aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* route(8): correctly return exit status when "-q" flag is used.Eugene Grosbein2018-10-271-4/+6
| | | | | | | | | | | Previously, route returned 1 in case of error properly signalling failure but "route -q" it returned 0 for same case. Fix it. PR: 186333 MFC after: 1 month Notes: svn path=/head/; revision=339811
* ipfw: implement ngtee/netgraph actions for layer-2 frames.Eugene Grosbein2018-10-271-5/+19
| | | | | | | | | | | | | | | | | | | | | | Kernel part of ipfw does not support and ignores rules other than "pass", "deny" and dummynet-related for layer-2 (ethernet frames). Others are processed as "pass". Make it support ngtee/netgraph rules just like they are supported for IP packets. For example, this allows us to mirror some frames selectively to another interface for delivery to remote network analyzer over RSPAN vlan. Assuming ng_ipfw(4) netgraph node has a hook named "900" attached to "lower" hook of vlan900's ng_ether(4) node, that would be as simple as: ipfw add ngtee 900 ip from any to 8.8.8.8 layer2 out xmit igb0 PR: 213452 MFC after: 1 month Tested-by: Fyodor Ustinov <ufm@ufm.su> Notes: svn path=/head/; revision=339810
* cxgbetool(8): Add a subaction (tcbrss <n>) that can be used with "pass"Navdeep Parhar2018-10-271-5/+13
| | | | | | | | | | | | | | | | | | | action to distribute traffic using the half of the VI's RSS indirection table. The value specified should either be the start of the VI's RSS slice (available at dev.<ifname>.<inst>.rss_base since r339700) or the midpoint (rss_base + rss_size/2). The traffic that hits the filter will use the first or second half of the indirection table respectively. The indirection table can be populated in different ways to achieve different kinds of traffic/load distributions. For example, r339749 allows a netmap interface to have half the rx queues in the first half of the table and the rest in the other. Sponsored by: Chelsio Communications Notes: svn path=/head/; revision=339809
* Prevent ip_input() from panicing due to unprotected access to INADDR_HASH.Eugene Grosbein2018-10-271-3/+4
| | | | | | | | | | PR: 220078 MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D12457 Tested-by: Cassiano Peixoto and others Notes: svn path=/head/; revision=339808
* Prevent multicast code from panicing due to unprotected access to INADDR_HASH.Eugene Grosbein2018-10-271-5/+15
| | | | | | | | | | PR: 220078 MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D12457 Tested-by: Cassiano Peixoto and others Notes: svn path=/head/; revision=339807
* Prevent stf(4) from panicing due to unprotected access to INADDR_HASH.Eugene Grosbein2018-10-271-0/+3
| | | | | | | | | | PR: 220078 MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D12457 Tested-by: Cassiano Peixoto and others Notes: svn path=/head/; revision=339806
* lualoader: Always return a proper dictionary for blacklistKyle Evans2018-10-271-2/+2
| | | | | | | | | | | | | | | If module_blacklist isn't specified, we have an empty blacklist; effectively the same as if module_blacklist="" were specified in loader.conf(5). This was reported when switching to a BE that predated the module_blacklist introduction, but the problem is valid all the same and likely to be tripped over in other scenarios. Reported by: bwidawsk MFC after: 3 days Notes: svn path=/head/; revision=339805
* Restore backward compatibility for "attach" verb.Xin LI2018-10-271-12/+17
| | | | | | | | | | | | | | | | | | In r332361 and r333439, two new parameters were added to geli attach verb using gctl_get_paraml, which requires the value to be present. This would prevent old geli(8) binary from attaching geli(4) device as they have no knowledge about the new parameters. Restore backward compatibility by treating the absense of these two values as seeing the default value supplied by userland. PR: 232595 Reviewed by: oshogbo MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D17680 Notes: svn path=/head/; revision=339804
* Fix pointer arithmeticWarner Losh2018-10-261-1/+3
| | | | | | | | | | | | | | Pointer math to find the size in bytes only works with char types. Use correct pointer math to determine if we have enough of a header to look at or not. MFC After: 3 days X-MFX-With: r339800 Noticed by: jhb@ Sponsored by: Netflix, Inc Notes: svn path=/head/; revision=339802
* Fix pointer arithmetic botch.Warner Losh2018-10-261-3/+4
| | | | | | | | | | Pointer subtraction to find size only works with char pointers. Noticed by: jhb@ Sponsored by: Netflix, Inc Notes: svn path=/head/; revision=339801
* Ensure we have a full EFI_DEVICE_PATH header before we try to look atWarner Losh2018-10-261-1/+1
| | | | | | | | | | | | | | its length. Some BIOSes pad the length of the device path to an even amount. When we had a device path that was somehow an odd length, we'd wind up having 1 byte left that we were bogusly interpreting as a full device path. We'd then dereference 2 bytes into that to get a length of the node, which had undefined (and quite undesired) effects. Sponsored by: Netflix, Inc MFC After: 3 days Notes: svn path=/head/; revision=339800
* Ensure that the device path is sane before trying to decode and printWarner Losh2018-10-261-1/+8
| | | | | | | | | it. Sponsored by: Netflix, Inc Notes: svn path=/head/; revision=339799
* Require that we have at least a device path header beforeWarner Losh2018-10-261-1/+1
| | | | | | | | | trying to decode the next device path. Sponsored by: Netflix, Inc Notes: svn path=/head/; revision=339798
* Implenent --fromfile to read variable values when printing variablesWarner Losh2018-10-262-9/+42
| | | | | | | | | | | | | | | So ./efivar --fromfile Boot0001.bin --print --load-option will take the value from Boot0001.bin file and then decode it as if it were a load-option. This is useful for debugging handling of such variables that may be hanging the boot for some people. Sponsored by: Netflix, Inc Notes: svn path=/head/; revision=339797
* Simplify the EFI delay() function by calling BS->Stall()Rebecca Cran2018-10-261-11/+1
| | | | | | | Differential Revision: https://reviews.freebsd.org/D16753 Notes: svn path=/head/; revision=339796
* Add a very basic regression test for setfacl -R with NFSv4 ACLs.Mark Johnston2018-10-262-2/+60
| | | | | | | | MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=339795
* MFV r339792:Martin Matuska2018-10-261-3/+7
|\ | | | | | | | | | | | | | | | | | | | | | | | | Sync libarchive with vendor. Relevant vendor changes: RAR5 reader: more maybe-uninitialized size_t fixes for riscv64 FreeBSD build MFC after: 1 month Notes: svn path=/head/; revision=339794
| * Update vendor/libarchive/dist to git d661131393def793a9919d1e3fd54c9992888bd6Martin Matuska2018-10-261-3/+7
| | | | | | | | | | | | | | | | | | Relevant vendor changes: RAR5 reader: more maybe-uninitialized size_t fixes for riscv64 FreeBSD build Notes: svn path=/vendor/libarchive/dist/; revision=339792
* | Don't set NFSv4 ACL inheritance flags on non-directories.Mark Johnston2018-10-262-14/+71
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | They only make sense in the context of directory ACLs, and attempting to set them on regular files results in errors, causing a recursive setfacl invocation to abort. This is derived from patches by Shawn Webb <shawn.webb@hardenedbsd.org> and Mitchell Horne <mhorne063@gmail.com>. PR: 155163 MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D15061 Notes: svn path=/head/; revision=339793
* | Add initial descriptions for SCTP related MIB variable.Michael Tuexen2018-10-262-25/+211
| | | | | | | | | | | | | | | | | | | | This work was mostly done by Marie-Helene Kvello-Aune. MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D3583 Notes: svn path=/head/; revision=339791
* | Fortuna: Add failpoints to simulate initial seeding conditionsConrad Meyer2018-10-261-0/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Set debug.fail_point.random_fortuna_pre_read=return(1) and debug.fail_point.random_fortuna_seeded=return(1) to return to unseeded status (sort of). See the Differential URL for more detail. The goal is to reproduce e.g. Lev's recent CURRENT report[1] about failing newfs arc4random(3) usage (fixed in r338542). No functional change when failpoints are not set. [1]: https://lists.freebsd.org/pipermail/freebsd-current/2018-September/071067.html Reported by: lev Reviewed by: delphij, markm Approved by: secteam (delphij) Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D17047 Notes: svn path=/head/; revision=339790
* | fortuna: Drop global lock to zero stack variablesConrad Meyer2018-10-261-31/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also drop explicit zeroing of hash context -- hash finish() operation is expected to do this. PR: 230877 Suggested by: delphij@ Reviewed by: delphij, markm Approved by: secteam (delphij) Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D16986 Notes: svn path=/head/; revision=339789
* | Fortuna: fix a correctness issue in reseed (fortuna_pre_read)Conrad Meyer2018-10-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'i' counts the number of pools included in the array 's'. Passing 'i+1' to reseed_internal() as the number of blocks in 's' is a bogus overrun of the initialized portion of 's' -- technically UB. I found this via code inspection, referencing ยง9.5.2 "Pools" of the Fortuna chapter, but I would expect Coverity to notice the same issue. Unfortunately, it doesn't appear to. Reviewed by: markm Approved by: secteam (gordon) Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D16985 Notes: svn path=/head/; revision=339788
* | rijndael (AES): Avoid leaking sensitive data on kernel stackConrad Meyer2018-10-261-11/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | Noticed this investigating Fortuna. Remove useless duplicate stack copies of sensitive contents when possible, or if not possible, be sure to zero them out when we're finished. Approved by: secteam (gordon) Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D16935 Notes: svn path=/head/; revision=339787
* | poll: Unify userspace pollfd pointer nameConrad Meyer2018-10-261-13/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some of the poll code used 'fds' and some used 'ufds' to refer to the uap->fds userspace pointer that was passed around to subroutines. Some of the poll code used 'fds' to refer to the kernel memory pollfd arrays, which seemed unnecessarily confusing. Unify on 'ufds' to refer to the userspace pollfd array. Additionally, 'bits' is not an accurate description of the kernel pollfd array in kern_poll, so rename that to 'kfds'. Finally, clean up some logic with mallocarray() and nitems(). No functional change. Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D17670 Notes: svn path=/head/; revision=339786
* | dumpon.8: Significantly revamp pageConrad Meyer2018-10-261-165/+177
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Start with a short summary and cover the options in a standard list style. Organize sections by common focus and prioritize more useful information closer to the top. Flesh out authors, history, caveats, and security considerations sections. Reviewed by: markj, eadler (previous version) Differential Revision: https://reviews.freebsd.org/D17679 Notes: svn path=/head/; revision=339785
* | dumpon(8): Provide seatbelt against weak RSA keysConrad Meyer2018-10-262-1/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The premise of dumpon -k foo.pem is that dump contents will be confidential except to anyone holding the corresponding RSA private key. This guarantee breaks down when weak RSA keys are used. Small RSA keys (e.g. 512 bits) can be broken on a single personal computer in tractible time. Marginal RSA keys (768 bits) can be broken by EC2 and a few dollars. Even 1024 bit keys can probably be broken by sophisticated and wealthy attackers. NIST SP800-57 (2016) recommends a minimum of 2048 bit RSA keys, and estimates this provides 112 bits of security. It would also be good to protect users from weak values of 'e' (i.e., 3) and perhaps sanity check that their public key .pem does not accidentally contain their private key as well. These considerations are left as future work. Reviewed by: markj, darius AT dons.net.au (previous version) Discussed with: bjk Differential Revision: https://reviews.freebsd.org/D17678 Notes: svn path=/head/; revision=339784
* | Add blank line after each item in "ngctl ls -l"Devin Teske2018-10-261-0/+2
| | | | | | | | | | | | | | | | | | | | | | The output of "ngctl ls -l" is hard to read. To make it easier, add a blank line after each listed item much how traditional "ls -l" does when listing the contents of multiple directories. Sponsored by: Smule, Inc. Notes: svn path=/head/; revision=339783
* | Update and re-enable ACL tests following r332396 and r339781.Mark Johnston2018-10-264-11/+9
| | | | | | | | | | | | | | | | | | PR: 229930 MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=339782
* | Don't print pathconf() errors if the target file doesn't exist.Mark Johnston2018-10-261-2/+2
| | | | | | | | | | | | | | | | | | | | | | The subsequent acl_get_file(3) call will simply echo the same error. PR: 229930 MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=339781
* | Avoid leaking memory in error paths.Mark Johnston2018-10-261-10/+11
| | | | | | | | | | | | | | | | | | CID: 1390906 MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=339780
* | Move 32-bit compat support for FIODGNAME to the right place.Brooks Davis2018-10-265-36/+52
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ioctl(2) commands only have meaning in the context of a file descriptor so translating them in the syscall layer is incorrect. The new handler users an accessor to retrieve/construct a pointer from the last member of the passed structure and relies on type punning to access the other member which requires no translation. Unlike r339174 this change supports both places FIODGNAME is handled. Reviewed by: kib Obtained from: CheriBSD Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D17475 Notes: svn path=/head/; revision=339779
* | Remove empty directories after r339776.Warner Losh2018-10-260-0/+0
| | | | | | | | | | | | | | | | git svn won't remove empty directories without --rmdir which I forgot in r339776. Notes: svn path=/head/; revision=339778
* | Add statistics for TRIM comandsWarner Losh2018-10-263-6/+60
| | | | | | | | | | | | | | | | | | | | Add a counter for the LBAs, Ranges and hardware commands so that we can provide additional color to the statistics we provide to vendors. Sponsored by: Netflix, Inc Notes: svn path=/head/; revision=339777
* | Redo r339563: Remove joy(4) driver.Warner Losh2018-10-2610-541/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This driver was marked as gone in 12. We're at 13 now. Remove it. Data from nycbug's dmesg cache shows only one potential user, suggesting it never was used much. However, even though this device has been obsolete for 15 years at least, sys/joystick.h is included in a number of graphics packages still, so that remains. A full exprun is needed before that can be removed. RelNotes: yes Differential Revision: https://reviews.freebsd.org/D17629 Notes: svn path=/head/; revision=339776
* | Put a workaround in for command timeout malfunctioningWarner Losh2018-10-262-1/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | At least one NVMe drive has a bug that makeing the Command Time Out PCIe feature unreliable. The workaround is to disable this feature. The driver wouldn't deal correctly with a timeout anyway. Only do this for drives that are known bad. Sponsored by: Netflix, Inc Differential Revision: https://reviews.freebsd.org/D17708 Notes: svn path=/head/; revision=339775
* | o Add pmap lock around pmap_fault_fixup() to ensure other thread will notRuslan Bukin2018-10-261-4/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | modify l3 pte after we loaded old value and before we stored new value. o Preset A(accessed), D(dirty) bits for kernel mappings. Reported by: kib Reviewed by: markj Discussed with: jhb Sponsored by: DARPA, AFRL Notes: svn path=/head/; revision=339774
* | Add __dso_handle to the BSD crtbegin. This is used to identify sharedAndrew Turner2018-10-261-0/+8
| | | | | | | | | | | | | | | | | | | | objects. MFC with: r339738 Sponsored by: DARPA, AFRL Notes: svn path=/head/; revision=339773
* | Drop the csu tests WARNS to 5 to fix the powerpc64 build.Andrew Turner2018-10-263-2/+2
| | | | | | | | | | | | | | | | MFC with: r339738 Sponsored by: DARPA, AFRL Notes: svn path=/head/; revision=339770
* | Adjust bsdinstall zfsboot code to 80-columns and whitespace fixesDevin Teske2018-10-261-47/+51
| | | | | | | | | | | | | | | | | | No functional changes. Sponsored by: Smule, Inc. Notes: svn path=/head/; revision=339768
* | Remove #warning since it breaks libsysdecodeWarner Losh2018-10-261-2/+0
| | | | | | | | Notes: svn path=/head/; revision=339766
* | Bump to 1300002 for sys/joystick.h removal reversion.Warner Losh2018-10-262-2/+1
| | | | | | | | Notes: svn path=/head/; revision=339765
* | Add warning to sys/joystick.h announcing its planned demise.Warner Losh2018-10-261-0/+2
| | | | | | | | Notes: svn path=/head/; revision=339764
* | Revert r339563.Warner Losh2018-10-2612-3/+594
| | | | | | | | | | | | | | | | | | | | I held the mistaken belief this was completely unused. While the driver is unused and likely not relevant for a long time, sys/joystick.h lives on in maybe half a dozen ports, even though hardware to use it hasn't been widely used in maybe 15 years. Notes: svn path=/head/; revision=339763
* | Fix dialog autosizing in bsdinstall auto error messagesDevin Teske2018-10-261-19/+47
| | | | | | | | | | | | | | Sponsored by: Smule, Inc. Notes: svn path=/head/; revision=339760
* | Whitespace alignment in bsdinstall hostnameDevin Teske2018-10-261-6/+6
| | | | | | | | | | | | | | | | | | | | Aligning line-continuation characters to prevent mistakes. This is also the prevalent style replication throughout. Sponsored by: Smule, Inc. Notes: svn path=/head/; revision=339759
* | Sort i18n strings in bsdinstall hostnameDevin Teske2018-10-261-3/+3
| | | | | | | | | | | | | | Sponsored by: Smule, Inc. Notes: svn path=/head/; revision=339758
* | Update elftoolchain bootstrapping test after r339083Ed Maste2018-10-261-1/+2
| | | | | | | | | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=339757
* | Add improved error checking to bsdinstall hostnameDevin Teske2018-10-261-2/+9
| | | | | | | | | | | | | | Sponsored by: Smule, Inc. Notes: svn path=/head/; revision=339756
* | Fix dialog autosizing in bsdinstall hostnameDevin Teske2018-10-261-15/+81
| | | | | | | | | | | | | | Sponsored by: Smule, Inc. Notes: svn path=/head/; revision=339755