Commit Graph

9034 Commits

Author SHA1 Message Date
kib
a4c817656d Exercise some care before sending SIGHUP to mountd.
Reviewed by:	antoine, emaste, oshogbo
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D19847
2019-04-08 18:16:49 +00:00
delphij
76844b29fc Write string constant differently to improve readability.
Reported by:	rgrimes
Reviewed by:	rgrimes, emaste
MFC after:	13 days
Differential Revision:	https://reviews.freebsd.org/D19829
2019-04-06 03:42:15 +00:00
delphij
9d029ca482 Fix build.
MFC after:	2 weeks
X-MFC-With:	r345900
2019-04-05 02:37:10 +00:00
delphij
437a93c1f4 Implement checking of .' and ..' entries of subdirectory.
Reviewed by:		pfg
Obtained from:		Android b6ee08aadb%5E%21/
MFC after:		2 weeks
Differential Revision:	https://reviews.freebsd.org/D19824
2019-04-05 02:21:16 +00:00
delphij
89f9bddcee Restore lfcl when LOSTDIR's chain was corrupted and overwritten
with invalid value.

Obtained from:	Android 4d6d6f8a36%5E%21/
MFC after:	2 weeks
2019-04-04 23:34:03 +00:00
delphij
4216ffd63f Restore the ability of checking and fixing next free
cluster in FSINFO that was lost in r203872.

Obtained from:	NetBSD
MFC after:	2 weeks
2019-04-04 23:16:36 +00:00
0mp
18a1561b4e bectl.8: Bump date after r345845
Approved by:	kevans
2019-04-03 13:59:35 +00:00
0mp
72c3605219 bectl.8: Clean up & clarify the create subcommand
- Improve formatting
- Use consistent variable names
- Improve the description of the create subcommand (1)

PR:		235850 (1)
Submitted by:	kevans (1)
Reported by:	ler (1)
Reviewed by:	kevans
Approved by:	src (kevans)
Differential Revision:	https://reviews.freebsd.org/D19666
2019-04-03 13:46:43 +00:00
delphij
f7ba4b241e Assert that q can't be NULL. 'empty' is always non-NULL when DIREMPTY
is set earlier.

MFC after:	1 month
2019-04-03 07:09:28 +00:00
kevans
79d87e9f35 libbe: Fix zfs_is_mounted check w/ snapshots
'be_destroy' can destroy a boot environment (by name) or a given snapshot.
If the target to be destroyed is a dataset, check if it's mounted. We don't
want to check if the origin dataset is mounted when destroying a snapshot.

PR:		236043
Submitted by:	Rob Fairbanks <rob.fx907 gmail com>
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D19650
2019-04-01 17:44:20 +00:00
pjd
a4706c168b Introduce new event SIZECHANGE within GEOM system to inform about GEOM
providers mediasize changes.

While here, use GEOM nomenclature to describe providers instead of calling
them device nodes.

Obtained from:	Fudo Security
Tested in:	AWS
2019-03-30 07:24:34 +00:00
delphij
9503e2d642 Distinguish between lseek errors and read errores.
MFC after:	2 weeks
2019-03-28 18:20:47 +00:00
emaste
90b184152f init: pedantic correction to "can't exec" script warning
Direct /etc/rc exec was introduced in r337321, with a fallback to
passing it to sh if direct exec fails.  "Can't exec" is slightly
misleading in this case (the script is still executed, just not
directly).
2019-03-26 19:38:25 +00:00
imp
e01467a7b6 Make WD and WDC aliases for HGST.
HGST was bought by WDC. Over the years, it has sold different drives
branded as HGST, WD or WDC. All of them need the HGST workaround of
sending 4k-sized packets (or multiples of 4k). And the ones that don't
really need this aren't broken by this change. Submitter is the vendor
who has tested these changes on a number of drives. I've simplified it
slightly, since we don't need additional vendors for this at this
time.

Submitted by: JacobBurley via github on behalf of WDC
Pull Request: https://github.com/freebsd/freebsd/pull/391
2019-03-21 06:27:58 +00:00
asomers
1215d8a08b Rename fuse(4) to fusefs(4)
This makes it more consistent with other filesystems, which all end in "fs",
and more consistent with its mount helper, which is already named
"mount_fusefs".

Reviewed by:	cem, rgrimes
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D19649
2019-03-20 21:48:43 +00:00
kevans
2053d86e7e bectl(8): change jail command to execute jail(8)
The jail(8) command provides a variety of jail pseudo-parameters that are
useful to consumers of bectl, mount.devfs being the most-often-requested
paramater by bectl users.

command, exec.start, nopersist, and persist may not be specified via -o to
bectl. The command/exec.start remains passed as it always has at the end of
bectl, and persistence is dictated by -b/-U bectl jail arguments.

Submitted by:	Wes Maag <jwmaag gmail com>
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D19282
2019-03-19 17:38:54 +00:00
ae
5d2bb16967 Remove extra spaces.
MFC after:	1 month
2019-03-19 11:16:42 +00:00
ae
d763427450 Reapply r345274 with build fixes for 32-bit architectures.
Update NAT64LSN implementation:

  o most of data structures and relations were modified to be able support
    large number of translation states. Now each supported protocol can
    use full ports range. Ports groups now are belongs to IPv4 alias
    addresses, not hosts. Each ports group can keep several states chunks.
    This is controlled with new `states_chunks` config option. States
    chunks allow to have several translation states for single alias address
    and port, but for different destination addresses.
  o by default all hash tables now use jenkins hash.
  o ConcurrencyKit and epoch(9) is used to make NAT64LSN lockless on fast path.
  o one NAT64LSN instance now can be used to handle several IPv6 prefixes,
    special prefix "::" value should be used for this purpose when instance
    is created.
  o due to modified internal data structures relations, the socket opcode
    that does states listing was changed.

Obtained from:	Yandex LLC
MFC after:	1 month
Sponsored by:	Yandex LLC
2019-03-19 10:57:03 +00:00
ae
e171491f01 Revert r345274. It appears that not all 32-bit architectures have
necessary CK primitives.
2019-03-18 14:00:19 +00:00
ae
f13ac20eb6 Update NAT64LSN implementation:
o most of data structures and relations were modified to be able support
  large number of translation states. Now each supported protocol can
  use full ports range. Ports groups now are belongs to IPv4 alias
  addresses, not hosts. Each ports group can keep several states chunks.
  This is controlled with new `states_chunks` config option. States
  chunks allow to have several translation states for single alias address
  and port, but for different destination addresses.
o by default all hash tables now use jenkins hash.
o ConcurrencyKit and epoch(9) is used to make NAT64LSN lockless on fast path.
o one NAT64LSN instance now can be used to handle several IPv6 prefixes,
  special prefix "::" value should be used for this purpose when instance
  is created.
o due to modified internal data structures relations, the socket opcode
  that does states listing was changed.

Obtained from:	Yandex LLC
MFC after:	1 month
Sponsored by:	Yandex LLC
2019-03-18 12:59:08 +00:00
ae
93a7173b74 Add NAT64 CLAT implementation as defined in RFC6877.
CLAT is customer-side translator that algorithmically translates 1:1
private IPv4 addresses to global IPv6 addresses, and vice versa.
It is implemented as part of ipfw_nat64 kernel module. When module
is loaded or compiled into the kernel, it registers "nat64clat" external
action. External action named instance can be created using `create`
command and then used in ipfw rules. The create command accepts two
IPv6 prefixes `plat_prefix` and `clat_prefix`. If plat_prefix is ommitted,
IPv6 NAT64 Well-Known prefix 64:ff9b::/96 will be used.

  # ipfw nat64clat CLAT create clat_prefix SRC_PFX plat_prefix DST_PFX
  # ipfw add nat64clat CLAT ip4 from IPv4_PFX to any out
  # ipfw add nat64clat CLAT ip6 from DST_PFX to SRC_PFX in

Obtained from:	Yandex LLC
Submitted by:	Boris N. Lytochkin
MFC after:	1 month
Relnotes:	yes
Sponsored by:	Yandex LLC
2019-03-18 11:44:53 +00:00
ae
2770fa04e1 Add SPDX-License-Identifier and update year in copyright.
MFC after:	1 month
2019-03-18 10:50:32 +00:00
ae
6b7a62da46 Modify struct nat64_config.
Add second IPv6 prefix to generic config structure and rename another
fields to conform to RFC6877. Now it contains two prefixes and length:
PLAT is provider-side translator that translates N:1 global IPv6 addresses
to global IPv4 addresses. CLAT is customer-side translator (XLAT) that
algorithmically translates 1:1 IPv4 addresses to global IPv6 addresses.
Use PLAT prefix in stateless (nat64stl) and stateful (nat64lsn)
translators.

Modify nat64_extract_ip4() and nat64_embed_ip4() functions to accept
prefix length and use plat_plen to specify prefix length.

Retire net.inet.ip.fw.nat64_allow_private sysctl variable.
Add NAT64_ALLOW_PRIVATE flag and use "allow_private" config option to
configure this ability separately for each NAT64 instance.

Obtained from:	Yandex LLC
MFC after:	1 month
Sponsored by:	Yandex LLC
2019-03-18 10:39:14 +00:00
0mp
a0fc22c854 camcontrol.8: Bump date after r345051
Reviewed by:	bcr
Approved by:	bcr (doc)
Approved by:	krion (mentor, implicit), mat (mentor, implicit)
Differential Revision:	https://reviews.freebsd.org/D19555
2019-03-12 09:43:11 +00:00
imp
8d10a64bb8 Add -l to camcontrol readcap.
The -l flag sends only the READ CAPACITY (16) sevice action. Normally
we send the READ CAPACITY (10) command, and only send RC16 when the
capacity is larger than 2TB (since that's the max RC10 can
report). However, some badly programmed drives report different
numbers for RC10 and RC16. This can be hard to diagnose, but generally
there's a "Logical block address out of range" error when RC16 reports
a larger number than RC10 and the RC10 number is the correct one. By
comparing the output of readcap with and without the -l argmuent, one
can determine if there's a mismatch and if the DA_Q_NO_RC16 quirk is
needed.

Reviewed by: ken@
Differential Revision: https://reviews.freebsd.org/D19536
2019-03-12 04:57:05 +00:00
wosch
19c2fe5542 explain ``fsck -f'' more in detail
PR:	223491
Approved by: mckusick, 0mp, imp
Differential Revision:	https://reviews.freebsd.org/D19437
2019-03-08 10:03:16 +00:00
bz
d6a3300a0b Update for IETF draft-ietf-6man-ipv6only-flag.
All changes are hidden behind the EXPERIMENTAL option and are not compiled
in by default.

Add ND6_IFF_IPV6_ONLY_MANUAL to be able to set the interface into no-IPv4-mode
manually without router advertisement options.  This will allow developers to
test software for the appropriate behaviour even on dual-stack networks or
IPv6-Only networks without the option being set in RA messages.
Update ifconfig to allow setting and displaying the flag.

Update the checks for the filters to check for either the automatic or the manual
flag to be set.  Add REVARP to the list of filtered IPv4-related protocols and add
an input filter similar to the output filter.

Add a check, when receiving the IPv6-Only RA flag to see if the receiving
interface has any IPv4 configured.  If it does, ignore the IPv6-Only flag.

Add a per-VNET global sysctl, which is on by default, to not process the automatic
RA IPv6-Only flag.  This way an administrator (if this is compiled in) has control
over the behaviour in case the node still relies on IPv4.
2019-03-06 23:31:42 +00:00
jhb
ae6222b0c3 Drop "All rights reserved" from my copyright statements.
Reviewed by:	rgrimes
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D19485
2019-03-06 22:11:45 +00:00
avos
aac05db79f Allow to build ifconfig(8) without wireless support
The change removes SIOC[GS]IEEE80211 handling from ifconfig(8)
if WITHOUT_WIRELESS_SUPPORT=yes is set in src.conf(5).

Reviewed by:	bz
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D19289
2019-03-04 03:47:06 +00:00
mckusick
40fbe3a922 Properly calculate the last used logical block of a file when checking
inodes that reference directories. While here tighten the check for
comparing the last logical block with the end of the file.

Reported by:  Peter Holm
Tested by:    Peter Holm
Sponsored by: Netflix
2019-03-02 21:30:01 +00:00
mckusick
778bf100cf The size of the UFS soft-updates journal must be a multiple of the
filesystem block size. When a size is specified with the -S flag
to tunefs(8), round it up to the filesystem block size.

Reported by:  Peter Holm
Tested by:    Peter Holm
Sponsored by: Netflix
2019-03-02 21:22:56 +00:00
ygy
eed56cc0da Fix typos and caps for ipfw(8) man page.
MFC after:	3 days
PR:		236030
Submitted by:	olgeni
2019-03-01 19:06:13 +00:00
smh
f2abcdb17e Fix incorrect / unused sector_count for identify requests
Fix incorrect / unused sector_count for identify requests from camcontrol.

Submitted by:	Alexey Dokuchaev
Reported by:	Alexey Dokuchaev
MFC after:	1 week
Sponsored by:	Multiplay
Differential Revision:	https://reviews.freebsd.org/D19408
2019-03-01 14:39:15 +00:00
trhodes
a116b07bc9 Grammar tweaks in ipfw manual page. 2019-02-28 20:43:03 +00:00
imp
1a6998a271 Add SPDX tag. 2019-02-28 02:29:48 +00:00
sjg
b6203121e9 Add verifying manifest loader for mac_veriexec
This tool will verify a signed manifest and load contents into
mac_veriexec for storage

Sponsored by:	Juniper Networks
Differential Revision:	D16575
2019-02-26 06:17:23 +00:00
asomers
edcbc8f744 ifconfig: eliminate trailing whitespace
Eliminate trailing whitespace on inet, inet6, and groups lines. I think the
"list txpower" command will still show some, but I'm not able to test that.

PR: 153731
Reported-by: Nikolay Denev <ndenev@gmail.com>
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D19004
2019-02-26 03:34:47 +00:00
mckusick
7b71e80a0f After a crash, a file that extends into indirect blocks may end up
shorter than its size resulting in a hole as its final block (which
is a violation of the invarients of the UFS filesystem).

Soft updates will always ensure that the file size is correct when
writing inodes to disk for files that contain only direct block
pointers. However soft updates does not roll back sizes for files
with indirect blocks that it has set to unallocated because their
contents have not yet been written to disk. Hence, the file can
appear to have a hole at its end because the block pointer has been
rolled back to zero when its inode was written to disk. Thus,
fsck_ffs calculates the last allocated block in the file. For files
that extend into indirect blocks, fsck_ffs checks for a size past
the last allocated block of the file and if that is found, shortens
the file to reference the last allocated block thus avoiding having
it reference a hole at its end.

Submitted by: Chuck Silvers <chs@netflix.com>
Tested by:    Chuck Silvers <chs@netflix.com>
MFC after:    1 week
Sponsored by: Netflix
2019-02-25 21:58:19 +00:00
wulf
fea6adbc28 evdev: export event device properties through sysctl interface
A big security advantage of Wayland is not allowing applications to read
input devices all the time. Having /dev/input/* accessible to the user
account subverts this advantage.

libudev-devd was opening the evdev devices to detect their types (mouse,
keyboard, touchpad, etc). This don't work if /dev/input/* is inaccessible.
With the kernel exposing this information as sysctls (kern.evdev.input.*),
we can work w/o /dev/input/* access, preserving the Wayland security model.

Submitted by:		Greg V <greg@unrelenting.technology>
Reviewed by:		wulf, imp
MFC after:		2 weeks
Differential Revision:	https://reviews.freebsd.org/D18694
2019-02-24 18:47:04 +00:00
sobomax
034bc5d427 Further refine r336195: do not even attempt to verify/update interface's
MTU if we've set it once and there were no changes on the DHCP server
side since the last refresh. This is consistent I believe with how dhclient
handles other settings like IP address, mask etc.

Approved by:	cem, eugen
Differential Revision:	https://reviews.freebsd.org/D18546
2019-02-23 23:31:13 +00:00
imp
90eaca25c1 Rework logpage extensibility.
Move from using a linker set to a constructor function that's
called. This simplifies the code and is slightly more obvious.  We now
keep a list of page decoders rather than having an array we managed
before. Commands will move to something similar in the future.

Reviewed by: jhb@
Differential Revision: https://reviews.freebsd.org/D19275
2019-02-22 15:15:36 +00:00
mckusick
8bd0f002e1 Ensure that inode updates are properly flushed out during the first
pass of fsck_ffs. Some changes, such as check-hash corrections were
being lost.

Reported by: Michael Tuexen (tuexen@)
Tested by:   Michael Tuexen (tuexen@)
MFC after:   3 days
2019-02-19 20:12:12 +00:00
kevans
43d973d6c7 mdmfs(8): use -o reserve with malloc-backed md(4)
Mentioned in mdconfig(8), malloc-backed md(4) can be unstable unless
required memory is allocated up front with -o reserve. Furthermore, panics
have been observed with md used in fstab on 12.0-RELEASE. Choose the stable
route and pass -o reserve.

Submitted by:	Paul Vixie
MFC after:	1 week
2019-02-16 23:57:38 +00:00
imp
a8a1f42e71 Remove write-only s_flag. 2019-02-16 00:15:02 +00:00
ngie
81b0e470dd Fix up concurrent test zpool setup and teardown
Set up zpools with a more unique name, stash the zpool name away in a file pointed
to by `$ZPOOL_NAME_FILE` (which is relative to a per-testcase generated temporary
directory), then remove the file based on `$ZPOOL_NAME_FILE` in the cleanup
routines.

This is a more concurrency-safe solution and will allow the testcases to be safely
executed in parallel.

Reviewed by:	kevans, jtl
Approved by:	jtl (mentor)
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D19024
2019-02-12 23:35:46 +00:00
pkelsey
6ce26106c0 Fix the fix added in r343287 for spurious HFSC bandwidth check errors
The logic added in r343287 to avoid false-positive
sum-of-child-bandwidth check errors for HFSC queues has a bug in it
that causes the upperlimit service curve of an HFSC queue to be pulled
down to its parent's linkshare service curve if it happens to be above
it.

Upon further inspection/reflection, this generic
sum-of-child-bandwidths check does not need to be fixed for HFSC - it
needs to be skipped.  For HFSC, the equivalent check is to ensure the
sum of child linkshare service curves are at or below the parent's
linkshare service curve, and this check is already being performed by
eval_pfqueue_hfsc().

This commit reverts the affected parts of r343287 and adds new logic
to skip the generic sum-of-child-bandwidths check for HFSC.

MFC after:	1 day
Sponsored by:	RG Nets
Differential Revision:	https://reviews.freebsd.org/D19124
2019-02-11 22:58:43 +00:00
brooks
3a2450df1c mdmfs: Fix many bugs in automatic md(4) creation.
This code allocated a correctly sized buffer, read past the end of the
source buffer, writing off the end of the target buffer, and then writing
a '\0' terminator past the end of the target buffer (in the wrong place).
It then leaked the buffer.

Switch to a statically sized buffer on the stack and update the source
pointer and
length before use so the correct things are copied.

Fix a logic error in the checks that the format of the line is as
expected and move on out of an assert.

Remove an unneeded close(). fclose() closes the descriptor.

Found with:	CheriABI
Obtained from:	CheriBSD
Reviewed by:	kib, jhb, markj
Differential Revision:	https://reviews.freebsd.org/D19122
2019-02-11 21:31:26 +00:00
kevans
3e9f4c04bb bectl(8): commit missing test modifications from r343993
X-MFC-With:	r343993
2019-02-11 04:00:42 +00:00
kevans
4d060aa696 bectl(8): Add -o flag to destroy to clean up the origin snapshot of BE
We can't predict when destruction of origin is needed, and currently we have
a precedent for not prompting for things. Leave the decision up to the user
of bectl(8) if they want the origin snapshot to be destroyed or not.

Emits a warning when -o isn't used and an origin snapshot is left to be
cleaned up, for the time being. This is handy when one drops the -o flag but
really did want to clean up the origin.

A couple of -e ignore's have been sprinkled around the test suite for places
that we don't care that the origin's not been cleaned up. -o functionality
tests will be added in the future, but are omitted for now to reduce
conflicts with work in flight to fix bits of the tests.

Reported by:	Shawn Webb
MFC after:	1 week
2019-02-11 04:00:01 +00:00
cem
5e8683b78d gbde(8) - simplify randomisation with arc4random_buf
Submitted by:	David CARLIER <devnexen AT gmail.com>
Differential Revision:	https://reviews.freebsd.org/D18678
2019-02-11 00:11:02 +00:00