MFH r339206-r339212, r339215-r339239
Sponsored by: The FreeBSD Foundation
This commit is contained in:
commit
fc3f42d80f
7
UPDATING
7
UPDATING
@ -31,6 +31,13 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 12.x IS SLOW:
|
||||
disable the most expensive debugging functionality run
|
||||
"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
|
||||
|
||||
20181006:
|
||||
The legacy DRM modules and drivers have now been added to the loader's
|
||||
module blacklist, in favor of loading them with kld_list in rc.conf(5).
|
||||
The module blacklist may be overridden with the loader.conf(5)
|
||||
'module_blacklist' variable, but loading them via rc.conf(5) is strongly
|
||||
encouraged.
|
||||
|
||||
20181002:
|
||||
The cam(4) based nda(4) driver will be used over nvd(4) by default on
|
||||
powerpc64. You may set 'options NVME_USE_NVD=1' in your kernel conf or
|
||||
|
@ -316,7 +316,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
|
||||
|
||||
#ifdef HAVE_LOGIN_CAP
|
||||
if (authctxt->pw != NULL &&
|
||||
(lc = login_getpwclass(authctxt->pw)) != NULL) {
|
||||
(lc = PRIVSEP(login_getpwclass(authctxt->pw))) != NULL) {
|
||||
logit("user %s login class %s", authctxt->pw->pw_name,
|
||||
authctxt->pw->pw_class);
|
||||
from_host = auth_get_canonical_hostname(ssh, options.use_dns);
|
||||
@ -331,7 +331,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
|
||||
authctxt->pw->pw_name, from_host);
|
||||
packet_disconnect("Logins not available right now.");
|
||||
}
|
||||
login_close(lc);
|
||||
PRIVSEP(login_close(lc));
|
||||
}
|
||||
#endif /* HAVE_LOGIN_CAP */
|
||||
|
||||
|
@ -114,6 +114,7 @@ static struct sshbuf *child_state;
|
||||
|
||||
int mm_answer_moduli(int, struct sshbuf *);
|
||||
int mm_answer_sign(int, struct sshbuf *);
|
||||
int mm_answer_login_getpwclass(int, struct sshbuf *);
|
||||
int mm_answer_pwnamallow(int, struct sshbuf *);
|
||||
int mm_answer_auth2_read_banner(int, struct sshbuf *);
|
||||
int mm_answer_authserv(int, struct sshbuf *);
|
||||
@ -189,6 +190,7 @@ struct mon_table mon_dispatch_proto20[] = {
|
||||
{MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli},
|
||||
#endif
|
||||
{MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
|
||||
{MONITOR_REQ_GETPWCLASS, MON_AUTH, mm_answer_login_getpwclass},
|
||||
{MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
|
||||
{MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
|
||||
{MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
|
||||
@ -707,6 +709,46 @@ mm_answer_sign(int sock, struct sshbuf *m)
|
||||
return (0);
|
||||
}
|
||||
|
||||
int
|
||||
mm_answer_login_getpwclass(int sock, struct sshbuf *m)
|
||||
{
|
||||
login_cap_t *lc;
|
||||
struct passwd *pw;
|
||||
int r;
|
||||
u_int len;
|
||||
|
||||
debug3("%s", __func__);
|
||||
|
||||
pw = sshbuf_get_passwd(m);
|
||||
if (pw == NULL)
|
||||
fatal("%s: receive get struct passwd failed", __func__);
|
||||
|
||||
lc = login_getpwclass(pw);
|
||||
|
||||
sshbuf_reset(m);
|
||||
|
||||
if (lc == NULL) {
|
||||
if (r = sshbuf_put_u8(m, 0) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
goto out;
|
||||
}
|
||||
|
||||
if ((r = sshbuf_put_u8(m, 1)) != 0 ||
|
||||
(r = sshbuf_put_cstring(m, lc->lc_class)) != 0 ||
|
||||
(r = sshbuf_put_cstring(m, lc->lc_cap)) != 0 ||
|
||||
(r = sshbuf_put_cstring(m, lc->lc_style)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
|
||||
login_close(lc);
|
||||
out:
|
||||
debug3("%s: sending MONITOR_ANS_GETPWCLASS", __func__);
|
||||
mm_request_send(sock, MONITOR_ANS_GETPWCLASS, m);
|
||||
|
||||
sshbuf_free_passwd(pw);
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
/* Retrieves the password entry and also checks if the user is permitted */
|
||||
|
||||
int
|
||||
@ -745,19 +787,8 @@ mm_answer_pwnamallow(int sock, struct sshbuf *m)
|
||||
authctxt->pw = pwent;
|
||||
authctxt->valid = 1;
|
||||
|
||||
/* XXX don't sent pwent to unpriv; send fake class/dir/shell too */
|
||||
if ((r = sshbuf_put_u8(m, 1)) != 0 ||
|
||||
(r = sshbuf_put_string(m, pwent, sizeof(*pwent))) != 0 ||
|
||||
(r = sshbuf_put_cstring(m, pwent->pw_name)) != 0 ||
|
||||
(r = sshbuf_put_cstring(m, "*")) != 0 ||
|
||||
#ifdef HAVE_STRUCT_PASSWD_PW_GECOS
|
||||
(r = sshbuf_put_cstring(m, pwent->pw_gecos)) != 0 ||
|
||||
#endif
|
||||
#ifdef HAVE_STRUCT_PASSWD_PW_CLASS
|
||||
(r = sshbuf_put_cstring(m, pwent->pw_class)) != 0 ||
|
||||
#endif
|
||||
(r = sshbuf_put_cstring(m, pwent->pw_dir)) != 0 ||
|
||||
(r = sshbuf_put_cstring(m, pwent->pw_shell)) != 0)
|
||||
(r = sshbuf_put_passwd(m, pwent)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
|
||||
out:
|
||||
|
@ -53,7 +53,8 @@ enum monitor_reqtype {
|
||||
MONITOR_REQ_GSSSTEP = 44, MONITOR_ANS_GSSSTEP = 45,
|
||||
MONITOR_REQ_GSSUSEROK = 46, MONITOR_ANS_GSSUSEROK = 47,
|
||||
MONITOR_REQ_GSSCHECKMIC = 48, MONITOR_ANS_GSSCHECKMIC = 49,
|
||||
MONITOR_REQ_TERM = 50,
|
||||
MONITOR_REQ_GETPWCLASS = 50, MONITOR_ANS_GETPWCLASS = 51,
|
||||
MONITOR_REQ_TERM = 52,
|
||||
|
||||
MONITOR_REQ_PAM_START = 100,
|
||||
MONITOR_REQ_PAM_ACCOUNT = 102, MONITOR_ANS_PAM_ACCOUNT = 103,
|
||||
|
@ -247,6 +247,57 @@ mm_sshkey_sign(struct sshkey *key, u_char **sigp, size_t *lenp,
|
||||
return (0);
|
||||
}
|
||||
|
||||
login_cap_t *
|
||||
mm_login_getpwclass(const struct passwd *pwent)
|
||||
{
|
||||
int r;
|
||||
struct sshbuf *m;
|
||||
char rc;
|
||||
login_cap_t *lc;
|
||||
|
||||
debug3("%s entering", __func__);
|
||||
|
||||
if ((m = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
if ((r = sshbuf_put_passwd(m, pwent)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
|
||||
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GETPWCLASS, m);
|
||||
|
||||
debug3("%s: waiting for MONITOR_ANS_GETPWCLASS", __func__);
|
||||
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GETPWCLASS, m);
|
||||
|
||||
if ((r = sshbuf_get_u8(m, &rc)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
|
||||
if (rc == 0) {
|
||||
lc = NULL;
|
||||
goto out;
|
||||
}
|
||||
|
||||
lc = xmalloc(sizeof(*lc));
|
||||
if ((r = sshbuf_get_cstring(m, &lc->lc_class, NULL)) != 0 ||
|
||||
(r = sshbuf_get_cstring(m, &lc->lc_cap, NULL)) != 0 ||
|
||||
(r = sshbuf_get_cstring(m, &lc->lc_style, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
|
||||
out:
|
||||
sshbuf_free(m);
|
||||
|
||||
return (lc);
|
||||
}
|
||||
|
||||
void
|
||||
mm_login_close(login_cap_t *lc)
|
||||
{
|
||||
if (lc == NULL)
|
||||
return;
|
||||
free(lc->lc_style);
|
||||
free(lc->lc_class);
|
||||
free(lc->lc_cap);
|
||||
free(lc);
|
||||
}
|
||||
|
||||
struct passwd *
|
||||
mm_getpwnamallow(const char *username)
|
||||
{
|
||||
@ -279,25 +330,9 @@ mm_getpwnamallow(const char *username)
|
||||
goto out;
|
||||
}
|
||||
|
||||
/* XXX don't like passing struct passwd like this */
|
||||
pw = xcalloc(sizeof(*pw), 1);
|
||||
if ((r = sshbuf_get_string_direct(m, &p, &len)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
if (len != sizeof(*pw))
|
||||
fatal("%s: struct passwd size mismatch", __func__);
|
||||
memcpy(pw, p, sizeof(*pw));
|
||||
|
||||
if ((r = sshbuf_get_cstring(m, &pw->pw_name, NULL)) != 0 ||
|
||||
(r = sshbuf_get_cstring(m, &pw->pw_passwd, NULL)) != 0 ||
|
||||
#ifdef HAVE_STRUCT_PASSWD_PW_GECOS
|
||||
(r = sshbuf_get_cstring(m, &pw->pw_gecos, NULL)) != 0 ||
|
||||
#endif
|
||||
#ifdef HAVE_STRUCT_PASSWD_PW_CLASS
|
||||
(r = sshbuf_get_cstring(m, &pw->pw_class, NULL)) != 0 ||
|
||||
#endif
|
||||
(r = sshbuf_get_cstring(m, &pw->pw_dir, NULL)) != 0 ||
|
||||
(r = sshbuf_get_cstring(m, &pw->pw_shell, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
pw = sshbuf_get_passwd(m);
|
||||
if (pw == NULL)
|
||||
fatal("%s: receive get struct passwd failed", __func__);
|
||||
|
||||
out:
|
||||
/* copy options block as a Match directive may have changed some */
|
||||
|
@ -28,6 +28,8 @@
|
||||
#ifndef _MM_WRAP_H_
|
||||
#define _MM_WRAP_H_
|
||||
|
||||
#include <login_cap.h>
|
||||
|
||||
extern int use_privsep;
|
||||
#define PRIVSEP(x) (use_privsep ? mm_##x : x)
|
||||
|
||||
@ -45,6 +47,8 @@ int mm_sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t,
|
||||
const char *, u_int compat);
|
||||
void mm_inform_authserv(char *, char *);
|
||||
struct passwd *mm_getpwnamallow(const char *);
|
||||
login_cap_t *mm_login_getpwclass(const struct passwd *pwd);
|
||||
void mm_login_close(login_cap_t *lc);
|
||||
char *mm_auth2_read_banner(void);
|
||||
int mm_auth_password(struct ssh *, char *);
|
||||
int mm_key_allowed(enum mm_keytype, const char *, const char *, struct sshkey *,
|
||||
|
@ -31,6 +31,7 @@ __RCSID("$FreeBSD$");
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <capsicum_helpers.h>
|
||||
|
||||
#include "log.h"
|
||||
#include "monitor.h"
|
||||
@ -71,6 +72,8 @@ ssh_sandbox_child(struct ssh_sandbox *box)
|
||||
struct rlimit rl_zero;
|
||||
cap_rights_t rights;
|
||||
|
||||
caph_cache_tzdata();
|
||||
|
||||
rl_zero.rlim_cur = rl_zero.rlim_max = 0;
|
||||
|
||||
if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
|
||||
|
@ -25,6 +25,7 @@
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "ssherr.h"
|
||||
#include "sshbuf.h"
|
||||
|
||||
@ -462,3 +463,95 @@ sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf,
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* store struct pwd
|
||||
*/
|
||||
int
|
||||
sshbuf_put_passwd(struct sshbuf *buf, const struct passwd *pwent)
|
||||
{
|
||||
int r;
|
||||
|
||||
/*
|
||||
* We never send pointer values of struct passwd.
|
||||
* It is safe from wild pointer even if a new pointer member is added.
|
||||
*/
|
||||
|
||||
if ((r = sshbuf_put_u64(buf, sizeof(*pwent)) != 0) ||
|
||||
(r = sshbuf_put_cstring(buf, pwent->pw_name)) != 0 ||
|
||||
(r = sshbuf_put_cstring(buf, "*")) != 0 ||
|
||||
(r = sshbuf_put_u32(buf, pwent->pw_uid)) != 0 ||
|
||||
(r = sshbuf_put_u32(buf, pwent->pw_gid)) != 0 ||
|
||||
(r = sshbuf_put_u64(buf, pwent->pw_change)) != 0 ||
|
||||
#ifdef HAVE_STRUCT_PASSWD_PW_GECOS
|
||||
(r = sshbuf_put_cstring(buf, pwent->pw_gecos)) != 0 ||
|
||||
#endif
|
||||
#ifdef HAVE_STRUCT_PASSWD_PW_CLASS
|
||||
(r = sshbuf_put_cstring(buf, pwent->pw_class)) != 0 ||
|
||||
#endif
|
||||
(r = sshbuf_put_cstring(buf, pwent->pw_dir)) != 0 ||
|
||||
(r = sshbuf_put_cstring(buf, pwent->pw_shell)) != 0 ||
|
||||
(r = sshbuf_put_u64(buf, pwent->pw_expire)) != 0 ||
|
||||
(r = sshbuf_put_u32(buf, pwent->pw_fields)) != 0) {
|
||||
return r;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* extract struct pwd
|
||||
*/
|
||||
struct passwd *
|
||||
sshbuf_get_passwd(struct sshbuf *buf)
|
||||
{
|
||||
struct passwd *pw;
|
||||
int r;
|
||||
size_t len;
|
||||
|
||||
/* check if size of struct passwd is as same as sender's size */
|
||||
r = sshbuf_get_u64(buf, &len);
|
||||
if (r != 0 || len != sizeof(*pw))
|
||||
return NULL;
|
||||
|
||||
pw = xcalloc(1, sizeof(*pw));
|
||||
if (sshbuf_get_cstring(buf, &pw->pw_name, NULL) != 0 ||
|
||||
sshbuf_get_cstring(buf, &pw->pw_passwd, NULL) != 0 ||
|
||||
sshbuf_get_u32(buf, &pw->pw_uid) != 0 ||
|
||||
sshbuf_get_u32(buf, &pw->pw_gid) != 0 ||
|
||||
sshbuf_get_u64(buf, &pw->pw_change) != 0 ||
|
||||
#ifdef HAVE_STRUCT_PASSWD_PW_GECOS
|
||||
sshbuf_get_cstring(buf, &pw->pw_gecos, NULL) != 0 ||
|
||||
#endif
|
||||
#ifdef HAVE_STRUCT_PASSWD_PW_CLASS
|
||||
sshbuf_get_cstring(buf, &pw->pw_class, NULL) != 0 ||
|
||||
#endif
|
||||
sshbuf_get_cstring(buf, &pw->pw_dir, NULL) != 0 ||
|
||||
sshbuf_get_cstring(buf, &pw->pw_shell, NULL) != 0 ||
|
||||
sshbuf_get_u64(buf, &pw->pw_expire) != 0 ||
|
||||
sshbuf_get_u32(buf, &pw->pw_fields) != 0) {
|
||||
sshbuf_free_passwd(pw);
|
||||
return NULL;
|
||||
}
|
||||
return pw;
|
||||
}
|
||||
|
||||
/*
|
||||
* free struct passwd obtained from sshbuf_get_passwd.
|
||||
*/
|
||||
void
|
||||
sshbuf_free_passwd(struct passwd *pwent)
|
||||
{
|
||||
if (pwent == NULL)
|
||||
return;
|
||||
free(pwent->pw_shell);
|
||||
free(pwent->pw_dir);
|
||||
#ifdef HAVE_STRUCT_PASSWD_PW_CLASS
|
||||
free(pwent->pw_class);
|
||||
#endif
|
||||
#ifdef HAVE_STRUCT_PASSWD_PW_GECOS
|
||||
free(pwent->pw_gecos);
|
||||
#endif
|
||||
free(pwent->pw_passwd);
|
||||
free(pwent->pw_name);
|
||||
free(pwent);
|
||||
}
|
||||
|
@ -21,6 +21,7 @@
|
||||
#include <sys/types.h>
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
#include <pwd.h>
|
||||
#ifdef WITH_OPENSSL
|
||||
# include <openssl/bn.h>
|
||||
# ifdef OPENSSL_HAS_ECC
|
||||
@ -246,6 +247,21 @@ int sshbuf_b64tod(struct sshbuf *buf, const char *b64);
|
||||
*/
|
||||
char *sshbuf_dup_string(struct sshbuf *buf);
|
||||
|
||||
/*
|
||||
* store struct pwd
|
||||
*/
|
||||
int sshbuf_put_passwd(struct sshbuf *buf, const struct passwd *pwent);
|
||||
|
||||
/*
|
||||
* extract struct pwd
|
||||
*/
|
||||
struct passwd *sshbuf_get_passwd(struct sshbuf *buf);
|
||||
|
||||
/*
|
||||
* free struct passwd obtained from sshbuf_get_passwd.
|
||||
*/
|
||||
void sshbuf_free_passwd(struct passwd *pwent);
|
||||
|
||||
/* Macros for decoding/encoding integers */
|
||||
#define PEEK_U64(p) \
|
||||
(((u_int64_t)(((const u_char *)(p))[0]) << 56) | \
|
||||
|
@ -2143,6 +2143,11 @@ main(int ac, char **av)
|
||||
*/
|
||||
remote_ip = ssh_remote_ipaddr(ssh);
|
||||
|
||||
#ifdef HAVE_LOGIN_CAP
|
||||
/* Also caches remote hostname for sandboxed child. */
|
||||
auth_get_canonical_hostname(ssh, options.use_dns);
|
||||
#endif
|
||||
|
||||
#ifdef SSH_AUDIT_EVENTS
|
||||
audit_connection_from(remote_ip, remote_port);
|
||||
#endif
|
||||
|
@ -31,7 +31,7 @@
|
||||
#include <machine/asm.h>
|
||||
__FBSDID("$FreeBSD$");
|
||||
|
||||
.macro MEMSET bzero
|
||||
.macro MEMSET bzero erms
|
||||
.if \bzero == 1
|
||||
movq %rsi,%rcx
|
||||
movq %rsi,%rdx
|
||||
@ -43,21 +43,75 @@ __FBSDID("$FreeBSD$");
|
||||
movabs $0x0101010101010101,%rax
|
||||
imulq %r8,%rax
|
||||
.endif
|
||||
cmpq $15,%rcx
|
||||
jbe 1f
|
||||
shrq $3,%rcx
|
||||
rep
|
||||
stosq
|
||||
movq %rdx,%rcx
|
||||
andq $7,%rcx
|
||||
jne 1f
|
||||
|
||||
cmpq $32,%rcx
|
||||
jb 1016f
|
||||
|
||||
cmpq $256,%rcx
|
||||
ja 1256f
|
||||
|
||||
1032:
|
||||
movq %rax,(%rdi)
|
||||
movq %rax,8(%rdi)
|
||||
movq %rax,16(%rdi)
|
||||
movq %rax,24(%rdi)
|
||||
leaq 32(%rdi),%rdi
|
||||
subq $32,%rcx
|
||||
cmpq $32,%rcx
|
||||
jae 1032b
|
||||
cmpb $0,%cl
|
||||
je 1000f
|
||||
1016:
|
||||
cmpb $16,%cl
|
||||
jl 1008f
|
||||
movq %rax,(%rdi)
|
||||
movq %rax,8(%rdi)
|
||||
subb $16,%cl
|
||||
jz 1000f
|
||||
leaq 16(%rdi),%rdi
|
||||
1008:
|
||||
cmpb $8,%cl
|
||||
jl 1004f
|
||||
movq %rax,(%rdi)
|
||||
subb $8,%cl
|
||||
jz 1000f
|
||||
leaq 8(%rdi),%rdi
|
||||
1004:
|
||||
cmpb $4,%cl
|
||||
jl 1002f
|
||||
movl %eax,(%rdi)
|
||||
subb $4,%cl
|
||||
jz 1000f
|
||||
leaq 4(%rdi),%rdi
|
||||
1002:
|
||||
cmpb $2,%cl
|
||||
jl 1001f
|
||||
movw %ax,(%rdi)
|
||||
subb $2,%cl
|
||||
jz 1000f
|
||||
leaq 2(%rdi),%rdi
|
||||
1001:
|
||||
cmpb $1,%cl
|
||||
jl 1000f
|
||||
movb %al,(%rdi)
|
||||
1000:
|
||||
.if \bzero == 0
|
||||
movq %r9,%rax
|
||||
.endif
|
||||
ret
|
||||
1:
|
||||
|
||||
1256:
|
||||
.if \erms == 1
|
||||
rep
|
||||
stosb
|
||||
.else
|
||||
shrq $3,%rcx
|
||||
rep
|
||||
stosq
|
||||
movq %rdx,%rcx
|
||||
andb $7,%cl
|
||||
jne 1004b
|
||||
.endif
|
||||
.if \bzero == 0
|
||||
movq %r9,%rax
|
||||
.endif
|
||||
@ -66,11 +120,11 @@ __FBSDID("$FreeBSD$");
|
||||
|
||||
#ifndef BZERO
|
||||
ENTRY(memset)
|
||||
MEMSET bzero=0
|
||||
MEMSET bzero=0 erms=0
|
||||
END(memset)
|
||||
#else
|
||||
ENTRY(bzero)
|
||||
MEMSET bzero=1
|
||||
MEMSET bzero=1 erms=0
|
||||
END(bzero)
|
||||
#endif
|
||||
|
||||
|
@ -163,7 +163,7 @@ firewall_simple_onet="192.0.2.0/28" # Outside network address for "simple"
|
||||
# firewall.
|
||||
#firewall_simple_onet_ipv6="2001:db8:2:0::/56" # Outside IPv6 network prefix
|
||||
# for "simple" firewall.
|
||||
firewall_myservices="" # List of TCP ports on which this host
|
||||
firewall_myservices="" # List of ports/protocols on which this host
|
||||
# offers services for "workstation" firewall.
|
||||
firewall_allowservices="" # List of IPs which have access to
|
||||
# $firewall_myservices for "workstation"
|
||||
|
@ -97,6 +97,7 @@ efi_max_resolution="1x1" # Set the max resolution for EFI loader to use:
|
||||
#console="vidconsole" # A comma separated list of console(s)
|
||||
#currdev="disk1s1a" # Set the current device
|
||||
module_path="/boot/modules;/boot/dtb;/boot/dtb/overlays" # Set the module search path
|
||||
module_blacklist="drm drm2 radeonkms i915kms amdgpu" # Loader module blacklist
|
||||
#prompt="\\${interpret}" # Set the command prompt
|
||||
#root_disk_unit="0" # Force the root disk unit number
|
||||
#rootdev="disk1s1a" # Set the root filesystem
|
||||
|
@ -23,7 +23,7 @@
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.Dd August 28, 2018
|
||||
.Dd October 6, 2018
|
||||
.Dt LOADER.CONF 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -147,6 +147,15 @@ If a password is set, the user must provide specified password to boot.
|
||||
If set to
|
||||
.Dq YES ,
|
||||
module names will be displayed as they are loaded.
|
||||
.It Ar module_blacklist
|
||||
Blacklist of modules.
|
||||
Modules specified in the blacklist may not be loaded automatically with a
|
||||
.Ar *_load
|
||||
directive, but they may be loaded directly at the
|
||||
.Xr loader 8
|
||||
prompt.
|
||||
Blacklisted modules may still be loaded indirectly as dependencies of other
|
||||
moduled.
|
||||
.It Ar *_load
|
||||
If set to
|
||||
.Dq YES ,
|
||||
|
@ -54,6 +54,7 @@ local MSG_XENKERNFAIL = "Failed to load Xen kernel '%s'"
|
||||
local MSG_XENKERNLOADING = "Loading Xen kernel..."
|
||||
local MSG_KERNLOADING = "Loading kernel..."
|
||||
local MSG_MODLOADING = "Loading configured modules..."
|
||||
local MSG_MODBLACKLIST = "Not loading blacklisted module '%s'"
|
||||
local MSG_MODLOADFAIL = "Could not load one or more modules!"
|
||||
|
||||
local MODULEEXPR = '([%w-_]+)'
|
||||
@ -265,20 +266,37 @@ local function isValidComment(line)
|
||||
return true
|
||||
end
|
||||
|
||||
local function getBlacklist()
|
||||
local blacklist_str = loader.getenv('module_blacklist')
|
||||
if blacklist_str == nil then
|
||||
return nil
|
||||
end
|
||||
|
||||
local blacklist = {}
|
||||
for mod in blacklist_str:gmatch("[;, ]?([%w-_]+)[;, ]?") do
|
||||
blacklist[mod] = true
|
||||
end
|
||||
return blacklist
|
||||
end
|
||||
|
||||
local function loadModule(mod, silent)
|
||||
local status = true
|
||||
local blacklist = getBlacklist()
|
||||
local pstatus
|
||||
for k, v in pairs(mod) do
|
||||
if v.load ~= nil and v.load:lower() == "yes" then
|
||||
local module_name = v.name or k
|
||||
if blacklist[module_name] ~= nil then
|
||||
if not silent then
|
||||
print(MSG_MODBLACKLIST:format(module_name))
|
||||
end
|
||||
goto continue
|
||||
end
|
||||
local str = "load "
|
||||
if v.type ~= nil then
|
||||
str = str .. "-t " .. v.type .. " "
|
||||
end
|
||||
if v.name ~= nil then
|
||||
str = str .. v.name
|
||||
else
|
||||
str = str .. k
|
||||
end
|
||||
str = str .. module_name
|
||||
if v.flags ~= nil then
|
||||
str = str .. " " .. v.flags
|
||||
end
|
||||
@ -309,6 +327,7 @@ local function loadModule(mod, silent)
|
||||
end
|
||||
|
||||
end
|
||||
::continue::
|
||||
end
|
||||
|
||||
return status
|
||||
|
@ -34,6 +34,10 @@ local hook = require("hook")
|
||||
|
||||
local core = {}
|
||||
|
||||
local default_safe_mode = false
|
||||
local default_single_user = false
|
||||
local default_verbose = false
|
||||
|
||||
local function composeLoaderCmd(cmd_name, argstr)
|
||||
if argstr ~= nil then
|
||||
cmd_name = cmd_name .. " " .. argstr
|
||||
@ -41,6 +45,26 @@ local function composeLoaderCmd(cmd_name, argstr)
|
||||
return cmd_name
|
||||
end
|
||||
|
||||
local function recordDefaults()
|
||||
-- On i386, hint.acpi.0.rsdp will be set before we're loaded. On !i386,
|
||||
-- it will generally be set upon execution of the kernel. Because of
|
||||
-- this, we can't (or don't really want to) detect/disable ACPI on !i386
|
||||
-- reliably. Just set it enabled if we detect it and leave well enough
|
||||
-- alone if we don't.
|
||||
local boot_acpi = core.isSystem386() and core.getACPIPresent(false)
|
||||
local boot_single = loader.getenv("boot_single") or "no"
|
||||
local boot_verbose = loader.getenv("boot_verbose") or "no"
|
||||
default_single_user = boot_single:lower() ~= "no"
|
||||
default_verbose = boot_verbose:lower() ~= "no"
|
||||
|
||||
if boot_acpi then
|
||||
core.setACPI(true)
|
||||
end
|
||||
core.setSingleUser(default_single_user)
|
||||
core.setVerbose(default_verbose)
|
||||
end
|
||||
|
||||
|
||||
-- Globals
|
||||
-- try_include will return the loaded module on success, or nil on failure.
|
||||
-- A message will also be printed on failure, with one exception: non-verbose
|
||||
@ -268,9 +292,9 @@ end
|
||||
|
||||
function core.setDefaults()
|
||||
core.setACPI(core.getACPIPresent(true))
|
||||
core.setSafeMode(false)
|
||||
core.setSingleUser(false)
|
||||
core.setVerbose(false)
|
||||
core.setSafeMode(default_safe_mode)
|
||||
core.setSingleUser(default_single_user)
|
||||
core.setVerbose(default_verbose)
|
||||
end
|
||||
|
||||
function core.autoboot(argstr)
|
||||
@ -367,13 +391,6 @@ function core.popFrontTable(tbl)
|
||||
return first_value, new_tbl
|
||||
end
|
||||
|
||||
-- On i386, hint.acpi.0.rsdp will be set before we're loaded. On !i386, it will
|
||||
-- generally be set upon execution of the kernel. Because of this, we can't (or
|
||||
-- don't really want to) detect/disable ACPI on !i386 reliably. Just set it
|
||||
-- enabled if we detect it and leave well enough alone if we don't.
|
||||
if core.isSystem386() and core.getACPIPresent(false) then
|
||||
core.setACPI(true)
|
||||
end
|
||||
|
||||
recordDefaults()
|
||||
hook.register("config.reloaded", core.clearCachedKernels)
|
||||
return core
|
||||
|
@ -52,7 +52,6 @@ options MSDOSFS # MSDOS Filesystem
|
||||
options CD9660 # ISO 9660 Filesystem
|
||||
options PROCFS # Process filesystem (requires PSEUDOFS)
|
||||
options PSEUDOFS # Pseudo-filesystem framework
|
||||
options GEOM_PART_GPT # GUID Partition Tables.
|
||||
options GEOM_RAID # Soft RAID functionality.
|
||||
options GEOM_LABEL # Provides labelization
|
||||
options EFIRT # EFI Runtime Services support
|
||||
|
@ -7,7 +7,6 @@ include MINIMAL
|
||||
ident GENERIC-MMCCAM
|
||||
|
||||
# Access GPT-formatted and labeled root volume
|
||||
options GEOM_PART_GPT
|
||||
options GEOM_LABEL
|
||||
|
||||
# UART -- for bhyve console
|
||||
|
@ -50,7 +50,6 @@ options MSDOSFS # MSDOS Filesystem
|
||||
options CD9660 # ISO 9660 Filesystem
|
||||
options PROCFS # Process filesystem (requires PSEUDOFS)
|
||||
options PSEUDOFS # Pseudo-filesystem framework
|
||||
options GEOM_PART_GPT # GUID Partition Tables.
|
||||
options GEOM_RAID # Soft RAID functionality.
|
||||
options GEOM_LABEL # Provides labelization
|
||||
options COMPAT_FREEBSD32 # Incomplete, but used by cloudabi32.ko.
|
||||
|
@ -2964,6 +2964,8 @@ dsl_scan_need_resilver(spa_t *spa, const dva_t *dva, size_t psize,
|
||||
{
|
||||
vdev_t *vd;
|
||||
|
||||
vd = vdev_lookup_top(spa, DVA_GET_VDEV(dva));
|
||||
|
||||
if (vd->vdev_ops == &vdev_indirect_ops) {
|
||||
/*
|
||||
* The indirect vdev can point to multiple
|
||||
@ -2974,6 +2976,7 @@ dsl_scan_need_resilver(spa_t *spa, const dva_t *dva, size_t psize,
|
||||
*/
|
||||
return (B_TRUE);
|
||||
}
|
||||
|
||||
if (DVA_GET_GANG(dva)) {
|
||||
/*
|
||||
* Gang members may be spread across multiple
|
||||
@ -2986,8 +2989,6 @@ dsl_scan_need_resilver(spa_t *spa, const dva_t *dva, size_t psize,
|
||||
return (B_TRUE);
|
||||
}
|
||||
|
||||
vd = vdev_lookup_top(spa, DVA_GET_VDEV(dva));
|
||||
|
||||
/*
|
||||
* Check if the txg falls within the range which must be
|
||||
* resilvered. DVAs outside this range can always be skipped.
|
||||
|
@ -1804,13 +1804,11 @@ em_if_update_admin_status(if_ctx_t ctx)
|
||||
}
|
||||
iflib_link_state_change(ctx, LINK_STATE_UP,
|
||||
IF_Mbps(adapter->link_speed));
|
||||
printf("Link state changed to up\n");
|
||||
} else if (!link_check && (adapter->link_active == 1)) {
|
||||
adapter->link_speed = 0;
|
||||
adapter->link_duplex = 0;
|
||||
adapter->link_active = 0;
|
||||
iflib_link_state_change(ctx, LINK_STATE_DOWN, 0);
|
||||
printf("Link state changed to down\n");
|
||||
}
|
||||
em_update_stats_counters(adapter);
|
||||
|
||||
|
@ -152,7 +152,6 @@ igb_tx_ctx_setup(struct tx_ring *txr, if_pkt_info_t pi, u32 *cmd_type_len, u32 *
|
||||
u32 vlan_macip_lens, type_tucmd_mlhl;
|
||||
u32 mss_l4len_idx;
|
||||
mss_l4len_idx = vlan_macip_lens = type_tucmd_mlhl = 0;
|
||||
int offload = TRUE;
|
||||
|
||||
/* First check if TSO is to be used */
|
||||
if (pi->ipi_csum_flags & CSUM_TSO)
|
||||
@ -186,7 +185,6 @@ igb_tx_ctx_setup(struct tx_ring *txr, if_pkt_info_t pi, u32 *cmd_type_len, u32 *
|
||||
type_tucmd_mlhl |= E1000_ADVTXD_TUCMD_IPV6;
|
||||
break;
|
||||
default:
|
||||
offload = FALSE;
|
||||
break;
|
||||
}
|
||||
|
||||
@ -195,25 +193,27 @@ igb_tx_ctx_setup(struct tx_ring *txr, if_pkt_info_t pi, u32 *cmd_type_len, u32 *
|
||||
|
||||
switch (pi->ipi_ipproto) {
|
||||
case IPPROTO_TCP:
|
||||
if (pi->ipi_csum_flags & (CSUM_IP_TCP | CSUM_IP6_TCP))
|
||||
if (pi->ipi_csum_flags & (CSUM_IP_TCP | CSUM_IP6_TCP)) {
|
||||
type_tucmd_mlhl |= E1000_ADVTXD_TUCMD_L4T_TCP;
|
||||
*olinfo_status |= E1000_TXD_POPTS_TXSM << 8;
|
||||
}
|
||||
break;
|
||||
case IPPROTO_UDP:
|
||||
if (pi->ipi_csum_flags & (CSUM_IP_UDP | CSUM_IP6_UDP))
|
||||
if (pi->ipi_csum_flags & (CSUM_IP_UDP | CSUM_IP6_UDP)) {
|
||||
type_tucmd_mlhl |= E1000_ADVTXD_TUCMD_L4T_UDP;
|
||||
*olinfo_status |= E1000_TXD_POPTS_TXSM << 8;
|
||||
}
|
||||
break;
|
||||
case IPPROTO_SCTP:
|
||||
if (pi->ipi_csum_flags & (CSUM_IP_SCTP | CSUM_IP6_SCTP))
|
||||
if (pi->ipi_csum_flags & (CSUM_IP_SCTP | CSUM_IP6_SCTP)) {
|
||||
type_tucmd_mlhl |= E1000_ADVTXD_TUCMD_L4T_SCTP;
|
||||
*olinfo_status |= E1000_TXD_POPTS_TXSM << 8;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
offload = FALSE;
|
||||
break;
|
||||
}
|
||||
|
||||
if (offload) /* For the TX descriptor setup */
|
||||
*olinfo_status |= E1000_TXD_POPTS_TXSM << 8;
|
||||
|
||||
/* 82575 needs the queue index added */
|
||||
if (adapter->hw.mac.type == e1000_82575)
|
||||
mss_l4len_idx = txr->me << 4;
|
||||
|
@ -905,28 +905,6 @@ static void mlx4_en_do_multicast(struct mlx4_en_priv *priv,
|
||||
priv->flags &= ~MLX4_EN_FLAG_MC_PROMISC;
|
||||
}
|
||||
|
||||
/* Update unicast list */
|
||||
mlx4_en_cache_uclist(dev);
|
||||
|
||||
update_addr_list_flags(priv, &priv->curr_uc_list, &priv->uc_list);
|
||||
|
||||
list_for_each_entry_safe(addr_list, tmp, &priv->curr_uc_list, list) {
|
||||
if (addr_list->action == MLX4_ADDR_LIST_REM) {
|
||||
mlx4_en_uc_steer_release(priv, addr_list->addr,
|
||||
priv->rss_map.indir_qp.qpn,
|
||||
addr_list->reg_id);
|
||||
/* remove from list */
|
||||
list_del(&addr_list->list);
|
||||
kfree(addr_list);
|
||||
} else if (addr_list->action == MLX4_ADDR_LIST_ADD) {
|
||||
err = mlx4_en_uc_steer_add(priv, addr_list->addr,
|
||||
&priv->rss_map.indir_qp.qpn,
|
||||
&addr_list->reg_id);
|
||||
if (err)
|
||||
en_err(priv, "Fail to add unicast address\n");
|
||||
}
|
||||
}
|
||||
|
||||
err = mlx4_SET_MCAST_FLTR(mdev->dev, priv->port, 0,
|
||||
0, MLX4_MCAST_DISABLE);
|
||||
if (err)
|
||||
@ -996,6 +974,36 @@ static void mlx4_en_do_multicast(struct mlx4_en_priv *priv,
|
||||
}
|
||||
}
|
||||
|
||||
static void mlx4_en_do_unicast(struct mlx4_en_priv *priv,
|
||||
struct net_device *dev,
|
||||
struct mlx4_en_dev *mdev)
|
||||
{
|
||||
struct mlx4_en_addr_list *addr_list, *tmp;
|
||||
int err;
|
||||
|
||||
/* Update unicast list */
|
||||
mlx4_en_cache_uclist(dev);
|
||||
|
||||
update_addr_list_flags(priv, &priv->curr_uc_list, &priv->uc_list);
|
||||
|
||||
list_for_each_entry_safe(addr_list, tmp, &priv->curr_uc_list, list) {
|
||||
if (addr_list->action == MLX4_ADDR_LIST_REM) {
|
||||
mlx4_en_uc_steer_release(priv, addr_list->addr,
|
||||
priv->rss_map.indir_qp.qpn,
|
||||
addr_list->reg_id);
|
||||
/* remove from list */
|
||||
list_del(&addr_list->list);
|
||||
kfree(addr_list);
|
||||
} else if (addr_list->action == MLX4_ADDR_LIST_ADD) {
|
||||
err = mlx4_en_uc_steer_add(priv, addr_list->addr,
|
||||
&priv->rss_map.indir_qp.qpn,
|
||||
&addr_list->reg_id);
|
||||
if (err)
|
||||
en_err(priv, "Fail to add unicast address\n");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static void mlx4_en_do_set_rx_mode(struct work_struct *work)
|
||||
{
|
||||
struct mlx4_en_priv *priv = container_of(work, struct mlx4_en_priv,
|
||||
@ -1026,17 +1034,19 @@ static void mlx4_en_do_set_rx_mode(struct work_struct *work)
|
||||
}
|
||||
}
|
||||
|
||||
/* Set unicast rules */
|
||||
mlx4_en_do_unicast(priv, dev, mdev);
|
||||
|
||||
/* Promsicuous mode: disable all filters */
|
||||
if ((dev->if_flags & IFF_PROMISC) ||
|
||||
(priv->flags & MLX4_EN_FLAG_FORCE_PROMISC)) {
|
||||
mlx4_en_set_promisc_mode(priv, mdev);
|
||||
goto out;
|
||||
} else if (priv->flags & MLX4_EN_FLAG_PROMISC) {
|
||||
/* Not in promiscuous mode */
|
||||
mlx4_en_clear_promisc_mode(priv, mdev);
|
||||
}
|
||||
|
||||
/* Not in promiscuous mode */
|
||||
if (priv->flags & MLX4_EN_FLAG_PROMISC)
|
||||
mlx4_en_clear_promisc_mode(priv, mdev);
|
||||
|
||||
/* Set multicast rules */
|
||||
mlx4_en_do_multicast(priv, dev, mdev);
|
||||
out:
|
||||
mutex_unlock(&mdev->state_lock);
|
||||
|
@ -51,7 +51,6 @@ options MSDOSFS # MSDOS Filesystem
|
||||
options CD9660 # ISO 9660 Filesystem
|
||||
options PROCFS # Process filesystem (requires PSEUDOFS)
|
||||
options PSEUDOFS # Pseudo-filesystem framework
|
||||
options GEOM_PART_GPT # GUID Partition Tables.
|
||||
options GEOM_RAID # Soft RAID functionality.
|
||||
options GEOM_LABEL # Provides labelization
|
||||
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
|
||||
|
@ -1393,11 +1393,12 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags)
|
||||
* there is a duplicate on a jail with more than one
|
||||
* IP stop checking and return error.
|
||||
*/
|
||||
tppr = ppr;
|
||||
#ifdef VIMAGE
|
||||
for (; tppr != &prison0; tppr = tppr->pr_parent)
|
||||
for (tppr = ppr; tppr != &prison0; tppr = tppr->pr_parent)
|
||||
if (tppr->pr_flags & PR_VNET)
|
||||
break;
|
||||
#else
|
||||
tppr = &prison0;
|
||||
#endif
|
||||
FOREACH_PRISON_DESCENDANT(tppr, tpr, descend) {
|
||||
if (tpr == pr ||
|
||||
@ -1460,11 +1461,12 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags)
|
||||
}
|
||||
}
|
||||
/* Check for conflicting IP addresses. */
|
||||
tppr = ppr;
|
||||
#ifdef VIMAGE
|
||||
for (; tppr != &prison0; tppr = tppr->pr_parent)
|
||||
for (tppr = ppr; tppr != &prison0; tppr = tppr->pr_parent)
|
||||
if (tppr->pr_flags & PR_VNET)
|
||||
break;
|
||||
#else
|
||||
tppr = &prison0;
|
||||
#endif
|
||||
FOREACH_PRISON_DESCENDANT(tppr, tpr, descend) {
|
||||
if (tpr == pr ||
|
||||
|
@ -262,11 +262,12 @@ ip_output(struct mbuf *m, struct mbuf *opt, struct route *ro, int flags,
|
||||
ip->ip_v = IPVERSION;
|
||||
ip->ip_hl = hlen >> 2;
|
||||
ip_fillid(ip);
|
||||
IPSTAT_INC(ips_localout);
|
||||
} else {
|
||||
/* Header already set, fetch hlen from there */
|
||||
hlen = ip->ip_hl << 2;
|
||||
}
|
||||
if ((flags & IP_FORWARDING) == 0)
|
||||
IPSTAT_INC(ips_localout);
|
||||
|
||||
/*
|
||||
* dst/gw handling:
|
||||
|
@ -4983,7 +4983,6 @@ sctp_arethere_unrecognized_parameters(struct mbuf *in_initpkt,
|
||||
struct sctp_paramhdr *phdr, params;
|
||||
|
||||
struct mbuf *mat, *op_err;
|
||||
char tempbuf[SCTP_PARAM_BUFFER_SIZE];
|
||||
int at, limit, pad_needed;
|
||||
uint16_t ptype, plen, padded_size;
|
||||
int err_at;
|
||||
@ -5123,15 +5122,13 @@ sctp_arethere_unrecognized_parameters(struct mbuf *in_initpkt,
|
||||
l_len = SCTP_MIN_V4_OVERHEAD;
|
||||
#endif
|
||||
l_len += sizeof(struct sctp_chunkhdr);
|
||||
l_len += plen;
|
||||
l_len += sizeof(struct sctp_paramhdr);
|
||||
l_len += sizeof(struct sctp_gen_error_cause);
|
||||
op_err = sctp_get_mbuf_for_msg(l_len, 0, M_NOWAIT, 1, MT_DATA);
|
||||
if (op_err) {
|
||||
SCTP_BUF_LEN(op_err) = 0;
|
||||
/*
|
||||
* pre-reserve space for ip
|
||||
* and sctp header and
|
||||
* chunk hdr
|
||||
* Pre-reserve space for IP,
|
||||
* SCTP, and chunk header.
|
||||
*/
|
||||
#ifdef INET6
|
||||
SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr));
|
||||
@ -5144,7 +5141,7 @@ sctp_arethere_unrecognized_parameters(struct mbuf *in_initpkt,
|
||||
}
|
||||
if (op_err) {
|
||||
/* If we have space */
|
||||
struct sctp_paramhdr s;
|
||||
struct sctp_gen_error_cause cause;
|
||||
|
||||
if (err_at % 4) {
|
||||
uint32_t cpthis = 0;
|
||||
@ -5153,26 +5150,15 @@ sctp_arethere_unrecognized_parameters(struct mbuf *in_initpkt,
|
||||
m_copyback(op_err, err_at, pad_needed, (caddr_t)&cpthis);
|
||||
err_at += pad_needed;
|
||||
}
|
||||
s.param_type = htons(SCTP_CAUSE_UNRESOLVABLE_ADDR);
|
||||
s.param_length = htons(sizeof(s) + plen);
|
||||
m_copyback(op_err, err_at, sizeof(s), (caddr_t)&s);
|
||||
err_at += sizeof(s);
|
||||
if (plen > sizeof(tempbuf)) {
|
||||
plen = sizeof(tempbuf);
|
||||
}
|
||||
phdr = sctp_get_next_param(mat, at, (struct sctp_paramhdr *)tempbuf, plen);
|
||||
if (phdr == NULL) {
|
||||
cause.code = htons(SCTP_CAUSE_UNRESOLVABLE_ADDR);
|
||||
cause.length = htons((uint16_t)(sizeof(struct sctp_gen_error_cause) + plen));
|
||||
m_copyback(op_err, err_at, sizeof(struct sctp_gen_error_cause), (caddr_t)&cause);
|
||||
err_at += sizeof(struct sctp_gen_error_cause);
|
||||
SCTP_BUF_NEXT(op_err) = SCTP_M_COPYM(mat, at, plen, M_NOWAIT);
|
||||
if (SCTP_BUF_NEXT(op_err) == NULL) {
|
||||
sctp_m_freem(op_err);
|
||||
/*
|
||||
* we are out of memory but
|
||||
* we still need to have a
|
||||
* look at what to do (the
|
||||
* system is in trouble
|
||||
* though).
|
||||
*/
|
||||
return (NULL);
|
||||
}
|
||||
m_copyback(op_err, err_at, plen, (caddr_t)phdr);
|
||||
}
|
||||
return (op_err);
|
||||
break;
|
||||
@ -5196,7 +5182,6 @@ sctp_arethere_unrecognized_parameters(struct mbuf *in_initpkt,
|
||||
l_len = SCTP_MIN_V4_OVERHEAD;
|
||||
#endif
|
||||
l_len += sizeof(struct sctp_chunkhdr);
|
||||
l_len += plen;
|
||||
l_len += sizeof(struct sctp_paramhdr);
|
||||
op_err = sctp_get_mbuf_for_msg(l_len, 0, M_NOWAIT, 1, MT_DATA);
|
||||
if (op_err) {
|
||||
@ -5222,14 +5207,11 @@ sctp_arethere_unrecognized_parameters(struct mbuf *in_initpkt,
|
||||
err_at += pad_needed;
|
||||
}
|
||||
s.param_type = htons(SCTP_UNRECOG_PARAM);
|
||||
s.param_length = htons(sizeof(s) + plen);
|
||||
m_copyback(op_err, err_at, sizeof(s), (caddr_t)&s);
|
||||
err_at += sizeof(s);
|
||||
if (plen > sizeof(tempbuf)) {
|
||||
plen = sizeof(tempbuf);
|
||||
}
|
||||
phdr = sctp_get_next_param(mat, at, (struct sctp_paramhdr *)tempbuf, plen);
|
||||
if (phdr == NULL) {
|
||||
s.param_length = htons((uint16_t)sizeof(struct sctp_paramhdr) + plen);
|
||||
m_copyback(op_err, err_at, sizeof(struct sctp_paramhdr), (caddr_t)&s);
|
||||
err_at += sizeof(struct sctp_paramhdr);
|
||||
SCTP_BUF_NEXT(op_err) = SCTP_M_COPYM(mat, at, plen, M_NOWAIT);
|
||||
if (SCTP_BUF_NEXT(op_err) == NULL) {
|
||||
sctp_m_freem(op_err);
|
||||
/*
|
||||
* we are out of memory but
|
||||
@ -5241,7 +5223,6 @@ sctp_arethere_unrecognized_parameters(struct mbuf *in_initpkt,
|
||||
op_err = NULL;
|
||||
goto more_processing;
|
||||
}
|
||||
m_copyback(op_err, err_at, plen, (caddr_t)phdr);
|
||||
err_at += plen;
|
||||
}
|
||||
}
|
||||
|
@ -41,6 +41,7 @@ options INET6 #IPv6 communications protocols
|
||||
options IPSEC # IP (v4/v6) security
|
||||
options IPSEC_SUPPORT # Allow kldload of ipsec and tcpmd5
|
||||
options TCP_HHOOK # hhook(9) framework for TCP
|
||||
options TCP_RFC7413 # TCP Fast Open
|
||||
options SCTP #Stream Control Transmission Protocol
|
||||
options FFS #Berkeley Fast Filesystem
|
||||
options SOFTUPDATES #Enable FFS soft updates support
|
||||
|
@ -40,6 +40,7 @@ options VIMAGE # Subsystem virtualization, e.g. VNET
|
||||
options INET #InterNETworking
|
||||
options INET6 #IPv6 communications protocols
|
||||
options TCP_HHOOK # hhook(9) framework for TCP
|
||||
options TCP_RFC7413 # TCP Fast Open
|
||||
options SCTP #Stream Control Transmission Protocol
|
||||
options FFS #Berkeley Fast Filesystem
|
||||
options SOFTUPDATES #Enable FFS soft updates support
|
||||
|
@ -95,8 +95,6 @@ static int opalpci_route_interrupt(device_t bus, device_t dev, int pin);
|
||||
*/
|
||||
static void opalpic_pic_enable(device_t dev, u_int irq, u_int vector);
|
||||
static void opalpic_pic_eoi(device_t dev, u_int irq);
|
||||
static void opalpic_pic_mask(device_t dev, u_int irq);
|
||||
static void opalpic_pic_unmask(device_t dev, u_int irq);
|
||||
|
||||
/*
|
||||
* Commands
|
||||
@ -143,8 +141,6 @@ static device_method_t opalpci_methods[] = {
|
||||
/* PIC interface for MSIs */
|
||||
DEVMETHOD(pic_enable, opalpic_pic_enable),
|
||||
DEVMETHOD(pic_eoi, opalpic_pic_eoi),
|
||||
DEVMETHOD(pic_mask, opalpic_pic_mask),
|
||||
DEVMETHOD(pic_unmask, opalpic_pic_unmask),
|
||||
|
||||
DEVMETHOD_END
|
||||
};
|
||||
@ -650,7 +646,10 @@ opalpci_map_msi(device_t dev, device_t child, int irq, uint64_t *addr,
|
||||
static void
|
||||
opalpic_pic_enable(device_t dev, u_int irq, u_int vector)
|
||||
{
|
||||
struct opalpci_softc *sc = device_get_softc(dev);
|
||||
|
||||
PIC_ENABLE(root_pic, irq, vector);
|
||||
opal_call(OPAL_PCI_MSI_EOI, sc->phb_id, irq);
|
||||
}
|
||||
|
||||
static void opalpic_pic_eoi(device_t dev, u_int irq)
|
||||
@ -662,21 +661,3 @@ static void opalpic_pic_eoi(device_t dev, u_int irq)
|
||||
|
||||
PIC_EOI(root_pic, irq);
|
||||
}
|
||||
|
||||
static void opalpic_pic_mask(device_t dev, u_int irq)
|
||||
{
|
||||
PIC_MASK(root_pic, irq);
|
||||
}
|
||||
|
||||
static void opalpic_pic_unmask(device_t dev, u_int irq)
|
||||
{
|
||||
struct opalpci_softc *sc;
|
||||
|
||||
sc = device_get_softc(dev);
|
||||
|
||||
PIC_UNMASK(root_pic, irq);
|
||||
|
||||
opal_call(OPAL_PCI_MSI_EOI, sc->phb_id, irq);
|
||||
}
|
||||
|
||||
|
||||
|
@ -381,17 +381,9 @@ xicp_dispatch(device_t dev, struct trapframe *tf)
|
||||
}
|
||||
xirr &= 0x00ffffff;
|
||||
|
||||
if (xirr == 0) { /* No more pending interrupts? */
|
||||
if (regs)
|
||||
bus_write_1(regs, 4, 0xff);
|
||||
#ifdef POWERNV
|
||||
else if (sc->xics_emu)
|
||||
opal_call(OPAL_INT_SET_CPPR, 0xff);
|
||||
#endif
|
||||
else
|
||||
phyp_hcall(H_CPPR, (uint64_t)0xff);
|
||||
if (xirr == 0) /* No more pending interrupts? */
|
||||
break;
|
||||
}
|
||||
|
||||
if (xirr == XICP_IPI) { /* Magic number for IPIs */
|
||||
xirr = MAX_XICP_IRQS; /* Map to FreeBSD magic */
|
||||
|
||||
@ -471,7 +463,7 @@ xicp_eoi(device_t dev, u_int irq)
|
||||
|
||||
if (irq == MAX_XICP_IRQS) /* Remap IPI interrupt to internal value */
|
||||
irq = XICP_IPI;
|
||||
xirr = irq | (XICP_PRIORITY << 24);
|
||||
xirr = irq | (0xff << 24);
|
||||
|
||||
#ifdef POWERNV
|
||||
if (mfmsr() & PSL_HV) {
|
||||
|
@ -461,6 +461,10 @@ static struct syscall decoded_syscalls[] = {
|
||||
{ .name = "setsockopt", .ret_type = 1, .nargs = 5,
|
||||
.args = { { Int, 0 }, { Sockoptlevel, 1 }, { Sockoptname, 2 },
|
||||
{ Ptr | IN, 3 }, { Socklent, 4 } } },
|
||||
{ .name = "shm_open", .ret_type = 1, .nargs = 3,
|
||||
.args = { { Name | IN, 0 }, { Open, 1 }, { Octal, 2 } } },
|
||||
{ .name = "shm_unlink", .ret_type = 1, .nargs = 1,
|
||||
.args = { { Name | IN, 0 } } },
|
||||
{ .name = "shutdown", .ret_type = 1, .nargs = 2,
|
||||
.args = { { Int, 0 }, { Shutdown, 1 } } },
|
||||
{ .name = "sigaction", .ret_type = 1, .nargs = 3,
|
||||
|
Loading…
Reference in New Issue
Block a user