Since Amazon provides NTP servers within their network, this should
be far superior to using the default NTP pools; and since the service
is provided by Amazon there's very little risk in enabling it by
default. (If someone is able to compromise Amazon's NTP servers and
exploit them to attack EC2 instances, they would almost certainly be
able to compromise EC2 instances even without ntpd running...)
MFC after: 1 week
Relnotes: EC2 instances now keep their clocks synchronized using
the Amazon Time Sync Service (aka. NTP).
EC2 instances are normally launched with an SSH public key specified,
which is then used for logging in (by default, as 'ec2-user'). Having
ChallengeResponseAuthentication enabled (as FreeBSD's default sshd_config
does) has no functional effect in a new EC2 instance, since you can't log
in using a password until a password has been set -- but having this
enabled results in alerts from automated scanning tools which can detect
that sshd advertises support for keyboard-interactive logins (since they
can't detect that accounts have no password set).
EC2 users who want to use passwords to log in to their instances will need
to set 'ChallengeResponseAuthentication yes' in FreeBSD 12.0 and later.
Discussed with: gjb, gtetlow, emaste, des
Requested by: Amazon
X-MFC: No
Relnotes: ChallengeResponseAuthentication is turned off by default in
Amazon EC2 AMIs.
the OFED buildworld target, WITH_OFED=YES, when the include files are not
already installed locally, but only in the temporary object directory.
Found by: kib
Sponsored by: Mellanox Technologies
Inputting fractional non-decimal numbers has never worked correctly in our
OpenBSD-derived dc(1). It truncates the input to a number of decimal places
equal to the number of hexadecimal (or whatever base) places given on the
input. That's unacceptable, because many numbers require more precision to
represent in base 10 than in their original bases.
Fix this bug by using as many decimal places as needed to represent the
input, up to the maximum of the global scale factor.
This has one mildly surprising side effect: the scale of a number entered in
non-decimal mode will no longer necessarily equal the number of hexadecimal
(or whatever base) places given on the input. I think that's an acceptable
behavior change, given that inputting fractional non-decimal numbers never
worked in the first place, and the man page doesn't specify whether trailing
zeros on the input should affect a number's scale.
PR: 206230
Reported by: nibbana@gmx.us
Reviewed by: pfg
Differential Revision: https://reviews.freebsd.org/D13336
sponge(1) is a utility that reads input until
complete, then opens the output file, then
writes to it. This makes it useful in pipelines
that read and write to the same file.
Reviewed by: wblock, jilles, imp, cem, danfe (all: various iterations)
Inspired by: https://joeyh.name/code/moreutils/
The initial kernel-toolchain is built with TARGET=MACHINE but
we want GCC to have files generated for TARGET=NXB_TARGET
instead later on. Just clean the files between building of
the toolchain and nxb binaries which will let it rebuild
when needed.
Reported by: sbruno
X-MFC-With: r325001
MFC after: 1 month
Sponsored by: Dell EMC
Previously, lld exited with an error status if the only option given to
the command was -v. GNU linkers gracefully exit in that case. This patch
makes lld behave like GNU.
Note that even with this patch, lld's -v and --version options behave
slightly differently than GNU linkers' counterparts. For example,
if you run ld.bfd -v -v, the version string is printed out twice.
But that is an edge case that I don't think we need to take care of.
Fixes https://bugs.llvm.org/show_bug.cgi?id=31582
Obtained from: LLVM r319717
MFC after: 1 week
there are no write delegations issued.
manu@ reported on the freebsd-current@ mailing list that there was
a significant performance hit in nfsrv_checkgetattr() caused by
the acquisition/release of a state lock, even when there were no
write delegations issued.
This patch add a count of outstanding issued write delegations to the
NFSv4 server. This count allows nfsrv_checkgetattr() to return without
acquiring any lock when the count is 0, avoiding the performance hit
for the case where no write delegations are issued.
Reported by: manu
Reviewed by: kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D13327
Recent DTS (from Linux 4.14) specify a compatible "allwinner,sun50i-h5-ccu"
for H5 SoC. Since we get the DTB from u-boot this wasn't noticed.
Add the compatible so later version of u-boot will not fail for us.
This is better than directly changing PCI configuration space of the
device because it makes the PCI bus aware of the configuration.
Also, the change allows to drop a bunch of code that duplicated
pci_enable_msi() functionality.
I wonder if it's possible to further simplify the code by using
pci_alloc_msi().
ivhd should attach after the root PCI bus and, thus, after the ACPI
Host-PCI bridge off which the bus hangs. This is because ivhd changes
PCI configuration of a PCI IOMMU device that is located on the root bus.
If the bus attaches after ivhd it clears the MSI portion of the
configuration. As a result IOMMU event interrupts would never be
delivered.
For regular ACPI devices the order is calculated as
ACPI_DEV_BASE_ORDER + level * 10
where level is a depth of the device in the ACPI namespace.
I expect the depth of the Host-PCI bridge to be two or three,
so ACPI_DEV_BASE_ORDER + 10 * 10 should be a sufficiently safe order
for ivhd.
This should fix the setup of the AMD-Vi event interrupt when vmm is
preloaded (as opposed to kldload-ed).
This ensures that we can receive further event interrupts.
See the description of the bits in the specification for
MMIO Offset 2020h IOMMU Status Register.
The bits are defined as set-by-hardware write-1-to-clear, same as all
the bits in the status register.
Discussed with: anish
only.
In case we are trying to read a catpage, the manpage variable is not defined.
It results in the "cattool" having no arguments.
In case the catpage is compressed, the cattool used is "zcat" which dies if the
standard input is a terminal, meaning the function calling it is exiting as if
there were no ".so"
In case the catpage is uncompressed, the cattool used is "zcat -f" which waits
reading standard input, making the man(1) command hang.
PR: 223560
Reported by: wosch
MFC after: 3 days
arm64 boot sequence. This will be a virtual address in the kernel space
after the kernel and any modules loaded by loader so we can use this to
find the size of the kernel + modules. We can then add on a level 2 page for
the module data and round up the size to be aligned to a level 2 page.
This allows more than 8 MiB of modules to be loaded by loader, e.g. zfs.ko
and opensolaris.ko.
Reported by: Shawn Webb
MFC after: 1 week
Sponsored by: DARPA, AFRL
Commit r326346 moved domain iterators from physical layer to vm_page one,
but it also removed translation of freelist to flind for
vm_page_alloc_freelist() call. Before it expects VM_FREELIST_ parameter,
but after it expect freelist index.
On small WiFi boxes with few megabytes of RAM, there is only one freelist
VM_FREELIST_LOWMEM (1) and there is no VM_FREELIST_DEFAULT(0) (see file
sys/mips/include/vmparam.h). It results in freelist 1 with flind 0.
At first, this commit renames flind to freelist in vm_page_alloc_freelist
to avoid misunderstanding about input parameters. Then on physical layer it
restores translation for correct handling of freelist parameter.
Reported by: landonf
Reviewed by: jeff
Differential Revision: https://reviews.freebsd.org/D13351
Previous to the switch from sys/boot to stand/ zfsboot (used for MBR) did
not support GELI. Now that it is compiled with GELI, it is running out of
space.
zfsldr (which loads zfsboot) was modified to load 256kb in r304321
The existing check of the GCC version number is not sufficient
This fixes the build on sparc64 in preparation for integrating ZSTD into
the kernel for ZFS and Crash Dumps.
The cloudabi32.ko kernel modules can only be loaded on AMD64 and ARM64
by kernels built with COMPAT_FREEBSD32. Even though COMPAT_FREEBSD32
does not support the execution of native FreeBSD executables, do add it
to GENERIC, to make cloudabi32.ko usable.
According to size(1), this makes the kernel image approximately 0.7%
larger.
Reviewed by: andrew, imp, emaste
Differential Revision: https://reviews.freebsd.org/D13311
We can't kldunload in the test head as Kyua interprets any output from
them. This would lead to syntax errors and skipping the entire file.
Move the kld commands into the test case bodies.
Pointed out by: asomers@
This allows one to override the environment for processes created with
dtrace -c. By default, the environment is inherited.
This support was originally merged from illumos in r249367 but was lost
when the commit was later reverted and then brought back piecemeal.
Reported by: Samuel Lepetit <slepetit@apple.com>
MFC after: 2 weeks
Some IPSec in tunnel mode allowing to test multiple IPSec
configurations. These tests are reusing the jail/vnet scripts from pf
tests for generating complex network.
Submitted by: olivier@
Differential Revision: https://reviews.freebsd.org/D13017