13 hours agoHandle +:*:: the same way we handle +::: when checking group file master github/master
bapt [Sat, 1 Aug 2015 08:39:55 +0000 (08:39 +0000)]
Handle +:*:: the same way we handle +::: when checking group file

The first is what the documentation recommands for NIS client

13 hours agoUse strtoumax instead of strtoul
bapt [Sat, 1 Aug 2015 08:35:20 +0000 (08:35 +0000)]
Use strtoumax instead of strtoul

14 hours agoAllow CloudABI processes to create shared memory objects.
ed [Sat, 1 Aug 2015 07:51:48 +0000 (07:51 +0000)]
Allow CloudABI processes to create shared memory objects.

Use the newly created `kern_shm_open()` function to create objects with
just the rights that are actually needed.

Reviewers: jhb, kib

Subscribers: imp

Differential Revision:

15 hours agoAdd kern_shm_open().
ed [Sat, 1 Aug 2015 07:21:14 +0000 (07:21 +0000)]
Add kern_shm_open().

This allows you to specify the capabilities that the new file descriptor
should have. This allows us to create shared memory objects that only
have the rights we're interested in.

The idea behind restricting the rights is that it makes it a lot easier
for CloudABI to get consistent behaviour across different operating
systems. We only need to make sure that a shared memory implementation
consistently implements the operations that are whitelisted.

Approved by: kib
Obtained from:

20 hours agoBuffer overflow in wall(1).
pfg [Sat, 1 Aug 2015 01:29:55 +0000 (01:29 +0000)]
Buffer overflow in wall(1).

Revert r286102 and apply a cleaner fix.
Tested for overflows by FORTIFY_SOURCE GSoC (with clang).

Suggested by: bde
Reviewed by: Oliver Pinter
Tested by: Oliver Pinter
MFC after: 3 days

22 hours agoAdd support for keys that include 4 byte SALT values,
gnn [Fri, 31 Jul 2015 23:40:18 +0000 (23:40 +0000)]
Add support for keys that include 4 byte SALT values,
including GCM and ICM/CTR modes for AES.

Reviewed by: jmg
MFC after: 1 week
Sponsored by: Rubicon Communications (Netgate)

24 hours agoRemove two unnecessary sleeps from the hot path in bpf(4).
loos [Fri, 31 Jul 2015 21:43:27 +0000 (21:43 +0000)]
Remove two unnecessary sleeps from the hot path in bpf(4).

The first one never triggers because bpf_canfreebuf() can only be true for
zero-copy buffers and zero-copy buffers are not read with read(2).

The second also never triggers, because we check the free buffer before
calling ROTATE_BUFFERS().  If the hold buffer is in use the free buffer
will be NULL and there is nothing else to do besides drop the packet.  If
the free buffer isn't NULL the hold buffer _is_ free and it is safe to
rotate the buffers.

Update the comment in ROTATE_BUFFERS macro to match the logic described

While here fix a few typos in comments.

MFC after: 2 weeks
Sponsored by: Rubicon Communications (Netgate)

25 hours agoRemove the sleep from the buffer allocation routine.
loos [Fri, 31 Jul 2015 20:25:54 +0000 (20:25 +0000)]
Remove the sleep from the buffer allocation routine.

The buffer must be allocated (or even changed) before the interface is set
and thus, there is no need to verify if the buffer is in use.

MFC after: 2 weeks
Sponsored by: Rubicon Communications (Netgate)

26 hours agoDo not allocate the buffers at opening of the descriptor, because once
loos [Fri, 31 Jul 2015 20:02:12 +0000 (20:02 +0000)]
Do not allocate the buffers at opening of the descriptor, because once
the buffer is allocated we are committed to a particular buffer method
(BPF_BUFMODE_BUFFER in this case).

If we are using zero-copy buffers, the userland program must register its
buffers before set the interface.

If we are using kernel memory buffers, we can allocate the buffer at the
time that the interface is being set.

This fix allows the usage of BIOCSETBUFMODE after r235746.

Update the comments to reflect the recent changes.

MFC after: 2 weeks
Sponsored by: Rubicon Communications (Netgate)

28 hours agoSummary: Remove unsupported 3des-deriv encryption algorithm from documentation.
gnn [Fri, 31 Jul 2015 17:41:53 +0000 (17:41 +0000)]
Summary: Remove unsupported 3des-deriv encryption algorithm from documentation.

29 hours agoUse standard 'THE AUTHOR' license text
emaste [Fri, 31 Jul 2015 16:45:42 +0000 (16:45 +0000)]
Use standard 'THE AUTHOR' license text

Approved by: jmg

30 hours agoTry to put the CPU into a low power state if we failed to otherwise halt
andrew [Fri, 31 Jul 2015 15:54:34 +0000 (15:54 +0000)]
Try to put the CPU into a low power state if we failed to otherwise halt
the system.

Obtained from: ABT Systems Ltd
Sponsored by: The FreeBSD Foundation

30 hours agoLoad the stack in stack_save and stack_save_td. This uses the generalised
andrew [Fri, 31 Jul 2015 15:32:32 +0000 (15:32 +0000)]
Load the stack in stack_save and stack_save_td. This uses the generalised
unwind_frame function to read each stack frame until either the pc or stack
are no longer withing the kernel's address space.

Obtained from: ABT Systems Ltd
Sponsored by: The FreeBSD Foundation

30 hours agoPull pmspcv (pms(4)) from GENERIC. It has PCI ID conflicts
gjb [Fri, 31 Jul 2015 15:23:48 +0000 (15:23 +0000)]
Pull pmspcv (pms(4)) from GENERIC.  It has PCI ID conflicts
with ahd(4), mvs(4), and likely other drivers.

MFC after: immediately
With hat: re
Sponsored by: The FreeBSD Foundation

32 hours agoAdd support for uma_small_alloc and uma_small_free, and make use of these.
andrew [Fri, 31 Jul 2015 14:17:26 +0000 (14:17 +0000)]
Add support for uma_small_alloc and uma_small_free, and make use of these.
This is copied from the amd64 version with minor changes. These should be
merged into a single file as from a quick look there are other copies of
the same file in other parts of the tree.

Obtained from: ABT Systems Ltd
Sponsored by: The FreeBSD Foundation

32 hours agoAdd memrw. This has had minimal testing, and will likely panic the kernel
andrew [Fri, 31 Jul 2015 13:39:51 +0000 (13:39 +0000)]
Add memrw. This has had minimal testing, and will likely panic the kernel
when trying to read data from outside the DMAP region. I expect this panic
to be from within uiomove_fromphys, which needs to grow support to support
such addresses.

Obtained from: ABT Systems Ltd
Sponsored by: The FreeBSD Foundation

32 hours agoAdd more atomic_swap_* functions.
andrew [Fri, 31 Jul 2015 13:34:43 +0000 (13:34 +0000)]
Add more atomic_swap_* functions.

Obtained from: ABT Systems Ltd
Sponsored by: The FreeBSD Foundation

32 hours agoAdd VIRT_IN_DMAP to check if a virtual address is from the DMAP range.
andrew [Fri, 31 Jul 2015 13:32:25 +0000 (13:32 +0000)]
Add VIRT_IN_DMAP to check if a virtual address is from the DMAP range.

Obtained from: ABT Systems Ltd
Sponsored by: The FreeBSD Foundation

33 hours agoAdd ELF Tool Chain's brandelf(1) to contrib
emaste [Fri, 31 Jul 2015 12:37:40 +0000 (12:37 +0000)]
Add ELF Tool Chain's brandelf(1) to contrib

Noticed by pfg after r286070 (ar and elfdump)

35 hours agoFix accidental line wrapping introduced in r286122.
ed [Fri, 31 Jul 2015 10:46:45 +0000 (10:46 +0000)]
Fix accidental line wrapping introduced in r286122.

35 hours agoLimit rights on process descriptors.
ed [Fri, 31 Jul 2015 10:21:58 +0000 (10:21 +0000)]
Limit rights on process descriptors.

On CloudABI, the rights bits returned by cap_rights_get() match up with
the operations that you can actually perform on the file descriptor.

Limiting the rights is good, because it makes it easier to get uniform
behaviour across different operating systems. If process descriptors on
FreeBSD would suddenly gain support for any new file operation, this
wouldn't become exposed to CloudABI processes without first extending
the rights.

Extend fork1() to gain a 'struct filecaps' argument that allows you to
construct process descriptors with custom rights. Use this in
cloudabi_sys_proc_fork() to limit the rights to just fstat() and

Obtained from:

36 hours agoApply erratum for mrs ICC_IAR1_EL1 speculative execution on ThunderX
zbb [Fri, 31 Jul 2015 10:00:45 +0000 (10:00 +0000)]
Apply erratum for mrs ICC_IAR1_EL1 speculative execution on ThunderX

ERRATUM:     22978, 23154
PASS (rev.): 1.0/1.1

Reviewed by:   imp
Obtained from: Semihalf
Sponsored by:  The FreeBSD Foundation
Differential Revision:

37 hours agoLimit the number of times we loop inside the DWC OTG poll handler to
hselasky [Fri, 31 Jul 2015 09:12:31 +0000 (09:12 +0000)]
Limit the number of times we loop inside the DWC OTG poll handler to
avoid starving other fast interrupts. Fix a comment while at it.

MFC after: 1 week
Suggested by: Svatopluk Kraus <>

37 hours agoAnsify if_stf.c
ae [Fri, 31 Jul 2015 09:04:22 +0000 (09:04 +0000)]
Ansify if_stf.c

37 hours agoRemove unneded #include "opt_inet.h".
ae [Fri, 31 Jul 2015 09:02:28 +0000 (09:02 +0000)]
Remove unneded #include "opt_inet.h".

37 hours agoDocument the existence of cloudabi_load and cloudabi64_load.
ed [Fri, 31 Jul 2015 08:45:35 +0000 (08:45 +0000)]
Document the existence of cloudabi_load and cloudabi64_load.

38 hours agotemporarily fix build.. This isn't the final fix, and testing is
jmg [Fri, 31 Jul 2015 07:48:08 +0000 (07:48 +0000)]
temporarily fix build..  This isn't the final fix, and testing is
still on going, but it has passed world for mips and powerpc...

I know this has an extra semicolon, but this is the patch that is

Looks like better fix is to use _Static_assert...

41 hours agocxgbe(4): initialize debug_flags from the kernel environment.
np [Fri, 31 Jul 2015 04:50:47 +0000 (04:50 +0000)]
cxgbe(4): initialize debug_flags from the kernel environment.

MFC after: 3 days

42 hours agovn_io_fault() handling of the LOR for i/o into the file-backed buffers
kib [Fri, 31 Jul 2015 04:12:51 +0000 (04:12 +0000)]
vn_io_fault() handling of the LOR for i/o into the file-backed buffers
has observable overhead when the buffer pages are not resident or not
mapped.  The overhead comes at least from two factors, one is the
additional work needed to detect the situation, prepare and execute
the rollbacks.  Another is the consequence of the i/o splitting into
the batches of the held pages, causing filesystems see series of the
smaller i/o requests instead of the single large request.

Note that expected case of the resident i/o buffer does not expose
these issues.  Provide a prefaulting for the userspace i/o buffers,
disabled by default.  I am careful of not enabling prefaulting by
default for now, since it would be detrimental for the applications
which speculatively pass extra-large buffers of anonymous memory to
not deal with buffer sizing (if such apps exist).

Found and tested by: bde, emaste
Sponsored by: The FreeBSD Foundation
MFC after: 1 week

42 hours agoThe implementation note isn't true anymore..
jmg [Fri, 31 Jul 2015 03:28:02 +0000 (03:28 +0000)]
The implementation note isn't true anymore..

Not that anyone reads it, but those that do, remind them that this
isn't usable in userland...  I can't wait till this doc is wrong..

45 hours agoBuffer overflow in wall(1).
pfg [Fri, 31 Jul 2015 01:12:31 +0000 (01:12 +0000)]
Buffer overflow in wall(1).

This affected syslogd, wall and talkd.
Detected by FORTIFY_SOURCE GSoC (with clang).

Submitted by: Oliver Pinter
Differential Revision:
Reviewed by: delphij, jmg
MFC after: 3 days

45 hours agothese are comparing authenticators and need to be constant time...
jmg [Fri, 31 Jul 2015 00:31:52 +0000 (00:31 +0000)]
these are comparing authenticators and need to be constant time...
This could be a side channel attack...  Now that we have a function
for this, use it...

jmgurney/ipsecgcm: 24d704cc and 7f37a14

45 hours agoClean up this header file...
jmg [Fri, 31 Jul 2015 00:23:21 +0000 (00:23 +0000)]
Clean up this header file...

use CTASSERTs now that we have them...

Replace a draft w/ RFC that's over 10 years old.

Note that _AALG and _EALG do not need to match what the IKE daemons
think they should be..  This is part of the KABI...  I decided to
renumber AESCTR, but since we've never had working AESCTR mode, I'm
not really breaking anything..  and it shortens a loop by quite
a bit..

remove SKIPJACK IPsec support...  SKIPJACK never made it out of draft
(in 1999), only has 80bit key, NIST recommended it stop being used
after 2010, and setkey nor any of the IKE daemons I checked supported

jmgurney/ipsecgcm: a357a33, c75808b, e008669, b27b6d6

Reviewed by: gnn (earlier version)

2 days agoCorrect IPSec SA statistic keeping
eri [Thu, 30 Jul 2015 20:56:27 +0000 (20:56 +0000)]
Correct IPSec SA statistic keeping

The IPsec SA statistic keeping is used even for decision making on expiry/rekeying SAs.
When there are multiple transformations being done the statistic keeping might be wrong.

This mostly impacts multiple encapsulations on IPsec since the usual scenario it is not noticed due to the code path not taken.

Differential Revision:
Reviewed by: ae, gnn
Approved by: gnn(mentor)

2 days agoRevert r285125 until rmlocks get fixed.
mjg [Thu, 30 Jul 2015 19:52:43 +0000 (19:52 +0000)]
Revert r285125 until rmlocks get fixed.

Right now there is a chance that sysctl unregister will cause reader to
block on the sx lock associated with sysctl rmlock, in which case kernels
with debug enabled will panic.

2 days agoUse correct number of arguments to semctl() for IPC_RMID.
rodrigc [Thu, 30 Jul 2015 19:44:46 +0000 (19:44 +0000)]
Use correct number of arguments to semctl() for IPC_RMID.

PR: 118292
Submitted by: araujo
Differential Revision: D2669

2 days agoFix a rendering issue in the zfs(8) manual.
gjb [Thu, 30 Jul 2015 19:34:24 +0000 (19:34 +0000)]
Fix a rendering issue in the zfs(8) manual.

MFC after: 3 days
Sponsored by: The FreeBSD Foundation

2 days agoUpdate snd_una description to make it more readable.
hiren [Thu, 30 Jul 2015 19:24:49 +0000 (19:24 +0000)]
Update snd_una description to make it more readable.

Differential Revision:
Reviewed by: gnn
Sponsored by: Limelight Networks

2 days agoThe kernel option and module are actually called pmspcv.
brueffer [Thu, 30 Jul 2015 19:08:23 +0000 (19:08 +0000)]
The kernel option and module are actually called pmspcv.

MFC after: 3 days

2 days agoAdd GPIO backlight driver compatible with Linux FDT bindings.
gonzo [Thu, 30 Jul 2015 19:04:14 +0000 (19:04 +0000)]
Add GPIO backlight driver compatible with Linux FDT bindings.
Brightness is controlled through sysctl dev.gpiobacklight.X.brightness:
  - any value greater than 0: backlight is on
  - any value less than or equal to  0: backlight is off

FDT bindings docs in Linux tree:

2 days agoGet function prototypes for msg, shm, sem functions
rodrigc [Thu, 30 Jul 2015 18:59:01 +0000 (18:59 +0000)]
Get function prototypes for msg, shm, sem functions
from header files.

Differential Revision: D2669

2 days agoib mad: fix an incorrect use of list_for_each_entry
markj [Thu, 30 Jul 2015 18:28:37 +0000 (18:28 +0000)]
ib mad: fix an incorrect use of list_for_each_entry

In tf_dequeue(), if we reach the end of the list without finding a
non-cancelled element, "tmp" will be a pointer into the list head, so the
tmp->canceled check is bogus. Use a flag instead.

Submitted by: Tao Liu <>
Reviewed by: hselasky
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
Differential Revision:

2 days agoDo not pretend that vm_fault(9) supports unwiring the address. Rename
kib [Thu, 30 Jul 2015 18:28:34 +0000 (18:28 +0000)]
Do not pretend that vm_fault(9) supports unwiring the address.  Rename
the VM_FAULT_CHANGE_WIRING flag to VM_FAULT_WIRE.  Assert that the
flag is only passed when faulting on the wired map entry.  Remove the
vm_page_unwire() call, which should be never reachable.

Since VM_FAULT_WIRE flag implies wired map entry, the TRYPAGER() macro
is reduced to the testing of the fs.object having a default pager.
Inline the check.

Suggested and reviewed by: alc
Tested by: pho (previous version)
MFC after: 1 week

2 days agoMake some variables and functions static.
rodrigc [Thu, 30 Jul 2015 18:08:08 +0000 (18:08 +0000)]
Make some variables and functions static.

2 days agoUpdat the committers graph
allanjude [Thu, 30 Jul 2015 17:02:23 +0000 (17:02 +0000)]
Updat the committers graph

Approved by: marcel (mentor)
Differential Revision:

2 days agoAdd enough of pmap_page_set_memattr to run gstat. It still needs to split
andrew [Thu, 30 Jul 2015 16:17:44 +0000 (16:17 +0000)]
Add enough of pmap_page_set_memattr to run gstat. It still needs to split
the DMAP 1G pages so we set the attributes only on the specified page.

Obtained from: ABT Systems Ltd
Sponsored by: The FreeBSD Foundation

2 days agoImprove comments.
kib [Thu, 30 Jul 2015 15:47:53 +0000 (15:47 +0000)]
Improve comments.

Submitted by: bde
MFC after: 2 weeks

2 days agovfs: fill fallout from r286076
royger [Thu, 30 Jul 2015 15:43:26 +0000 (15:43 +0000)]
vfs: fill fallout from r286076

This right operator is >= not =>.

Reported by: cem

2 days agovfs: fix off-by-one error in vfs_buf_check_mapped
royger [Thu, 30 Jul 2015 15:28:06 +0000 (15:28 +0000)]
vfs: fix off-by-one error in vfs_buf_check_mapped

The check added in r285872 can trigger for valid buffers if the buffer space
used happens to be just after unmapped_buf in KVA space.

Discussed with: kib
Sponsored by: Citrix Systems R&D

2 days agoGCC: Add a new option "-fstack-protector-strong"
pfg [Thu, 30 Jul 2015 14:31:09 +0000 (14:31 +0000)]
GCC: Add a new option "-fstack-protector-strong"

This includes additional functions to be protected: those that
have local array definitions, or have references to local frame
addresses. This is a new option in GCC-4.9 that was relicensed
by Han Shen from Google under GPLv2 for OpenBSD.

Obtained from: OpenBSD (2014-01-14)
MFC after: 2 weeks

2 days agoAdd ARM64TODO markers to unimplemented functionality
emaste [Thu, 30 Jul 2015 14:20:36 +0000 (14:20 +0000)]
Add ARM64TODO markers to unimplemented functionality

Reviewed by: andrew
Sponsored by: The FreeBSD Foundation
Differential Revision:

2 days agoEnable IRQ during syscalls on ARM64
zbb [Thu, 30 Jul 2015 13:59:38 +0000 (13:59 +0000)]
Enable IRQ during syscalls on ARM64

FreeBSD provides a feature called Adaptive Mutexes, which allows
a thread to spin for a while when the mutex is taken instead of
immediately going to sleep. This causes issues when called from
syscall handler if interrupts are masked. If every other core
also attempts to access the same mutex there is a chance that
all of them are spinning on the same lock at the same time.
If interrupts are disabled, no kernel preemtion can occur and
the system becomes unresponsive.

This patch enables interrupts when syscall is being executed
and masks them as soon as it is completed.

Reviewed by:   andrew
Obtained from: Semihalf
Sponsored by:  The FreeBSD Foundation
Differential Revision:

2 days agoRemove obsolete vendor code from Alpine platform support
zbb [Thu, 30 Jul 2015 13:45:34 +0000 (13:45 +0000)]
Remove obsolete vendor code from Alpine platform support

This is a clean-up patch from a serie delivering support for
Annapurna Labs Alpine PoC.
The HAL files have already been added to sys/contrib/alpine-hal
so there is no need for them in the platform directory.
This patch removes obsolete files.

Reviewed by:    andrew
Obtained from:  Semihalf
Sponsored by:   Annapurna Labs
Differential Revision:

2 days agoAdd ELF Tool Chain's ar(1) and elfdump(1) to contrib
emaste [Thu, 30 Jul 2015 12:41:54 +0000 (12:41 +0000)]
Add ELF Tool Chain's ar(1) and elfdump(1) to contrib

ELF Tool Chain built on FreeBSD's ar and elfdump, but has a number of
improvements and enhancements. Bring them into contrib in order to start
integrating into our build.

2 days agoBuild if_stf(4) module only when both INET and INET6 support are enabled.
ae [Thu, 30 Jul 2015 10:26:43 +0000 (10:26 +0000)]
Build if_stf(4) module only when both INET and INET6 support are enabled.

2 days agoImprove strtounum
bapt [Thu, 30 Jul 2015 06:14:47 +0000 (06:14 +0000)]
Improve strtounum

Fix many style bugs
Better variable naming
Use C99 'restrict' were apropriate
Fix potential errno race

Submitted by: bde

2 days agoDisable blkif indirect segment I/Os in EC2 by default due to performance
cperciva [Thu, 30 Jul 2015 04:01:00 +0000 (04:01 +0000)]
Disable blkif indirect segment I/Os in EC2 by default due to performance
issues on some EC2 instance types.  Users may want to experiment with
removing this from loader.conf and measuring the performance impact on
the EC2 instances they are using.

2 days agoAdd support for Xen blkif indirect segment I/Os. This makes it possible for
cperciva [Thu, 30 Jul 2015 03:50:01 +0000 (03:50 +0000)]
Add support for Xen blkif indirect segment I/Os.  This makes it possible for
the blkfront driver to perform I/Os of up to 2 MB, subject to support from
the blkback to which it is connected and the initiation of such large I/Os
by the rest of the kernel.  In practice, the I/O size is increased from 40 kB
to 128 kB.

The changes to xen/interface/io/blkif.h consist merely of merging updates
from the upstream Xen repository.

In dev/xen/blkfront/block.h we add some convenience macros and structure
fields used for indirect-page I/Os: The device records its negotiated limit
on the number of indirect pages used, while each I/O command structure gains
permanently allocated page(s) for indirect page references and the Xen grant
references for those pages.

In dev/xen/blkfront/blkfront.c we now check in xbd_queue_cb whether a request
is small enough to handle without an indirection page, and either follow the
previous behaviour or use new code for issuing an indirect segment I/O.  In
xbd_connect we read the size of indirect segment I/Os supported by the backend
and select the maximum size we will use; then allocate the pages and Xen grant
references for each I/O command structure.  In xbd_free those grants and pages
are released.

A new loader tunable, hw.xbd.xbd_enable_indirect, can be set to 0 in order to
disable this functionality; it works by pretending that the backend does not
support this feature.  Some backends exhibit a loss of performance with large
I/Os, so users may wish to test with and without this functionality enabled.

Reviewed by: royger
MFC after: 3 days
Relnotes: yes

2 days agoFollow r256586 and rename the kernel version of the Free() macro to
loos [Thu, 30 Jul 2015 02:09:03 +0000 (02:09 +0000)]
Follow r256586 and rename the kernel version of the Free() macro to
R_Free().  This matches the other macros and reduces the chances to clash
with other headers.

This also fixes the build of radix.c outside of the kernel environment.

Reviewed by: glebius

2 days agoUse private cache line for the locked nop in *mb() on i386.
kib [Thu, 30 Jul 2015 00:13:20 +0000 (00:13 +0000)]
Use private cache line for the locked nop in *mb() on i386.

Suggested by: alc
Reviewed by: alc, bde
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks

2 days agoMFamd64 r285934: Remove store/load (= full) barrier from the i386
kib [Wed, 29 Jul 2015 23:59:17 +0000 (23:59 +0000)]
MFamd64 r285934: Remove store/load (= full) barrier from the i386

Noted by: alc (long time ago)
Reviewed by: alc, bde
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks

2 days agoconst'ify an arg that we don't update...
jmg [Wed, 29 Jul 2015 23:37:15 +0000 (23:37 +0000)]
const'ify an arg that we don't update...

2 days agoCleanup includes
bapt [Wed, 29 Jul 2015 23:26:18 +0000 (23:26 +0000)]
Cleanup includes

2 days agoThis patch fixes a problem where, if the NFSv4 server has a previous
rmacklem [Wed, 29 Jul 2015 23:06:30 +0000 (23:06 +0000)]
This patch fixes a problem where, if the NFSv4 server has a previous
unconfirmed clientid structure for the same client on the last hash list,
this old entry would not be removed/deleted. I do not think this bug would have
caused serious problems, since the new entry would have been before the old one
on the list. This old entry would have eventually been scavenged/removed.
Detected while reading the code looking for another bug.

MFC after: 3 days

2 days agoActually set the proper license
bapt [Wed, 29 Jul 2015 22:51:54 +0000 (22:51 +0000)]
Actually set the proper license

Reported by: trasz

3 days agoMK_ELFCOPY_AS_OBJCOPY should be a variable
emaste [Wed, 29 Jul 2015 21:41:15 +0000 (21:41 +0000)]
MK_ELFCOPY_AS_OBJCOPY should be a variable

PR: 201978
Submitted by: O. Hartmann
Differential Revision:

3 days agonvme: do not notify a consumer about failures that occur during initialization
jimharris [Wed, 29 Jul 2015 21:29:50 +0000 (21:29 +0000)]
nvme: do not notify a consumer about failures that occur during initialization

MFC after: 3 days
Sponsored by: Intel

3 days agoClarify historical practice of not removing old entries. Add entry for
imp [Wed, 29 Jul 2015 21:15:50 +0000 (21:15 +0000)]
Clarify historical practice of not removing old entries. Add entry for
stable/10 branch that was forgotten when it was created. Update end
date to be correct.

3 days agoAdd support for BCM5466 PHY
sbruno [Wed, 29 Jul 2015 20:50:48 +0000 (20:50 +0000)]
Add support for BCM5466 PHY

Differential Revision: D3232
Submitted by:

3 days agoRemove dead functions pmap_pvdump and pads.
sbruno [Wed, 29 Jul 2015 20:47:27 +0000 (20:47 +0000)]
Remove dead functions pmap_pvdump and pads.

Differential Revision: D3206
Submitted by:
Reviewed by: alc

3 days agoAvoid double reference decrement when firewalls force relooping of packets
eri [Wed, 29 Jul 2015 20:10:36 +0000 (20:10 +0000)]
Avoid double reference decrement when firewalls force relooping of packets

When firewalls force a reloop of packets and the caller supplied a route the reference to the route might be reduced twice creating issues.
This is especially the scenario when a packet is looped because of operation in the firewall but the new route lookup gives a down route.

Differential Revision:
Reviewed by: gnn
Approved by: gnn(mentor)

3 days agoRemove mention of non-existent gconv tool
emaste [Wed, 29 Jul 2015 20:02:20 +0000 (20:02 +0000)]
Remove mention of non-existent gconv tool

I believe this is a typo of gcov, but gcov is not controlled by

Sponsored by: The FreeBSD Foundation

3 days agoUse default CLANG build options for ARM
emaste [Wed, 29 Jul 2015 19:06:53 +0000 (19:06 +0000)]
Use default CLANG build options for ARM

We previously disabled CLANG_FULL on (little-endian) ARM because the
build failed.  This is no longer the case and as of Clang 3.5 we cannot
build any part of the in-tree Clang with in-tree GCC, so it's no longer
necessary to disable CLANG_FULL.

Sponsored by: The FreeBSD Foundation
Differential Revision:

3 days agoRegenerate src.conf(5) after r286016 and r286030
emaste [Wed, 29 Jul 2015 18:55:51 +0000 (18:55 +0000)]
Regenerate src.conf(5) after r286016 and r286030

3 days agoAllow ELF Tool Chain elfcopy to be installed as objcopy
emaste [Wed, 29 Jul 2015 18:45:38 +0000 (18:45 +0000)]
Allow ELF Tool Chain elfcopy to be installed as objcopy

ELF Tool Chain elfcopy is nearly a drop-in replacement for GNU objcopy,
but does not currently support PE output which is needed for building
x86 UEFI bits.

Add a src.conf knob to allow installing it as objcopy and set it by
default for aarch64 only, where we don't have a native binutils.

Reviewed by: bapt
Sponsored by: The FreeBSD Foundation
Differential Revision:

3 days agoUpdate OLD_FILES for tools provided by ELF Tool Chain or Binutils
emaste [Wed, 29 Jul 2015 18:33:11 +0000 (18:33 +0000)]
Update OLD_FILES for tools provided by ELF Tool Chain or Binutils

Sponsored by: The FreeBSD Foundation

3 days agoip_output normalization and fixes
eri [Wed, 29 Jul 2015 18:04:01 +0000 (18:04 +0000)]
ip_output normalization and fixes

ip_output has a big chunk of code used to handle special cases with pfil consumers which also forces a reloop on it.
Gather all this code together to make it readable and properly handle the reloop cases.

Some of the issues identified:

M_IP_NEXTHOP is not handled properly in existing code.
route reference leaking is possible with in FIB number change
route flags checking is not consistent in the function

Differential Revision:
Reviewed by: gnn
Approved by: gnn(mentor)
MFC after: 4 weeks

3 days agoRevert r265338, r271089 and r271123 as those changes do not handle
pkelsey [Wed, 29 Jul 2015 17:59:13 +0000 (17:59 +0000)]
Revert r265338, r271089 and r271123 as those changes do not handle
non-inline urgent data and introduce an mbuf exhaustion attack vector
similar to FreeBSD-SA-15:15.tcp, but not requiring VNETs.

Address the issue described in FreeBSD-SA-15:15.tcp.

Reviewed by: glebius
Approved by: so
Approved by: jmallett (mentor)
Security: FreeBSD-SA-15:15.tcp
Sponsored by: Norse Corp, Inc.

3 days agoar: Fix deterministic mode default with options other than -q or -r
emaste [Wed, 29 Jul 2015 17:34:26 +0000 (17:34 +0000)]
ar: Fix deterministic mode default with options other than -q or -r

Reported by: jhibbits
Reviewed by: jhibbits
Sponsored by: The FreeBSD Foundation
Differential Revision:

3 days agoMake pipes in CloudABI work.
ed [Wed, 29 Jul 2015 17:18:27 +0000 (17:18 +0000)]
Make pipes in CloudABI work.

Pipes in CloudABI are unidirectional. The reason for this is that
CloudABI attempts to provide a uniform runtime environment across
different flavours of UNIX.

Instead of implementing a custom pipe that is unidirectional, we can
simply reuse Capsicum permission bits to support this. This is nice,
because CloudABI already attempts to restrict permission bits to
correspond with the operations that apply to a certain file descriptor.

Replace kern_pipe() and kern_pipe2() by a single kern_pipe() that takes
a pair of filecaps. These filecaps are passed to the newly introduced
falloc_caps() function that creates the descriptors with rights in

Test Plan:
CloudABI pipes seem to be created with proper rights in place:

Reviewers: jilles, mjg

Reviewed By: mjg

Subscribers: imp

Differential Revision:

3 days agoIntroduce falloc_caps() to create descriptors with capabilties in place.
ed [Wed, 29 Jul 2015 17:16:53 +0000 (17:16 +0000)]
Introduce falloc_caps() to create descriptors with capabilties in place.

falloc_noinstall() followed by finstall() allows you to create and
install file descriptors with custom capabilities. Add falloc_caps()
that can do both of these actions in one go.

This will be used by CloudABI to create pipes with custom capabilities.

Reviewed by: mjg

3 days agoRemove the AUTHORS section until it's clear who exactly wrote the driver.
brueffer [Wed, 29 Jul 2015 16:37:36 +0000 (16:37 +0000)]
Remove the AUTHORS section until it's clear who exactly wrote the driver.

3 days agoInclude c++filt and readelf in WITHOUT_ELFTOOLCHAIN_TOOLS
emaste [Wed, 29 Jul 2015 15:42:22 +0000 (15:42 +0000)]
Include c++filt and readelf in WITHOUT_ELFTOOLCHAIN_TOOLS

3 days agoMake Broadcom XLR use shared ds1374 RTC driver.
sbruno [Wed, 29 Jul 2015 15:32:59 +0000 (15:32 +0000)]
Make Broadcom XLR use shared ds1374 RTC driver.

Remove its identical and redundant ds1374u version.

Differential Revision: D3225
Submitted by:

3 days agoEliminate the use of m_copydata() in gif_encapcheck().
ae [Wed, 29 Jul 2015 14:07:43 +0000 (14:07 +0000)]
Eliminate the use of m_copydata() in gif_encapcheck().

ip_encap already has inspected mbuf's data, at least an IP header.
And it is safe to use mtod() and do direct access to needed fields.
Add M_ASSERTPKTHDR() to gif_encapcheck(), since the code expects that
mbuf has a packet header.
Move the code from gif_validate[46] into in[6]_gif_encapcheck(), also
remove "martian filters" checks. According to RFC 4213 it is enough to
verify that the source address is the address of the encapsulator, as
configured on the decapsulator.

Reviewed by: melifaro
Obtained from: Yandex LLC
Sponsored by: Yandex LLC

3 days agoFixed shutdown(2) unix(4) tests for SOCK_SEQPACKET after r285910 (by ed).
pluknet [Wed, 29 Jul 2015 13:49:34 +0000 (13:49 +0000)]
Fixed shutdown(2) unix(4) tests for SOCK_SEQPACKET after r285910 (by ed).

3 days agoar: enable deterministic mode by default
emaste [Wed, 29 Jul 2015 13:36:17 +0000 (13:36 +0000)]
ar: enable deterministic mode by default

Ar cannot handle UIDs with more than 6 digits, and storing the mtime,
uid, gid and mode provides little to negative value anyhow for ar's
uses. Turn on deterministic (-D) mode by default; it can be disabled by
the user with -U.

PR: 196929
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision:

3 days agoSplit up Capsicum to CloudABI rights conversion into two separate routines.
ed [Wed, 29 Jul 2015 12:42:45 +0000 (12:42 +0000)]
Split up Capsicum to CloudABI rights conversion into two separate routines.

CloudABI's openat() ensures that files are opened with the smallest set
of relevant rights. For example, when opening a FIFO, unrelated rights
like CAP_RECV are automatically removed. To remove unrelated rights, we
can just reuse the code for this that was already present in the rights
conversion function.

3 days agoAdd quirk for ThunderX ITS device table size
zbb [Wed, 29 Jul 2015 11:22:19 +0000 (11:22 +0000)]
Add quirk for ThunderX ITS device table size

Limit the number of supported device IDs to 0x100000
in order to decrease the size of the ITS device table so
that it matches with the HW capabilities.

Obtained from: Semihalf
Sponsored by:  The FreeBSD Foundation
Differential Revision:

3 days agoReduce overhead of ipfw's me6 opcode.
ae [Wed, 29 Jul 2015 10:53:42 +0000 (10:53 +0000)]
Reduce overhead of ipfw's me6 opcode.

Skip checks for IPv6 multicast addresses.
Use in6_localip() for global unicast.
And for IPv6 link-local addresses do search in the IPv6 addresses list.
Since LLA are stored in the kernel internal form, use
IN6_ARE_MASKED_ADDR_EQUAL() macro with lla_mask for addresses comparison.
lla_mask has zero bits in the second word, where we keep sin6_scope_id.

Obtained from: Yandex LLC
Sponsored by: Yandex LLC

3 days agoMove bufshutdown() out of the #ifdef INVARIANTS block.
kib [Wed, 29 Jul 2015 09:57:34 +0000 (09:57 +0000)]
Move bufshutdown() out of the #ifdef INVARIANTS block.

3 days agoConvert in_ifaddr_lock and in6_ifaddr_lock to rmlock.
ae [Wed, 29 Jul 2015 08:12:05 +0000 (08:12 +0000)]
Convert in_ifaddr_lock and in6_ifaddr_lock to rmlock.

Both are used to protect access to IP addresses lists and they can be
acquired for reading several times per packet. To reduce lock contention
it is better to use rmlock here.

Reviewed by: gnn (previous version)
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
Differential Revision:

3 days agoRFC4868 section 2.3 requires that the output be half... This fixes
jmg [Wed, 29 Jul 2015 07:15:16 +0000 (07:15 +0000)]
RFC4868 section 2.3 requires that the output be half...  This fixes
problems that was introduced in r285336...  I have verified that
HMAC-SHA2-256 both ah only and w/ AES-CBC interoperate w/ a NetBSD
6.1.5 vm...

Reviewed by: gnn

3 days agopf: Always initialise pf_fragment.fr_flags
kp [Wed, 29 Jul 2015 06:35:36 +0000 (06:35 +0000)]
pf: Always initialise pf_fragment.fr_flags

When we allocate the struct pf_fragment in pf_fillup_fragment() we forgot to
initialise the fr_flags field. As a result we sometimes mistakenly thought the
fragment to not be a buffered fragment. This resulted in panics because we'd end
up freeing the pf_fragment but not removing it from V_pf_fragqueue (believing it
to be part of V_pf_cachequeue).
The next time we iterated V_pf_fragqueue we'd use a freed object and panic.

While here also fix a pf_fragment use after free in pf_normalize_ip().
pf_reassemble() frees the pf_fragment, so we can't use it any more.

PR: 201879, 201932
MFC after: 5 days

3 days agoImplement CloudABI's readdir().
ed [Wed, 29 Jul 2015 06:31:44 +0000 (06:31 +0000)]
Implement CloudABI's readdir().

CloudABI's readdir() system call could be thought of as a mixture
between FreeBSD's getdents(2) and pread(). Instead of using the file
descriptor offset, userspace provides a 64-bit cloudabi_dircookie_t
continue reading at a given point. CLOUDABI_DIRCOOKIE_START, having
value 0, can be used to return entries at the start of the directory.

The file descriptor offset is not used to store the cookie for the
reason that in a file descriptor centric environment, it would make
sense to allow concurrent use of a single file descriptor.

The remaining space returned by the system call should be filled with a
partially truncated copy of the next entry. The advantage of doing this
is that it gracefully deals with long filenames. If the C library
provides a buffer that is too small to hold a single entry, it can still
extract the directory entry header, meaning that it can retry the read
with a larger buffer or skip it using the cookie.

Test Plan:
This implementation passes the cloudlibc unit tests at:

Reviewers: marcel, kib

Reviewed By: kib

Subscribers: imp

Differential Revision:

3 days agoActually add the new code
bapt [Wed, 29 Jul 2015 06:23:06 +0000 (06:23 +0000)]
Actually add the new code

3 days agoCreate a strtounum function using the same API as strtonum
bapt [Wed, 29 Jul 2015 06:22:41 +0000 (06:22 +0000)]
Create a strtounum function using the same API as strtonum

This function returns uintmax_t
Use this function to convert to gid_t/uid_t

3 days ago - Remove some dead code copied from ffs.
jeff [Wed, 29 Jul 2015 03:06:08 +0000 (03:06 +0000)]
 - Remove some dead code copied from ffs.

3 days agoTeach sysctl about the new optional suffix after IK to specify
imp [Wed, 29 Jul 2015 02:34:25 +0000 (02:34 +0000)]
Teach sysctl about the new optional suffix after IK to specify
precision. Update input as well. Add IK to the manual (it was missing

Differential Revision:

3 days ago - Make 'struct buf *buf' private to vfs_bio.c. Having a global variable
jeff [Wed, 29 Jul 2015 02:26:57 +0000 (02:26 +0000)]
 - Make 'struct buf *buf' private to vfs_bio.c.  Having a global variable
   'buf' is inconvenient and has lead me to some irritating to discover
   bugs over the years.  It also makes it more challenging to refactor
   the buf allocation system.
 - Move swbuf and declare it as an extern in vfs_bio.c.  This is still
   not perfect but better than it was before.
 - Eliminate the unused ffs function that relied on knowledge of the buf
 - Move the shutdown code that iterates over the buf array into vfs_bio.c.

Reviewed by: kib
Sponsored by: EMC / Isilon Storage Division