Make PFIL's lock global and use it for this purpose.
This reduces the number of locks needed to acquire for each packet.
Obtained from: Yandex LLC
MFC after: 2 weeks
Sponsored by: Yandex LLC
No objection from: #network
Differential Revision: https://reviews.freebsd.org/D10154
When a member of a RAIDZ has been replaced with a device smaller than the
original, then the top level vdev can report its expand size as 16.0E.
The reduced child asize causes the RAIDZ to have a vdev_asize lower than its
vdev_max_asize which then results in an underflow during the calculation of
the parents expand size.
Fix this by updating the vdev_asize if it shrinks, which is already
protected by a check against vdev_min_asize so should always be safe.
Also for RAIDZ vdevs, ensure that the sum of their child vdev_min_asize is
always greater than the parents vdev_min_size.
Fixes: https://www.illumos.org/issues/7885
MFC after: 2 weeks
Sponsored by: Multiplay
Vendor changes (FreeBSD-related):
Report which extended attributes could not be restored
Update archive_read_disk.3 and archive_write_disk.3 manual pages
Plug memory leaks in xattr tests.
MFC after: 1 week
Vendor changes (FreeBSD-related):
Report which extended attributes could not be restored
Update archive_read_disk.3 and archive_write_disk.3 manual pages
This variable was used 4 times in 1 function and all uses were wrong.
The 4 uses were in he test_frame() (show) function, to try to restore
4 colors, 2 unnecessarily and these 2 now broken. This was wrong
because it is the previous colors that must be restored, but the global
holds the original colors. Excessive setting of colors at the end
restored the previous colors correctly in most cases, but I removed
this a couple of revisions ago.
Originally, this variable had 1 correct use, to test for being on a vty
as a side effect of initializing it. This is now down in init(), and
init() also leaves a better-named global with the same contents.
Fix this by reading the current console info into a local variable in
test_frame(), as is done for several other functions. Fix style bugs
in this reading for all callers:
- extra blank lines
- all error messages different. The first one now in init() is not as
specific as the old one, but it is after a different specific one for
another ioctl and is unlikely to be reached when the first ioctl
succeeds. Ones after the first are to repeat the ioctl, so are even
more likely to be reached. The correctness of full removal of the
old global depends on the error handling for failure to initialize
it being unreachable.
- err() instead of warn() for failure in load_font(). This is almost
unreachable, and it makes no sense to continue after undoing previous
changes with revert().
- unreachable return after err() for failure in dump_screen().
Undo large renaming of local variables from the good name 'info' to the
bad name _info, which was done to protect the buggy global's bad name
from -Wshadow warnings.
retaining various utility functions used during BSM generation,
and a second (audit_bsm_db.c) that contains the various in-kernel
databases supporting various audit activities (the class and
event-name tables).
(No functional change is intended.)
Obtained from: TrustedBSD Project
MFC after: 3 weeks
Sponsored by: DARPA, AFRL
Change 25 uses of errc() to err(). 2 of these were correct. 23 used
errno for the arg so were just a verbose spelling of err(). 5 of these
were just style bugs, and 18 depended on revert() saving errno.
1 warn() also depended on revert() saving errno.
Remove 2 warnx()'s that duplicate the message from a later errx().
These used to be before returns, and should have reported errno in
some cases. errno is also not reported for for openguess() failures.
Only "restore" the video mode in revert() if the mode was just set
(necessarily partially). Setting the mode to its current setting
doesn't "restore" it, but resets it, with the least harmful change
being to clear the screen. revert() is called even for some harmless
syntax errors and usually did nothing except reset the mode. Now it
usually does nothing. The only things that it tries to restore apart
from the mode are the active vty number, the screen map, 2 colors that
only need to be restored (only after a mode change) to fix kernel bugs,
and 3 colors that can't be restored due to kernel bugs. (This is
mostly for sc, since vt doesn't support mode changes.)
revert() is not called for syntax and setting errors after [mode], so
the mode reset is only done for failures to set raster mode after
setting graphics mode. normal colors can only be set after [mode],
and that is why reverting them should be unnecessary.
r146736 added an undocumented syntax and many bugs handling it. The
documented syntax is "... [mode] [fg [bg]] [show]", where it is critical
for reducing ambiguity and keeping things simple that the mode is
parsed first. r146736 added buggy support for "... [mode] [fg [bg]]
[show] [mode] [fg [bg]]". One error was that after for failing to set
a partially-supported graphics mode, argv[optind] remains pointing to
the mode so doesn't match the first [fg [bg]], so the setting is
attempted again, with slightly worse error handling.
Fix this by removing it (support for the trailing '[mode] [fg [bg]]')
and cleaning up. The cleanups are mostly to remove convolutions and
bugs that didn't work to handle the ambiguous syntax '[fg [bg]] [fg [bg]]'
when [mode] and [show] are not present. Globals were set to allow
repeating the color settings at the end. The functions that set the
colors earlier were misnamed from set* to get*. All that they "got" is
is settings from argv. They applied the settings to the kernel and
the globals.
Fix restoration of colors in revert() by restoring 2 after the mode
change. Colors should not need to be restored, but a bug in scteken
clobbers them on any mode change, including ones for restoration. Don't
move the restoration of the other 3. Teken doesn't clobber them on
mode changes because it doesn't support them at all (sc still supports
the border color, but only using a non-teken ioctl).
Add restoration of colors after a successful mode change to work around
the scteken bug there too. The bug was previously masked by the general
setting of colors at the end.
Fix a longstanding parsing/error handling bug by exiting almost immediately
after matching the [mode] arg but failing to set the mode. Just revert
if necessary. Don't return to continue parsing but do it wrong. This
bug caused spamming the output with a usage() message and exiting with
status 1 whenever [mode] is not present bug [fg [bg]] or [show]. The
exit code 1 was actualy an ambiguous internal code for failure to match
[mode] or failure to set [mode]. This 1 was obfuscated by spelling it
EXIT_FAILURE, but actual exit codes spell EXIT_FAILURE as 1. Remove
another global which could have been used to disambiguate this but was
only used to micro-optimize the (unnecessary except for other bugs)
setting of colors at the end.
The module is designed for modification of a packets of any protocols.
For now it implements only TCP MSS modification. It adds the external
action handler for "tcp-setmss" action.
A rule with tcp-setmss action does additional check for protocol and
TCP flags. If SYN flag is present, it parses TCP options and modifies
MSS option if its value is greater than configured value in the rule.
Then it adjustes TCP checksum if needed. After handling the search
continues with the next rule.
Obtained from: Yandex LLC
MFC after: 2 weeks
Relnotes: yes
Sponsored by: Yandex LLC
No objection from: #network
Differential Revision: https://reviews.freebsd.org/D10150
This opcode can be used to attach some data to external action opcode.
And unlike to O_EXTERNAL_INSTANCE opcode, this opcode does not require
creating of named instance to pass configuration arguments to external
action handler. The data is coming just next to O_EXTERNAL_ACTION opcode.
The userlevel part currenly supports formatting for opcode with ipfw_insn
size, by default it expects u16 numeric value in the arg1.
Obtained from: Yandex LLC
MFC after: 2 weeks
Sponsored by: Yandex LLC
Quoting http://mdocml.bsd.lv/mdoc/details/width.html
Do not use macros in the argument specifying the width,
since that's not portable. While GNU troff can handle it,
mandoc cannot.
MFC after: 3 days
Sponsored by: Dell EMC
attempts to keep them that way. The bg brightness bit is interpreted
as blinking in some modes, but it would barely be useful to disallow
setting it when it would give blinking in code which knew when that
is. The old code mostly knew this wrong, and added handling errors.
It is in fact impossible to know, since future mode switches may
change the meaning of the bit many times on the screen and in history.
Old versions of vidcontrol disallowed bg color numbers >= 8 in all
cases. This is very VGA/syscons-centric. Syscons uses the VGA defaults
of blinking fg instead of bright bg in text mode and bright bg in
graphics mode. On VGA, this is very easy to toggle at any time, and
vt blows away the VGA text mode default at boot time.
r146736 changed this to try to allow bg color numbers in graphics mode
only. This is even more VGA/syscons-centric, and there are many bugs
in this, and many nearby bugs in the parser. These are increased or
decreased by differences and bugs in vt and teken.
Perhaps the most obvious bug was that almost any vidcontrol command
which changes any color or the mode causes an error if the initial fg
color is bright. E.g., in syscons text mode, after "vidcontrol
lightwhite" to make the fg bright, another "vidcontrol lightwhite" is
rejected and buggy fixup code changes the fg to white. This is because
the bright fg color creates a bright bg color for the phantom reverse
video attribute, so was rejected. (The reverse video attribute is
phantom because teken ignores the user's setting of it and simply
reverses the fg attributes to create the bg attributes. Sometimes
some layer masks off the brightness/blinking bit, but not here.)
Perhaps the next most obvious one was that "vidcontrol lightgreen
lightblue" was misparsed as 2 settings of the fg instead of 1 setting
of the fg and 1 invalid setting of the bg. This is because the
parser supports an undocumented syntax with many parsing bugs (an
ambiguity gives this one).
I recently fix bugs in teken that broke setting of bright fg's and
bg's in the normal way. This gave more settings of then, so the old
bugs showed up more often.
mode. This works around bugs in at least 2 Intel BIOSes for our
subsequent setting of the DAC back to 8-bit mode. The bug caused dark
(mostly 1/4-intensity) colors for all except the first setting to a
VESA graphics mode (including for settings to the current mode).
Remove restoration (with less bits) of the palette in vesa_unload()
after resetting the DAC to 6-bit mode. Depend on the BIOS to keep
the palette consistent with the DAC for the simpler reset case like
we do everywhere else in places that are actually important.
Setting the video mode should reset everything to defaults, although
we usually don't want that. Even the buggy BIOSes set the DAC to the
default 6-bit mode, and set the palette to a default that matches the
DAC. We don't undo the reset for most things, but we do undo it for
the DAC (more precisely, we change to an 8-bit DAC if possible, and
this is the only way that we set to an 8-bit DAC; it is accidental
that if the DAC was in 8-bit mode from a previous mode switch then
setting it to 8-bit mode is an undo). The buggy BIOSes are confused
by our setting of the DAC to 8-bit mode in the "undo" case. They
should multiply palette entries by 4 to match, but they actually leave
all palette entries except #2 (green) and #248-255 (unused) untouched.
Green is mysteriously scaled from 0x2a to 0x6a, and #248-255 are scaled
correctly.
Our support for the 8-bit DAC had almost no effect except to enable
bugs. Syscons barely supports 16 colors, so it doesn't benefit much
from having a palette with 16 million colors instead of only 256K.
Applications can manage the palette using FBIO_{GET,SET}PALETTE, but
the palette managed by this is only used in the less interesting modes
(text and non-truecolor graphics modes up to 8 bits wide), and the
kernel loses the changes on any mode switch (including to another vt
in a different mode).
so overflow can still occur. Fix that. Also remove the extra check for
tv_sec size as under COMPAT_LINUX32 it is always true.
Pointed out by: bde@
MFC after: 1 week
Many devices are clocked from the SoC's platform clock / 2. Some device nodes
include their own clock-frequency property, while others are dependent on the
SoC's bus-frequency property instead. To simplify, add a helper function to get
this clock.
passed in from u-boot across the call to self_reloc and any other early-init
code, and restore them before calling main().
The self_reloc() routine uses r0 and r1 (and calling it uses lr), and
depending on what values get left in them, main() would intermittantly lock
up trying to interpret them as argc and argv values. This problem affected
the self-relocatable ubldr.bin but not ubldr (the elf version).
FreeBSD's DTS contained only one PL050 node and driver considered it to
be PS/2 keyboard. In reality PL050 is a PS/2 port that pushes bytes to/from
the periphers connected to it. New DTS contains two nodes and QEMU emulates
keyboard connected to port #0 and mouse connected to port #1. Since there
is no way to say what's connected to port by checking DTS we hardcode
this knowledge in the driver: it assumes keyboard on port #0 and ignores
port #1 altogether.
Also QEMU defaults emulated keyboard to scan code set 2 while driver used
to work with scan code set 1 so when initializing driver make sure keyboard
is switched to scan code set 1
Scope of this change is somewhat larger than just converting to INTRNG.
The reason for this is that INTRNG support required switching from custom
to upstream DTS because custom DTS didn't have interrup routing information.
This switch caused rewrite of PCI and CLCD drivers and adding SCM module.
List of changes in this commit:
- Enable INTRNG and switch to versatile-pb.dts
- Add SCM driver that controls various peripheral devices like LCD or
PCI controller. Previously registers required for power-up and
configuring peripherals were part of their respective nodes. Upstream
DTS has dedicated node for SCM
- Convert PL190 driver to INTRNG
- Convert Versatile SIC (secondary interrupt controller) to INTRNG
- Refactor CLCD driver to use SCM API to power up and configuration
- Refactor PCI driver to use SCM API to enable controller
- Refactor PCI driver to use interrupt map provided in DTS for
interrupt routing. As a result it fixes broken IRQ routing and
it's no longer required to run QEMU with "-global versatile_pci.broken-irq-mapping=1"
command-line arguments
This patch adds a general mechanism for providing encryption keys to the
kernel from the boot loader. This is intended to enable GELI support at
boot time, providing a better mechanism for passing keys to the kernel
than environment variables. It is designed to be extensible to other
applications, and can easily handle multiple encrypted volumes with
different keys.
This mechanism is currently used by the pending GELI EFI work.
Additionally, this mechanism can potentially be used to interface with
GRUB, opening up options for coreboot+GRUB configurations with completely
encrypted disks.
Another benefit over the existing system is that it does not require
re-deriving the user key from the password at each boot stage.
Most of this patch was written by Eric McCorkle. It was extended by
Allan Jude with a number of minor enhancements and extending the keybuf
feature into boot2.
GELI user keys are now derived once, in boot2, then passed to the loader,
which reuses the key, then passes it to the kernel, where the GELI module
destroys the keybuf after decrypting the volumes.
Submitted by: Eric McCorkle <eric@metricspace.net> (Original Version)
Reviewed by: oshogbo (earlier version), cem (earlier version)
MFC after: 3 weeks
Relnotes: yes
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D9575