Since kib's change the stack guard is now ON by default,
this option in hardening menu of bsdinstall is no longer needed.
Submitted by: Bartlomiej Rutkowski <robak@FreeBSD.org>
Reviewed by: bapt
Approved by: bapt
MFC after: 1 day
Sponsored by: Pixeware LTD
Differential Revision: https://reviews.freebsd.org/D11686
the newer RFCs (5661 and 7530). The main man changes are for the
case of "numbers in strings" for user/groups that RFC7530 allows
and avoids use of nfsuserd(8).
This is a content change.
Reviewed by: trasz (earlier version)
MFC after: 1 week
- Document /etc/cron.d and /usr/local/etc/cron.d under FILES.
- Reword documentation for -n: add appropriate soft-stop and remove
contraction to appease igor.
MFC after: 3 days
Long objdir paths make it easy to hit the version string length limit in
kernel dump headers. The build number and timestamp are unlikely to be
truncated and ought to be sufficient to protect against false positives.
Discussed with: jhb
MFC after: 1 week
The usual case of a mismatched checksum for installer snapshots
(e.g., -CURRENT, -ALPHA*) is that a newer snapshot has been built and
the old install sets have been replaced. Provide a specific error
message for checksum mismatches there that suggests looking for a newer
snapshot.
Submitted by: Guangyuan Yang <yzgyyang@outlook.com>
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D11641
delete subcommand in the modify section. Rewrite the
modify description text in two places to say modify/modified
instead of remove/removed.
PR: 220710
Submitted by: sseekamp@risei.net
Reviewed by: mav@
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D11608
This patch modifies the nfsuserd daemon so that it uses an AF_LOCAL socket
for upcalls by default. This should fix the problem with using a UDP
socket upcall to 127.0.0.1 when jails are used.
The AF_LOCAL socket case only supports a single server daemon, since hangs
were observed by the original problem reporter when multiple daemons
were used.
The patch adds a command line option called "-use-udpsock" which makes
the daemon revert to its prepatched behaviour.
Suggested by: dfr
PR: 205193
Relnotes: yes
After the addition of SUBDIR.yes, uniquifying/ordering the SUBDIRs doesn't
make a whole lot of sense, and it's in effect a half measure.
Ordering SUBDIR (after adding SUBDIR.yes to it) in bsd.subdir.mk is a
separate change that warrants more discussion/testing, because while
the SUBDIR_PARALLEL work largely fixed dependency ordering for SUBDIRs,
there might be downstream FreeBSD consumers that rely on the SUBDIR
ordering.
MFC after: 2 months
Reviewed by: bdrewery
Differential Revision: D11398
ZFS SLOGs have very specific access pattern with many cache flushes,
which none of benchmarks I know can simulate. Since SSD vendors rarely
specify cache flush time, this measurement can be useful to explain why
some ZFS pools are slower then expected. This test writes data chunks
of different size followed by cache flush, alike to what ZFS SLOG does,
and measures average time.
To illustrate, here is result for 6 years old SATA Intel 710 Series SSD:
Synchronous random writes:
0.5 kbytes: 138.3 usec/IO = 3.5 Mbytes/s
1 kbytes: 137.7 usec/IO = 7.1 Mbytes/s
2 kbytes: 151.1 usec/IO = 12.9 Mbytes/s
4 kbytes: 158.2 usec/IO = 24.7 Mbytes/s
8 kbytes: 175.6 usec/IO = 44.5 Mbytes/s
16 kbytes: 210.1 usec/IO = 74.4 Mbytes/s
32 kbytes: 274.2 usec/IO = 114.0 Mbytes/s
64 kbytes: 416.5 usec/IO = 150.1 Mbytes/s
128 kbytes: 776.6 usec/IO = 161.0 Mbytes/s
256 kbytes: 1503.1 usec/IO = 166.3 Mbytes/s
512 kbytes: 2968.7 usec/IO = 168.4 Mbytes/s
1024 kbytes: 5866.8 usec/IO = 170.5 Mbytes/s
2048 kbytes: 11696.6 usec/IO = 171.0 Mbytes/s
4096 kbytes: 23329.6 usec/IO = 171.5 Mbytes/s
8192 kbytes: 46779.5 usec/IO = 171.0 Mbytes/s
, and much newer and supposedly much faster NVMe Samsung 950 PRO SSD:
Synchronous random writes:
0.5 kbytes: 2092.9 usec/IO = 0.2 Mbytes/s
1 kbytes: 2013.1 usec/IO = 0.5 Mbytes/s
2 kbytes: 2014.8 usec/IO = 1.0 Mbytes/s
4 kbytes: 2090.7 usec/IO = 1.9 Mbytes/s
8 kbytes: 2044.5 usec/IO = 3.8 Mbytes/s
16 kbytes: 2084.8 usec/IO = 7.5 Mbytes/s
32 kbytes: 2137.1 usec/IO = 14.6 Mbytes/s
64 kbytes: 2173.4 usec/IO = 28.8 Mbytes/s
128 kbytes: 2923.9 usec/IO = 42.8 Mbytes/s
256 kbytes: 3085.3 usec/IO = 81.0 Mbytes/s
512 kbytes: 3112.2 usec/IO = 160.7 Mbytes/s
1024 kbytes: 2430.6 usec/IO = 411.4 Mbytes/s
2048 kbytes: 3788.9 usec/IO = 527.9 Mbytes/s
4096 kbytes: 6198.0 usec/IO = 645.4 Mbytes/s
8192 kbytes: 10764.9 usec/IO = 743.2 Mbytes/s
While the first one obviously has maximal throughput limitations, the
second one has so high cache flush latency (about 2 millisecond), that
it makes one almost useless in SLOG role, despite of its good throughput
numbers. Power loss protection is out of scope of this test, but I
suspect it can be related.
MFC after: 2 weeks
Sponsored by: iXsystems, Inc.
This patch adds new bsdinstall option to hardening section that allows users
to change this behaviour to secure one and updates stack guard option so it
would set the value of relevant sysctl to 512 (2MB)
Submitted by: Bartek Rutkowski
Reviewed by: adrian, bapt, emaste
Approved by: bapt, emaste
MFC after: 1 day
Sponsored by: Pixeware LTD
Differential Revision: https://reviews.freebsd.org/D9700
when jails are being used on the system.
It is hoped that the patches in PR#205193 will someday get tested/debugged
so that they can be committed to fix this.
This is a content change.
PR: 205193
MFC after: 2 weeks
Return the bare requested information, intended for scripting.
The serial number of a SAS/SCSI device can be returned with
'camcontrol inquiry disk -S', but there is no similar switch for SATA.
This provides a way to get this information from both SAS and SATA disks
the -s and -p flags are mutually exclusive, and cannot be used with any
other flags.
Reviewed by: rpokala, wblock
MFC after: 1 month
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D7828
In jemalloc 5, there are no longer chunks, and as configured on
FreeBSD (the "retain" option defaults to false), the mmap()
requests are precisely sized for the specific needs, which means
the virtual memory overhead should be lower for small applications.
Reviewed by: jasone, ian
Differential Revision: https://reviews.freebsd.org/D11366
We do not treat makefs as contrib code. Import copies of makefs msdos
files from NetBSD so that we can track our changes to these files.
These are copied from NetBSD, with only a change to use __FBSDID and
$FreeBSD$ instead of __KERNEL_RCSID and $NetBSD$. A copy of the
original $NetBSD$ tag remains in each source file.
These two files were missed in r320212. Also remove a stray blank line
added in msdosfs_vfsops.c.
Submitted by: Siva Mahadevan
Sponsored by: The FreeBSD Foundation
then printing it.
This prepares the code to make it libxo friendly
Reviewed by: manu, Nikita Kozlov (nikita elyzion.net)
MFC after: 2 weeks
Sponsored by: Gandi.net
We do not treat makefs as contrib code. Import copies of makefs msdos
files from NetBSD so that we can track our changes to these files.
These are copied from NetBSD, with only a change to use __FBSDID and
$FreeBSD$ instead of __KERNEL_RCSID and $NetBSD$. A copy of the
original $NetBSD$ tag remains in each source file.
Submitted by: Siva Mahadevan
Sponsored by: The FreeBSD Foundation
On FreeBSD fstat(2) works fine for querying sizes of plain files,
but not so much for character devices.
So, use DIOCGMEDIASIZE to try to get the correct size for disks
and disk-like devices (e.g. zvols).
PR: 220186
Reviewed by: tsoome, grehan
MFC after: 1 week
Reuse create_service code instead of duplicating it in
lookup_addresses for kernel NLM.
As a (good) side effect this also fixed a few issues that were
already fixed in the former but never applied to the latter.
Reviewed by: kevlo
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D11259
dumpfs prints a harmless warning message (via ufs_disk_fillout(3) and
getfsfile(3)), when /etc/fstab does not exist. We can ignore it.
PR: 220165
Reported by: gjb
MFC after: 3 weeks
Sponsored by: Spectra Logic Corp
The reason is that FreeBSD refcount.h shadows ZFS refcount.h and that
will lead to a build error after a planned import of the ARC buf data
scatter-ization.
It's possible that some day we will have an opposite problem where
a ZFS header would shadow an essential FreeBSD header.
So, we need to think about a better long term solution.
Discussed with: allanjude
MFC after: 17 days
vfs.zfs.min_auto_ashift is a sysctl only not a tunable so updated bsdinstall
to use the correct location /etc/sysctl.conf instead of /boot/loader.conf
Reported by: Aaron Caza
Reviewed by: allanjude
MFC after: 2 days
Sponsored by: Multiplay
Differential Revision: https://reviews.freebsd.org/D11278
Since buildenv exports SYSROOT all of these uses will now look in
WORLDTMP by default.
sys/boot/efi/loader/Makefile
A LIBSTAND hack is no longer required for buildenv.
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon
usr.sbin/lpr/lpc/lpc.c
Warning
passing 'char *[20]' to parameter of type 'const char **' discards
qualifiers in nested pointer types
[-Wincompatible-pointer-types-discards-qualifiers]
Fix:
Explicitly cast the variable "margv" to const char ** only for it's
use as a parameter to suppress the error
Submitted by: Aaron Prieger <aprieger@llnw.com>
Sponsored by: Limelight Networks
Differential Revision: https://reviews.freebsd.org/D11019
- increase arm64 EFI partition to 200M, as x86
- use EFI_BOOTPART_SIZE and EFI_BOOTPART_PATH macros on x86
- increase ZFS EFI partition to 200M
PR: 201898
Reviewed by: allanjude, manu
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D11239
pthread_join(3). The variable tid is not yet initialized in case
the authentication fails at early stage, that would lead pthread_join be
called with an uninitialized variable.
CID: 1375950
Reported by: Coverity, cem
Reviewed by: cem
MFC after: 3 weeks.
Sponsored by: iXsystems, Inc.
Differential Revision: https://reviews.freebsd.org/D11150