6 weeks agoChange some default to make zstd a dropin replacement for gzip,bzip etc master
bapt [Sat, 15 Apr 2017 20:15:44 +0000 (20:15 +0000)]
Change some default to make zstd a dropin replacement for gzip,bzip etc
in most cases

Changes ares:
- quiet by default
- remove the source files one compression completion by default

6 weeks agoAdd a zstdless equivalent to zless, bzless xzless
bapt [Sat, 15 Apr 2017 20:06:24 +0000 (20:06 +0000)]
Add a zstdless equivalent to zless, bzless xzless

6 weeks agoImport zstandard 1.1.4 in base
bapt [Sat, 15 Apr 2017 20:05:22 +0000 (20:05 +0000)]
Import zstandard 1.1.4 in base

zstandard is a new compression library/tool which is very fast at

For now import as a private library

6 weeks agoAdd a 10x16 mouse cursor and use it in all graphics (strictly, pixel)
bde [Sat, 15 Apr 2017 20:03:50 +0000 (20:03 +0000)]
Add a 10x16 mouse cursor and use it in all graphics (strictly, pixel)
modes if the font size is >= 14.

This is the X cursor XC_left_ptr (#68) (glyph #45 in an X cursor font).
Also found in vt.  The old 9x13 cursor is the 10x16 one trimmed not very

8x8 fonts need a smaller cursor instead of a larger one, except when
the pixel size is small.  Text mode is still limited to width and height
1 more than the font (so the 9x13 is already 4 pixels too high for it).

6 weeks agoImport zstd 1.1.4
bapt [Sat, 15 Apr 2017 19:47:16 +0000 (19:47 +0000)]
Import zstd 1.1.4

6 weeks agoStructure the mouse cursor data so that it is easier to switch, and
bde [Sat, 15 Apr 2017 19:27:39 +0000 (19:27 +0000)]
Structure the mouse cursor data so that it is easier to switch, and
access it via pointers (still to only 1 instance, now with a less
generic name).

Restructure the "and" and "or" masks as border and interior masks
(where the "and" mask was for the union of the border and the interior).
"and" and "or" were only a detail in a not very good implementation,
and after fixing that the union was only used to calculate the border
at runtime.

Use the metric data in more places to clip to active pixels earlier.

6 weeks agoFix another logic bug that came out of recent syslogd refactoring and exposed by
sobomax [Sat, 15 Apr 2017 18:20:11 +0000 (18:20 +0000)]
Fix another logic bug that came out of recent syslogd refactoring and exposed by
the r316874: don't call shutdown(2) on all sockets, but only net ones, which seems
to be the behaviour existed before that refactoring. Also don't call listen(2)
in datagram sockets and fix misplaced debug messages while I am here.

Reported by: peter

6 weeks agoAdd support for the imx6ul SoC.
ian [Sat, 15 Apr 2017 17:02:32 +0000 (17:02 +0000)]
Add support for the imx6ul SoC.

6 weeks agocxgbe: Add a tunable to configure the SGE time scaler, which is
np [Sat, 15 Apr 2017 17:00:50 +0000 (17:00 +0000)]
cxgbe: Add a tunable to configure the SGE time scaler, which is
available starting with T6.  The values in the timer holdoff registers
are multiplied by the scaling factor before use.

dev.<nexus>.<n>.holdoff_timers shows the final values of the
timers in microseconds.

MFC after: 1 week
Sponsored by: Chelsio Communications

6 weeks agoClean up headers declaration
bapt [Sat, 15 Apr 2017 13:57:35 +0000 (13:57 +0000)]
Clean up headers declaration

6 weeks agoUpdate to 2017.04.03
bapt [Sat, 15 Apr 2017 09:56:42 +0000 (09:56 +0000)]
Update to 2017.04.03

6 weeks agoSwitch back to non-IEC units for 1024 bytes
ngie [Sat, 15 Apr 2017 06:53:07 +0000 (06:53 +0000)]
Switch back to non-IEC units for 1024 bytes

I was swayed a little too quickly when I saw the wiki page discussing
kB vs KiB. Switch back as none of the code in base openly uses
IEC units via humanize_number(3) (which was my next step), and there's
a large degree of dislike with IEC vs more SI-like units.

MFC after: 7 weeks
Submitted by: jhb, rgrimes
Sponsored by: Dell EMC Isilon

6 weeks agoLatest version, we need to realpath anyway to check if an obj
sjg [Sat, 15 Apr 2017 03:28:13 +0000 (03:28 +0000)]
Latest version, we need to realpath anyway to check if an obj
dependency is also a src dependency.

6 weeks agoSince shutdown(2) on datagram socket is no longer a NOP after rev 316874
sobomax [Sat, 15 Apr 2017 02:24:22 +0000 (02:24 +0000)]
Since shutdown(2) on datagram socket is no longer a NOP after rev 316874
don't bother to select/recv on that socket. This prevents syslogd(8)
from spinning endlessly when started with the -s option (default).

Reported by: peter

6 weeks agoUpdate to latest, handle case of __objdir=obj
sjg [Sat, 15 Apr 2017 01:52:49 +0000 (01:52 +0000)]
Update to latest, handle case of __objdir=obj

6 weeks agoUpdate to bmake 20170413
sjg [Sat, 15 Apr 2017 01:44:45 +0000 (01:44 +0000)]
Update to bmake 20170413

6 weeks agoReorder Makefile entries from r316945
asomers [Sat, 15 Apr 2017 00:39:45 +0000 (00:39 +0000)]
Reorder Makefile entries from r316945

PR: 176049
Reported by: Oliver Pinter
MFC after: 3 weeks
X-MFC-With: 316945

6 weeks agoAdd 410.status-mfi, a periodic script for mfi(4) arrays
asomers [Fri, 14 Apr 2017 22:59:14 +0000 (22:59 +0000)]
Add 410.status-mfi, a periodic script for mfi(4) arrays

PR: 176049
Submitted by:
Reviewed by: scottl, Larry Rosenman <>
MFC after: 3 weeks
Relnotes: yes

6 weeks agoDon't try to write out bufs that have already failed with ENXIO.
trasz [Fri, 14 Apr 2017 20:15:34 +0000 (20:15 +0000)]
Don't try to write out bufs that have already failed with ENXIO.
This fixes some panics after disconnecting mounted disks.

Submitted by: imp (slightly different version, which I've then lost)
Reviewed by: kib, imp, mckusick
MFC after: 2 weeks
Differential Revision:

6 weeks agocxgbe/iw_cxgbe: Report the actual values of various parameters as
np [Fri, 14 Apr 2017 20:15:17 +0000 (20:15 +0000)]
cxgbe/iw_cxgbe: Report the actual values of various parameters as
configured by the firmware.

MFC after: 3 days
Sponsored by: Chelsio Communications

6 weeks ago[lib80211] fix a missing cleanup path.
adrian [Fri, 14 Apr 2017 20:10:18 +0000 (20:10 +0000)]
[lib80211] fix a missing cleanup path.

PR: lib/218655
Reported by: <>

6 weeks agosavecore: fix space calculation with respect to `minfree` in check_space(..)
ngie [Fri, 14 Apr 2017 19:41:48 +0000 (19:41 +0000)]
savecore: fix space calculation with respect to `minfree` in check_space(..)

- Use strtoll(3) instead of atoi(3), because atoi(3) limits the
  representable data to INT_MAX. Check the values received from
  strtoll(3), trimming trailing whitespace off the end to maintain
- Use `KiB` instead of `kB` when describing free space, total space,
  etc. I am now fully aware of `KiB` being the IEC standard for 1024
  bytes and `kB` being the IEC standard for 1000 bytes.
- Store available number of KiB in `available` so it can be more
  easily queried and compared to ensure that there are enough KiB to
  store the dump image on disk.
- Print out the reserved space on disk, per `minfree`, so end-users
  can troubleshoot why check_space(..) is reporting that there isn't
  enough free space.

MFC after: 7 weeks
Reviewed by: Anton Rang <> (earlier diff), cem (earlier diff)
Tested with: positive/negative cases (see review); make tinderbox
Sponsored by: Dell EMC Isilon
Differential Revision: D10379

6 weeks agocxgbe/iw_cxgbe: Report accurate page_size_cap in ib_query_device.
np [Fri, 14 Apr 2017 19:18:50 +0000 (19:18 +0000)]
cxgbe/iw_cxgbe: Report accurate page_size_cap in ib_query_device.

MFC after: 3 days
Sponsored by: Chelsio Communications

6 weeks agocxgbe/iw_cxgbe: hw supports 64K (not 32K) Protection Domains.
np [Fri, 14 Apr 2017 19:15:31 +0000 (19:15 +0000)]
cxgbe/iw_cxgbe: hw supports 64K (not 32K) Protection Domains.

MFC after: 3 days
Sponsored by: Chelsio Communications

6 weeks agoOops, the previous revision was missing the update of the shift variable.
bde [Fri, 14 Apr 2017 17:38:43 +0000 (17:38 +0000)]
Oops, the previous revision was missing the update of the shift variable.

6 weeks agoRestore ability to shutdown DGRAM sockets, still forcing ENOTCONN to be returned
sobomax [Fri, 14 Apr 2017 17:23:28 +0000 (17:23 +0000)]
Restore ability to shutdown DGRAM sockets, still forcing ENOTCONN to be returned
by the shutdown(2) system call. This ability has been lost as part of the svn
revision 285910.

Reviewed by: ed, rwatson, glebius, hiren
MFC after: 2 weeks
Differential Revision:

6 weeks agoRename two gmirror state flags to make their meanings slightly clearer.
markj [Fri, 14 Apr 2017 17:13:57 +0000 (17:13 +0000)]
Rename two gmirror state flags to make their meanings slightly clearer.

No functional change.

MFC after: 2 weeks
Sponsored by: Dell EMC Isilon

6 weeks agoDon't set the mirror GEOM softc to NULL in g_mirror_destroy().
markj [Fri, 14 Apr 2017 17:08:37 +0000 (17:08 +0000)]
Don't set the mirror GEOM softc to NULL in g_mirror_destroy().

At this point we have not rendezvous'ed with the mirror worker thread, and
I/O may still be in flight. Various I/O completion paths expect to be able
to obtain a reference to the mirror softc from the GEOM, so setting it to
NULL may result in various NULL pointer dereferences if the mirror is
stopped with -f or the kernel is shut down while a mirror is
synchronizing. The worker thread will clear the softc pointer before

Tested by: pho
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon

6 weeks agoCheck for a provider error before enqueuing mirror I/O.
markj [Fri, 14 Apr 2017 17:03:32 +0000 (17:03 +0000)]
Check for a provider error before enqueuing mirror I/O.

We are otherwise susceptible to a race with a concurrent teardown of the
mirror provider, causing the I/O to be left uncompleted after the mirror
started withering.

Tested by: pho
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon

6 weeks agoAdjust shifting so that cursor widths up to 17 (was 9) work in vga planar
bde [Fri, 14 Apr 2017 17:02:24 +0000 (17:02 +0000)]
Adjust shifting so that cursor widths up to 17 (was 9) work in vga planar

Direct mode always supported widths up to 32, except for its hard-coded
16s matching the pixmap size.  Text mode is still limited to 9 its 2x2
character cell method and missing adjustments for the gap between
characters, if any.

Cursor heights can be almost anything in graphics modes.

6 weeks agoStop mirror synchronization before draining the I/O queue.
markj [Fri, 14 Apr 2017 16:54:50 +0000 (16:54 +0000)]
Stop mirror synchronization before draining the I/O queue.

Regular I/O requests may be blocked by concurrent synchronization requests
targeted to the same LBAs, in which case they are moved to a holding queue
until the conflicting I/O completes. We therefore want to stop
synchronization before completing pending I/O in g_mirror_destroy_provider()
since this ensures that blocked I/O requests are completed as well.

Tested by: pho
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon

6 weeks agoMFV 316855
asomers [Fri, 14 Apr 2017 16:30:37 +0000 (16:30 +0000)]
MFV 316855

7900 zdb shouldn't print the path of a znode at verbosity < 5

Reviewed by: Paul Dagnelie <>
Reviewed by: Matt Ahrens <>
Approved by: Dan McDonald <>
Author: Alan Somers <>


MFC after: 3 weeks
Sponsored by: Spectra Logic Corp

6 weeks agorename vfs.zfs.debug_flags to vfs.zfs.debugflags
avg [Fri, 14 Apr 2017 15:35:07 +0000 (15:35 +0000)]
rename vfs.zfs.debug_flags to vfs.zfs.debugflags

While the former name is easier to read, the "_flags" suffix has a special
meaning for loader(8) and, thus, it was impossible to set the knob via
loader.conf(5).  The loader interpreted the setting as flags that should
be passed to a kernel module named "vfs.zfs.debug".

Discussed with: smh
MFC after: 2 weeks

6 weeks agodtrace: fix normalization of stddev aggregation
avg [Fri, 14 Apr 2017 15:31:04 +0000 (15:31 +0000)]
dtrace: fix normalization of stddev aggregation

To be upstreamed.

Discussed with: Bryan Cantrill <>
MFC after: 2 weeks
Sponsored by: Panzura

6 weeks agoIn fsck_ffs pass1, prevent the inosused variable from wrapping.
kib [Fri, 14 Apr 2017 15:22:00 +0000 (15:22 +0000)]
In fsck_ffs pass1, prevent the inosused variable from wrapping.

The loop that scans the used inode map when soft updates is in use
assumes that the inosused variable is signed.  However, ino_t is
unsigned, so the loop invariant is incorrect and the check for
inosused wrapping to < 0 can never be true.

Instead of checking for wrap after the fact just prevent it from
happening in the first place.

PR: 218592
Submitted by: Todd Miller <>
Reviewed by: mckusick
MFC after: 1 week

6 weeks agoCorrect calculation of the entry->free_down in the invariants-checking
kib [Fri, 14 Apr 2017 15:16:41 +0000 (15:16 +0000)]
Correct calculation of the entry->free_down in the invariants-checking

Reported by: maxim
Found by: PVS studio scan
Sponsored by: The FreeBSD Foundation
MFC after: 1 week

6 weeks agoRemove RTL8153 quirk since ure(4) supports this chip.
kevlo [Fri, 14 Apr 2017 14:38:27 +0000 (14:38 +0000)]
Remove RTL8153 quirk since ure(4) supports this chip.

6 weeks agoOptimize drawing of the mouse cursor in vga planar mode almost as
bde [Fri, 14 Apr 2017 14:00:13 +0000 (14:00 +0000)]
Optimize drawing of the mouse cursor in vga planar mode almost as
much as possible, by avoiding null ANDs and ORs to the frame buffer.

Mouse cursors are fairly sparse, especially for their frame.  Pixels
are written in groups of 8 in planar mode and the per-group sparseness
is not as large, but it still averages about 40% with the current
9x13 mouse cursor.  The average drawing time is reduced by about this
amount (from 22 usec constant to 12.5 usec average on Haswell).

This optimization is relatively larger with larger cursors.  Width 10
requires 6 frame buffer accesses per line instead of 4 if not done
sparsely, but rarely more than 4 if done sparsely.

6 weeks agoRemove unused "cred" argument to ncl_flush().
rmacklem [Fri, 14 Apr 2017 13:25:45 +0000 (13:25 +0000)]
Remove unused "cred" argument to ncl_flush().

The "cred" argument of ncl_flush() is unused and it was confusing to have
the code passing in NULL for this argument in some cases. This patch deletes
this argument.
There is no semantic change because of this patch.

MFC after: 2 weeks

6 weeks agoCorrect minor grammos; minor white-space fixes.
schweikh [Fri, 14 Apr 2017 12:54:39 +0000 (12:54 +0000)]
Correct minor grammos; minor white-space fixes.

6 weeks agoFurther unobfuscate the method of drawing the mouse cursor in vga planar
bde [Fri, 14 Apr 2017 12:03:34 +0000 (12:03 +0000)]
Further unobfuscate the method of drawing the mouse cursor in vga planar

Don't manually unroll the 2 inner loops.  On Haswell, doing so gave a
speedup of about 0.5% (about 4 cycles per iteration out of 1400), but
hard-coded a limit of width 9 and made better better optimizations
harder to see.  gcc-4.2.1 -O does the unrolling anyway, unless tricked
with a volatile hack.  gcc's unrolling is not very good and gives a
a speedup of about half as much (about 2 cycles per iteration).  (All
timing on i386.)

Manual unrolling was only feasible because the inner loop only iterates
once or twice.  Usually twice, but a dynamic check is needed to decide,
and was not moved from the second-innermost loop manually or by gcc.
This commit basically adds another dynamic check in the inner loop.

Cursor widths of 10-17 require 3 iterations in the inner loop and this
is not so easy to unroll -- even gcc stops at 2.

6 weeks agoAvoid undefined behavior.
ae [Fri, 14 Apr 2017 11:58:41 +0000 (11:58 +0000)]
Avoid undefined behavior.

The 'pktid' variable is modified while being used twice between
sequence points, probably due to htonl() is macro.

Reported by: PVS-Studio
MFC after: 1 week

6 weeks agoUse address of specific union member instead of whole union address to
ae [Fri, 14 Apr 2017 11:41:09 +0000 (11:41 +0000)]
Use address of specific union member instead of whole union address to
fix PVS-Studio warnings.

MFC after: 1 week

6 weeks agoThe rule field in the ipfw_dyn_rule structure is used as storage
ae [Fri, 14 Apr 2017 11:19:09 +0000 (11:19 +0000)]
The rule field in the ipfw_dyn_rule structure is used as storage
to pass rule number and rule set to userland. In r272840 the kernel
internal rule representation was changed and the rulenum field of
struct ip_fw_rule got the type uint32_t, but userlevel representation
still have the type uint16_t. To not overflow the size of pointer
on the systems with 32-bit pointer size use separate variable to
copy rulenum and set.

Reported by: PVS-Studio
MFC after: 1 week

6 weeks agoFix the build.
ae [Fri, 14 Apr 2017 10:21:38 +0000 (10:21 +0000)]
Fix the build.

Reported by: lwhsu

6 weeks agoRework r316770 to make it protocol independent and general, like we
ae [Fri, 14 Apr 2017 09:00:48 +0000 (09:00 +0000)]
Rework r316770 to make it protocol independent and general, like we
do for streaming sockets.

And do more cleanup in the sbappendaddr_locked_internal() to prevent
leak information from existing mbuf to the one, that will be possible
created later by netgraph.

Suggested by: glebius
Tested by: Irina Liakh <spell at itl ua>
MFC after: 1 week

6 weeks agoRemove dead code.
yongari [Fri, 14 Apr 2017 08:27:42 +0000 (08:27 +0000)]
Remove dead code.

6 weeks agoDon't overwrite mapped bits.
yongari [Fri, 14 Apr 2017 08:11:50 +0000 (08:11 +0000)]
Don't overwrite mapped bits.

Found by: PVS-Studio

6 weeks agoRemove unnecessary assignment.
yongari [Fri, 14 Apr 2017 07:27:23 +0000 (07:27 +0000)]
Remove unnecessary assignment.

Found by: PVS-Studio

6 weeks agoConditionally install /etc/pam.d/ftp* and /etc/pam.d/telnetd
ngie [Fri, 14 Apr 2017 06:42:46 +0000 (06:42 +0000)]
Conditionally install /etc/pam.d/ftp* and /etc/pam.d/telnetd

/etc/pam.d/ftp* should be installed with MK_FTP != no and
/etc/pam.d/telnetd should be installed when MK_TELNET != no.

MFC after: 7 weeks
Sponsored by: Dell EMC Isilon

6 weeks agoDerive {AT,RCMDS}{DIR,MODE} from FILE{DIR,MODE}
ngie [Fri, 14 Apr 2017 06:33:15 +0000 (06:33 +0000)]

This reduces duplicity a bit.

MFC after: 7 weeks
Sponsored by: Dell EMC Isilon

6 weeks agoAdd missing bracket (typo).
cy [Fri, 14 Apr 2017 05:32:03 +0000 (05:32 +0000)]
Add missing bracket (typo).

6 weeks agohyperv/kvp: Remove always false condition.
sephe [Fri, 14 Apr 2017 05:29:27 +0000 (05:29 +0000)]
hyperv/kvp: Remove always false condition.

Reported by: PVS
MFC after: 3 days
Sponsored by: Microsoft

6 weeks agoDocument change in (incorrect) ipfilter behaviour fixed by r316810.
cy [Fri, 14 Apr 2017 05:25:40 +0000 (05:25 +0000)]
Document change in (incorrect) ipfilter behaviour fixed by r316810.
Keep frags can be used with keep state independently.

6 weeks agohyperv/storvsc: Use ULL for 64bits value shift.
sephe [Fri, 14 Apr 2017 05:25:21 +0000 (05:25 +0000)]
hyperv/storvsc: Use ULL for 64bits value shift.

Reported by: PVS
MFC after: 3 days
Sponsored by: Microsoft

6 weeks agohyperv/kbd: Remove unnecessary assignment.
sephe [Fri, 14 Apr 2017 05:18:42 +0000 (05:18 +0000)]
hyperv/kbd: Remove unnecessary assignment.

Reported by: PVS
MFC after: 3 days
Sponsored by: Microsoft

6 weeks agoAdd missing free()'s after calls to randomize().
cy [Fri, 14 Apr 2017 05:13:50 +0000 (05:13 +0000)]
Add missing free()'s after calls to randomize().

PR: NetBSD PR/50559
Obtained from: Netbsd radix_ipf.c r1.6
MFC after: 1 week

6 weeks agoKeep state incorrectly assumes keep frags. This is counter to the
cy [Fri, 14 Apr 2017 05:12:01 +0000 (05:12 +0000)]
Keep state incorrectly assumes keep frags. This is counter to the
ipfilter man pages. This also currently restricts keep frags to only when
keep state is used, which is redundant because keep state currently
assumes keep frags. This commit fixes this.

To the user this change means that to maintain the current behaviour
one must add keep frags to any ipfilter keep state rule (as documented
in the man pages).

This patch also allows the flexability to specify and use keep frags
separate from keep state, as documented in an example in ipf.conf.5,
instead of the currently broken behaviour.

Relnotes: yes

6 weeks agoFix a use after free panic in ipfilter's fragment processing.
cy [Fri, 14 Apr 2017 03:54:36 +0000 (03:54 +0000)]
Fix a use after free panic in ipfilter's fragment processing.
Memory is malloc'd, then a search for a match in the fragment table
is made and if the fragment matches, the wrong fragment table is
freed, causing a use after free panic. This commit fixes this.

A symptom of the problem is a kernel page fault in bcopy() called by
ipf_frag_lookup() at line 715 in ip_frag.c. Another symptom is a
kernel page fault in ipf_frag_delete() when called by ipf_frag_expire()
via ipf_slowtimer().

MFC after: 1 week

6 weeks agoRemove unnecessary check aginst NULL. txp_ext_command() with
yongari [Fri, 14 Apr 2017 03:23:03 +0000 (03:23 +0000)]
Remove unnecessary check aginst NULL.  txp_ext_command() with
TXP_CMD_WAIT argument allocates a response buffer.  If the allocation
fails, txp_ext_command() returns an error and it's handed in caller.

Found by: PVS-Studio

6 weeks agoDefault powerpcspe processor target to 8540
jhibbits [Fri, 14 Apr 2017 03:20:34 +0000 (03:20 +0000)]
Default powerpcspe processor target to 8540

This prevents internal compiler errors when -mcpu is omitted.

6 weeks agoRemove unnecessary comparison.
yongari [Fri, 14 Apr 2017 02:33:26 +0000 (02:33 +0000)]
Remove unnecessary comparison.

Found by: PVS-Studio

6 weeks agoFix a potentially forever loop.
yongari [Fri, 14 Apr 2017 02:24:02 +0000 (02:24 +0000)]
Fix a potentially forever loop.

Found by: PVS-Studio

6 weeks agoFix potential NULL deref.
glebius [Fri, 14 Apr 2017 01:56:15 +0000 (01:56 +0000)]
Fix potential NULL deref.

Found by: PVS Studio

6 weeks agotcp_wrappers: Sprinkle some bounds-checked string copying
cem [Fri, 14 Apr 2017 00:45:09 +0000 (00:45 +0000)]
tcp_wrappers: Sprinkle some bounds-checked string copying

It isn't clear if tcpd.c is even compiled in FreeBSD.

Reported by: Coverity
CIDs: 1006710, 1006804
Sponsored by: Dell EMC Isilon

6 weeks agobsdinstall(8): Sprinkle a snprintf to fixed size buffer
cem [Fri, 14 Apr 2017 00:36:45 +0000 (00:36 +0000)]
bsdinstall(8): Sprinkle a snprintf to fixed size buffer

Use a snprintf to write an environment variable to a fixed-size buffer to
avoid stack overflow.

Reported by: Coverity (CWE-120)
CID: 1238926
Sponsored by: Dell EMC Isilon

6 weeks agofsck(8): Don't overrun mount device buffer
cem [Fri, 14 Apr 2017 00:22:28 +0000 (00:22 +0000)]
fsck(8): Don't overrun mount device buffer

Apply a very similar fix to r299460 (fsck_ffs) to apparently duplicated code
in fsck.

Reported by: Coverity
CID: 1006789
Sponsored by: Dell EMC Isilon

6 weeks agorestore(8): Prevent some heap overflows
cem [Fri, 14 Apr 2017 00:14:40 +0000 (00:14 +0000)]
restore(8): Prevent some heap overflows

The environment variable TMPDIR was copied unchecked into a fixed-size heap
buffer.  Use a length-limiting snprintf in place of ordinary sprintf to
prevent the overflow.  Long TMPDIR variables can still cause odd truncated
filenames, which may be undesirable.

Reported by: Coverity (CWE-120)
CIDs: 1006706, 1006707
Sponsored by: Dell EMC Isilon

6 weeks agobanner(6): Squash a harmless coverity warning
cem [Thu, 13 Apr 2017 23:22:18 +0000 (23:22 +0000)]
banner(6): Squash a harmless coverity warning

The destination buffer is sized as the sum of program argument lengths, so
it has plenty of room for *argv.  Appease Coverity by using strlcpy instead
of strcpy.  Similar to a nearby cleanup performed in r316500.

No functional change.

Reported by: Coverity (CWE-120)
CID: 1006703
Sponsored by: Dell EMC Isilon

6 weeks agoAttempt to clear logos more thoroughly.
jkim [Thu, 13 Apr 2017 23:00:26 +0000 (23:00 +0000)]
Attempt to clear logos more thoroughly.

PR: 202288
Reviewed by: cem

6 weeks agoctm: Fix some trivial argv buffer overruns
cem [Thu, 13 Apr 2017 22:59:17 +0000 (22:59 +0000)]
ctm: Fix some trivial argv buffer overruns

It may not do the right thing with these obviously wrong inputs, but at
least it won't smash the stack.

Reported by: Coverity (CWE-120)
CIDs: 1006697, 1006698
Sponsored by: Dell EMC Isilon

6 weeks agoCache compiler metadata and reuse it at installworld time.
bdrewery [Thu, 13 Apr 2017 22:07:34 +0000 (22:07 +0000)]
Cache compiler metadata and reuse it at installworld time.

Right after cross-tools, a file is created that
stores all of the metadata.  It is then read in
with a fail-safe during installworld time.

The file is explicitly removed when invoking cross-tools to ensure that
a stale file is not left around from odd manual 'make _cross-tools' ->
'make installworld' invocations.

This fixes several issues:
    - With WITH_SYSTEM_COMPILER (default yes on head and no on releng/11.0):
      If you build on a system where the bootstrap compiler does not
      build due to the host compiler matching the in-tree one, but then
      installworld on another system where that logic fails (a
      bootstrap compiler is needed), the installworld immediately fails
           sh: cc: not found
      Note that fixing this logic may then hit a case where a rebuild is
      attempted in installworld.  Normally cc would be ran with
      'CFLAGS+=ERROR-tried-to-rebuild-during-make-install' to cause an
      error such as:
          cc: error: no such file or directory: 'ERROR-tried-to-rebuild-during-make-install'
      However, now it will just fail with the 'cc: not found' error.
      Inspection of the compile line will show
      'ERROR-tried-to-rebuild-during-make-install';  It's not useful to
      set CC to anything other than 'cc' during install as it is more
      helpful to see the attempted compile rather than some other bogus
    - This now avoids running (cc executions) even more
      during installworld.  There are compiler-dependent SUBDIR in the
      tree which required having a compiler during install.

There is at least 1 case where CC is still executed in the install,
such as from a LOOKUP!= in secure/lib/libcrypto/ checking
for 'vzeroall' support.  This is not significant for installworld
as the lookup has a fallback (and hides its error) and only modifies CFLAGS,
thus it's not worth fixing.

PR: 212877
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon

6 weeks agoDocument the "oneopenown" option added by r316792.
rmacklem [Thu, 13 Apr 2017 22:05:24 +0000 (22:05 +0000)]
Document the "oneopenown" option added by r316792.

This is a content change.

MFC after: 2 weeks

6 weeks agoAdd an NFSv4.1 mount option for "use one openowner".
rmacklem [Thu, 13 Apr 2017 21:54:19 +0000 (21:54 +0000)]
Add an NFSv4.1 mount option for "use one openowner".

Some NFSv4.1 servers such as AmazonEFS can only support a small fixed number
of open_owner4s. This patch adds a mount option called "oneopenown" that
can be used for NFSv4.1 mounts to make the client do all Opens with the
same open_owner4 string. This option can only be used with NFSv4.1 and
may not work correctly when Delegations are is use.

Reported by: cperciva
Tested by: cperciva
MFC after: 2 weeks
Differential Revision:

6 weeks agoAdd call to svcpool_close() for the NFSv4 callback pool (svcpool_nfscbd).
rmacklem [Thu, 13 Apr 2017 20:16:29 +0000 (20:16 +0000)]
Add call to svcpool_close() for the NFSv4 callback pool (svcpool_nfscbd).

A function called svcpool_close() was added to the server side krpc by
r313735, so that a pool could be closed without destroying the data structures.
This little patch adds a call to it for the callback pool (svcpool_nfscbd),
so that the nfscbd daemon can be killed/restarted and continue to work

MFC after: 2 weeks

6 weeks agoPass COMPILER_FEATURES down to submakes for installworld.
bdrewery [Thu, 13 Apr 2017 19:27:46 +0000 (19:27 +0000)]
Pass COMPILER_FEATURES down to submakes for installworld.

compiler, etc.

MFC after: 2 weeks
Sponsored by: Dell EMC Isilon

6 weeks agoo Redundant assignments removed.
maxim [Thu, 13 Apr 2017 18:13:10 +0000 (18:13 +0000)]
o Redundant assignments removed.

Found by: PVS-Stdio, V519
Reviewed by: ae

6 weeks agodummynet: Use strlcpy to appease static checkers
cem [Thu, 13 Apr 2017 17:47:44 +0000 (17:47 +0000)]
dummynet: Use strlcpy to appease static checkers

Some dummynet modules used strcpy() to copy from a larger buffer
(dn_aqm->name) to a smaller buffer (dn_extra_parms->name).  It happens that
the lengths of the strings in the dn_aqm buffers were always hardcoded to be
smaller than the dn_extra_parms buffer ("CODEL", "PIE").

Use strlcpy() instead, to appease static checkers.  No functional change.

Reported by: Coverity
CIDs: 1356163, 1356165
Sponsored by: Dell EMC Isilon

6 weeks agolinux_ioctl: Refactor some v4l2 struct converters
cem [Thu, 13 Apr 2017 17:34:51 +0000 (17:34 +0000)]
linux_ioctl: Refactor some v4l2 struct converters

According to the C standard, it is invalid to copy beyond the end of an
object, even if that object is obviously a member of a larger object (a
struct, in this case).

Appease the standard and Coverity by refactoring the copy in a
straightforward way.  No functional change.

Reported by: Coverity (CWE-120)
CIDs: 1007819, 1007820, 1007821, 1007822, 1009668, 1009669
Security: no (false positive detection)
Sponsored by: Dell EMC Isilon

6 weeks agocxgbe: Query some more RDMA related parameters from the firmware.
np [Thu, 13 Apr 2017 17:16:36 +0000 (17:16 +0000)]
cxgbe: Query some more RDMA related parameters from the firmware.

MFC after: 3 days
Sponsored by: Chelsio Communications

6 weeks agoloader: Avoid possible overflow via environment variable
cem [Thu, 13 Apr 2017 17:11:49 +0000 (17:11 +0000)]
loader: Avoid possible overflow via environment variable

Reported by: Coverity (CWE-120)
CID: 1006704
Sponsored by: Dell EMC Isilon

6 weeks agoClear h/w csum flags on mbuf handled by UDP.
ae [Thu, 13 Apr 2017 17:03:57 +0000 (17:03 +0000)]
Clear h/w csum flags on mbuf handled by UDP.

When checksums of received IP and UDP header already checked, UDP uses
sbappendaddr_locked() to pass received data to the socket.
sbappendaddr_locked() uses given mbuf as is, and if NIC supports checksum
offloading, mbuf contains csum_data and csum_flags that were calculated
for already stripped headers. Some NICs support only limited checksums
offloading and do not use CSUM_PSEUDO_HDR flag, and csum_data contains
some value that UDP/TCP should use for pseudo header checksum calculation.

When L2TP is used for tunneling with mpd5, ng_ksocket receives mbuf with
filled csum_flags and csum_data, that were calculated for outer headers.
When L2TP header is stripped, a packet that was tunneled goes to the IP
layer and due to presence of csum_flags (without CSUM_PSEUDO_HDR) and
csum_data, the UDP/TCP checksum check fails for this packet.

Reported by: Irina Liakh <spell at itl ua>
Tested by: Irina Liakh <spell at itl ua>
MFC after: 1 week

6 weeks agoRather than checking if the top bit in a virtual address is a 0 or 1
andrew [Thu, 13 Apr 2017 16:57:02 +0000 (16:57 +0000)]
Rather than checking if the top bit in a virtual address is a 0 or 1
compare against VM_MAXUSER_ADDRESS as we should have been doing.

Sponsored by: DARPA, AFRL

6 weeks agoFix an out-of-bounds write when a zero-length buffer is passed.
brooks [Thu, 13 Apr 2017 15:52:45 +0000 (15:52 +0000)]
Fix an out-of-bounds write when a zero-length buffer is passed.

Found with ttyname_test and CHERI bounds checking.

Reviewed by: emaste
Obtained from: CheriBSD
MFC after: 1 week
Sponsored by: DARPA, AFRL
Differential Revision:

6 weeks agoMap DMAP as nx.
kib [Thu, 13 Apr 2017 15:49:55 +0000 (15:49 +0000)]
Map DMAP as nx.

Demotions preserve PG_NX, so it is enough to set nx bit for initial
lowest-level paging entries.

Suggested and reviewed by: alc
Sponsored by: The FreeBSD Foundation
MFC after: 1 week

6 weeks agoCorrect an out of bounds read with HN_AUTOSCALE and very large numbers.
brooks [Thu, 13 Apr 2017 15:49:32 +0000 (15:49 +0000)]
Correct an out of bounds read with HN_AUTOSCALE and very large numbers.

The maximum scale is 6 (K, M, G, T, P, E) (B is 0).

Overly large explict scales were checked correctly, but for sufficently
large numbers HN_AUTOSCALE would get to 7 resulting in an out of bounds

Found with humanize_number_test and CHERI bounds checking.

Reviewed by: emaste
Obtained from: CheriBSD
MFC after: 1 week
Sponsored by: DARPA, AFRL
Differential Revision:

6 weeks agoDon't prefix zero with 0x in assym.s.
andrew [Thu, 13 Apr 2017 15:43:44 +0000 (15:43 +0000)]
Don't prefix zero with 0x in assym.s.

The arm64 binutils only accepts 0 as an offset to the Load-Acquire Register
instructions where llvm will acceps both 0 and 0x0. The thread switching
code uses these with SCHED_ULE to block waiting for a lock to be released.
As the offset of the data to be loaded is zero this is safe, however it is
useful to keep the offset in the instruction to document what is being

To work around this issue in binutils only generate the 0x prefix for
non-zero values.

Reported by: kan
Sponsored by: DARPA, AFRL

6 weeks agoSet the arm64 Execute-never bits in more places.
andrew [Thu, 13 Apr 2017 15:03:03 +0000 (15:03 +0000)]
Set the arm64 Execute-never bits in more places.

We need to set the Execute-never bits when mapping device memory as the
hardware may perform speculative instruction fetches.

Set the Privileged Execute-ever bit on userspace memory to stop the kernel
if it is tricked into executing it.

Reviewed by: kib
Sponsored by: DARPA, AFRL
Differential Revision:

6 weeks agoFix vdev_geom_attach_by_guids for partitioned disks
asomers [Thu, 13 Apr 2017 14:51:34 +0000 (14:51 +0000)]
Fix vdev_geom_attach_by_guids for partitioned disks

When opening a vdev whose path is unknown, vdev_geom must find a geom
provider with a label whose guids match the desired vdev. However, due to
partitioning, it is possible that two non-synonomous providers will share
some labels. For example, if the first partition starts at the beginning of
the drive, then ada0 and ada0p1 will share the first label. More troubling,
if the last partition runs to the end of the drive, then ada0p3 and ada0
will share the last label. If vdev_geom opens ada0 when it should've opened
ada0p3, then the pool won't be readable. If it opens ada0 when it should've
opened ada0p1, then it will corrupt some other partition when it writes the
3rd and 4th labels.

The easiest way to reproduce this problem is to install a mirrored root pool
with the default partition layout, then swap the positions of the two boot
drives and reboot.  Whether the bug manifests depends on the order in which
geom lists its providers, which is arbitrary.

Fix this situation by modifying the search algorithm to prefer geom
providers that have all four labels intact. If no such provider exists, then
open whichever provider has the most.

Reviewed by: mav
MFC after: 3 weeks
Sponsored by: Spectra Logic Corp
Differential Revision:

6 weeks agoAdd large replay widow support to setkey(8) and libipsec.
ae [Thu, 13 Apr 2017 14:44:17 +0000 (14:44 +0000)]
Add large replay widow support to setkey(8) and libipsec.

When the replay window size is large than UINT8_MAX, add to the request
the SADB_X_EXT_SA_REPLAY extension header that was added in r309144.

extension headers to the key_debug that is used by `setkey -x`.

Modify kdebug_sockaddr() to use inet_ntop() for IP addresses formatting.
And modify kdebug_sadb_x_policy() to show policy scope and priority.

Reviewed by: gnn, Emeric Poupon
MFC after: 2 weeks
Differential Revision:

6 weeks agoUpdate list of Conexant and Realtek codecs.
mav [Thu, 13 Apr 2017 14:40:48 +0000 (14:40 +0000)]
Update list of Conexant and Realtek codecs.

MFC after: 2 weeks

6 weeks agoUse proper fields to check for interrupt trigger mode.
kan [Thu, 13 Apr 2017 14:23:27 +0000 (14:23 +0000)]
Use proper fields to check for interrupt trigger mode.

6 weeks agoIn ARMv8.1 ARM has added a process state bit to disable access to userspace
andrew [Thu, 13 Apr 2017 13:46:01 +0000 (13:46 +0000)]
In ARMv8.1 ARM has added a process state bit to disable access to userspace
from the kernel. Make use of this to restrict accessing userspace to just
the functions that explicitly handle crossing the user kernel boundary.

Reported by: kib
Sponsored by: DARPA, AFRL
Differential Revision:

6 weeks agoAdd SCTLR bits added in ARMv8.1 and ARMv8.2 and start to use them in the
andrew [Thu, 13 Apr 2017 11:56:27 +0000 (11:56 +0000)]
Add SCTLR bits added in ARMv8.1 and ARMv8.2 and start to use them in the
early boot code.

Sponsored by: DARPA, AFRL

6 weeks agoloader/multiboot: fix multiboot loading
royger [Thu, 13 Apr 2017 09:59:12 +0000 (09:59 +0000)]
loader/multiboot: fix multiboot loading

The current multiboot loader code doesn't clean the metadata added to the
kernel after the bi_load64 dry run, which breaks accounting of the required
memory for the metadata.

This issue didn't show itself before because all the metadata items where small
(8bytes), but after r316343 there's a big blob in the metadata, which triggers
this. Fix it by cleaning the metadata added to the kernel after the bi_load64
dry run. Also add a comment describing the memory layout when booting using
multiboot (Xen Dom0).

This unbreaks booting a FreeBSD/Xen Dom0 after r316343.

MFC after: 3 weeks
Sponsored by: Citrix Systems R&D

6 weeks agoFix expectations for testcases per bsdgrep vs gnu grep from base/ports
ngie [Thu, 13 Apr 2017 04:10:27 +0000 (04:10 +0000)]
Fix expectations for testcases per bsdgrep vs gnu grep from base/ports

The following failures occur with various versions of grep:

BSD grep:
- :context
- :context2

GNU grep (base):
- :color
- :oflag_zerolen

GNU grep (ports):
- :recurse_symlink

Tested with: bsdgrep (^/head@r316542), gnu grep (base/2.5.1), gnu grep (ports/2.27)
Reported by: Jenkins (bsdgrep failures)
Sponsored by: Dell EMC Isilon

6 weeks agodrm2: Add some missing PCIIDs for some Haswell systems
cem [Thu, 13 Apr 2017 01:56:15 +0000 (01:56 +0000)]
drm2: Add some missing PCIIDs for some Haswell systems

Submitted by: Jia-Shiun Li <jiashiun at>

6 weeks agoFix rss_ind_table entry for num_funcs > 1
davidcs [Thu, 13 Apr 2017 01:17:49 +0000 (01:17 +0000)]
Fix rss_ind_table entry for num_funcs > 1

MFC after:3 days

6 weeks agoAdd UEFI support to
allanjude [Thu, 13 Apr 2017 00:07:39 +0000 (00:07 +0000)]
Add UEFI support to

 -E: Use UEFI mode
 -f: path to UEFI firmware image (default: path to uefi-edk2-bhyve package)
 -F: UEFI framebuffer size (default: w=1024,h=768)
 -L: IP to listen for VNC connections on (default:
 -P: Port to listen for VNC connections on (default: 5900)
 -T: Enable tablnet device (for VNC)
 -v: Wait for VNC client before booting VM

Submitted by: Shawn Webb <>
MFC after: 2 weeks
Relnotes: yes
Differential Revision:

6 weeks agoFix the NFS client for "text file modified, process killed" mmap'd case.
rmacklem [Wed, 12 Apr 2017 21:37:12 +0000 (21:37 +0000)]
Fix the NFS client for "text file modified, process killed" mmap'd case.

When an mmap'd text file is written and then executed immediately
afterwards, it was possible that the modify time would change after the
text file was executing, resulting in the process executing the file
being killed. This was usually only observed when the file system's
times were set to higher resolution, but could have occurred for any
time resolution.
This was reported on a recent email list discussion.
This patch adds a VOP_SET_TEXT() to the NFS client which flushed all
dirty pages to the NFS server and then makes sure that n_mtime is up
to date to avoid this from occurring.
Thanks go to kib@ and pho@ for their help with developing this patch.

Tested by: pho
Reviewed by: kib
MFC after: 2 weeks