aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* pf tests: Basic synproxy testKristof Provost2018-07-143-1/+68
| | | | | | | | A very basic syncproxy test: set up a connection via a synproxy rule. This triggeres the panic fixed in r336273. Notes: svn path=/head/; revision=336297
* Invalidate the mapping before updating its physical address.Alan Cox2018-07-141-22/+49
| | | | | | | | | | | | | | | | | | | | | | | Doing so ensures that all threads sharing the pmap have a consistent view of the mapping. This fixes the problem described in the commit log message for r329254 without the overhead of an extra page fault in the common case. (Now that all pmap_enter() implementations are similarly modified, the workaround added in r329254 can be removed, reducing the overhead of COW faults.) With this change we can reuse the PV entry from the old mapping, potentially avoiding a call to reclaim_pv_chunk(). Otherwise, there is nothing preventing the old PV entry from being reclaimed. In rare cases this could result in the PTE's page table page being freed, leading to a use-after-free of the page when the updated PTE is written following the allocation of the PV entry for the new mapping. Reviewed by: br, markj MFC after: 3 weeks Differential Revision: https://reviews.freebsd.org/D16261 Notes: svn path=/head/; revision=336294
* Return the intended return code.Michael Tuexen2018-07-141-1/+1
| | | | | | | | | | This bug was spotted by markj@ in D16268 because I copied this code part and used it there. So fix it. Sponsored by: Netflix, Inc. Notes: svn path=/head/; revision=336293
* Fix the pNFS client when mirrors aren't on the same machine.Rick Macklem2018-07-144-31/+58
| | | | | | | | | | | | | | | Without this patch, the client side NFSv4.1 pNFS code erroneously did writes and commits to both DS mirrors using the TCP connection of the first one. For my test setup this worked, since I have both DSs running on the same machine, but it would have failed when the DSs are on separate machines. This patch fixes the code to use the correct TCP connection for each DS. This patch should only affect the NFSv4.1 client when using "pnfs" mounts to mirrored DSs. MFC after: 2 weeks Notes: svn path=/head/; revision=336292
* Fix shebangs and execute bit of test scripts.Michael Tuexen2018-07-148-8/+8
| | | | | | | | | | | | | | Since we don't have /usr/bin/ksh, use a generic way of specifying ksh. Some of the tests only run with ksh93, so use this shell for these tests. Two of the tests don't have the execute bit set, so fix this, too. Reviewed by: markj@ Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D16270 Notes: svn path=/head/; revision=336291
* Correct some typos.Alan Cox2018-07-141-2/+2
| | | | | | | Reviewed by: kib Notes: svn path=/head/; revision=336290
* Add mpo_vnode_check_setmode MAC method to MAC/veriexec.Stephen J. Kiernan2018-07-141-0/+33
| | | | | | | | | In the method, disallow changing SUID/SGID on verified files. Obtained from: Juniper Networks, Inc. Notes: svn path=/head/; revision=336289
* Add support for pmap_enter(..., psind=1) to the i386 pmap. In other words,Alan Cox2018-07-143-58/+167
| | | | | | | | | | | | | | | | | | | | | | | | add support for explicitly requesting that pmap_enter() create a 2 or 4 MB page mapping. (Essentially, this feature allows the machine-independent layer to create superpage mappings preemptively, and not wait for automatic promotion to occur.) Export pmap_ps_enabled() to the machine-independent layer. Add a flag to pmap_pv_insert_pde() that specifies whether it should fail or reclaim a PV entry when one is not available. Refactor pmap_enter_pde() into two functions, one by the same name, that is a general-purpose function for creating PDE PG_PS mappings, and another, pmap_enter_4mpage(), that is used to prefault 2 or 4 MB read- and/or execute-only mappings for execve(2), mmap(2), and shmat(2). Reviewed by: kib Tested by: pho Differential Revision: https://reviews.freebsd.org/D16246 Notes: svn path=/head/; revision=336288
* Add config(8) options that can be used to enable building MAC/veriexecStephen J. Kiernan2018-07-141-0/+5
| | | | | | | | | and its fingerprint modules into a kernel. Reviewed by: sjg Notes: svn path=/head/; revision=336287
* Fix a typo which could cause a build breakage when building with MAC/veriexecStephen J. Kiernan2018-07-142-2/+1
| | | | | | | | | enabled in the kernel config. Remove unused mac_veriexec_print_db prototype in internal header file. Notes: svn path=/head/; revision=336286
* Add support for TCP state names used by Solaris.Michael Tuexen2018-07-141-0/+26
| | | | | | | | | | | | | For compatibility, add the TCP state names used by Solaris and given in the Dtrace Guide available at https://docs.oracle.com/cd/E37838_01/html/E61035/glhgu.html#OSDTGglhmv Reviewed by: markj@ Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D16269 Notes: svn path=/head/; revision=336285
* Remove RIPEMD-160 fingerprint modules for veriexec, since it has veryStephen J. Kiernan2018-07-142-55/+0
| | | | | | | | | | little practical use and would not be recommended for anyone to use in a production environment. Reviewed by: sjg Notes: svn path=/head/; revision=336284
* Eliminate an unused var warning-error; the var is used only when parsingIan Lepore2018-07-141-0/+2
| | | | | | | linux-style boot args, so wrap it in the appropriate ifdef. Notes: svn path=/head/; revision=336283
* Fixup memory management for fetching options in ip_ctloutput()Sean Bruno2018-07-141-4/+10
| | | | | | | | | Submitted by: Jason Eggleston <jason@eggnet.com> Sponsored by: Limelight Networks Differential Revision: https://reviews.freebsd.org/D14621 Notes: svn path=/head/; revision=336282
* Fix vnic fallback PHY name matching after r334880.Mark Johnston2018-07-141-1/+2
| | | | | | | | | | | | | | In some cases it seems that the PHY mode can only be identified by matching against the corresponding device node name in the FDT. r334880 broke this for the case where the node name contains a unit address. Fix the problem by allowing a match in that case. Reviewed by: andrew, sbruno Tested by: sbruno Differential Revision: https://reviews.freebsd.org/D16259 Notes: svn path=/head/; revision=336281
* ffs_syncvnode: Remove unhelpful printConrad Meyer2018-07-141-4/+0
| | | | | | | | | | | | | It can occur during ordinary use of softupdates, or perhaps if writes to the underlying media fail (causing bufs to be redirtied). Either way, it is not particularly actionable. Reviewed by: imp, kib Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D16258 Notes: svn path=/head/; revision=336280
* pf: Fix synproxyKristof Provost2018-07-141-3/+5
| | | | | | | | | | | | | | Synproxy was accidentally broken by r335569. The 'return (action)' must be executed for every non-PF_PASS result, but the error packet (TCP RST or ICMP error) should only be sent if the packet was dropped (i.e. PF_DROP) and the return flag is set. PR: 229477 Submitted by: Andre Albsmeier <mail AT fbsd.e4m.org> MFC after: 1 week Notes: svn path=/head/; revision=336275
* regex/engine.c: error: variable 'dp' set but not usedToomas Soome2018-07-141-1/+1
| | | | | | | | | | The issue found with gcc6 build (originally on illumos, confirmed on FreeBSD). Mark it __unused. Differential Revision: https://reviews.freebsd.org/D13109 Notes: svn path=/head/; revision=336274
* pf: Fix panic on vnet jail shutdown with synproxyKristof Provost2018-07-141-1/+2
| | | | | | | | | | | | | When shutting down a vnet jail pf_shutdown() clears the remaining states, which through pf_clear_states() calls pf_unlink_state(). For synproxy states pf_unlink_state() will send a TCP RST, which eventually tries to schedule the pf swi in pf_send(). This means we can't remove the software interrupt until after pf_shutdown(). MFC after: 1 week Notes: svn path=/head/; revision=336273
* Minor adjustments:Warner Losh2018-07-141-15/+6
| | | | | | | | | | | | o Fix the parsing of the device path. a last minute change terminated it too soon. o Kill setting LINES. We don't need to do it, and even if we did hard coding it to 24 is wrong. o Now that the console is working again for the loader, adjust the printfs to be more in line with other platforms. Notes: svn path=/head/; revision=336272
* Add reporting of whether or not a keyboard is detected. In addition,Warner Losh2018-07-141-0/+2
| | | | | | | | | | | | | | | | note that r336270's commit message was slightly incorrect. It changed the default setting of the console to honor the ConOut variable. Overrides via the command line are still possible, and we use the devices in ConOut to set the proper console. If, for example, serial cosnole is specified, we'll set console to "efi" if ConOut has a serial port list and to either "efi comconsole" or "comconsole efi" if not depending on whether -D or -D -h was specified. RelNotes: Yes Sponsored by: Netflix Notes: svn path=/head/; revision=336271
* uefi stand: Guess the console betterWarner Losh2018-07-142-17/+171
| | | | | | | | | | | | | | | | | | | For server machines, ComOut is set to the set of devices that the efi console suppots. Parse it to see if we have serial, video or both. Make that take precidence over the command line args. boot1.efi parses them, but loader.efi doesn't. It's not clear where to read boot.conf from, so we don't do that. The command line args can still be set via efibootmgr, which is more inline with the UEFI boot manager to replace that. These args are typically used only to set serial vs video and the com speed line. We can infer that from ComOut, so do so. Remember the com speed and hw.uart.console to match. RelNotes: yes Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D15917 Notes: svn path=/head/; revision=336270
* OCF: Add a typedef for session identifiersConrad Meyer2018-07-1312-26/+41
| | | | | | | | | | No functional change. This should ease the transition from an integer session identifier model to an opaque pointer model. Notes: svn path=/head/; revision=336269
* Re-unbreak smartpqi(4) GCC buildConrad Meyer2018-07-134-18/+0
| | | | | | | | | | | Like r333085, remove redundant declarations. Redundant declarations were re-introduced in r336201. Sponsored by: Dell EMC Isilon Notes: svn path=/head/; revision=336268
* lockmgr: tidy up slock/sunlock similar to other locksMateusz Guzik2018-07-131-29/+22
| | | | Notes: svn path=/head/; revision=336267
* Define ADR subtype of ACPI type for a device path.Warner Losh2018-07-131-0/+3
| | | | Notes: svn path=/head/; revision=336264
* Use the existing MSR_BIOS_SIGN on AMD.Mark Johnston2018-07-132-3/+2
| | | | | | | | Reported by: kib Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=336263
* Fix machdep_boot.cWarner Losh2018-07-131-7/+4
| | | | | | | | A last minute change made this no longer compile. Pass the right arg and eliminate now-unused variables from the code. Notes: svn path=/head/; revision=336262
* Catch up to the inflate renaming.Warner Losh2018-07-131-1/+1
| | | | Notes: svn path=/head/; revision=336261
* Close down the TCP connection to a pNFS DS when it is disabled.Rick Macklem2018-07-131-1/+37
| | | | | | | | | | | | | So long as the TCP connection to a pNFS DS isn't shared with other DSs, it can be closed down when the DS is being disabled in the pNFS client. This causes any RPCs in progress to fail. This patch only affects the NFSv4.1 pNFS client when errors occur while doing I/O on a DS. MFC after: 2 weeks Notes: svn path=/head/; revision=336260
* Enable UART support for Xilinx Ultrascale+ SoCsMarcin Wojtas2018-07-134-0/+5
| | | | | | | | | | | Xilinx Ultrascale+ are based on Cortex-A53 and use existing UART driver (uart_dev_cdnc). Enable it in arm64 GENERIC config. Submitted by: Michal Stanek <mst@semihalf.com> Obtained from: Semihalf Notes: svn path=/head/; revision=336259
* Use the name added in r336257.Mark Johnston2018-07-131-2/+2
| | | | | | | | MFC after: 3 days Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=336258
* Define the MSR used to fetch the current microcode patch level on AMD.Mark Johnston2018-07-131-0/+1
| | | | | | | | | | It is defined in the AMD family 17h register reference. MFC after: 3 days Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=336257
* Fix glitched indentation (and rewrap as needed due to deeper indent).Ian Lepore2018-07-131-3/+4
| | | | | | | | | No functional changes. Reported by: rpokala@ Notes: svn path=/head/; revision=336256
* g_eli_key_cmp is used only in the kernel, so only define it in theWarner Losh2018-07-131-2/+1
| | | | | | | kernel. Notes: svn path=/head/; revision=336255
* Use if rather than case for a simple boolean. gcc thinks blks isWarner Losh2018-07-131-5/+4
| | | | | | | | undefined sometimes with the case, but enc is always 0 or 1, so and if / else is better anyway. Notes: svn path=/head/; revision=336254
* Add missing include of sys/boot.hWarner Losh2018-07-131-0/+1
| | | | Notes: svn path=/head/; revision=336253
* Extend loader(8) geli support to all architectures and all disk-like devices.Ian Lepore2018-07-1324-591/+771
| | | | | | | | | | | | | | | | | | | | | | | | | | This moves the bulk of the geli support from lib386/biosdisk.c into a new geli/gelidev.c which implements a devsw-type device whose dv_strategy() function handles geli decryption. Support for all arches comes from moving the taste-and-attach code to the devopen() function in libsa. After opening any DEVT_DISK device, devopen() calls the new function geli_probe_and_attach(), which will "attach" the geli code to the open_file struct by creating a geli_devdesc instance to replace the disk_devdesc instance in the open_file. That routes all IO for the device through the geli code. A new public geli_add_key() function is added, to allow arch/vendor-specific code to add keys obtained from custom hardware or other sources. With these changes, geli support will be compiled into all variations of loader(8) on all arches because the default is WITH_LOADER_GELI. Relnotes: yes Sponsored by: Microchip Technology Inc Differential Revision: https://reviews.freebsd.org/D15743 Notes: svn path=/head/; revision=336252
* Use C99 initializers for instances of struct apic_enumerator.Mark Johnston2018-07-133-15/+15
| | | | | | | MFC after: 3 days Notes: svn path=/head/; revision=336251
* There's two files in the sys tree named inflate.c, in additionWarner Losh2018-07-134-3/+2
| | | | | | | | | | | | | | to it being a common name elsewhere. Rename the old kzip one to subr_inflate.c. This actually fixes the build issues on sparc64 that my inclusion of .PATH ${SYSDIR}/kern created in r336244, so also revert the broken workaround I committed in r336249. This slipped passed me because apparently, I never did a clean build. Notes: svn path=/head/; revision=336250
* Fix sparc64 buildsWarner Losh2018-07-131-0/+1
| | | | | | | | | gcc is complaining about struct infate being defined in a parameter list. It's inclear how long this has been broken, but the fix is simple enough. Notes: svn path=/head/; revision=336249
* Invalidate the mapping before updating its physical address.Alan Cox2018-07-131-26/+30
| | | | | | | | | | | | | | | | | | | Doing so ensures that all threads sharing the pmap have a consistent view of the mapping. This fixes the problem described in the commit log message for r329254 without the overhead of an extra fault in the common case. (Once the riscv pmap_enter() implementation is similarly modified, the workaround added in r329254 can be removed, reducing the overhead of CoW faults.) See also r335784 for amd64. The mips implementation of pmap_enter() already reused the PV entry from the old mapping. Reviewed by: kib, markj MFC after: 3 weeks Differential Revision: https://reviews.freebsd.org/D16199 Notes: svn path=/head/; revision=336248
* Transition to boot_env_to_howto and boot_howto_to_env in the bootWarner Losh2018-07-137-55/+12
| | | | | | | | | | loader. Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D16205 Notes: svn path=/head/; revision=336247
* Eliminate boot loader copies of boot arg parsing.Warner Losh2018-07-134-230/+11
| | | | | | | | | | | Eliminate 4 of the copies of the arg parsing in /boot/laoder by using boot_parse_cmdline. Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D16205 Notes: svn path=/head/; revision=336246
* Use boot_parse_* to parse command line args and retire cut-n-pasteWarner Losh2018-07-137-257/+14
| | | | | | | | | | code that was substantially identical. Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D16205 Notes: svn path=/head/; revision=336245
* Create helper functions for parsing boot args.Warner Losh2018-07-137-60/+251
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | boot_parse_arg to parse a single arg boot_parse_cmdline to parse a command line string boot_parse_args to parse all the args in a vector boot_howto_to_env Convert howto bits to env vars boot_env_to_howto Return howto mask mased on what's set in the environment. All these routines return an int that's the bitmask of the args translated to RB_* flags. As a special case, the 'S' flag sets the comconsole_speed env var. Any arg that looks like a=b will set the env key 'a' to value 'b'. If =b is omitted, 'a' is set to '1'. This should help us reduce the number of redundant copies of these routines in the tree. It should also give a more uniform experience between platforms. Also, invent a new flag RB_PROBE that's set when 'P' is parsed. On x86 + BIOS, this means 'probe for the keyboard, and if it's not there set both RB_MULTIPLE and RB_SERIAL (which means show the output on both video and serial consoles, but make serial primary). Others it may be some similar concept of probing, but it's loader dependent what, exactly, it means. These routines are suitable for /boot/loader and/or the kernel, though they may not be suitable for the tightly hand-rolled-for-space environments like boot2. Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D16205 Notes: svn path=/head/; revision=336244
* Make generated scripts executable.Ian Lepore2018-07-131-0/+7
| | | | Notes: svn path=/head/; revision=336243
* More little fixes... fix a function name typo (eps vs esp), and cope withIan Lepore2018-07-131-2/+5
| | | | | | | | newer versions of gpart that show mbr efi partition types with the name 'efi' rather than as '!239'. Notes: svn path=/head/; revision=336242
* Revert r336240, which contained unrelated changes accidentally committed.Ian Lepore2018-07-132-15/+5
| | | | Notes: svn path=/head/; revision=336241
* More little fixes... fix a function name typo (eps vs esp), and cope withIan Lepore2018-07-132-5/+15
| | | | | | | | newer versions of gpart that show mbr efi partition types with the name 'efi' rather than as '!239'. Notes: svn path=/head/; revision=336240