Commit Graph

228220 Commits

Author SHA1 Message Date
Eitan Adler
fbc88a6f35 sponge(1): revert
I did a complete buildworld and test... with the program disconnected
from the tree. Revert the change for now.

(this keeps the change to .arclint which is still correct)

Wearing:	my pointhat
2017-12-06 02:47:46 +00:00
Ed Maste
0bff6a5af8 Update tcpdump to 4.9.2
It contains many fixes, including bounds checking, buffer overflows (in
SLIP and bittok2str_internal), buffer over-reads, and infinite loops.

One other notable change:
  Do not use getprotobynumber() for protocol name resolution.
  Do not do any protocol name resolution if -n is specified.

Submitted by:	gordon
Reviewed by:	delphij, emaste, glebius
MFC after:	1 week
Relnotes:	Yes
Security:	CVE-2017-11108, CVE-2017-11541, CVE-2017-11542
Security:	CVE-2017-11543, CVE-2017-12893, CVE-2017-12894
Security:	CVE-2017-12895, CVE-2017-12896, CVE-2017-12897
Security:	CVE-2017-12898, CVE-2017-12899, CVE-2017-12900
Security:	CVE-2017-12901, CVE-2017-12902, CVE-2017-12985
Security:	CVE-2017-12986, CVE-2017-12987, CVE-2017-12988
Security:	CVE-2017-12989, CVE-2017-12990, CVE-2017-12991
Security:	CVE-2017-12992, CVE-2017-12993, CVE-2017-12994
Security:	CVE-2017-12995, CVE-2017-12996, CVE-2017-12997
Security:	CVE-2017-12998, CVE-2017-12999, CVE-2017-13000
Security:	CVE-2017-13001, CVE-2017-13002, CVE-2017-13003
Security:	CVE-2017-13004, CVE-2017-13005, CVE-2017-13006
Security:	CVE-2017-13007, CVE-2017-13008, CVE-2017-13009
Security:	CVE-2017-13010, CVE-2017-13011, CVE-2017-13012
Security:	CVE-2017-13013, CVE-2017-13014, CVE-2017-13015
Security:	CVE-2017-13016, CVE-2017-13017, CVE-2017-13018
Security:	CVE-2017-13019, CVE-2017-13020, CVE-2017-13021
Security:	CVE-2017-13022, CVE-2017-13023, CVE-2017-13024
Security:	CVE-2017-13025, CVE-2017-13026, CVE-2017-13027
Security:	CVE-2017-13028, CVE-2017-13029, CVE-2017-13030
Security:	CVE-2017-13031, CVE-2017-13032, CVE-2017-13033
Security:	CVE-2017-13034, CVE-2017-13035, CVE-2017-13036
Security:	CVE-2017-13037, CVE-2017-13038, CVE-2017-13039
Security:	CVE-2017-13040, CVE-2017-13041, CVE-2017-13042
Security:	CVE-2017-13043, CVE-2017-13044, CVE-2017-13045
Security:	CVE-2017-13046, CVE-2017-13047, CVE-2017-13048
Security:	CVE-2017-13049, CVE-2017-13050, CVE-2017-13051
Security:	CVE-2017-13052, CVE-2017-13053, CVE-2017-13054
Security:	CVE-2017-13055, CVE-2017-13687, CVE-2017-13688
Security:	CVE-2017-13689, CVE-2017-13690, CVE-2017-13725
Differential Revision:	https://reviews.freebsd.org/D12404
2017-12-06 02:21:11 +00:00
Justin Hibbits
823cdec7bb Allow custom overrides of mmap attribute for VT framebuffer
Summary:
As in /dev/fb, allow the framebuffer driver to override the default memattr for
mmap(2).  This is analogous to the change in 306555.

Reviewed By: ray
Differential Revision: https://reviews.freebsd.org/D13331
2017-12-06 02:06:14 +00:00
Justin Hibbits
97d24081da Use unsigned intptr_t type for framebuffer addresses
Summary:
Some architectures (powerpc Book-E) have a vm_paddr_t larger than intptr_t.
Casting from the intptr_t to vm_paddr_t causes sign extension, leading to a
potentially invalid address.

This was seen when running X on a PowerPC P1022 machine, which mapped the
backing framebuffer at 0xc1800000.  When mmap()d by X, this yielded an invalid
address of 0xffffffffc1800000, or, as the hardware would see it, 0xfc1800000.

Reviewed By: ray
Differential Revision: https://reviews.freebsd.org/D13332
2017-12-06 02:05:21 +00:00
Warner Losh
e294a1269f Fix random() prototype to match the system.
Sponsored by: Netflix
2017-12-06 02:00:09 +00:00
Warner Losh
e8e6a5f920 Make putenv and getenv match the userland definition of these
functions, tweak man page and one variable that shouldn't be const
anymore.

Sponsored by: Netflix
2017-12-06 02:00:00 +00:00
Gleb Smirnoff
db357f584a Fix file missed in r326607. 2017-12-06 00:44:49 +00:00
Gleb Smirnoff
135beaf60e Reduce pollution via tmpfs.h. 2017-12-06 00:42:08 +00:00
Warner Losh
553484ae07 Remove unused 4th argument to match the standard error routines.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D13386
2017-12-06 00:29:50 +00:00
Warner Losh
d2f3208dda Add NVME as a known device type for devstat processing.
Also, reduce the amount of cut and pasted code a little since only two
args are different in the devstat_end_transaction calls.

Sponsored by: Netflix
2017-12-06 00:29:43 +00:00
Jilles Tjoelker
965f7130a9 mdoc(7): Update .Dd for previous commit 2017-12-05 23:06:15 +00:00
Warner Losh
b836edd8b8 Remove stray cam_periph_async call. It's called twice this way. While
currently harmless for AC_UNIT_ATTENTION event (cam_periph_async does
nothing with them), it's still in error because if it were to start in
the future, it would be done twice.

Sponsored by: Netflix
2017-12-05 23:02:31 +00:00
Jilles Tjoelker
6c144446e9 mdocml: Add IEEE Std 1003.1-2008, 2016 edition
Also document IEEE Std 1003.1-2008, 2013 edition in mdoc(7) (as well as the
2016 edition).

Submitted by:	Yuri Pankov
Reviewed by:	bjk
Differential Revision:	https://reviews.freebsd.org/D13349
2017-12-05 23:00:41 +00:00
Warner Losh
c87d5a5826 Since this is contrib code, create an upstreamable version of my
change. Now on FreeBSD and NetBSD if _STANDALONE is defined, we
include the kernel version with alloances for the quirky differences
between the two.

Sponsored by: Netflix
2017-12-05 22:24:20 +00:00
Ed Maste
e1734edf76 Implement "vidcontrol -h <history_size>" for vt(4)
PR:		210415
Submitted by:	Siva Mahadevan
Reviewed by:	ray (earlier)
MFC after:	1 month
Relnotes:	yes
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D11814
2017-12-05 22:19:59 +00:00
Kyle Evans
35fbacb461 dtb/allwinner: Restore a83t/BananaPi-M3 DTS after r342822
sinovoip-bpi-m3.dts was disconnected from the build in r324822. Since then,
a CCU driver has been added and several other changes have been made to
make us compatible with upstream DTS for this board.

Add links for older DTB that might be used: our u-boot port was expecting
sinovoip-bpi-m3.dtb up until ports r455629, and our u-boot will not be
switching to the upstream name (sun8i-a83t-bananapi-m3) quite yet.

Discussed with:	manu
2017-12-05 22:05:10 +00:00
Ed Maste
7fe94db265 vnic: apply hardware L3 checksum only for IPv4
Previously we set the csum_l3 flag for IPv4 and IPv6, but only IPv4
should have header checksumming applied.

Prompted by Linux commit fa6d7cb5d76cf0467c61420fc9238045aedfd379.

Reviewed by:	bz
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D13366
2017-12-05 22:02:46 +00:00
Ed Maste
3670d4c79a Makefile.inc1: map mips MACHINE_/TARGET_ARCH to triples
This helps Clang MIPS builds.

Reviewed by:	bdrewery, jhb (earlier version)
Differential Revision:	https://reviews.freebsd.org/D12171
2017-12-05 21:42:09 +00:00
Kyle Evans
4c7626db9f a10_gpio: Don't do read/set dance if pin is already configured for output
This fixes some regulator issues with a83t/BananaPi-M3; the pin value was
getting clobbered as we reconfigured the pin when initializing the
regulator.

Discussed with:	ian
2017-12-05 21:40:52 +00:00
Warner Losh
09d8a81a0c Now that we offer a semi-sane standards-ish set of #include files in
the stand environment that's safe to use (and insulated from whatever
build env you might normally have), stop hacking the bzlib and zlib
sources with sed. There's no longer any need.

Sponsored by: Netflix
2017-12-05 21:38:24 +00:00
Warner Losh
05f37f4d86 Stop building with the standard system headers.
Building with the standard system headers isn't a perfect match to the
stand environment. Instead, copy over the files we know are safe to
use and constrain what else is used. We use -nostdinc to achieve this.

This also fixes issues with building 32-bit libraries on amd64
sometimes pulling in the wrong cpufunc.h giving an error now that we
stop on errors. It will also enable an easier transition to lua boot.

Sponsored by: Netflix
2017-12-05 21:38:19 +00:00
Warner Losh
253d60eecc Don't inherit CFLAGS. This a specialized test program, and can be
built with mostly default flags. Do so in anticipation of the rest of
stand not building with system headers.

Sponsored by: Netflix
2017-12-05 21:38:14 +00:00
Warner Losh
52634ec581 This isn't NetBSD specific code. Include these for any kernel /
standalone use. Tweak for FreeBSD's quirky limits.h stuff.

Sponsored by: Netflix
2017-12-05 21:38:10 +00:00
Warner Losh
f38658e140 Prefer stdint.h to inttypes.h since the added prototypes form the
latter aren't used. Prefer sys/link_elf.h to link.h so we're only
dependent on the kernel tree. The default installation of link.h just
includes this file, and any benefit from that is outweighed by the
hassle it causes. This reduces the footprint of files needed from the
system includes (or sysroot in buildworld).

Sponsored by: Netflix
2017-12-05 21:38:04 +00:00
Warner Losh
6fd96c93c1 Make sure we include the right path for skein.h, as well only include
the ZFS flags for zfs_modules.c. This keeps us from pulling from the
system or sysroot during buildworld.
2017-12-05 21:37:59 +00:00
Warner Losh
92a2b8900e Need to include skein in the include path so we don't get this from
the "system" headers (though in buildworld, it's from the recently
built sysroot).

Sponsored by: Netflix
2017-12-05 21:37:55 +00:00
Warner Losh
b3e16b02b6 Use the kernel relative paths, rather than the userland relative paths
for the iso9660 header files.

Sponsored by: Netflix
2017-12-05 21:37:50 +00:00
Warner Losh
939971a289 No need to include the userland md5.h, the kernel one is just fine.
Sponsored by: Netflix
2017-12-05 21:37:45 +00:00
Warner Losh
a4b9cb3abd Include ficl.h before anything else and avoid including anything at
all if we're not building float.

Sponsored by: Netflix
2017-12-05 21:37:41 +00:00
Warner Losh
700b6f8e23 When building standalone, include stand.h rather than the kernel
includes or the userland includes.

Sponsored by: Netflix
2017-12-05 21:37:32 +00:00
Bryan Drewery
9b43e3da5e native-xtools: Ensure GCC files are cleaned up.
Because we force enable MK_GCC when building we need to also force
enable it for the cleaning phase.  Otherwise the NXB_TARGET files
are found in the next build's kernel-toolchain phase and cause
an error.

Reported by:	sbruno
X-MFC-With:	r325001
MFC after:	1 month
Sponsored by:	Dell EMC
2017-12-05 21:36:08 +00:00
Bryan Drewery
154733e844 Deal with bmake-20170301 no longer resolving -C like it used to.
Several checks assume .CURDIR is resolved, such as for determining RELDIR from
SRCTOP/.CURDIR.  If -C is used then the path is no longer resolved like it was
before which is problematic for symlinked source trees.  A similar change was
also made to ports post bmake-20170301.

This fixes 'make -C <symlinked path> buildworld' using the wrong OBJDIR.

Reported by:	rstone
Sponsored by:	Dell EMC
2017-12-05 21:30:22 +00:00
Bryan Drewery
302bf4c180 Handle writable-but-not-a-directory cases for writable OBJDIR check.
Sponsored by:	Dell EMC
2017-12-05 21:30:17 +00:00
Bryan Drewery
e22224a5c2 AUTO_OBJ: For all top-level targets enforce using an OBJDIR.
This will cause an error if the wanted OBJDIR is not writable.  Previously it
would cause the files to generate to the source tree.  This was too obscure and
things like buildworld really expect a proper OBJDIR layout.

Sponsored by:	Dell EMC
2017-12-05 21:29:47 +00:00
Emmanuel Vadot
34b8ef3d77 Allwinner H5: Enhance support
Add proper gpio and clock support
2017-12-05 21:21:23 +00:00
Stephen Hurd
d14c853ba3 iflib: Support to padding Ethernet frames to a min size
Some bnxt devices do not correctly send frames smaller than
52 bytes (without CRC), so add a quirk that will pad frames to an
arbitrary size before passing off to the encap routine.

Reported by:	Bhargava Chenna Marreddy <bhargava.marreddy@broadcom.com>
Sponsored by:	Limelight Networks
Differential Revision:	https://reviews.freebsd.org/D13269
2017-12-05 21:00:31 +00:00
Stephen Hurd
fe1bcada9b Avoid calling CURVNET_[SET|RESTORE] for each packet
The LRO possible test was calling CURVNET_SET once for IPv4 or IPv6 for
each packet in a chain. Only call it once per chain instead.

Submitted by:	Matthew Macy <mmacy@mattmacy.io>
Reviewed by:	cem, ae
Sponsored by:	Limelight Networks
Differential Revision:	https://reviews.freebsd.org/D13368
2017-12-05 20:43:24 +00:00
Ed Maste
19164ee6cd use @@@ instead of @@ in __sym_default
Using
    .symver foo,foo@@VER
causes foo and foo@@VER to be output to the .o file. This requires foo
to be weak since the linker handles foo@@VER as foo.

Using
    .symver foo,foo@@@VER
causes just foo@@ver to be output and avoid the need for making foo
weak. It also reduces the constraint on how exactly a linker has to
handle foo and foo@@VER being present.

Submitted by:	Rafael Espíndola
Reviewed by:	dim, kib
Differential Revision:	https://reviews.freebsd.org/D11653
2017-12-05 20:19:13 +00:00
Cy Schubert
ca94a1c6ca Fix build after r326554; reconnect sponge to build again. 2017-12-05 20:06:53 +00:00
Gleb Smirnoff
65547fb33d Generate fully RFC3164 compliant messages, with timestamp and hostname.
Allow to set hostname to any string with -H.

MFC after:	2 months
2017-12-05 19:55:53 +00:00
Gleb Smirnoff
50387adce2 When parsing remote messages, require them to have standard timestamp
field, and support properly parse out the hostname as described by RFC3164,
which wasn't done before.  However, don't discard message if it doesn't
have hostname, for compatibility.

Enable logging of the message supplied hostname instead of real hostname
with -H switch.

PR:		200933
Reported by:	Konstantin Pavlov <thresh nginx.com>
MFC after:	2 months
2017-12-05 19:54:55 +00:00
Conrad Meyer
08f16d0c01 ioat(4): Add Skylake Xeon PCI-ID
SKX IOAT is just another 3.2 version of the CBDMA engine.

Submitted by:	Deepak Veliath <deepak.veliath AT isilon.com>
Sponsored by:	Dell EMC Isilon
2017-12-05 18:48:58 +00:00
Eric Joyner
b0f3e715fa ifconfig(8): Display extended compliance code string for SFP transceivers
- Updates tables in affected files with new entries from newer spec
revisions of SFF-8472, SFF-8024, and SFF-8636

- Change ifconfig to read and display the extended compliance code for
SFP media if the extended compliance code is not 0. This was being displayed
for QSFP transceivers only, but SFP28 media uses this to report 25G
capability.

Reviewed by:	melifaro, sbruno
Sponsored by:	Intel Corporation
Differential Revision:	https://reviews.freebsd.org/D13286
2017-12-05 18:42:07 +00:00
Dimitry Andric
8b9fd94981 For now, disconnect usr.bin/sponge from the build, to unbreak world
after r326557.

Noticed by:	many
Pointy hat to:	eadler
2017-12-05 18:26:34 +00:00
Bryan Drewery
488adf43d4 Fix cyclic dependency after r326552.
The OBJS_DEPEND_GUESS mechanism was making vmx_genassym.o depend
on all headers along with vmx_assym.h, though vmx_assym.h depends
on having vmx_genassym.o present to generate.  Moving the headers
to DPSRCS is enough to resolve the issue as they will no longer
be implicit dependencies for all objects.  Because of this we
need explicit OBJS_DEPEND_GUESS entries to ensure the headers
are generated when needed for the *_support.o files that need
them.

X-MFC-With:	r326552
MFC after:	2 weeks
Sponsored by:	Dell EMC
2017-12-05 17:23:33 +00:00
Andriy Gapon
6e1c5d187c ddb: fix validation of cpu id in 'set db_cpu=x'
MFC after:	1 week
2017-12-05 14:22:08 +00:00
Cy Schubert
d1755e2845 Fix cut & paste error from r326558.
Reported by:	ed
MFC after:	1 week
X-MFC with:	r326558
Pointy hat to:	cy
2017-12-05 13:41:21 +00:00
Colin Percival
4a93691064 Make EC2 instances use Amazon's NTP service for time synchronization.
Since Amazon provides NTP servers within their network, this should
be far superior to using the default NTP pools; and since the service
is provided by Amazon there's very little risk in enabling it by
default.  (If someone is able to compromise Amazon's NTP servers and
exploit them to attack EC2 instances, they would almost certainly be
able to compromise EC2 instances even without ntpd running...)

MFC after:	1 week
Relnotes:	EC2 instances now keep their clocks synchronized using
		the Amazon Time Sync Service (aka. NTP).
2017-12-05 09:22:14 +00:00
Colin Percival
4ba35bc4db Resurrect r321659: Turn off ChallengeResponseAuthentication for EC2 AMIs.
EC2 instances are normally launched with an SSH public key specified,
which is then used for logging in (by default, as 'ec2-user').  Having
ChallengeResponseAuthentication enabled (as FreeBSD's default sshd_config
does) has no functional effect in a new EC2 instance, since you can't log
in using a password until a password has been set -- but having this
enabled results in alerts from automated scanning tools which can detect
that sshd advertises support for keyboard-interactive logins (since they
can't detect that accounts have no password set).

EC2 users who want to use passwords to log in to their instances will need
to set 'ChallengeResponseAuthentication yes' in FreeBSD 12.0 and later.

Discussed with:	gjb, gtetlow, emaste, des
Requested by:	Amazon
X-MFC:		No
Relnotes:	ChallengeResponseAuthentication is turned off by default in
		Amazon EC2 AMIs.
2017-12-05 09:08:48 +00:00
Hans Petter Selasky
be28698cf2 Correctly prefix the infiniband include directory for buildworld. This fixes
the OFED buildworld target, WITH_OFED=YES, when the include files are not
already installed locally, but only in the temporary object directory.

Found by:	kib
Sponsored by:	Mellanox Technologies
2017-12-05 08:25:17 +00:00