This change includes the framework for testing the auditability of various
syscalls, and includes changes for the first 12. The tests will start
auditd(8) if needed, though they'll be much faster if it's already running.
The syscalls tested in this commit include mkdir(2), mkdirat(2), mknod(2),
mknodat(2), mkfifo(2), mkfifoat(2), link(2), linkat(2), symlink(2),
symlinkat(2), rename(2), and renameat(2).
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15286
Profiles that perform post-processing of the DTrace output were
dropping the "-t test" option on the floor. Fix handling of this
option for said profiles.
X-MFC-to: stable/11
X-MFC-with: r334261-334262
Sponsored by: Smule, Inc.
The *name parameter passed to iflib_irq_alloc_generic and
iflib_softirq_alloc_generic is never modified. Many places in code pass
string literals and thus should not be modified.
Mark the *name parameter as a const char * instead, so that we enforce
that the name is not modified before passing to bus_describe_intr()
Submitted by: Jacob Keller <jacob.e.keller@intel.com>
Reviewed by: kmacy
Sponsored by: Intel Corporation
Differential Revision: https://reviews.freebsd.org/D15343
This will manage pmc functionality with a more
manageable structure of subcommands rather than the
gradually accreted spaghetti logic of overlapping flags
that exists in pmcstat.
This is intended to ultimately have all the same functionality
as pmcannotate+pmccontrol+pmcstat. Currently it just has
"stat" and "system-stat" - counters for the process itself and counters
for the system as a whole respectively (i.e. system-stat includes kernel
threads). Note that the rusage results (page faults/context switches/
user/sys) for stat-system will not account for the system as a whole -
only for the child process specified on the command line.
Implementing stat was suggested by mjg@ and the output is based on that
from Linux's "perf stat".
% pmc stat -- make -j32 buildkernel -DNO_MODULES -ss > /dev/null
9598393 page faults # 0.674 M/sec
387085 voluntary csw # 0.027 M/sec
106989 involuntary csw # 0.008 M/sec
2763965982317 cycles
2542953049760 instructions # 0.920 inst/cycle
511562750157 branches
12917006881 branch-misses # 2.525%
17944429878 cache-references # 0.007 refs/inst
2205119560 cache-misses # 12.289%
43.74 real # 2019.72% cpu
795.09 user # 1817.72% cpu
88.35 sys # 202.00% cpu
% make -j32 buildkernel -DNO_MODULES -ss > /dev/null &
% sudo pmc stat-system cat
^C 103 page faults # 0.811 M/sec
4 voluntary csw # 0.031 M/sec
0 involuntary csw # 0.000 M/sec
2843639070514 cycles
2606171217438 instructions # 0.916 inst/cycle
522450422783 branches
13092862839 branch-misses # 2.506%
18592101113 cache-references # 0.007 refs/inst
2562878667 cache-misses # 13.785%
44.85 real # 0.00% cpu
0.00 user # 0.00% cpu
0.00 sys # 0.00% cpu
The assertion would never fire without truly spectacular future
programming errors.
Reported by: Coverity
CID: 1391367, 1391368
Sponsored by: DARPA, AFRL
many excluded regions causing a buffer overflow in the early boot code if
this value is too small.
Obtained from: ABT Systems Ltd
Sponsored by: Turing Robotic Industries
This change adds a new optional console method cn_resume and a kernel
console interface cnresume. Consoles that may need to re-initialize
their hardware after suspend (e.g., because firmware does not care to do
it) will implement cn_resume. Note that it is called in rather early
environment not unlike early boot, so the same restrictions apply.
Platform specific code, for platforms that support hardware suspend,
should call cnresume early after resume, before any console output is
expected.
This change fixes a problem with a system of mine failing to resume when
a serial console is used. I found that the serial port was in a strange
configuration and an attempt to write to it likely resulted in an
infinite loop.
To avoid adding cn_resume method to every console driver, CONSOLE_DRIVER
macro has been extended to support optional methods.
Reviewed by: imp, mav
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D15552
A good number of BIOSes have trouble booting from GPT in non-UEFI mode.
This is commonly reported with Lenovo desktops and laptops (including
X220, X230, T430, and E31) and Dell systems. Although UEFI is the
preferred amd64 boot method on recent hardware, older hardware does not
support UEFI, a user may wish to boot via BIOS/CSM, and some systems
that support UEFI fail to boot FreeBSD via UEFI (such as an old
AMD FX-6100 that I have).
With this change amd64 memsticks remain dual-mode (booting from either
UEFI or CSM); the partitioning type is just switched from GPT to MBR.
The "vestigial swap partition" in the GPT scheme was added in r265017 to
work around some issue with loader's GPT support, so we should not need
it when using MBR.
There is some concern that future UEFI systems may not boot from MBR,
but I am not aware of any today. In any case the likely path forward
for our installers is to migrate to CD/USB combo images, and if it
becomes necessary introduce a separate memstick specifically for the
MBR BIOS/CSM case.
PR: 227954
Reviewed by: gjb, imp, tsoome
MFC after: 3 days
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D15599
Add USB product ID for two GENESYS LOGIC ICs, found in DELOCK
In-Desk-Hub 61991
PR: 228489
Submitted by: "Harald Schmalzbauer" <bugzilla.freebsd@omnilan.de>
MFC After: 3 weeks
The hardware rate limiting feature is enabled by the RATELIMIT kernel
option. Please refer to ifconfig(8) and the txrtlmt option and the
SO_MAX_PACING_RATE set socket option for more information. This
feature is compatible with hardware transmit send offload, TSO.
A set of sysctl(8) knobs under dev.mce.<N>.rate_limit are provided to
setup the ratelimit table and also to fine tune various rate limit
related parameters.
Sponsored by: Mellanox Technologies
lists in the EFI memory map. As such we need to reduce the mappings to
restrict them to not be the full 1G block. For now reduce this to a 2M
block, however this may be further restricted to be 4k page aligned as
other SoCs may require.
This allows ThunderX2 to boot reliably to userspace without performing
any speculative memory accesses to invalid physical memory.
This is a recommit of r334035 now that we can access the EFI Runtime data
through the DMAP region.
Tested by: tuexen
Sponsored by: DARPA, AFRL
The 64-bit atomics defined for i386 are currently only available in
the kernel space.
Found by: cy@
MFC after: 1 week
Sponsored by: Mellanox Technologies
value of $HOME and always use the home directory from the passwd
database, unless $HOME was unset, in which case it would use (null).
While there, clean up handling of netrcfd and add debugging aids.
MFC after: 3 weeks
While at it add missing _acq_ and _rel_ variants for 64-bit atomic
operations under i386.
Reviewed by: kib @
MFC after: 1 week
Sponsored by: Mellanox Technologies
Vendor import two upstream commits:
c1bb8784abd3ca978e376b0d10e324db0491237b
9c4af7213cc2543a1f5586d8f2c19f86aa0cbe72
When using tcpdump -I -i wlanN and wlanN is not a monitor mode VAP,
tcpdump will print an error message saying rfmon is not supported.
Give a concise explanation as to how one might solve this problem by
creating a monitor mode VAP.
MFC after: 1 month
Approved by: hselasky (mentor), kib (mentor)
Sponsored by: Mellanox Technologies
If the check for a UFS partition at offset 0 on the disk fails, check
to see if there's a BSD disklabel at block 1 (standard) or at offset
512 (install images assume 512 sector size). If found, probe for UFS
on the 'a' partition.
This fixes UEFI booting images from a BSD labeled MBR slice when the
'a' partiton isn't at offset 0. This is a stop-gap fix since we plan
on removing boot1.efi in FreeBSD 12. We can't easily do that for 11.2,
however, hence the short MFC window.
Tested by: emaste@
MFC After: 3 days
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D15598
It seems a shame to ruin the patina of the June 4, 1993 date
on abort.3, especially since it still matched the date of
the SCCS ID, but those are the rules.
Reported by: araujo
MFC after: 3 days
Sponsored by: Dell EMC
Also stdarg(3) says that each invocation of va_start() must be paired
with a corresponding invocation of va_end() in the same function. [1]
Reported by: Coverity
CID: 1194318[0] and 1194332[1]
Discussed with: jhb
MFC after: 4 weeks.
Sponsored by: iXsystems Inc.
Differential Revision: https://reviews.freebsd.org/D15548
I didn't know abort2 existed until it was mentioned on a mailing list.
Mention it in related pages so others can find it easily.
MFC after: 3 days
Sponsored by: Dell EMC
