Commit Graph

202372 Commits

Author SHA1 Message Date
Konstantin Belousov
48cae112b5 Use private cache line for the locked nop in *mb() on i386.
Suggested by:	alc
Reviewed by:	alc, bde
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2015-07-30 00:13:20 +00:00
Konstantin Belousov
dd5b64258f MFamd64 r285934: Remove store/load (= full) barrier from the i386
atomic_load_acq_*().

Noted by:	alc (long time ago)
Reviewed by:	alc, bde
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2015-07-29 23:59:17 +00:00
John-Mark Gurney
e381fd293d const'ify an arg that we don't update... 2015-07-29 23:37:15 +00:00
Baptiste Daroussin
796ba6fcc2 Cleanup includes 2015-07-29 23:26:14 +00:00
Rick Macklem
25f37276e5 This patch fixes a problem where, if the NFSv4 server has a previous
unconfirmed clientid structure for the same client on the last hash list,
this old entry would not be removed/deleted. I do not think this bug would have
caused serious problems, since the new entry would have been before the old one
on the list. This old entry would have eventually been scavenged/removed.
Detected while reading the code looking for another bug.

MFC after:	3 days
2015-07-29 23:06:30 +00:00
Baptiste Daroussin
c308ef6fd2 Actually set the proper license
Reported by:	trasz
2015-07-29 22:51:54 +00:00
Ed Maste
b43cca137b MK_ELFCOPY_AS_OBJCOPY should be a variable
PR:		201978
Submitted by:	O. Hartmann
Differential Revision:	https://reviews.freebsd.org/D2887
2015-07-29 21:41:15 +00:00
Jim Harris
0e1fd2dda3 nvme: do not notify a consumer about failures that occur during initialization
MFC after:	3 days
Sponsored by:	Intel
2015-07-29 21:29:50 +00:00
Warner Losh
9c80b8aa0f Clarify historical practice of not removing old entries. Add entry for
stable/10 branch that was forgotten when it was created. Update end
date to be correct.
2015-07-29 21:15:50 +00:00
Sean Bruno
e0fe6b4835 Add support for BCM5466 PHY
Differential Revision:	D3232
Submitted by:	kevin.bowling@kev009.com
2015-07-29 20:50:48 +00:00
Sean Bruno
79855a57e2 Remove dead functions pmap_pvdump and pads.
Differential Revision:	D3206
Submitted by:	kevin.bowling@kev009.com
Reviewed by:	alc
2015-07-29 20:47:27 +00:00
Ermal Luçi
3c40232395 Avoid double reference decrement when firewalls force relooping of packets
When firewalls force a reloop of packets and the caller supplied a route the reference to the route might be reduced twice creating issues.
This is especially the scenario when a packet is looped because of operation in the firewall but the new route lookup gives a down route.

Differential Revision:	https://reviews.freebsd.org/D3037
Reviewed by:	gnn
Approved by:	gnn(mentor)
2015-07-29 20:10:36 +00:00
Ed Maste
c67acb7508 Remove mention of non-existent gconv tool
I believe this is a typo of gcov, but gcov is not controlled by
WITHOUT_BINUTILS anyhow.

Sponsored by:	The FreeBSD Foundation
2015-07-29 20:02:20 +00:00
Ed Maste
6974dd6f4b Use default CLANG build options for ARM
We previously disabled CLANG_FULL on (little-endian) ARM because the
build failed.  This is no longer the case and as of Clang 3.5 we cannot
build any part of the in-tree Clang with in-tree GCC, so it's no longer
necessary to disable CLANG_FULL.

Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D2525
2015-07-29 19:06:53 +00:00
Ed Maste
5be09b1082 Regenerate src.conf(5) after r286016 and r286030 2015-07-29 18:55:51 +00:00
Ed Maste
5ea9e83e2f Allow ELF Tool Chain elfcopy to be installed as objcopy
ELF Tool Chain elfcopy is nearly a drop-in replacement for GNU objcopy,
but does not currently support PE output which is needed for building
x86 UEFI bits.

Add a src.conf knob to allow installing it as objcopy and set it by
default for aarch64 only, where we don't have a native binutils.

Reviewed by:	bapt
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D2887
2015-07-29 18:45:38 +00:00
Ed Maste
2d83b16bd4 Update OLD_FILES for tools provided by ELF Tool Chain or Binutils
Sponsored by:	The FreeBSD Foundation
2015-07-29 18:33:11 +00:00
Ermal Luçi
d9f2a78249 ip_output normalization and fixes
ip_output has a big chunk of code used to handle special cases with pfil consumers which also forces a reloop on it.
Gather all this code together to make it readable and properly handle the reloop cases.

Some of the issues identified:

M_IP_NEXTHOP is not handled properly in existing code.
route reference leaking is possible with in FIB number change
route flags checking is not consistent in the function

Differential Revision:	https://reviews.freebsd.org/D3022
Reviewed by:	gnn
Approved by:	gnn(mentor)
MFC after:	4 weeks
2015-07-29 18:04:01 +00:00
Patrick Kelsey
4741bfcb57 Revert r265338, r271089 and r271123 as those changes do not handle
non-inline urgent data and introduce an mbuf exhaustion attack vector
similar to FreeBSD-SA-15:15.tcp, but not requiring VNETs.

Address the issue described in FreeBSD-SA-15:15.tcp.

Reviewed by:	glebius
Approved by:	so
Approved by:	jmallett (mentor)
Security:	FreeBSD-SA-15:15.tcp
Sponsored by:	Norse Corp, Inc.
2015-07-29 17:59:13 +00:00
Ed Maste
a80ac30b2d ar: Fix deterministic mode default with options other than -q or -r
Reported by:	jhibbits
Reviewed by:	jhibbits
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D3237
2015-07-29 17:34:26 +00:00
Ed Schouten
8328babdd0 Make pipes in CloudABI work.
Summary:
Pipes in CloudABI are unidirectional. The reason for this is that
CloudABI attempts to provide a uniform runtime environment across
different flavours of UNIX.

Instead of implementing a custom pipe that is unidirectional, we can
simply reuse Capsicum permission bits to support this. This is nice,
because CloudABI already attempts to restrict permission bits to
correspond with the operations that apply to a certain file descriptor.

Replace kern_pipe() and kern_pipe2() by a single kern_pipe() that takes
a pair of filecaps. These filecaps are passed to the newly introduced
falloc_caps() function that creates the descriptors with rights in
place.

Test Plan:
CloudABI pipes seem to be created with proper rights in place:

https://github.com/NuxiNL/cloudlibc/blob/master/src/libc/unistd/pipe_test.c#L44

Reviewers: jilles, mjg

Reviewed By: mjg

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D3236
2015-07-29 17:18:27 +00:00
Ed Schouten
e555b4309c Introduce falloc_caps() to create descriptors with capabilties in place.
falloc_noinstall() followed by finstall() allows you to create and
install file descriptors with custom capabilities. Add falloc_caps()
that can do both of these actions in one go.

This will be used by CloudABI to create pipes with custom capabilities.

Reviewed by:	mjg
2015-07-29 17:16:53 +00:00
Christian Brueffer
8843746ab4 Remove the AUTHORS section until it's clear who exactly wrote the driver. 2015-07-29 16:37:36 +00:00
Ed Maste
8cdcc73cfa Include c++filt and readelf in WITHOUT_ELFTOOLCHAIN_TOOLS 2015-07-29 15:42:22 +00:00
Sean Bruno
1f6aae90ad Make Broadcom XLR use shared ds1374 RTC driver.
Remove its identical and redundant ds1374u version.

Differential Revision:	D3225
Submitted by:	kevin.bowling@kev009.com
2015-07-29 15:32:59 +00:00
Andrey V. Elsukov
10a0e0bf0a Eliminate the use of m_copydata() in gif_encapcheck().
ip_encap already has inspected mbuf's data, at least an IP header.
And it is safe to use mtod() and do direct access to needed fields.
Add M_ASSERTPKTHDR() to gif_encapcheck(), since the code expects that
mbuf has a packet header.
Move the code from gif_validate[46] into in[6]_gif_encapcheck(), also
remove "martian filters" checks. According to RFC 4213 it is enough to
verify that the source address is the address of the encapsulator, as
configured on the decapsulator.

Reviewed by:	melifaro
Obtained from:	Yandex LLC
Sponsored by:	Yandex LLC
2015-07-29 14:07:43 +00:00
Sergey Kandaurov
4446a47a6f Fixed shutdown(2) unix(4) tests for SOCK_SEQPACKET after r285910 (by ed). 2015-07-29 13:49:34 +00:00
Ed Maste
fc964cbf4e ar: enable deterministic mode by default
Ar cannot handle UIDs with more than 6 digits, and storing the mtime,
uid, gid and mode provides little to negative value anyhow for ar's
uses. Turn on deterministic (-D) mode by default; it can be disabled by
the user with -U.

PR:		196929
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D3190
2015-07-29 13:36:17 +00:00
Ed Schouten
9d2332c9ee Split up Capsicum to CloudABI rights conversion into two separate routines.
CloudABI's openat() ensures that files are opened with the smallest set
of relevant rights. For example, when opening a FIFO, unrelated rights
like CAP_RECV are automatically removed. To remove unrelated rights, we
can just reuse the code for this that was already present in the rights
conversion function.
2015-07-29 12:42:45 +00:00
Zbigniew Bodek
cf89e8c919 Add quirk for ThunderX ITS device table size
Limit the number of supported device IDs to 0x100000
in order to decrease the size of the ITS device table so
that it matches with the HW capabilities.

Obtained from: Semihalf
Sponsored by:  The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D3131
2015-07-29 11:22:19 +00:00
Andrey V. Elsukov
b13653baf9 Reduce overhead of ipfw's me6 opcode.
Skip checks for IPv6 multicast addresses.
Use in6_localip() for global unicast.
And for IPv6 link-local addresses do search in the IPv6 addresses list.
Since LLA are stored in the kernel internal form, use
IN6_ARE_MASKED_ADDR_EQUAL() macro with lla_mask for addresses comparison.
lla_mask has zero bits in the second word, where we keep sin6_scope_id.

Obtained from:	Yandex LLC
Sponsored by:	Yandex LLC
2015-07-29 10:53:42 +00:00
Konstantin Belousov
6cebf7e2be Move bufshutdown() out of the #ifdef INVARIANTS block. 2015-07-29 09:57:34 +00:00
Andrey V. Elsukov
cc0a3c8ca4 Convert in_ifaddr_lock and in6_ifaddr_lock to rmlock.
Both are used to protect access to IP addresses lists and they can be
acquired for reading several times per packet. To reduce lock contention
it is better to use rmlock here.

Reviewed by:	gnn (previous version)
Obtained from:	Yandex LLC
Sponsored by:	Yandex LLC
Differential Revision:	https://reviews.freebsd.org/D3149
2015-07-29 08:12:05 +00:00
John-Mark Gurney
a09a7146a7 RFC4868 section 2.3 requires that the output be half... This fixes
problems that was introduced in r285336...  I have verified that
HMAC-SHA2-256 both ah only and w/ AES-CBC interoperate w/ a NetBSD
6.1.5 vm...

Reviewed by:	gnn
2015-07-29 07:15:16 +00:00
Kristof Provost
48c29b118e pf: Always initialise pf_fragment.fr_flags
When we allocate the struct pf_fragment in pf_fillup_fragment() we forgot to
initialise the fr_flags field. As a result we sometimes mistakenly thought the
fragment to not be a buffered fragment. This resulted in panics because we'd end
up freeing the pf_fragment but not removing it from V_pf_fragqueue (believing it
to be part of V_pf_cachequeue).
The next time we iterated V_pf_fragqueue we'd use a freed object and panic.

While here also fix a pf_fragment use after free in pf_normalize_ip().
pf_reassemble() frees the pf_fragment, so we can't use it any more.

PR:		201879, 201932
MFC after:	5 days
2015-07-29 06:35:36 +00:00
Ed Schouten
3720b82fa8 Implement CloudABI's readdir().
Summary:
CloudABI's readdir() system call could be thought of as a mixture
between FreeBSD's getdents(2) and pread(). Instead of using the file
descriptor offset, userspace provides a 64-bit cloudabi_dircookie_t
continue reading at a given point. CLOUDABI_DIRCOOKIE_START, having
value 0, can be used to return entries at the start of the directory.

The file descriptor offset is not used to store the cookie for the
reason that in a file descriptor centric environment, it would make
sense to allow concurrent use of a single file descriptor.

The remaining space returned by the system call should be filled with a
partially truncated copy of the next entry. The advantage of doing this
is that it gracefully deals with long filenames. If the C library
provides a buffer that is too small to hold a single entry, it can still
extract the directory entry header, meaning that it can retry the read
with a larger buffer or skip it using the cookie.

Test Plan:
This implementation passes the cloudlibc unit tests at:

	https://github.com/NuxiNL/cloudlibc/tree/master/src/libc/dirent

Reviewers: marcel, kib

Reviewed By: kib

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D3226
2015-07-29 06:31:44 +00:00
Baptiste Daroussin
22665b2563 Actually add the new code 2015-07-29 06:23:06 +00:00
Baptiste Daroussin
8411215a80 Create a strtounum function using the same API as strtonum
This function returns uintmax_t
Use this function to convert to gid_t/uid_t
2015-07-29 06:22:41 +00:00
Jeff Roberson
7d07bfd8a3 - Remove some dead code copied from ffs. 2015-07-29 03:06:08 +00:00
Warner Losh
aa255ef6dd Teach sysctl about the new optional suffix after IK to specify
precision. Update input as well. Add IK to the manual (it was missing
completely).

Differential Revision: https://reviews.freebsd.org/D3181
2015-07-29 02:34:25 +00:00
Jeff Roberson
98082691bb - Make 'struct buf *buf' private to vfs_bio.c. Having a global variable
'buf' is inconvenient and has lead me to some irritating to discover
   bugs over the years.  It also makes it more challenging to refactor
   the buf allocation system.
 - Move swbuf and declare it as an extern in vfs_bio.c.  This is still
   not perfect but better than it was before.
 - Eliminate the unused ffs function that relied on knowledge of the buf
   array.
 - Move the shutdown code that iterates over the buf array into vfs_bio.c.

Reviewed by:	kib
Sponsored by:	EMC / Isilon Storage Division
2015-07-29 02:26:57 +00:00
Marcelo Araujo
006a388bb6 Compilers will complain the usage of obsolescent variable declarations.
Also it will fix the build problem with sparc64.

Submitted by:	ed@
2015-07-29 02:21:35 +00:00
Bryan Drewery
b7551bceeb unlink(2): Note the possibility for ENOSPC to be returned on ZFS.
PR:		154930
2015-07-28 22:48:58 +00:00
Baptiste Daroussin
bbdee3ebde Reject usermod and userdel if the user concerned is not on the user database
supposed to be manipulated

This prevent pw usermod creating a new local user when requesting to usermod on
a username is defined in LDAP.

This issue only happens when modifying the local user database (not inpacting
commands when -V or -R are used).

PR:		187653
Submitted by:	tmwalaszek@gmail.com
2015-07-28 21:49:38 +00:00
Jean-Sébastien Pédron
133362912c drm/i915: Sort functions in i915_gem.c to match Linux 3.8's ordering
While here, reduce the style diff with Linux.

There is no functional change. The goal is to ease the future update to
Linux 3.8's i915 driver.

MFC after:	2 months
2015-07-28 21:47:37 +00:00
Bryan Drewery
b99a71b1da Fix rescue build after r284356 with STRIP= by using proper STRIPBIN per build(7).
This was causing the following error:

  rescue
  sh: rescue: not found
  *** [rescue] Error code 127

  make[1]: stopped in /usr/obj/usr/src/rescue/rescue

Sponsored by:	EMC / Isilon Storage Division
2015-07-28 21:39:58 +00:00
Baptiste Daroussin
90a4edb584 Check uid/gid used when creating a user/group are not larger than UID_MAX/GID_MAX
PR:		173977
Reported by:	nvass@gmx.com
2015-07-28 21:10:58 +00:00
Baptiste Daroussin
81e2ba845c Fix wrong warning printed after changing or updating NIS users
PR:		37672
Submitted by:	chris+freebsd@chrullrich.de
2015-07-28 20:52:10 +00:00
Jeff Roberson
38750ada8f - Eliminate the EMPTYKVA queue. It served as a cache of KVA allocations
attached to bufs to avoid the overhead of the vm.  This purposes is now
   better served by vmem.  Freeing the kva immediately when a buf is
   destroyed leads to lower fragmentation and a much simpler scan algorithm.

Reviewed by:	kib
Sponsored by:	EMC / Isilon Storage Division
2015-07-28 20:24:09 +00:00
Xin LI
3a0b9b7735 Fix multiple OpenSSH vulnerabilities.
Security:	CVE-2014-2653
Security:	CVE-2015-5600
Security:	FreeBSD-SA-15:16.openssh
2015-07-28 19:58:38 +00:00