Commit Graph

253299 Commits

Author SHA1 Message Date
shurd
06b406febd Add knob to control tx ring abdication.
r323954 changed the mp ring behaviour when 64-bit atomics were
available to abdicate the TX ring rather than having one become a
consumer thereby running to completion on TX. The consumer of the mp
ring was then triggered in the tx task rather than blocking the TX call.
While this significantly lowered the number of RX drops in small-packet
forwarding, it also negatively impacts TX performance.

With this change, the default behaviour is reverted, causing one TX ring
to become a consumer during the enqueue call. A new sysctl,
dev.X.Y.iflib.tx_abdicate is added to control this behaviour.

Reviewed by:	gallatin
Sponsored by:	Limelight Networks
Differential Revision:	https://reviews.freebsd.org/D16302
2018-07-20 17:45:26 +00:00
shurd
4db9126b14 Improve netmap TX handling when TX IRQs are not used/supported
Use the timer to poll for TX completions when there are
outstanding TX slots. Track when the last driver timer was called
to prevent overcalling it. Also clean up some kring vs NIC ring
usage.

Reviewed by:	marius, Johannes Lundberg <johalun0@gmail.com>
Sponsored by:	Limelight Networks
Differential Revision:	https://reviews.freebsd.org/D16300
2018-07-20 17:24:45 +00:00
markj
d1498f4e3a Add support for pmap_enter(psind = 1) to the arm64 pmap.
See the commit log messages for r321378 and r336288 for descriptions of
this functionality.

Reviewed by:	alc
Differential Revision:	https://reviews.freebsd.org/D16303
2018-07-20 16:37:04 +00:00
alc
2d577dea62 Annotate a parameter as unused.
X-MFC with:	r336288
2018-07-20 16:31:25 +00:00
markj
a8c7d78955 Initialize the L3 page's wire count correctly after a L2 entry demotion.
Reviewed by:	alc
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D16303
2018-07-20 16:31:08 +00:00
jhibbits
c0ec351d24 vt/ofwfb: Fix brain-o from r336514, use the correct form of /chosen/stdout-path
/chosen/stdout-path is a string, not ihandle.  Treat it as such.

With this, ofwfb now starts correctly on a POWER9 system when launched from
the local console (not serial).
2018-07-20 16:18:24 +00:00
jhibbits
21a2b718bd vt/ofwfb: Check that /chosen/stdout is valid before using it in initialization
The FDT implementation of OF_instance_to_package() backend checks the
cross-reference to get the node.  On failure, this returns the input handle
unchanged.  In the case of ofwfb attachment, if /chosen/stdout property does not
exist, sc->sc_handle is either garbage or 0, which then gets propagated to node.
This will prevent "screen" from being used, resulting in not properly attaching.
Correct this by matching the code in ofwfb_probe().
2018-07-20 16:08:14 +00:00
ian
ac88e0d097 Apply some late-arriving markup suggestions from the phab review, and add a
paragraph that mentions the possibility of starting ntpd as a non-root user
rather than starting it as root and using its '-u' option to drop root privs
after startup.

Differential Revision:	 https://reviews.freebsd.org/D16281
2018-07-20 16:06:44 +00:00
tuexen
7f7ead5426 Test that the dtrace UDP receive probe fires.
This test ensures that the fix committed in
https://svnweb.freebsd.org/changeset/base/336551
actually works.

Reviewed by:		dteske@, markj@, rrs@
Sponsored by:		Netflix, Inc.
Differential Revision:	https://reviews.freebsd.org/D16046
2018-07-20 15:37:29 +00:00
tuexen
ff46e28acc Add missing dtrace probes for received UDP packets.
Fire UDP receive probes when a packet is received and there is no
endpoint consuming it. Fire the probe also if the TTL of the
received packet is smaller than the minimum required by the endpoint.

Clarify also in the man page, when the probe fires.

Reviewed by:		dteske@, markj@, rrs@
Sponsored by:		Netflix, Inc.
Differential Revision:	https://reviews.freebsd.org/D16046
2018-07-20 15:32:20 +00:00
trasz
3f3eef570d Document kernel/signal/crashdump devd(8) notification.
Discussed with:	kib@
MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D16323
2018-07-20 14:32:36 +00:00
ian
ec014f8e40 Support installing manpages for multiple or alternate architecture(s).
Some section-4 manpages are architecture-specific, and the build process
currently generates only the pages for the MACHINE_CPUARCH being built.
man(1) supports a '-m' option to find manpages belonging to an arbitrary
architecture other than the MACHINE_[CPU]ARCH, but we have no way to
generate and install alternate-arch pages right now.

This change adds a new make.conf variable, MAN_ARCH, which can be a list of
one or more MACHINE_ARCH or MACHINE_CPUARCH values. All arch-specific
manpages that exist for the named arches will be installed. If unset, it
continues the behavior of installing just the MACHINE_CPUARCH being built.

Differential Revision:	https://reviews.freebsd.org/D16198
2018-07-20 14:23:01 +00:00
ian
c8e20b8457 Automatically run ntpd as non-root when possible.
Ntpd needs only a subset of full root privileges to do its job. Specifically
it needs the ability to manipulate system time, and to re-bind to a
privileged UDP port after interface changes. The mac_ntpd(4) policy module
(see r336525) can grant these privs.

These changes detect the availability of mac_ntpd(4). If enabled, and if the
ntpd configuration is fairly vanilla, it automatically runs ntpd as the
non-root user 'ntpd' (uid 123). "Vanilla" means the config doesn't include
command line or ntp.conf options changing the location of files or using any
files/dirs likely to be inaccessible to user ntpd.  Ntpd can still run as
non-root when using such options, but the admin must ensure all required
files and dirs are accessible, and then set ntpd_user=ntpd in rc.conf.

Note that these changes also address PR 199127 by using the command_args
technique suggested in the patch. They also tangentially address PR 113552,
which is primarily about inconsistent filenames in documentation, but some
of the inconsistancy was caused by old code in rc.d/ntpd which is leftover
from the intial import from netbsd. There was code to do chroot setup which
required the use of the netbsd clockctl(4) device; that code never had any
effect on freebsd, because we lack that device and don't build ntpd with the
options that would allow using it.

PR:		113552 199127
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D16050
2018-07-20 13:59:29 +00:00
0mp
66884c1e21 Add SPDX tags to example manual pages and POSIX copyright.
Reviewed by:	eadler
Approved by:	mat (mentor)
Differential Revision:	https://reviews.freebsd.org/D14958
2018-07-20 13:45:09 +00:00
bde
f9cb61fe19 Centralize the complications for special efficient rounding to integers.
This was open-coded in range reduction for trig and exp functions.  Now
there are 3 static inline functions rnint[fl]() that replace open-coded
expressions, and type-generic irint() and i64rint() macros that hide the
complications for efficiently using non-generic irint() and irintl()
functions and casts.

Special details:

ld128/e_rem_pio2l.h needs to use i64rint() since it needs a 46-bit integer
result.  Everything else only needs a (less than) 32-bit integer result so
uses irint().

Float and double cases now use float_t and double_t locally instead of
STRICT_ASSIGN() to avoid bugs in extra precision.

On amd64, inline asm is now only used for irint() on long doubles.  The SSE
asm for irint() on amd64 only existed because the ifdef tangles made the
correct method of simply casting to int for this case non-obvious.
2018-07-20 12:42:24 +00:00
rmacklem
7c83f50683 Set SO_SNDTIMEO in the client side krpc when CLSET_TIMEOUT is done.
During testing of the pNFS client, it was observed that an RPC could get
stuck in sosend() for a very long time if the network connection to a DS
had failed. This is fixed by setting SO_SNDTIMEO on the TCP socket.
This is only done when CLSET_TIMEOUT is done and this is not done by any
use of the krpc currently in the source tree, so there should be no effect
on extant uses.
A future patch will use CLSET_TIMEOUT for TCP connections to DSs.

Reviewed by:	kib
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D16293
2018-07-20 12:03:16 +00:00
delphij
94b5fd4fb9 libcrypt: There is no need to clear message digest context after they
are finialized after r336539, so do not do it.

Submitted by:	David CARLIER <devnexen gmail com>
MFC after:	1 month (after r336539)
Differential Revision:	https://reviews.freebsd.org/D16059
2018-07-20 07:16:28 +00:00
delphij
be254dfc24 Get rid of unused variables.
copied_key and copied_salt are assigned with NULL and never used
otherwise. Remove the two variables and related code.

Reviewed by:	pfg
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D16314
2018-07-20 07:07:27 +00:00
delphij
8f0497f698 libmd: Always erase context in _Final method, and when doing
it, consistently use explicit_bzero().

Update manual pages to match the behavior.

Reviewed by:	pfg, allanjude, jmg
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D16316
2018-07-20 07:01:28 +00:00
imp
2e338ed14a Bump version to 1200075 for zfsloader being folded into loader.
As an aside: 1200074 should be used as the last version with big
endian arm support, should that be needed. it was actually removed
a day later, but no bump was made until now.
2018-07-20 05:34:02 +00:00
imp
08e95249f3 Mention zfsloader being folded into loader in UPDATING. 2018-07-20 05:26:36 +00:00
imp
f37de65a68 Remove three stray instances of zfsloader. 2018-07-20 05:26:14 +00:00
imp
6246c1a802 Hoist EFI_TARGET and SOURCE_DATE_EPOCH up into efi/Makefile.inc 2018-07-20 05:18:03 +00:00
imp
b730d2077c NM and OBJCOPY are already defined for all builds. There's no need to
conditionally define them here.
2018-07-20 05:17:56 +00:00
imp
94917d4294 Eliminate zfsloader man page.
Remove all cross references to zfsloader.8 and /boot/zfsloader.
Move ZFS specific info into loader.8.

Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D16361
2018-07-20 05:17:49 +00:00
imp
b5a5a7b9ae Collapse zfsloader functionality back down into loader.
We no longer really need a separate zfsloader. It was useful when we
were first supporting ZFS and had limited ability to properly boot off
of ZFS without the special boot loader. Now that the boot loader has
matured, go the way loader.efi pioneered and just build one
binary. Change the name of the loader to load in the secondary boot
blocks to be just /boot/loader. Provide a symbolic link from zfsloader
to loader so people who have not upgraded their boot blocks are not
affected. This has the happy benefit of making coexistence easier as
well (fewer binaries in the matrix).

Discussed with: allanjude@, kevans@
RelNotes: Yes
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D16361
2018-07-20 05:17:37 +00:00
cy
b8c31c04aa Remove a redundant declaration.
While at it add a blank line, conforming with the convention
used in this file.

X-MFC-with:	r336203
2018-07-20 02:25:39 +00:00
cy
e987836b97 To reduce our diff between our sources and our upline, sync up
with upline. Also making it easier to read.

Obtained from:	diffing base with ports
X-MFC-with:	r336203
2018-07-20 02:17:19 +00:00
cy
548c769385 MFV: r336486
Prevent reinstallation of an already in-use group key.
Upline git commit cb5132bb35698cc0c743e34fe0e845dfc4c3e410.

Obtained from:	https://w1.fi/security/2017-1/\
		rebased-v2.6-0002-Prevent-reinstallation-\
		of-an-already-in-use-group-ke.patch
X-MFC-with:	r336203
2018-07-20 02:04:10 +00:00
cy
fa7942bb42 Revert r336501. It was a of the wrong rev from the vendor branch. 2018-07-20 01:53:28 +00:00
cem
68ad9dcc43 cryptocheck: Correct mismatch between OpenSSL use and OCF Blake2
This corrects a mistake introduced to the cryptocheck tool in r331418.

Our CRYPTO_BLAKE2B and CRYPTO_BLAKE2S algorithms refer to either the plain,
unkeyed hashes (specified with cri_klen = 0), or a Blake2-specific keyed MAC
(when a cri_key is provided).

In contrast, OpenSSL's Blake2 algorithms only provide the plain hash.
Cryptocheck's T_HMAC corresponds to OpenSSL's HMAC() routine, which is the
ordinary HMAC construction applied to any plain, unkeyed hash.  We don't
have any HMAC-Blake2 cipher modes in OCF, so fix the test to only test
Blake2 as a plain hash.

(Ideally we would test keyed Blake2 as well, but that is left as future
work.)

PR:		229795
2018-07-20 01:51:05 +00:00
ian
235e280079 Add ntpd to the list of users/groups to check before installing. 2018-07-20 00:44:04 +00:00
ian
86596b2682 Make it possible to run ntpd as a non-root user, add ntpd uid and gid.
Code analysis and runtime analysis using truss(8) indicate that the only
privileged operations performed by ntpd are adjusting system time, and
(re-)binding to privileged UDP port 123. These changes add a new mac(4)
policy module, mac_ntpd(4), which grants just those privileges to any
process running with uid 123.

This also adds a new user and group, ntpd:ntpd, (uid:gid 123:123), and makes
them the owner of the /var/db/ntp directory, so that it can be used as a
location where the non-privileged daemon can write files such as the
driftfile, and any optional logfile or stats files.

Because there are so many ways to configure ntpd, the question of how to
configure it to run without root privs can be a bit complex, so that will be
addressed in a separate commit. These changes are just what's required to
grant the limited subset of privs to ntpd, and the small change to ntpd to
prevent it from exiting with an error if running as non-root.

Differential Revision:	https://reviews.freebsd.org/D16281
2018-07-19 23:55:29 +00:00
imp
981e3b7db8 Note big endian arm removal. 2018-07-19 23:54:18 +00:00
manu
4ff235e635 arm64: Add vt_efifb to GENERIC
We can now have efifb being setup correctly.
Enjoy video output on some boards when you couldn't before.

Tested-On:  Pine64
Tested-On:  Pine64-LTS
Tested-On:  Pinebook
2018-07-19 21:59:52 +00:00
manu
e3138eb7f6 Raise the size of L3 table for early devmap on arm64
Some driver (like efifb) needs to map more than the current L2_SIZE
Raise the size so we can map the framebuffer setup by the bootloader.

Reviewed by:	cognet
2018-07-19 21:58:06 +00:00
jhibbits
b8b7fc0fa7 Revert r336509. Fails buildworld.
I had naively assumed that building kernel would be sufficient to test that
the header is sane.  However, it turns out this now needs -fms-extensions to
build.  Rather than sprinkling -fms-extensions all over the place, revert
for now, and revisit with a better fix.
2018-07-19 21:06:58 +00:00
jhibbits
a002b96f56 ofwfb: Check for /chosen/stdout-path in addition to /chosen/stdout
Some platforms use /chosen/stdout-path as the property containing the path to
the stdout node, not /chosen/stdout.
2018-07-19 20:22:46 +00:00
tuexen
9bf2bb1b21 Whitespace changes due to changes in ident. 2018-07-19 20:16:33 +00:00
jhibbits
f177fc4b9c Merge the md_page structs for AIM and Book-E into a single unioned struct
Summary:
Ports like sysutils/lsof troll through kernel structures, and
therefore include kernel headers and all the dirty secrets involved.  struct
vm_page includes the struct md_page inline, which currently is only defined
if AIM or BOOKE is defined.  Thus, by default, sysutils/lsof cannot build,
due to the struct md_page having an incomplete type.  Fix this by merging
the two struct definitions into an anonymous struct-union.

A similar change could be made to unify the pmap structures as well.

Reviewed By: nwhitehorn
Differential Revision: https://reviews.freebsd.org/D16232
2018-07-19 20:13:33 +00:00
tuexen
14de4a3d5b Revert https://svnweb.freebsd.org/changeset/base/336503
since I also ran the export script with different parameters.
2018-07-19 20:11:14 +00:00
markj
d91d3f88e0 Delete an XXX comment addressed by r336505.
X-MFC with:	r336505
Sponsored by:	The FreeBSD Foundation
2018-07-19 20:11:08 +00:00
cy
f43e6aa05c MFV r336490:
Prevent installation of an all-zero TK.
This is also upline git commit 53bb18cc8b7a4da72e47e4b3752d0d2135cffb23.

Obtained from:	https://w1.fi/security/2017-1/\
		rebased-v2.6-0004-Prevent-installation-\
		of-an-all-zero-TK.patch
X-MFC-with:	r336203
2018-07-19 20:10:34 +00:00
markj
1810bcca4b Have preload_delete_name() free pages backing preloaded data.
On i386 and amd64, add a vm_phys segment for physical memory used to
store the kernel binary and other preloaded data.  This makes it
possible to free such memory back to the system once it is no longer
needed, e.g., when a preloaded kernel module is unloaded.  Previously,
it would have remained unused.

Reviewed by:	kib, royger
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D16330
2018-07-19 20:00:28 +00:00
markj
51d0d5bd24 Provide the full module path to preload_delete_name().
The basename will never match against the preload metadata, so these
calls previously had no effect.

Reviewed by:	kib, royger
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D16330
2018-07-19 19:50:42 +00:00
tuexen
5810243631 Whitespace changes due to change if ident. 2018-07-19 19:33:42 +00:00
cy
9739fb5020 MFV: r336486
Prevent reinstallation of an already in-use group key.
Upline git commit cb5132bb35698cc0c743e34fe0e845dfc4c3e410.

Obtained from:	https://w1.fi/security/2017-1/\
		rebased-v2.6-0002-Prevent-reinstallation-\
		of-an-already-in-use-group-ke.patch
X-MFC-with:	r336203
2018-07-19 19:22:26 +00:00
dim
bb5f954b4f Revert r336497 for now, as it breaks on architectures using gcc, with:
cc1: warnings being treated as errors
/usr/src/lib/msun/src/s_cpow.c: In function 'cpow':
/usr/src/lib/msun/src/s_cpow.c:63: warning: implicit declaration of function 'CMPLX'
2018-07-19 19:07:25 +00:00
cy
9f36f4327e MFV: r336485
Address: hostapd: Avoid key reinstallation in FT handshake

Obtained from:	https://w1.fi/security/2017-1/\
		rebased-v2.6-0001-hostapd-Avoid-key-\
		reinstallation-in-FT-handshake.patch
X-MFC-with:	r336203
2018-07-19 19:04:30 +00:00
kib
16aa04d663 When reporting an error, print the errno value.
Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
2018-07-19 19:03:18 +00:00