Commit Graph

2570 Commits

Author SHA1 Message Date
Rick Macklem
31b29217ab Make mountcritremote dependent upon nfscbd.
Although it is not often needed, the nfscbd(8) should be running when
NFSv4 mounts are done if callback functionality is required.
Callback functionality is required for the NFSv4 server to issue
delegations or pNFS layouts.

This patch adds nfscbd to the mountcritremote's REQUIRED line
to ensure it is started before NFS mounts specified in /etc/fstab
are done.

Reviewed by:	0mp
Differential Revision:	https://reviews.freebsd.org/D27506
2020-12-17 00:20:57 +00:00
Michael Tuexen
1d0272a600 When receiving a file having a length, which is a mulitple of the blocksize,
close the file once it is received.

Reported by:	Timo Voelker
MFC after:	1 week
2020-12-15 09:43:18 +00:00
Michael Tuexen
3696db923f Improve the counting of blocks used to transfer a file from the
server to the client in case of not using an OACK: Don't miss
the first block in case of it is not also the last one.

MFC after:		1 week
2020-12-14 22:13:58 +00:00
Michael Tuexen
1f67c37c1f Fix the TFTP client when performing a RRQ for files smaller than 512 bytes
and the server not sending an OACK:
* Close the file.
* Report the correct the number of received blocks.

MFC after:		1 week
2020-12-10 19:36:33 +00:00
Michael Tuexen
a1c4a3eaf1 When dropping packets (RRQ or WRQ) for debugging, report the send
operation as successful. Reporting a failure stops the transfer
instead of using timeouts.

MFC after:		1 week
2020-12-06 18:43:12 +00:00
Conrad Meyer
78599c32ef Add CFI start/end proc directives to arm64, i386, and ppc
Follow-up to r353959 and r368070: do the same for other architectures.

arm32 already seems to use its own .fnstart/.fnend directives, which
appear to be ARM-specific variants of the same thing.  Likewise, MIPS
uses .frame directives.

Reviewed by:	arichardson
Differential Revision:	https://reviews.freebsd.org/D27387
2020-12-05 00:33:28 +00:00
Cy Schubert
353ce81687 Revert r366857.
r366857 created a number of problems, tearing down interfaces too
early in shutdown. This resulted in:

- hung ssh sessions when shutting down or rebooting remotely using
  shutdown (I've used exec shutdown, for years, as apposed to simply
  shutdown).

- NFS mounted filesystems "disappear" prior to unmount.

- dhclient attached to a VLAN on an interface who's parent interface
  has already shut down prints errors.

The path forward is to teach lagg(4) and vlan(4) about WOL.

PR:		251531, 251540
PR:		158734, 109980 are broken again
Reported by:	jhb, emaste, jtl, Helge Oldach<freebsd_oldach.net>
		Martin Birgmeier <d8zNeCFG_aon.at>
MFC after:      Immediately
Discussion at:	https://reviews.freebsd.org/D27459
2020-12-04 19:31:16 +00:00
Konstantin Belousov
71df6a153f rtld: bump r_debug.r_version to 1 from current 0.
Add r_ldbase.

Requested and reviewed by:	emaste
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D27429
2020-12-01 22:28:01 +00:00
Bjoern A. Zeeb
dd4d5a5ffb IPv6: set ifdisabled in the kernel rather than in rc
Enable ND6_IFF_IFDISABLED when the interface is created in the
kernel before return to user space.

This avoids a race when an interface is create by a program which
also calls ifconfig IF inet6 -ifdisabled and races with the
devd -> /etc/pccard_ether -> .. netif start IF -> ifdisabled
calls (the devd/rc framework disabling IPv6 again after the program
had enabled it already).

In case the global net.inet6.ip6.accept_rtadv was turned on,
we also default to enabling IPv6 on the interfaces, rather than
disabling them.

PR:		248172
Reported by:	Gert Doering (gert greenie.muc.de)
Reviewed by:	glebius (, phk)
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D27324
2020-11-25 20:58:01 +00:00
Mateusz Piotrowski
e5912dcf20 Revert r367291 (KEYWORD: shutdown for rc.d/zfs)
The problem is that zfs is asked to stop too early in the shutdown
sequence. Other services, such as syslog may still be running and have some
files open (e.g., under /var/log). This of course causes the messages like:

  cannot unmount '/var/run': umount failed
  cannot unmount '/var/log': umount failed
  cannot unmount '/var': umount failed
  cannot unmount '/usr/home': umount failed
  cannot unmount '/usr': umount failed
  cannot unmount '/': umount failed

For now, let's remove the shutdown KEYWORD from the zfs service, as people are
reporting problems in their setups:
https://lists.freebsd.org/pipermail/freebsd-current/2020-November/077559.html

In the future, we may think of stopping zfs on shutdown after all the other
services and just before init(8) exits. Another interesting option might be to
a new rcorder(8) KEYWORD like "shutdownjail", but this idea would need to be
discussed a bit.

Reported by:	Johan Hendriks <joh.hendriks gmail.com>
Reported by:	Yasuhiro KIMURA <yasu utahime.org>
Reported by:	Tomoaki AOKI <junchoon dec.sakura.ne.jp>
Approved by:	kevans (src)
MFC:		3 days
Differential Revision:	https://reviews.freebsd.org/D27263
2020-11-20 14:37:07 +00:00
Rick Macklem
01b139f212 Fix startup of gssd when /usr is a separately mounted local file system.
meowthink@gmail.com reported that the gssd daemon was not
starting, because /etc/rc.d/gssd was executed before his local
/usr file system was mounted.
He fixed the problem by adding mountcritlocal to the REQUIRED
line.

This fix seems safe and works for a separately mounted /usr file
system on a local disk.
The case of a separately mounted remote /usr file system (such as
NFS) is still broken, but there is no obvious solution for that.
Adding mountcritremote would fix the problem, but it would
cause a POLA violation, because all kerberized NFS mounts
in /etc/fstab would need the "late" option specified to work.

Submitted by:	meowthink@gmail.com
Reported by:	meowthink@gmail.com
Reviewed by:	0mp
MFC after:	2 weeks
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D27203
2020-11-14 01:49:49 +00:00
Rick Macklem
4389a56610 Add support for the new mountd -R option.
r376026 added a new "-R" option to mountd, which tells it to
not support the Mount protocol (not used by NFSv4) and not
register with rpcbind.
Rpcbind is considered a security issue by some sites now.

This patch adds a new yes/no variable called nfsv4_server_only.
When that is set, make vfs.nfsd.server_min_vers=4 and set "=R"
for mountd.
Setting vfs.nfsd.server_min_vers=4 tells nfsd to not register with rpcbind.
While here, add a check for "load_kld nfsd" failing to nfsd.

Reviewed by:	0mp
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D26938
2020-11-06 16:33:42 +00:00
Stefan Eßer
08867050c9 Replace literal uses of /usr/local with a variable
The variable defaults to "/usr/local", unless sysctl returns some other
value for "user.localbase".

The value of user.localbase defaults to _PATH_LOCALBASE as defined in
paths.h and thus this commit has no immediate effect.

The purpose of this change is to make /etc/defaults/rc.conf automatically
use the value of _PATH_LOCALBASE when not set to the default value.

Reviewed by:	imp, scottl
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D27014
2020-11-03 12:29:10 +00:00
Mateusz Piotrowski
0cadbd6cd2 rc.d/zfs: Add shutdown to KEYWORDS
The problem is that Without walling /etc/rc.d/zfs on shutdown, resources
associated with ZFS mounts are not freed and the jails will remain in dying
state. In addition, the dataset is now in a dangling state, as the jail it
is attached to is dying.

A known workaround for jails was to add the following lines
to /etc/jail.conf, to make sure that "service zfs stop" is run
when the jail is stopped:

    exec.stop = "/bin/sh /etc/rc.shutdown";
    exec.stop += "/usr/sbin/service zfs stop || /usr/bin/true";

While the workaround seems to be okay-ish for the jail situation, it is
still unclean. However, for physical hosts this may wreak havoc with the
pool if shared spares are used, as "zfs unshare" is never invoked on
shutdown.

PR:		147444
Submitted by:	Markus Stoff <markus__stoffdv_at>
Reported by:	Mykah <mburkhardt__exavault_com>
Reviewed by:	cy
Approved by:	cy (src)
MFC after:	1 week
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D27039
2020-11-03 10:02:52 +00:00
Ed Maste
98b04ac359 rc.d/syscons: remove spaces before tab 2020-10-25 18:27:21 +00:00
Cy Schubert
bd0e0447cb Destroy cloned interfaces at netif stop, netif restart and shutdown.
This is especially important during shutdown because a child interface
of lagg with WOL enabled will not enable WOL at interface shutdown and
thus no WOL to wake up the device (and machine).

PR:		158734, 109980
Reported by:	Antonio Huete Jimenez <tuxillo at quantumachine.net>
		Marat N.Afanasyev <marat at zealot.ksu.ru>
reviewed by:	kp
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D26797
2020-10-19 20:37:38 +00:00
Gordon Bergling
812b09037d Fix a few mandoc issues
- whitespace at end of input line
- skipping paragraph macro: Pp at the end of Sh
- new sentence, new line
- consider using OS macro: Fx
- AUTHORS section without An macro
- skipping paragraph macro: Pp before Ss
2020-10-09 15:14:19 +00:00
Pawel Biernacki
9ef9175912 [pf] /etc/rc.d/pf should REQUIRE routing
When a system with pf_enable="YES" in /etc/rc.conf uses hostnames in
/etc/pf.conf, these hostnames cannot be resolved via external nameservers
because the default route is not yet set. This results in an empty
(all open) ruleset.

Since r195026 already put netif back to REQUIRE, this change does not affect
the issue that the firewall should rather have been setup before any
network traffic can occur.

PR:		211928
Submitted by:	Robert Schulze
Reported by:	Robert Schulze
Tested by:	Mateusz Kwiatkowski
No objections from:	kp
MFC after:	3 days
2020-10-08 11:45:10 +00:00
Kyle Evans
7cc42f6d25 Do a sweep and remove most WARNS=6 settings
Repeating the default WARNS here makes it slightly more difficult to
experiment with default WARNS changes, e.g. if we did something absolutely
bananas and introduced a WARNS=7 and wanted to try lifting the default to
that.

Drop most of them; there is one in the blake2 kernel module, but I suspect
it should be dropped -- the default WARNS in the rest of the build doesn't
currently apply to kernel modules, and I haven't put too much thought into
whether it makes sense to make it so.
2020-10-01 01:10:51 +00:00
Brandon Bergren
24faccc241 [PowerPC64LE] Use a shared LIBC_ARCH for powerpc64le.
Given that we have converted to ELFv2 for BE already, endianness is the only
difference between the two ARCHs.

As such, there is no need to differentiate LIBC_ARCH between the two.

Combining them like this lets us avoid needing to have two copies of several
bits for no good reason.

Sponsored by:	Tag1 Consulting, Inc.
2020-09-23 00:21:51 +00:00
Mark Johnston
3c0c1e01c9 ftpd: Add missing braces around a statfd check
This was harmless but looked incorrect.  No functional change intended.

MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2020-09-22 15:54:18 +00:00
Mark Johnston
0aabff2880 tftpd: Check for errors from chdir()
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2020-09-22 15:54:05 +00:00
Toomas Soome
e307eb94ae loader: zfs should support bootonce an nextboot
bootonce feature is temporary, one time boot, activated by
"bectl activate -t BE", "bectl activate -T BE" will reset the bootonce flag.

By default, the bootonce setting is reset on attempt to boot and the next
boot will use previously active BE.

By setting zfs_bootonce_activate="YES" in rc.conf, the bootonce BE will
be set permanently active.

bootonce dataset name is recorded in boot pool labels, bootenv area.

in case of nextboot, the nextboot_enable boolean variable is recorded in
freebsd:nvstore nvlist, also stored in boot pool label bootenv area.
On boot, the loader will process /boot/nextboot.conf if nextboot_enable
is "YES", and will set nextboot_enable to "NO", preventing /boot/nextboot.conf
processing on next boot.

bootonce and nextboot features are usable in both UEFI and BIOS boot.

To use bootonce/nextboot features, the boot loader needs to be updated on disk;
if loader.efi is stored on ESP, then ESP needs to be updated and
for BIOS boot, stage2 (zfsboot or gptzfsboot) needs to be updated
(gpart or other tools).

At this time, only lua loader is updated.

Sponsored by:	Netflix, Klara Inc.
Differential Revision:	https://reviews.freebsd.org/D25512
2020-09-21 09:01:10 +00:00
Mark Johnston
2ac431003b ftpd: Exit during authentication if an error occurs after chroot().
admbug:		969
Security:	CVE-2020-7468
2020-09-15 20:54:18 +00:00
Kyle Evans
ecebb3cc1d Only set WARNS if not defined
This would allow interested parties to do experimental runs with an
environment set appropriately to raise all the warnings throughout the
build; e.g. env WARNS=6 NO_WERROR=yes buildworld.

Not currently touching the numerous instances in ^/tools.

MFC after:	1 week
2020-09-11 13:28:37 +00:00
Kyle Evans
6703731d6e phttpget: move out of portsnap
Currently, WITHOUT_PORTSNAP forces WITHOUT_FREEBSD_UPDATE because the
latter relies on phttpget, which lives inside the portsnap build bits.

Remove the dependency between these two options by moving phttpget out into
^/libexec and building/installing it if either WITH_PORTSNAP or
WITH_FREEBSD_UPDATE.

Future work could remove the conditional if it's decided that users will use
it independently of either the current in-base consumers.

Reported by:	swills
Reviewed by:	jilles, emaste
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D26255
2020-09-09 00:39:47 +00:00
Konstantin Belousov
1db23efb83 rtld: pass argc/argv/env to dso inits.
This is consistent with how array inits are called, and also makes us
more compatible with glibc environment.

Requested by:	Alex S <iwtcex@gmail.com>
PR:	249162
Reviewed by:	dim, emaste
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D26351
2020-09-07 21:32:27 +00:00
Konstantin Belousov
12cb97fb37 Undo 'fix off by one' part of r365360.
Noted by:	emaste
Sponsored by:	The FreeBSD Foundation
MFC after:	6 days
2020-09-05 22:48:27 +00:00
Konstantin Belousov
500433057e rtld: do not refuse to relocate objects without dynamic symtabs.
Such objects can still have valid relocations not requiring symbolic
references.

PR:	249121
Reported by:	wsh@riski.sh
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2020-09-05 22:44:38 +00:00
Konstantin Belousov
2b49b95cfa rtld: do not process absent dynamic.
If object has no dynamic phdr, do not try to dereference NULL.  This
means that we cannot process any relocation, and that there cannot be
symbols defined, but it is up to static linker to produce meaningful
objects.

PR:	249121
Reported by:	wsh@riski.sh
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2020-09-05 22:41:31 +00:00
Konstantin Belousov
5d6d106cf6 rtld: Handle ELF dso with program headers outside the first page.
Reported by:	Alex Arslan <alex.arslan@julialang.org>
PR:	229708
Reviewed by:	dim (previous version), emaste
Sponsored by:	The FreeBSD Foundation
Differential revision:	https://reviews.freebsd.org/D26323
2020-09-05 10:16:24 +00:00
Xin LI
90802d88a5 Declare dependency relationship once instead of twice for zpool
and zvol.
2020-09-05 00:45:46 +00:00
Xin LI
0cd669785d Make zpool on GELI work again.
After OpenZFS import, zpool auto import behavior was moved to an
explicit "zpool import -a", and the zpool rc.d script was added
as a prerequisite of zvol.

However, in r299839, zvol was added as a prerequisite of dumpon,
making it to start very early and before all 'disks' providers.
At this time, dumping on a zvol is not supported, so remove this
requirement and make zpool depend on disks to allow zpool on
full disk encryption work.

Reviewed by:		allanjude
Differential Revision:	https://reviews.freebsd.org/D26333
2020-09-04 23:36:43 +00:00
Brooks Davis
29e1fceb73 Maintain a stack alignment of 16-bytes.
This violated the RISC-V 64-bit ABI.  On CheriBSD this manifested as
a trap when attempting to store 16-byte aligned types while zeroing
the stack.

Reported by:	CHERI, jrtc27
Reviewed by:	mhorne, br
Obtained from:	CheriBSD
Sponsored by:	DARPA
Differential Revision:	https://reviews.freebsd.org/D26327
2020-09-04 21:46:10 +00:00
Cy Schubert
a784185078 /etc/zfs/zpool.cache is the preferred (and new) location of zpool.cache.
Check for it first. Only use /boot/zfs/zpool.cache if the /etc/zfs
version is not found and good.

Reported by:	avg
Suggested by:	avg, kevans
2020-08-27 14:33:46 +00:00
Cy Schubert
f1602aff80 To avoid breakage for those who build/install without ZFS only
rely on rc.d/zpool's BEFORE specification.

Reported by:	rpokala
2020-08-26 20:30:00 +00:00
Cy Schubert
74e2b24f2c As of r364746 (OpenZFS import) existing ZPOOLs are not imported
prior to zvol and mountcritlocal resulting in ZVOLs (swap and
virtual machine UFS filesystems) being unavailable, leading to
boot failures.

We move the zpool import from zfs to a new zpool script, with the
-N option to avoid mounting datasets while making the ZPOOL's
datasets available for "legacy" mount (mountpoint=legacy) and ZVOLs
available for subsequent use for swap (in the zvol rc sript) or
for UFS or other filesystems in fstab(5), mounted by mountcritlocal.

Reviewed by:		freqlabs (previous version)
Differential Revision:	https://reviews.freebsd.org/D26185
2020-08-26 13:13:57 +00:00
Matt Macy
9e5787d228 Merge OpenZFS support in to HEAD.
The primary benefit is maintaining a completely shared
code base with the community allowing FreeBSD to receive
new features sooner and with less effort.

I would advise against doing 'zpool upgrade'
or creating indispensable pools using new
features until this change has had a month+
to soak.

Work on merging FreeBSD support in to what was
at the time "ZFS on Linux" began in August 2018.
I first publicly proposed transitioning FreeBSD
to (new) OpenZFS on December 18th, 2018. FreeBSD
support in OpenZFS was finally completed in December
2019. A CFT for downstreaming OpenZFS support in
to FreeBSD was first issued on July 8th. All issues
that were reported have been addressed or, for
a couple of less critical matters there are
pull requests in progress with OpenZFS. iXsystems
has tested and dogfooded extensively internally.
The TrueNAS 12 release is based on OpenZFS with
some additional features that have not yet made
it upstream.

Improvements include:
  project quotas, encrypted datasets,
  allocation classes, vectorized raidz,
  vectorized checksums, various command line
  improvements, zstd compression.

Thanks to those who have helped along the way:
Ryan Moeller, Allan Jude, Zack Welch, and many
others.

Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D25872
2020-08-25 02:21:27 +00:00
Xin LI
941791759c Don't explicitly specify c99 or gnu99 as the default is now gnu99.
MFC after:	2 weeks
2020-08-17 05:57:02 +00:00
Kyle Evans
967fbfd9e2 Properly disable LUA_USE_DLOPEN for bootstrap flua
flua does have some specific bits that will include luaconf.h, but the
definition of LUA_USE_DLOPEN for those won't matter. This belongs in liblua
instead.

To expand on my previous commit, which was a little sparse with details,
it's not really safe to allow LUA_USE_DLOPEN with host lib paths being used.
The host system could have an entirely different lua version and this could
cause us to crash and burn.

If we want to revive this later, we need to make sure to define c module
paths inside OBJDIR that are compiled against whatever version we've
bootstrapped.

Pointy hat:	kevans
2020-08-14 02:40:17 +00:00
Kyle Evans
c2a2b4f3cf flua: don't allow dlopen, et al., for bootstrap flua
There are some logistics issues that need to be sorted out here before we
can actually allow this to work.
2020-08-14 02:22:19 +00:00
Ed Maste
3bd8419597 flua: support "require" for binary objects in the base system
Export symbols from flua, and enable dlopen.

Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D26059
2020-08-13 23:13:05 +00:00
Cy Schubert
51da4b19be When booting a system with WITHOUT_IPFILTER the following errors
are encountered at boot time:

rcorder: requirement `ipfs' in file `/etc/rc.d/netif' has no providers.
rcorder: requirement `ipfilter' in file `/etc/rc.d/netif' has no
providers.
rcorder: requirement `ipfilter' in file `/etc/rc.d/netwait' has no
providers.
rcorder: requirement `ipfilter' in file `/etc/rc.d/net_watchdog' has no
providers.
rcorder: requirement `ipfilter' in file `/etc/rc.d/securelevel' has no
providers.

Listing its own requrements in BEFORE rather than use REQUIRE of
non-optional scripts resolves this issue.

The issue was discovered and patched by glebius at Netflix.

Submitted by:	glebius
Reported by:	glebius
MFC after:	1 week
2020-08-11 23:36:38 +00:00
Cy Schubert
795be686d8 Load ipfilter, ipnat, and ippool rules, and start ipmon in a vnet jail.
PR:		248109
Reported by:	joeb1@a1poweruser.com
MFC after:	2 weeks
2020-07-23 17:39:45 +00:00
Mark Johnston
7df88b9ddd rc.firewall: Merge two identical conditions into one.
No functional change intended.

PR:		247949
Submitted by:	Jose Luis Duran <jlduran@gmail.com>
MFC after:	1 week
2020-07-23 15:03:28 +00:00
Warner Losh
49d941eee0 getty appears to date from 3rd edition research unix. That's the oldest man page
on TUHS and its 'unix 1972' restoration effort has assembler sources that look
like simpler version of what's in the 5th edition.
2020-07-22 00:44:47 +00:00
Simon J. Gerraty
f2be828f97 Revert that! 2020-07-19 23:56:19 +00:00
Simon J. Gerraty
e17f5b1d30 Oops missed Makefile.config 2020-07-19 23:54:00 +00:00
John Baldwin
e9751a84dd Include FreeBSD ABI tag note in the ELF runtime loader.
Reviewed by:	kib
Sponsored by:	DARPA
Differential Revision:	https://reviews.freebsd.org/D25306
2020-07-16 22:01:01 +00:00
Allan Jude
fb6b5cd016 Remove excess spaces from rc.d scripts
The space between words is already being echoed by the space between quoted strings:

    % echo 'foo' 'bar'
    foo bar

    % echo 'foo' ' baz'
    foo  baz

Found in `ipfw` and `mountlate` messages.

PR:		247948
Submitted by:	Jose Luis Duran <jlduran@gmail.com>
MFC after:	2 weeks
Sponsored by:	Klara Inc.
2020-07-13 13:44:54 +00:00