228273 Commits

Author SHA1 Message Date
Colin Percival
4a93691064 Make EC2 instances use Amazon's NTP service for time synchronization.
Since Amazon provides NTP servers within their network, this should
be far superior to using the default NTP pools; and since the service
is provided by Amazon there's very little risk in enabling it by
default.  (If someone is able to compromise Amazon's NTP servers and
exploit them to attack EC2 instances, they would almost certainly be
able to compromise EC2 instances even without ntpd running...)

MFC after:	1 week
Relnotes:	EC2 instances now keep their clocks synchronized using
		the Amazon Time Sync Service (aka. NTP).
2017-12-05 09:22:14 +00:00
Colin Percival
4ba35bc4db Resurrect r321659: Turn off ChallengeResponseAuthentication for EC2 AMIs.
EC2 instances are normally launched with an SSH public key specified,
which is then used for logging in (by default, as 'ec2-user').  Having
ChallengeResponseAuthentication enabled (as FreeBSD's default sshd_config
does) has no functional effect in a new EC2 instance, since you can't log
in using a password until a password has been set -- but having this
enabled results in alerts from automated scanning tools which can detect
that sshd advertises support for keyboard-interactive logins (since they
can't detect that accounts have no password set).

EC2 users who want to use passwords to log in to their instances will need
to set 'ChallengeResponseAuthentication yes' in FreeBSD 12.0 and later.

Discussed with:	gjb, gtetlow, emaste, des
Requested by:	Amazon
X-MFC:		No
Relnotes:	ChallengeResponseAuthentication is turned off by default in
		Amazon EC2 AMIs.
2017-12-05 09:08:48 +00:00
Hans Petter Selasky
be28698cf2 Correctly prefix the infiniband include directory for buildworld. This fixes
the OFED buildworld target, WITH_OFED=YES, when the include files are not
already installed locally, but only in the temporary object directory.

Found by:	kib
Sponsored by:	Mellanox Technologies
2017-12-05 08:25:17 +00:00
Xin LI
69097cd8da Use strlcpy().
MFC after:	2 weeks
2017-12-05 07:21:47 +00:00
Xin LI
aff7b6c709 Use strlcpy().
MFC after:	2 weeks
2017-12-05 07:11:56 +00:00
Xin LI
807e955710 Create links for xzdiff.
MFC after:	2 weeks
2017-12-05 07:01:10 +00:00
Cy Schubert
4451f1426c fdformat is a sysadmin command and thus its man page should be in
volume 8 instead of volume 1.

Reviewed by:	imp
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D13370
2017-12-05 05:02:46 +00:00
Eitan Adler
8d4a7aab40 sponge(1): fix my tests
Reviewed by:	kevans
2017-12-05 04:43:39 +00:00
Alan Somers
95639a80ef dc(1): fix input of non-decimal fractional numbers
Inputting fractional non-decimal numbers has never worked correctly in our
OpenBSD-derived dc(1). It truncates the input to a number of decimal places
equal to the number of hexadecimal (or whatever base) places given on the
input. That's unacceptable, because many numbers require more precision to
represent in base 10 than in their original bases.

Fix this bug by using as many decimal places as needed to represent the
input, up to the maximum of the global scale factor.

This has one mildly surprising side effect: the scale of a number entered in
non-decimal mode will no longer necessarily equal the number of hexadecimal
(or whatever base) places given on the input. I think that's an acceptable
behavior change, given that inputting fractional non-decimal numbers never
worked in the first place, and the man page doesn't specify whether trailing
zeros on the input should affect a number's scale.

PR:		206230
Reported by:	nibbana@gmx.us
Reviewed by:	pfg
Differential Revision:	https://reviews.freebsd.org/D13336
2017-12-05 04:22:35 +00:00
Eitan Adler
cea266bd9f sponge(1) Minor commit for commit log
Differential Revision:	https://reviews.freebsd.org/D12900
RelNotes:		yes
2017-12-05 03:57:51 +00:00
Eitan Adler
7202e5e8f6 sponge(1): initial commit
sponge(1) is a utility that reads input until
complete, then opens the output file, then
writes to it. This makes it useful in pipelines
that read and write to the same file.

Reviewed by:	wblock, jilles, imp, cem, danfe (all: various iterations)
Inspired by:	https://joeyh.name/code/moreutils/
2017-12-05 03:55:10 +00:00
Bryan Drewery
4a51c7085e native-xtools: Fix build without META_MODE for GCC archs.
The initial kernel-toolchain is built with TARGET=MACHINE but
we want GCC to have files generated for TARGET=NXB_TARGET
instead later on.  Just clean the files between building of
the toolchain and nxb binaries which will let it rebuild
when needed.

Reported by:	sbruno
X-MFC-With:	r325001
MFC after:	1 month
Sponsored by:	Dell EMC
2017-12-05 02:23:36 +00:00
Bryan Drewery
a854949ff1 Fix DPSRCS not getting .depend.* files.
Reported by:	jhb
MFC after:	2 weeks
Sponsored by:	Dell EMC
2017-12-05 02:23:33 +00:00
Bryan Drewery
649fed8e37 Allow Makefiles to append to DEPENDSRCS.
Sponsored by:	Dell EMC
2017-12-05 02:23:30 +00:00
Bryan Drewery
7cc780d771 DEPENDSRCS not used here.
Sponsored by:	Dell EMC
2017-12-05 02:23:27 +00:00
Bryan Drewery
b4585565d5 Rename DEPENDFILES_OBJS to DEPENDFILES.
This is to be consistent with bsd.dep.mk using DEPENDFILES after
r325677.

Sponsored by:	Dell EMC
2017-12-05 02:23:23 +00:00
Ed Maste
a6aca65caf lld: make -v behave similarly to GNU ld.bfd
Previously, lld exited with an error status if the only option given to
the command was -v. GNU linkers gracefully exit in that case. This patch
makes lld behave like GNU.

Note that even with this patch, lld's -v and --version options behave
slightly differently than GNU linkers' counterparts. For example,
if you run ld.bfd -v -v, the version string is printed out twice.
But that is an edge case that I don't think we need to take care of.

Fixes https://bugs.llvm.org/show_bug.cgi?id=31582

Obtained from:	LLVM r319717
MFC after:	1 week
2017-12-05 01:47:41 +00:00
Rick Macklem
b07bc39a23 Avoid the overhead of acquiring a lock in nfsrv_checkgetattr() when
there are no write delegations issued.

manu@ reported on the freebsd-current@ mailing list that there was
a significant performance hit in nfsrv_checkgetattr() caused by
the acquisition/release of a state lock, even when there were no
write delegations issued.
This patch add a count of outstanding issued write delegations to the
NFSv4 server. This count allows nfsrv_checkgetattr() to return without
acquiring any lock when the count is 0, avoiding the performance hit
for the case where no write delegations are issued.

Reported by:	manu
Reviewed by:	kib
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D13327
2017-12-04 21:50:27 +00:00
Emmanuel Vadot
eb1eebb9aa Allwinner: Add H5 compatible to aw_ccu
Recent DTS (from Linux 4.14) specify a compatible "allwinner,sun50i-h5-ccu"
for H5 SoC. Since we get the DTB from u-boot this wasn't noticed.
Add the compatible so later version of u-boot will not fail for us.
2017-12-04 20:45:15 +00:00
Andriy Gapon
a7437a3e9d amd-vi: set iommu msi configuration using pci_enable_msi method
This is better than directly changing PCI configuration space of the
device because it makes the PCI bus aware of the configuration.
Also, the change allows to drop a bunch of code that duplicated
pci_enable_msi() functionality.

I wonder if it's possible to further simplify the code by using
pci_alloc_msi().
2017-12-04 17:10:52 +00:00
Andriy Gapon
df92c28d6a vmm/amd: add ivhd device with a higher order
ivhd should attach after the root PCI bus and, thus, after the ACPI
Host-PCI bridge off which the bus hangs.  This is because ivhd changes
PCI configuration of a PCI IOMMU device that is located on the root bus.
If the bus attaches after ivhd it clears the MSI portion of the
configuration.  As a result IOMMU event interrupts would never be
delivered.

For regular ACPI devices the order is calculated as
    ACPI_DEV_BASE_ORDER + level * 10
where level is a depth of the device in the ACPI namespace.
I expect the depth of the Host-PCI bridge to be two or three,
so ACPI_DEV_BASE_ORDER + 10 * 10 should be a sufficiently safe order
for ivhd.

This should fix the setup of the AMD-Vi event interrupt when vmm is
preloaded (as opposed to kldload-ed).
2017-12-04 17:08:03 +00:00
Andriy Gapon
8f09494d1e amd-vi: clear event interrupt and overflow bits upon handling the interrupt
This ensures that we can receive further event interrupts.
See the description of the bits in the specification for
MMIO Offset 2020h IOMMU Status Register.
The bits are defined as set-by-hardware write-1-to-clear, same as all
the bits in the status register.

Discussed with:	anish
2017-12-04 17:02:53 +00:00
Warner Losh
1f99cce2b0 Just use the last line of the output from getting .OBJDIR. The
buildenv target prints other stuff too that needs to be ignored.

Sponsored by: Netflix
2017-12-04 16:38:20 +00:00
Emmanuel Vadot
aabe1bb37a dts: arm: Remove imx6 related dts
Everything should work with dts from sys/gnu/dts

Discussed with:	ian
2017-12-04 13:28:56 +00:00
Baptiste Daroussin
625490e842 Only skip looking for manpages if both man directory and cat directory
are not existing.

This allows man(1) to read catpages when no man directories are available at all

PR:		223559
Reported by:	wosch
MFC after:	3 days
2017-12-04 12:51:05 +00:00
Baptiste Daroussin
d9405a926c In case man(1) found a catpage to display skip looking ".so" which is manpage
only.

In case we are trying to read a catpage, the manpage variable is not defined.
It results in the "cattool" having no arguments.

In case the catpage is compressed, the cattool used is "zcat" which dies if the
standard input is a terminal, meaning the function calling it is exiting as if
there were no ".so"
In case the catpage is uncompressed, the cattool used is "zcat -f" which waits
reading standard input, making the man(1) command hang.

PR:		223560
Reported by:	wosch
MFC after:	3 days
2017-12-04 12:33:46 +00:00
Andrew Turner
78f23de54c Use the module pointer to find the address we need to map to in the early
arm64 boot sequence. This will be a virtual address in the kernel space
after the kernel and any modules loaded by loader so we can use this to
find the size of the kernel + modules. We can then add on a level 2 page for
the module data and round up the size to be aligned to a level 2 page.

This allows more than 8 MiB of modules to be loaded by loader, e.g. zfs.ko
and opensolaris.ko.

Reported by:	Shawn Webb
MFC after:	1 week
Sponsored by:	DARPA, AFRL
2017-12-04 11:25:34 +00:00
Andrew Turner
5be9377857 Print the correct value when freelist is out of range.
Security:	:
Sponsored by:	DARPA, AFRL
2017-12-04 11:16:51 +00:00
Baptiste Daroussin
2c7292e5b4 Properly name the 2013 edition
Reported by:	ed
2017-12-04 09:58:38 +00:00
Baptiste Daroussin
ec5c474feb Add Posix 2013 référence for manpages
PR:		223930
Reported by:	Mateusz Piotrowski <mpp302@gmail.com>
MFC after:	2 days
2017-12-04 09:48:55 +00:00
Andrey V. Elsukov
49ba44e765 Fix format string warning with enabled DEBUGGING.
MFC after:	1 week
2017-12-04 09:17:28 +00:00
Toomas Soome
61da91207d loader.efi: add note about iPXE into the efipart.c
Commant update.
2017-12-04 08:50:00 +00:00
Michael Zhilin
0db2102aaa [mips] [vm] restore translation of freelist to flind for page allocation
Commit r326346 moved domain iterators from physical layer to vm_page one,
but it also removed translation of freelist to flind for
vm_page_alloc_freelist() call. Before it expects VM_FREELIST_ parameter,
but after it expect freelist index.

On small WiFi boxes with few megabytes of RAM, there is only one freelist
VM_FREELIST_LOWMEM (1) and there is no VM_FREELIST_DEFAULT(0) (see file
sys/mips/include/vmparam.h). It results in freelist 1 with flind 0.

At first, this commit renames flind to freelist in vm_page_alloc_freelist
to avoid misunderstanding about input parameters. Then on physical layer it
restores translation for correct handling of freelist parameter.

Reported by:	landonf
Reviewed by:	jeff
Differential Revision:	https://reviews.freebsd.org/D13351
2017-12-04 08:08:55 +00:00
Allan Jude
6f3d4ec84d increase maximum size of zfsboot
Previous to the switch from sys/boot to stand/ zfsboot (used for MBR) did
not support GELI. Now that it is compiled with GELI, it is running out of
space.

zfsldr (which loads zfsboot) was modified to load 256kb in r304321
2017-12-04 02:42:00 +00:00
Allan Jude
90edb2ac5b Use __has_builtin() to ensure clz and clzll builtins are available
The existing check of the GCC version number is not sufficient

This fixes the build on sparc64 in preparation for integrating ZSTD into
the kernel for ZFS and Crash Dumps.
2017-12-04 01:16:26 +00:00
Warner Losh
02cfd60482 Remove the entire objdir tree to avoid picking up stale binaries from
prior builds. Move GELI to building first.

Sponsored by: Netflix
2017-12-04 01:14:17 +00:00
Warner Losh
4d32c2211e Switch to proper MK_LOADER_GELI tests.
Submitted by: peter@
2017-12-04 01:14:12 +00:00
George V. Neville-Neil
b61cdf0e4e Add support for RealTek 8812 over USB
Tested with ALFA AWUS036ACH

MFC after:	1 week
2017-12-03 22:02:30 +00:00
Mark Johnston
8960a01967 Document the sys/boot -> stand move in hier.7 and the top-level README.
Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D13353
2017-12-03 20:36:36 +00:00
Ed Schouten
03c132654d Make COMPAT_FREEBSD32 part of GENERIC on arm64.
The cloudabi32.ko kernel modules can only be loaded on AMD64 and ARM64
by kernels built with COMPAT_FREEBSD32. Even though COMPAT_FREEBSD32
does not support the execution of native FreeBSD executables, do add it
to GENERIC, to make cloudabi32.ko usable.

According to size(1), this makes the kernel image approximately 0.7%
larger.

Reviewed by:	andrew, imp, emaste
Differential Revision:	https://reviews.freebsd.org/D13311
2017-12-03 19:26:14 +00:00
Kristof Provost
02d92cc609 tests: ipsec: Don't load/unload aesni.ko in the test header
We can't kldunload in the test head as Kyua interprets any output from
them. This would lead to syntax errors and skipping the entire file.

Move the kld commands into the test case bodies.

Pointed out by: asomers@
2017-12-03 18:35:07 +00:00
Mark Johnston
04006780d9 Complete support for dtrace's -x setenv option.
This allows one to override the environment for processes created with
dtrace -c. By default, the environment is inherited.

This support was originally merged from illumos in r249367 but was lost
when the commit was later reverted and then brought back piecemeal.

Reported by:	Samuel Lepetit <slepetit@apple.com>
MFC after:	2 weeks
2017-12-03 16:57:28 +00:00
Mark Johnston
5577b8a709 Add an envp argument to proc_create().
This is needed to support dtrace's -x setenv option.

MFC after:	2 weeks
2017-12-03 16:50:16 +00:00
Kristof Provost
4fbebc7472 Add IPSec tests in tunnel mode
Some IPSec in tunnel mode allowing to test multiple IPSec
configurations.  These tests are reusing the jail/vnet scripts from pf
tests for generating complex network.

Submitted by:	olivier@
Differential Revision:	https://reviews.freebsd.org/D13017
2017-12-03 13:52:35 +00:00
Dimitry Andric
d4419f6fa8 Upgrade our copies of clang, llvm, lldb and libc++ to r319231 from the
upstream release_50 branch.  This corresponds to 5.0.1 rc2.

MFC after:	2 weeks
2017-12-03 12:14:34 +00:00
Warner Losh
a9839149fd Now it's safe to bump WARNS to 1.
Sponsored by: Netflix
2017-12-03 04:55:38 +00:00
Warner Losh
f5b24e1c9f Mark two things as unused (since they are only sometimes used) and
toss in a DECONST to remove a const in some tricky code that would
require too extensive a change to unwind otherwise.

Sponsored by: Netflix
2017-12-03 04:55:33 +00:00
Warner Losh
f8bb886226 Provide a md_load64 prototype.
Sponsored by: Netflix
2017-12-03 04:55:28 +00:00
Warner Losh
6f1066fa3c Cast void * pointer to char * so the arg matches the %s format.
Sponsored by: Netflix
2017-12-03 04:55:23 +00:00
Warner Losh
b21ed88a41 Disconnet ps3 from the build. There's too many warnings to fix. Also,
it's going to be removed soon anyway once the final lingering issues
with kboot are resolved. Go ahead and disconnect it from the build a
little early.

Sponsored by: Netflix
OK'd by: nathanw@
2017-12-03 04:55:19 +00:00