Commit Graph

6466 Commits

Author SHA1 Message Date
Dimitry Andric
6ae9acde63 Merge ^/head r313896 through r314128. 2017-02-23 07:45:58 +00:00
Warner Losh
b8efe21815 Remove more stray EISA refernces: ahb was removed. Remove the cross
reference and replace, where appropiate, with ahd.4.
2017-02-22 20:47:25 +00:00
Enji Cooper
81e8601f58 Remove lib/libpam tests after they were removed from the source tree in r313975
X-MFC with:	r313975
Sponsored by:	Dell EMC Isilon
2017-02-20 01:45:12 +00:00
Allan Jude
85c15ab853 improve PBKDF2 performance
The PBKDF2 in sys/geom/eli/pkcs5v2.c is around half the speed it could be

GELI's PBKDF2 uses a simple benchmark to determine a number of iterations
that will takes approximately 2 seconds. The security provided is actually
half what is expected, because an attacker could use the optimized
algorithm to brute force the key in half the expected time.

With this change, all newly generated GELI keys will be approximately 2x
as strong. Previously generated keys will talk half as long to calculate,
resulting in faster mounting of encrypted volumes. Users may choose to
rekey, to generate a new key with the larger default number of iterations
using the geli(8) setkey command.

Security of existing data is not compromised, as ~1 second per brute force
attempt is still a very high threshold.

PR:		202365
Original Research:	https://jbp.io/2015/08/11/pbkdf2-performance-matters/
Submitted by:	Joe Pixton <jpixton@gmail.com> (Original Version), jmg (Later Version)
Reviewed by:	ed, pjd, delphij
Approved by:	secteam, pjd (maintainer)
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D8236
2017-02-19 19:30:31 +00:00
Dimitry Andric
1a36faad54 Merge ^/head r313301 through r313643. 2017-02-11 14:04:18 +00:00
Enji Cooper
15df32b48d MFhead@r313360 2017-02-07 01:33:39 +00:00
Dimitry Andric
f9edb08480 Merge ^/head r313055 through r313300. 2017-02-05 20:03:05 +00:00
Enji Cooper
7664382295 Use kldload -n when loading if_deqna
This fixes if_deqna from being loaded by accident twice if it's already loaded
in the kernel.

MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-02-05 08:24:37 +00:00
Enji Cooper
9b3ece1c2e MFhead@r313243 2017-02-04 18:06:09 +00:00
Alan Somers
cb23468e75 Allow 999.local to run scripts in any language
If one of the scripts listed in (daily|weekly|monthly)_local is executable,
999.local should simply execute it. Only if the script isn't executable
should 999.local assume it needs /bin/sh.

Reviewed by:	brian
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
2017-02-01 23:22:54 +00:00
Dimitry Andric
65575c1424 Merge ^/head r312894 through r312967. 2017-01-29 22:00:47 +00:00
Yoshihiro Takahashi
2b375b4edd Remove pc98 support completely.
I thank all developers and contributors for pc98.

Relnotes:	yes
2017-01-28 02:22:15 +00:00
Dimitry Andric
2004ce3f0d Merge ^/head r312624 through r312719. 2017-01-24 19:59:25 +00:00
Kevin Lo
a6bac5b604 Sort REALTEK section and remove duplicate entry for RTL8192CU. 2017-01-24 03:00:22 +00:00
Kevin Lo
60b9567d16 Add support for the Realtek RTL8192EU chipset.
Committed over the D-Link DWA-131 rev E1 on amd64 with WPA.

Reviewed by:	avos
2017-01-24 02:35:38 +00:00
Dimitry Andric
a4aa656aa5 Merge ^/head r312309 through r312623. 2017-01-22 16:05:13 +00:00
Ed Maste
6b02cd2c8f Remove obsolete /usr/lib/debug/usr/lib/private dir
Missed in r282420

Reported by:	dim
2017-01-20 03:14:18 +00:00
Enji Cooper
71164a14d0 Integrate .../contrib/netbsd-tests/usr.bin/uniq into the FreeBSD test
suite as .../usr.bin/uniq/tests

Sponsored by:	Dell EMC Isilon
2017-01-14 06:51:31 +00:00
Dimitry Andric
8a6fe8ce60 Merge ^/head r311812 through r311939. 2017-01-11 21:05:13 +00:00
Ian Lepore
6a4b451a11 Follow r311103: add "pool" to the keywords that rc.d/ntpdate examines to
find a server address in ntp.conf.

Submitted by:	Ronald Klop <ronald@klop.ws>
Pointy hat to:	ian
2017-01-11 00:14:47 +00:00
Alan Somers
cdb7a6fc42 Fix memory leaks during "tail -r" of an irregular file
* Rewrite r_buf to use standard tail queues instead of a hand-rolled
  circular linked list. Free dynamic allocations when done.
* Remove an optimization for the case where the file is a multiple of 128KB
  in size and there is a scarcity of memory.
* Add ATF tests for "tail -r" and its variants.

Reported by:	Valgrind
Reviewed by:	ngie
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D9067
2017-01-10 20:43:32 +00:00
Dimitry Andric
69415bc524 Merge ^/head r311546 through r311683. 2017-01-08 14:36:18 +00:00
Enji Cooper
3bc6f09c7b Move the mibII module up so uncommenting the bridge module works
Add a note about how module ordering and dependent modules

MFC after:	1 week
2017-01-07 09:03:40 +00:00
Dimitry Andric
2b532af829 Merge ^/head r311314 through r311459. 2017-01-05 20:50:44 +00:00
Dimitry Andric
53fe1d28fa Adjust version numbers for the clang library directory. 2017-01-05 18:32:18 +00:00
Alan Somers
0dbb4093ef Fix typo from r311349
Reported by:	lwhsu
Pointy-hat-to:	asomers
MFC after:	4 weeks
X-MFC-with:	311349
2017-01-05 15:07:04 +00:00
Alan Somers
371f86d244 tabs -> spaces in etc/mtree
MFC after:	4 weeks
2017-01-05 02:47:56 +00:00
Ian Lepore
9f5b5f5a4d Update ntp.conf to use the ntpd pool feature.
Our previous ntp.conf file configured 3 servers from freebsd.pool.ntp.org
using 3 separate 'server' config lines.  That is now replaced with a single
'pool' line which causes ntpd to add multiple servers from the pool.

More than just making the config smaller, the pool feature in ntpd has one
major advantage over configuring 3 separate servers from a pool: if a server
that was added using a 'pool' statement provides bad time (initially or at
some later date), ntpd automatically discards it and configures a new
different server from the pool without needing to be restarted.

These changes also add a 'tos' line to control how many pool servers get
added, a 'restrict source' line that is required to allow ntpd to add new
peers from the pool, and it deletes a 'restrict 127.127.1.0' line that does
nothing and should never have been there (127.127.1.0 is not a valid IP
address, it's a refclock identifier).

Differential Revision:	https://reviews.freebsd.org/D9011
2017-01-02 15:19:22 +00:00
Enji Cooper
79030cf6d9 Provide some guidance when dealing with sections and variables contained
within them

For example, using variables designated for %usm requires uncommenting
%usm section header

MFC after:	1 month
2016-12-23 08:59:23 +00:00
Enji Cooper
62530c3f9e Don't hardcode $(securityModelUSM) (3) in the authPriv example under the %vacm
section

MFC after:	1 week
2016-12-23 08:54:44 +00:00
Enji Cooper
ad59cea045 Group all loadable modules in the %default section
This will allow new users to uncomment the modules and have things work
with less head scratching, in the event they decide to uncomment any
of the section separators, e.g. %usm or %vcm, as the module loading is
only effective in the %default section.

MFC after:	1 week
2016-12-23 06:56:48 +00:00
Enji Cooper
bedfa5f26a Clean up trailing whitespace
No functional change

MFC after:	3 days
2016-12-23 06:35:18 +00:00
Ed Schouten
1982624784 Add an example inetd(8) entry for the Prometheus sysctl exporter.
I went through the process of allocating a default port number for this
exporter, TCP 9124. This means that we can add an entry to the services
file as well.

List of Prometheus default port numbers:
https://github.com/prometheus/prometheus/wiki/Default-port-allocations
2016-12-21 08:32:20 +00:00
Dimitry Andric
3ffd353070 Merge ^/head r309817 through r310168. 2016-12-16 18:38:31 +00:00
Konrad Witaszczyk
480f31c214 Add support for encrypted kernel crash dumps.
Changes include modifications in kernel crash dump routines, dumpon(8) and
savecore(8). A new tool called decryptcore(8) was added.

A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump
configuration in the diocskerneldump_arg structure to the kernel.
The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for
backward ABI compatibility.

dumpon(8) generates an one-time random symmetric key and encrypts it using
an RSA public key in capability mode. Currently only AES-256-CBC is supported
but EKCD was designed to implement support for other algorithms in the future.
The public key is chosen using the -k flag. The dumpon rc(8) script can do this
automatically during startup using the dumppubkey rc.conf(5) variable.  Once the
keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O
control.

When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random
IV and sets up the key schedule for the specified algorithm. Each time the
kernel tries to write a crash dump to the dump device, the IV is replaced by
a SHA-256 hash of the previous value. This is intended to make a possible
differential cryptanalysis harder since it is possible to write multiple crash
dumps without reboot by repeating the following commands:
# sysctl debug.kdb.enter=1
db> call doadump(0)
db> continue
# savecore

A kernel dump key consists of an algorithm identifier, an IV and an encrypted
symmetric key. The kernel dump key size is included in a kernel dump header.
The size is an unsigned 32-bit integer and it is aligned to a block size.
The header structure has 512 bytes to match the block size so it was required to
make a panic string 4 bytes shorter to add a new field to the header structure.
If the kernel dump key size in the header is nonzero it is assumed that the
kernel dump key is placed after the first header on the dump device and the core
dump is encrypted.

Separate functions were implemented to write the kernel dump header and the
kernel dump key as they need to be unencrypted. The dump_write function encrypts
data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps
are not supported due to the way they are constructed which makes it impossible
to use the CBC mode for encryption. It should be also noted that textdumps don't
contain sensitive data by design as a user decides what information should be
dumped.

savecore(8) writes the kernel dump key to a key.# file if its size in the header
is nonzero. # is the number of the current core dump.

decryptcore(8) decrypts the core dump using a private RSA key and the kernel
dump key. This is performed by a child process in capability mode.
If the decryption was not successful the parent process removes a partially
decrypted core dump.

Description on how to encrypt crash dumps was added to the decryptcore(8),
dumpon(8), rc.conf(5) and savecore(8) manual pages.

EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU.
The feature still has to be tested on arm and arm64 as it wasn't possible to run
FreeBSD due to the problems with QEMU emulation and lack of hardware.

Designed by:	def, pjd
Reviewed by:	cem, oshogbo, pjd
Partial review:	delphij, emaste, jhb, kib
Approved by:	pjd (mentor)
Differential Revision:	https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
Dimitry Andric
1bde3b7066 Merge ^/head r309519 through r309757. 2016-12-09 20:57:43 +00:00
Andriy Voskoboinyk
7d3a36a88e Do not try to recreate wlan(4) interface if it already exists.
This should fix error messages caused by devd(8) during startup:

Starting Network: lo0 wlan0.
...
Starting devd.
ifconfig: SIOCS80211: Device busy
wpa_supplicant already running?  (pid=323).

MFC after:	2 weeks
2016-12-04 15:58:34 +00:00
Dimitry Andric
4f9d94bf64 Merge ^/head r309263 through r309518. 2016-12-04 00:00:56 +00:00
Devin Teske
4f38967037 Fix bug preventing limits(1) from being applied
PR:		misc/212493
Differential Revision:	https://reviews.freebsd.org/D8232
Submitted by:	girgen
Reviewed by:	adrian
MFC after:	3 days
X-MFC-to:	stable/11
2016-12-03 19:03:40 +00:00
Warner Losh
f8c1525499 Finish incomplete comments in prior revision. I was going to fix this
after I tested it, but didn't.
2016-12-01 05:16:27 +00:00
Warner Losh
5c42a629c3 Revert the 'performance' setting to 'NONE' from C2. C2 has issues with
USB in places, as well as having the potential for reducing
performance. Since this is used even when powerd isn't enabled, these
two problems can cause on servers. Supermicro X9 motherboards, for
example, have problems with the virtual IPMI USB keyboards and mice
attaching and detaching repeatedly. Since there are issues on some
CPUs with C2, fail safe by defaulting to not altering it.

MFC After: 3 days
2016-12-01 04:35:43 +00:00
Warner Losh
5ad34286cd If the kenv variable rc_debug is set, turn on rc_debug. 2016-12-01 04:35:41 +00:00
Dimitry Andric
5b41a5b675 Update build glue for llvm/clang 3.9.1. 2016-11-26 01:13:53 +00:00
Dimitry Andric
0ed76ec8e6 Merge ^/head r308870 through r309105. 2016-11-24 14:39:04 +00:00
Jilles Tjoelker
481b6d6f37 rc.subr: $(ps -p $$ -o jid=) is always 0, so do not fork ps for it.
The JID keyword writes 0 for a process also in the host system or in the
same jail.
2016-11-20 18:21:05 +00:00
Dimitry Andric
67bc8c8b9e Merge ^/head r308491 through r308841. 2016-11-19 16:05:55 +00:00
Jilles Tjoelker
bddbe3b2b1 rc.subr: Swap checks so we only fork sysctl if *_oomprotect is set. 2016-11-17 22:49:51 +00:00
Sepherosa Ziehau
168fce73b5 hyperv/vss: Add driver and tools for VSS
VSS stands for "Volume Shadow Copy Service".  Unlike virtual machine
snapshot, it only takes snapshot for the virtual disks, so both
filesystem and applications have to aware of it, and cooperate the
whole VSS process.

This driver exposes two device files to the userland:

    /dev/hv_fsvss_dev

    Normally userland programs should _not_ mess with this device file.
    It is currently used by the hv_vss_daemon(8), which freezes and
    thaws the filesystem.  NOTE: currently only UFS is supported, if
    the system mounts _any_ other filesystems, the hv_vss_daemon(8)
    will veto the VSS process.

    If hv_vss_daemon(8) was disabled, then this device file must be
    opened, and proper ioctls must be issued to keep the VSS working.

    /dev/hv_appvss_dev

    Userland application can opened this device file to receive the
    VSS freeze notification, hold the VSS for a while (mainly to flush
    application data to filesystem), release the VSS process, and
    receive the VSS thaw notification i.e. applications can run again.

    The VSS will still work, even if this device file is not opened.
    However, only filesystem consistency is promised, if this device
    file is not opened or is not operated properly.

hv_vss_daemon(8) is started by devd(8) by default.  It can be disabled
by editting /etc/devd/hyperv.conf.

Submitted by:	Hongjiang Zhang <honzhan microsoft com>
Reviewed by:	kib, mckusick
MFC after:	3 weeks
Sponsored by:	Microsoft
Differential Revision:	https://reviews.freebsd.org/D8224
2016-11-15 02:36:12 +00:00
Dimitry Andric
2828dafcf3 Merge ^/head r308227 through r308490. 2016-11-10 22:12:19 +00:00
Marcelo Araujo
46542a426e We can't use protect(1) inside a jail(8)!
To avoid have warning for services that are using oomprotect, oomprotect
will only be applied on services that won't run inside jails.

Reported by:	allanjude
MFC after:	2 weeks.
2016-11-10 07:05:41 +00:00