Commit Graph

9120 Commits

Author SHA1 Message Date
Alexander Motin
217c81f334 Fix alignment issue r350599.
MFC after:	10 days
2019-08-05 19:30:28 +00:00
Alexander Motin
70d20ed34f Add nvmecontrol resv to handle NVMe reservations.
NVMe reservations are quite alike to SCSI persistent reservations and
can be used in clustered setups with shared multiport storage.

MFC after:	10 days
Relnotes:	yes
Sponsored by:	iXsystems, Inc.
2019-08-05 17:36:00 +00:00
Kyle Evans
c144616b7d ipfw: fix jail option after r348215
r348215 changed jail_getid(3) to validate passed-in jids as active jails
(as the function is documented to return -1 if the jail does not exist).
This broke the jail option (in some cases?) as the jail historically hasn't
needed to exist at the time of rule parsing; jids will get stored and later
applied.

Fix this caller to attempt to parse *av as a number first and just use it
as-is to match historical behavior. jail_getid(3) must still be used in
order for name arguments to work, but it's strictly a fallback in case we
weren't given a number.

Reported and tested by:	Ari Suutari <ari stonepile fi>
Reviewed by:	ae
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D21128
2019-08-05 00:08:25 +00:00
Alexander Motin
278ba86cec Add nvmecontrol sanitize command.
It allows to delete all user data from NVM subsystem in one of 3 methods.
It is a close equivalent of SCSI SANITIZE command of `camcontrol sanitize`,
so I tried to keep arguments as close as possible.

While there, fix supported sanitize methods reporting in `identify`.

MFC after:	2 weeks
Relnotes:	yes
Sponsored by:	iXsystems, Inc.
2019-08-03 19:24:56 +00:00
Alan Somers
2943ddcf51 Capsicumize ping6
Add capsicum support to ping6, mostly copying the strategy used for ping.

Submitted by:	Ján Sučan <jansucan@gmail.com>
Reviewed by:	markj
MFC after:	2 weeks
Sponsored by:	Google, inc. (Google Summer of Code 2019)
Differential Revision:	https://reviews.freebsd.org/D21050
2019-08-03 13:53:14 +00:00
Alexander Motin
ea44065c1f Fix parameter check broken at r350057.
MFC after:	2 weeks
2019-08-03 04:30:22 +00:00
Alexander Motin
6c99d1325e Decode few more NVMe log pages.
In particular: Changed Namespace List, Commands Supported and Effects,
Reservation Notification, Sanitize Status.

Add few new arguments to `nvmecontrol log` subcommand.

MFC after:	2 weeks
Sponsored by:	iXsystems, Inc.
2019-08-02 20:16:21 +00:00
Alexander Motin
90dfa8f0ac Add more new fields and values from NVMe 1.4.
MFC after:	2 weeks
2019-08-02 03:43:24 +00:00
Alexander Motin
48ec75f0e7 Rename function added in r350523 to make gcc happy.
MFC after:	2 weeks
2019-08-01 22:22:06 +00:00
Alexander Motin
a7bf63be69 Add IOCTL to translate nvdX into nvmeY and NSID.
While very useful by itself, it also makes `nvmecontrol` not depend on
hardcoded device names parsing, that in its turn makes simple to take
nvdX (and potentially any other) device names as arguments.

Also added IOCTL bypass from nvdX to respective nvmeYnsZ makes them
interchangeable for management purposes.

MFC after:	2 weeks
Sponsored by:	iXsystems, Inc.
2019-08-01 21:44:07 +00:00
Alexander Motin
3b3dd3f770 Feature-complete NVMe Namespace Management.
This adds several previously missed but important subcommands to list
namespaces and controllers.  It also fixes few previously added but
just found with real testing to be broken subcommands.

Also while there, add possibility to explicitly specify nsid for
`nvmecontrol identify` subcommand.  It may be useful to specify nsids
not having own devices, for example 0xffffffff, or just newly created
ones.

MFC after:	2 weeks
Relnotes:	yes
Sponsored by:	iXsystems, Inc.
2019-07-31 18:44:20 +00:00
Alexander Motin
e843651ba0 Tune some commands desctiption.
MFC after:	2 weeks
2019-07-31 04:19:53 +00:00
Alexander Motin
628d03169e Fix usage printing for nested subcommands.
Instead of `nvmecontrol create` should be `nvmecontrol ns create`, etc.

MFC after:	2 weeks
2019-07-31 03:48:48 +00:00
Alexander Motin
e341cfd279 Make camcontrol modepage to use 10 byte commands.
While old devices may not support 10 byte MODE SENSE/MODE SELECT commands,
new ones may not be able to report all mode pages with 6 byte commands.

This patch makes camcontrol by default start with 10 byte commands and
fall back to 6 byte on ILLEGAL REQUEST error, or 6 byte can be forced.

MFC after:	2 weeks
Sponsored by:	iXsystems, Inc.
2019-07-30 20:58:56 +00:00
Alexander Motin
df8aa95b31 Use present now scsi_mode_sense_subpage().
MFC after:	2 weeks
2019-07-29 20:41:11 +00:00
Alexander Motin
8de2d8c009 Add some new fields and bits from NVMe 1.4.
MFC after:	2 weeks
Sponsored by:	iXsystems, Inc.
2019-07-29 03:28:46 +00:00
Alexander Motin
d7c1da6153 Decode some more IDENTIFY DEVICE bits.
MFC after:	2 weeks
2019-07-28 20:17:40 +00:00
Doug Moore
473fe2c000 Rewrite the comments that explain swapon_trim() to make them more
comprehensible.

Suggested by: rpokala
Approved by: markj (mentor)
Differential Revision: https://reviews.freebsd.org/D21034
2019-07-26 15:18:11 +00:00
Alexander Motin
c15a591cbd Make camcontrol sanitize support also ATA devices.
ATA sanitize is functionally identical to SCSI, just uses different
initiation commands and status reporting mechanism.

While there, make kernel better handle sanitize commands and statuses.

MFC after:	2 weeks
Sponsored by:	iXsystems, Inc.
2019-07-25 18:48:31 +00:00
Warner Losh
160915367c Fix the fix to the logic bug. Upon further testing, the bug is that we shadoow
opt.vendor with vendor. We shouldn't. Delete the latter and use the former
everywhere and restore the prior logic which is now correct.
2019-07-24 23:08:49 +00:00
Warner Losh
ae5f2ca7b9 Fix several related coverity issues:
Make sure to always free shortopts and lopts when returning.
Fix minor logic bug to guard against NULLs properly.

CID: 1403654, 1403656, 1403658
2019-07-24 23:04:26 +00:00
Alexander Motin
0642bc1cbb Make camcontrol hpa and camcontrol ama trigger reprobe.
This makes OS automatically see the disk's new disk size.

MFC after:	2 weeks
Sponsored by:	iXsystems, Inc.
2019-07-23 19:42:03 +00:00
Alan Somers
af58a3c6bf Remove the USE_RFC2292BIS option and reap dead code
This option was imported as part of the KAME project in r62627 (in 2000).
It was turned on unconditionally in r121472 (in 2003) and has been on ever
since. The old alternative code has bitrotted. Reap the dead code.

Reported by:	Ján Sučan <jansucan@gmail.com>
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D20938
2019-07-22 20:11:33 +00:00
Maxim Sobolev
634add3c8d Allow "update" option to be used in the fstab(5). Document possible use case.
Approved by:	mckusick
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D18586
2019-07-22 20:04:55 +00:00
Alexander Motin
512efccf6d Unify BTL parsing for camcontrol debug and reset.
This makes `camcontrol debug` also allow peripheral device specification.

While there, make BTL parser more strict and switch from strtok() to
strsep().

MFC after:	2 weeks
2019-07-22 17:08:18 +00:00
Kirk McKusick
967d9fa3bb Treat any inode with bad content as unknown (i.e., ask if it should
be cleared).

Sponsored by: Netflix
2019-07-20 21:39:32 +00:00
Kirk McKusick
3bd88193c6 When running with journaled soft updates, some updated inodes were not
having their check hashes recomputed which resulted in spurious inode
check-hash errors when the system came back up after a crash.

Reported by:  Alan Somers
Sponsored by: Netflix
2019-07-20 21:20:40 +00:00
Doug Moore
6d5685c762 In trimming on startup, invoke swapon before closing the fd used for
trimming so that a geli device isn't detached before swapon is
invoked.

Submitted by: sigsys_gmail.com
Discussed with: alc
Approved by: markj (mentor)
Differential Revision:	https://reviews.freebsd.org/D21006
2019-07-20 20:47:07 +00:00
Warner Losh
51d357cbb3 Remove RELEASE_CRUNCH
RELEASE_CRUNCH isn't used for releases any more. If someone wants to subset,
then they can set MK_JAIL=no instead.
2019-07-19 20:04:13 +00:00
Alexander Motin
c1264e76cd Properly report ACS revisions alike to kernel.
MFC after:	2 weeks
2019-07-19 20:02:01 +00:00
Alexander Motin
89b35a5274 Add Accessible Max Address Configuration support to camcontrol.
AMA replaced HPA in ACS-3 specification.  It allows to limit size of the
disk alike to HPA, but declares inaccessible data as indeterminate.  One
of its practical use cases is to under-provision SATA SSDs for better
reliability and performance.

While there, fix HPA Security detection/reporting.

MFC after:	2 weeks
Relnotes:	yes
Sponsored by:	iXsystems, Inc.
2019-07-19 19:15:08 +00:00
Warner Losh
7d88a2f89e Implement {io,admin}-passthru commands.
These are mostly compatible with Linux, with three exceptions.
1. We don't do metadata segment stuff. Our passthrough interface
   doesn't cope. The code is there, but generates an error.
2. Linux lets you specify a namespace ID for the command. We current
   do not: we get ours from the namespace device, or pass in a generic
   one. Generally, this will lead to the same command, but FreeBSD's
   is safer since you can't specify the wrong id.
3. --show-command outputs to stderr instead of stdout so you can both
   see your command, and capture its output with a simple redirect.

Differential Revision: https://reviews.freebsd.org/D19296
2019-07-16 17:24:25 +00:00
Warner Losh
f634b4c1be Create generic command / arg parsing routines
Create a set of routines and structures to hold the data for the args
for a command. Use them to generate help and to parse args. Convert
all the current commands over to the new format. "comnd" is a hat-tip
to the TOPS-20 %COMND JSYS that (very) loosely inspired much of the
subsequent command line notions in the industry, but this is far
simpler (the %COMND man page is longer than this code) and not in the
kernel... Also, it implements today's de-facto
	command [verb]+ [opts]* [args]*
format rather than the old, archaic TOPS-20 command format :)

This is a snapshot of a work in progress to get the nvme passthru
stuff committed. In time it will become a private library and used
by some other programs in the tree that conform to the above pattern.

Differential Revision: https://reviews.freebsd.org/D19296
2019-07-16 17:24:03 +00:00
Warner Losh
237024606a Use a different approach to range check.
gcc hates dt < CC_DT_NONE since it can never be true when dt is an unsigned
type. Since that's a compiler choice and may be affected by weird stuff, instead
use (unsigned)dt > CC_DT_UNKNOWN to test for bounds error since that will work
regardless of the signedness of dt.
2019-07-15 23:43:38 +00:00
Warner Losh
d455c0d04a Implement a devtype command.
List the device's protocol. The returned value is one of the following:
	ata	direct attach ATA or SATA device
	satl	a SATA device attached via SAS
	scsi	A parallel SCSI or SAS
	nvme	A direct attached NVMe device
	mmcsd	A MMC or SD attached device

Reviewed by: scottl@, rpokala@
Differential Revision: https://reviews.freebsd.org/D20950
2019-07-15 22:33:37 +00:00
Warner Losh
40152db5d3 Use the more proper term of SATL instead of ATA_BEHIND_SCSI.
Most people know SAS attached SATA devices by the name SAT or SATL
(with the latter being a little more common). Change the device type
ATA_BEHIND_SCSI to SATL since it's more specific and meaningful.

Suggested by: scottl@
2019-07-15 20:25:41 +00:00
Warner Losh
01b0122954 Remove all the RELEASE_CRUNCH instances that partially disable IPSEC
We remove IPSEC only in parts of the tree, and not others. RELEASE_CRUNCH to
disable it has not kept up with all its uses. Remove it. Should there be a real
need to disable IPSEC, one that hasn't shown up in the base system to date,
it can be re-added behind a WITHOUT_IPSEC build option.
2019-07-15 14:19:39 +00:00
Warner Losh
a5a8266af1 Add device type NVME and device type MMCSD to get_device_type
For completeness, add nvme and mmc/sd devices to the list of device
types we know.
2019-07-13 03:22:28 +00:00
Warner Losh
c99e4e6b8b Retire support for -DMINIMALISTIC
We've not used this in years since we retired sysinstall, and it
hasn't compiled in at least a year. A full camcontrol is only 180k, so
making it smaller is not as important as it once was.

OK'd by: ken@, scottl@
2019-07-12 05:35:45 +00:00
Kirk McKusick
daba4da81d Add a new "untrusted" option to the mount command. Its purpose
is to notify the kernel that the file system is untrusted and it
should use more extensive checks on the file-system's metadata
before using it. This option is intended to be used when mounting
file systems from untrusted media such as USB memory sticks or other
externally-provided media.

It will initially be used by the UFS/FFS file system, but should
likely be expanded to be used by other file systems that may appear
on external media like msdosfs, exfat, and ext2fs.

Reviewed by:  kib
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D20786
2019-07-01 23:22:26 +00:00
John Baldwin
82334850ea Add an external mbuf buffer type that holds multiple unmapped pages.
Unmapped mbufs allow sendfile to carry multiple pages of data in a
single mbuf, without mapping those pages.  It is a requirement for
Netflix's in-kernel TLS, and provides a 5-10% CPU savings on heavy web
serving workloads when used by sendfile, due to effectively
compressing socket buffers by an order of magnitude, and hence
reducing cache misses.

For this new external mbuf buffer type (EXT_PGS), the ext_buf pointer
now points to a struct mbuf_ext_pgs structure instead of a data
buffer.  This structure contains an array of physical addresses (this
reduces cache misses compared to an earlier version that stored an
array of vm_page_t pointers).  It also stores additional fields needed
for in-kernel TLS such as the TLS header and trailer data that are
currently unused.  To more easily detect these mbufs, the M_NOMAP flag
is set in m_flags in addition to M_EXT.

Various functions like m_copydata() have been updated to safely access
packet contents (using uiomove_fromphys()), to make things like BPF
safe.

NIC drivers advertise support for unmapped mbufs on transmit via a new
IFCAP_NOMAP capability.  This capability can be toggled via the new
'nomap' and '-nomap' ifconfig(8) commands.  For NIC drivers that only
transmit packet contents via DMA and use bus_dma, adding the
capability to if_capabilities and if_capenable should be all that is
required.

If a NIC does not support unmapped mbufs, they are converted to a
chain of mapped mbufs (using sf_bufs to provide the mapping) in
ip_output or ip6_output.  If an unmapped mbuf requires software
checksums, it is also converted to a chain of mapped mbufs before
computing the checksum.

Submitted by:	gallatin (earlier version)
Reviewed by:	gallatin, hselasky, rrs
Discussed with:	ae, kp (firewalls)
Relnotes:	yes
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D20616
2019-06-29 00:48:33 +00:00
Luiz Otavio O Souza
4e4cedb00b Add the 'drop tagged' flag support for ethernet switch ports.
This is intended to drop all 802.1q tagged packets on a port.

Sponsored by:	 Rubicon Communications, LLC (Netgate)
2019-06-28 22:12:43 +00:00
Kyle Evans
d05fa0d949 bectl(8): create non-recursive boot environments
bectl advertises that it has the ability to create recursive and
non-recursive boot environments. This patch implements that functionality
using the be_create_depth API provided by libbe. With this patch, bectl now
works as bectl(8) describes in regards to creating recursive/non-recursive
boot environments.

Submitted by:	Rob Fairbanks <rob.fx907 gmail com> (with minor changes)
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D20240
2019-06-27 14:03:32 +00:00
Cy Schubert
015cb6cde4 Create a link to the ipmon.conf.5 man page as documented in ipmon.5.
Add its corresponding optional removal entry.

PR:		238816
MFC after:	1 week
2019-06-27 12:37:44 +00:00
Cy Schubert
74bc7fc0b4 Add the ipmon.5 man page.
PR/238816 initially addressed updates to usage() however the PR has
morphed into a shopping list of updates to usage() and man pages.

PR:		238816 (I added to the list during discussion)
MFC after:	1 week
2019-06-27 02:43:26 +00:00
Mark Johnston
5baf985da7 Free DHCP options with length zero.
Otherwise they are leaked, allowing an attacker to trigger memory
exhaustion.

This is options.c rev. 1.70 from OpenBSD.

admbugs:	552
Obtained from:	OpenBSD
MFC after:	3 days
2019-06-26 20:19:48 +00:00
Mark Johnston
a3ae40c7a4 Avoid a divide-by-zero when bad checksum counters overflow.
A mixture of IP or UDP packets with valid and invalid checksum could
cause {ip,udp}_packets_bad_checksum to wrap around to 0, resulting
in a division by zero.

This is packet.c rev. 1.27 from OpenBSD.

admbugs:	552
Obtained from:	OpenBSD
MFC after:	3 days
2019-06-26 20:11:52 +00:00
Andrey V. Elsukov
55507128b9 Restore ipfw(8)'s compact output support broken after r331668.
Also modify it a bit. Now -c option omits only 'from any to any' part
and works for different protocols (not just for ip).

Reported by:	Dmitry Selivanov <dseliv at gmail>
MFC after:	1 week
2019-06-25 09:08:24 +00:00
Warner Losh
91211c46ac Replay r349341 by imp accidentally reverted by r349352
Use ata_param_fixup instead of a custom copy here
2019-06-25 06:14:26 +00:00
Warner Losh
f5a95d9a07 Remove NAND and NANDFS support
NANDFS has been broken for years. Remove it. The NAND drivers that
remain are for ancient parts that are no longer relevant. They are
polled, have terrible performance and just for ancient arm
hardware. NAND parts have evolved significantly from this early work
and little to none of it would be relevant should someone need to
update to support raw nand. This code has been off by default for
years and has violated the vnode protocol leading to panics since it
was committed.

Numerous posts to arch@ and other locations have found no actual users
for this software.

Relnotes:	Yes
No Objection From: arch@
Differential Revision: https://reviews.freebsd.org/D20745
2019-06-25 04:50:09 +00:00