The blacklistd daemon keeps records of failed login attempts for
each address:port that is flagged as a failed login. When a
successful login occurs for that address:port combination,
the record's last update time is set to zero, to indicate no current
failed login attempts.
Reset the failed login count to zero, so that at the next failed
login attempt, the counting will restart properly at zero. Without
this reset to zero, the first failed login after a successful login
will cause the address to be blocked immediately.
When debugging is turned on, output more information about database
state before and after the database updates have occured.
A similar patch has already been upstreamed to NetBSD.
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
data structures.
vt_change_font() calls vtbuf_grow() to change some vt driver data
structures. It uses TF_MUTE to prevent the console from trying to use those
data structures while it changes them.
During the early stage of the boot process, the vt driver's tc_done routine
uses those data structures; however, it is currently called outside the
TF_MUTE check.
Move the tc_done routine inside the locked TF_MUTE check.
PR: 217282
Reviewed by: ed, ray
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D9709
The MIPS ABI does not require the second GOT entry to be reserved for use
by the runtime linker as on other architectures. Instead, static linkers
use a special value in the second GOT entry to indicate if the entry is
reserved. This value is supposed to consist of an address with the MSB
set and the rest of the bits all zero which is an invalid user address.
However, the old binutils currently in the tree uses the 32-bit mask value
(2^31) on 64-bit MIPS instead of 2^63. This was fixed in upstream
binutils in 2008 to use 2^63 on 64-bit MIPS.
The first part of this change changes the runtime check in init_pltgot()
to check for both values (2^31 and 2^63) when deciding whether to store
the current object pointer in GOT[1] which fixes dynamic N64 binaries
compiled with modern binutils.
However, the initial version of this fix exposed another related bug in
that _rtld_relocate_nonplt_self() was only checking for the new value
(2^63) in GOT[1] and incorrectly treated GOT[1] as a local GOT entry
(and did not relocate the final local GOT entry). To handle this, fix
all of the places that check for GOT[1]'s status to use the same macro
that checks for both values on N64.
Reviewed by: kan, imp
Sponsored by: DARPA / AFRL
Differential Revision: https://reviews.freebsd.org/D9708
As the current zfs file system is providing symlink via system attributes, need
to update the code accordingly.
Note, as the zfsboot code does not free the memory at this time, the
object list will put some stress on the boot2 heap, eventually we should
address the issue.
Reviewed by: allanjude, smh
Approved by: allanjude (mentor)
Differential Revision: https://reviews.freebsd.org/D9706
When blocking an address, the blacklist-helper script
needs to do the following things for the ipfw packet
filter:
- create a table to hold the addresses to be blocked,
so lookups can be done quickly, and place the address
to be blocked in that table
- create rule that does the lookup in the table and
blocks the packet
The ipfw system allows multiple rules to be inserted for
a given rule number. There only needs to be one rule
to do the lookup per port. Modify the script to probe
for the existence of the rule before attempting to create
it, so only one rule is inserted, rather than one rule per
blocked address.
PR: 214980
Reported by: azhegalov (at) gmail.com
Reviewed by: emaste
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D9681
When allocating unmapped pages, take advantage of the direct map on
AMD64 to get the virtual address corresponding to a page. Else all
pages allocated must be mapped because sometimes the virtual address
of a page is requested.
Move all page allocation and deallocation code into an own C-file.
Add support for GFP_DMA32, GFP_KERNEL, GFP_ATOMIC and __GFP_ZERO
allocation flags.
Make a clear separation between mapped and unmapped allocations.
Obtained from: kmacy @
MFC after: 1 week
Sponsored by: Mellanox Technologies
The i915kms driver in Linux 4.9 reimplement parts of the scatter list
functions with regards to performance. In other words there is not so
much room for changing structure layouts and functionality if the
i915kms should be built AS-IS. This patch aligns the scatter list
support to what is expected by the i915kms driver. Remove some
comments not needed while at it.
Obtained from: kmacy @
MFC after: 1 week
Sponsored by: Mellanox Technologies
"C++"', otherwise ld refuses to make the symbols global in the final
library. This causes the __int128-related symbols to go missing when
the library is stripped during installation.
Helpful hints: emaste
MFC after: 2 weeks
X-MFC-With: r314061
For example, the FreeBSD GCC (4.2.1) has a spotty support for that
feature. If the static keyword is used with an unnamed array parameter
in a function declaration, then the compilation fails with:
error: static or type qualifiers in abstract declarator
The feature does work if the parameter is named.
So, the restriction introduced in this commit can be removed when all
affected function prototypes have the workaround.
MFC after: 1 week
Sponsored by: Panzura
The actual issue was the fact that if - was used then some restriction were
already set to stdin when we were applying caph_limit_stdio which was failing
due to the fact the fd was the fd was already restricted to lower rights.
Restricting stdio before actually opening the files prevent trying to raise the
right and fixes the issue.
And this allows to keep failing the program if restriction failed
Approved by: allanjude
Differential Revision: https://reviews.freebsd.org/D9723
When fed from a pipe, lam(1) would sometimes fail:
lam: unable to limit stdio: Capabilities insufficient
fixed regression in portsnap(8) introduced in r313938
This broke portsnap(8), the app that the capsicumization of lam(1) was
meant to secure.
# portsnap fetch update
Looking up portsnap.FreeBSD.org mirrors... 6 mirrors found.
Fetching snapshot tag from ec2-eu-west-1.portsnap.freebsd.org... done.
Fetching snapshot metadata... done.
Updating from Tue Feb 21 16:05:39 MSK 2017 to Tue Feb 21 16:59:30 MSK 2017.
Fetching 5 metadata patches.lam: unable to limit stdio: Capabilities insufficient
done.
Applying metadata patches... done.
Fetching 5 metadata files... lam: unable to limit stdio: Capabilities insufficient
/usr/sbin/portsnap: cannot open 8c94d2c3f8fcea20eb1fd82021566c99c63a010e6b3702ee11e7a491795bcfb8.gz: No such file or directory
metadata is corrupt.
Reported by: Vladimir Zakharov <zakharov.vv@gmail.com>, Ben Woods <woodsb02@gmail.com>
with geom_flashmap(4) and teach it about MMC for slicing enhanced
user data area partitions. The FDT slicer still is the default for
CFI, NAND and SPI flash on FDT-enabled platforms.
- In addition to a device_t, also pass the name of the GEOM provider
in question to the slicers as a single device may provide more than
provider.
- Build a geom_flashmap.ko.
- Use MODULE_VERSION() so other modules can depend on geom_flashmap(4).
- Remove redundant/superfluous GEOM routines that either do nothing
or provide/just call default GEOM (slice) functionality.
- Trim/adjust includes
Submitted by: jhibbits (RouterBoard bits)
Reviewed by: jhibbits
Note that the timer itself fully supports suspension, but due to the lack of
ordering during the resume process FreeBSD cannot guarantee that the timer is
resumed before any device attempts to use it.
Submitted by: Liuyingdong <liuyingdong@huawei.com>
Reviewed by: royger
Differential Revision: https://reviews.freebsd.org/D9639
- Move private data about ATIOs/INOTs from per-LUN to per-channel data.
This allows active commands to continue operation after LUN destruction.
This also simplifies lookup of the data by tag in some situations.
- Unify three restart_queue processing implementations.
- Complete all ATIOs from restart_queue on LUN disable.
- Delete ATIO private data when command completed or aborted, not depending
on the ATIO being requeued, that was ugly hack and could never happen. CAM
should always call ether XPT_CONT_TARGET_IO with status or XPT_ABORT.
- Implement XPT_ABORT for queued ATIOs/INOTs to allow CAM do graceful
shutdown, not depending on LUN disable, as it is done in ahd(4)/targ(4).
- Unify isp_endcmd() arguments to make it more usable in generic code.
- Remove never really used LUN state reference counter.
MFC after: 2 weeks
* This is more similar to how code/definitions are distributed in
Linux's iwlwifi.
* This should make recognizing new chipset variants, and adding additional
flags from the Linux iwlwifi code easier, without blowing up if_iwm.c
Obtained from: dragonflybsd.git 27d11320e707d2c41424efc1983762f6799941d6
* Just add the struct iwm_cfg pointers to the iwm_devices array, to get
rid of the large switch clause.
Obtained from: dragonflybsd.git 35f0e6c86c1654323d6b19f7a077f4ab8ac85868
if the fdt data doesn't provide a gpio pin for reading the write protect
switch and also doesn't contain a "wp-disable" property.
In r311735 the long-bitrotted code in this driver for using the non-
standard fdt "mmchs-wp-gpio-pin" property was replaced with new common
support code for handling write-protect and card-detect gpio pins. The
old code never found a property with that name, and the logic was to
assume that no gpio pin meant that the card was not write protected.
The new common code behaves differently. If there is no fdt data saying
what to do about sensing write protect, the value in the standard SDHCI
PRESENT_STATE register is used. On this hardware, if there is no signal
for write protect muxed into the sd controller then that bit in the
register indicates write protect.
The real problem here is the fdt data, which should contain "wp-disable"
properties for eMMC and micro-sd slots where write protect is not even
an option in the hardware, but we are not in control of that data, it
comes from linux. So we have to make the same flawed assumption in our
driver that the corresponding linux driver has: no info means no protect.
Reported by: several users on the arm@ list
Pointy hat: me, for not testing enough before committing r311735
* The sc->sc_uc.uc_error_event_table value is now at sc->error_event_table,
and not sc->umac_error_event_table.
Obtained from: dragonflybsd.git 612855b1a8c321ec9ba34f63edf913e7ecff8363
* Use the notification wait API, like it's done in the Linux iwlwifi code,
to wait for the IWM_MVM_ALIVE notification.
* This also should fix some firmware load interrupt issues, and errors
in the nic lock using.
Tested:
* (adrian) Intel 7260, STA mode
Obtained from: dragonflybsd.git a7697ea01c11fd493aec52260a02f31df680eb91
* While there, rename some functions to match the names and functionality
of the similarly named functions in Linux iwlwifi.
Obtained from: dragonflybsd.git e98ee77a816bfd8b4912047b93dfb2c560788f24
the same CXXABI verions as recent libstdc++.
Note that __int128 types are only available on arches where long long is
128 bit wide.
Noticed by: harti
MFC after: 2 weeks
The difference of one was insignificant because zio_write_issue threads
ended up on the same run queues as other zio threads.
See sys/priority.h and sys/runq.h for more details.
Add a comment describing FreeBSD priority considerations and restore
the illumos variant of the code for comparison.
Obtained from: Panzura
MFC after: 2 weeks
Sponsored by: Panzura
show pte from the pmap of the process of the current DDB thread, instead
of necessarily the PCPU pmap.
Submitted by: Ryan Libby <rlibby@gmail.com>
Reviewed by: kib
MFC after: 1 week
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D9645
In the Kyua era, it's no longer necessary to set PJDFSTEST_TEST_PATH. Just
use TMPDIR instead.
Reviewed by: ngie
MFC after: 3 weeks
Relnotes: yes
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D9340
