Commit Graph

247028 Commits

Author SHA1 Message Date
Kyle Evans
705d79b4bd inetd: final round of trivial cleanup, NFC
Highlights:
- Use MAX() for maxsock raising; small readability improvement IMO
- malloc(3) + memset(3) -> calloc(3) where appropriate
- stop casting the return value of malloc(3)
- mallloc(3) -> reallocarray(3) where appropriate

A future change may enter capability mode when forking for some of the
built-in handlers.
2020-01-01 18:49:57 +00:00
Gleb Smirnoff
e00ee1a9f4 In r343631 error code for a packet blocked by a firewall was
changed from EACCES to EPERM.  This change was not intentional,
so fix that.  Return EACCESS if a firewall forbids sending.

Noticed by:	ae
2020-01-01 17:32:20 +00:00
Gleb Smirnoff
8d5c56dab1 In r343631 error code for a packet blocked by a firewall was
changed from EACCES to EPERM.  This change was not intentional,
so fix that.  Return EACCESS if a firewall forbids sending.

Noticed by:	ae
2020-01-01 17:31:43 +00:00
Jilles Tjoelker
d3eae2a68e sh: Fix rare memory leak with SIGINT
If getcwd() failed earlier on but later succeeded in the pwd builtin,
there was no INTOFF protection between calling savestr() and storing its
result.

It is quite rare for getcwd() to fail, and rarer for it to succeed later in
the same directory.

Found via code inspection for changing ckmalloc() and similar to assert
INTOFF protection instead of applying it directly (which protects against
corrupting malloc's internal state but allows memory leaks or double frees).

MFC after:	1 week
2020-01-01 12:06:37 +00:00
Xin LI
73db93b889 Revert r356249 for now as it broke GCC builds. 2020-01-01 09:22:06 +00:00
Xin LI
b06cf1e44f Reduce memory footprint of fsck_msdosfs.
This utility was initially written for FAT12/16, which were inherently
small. When FAT32 support was added, the old data structure and
algorithms remain used with minimal changes.

With growing size of FAT32 media, the current data structure that
requires 4 32-bit variables per each FAT32 table entry would consume up
to 4 GiB of RAM, which can be too big for systems with limited RAM
available.

Address this by taking a different approach of validating the FAT.

The FAT is essentially a set of linked lists of chains that was
referenced by directory entries, and the checker needs to make sure that
the linked chains of clusters do not have cross-linked chains, and every
chain were referenced by one and only one directory entry.  Instead of
keeping track of the chain's 'head' cluster number, the size of the
chain, the used status of the chain and the "next" pointer which is
content of the FAT table, we create accessors for the FAT table data
for the "next" pointer, and keep only one bit to indicate if the
current cluster is a 'head' node of a cluster chain, in a bitmap.

We further overhaul the FAT checker to find out the possible head nodes
by excluding ones that are not (in other words, nodes that have some
other nodes claiming them as the next node) instead of marking the head
nodes for each node on the chain.  This approach greatly reduced the
complexiety of computation from O(N^2) worst case, to an O(N) scan for
worst case.  The file (cluster chain) length is not useful for the FAT
checker, so don't bother to calculate them in the FAT checker and
instead leave the task to the directory structure check, at which point
we would have non-crossed cluster chains, and we are guaranteed that
each cluster will be visited for at most one time.

When checking the directory structures, we use the head node indicator
to as the visited (used) flag: every cluster chain can only be
referenced by one directory entry, so we clear them when calculating
the length of the chain, and we can immediately tell if there are
anomalies in the directory entry.

As a result, the required RAM size is now 1 bit per each entry of
the FAT table, plus memory needed to hold the FAT table in memory,
instead of 16 bytes (=128 bits) per each entry.  For FAT12 and FAT16,
we will load the whole FAT table into memory as they are smaller than
128KiB, and for FAT32, we first attempt to mmap() it into memory, and
when that fails, we would fall back to a simple LRU cache of 4 MiB of
RAM.

sbin/fsck_msdosfs/boot.c:

 - Added additional sanity checks for valid FAT32/FAT16/FAT12 cluster
   number.
 - FAT32: check if root directory starts with a valid cluster number,
   moved from dir.c.  There is no point to proceed if the filesystem
   is already damaged beyond repair.

sbin/fsck_msdosfs/check.c:

 - Combine phase 1 and phase 2, now that the readfat() is able to
   detect cross chains.

sbin/fsck_msdosfs/dir.c:

 - Refactor code to use FAT accessor instead of accessing the internal
   representation of FAT table.
 - Make use of the cluster chain head bitmap.
 - Clarify and simplify directory entry check, remove unnecessary
   checks that are would be done at a later time (for example, whether
   the directory's second cluster is a valid one, which is examined
   more throughly in a later checkchain() and does not prevent us
   from proceeding further).

sbin/fsck_msdosfs/dosfs.h:

 - Remove internal representation of FAT table, which is replaced by
   the head bitmap that is opaque to other code.
 - Added a special CLUST_DEAD cluster type to indicate errors.

sbin/fsck_msdosfs/ext.h:

 - Added a flag that overrides mmap(2) setting.  The corresponding
   command line option, -M is intentionally undocumented as we do not
   expect users to need it.
 - Added accessors for FAT table and convert existing interface to use
   it.

sbin/fsck_msdosfs/fat.c:

 - Added head bitmap to represent whether a cluster is a head cluster.
 - Converted FAT internal representation to accessors.
 - Implemented a LRU cache for FAT32 when mmap(2) should not or can not
   be used.
 - _readfat: Attempt a mmap(2) and fall back to regular read for
   non-FAT32 file systems; use the LRU cache for FAT32 and prepopulate
   the cache with the first 4MiB of the entries.
 - readfat: Added support of head bitmap and use the population scan to
   detect bogus chains.
 - clusterdiff: removed, FATs are copied from the checked copy via
   writefat()/copyfat().
 - checkchain: calculates the length of a cluster chain and make sure
   that it ends with a valid EOF marker.
 - clearchain: follow and clear a chain and maintain the free cluster
   count.
 - checklost: convert to use head bitmap. At the end of all other scans,
   the remaining 'head' nodes are leaders of lost cluster chains.

sbin/fsck_msdosfs/fat.c:

 - Added a new -M option which is intentionally undocumented, to disable
   the use of mmap().

Reviewed by:	kevlo
MFC after:	1 month
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D22965
2020-01-01 07:43:08 +00:00
Kyle Evans
c8863d0590 inetd: convert remaining bzero(3) to memset(3), NFC
This change is purely in the name of noise reduction from static analyzers
that want to complain that bzero(3) is obsolete in favor of memset(3).

With this, clang-analyze at least is now noise free. WARNS= 6 also appears
to have been OK for some time now, so drop the current setting and opt for
the default.
2020-01-01 04:29:08 +00:00
Kyle Evans
c53b0f40f3 inetd: track all child pids, regardless of maxchild spec
Currently, child pids are only tracked if maxchildren is specified. As a
consequence, without a maxchild limit we do not get a notice in syslog on
children aborting abnormally. This turns out to be a great debugging aide at
times.

Children are now tracked in a LIST; the management interface is decidedly
less painful when there's no upper bound on the number of entries we may
have at the cost of one small allocation per connection.

PR:		70335
2020-01-01 04:22:04 +00:00
Kyle Evans
d6272fce7c inetd: add some macros for checking child limits, NFC
The main point here is capturing the maxchild > 0 check. A future change to
inetd will start tracking all of the child pids so that it can give proper
and consistent notification of process exit/signalling.
2020-01-01 03:59:54 +00:00
Conrad Meyer
767991d2be vmgenid(4): Integrate as a random(4) source
The number is public and has no "entropy," but should be integrated quickly
on VM rewind events to avoid duplicate sequences.

Approved by:	csprng(markm)
Differential Revision:	https://reviews.freebsd.org/D22946
2020-01-01 00:35:02 +00:00
Rick Macklem
80a1b8c5e3 Update the man page to reflect that "-M" and "-N" are deprecated and ignored.
r356242 updated nfsstat.c to report that the "-M" and "-N" options were
being ignored. These options have never had any meaning for the new NFS
code (which is now the only NFS code).
This patch updates the man page to reflect this.

This is a content change.
2019-12-31 22:25:06 +00:00
Doug Moore
668a8aa83b The map-entry clipping functions modify start and end entries of an
entry in the vm_map, making invariants related to the max_free entry
field invalid. Move the clipping work into vm_map_entry_link, so that
linking is okay when the new entry clips a current entry, and the
vm_map doesn't have to be briefly corrupted. Change assertions and
conditions in SPLAY_{LEFT,RIGHT}_STEP since the max_free invariants
can now be trusted in all cases.

Tested by:	pho
Reviewed by:	alc
Differential Revision:	https://reviews.freebsd.org/D22897
2019-12-31 22:20:54 +00:00
Rick Macklem
28a04da3d7 Get rid of old nfsstat options no longer used.
The "-M" and "-N" options for nfsstat were used by the old NFS code and
have never done anything for the new NFS code.
This patch replaces code that assigns values to variables that are never
used with printf()s noting the options are ignored.
This has the side effect that it gets rid of warnings w.r.t. these
variables being assigned but never used, that occur for some builds.

Noticed during integration of the NFSv4.2 code.
2019-12-31 22:19:33 +00:00
Edward Tomasz Napierala
cc50333011 Add basic getcpu(2) support to linuxulator. The purpose of this
syscall is to query the CPU number and the NUMA domain the calling
thread is currently running on.  The third argument is ignored.
It doesn't do anything regarding scheduling - it's literally
just a way to query the current state, without any guarantees
you won't get rescheduled an opcode later.

This unbreaks Java from CentOS 8
(java-11-openjdk-11.0.5.10-0.el8_0.x86_64).

Reviewed by:	kib
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D22972
2019-12-31 22:01:08 +00:00
Alexander Motin
8c3fbf3c20 Relax locking of carp_forus().
This fixes deadlock between CARP and bridge.  Bridge calls this function
taking CARP lock while holding bridge lock.  Same time CARP tries to send
its announcements via the bridge while holding CARP lock.

Use of CARP_LOCK() here does not solve anything, since sc_addr is constant
while race on sc_state is harmless and use of the lock does not close it.

Reviewed by:	glebius
MFC after:	2 weeks
Sponsored by:	iXsystems, Inc.
2019-12-31 18:58:29 +00:00
Alexander V. Chernikov
d930203192 Fix NOINET6 build broken by r356236.
MFC after:	2 weeks
2019-12-31 17:57:12 +00:00
Alexander V. Chernikov
c83dda362e Split gigantic rtsock route_output() into smaller functions.
Amount of changes to the original code has been intentionally minimised
to ease diffing.
The changes are mostly mechanical, with the following exceptions:

* lltable handler is now called directly based of RTF_LLINFO flag presense.
* "report" logic for updating rtm in RTM_GET/RTM_DELETE has been simplified,
  fixing several potential use-after-free cases in rt_addrinfo.
* llable asserts has been replaced with error-returning, preventing kernel
  crashes when lltable gw af family is invalid (root required).

MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D22864
2019-12-31 17:26:53 +00:00
Michael Tuexen
e11c9783e1 Fix delayed ACK generation for DCTCP.
Submitted by:		Richard Scheffenegger
Reviewed by:		chengc@netapp.com, rgrimes@, tuexen@
Differential Revision:	https://reviews.freebsd.org/D22644
2019-12-31 16:15:47 +00:00
Edward Tomasz Napierala
0c80ec6dfa Regen after r356233.
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2019-12-31 16:07:12 +00:00
Edward Tomasz Napierala
79ae56a772 Sigh, add getcpu(2) chunk missed in r356229.
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2019-12-31 16:05:07 +00:00
Edward Tomasz Napierala
da7627d797 Regen after r356229.
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2019-12-31 16:01:37 +00:00
Glen Barber
29e12bc777 Happy New Year 2020!
MFC after:	1 minute
Sponsored by:	Rubicon Communications, LLC (netgate.com)
2019-12-31 16:01:36 +00:00
Edward Tomasz Napierala
a8bfc7a85c Fix definitions for Linux getcpu(2).
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2019-12-31 15:57:29 +00:00
Cy Schubert
0eefd3079a MFV r356143:
Update unbound 1.9.2 --> 1.9.6.

MFC after:	3 days
Security:	CVE-2019-18934 (fixed by 1.9.5)
2019-12-31 15:50:41 +00:00
Michael Tuexen
493c98c6d2 Add flags for upcoming patches related to improved ECN handling.
No functional change.
Submitted by:		Richard Scheffenegger
Reviewed by:		rgrimes@, tuexen@
Differential Revision:	https://reviews.freebsd.org/D22429
2019-12-31 14:32:48 +00:00
Michael Tuexen
83a2839fb9 Clear the flag indicating that the last received packet was marked CE also
in the case where a packet not marked was received.

Submitted by:		Richard Scheffenegger
Reviewed by:		rgrimes@, tuexen@
MFC after:		1 week
Differential Revision:	https://reviews.freebsd.org/D19143
2019-12-31 14:23:52 +00:00
Kyle Evans
6d3c9beedb psm: properly check for atkbdc_open failure
atkbdc_open can return NULL if the unit's out of bounds or the softc isn't
setup. Check it to be safe.
2019-12-31 13:56:48 +00:00
Michael Tuexen
7d87664a04 Add curly braces missed in https://svnweb.freebsd.org/changeset/base/354773
Sponsored by:		Netflix, Inc.
CID:			1407649
2019-12-31 12:29:01 +00:00
Kristof Provost
851c29f653 riscv: Remove unused variable
Fix the build that was broken by r356221. Pointy hat to myself.
2019-12-31 11:45:19 +00:00
Kristof Provost
01774d0d18 sifive: uart driver
Implement support for the UART as found on the SiFive FU540. It should
also work on, but has not been tested with, the FU310.

Reviewed by:	philip
Sponsored by:	Axiado
2019-12-31 10:54:13 +00:00
Kristof Provost
863e8ffc8b riscv: Remove pointless loop
There's no point in checking for absent CPUs if we're not going to do anything
about either the present or absent case. This loop can just be removed.

Reviewed by:	philip
Sponsored by:	Axiado
2019-12-31 10:53:03 +00:00
Conrad Meyer
168bbfa737 rtld(1): Do booleans like C99
Reviewed by:	kib, rlibby
Differential Revision:	https://reviews.freebsd.org/D22964
2019-12-31 05:41:47 +00:00
Rick Macklem
54640e6d16 Switch r356210 to use gone_in() instead of printf().
Suggested by:	cem
2019-12-31 05:39:27 +00:00
Kyle Evans
a1cedb80c6 inetd: prefer strlcpy to strlen(3) check + strcpy(3), NFC
This is again functionally equivalent but more concise.
2019-12-31 04:53:50 +00:00
Kyle Evans
1c3b9acf2e inetd: prefer strtonum(3) to strspn(3)+atoi(3), NFC
strtonum(3) does effectively the same validation as we had, but it's more
concise.
2019-12-31 04:36:14 +00:00
Alexander Motin
8acd3f126a Don't spin on cleanup_lock if we are not interrupt.
If somebody else holds that lock, it will likely do the work for us.
If it won't, then we return here later and retry.

Under heavy load it allows to avoid lock congestion between interrupt and
polling threads.

MFC after:	1 week
Sponsored by:	iXsystems, Inc.
2019-12-31 04:16:52 +00:00
Kyle Evans
f23df31975 inetd: knock out some clang analyze warnings
chargen_dg: clang-analyze is convinced that endring could be non-NULL at
entry, and thus wants to assume that rs == NULL. Just independently
initialize rs if it's NULL to appease the analyzer.

getconfigent: policy leaks on return

free_connlist: reorganize the loop to make it clear that we're not going to
access `conn` after it's been freed.

cpmip/hashval: left-shifts performed will result in UB as we take
signed 0xABC3D20F and left shift it by 5.
2019-12-31 04:00:24 +00:00
Alexander Motin
4aa1289a38 Avoid few memory accesses in g_disk_done(). 2019-12-31 03:43:13 +00:00
Rick Macklem
29001a810a Replace .h files included from old NFS directories with the new NFS ones.
Prior to this patch, nfsstat.c includes files from sys/nfs, sys/nfsclient
and sys/nfsserver. These .h files (particularily the ones in sys/nfsclient
and sys/nfsserver) are from the old NFS code and should eventually be
deprecated/removed.
This patch changes nfsstat.c to include files from the new/current NFS
code instead of the old ones in preparation for eventual removal.
2019-12-31 00:07:10 +00:00
Martin Matuska
79085fd3b9 MFV r356163,r356197:
Update libarchive to 3.4.1

Relevant vendor changes since last update:
  Issue #351: Refactor and implement private state logic for write filters
  PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482)
  PR #1255: zip writer - don't append unused NUL for directories
  PR #1260: Fix sparse file offset overflow on 32-bit systems
  PR #1263: UNICODE filename support for reading lha/lzh format
  Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs()
  PR #1288: Add the "xattrhdr" option to pax write options
  PR #1295: 7z reader - fix reading archives with digests in PackInfo
  PR #1296: RAR5 reader - verify window size for multivolume archives
  PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files
  Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs()
  OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error
  Fix possible off-by-one when dealing with readlink(2)

MFC after:	2 weeks
2019-12-31 00:05:06 +00:00
Ian Lepore
140da6f8fe Set a "kernbase" symbol in 32-bit arm locore.S and use it with ldscript.arm.
This brings arm into line with how every other arch does it.  For some
reason, only arm lacked a definition of a symbol named kernbase in its
locore.S file(s) for use in its ldscript.arm file.  Needlessly different
means harder to maintain.

Using a common symbol name also eases work in progress on a script to help
generate arm and arm64 kernels packaged in various ways (like with a header
blob needed for a bootloader prepended to the kernel file).
2019-12-30 23:20:46 +00:00
Rick Macklem
1f8bdab601 Add warning printf w.r.t. removal of sys/nfs/nfs_lock.c.
The code in sys/nfs/nfs_lock.c has not been run by default since March 2008
when it was replaced by the in kernel sys/nlm code.
It uses Giant, so it needs to be removed before the FreeBSD 13 release.
This will happen in a couple of months, since few if any users run
the code anyhow and can easily switch to the default in kernel NFSLOCKD.
2019-12-30 22:39:29 +00:00
John Baldwin
15d641f076 Formatting fixes for tables, no content changes.
- Add missing .Pp after the end of some lists so that there is a blank
  line before the subsequent paragraph.
- Use a more typical '-tag' bullet list of the make variable descriptions
  at the end.  This adds separation between bullets and is the formatting
  typically used in manpages for this sort of list.
2019-12-30 22:05:57 +00:00
Jilles Tjoelker
2a55bade0e sh: Test that executing various binary files is rejected
If executing a file fails with an [ENOEXEC] error, the shell executes the
file as a shell script, except that this execution may instead result in an
error message if the file is binary.

Per a recent Austin Group interpretation, we will need to change this to
allow a concatenation of a shell script and a binary payload. See
Austin Group bugs #1226 and #1250.

MFC after:	1 week
2019-12-30 21:32:55 +00:00
Alan Cox
b0a0152ab9 Determine whether the MMU hardware is capable of updating a page table
entry's access flag and dirty state, and enable this feature when it's
available.

Ensure that we don't overlook a dirty state update that is concurrent
with a call to pmap_enter().  (Previously, all dirty state updates would
have occurred with the containing pmap's lock held, so a page table entry's
dirty state could not have changed while pmap_enter() held that same lock.)

Reviewed by:	andrew, markj
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D22907
2019-12-30 20:30:31 +00:00
Pawel Biernacki
54666dffa8 linux(4): implement copy_file_range(2)
copy_file_range(2) is implemented natively since r350315, make it available
for Linux binaries too.

Reviewed by:	kib (mentor), trasz (previous version)
Approved by:	kib (mentor)
Differential Revision:	https://reviews.freebsd.org/D22959
2019-12-30 18:11:06 +00:00
Ruslan Bukin
c5ccc92c41 Don't hard-code field offsets of struct riscv_bootparams.
Submitted by:	James Clarke <jrtc27@jrtc27.com>
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D22970
2019-12-30 17:18:50 +00:00
Kyle Evans
f930f30f60 inetd: don't leak policy on return
sep->se_policy gets a strdup'd version of policy, so we don't need it to
stick around afterwards.

While here, remove a couple of NULL checks prior to free(policy).

CID:		1006865
MFC after:	3 days
2019-12-30 15:54:36 +00:00
Ruslan Bukin
f60da2efef Don't hard-code size of struct riscv_bootparams.
Submitted by:	James Clarke <jrtc27@jrtc27.com>
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D22968
2019-12-30 14:38:06 +00:00
Ruslan Bukin
d8f2b75559 Round the kernel stack allocation up as required.
Submitted by:	James Clarke <jrtc27@jrtc27.com>
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D22961
2019-12-30 13:29:30 +00:00