ConnectX-4/5 devices in mlx5core.
The dump is obtained by reading a predefined register map from the
non-destructive crspace, accessible by the vendor-specific PCIe
capability (VSC). The dump is stored in preallocated kernel memory and
managed by the mlx5tool(8), which communicates with the driver using a
character device node.
The utility allows to store the dump in format
<address> <value>
into a file, to reset the dump content, and to manually initiate the
dump.
A call to mlx5_fwdump() should be added at the places where a dump
must be fetched automatically. The most likely place is right before a
firmware reset request.
Submitted by: kib@
MFC after: 1 week
Sponsored by: Mellanox Technologies
Two PRs (152084 & 210187) request allowing the "@" and/or "!"
characters in the passwd file GECOS field. The man page for pw does
not mention that those characters are disallowed, Linux supports those
characters in this field, and the "@" character in particular would be
useful for storing email addresses in that field.
PR: 152084, 210187
Submitted by: jschauma@netmeister.org, Dave Cottlehuber <dch@freebsd.org>
Reported by: jschauma@netmeister.org, Dave Cottlehuber <dch@freebsd.org>
Reviewed by: delphij (secteam), vangyzen
MFC after: 1 week
Sponsored by: Dell EMC
Differential Revision: https://reviews.freebsd.org/D14519
A memory leak in syslogd for processing of forward actions was
reported. This modification adapts the patch submitted with that bug
to fix the leak. While testing the modification, another leak was also
found and fixed.
PR: 198385
Submitted by: Sreeram <sreeramabs@yahoo.com>
Reported by: Sreeram <sreeramabs@yahoo.com>
Reviewed by: hrs
MFC after: 1 week
Sponsored by: Dell EMC
Differential Revision: https://reviews.freebsd.org/D14510
Added the ability to:
* Create virtual interfaces
* Create vlan interfaces
* Get interface fib
* Get interface groups
* Get interface status
* Get nd6 info
* Get media status
* Get additional ifaddr info in a convenient struct
* Get vhids
* Get carp info
* Get lagg and laggport status
* Iterate over all interfaces and ifaddrs
And add more examples, too.
Note that this is a backwards-incompatible change. But that's ok, because it's
a private library.
MFC after: 3 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D14463
When attempting to mount a non-directory which exists, return ENOTDIR instead
of ENOENT. If stat() or statfs() failed, don't pass part of the invalid
(struct statfs) to ex_search(). In that same case, preserve the value of "bad"
rather than overwriting with EACCES.
Submitted by: Bruce Leverett (Panasas)
Reviewed by: rmacklem
MFC after: 1 week
Sponsored by: Panasas
Differential Revision: https://reviews.freebsd.org/D14438
Detect ancient GCC specifically, rather than using target architecture as a
crude heuristic.
Side note: compilers should really ignore -Wno- and -Wno-error= flags they
don't recognize. Seems like modern compilers produce warnings instead of
errors. Though, with -Werror they turn into errors. Clang's error can be
disabled with -Wno-error=unknown-warning-option, but GCC doesn't seem to
have a named method to disable the specific warning.
Submitted by: rpokala@ (earlier version)
Suggested by: rpokala@
Reviewed by: tinderbox
Sponsored by: Dell EMC Isilon
Update function definitions to post-ISO style; remove deprecated "register"
keyword. Correct indentation. Sprinkle 'static' on file-local variables.
Appease warnings at WARNS=6, for both Clang and GCC.
Sponsored by: Dell EMC Isilon
Fix several cases when long buffer is copied to shorter one
using snprintf that results in contents truncation and
clobbering unsaved errno value and creation of misleading logs.
PR: 218517
Approved by: avg (mentor)
MFC after: 1 month
This extends the set in r316028 to allow all tests to pass or be skipped
on a system without cd9660 support.
A better approach using tar is possible, but this works today.
Obtained from: CheriBSD
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D10516
This may lead to unpredicatable behaviour on different platforms or C
library implementations. Use an intermediate variable.
Obtained from: DragonFlyBSD (git a861a526)
larger than or equal to 32 bytes. For smaller probe packets, keep using
SHUTDOWN-ACK chunks, possibly bundled with a PAD chunk.
Packets with INIT chunks more likely pass through firewalls. Therefore,
use them when possible.
MFC after: 1 week
Specifically reading is done if ffs_sbget() and writing is done
in ffs_sbput(). These functions are exported to libufs via the
sbget() and sbput() functions which then used in the various
filesystem utilities. This work is in preparation for adding
subperblock check hashes.
No functional change intended.
Reviewed by: kib
The introduced -j option is highly dependant on the ordering of arguments,
and it exhibited broken behavior in some other circumstances. Fix these
issues, and simplify the feature by removing the unneessary double parsing
of options.
Reviewed by: jilles
Differential Revision: https://reviews.freebsd.org/D13952
Currently most of the debug registers are not saved and restored
during VM transitions allowing guest and host debug register values to
leak into the opposite context. One result is that hardware
watchpoints do not work reliably within a guest under VT-x.
Due to differences in SVM and VT-x, slightly different approaches are
used.
For VT-x:
- Enable debug register save/restore for VM entry/exit in the VMCS for
DR7 and MSR_DEBUGCTL.
- Explicitly save DR0-3,6 of the guest.
- Explicitly save DR0-3,6-7, MSR_DEBUGCTL, and the trap flag from
%rflags for the host. Note that because DR6 is "software" managed
and not stored in the VMCS a kernel debugger which single steps
through VM entry could corrupt the guest DR6 (since a single step
trap taken after loading the guest DR6 could alter the DR6
register). To avoid this, explicitly disable single-stepping via
the trace flag before loading the guest DR6. A determined debugger
could still defeat this by setting a breakpoint after the guest DR6
was loaded and then single-stepping.
For SVM:
- Enable debug register caching in the VMCB for DR6/DR7.
- Explicitly save DR0-3 of the guest.
- Explicitly save DR0-3,6-7, and MSR_DEBUGCTL for the host. Since SVM
saves the guest DR6 in the VMCB, the race with single-stepping
described for VT-x does not exist.
For both platforms, expose all of the guest DRx values via --get-drX
and --set-drX flags to bhyvectl.
Discussed with: avg, grehan
Tested by: avg (SVM), myself (VT-x)
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D13229
Address style issues including some previously raised in D13923.
- Use designated initializers for structs
- Always use bracketed return style
- No initialization in declarations
- Align function prototype names
- Remove old commented code/unused includes
Submitted by: Mitchell Horne <mhorne063@gmail.com>
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D13943
It fixes a crash with a socket in top mode.
Ex:
# pmcstat -R 127.0.0.1:8080 -T -w1
then
# pmcstat -n1 -Sclock.prof -Slock.failed -O 127.0.0.1:8080
MFC after: 1 week
Sponsored by: Stormshield
I need these tools in order to install the crossbuilt FreeBSD and create a
disk image. Linux does not have a st_flags in struct stat so unfortunately
I need a bunch of ugly ifdefs. The resulting binaries allow me to
sucessfully install a MIPS64 world and create a disk-image that boots.
Reviewed By: brooks, bdrewery, emaste
Approved By: jhb (mentor)
Differential Revision: https://reviews.freebsd.org/D13307
r328032 introduced a second round of argument parsing to proxy the request
through to a jail as needed, but failed to reset OPTIND before getting to
the second round of parsing to allow other flags to be set.
Reported by: Oleg Ginzburg <olevole olevole ru>
Attempting to retrieve an md_cval string from a kernel module with
kldxref would throw a offset error for modules created using lld, since
this value would be placed at the end of all allocated sections.
Add an ef_read_seg_string method to the ef interface, to allow reading
strings of varying size without attempting to read beyond the segment's
bounds.
PR: 224875
Submitted by: Mitchell Horne <mhorne063@gmail.com>
Reviewed by: cem, kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D13923
Move the 'X' and 'Y' entries into their sorted location in the list
of flags just above 'Z'.
Reviewed by: bcr
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D13904
Provide a -j option that can take a jail name or id. If -j is specified,
check that the jail exists and proxy the service request through to
service(8) in the jail.
This allows for cleaner workflows when updating services in a jail, turning
the following:
pkg -j dns upgrade
jexec dns service named restart
into:
pkg -j dns upgrade
service -j dns named restart
PR: 223325
Submitted by: David O'Rourke (with slight changes)
MFC after: 2 weeks
6.0.0 (branches/release_60 r321788). Upstream has branched for the
6.0.0 release, which should be in about 6 weeks. Please report bugs and
regressions, so we can get them into the release.
Please note that from 3.5.0 onwards, clang, llvm and lldb require C++11
support to build; see UPDATING for more information.
MFC after: 3 months
SUJ + cg checksums produce spurious warnings after an unclean shutdown
(e.g. a crash). For now disable SUJ for UFS installs so installing from
a FreeBSD 12 snapshot results in a usable filesystem, until this can be
fixed.
PR: 225110
Submitted by: Arshan Khanifar <arshankhanifar gmail.com>
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D13890
more in r317426. There's nothing in the tree that references digiio.h
(apart from digictl(8)), so no driver implements it. Since digictl(8)
was only used to control digi(4) devices, it too should go.
the ACPI_ROOT_OBJECT and ACPI_TO_POINTER macros from acpica's actypes.h
header, that they use arithmetic on a null pointer treated as a cast
from integer to pointer, which is a GNU extension. We turn off the
warning, because this is in contributed code.
Requested by: rakuco
Add cpuctl(4) ioctl CPUCTL_EVAL_CPU_FEATURES which forces re-read of
cpu_features, cpu_features2, cpu_stdext_features, and
std_stdext_features2.
The intent is to allow the kernel to see the changes in the CPU
features after micocode update. Of course, the update is not atomic
across variables and not synchronized with readers. See the man page
warning as well.
Reviewed by: imp (previous version), jilles
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D13770
CIS. Coverity has tagged it as tainted. While this data is more
trusted than your average data, we still need to do some basic
validation on it. Check ioctl return value to ensure we switch memory
targets between common and attribute as well as the lseek.
CID: 1210464, 1006640, 1006868, 1007292, 1009091, 1009822, 1009824
condition. This should prevent a double free. In addition, prevent a
leak by freeing dp each loop and when we're done.
CID: 1383577
Sponsored by: Netflix
If a signal was delivered while the main thread was not in poll(2) and after
check was performed, we could reenter poll and never detect termination. Fix
this with the pipefd trick. (This race was introduced very recently, in
r327482.)
PR: 224503
Reported by: kib
Reviewed by: kib, markj
Sponsored by: Dell EMC Isilon
There has been some fallout from the change. The change itself was not valueable
enough to spend time investigating the corner cases, let's just back it out.
Reported by: flo
foundation for invoking efibootmgr as part of new-style EFI booting on
x86. On PS3 and PowerNV, which are booted using Linux kexec from petitboot
rather than by loader(8), install the kernel and the rest of /boot to a
FAT partition and set up the appropriate petitboot configuration file
there.
The new bootconfig installer stage can do platform-dependent modifications
more complex than partition layout and installation of boot blocks and can
be used to (as here) set up some special configuration files, run efibootmgr,
or boot0cfg.
MFC after: 1 month
one of the directories in the filesystem hierarchy is a FAT mountpoint,
settings its times will fail, which would cause installation to abort.
Instead, make this a best-effort thing.
Handling this error is a hack and a better internal scheme for handling
this should be added to libarchive.
Add missed unistd.h include. Not sure where it was lost; I believe it
compiled before I submitted the change.
PR: 224503
Reported by: Cy Schubert <Cy.Schubert AT komquats.com>
Sponsored by: Dell EMC Isilon
syslog(3), routines used in write_warmstart(), and exit(3) are all
signal-unsafe. Instead, set a signal-safe flag and check the flag in the
rpcbind main loop to shutdown safely.
PR: 224503
Reviewed by: kib, markj
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D13728
Some users, especially those that are new, might be confused when passwd
does not echo anything. Inform users that the password will not be
visible.
PR: 196113
Submitted by: Byron Grobe <grobe0ba@gmail.com>
Implement the 'p' flag for newsyslog from NetBSD. This flag results in
the first log file for a given file to not be compressed.
While here, don't change file attributes during a no-op run
PR: 162798
Submitted by: heas@shrubbery.net
MFC After: 1 month
the installer but not mounted (i.e. with boot1.efifat dd'ed to them
rather than the forthcoming proper filesystem) would get newfs_msdos run
on them immediately after the boot code was copied. This would overwrite
the bootstrap code, causing the EFI system partition to be blanked and
resulting in an unbootable system.
PR: 224562
than arguing) Coverity found:
o Use open + fstat rather than stat + open to avoid any races for a
file that's static for the life of the system. This will prevent any
problems should someone insert a new device while installing a
kernel in the future.
o Use strlcpy instead of strcpy as a failsafe to knowing that the
strings can't possibly be larger than the buffer due to data
source limits (though in the future these limits might be more
dynamic).
o If we can't find the hints file, return rather than dereference
a NULL pointer.
o Check for lastmod before calling strcmp in case a PNP entry
comes before a module entry. That's not allowed, but within the
realm of crazy things programmers do.
o Free lastmod before exiting search_hints() to avoid a leak.
CID: 1383971, 1383970, 1383969, 1383965, 1383963, 1383960
If O_CREAT is given, open() needs a mode argument. Follow the umask by
passing 0666.
Reviewed by: imp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D13607
devmatch(8) matchs up devices in the system device tree with drivers
that may match them. For each unattached device in the system, it
tries to find matching PNP info in the linker hints and prints modules
to load to claim the devices.
In --unbound mode, devmatch can look for drivers that have attached to
devices in the device tree and have plug and play information, but for
which no PNP info exists. This helps find drivers that haven't been
converted yet that are in use on this system.
In addition, the ability to dump out linker.hints is provided.
Future commits will add hooks to devd.conf and rc.d to fully automate
using this information.
This squashes the warning gebnerated by GCC 6.x. Since
variables that are now removed had come documentation
value, put relevant bits in comment, so they can be
resurrected from there when actually needed.
After consultation with SPDX experts and their matching guidelines[1],
the licensing doesn't exactly match the BSD-2-Clause. It yet remains to be
determined if they are equivalent or if there is a recognized license that
matches but it is safer to just revert the tags.
Let this also be a reminder that on FreeBSD, SPDX tags are only advisory
and have no legal value (but IANAL).
Pointyhat to: pfg
Thanks to: Rodney Grimes, Gary O'Neall
[1] https://spdx.org/spdx-license-list/matching-guidelines
When building the command to execute for compression, newsyslog was modifying
the generic arguments array instead of its own copy.
Meaning on the second file to compress with the same arguments, the command line
was not the one expected.
Fix it by creating one copy of the arguments per execution and modifying that
copy.
While here, print the command line executed in verbose mode.
Reported by: many
We may need to initialize multiple inode blocks before writing a given
inode. makefs(8) was only initializing a single block at a time, so
certain inode allocation patterns could lead to a situation where it
wrote an inode to an uninitialized block. That inode might be clobbered
by a later initialization, resulting in a filesystem image containing
directory entries that point to a seemingly unused inode.
Reviewed by: imp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D13505
Fix it and rename misnamed time_t variables `expire_days, password_days'
(always holding absolute time) to `expire_time, password_time'.
Add a comment for a case of overloading `cmdcnf->password_days'
and `cmdcnf->expire_days' with absolute time.
Reported by: markj
Approved by: mav (mentor)
MFC after: 1 week
to preconfigured values for -e, -p and -w flags.
Use non-negative symbols instead of magic values
in passwd_val/pw_password functions.
PR: 223431
Submitted by: Yuri Pankov (in part, patch for the manual)
Reported by: mav (mentor)
MFC after: 3 days
Relnotes: yes
Improve options handling and error out if multiple mutually exclusive
options are passed to acpiconf. Switch from using atoi() to strtol() for
argument parsing, and add error checking and handling, instead of blindly
trusting that the integer conversion is OK.
Cange err() to errx() in once case, the errno value was garbage there.
Reviewed by: emaste
Approved by: emaste
Differential Revision: D13430
efibootmgr manages the UEFI BootXXXX variables that implement the UEFI
Boot Manager protocol defined in the UEFI standards. It is modeled
after the Linux program of the same name with a mostly compatible set
of command line options. Since there's a fair amount of OS specifioc
code due to differeing names and methods of doing things, the
compatibility isn't 100%.
Basic functionality is implemented, though the more advanced next boot
functionality that's been defined elsewhere is unimplemented.
Submitted by: Matt Williams (with unix / efi path xlate by me)
Sponsored by: Netflix
layer, for example, to specify that the EFI boot partition should be
mounted at /efi and formatted normally with newfs_msdos rather than
splatted to from /boot/boot1.efifat.
This commit adds only the API for this; actual platform use will come later.
have a semantic different than the traditional gzip(1)
This is done to allow to use zstd(1) as a compression tool without
having to patch it to change its default behavior.
field, and support properly parse out the hostname as described by RFC3164,
which wasn't done before. However, don't discard message if it doesn't
have hostname, for compatibility.
Enable logging of the message supplied hostname instead of real hostname
with -H switch.
PR: 200933
Reported by: Konstantin Pavlov <thresh nginx.com>
MFC after: 2 months
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
No functional change intended.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Commit these apart because compile testing doesn't guarantee I didn't made
some nasty mistake. No functional change intended.
It turns out kgmon(8) still works, and provides some functionality that's
not provided by pmcstat(8).
Reported by: bde@
MFC after: 2 weeks
Sponsored by: DARPA, AFRL
When you install a computer for the first time, the date in the CMOS sometimes
not accurate and you need to ntpdate as ntpd will fail a the time difference
is too big.
Add an option in bsdinstall to enable ntpdate that will do that for us.
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D13149
r309934 cleaned up some cases in bsdinstall to use heredocs but broke
the indentation of the generated output, because <<- heredocs strip
leading tabs.
PR: 221982
Reviewed by: allanjude, dteske
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D13190
`vidcontrol -h 0` is acceptable, so be explicit that it's less than zero
that is not allowed.
Reported by: Siva Mahadevan
Sponsored by: The FreeBSD Foundation
parsing a textual UEFI Device Path, since otherwise it things the
passed in path is a filename. While here, reduce the repetition of
8192.
Sponsored by: Netflix
When called with an absolute pathname, periodic should attempt to execute
every script in that directory. If the directory does not exist, it should
print an error and exit 1. Due to a copy/paste mistake in r231568, it exits
0 in that case.
Reported by: devel/hs-ShellCheck
MFC after: 3 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D13070
Mainly focus on files that use BSD 3-Clause license.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
Initially, only tag files that use BSD 4-Clause "Original" license.
RelNotes: yes
Differential Revision: https://reviews.freebsd.org/D13133
Usually 'local' is used along with other rules such as 'no-implicit-rule' or
'dependency' which avoids this problem. It's possible to need to use 'local'
while relying on the default rules though for a file which is not in the source
tree nor generated in the kernel.
Sponsored by: Dell
Differential Revision: https://reviews.freebsd.org/D13125
When using -l option targeting file that can't be opened (ie. nmdm module
is not loaded and /dev/nmdm* is specified) bhyve tries to apply capsicum
capabilities to a file that was not opened.
Enclose that code in an if statement and only run it on correctly opened
descriptor also providing meaningful message in case of an error.
Submitted by: Pawel Biernacki <pawel.biernacki@gmail.com>
Reviewed by: grehan, emaste
Sponsoied by: Mysterious Code Ltd.
Differential Revision: D12985
We started out having Linux compatible libefivar interfaces. This was
in anticipation of porting the GPL'd efibootmgr to FreeBSD via a
port. However, since we need that functionality in the base, that port
isn't going to happened. It also appears that efivar is a private
library that's not used much outside a command line util and
efibootmgr. Reduce compatibility with the Linux version a little by
removing the mode parameter to efi_set_variable (which was unused on
FreeBSD, and not set to something useful in the code we'd
written). Also remove some efi error routines that were never
implemented and existed only to placate early GPL efibootmgr porting
experiments.
Suggested by: Matt Williams
Sponsored by: Netflix
Failure modes of the modern (that is, produced in the last 25 years)
hard drives and SSDs made the utility outdated. Since the kernel
interface to support it was removed in r324853, cut the userspace
remnants as well.
Discussed with: bde (who does not like the removal)
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
library -- libpmcstat.
This includes PMC logging module, symbols lookup functions,
ELF parsing, process management, PMC attachment, etc.
This allows to reuse code while building new hwpmc(4)-based applications.
Also add pmcstat_symbol_search_by_name() function that allows to find
mapped IP range for a given function name.
Reviewed by: kib
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D12718
The code went to a lot of trouble to issue either a start+stop condition
or a repeated start condition only to follow it with a stop condition
and a read(2) call that issues a new start condition.
So, fix the read in I2C_MODE_REPEATED_START mode by using I2CREAD ioctl
within the running transaction. This obviously requires that the slave
address has the read bit set which was not required before.
Another problem was with width parameter of zero and
I2C_MODE_REPEATED_START mode. In that case we issued a repeated start
without any preceding start.
While here, remove the redundant (unused) argument to I2CSTOP throughout
the program.
Also, clarify the meaning of -w option, especially "-w 0", in the manual
page.
Reviewed by: no one
Differential Revision: https://reviews.freebsd.org/D12331
Using HAVE_* is a internal tcpdump style standard.
We want to be consistent with the standard to upstream those changes in
the future.
Requested by: glebius@
Use SLIST from sys/queue.h instead of homebrew linked list for mountlist.
Reviewed by: bapt, rmacklem
MFC after: 1 week
Sponsored by: Gandi.net
Differential Revision: https://reviews.freebsd.org/D12504
Use SLIST from sys/queue.h instead of homebrew linked list for the exportlist.
Reviewed by: bapt, rmacklem
MFC after: 1 week
Sponsored by: Gandi.net
Differential Revision: https://reviews.freebsd.org/D12502
* pw is not initialized before use
* success is returned if crypt(3) errors
These bugs were introduced in r231994, which attempted to adopt DragonflyBSD
f4a9869feb646aafe72de6e5d61051a023a02676. The original author of the
Dragonfly change also noticed these mistakes and filed the PR.
PR: 222620
Submitted by: Lubos Boucek <bouceklubos AT gmail.com>
Obtained from: DragonflyBSD f4a9869feb646aafe72de6e5d61051a023a02676
Enabling the PID randomization option in bsdinstall(8)'s hardening menu
now randomizes the effective value of kern.randompid on each boot.
Previous behaviour:
When kern.randompid was enabled via the the bsdinstall(8) hardening menu,
a random value was generated and placed in the systems /etc/sysctl.conf as
kern.randompid=value
This makes the value of kern.randompid static across reboots.
New behaviour:
When kern.randompid is enabled via the bsdinstall(8) hardening menu, the
line kern.randompid=1 is placed in the systems /etc/sysctl.conf.
This takes advantage of a new kernel feature and makes the value of
kern.randompid be randomized by the kernel on each reboot.
Submitted by: Marie Helene Kvello-Aune <marieheleneka@gmail.com>
Reviewed by: des
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D12433
