Commit Graph

8496 Commits

Author SHA1 Message Date
cem
91cb66d427 Correct sense of crypt(3) NULL checks in init(8) and lock(1)
In r231994, an attempt was made to fix crypt(3) failure returns (NULL).
However, instead of treating crypt(3) failure as authentication failure,
some of the changes treated crypt(3) failure as authentication success.
This is wrong.

r324225 fixed this for ppp, which also inspired this review.  The other
changes in the 231994 revision were audited for correctness and look ok.

Reviewed by:	jhb
Security:	yes
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D12571
2017-10-03 00:53:11 +00:00
tuexen
3e60409b2a Whitespace changes: Remove leading spaces followed by a tab. 2017-10-02 20:02:25 +00:00
tuexen
b3b79fd3fd Fix a bug which avoided that rules for matching port numbers for SCTP
packets where actually matched.
While there, make clean in the man-page that SCTP port numbers are
supported in rules.

MFC after:	1 month
2017-10-02 18:25:30 +00:00
andreast
7716b04cd0 Initialize mdsize to make gcc happy again. This fixes buildworld on powerpc.
Reviewed by:	ian@
2017-09-30 17:51:10 +00:00
ian
4a4f9b093d Enhance mdmfs(8) to work with tmpfs(5).
Existing scripts and associated config such as rc.initdiskless, rc.d/var,
and others, use mdmfs to create memory filesystems. That program accepts a
size argument which allows SI suffixes and treats an unsuffixed number as a
count of 512 byte sectors. That makes it difficult to convert existing
scripts to use tmpfs instead of mdmfs, because tmpfs treats unsuffixed
numbers as a count of bytes. The script logic to deal with existing user
config that might include suffixed and unsuffixed numbers is... unpleasant.

Also, there is no g'tee that tmpfs will be available. It is sometimes
configured out of small-resource embedded systems to save memory and flash
storage space.

These changes enhance mdmfs(8) so that it accepts two new values for the
'md-device' arg: 'tmpfs' and 'auto'. With tmpfs, the program always uses
tmpfs(5) (and fails if it's not available). With 'auto' the program prefers
tmpfs, but falls back to using md(4) if tmpfs isn't available. It also
handles the -s <size> argument so that the mdconfig interpetation of
unsuffixed numbers applies when tmpfs is used as well, so that existing user
config keeps working after a switch to tmpfs.

A new rc setting, mfs_type, is added to etc/defaults/rc.conf to let users
force the use of tmpfs or md; the default value is "auto".

Differential Revision:	https://reviews.freebsd.org/D12301
2017-09-29 22:13:26 +00:00
mckusick
4c3c44cdd8 Continuing efforts to provide hardening of FFS, this change adds a
check hash to cylinder groups. If a check hash fails when a cylinder
group is read, no further allocations are attempted in that cylinder
group until it has been fixed by fsck. This avoids a class of
filesystem panics related to corrupted cylinder group maps. The
hash is done using crc32c.

Check hases are added only to UFS2 and not to UFS1 as UFS1 is primarily
used in embedded systems with small memories and low-powered processors
which need as light-weight a filesystem as possible.

Specifics of the changes:

sys/sys/buf.h:
    Add BX_FSPRIV to reserve a set of eight b_xflags that may be used
    by individual filesystems for their own purpose. Their specific
    definitions are found in the header files for each filesystem
    that uses them. Also add fields to struct buf as noted below.

sys/kern/vfs_bio.c:
    It is only necessary to compute a check hash for a cylinder
    group when it is actually read from disk. When calling bread,
    you do not know whether the buffer was found in the cache or
    read. So a new flag (GB_CKHASH) and a pointer to a function to
    perform the hash has been added to breadn_flags to say that the
    function should be called to calculate a hash if the data has
    been read. The check hash is placed in b_ckhash and the B_CKHASH
    flag is set to indicate that a read was done and a check hash
    calculated. Though a rather elaborate mechanism, it should
    also work for check hashing other metadata in the future. A
    kernel internal API change was to change breada into a static
    fucntion and add flags and a function pointer to a check-hash
    function.

sys/ufs/ffs/fs.h:
    Add flags for types of check hashes; stored in a new word in the
    superblock. Define corresponding BX_ flags for the different types
    of check hashes. Add a check hash word in the cylinder group.

sys/ufs/ffs/ffs_alloc.c:
    In ffs_getcg do the dance with breadn_flags to get a check hash and
    if one is provided, check it.

sys/ufs/ffs/ffs_vfsops.c:
    Copy across the BX_FFSTYPES flags in background writes.
    Update the check hash when writing out buffers that need them.

sys/ufs/ffs/ffs_snapshot.c:
    Recompute check hash when updating snapshot cylinder groups.

sys/libkern/crc32.c:
lib/libufs/Makefile:
lib/libufs/libufs.h:
lib/libufs/cgroup.c:
    Include libkern/crc32.c in libufs and use it to compute check
    hashes when updating cylinder groups.

Four utilities are affected:

sbin/newfs/mkfs.c:
    Add the check hashes when building the cylinder groups.

sbin/fsck_ffs/fsck.h:
sbin/fsck_ffs/fsutil.c:
    Verify and update check hashes when checking and writing cylinder groups.

sbin/fsck_ffs/pass5.c:
    Offer to add check hashes to existing filesystems.
    Precompute check hashes when rebuilding cylinder group
    (although this will be done when it is written in fsutil.c
    it is necessary to do it early before comparing with the old
    cylinder group)

sbin/dumpfs/dumpfs.c
    Print out the new check hash flag(s)

sbin/fsdb/Makefile:
    Needs to add libufs now used by pass5.c imported from fsck_ffs.

Reviewed by: kib
Tested by: Peter Holm (pho)
2017-09-22 12:45:15 +00:00
jhb
ebd5dd0a34 Use UFS_LINK_MAX instead of LINK_MAX.
Submitted by:	bde
Sponsored by:	Chelsio Communications
2017-09-21 22:33:59 +00:00
oshogbo
37b8624aaf We use a few different ifdef's names to check if we are using Casper or not,
let's standardize this. Now we are always use WITH_CASPER name.

Discussed with:	emaste@
MFC after:	1 month
2017-09-21 14:41:41 +00:00
danfe
942443fe83 Provide an articulate example of how to properly delete partitions and
partitioning scheme.

Users often get confused and frustrated when trying to delete partition
table and getting ``Device busy'' error because they forgot (or did not
ever know that they have) to delete all its partitions first, and while
the manual page mentions this briefly, it does not stress it out enough.

Approved by:		ae, manpages (bjk)
PR (as inspiration):	196102
Differential Revision:	https://reviews.freebsd.org/D12336
2017-09-19 15:08:31 +00:00
oshogbo
def11ea1c5 Fix language used in the r322923.
Pointed out by: wblock@
MFC after:      1 week
X-MFC-with:     r322923
2017-09-17 10:28:45 +00:00
allanjude
4f4085f105 kern.osreldate is an integer, not a string
PR:		217501
Submitted by:	Yavuz Tanriverdi <stemix@gmail.com>
MFC after:	1 week
2017-09-16 16:23:00 +00:00
cem
1d6cd31f53 geom_virstor: Remove wholly unnecessary g_metadata_store copy
Just code cleanup.  No functional change.

Sponsored by:	Dell EMC Isilon
2017-09-08 15:38:02 +00:00
cem
7a160c5848 Audit userspace geom code for leaking memory to disk
Any geom class using g_metadata_store, as well as geom_virstor which
duplicated g_metadata_store internally, would dump sectorsize - mdsize bytes
of userspace memory following the metadata block stored. This is most or all
geom classes (gcache, gconcat, geli, gjournal, glabel, gmirror, gmultipath,
graid3, gshsec, gstripe, and geom_virstor).

PR:		222077 (comment #3)
Reported by:	Maxim Khitrov <max AT mxcrypt.com>
Reviewed by:	des
Security:	yes
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D12269
2017-09-08 15:08:17 +00:00
mckusick
85aaecff93 The new fsck recovery information to enable it to find backup
superblocks created in revision 322297 only works on disks
with sector sizes up to 4K. This update allows the recovery
information to be created by newfs and used by fsck on disks
with sector sizes up to 64K. Note that FFS currently limits
filesystem to be mounted from disks with up to 8K sectors.
Expanding this limitation will be the subject of another
commit.

Reported by: Peter Holm
Reviewed with: kib
2017-09-04 20:19:36 +00:00
imp
3027bc612a Print the controller's ID in identify.
Submitted by: Matt Williams
Sponsored by: Netflix
2017-08-28 23:54:08 +00:00
sobomax
950c3938b7 Add ability to label md(4) devices.
This feature comes from the fact that we rely memory-backed md(4)
in our build process heavily. However, if the build goes haywire
the allocated resources (i.e. swap and memory-backed md(4)'s) need
to be purged. It is extremely useful to have ability to attach
arbitrary labels to each of the virtual disks so that they can
be identified and GC'ed if neecessary.

MFC after:	4 weeks
Differential Revision:	https://reviews.freebsd.org/D10457
2017-08-28 15:54:07 +00:00
oshogbo
53bbe84593 Hide length of geli passphrase during boot.
Introduce additional flag to the geli which allows to restore previous
behavior.

Reviewed by:	AllanJude@, cem@ (previous version)
MFC:		1 month
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D11751
2017-08-26 14:07:24 +00:00
kib
250b372b22 Typo, the '-6' option selects inet6.
Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
2017-08-15 19:29:10 +00:00
ngie
18951eee49 Add supporting changes for Add limited sandbox capability to "make check"
Non-tests/... changes:
- Add HAS_TESTS= to Makefiles with libraries and programs to enable iteration
  and propagate the appropriate environment down to *.test.mk.

tests/... changes:
- Add appropriate support Makefile.inc's to set HAS_TESTS in a minimal manner,
  since tests/... is a special subdirectory tree compared to the others.

MFC after:	2 months
MFC with:	r322511
Reviewed by:	arch (silence), testing (silence)
Differential Revision:	D12014
2017-08-14 19:21:37 +00:00
mckusick
7898ca2150 Since the switch to GPT disk labels, fsck for UFS/FFS has been
unable to automatically find alternate superblocks. This checkin
places the information needed to find alternate superblocks to the
end of the area reserved for the boot block.

Filesystems created with a newfs of this vintage or later will
create the recovery information. If you have a filesystem created
prior to this change and wish to have a recovery block created for
your filesystem, you can do so by running fsck in forground mode
(i.e., do not use the -p or -y options). As it starts, fsck will
ask ``SAVE DATA TO FIND ALTERNATE SUPERBLOCKS'' to which you should
answer yes.

Discussed with: kib, imp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D11589
2017-08-09 05:17:21 +00:00
garga
d662cb6fb3 Add missing parenthesis on error message
Approved by:	loos
MFC after:	3 days
Sponsored by:	Rubicon Communications, LLC (Netgate)
2017-08-08 22:40:26 +00:00
emaste
3c8566d0ac Remove now-unused badsb declaration, missed in r322200
Sponsored by:	The FreeBSD Foundation
2017-08-08 18:31:40 +00:00
imp
4eba561269 In debug mode, print the differences between the superblock and
alternate superblock when the values disagree and we're going to
reject it.

Differential Revision: https://reviews.freebsd.org/D11589
2017-08-07 21:23:59 +00:00
imp
be77ba54b5 Make it possible to ignore superblock mismatch. This will not fix such
a mismatch, but will allow fsck to continue when the last alternate
superblock gets corrupted somehow.

Also, remove searching for alternate super blocks. It should have been
removed two years ago with r276737 by imp@. Leave minor vestiges in
place in case someone wants to solve the hard problem of knowing where
altnernate superblocks live without access to data formerly stored in
disklabels.

Differential Revision: https://reviews.freebsd.org/D11589
2017-08-07 21:23:54 +00:00
mjoras
770996ff48 Selectively print "hwaddr" from ifconfig(8).
ifconfig(8) printing the hwaddr is only really useful if it differs from
the link layer address.

Reported by:	jhb
Reviewed by:	rpokala
Approved by:	rstone (mentor)
Differential Revision:	https://reviews.freebsd.org/D11777
2017-08-04 21:06:47 +00:00
ngie
d26727d972 Add HAS_TESTS to all Makefiles that are currently using the
`SUBDIR.${MK_TESTS}+= tests` idiom.

This is a follow up to r321912.
2017-08-02 08:50:42 +00:00
ngie
734d081ed1 MFhead@r321912 2017-08-02 08:38:36 +00:00
ngie
d810089ddf Convert traditional ${MK_TESTS} conditional idiom for including test
directories to SUBDIR.${MK_TESTS} idiom

This is being done to pave the way for future work (and homogenity) in
^/projects/make-check-sandbox .

No functional change intended.

MFC after:	1 weeks
2017-08-02 08:35:51 +00:00
gallatin
c10cdb0dac Don't request CTLTYPE_OPAQUE if we can't print them.
The intent is to skip expensive opaque sysctls like tcp_pcblist unless
they are explicitly requested. Sysctl nodes like this don't show up in
sysctl -a, but they do generate output that winds up being dropped,
unless the user specifically requested  binary/hex output or opaques.

This reduces the runtime of sysctl in many circumstances on a loaded
system.  It also reduces the likelihood that simply gathering
diagnostics on a sick machine (stuck lock, etc) via sysctl -a might
push it over the edge into a total lockup.

Reviewed by:	jtl
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D11461
2017-07-31 14:56:35 +00:00
rmacklem
c577abbf59 Add a new "-N" option to umount(8), that does a forced dismount of an NFS mount
point.

The new "-N" option does a forced dismount of an NFS mount point, but avoids
doing any checking of the mounted-on path, so that it will not get hung
when a vnode lock is held by another hung process on the mounted-on vnode.
The most common case of this is a "umount" with the "-f" option.
Other than avoiding checking the mounted-on path, it performs the same
forced dismount as a successful "umount -f" would do.

This commit includes a content change to the man page.

Tested by:	pho
Reviewed by:	kib
MFC after:	2 weeks
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D11735
2017-07-29 20:08:25 +00:00
markj
52de978fec Fix style and wrap lines to 80 columns in savecore.c.
No functional change intended.

MFC after:	3 days
2017-07-24 21:51:41 +00:00
markj
f60764cc69 Revert r320918 and have mkdumpheader() handle version string truncation.
Reported by:	jhb
MFC after:	1 week
2017-07-15 20:53:08 +00:00
kp
34cfc1e7ed pfctl parser tests
Copy the most important test cases from OpenBSD's corresponding
src/regress/sbin/pfctl, those that run pfctl on a test input file and check
correctness of its output. We have also added some new tests using the same
format.

The tests consist of a collection of input files (pf*.in) and
corresponding output files (pf*.ok). We run pfctl -nv on the input
files and check that the output matches the output files. If any
discrepancy is discovered during future development in the source
tree, we know that a regression bug has been introduced into the tree.

Submitted by:	paggas
Sponsored by:	Google, Inc (GSoC 2017)
Differential Revision:	https://reviews.freebsd.org/D11322
2017-07-15 19:22:01 +00:00
markj
ec4ae1e66d Add a newline after the version string.
MFC after:	3 days
2017-07-12 18:29:25 +00:00
markj
52c583799a Add a subroutine for comparing kerneldump identifiers.
MFC after:	2 weeks
2017-07-11 18:24:05 +00:00
ngie
82a0b7c807 Fix whitespace bugs
- Delete trailing whitespace.
- Replace 8 single column spaces with hard tabs.
- Delete lines with consisting purely of blank space.
- Add space between `return` and `(`, per style(9).

Special care was taken to not blindly replace 8 single column spaces
with tabs; doing so could break tools that do strict string comparisons
with camcontrol output.
2017-07-10 05:16:07 +00:00
ngie
12774fe95f Fix -Wuninitialized warning with gcc
Initialize mmc_data_byte to 0, as it could be used uninitialized
later on.

MFC with:	r320846
Reported by:	Jenkins (powerpc jobs)
2017-07-10 04:28:28 +00:00
imp
0e5f9a6dc4 New command 'mmcsdcmd' for camcontrol, to allow interacting with SD cards
Submitted by: Ilya Babulin
2017-07-09 17:02:52 +00:00
trasz
e84d63bc1c Fix "mount -uw /" when the filesystem type doesn't match.
This basically makes "mount -uw /" work when the filesystem
mounted on / is NFS, but the one configured in fstab(5) is UFS,
which can happen when you forget to modify fstab.

Note that the whole special case ("else if (argv[0][0] == '/'")
is probably not needed anyway.  I'll take a look at removing it
altogether; for now this is a minimally intrusive fix.

MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D11323
2017-07-08 11:06:27 +00:00
imp
582dff36a9 Bump date for today's commit. 2017-07-07 16:58:40 +00:00
imp
1bb5b0612b Improve wording for -E and -t flags. -E never writes the entire disk,
so don't imply that. Note that if BIO_DELETE isn't supported, the
operation will fail (as opposed to writing the entire disk with
zeros). Thin storage also benefits from trim. List more accurate
reason why trim helps flash-memory.
2017-07-07 16:54:18 +00:00
delphij
95bda03949 - Use strlcat() instead of strncat().
- Use asprintf() and handle allocation errors.

Reviewed by:	kevlo
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D11486
2017-07-07 02:48:55 +00:00
ngie
cc70d38493 Remove SUBDIR ordering/uniquifying in *bin/Makefile
After the addition of SUBDIR.yes, uniquifying/ordering the SUBDIRs doesn't
make a whole lot of sense, and it's in effect a half measure.

Ordering SUBDIR (after adding SUBDIR.yes to it) in bsd.subdir.mk is a
separate change that warrants more discussion/testing, because while
the SUBDIR_PARALLEL work largely fixed dependency ordering for SUBDIRs,
there might be downstream FreeBSD consumers that rely on the SUBDIR
ordering.

MFC after:	2 months
Reviewed by:	bdrewery
Differential Revision:	D11398
2017-07-06 04:15:30 +00:00
imp
8c4dedc7e2 Fix sign of resid and add a mostly useless cast to cope with signed vs
unsigned check warnings from traditional unix code construsts bogusly
flagged as potentially unsafe.
2017-07-01 02:19:48 +00:00
imp
58365a82c1 Improve wdc error log pulling.
After review by the WDC engineers, improve how we pull down the
so-called 'e6' logs. The 'c6' logs are obsolete and support for them
has been removed because FreeBSD needed to pull them in chunks, which
is incompatible with the 0xc6 opcode implementation. Rather than leave
the code in place that produces bad log pulls, remove it.
2017-06-29 23:15:28 +00:00
imp
7b145758f3 Report some aspects of namespaces and namespace support in identify
command.

Sponsored by: Netflix
Submitted by: Matt Williams (via D11330)
2017-06-27 20:24:44 +00:00
imp
7b2876692b Move 128-bit integer routines to util.c so they can be used by more
than just the log page code.

Sponsored by: Netflix, Inc
Submitted by: Matt Williams (via D11330)
2017-06-27 20:24:25 +00:00
manu
54e47e4fc2 ipfw: Note that bandwidth can take G suffix in the manpage
Reported by:	Jose Luis Duran (github)
2017-06-23 17:31:07 +00:00
manu
72d95f3521 ipfw: dummynet: Add 'G' and 'g' suffix for bandwidth configuration/display
MFC after:	2 weeks
Sponsored by:	Gandi.net
2017-06-23 14:00:28 +00:00
mckusick
1dd3068c74 Allow '_' in labels when specifying -L to newfs.
Reported by: Keve Nagy
Reviewed by: kib
PR: 220163
MFC after: 5 days
2017-06-20 21:26:42 +00:00