Commit Graph

254264 Commits

Author SHA1 Message Date
delphij
dc8f15c81c Workaround ECAPMODE for kernels between revision [331280, 337999)
where getrandom(2) is not available in capability mode.
2018-08-18 08:32:21 +00:00
delphij
2acd1f2a25 Regen after r337998. 2018-08-18 06:33:51 +00:00
delphij
4f62d03ca0 getrandom(2) should not be restricted in capability mode. 2018-08-18 06:31:49 +00:00
delphij
18548ca3f9 Split arc4random_uniform into it's own file and sync with OpenBSD.
PR:		182610
Obtained from:	OpenBSD
MFC after:	2 weeks
2018-08-18 06:20:45 +00:00
np
37fea17dc1 cxgbe(4): Replace T4_PKT_TIMESTAMP with something slightly less hackish. 2018-08-18 04:23:51 +00:00
kevans
68ec745a9c libbe(3): Move build goop back out of cddl/
Some background: in the GSoC project, libbe/Makefile lived in lib/libbe. I
created projects/bectl branch, maintained the above for all of five
minutes before I misread Makefile.inc1 and decided that it couldn't possibly
build outside of cddl/, so I kicked the Makefile out into the cddl/ build
and all was good. The misreading was of the bit where .WAIT is added to
SUBDIR after lib, libexec but prior to building bin and cddl *only during
the install targets*, which is the critical part.

Fast forward- buildworld was still broken in my branch unbeknownst to me
because I didn't nuke my OBJDIR. Combing through Makefile.inc1 eventually
revealed the necessary magic to make sure that libbe's dependencies are
specified well enough, and it becomes clear what needs done to make a
non-cddl/ build work. This is an interesting prospect, because the build
split is kind of annoying to work with.

IGNORE_PRAGMA is added to avoid dropping WARNS by one more. This was
previously pulled in via cddl/Makefile.inc.
2018-08-18 03:20:59 +00:00
kevans
b51bdff298 libbe(3): Remove -v from LDFLAGS
-v is clearly not needed for linking, and it adds extra verbose information
that is not necessary.
2018-08-18 03:08:54 +00:00
kevans
3719708451 bectl(8): Allow running a custom command in the 'jail' subcommand
Instead of always running /bin/sh, allow the user to specify the command
to run. The jail is not removed when the command finishes. Meaning,
`bectl unjail` will still need to be run.

For example:

```
bectl jail newBE pkg upgrade
bectl ujail newBE
```

Submitted by:	Shawn Webb
Obtained from:	HardenedBSD (8b451014ab)
2018-08-18 01:12:44 +00:00
pfg
af33553b47 POSIX compliance improvements in the pthread(3) functions.
This basically adds makes use of the C99 restrict keyword, and also
adds some 'const's to four threading functions: pthread_mutexattr_gettype(),
pthread_mutexattr_getprioceiling(), pthread_mutexattr_getprotocol(), and
pthread_mutex_getprioceiling. The changes are in accordance to POSIX/SUSv4-2018.

Hinted by:	DragonFlyBSD

Relnotes:	yes
MFC after:	1 month
Differential Revision:	D16722
2018-08-18 01:05:38 +00:00
bz
c75b251b95 METALOG, unless manually overwritten, is defined as ${DESTDIR}/${DISTDIR}/METALOG
In the create-world-packages target we manually piece this together (unless
it is undefined), without the DISTDIR.  Normally DISTDIR is empty (unset) and
no one notices.  Now DISTDIR is a well known long-standing PORTS environment
variable and if that is set in the local environment the path to METALOG
is wrong as it no longer is ${DESTDIR}/METALOG.

Long-term we should start to avoid "publicly well known" names for global
variables, for now just piece ${DISTDIR} in as well.  This allows
create-world-packages to continue if DISTDIR is set in the env.
2018-08-17 21:19:18 +00:00
rmacklem
4178db1cdc Fix LORs between vn_start_write() and vn_lock() in the pNFS server.
When coding the pNFS server, I added several vn_start_write() calls done
while the vnode was locked, not realizing I had introduced LORs and
possible deadlock when an exported file system on the MDS is suspended.
This patch fixes this by removing the added vn_start_write() calls and
modifying the code so that the extant vn_start_write() call before the
NFS RPC/operation is done when needed by the pNFS server.
Flags are changed so that LayoutCommit and LayoutReturn now get a
vn_start_write() done for them.
When the pNFS server is enabled, the code now also changes the flags for
Getattr, so that the vn_start_write() is done for Getattr, since it may
need to do a vn_set_extattr(). The nfs_writerpc flag array was made global
to the NFS server and renamed nfsrv_writerpc, which is consistent naming
for globals in the NFS server.
Thanks go to kib@ for reporting that doing vn_start_write() while the vnode is
locked results in a LOR.
This patch only affects the behaviour of the pNFS server.
2018-08-17 21:12:16 +00:00
imp
2c34ce016e Copy the boot loader from the new location for the co-existing
loaders.

Reviewed by: gjb@
2018-08-17 20:41:50 +00:00
np
66230a9ea7 cxgbe(4): Adjust ntids to account for nhptids in the TOE case too.
This should have been part of r337538.
2018-08-17 20:28:31 +00:00
np
de3a576222 cxgbe/tom: Put the ifnet or VLAN's PCP value in the 802.1Q tag of frames
generated by the TOE.  Works with vid 0 (no VLAN, just priority) too.

MFC after:	1 week
Sponsored by:	Chelsio Communications
2018-08-17 19:22:46 +00:00
asomers
a56bea78dd Fix sys/netipsec/tunnel tests after r337736
Originally, these tests accidentally used broadcast addresses when they
should've used unicast addresses.  That the tests passed prior to r337736
was accidental.

Submitted by:	ae
Reviewed by:	olivier
MFC after:	2 weeks
2018-08-17 18:37:22 +00:00
kib
73f3efa46c Add pthread_get_name_np(3).
The function retrieves the thread name previously set by
pthread_set_name_np(3). The name is cached in the process memory.

Requested by:	Willem Jan Withagen <wjw@digiware.nl>
Man page update:	Yuri Pankov <yuripv@yuripv.net>
Reviewed by:	ian (previous version)
Discussed with:	arichardson, bjk (man page)
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D16702
2018-08-17 18:34:07 +00:00
kib
bfd3c06cd1 Reorder alphabetically.
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D16702
2018-08-17 18:24:11 +00:00
des
e880da936b Add a man page for ratecheck(9) and ppsratecheck(9). 2018-08-17 17:16:38 +00:00
brooks
214c1ab8d7 Rework rtld's TLS Variant I implementation to match r326794
The above commit fixed handling overaligned TLS segments in libc's
TLS Variant I implementation, but rtld provides its own implementation
for dynamically-linked executables which lacks these fixes.  Thus,
port these changes to rtld.

Submitted by:	James Clarke
Reviewed by:	kbowling
Testing byL	kbowling (powerpc64), br (riscv), kevans (armv7)
Obtained from:	CheriBSD
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D16510
2018-08-17 16:19:47 +00:00
markj
d1a00acf4d Typo.
X-MFC with:	r337974
2018-08-17 16:07:06 +00:00
markj
4e68a99c04 Add INVARIANTS-only fences around lockless vnode refcount updates.
Some internal KASSERTs access the v_iflag field without the vnode
interlock held after such a refcount update.  The fences are needed for
the assertions to be correct in the face of store reordering.

Reported and tested by:	jhibbits
Reviewed by:	kib, mjg
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D16756
2018-08-17 15:41:01 +00:00
asomers
cbcee6c52e Add Modbus Application Protocol to /etc/services
IANA reassigned ports 502 and 802 on 2014-06-10

PR:		213276
Submitted by:	Mark.Martinec@ijs.si
MFC after:	2 weeks
2018-08-17 15:18:57 +00:00
mav
8253837ac3 9751 Allocation throttling misplacing ditto blocks
Relax allocation throttling for ditto blocks.  Due to random imbalances
in allocation it tends to push block copies to one vdev, that looks
slightly better at the moment.  Slightly less strict policy allows both
improve data security and surprisingly write performance, since we don't
need to touch extra metaslabs on each vdev to respect the min distance.

Sponsored by:	iXsystems, Inc.
2018-08-17 15:17:09 +00:00
kp
72eb5d52ef pf tests: Verify that pf limits the number of fragments per packet
Test the limitation on number of frames per packet introduced in pf in r337969.

Sponsored by:	Klara Systems
2018-08-17 15:02:58 +00:00
mav
63e7138971 9738 Fix third block copy allocations, broken at 9112.
Use METASLAB_WEIGHT_CLAIM weight to allocate tertiary blocks.
Previous use of METASLAB_WEIGHT_SECONDARY for that caused errors
later on metaslab_activate_allocator() call, leading to massive
load of unneeded metaslabs and write freezes.

Reviewed by:	Paul Dagnelie <pcd@delphix.com>
2018-08-17 15:00:41 +00:00
kp
282d17bf4b pf: Limit the maximum number of fragments per packet
Similar to the network stack issue fixed in r337782 pf did not limit the number
of fragments per packet, which could be exploited to generate high CPU loads
with a crafted series of packets.

Limit each packet to no more than 64 fragments. This should be sufficient on
typical networks to allow maximum-sized IP frames.

This addresses the issue for both IPv4 and IPv6.

MFC after:	3 days
Security:	CVE-2018-5391
Sponsored by:	Klara Systems
2018-08-17 15:00:10 +00:00
trasz
91157e79e6 Consistently use NULL to terminate the argv; no functional changes.
MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
2018-08-17 14:57:13 +00:00
imp
02e6d7f1d9 GPT is standard in x86 and arm64 land. Add it to DEFAULTS with the
others.

Differential Revision: https://reviews.freebsd.org/D16740
2018-08-17 14:47:21 +00:00
oshogbo
6c18c0985d Fix style nits. 2018-08-17 14:37:13 +00:00
oshogbo
1aa9b1400a capsicum: allow the setproctitle(3) function in capability mode
Capsicum in past allowed to change the process title.
This was broken with r335939.

PR:		230584
Submitted by:	Yuichiro NAITO <naito.yuichiro@gmail.com>
Reported by:	ian@niw.com.au
MFC after:	1 week
2018-08-17 14:35:10 +00:00
kevans
c1f14ac369 dtc(1): Update to 97d2d5715eeb45108cc60367fdf6bd5b2046b050
Notable fixes:
- Overlays may now be generated properly without -@
- /__local_fixups__ were not including unit address in their structure
- The error reporting a magic token was misleading, reporting
  "Bad magic token in header.  Got d00dfeed expected 0xd00dfeed"
  if the token was missing. This has been split out into a separate message.

MFC after:	1 week
2018-08-17 13:24:48 +00:00
rmacklem
624b46f401 Don't set a file's size for the MDS file of a pNFS service.
When a pNFS service is running, the size of the files created on the MDS
are normally 0, since the data is written to the data files on the DS(s).
However, without this patch, if a Setattr with a non-zero size was done by
a client, the MDS file was set to that size.  This was thought to be benign,
but it turns out that files with a non-zero size plus extended attributes
can cause a "ffs_truncate3" panic in UFS. Although the exact cause of this
panic() has not been isolated, this patch avoids the panic() and leaves
the MDS files in a consistent state of always having a size == 0.
Note that these MDS files never store data. The patch also includes an
unnecessary initialization of savsize in case some compiler or static
analyser complains it might not be initialized.
This patch only affects the NFS server when pNFS is enabled via the "-p"
command line option on nfsd.
2018-08-17 12:32:38 +00:00
n_hibma
3f28472969 Add the possibility to mark packets urgent based on their length.
This allows preferring small (e.g. ACK) packets, in upload heavy
environments.

It was already possible to mark packets urgent based on destination
port. This option piggy backs on that feature.
2018-08-17 10:18:45 +00:00
royger
3a18a9200e build: skip the database check when generating install media
There are several scripts and targets solely used to generate install
media, make sure DB_FROM_SRC is used in that case in order to prevent
checking the host database, which is irrelevant when generating
install binaries.

Sponsored by:		Citrix Systems R&D
PR:			230459
Reviewed by:		gjb
Differential revision:	https://reviews.freebsd.org/D16638
2018-08-17 07:27:15 +00:00
cem
8a86d15b0a cryptosoft: Reduce generality of supported algorithm composition
Fix a regression introduced in r336439.

Rather than allowing any linked list of algorithms, allow at most two
(typically, some combination of encrypt and/or MAC).  Removes a WAITOK
malloc in an unsleepable context (classic LOR) by placing both software
algorithm contexts within the OCF-managed session object.

Tested with 'cryptocheck -a all -d cryptosoft0', which includes some
encrypt-and-MAC modes.

PR:		230304
Reported by:	sef@
2018-08-17 04:40:01 +00:00
kevans
1117e03b1e Add efidev(4)/efirt(9)
Document efidev(4), provider of userland access to EFI Runtime Services. A link is created to efirtc(4), which handles the time-of-day clock side.

efirt(9) is the kernel side of this.

Reviewed by:	imp, kib (earlier version)
Differential Revision:	https://reviews.freebsd.org/D16696
2018-08-17 04:17:51 +00:00
kevans
e9d18a0795 ls(1): Add --color=when
--color may be set to one of: 'auto', 'always', and 'never'.

'auto' is the default behavior- output colors only if -G or COLORTERM are
set, and only if stdout is a tty.

'always' is a new behavior- output colors always. termcap(5) will be
consulted unless TERM is unset or not a recognized terminal, in which case
ls(1) will fall back to explicitly outputting ANSI escape sequences.

'never' to turn off any environment variable and -G usage.

Reviewed by:	cem, 0mp (both modulo last-minute manpage changes
Differential Revision:	https://reviews.freebsd.org/D16741
2018-08-17 04:15:51 +00:00
jhibbits
34e8e0f32d random: Add PowerPC 'darn' instruction entropy source
Summary:
PowerISA 3.0 adds a 'darn' instruction to "deliver a random number".  This
driver was modeled after (rather, copied and gutted of) the Ivy Bridge
rdrand driver.

This uses the "Conditional Random Number" behavior to remove input bias.

From the ISA reference the 'darn' instruction, and the random number
generator backing it, conforms to the NIST SP800-90B and SP800-90C
standards, compliant to the extent possible at the time the hardware was
designed, and guarantees a minimum 0.5 bits of entropy per bit returned.

Reviewed By:	markm, secteam (delphij)
Approved by:	secteam (delphij)
Differential Revision: https://reviews.freebsd.org/D16552
2018-08-17 03:49:07 +00:00
kevans
645507f98f subr_prf: Don't write kern.boot_tag if it's empty
This change allows one to set kern.boot_tag="" and not get a blank line
preceding other boot messages. While this isn't super critical- blank lines
are easy to filter out both mentally and in processing dmesg later- it
allows for a mode of operation that matches previous behavior.

I intend to MFC this whole series to stable/11 by the end of the month with
boot_tag empty by default to make this effectively a nop in the stable
branch.
2018-08-17 03:42:57 +00:00
kevans
7404e36f69 bectl(8): Add batch mode to jail subcommand
Adding batch mode to the jail `bectl(8)` subcommand enables jailing of
ZFS Boot Environments in a scriptable fashion.

Submitted by:	Shawn Webb
Obtained from:	HardenedBSD (9e72d1c59a and ef7b6d9e1c with minor edit)
2018-08-17 01:59:19 +00:00
cem
5340396c5a Riscv: Include crypto for IPSec
Similar to r337944.  I think this is the last configuration that includes IPsec
but not crypto.
2018-08-17 01:08:22 +00:00
cem
5dee150170 arm: Define crypto option on platforms that include IPsec
Missed in r337940.

(It's not like there are any crypto files IPsec doesn't pull in, so it is
unclear what not defining the crypto option was supposed to achieve.)

Reported by:	np@
2018-08-17 01:04:02 +00:00
np
6e862a5f4b if_vlan(4): A VLAN always has a PCP and its ifnet's if_pcp should be set
to the PCP value in use instead of IFNET_PCP_NONE.

MFC after:	1 week
Sponsored by:	Chelsio Communications
2018-08-17 01:03:23 +00:00
cem
8d3674061f Add test cases for Poly1305 from RFC 7539 2018-08-17 00:32:00 +00:00
cem
a8117929ee crypto(4): Add cryptosoft, cryptodev support for Poly-1305 2018-08-17 00:31:06 +00:00
cem
e9bcf6874b Add xform-conforming auth_hash wrapper for Poly-1305
The wrapper is a thin shim around libsodium's Poly-1305 implementation.  For
now, we just use the C algorithm and do not attempt to build the
SSE-optimized variant for x86 processors.

The algorithm support has not yet been plumbed through cryptodev, or added
to cryptosoft.
2018-08-17 00:30:04 +00:00
cem
cfc80e095e Bring in compatibility glue for libsodium
The idea is untouched upstream sources live in sys/contrib/libsodium.

sys/crypto/libsodium are support routines or compatibility headers to allow
building unmodified upstream code.

This is not yet integrated into the build system, so no functional change.
2018-08-17 00:27:56 +00:00
cem
7ed424e736 Bring in libsodium to sys/contrib
Bring in https://github.com/jedisct1/libsodium at
461ac93b260b91db8ad957f5a576860e3e9c88a1 (August 7, 2018), unmodified.

libsodium is derived from Daniel J. Bernstein et al.'s 2011 NaCl
("Networking and Cryptography Library," pronounced "salt") software library.
At the risk of oversimplifying, libsodium primarily exists to make it easier
to use NaCl.  NaCl and libsodium provide high quality implementations of a
number of useful cryptographic concepts (as well as the underlying
primitics) seeing some adoption in newer network protocols.

I considered but dismissed cleaning up the directory hierarchy and
discarding artifacts of other build systems in favor of remaining close to
upstream (and easing future updates).

Nothing is integrated into the build system yet, so in that sense, no
functional change.
2018-08-17 00:23:50 +00:00
gjb
a225d7de24 Rename head from ALPHA1 to ALPHA2 in preparation for the next set
of snapshot builds.

Hashtag:	MaximumEffort
Approved by:	re (implicit)
Sponsored by:	The FreeBSD Foundation
2018-08-16 23:58:22 +00:00
asomers
e60f5de47a Fix sys/opencrypto/blake2_test when kern.cryptodevallowsoft=0
Two of these testcases require software crypto to be enabled. Curiously, it
isn't by default.

PR:		230671
Reported by:	Jenkins
Reviewed by:	cem
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D16755
2018-08-16 23:49:56 +00:00