Commit Graph

227684 Commits

Author SHA1 Message Date
Conrad Meyer
f95f6841c8 ipsec: Use the same keysize values for HMAC as prior to r324017
The HMAC construction natively permits any key size between 0 and the input
block length. Before r324017, the auth_hash 'keysize' member was the hash
output length, which was used by ipsec for key sizes. (Non-ipsec consumers
need the ability to use other keysizes, hence, r324017.)

The ipsec SADB code blindly uses the auth_hash 'keysize' member for both
minimum and maximum key size, which is wrong (from an HMAC perspective).
For now, just switch it to 'hashsize', which matches the existing
expectations.

Instead it should probably use the range [0, keysize]. But there may be
other broken code in ipsec that rejects hashes with too small a minimum
key size.

Reported by:	olivier@
Reviewed by:	olivier, no objection from ae
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D12770
2017-11-15 22:42:20 +00:00
Gordon Tetlow
edb01d11f8 Properly bzero kldstat structure to prevent kernel information leak.
Submitted by:	kib
Reported by:	TJ Corley
Security:	CVE-2017-1088
2017-11-15 22:30:21 +00:00
Michael Tuexen
3e87bccde3 Fix the handling of ERROR chunks which a lot of error causes.
While there, clean up the code.
Thanks to Felix Weinrank who found the bug by using fuzz-testing
the SCTP userland stack.

MFC after:	1 week
2017-11-15 22:13:10 +00:00
Glen Barber
d294a5246f Only copy /etc/resolv.conf to ${CHROOTDIR} if /etc/resolv.conf does
not already exist within ${CHROOTDIR}.  This allows re-using a build
chroot with CHROOTBUILD_SKIP set to a non-empty value and CHROOTDIR
set to '/' in release.conf.

MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2017-11-15 19:14:44 +00:00
Emmanuel Vadot
cac201b866 release: Update u-boot and firmware file for RPI2 target
The u-boot port for RPI-2 was updated to use u-boot-master, this cause
an update in u-boot version to v2017.09 and changing the filename.
The various firmware files for the RPI* are now in a common ports
sysutils/rpi-firmware as they are shared on all the RPI version.

Update the release files to copy the right files from the right location.

Reviewed by:	gjb
MFC after:	3 days
2017-11-15 19:04:23 +00:00
Emmanuel Vadot
e69ce19b6a release: Update u-boot and firmware file for RPI-B target
THe u-boot port for RPI-B was updated to use u-boot-master, this cause
an update in u-boot version to v2017.09 and changing the filename.
The various firmware files for the RPI* are now in a common ports
sysutils/rpi-firmware as they are shared on all the RPI version.

Update the release files to copy the right files from the right location.

Reviewed by:	gjb
MFC after:	3 days
2017-11-15 19:03:06 +00:00
Ed Maste
4acb68a8a5 newfs: warn if newer than kernel
Creating a UFS filesystem with a newfs newer than the running kernel,
and then mounting that filesystem, can lead to interesting failures.

Add a safety belt to explicitly warn when newfs is newer than the
running kernel.

Reviewed by:	gjb, jhb, mckusick
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D12765
2017-11-15 18:40:40 +00:00
Ed Maste
92b800cc1a Sort pkgbase mtree metadata, for reproducible builds
Packaged base packages are created by running the stageworld and
stagekernel targets with -DNO_ROOT, and converting the resulting mtree
file into a set of pkg plists.  If stage* is run with multiple processes
the order of entries in the mtree file may be nondeterministic, and the
resulting package tbz also had nondeterministic file ordering.

The mtree file generated by -DNO_ROOT builds consists of one line per
file, with the filename starting in the first column, so is easily
sorted.  There's one exception: the first line of the mtree file is a
comment, but the # character sorts before the filenames anyhow and needs
no special treatment.

PR:		223673
Reviewed by:	bapt, gjb
Sponsored by:	The Linux Foundation, Core Infrastructure Initiative
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D13103
2017-11-15 18:03:31 +00:00
Alan Somers
30083240bc Remove a double free(9) in xpt_bus_register
In xpt_bus_register(), remove superfluous call to free().  This was mostly
benign since free(9) checks for NULL before doing anything, and
xpt_create_path() is nice enough to NULL out the pointer on failure.
However, it could've segfaulted if malloc(9) failed during
xpt_create_path().

Submitted by:	gibbs
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
2017-11-15 15:52:06 +00:00
Warner Losh
12497aa5be Replace Fx's with 'the' since expanding FreeBSD here didn't seem quite
right.

Sponsored by: Netflix
2017-11-15 15:02:45 +00:00
Warner Losh
bf1dea9b13 Reword a bit for clarity.
Sponsored by: Netflix
2017-11-15 15:00:02 +00:00
Konstantin Belousov
1c778d91b5 vmtotal: extend memory counters to accomodate for current and future
hardware sizes.

32bit counters already overflow on approachable virtual memory page
counts, and soon would overflow on the physical pages counts as well.
Bump sizes to 64bit types.  Bump __FreeBSD_version.

It is impossible to provide perfect backward ABI compat for this
change.  If a program requests an old structure, it can be detected by
size.  But if it queries the size first by passing NULL old req
pointer, there is almost nothing we can do to detect the desired ABI.
As a partial solution, check p_osrel of the quering process when
selecting the size to report.

Submitted by:	Pawel Biernacki <pawel.biernacki@gmail.com>
Differential revision:	https://reviews.freebsd.org/D13018
2017-11-15 13:41:03 +00:00
Baptiste Daroussin
c07d14deb5 remove the poor emulation of the IllumOS needfree global variable to prevent
the ARC reclaim thread running longer than needed.

Update the arc::needfree dtrace probe triggered in arc_lowmem() to also report
the value we may want to free.

Submitted by:	Nikita Kozlov <nikita.kozlov at blade-group.com>
Reviewed by:	avg
Approved by:	avg
MFC after:	3 weeks
Sponsored by:	blade
Differential Revision:	https://reviews.freebsd.org/D12163
2017-11-15 12:48:36 +00:00
Kristof Provost
58c8430a32 pfctl: teach route-to to deal with interfaces with multiple addresses
The route_host parsing code set the interface name, but only for the first
node_host in the list. If that one happened to be the inet6 address and the
rule wanted an inet address it'd get removed by remove_invalid_hosts() later
on, and we'd have no interface name.

We must set the interface name for all node_host entries in the list, not just
the first one.

PR:		223208
MFC after:	2 weeks
2017-11-15 12:27:02 +00:00
Hans Petter Selasky
c3191c2e2b Update the mlx4 core and mlx4en(4) modules towards Linux v4.9.
Background:
The coming ibcore update forces an update of mlx4ib(4) which in turn requires
an updated mlx4 core module. This also affects the mlx4en(4) module because
commonly used APIs are updated. This commit is a middle step updating the
mlx4 modules towards the new ibcore.

This change contains no major new features.

Changes in mlx4:
  a) Improved error handling when mlx4 PCI devices are
  detached inside VMs.
  b) Major update of codebase towards Linux 4.9.

Changes in mlx4ib(4):
  a) Minimal changes needed in order to compile using the
  updated mlx4 core APIs.

Changes in mlx4en(4):
  a) Update flow steering code in mlx4en to use new APIs for
  registering MAC addresses and IP addresses.
  b) Update all statistics counters to be 64-bit.
  c) Minimal changes needed in order to compile using the
  updated mlx4 core APIs.

Sponsored by:	Mellanox Technologies
MFC after:	1 week
2017-11-15 11:14:39 +00:00
Wojciech Macek
ec7f8d58b9 CXGBE: fix big-endian behaviour
The setbit/clearbit pair casts the bitfield pointer
to uint8_t* which effectively treats its contents as
little-endian variable. The ffs() function accepts int as
the parameter, which is big-endian. Use uint8_t here to
avoid mismatch, as we have only 4 doorbells.

Submitted by:          Wojciech Macek <wma@freebsd.org>
Reviewed by:           np
Obtained from:         Semihalf
Sponsored by:          QCM Technologies
Differential revision: https://reviews.freebsd.org/D13084
2017-11-15 06:45:33 +00:00
Warner Losh
9e45a31607 Fix SYSDIR path. After the move, we need to chop off a couple ../ from
the prior definition. But a safer definition is SRCTOP/sys, so use
that.

Sponsored by: Netflix
2017-11-15 03:46:59 +00:00
Warner Losh
eab9d0a85b Inline pcie_link_{status,caps} where needed. Remove them as they
aren't really needed and I don't want to document them.

Suggested by: jhb@
Sponsored by: Netflix
2017-11-15 02:24:47 +00:00
Warner Losh
ffab3cb640 Add note about where to use MACHINE (just src/stand and src/sys and a
few others). Add note aboute MACHINE_CPUARCH.

Sponsored by: Netflix
2017-11-15 00:06:18 +00:00
John Baldwin
b8db1c9fe0 Use #if instead of #ifdef for __BSD_VISIBLE tests.
__BSD_VISIBLE is always defined and it's value instead needs to be
tested via #if to determine if FreeBSD-specific APIs should be
exposed.

PR:		196226, 223481 (exp-run)
Submitted by:	pluknet
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D12977
2017-11-14 23:50:30 +00:00
Warner Losh
ca987d4641 Move sys/boot to stand. Fix all references to new location
Sponsored by:	Netflix
2017-11-14 23:02:19 +00:00
Benno Rice
6eac711556 Add fortune datfiles that are no longer distributed.
MFC after:	2 days
2017-11-14 21:31:30 +00:00
Benno Rice
0538d7bbe6 Remove all fortune datfiles except freebsd-tips.
Humour is a funny thing. What is funny to one person is not funny to all
people. What is insightful to one person is similarly not universal. The
fortune datfiles have been around a long time and have undoubtedly amused
people but it's time to acknowledge their subjective, and in some cases
at least potentially offensive, nature and stop distributing them with the
imprimatur of the FreeBSD project.

If anyone wishes to distribute these via other mechanisms they are welcome to
check them out of history and do so.

MFC after:	2 days
2017-11-14 21:18:30 +00:00
Alan Somers
c4708ce80c Fix build on arm after r325817
Reported by:	rpokala
MFC after:	3 weeks
X-MFC-With:	325817
Sponsored by:	Spectra Logic Corp
2017-11-14 21:11:55 +00:00
Warner Losh
2e36db147e Move sys/boot/fdt/dts to sys/dts and adjust scripts.
Sponsored by: Netflix
2017-11-14 21:03:57 +00:00
Ed Maste
81d606f52e disallow clock_settime too far in the future to avoid panic
clock_ts_to_ct has a KASSERT that the converted year fits into four
digits.  By default (sysctl debug.allow_insane_settime is 0) the kernel
disallows a time too far in the future, using a value of 9999 366-day
years.  However, clock_settime is epoch-relative and the assertion will
fail with a tv_sec corresponding to some 8030 years.

Avoid trying to be too clever, and just use a limit of 8000 365-day
years past the epoch.

Submitted by:	Heqing Yan <scottieyan@gmail.com>
Reported by:	Syzkaller (https://github.com/google/syzkaller)
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2017-11-14 18:18:18 +00:00
Alan Somers
c52ef9bbff AIO tests: increase limits
tests/sys/aio/aio_kqueue_test.c
	Instead of using a hard-coded queue depth, use
	vfs.aio.max_aio_queue_per_proc

tests/sys/aio/lio_kqueue_test.c
	The old, small limit on lio_listio's operation count was lifted by
	change 324941.  Raise the operation count as high as possible without
	exceeding the process's operation limit.

MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
2017-11-14 17:46:37 +00:00
John Baldwin
f2515b1cc1 Appease old GCC by disabling .cfi_sections for GCC 4.x. 2017-11-14 17:16:03 +00:00
Bjoern A. Zeeb
c04716b1ad Unbreak IPv6.
No longer return ENXIO when trying to send an IPv6 packet in
nicvf_sq_add_hdr_subdesc().
Restructure the code so that the upper layer protocol parts are
agnostic of the L3 protocol (and no longer specific to IPv4).
With this basic IPv6 packets go through.  We are still seeing
weird behaviour which needs further diagnosis.

PR:			223669
In collaboration with:	emaste
MFC after:		3 days
2017-11-14 16:47:05 +00:00
Alan Somers
d02819b5e6 devd.conf: add mps and mpr to the scsi controllers regex
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D12744
2017-11-14 16:32:40 +00:00
Ed Maste
3bfef74a1f vnic: report that the driver supports multicast
The driver is currently hardcoded to force promiscuous mode, so all of
the MAC filtering code is presently unused and multicast should "just
work."  Report to the higher layers that multicast is supported.

PR:		223573
Reported by:	bz
Sponsored by:	The FreeBSD Foundation, Packet.net (hardware)
2017-11-14 16:31:11 +00:00
Hans Petter Selasky
dd00abf2d7 Make sure the ib_wr_opcode enum is signed by adding a negative dummy element.
Different compilers may optimise the enum type in different ways. This ensures
coherency when range checking the value of enums in ibcore.

Sponsored by:	Mellanox Technologies
MFC after:	1 week
2017-11-14 14:51:37 +00:00
Hans Petter Selasky
3b8c4b3619 Make sure a valid VNET is set before trying to access the V_ip6_v6only
variable. Access the variable directly instead of going through the sysctl()
interface in the kernel.

Sponsored by:	Mellanox Technologies
MFC after:	1 week
2017-11-14 14:43:35 +00:00
Hans Petter Selasky
4591fd4e2a Set the default VNET in krping before calling ifunit_ref(). Else using IPv6
link-local addresses when VIMAGE is enabled will cause a so-called NULL
pointer dereferencing issue.

Sponsored by:	Mellanox Technologies
MFC after:	1 week
2017-11-14 14:39:37 +00:00
Glen Barber
760c3a19e2 Correct the path to the md(4)-backed UFS filesystem for pine64
images.

Boot-tested by:	lidl
Sponsored by:	The FreeBSD Foundation
2017-11-14 14:31:02 +00:00
Dag-Erling Smørgrav
6fd07539f0 Add a -r option to print the running kernel version.
MFC after:	1 week
2017-11-14 10:15:17 +00:00
Warner Losh
5e8a39f6ab Properly decode NVMe state of the drive and print out the information
in the attach to more closely match what SCSI and ATA attached
storage provides.

Sponsored by: Netflix
2017-11-14 05:05:26 +00:00
Warner Losh
d1c9349f76 Belatedly add opt_nvme.h to fix building nvme.ko outside of a kernel
build.

Sponsored by: Netflix
2017-11-14 05:05:21 +00:00
Warner Losh
4e3b274457 Provide link speed data in XPT_GET_TRAN_SETTINGS. Provide full version
information for that and XPT_PATH_INQ. Provide macros to encode/decode
major/minor versions.  Read the link speed and lane count to compute
the base_transfer_speed for XPT_PATH_INQ.

Sponsored by: Netflix
2017-11-14 05:05:16 +00:00
Warner Losh
d505913c91 Provide pcie_link_status and pcie_link_cap convenience functions.
Sponsored by: Netflix
2017-11-14 05:05:05 +00:00
Warner Losh
0c16b53773 Move zstd from contrib to sys/contrib so it can be used in the
kernel. Adjust the Makefiles that referenced it to the new path.

Sponsored by: Netflix
OK'd by: cem@ and AllanJude@
2017-11-14 05:03:38 +00:00
Justin Hibbits
27353776c4 Expand the Freescale PCIe root complex driver with the ofw_pcib_pci
The interrupt map wasn't being allocated properly, preventing IRQs from being
allocated to children of the PCIe bus.  Fix this by cloning the ofw_pcib_pci
code, which handles all cases -- device tree and probed.

In the future this may become a subclass of the ofw_pcib_pci driver, but as
that's not an exported class, it's cloned for now.

MFC after:	3 weeks
2017-11-14 03:53:15 +00:00
Justin Hibbits
ce7fd13aff Convert BERI to use ofw_parse_bootargs()
Summary:
ofw_parse_bootargs() was added in r306065 as an attempt to unify the
various copies of the same code.  This simply migrates BERI to use it.

Reviewed By: brooks
Differential Revision: https://reviews.freebsd.org/D12962
2017-11-14 03:23:46 +00:00
Justin Hibbits
f8135d8282 Use the correct board name for the Ubiquiti Unifi Security Gateway 2017-11-14 03:21:39 +00:00
Michael Tuexen
d0f6ab7920 Simply the code and use the full buffer for contigous chunk representation.
MFC after:	1 week
2017-11-14 02:30:21 +00:00
Kevin Lo
ccaf7ad472 Add TP-LINK UE300.
Submitted by:	Kris G <netsick@gmail.com>
2017-11-14 01:57:54 +00:00
Brad Davis
f58e59923e Remove an unused variable.
Approved by:	bdrewery
2017-11-14 01:48:24 +00:00
Warner Losh
48f1a4921e Add two new tunables / sysctls to controll reboot after panic:
kern.poweroff_on_panic which, when enabled, instructs a system to
power off on a panic instead of a reboot.

kern.powercyle_on_panic which, when enabled, instructs a system to
power cycle, if possible, on a panic instead of a reboot.

Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D13042
2017-11-14 00:29:14 +00:00
Gleb Smirnoff
3e21cbc802 Style r320614: don't initialize at declaration, new line after declarations,
shorten variable name to avoid extra long lines.
No functional changes.
2017-11-13 22:16:47 +00:00
Mark Felder
fa193c587e Remove fortune quotes attributed to or providing admiration of Adolf Hitler
MFC after:	1 week
2017-11-13 21:55:34 +00:00