emaste [Mon, 15 Dec 2014 18:18:57 +0000 (18:18 +0000)]
Correct elftoolchain strip(1) memory size calculation
Calculate the segment's memory size (p_memsz) using the virtual
addresses, not the file offsets. Otherwise padding preceeding SHT_NOBITS
sections may be excluded from the calculation, resulting in a segment
that is too small.
PR: 195653
Sponsored by: The FreeBSD Foundation
jhb [Mon, 15 Dec 2014 17:52:08 +0000 (17:52 +0000)]
Check for SS_NBIO in so->so_state instead of sb->sb_flags in
soreceive_stream().
Differential Revision: https://reviews.freebsd.org/D1299
Reviewed by: bz, gnn
MFC after: 1 week
kib [Mon, 15 Dec 2014 14:58:10 +0000 (14:58 +0000)]
Markup fixes for kqueue(2), no content changes.
Reviewed by: brueffer (previous version)
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
kuriyama [Mon, 15 Dec 2014 14:36:04 +0000 (14:36 +0000)]
Fix incorrect type of "invalids" argument in __iconv() prototype.
emaste [Mon, 15 Dec 2014 14:25:42 +0000 (14:25 +0000)]
Remove empty generated file upon gperf failure
Prior to this change the build could fail as follows, if gperf is not
available (or fails):
- make(1) stops due to the gperf error, but an empty target file
(cfns.h) is still created
- the empty cfns.h is newer than the source cfns.gperf so it is not
regenerated on subsequent builds
- the gcc build fails (undefined reference to libc_name_p)
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
br [Mon, 15 Dec 2014 12:15:18 +0000 (12:15 +0000)]
Fix typo.
kib [Mon, 15 Dec 2014 12:01:42 +0000 (12:01 +0000)]
Add a facility for non-init process to declare itself the reaper of
the orphaned descendants. Base of the API is modelled after the same
feature from the DragonFlyBSD.
Requested by: bapt
Reviewed by: jilles (previous version)
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 3 weeks
br [Mon, 15 Dec 2014 11:57:39 +0000 (11:57 +0000)]
Follow r275792 eliminating fdt_data_verify().
br [Mon, 15 Dec 2014 09:40:25 +0000 (09:40 +0000)]
Eliminate fdt_data_verify(). The verification it proceed is wrong
disallowing us to encode 64-bit register numbers.
Discussed with: nwhitehorn, andrew
hselasky [Mon, 15 Dec 2014 09:35:46 +0000 (09:35 +0000)]
Regenerate usb.conf .
MFC after: 1 week
hselasky [Mon, 15 Dec 2014 09:23:40 +0000 (09:23 +0000)]
Resolve USB driver identification conflict.
Reported by: Anish Mistry <amistry@am-productions.biz>
MFC after: 1 week
delphij [Mon, 15 Dec 2014 07:52:23 +0000 (07:52 +0000)]
MFV r275551:
Remove "dbuf phys" db->db_data pointer aliases.
Use function accessors that cast db->db_data to the appropriate
"phys" type, removing the need for clients of the dmu buf user
API to keep properly typed pointer aliases to db->db_data in order
to conveniently access their data.
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zap_leaf.c:
In zap_leaf() and zap_leaf_byteswap, now that the pointer alias
field l_phys has been removed, use the db_data field in an on
stack dmu_buf_t to point to the leaf's phys data.
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dbuf.c:
Remove the db_user_data_ptr_ptr field from dbuf and all logic
to maintain it.
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dbuf.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dnode.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sys/dbuf.h:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sys/dmu.h:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_dataset.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_dir.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sa.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zap.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zap_micro.c:
Modify the DMU buf user API to remove the ability to specify
a db_data aliasing pointer (db_user_data_ptr_ptr).
cddl/contrib/opensolaris/cmd/zdb/zdb.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dmu_diff.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dmu_objset.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dmu_send.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dmu_traverse.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dmu_tx.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_bookmark.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_dataset.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_deadlist.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_deleg.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_destroy.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_dir.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_pool.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_prop.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_scan.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_synctask.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_userhold.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sa.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa_history.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zap.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zap_leaf.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zap_micro.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ioctl.c:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sys/dsl_dataset.h:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sys/dsl_dir.h:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sys/zap_impl.h:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sys/zap_leaf.h:
Create and use the new "phys data" accessor functions
dsl_dir_phys(), dsl_dataset_phys(), zap_m_phys(),
zap_f_phys(), and zap_leaf_phys().
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sys/dsl_dataset.h:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sys/dsl_dir.h:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sys/zap_impl.h:
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sys/zap_leaf.h:
Remove now unused "phys pointer" aliases to db->db_data
from clients of the DMU buf user API.
Illumos issue:
5314 Remove "dbuf phys" db->db_data pointer aliases in ZFS
MFC after: 2 weeks
delphij [Mon, 15 Dec 2014 05:10:55 +0000 (05:10 +0000)]
MFV r275550:
In addition to r273158, make the code in spa_sync() that checks if the
current TXG is a no-op TXG less fragile.
Illumos issue:
5347 idle pool may run itself out of space
MFC after: 2 weeks
delphij [Mon, 15 Dec 2014 04:51:36 +0000 (04:51 +0000)]
MFV r275549:
Add a loader tunable, vfs.zfs.arc_meta_min, which controls how much metadata
ZFS should keep in ARC at minimum.
In arc_evict(), when doing recycle, take more factors into account by
applying the following policy:
1. If no evictable data, evict metadata;
2. If no evictable metadata, evict data;
3. If we hit arc_meta_limit, evict metadata;
4. If we haven't hit arc_meta_min, evict data;
5* (Illumos only, not present in new FreeBSD code, yet) evict the oldest
cached element from data and metadata.
(FreeBSD) evict the data type specified by caller, which is the
existing behavior.
Note that because of our splitted locks (implemented in r205231 to improve
scalability by reducing lock contention), implementing the fifth Illumos
behavior will not be cheap, so for now just implement the 1-4 and fall back
to current behavior for 5.
Illumos issue:
5368 ARC should cache more metadata
MFC after: 2 months (assuming we didn't found better solution)
rpaulo [Sun, 14 Dec 2014 22:41:08 +0000 (22:41 +0000)]
Move ofw_cpu.c to sys/dev/ofw so that it can be used by other
architectures.
Differential Revision: https://reviews.freebsd.org/D1307
Reviewed by: jhibbits
dim [Sun, 14 Dec 2014 18:16:49 +0000 (18:16 +0000)]
Update clang patch for r275759 to use correct test cases.
des [Sun, 14 Dec 2014 16:40:46 +0000 (16:40 +0000)]
Add a vigr(8) utility which does for /etc/group what vipw(8) does for
/etc/master.passwd.
jilles [Sun, 14 Dec 2014 16:26:19 +0000 (16:26 +0000)]
sh: Make sure output suitable as shell input is also printable.
Commands like 'export -p', 'set' and 'trap', and tracing enabled via 'set
-x' generate output suitable as shell input by adding quotes as necessary.
If there are control characters other than newline or invalid UTF-8
sequences, use $'...' and \OOO to display them safely.
The resulting output is not parsable by a strict POSIX.1-2008 shell but sh
from FreeBSD 9.0 and newer and many other shells can parse it.
des [Sun, 14 Dec 2014 16:17:48 +0000 (16:17 +0000)]
Clean up, reindent, add a special case for NIS / LDAP line
MFC after: 1 week
dim [Sun, 14 Dec 2014 13:40:42 +0000 (13:40 +0000)]
Add clang patch corresponding to r275759.
dim [Sun, 14 Dec 2014 13:38:10 +0000 (13:38 +0000)]
Pull in r221170 from upstream clang trunk (by Roman Divacky):
Implement vaarg lowering for ppc32. Lowering of scalars and
aggregates is supported. Complex numbers are not.
This adds va_args support for PowerPC (32 bit) to clang.
Reviewed by: jhibbits
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D1308
dim [Sun, 14 Dec 2014 13:32:14 +0000 (13:32 +0000)]
Update patch-r274286-llvm-r201784-asm-dollar.diff, so
test/MC/AsmParser/macros.s is properly deleted when patching.
trasz [Sun, 14 Dec 2014 10:49:22 +0000 (10:49 +0000)]
Fix bug that made automount(8) never unmount stale autofs(5) mounts,
ie mounts for entries that were there in auto_master(5), and then
got removed.
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
trasz [Sun, 14 Dec 2014 10:37:17 +0000 (10:37 +0000)]
Fix spurious "child process X terminated with exit status 1" messages
from automountd(8).
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
kib [Sun, 14 Dec 2014 08:43:13 +0000 (08:43 +0000)]
Fix gcc build.
Sponsored by: The FreeBSD Foundation
MFC after: 13 days
trasz [Sat, 13 Dec 2014 21:13:28 +0000 (21:13 +0000)]
Fix quick_exit(3) manual page to match reality - the status was missing.
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
dchagin [Sat, 13 Dec 2014 21:00:10 +0000 (21:00 +0000)]
Add _NEW flag to mtx(9), sx(9), rmlock(9) and rwlock(9).
A _NEW flag passed to _init_flags() to avoid check for double-init.
Differential Revision: https://reviews.freebsd.org/D1208
Reviewed by: jhb, wblock
MFC after: 1 Month
delphij [Sat, 13 Dec 2014 19:17:28 +0000 (19:17 +0000)]
MFV r247174:
Expose arc_meta_limit, et al via kstats.
Note that as a result, vfs.zfs.arc_meta_used is removed.
The existing vfs.zfs.arc_meta_limit sysctl/tunable is retained
with a SYSCTL_PROC wrapper.
Illumos ZFS issues:
3561 arc_meta_limit should be exposed via kstats
Relnotes: yes
MFC after: 2 weeks
dim [Sat, 13 Dec 2014 18:54:46 +0000 (18:54 +0000)]
Update llvm patches for r274286 and r275633 so all the tests will pass.
trasz [Sat, 13 Dec 2014 17:14:35 +0000 (17:14 +0000)]
Fix markup.
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
kib [Sat, 13 Dec 2014 16:18:29 +0000 (16:18 +0000)]
Add facility to stop all userspace processes. The supposed use of the
feature is to quisce the system before suspend.
Stop is implemented by reusing the thread_single(9) with the special
mode SINGLE_ALLPROC. SINGLE_ALLPROC differs from the existing
single-threading modes by allowing (requiring) caller to operate on
other process. Interruptible sleeps for !TDF_SBDRY threads are
suspended like SIGSTOP does it, instead of aborting the sleep, like
SINGLE_NO_EXIT, to avoid spurious EINTRs on resume.
Provide debugging sysctl debug.stop_all_proc, which causes total stop
and suspends syncer, while waiting for variable reset for resume. It
is used for debugging; should be removed after the real use of the
interface is added.
In collaboration with: pho
Discussed with: avg
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
kib [Sat, 13 Dec 2014 16:07:01 +0000 (16:07 +0000)]
Only sleep interruptible while waiting for suspension end when
filesystem specified VFCF_SBDRY flag, i.e. for NFS.
There are two issues with the sleeps. First, applications may get
unexpected EINTR from the disk i/o syscalls. Second, interruptible
sleep allows the stop of the process, and since mount point is
referenced while thread sleeps, unmount cannot free mount point
structure' memory, blocking unmount indefinitely.
Even for NFS, it is probably only reasonable to enable PCATCH for intr
mounts, but this information is currently not available at VFS level.
Reported and tested by: pho (previous version)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
kib [Sat, 13 Dec 2014 16:02:37 +0000 (16:02 +0000)]
The vinactive() call in vgonel() may start writes for the dirty pages,
creating delayed write buffers belonging to the reclaimed vnode. Put
the buffer cleanup code after inactivation.
Add asserts that ensure that buffer queues are empty and add BO_DEAD
flag for bufobj to check that no buffers are added after the cleanup.
BO_DEAD is only used by INVARIANTS-enabled kernels.
Reported and tested by: pho (previous version)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
delphij [Sat, 13 Dec 2014 02:08:18 +0000 (02:08 +0000)]
MFV r275548:
Verify that the block pointer is structurally valid, before attempting to
read it in. It can only be invalid in the case of a ZFS bug, but this
change will help identify such bugs in a more transparent way, by
panic'ing with a relevant message, rather than indexing off the end of an
array or something.
Illumos issue:
5349 verify that block pointer is plausible before reading
MFC after: 2 weeks
delphij [Sat, 13 Dec 2014 01:55:02 +0000 (01:55 +0000)]
MFV r275547:
Port Illumos 'zfs allow' examples update. While I'm there also fix
a typo.
Illumos issue:
4181 zfs(1m): 'zfs allow' examples in the man page are outdated
MFC after: 2 weeks
delphij [Sat, 13 Dec 2014 01:39:24 +0000 (01:39 +0000)]
MFV r275546:
Reduce scrub activities when system there is enough dirty data, namely when
dirty data is more than zfs_vdev_async_write_active_min_dirty_percent (once
we start to increase the number of concurrent async writes).
While there also correct rounding error which would make scrub end up
pausing for (zfs_txg_timeout + 1) seconds instead of the desired
zfs_txg_timeout seconds.
Illumos issue:
5351 scrub goes for an extra second each txg
5352 scrub should pause when there is some dirty data
MFC after: 2 weeks
delphij [Sat, 13 Dec 2014 01:26:06 +0000 (01:26 +0000)]
MFV r275545:
If zio_checksum_error() returns other than ECKSUM (e.g. EINVAL), it does not
fill in the "zio_bad_cksum_t *info" parameter. Caller should not attempt to
use it in this case.
Illumos issue:
5348 zio_checksum_error() only fills in info if ECKSUM
MFC after: 2 weeks
delphij [Sat, 13 Dec 2014 01:18:23 +0000 (01:18 +0000)]
MFV r275544:
Clean up some duplicated code in dnode_sync() around freeing spill blocks.
Illumos issue:
5350 clean up code in dnode_sync()
MFC after: 2 weeks
delphij [Sat, 13 Dec 2014 01:14:59 +0000 (01:14 +0000)]
MFV r275543:
Remove always true tests for ds->ds_phys' presence.
Clean up assertions in dsl_dataset_disown.
Remove unreachable code in dsl_dataset_disown().
Illumos issue:
5310 Remove always true tests for non-NULL ds->ds_phys
MFC after: 2 weeks
delphij [Sat, 13 Dec 2014 01:10:17 +0000 (01:10 +0000)]
MFV r275542:
If a dnode has a spill block and there is an error while accessing
a data block then traverse_dnode() loses information about that error
and returns a status of visiting the spill block.
This issue is discovered by Spectra Logic.
Illumos issue:
5311 traverse_dnode may report success when it should not
Original author: gibbs
MFC after: 2 weeks
np [Fri, 12 Dec 2014 21:54:59 +0000 (21:54 +0000)]
Move KTR_CXGBE from t4_tom.h to adapter.h so that the base if_cxgbe
code can use it too.
MFC after: 1 week
jmg [Fri, 12 Dec 2014 19:56:36 +0000 (19:56 +0000)]
Add some new modes to OpenCrypto. These modes are AES-ICM (can be used
for counter mode), and AES-GCM. Both of these modes have been added to
the aesni module.
Included is a set of tests to validate that the software and aesni
module calculate the correct values. These use the NIST KAT test
vectors. To run the test, you will need to install a soon to be
committed port, nist-kat that will install the vectors. Using a port
is necessary as the test vectors are around 25MB.
All the man pages were updated. I have added a new man page, crypto.7,
which includes a description of how to use each mode. All the new modes
and some other AES modes are present. It would be good for someone
else to go through and document the other modes.
A new ioctl was added to support AEAD modes which AES-GCM is one of them.
Without this ioctl, it is not possible to test AEAD modes from userland.
Add a timing safe bcmp for use to compare MACs. Previously we were using
bcmp which could leak timing info and result in the ability to forge
messages.
Add a minor optimization to the aesni module so that single segment
mbufs don't get copied and instead are updated in place. The aesni
module needs to be updated to support blocked IO so segmented mbufs
don't have to be copied.
We require that the IV be specified for all calls for both GCM and ICM.
This is to ensure proper use of these functions.
Obtained from: p4: //depot/projects/opencrypto
Relnotes: yes
Sponsored by: FreeBSD Foundation
Sponsored by: NetGate
imp [Fri, 12 Dec 2014 18:54:31 +0000 (18:54 +0000)]
Fix typo in comments.
Noticed by: brooks@
jhb [Fri, 12 Dec 2014 16:10:42 +0000 (16:10 +0000)]
Provide a dead version of if_get_counter.
Submitted by: glebius
Reported by: np
ae [Fri, 12 Dec 2014 11:29:54 +0000 (11:29 +0000)]
Increase the buffer size to keep the list of programm names when
parsing programm specification. It is safe to not check out of bounds
access, because !isprint(p[i]) check will stop reading, when '\0'
character will be read from the input string.
Obtained from: Yandex LLC
MFC after: 1 week
Sponsored by: Yandex LLC
br [Fri, 12 Dec 2014 11:19:10 +0000 (11:19 +0000)]
Add virtio bus 'poll' method allowing us to inform backend we are
going to poll virtqueue.
Use on BERI soft-core to invalidate cpu caches.
Reviewed by: bryanv
Sponsored by: DARPA, AFRL
kib [Fri, 12 Dec 2014 09:37:18 +0000 (09:37 +0000)]
For architectures where time_t is wide enough, in particular, 64bit
platforms, avoid overflow after year 2038 in clock_ct_to_ts().
PR: 195868
Reviewed by: bde
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
marcel [Fri, 12 Dec 2014 06:13:31 +0000 (06:13 +0000)]
The size of the first level reference count table is given in terms of the
number of clusters it occupies. It's not the number of entries in the table,
as it is for the L1 cluster table.
For small images, the two are the same. With the unit tests based on small
images, this change has therefore no effect on the unit test. For larger
images (like the FreeBSD 10.1-RELEASE image), this gives a discrepancy that
actually shows up when running "qemu-img check".
Bump the version number of mkimg.
While here, fix a white-space bug.
MFC after: 1 week
jhibbits [Fri, 12 Dec 2014 03:58:51 +0000 (03:58 +0000)]
Add new PowerPC relocations to binutils
Summary:
LLVM/Clang generates relocations that our binutils doesn't understand, but newer
binutils does. I got permission from the author of a series of patches to
relicense them as GPLv2 for use in FreeBSD. The upstream git hashes are:
ac2df442ac7901f00af15b272fc48b594b433713
2b95367962dc14f69d3c338c4d54195266e2e169
102890f04c44b64cf5cef4588267dd9f24086ac7
b7fcf6f6bb53b5027e111107f5416769cb9a5798
1d483afedd5a628dc84fb58d1d570f79fdfbfa7b
90aecf7a80c1cefeb45fc10a6cd02c8338e34b4c
3a71aa26df2a372a58e9c11ef9ba51fd0e83320a
727fc41e077139570ea8b8ddfd6c546b2a55627c
With the import of clang 3.5, and a few backported patches, we should be able to
move powerpc and powerpc64 to clang-as-cc soon.
Test Plan: Passes make tinderbox, so no regressions. Binaries built with clang
run on powerpc64.
Reviewers: #committers, dim
Reviewed By: dim
Differential Revision: https://reviews.freebsd.org/D1297
Obtained from: Alan Modra, upstream binutils-gdb git
MFC after: 3 weeks
Relnotes: yes
ae [Thu, 11 Dec 2014 19:20:13 +0000 (19:20 +0000)]
Do not count security policy violation twice.
ipsec*_in_reject() do this by their own.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
ae [Thu, 11 Dec 2014 19:09:57 +0000 (19:09 +0000)]
Use ipsec6_in_reject() to simplify ip6_ipsec_fwd() and ip6_ipsec_input().
ipsec6_in_reject() does the same things, also it counts policy violation
errors.
Do IPSEC check in the ip6_forward() after addresses checks.
Also use ip6_ipsec_fwd() to make code similar to IPv4 implementation.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
rpaulo [Thu, 11 Dec 2014 18:58:22 +0000 (18:58 +0000)]
Add myself.
ae [Thu, 11 Dec 2014 18:55:54 +0000 (18:55 +0000)]
Use ipsec4_in_reject() to simplify ip_ipsec_fwd() and ip_ipsec_input().
ipsec4_in_reject() does the same things, also it counts policy violation
errors.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
ae [Thu, 11 Dec 2014 18:46:11 +0000 (18:46 +0000)]
Treat errors when retrieving security policy as policy violation.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
ae [Thu, 11 Dec 2014 18:40:56 +0000 (18:40 +0000)]
Initialize error variable.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
ae [Thu, 11 Dec 2014 18:35:34 +0000 (18:35 +0000)]
Remove flag/flags argument from the following functions:
ipsec_getpolicybyaddr()
ipsec4_checkpolicy()
ip_ipsec_output()
ip6_ipsec_output()
The only flag used here was IP_FORWARDING.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
emax [Thu, 11 Dec 2014 18:08:54 +0000 (18:08 +0000)]
handle "Kana" and "Eisu" keys on Apple Wireless Keyboard (JIS)
PR: 187470
Submitted by: naito.yuichiro
MFC after: 1 week
ae [Thu, 11 Dec 2014 17:34:49 +0000 (17:34 +0000)]
Remove flags and tunalready arguments from ipsec4_process_packet()
and make its prototype similar to ipsec6_process_packet.
The flags argument isn't used here, tunalready is always zero.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
ae [Thu, 11 Dec 2014 17:14:49 +0000 (17:14 +0000)]
Remove now unused mtag argument from ipsec*_common_input_cb.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
ae [Thu, 11 Dec 2014 17:07:21 +0000 (17:07 +0000)]
Remove code related to PACKET_TAG_IPSEC_IN_CRYPTO_DONE mbuf tag.
It isn't used in FreeBSD.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
ae [Thu, 11 Dec 2014 17:01:53 +0000 (17:01 +0000)]
Remove unused mtag variable.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
ae [Thu, 11 Dec 2014 16:53:29 +0000 (16:53 +0000)]
Move ip_ipsec_fwd() from ip_input() into ip_forward().
Remove check for presence PACKET_TAG_IPSEC_IN_DONE mbuf tag from
ip_ipsec_fwd(). PACKET_TAG_IPSEC_IN_DONE tag means that packet is
already handled by IPSEC code. This means that before IPSEC processing
it was destined to our address and security policy was checked in
the ip_ipsec_input(). After IPSEC processing packet has new IP
addresses and destination address isn't our own. So, anyway we can't
check security policy from the mbuf tag, because it corresponds
to different addresses.
We should check security policy that corresponds to packet
attributes in both cases - when it has a mbuf tag and when it has not.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
ae [Thu, 11 Dec 2014 14:58:55 +0000 (14:58 +0000)]
Remove PACKET_TAG_IPSEC_IN_DONE mbuf tag lookup and usage of its
security policy. The changed block of code in ip*_ipsec_input() is
called when packet has ESP/AH header. Presence of
PACKET_TAG_IPSEC_IN_DONE mbuf tag in the same time means that
packet was already handled by IPSEC and reinjected in the netisr,
and it has another ESP/AH headers (encrypted twice?).
Since it was already processed by IPSEC code, the AH/ESP headers
was already stripped (and probably outer IP header was stripped too)
and security policy from the tdb_ident was applied to those headers.
It is incorrect to apply this security policy to current headers.
Also make ip_ipsec_input() prototype similar to ip6_ipsec_input().
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
ae [Thu, 11 Dec 2014 14:43:44 +0000 (14:43 +0000)]
Remove check for presence of PACKET_TAG_IPSEC_PENDING_TDB and
PACKET_TAG_IPSEC_OUT_CRYPTO_NEEDED mbuf tags. They aren't used in FreeBSD.
Instead check presence of PACKET_TAG_IPSEC_OUT_DONE mbuf tag. If it
is found, bypass security policy lookup as described in the comment.
PACKET_TAG_IPSEC_OUT_DONE tag added to mbuf when IPSEC code finishes
ESP/AH processing. Since it was already finished, this means the security
policy placed in the tdb_ident was already checked. And there is no reason
to check it again here.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
hselasky [Thu, 11 Dec 2014 10:47:50 +0000 (10:47 +0000)]
Make sure callbacks being freed are not pending when the
"mlx4_en_deactivate_cq()" function returns.
MFC after: 1 week
Sponsored by: Mellanox Technologies
markj [Thu, 11 Dec 2014 09:16:45 +0000 (09:16 +0000)]
Revert r275695: nd6_dad_find() was already correct.
Reported by: ae, kib
Pointy hat to: markj
delphij [Thu, 11 Dec 2014 06:52:10 +0000 (06:52 +0000)]
MFV r275696: file 5.21.
MFC after: 2 weeks
delphij [Thu, 11 Dec 2014 06:00:53 +0000 (06:00 +0000)]
Vendor import of file 5.21.
markj [Thu, 11 Dec 2014 00:41:54 +0000 (00:41 +0000)]
Fix a bug in r266857: nd6_dad_find() must return NULL if it doesn't find
a matching element in the DAD queue.
Reported by: Holger Hans Peter Freyther <holger@freyther.de>
MFC after: 3 days
ngie [Wed, 10 Dec 2014 23:18:11 +0000 (23:18 +0000)]
Fix building termcap.db when make obj is run beforehand from a clean tree by
using make variables for the filenames, which helps resolve pathing
appropriately when running cap_mkdb
X-MFC with: r275687
Pointyhat to: me
ngie [Wed, 10 Dec 2014 20:40:03 +0000 (20:40 +0000)]
Remove termcap entry reordering; install the file verbatim instead
termcap entry reordering requires ex (which is available via usr.bin/vi), which
breaks on build hosts where installworld is run with MK_VI == no (or when
make delete-old is run on ^/projects/building-blocks as vi, et al, are
removed on the branch when the knob is tweaked to => "no")
Reordering termcap was believed to improve performance, but the file is now
accessed via /etc/termcap.db, so /etc/termcap (and /usr/share/misc/termcap by
proxy) access is less preferred.
Reordering the file broke the historical comment <-> entry mapping as well,
which could muddle the purpose of entries in the file, so it could be
potentially harmful to readers in its reordered state.
Discussion took place on hackers@ here:
https://lists.freebsd.org/pipermail/freebsd-hackers/2014-December/046657.html
Discussed with: -hackers, mp
MFC after: 1 month
Sponsored by: EMC / Isilon Storage Division
andreast [Wed, 10 Dec 2014 20:23:19 +0000 (20:23 +0000)]
Fix kernel build for booke.
andreast [Wed, 10 Dec 2014 18:13:14 +0000 (18:13 +0000)]
Fix build for powerpc(32|64) kernels.
tuexen [Wed, 10 Dec 2014 14:50:57 +0000 (14:50 +0000)]
Fix a typo reported by Lennart Grahl.
MFC after: 3 days
trasz [Wed, 10 Dec 2014 14:36:44 +0000 (14:36 +0000)]
Add "-media" autofs map, to access data on removable media, such as CD
drives or flash keys. It can be enabled by uncommenting a single entry
in default /etc/auto_master. It can also be easily modified to use
fuse-based filesystems instead of in-kernel ones.
There is still one deficiency - the mountpoints are permanent, they
don't disappear when user removes the media. Fixing it needs some
autofs changes.
Differential Revision: https://reviews.freebsd.org/D1210
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
trasz [Wed, 10 Dec 2014 14:14:16 +0000 (14:14 +0000)]
Add fstyp(8). This utility, named after its SVR4 counterpart, detects
filesystems. It differs from file(1) in that it gives machine-parseable
output, it outputs filesystem labels, doesn't get confused by other
formats metadata, and runs in Capsicum sandbox.
Differential Revision: https://reviews.freebsd.org/D1255
Relnotes: yes
Sponsored by: The FreeBSD Foundation
royger [Wed, 10 Dec 2014 13:25:21 +0000 (13:25 +0000)]
xen/intr: balance dynamic interrupts across available vCPUs
By default Xen binds all event channels to vCPU#0, and FreeBSD only shuffles
the interrupt sources once, at the end of the boot process. Since new event
channels might be created after this point (because new devices or backends
are added), try to automatically shuffle them at creation time.
This does not affect VIRQ or IPI event channels, that are already bound to a
specific vCPU as requested by the caller.
Sponsored by: Citrix Systems R&D
royger [Wed, 10 Dec 2014 11:42:02 +0000 (11:42 +0000)]
xen: mask event channels while binding them to a vCPU
Mask the event channel source before trying to bind it to a CPU, this
prevents stray interrupts from firing while assigning them and hitting the
KASSERT in xen_intr_handle_upcall.
Sponsored by: Citrix Systems R&D
royger [Wed, 10 Dec 2014 11:35:41 +0000 (11:35 +0000)]
xen: convert the Grant-table code to a NewBus device
This allows the Grant-table code to attach directly to the xenpv bus,
allowing us to remove the grant-table initialization done in xenpv.
Sponsored by: Citrix Systems R&D
br [Wed, 10 Dec 2014 11:35:10 +0000 (11:35 +0000)]
o Put () for p to avoid unexpected macro expansion
o style(9) fix
Submitted by: Yonghyeon PYUN <pyunyh@gmail.com>
royger [Wed, 10 Dec 2014 11:21:52 +0000 (11:21 +0000)]
xen: move grant table code
Mave the grant table code into the dev/xen folder in preparation for turning
it into a device using the newbus interface. This is just code motion, no
functional changes.
Sponsored by: Citrix Systems R&D
delphij [Wed, 10 Dec 2014 08:19:55 +0000 (08:19 +0000)]
Fix multiple vulnerabilities in file(1) and libmagic(3).
Security: FreeBSD-SA-14:28.file
Security: CVE-2014-3710, CVE-2014-8116, CVE-2014-8117
delphij [Wed, 10 Dec 2014 08:18:22 +0000 (08:18 +0000)]
In r268924 __fflush was modified so that when write(2) was not successful,
_p and _w are adjusted to account for the partial write (if any).
However, _p and _w should not be unconditionally adjusted and should only
be changed when we actually wrote some bytes, or the accumulated accounting
error will eventually result in a heap buffer overflow.
Reported by: adrian and alfred (Norse Corporation)
Security: FreeBSD-SA-14:27.stdio
Security: CVE-2014-8611
ian [Wed, 10 Dec 2014 04:54:43 +0000 (04:54 +0000)]
Fix the watchdog timeout calculation to prevent wrap. The RPi hardware
can't do a timeout bigger than 15 seconds. The code wasn't checking for
this and because bitmasking was involved the requested timeout was
basically adjusted modulo-16. That led to things like a 128 second
timeout actually being a 9 second timeout, which accidentally worked fine
until watchdogd was changed to only pet the dog once every 10 seconds.
des [Wed, 10 Dec 2014 03:12:22 +0000 (03:12 +0000)]
Fix dependency on newvers.sh
Noticed by: marck
MFC after: 1 week
brd [Tue, 9 Dec 2014 23:26:47 +0000 (23:26 +0000)]
Restructure to make it easier to extend in the future
Reviewed by: will
Suggested by: ngie
brd [Tue, 9 Dec 2014 22:11:56 +0000 (22:11 +0000)]
Add some tests for user modification. [1]
Fix a missing test in the Makefile from my previous commit.
PR: 195834 [1]
Submitted by: Robert O'Neil <oneil.rs@gmail.com>
Approved by: will
brd [Tue, 9 Dec 2014 21:43:03 +0000 (21:43 +0000)]
Break out the tests into a file per command and clean up some long lines
Approved by: will
brd [Tue, 9 Dec 2014 20:36:07 +0000 (20:36 +0000)]
Add more tests for pw(8) useradd.
PR: 195832
Submitted by: Robert O'Neil <oneil.rs@gmail.com>
Approved by: will
dim [Tue, 9 Dec 2014 20:04:26 +0000 (20:04 +0000)]
Add llvm patch corresponding to r275633.
sjg [Tue, 9 Dec 2014 19:50:50 +0000 (19:50 +0000)]
-u and -U are supposed to affect existing files too.
Reviewed by: marcel
royger [Tue, 9 Dec 2014 18:03:25 +0000 (18:03 +0000)]
xen: create a new PCI bus override
When running as a Xen PVH Dom0 we need to add custom buses that override
some of the functionality present in the ACPI PCI Bus and the PCI Bus. We
currently override the ACPI PCI Bus, but not the PCI Bus, so add a new
override for the PCI Bus and share the generic functions between them.
Reported by: David P. Discher <dpd@dpdtech.com>
Sponsored by: Citrix Systems R&D
conf/files.amd64:
- Add the new files.
x86/xen/xen_pci_bus.c:
- Generic file that contains the PCI overrides so they can be used by the
several PCI specific buses.
xen/xen_pci.h:
- Prototypes for the generic overried functions.
dev/xen/pci/xen_pci.c:
- Xen specific override for the PCI bus.
dev/xen/pci/xen_acpi_pci.c:
- Xen specific override for the ACPI PCI bus.
br [Tue, 9 Dec 2014 16:39:21 +0000 (16:39 +0000)]
o Add BERI Virtio Networking Frontend (if_vtbe)
o Move similar block/networking methods to common file
o Follow r275640 and correct MMIO registers width
o Pass value to MMIO platform_note method.
Sponsored by: DARPA, AFRL
mp [Tue, 9 Dec 2014 15:26:04 +0000 (15:26 +0000)]
Rename NETGEAR WG111V2_2 to WG111V1_2 to reflect external naming.
Reviewed by: kevlo
pfg [Tue, 9 Dec 2014 14:56:00 +0000 (14:56 +0000)]
ext2fs: Fix old out-of-bounds access.
Overrunning buffer pointed to by (caddr_t)&oip->i_db[0] of 48 bytes by
passing it to a function which accesses it at byte offset 59 using
argument 60UL.
The issue was inherited from an older FFS implementation and
fixed there with by merging UFS2 in r98542. We follow the
FFS fix.
Discussed with: bde
CID: 1007665
MFC after: 3 days
dchagin [Tue, 9 Dec 2014 14:21:43 +0000 (14:21 +0000)]
Skip calling CPU_ISSET for NOCPU as a short period of time we can have
td_oncpu is NOCPU for thread in TDS_RUNNING state.
Differential Revision: https://reviews.freebsd.org/D1283
Reviewed by: jhb
MFC after: 1 Month
royger [Tue, 9 Dec 2014 11:12:24 +0000 (11:12 +0000)]
xen: notify ACPI about SCI override
If the SCI is remapped to a non-ISA global interrupt notify the ACPI
subsystem about the override.
Reported by: David P. Discher <dpd@dpdtech.com>
Sponsored by: Citrix Systems R&D
andrew [Tue, 9 Dec 2014 10:31:35 +0000 (10:31 +0000)]
Update the virtio driver to work on the ARM AArch64 Foundation Model.
There are two main parts to get it to work, 1) most of the register
accesses need to be word sized, other than the config register which
needs to be byte aligned, and 2) we don't need the platform driver
for this to work on the Foundation Model, allow it to be NULL.
Differential Revision: https://reviews.freebsd.org/D1240
Reviewed by: bryanv
Sponsored by: The FreeBSD Foundation
andrew [Tue, 9 Dec 2014 10:21:31 +0000 (10:21 +0000)]
Include sys/kernel.h to pick up the definition of hz. subr_syscall.c uses
it after r275616.
X-MFC with: r275616
kib [Tue, 9 Dec 2014 10:00:47 +0000 (10:00 +0000)]
Do not call VFS_SYNC() before VFS_UNMOUNT() for forced unmount.
Since VFS does not/cannot stop writes, sync might run indefinitely, or
be a wrong thing to do at all. E. g. NFS ignores VFS_SYNC() for
forced unmounts, since non-responding server does not allow sync to
finish. On the other hand, filesystems can and do stop writes using
fs-specific facilities, and should already fully flush caches in
VFS_UNMOUNT() due to the race.
Adjust msdosfs tp sync in unmount for forced call, to accomodate the
new behaviour. Note that it is still racy, since writes are not
stopped.
Discussed with: avg, bjk, mckusick
Reported and tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 3 weeks