Commit Graph

183791 Commits

Author SHA1 Message Date
Jeremie Le Hen
622ceeb3fb Install 450.status-security. 2013-08-27 21:28:12 +00:00
Jeremie Le Hen
69b55c23cb Make the period of each periodic security script configurable.
There are now six additional variables
  weekly_status_security_enable
  weekly_status_security_inline
  weekly_status_security_output
  monthly_status_security_enable
  monthly_status_security_inline
  monthly_status_security_output
alongside their existing daily counterparts.  They all have the same
default values.

All other "daily_status_security_${scriptname}_${whatever}"
variables have been renamed to "security_status_${name}_${whatever}".
A compatibility shim has been introduced for the old variable names,
which we will be able to remove in 11.0-RELEASE.

"security_status_${name}_enable" is still a boolean but a new
"security_status_${name}_period" allows to define the period of
each script.  The value is one of "daily" (the default for backward
compatibility), "weekly", "monthly" and "NO".

Note that when the security periodic scripts are run directly from
crontab(5) (as opposed to being called by daily or weekly periodic
scripts), they will run unless the test is explicitely disabled with a
"NO", either for in the "_enable" or the "_period" variable.

When the security output is not inlined, the mail subject has been
changed from "$host $arg run output" to "$host $arg $period run output".
For instance:
  myfbsd security run output ->  myfbsd security daily run output
I don't think this is considered as a stable API, but feel free to
correct me if I'm wrong.

Finally, I will rearrange periodic.conf(5) and default/periodic.conf
to put the security options in their own section.  I left them in
place for this commit to make reviewing easier.

Reviewed by:	hackers@
2013-08-27 21:20:28 +00:00
Andre Oppermann
f729ede69e Pad m_hdr on 32bit architectures to to prevent alignment and padding
problems with the way MLEN, MHLEN, and struct mbuf are set up.

CTASSERT's are provided to detect such issues at compile time in the
future.

The #define MLEN and MHLEN calculation do not take actual compiler-
induced alignment and padding inside the complete struct mbuf into
account.  Accordingly appropriate attention is required when changing
members of struct mbuf.

Ideally one would calculate MLEN as (MSIZE - sizeof(((struct mbuf *)0)->m_hdr)
but that doesn't work as the compiler refuses to operate on an as of
yet incomplete structure.

In particular ARM 32bit has more strict alignment requirements which
caused 4 bytes of padding between m_hdr and pkthdr in struct mbuf
because of the 64bit members in pkthdr.  This wasn't picked up by MLEN
and MHLEN causing an overflow of the mbuf provided data storage by
overestimating its size.

I386 didn't show this problem because it handles unaligned access just
fine, albeit at a small performance penalty.

On 64bit architectures the struct mbuf layout is 64bit aligned in all
places.

Reported by:	Thomas Skibo <ThomasSkibo-at-sbcglobal-dot-net>
Tested by:	tuexen, ian, Thomas Skibo (extended patch)
Sponsored by:	The FreeBSD Foundation
2013-08-27 20:52:02 +00:00
Kenneth D. Merry
73825c1732 If a drive returns ASC/ASCQ 0x04,0x11 "Logical unit not ready,
notify (enable spinup) required", instead of doing the normal
retries, poll for a change in status.

We will poll every half second for a minute for the status to
change.

Hitachi drives (and likely other SAS drives) return that ASC/ASCQ
when they are waiting to spin up.  What it means is that they are
waiting for the SAS expander to send them the SAS
NOTIFY (ENABLE SPINUP) primitive.

That primitive is the mechanism expanders/enclosures use to
sequence drive spinup to avoid overloading power supplies.

Sponsored by:	Spectra Logic
MFC after:	3 days
2013-08-27 19:47:03 +00:00
Steve Kargl
2a3910b931 * s_erf.c:
. Use integer literal constants instead of double literal constants.

* s_erff.c:
  . Use integer literal constants instead of casting double literal
    constants to float.
  . Update the threshold values from those carried over from erf() to
    values appropriate for float.
  . New sets of polynomial coefficients for the rational approximations.
    These coefficients have little, but positive, effect on the maximum
    error in ULP in the four intervals, but do improve the overall
    speed of execution.
  . Remove redundant GET_FLOAT_WORD(ix,x) as hx already contained the
    contents that is packed into ix.
  . Update the mask that is used to zero-out lower-order bits in x in
    the intervals [1.25, 2.857143] and [2.857143, 12].  In tests on
    amd64, this change improves the maximum error in ULP from 6.27739
    and 63.8095 to 3.16774 and 2.92095 on these intervals for erffc().

Reviewed by:	bde
2013-08-27 19:46:56 +00:00
Colin Percival
d1688fc3f1 Remove duplicate dev.xbd.*.max_requests sysctl added in r252260.
Approved by:	gibbs
2013-08-27 19:10:36 +00:00
Roman Divacky
4d93b060fa Assemble linux32_locore.s and ia32_sigtramp.S with clang integrated assembler.
Support for .code32 and .code64 in llvm was implemented more than 2 years ago.

Tested by:      Dan McGregor <dan.mcgregor at usask dot ca>
2013-08-27 18:35:04 +00:00
Neel Natu
6a52209f9c Allow single byte reads of the emulated MSI-X tables. This is not required
by the PCI specification but needed to dump MMIO space from "ddb" in the
guest.
2013-08-27 16:50:48 +00:00
Neel Natu
6f6ebf3c3f Add support for emulating the byte move instruction "mov r/m8, r8".
This emulation is required when dumping MMIO space via the ddb "examine"
command.
2013-08-27 16:49:20 +00:00
Alfred Perlstein
29c463d633 Remove include opt_ofed.h since OFED is unifdef'd.
Pointed out by: glebius
2013-08-27 16:45:00 +00:00
Devin Teske
a5aa00fbae Formally remove WITH_BSDCONFIG build option and re-generate src.conf.5
NOTE: Should have been inline with revisions 252862 and 254958.
2013-08-27 16:30:50 +00:00
Devin Teske
6b2f5f7958 Add note/reminder about dialog(1) regression in HEAD/10.0-C so that we don't
forget about it in the multi-month run of things to fix prior to 10.0-R.
2013-08-27 16:10:44 +00:00
Will Andrews
caf6fbd81a Make the PAM password strength checking module WARNS=2 safe.
lib/libpam/modules/pam_passwdqc/Makefile:
	Bump WARNS to 2.

contrib/pam_modules/pam_passwdqc/pam_passwdqc.c:
	Bump  _XOPEN_SOURCE and _XOPEN_VERSION from 500 to 600
	so that vsnprint() is declared.

	Use the two new union types (pam_conv_item_t and
	pam_text_item_t) to resolve strict aliasing violations
	caused by casts to comply with the pam_get_item() API taking
	a "const void **" for all item types.  Warnings are
	generated for casts that create "type puns" (pointers of
	conflicting sized types that are set to access the same
	memory location) since these pointers may be used in ways
	that violate C's strict aliasing rules.  Casts to a new
	type must be performed through a union in order to be
	compliant, and access must be performed through only one
	of the union's data types during the lifetime of the union
	instance.  Handle strict-aliasing warnings through pointer
	assignments, which drastically simplifies this change.

	Correct a CLANG "printf-like function with more arguments
	than format" error.

Submitted by:	gibbs
Sponsored by:	Spectra Logic
2013-08-27 15:50:26 +00:00
Gavin Atkinson
2710901380 Allow more space for interface names.
MFC after:	1 week
2013-08-27 15:06:39 +00:00
Devin Teske
88f6b1e401 It was brought to my attention that SVN r252862 was incomplete. It needed
to also make this change, to completely deprecate WITH_BSDCONFIG.
2013-08-27 14:48:01 +00:00
Adrian Chadd
e95f34242c Use the new ieee80211_tx_complete() function. 2013-08-27 14:39:37 +00:00
Adrian Chadd
36ee7775f4 Create a new function to complete 802.11 mbuf transmission.
The aim of this function is to eventually be the completion entry point
for all 802.11 encapsulated mbufs.  All the wifi drivers end up doing
what is in this function so it's an easy win to turn it into a net80211
method and abstract out this code.

Ideally the drivers will all eventually be modified to queue up completed
mbufs and call this function with all the driver locks not held.
This will allow for some much more interesting software queue handling
in the future (like net80211 based A-MSDU, fast-frames, A-MPDU aggregation
and retransmission.)

Tested:

* ath(4), iwn(4)
2013-08-27 14:37:13 +00:00
Hiroki Sato
6ce540f397 Fix a crash when reloading the configuration file.
Spotted by:	des
2013-08-27 11:50:33 +00:00
Alexander Motin
27dfa8eb60 Add missing newlines to Fibre Channel attributes output. 2013-08-27 06:50:46 +00:00
Devin Teske
f8dfdfbf4c Update copyright. 2013-08-27 06:09:28 +00:00
Will Andrews
0ca8e70cb0 Fix 'make release' on older hosts: use buildworld legacy utilities.
Newer FreeBSD installs require an install(1) that supports the new flags.

This adds ${MAKEOBJDIRPREFIX}${.CURDIR}/tmp/legacy/{bin,usr/{bin,sbin}}
to the PATH while generating an mtree database for 'make release'.

Note that the problem only exists here because mm-mtree.sh generates
its own object tree to avoid mucking with the existing one, which
results in a PATH containing legacy utility dirs that are empty.
2013-08-27 04:42:42 +00:00
Bryan Venteicher
3c9657753e Couple minor if_vmx tweaks
- Use queue size fields from the Tx/Rx queues in various places
    instead of (currently the same values) from the softc.
  - Fix potential crash in detach if the attached failed to alloc
    queue memory.
  - Move the VMXNET3_MAX_RX_SEGS define to a better spot.
  - Tweak frame size calculation w.r.t. ETHER_ALIGN. This could be
    tweaked some more, or removed since it probably doesn't matter
    much for x86 (and the x86 class of machines this driver will
    be used on).
2013-08-27 04:05:18 +00:00
Will Andrews
5a5347c3f1 Build all ZFS testing & debugging tools with -g.
These programs and everything using libzpool rely on the embedded asserts to
verify the correctness of operations.  Given that, the core dumps would be
useless without debug symbols.
2013-08-27 04:01:31 +00:00
Peter Grehan
000f0835b2 Fix off-by-1 error in assert.
Submitted by:	Tycho Nightingale (tycho.nightingale@pluribusnetworks.com)
2013-08-27 03:49:47 +00:00
Oleksandr Tymoshenko
e6353b0005 Fixes for compatibility with QEMU:
- Route PCI interrupt for NIC
- Make "no mapping" warning more user-friendly: add device name and mention
    that it's IRQ mapping
- Do not overlap ICUs' IO window with PCI devices' IO windows by starting
    IO rman at offset 0x100
2013-08-27 01:40:13 +00:00
Konstantin Belousov
1ca79c111c When allocating a pbuf for the cluster write, do not sleep waiting
for the available pbuf when passed vnode is backing md(4). Other i/o
directed to the same md device might already hold pbufs, and then we
could deadlock since only our progress can free a pbuf needed for
wakeup.

Obtained from:	projects/vm6
Reminded and tested by:	pho
MFC after:	1 week
2013-08-27 01:31:12 +00:00
Oleksandr Tymoshenko
c9735f9537 - Initialize freq variable so we will not end up with random value
if there is no YAMON present
2013-08-27 01:08:55 +00:00
Will Andrews
5e9ccc8797 Add the ability to display the default FIB number for a process to the
ps(1) utility, e.g. "ps -O fib".

bin/ps/keyword.c:
	Add the "fib" keyword and default its column name to "FIB".

bin/ps/ps.1:
	Add "fib" as a supported keyword.

sys/compat/freebsd32/freebsd32.h:
sys/kern/kern_proc.c:
sys/sys/user.h:
	Add the default fib number for a process (p->p_fibnum)
	to the user land accessible process data of struct kinfo_proc.

Submitted by:	Oliver Fromme <olli@fromme.com>, gibbs
2013-08-26 23:48:21 +00:00
Devin Teske
e44da61e69 Building upon SVN r254237, disable automated activation of alternate layouts
and add support for default underride to $loader_version, acting as a way to
name a release. Release text is not displayed for the aforementioned feature
of alternate display layout (introduced in r254237); however, for all other
layouts (incl. default), the release name is displayed at lower-right.

See version.4th(8) for additional information and/or historical details.
NOTE: Also a minor edit to version.4th(8) while we're here.
2013-08-26 23:37:11 +00:00
Pedro F. Giffuni
d69c286983 Merge various CTF fixes from illumos
2942 CTF tools need to handle files which legitimately lack data
2978 ctfconvert still needs to ignore legitimately dataless files on SPARC

Illumos Revisions:	13745:6b3106b4250f
			13754:7231b684c18b

Reference:

https://www.illumos.org/issues/2942
https://www.illumos.org/issues/2978

MFC after:	3 weeks
2013-08-26 22:29:42 +00:00
Joerg Wunsch
acb3b5d2fe Reimplement the FDOPT_NOERROR feature that was kicked out in r134081.
It is needed for fdread(1) in order to be able to recover from CRC
errors in the data field of a floppy sector (by returning the sector
data that failed CRC, rather than inventing dummy data).

When closing the device, clear all transient device options.

MFC after:	1 week
2013-08-26 21:15:50 +00:00
Alexander Motin
3843eba85d MFprojects/camlock r254895:
Add unmapped BIO support to GEOM ZERO if kern.geom.zero.clear is cleared.
2013-08-26 20:39:02 +00:00
Navdeep Parhar
8a59745fca Use correct mailbox and PCIe PF number when querying RDMA parameters. 2013-08-26 19:02:52 +00:00
John-Mark Gurney
57150ff69b fix up some comments and a white space issue...
MFC after:	3 days
2013-08-26 18:53:19 +00:00
John-Mark Gurney
7ffbbd985e fix up my copyright and remove third clause.. 2013-08-26 18:51:48 +00:00
John-Mark Gurney
7455cb5e18 fix up my copyright.. 2013-08-26 18:50:40 +00:00
John-Mark Gurney
2af90ee542 none of the drivers in the tree support CDIOCCAPABILITY or CDIOCPITCH..
remove the documentation so people won't get confused and think they
are supported...
2013-08-26 18:47:10 +00:00
John Baldwin
fd77bbb967 Remove most of the remaining sysctl name list macros. They were only
ever intended for use in sysctl(8) and it has not used them for many
years.

Reviewed by:	bde
Tested by:	exp-run by bdrewery
2013-08-26 18:16:05 +00:00
John-Mark Gurney
534b11a131 Add support for my:
CPU: AMD A10-5700 APU with Radeon(tm) HD Graphics    (3393.89-MHz K8-class CPU)
2013-08-26 17:38:36 +00:00
John-Mark Gurney
976a220f2c Joerg was my mentor way back when... 2013-08-26 17:36:55 +00:00
Jilles Tjoelker
f92f062e50 kdump: Decode SOCK_CLOEXEC and SOCK_NONBLOCK in socket() and socketpair(). 2013-08-26 17:22:51 +00:00
Antoine Brodin
e434cacb66 Add more obsolete files. 2013-08-26 17:21:40 +00:00
Antoine Brodin
8aad3f600b Regenerate src.conf.5 2013-08-26 17:18:21 +00:00
Antoine Brodin
8f4c73b41f Document WITHOUT_ICONV, WITH_LIBICONV_COMPAT and WITH_USB_GADGET_EXAMPLES 2013-08-26 17:15:56 +00:00
Rafal Jaworowski
b949475db0 Introduce superpages support for ARMv6/v7.
Promoting base pages to superpages can increase TLB coverage and allow for
efficient use of page table entries.  This development provides FreeBSD/ARM
with superpages management mechanism roughly equivalent to what we have for
i386 and amd64 architectures.

1. Add mechanism for automatic promotion of 4KB page mappings to 1MB section
   mappings (and demotion when not needed, respectively).

2. Managed and non-kernel mappings are now superpages-aware.

3. The functionality can be enabled by setting "vm.pmap.sp_enabled" tunable to
   a non-zero value (either in loader.conf or by modifying "sp_enabled"
   variable in pmap-v6.c file).  By default, automatic promotion is currently
   disabled.

Submitted by:	Zbigniew Bodek <zbb@semihalf.com>
Reviewed by:	alc
Sponsored by:	The FreeBSD Foundation, Semihalf
2013-08-26 17:12:30 +00:00
Antoine Brodin
0c4367400d Hook vm_page_busy.9 to the build 2013-08-26 16:38:40 +00:00
Rafal Jaworowski
995c2b63f7 Provide settings for superpage reservation system on ARM.
This allows for enabling and configuring superpages reservation mechanism in
order to allocate and populate 256 4KB base pages (for the purpose of
promotion to a 1MB superpage).

Submitted by:	Zbigniew Bodek <zbb@semihalf.com>
Reviewed by:	alc
Sponsored by:	The FreeBSD Foundation, Semihalf
2013-08-26 16:23:54 +00:00
Rafal Jaworowski
026bf0a293 Add missing TAILQ initializer (omitted in r250634).
Submitted by:	Zbigniew Bodek <zbb@semihalf.com>
Reviewed by:	alc
Sponsored by:	The FreeBSD Foundation, Semihalf
2013-08-26 15:38:27 +00:00
Gleb Smirnoff
133dae887b Remove comment that is no longer relevant since r254182. 2013-08-26 14:14:25 +00:00
Andre Oppermann
b072bdc119 Fix mbuf debugging printf()'s after the recent mbuf header changes. 2013-08-26 13:17:37 +00:00