Commit Graph

240448 Commits

Author SHA1 Message Date
rwatson
a374d6c3a6 Audit arguments to POSIX message queues, semaphores, and shared memory.
This requires minor changes to the audit framework to allow capturing
paths that are not filesystem paths (i.e., will not be canonicalised
relative to the process current working directory and/or filesystem
root).

Obtained from:	TrustedBSD Project
MFC after:	3 weeks
Sponsored by:	DARPA, AFRL
2017-03-31 13:43:00 +00:00
ae
690961c9b0 Reset the cached state of last lookup in the dynamic states when an
external action is completed, but the rule search is continued.

External action handler can change the content of @args argument,
that is used for dynamic state lookup. Enforce the new lookup to be able
install new state, when the search is continued.

Obtained from:	Yandex LLC
MFC after:	1 week
Sponsored by:	Yandex LLC
2017-03-31 09:26:08 +00:00
smh
688581b7e7 Allow explicitly assigned IPv6 loopback address to be used in jails
If a jail has an explicitly assigned IPv6 loopback address then allow it
to be used instead of remapping requests for the loopback adddress to the
first IPv6 address assigned to the jail.

This fixes issues where applications attempt to detect their bound port
where they requested a loopback address, which was available, but instead
the kernel remapped it to the jails first address.

This is the same fix applied to IPv4 fix by: r316313

Also:
* Correct the description of prison_check_ip6_locked to match the code.

MFC after:	2 weeks
Relnotes:	Yes
Sponsored by:	Multiplay
2017-03-31 09:10:05 +00:00
kevlo
6af6e1f918 Add support for ThingM blink(1) notification LED to uled(4). 2017-03-31 08:20:59 +00:00
allanjude
88d6268d4c Revert debugging that was accidently committed in r316314 2017-03-31 03:11:25 +00:00
allanjude
7cac36f2c2 fix top(1) ZFS compressed ARC support
top(1) read the wrong amount of data from sysctl, uint64_t instead of
boolean_t, resulting in the stats not showing in many cases.

X-MFC-With:	r315435
Sponsored by:	ScaleEngine Inc.
2017-03-31 03:08:07 +00:00
smh
62514c9edc Allow explicitly assigned IPv4 loopback address to be used in jails
If a jail has an explicitly assigned loopback address then allow it to be
used instead of remapping requests for the loopback adddress to the first
IPv4 address assigned to the jail.

This fixes issues where applications attempt to detect their bound port
where they requested a loopback address, which was available, but instead
the kernel remapped it to the jails first address.

A example of this is binding nginx to 127.0.0.1 and then running "service
nginx upgrade" which before this change would cause nginx to fail.

Also:
* Correct the description of prison_check_ip4_locked to match the code.

MFC after:	2 weeks
Relnotes:	Yes
Sponsored by:	Multiplay
2017-03-31 00:41:54 +00:00
allanjude
40cca4614c sys/geom/eli: Switch bzero() to explicit_bzero() for sensitive data
In GELI, anywhere we are zeroing out possibly sensitive data, like
the metadata struct, the metadata sector (both contain the encrypted
master key), the user key, or the master key, use explicit_bzero.

Didn't touch the bzero() used to initialize structs.

Reviewed by:	delphij, oshogbo
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D9809
2017-03-31 00:07:03 +00:00
allanjude
6f7ca86bff Add explicit_bzero() to libstand, and switch GELIBoot to using it
Make sure sensitive memory is properly cleared when finished with it

Reviewed by:	Eric McCorkle <eric@metricspace.net>
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D9798
2017-03-31 00:04:32 +00:00
davidcs
2cda468781 Update man page for commit r316309 "Add support for optional Soft LRO".
The driver provides the ability to select either HW or Software LRO, when
LRO is enabled (default HW LRO).

MFC after:5 days
2017-03-30 23:49:57 +00:00
davidcs
590b70853a Add support for optional Soft LRO
MFC after:5 days
2017-03-30 22:43:32 +00:00
rwatson
c0efcd5fde Audit arguments to System V IPC system calls implementing sempahores,
message queues, and shared memory.

Obtained from:	TrustedBSD Project
MFC after:	3 weeks
Sponsored by:	DARPA, AFRL
2017-03-30 22:26:15 +00:00
rwatson
ed51c4055c Add system-call argument auditing for ACL-related system calls.
Obtained from:	TrustedBSD Project
MFC after:	3 weeks
Sponsored by:	DARPA, AFRL
2017-03-30 22:00:58 +00:00
gonzo
a885802704 [am335x] Fix HDMI suport for Beaglebone Black
Fallback to Linux video interface bindings introduced in r313068 worked
with then current DTS but that DTS turned out to be not conformant to
the the bindings spec. DTS import in r314854 fixed the conformancy but
broke the functionality. This commit syncs up functionality to the actual
spec.

Reported by:	manu@
2017-03-30 21:54:57 +00:00
rwatson
0bae9c75d9 Various BSM generation improvements when auditing AUE_ACCEPT,
AUE_PROCCTL, AUE_SENDFILE, AUE_ACL_*, and AUE_POSIX_FALLOCATE.
Audit AUE_SHMUNLINK path in the path token rather than as a
text string, and AUE_SHMOPEN flags as an integer token rather
than a System V IPC address token.

Obtained from:	TrustedBSD Project
MFC after:	3 weeks
Sponsored by:	DARPA, AFRL
2017-03-30 21:39:03 +00:00
tychon
30a91ac1a6 Reorder includes to placate MIPS build.
Reported by:	markj
Sponsored by:	Dell EMC Isilon
2017-03-30 20:42:16 +00:00
dchagin
8660ad94c8 Use kern_mincore() helper instead of abusing syscall entry.
Suggested by:	kib@
Reviewed by:	kib@
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D10143
2017-03-30 19:45:07 +00:00
dchagin
57bf038283 Add kern_mincore() helper for micore() syscall.
Suggested by:	kib@
Reviewed by:	kib@
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D10143
2017-03-30 19:42:49 +00:00
tsoome
74f5277b56 Remove OLD_NFSV2 from loader and libstand
We have parallel NFSv2 and NFSv3 reader implementations, only configurable at
build time, defaulting to v3. Remove v2.

Reviewed by:	allanjude
Approved by:	allanjude (mentor)
Differential Revision:	https://reviews.freebsd.org/D10206
2017-03-30 19:32:25 +00:00
tychon
2a8ac69f46 Add support for capturing 'struct ptrace_lwpinfo' for signals
resulting in a process dumping core in the corefile.

Also extend procstat to view select members of 'struct ptrace_lwpinfo'
from the contents of the note.

Sponsored by:	Dell EMC Isilon
2017-03-30 18:21:36 +00:00
n_hibma
03ca34f30c Make dhcp-lease-time option supersedable as well.
Note: It is not recommended to set this value to above the value that
the server provided, unless that value is bogus.
2017-03-30 18:20:04 +00:00
emaste
e881bc92a3 elfcopy: remove temporary ELF file when converting from binary
Previously a command like

  objcopy --input-target binary --output-target elf64-x86-64-freebsd \
    binary_file object.o

would leave a temporary file behind.

ELF Tool Chain ticket #543

Reported by:	Roger Marquis
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2017-03-30 17:37:12 +00:00
n_hibma
f7f038e32a Allow superseding the lease renewal and rebind times.
Also make sure that the renewal is never more than 1/2 * expiry and
rebind never more than 7/4 * renewal (the default values in the spec).
This should allow adjusting high values from the server as well as
making sure the values from the server make sense.

Renewal and rebind times will be adjusted down if the expiry time is set
very high in a server, not the other way around. This change just makes
sure the values keep making sense.
2017-03-30 17:31:12 +00:00
sbruno
15395e4837 Don't call init functions directly from the timer/watchdog function.
Enqueue this in the admin task now that it can process it.

Submitted by:	Matt Macy <mmacy@nextbsd.org>
Sponsored by:	Limelight Networks
2017-03-30 16:54:01 +00:00
tsoome
db87858638 loader: simplify efi_zfs_probe and avoid double probing for zfs.
The current efi_zfs_probe() is overcomplicated and can be made
simpler. Still we need to pick up the device handle for our boot
disk first, because the ESP does not have to be the first partition on the
disk.

Once we do have the handle for boot disk, we probe that disk with
pointer for pool GUID.

Reviewed by:	allanjude
Approved by:	allanjude (mentor)
Differential Revision:	https://reviews.freebsd.org/D10198
2017-03-30 16:31:35 +00:00
tsoome
30249cacdc loader: efipart should check disk size from partition table
While testing 32bit UEFI OVMF (which has bug about how the disk size
is presented), I did witness the errors from blkio->ReadBlocks().

It became apparent we can not entirely trust UEFI interfaces either,
so additional checks are needed.

So we use disk_ioctl(DIOCGMEDIASIZE) for disks, with fallback of
Media->LastBlock for other media.

In addition, we need to check if there is media present.

+ small fixes for error printout, and avoiding multiple blk * 512.

Reviewed by:	allanjude
Approved by:	allanjude (mentor)
Differential Revision:	https://reviews.freebsd.org/D10197
2017-03-30 16:23:31 +00:00
sbruno
21ffe1a952 Assert IFF_DRV_OACTIVE in iflib_timer() when the "hung" case is detected
so that iflib's admin task can still process the reset directive and restore
functionality.

Sponsored by:	Limelight Networks
2017-03-30 16:03:51 +00:00
n_hibma
ab46b95800 Add nctgpio conf lines so it can be compiled into the kernel.
MFC after:	2 days
2017-03-30 15:05:10 +00:00
rwatson
277c03b353 Don't ifdef KDTRACE_HOOKS struct, variable, and function prototype
definitions for the DTrace audit provider, so that the dtaudit module
can compile in the absence of kernel DTrace support.  This doesn't
really make run-time sense (since the binary dependencies for the
module won't be present), but it allows the dtaudit module to compile
successfully regardless of the kernel configuration.

MFC after:	3 weeks
Sponsored by:	DARPA, AFRL
Reported by:	kib
2017-03-30 12:35:56 +00:00
ngie
cd7129c7ce Annotate all changes made in r316178-r316180 with __FreeBSD__
Restore the stock (upstream) code under an #else block, so it's easier
for me to visualize and understand the code that needs to be upstreamed.

MFC after:	2 months
X-MFC with:	r316178, r316179, r316180
Sponsored by:	Dell EMC Isilon
2017-03-30 07:13:47 +00:00
kib
f6b29b3425 Only activate __EXT1_VISIBLE block when using sys/errno.h in userspace.
The prerequisite for '#if __EXT1_VISIBLE' functionality is the
inclusion of sys/cdefs.h.  errno.h only auto-includes the header for
non-kernel environment, and EXT1 block only useful for non-kernel as
well.

Reported by:	lwhsu
Sponsored by:	The FreeBSD Foundation
MFC after:	3 weeks
2017-03-30 06:24:30 +00:00
ngie
9a65937e29 Add an UPDATING entry for cfiscsi(4)'s addition in r316212
MFC after:	2 months
X-MFC with:	r316212
Requested by:	mav (D10099)
Sponsored by:	Dell EMC Isilon
2017-03-30 05:11:58 +00:00
kib
4774ca6be0 Implement the memset_s(3) function as specified by the C11 ISO/IEC
9899:2011 Appendix K 3.7.4.1.

Other needed supporting types, defines and constraint_handler
infrastructure is added as specified in the C11 spec.

Submitted by:	Tom Rix <trix@juniper.net>
Sponsored by:	Juniper Networks
Discussed with:	ed
MFC after:	3 weeks
Differential revision:	https://reviews.freebsd.org/D9903
Differential revision:	https://reviews.freebsd.org/D10161
2017-03-30 04:57:26 +00:00
ngie
14bba90a82 Split iscsi(4) ctl frontend off of ctl(4) as cfiscsi(4)
The goal of this work is to remove the explicit dependency for ctl(4)
on iscsi(4), so end-users without iscsi(4) support in the kernel can
use ctl(4) for its other functions.

This allows those without iscsi(4) support built into the kernel to use
ctl(4) as a test mechanism. As a sidenote, this was possible around the
10.0-RELEASE period, but made impossible for end-users without iscsi(4)
between 10.0-RELEASE and 11.0-RELEASE.

Automatically load cfiscsi(4) from ctladm(8) and ctld(8) for backwards
compatibility with previously releases. The automatic loading feature is
compiled into the beforementioned tools if MK_ISCSI == yes when building
world.

Add a manpage for cfiscsi(4) and refer to it in ctl(4).

Differential Revision:	D10099
MFC after:	2 months
Relnotes:	yes
Reviewed by:	mav, trasz
Sponsored by:	Dell EMC Isilon
2017-03-30 04:56:27 +00:00
kib
e617648699 A followup to r315749, two more places where brand->interp_path was
accessed unconditionally.

Reported by:	se
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2017-03-30 04:21:02 +00:00
adrian
54d8b34ae4 [mbufq] add a concat method.
Reviewed by:	gnn, ae, glebius
Approved by:	ae, glebius
Differential Revision:	https://reviews.freebsd.org/D10158
2017-03-30 02:34:21 +00:00
emaste
bb8d049f06 libc: remove use of archaic __P() macro
Sponsored by:	The FreeBSD Foundation
2017-03-30 01:03:07 +00:00
rwatson
67e972eb25 When handling msgsys(2), semsys(2), and shmsys(2) multiplex system calls,
map the 'which' argument into a suitable audit event identifier for the
specific operation requested.

Obtained from:	TrustedBSD Project
MFC after:	3 weeks
Sponsored by:	DARPA, AFRL
2017-03-29 23:31:35 +00:00
gavin
7a741d521d ichsmb: switch device_probe() from a large case statement to a lookup table.
The case statement was getting unmanageably large, and I'm about to add
several more devices to it.

MFC after:	2 weeks
2017-03-29 23:13:04 +00:00
davidcs
bfdf85ce64 Upgrade firmware and other related files to version 5.4.64 2017-03-29 23:00:07 +00:00
rwatson
bff09a4976 Hook up new audit event identifiers for various non-Orange Book/CAPP
system calls supported by OpenBSM 1.2-alpha5.

Obtained from:	TrustedBSD Project
MFC after:	3 weeks
Sponsored by:	DARPA, AFRL
2017-03-29 22:33:56 +00:00
cem
8119924754 t_msgctl: Fix the same msgsnd() misuse as t_msgsnd
msgsnd(2)'s msgsz argument does not describe the full structure, only the
message component.

Reported by:	Coverity
CIDs:		1368703, 1368711
Sponsored by:	Dell EMC Isilon
2017-03-29 21:31:45 +00:00
cem
95c7751363 Follow-up to r316179: More of the same
Reported by:	Coverity
CIDs:		1368705, 1368706, 1368707, 1368710
Sponsored by:	Dell EMC Isilon
2017-03-29 21:29:21 +00:00
cem
28361d3986 t_msgsnd: Use msgsnd()'s msgsz argument correctly to avoid overflow
msgsnd's msgsz argument is the size of the message following the 'long'
message type.  Don't include the message type in the size of the message
when invoking msgsnd(2).

Reported by:	Coverity
CID:		1368712
Sponsored by:	Dell EMC Isilon
2017-03-29 21:26:13 +00:00
cem
4ea65ca6dd rrenumd(8): Fix a trivial Coverity warning
Coverity warns that it is invalid to access following struct members by
accessing the current struct member pointer plus one.  Assuming the
compilers aren't abusing this kind of UB yet, this cleanup isn't a
functional change.

Reported by:	Coverity
CID:		1368713
Sponsored by:	Dell EMC Isilon
2017-03-29 21:04:39 +00:00
emaste
c3e003d2f9 makefs: sync with NetBSD
This is a collection of minor changes as diff reduction against NetBSD.

NetBSD revs:
cd9660.c		1.39
cd9660.h		1.19
makefs.c		1.34

Obtained from:	NetBSD
Sponsored by:	The FreeBSD Foundation
2017-03-29 20:49:41 +00:00
rwatson
67c4e33a20 Add an experimental DTrace audit provider, which allows users of DTrace to
instrument security event auditing rather than relying on conventional BSM
trail files or audit pipes:

- Add a set of per-event 'commit' probes, which provide access to
  particular auditable events at the time of commit in system-call return.
  These probes gain access to audit data via the in-kernel audit_record
  data structure, providing convenient access to system-call arguments and
  return values in a single probe.

- Add a set of per-event 'bsm' probes, which provide access to particular
  auditable events at the time of BSM record generation in the audit
  worker thread. These probes have access to the in-kernel audit_record
  data structure and BSM representation as would be written to a trail
  file or audit pipe -- i.e., asynchronously in the audit worker thread.

DTrace probe arguments consist of the name of the audit event (to support
future mechanisms of instrumenting multiple events via a single probe --
e.g., using classes), a pointer to the in-kernel audit record, and an
optional pointer to the BSM data and its length. For human convenience,
upper-case audit event names (AUE_...) are converted to lower case in
DTrace.

DTrace scripts can now cause additional audit-based data to be collected
on system calls, and inspect internal and BSM representations of the data.
They do not affect data captured in the audit trail or audit pipes
configured in the system. auditd(8) must be configured and running in
order to provide a database of event information, as well as other audit
configuration parameters (e.g., to capture command-line arguments or
environmental variables) for the provider to operate.

Reviewed by:	gnn, jonathan, markj
Sponsored by:	DARPA, AFRL
MFC after:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D10149
2017-03-29 19:58:00 +00:00
markj
15ebdcc4bf Avoid sleeping when the mirror I/O queue is non-empty.
A request may be queued while the queue lock is dropped when the mirror is
being destroyed. The corresponding wakeup would be lost, possibly resulting
in an apparent hang of the mirror worker thread.

Tested by:	pho (part of a larger patch)
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-03-29 19:39:07 +00:00
markj
f1678a8682 Remove an unneeded g_mirror_destroy_provider() call.
The worker thread will destroy the mirror provider as part of its teardown
sequence. The call made sense in the initial revision of gmirror, but
became unnecessary in r137248.

Tested by:	pho (part of a larger diff)
MFC afteR:	2 weeks
Sponsored by:	Dell EMC Isilon
2017-03-29 19:30:22 +00:00
np
56479f976b cxgbe: Don't call t4_edc_err_read for errors not related to the EDCs.
MFC after:	3 days
Sponsored by:	Chelsio Communications
2017-03-29 19:25:31 +00:00