Commit Graph

17200 Commits

Author SHA1 Message Date
Bartek Rutkowski
391aafd7ab Remove stack guard option from hardening menu.
Since kib's change the stack guard is now ON by default,
this option in hardening menu of bsdinstall is no longer needed.

Submitted by:	Bartlomiej Rutkowski <robak@FreeBSD.org>
Reviewed by:	bapt
Approved by:	bapt
MFC after:	1 day
Sponsored by:	Pixeware LTD
Differential Revision:	https://reviews.freebsd.org/D11686
2017-07-21 08:50:22 +00:00
Ed Maste
cebb7b191c acpidump: add GIC ITS srat type
From ACPI 6.2, 5.2.16.5

MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2017-07-20 17:36:17 +00:00
Ed Maste
340c00225f acpidump: add ACPI NFIT (NVDIMM Firmware Interface Table)
Submitted by:	Guangyuan Yang <yzgyyang@outlook.com>
MFC after:	3 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D11479
2017-07-20 17:31:27 +00:00
Ed Maste
27941afae6 acpidump: use C99 designated initializers
Submitted by:	Guangyuan Yang <yzgyyang@outlook.com>
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D11659
2017-07-20 15:52:36 +00:00
Enji Cooper
b024603382 Clean up leading whitespace (convert single column spaces to hard tabs)
MFC after:	now
2017-07-20 00:40:03 +00:00
Rick Macklem
6242e8c886 Update the nfsv4 man page to reflect recent changes to support
the newer RFCs (5661 and 7530). The main man changes are for the
case of "numbers in strings" for user/groups that RFC7530 allows
and avoids use of nfsuserd(8).

This is a content change.

Reviewed by:	trasz (earlier version)
MFC after:	1 week
2017-07-19 20:57:41 +00:00
Enji Cooper
d7938e0594 cron(8) manpage updates
- Document /etc/cron.d and /usr/local/etc/cron.d under FILES.
- Reword documentation for -n: add appropriate soft-stop and remove
  contraction to appease igor.

MFC after:	3 days
2017-07-19 19:53:07 +00:00
Enji Cooper
4555b2ad92 Fix trivial whitespace bug introduced in usage message changes for -n
support (r304570).

MFC after:	now
2017-07-19 19:38:25 +00:00
Mark Johnston
5a3924b985 Allow matches of truncated version strings.
Long objdir paths make it easy to hit the version string length limit in
kernel dump headers. The build number and timestamp are unlikely to be
truncated and ought to be sufficient to protect against false positives.

Discussed with:	jhb
MFC after:	1 week
2017-07-19 18:41:16 +00:00
Ed Maste
2775c1d7d5 bsdinstall: improve checksum mismatch error for snapshots
The usual case of a mismatched checksum for installer snapshots
(e.g., -CURRENT, -ALPHA*) is that a newer snapshot has been built and
the old install sets have been replaced.  Provide a specific error
message for checksum mismatches there that suggests looking for a newer
snapshot.

Submitted by:	Guangyuan Yang <yzgyyang@outlook.com>
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D11641
2017-07-19 18:25:52 +00:00
Ed Maste
9acc904146 bsdinstall: remove EOL whitespace 2017-07-18 23:35:19 +00:00
Navdeep Parhar
8f82718fb2 cxgbetool(8): Add loadboot and loadboot-cfg subcommands to install or
remove bootrom and boot config.

MFC after:	2 weeks
Sponsored by:	Chelsio Communications
2017-07-18 03:58:59 +00:00
Benedict Reuschling
4718651cb3 The ctladm man page incorrectly duplicated the text for the
delete subcommand in the modify section. Rewrite the
modify description text in two places to say modify/modified
instead of remove/removed.

PR:		220710
Submitted by:	sseekamp@risei.net
Reviewed by:	mav@
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D11608
2017-07-15 17:59:28 +00:00
Bryan Drewery
7c2f06da87 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	Dell EMC Isilon
2017-07-10 23:52:04 +00:00
Rick Macklem
3ab05e8674 Document the changes done to nfsuserd by r320757.
This is a content change.
2017-07-06 22:34:34 +00:00
Rick Macklem
77193c0508 Modify the nfsuserd daemon so that it uses an AF_LOCAL socket for upcalls.
This patch modifies the nfsuserd daemon so that it uses an AF_LOCAL socket
for upcalls by default. This should fix the problem with using a UDP
socket upcall to 127.0.0.1 when jails are used.
The AF_LOCAL socket case only supports a single server daemon, since hangs
were observed by the original problem reporter when multiple daemons
were used.
The patch adds a command line option called "-use-udpsock" which makes
the daemon revert to its prepatched behaviour.

Suggested by:	dfr
PR:		205193
Relnotes:	yes
2017-07-06 22:04:37 +00:00
Ed Maste
f5d0a8f7c7 acpidump: warn and exit loop on invalid subtable length
Submitted by:	Guangyuan Yang <yzgyyang@outlook.com>
Sponsored by:	The FreeBSD Foundation
2017-07-06 14:35:47 +00:00
Bartek Rutkowski
2669f7ebf1 usr.sbin/bsdinstall/scripts/hardening: fix options numbers
Submitted by:	Bartek Rutkowski <robak@FreeBSD.org>
Reviewed by:	bapt
Approved by:	bapt
MFC after:	1 day
Differential Revision:	https://reviews.freebsd.org/D11505
2017-07-06 12:19:15 +00:00
Alexander Motin
321728cef1 Report device descr in addition to ident.
Serial number without device model is somewhat less useful.

MFC after:	2 weeks
2017-07-06 09:05:38 +00:00
Enji Cooper
01df7d10a5 Remove SUBDIR ordering/uniquifying in *bin/Makefile
After the addition of SUBDIR.yes, uniquifying/ordering the SUBDIRs doesn't
make a whole lot of sense, and it's in effect a half measure.

Ordering SUBDIR (after adding SUBDIR.yes to it) in bsd.subdir.mk is a
separate change that warrants more discussion/testing, because while
the SUBDIR_PARALLEL work largely fixed dependency ordering for SUBDIRs,
there might be downstream FreeBSD consumers that rely on the SUBDIR
ordering.

MFC after:	2 months
Reviewed by:	bdrewery
Differential Revision:	D11398
2017-07-06 04:15:30 +00:00
Alexander Motin
1a01f934bf Add naive benchmark for SSDs in ZFS SLOG role.
ZFS SLOGs have very specific access pattern with many cache flushes,
which none of benchmarks I know can simulate.  Since SSD vendors rarely
specify cache flush time, this measurement can be useful to explain why
some ZFS pools are slower then expected.  This test writes data chunks
of different size followed by cache flush, alike to what ZFS SLOG does,
and measures average time.

To illustrate, here is result for 6 years old SATA Intel 710 Series SSD:

Synchronous random writes:
         0.5 kbytes:    138.3 usec/IO =      3.5 Mbytes/s
           1 kbytes:    137.7 usec/IO =      7.1 Mbytes/s
           2 kbytes:    151.1 usec/IO =     12.9 Mbytes/s
           4 kbytes:    158.2 usec/IO =     24.7 Mbytes/s
           8 kbytes:    175.6 usec/IO =     44.5 Mbytes/s
          16 kbytes:    210.1 usec/IO =     74.4 Mbytes/s
          32 kbytes:    274.2 usec/IO =    114.0 Mbytes/s
          64 kbytes:    416.5 usec/IO =    150.1 Mbytes/s
         128 kbytes:    776.6 usec/IO =    161.0 Mbytes/s
         256 kbytes:   1503.1 usec/IO =    166.3 Mbytes/s
         512 kbytes:   2968.7 usec/IO =    168.4 Mbytes/s
        1024 kbytes:   5866.8 usec/IO =    170.5 Mbytes/s
        2048 kbytes:  11696.6 usec/IO =    171.0 Mbytes/s
        4096 kbytes:  23329.6 usec/IO =    171.5 Mbytes/s
        8192 kbytes:  46779.5 usec/IO =    171.0 Mbytes/s

, and much newer and supposedly much faster NVMe Samsung 950 PRO SSD:

Synchronous random writes:
         0.5 kbytes:   2092.9 usec/IO =      0.2 Mbytes/s
           1 kbytes:   2013.1 usec/IO =      0.5 Mbytes/s
           2 kbytes:   2014.8 usec/IO =      1.0 Mbytes/s
           4 kbytes:   2090.7 usec/IO =      1.9 Mbytes/s
           8 kbytes:   2044.5 usec/IO =      3.8 Mbytes/s
          16 kbytes:   2084.8 usec/IO =      7.5 Mbytes/s
          32 kbytes:   2137.1 usec/IO =     14.6 Mbytes/s
          64 kbytes:   2173.4 usec/IO =     28.8 Mbytes/s
         128 kbytes:   2923.9 usec/IO =     42.8 Mbytes/s
         256 kbytes:   3085.3 usec/IO =     81.0 Mbytes/s
         512 kbytes:   3112.2 usec/IO =    160.7 Mbytes/s
        1024 kbytes:   2430.6 usec/IO =    411.4 Mbytes/s
        2048 kbytes:   3788.9 usec/IO =    527.9 Mbytes/s
        4096 kbytes:   6198.0 usec/IO =    645.4 Mbytes/s
        8192 kbytes:  10764.9 usec/IO =    743.2 Mbytes/s

While the first one obviously has maximal throughput limitations, the
second one has so high cache flush latency (about 2 millisecond), that
it makes one almost useless in SLOG role, despite of its good throughput
numbers.  Power loss protection is out of scope of this test, but I
suspect it can be related.

MFC after:	2 weeks
Sponsored by:	iXsystems, Inc.
2017-07-05 16:20:22 +00:00
Bartek Rutkowski
82ec242f2e Add option to bsdinstall to disable insecure console, update stack guard option
This patch adds new bsdinstall option to hardening section that allows users
to change this behaviour to secure one and updates stack guard option so it
would set the value of relevant sysctl to 512 (2MB)

Submitted by:	Bartek Rutkowski
Reviewed by:	adrian, bapt, emaste
Approved by:	bapt, emaste
MFC after:	1 day
Sponsored by:	Pixeware LTD
Differential Revision:	https://reviews.freebsd.org/D9700
2017-07-05 13:37:27 +00:00
Rick Macklem
2ced567240 Add a Bugs section that indicates that the nfsuserd doesn't work
when jails are being used on the system.
It is hoped that the patches in PR#205193 will someday get tested/debugged
so that they can be committed to fix this.

This is a content change.

PR:		205193
MFC after:	2 weeks
2017-07-04 22:20:30 +00:00
Allan Jude
1f3f7ac7ba Add deprecation notices for all rcmd tools
Submitted by:	bcr
Reviewed by:	emaste, bapt, jhl
MFC after:	immediate
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D11471
2017-07-04 15:44:30 +00:00
Allan Jude
875a1f776c diskinfo(8): correct typo in man page
Reported by:	N.J. Mann <njm@njm.me.uk>
2017-07-02 16:20:49 +00:00
Allan Jude
278a04f5c8 Add -s (serial) and -p (physpath) to diskinfo
Return the bare requested information, intended for scripting.

The serial number of a SAS/SCSI device can be returned with
'camcontrol inquiry disk -S', but there is no similar switch for SATA.

This provides a way to get this information from both SAS and SATA disks

the -s and -p flags are mutually exclusive, and cannot be used with any
other flags.

Reviewed by:	rpokala, wblock
MFC after:	1 month
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D7828
2017-07-01 21:34:57 +00:00
Baptiste Daroussin
d25c1ff64f Add libxo(3) support to sesutil(8)
This is useful to simplify parsing "sesutil map"

Submitted by:	nikita.kozlov@blade-group.com
MFC after:	3 weeks
Relnotes:	yes
Sponsored by:	blade
2017-06-29 18:52:36 +00:00
Steve Wills
d8061eff49 Add hardening menu item for security.bsd.see_jail_proc
Approved by:		allanjude
Differential Revision:	https://reviews.freebsd.org/D11283
2017-06-29 16:39:55 +00:00
Xin LI
97e832c1da Chase malloc() change by removing lg_chunk malloc_conf settings.
In jemalloc 5, there are no longer chunks, and as configured on
FreeBSD (the "retain" option defaults to false), the mmap()
requests are precisely sized for the specific needs, which means
the virtual memory overhead should be lower for small applications.

Reviewed by:	jasone, ian
Differential Revision:	https://reviews.freebsd.org/D11366
2017-06-28 04:19:54 +00:00
Ed Maste
0661ef2af2 makefs: add copies of NetBSD makefs msdos source files
We do not treat makefs as contrib code.  Import copies of makefs msdos
files from NetBSD so that we can track our changes to these files.

These are copied from NetBSD, with only a change to use __FBSDID and
$FreeBSD$ instead of __KERNEL_RCSID and $NetBSD$.  A copy of the
original $NetBSD$ tag remains in each source file.

These two files were missed in r320212.  Also remove a stray blank line
added in msdosfs_vfsops.c.

Submitted by:	Siva Mahadevan
Sponsored by:	The FreeBSD Foundation
2017-06-23 18:58:28 +00:00
Baptiste Daroussin
4d17a48343 sesutil no longer depends on libsbuf
Sponsored by:	Gandi.net
2017-06-23 15:27:23 +00:00
Baptiste Daroussin
20a957e37a Directly print the extra status instead of filling a buffer
then printing it.

This prepares the code to make it libxo friendly

Reviewed by:	manu, Nikita Kozlov (nikita elyzion.net)
MFC after:	2 weeks
Sponsored by:	Gandi.net
2017-06-23 15:09:08 +00:00
Baptiste Daroussin
b556669269 Do not use sprintf(3) when not needed, while here,
prefer snprintf(3) over sprintf(3)
2017-06-23 13:26:13 +00:00
Ed Maste
237d1b14f2 makefs: add copies of NetBSD makefs msdos source files
We do not treat makefs as contrib code.  Import copies of makefs msdos
files from NetBSD so that we can track our changes to these files.

These are copied from NetBSD, with only a change to use __FBSDID and
$FreeBSD$ instead of __KERNEL_RCSID and $NetBSD$.  A copy of the
original $NetBSD$ tag remains in each source file.

Submitted by:	Siva Mahadevan
Sponsored by:	The FreeBSD Foundation
2017-06-22 02:46:36 +00:00
Andriy Gapon
6589ee29df bhyveload: correctly query size of disks
On FreeBSD fstat(2) works fine for querying sizes of plain files,
but not so much for character devices.
So, use DIOCGMEDIASIZE to try to get the correct size for disks
and disk-like devices (e.g. zvols).

PR:		220186
Reviewed by:	tsoome, grehan
MFC after:	1 week
2017-06-21 18:19:27 +00:00
Xin LI
8a3cd533f1 Reduce code duplication in rpc.lockd.
Reuse create_service code instead of duplicating it in
lookup_addresses for kernel NLM.

As a (good) side effect this also fixed a few issues that were
already fixed in the former but never applied to the latter.

Reviewed by:	kevlo
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D11259
2017-06-21 06:34:06 +00:00
Alan Somers
6bd94a4679 Fix usr.sbin/makefs/makefs_ffs_tests when /etc/fstab does not exist
dumpfs prints a harmless warning message (via ufs_disk_fillout(3) and
getfsfile(3)), when /etc/fstab does not exist.  We can ignore it.

PR:		220165
Reported by:	gjb
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
2017-06-20 19:00:55 +00:00
Andriy Gapon
d6609e6a12 fstyp: move sys/ include path after zfs include paths
The reason is that FreeBSD refcount.h shadows ZFS refcount.h and that
will lead to a build error after a planned import of the ARC buf data
scatter-ization.
It's possible that some day we will have an opposite problem where
a ZFS header would shadow an essential FreeBSD header.
So, we need to think about a better long term solution.

Discussed with:	allanjude
MFC after:	17 days
2017-06-20 16:45:48 +00:00
Steven Hartland
98b9d3847d Fixed bsdinstall location of vfs.zfs.min_auto_ashift
vfs.zfs.min_auto_ashift is a sysctl only not a tunable so updated bsdinstall
to use the correct location /etc/sysctl.conf instead of /boot/loader.conf

Reported by:	Aaron Caza
Reviewed by:	allanjude
MFC after:	2 days
Sponsored by:	Multiplay
Differential Revision:	https://reviews.freebsd.org/D11278
2017-06-20 08:03:50 +00:00
Enji Cooper
84c8bb4fbc periodic(8): delete trailing whitespace
MFC after:	1 month
2017-06-20 06:20:09 +00:00
Bryan Drewery
c99b67a794 Utilize SYSROOT from r320119 in places where DESTDIR may be wanting WORLDTMP.
Since buildenv exports SYSROOT all of these uses will now look in
WORLDTMP by default.

sys/boot/efi/loader/Makefile
        A LIBSTAND hack is no longer required for buildenv.

MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
2017-06-19 20:47:24 +00:00
Xin LI
df9abd97ac Check return value of seteuid() and bail out if we fail.
MFC after:	2 weeks
2017-06-19 07:02:52 +00:00
Sean Bruno
4c26331158 Quiesce clang warning while building lpc.
usr.sbin/lpr/lpc/lpc.c
  Warning
    passing 'char *[20]' to parameter of type 'const char **' discards
    qualifiers in nested pointer types
    [-Wincompatible-pointer-types-discards-qualifiers]
  Fix:
     Explicitly cast the variable "margv" to const char ** only for it's
     use as a parameter to suppress the error

Submitted by:	Aaron Prieger <aprieger@llnw.com>
Sponsored by:	Limelight Networks
Differential Revision:	https://reviews.freebsd.org/D11019
2017-06-16 20:00:39 +00:00
Ed Maste
c0fcb86aee bsdinstall: correct comment after r320007
Submitted by:	vangyzen
2017-06-16 19:26:33 +00:00
Ed Maste
4ca43ae5f2 bsdinstall: use consistent EFI configuration across platforms
- increase arm64 EFI partition to 200M, as x86
- use EFI_BOOTPART_SIZE and EFI_BOOTPART_PATH macros on x86
- increase ZFS EFI partition to 200M

PR:		201898
Reviewed by:	allanjude, manu
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D11239
2017-06-16 18:58:48 +00:00
Marcelo Araujo
daaa9bf1df Check if pthread_create(3) successfully created the thread prior to call
pthread_join(3). The variable tid is not yet initialized in case
the authentication fails at early stage, that would lead pthread_join be
called with an uninitialized variable.

CID:		1375950
Reported by:	Coverity, cem
Reviewed by:	cem
MFC after:	3 weeks.
Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D11150
2017-06-16 01:26:01 +00:00
Marcelo Araujo
bd4862e596 Use nitems() from sys/param.h.
MFC after:	4 weeks.
2017-06-15 06:48:36 +00:00
Marcelo Araujo
d42456e128 Use nitems() from sys/param.h.
MFC after:	4 weeks.
2017-06-15 06:46:40 +00:00
Marcelo Araujo
426729f77f Initialize variables and use byteorder(9) instead of aliasing char array
buf via uint32_t pointer.

CID:		1375949
Reported by:	Coverity, cem
Reviewed by:	cem
MFC after:	3 weeks
Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D11153
2017-06-15 06:21:01 +00:00
Glen Barber
1a20115c11 Modernize FreeBSD version numbers in freebsd-update(8).
While here, expand a contraction to make textproc/igor happy.

MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2017-06-14 18:34:22 +00:00