Commit Graph

16497 Commits

Author SHA1 Message Date
Don Lewis
660d4fe299 Fix CID 1006692 in /usr/sbin/pw pw_log() function and other fixes
The length of the name returned from the $LOGNAME and $USER can be
very long and it was being concatenated to a fixed length buffer
with no bounds checking.  Fix this problem by limiting the length
of the name copied.

Additionally, this name is actually used to create a format string
to be used in adding log file entries so embedded % characters in
the name could confuse *printf(), and embedded whitespace could
confuse a log file parser.  Handle the former by escaping each %
with an additional %, and handle the latter by simply stripping it
out.

Clean up the code by moving the variable declarations to the top
of the function, formatting them to conform with style, and moving
intialization elsewhere.

Reduce code indentation by returning early in a couple of places.

Reported by:	Coverity
CID:		1006692
Reviewed by:	markj (previous version)
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D6490
2016-05-24 05:02:24 +00:00
Peter Wemm
00774f3549 It seems <sys/types.h> is a new prerequisite for <bitstring.h> after
r300539. Attempt to fix the build for i386.
2016-05-24 03:15:46 +00:00
Don Lewis
95320acebc Fix multiple Coverity Out-of-bounds access false postive issues in CAM
The currently used idiom for clearing the part of a ccb after its
header generates one or two Coverity errors for each time it is
used.  All instances generate an Out-of-bounds access (ARRAY_VS_SINGLETON)
error because of the treatment of the header as a two element array,
with a pointer to the non-existent second element being passed as
the starting address to bzero().  Some instances also alsp generate
Out-of-bounds access (OVERRUN) errors, probably because the space
being cleared is larger than the sizeofstruct ccb_hdr).

In addition, this idiom is difficult for humans to understand and
it is error prone.  The user has to chose the proper struct ccb_*
type (which does not appear in the surrounding code) for the sizeof()
in the length calculation.  I found several instances where the
length was incorrect, which could cause either an actual out of
bounds write, or incompletely clear the ccb.

A better way is to write the code to clear the ccb itself starting
at sizeof(ccb_hdr) bytes from the start of the ccb, and calculate
the length based on the specific type of struct ccb_* being cleared
as specified by the union ccb member being used.  The latter can
normally be seen in the nearby code.  This is friendlier for Coverity
and other static analysis tools because they will see that the
intent is to clear the trailing part of the ccb.

Wrap all of the boilerplate code in a convenient macro that only
requires a pointer to the desired union ccb member (or a pointer
to the union ccb itself) as an argument.

Reported by:	Coverity
CID:		1007578, 1008684, 1009724, 1009773, 1011304, 1011306
CID:		1011307, 1011308, 1011309, 1011310, 1011311, 1011312
CID:		1011313, 1011314, 1011315, 1011316, 1011317, 1011318
CID:		1011319, 1011320, 1011321, 1011322, 1011324, 1011325
CID:		1011326, 1011327, 1011328, 1011329, 1011330, 1011374
CID:		1011390, 1011391, 1011392, 1011393, 1011394, 1011395
CID:		1011396, 1011397, 1011398, 1011399, 1011400, 1011401
CID:		1011402, 1011403, 1011404, 1011405, 1011406, 1011408
CID:		1011409, 1011410, 1011411, 1011412, 1011413, 1011414
CID:		1017461, 1018387, 1086860, 1086874, 1194257, 1229897
CID:		1229968, 1306229, 1306234, 1331282, 1331283, 1331294
CID:		1331295, 1331535, 1331536, 1331539, 1331540, 1341623
CID:		1341624, 1341637, 1341638, 1355264, 1355324
Reviewed by:	scottl, ken, delphij, imp
MFH:		1 month
Differential Revision:	https://reviews.freebsd.org/D6496
2016-05-24 00:57:11 +00:00
Allan Jude
24d17f1e24 Only set kern.geom.part.mbr.enforce_chs=0 once, instead of once per disk
Sponsored by:	ScaleEngine Inc.
2016-05-24 00:23:39 +00:00
Allan Jude
bb4fd0a0d1 Add support for RAID 1+0 (striped mirrors) to bsdinstall/zfsboot
Sponsored by:	ScaleEngine Inc.
2016-05-24 00:22:29 +00:00
Allan Jude
b06bc65e71 Only export and re-import the root pool if installing on MBR
This step is required in order to dd the boot2 bits into the ZFS partition

Sponsored by:	ScaleEngine Inc.
2016-05-23 17:04:13 +00:00
Allan Jude
7289f18f78 Fix missing pool name in zfs set command 2016-05-23 16:49:26 +00:00
Allan Jude
dcf362194d Fix error in bsdinstall where additional filesystems cannot be mounted
Do not set canmount=noauto on the boot environment at create time, because
this causes / to not be mounted, and since the chroot is read only, new
mountpoints cannot be created.

The property is set later, when other properties are adjusted

Reported by:	HardenedBSD
Sponsored by:	ScaleEngine Inc.
2016-05-23 15:11:01 +00:00
Edward Tomasz Napierala
a863d33413 Build iscsid(8) with ICL_KERNEL_PROXY defined by default, as required
for iSER.

Obtained from:	Mellanox Technologies
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2016-05-23 12:58:24 +00:00
Allan Jude
a1b8f55c77 bsdinstall/zfsboot GPT+BIOS+GELI installs now make use of GELIBOOT
In this configuration, a separate bootpool is not required.
This allows ZFS Boot Environments to be used with GELI encrypted ZFS pools.

Support for GPT+EFI+GELI is planned for the future.

Tested by: Joseph Mingrone, HardenedBSD
Relnotes:	yes
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D5869
2016-05-22 20:31:52 +00:00
Enji Cooper
e5e35a7715 Wrap EXPAND(..) macro with a do-while(0) loop and put a single statement on each line
As a positive side-effect, this eliminates the double semicolons reported by Coverity:
the macro contained a trailing semicolon, in addition to the semicolon placed on
each line where EXPAND(..) was called.

MFC after: 1 week
Reported by: Coverity
CID: 1194269
Sponsored by: EMC / Isilon Storage Division
2016-05-22 19:06:38 +00:00
Allan Jude
595568b58b Fix default ZFS layout to work better by default with sysutils/beadm
The root file system is mounted early via vfs.root.mountfrom.
The canmount=noauto property only affects the zfs rc.d script.
This ensures that the 'default' BE is not mounted overtop of another BE when
one is selected from the beastie menu

Sponsored by:	ScaleEngine Inc.
2016-05-22 16:24:21 +00:00
Baptiste Daroussin
5e38260c4f Fix typo in comments for the zfsboot script
Submitted by:	Colby Swandale <colby@taplaboratories.com.au> (via github)
2016-05-22 12:59:07 +00:00
Alan Somers
c5b5b50ded Better document security_show_{success,info,badconfig} in /etc/periodic.conf
periodic(8) already handles the security_show_{success,info,badconfig}
variables correctly. However, those variables aren't explicitly set in
/etc/defaults/periodic.conf or anywhere else, which suggests to the user
that they shouldn't be used.

etc/defaults/periodic.conf
	Explicitly set defaults for security_show_{success,info,badconfig}

usr.sbin/periodic/periodic.sh
	Update usage string

usr.sbin/periodic/periodic.8
	Minor man page updates

One thing I'm _not_ doing is recommending setting security_output to
/var/log/security.log or adding that file to /etc/newsyslog.conf, because
periodic(8) would create it with default permissions, usually 644, and
that's probably a bad idea.

Reviewed by:	brd
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D6477
2016-05-21 02:14:11 +00:00
Kenneth D. Merry
d3683d27cf Adjust a couple of error cases in camdd(8).
usr.sbin/camdd/camdd.c:
	In camdd_probe_file(), fix an error case after fstat where
	we were bailing out and leaving two lines of cleanup code
	unexecuted.  Instead, just goto bailout_error.

	In camdd_probe_pass(), fail if the sector size is 0.

Sponsored by:	Spectra Logic
MFC after:	3 days
2016-05-19 19:13:43 +00:00
Edward Tomasz Napierala
b7af91d012 When iscsid(8) is running in ICL proxy mode, don't try to send Logout PDUs.
The kernel already does this for us when we ask it to terminate the session.

MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2016-05-19 14:59:21 +00:00
Edward Tomasz Napierala
78a89597fe Fix error message.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2016-05-19 14:45:34 +00:00
Kenneth D. Merry
9a6844d55f Add support for managing Shingled Magnetic Recording (SMR) drives.
This change includes support for SCSI SMR drives (which conform to the
Zoned Block Commands or ZBC spec) and ATA SMR drives (which conform to
the Zoned ATA Command Set or ZAC spec) behind SAS expanders.

This includes full management support through the GEOM BIO interface, and
through a new userland utility, zonectl(8), and through camcontrol(8).

This is now ready for filesystems to use to detect and manage zoned drives.
(There is no work in progress that I know of to use this for ZFS or UFS, if
anyone is interested, let me know and I may have some suggestions.)

Also, improve ATA command passthrough and dispatch support, both via ATA
and ATA passthrough over SCSI.

Also, add support to camcontrol(8) for the ATA Extended Power Conditions
feature set.  You can now manage ATA device power states, and set various
idle time thresholds for a drive to enter lower power states.

Note that this change cannot be MFCed in full, because it depends on
changes to the struct bio API that break compatilibity.  In order to
avoid breaking the stable API, only changes that don't touch or depend on
the struct bio changes can be merged.  For example, the camcontrol(8)
changes don't depend on the new bio API, but zonectl(8) and the probe
changes to the da(4) and ada(4) drivers do depend on it.

Also note that the SMR changes have not yet been tested with an actual
SCSI ZBC device, or a SCSI to ATA translation layer (SAT) that supports
ZBC to ZAC translation.  I have not yet gotten a suitable drive or SAT
layer, so any testing help would be appreciated.  These changes have been
tested with Seagate Host Aware SATA drives attached to both SAS and SATA
controllers.  Also, I do not have any SATA Host Managed devices, and I
suspect that it may take additional (hopefully minor) changes to support
them.

Thanks to Seagate for supplying the test hardware and answering questions.

sbin/camcontrol/Makefile:
	Add epc.c and zone.c.

sbin/camcontrol/camcontrol.8:
	Document the zone and epc subcommands.

sbin/camcontrol/camcontrol.c:
	Add the zone and epc subcommands.

	Add auxiliary register support to build_ata_cmd().  Make sure to
	set the CAM_ATAIO_NEEDRESULT, CAM_ATAIO_DMA, and CAM_ATAIO_FPDMA
	flags as appropriate for ATA commands.

	Add a new get_ata_status() function to parse ATA result from SCSI
	sense descriptors (for ATA passthrough over SCSI) and ATA I/O
	requests.

sbin/camcontrol/camcontrol.h:
	Update the build_ata_cmd() prototype

	Add get_ata_status(), zone(), and epc().

sbin/camcontrol/epc.c:
	Support for ATA Extended Power Conditions features.  This includes
	support for all features documented in the ACS-4 Revision 12
	specification from t13.org (dated February 18, 2016).

	The EPC feature set allows putting a drive into a power power mode
	immediately, or setting timeouts so that the drive will
	automatically enter progressively lower power states after various
	idle times.

sbin/camcontrol/fwdownload.c:
	Update the firmware download code for the new build_ata_cmd()
	arguments.

sbin/camcontrol/zone.c:
	Implement support for Shingled Magnetic Recording (SMR) drives
	via SCSI Zoned Block Commands (ZBC) and ATA Zoned Device ATA
	Command Set (ZAC).

	These specs were developed in concert, and are functionally
	identical.  The primary differences are due to SCSI and ATA
	differences.  (SCSI is big endian, ATA is little endian, for
	example.)

	This includes support for all commands defined in the ZBC and
	ZAC specs.

sys/cam/ata/ata_all.c:
	Decode a number of additional ATA command names in ata_op_string().

	Add a new CCB building function, ata_read_log().

	Add ata_zac_mgmt_in() and ata_zac_mgmt_out() CCB building
	functions.  These support both DMA and NCQ encapsulation.

sys/cam/ata/ata_all.h:
	Add prototypes for ata_read_log(), ata_zac_mgmt_out(), and
	ata_zac_mgmt_in().

sys/cam/ata/ata_da.c:
	Revamp the ada(4) driver to support zoned devices.

	Add four new probe states to gather information needed for zone
	support.

	Add a new adasetflags() function to avoid duplication of large
	blocks of flag setting between the async handler and register
	functions.

	Add new sysctl variables that describe zone support and paramters.

	Add support for the new BIO_ZONE bio, and all of its subcommands:
	DISK_ZONE_OPEN, DISK_ZONE_CLOSE, DISK_ZONE_FINISH, DISK_ZONE_RWP,
	DISK_ZONE_REPORT_ZONES, and DISK_ZONE_GET_PARAMS.

sys/cam/scsi/scsi_all.c:
	Add command descriptions for the ZBC IN/OUT commands.

	Add descriptions for ZBC Host Managed devices.

	Add a new function, scsi_ata_pass() to do ATA passthrough over
	SCSI.  This will eventually replace scsi_ata_pass_16() -- it
	can create the 12, 16, and 32-byte variants of the ATA
	PASS-THROUGH command, and supports setting all of the
	registers defined as of SAT-4, Revision 5 (March 11, 2016).

	Change scsi_ata_identify() to use scsi_ata_pass() instead of
	scsi_ata_pass_16().

	Add a new scsi_ata_read_log() function to facilitate reading
	ATA logs via SCSI.

sys/cam/scsi/scsi_all.h:
	Add the new ATA PASS-THROUGH(32) command CDB.  Add extended and
	variable CDB opcodes.

	Add Zoned Block Device Characteristics VPD page.

	Add ATA Return SCSI sense descriptor.

	Add prototypes for scsi_ata_read_log() and scsi_ata_pass().

sys/cam/scsi/scsi_da.c:
	Revamp the da(4) driver to support zoned devices.

	Add five new probe states, four of which are needed for ATA
	devices.

	Add five new sysctl variables that describe zone support and
	parameters.

	The da(4) driver supports SCSI ZBC devices, as well as ATA ZAC
	devices when they are attached via a SCSI to ATA Translation (SAT)
	layer.  Since ZBC -> ZAC translation is a new feature in the T10
	SAT-4 spec, most SATA drives will be supported via ATA commands
	sent via the SCSI ATA PASS-THROUGH command.  The da(4) driver will
	prefer the ZBC interface, if it is available, for performance
	reasons, but will use the ATA PASS-THROUGH interface to the ZAC
	command set if the SAT layer doesn't support translation yet.
	As I mentioned above, ZBC command support is untested.

	Add support for the new BIO_ZONE bio, and all of its subcommands:
	DISK_ZONE_OPEN, DISK_ZONE_CLOSE, DISK_ZONE_FINISH, DISK_ZONE_RWP,
	DISK_ZONE_REPORT_ZONES, and DISK_ZONE_GET_PARAMS.

	Add scsi_zbc_in() and scsi_zbc_out() CCB building functions.

	Add scsi_ata_zac_mgmt_out() and scsi_ata_zac_mgmt_in() CCB/CDB
	building functions.  Note that these have return values, unlike
	almost all other CCB building functions in CAM.  The reason is
	that they can fail, depending upon the particular combination
	of input parameters.  The primary failure case is if the user
	wants NCQ, but fails to specify additional CDB storage.  NCQ
	requires using the 32-byte version of the SCSI ATA PASS-THROUGH
	command, and the current CAM CDB size is 16 bytes.

sys/cam/scsi/scsi_da.h:
	Add ZBC IN and ZBC OUT CDBs and opcodes.

	Add SCSI Report Zones data structures.

	Add scsi_zbc_in(), scsi_zbc_out(), scsi_ata_zac_mgmt_out(), and
	scsi_ata_zac_mgmt_in() prototypes.

sys/dev/ahci/ahci.c:
	Fix SEND / RECEIVE FPDMA QUEUED in the ahci(4) driver.

	ahci_setup_fis() previously set the top bits of the sector count
	register in the FIS to 0 for FPDMA commands.  This is okay for
	read and write, because the PRIO field is in the only thing in
	those bits, and we don't implement that further up the stack.

	But, for SEND and RECEIVE FPDMA QUEUED, the subcommand is in that
	byte, so it needs to be transmitted to the drive.

	In ahci_setup_fis(), always set the the top 8 bits of the
	sector count register.  We need it in both the standard
	and NCQ / FPDMA cases.

sys/geom/eli/g_eli.c:
	Pass BIO_ZONE commands through the GELI class.

sys/geom/geom.h:
	Add g_io_zonecmd() prototype.

sys/geom/geom_dev.c:
	Add new DIOCZONECMD ioctl, which allows sending zone commands to
	disks.

sys/geom/geom_disk.c:
	Add support for BIO_ZONE commands.

sys/geom/geom_disk.h:
	Add a new flag, DISKFLAG_CANZONE, that indicates that a given
	GEOM disk client can handle BIO_ZONE commands.

sys/geom/geom_io.c:
	Add a new function, g_io_zonecmd(), that handles execution of
	BIO_ZONE commands.

	Add permissions check for BIO_ZONE commands.

	Add command decoding for BIO_ZONE commands.

sys/geom/geom_subr.c:
	Add DDB command decoding for BIO_ZONE commands.

sys/kern/subr_devstat.c:
	Record statistics for REPORT ZONES commands.  Note that the
	number of bytes transferred for REPORT ZONES won't quite match
	what is received from the harware.  This is because we're
	necessarily counting bytes coming from the da(4) / ada(4) drivers,
	which are using the disk_zone.h interface to communicate up
	the stack.  The structure sizes it uses are slightly different
	than the SCSI and ATA structure sizes.

sys/sys/ata.h:
	Add many bit and structure definitions for ZAC, NCQ, and EPC
	command support.

sys/sys/bio.h:
	Convert the bio_cmd field to a straight enumeration.  This will
	yield more space for additional commands in the future.  After
	change r297955 and other related changes, this is now possible.
	Converting to an enumeration will also prevent use as a bitmask
	in the future.

sys/sys/disk.h:
	Define the DIOCZONECMD ioctl.

sys/sys/disk_zone.h:
	Add a new API for managing zoned disks.  This is very close to
	the SCSI ZBC and ATA ZAC standards, but uses integers in native
	byte order instead of big endian (SCSI) or little endian (ATA)
	byte arrays.

	This is intended to offer to the complete feature set of the ZBC
	and ZAC disk management without requiring the application developer
	to include SCSI or ATA headers.  We also use one set of headers
	for ioctl consumers and kernel bio-level consumers.

sys/sys/param.h:
	Bump __FreeBSD_version for sys/bio.h command changes, and inclusion
	of SMR support.

usr.sbin/Makefile:
	Add the zonectl utility.

usr.sbin/diskinfo/diskinfo.c
	Add disk zoning capability to the 'diskinfo -v' output.

usr.sbin/zonectl/Makefile:
	Add zonectl makefile.

usr.sbin/zonectl/zonectl.8
	zonectl(8) man page.

usr.sbin/zonectl/zonectl.c
	The zonectl(8) utility.  This allows managing SCSI or ATA zoned
	disks via the disk_zone.h API.  You can report zones, reset write
	pointers, get parameters, etc.

Sponsored by:	Spectra Logic
Differential Revision:	https://reviews.freebsd.org/D6147
Reviewed by:	wblock (documentation)
2016-05-19 14:08:36 +00:00
Simon J. Gerraty
1c8bdd84b8 Initialize date of rootNode.
Reviewed by:	jtl
2016-05-18 22:24:52 +00:00
Gleb Smirnoff
9aa8749970 Revert r299830, it has couple of fatal errors.
The CMSG_ family of macros take care of alignment, so we don't need r299830
at all, even if it was correct.  Put NO_WCAST_ALIGN into Makefile.

Together with:	peter
2016-05-18 22:02:19 +00:00
Pedro F. Giffuni
00b8e9fe52 makefs(8): Clarify the comment concerning seeding.
Avoid giving the impression makefs currently supports reproduceable
builds.
2016-05-18 00:22:52 +00:00
Pedro F. Giffuni
40d39b4bf5 makefs(1): use all the random(3) range.
The generation number is uint32_t so we can fit the complete range
of random(3). We could have used arc4random() but the result would
be unpredictable and it would prohibit reproducible builds.

While here add a comment where seeding is done: this affects
reproducible builds and might have to be re-visited to use a
release dependent value.

MFC after:	2 weeks
2016-05-17 18:20:33 +00:00
Pedro F. Giffuni
9f36c1fa71 makefs(8): use NULL instead of zero for pointers. 2016-05-17 16:58:39 +00:00
Eitan Adler
cef367e6a1 Don't repeat the the word 'the'
(one manual change to fix grammar)

Confirmed With: db
Approved by: secteam (not really, but this is a comment typo fix)
2016-05-17 12:52:31 +00:00
Edward Tomasz Napierala
5abae79af4 Add initial support for negotiating iSER parameters to iscsid(8). Some
rework might be needed to support asymetrical limits, but this should be
ok for now.

Obtained from:	Mellanox Technologies (earlier version)
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2016-05-17 07:54:53 +00:00
Don Lewis
78db15ccf7 When clearing rtmsg, pass &rtmsg to bzero() instead of the address of
just the header

Reported by:	Coverity
CID:		1007568, 1194256
MFC after:	1 week
2016-05-17 04:03:45 +00:00
Don Lewis
647bedd5da Don't walk off the end of the array when proto isn't explicitly
listed above.  Instead update the catch-all "Others" bucket.

Reported by:	Coverity
CID:		1007571, 1007572
MFC after:	1 week
2016-05-16 23:47:08 +00:00
Don Lewis
010e93758f Set ai2 to NULL in in find_host() before the loop and after calling
freeaddrinfo() on it to indicate that it doesn't point to a valid
addrinfo list.  This fixes this Coverity issues:
	1006368 Uninitialized pointer read
	1018506 Double free
	1305590 Resource leak
that can be triggered in the hp->hostname[0] != '\0' case.

Don't treat a character as a boolean.

Fix these Coverity issues:
	1009293 Unchecked return value from library
	1194246 Wrong size argument
by tweaking the status file extend code.

Reported by:	Coverity
CID:		1006368, 1018506, 1305590, 1009293, 1194246
Reviewed by:	rmacklem
Feedback from:	hrs
MFC after:	1 week
Differential Revision:	D6398
2016-05-16 23:29:04 +00:00
Don Lewis
b6ecea3082 Actually use the loop interation limit so carefully computed on the
previous line to prevent buffer overflow.  This turns out to not be
important because the upstream xdr code already capped the object
size at the proper value.  Using the correct limit here looks a lot
less scary and should please Coverity.

Reported by:	Coverity
CID:		1199309, 1199310
MFC after:	1 week
2016-05-16 23:00:48 +00:00
Don Lewis
e29182f6c0 Fix an off by one error to avoid overflowing rp[].
Reported by:	Coverity
CID:		1007579
2016-05-16 16:16:46 +00:00
Don Lewis
cec77ff4bf NULL releasedfl after calling deallocate_file_lock() which frees it
to avoid a use-after-free error in the debuglog() call at the top
of the loop.

Reported by:	Coverity
CID:		1006080
MFC after:	1 week
2016-05-16 05:17:43 +00:00
Don Lewis
ec77f107fa pdu_delete(request) frees request, so move the call after
login_new_response(request) to avoid a use-after-free error

Reported by:	Coverity
Reviewed by:	1331219, 1331220
2016-05-16 04:43:47 +00:00
Don Lewis
8f2c79ef85 Don't free fnamebuf before we calling cfgfile_add(). This changes a
use-after-free error into a minor memory leak.

Reported by:	Coverity
CID:		1006084
2016-05-16 04:39:16 +00:00
Marcelo Araujo
eed7cf8d2d Simplify overengineered and buggy code that looked like as if it did
some kind of UTF-8 validation, but actually didn't, but instead, for
malformed UTF-8 input, caused buffer overruns in some cases and caused
skipping of valid ASCII characters in other cases.

Obtained from:	OpenBSD (cvs 1.32)
2016-05-16 02:44:22 +00:00
Marcelo Araujo
152e878f4c When a group contains a non-existent user, make the warning
message more helpful by mentioning the group name.

Obtained from:	OpenBSD (cvs 1.19)
2016-05-16 02:35:23 +00:00
Marcelo Araujo
1dcace5ba0 Use NULL instead of 0 for pointers.
MFC after:	2 weeks.
2016-05-16 01:12:56 +00:00
Don Lewis
b0882deadb Use strlcpy() instead of strncpy() when copying ifname to ensure
that it is NUL terminated.  Additional NUL padding is not required
for short names.

Reported by:	Coverity
CID:		1009974
MFC after:	1 week
2016-05-15 22:31:03 +00:00
Don Lewis
dc47112fa5 Use strlcpy() instead of strncpy() when copying ifname to ensure
that it is NUL terminated.  Additional NUL padding is not required
for short names.

Reported by:	Coverity
CID:		99186, 991864, 991865
MFC after:	1 week
2016-05-15 22:17:41 +00:00
Don Lewis
8afa1c3d7a Use strlcpy() instead of strncpy() when copying ifname to ensure
that it is NUL terminated.  Additional NUL padding is not required
for short names.

MFC after:	1 week
2016-05-15 22:06:21 +00:00
Don Lewis
7b06334915 Use strlcpy() instead of strncpy() when copying ifname to ensure
that it is NUL terminated.  Additional NUL padding is not required
for short names.

Reported by:	Coverity
CID:		974852
MFC after:	1 week
2016-05-15 21:45:04 +00:00
Enji Cooper
471761b8bb Remove NO_WERROR and add WARNS?= 6
This now compiles cleanly on all architectures

MFC after: 1 month
Tested with: clang 3.8, gcc 4.2.1, gcc 4.5, make tinderbox
Sponsored by: EMC / Isilon Storage Division
2016-05-15 03:38:40 +00:00
Enji Cooper
99ca491ca6 Remove NO_WERROR.clang from this Makefile
This compiles with clang without warnings

MFC after: 1 month
Sponsored by: EMC / Isilon Storage Division
2016-05-15 00:42:18 +00:00
Enji Cooper
6047e12ca5 Replace malloc + memset(.., 0, ..) with calloc calls
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
2016-05-15 00:40:05 +00:00
Enji Cooper
27c7c23864 Use strdup instead of malloc + strlcpy
Fix error messages on failure for calloc/strdup

MFC after: 3 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-15 00:25:36 +00:00
Enji Cooper
229bb4daa1 Correct function names that failed in error messages
It should be calloc/strdup, not malloc

MFC after: 3 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-15 00:24:21 +00:00
Enji Cooper
d208c8fa3f Replace QUADFMT with %ju and QUADXFMT with %jx and cast values with uintmax_t
This will cure some -Wformat warnings

MFC after: 1 week
Reported by: clang, gcc
Sponsored by: EMC / Isilon Storage Division
2016-05-15 00:10:37 +00:00
Enji Cooper
70e366f272 Bump WARNS to 6
MFC after: 1 month
Sponsored by: EMC / Isilon Storage Division
2016-05-15 00:08:09 +00:00
Enji Cooper
92f7f8fb62 Fix up r299769
Similar to r299802, it was noted that using nitems on scalar pointers is
invalid.

Use strdup instead of malloc + strlcpy (which is what the old code was doing
anyhow).

MFC after: 1 week
Pointyhat to: ngie
Sponsored by: EMC / Isilon Storage Division
2016-05-15 00:05:28 +00:00
Enji Cooper
4e312050f0 Replace malloc + memset(.., 0, ..) with calloc calls
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
2016-05-15 00:02:55 +00:00
Enji Cooper
2501437203 Fix up both r299764 and r299770
nitems was wrong too, as it was being tested against a pointer instead of a buffer on
the stack.

Since the old code was just doing malloc, then strlcpy'ing the contents of the source
buffer into the destination buffer, replace it all with a call to strdup..

Reported by: bde
MFC after: 1 week
X-MFC with: r299764, r299770
Supersized Duncecap to: ngie
Sponsored by: EMC / Isilon Storage Division
2016-05-15 00:01:23 +00:00
Enji Cooper
4a2b63d5bb Convert tok from enum tok to int32_t in function calls
get_token(..) returns int32_t, not enum tok, and in many cases tests for items
not in enum tok (e.g. '('). Make the typing consistent with get_token, which
includes a domino effect of changing enum tok to int32_t.

MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-14 23:29:41 +00:00
Enji Cooper
5413861b16 Use a consistent errno save/restore pattern before running strtoul
- Save errno
- Set errno to 0
- Call strtoul
- Test errno (optional, but many calls to strtoul did this afterwards)

Some of the code was setting errno = 0 after calling strtoul, not setting
errno = 0, or setting errno to saved_errno after the call, but before the
test. These all have unwanted behavioral side-effects, depending on the
initial value of errno and whether or not the input to strtoul was correct
or incorrect.

MFC after: 3 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-14 23:22:38 +00:00
Enji Cooper
2c0046434b Do minimal work necessary to cure a -Wunused-but-set-variable warning from gcc
How errno is saved before and restored after strtoul calls needs a rethink

MFC after: 1 week
Reported by: gcc 5.x
Sponsored by: EMC / Isilon Storage Division
2016-05-14 23:13:23 +00:00
Enji Cooper
54811dda50 Fix up r299764
I meant to use nitems, not sizeof(..) with the destination buffer. Using sizeof(..)
on a pointer will always truncate the output in the destination buffer incorrectly

Pointyhat to: ngie
MFC after: 1 week
X-MFC with: r299764
Sponsored by: EMC / Isilon Storage Division
2016-05-14 22:43:07 +00:00
Enji Cooper
896f12fec1 Use the size of the destination buffer instead of the malloc size, repeated, in order
to mute a -Wstrlcpy-strlcat-size warning

MFC after: 1 week
Reported by: clang
Sponsored by: EMC / Isilon Storage Division
2016-05-14 22:40:35 +00:00
Enji Cooper
19ffd5ecda Mute sign compare warning by casting rc to u_int to match nbindings' type
rc cannot be negative -- that was already tested for earlier on in
the function

MFC after: 1 week
Reported by: clang, gcc
Sponsored by: EMC / Isilon Storage Division
2016-05-14 22:29:11 +00:00
Enji Cooper
715e3b39a6 Fix logically dead code pointed out by clang/Coverity
parse_context, parse_user_security: test for validity of results from
parse_ascii(..) with by casting to int32_t and comparing to -1; comparing
unsigned types to negative values will always be false.

Reported by: clang, Coverity
CID: 1011432, 1011433
MFC after: 3 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-14 22:04:44 +00:00
Enji Cooper
81910adfc4 Fix theoretical buffer overflow issues in snmp_oid2asn_oid
Increase the size of `string` by 1 to account for the '\0' terminator. In the event
that `str` doesn't contain any non-alpha chars, i would be set to MAXSTR, and
the subsequent strlcpy call would overflow by a character.

Remove unnecessary `string[i] = '\0'` -- this is already handled by strlcpy.

MFC after: 1 week
Reported by: clang
Sponsored by: EMC / Isilon Storage Division
2016-05-14 21:32:52 +00:00
Enji Cooper
78a780e3e5 Use the size of the destination buffer, not the source buffer.
Technically this is a no-op, but mute the clang warning in case the malloc call
above for fstring ever changes in the future

Reported by: clang
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
2016-05-14 21:27:33 +00:00
Enji Cooper
6e229b2973 Mute -Wstrlcpy-strlcat-size warning by using nitems with the size of the buffer
This is a no-op as the malloc above set the size of the buffer to the size used
below, but this keeps things consistent in case the malloc call changes somehow.

MFC after: 1 week
Reported by: clang
Sponsored by: EMC / Isilon Storage Division
2016-05-14 20:58:34 +00:00
Enji Cooper
444991f1e6 Mark snmptoolctx unused in parse_authentication(..), parse_privacy(..),
parse_context(..), and parse_user_security(..).

MFC after: 1 week
Reported by: clang, gcc
Sponsored by: EMC / Isilon Storage Division
2016-05-14 20:33:42 +00:00
Enji Cooper
4a8c12cd34 parse_ascii: make count size_t to mute a -Wsign-compare issue
count is always unsigned.

MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
2016-05-14 20:31:12 +00:00
Enji Cooper
9a3ebeefc0 Sort variables in parse_ascii(..) per style(9)
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
2016-05-14 20:28:23 +00:00
Enji Cooper
031987d916 Use calloc instead of memset(.., 0, ..) + malloc
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
2016-05-14 20:25:14 +00:00
Pedro F. Giffuni
c8aa42a2da Undo the bogus gethostname() change from r299709.
The "- 1" is there specifically to enable checking for NUL termination.

I should also admit the rest change was mostly cosmetic and the
overruns can't occur in practice: still I leave them to pacify
static analyzers.

Pointed out by:	bde
2016-05-14 04:29:13 +00:00
Enji Cooper
0150b85a1c Fix some trivial clang/gcc warnings in bsnmptc.c
- By definition, `enum snmp_tc` can't be false (the implied starting sequence
  index for the enum is 0). Don't test for it being < 0.
- Staticize `struct snmp_text_conv` to mute a -Wmissing-variable-declarations
  warning from clang.
- Remove set but unused variable, ptr, in parse_bridge_id(..) and
  parse_bport_id(..) to mute warning from gcc 4.9+.
- Mark value and string unused in snmp_inetaddr2oct(..) and parse_inetaddr(..)
  as they're just stub functions.

MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
2016-05-14 04:13:28 +00:00
Enji Cooper
66987347e9 Fold two malloc + memset(.., 0, ..) calls into equivalent calloc calls
MFC after: 3 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-14 04:00:17 +00:00
Enji Cooper
29517fca53 Staticize global variables only used in bsnmpimport.c to fix
-Wmissing-variable-declarations warnings

MFC after: 3 weeks
Reported by: clang
Sponsored by: EMC / Isilon Storage Division
2016-05-14 03:57:18 +00:00
Pedro F. Giffuni
cbc796fb90 timed(8): Use strlcpy() for bounds checking.
Prevent some theorical buffer overruns reported by Coverity.
Cleanup a use of gethostname() while here.

CID:	1006713, 1011166, 1011167, 1011168,
2016-05-14 02:42:09 +00:00
Pedro F. Giffuni
555470a31d timed(8): Use stronger random number generator.
Using arc4random simplifies the code by not having to worry about
seeds which ironically depend on the time.

CID:	1300004
2016-05-14 01:12:23 +00:00
Pedro F. Giffuni
7ffbd1b5b0 timed(8): use NULL instead of zero for pointers. 2016-05-14 00:46:38 +00:00
Enji Cooper
836229c3cf Move _bsnmptools_debug extern from bsnmpmap.c to bsnmptools.h
It was used in bsnmpmap.c but was stored in bsnmptools.c; moving the extern
to the header allows us to cover all of our bases for the variable, and allows
_bsnmptools_debug to be used in the future elsewhere -- not just bsnmpmap.c.

MFC after: 3 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-13 21:26:12 +00:00
Don Lewis
fe579263e0 Another attempt at resolving CID 1305629. The test of cmd == -1
may make Coverity think that other negative values of cmd (used
as an index) are possible.  Testing < 0 is a more common idiom
in any case.

Reported by:	Coverity
CID:		1305629
2016-05-13 17:48:04 +00:00
Pedro F. Giffuni
48235fe344 i2c(8): uninitialized variable (UNINIT).
If i2c_opt.width is somehow zero, buf will be left uninitialized and may
cause trouble later on. This is a followup to r299586.

CID:	1331548
2016-05-13 15:57:55 +00:00
Pedro F. Giffuni
9f3dba686c bhyve: consider the bogus case of a negative bar idx.
This is a followup to r297472 to squelch Coverity.

CID:	1194319
2016-05-13 14:59:02 +00:00
Pedro F. Giffuni
40dbeed32b bhyve: replace uninitialized variable "offset".
Use io->io_req.br_offset instead.

Suggested by:	grehan
CID:		1288937
2016-05-13 14:38:04 +00:00
Don Lewis
7a7c07ef51 Properly compute the size argument to pass to malloc().
Reported by:	Coverity
CID:		1198856
MFC after:	1 week
2016-05-13 06:45:16 +00:00
Don Lewis
ae092f753a Move a call to cam_freeccb() to avoid a use after free error and
a later double free.

Reported by:	Coverity
CID:		1018507
MFC after:	1 week
2016-05-13 06:26:42 +00:00
Don Lewis
aa60f7a6de Revert r299584:
Mark usage() as __dead2 so that Coverity doesn't think that execution
  continues after the call and uses a negative array subscript.

Requested by:	bde
2016-05-13 05:39:29 +00:00
Pedro F. Giffuni
b1f46f712f i2c(8): uninitialized variable (UNINIT).
If i2c_opt.width is somehow zero, the bufsize will be left uninitialized
and make cause trouble later on.

CID:		1331549
2016-05-13 02:58:11 +00:00
Don Lewis
e402dde82d Mark usage() as __dead2 so that Coverity doesn't think that execution
continues after the call and uses a negative array subscript.

Reported by:	Coverity
CID:		1305629
2016-05-13 01:14:38 +00:00
Don Lewis
a5f637460b Avoid indexing an array with a negative value.
Reported by:	Coverity
CID:		971121
2016-05-13 00:58:05 +00:00
Don Lewis
5d29410d37 Use strlcpy() instead of strncpy() to ensure that ret->name is
NUL terminated.  The source and destination buffers are the same
size and the source *should* be NUL terminated, but be paranoid.

Reported by:	Coverity
CID:		1011274
MFC after:	1 week
2016-05-13 00:17:57 +00:00
Don Lewis
3b7e0c53d5 Use strlcpy() instead of strncpy() to ensure that qup->fsname is NUL
terminated.  Don't bother checking for truncation since the subsequent
quota_read() should detect that and fail.

Reported by:	Coverity
CID:		1009980
MFC after:	1 week
2016-05-13 00:02:03 +00:00
Don Lewis
90abdc2dd7 Use strlcpy() instead of strncpy() when copying to dom_domain to
ensure that the latter is NUL terminated since it is passed
as an argument to *printf().

Warn about NIS domains that are too long.

Reported by:	Coverity
CID:		1009620, 1009621
MFH:		1 week
2016-05-12 21:35:40 +00:00
Conrad Meyer
a09a9cbb40 rtadvd(8): Fix use-after-close in cm_handler_client
cm_send() closes 'fd' on error.  In that case, bail out early without trying to
recv from or close 'fd' again.

Reported by:	Coverity
CID:		1006078
Sponsored by:	EMC / Isilon Storage Division
2016-05-12 05:12:24 +00:00
Conrad Meyer
5c4eb89746 rtadvd(8): Don't use-after-free
This whole block of code as committed fully formed in r224144.  I'm not really
sure what the intent was, but it seems plausible that !persist ifis could need
other member cleanup.  Don't free the object until after we've finished
cleaning its members.

Reported by:	Coverity
CID:		1006079
Sponsored by:	EMC / Isilon Storage Division
2016-05-12 04:54:32 +00:00
Conrad Meyer
96aec9a5e9 rtadvd(8): Fix a typo in full msg receive logic
Check against the size of the struct, not the pointer.  Previously, a message
with a cm_len between 9 and 23 (inclusive) could cause int msglen to underflow
and read(2) to be invoked with msglen size (implicitly cast to signed),
overrunning the caller-provided buffer.

All users of cm_recv() supply a stack buffer.

On the other hand, the rtadvd control socket appears to only be writable by the
owner, who is probably root.

While here, correct some types to be size_t or ssize_t.

Reported by:	Coverity
CID:		1008477
Security:	unix socket remotes may overflow stack in rtadvd
Sponsored by:	EMC / Isilon Storage Division
2016-05-12 03:37:17 +00:00
Pedro F. Giffuni
ac97203f5b traceroute6(8): use NULL instead of zero for initializing a pointer. 2016-05-12 02:05:50 +00:00
Conrad Meyer
134fd583cb route6d(8): Fix potential double-free
In the case that the subsequent sysctl(3) call failed, 'buf' could be free(3)ed
repeatedly.  It isn't clear to me that that case is possible, but be clear and
do the right thing in case it is.

Reported by:	Coverity
CID:		272537
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 22:33:20 +00:00
Conrad Meyer
02dc4f1751 mixer(8): Style: Tag no-return usage() as __dead2
Coverity really should have figured this out from the exit(3) call at the end
of the routine, but just make it explicit.

No functional change.

Reported by:	Coverity
CID:		1304866 (false positive double-close of 'baz')
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 17:27:27 +00:00
Conrad Meyer
16f6b6f174 ffs_bswap: Copy one UFS dinode member at a time
No functional change.

Reported by:	Coverity
CIDs:		974635, 974636, 977396, 977397, 977398, 977399
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 16:42:13 +00:00
Allan Jude
06445fc0fa bsdinstall/zfsboot: Do not mirror swap when swapsize is 0
PR:		209415
Submitted by:	Ganael LAPLANCHE <ganael.laplanche@corp.ovh.com>
MFC after:	2 weeks
2016-05-10 14:38:43 +00:00
Baptiste Daroussin
79477f3ca1 Directly set the NONBLOCK flags when creating the socket
No functional changes
2016-05-10 11:18:53 +00:00
Baptiste Daroussin
a9c48188b8 Rename getline with get_line to avoid collision with getline(3)
When getline(3) in 2009 was added a _WITH_GETLINE guard has also been added.
This rename is made in preparation for the removal of this guard
2016-05-10 11:17:19 +00:00
Baptiste Daroussin
f03ef8405b Rename getline with get_line to avoid collision with getline(3)
When getline(3) in 2009 was added a _WITH_GETLINE guard has also been added.
This rename is made in preparation for the removal of this guard
2016-05-10 11:12:31 +00:00
Baptiste Daroussin
8c98e6b1a7 Replace fparseln(3) with getline(3) to remove dependency on libutil 2016-05-09 20:04:22 +00:00
Enji Cooper
430f7286a5 Merge ^/user/ngie/release-pkg-fix-tests to unbreak how test files are installed
after r298107

Summary of changes:

- Replace all instances of FILES/TESTS with ${PACKAGE}FILES. This ensures that
  namespacing is kept with FILES appropriately, and that this shouldn't need
  to be repeated if the namespace changes -- only the definition of PACKAGE
  needs to be changed
- Allow PACKAGE to be overridden by callers instead of forcing it to always be
  `tests`. In the event we get to the point where things can be split up
  enough in the base system, it would make more sense to group the tests
  with the blocks they're a part of, e.g. byacc with byacc-tests, etc
- Remove PACKAGE definitions where possible, i.e. where FILES wasn't used
  previously.
- Remove unnecessary TESTSPACKAGE definitions; this has been elided into
  bsd.tests.mk
- Remove unnecessary BINDIRs used previously with ${PACKAGE}FILES;
  ${PACKAGE}FILESDIR is now automatically defined in bsd.test.mk.
- Fix installation of files under data/ subdirectories in lib/libc/tests/hash
  and lib/libc/tests/net/getaddrinfo
- Remove unnecessary .include <bsd.own.mk>s (some opportunistic cleanup)

Document the proposed changes in share/examples/tests/tests/... via examples
so it's clear that ${PACKAGES}FILES is the suggested way forward in terms of
replacing FILES. share/mk/bsd.README didn't seem like the appropriate method
of communicating that info.

MFC after: never probably
X-MFC with: r298107
PR: 209114
Relnotes: yes
Tested with: buildworld, installworld, checkworld; buildworld, packageworld
Sponsored by: EMC / Isilon Storage Division
2016-05-04 23:20:53 +00:00
Alan Somers
8907f744ff Improve performance and functionality of the bitstring(3) api
Two new functions are provided, bit_ffs_at() and bit_ffc_at(), which allow
for efficient searching of set or cleared bits starting from any bit offset
within the bit string.

Performance is improved by operating on longs instead of bytes and using
ffsl() for searches within a long. ffsl() is a compiler builtin in both
clang and gcc for most architectures, converting what was a brute force
while loop search into a couple of instructions.

All of the bitstring(3) API continues to be contained in the header file.
Some of the functions are large enough that perhaps they should be uninlined
and moved to a library, but that is beyond the scope of this commit.

sys/sys/bitstring.h:
        Convert the majority of the existing bit string implementation from
        macros to inline functions.

        Properly protect the implementation from inadvertant macro expansion
        when included in a user's program by prefixing all private
        macros/functions and local variables with '_'.

        Add bit_ffs_at() and bit_ffc_at(). Implement bit_ffs() and
        bit_ffc() in terms of their "at" counterparts.

        Provide a kernel implementation of bit_alloc(), making the full API
        usable in the kernel.

        Improve code documenation.

share/man/man3/bitstring.3:
        Add pre-exisiting API bit_ffc() to the synopsis.

        Document new APIs.

        Document the initialization state of the bit strings
        allocated/declared by bit_alloc() and bit_decl().

        Correct documentation for bitstr_size(). The original code comments
        indicate the size is in bytes, not "elements of bitstr_t". The new
        implementation follows this lead. Only hastd assumed "elements"
        rather than bytes and it has been corrected.

etc/mtree/BSD.tests.dist:
tests/sys/Makefile:
tests/sys/sys/Makefile:
tests/sys/sys/bitstring.c:
        Add tests for all existing and new functionality.

include/bitstring.h
	Include all headers needed by sys/bitstring.h

lib/libbluetooth/bluetooth.h:
usr.sbin/bluetooth/hccontrol/le.c:
        Include bitstring.h instead of sys/bitstring.h.

sbin/hastd/activemap.c:
        Correct usage of bitstr_size().

sys/dev/xen/blkback/blkback.c
        Use new bit_alloc.

sys/kern/subr_unit.c:
        Remove hard-coded assumption that sizeof(bitstr_t) is 1.  Get rid of
        unrb.busy, which caches the number of bits set in unrb.map.  When
        INVARIANTS are disabled, nothing needs to know that information.
        callapse_unr can be adapted to use bit_ffs and bit_ffc instead.
        Eliminating unrb.busy saves memory, simplifies the code, and
        provides a slight speedup when INVARIANTS are disabled.

sys/net/flowtable.c:
        Use the new kernel implementation of bit-alloc, instead of hacking
        the old libc-dependent macro.

sys/sys/param.h
        Update __FreeBSD_version to indicate availability of new API

Submitted by:   gibbs, asomers
Reviewed by:    gibbs, ngie
MFC after:      4 weeks
Sponsored by:   Spectra Logic Corp
Differential Revision:  https://reviews.freebsd.org/D6004
2016-05-04 22:34:11 +00:00
Alan Somers
79e29f957a Fix "getextattr -x" with non-ascii attribute values
extattr/rmextattr.c
	When printing hex output, treat all attribute values as unsigned
	char arrays instead of sign extending them to 32 bit values.

extattr/tests/extattr_test.sh
	Add a regression test

PR:		209039
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
2016-05-04 21:07:30 +00:00