Commit Graph

250633 Commits

Author SHA1 Message Date
Alex Richardson
652f26f9c5 Avoid using non-portable dd status=none flag
Copying the approach chosen in r309412. This fixes building the libc tests
on a macOS host since the macOS /bin/dd binary does not support status=none.

As there only seem to be two uses, this commit changes the two Makefiles.
If this becomes more common, we could also add a wrapper bootstrap script
that ignores status= and forwards the remaining args to the real dd.
Another alternative would be to remove the status flag and pipe stderr to
/dev/null, but them we lose error messages.

Reviewed By:	brooks
Differential Revision: https://reviews.freebsd.org/D24785
2020-06-05 08:46:50 +00:00
Hans Petter Selasky
c51613866f Ensure pci_channel_offline() actually queries the PCI register space,
and not only the software cache of that register.  Else
pci_channel_offline() won't detect that the PCI device is gone when
using the LinuxKPI.

MFC after:	1 week
Sponsored by:	Mellanox Technologies
2020-06-05 08:12:08 +00:00
Hans Petter Selasky
eff8154913 USB HID descriptors may push/pop the current state to allow
description of items residing in a so-called union. FreeBSD currently
only supports 4 such pop levels.

If the push level is not restored within the processing of the same
HID item, an invalid memory location may be used for subsequent HID
item processing.

Verify that the push level is always valid when processing HID items.

Reported by:	Andy Nguyen (Google)
MFC after:	3 days
Sponsored by:	Mellanox Technologies
2020-06-05 07:57:16 +00:00
Adrian Chadd
48f25cc3c2 [net80211] print out node A-MSDU state.
Now that the node AMSDU TX/RX flags are correctly set in ieee80211_ht.c,
we can print out the AMSDU state here.
2020-06-05 07:38:46 +00:00
Adrian Chadd
ebb9b25672 [net80211] Add initial A-MSDU in A-MPDU negotation support.
This is hopefully a big no-op unless you're running some extra
patches to flip on A-MSDU options in a driver.

802.11n supports sending A-MSDU in A-MPDU. That lets you do things
like pack small frames into an A-MSDU and stuff /those/ into an A-MPDU.
It allows for much more efficient airtime because you're not
wasting time sending small frames - which is still a problem when
doing A-MPDU as there's still per-frame overhead and minimum A-MPDU
density requirements.

It, however, is optional for 802.11n.  A lot of stuff doesn't advertise
it (but does it, just wait!); and I know that ath10k does it and my
ath(4) driver work supports it.

Now, 802.11ac makes A-MSDU in A-MPDU something that can happen more
frequently, because even though you can send very large A-MPDUs
(like 1 megabyte and larger) you still have the small frame problem.
So, 802.11ac NICs like ath10k and iwm will support A-MSDU in A-MPDU
out of the box if it's enabled - and you can negotiate it.

So, let's lay down the ground work to enable A-MSDU in A-MPDU.
This will allow hardware like iwn(4) and ath(4) which supports
software A-MSDU but hardware A-MPDU to be more efficient.

Drivers that support A-MSDU in A-MPDU will set TX/RX htcap flags.
Note this is separate from the software A-MSDU encap path; /that/
dictates whether net80211 is doing A-MSDU encapsulation or not.
These HTC flags control negotiation, NOT encapsulation.

Once this negotiation and driver bits are done, hardware like
rtwn(4), run(4), and others will be able to use A-MSDU even without
A-MPDU working;  right now FF and A-MSDU aren't even attempted
if you're an 11n node.  It's a small hold-over from the initial
A-MPDU work and I know how to fix it, but to flip it on properly
I need to be able to negotiate or ignore A-MSDU in A-MPDU.

Oh and the fun part - some 11ac APs I've tested will quite happily
decap A-MSDU in A-MPDU even though they don't negotiate it when
doing 802.11n.  So hey, I know it works - I just want to properly
handle things. :-)

Tested:

* AR9380, STA/AP mode
2020-06-05 07:38:10 +00:00
Adrian Chadd
d20ff6e680 [net80211] Migrate short slot time configuration into per-vap and deferred taskqueue updates.
The 11b/11g ERP and slot time update handling are two things which weren't
migrated into the per-VAP state when Sam did the initial VAP work.
That makes sense for a lot of setups where net80211 is driving radio state
and the radio only cares about the shared state.

However, as noted by a now deleted comment, the ERP and slot time updates
aren't EXACTLY correct/accurate - they only take into account the most
RECENTLY created VAP, and the state updates when one creates/destroys
VAPs isn't exactly great.

So:

* track the short slot logic per VAP;
* whenever the slot time configuration changes, just push it into a deferred
  task queue update so drivers don't have to serialise it themselves;
* if a driver registers a per-VAP slot time handler then it'll just get the
  per VAP one;
* .. if a driver registers a global one then the legacy behaviour is maintained -
  a single slot time is calculated and pushed out.

Note that the calculated slot time is better than the existing logic - if ANY
of the VAPs require long slot then it's disabled for all VAPs rather than
whatever the last configured VAP did.

Now, this isn't entirely complete - the rest of ERP tracking around short/long
slot capable station tracking needs to be converted into per-VAP, as well
as the preamble/barker flags.  Luckily those also can be done in a similar
fashion - keep per-VAP counters/flags and unify them before doing the driver
update.  I'll defer that work until later.

All the existing drivers can keep doing what they're doing with the global
slot time flags as that is maintained. One driver (iwi) used the per-VAP
flags instead of the ic flags, so now that driver will work properly.

This unblocks some ath10k porting work as the firmware takes the slot time
configuration per-VAP rather than globally, and some firmware handles
STA+AP and STA+STA (on same/different channels) configurations where
the firmware will switch slot time as appropriate.

Tested:

* AR9380, STA/AP mode
* AR9880 (ath10k), STA mode
2020-06-05 06:21:23 +00:00
Adrian Chadd
7280f37401 [net80211] Add some TODOs around A-MSDU in A-MPDU negotiation.
net80211 currently doesn't negotiate A-MSDU in A-MPDU during ADDBA.
I've added the field in net80211 and this commit:

* Prints out the ADDBA field value during ADDBA;
* Adds some comments around where I need to follow up with some
  negotiation logic.

Right now we don't have a driver flag anywhere which controls
whether A-MSDU in A-MPDU is allowed.  I know it works (I have it
manually turned on at home on a couple test APs, heh!) but
I can't flip it on until we can negotiate it.

Tested:

* AR9380, STA/AP mode, printing out ADDBA requests
2020-06-05 06:07:23 +00:00
Adrian Chadd
60a9489509 [iwn] Set default ampdu parameters.
These are from the linux iwlwifi driver ;the default use smaller
maximum AMPDUs (8k) and a much smaller density (none.)  The latter
could cause stability issues.

Tested:

* Tested on Intel 6300, STA mode.

Differential Revision: https://reviews.freebsd.org/D25113
2020-06-05 04:24:34 +00:00
Adrian Chadd
83fbae0ca6 [net80211] Add field definition for A-MSDU inside A-MPDU.
Now that I have A-MSDU and A-MPDU coexisting together, we need to actually
announce if (a) it's permitted and (b) figure out if we should use it
when transmitting.

This just adds the field; it doesn't yet include it in ADDBA exchanges.
2020-06-05 04:04:47 +00:00
Alexander Motin
abab2155ed Limit AHCI to only one MSI if more is not needed.
My AMD Ryzen system has 4 AHCI controllers, each supporting 16 MSI vectors.
Since two of the controllers have only one SATA port, limit to single MSI
saves system 30 interrupt vectors for free.

It may be possible to also limit number of MSI vectors to 4 and 8 for the
other two controllers, but according to the AHCI specification after that
controllers may revert to only one vector, that would be a bigger loss to
risk.

MFC after:	2 weeks
2020-06-05 02:21:46 +00:00
Kirk McKusick
52488b5148 Further evaluation of the POSIX spec for fdatasync() shows that it
requires that new data on growing files be accessible. Thus, the
the fsyncdata() system call must update the on-disk inode when the
size of the file has changed.

This commit adds another inode update flag, IN_SIZEMOD, that gets
set any time that the file size changes. If either the IN_IBLKDATA
or the IN_SIZEMOD flag is set when fdatasync() is called, the
associated inode is synchronously written to disk. We could have
overloaded the IN_IBLKDATA flag to also track size changes since
the only (current) use case for these flags are for fsyncdata(),
but it does seem useful for possible future uses to separately
track the file size changes and the inode block pointer changes.

Reviewed by: kib
MFC with: -r361785
Differential revision:  https://reviews.freebsd.org/D25072
2020-06-05 01:00:55 +00:00
Adrian Chadd
a6ca7ce3c2 [net80211] Add some more debugging during scanning
I'm trying to chase down more weird "I am not doing an incremental scan
when being asked" issues so these debugging statements help.
Notably, I've added more debugging around reasons why the scan is skipped -
eg because the cache is considered hot.

This should be a no-op unless you care about the debugging output!
2020-06-05 00:16:54 +00:00
Adrian Chadd
998bd62c31 [net80211] Print out a bad PN in both hex and decimal.
I've been using this to visually identify when I'm getting corrupted PNs
from the hardware. :(
2020-06-05 00:14:02 +00:00
Adrian Chadd
0b5aeb89eb [net80211] Send a probe request after IBSS node discovery
This sends a probe request after IBSS node discovery through
beacon frames. This allows things like HT and VHT capabilities
to be "negotiated" in adhoc mode.

It is .. kinda fire and pray - this isn't retried after discovery
so it's quite possible that nodes occasionally don't come up with
HT/VHT rate upgrades. At some point it may be a fun side project
to add support for retrying these probe requests/negotiations
after IBSS node discovery.

Tested:

* tested with multiple ath(4) NICs in 11n mode.

Differential Revision:	https://reviews.freebsd.org/D24979
2020-06-05 00:11:44 +00:00
John Baldwin
00a4311adc Refer to AES-CBC as "aes-cbc" rather than "rijndael-cbc" for IPsec.
At this point, AES is the more common name for Rijndael128.  setkey(8)
will still accept the old name, and old constants remain for
compatiblity.

Reviewed by:	cem, bcr (manpages)
MFC after:	2 weeks
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D24964
2020-06-04 22:58:37 +00:00
John Baldwin
82785a3cc8 Update crypto(7) to list current ciphers.
Add descriptions of AES-CCM, Camellia-CBC, and Chacha20.

Reviewed by:	cem (previous version)
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D24963
2020-06-04 22:16:19 +00:00
Mitchell Horne
7814aaf5a9 Document upgrade procedure in FREEBSD-upgrade
It was pointed out to me that this is the convention for documenting upgrade
instructions, rather than just leaving the instructions in the commit message.
It's possible these commands won't be used again before we transition to git,
but then at least they'll give a path forward for whoever touches this next.

Suggested by:	lwhsu
2020-06-04 20:48:57 +00:00
Richard Scheffenegger
f4b4526f23 Add O_DIRECT flag to DD for cache bypass
FreeBSD DD utility has not had support for the O_DIRECT flag, which
is useful to bypass local caching, e.g. for unconditionally issuing
NFS IO requests during testing.

Reviewed by:	rgrimes (mentor)
Approved by:	rgrimes (mentor, blanket)
MFC after:	3 weeks
Sponsored by:	NetApp, Inc.
Differential Revision:	https://reviews.freebsd.org/D25066
2020-06-04 20:47:11 +00:00
Eric Joyner
51569bd793 em(4): Add support for Comet Lake Mobile Platform, update shared code
This change introduces Comet Lake Mobile Platform support in the e1000
driver along with shared code patches described below.

- Cast return value of e1000_ltr2ns() to higher type to avoid overflow
- Remove useless statement of assigning act_offset
- Add initialization of identification LED
- Fix flow control setup after connected standby:
  After connected standby the driver blocks resets during
  "AdapterStart" and skips flow control setup. This change adds
  condition in e1000_setup_link_ich8lan() to always setup flow control
  and to setup physical interface only when there is no need to block
  resets.

Signed-off-by: Piotr Pietruszewski <piotr.pietruszewski@intel.com>

Submitted by:	Piotr Pietruszewski <piotr.pietruszewski@intel.com>
Reviewed by:	erj@
Tested by:	Jeffrey Pieper <jeffrey.e.pieper@intel.com>
MFC after:	1 week
Relnotes:	yes
Sponsored by:	Intel Corporation
Differential Revision:	https://reviews.freebsd.org/D25035
2020-06-04 20:39:28 +00:00
John Baldwin
080933c050 Use separate output buffers for OCF requests in KTLS.
KTLS encryption requests for file-backed data such as from sendfile(2)
require the encrypted data to be stored in a separate buffer from the
unencrypted file input data.  Previously the OCF backend for KTLS
manually copied the data from the input buffer to the output buffer
before queueing the crypto request.  Now the OCF backend will use a
separate output buffer for such requests and avoid the copy.  This
mostly helps when an async co-processor is used by saving CPU cycles
used on the copy.

Reviewed by:	gallatin (earlier version)
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D24545
2020-06-04 20:12:34 +00:00
Stefan Eßer
23e84cf153 Fix obvious typo: IN_BLKDATA should be IN_IBLKDATA 2020-06-04 19:54:25 +00:00
Mitchell Horne
3245fa215a Update edk2 headers to stable202005
We use these to compile libefivar. The particular motivation for this update is
the inclusion of the RISC-V machine definitions that allow us to build the
library on the platform. This support could easily have been submitted as a
small local diff, but the timing of the release coincided with this work, and
it has been over 3 years since these sources were initially imported.

Note that this comes with a license change from regular BSD 2-clause to the
BSD+Patent license. This has been approved by core@ for this particular
project [1].

As with the original import, we retain only the subset of headers that we
actually need to build libefivar. I adapted imp@'s process slightly for this
update:

    # Generate list of the headers needed to build
    cp -r ../vendor/edk2/dist/MdePkg/Include sys/contrib/edk2
    cd lib/libefivar
    make
    pushd `make -V .OBJDIR`
    cat .depend*.o | grep sys/contrib | cut -d' ' -f 3 |
        sort -u | sed -e 's=/full/path/sys/contrib/edk2/==' > /tmp/xxx
    popd

    # Merge the needed files
    cd ../../sys/contrib/edk2
    svn revert -R .
    for i in `cat /tmp/xxx`; do
        svn merge -c VendorRevision svn+ssh://repo.freebsd.org/base/vendor/edk2/dist/MdePkg/$i $i
    done
    svn merge -c VendorRevision svn+ssh://repo.freebsd.org/base/vendor/edk2/dist/MdePkg/MdePkg.dec MdePkg.dec

[1] https://www.freebsd.org/internal/software-license.html
2020-06-04 19:21:41 +00:00
Kirk McKusick
30296c428a Two additional places that need to identify IN_IBLKDATA.
Reviewed by: kib
MFC with: -r361785
Differential Revision:  https://reviews.freebsd.org/D25072
2020-06-04 18:35:21 +00:00
Kyle Evans
9b16365fca RELNOTES and UPDATING: Document the new policy on read(2) of dirfd
These changes have been completely flushed as of r361799; note it.
2020-06-04 18:19:16 +00:00
Kyle Evans
63619b6dba vfs: add restrictions to read(2) of a directory [2/2]
This commit adds the priv(9) that waters down the sysctl to make it only
allow read(2) of a dirfd by the system root. Jailed root is not allowed, but
jail policy and superuser policy will abstain from allowing/denying it so
that a MAC module can fully control the policy.

Such a MAC module has been written, and can be found at:
https://people.freebsd.org/~kevans/mac_read_dir-0.1.0.tar.gz

It is expected that the MAC module won't be needed by many, as most only
need to do such diagnostics that require this behavior as system root
anyways. Interested parties are welcome to grab the MAC module above and
create a port or locally integrate it, and with enough support it could see
introduction to base. As noted in mac_read_dir.c, it is released under the
BSD 2 clause license and allows the restrictions to be lifted for only
jailed root or for all unprivileged users.

PR:		246412
Reviewed by:	mckusick, kib, emaste, jilles, cy, phk, imp (all previous)
Reviewed by:	rgrimes (latest version)
Differential Revision:	https://reviews.freebsd.org/D24596
2020-06-04 18:17:25 +00:00
Kyle Evans
dcef4f65ae vfs: add restrictions to read(2) of a directory [1/2]
Historically, we've allowed read() of a directory and some filesystems will
accommodate (e.g. ufs/ffs, msdosfs). From the history department staffed by
Warner: <<EOF

pdp-7 unix seemed to allow reading directories, but they were weird, special
things there so I'm unsure (my pdp-7 assembler sucks).

1st Edition's sources are lost, mostly. The kernel allows it. The
reconstructed sources from 2nd or 3rd edition read it though.

V6 to V7 changed the filesystem format, and should have been a warning, but
reading directories weren't materially changed.

4.1b BSD introduced readdir because of UFS. UFS broke all directory reading
programs in 1983. ls, du, find, etc all had to be rewritten. readdir() and
friends were introduced here.

SysVr3 picked up readdir() in 1987 for the AT&T fork of Unix. SysVr4 updated
all the directory reading programs in 1988 because different filesystem
types were introduced.

In the 90s, these interfaces became completely ubiquitous as PDP-11s running
V7 faded from view and all the folks that initially started on V7 upgraded
to SysV. Linux never supported this (though I've not done the software
archeology to check) because it has always had a pathological diversity of
filesystems.
EOF

Disallowing read(2) on a directory has the side-effect of masking
application bugs from relying on other implementation's behavior
(e.g. Linux) of rejecting these with EISDIR across the board, but allowing
it has been a vector for at least one stack disclosure bug in the past[0].

By POSIX, this is implementation-defined whether read() handles directories
or not. Popular implementations have chosen to reject them, and this seems
sensible: the data you're reading from a directory is not structured in some
unified way across filesystem implementations like with readdir(2), so it is
impossible for applications to portably rely on this.

With this patch, we will reject most read(2) of a dirfd with EISDIR. Users
that know what they're doing can conscientiously set
bsd.security.allow_read_dir=1 to allow read(2) of directories, as it has
proven useful for debugging or recovery. A future commit will further limit
the sysctl to allow only the system root to read(2) directories, to make it
at least relatively safe to leave on for longer periods of time.

While we're adding logic pertaining to directory vnodes to vn_io_fault, an
additional assertion has also been added to ensure that we're not reaching
vn_io_fault with any write request on a directory vnode. Such request would
be a logical error in the kernel, and must be debugged rather than allowing
it to potentially silently error out.

Commented out shell aliases have been placed in root's chsrc/shrc to promote
awareness that grep may become noisy after this change, depending on your
usage.

A tentative MFC plan has been put together to try and make it as trivial as
possible to identify issues and collect reports; note that this will be
strongly re-evaluated. Tentatively, I will MFC this knob with the default as
it is in HEAD to improve our odds of actually getting reports. The future
priv(9) to further restrict the sysctl WILL NOT BE MERGED BACK, so the knob
will be a faithful reversion on stable/12. We will go into the merge
acknowledging that the sysctl default may be flipped back to restore
historical behavior at *any* point if it's warranted.

[0] https://www.freebsd.org/security/advisories/FreeBSD-SA-19:10.ufs.asc

PR:		246412
Reviewed by:	mckusick, kib, emaste, jilles, cy, phk, imp (all previous)
Reviewed by:	rgrimes (latest version)
MFC after:	1 month (note the MFC plan mentioned above)
Relnotes:	absolutely, but will amend previous RELNOTES entry
Differential Revision:	https://reviews.freebsd.org/D24596
2020-06-04 18:09:55 +00:00
Oleksandr Tymoshenko
c847212986 Remove licenses
I haven't requested explicit permission from authors and shouldn't have
added BSDL headers without it.

Requestes by:	imp
2020-06-04 17:20:58 +00:00
Mark Johnston
0006082054 dhclient: Fix a logic bug remove_protocol().
A logic bug in remove_protocol() meant that it would remove (leak) all
structures in the list preceding the one intended for removal.

PR:		245971
Submitted by:	joost@jodocus.org (original version)
MFC after:	1 week
2020-06-04 16:24:13 +00:00
Mark Johnston
e9ee2675cb Update vt(4) config option names to chase r303043.
PR:		246080
Submitted by:	David Marec <david@lapinbilly.eu>
MFC after:	1 week
2020-06-04 16:05:24 +00:00
Conrad Meyer
a35bc248fd Restrict default /root permissions
Remove world-readability from the root directory.  Sensitive information may be
stored in /root and we diverge here from normative administrative practice, as
well as installation defaults of other Unix-alikes.  The wheel group is still
permitted to read the directory.

750 is no more restrictive than defaults for the rest of the open source
Unix-alike world.  In particular, Ben Woods surveyed DragonFly, NetBSD,
OpenBSD, ArchLinux, CentOS, Debian, Fedora, Slackware, and Ubuntu.  None have a
world-readable /root by default.

Submitted by:	Gordon Bergling <gbergling AT gmail.com>
Reviewed by:	ian, myself
Discussed with:	emaste (informal approval)
Relnotes:	sure?
Differential Revision:	https://reviews.freebsd.org/D23392
2020-06-04 16:04:19 +00:00
Eugene Grosbein
8e725dacd2 ifconfig(8): make it possible to filter output by interface group.
Now options -g/-G allow to select/unselect interfaces by groups
in the "ifconfig -a" output just like already existing -d/-u.

Examples:

to exclude loopback from the list: ifconfig -a -G lo
to show vlan interfaces only: ifconfig -a -g vlan
to show tap interfaces that are up: ifconfig -aug tap

Arguments to -g/-G may be shell patterns and both may be specified.
Later options -g/-G override previous ones.

MFC after:		2 weeks
Relnotes:		yes
Differential Revision:	https://reviews.freebsd.org/D25029
2020-06-04 14:44:44 +00:00
Eugene Grosbein
47cb0632e8 ipfw: unbreak matching with big table type flow.
Test case:

# n=32769
# ipfw -q table 1 create type flow:proto,dst-ip,dst-port
# jot -w 'table 1 add tcp,127.0.0.1,' $n 1 | ipfw -q /dev/stdin
# ipfw -q add 5 unreach filter-prohib flow 'table(1)'

The rule 5 matches nothing without the fix if n>=32769.

With the fix, it works:
# telnet localhost 10001
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Permission denied
telnet: Unable to connect to remote host

MFC after:	2 weeks
Discussed with: ae, melifaro
2020-06-04 14:15:39 +00:00
Andriy Gapon
e84d431622 superio: do not assume that current LDN cannot change after config exit
That assumption should be true when superio(4) uses the hardware
exlusively.  But it turns out to not hold on some real systems.
So, err on the side of correctness rather than performance.
Clear current_ldn in sio_conf_exit.

Reported by:	bz
Tested by:	bz
MFC after:	1 week
2020-06-04 13:18:21 +00:00
Andriy Gapon
f95cfecbb2 ifconfig.8: fix cpability and flag descriptions for list scan / sta
Some capability descriptions under list scan actually described flags.
Some capability descriptions were missing.
Some flag descriptions under list sta actually described capabilites.

Reviewed by:	adrian
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D25014
2020-06-04 13:06:49 +00:00
Konstantin Belousov
7428630b75 UFS: write inode block for fdatasync(2) if pointers in inode where allocated
The fdatasync() description in POSIX specifies that
    all I/O operations shall be completed as defined for synchronized I/O
    data integrity completion.
and then the explanation of Synchronized I/O Data Integrity Completion says
    The write is complete only when the data specified in the write
    request is successfully transferred and all file system
    information required to retrieve the data is successfully
    transferred.

For UFS this means that all pointers must be on disk. Indirect
pointers already contribute to the list of dirty data blocks, so only
direct blocks and root pointers to indirect blocks, both of which
reside in the inode block, should be taken care of. In ffs_balloc(),
mark the inode with the new flag IN_IBLKDATA that specifies that
ffs_syncvnode(DATA_ONLY) needs a call to ffs_update() to flush the
inode block.

Reviewed by:	mckusick
Discussed with:	tmunro
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D25072
2020-06-04 12:23:15 +00:00
Konstantin Belousov
064c283d65 Revert r361770 "Add pthread_getname_np() and pthread_setname_np() aliases" for now.
It is not compatible enough with Linux.

Requested by:	antoine, jkim
Sponsored by:	The FreeBSD Foundation
2020-06-04 09:06:03 +00:00
Benjamin Kaduk
a201343073 Add EXAMPLES to killall(1)
Submitted by:	fernape
Differential Revision:	https://reviews.freebsd.org/D25002
2020-06-04 04:29:43 +00:00
Oleksandr Tymoshenko
3a3bc1b1fd Add copyright headers to spigen overlays for rpi3 and rpi4
Reported by:	Rodney W. Grimes <freebsd@gndrsh.dnsmgr.net> (for rpi4)
2020-06-04 02:36:41 +00:00
Ed Maste
4d13f78444 Correct terminology in vm.imply_prot_max sysctl description
As with r361769 (man page), PROT_* are properly called protections, not
permissions.

MFC after:	1 week
MFC with:	r361769
Sponsored by:	The FreeBSD Foundation
2020-06-04 01:49:29 +00:00
Rick Macklem
01f13218a3 Fix mountd to handle getgrouplist() not returning groups[0] == groups[1].
Prior to r174547, getgrouplist(3) always returned a groups list with
element 0 and 1 set to the basegid argument, so long as ngroups was > 1.
Post-r174547 this is not the case. r328304 disabled the deduplication that
removed the duplicate, but the duplicate still does not occur unless the
group for a user in the password database is also entered in the group
database.
This patch fixes mountd so that it handles the case where a user specified
with the -maproot or -mapall exports option has a getgrouplist(3) groups
list where groups[0] != groups[1].
Found while testing another mountd patch.

MFC after:	2 weeks
2020-06-04 00:28:20 +00:00
John Baldwin
8c27b7a98b Add opt_compat.h needed by r359374.
Reported by:	kevans
2020-06-03 23:21:44 +00:00
Adrian Chadd
e649b526cc [run] Fix up tx/rx frame size.
This specifically fixes that TX frames are large enough now to hold a 3900 odd
byte AMSDU (the little ones); me flipping it on earlier messed up transmit!

Tested:

* if_run, STA mode, TX/RX TCP/UDP iperf.  TCP is now back to normal and
  correctly does ~ 3200 byte AMSDU/fast frames (2x1600ish byte MSDUs).
2020-06-03 22:30:44 +00:00
John Baldwin
1a4a7e98eb Explicitly zero IVs on the stack.
Reviewed by:	delphij
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D25057
2020-06-03 22:19:52 +00:00
John Baldwin
0065d9a47f Explicitly zero AES key schedules on the stack.
Reviewed by:	delphij
MFC after:	1 week
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D25057
2020-06-03 22:18:21 +00:00
Oleksandr Tymoshenko
eb5e1004e2 Add spigen overlay for Raspberry Pi 4
Submitted by:	gergely.czuczy@harmless.hu
2020-06-03 22:18:15 +00:00
John Baldwin
66f2e4b620 Explicitly zero on-stack IVs, tags, and HMAC keys.
Reviewed by:	delphij
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D25057
2020-06-03 22:15:11 +00:00
John Baldwin
20c128da91 Add explicit bzero's of sensitive data in software crypto consumers.
Explicitly zero IVs, block buffers, and hashes/digests.

Reviewed by:	delphij
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D25057
2020-06-03 22:11:05 +00:00
Oleksandr Tymoshenko
0897babceb Add dtb for Firefly RK3399 to the list of Rockchip dtbs 2020-06-03 21:19:57 +00:00
Konstantin Belousov
9bed49fea4 Add pthread_getname_np() and pthread_setname_np() aliases
for pthread_get_name_np() and pthread_set_name_np(), to be
compatible with Linux.

PR:	238404
Proposed and reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D25117
2020-06-03 20:54:36 +00:00
Ed Maste
3f65edb369 mmap.2: correct prot argument terminology
One of the error descriptions referred to permissions; in context the
meaning was probably clear, but the prot values are properly called
protections.

MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2020-06-03 20:42:52 +00:00