
Security: out-of-bounds read
This option was imported as part of the KAME project in r62627 (in 2000).
It was turned on unconditionally in r121472 (in 2003) and has been on ever
since. The old alternative code has bitrotted. Reap the dead code.
Reported by: Ján Sučan <jansucan@gmail.com>
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D20938
Move the bluetooth related files from FreeBSD-runtime to a new package named
FreeBSD-bluetooth
The FreeBSD runtime is only intended to have everything for a working
FreeBSD installation and bluetooth isn't needed for that.
Reviewed by: bapt, gjb
Differential Revision: https://reviews.freebsd.org/D20959
Move the hostapd related files from FreeBSD-runtime to a new package n
FreeBSD-hostapd
The FreeBSD runtime is only intended to have everything for a working
FreeBSD installation and hostapd isn't needed for that.
Reviewed by: bapt, gjb
Differential Revision: https://reviews.freebsd.org/D20958
Move the wpa related files from FreeBSD-runtime to a new package named
FreeBSD-wpa
The FreeBSD runtime is only intended to have everything for a working
FreeBSD installation and wpa isn't needed for that.
Reviewed by: bapt, gjb
Differential Revision: https://reviews.freebsd.org/D20957
zone.tab is deprecated. Install zone1970.tab alongside it, and use it
for tzsetup(8). This is also useful for other applications that need
the modern better maintained file.
Reviewed by: philip
Approved by: allanjude (mentor)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D20646
Instead of skipping the NVMe Completion Queue update based on the
opcode, define a synthetic status value which indicates the completion
queue entry is invalid. This will also allow deferred completion queue
updates for other commands.
Also returns the correct status for unrecognized opcodes ("invalid
opcode").
Reviewed by: imp, jhb, araujo
Approved by: imp (mentor), jhb (maintainer)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D20945
this implicitly by encoding it in a number space.
No functional change intended.
This is done as a preparation to add support for ICMPv6 mesages
indicating a parameter problem related to the next header.
MFC after: 2 weeks
We remove IPSEC only in parts of the tree, and not others. RELEASE_CRUNCH to
disable it has not kept up with all its uses. Remove it. Should there be a real
need to disable IPSEC, one that hasn't shown up in the base system to date,
it can be re-added behind a WITHOUT_IPSEC build option.
Since these things are more completely controlled by the MK_OPENSSL knob, remove
RELEASE_CRUNCH here. It's no longer needed for the release and other users can
use the more proper knob if they so desire.
Accept an IEEE Extended Unique Identifier (EUI-64) from the command
line for each NVMe namespace. If one isn't provided, it will create one
based on the CRC16 of:
- the FreeBSD IEEE OUI
- PCI bus, device/slot, function values
- Namespace ID
Reviewed by: imp, araujo, jhb, rgrimes
Approved by: imp (mentor), jhb (maintainer)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D19905
