Commit Graph

253299 Commits

Author SHA1 Message Date
oshogbo
feba2ca94d Let geli deal with lost devices without crashing.
PR:		162036
Submitted by:	Fabian Keil <fk@fabiankeil.de>
Obtained from:	ElectroBSD
Discussed with: pjd@
2018-07-15 18:03:19 +00:00
marius
03ca6e751e As suggested by a comment in ixl_initialize_vsi(), use if_getcapenable(9)
instead of directly interrogating ifp->if_capenable.

Reviewed by:	erj (ixl_initialize_vsi())
Differential Revision:	https://reviews.freebsd.org/D15720 (part of)
2018-07-15 18:02:50 +00:00
oshogbo
b5ecd1b39f Fix declaration. 2018-07-15 17:31:50 +00:00
oshogbo
2acaabd2be Use capsicum helpers in fstype and ctld.
Reviewed by:	trasz
2018-07-15 17:21:19 +00:00
oshogbo
19512c3380 Extend amount of possible coredumps from 10 to 100000 when using index format.
The amount of digits in the name of corefile is assigned dynamically.

Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D16118
2018-07-15 17:10:12 +00:00
jilles
56dee474e0 sh: Don't use padvance() for MAIL/MAILPATH
Using padvance() requires undoing its append of '/' and prevents adjusting
its '%' logic to allow most directories with '%' in PATH.

No functional change is intended.
2018-07-15 09:14:30 +00:00
imp
5991b259dc Use EF_SEG_READ_STRING instead of EF_SEG_READ when reading strings.
Normally, we can get away with just reading the 1k buffer for the
string, since the placement of the data is generally no where near the
end of the file. However, it's possible that the string is within the
last 1k of the file, in which case the read will fail, and we'll not
produce the proper records needed for devmatch to work. By reading
using EF_SEG_READ_STRING, we automatically work around these problems
while still retaining safety.

This fix a problem with devmatch where we wouldn't load certain
modules (like ums). This didn't always happen (my tree didn't exhibit
it, while nathan's did because his optimization options were more
agressive).

Reported by: nathanw@
2018-07-15 05:29:39 +00:00
mmacy
fd2ad050dc acquire inp lock around ip6_pcbopt to fix IPV6_TCLASS panic
Simple fix to address panics relating to setting IPV6_TCLASS
with setsockopt(). The premise of this change is that it is
ok to call malloc with M_NOWAIT while holding a lock on the
in6p.

If it later turns out that it is not ok, then major surgery
will be required, as ip6_setpktopt() will have to be fixed
(as it also calls malloc with M_NOWAIT) which pulls in the
ip6_pcbopts(), ip6_setpktopts(), ip6_setpktopt() call chain.

Submitted by:	Jason Eggnet
Reviewed by:	rrs, transport, sbruno
Sponsored by:	Limelight Networks
Differential Revision:	https://reviews.freebsd.org/D16201
2018-07-15 00:47:06 +00:00
mmacy
211029bcd0 epoch_test: fix compile
- update to new interface

Reported by:	manu
2018-07-15 00:31:17 +00:00
mmacy
123afd0134 msun: add ld80/ld128 powl, cpow, cpowf, cpowl from openbsd
This corresponds to the latest status (hasn't changed in 9+
years) from openbsd of ld80/ld128 powl, and source cpowf, cpow,
cpowl (the complex power functions for float complex, double
complex, and long double complex) which are required for C99
compliance and were missing from FreeBSD. Also required for
some numerical codes using complex numbered Hamiltonians.

Thanks to jhb for tracking down the issue with making
weak_reference compile on powerpc.

When asked to review, bde said "I don't like it" - but
provided no actionable feedback or superior implementations.

Discussed with: jhb
Submitted by: jmd
Differential Revision: https://reviews.freebsd.org/D15919
2018-07-15 00:23:10 +00:00
sbruno
d142ab3470 There was quite a bit of feedback on r336282 that has led to the
submitter to want to revert it.
2018-07-14 23:53:51 +00:00
kp
9d328e8313 pf tests: Basic synproxy test
A very basic syncproxy test: set up a connection via a synproxy rule.
This triggeres the panic fixed in r336273.
2018-07-14 21:32:32 +00:00
alc
646c9e0d6a Invalidate the mapping before updating its physical address.
Doing so ensures that all threads sharing the pmap have a consistent
view of the mapping.  This fixes the problem described in the commit
log message for r329254 without the overhead of an extra page fault
in the common case.  (Now that all pmap_enter() implementations are
similarly modified, the workaround added in r329254 can be removed,
reducing the overhead of COW faults.)

With this change we can reuse the PV entry from the old mapping,
potentially avoiding a call to reclaim_pv_chunk().  Otherwise, there is
nothing preventing the old PV entry from being reclaimed.  In rare
cases this could result in the PTE's page table page being freed,
leading to a use-after-free of the page when the updated PTE is written
following the allocation of the PV entry for the new mapping.

Reviewed by:	br, markj
MFC after:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D16261
2018-07-14 20:14:00 +00:00
tuexen
27af8ac16d Return the intended return code.
This bug was spotted by markj@ in D16268 because I copied this code part
and used it there. So fix it.

Sponsored by:		Netflix, Inc.
2018-07-14 19:53:41 +00:00
rmacklem
c3761388da Fix the pNFS client when mirrors aren't on the same machine.
Without this patch, the client side NFSv4.1 pNFS code erroneously did writes
and commits to both DS mirrors using the TCP connection of the first one.
For my test setup this worked, since I have both DSs running on the same
machine, but it would have failed when the DSs are on separate machines.
This patch fixes the code to use the correct TCP connection for each DS.
This patch should only affect the NFSv4.1 client when using "pnfs" mounts
to mirrored DSs.

MFC after:	2 weeks
2018-07-14 19:51:44 +00:00
tuexen
57c267a917 Fix shebangs and execute bit of test scripts.
Since we don't have /usr/bin/ksh, use a generic way of specifying
ksh. Some of the tests only run with ksh93, so use this shell
for these tests. Two of the tests don't have the execute bit set,
so fix this, too.

Reviewed by:		markj@
Sponsored by:		Netflix, Inc.
Differential Revision:	https://reviews.freebsd.org/D16270
2018-07-14 19:49:14 +00:00
alc
c0242a15de Correct some typos.
Reviewed by:	kib
2018-07-14 19:35:41 +00:00
stevek
789878934e Add mpo_vnode_check_setmode MAC method to MAC/veriexec.
In the method, disallow changing SUID/SGID on verified files.

Obtained from:	Juniper Networks, Inc.
2018-07-14 17:21:16 +00:00
alc
dd64d030ae Add support for pmap_enter(..., psind=1) to the i386 pmap. In other words,
add support for explicitly requesting that pmap_enter() create a 2 or 4 MB
page mapping.  (Essentially, this feature allows the machine-independent
layer to create superpage mappings preemptively, and not wait for automatic
promotion to occur.)

Export pmap_ps_enabled() to the machine-independent layer.

Add a flag to pmap_pv_insert_pde() that specifies whether it should fail or
reclaim a PV entry when one is not available.

Refactor pmap_enter_pde() into two functions, one by the same name, that is
a general-purpose function for creating PDE PG_PS mappings, and another,
pmap_enter_4mpage(), that is used to prefault 2 or 4 MB read- and/or
execute-only mappings for execve(2), mmap(2), and shmat(2).

Reviewed by:	kib
Tested by:	pho
Differential Revision:	https://reviews.freebsd.org/D16246
2018-07-14 17:20:27 +00:00
stevek
2862ac0058 Add config(8) options that can be used to enable building MAC/veriexec
and its fingerprint modules into a kernel.

Reviewed by:	sjg
2018-07-14 17:18:17 +00:00
stevek
e520cd3b60 Fix a typo which could cause a build breakage when building with MAC/veriexec
enabled in the kernel config.

Remove unused mac_veriexec_print_db prototype in internal header file.
2018-07-14 17:15:28 +00:00
tuexen
f1fcca256b Add support for TCP state names used by Solaris.
For compatibility, add the TCP state names used by Solaris
and given in the Dtrace Guide available at
https://docs.oracle.com/cd/E37838_01/html/E61035/glhgu.html#OSDTGglhmv

Reviewed by:		markj@
Sponsored by:		Netflix, Inc.
Differential Revision:	https://reviews.freebsd.org/D16269
2018-07-14 17:12:04 +00:00
stevek
3425d2cb80 Remove RIPEMD-160 fingerprint modules for veriexec, since it has very
little practical use and would not be recommended for anyone to use in
a production environment.

Reviewed by:	sjg
2018-07-14 16:59:17 +00:00
ian
c4fc8612bf Eliminate an unused var warning-error; the var is used only when parsing
linux-style boot args, so wrap it in the appropriate ifdef.
2018-07-14 16:33:11 +00:00
sbruno
388f09b02b Fixup memory management for fetching options in ip_ctloutput()
Submitted by:	Jason Eggleston <jason@eggnet.com>
Sponsored by:	Limelight Networks
Differential Revision:	https://reviews.freebsd.org/D14621
2018-07-14 16:19:46 +00:00
markj
98d05150ce Fix vnic fallback PHY name matching after r334880.
In some cases it seems that the PHY mode can only be identified by
matching against the corresponding device node name in the FDT.  r334880
broke this for the case where the node name contains a unit address.
Fix the problem by allowing a match in that case.

Reviewed by:	andrew, sbruno
Tested by:	sbruno
Differential Revision:	https://reviews.freebsd.org/D16259
2018-07-14 16:06:53 +00:00
cem
289d156e0e ffs_syncvnode: Remove unhelpful print
It can occur during ordinary use of softupdates, or perhaps if writes to the
underlying media fail (causing bufs to be redirtied).  Either way, it is not
particularly actionable.

Reviewed by:	imp, kib
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D16258
2018-07-14 15:45:11 +00:00
kp
675ab98f50 pf: Fix synproxy
Synproxy was accidentally broken by r335569. The 'return (action)' must be
executed for every non-PF_PASS result, but the error packet (TCP RST or ICMP
error) should only be sent if the packet was dropped (i.e. PF_DROP) and the
return flag is set.

PR:		229477
Submitted by:	Andre Albsmeier <mail AT fbsd.e4m.org>
MFC after:	1 week
2018-07-14 10:14:59 +00:00
tsoome
c295ed4d32 regex/engine.c: error: variable 'dp' set but not used
The issue found with gcc6 build (originally on illumos, confirmed on FreeBSD).
Mark it __unused.

Differential Revision:	https://reviews.freebsd.org/D13109
2018-07-14 09:29:45 +00:00
kp
1ad2d2a70b pf: Fix panic on vnet jail shutdown with synproxy
When shutting down a vnet jail pf_shutdown() clears the remaining states, which
through pf_clear_states() calls pf_unlink_state().
For synproxy states pf_unlink_state() will send a TCP RST, which eventually
tries to schedule the pf swi in pf_send(). This means we can't remove the
software interrupt until after pf_shutdown().

MFC after:	1 week
2018-07-14 09:11:32 +00:00
imp
80cf7d38ec Minor adjustments:
o Fix the parsing of the device path. a last minute change terminated
  it too soon.
o Kill setting LINES. We don't need to do it, and even if we did hard
  coding it to 24 is wrong.
o Now that the console is working again for the loader, adjust the
  printfs to be more in line with other platforms.
2018-07-14 06:43:37 +00:00
imp
bea4f8a21f Add reporting of whether or not a keyboard is detected. In addition,
note that r336270's commit message was slightly incorrect. It changed
the default setting of the console to honor the ConOut
variable. Overrides via the command line are still possible, and we
use the devices in ConOut to set the proper console. If, for example,
serial cosnole is specified, we'll set console to "efi" if ConOut has
a serial port list and to either "efi comconsole" or "comconsole efi"
if not depending on whether -D or -D -h was specified.

RelNotes: Yes
Sponsored by: Netflix
2018-07-14 01:46:19 +00:00
imp
4d4256a142 uefi stand: Guess the console better
For server machines, ComOut is set to the set of devices that the efi
console suppots. Parse it to see if we have serial, video or both.
Make that take precidence over the command line args. boot1.efi parses
them, but loader.efi doesn't. It's not clear where to read boot.conf
from, so we don't do that. The command line args can still be set via
efibootmgr, which is more inline with the UEFI boot manager to replace
that. These args are typically used only to set serial vs video and
the com speed line. We can infer that from ComOut, so do so.
Remember the com speed and hw.uart.console to match.

RelNotes: yes
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D15917
2018-07-14 00:40:38 +00:00
cem
231f25ce8f OCF: Add a typedef for session identifiers
No functional change.

This should ease the transition from an integer session identifier model to
an opaque pointer model.
2018-07-13 23:46:07 +00:00
cem
f434f7df79 Re-unbreak smartpqi(4) GCC build
Like r333085, remove redundant declarations.

Redundant declarations were re-introduced in r336201.

Sponsored by:	Dell EMC Isilon
2018-07-13 22:49:48 +00:00
mjg
5044679262 lockmgr: tidy up slock/sunlock similar to other locks 2018-07-13 22:40:14 +00:00
imp
c69f62daf0 Define ADR subtype of ACPI type for a device path. 2018-07-13 21:03:32 +00:00
markj
009df8cd4a Use the existing MSR_BIOS_SIGN on AMD.
Reported by:	kib
Sponsored by:	The FreeBSD Foundation
2018-07-13 20:56:20 +00:00
imp
98bb0af37d Fix machdep_boot.c
A last minute change made this no longer compile. Pass the right arg
and eliminate now-unused variables from the code.
2018-07-13 20:33:10 +00:00
imp
9d7b35e190 Catch up to the inflate renaming. 2018-07-13 20:08:18 +00:00
rmacklem
92dfbcf0da Close down the TCP connection to a pNFS DS when it is disabled.
So long as the TCP connection to a pNFS DS isn't shared with other DSs,
it can be closed down when the DS is being disabled in the pNFS client.
This causes any RPCs in progress to fail.
This patch only affects the NFSv4.1 pNFS client when errors occur
while doing I/O on a DS.

MFC after:	2 weeks
2018-07-13 20:03:05 +00:00
mw
3d41e80ced Enable UART support for Xilinx Ultrascale+ SoCs
Xilinx Ultrascale+ are based on Cortex-A53 and use existing
UART driver (uart_dev_cdnc). Enable it in arm64 GENERIC config.

Submitted by: Michal Stanek <mst@semihalf.com>
Obtained from: Semihalf
2018-07-13 19:54:22 +00:00
markj
daf643cd69 Use the name added in r336257.
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2018-07-13 19:45:12 +00:00
markj
5151c3f37c Define the MSR used to fetch the current microcode patch level on AMD.
It is defined in the AMD family 17h register reference.

MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2018-07-13 19:42:59 +00:00
ian
8d5eb370ef Fix glitched indentation (and rewrap as needed due to deeper indent).
No functional changes.

Reported by:	rpokala@
2018-07-13 18:58:37 +00:00
imp
7218f22343 g_eli_key_cmp is used only in the kernel, so only define it in the
kernel.
2018-07-13 18:21:38 +00:00
imp
09452ba33e Use if rather than case for a simple boolean. gcc thinks blks is
undefined sometimes with the case, but enc is always 0 or 1, so
and if / else is better anyway.
2018-07-13 18:19:33 +00:00
imp
d0e6335faf Add missing include of sys/boot.h 2018-07-13 18:00:13 +00:00
ian
ee0f4764cc Extend loader(8) geli support to all architectures and all disk-like devices.
This moves the bulk of the geli support from lib386/biosdisk.c into a new
geli/gelidev.c which implements a devsw-type device whose dv_strategy()
function handles geli decryption. Support for all arches comes from moving
the taste-and-attach code to the devopen() function in libsa.

After opening any DEVT_DISK device, devopen() calls the new function
geli_probe_and_attach(), which will "attach" the geli code to the open_file
struct by creating a geli_devdesc instance to replace the disk_devdesc
instance in the open_file. That routes all IO for the device through the
geli code.

A new public geli_add_key() function is added, to allow arch/vendor-specific
code to add keys obtained from custom hardware or other sources.

With these changes, geli support will be compiled into all variations of
loader(8) on all arches because the default is WITH_LOADER_GELI.

Relnotes:	yes
Sponsored by:	Microchip Technology Inc
Differential Revision:	https://reviews.freebsd.org/D15743
2018-07-13 17:50:25 +00:00
markj
3ae8c27964 Use C99 initializers for instances of struct apic_enumerator.
MFC after:	3 days
2018-07-13 17:42:48 +00:00