svn commit: r314131 - head/sys/ofed/drivers/infiniband/core
Author: np Date: Thu Feb 23 07:48:58 2017 New Revision: 314131 URL: https://svnweb.freebsd.org/changeset/base/314131 Log: Avoid NULL dereference in a couple of sysctl handlers in ibcore. iw_cxgbe sets ib_device->dma_device to NULL (since r311880). Reviewed by: hselasky@ Sponsored by: Chelsio Communications Modified: head/sys/ofed/drivers/infiniband/core/uverbs_main.c Modified: head/sys/ofed/drivers/infiniband/core/uverbs_main.c == --- head/sys/ofed/drivers/infiniband/core/uverbs_main.c Thu Feb 23 07:45:58 2017(r314130) +++ head/sys/ofed/drivers/infiniband/core/uverbs_main.c Thu Feb 23 07:48:58 2017(r314131) @@ -1225,7 +1225,7 @@ show_dev_device(struct device *device, s { struct ib_uverbs_device *dev = dev_get_drvdata(device); - if (!dev) + if (!dev || !dev->ib_dev->dma_device) return -ENODEV; return sprintf(buf, "0x%04x\n", @@ -1238,7 +1238,7 @@ show_dev_vendor(struct device *device, s { struct ib_uverbs_device *dev = dev_get_drvdata(device); - if (!dev) + if (!dev || !dev->ib_dev->dma_device) return -ENODEV; return sprintf(buf, "0x%04x\n", ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314129 - stable/11/bin/ls
Author: kib Date: Thu Feb 23 07:42:49 2017 New Revision: 314129 URL: https://svnweb.freebsd.org/changeset/base/314129 Log: MFC r313798: Use uintmax_t to print st_nlink. Modified: stable/11/bin/ls/print.c Directory Properties: stable/11/ (props changed) Modified: stable/11/bin/ls/print.c == --- stable/11/bin/ls/print.cThu Feb 23 07:39:01 2017(r314128) +++ stable/11/bin/ls/print.cThu Feb 23 07:42:49 2017(r314129) @@ -259,12 +259,12 @@ printlong(const DISPLAY *dp) np = p->fts_pointer; xo_attr("value", "%03o", (int) sp->st_mode & ALLPERMS); if (f_numericonly) { - xo_emit("{t:mode/%s}{e:mode_octal/%03o} {t:links/%*u} {td:user/%-*s}{e:user/%ju} {td:group/%-*s}{e:group/%ju} ", - buf, (int) sp->st_mode & ALLPERMS, dp->s_nlink, sp->st_nlink, + xo_emit("{t:mode/%s}{e:mode_octal/%03o} {t:links/%*ju} {td:user/%-*s}{e:user/%ju} {td:group/%-*s}{e:group/%ju} ", + buf, (int) sp->st_mode & ALLPERMS, dp->s_nlink, (uintmax_t)sp->st_nlink, dp->s_user, np->user, (uintmax_t)sp->st_uid, dp->s_group, np->group, (uintmax_t)sp->st_gid); } else { - xo_emit("{t:mode/%s}{e:mode_octal/%03o} {t:links/%*u} {t:user/%-*s} {t:group/%-*s} ", - buf, (int) sp->st_mode & ALLPERMS, dp->s_nlink, sp->st_nlink, + xo_emit("{t:mode/%s}{e:mode_octal/%03o} {t:links/%*ju} {t:user/%-*s} {t:group/%-*s} ", + buf, (int) sp->st_mode & ALLPERMS, dp->s_nlink, (uintmax_t)sp->st_nlink, dp->s_user, np->user, dp->s_group, np->group); } if (S_ISBLK(sp->st_mode)) ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314128 - stable/11/libexec/rtld-elf
Author: kib Date: Thu Feb 23 07:39:01 2017 New Revision: 314128 URL: https://svnweb.freebsd.org/changeset/base/314128 Log: MFC r313494: Handle protected symbols in rtld. Modified: stable/11/libexec/rtld-elf/rtld.c Directory Properties: stable/11/ (props changed) Modified: stable/11/libexec/rtld-elf/rtld.c == --- stable/11/libexec/rtld-elf/rtld.c Thu Feb 23 07:28:29 2017 (r314127) +++ stable/11/libexec/rtld-elf/rtld.c Thu Feb 23 07:39:01 2017 (r314128) @@ -3952,15 +3952,19 @@ symlook_default(SymLook *req, const Obj_ donelist_init(); symlook_init_from_req(, req); -/* Look first in the referencing object if linked symbolically. */ -if (refobj->symbolic && !donelist_check(, refobj)) { - res = symlook_obj(, refobj); - if (res == 0) { - req->sym_out = req1.sym_out; - req->defobj_out = req1.defobj_out; - assert(req->defobj_out != NULL); - } +/* + * Look first in the referencing object if linked symbolically, + * and similarly handle protected symbols. + */ +res = symlook_obj(, refobj); +if (res == 0 && (refobj->symbolic || + ELF_ST_VISIBILITY(req1.sym_out->st_other) == STV_PROTECTED)) { + req->sym_out = req1.sym_out; + req->defobj_out = req1.defobj_out; + assert(req->defobj_out != NULL); } +if (refobj->symbolic || req->defobj_out != NULL) + donelist_check(, refobj); symlook_global(req, ); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314127 - stable/11/sys/sys
Author: kib Date: Thu Feb 23 07:28:29 2017 New Revision: 314127 URL: https://svnweb.freebsd.org/changeset/base/314127 Log: MFC r313493: Define ELF_ST_VISIBILITY(). Modified: stable/11/sys/sys/elf_generic.h Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/sys/elf_generic.h == --- stable/11/sys/sys/elf_generic.h Thu Feb 23 07:12:18 2017 (r314126) +++ stable/11/sys/sys/elf_generic.h Thu Feb 23 07:28:29 2017 (r314127) @@ -84,5 +84,6 @@ __ElfType(Ssize); #defineELF_ST_BIND __ELFN(ST_BIND) #defineELF_ST_TYPE __ELFN(ST_TYPE) #defineELF_ST_INFO __ELFN(ST_INFO) +#defineELF_ST_VISIBILITY __ELFN(ST_VISIBILITY) #endif /* !_SYS_ELF_GENERIC_H_ */ ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314126 - in releng/10.3: . crypto/openssl/crypto/evp sys/conf
Author: delphij Date: Thu Feb 23 07:12:18 2017 New Revision: 314126 URL: https://svnweb.freebsd.org/changeset/base/314126 Log: Fix OpenSSL RC4_MD5 cipher vulnerability. Approved by: so Modified: releng/10.3/UPDATING releng/10.3/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c releng/10.3/sys/conf/newvers.sh Modified: releng/10.3/UPDATING == --- releng/10.3/UPDATINGThu Feb 23 07:11:48 2017(r314125) +++ releng/10.3/UPDATINGThu Feb 23 07:12:18 2017(r314126) @@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITH stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20170223 p17 FreeBSD-SA-17:02.openssl + + Fix OpenSSL RC4_MD5 cipher vulnerability. + 20170111 p16 FreeBSD-SA-17:01.openssh Fix multiple vulnerabilities of OpenSSH. Modified: releng/10.3/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c == --- releng/10.3/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c Thu Feb 23 07:11:48 2017(r314125) +++ releng/10.3/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c Thu Feb 23 07:12:18 2017(r314126) @@ -267,6 +267,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_ len = p[arg - 2] << 8 | p[arg - 1]; if (!ctx->encrypt) { +if (len < MD5_DIGEST_LENGTH) +return -1; len -= MD5_DIGEST_LENGTH; p[arg - 2] = len >> 8; p[arg - 1] = len; Modified: releng/10.3/sys/conf/newvers.sh == --- releng/10.3/sys/conf/newvers.sh Thu Feb 23 07:11:48 2017 (r314125) +++ releng/10.3/sys/conf/newvers.sh Thu Feb 23 07:12:18 2017 (r314126) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.3" -BRANCH="RELEASE-p16" +BRANCH="RELEASE-p17" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314125 - in releng/11.0: . contrib/mdocml crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes/asm crypto/openssl/crypto/asn1 crypto/openssl/crypto/bn cry...
Author: delphij Date: Thu Feb 23 07:11:48 2017 New Revision: 314125 URL: https://svnweb.freebsd.org/changeset/base/314125 Log: Fix multiple vulnerabilities of OpenSSL. [SA-17:02] Fix system hang when booting when PCI-express HotPlug is enabled. [EN-17:01] Fix NIS master updates are not pushed to NIS slave. [EN-17:02] Fix compatibility with Hyper-V/storage after KB3172614 or KB3179574. [EN-17:03] Make makewhatis output reproducible. [EN-17:04] Approved by: so Modified: releng/11.0/UPDATING releng/11.0/contrib/mdocml/mandocdb.c releng/11.0/crypto/openssl/CHANGES releng/11.0/crypto/openssl/CONTRIBUTING releng/11.0/crypto/openssl/Configure releng/11.0/crypto/openssl/INSTALL releng/11.0/crypto/openssl/Makefile releng/11.0/crypto/openssl/Makefile.org releng/11.0/crypto/openssl/NEWS releng/11.0/crypto/openssl/README releng/11.0/crypto/openssl/apps/apps.c releng/11.0/crypto/openssl/apps/apps.h releng/11.0/crypto/openssl/apps/ca.c releng/11.0/crypto/openssl/apps/cms.c releng/11.0/crypto/openssl/apps/dgst.c releng/11.0/crypto/openssl/apps/dh.c releng/11.0/crypto/openssl/apps/dhparam.c releng/11.0/crypto/openssl/apps/dsa.c releng/11.0/crypto/openssl/apps/dsaparam.c releng/11.0/crypto/openssl/apps/ec.c releng/11.0/crypto/openssl/apps/ecparam.c releng/11.0/crypto/openssl/apps/enc.c releng/11.0/crypto/openssl/apps/gendh.c releng/11.0/crypto/openssl/apps/gendsa.c releng/11.0/crypto/openssl/apps/genpkey.c releng/11.0/crypto/openssl/apps/genrsa.c releng/11.0/crypto/openssl/apps/pkcs12.c releng/11.0/crypto/openssl/apps/pkcs7.c releng/11.0/crypto/openssl/apps/pkcs8.c releng/11.0/crypto/openssl/apps/pkey.c releng/11.0/crypto/openssl/apps/pkeyparam.c releng/11.0/crypto/openssl/apps/pkeyutl.c releng/11.0/crypto/openssl/apps/prime.c releng/11.0/crypto/openssl/apps/rand.c releng/11.0/crypto/openssl/apps/req.c releng/11.0/crypto/openssl/apps/rsa.c releng/11.0/crypto/openssl/apps/rsautl.c releng/11.0/crypto/openssl/apps/s_cb.c releng/11.0/crypto/openssl/apps/s_client.c releng/11.0/crypto/openssl/apps/s_server.c releng/11.0/crypto/openssl/apps/smime.c releng/11.0/crypto/openssl/apps/speed.c releng/11.0/crypto/openssl/apps/spkac.c releng/11.0/crypto/openssl/apps/srp.c releng/11.0/crypto/openssl/apps/verify.c releng/11.0/crypto/openssl/apps/x509.c releng/11.0/crypto/openssl/crypto/aes/asm/aes-s390x.pl releng/11.0/crypto/openssl/crypto/asn1/p5_pbev2.c releng/11.0/crypto/openssl/crypto/asn1/x_crl.c releng/11.0/crypto/openssl/crypto/bn/asm/x86_64-mont.pl releng/11.0/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl releng/11.0/crypto/openssl/crypto/bn/bn_exp.c releng/11.0/crypto/openssl/crypto/bn/bn_mul.c releng/11.0/crypto/openssl/crypto/bn/bn_prime.c releng/11.0/crypto/openssl/crypto/bn/bn_sqr.c releng/11.0/crypto/openssl/crypto/cms/cms_kari.c releng/11.0/crypto/openssl/crypto/dh/dh_key.c releng/11.0/crypto/openssl/crypto/dsa/dsa_pmeth.c releng/11.0/crypto/openssl/crypto/ec/ec2_mult.c releng/11.0/crypto/openssl/crypto/ecdh/ech_ossl.c releng/11.0/crypto/openssl/crypto/err/err.c releng/11.0/crypto/openssl/crypto/evp/e_aes.c releng/11.0/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c releng/11.0/crypto/openssl/crypto/evp/evp.h releng/11.0/crypto/openssl/crypto/evp/evp_err.c releng/11.0/crypto/openssl/crypto/evp/pmeth_fn.c releng/11.0/crypto/openssl/crypto/evp/pmeth_lib.c releng/11.0/crypto/openssl/crypto/modes/ctr128.c releng/11.0/crypto/openssl/crypto/opensslv.h releng/11.0/crypto/openssl/crypto/perlasm/x86_64-xlate.pl releng/11.0/crypto/openssl/crypto/rsa/rsa_gen.c releng/11.0/crypto/openssl/crypto/rsa/rsa_oaep.c releng/11.0/crypto/openssl/crypto/rsa/rsa_pmeth.c releng/11.0/crypto/openssl/crypto/s390xcap.c releng/11.0/crypto/openssl/crypto/ui/ui_lib.c releng/11.0/crypto/openssl/crypto/ui/ui_openssl.c releng/11.0/crypto/openssl/doc/apps/ocsp.pod releng/11.0/crypto/openssl/doc/crypto/EVP_DigestSignInit.pod releng/11.0/crypto/openssl/doc/crypto/EVP_DigestVerifyInit.pod releng/11.0/crypto/openssl/doc/crypto/RSA_generate_key.pod releng/11.0/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod releng/11.0/crypto/openssl/doc/crypto/X509_NAME_print_ex.pod releng/11.0/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod releng/11.0/crypto/openssl/doc/ssl/SSL_get_error.pod releng/11.0/crypto/openssl/doc/ssl/SSL_read.pod releng/11.0/crypto/openssl/doc/ssl/SSL_write.pod releng/11.0/crypto/openssl/engines/ccgost/Makefile releng/11.0/crypto/openssl/ssl/bad_dtls_test.c releng/11.0/crypto/openssl/ssl/s23_pkt.c releng/11.0/crypto/openssl/ssl/s2_lib.c releng/11.0/crypto/openssl/ssl/s2_pkt.c releng/11.0/crypto/openssl/ssl/s3_clnt.c releng/11.0/crypto/openssl/ssl/s3_pkt.c releng/11.0/crypto/openssl/ssl/s3_srvr.c releng/11.0/crypto/openssl/ssl/ssl_cert.c releng/11.0/crypto/openssl/ssl/ssl_err.c
svn commit: r314124 - stable/10/sys/dev/hyperv/netvsc
Author: dexuan Date: Thu Feb 23 07:07:21 2017 New Revision: 314124 URL: https://svnweb.freebsd.org/changeset/base/314124 Log: MFC r312689, r312690 Approved by: sephe (mentor) r312689 hyperv/hn: add a sysctl name for the VF interface This makes it easier for the userland script to find the releated VF interface. Reviewed by: sephe Approved by: sephe (mentor) Sponsored by: Microsoft Differential Revision:https://reviews.freebsd.org/D9101 r312690 hyperv/hn: add devctl_notify for VF_UP/DOWN events Reviewed by: sephe Approved by: sephe (mentor) Sponsored by: Microsoft Differential Revision:https://reviews.freebsd.org/D9102 Modified: stable/10/sys/dev/hyperv/netvsc/if_hn.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/dev/hyperv/netvsc/if_hn.c == --- stable/10/sys/dev/hyperv/netvsc/if_hn.c Thu Feb 23 07:04:17 2017 (r314123) +++ stable/10/sys/dev/hyperv/netvsc/if_hn.c Thu Feb 23 07:07:21 2017 (r314124) @@ -294,6 +294,7 @@ static int hn_txagg_pkts_sysctl(SYSCTL static int hn_txagg_pktmax_sysctl(SYSCTL_HANDLER_ARGS); static int hn_txagg_align_sysctl(SYSCTL_HANDLER_ARGS); static int hn_polling_sysctl(SYSCTL_HANDLER_ARGS); +static int hn_vf_sysctl(SYSCTL_HANDLER_ARGS); static voidhn_stop(struct hn_softc *, bool); static voidhn_init_locked(struct hn_softc *); @@ -982,6 +983,9 @@ hn_set_vf(struct hn_softc *sc, struct if hn_resume_mgmt(sc); } + devctl_notify("HYPERV_NIC_VF", if_name(hn_ifp), + vf ? "VF_UP" : "VF_DOWN", NULL); + if (bootverbose) if_printf(hn_ifp, "Data path is switched %s %s\n", vf ? "to" : "from", if_name(ifp)); @@ -1232,6 +1236,9 @@ hn_attach(device_t dev) CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_MPSAFE, sc, 0, hn_polling_sysctl, "I", "Polling frequency: [100,100], 0 disable polling"); + SYSCTL_ADD_PROC(ctx, child, OID_AUTO, "vf", + CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, sc, 0, + hn_vf_sysctl, "A", "Virtual Function's name"); /* * Setup the ifmedia, which has been initialized earlier. @@ -3205,6 +3212,22 @@ hn_rss_hash_sysctl(SYSCTL_HANDLER_ARGS) } static int +hn_vf_sysctl(SYSCTL_HANDLER_ARGS) +{ + struct hn_softc *sc = arg1; + char vf_name[128]; + struct ifnet *vf; + + HN_LOCK(sc); + vf_name[0] = '\0'; + vf = sc->hn_rx_ring[0].hn_vf; + if (vf != NULL) + snprintf(vf_name, sizeof(vf_name), "%s", if_name(vf)); + HN_UNLOCK(sc); + return sysctl_handle_string(oidp, vf_name, sizeof(vf_name), req); +} + +static int hn_check_iplen(const struct mbuf *m, int hoff) { const struct ip *ip; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314123 - stable/10/sys/dev/hyperv/netvsc
Author: dexuan Date: Thu Feb 23 07:04:17 2017 New Revision: 314123 URL: https://svnweb.freebsd.org/changeset/base/314123 Log: MFC: r312688 Approved by: sephe (mentor) r312688 hyperv/hn: add the support for VF drivers (SR-IOV) Hyper-V's NIC SR-IOV implementation needs a Hyper-V synthetic NIC and a VF NIC to work together (both NICs have the same MAC address), mainly to support seamless live migration. When the VF device becomes UP (or DOWN), the synthetic NIC driver needs to switch the data path from the synthetic NIC to the VF (or the opposite). Note: multicast/broadcast packets are still received through the synthetic NIC and we need to inject the packets through the VF interface (if the VF is UP), even if the synthetic NIC is DOWN (so we need to force the rxfilter to be NDIS_PACKET_TYPE_PROMISCUOUS, when the VF is UP). Reviewed by: sephe Approved by: sephe (mentor) Sponsored by: Microsoft Differential Revision:https://reviews.freebsd.org/D8964 Modified: stable/10/sys/dev/hyperv/netvsc/hn_nvs.c stable/10/sys/dev/hyperv/netvsc/hn_nvs.h stable/10/sys/dev/hyperv/netvsc/if_hn.c stable/10/sys/dev/hyperv/netvsc/if_hnreg.h stable/10/sys/dev/hyperv/netvsc/if_hnvar.h Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/dev/hyperv/netvsc/hn_nvs.c == --- stable/10/sys/dev/hyperv/netvsc/hn_nvs.cThu Feb 23 06:57:18 2017 (r314122) +++ stable/10/sys/dev/hyperv/netvsc/hn_nvs.cThu Feb 23 07:04:17 2017 (r314123) @@ -500,6 +500,8 @@ hn_nvs_conf_ndis(struct hn_softc *sc, in conf.nvs_type = HN_NVS_TYPE_NDIS_CONF; conf.nvs_mtu = mtu; conf.nvs_caps = HN_NVS_NDIS_CONF_VLAN; + if (sc->hn_nvs_ver >= HN_NVS_VERSION_5) + conf.nvs_caps |= HN_NVS_NDIS_CONF_SRIOV; /* NOTE: No response. */ error = hn_nvs_req_send(sc, , sizeof(conf)); @@ -719,3 +721,15 @@ hn_nvs_send_rndis_ctrl(struct vmbus_chan return hn_nvs_send_rndis_sglist(chan, HN_NVS_RNDIS_MTYPE_CTRL, sndc, gpa, gpa_cnt); } + +void +hn_nvs_set_datapath(struct hn_softc *sc, uint32_t path) +{ + struct hn_nvs_datapath dp; + + memset(, 0, sizeof(dp)); + dp.nvs_type = HN_NVS_TYPE_SET_DATAPATH; + dp.nvs_active_path = path; + + hn_nvs_req_send(sc, , sizeof(dp)); +} Modified: stable/10/sys/dev/hyperv/netvsc/hn_nvs.h == --- stable/10/sys/dev/hyperv/netvsc/hn_nvs.hThu Feb 23 06:57:18 2017 (r314122) +++ stable/10/sys/dev/hyperv/netvsc/hn_nvs.hThu Feb 23 07:04:17 2017 (r314123) @@ -100,6 +100,7 @@ voidhn_nvs_sent_xact(struct hn_nvs_sen inthn_nvs_send_rndis_ctrl(struct vmbus_channel *chan, struct hn_nvs_sendctx *sndc, struct vmbus_gpa *gpa, int gpa_cnt); +void hn_nvs_set_datapath(struct hn_softc *sc, uint32_t path); extern struct hn_nvs_sendctx hn_nvs_sendctx_none; Modified: stable/10/sys/dev/hyperv/netvsc/if_hn.c == --- stable/10/sys/dev/hyperv/netvsc/if_hn.c Thu Feb 23 06:57:18 2017 (r314122) +++ stable/10/sys/dev/hyperv/netvsc/if_hn.c Thu Feb 23 07:04:17 2017 (r314123) @@ -77,6 +77,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include @@ -85,6 +86,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include #include @@ -211,6 +213,11 @@ struct hn_rxinfo { uint32_thash_value; }; +struct hn_update_vf { + struct hn_rx_ring *rxr; + struct ifnet*vf; +}; + #define HN_RXINFO_VLAN 0x0001 #define HN_RXINFO_CSUM 0x0002 #define HN_RXINFO_HASHINF 0x0004 @@ -288,7 +295,7 @@ static int hn_txagg_pktmax_sysctl(SYSC static int hn_txagg_align_sysctl(SYSCTL_HANDLER_ARGS); static int hn_polling_sysctl(SYSCTL_HANDLER_ARGS); -static voidhn_stop(struct hn_softc *); +static voidhn_stop(struct hn_softc *, bool); static voidhn_init_locked(struct hn_softc *); static int hn_chan_attach(struct hn_softc *, struct vmbus_channel *); @@ -696,7 +703,8 @@ hn_rxfilter_config(struct hn_softc *sc) HN_LOCK_ASSERT(sc); - if (ifp->if_flags & IFF_PROMISC) { + if ((ifp->if_flags & IFF_PROMISC) || + (sc->hn_flags & HN_FLAG_VF)) { filter = NDIS_PACKET_TYPE_PROMISCUOUS; } else { filter = NDIS_PACKET_TYPE_DIRECTED; @@ -883,6 +891,119 @@
svn commit: r314122 - stable/10/sys/net
Author: dexuan Date: Thu Feb 23 06:57:18 2017 New Revision: 314122 URL: https://svnweb.freebsd.org/changeset/base/314122 Log: MFC: r312687, r312916 Approved by: sephe (mentor) r312687 ifnet: introduce event handlers for ifup/ifdown events Hyper-V's NIC SR-IOV implementation needs a Hyper-V synthetic NIC and a VF NIC to work together, mainly to support seamless live migration. When the VF device becomes UP (or DOWN), the synthetic NIC driver needs to switch the data path from the synthetic NIC to the VF (or the opposite). So the synthetic NIC driver needs to know when a VF device is becoming UP or DOWN and hence the patch is made. Reviewed by: sephe Approved by: sephe (mentor) Sponsored by: Microsoft Differential Revision:https://reviews.freebsd.org/D8963 r312916 ifnet: move the new ifnet_event EVENTHANDLER_DECLARE to net/if_var.h Thank glebius for pointing this out: "The network stuff shall not be added to sys/eventhandler.h" Reviewed by: David_A_Bright_DELL.com, sephe, glebius Approved by: sephe (mentor) Sponsored by: Microsoft Differential Revision:https://reviews.freebsd.org/D9345 Modified: stable/10/sys/net/if.c stable/10/sys/net/if_var.h Modified: stable/10/sys/net/if.c == --- stable/10/sys/net/if.c Thu Feb 23 06:49:46 2017(r314121) +++ stable/10/sys/net/if.c Thu Feb 23 06:57:18 2017(r314122) @@ -2183,6 +2183,7 @@ void if_down(struct ifnet *ifp) { + EVENTHANDLER_INVOKE(ifnet_event, ifp, IFNET_EVENT_DOWN); if_unroute(ifp, IFF_UP, AF_UNSPEC); } @@ -2195,6 +2196,7 @@ if_up(struct ifnet *ifp) { if_route(ifp, IFF_UP, AF_UNSPEC); + EVENTHANDLER_INVOKE(ifnet_event, ifp, IFNET_EVENT_UP); } /* Modified: stable/10/sys/net/if_var.h == --- stable/10/sys/net/if_var.h Thu Feb 23 06:49:46 2017(r314121) +++ stable/10/sys/net/if_var.h Thu Feb 23 06:57:18 2017(r314122) @@ -424,6 +424,11 @@ EVENTHANDLER_DECLARE(ifnet_departure_eve /* Interface link state change event */ typedef void (*ifnet_link_event_handler_t)(void *, struct ifnet *, int); EVENTHANDLER_DECLARE(ifnet_link_event, ifnet_link_event_handler_t); +/* Interface up/down event */ +#define IFNET_EVENT_UP 0 +#define IFNET_EVENT_DOWN 1 +typedef void (*ifnet_event_fn)(void *, struct ifnet *ifp, int event); +EVENTHANDLER_DECLARE(ifnet_event, ifnet_event_fn); /* * interface groups ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314121 - stable/10/sys/dev/hyperv/netvsc
Author: dexuan Date: Thu Feb 23 06:49:46 2017 New Revision: 314121 URL: https://svnweb.freebsd.org/changeset/base/314121 Log: MFC: r312685, r312686 Approved by: sephe (mentor) r312685 hyperv/hn: remember the channel pointer in struct hn_rx_ring This will be used by the coming NIC SR-IOV patch. Reviewed by: sephe Approved by: sephe (mentor) Sponsored by: Microsoft Differential Revision:https://reviews.freebsd.org/D8909 r312686 hyperv/hn: remove the MTU and IFF_DRV_RUNNING checking in hn_rxpkt() It's unnecessary because the upper nework stack does the same checking. In the case of Hyper-V SR-IOV, we need to remove the checking because 1) multicast/broadcast packets are still received through the synthetic NIC and we need to inject the packets through the VF interface; 2) we must inject the packets even if the synthetic NIC is down, or has a different MTU from the VF device. Reviewed by: sephe Approved by: sephe (mentor) Sponsored by: Microsoft Differential Revision:https://reviews.freebsd.org/D8962 Modified: stable/10/sys/dev/hyperv/netvsc/if_hn.c stable/10/sys/dev/hyperv/netvsc/if_hnvar.h Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/dev/hyperv/netvsc/if_hn.c == --- stable/10/sys/dev/hyperv/netvsc/if_hn.c Thu Feb 23 05:40:59 2017 (r314120) +++ stable/10/sys/dev/hyperv/netvsc/if_hn.c Thu Feb 23 06:49:46 2017 (r314121) @@ -2118,15 +2118,7 @@ hn_rxpkt(struct hn_rx_ring *rxr, const v int size, do_lro = 0, do_csum = 1; int hash_type = M_HASHTYPE_OPAQUE; - if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) - return (0); - - /* -* Bail out if packet contains more data than configured MTU. -*/ - if (dlen > (ifp->if_mtu + ETHER_HDR_LEN)) { - return (0); - } else if (dlen <= MHLEN) { + if (dlen <= MHLEN) { m_new = m_gethdr(M_NOWAIT, MT_DATA); if (m_new == NULL) { if_inc_counter(ifp, IFCOUNTER_IQDROPS, 1); @@ -4297,6 +4289,7 @@ hn_chan_attach(struct hn_softc *sc, stru KASSERT((rxr->hn_rx_flags & HN_RX_FLAG_ATTACHED) == 0, ("RX ring %d already attached", idx)); rxr->hn_rx_flags |= HN_RX_FLAG_ATTACHED; + rxr->hn_chan = chan; if (bootverbose) { if_printf(sc->hn_ifp, "link RX ring %d to chan%u\n", Modified: stable/10/sys/dev/hyperv/netvsc/if_hnvar.h == --- stable/10/sys/dev/hyperv/netvsc/if_hnvar.h Thu Feb 23 05:40:59 2017 (r314120) +++ stable/10/sys/dev/hyperv/netvsc/if_hnvar.h Thu Feb 23 06:49:46 2017 (r314121) @@ -85,6 +85,8 @@ struct hn_rx_ring { void*hn_br; /* TX/RX bufring */ struct hyperv_dma hn_br_dma; + + struct vmbus_channel *hn_chan; } __aligned(CACHE_LINE_SIZE); #define HN_TRUST_HCSUM_IP 0x0001 ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314120 - head/contrib/blacklist/bin
Author: lidl Date: Thu Feb 23 05:40:59 2017 New Revision: 314120 URL: https://svnweb.freebsd.org/changeset/base/314120 Log: Reset failed login count to zero when removing a blocked address The blacklistd daemon keeps records of failed login attempts for each address:port that is flagged as a failed login. When a successful login occurs for that address:port combination, the record's last update time is set to zero, to indicate no current failed login attempts. Reset the failed login count to zero, so that at the next failed login attempt, the counting will restart properly at zero. Without this reset to zero, the first failed login after a successful login will cause the address to be blocked immediately. When debugging is turned on, output more information about database state before and after the database updates have occured. A similar patch has already been upstreamed to NetBSD. MFC after:3 days Sponsored by: The FreeBSD Foundation Modified: head/contrib/blacklist/bin/blacklistd.c Modified: head/contrib/blacklist/bin/blacklistd.c == --- head/contrib/blacklist/bin/blacklistd.c Thu Feb 23 05:33:20 2017 (r314119) +++ head/contrib/blacklist/bin/blacklistd.c Thu Feb 23 05:40:59 2017 (r314120) @@ -207,7 +207,7 @@ process(bl_t bl) if (debug) { char b1[128], b2[128]; - (*lfun)(LOG_DEBUG, "%s: db state info for %s: count=%d/%d " + (*lfun)(LOG_DEBUG, "%s: initial db state for %s: count=%d/%d " "last=%s now=%s", __func__, rbuf, dbi.count, c.c_nfail, fmttime(b1, sizeof(b1), dbi.last), fmttime(b2, sizeof(b2), ts.tv_sec)); @@ -246,15 +246,24 @@ process(bl_t bl) case BL_DELETE: if (dbi.last == 0) goto out; + dbi.count = 0; dbi.last = 0; break; default: (*lfun)(LOG_ERR, "unknown message %d", bi->bi_type); } - if (state_put(state, , ) == -1) - goto out; + state_put(state, , ); + out: close(bi->bi_fd); + + if (debug) { + char b1[128], b2[128]; + (*lfun)(LOG_DEBUG, "%s: final db state for %s: count=%d/%d " + "last=%s now=%s", __func__, rbuf, dbi.count, c.c_nfail, + fmttime(b1, sizeof(b1), dbi.last), + fmttime(b2, sizeof(b2), ts.tv_sec)); + } } static void @@ -393,7 +402,7 @@ rules_restore(void) int main(int argc, char *argv[]) { - int c, tout, flags, flush, restore; + int c, tout, flags, flush, restore, ret; const char *spath, *blsock; setprogname(argv[0]); @@ -512,7 +521,10 @@ main(int argc, char *argv[]) readconf = 0; conf_parse(configfile); } - switch (poll(pfd, (nfds_t)nfd, tout)) { + ret = poll(pfd, (nfds_t)nfd, tout); + if (debug) + (*lfun)(LOG_DEBUG, "received %d from poll()", ret); + switch (ret) { case -1: if (errno == EINTR) continue; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314119 - head/sys/dev/extres/clk
Author: manu Date: Thu Feb 23 05:33:20 2017 New Revision: 314119 URL: https://svnweb.freebsd.org/changeset/base/314119 Log: Do not check divider length if we have a div table. Reviewed by: mmel Modified: head/sys/dev/extres/clk/clk_div.c Modified: head/sys/dev/extres/clk/clk_div.c == --- head/sys/dev/extres/clk/clk_div.c Thu Feb 23 04:26:17 2017 (r314118) +++ head/sys/dev/extres/clk/clk_div.c Thu Feb 23 05:33:20 2017 (r314119) @@ -195,7 +195,8 @@ clknode_div_set_freq(struct clknode *clk hw_i_div--; *stop = 1; - if (hw_i_div > sc->i_mask) { + if (hw_i_div > sc->i_mask && + ((sc->div_flags & CLK_DIV_WITH_TABLE) == 0)) { /* XXX Or only return error? */ printf("%s: %s integer divider is too big: %u\n", clknode_get_name(clk), __func__, hw_i_div); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r314075 - head/tests/sys/kern
On 02/22/2017 10:05 PM, Ian Lepore wrote: On Wed, 2017-02-22 at 04:35 +, Eric Badger wrote: Author: badger Date: Wed Feb 22 04:35:07 2017 New Revision: 314075 URL: https://svnweb.freebsd.org/changeset/base/314075 Log: Fix world build for archs where __builtin_debugtrap() does not work. The offending code was introduced in r313992. Reported by: rpokala Approved by: kib (mentor) Modified: head/tests/sys/kern/ptrace_test.c Modified: head/tests/sys/kern/ptrace_test.c = = --- head/tests/sys/kern/ptrace_test.c Wed Feb 22 04:28:10 2017 (r314074) +++ head/tests/sys/kern/ptrace_test.c Wed Feb 22 04:35:07 2017 (r314075) @@ -37,6 +37,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include #include @@ -1690,7 +1691,7 @@ ATF_TC_BODY(ptrace__PT_KILL_breakpoint, ATF_REQUIRE((fpid = fork()) != -1); if (fpid == 0) { trace_me(); - __builtin_debugtrap(); + breakpoint(); exit(1); } This fixes only x86 and sparc64. All other arches have breakpoint() under the #ifdef KERNEL wrapper (I have no idea why). If fixing this is going to take any longer, can we disconnect this test from the build until it gets worked out? -- Ian Yes, that was my error. In my haste to fix things, I misread the headers and thought I had breakpoint() everywhere (and only tested sparc64/amd64). Sorry about that. It should be fixed in r314118. Eric ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314118 - head/tests/sys/kern
Author: badger Date: Thu Feb 23 04:26:17 2017 New Revision: 314118 URL: https://svnweb.freebsd.org/changeset/base/314118 Log: Actually fix buildworlds other than i386/amd64/sparc64 after r313992 Disable offending test for platforms without a userspace visible breakpoint(). Reported by: rpokala Approved by: vangyzen (mentor) Modified: head/tests/sys/kern/ptrace_test.c Modified: head/tests/sys/kern/ptrace_test.c == --- head/tests/sys/kern/ptrace_test.c Thu Feb 23 02:28:08 2017 (r314117) +++ head/tests/sys/kern/ptrace_test.c Thu Feb 23 04:26:17 2017 (r314118) @@ -1679,6 +1679,11 @@ ATF_TC_BODY(ptrace__ptrace_vfork_follow, } /* + * XXX: There's nothing inherently platform specific about this test, however a + * userspace visible breakpoint() is a prerequisite. + */ + #if defined(__amd64__) || defined(__i386__) || defined(__sparc64__) +/* * Verify that no more events are reported after PT_KILL except for the * process exit when stopped due to a breakpoint trap. */ @@ -1723,6 +1728,7 @@ ATF_TC_BODY(ptrace__PT_KILL_breakpoint, ATF_REQUIRE(wpid == -1); ATF_REQUIRE(errno == ECHILD); } +#endif /* defined(__amd64__) || defined(__i386__) || defined(__sparc64__) */ /* * Verify that no more events are reported after PT_KILL except for the @@ -2806,7 +2812,9 @@ ATF_TP_ADD_TCS(tp) ATF_TP_ADD_TC(tp, ptrace__event_mask); ATF_TP_ADD_TC(tp, ptrace__ptrace_vfork); ATF_TP_ADD_TC(tp, ptrace__ptrace_vfork_follow); +#if defined(__amd64__) || defined(__i386__) || defined(__sparc64__) ATF_TP_ADD_TC(tp, ptrace__PT_KILL_breakpoint); +#endif ATF_TP_ADD_TC(tp, ptrace__PT_KILL_system_call); ATF_TP_ADD_TC(tp, ptrace__PT_KILL_threads); ATF_TP_ADD_TC(tp, ptrace__PT_KILL_competing_signal); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r314075 - head/tests/sys/kern
On Wed, 2017-02-22 at 04:35 +, Eric Badger wrote: > Author: badger > Date: Wed Feb 22 04:35:07 2017 > New Revision: 314075 > URL: https://svnweb.freebsd.org/changeset/base/314075 > > Log: > Fix world build for archs where __builtin_debugtrap() does not > work. > > The offending code was introduced in r313992. > > Reported by:rpokala > Approved by:kib (mentor) > > Modified: > head/tests/sys/kern/ptrace_test.c > > Modified: head/tests/sys/kern/ptrace_test.c > = > = > --- head/tests/sys/kern/ptrace_test.c Wed Feb 22 04:28:10 2017 > (r314074) > +++ head/tests/sys/kern/ptrace_test.c Wed Feb 22 04:35:07 2017 > (r314075) > @@ -37,6 +37,7 @@ __FBSDID("$FreeBSD$"); > #include > #include > #include > +#include > #include > #include > #include > @@ -1690,7 +1691,7 @@ ATF_TC_BODY(ptrace__PT_KILL_breakpoint, > ATF_REQUIRE((fpid = fork()) != -1); > if (fpid == 0) { > trace_me(); > - __builtin_debugtrap(); > + breakpoint(); > exit(1); > } > > This fixes only x86 and sparc64. All other arches have breakpoint() under the #ifdef KERNEL wrapper (I have no idea why). If fixing this is going to take any longer, can we disconnect this test from the build until it gets worked out? -- Ian ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314117 - in head/usr.sbin/makefs: . cd9660
Author: emaste Date: Thu Feb 23 02:28:08 2017 New Revision: 314117 URL: https://svnweb.freebsd.org/changeset/base/314117 Log: makefs: eliminate global cd9660 structure For diff reduction with NetBSD NetBSD file versions: cd9660.c 1.39 cd9660.h 1.19 cd9660/cd9660_debug.c 1.12 cd9660/cd9660_eltorito.c 1.20 cd9660/cd9660_write.c 1.16 cd9660/iso9660_rrip.c 1.12 cd9660/iso9660_rrip.h 1.6 Reviewed by: ngie Obtained from:NetBSD MFC after:1 month Sponsored by: The FreeBSD Foundation Differential Revision:https://reviews.freebsd.org/D9627 Modified: head/usr.sbin/makefs/cd9660.c head/usr.sbin/makefs/cd9660.h head/usr.sbin/makefs/cd9660/cd9660_debug.c head/usr.sbin/makefs/cd9660/cd9660_eltorito.c head/usr.sbin/makefs/cd9660/cd9660_write.c head/usr.sbin/makefs/cd9660/iso9660_rrip.c head/usr.sbin/makefs/cd9660/iso9660_rrip.h Modified: head/usr.sbin/makefs/cd9660.c == --- head/usr.sbin/makefs/cd9660.c Thu Feb 23 01:18:47 2017 (r314116) +++ head/usr.sbin/makefs/cd9660.c Thu Feb 23 02:28:08 2017 (r314117) @@ -109,58 +109,59 @@ __FBSDID("$FreeBSD$"); #include "cd9660/iso9660_rrip.h" #include "cd9660/cd9660_archimedes.h" -/* - * Global variables - */ -iso9660_disk diskStructure; - -static void cd9660_finalize_PVD(void); +static void cd9660_finalize_PVD(iso9660_disk *); static cd9660node *cd9660_allocate_cd9660node(void); -static void cd9660_set_defaults(void); +static void cd9660_set_defaults(iso9660_disk *); static int cd9660_arguments_set_string(const char *, const char *, int, char, char *); static void cd9660_populate_iso_dir_record( struct _iso_directory_record_cd9660 *, u_char, u_char, u_char, const char *); -static void cd9660_setup_root_node(void); -static int cd9660_setup_volume_descriptors(void); +static void cd9660_setup_root_node(iso9660_disk *); +static int cd9660_setup_volume_descriptors(iso9660_disk *); #if 0 static int cd9660_fill_extended_attribute_record(cd9660node *); #endif static void cd9660_sort_nodes(cd9660node *); -static int cd9660_translate_node_common(cd9660node *); -static int cd9660_translate_node(fsnode *, cd9660node *); +static int cd9660_translate_node_common(iso9660_disk *, cd9660node *); +static int cd9660_translate_node(iso9660_disk *, fsnode *, cd9660node *); static int cd9660_compare_filename(const char *, const char *); static void cd9660_sorted_child_insert(cd9660node *, cd9660node *); -static int cd9660_handle_collisions(cd9660node *, int); -static cd9660node *cd9660_rename_filename(cd9660node *, int, int); -static void cd9660_copy_filenames(cd9660node *); +static int cd9660_handle_collisions(iso9660_disk *, cd9660node *, int); +static cd9660node *cd9660_rename_filename(iso9660_disk *, cd9660node *, int, +int); +static void cd9660_copy_filenames(iso9660_disk *, cd9660node *); static void cd9660_sorting_nodes(cd9660node *); static int cd9660_count_collisions(cd9660node *); -static cd9660node *cd9660_rrip_move_directory(cd9660node *); -static int cd9660_add_dot_records(cd9660node *); +static cd9660node *cd9660_rrip_move_directory(iso9660_disk *, cd9660node *); +static int cd9660_add_dot_records(iso9660_disk *, cd9660node *); -static void cd9660_convert_structure(fsnode *, cd9660node *, int, +static void cd9660_convert_structure(iso9660_disk *, fsnode *, cd9660node *, int, int *, int *); static void cd9660_free_structure(cd9660node *); -static int cd9660_generate_path_table(void); -static int cd9660_level1_convert_filename(const char *, char *, int); -static int cd9660_level2_convert_filename(const char *, char *, int); +static int cd9660_generate_path_table(iso9660_disk *); +static int cd9660_level1_convert_filename(iso9660_disk *, const char *, char *, +int); +static int cd9660_level2_convert_filename(iso9660_disk *, const char *, char *, +int); #if 0 -static int cd9660_joliet_convert_filename(const char *, char *, int); +static int cd9660_joliet_convert_filename(iso9660_disk *, const char *, char *, +int); #endif -static int cd9660_convert_filename(const char *, char *, int); -static void cd9660_populate_dot_records(cd9660node *); -static int64_t cd9660_compute_offsets(cd9660node *, int64_t); +static int cd9660_convert_filename(iso9660_disk *, const char *, char *, int); +static void cd9660_populate_dot_records(iso9660_disk *, cd9660node *); +static int64_t cd9660_compute_offsets(iso9660_disk *, cd9660node *, int64_t); #if 0 static int cd9660_copy_stat_info(cd9660node *, cd9660node *, int); #endif -static cd9660node *cd9660_create_virtual_entry(const char *, cd9660node *, int, -int); -static cd9660node *cd9660_create_file(const char *, cd9660node *, cd9660node *); -static cd9660node *cd9660_create_directory(const char *, cd9660node *, +static cd9660node *cd9660_create_virtual_entry(iso9660_disk *, const char *, +cd9660node *, int, int);
Re: svn commit: r314116 - head/sys/kern
On Wed, Feb 22, 2017 at 8:18 PM, Jonathan T. Looneywrote: > Author: jtl > Date: Thu Feb 23 01:18:47 2017 > New Revision: 314116 > URL: https://svnweb.freebsd.org/changeset/base/314116 > > Log: > Fix a panic during boot caused by inadequate locking of some vt(4) driver > data structures. > > vt_change_font() calls vtbuf_grow() to change some vt driver data > structures. It uses TF_MUTE to prevent the console from trying to use > those > data structures while it changes them. > > During the early stage of the boot process, the vt driver's tc_done > routine > uses those data structures; however, it is currently called outside the > TF_MUTE check. > > Move the tc_done routine inside the locked TF_MUTE check. > > PR: 217282 > Reviewed by: ed, ray > Sponsored by: Netflix > Differential Revision:https://reviews.freebsd.org/D9709 Sorry, this should also say: MFC after: 2 weeks The change should go back to stable/11, since EARLY_AP_STARTUP is an option there. (It appears EARLY_AP_STARTUP is a prerequisite for hitting this bug.) Jonathan ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314116 - head/sys/kern
Author: jtl Date: Thu Feb 23 01:18:47 2017 New Revision: 314116 URL: https://svnweb.freebsd.org/changeset/base/314116 Log: Fix a panic during boot caused by inadequate locking of some vt(4) driver data structures. vt_change_font() calls vtbuf_grow() to change some vt driver data structures. It uses TF_MUTE to prevent the console from trying to use those data structures while it changes them. During the early stage of the boot process, the vt driver's tc_done routine uses those data structures; however, it is currently called outside the TF_MUTE check. Move the tc_done routine inside the locked TF_MUTE check. PR: 217282 Reviewed by: ed, ray Sponsored by: Netflix Differential Revision:https://reviews.freebsd.org/D9709 Modified: head/sys/kern/subr_terminal.c Modified: head/sys/kern/subr_terminal.c == --- head/sys/kern/subr_terminal.c Thu Feb 23 00:02:49 2017 (r314115) +++ head/sys/kern/subr_terminal.c Thu Feb 23 01:18:47 2017 (r314116) @@ -375,7 +375,10 @@ termtty_outwakeup(struct tty *tp) TERMINAL_UNLOCK_TTY(tm); } - tm->tm_class->tc_done(tm); + TERMINAL_LOCK_TTY(tm); + if (!(tm->tm_flags & TF_MUTE)) + tm->tm_class->tc_done(tm); + TERMINAL_UNLOCK_TTY(tm); if (flags & TF_BELL) tm->tm_class->tc_bell(tm); } @@ -545,10 +548,9 @@ termcn_cnputc(struct consdev *cp, int c) teken_set_curattr(>tm_emulator, _message); teken_input(>tm_emulator, , 1); teken_set_curattr(>tm_emulator, ); + tm->tm_class->tc_done(tm); } TERMINAL_UNLOCK_CONS(tm); - - tm->tm_class->tc_done(tm); } /* ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r314114 - head/sys/boot/mips/beri/boot2
On Wednesday, February 22, 2017 11:58:54 PM John Baldwin wrote: > Author: jhb > Date: Wed Feb 22 23:58:54 2017 > New Revision: 314114 > URL: https://svnweb.freebsd.org/changeset/base/314114 > > Log: > Use LDFLAGS with CC instead of _LDFLAGS. > > This is a followup to r311458. _LDFLAGS is for use with LD, whereas > LDFLAGS is for use with CC. This was actually Reviewed by: kan and D9707. Forgot to add metadata to commit. :-/ -- John Baldwin ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314115 - head/libexec/rtld-elf/mips
Author: jhb Date: Thu Feb 23 00:02:49 2017 New Revision: 314115 URL: https://svnweb.freebsd.org/changeset/base/314115 Log: Fully handle the special encoding of GOT[1] on mips64. The MIPS ABI does not require the second GOT entry to be reserved for use by the runtime linker as on other architectures. Instead, static linkers use a special value in the second GOT entry to indicate if the entry is reserved. This value is supposed to consist of an address with the MSB set and the rest of the bits all zero which is an invalid user address. However, the old binutils currently in the tree uses the 32-bit mask value (2^31) on 64-bit MIPS instead of 2^63. This was fixed in upstream binutils in 2008 to use 2^63 on 64-bit MIPS. The first part of this change changes the runtime check in init_pltgot() to check for both values (2^31 and 2^63) when deciding whether to store the current object pointer in GOT[1] which fixes dynamic N64 binaries compiled with modern binutils. However, the initial version of this fix exposed another related bug in that _rtld_relocate_nonplt_self() was only checking for the new value (2^63) in GOT[1] and incorrectly treated GOT[1] as a local GOT entry (and did not relocate the final local GOT entry). To handle this, fix all of the places that check for GOT[1]'s status to use the same macro that checks for both values on N64. Reviewed by: kan, imp Sponsored by: DARPA / AFRL Differential Revision:https://reviews.freebsd.org/D9708 Modified: head/libexec/rtld-elf/mips/reloc.c Modified: head/libexec/rtld-elf/mips/reloc.c == --- head/libexec/rtld-elf/mips/reloc.c Wed Feb 22 23:58:54 2017 (r314114) +++ head/libexec/rtld-elf/mips/reloc.c Thu Feb 23 00:02:49 2017 (r314115) @@ -51,12 +51,28 @@ __FBSDID("$FreeBSD$"); #defineGOT1_MASK 0x8000UL #endif +/* + * Determine if the second GOT entry is reserved for rtld or if it is + * the first "real" GOT entry. + * + * This must be a macro rather than a function so that + * _rtld_relocate_nonplt_self doesn't trigger a GOT invocation trying + * to use it before the local GOT entries in rtld are adjusted. + */ +#ifdef __mips_n64 +/* Old binutils uses the 32-bit GOT1 mask value for N64. */ +#define GOT1_RESERVED_FOR_RTLD(got)\ + (((got)[1] == 0x8000) || (got)[1] & GOT1_MASK) +#else +#define GOT1_RESERVED_FOR_RTLD(got)((got)[1] & GOT1_MASK) +#endif + void init_pltgot(Obj_Entry *obj) { if (obj->pltgot != NULL) { obj->pltgot[0] = (Elf_Addr) &_rtld_bind_start; - if (obj->pltgot[1] & 0x8000) + if (GOT1_RESERVED_FOR_RTLD(obj->pltgot)) obj->pltgot[1] = (Elf_Addr) obj | GOT1_MASK; } } @@ -175,7 +191,7 @@ _rtld_relocate_nonplt_self(Elf_Dyn *dynp } } - i = (got[1] & GOT1_MASK) ? 2 : 1; + i = GOT1_RESERVED_FOR_RTLD(got) ? 2 : 1; /* Relocate the local GOT entries */ got += i; for (; i < local_gotno; i++) { @@ -294,7 +310,7 @@ reloc_non_plt(Obj_Entry *obj, Obj_Entry dbg("%s: broken=%d", obj->path, broken); #endif - i = (got[1] & GOT1_MASK) ? 2 : 1; + i = GOT1_RESERVED_FOR_RTLD(got) ? 2 : 1; /* Relocate the local GOT entries */ got += i; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314114 - head/sys/boot/mips/beri/boot2
Author: jhb Date: Wed Feb 22 23:58:54 2017 New Revision: 314114 URL: https://svnweb.freebsd.org/changeset/base/314114 Log: Use LDFLAGS with CC instead of _LDFLAGS. This is a followup to r311458. _LDFLAGS is for use with LD, whereas LDFLAGS is for use with CC. Modified: head/sys/boot/mips/beri/boot2/Makefile Modified: head/sys/boot/mips/beri/boot2/Makefile == --- head/sys/boot/mips/beri/boot2/Makefile Wed Feb 22 23:57:22 2017 (r314113) +++ head/sys/boot/mips/beri/boot2/Makefile Wed Feb 22 23:58:54 2017 (r314114) @@ -71,7 +71,7 @@ LDFLAGS= -nostdlib \ CFLAGS+= -I${.CURDIR}/../common flashboot.elf: relocate.o start.o boot2.o altera_jtag_uart.o cfi.o sdcard.o - ${CC} ${_LDFLAGS} -T ${.CURDIR}/flashboot.ldscript -o ${.TARGET} \ + ${CC} ${LDFLAGS} -T ${.CURDIR}/flashboot.ldscript -o ${.TARGET} \ ${.ALLSRC} ${LIBSTAND} flashboot: flashboot.elf ${OBJCOPY} -S -O binary ${.TARGET}.elf ${.TARGET} @@ -79,7 +79,7 @@ flashboot.md5: flashboot md5 flashboot > flashboot.md5 jtagboot: start.o boot2.o altera_jtag_uart.o cfi.o sdcard.o - ${CC} ${_LDFLAGS} -T ${.CURDIR}/jtagboot.ldscript -o ${.TARGET} \ + ${CC} ${LDFLAGS} -T ${.CURDIR}/jtagboot.ldscript -o ${.TARGET} \ ${.ALLSRC} ${LIBSTAND} jtagboot.md5: jtagboot md5 jtagboot > jtagboot.md5 ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314113 - head/tests/sys/netinet
Author: asomers Date: Wed Feb 22 23:57:22 2017 New Revision: 314113 URL: https://svnweb.freebsd.org/changeset/base/314113 Log: Remove tests/sys/netinet/fibs_tests's dependency on net/socat Instead of bridging two tap interfaces with socat, just use an epair pair. MFC after:3 weeks Sponsored by: Spectra Logic Corp Modified: head/tests/sys/netinet/fibs_test.sh Modified: head/tests/sys/netinet/fibs_test.sh == --- head/tests/sys/netinet/fibs_test.sh Wed Feb 22 22:00:50 2017 (r314112) +++ head/tests/sys/netinet/fibs_test.sh Wed Feb 22 23:57:22 2017 (r314113) @@ -39,8 +39,7 @@ # arpresolve only checked the default route. # # Outline: -# Create two tap(4) interfaces -# Simulate a crossover cable between them by using net/socat +# Create two connected epair(4) interfaces # Use nping (from security/nmap) to send an ICMP echo request from one # interface to the other, spoofing the source IP. The source IP must be # spoofed, or else it will already have an entry in the arp table. @@ -51,7 +50,7 @@ arpresolve_checks_interface_fib_head() atf_set "descr" "arpresolve should check the interface fib, not the default fib, for routes" atf_set "require.user" "root" atf_set "require.config" "fibs" - atf_set "require.progs" "socat nping" + atf_set "require.progs" "nping" } arpresolve_checks_interface_fib_body() { @@ -74,19 +73,13 @@ arpresolve_checks_interface_fib_body() fi get_fibs 2 - # Configure TAP interfaces - setup_tap "$FIB0" inet ${ADDR0} ${MASK0} - TAP0=$TAP - setup_tap "$FIB1" inet ${ADDR1} ${MASK1} - TAP1=$TAP - - # Simulate a crossover cable - socat /dev/${TAP0} /dev/${TAP1} & - SOCAT_PID=$! - echo ${SOCAT_PID} >> "processes_to_kill" + # Configure epair interfaces + get_epair + setup_iface "$EPAIRA" "$FIB0" inet ${ADDR0} ${MASK0} + setup_iface "$EPAIRB" "$FIB1" inet ${ADDR1} ${MASK1} # Send an ICMP echo request with a spoofed source IP - setfib 2 nping -c 1 -e ${TAP0} -S ${SPOOF_ADDR} \ + setfib "$FIB0" nping -c 1 -e ${EPAIRA} -S ${SPOOF_ADDR} \ --source-mac ${SPOOF_MAC} --icmp --icmp-type "echo-request" \ --icmp-code 0 --icmp-id 0xdead --icmp-seq 1 --data 0xbeef \ ${ADDR1} @@ -94,17 +87,11 @@ arpresolve_checks_interface_fib_body() # characteristic error message dmesg | grep "llinfo.*${SPOOF_ADDR}" # Check that the ARP entry exists - atf_check -o match:"${SPOOF_ADDR}.*expires" setfib 3 arp ${SPOOF_ADDR} + atf_check -o match:"${SPOOF_ADDR}.*expires" setfib "$FIB1" arp ${SPOOF_ADDR} } arpresolve_checks_interface_fib_cleanup() { - if [ -f processes_to_kill ]; then - for pid in $(cat processes_to_kill); do - kill "${pid}" - done - rm -f processes_to_kill - fi - cleanup_tap + cleanup_ifaces } @@ -163,7 +150,7 @@ loopback_and_network_routes_on_nondefaul loopback_and_network_routes_on_nondefault_fib_cleanup() { - cleanup_tap + cleanup_ifaces } atf_test_case loopback_and_network_routes_on_nondefault_fib_inet6 cleanup @@ -221,7 +208,7 @@ loopback_and_network_routes_on_nondefaul loopback_and_network_routes_on_nondefault_fib_inet6_cleanup() { - cleanup_tap + cleanup_ifaces } @@ -270,7 +257,7 @@ default_route_with_multiple_fibs_on_same default_route_with_multiple_fibs_on_same_subnet_cleanup() { - cleanup_tap + cleanup_ifaces } atf_test_case default_route_with_multiple_fibs_on_same_subnet_inet6 cleanup @@ -317,7 +304,7 @@ default_route_with_multiple_fibs_on_same default_route_with_multiple_fibs_on_same_subnet_inet6_cleanup() { - cleanup_tap + cleanup_ifaces } @@ -357,7 +344,7 @@ same_ip_multiple_ifaces_fib0_body() } same_ip_multiple_ifaces_fib0_cleanup() { - cleanup_tap + cleanup_ifaces } # Regression test for PR kern/189088 @@ -408,7 +395,7 @@ same_ip_multiple_ifaces_cleanup() { # Due to PR kern/189088, we must destroy the interfaces in LIFO order # in order for the routes to be correctly cleaned up. - for TAPD in `tail -r "tap_devices_to_cleanup"`; do + for TAPD in `tail -r "ifaces_to_cleanup"`; do echo ifconfig ${TAPD} destroy ifconfig ${TAPD} destroy done @@ -453,7 +440,7 @@ same_ip_multiple_ifaces_inet6_body() } same_ip_multiple_ifaces_inet6_cleanup() { - cleanup_tap + cleanup_ifaces } # Regression test for kern/187550 @@ -491,7 +478,7 @@ subnet_route_with_multiple_fibs_on_same_ subnet_route_with_multiple_fibs_on_same_subnet_cleanup() { - cleanup_tap + cleanup_ifaces } atf_test_case subnet_route_with_multiple_fibs_on_same_subnet_inet6 cleanup @@ -528,7 +515,7 @@
Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts
On 2/22/2017 3:10 PM, Allan Jude wrote: > On 2017-02-22 15:26, Bryan Drewery wrote: >> On 2/21/2017 11:07 PM, Joel Dahl wrote: >>> On Tue, Feb 21, 2017 at 02:40:02PM +, Alexey Dokuchaev wrote: On Tue, Feb 21, 2017 at 08:34:29AM -0600, Eric Badger wrote: > Thanks for working on making it easier to harden FreeBSD. While > defaulting some of these options to "on" seem pretty harmless (e.g. > random_pid), others are likely to cause confusion for new and > experienced users alike (e.g. proc_debug. I've never used that option > before, so I gave it a try. It simply causes gdb to hang when attempting > to start a process, with no obvious indication of why). I concur. In fact, harmless knobs should probably be turned on by default in FreeBSD itself (i.e., without any "hardening" help from the installer), while more intrusive ones should be opt-in, not opt-out. >>> >>> I agree. Can we back this out and discuss it on current@? >>> >> >> I concur. >> In the original review for adding this I predicted today would come, >> https://reviews.freebsd.org/D6826. I still think that it is very >> under-designed and under-thought out. >> >> I personally agree with hardening my system, but I have a number of >> issues with this approach: >> >> 1. It makes *1 installation* method do hardening, while every other >> installation method, and *upgrade* methods not do hardening. So someone >> upgrading from 11.0 to 12.0 won't get hardening, but someone installing >> from bsdinstall for 12.0 fresh will get it. There should not be a >> distinction between our installation/upgrade methods like this. > > I agree with this point, and it was brought up by nwhitehorn in the very > initial reviews. > > There may be some value in giving these knobs wider testing before > turning them on, but -current may be a better place to do that. > > Core is soon to announce a more formalized way to discuss and reach > consensus on these types of changes. robak@ can I ask that you back this > out for now, and we use that process to determine what the right set of > knobs to turn on by default is, and which should be up to the user. > >> >> 2. It ignores that FreeBSD is *generic Operating System* that serves >> many workflows. Developers want all of this off, System Administrators >> want all of it on, and Desktop users may want a compromise of half of it >> to allow various drivers to work (not pointing at any specific sysctl >> right now). >> >> I think what is really needed is a system profile that lets you pick the >> workflow you are going to use the system for, and then set some >> reasonable defaults from there. We will never all agree on the same >> defaults because we all are using the systems differently, but we can >> find some compromise if we make Use Cases, such as a System Profile >> would entail. > > I think that is a far better approach, but I am not sure what form it > would take. Maybe we can discuss as a working group at BSDCan or > EuroBSDCon to hammer out a better system that the wide array of sysctls > we have. > > Not just for these hardening ones, but even just for sizing things like > the maximum number of file descriptors, default socket buffer sizes, etc. > > 'Defaults for a web server' > 'Defaults for a development laptop' > 'Defaults for a poudriere build box' > etc. > Yup. If the base system goes this route then the ports tree might follow and give different defaults for each profile. It's hard technically but agreeing on such an approach and design is the first step before figuring out the technical hurdles to solve (speaking of multiple package sets problem). >> >> I too would like to see this backed out. >> > > -- Regards, Bryan Drewery signature.asc Description: OpenPGP digital signature
Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts
On 2017-02-22 15:26, Bryan Drewery wrote: > On 2/21/2017 11:07 PM, Joel Dahl wrote: >> On Tue, Feb 21, 2017 at 02:40:02PM +, Alexey Dokuchaev wrote: >>> On Tue, Feb 21, 2017 at 08:34:29AM -0600, Eric Badger wrote: Thanks for working on making it easier to harden FreeBSD. While defaulting some of these options to "on" seem pretty harmless (e.g. random_pid), others are likely to cause confusion for new and experienced users alike (e.g. proc_debug. I've never used that option before, so I gave it a try. It simply causes gdb to hang when attempting to start a process, with no obvious indication of why). >>> >>> I concur. In fact, harmless knobs should probably be turned on by default >>> in FreeBSD itself (i.e., without any "hardening" help from the installer), >>> while more intrusive ones should be opt-in, not opt-out. >> >> I agree. Can we back this out and discuss it on current@? >> > > I concur. > In the original review for adding this I predicted today would come, > https://reviews.freebsd.org/D6826. I still think that it is very > under-designed and under-thought out. > > I personally agree with hardening my system, but I have a number of > issues with this approach: > > 1. It makes *1 installation* method do hardening, while every other > installation method, and *upgrade* methods not do hardening. So someone > upgrading from 11.0 to 12.0 won't get hardening, but someone installing > from bsdinstall for 12.0 fresh will get it. There should not be a > distinction between our installation/upgrade methods like this. I agree with this point, and it was brought up by nwhitehorn in the very initial reviews. There may be some value in giving these knobs wider testing before turning them on, but -current may be a better place to do that. Core is soon to announce a more formalized way to discuss and reach consensus on these types of changes. robak@ can I ask that you back this out for now, and we use that process to determine what the right set of knobs to turn on by default is, and which should be up to the user. > > 2. It ignores that FreeBSD is *generic Operating System* that serves > many workflows. Developers want all of this off, System Administrators > want all of it on, and Desktop users may want a compromise of half of it > to allow various drivers to work (not pointing at any specific sysctl > right now). > > I think what is really needed is a system profile that lets you pick the > workflow you are going to use the system for, and then set some > reasonable defaults from there. We will never all agree on the same > defaults because we all are using the systems differently, but we can > find some compromise if we make Use Cases, such as a System Profile > would entail. I think that is a far better approach, but I am not sure what form it would take. Maybe we can discuss as a working group at BSDCan or EuroBSDCon to hammer out a better system that the wide array of sysctls we have. Not just for these hardening ones, but even just for sizing things like the maximum number of file descriptors, default socket buffer sizes, etc. 'Defaults for a web server' 'Defaults for a development laptop' 'Defaults for a poudriere build box' etc. > > I too would like to see this backed out. > -- Allan Jude signature.asc Description: OpenPGP digital signature
Re: svn commit: r313996 - in head/sys: kern sys
Mateusz, why do you __predict_false() the recursion scenario? I'm afraid that performance loss for mispredictions could outweight the gain due to predictions. AFAIK, mutex recursion is still a pretty common event in the kernel. On Mon, Feb 20, 2017 at 07:08:36PM +, Mateusz Guzik wrote: M> Author: mjg M> Date: Mon Feb 20 19:08:36 2017 M> New Revision: 313996 M> URL: https://svnweb.freebsd.org/changeset/base/313996 M> M> Log: M> mtx: fix spin mutexes interaction with failed fcmpset M> M> While doing so move recursion support down to the fallback routine. M> M> Modified: M> head/sys/kern/kern_mutex.c M> head/sys/sys/mutex.h M> M> Modified: head/sys/kern/kern_mutex.c M> == M> --- head/sys/kern/kern_mutex.c Mon Feb 20 17:33:25 2017 (r313995) M> +++ head/sys/kern/kern_mutex.c Mon Feb 20 19:08:36 2017 (r313996) M> @@ -696,6 +696,14 @@ _mtx_lock_spin_cookie(volatile uintptr_t M> lock_delay_arg_init(, _spin_delay); M> m = mtxlock2mtx(c); M> M> +if (__predict_false(v == MTX_UNOWNED)) M> +v = MTX_READ_VALUE(m); M> + M> +if (__predict_false(v == tid)) { M> +m->mtx_recurse++; M> +return; M> +} M> + M> if (LOCK_LOG_TEST(>lock_object, opts)) M> CTR1(KTR_LOCK, "_mtx_lock_spin: %p spinning", m); M> KTR_STATE1(KTR_SCHED, "thread", sched_tdname((struct thread *)tid), M> M> Modified: head/sys/sys/mutex.h M> == M> --- head/sys/sys/mutex.h Mon Feb 20 17:33:25 2017(r313995) M> +++ head/sys/sys/mutex.h Mon Feb 20 19:08:36 2017(r313996) M> @@ -223,12 +223,9 @@ voidthread_lock_flags_(struct thread *, M> uintptr_t _v = MTX_UNOWNED; \ M> \ M> spinlock_enter(); \ M> -if (!_mtx_obtain_lock_fetch((mp), &_v, _tid)) { \ M> -if (_v == _tid) \ M> -(mp)->mtx_recurse++;\ M> -else\ M> -_mtx_lock_spin((mp), _v, _tid, (opts), (file), (line));\ M> -} else \ M> +if (!_mtx_obtain_lock_fetch((mp), &_v, _tid)) \ M> +_mtx_lock_spin((mp), _v, _tid, (opts), (file), (line)); \ M> +else\ M> LOCKSTAT_PROFILE_OBTAIN_LOCK_SUCCESS(spin__acquire, \ M> mp, 0, 0, file, line); \ M> } while (0) M> ___ M> svn-src-all@freebsd.org mailing list M> https://lists.freebsd.org/mailman/listinfo/svn-src-all M> To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org" -- Totus tuus, Glebius. ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts
On Wed, Feb 22, 2017 at 2:46 PM, Ngie Cooperwrote: ... > (Piggybacking on this thread) Silly question -- can all of these knobs > please default to off and have a global knob, like securelevel..? Fine > grained security is great, but it's really cumbersome tweaking > everything properly if you don't need a set property. Otherwise we end > up with similar complexity to Windows Group Policies (which is good, > but also hell to wade through and thus requires MSDNAA training). Correction: I meant MCE/MCP, not MSDNAA. > Thanks, > -Ngie ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts
On Wed, Feb 22, 2017 at 12:26 PM, Bryan Drewerywrote: ... > I concur. > In the original review for adding this I predicted today would come, > https://reviews.freebsd.org/D6826. I still think that it is very > under-designed and under-thought out. > > I personally agree with hardening my system, but I have a number of > issues with this approach: > > 1. It makes *1 installation* method do hardening, while every other > installation method, and *upgrade* methods not do hardening. So someone > upgrading from 11.0 to 12.0 won't get hardening, but someone installing > from bsdinstall for 12.0 fresh will get it. There should not be a > distinction between our installation/upgrade methods like this. > > 2. It ignores that FreeBSD is *generic Operating System* that serves > many workflows. Developers want all of this off, System Administrators > want all of it on, and Desktop users may want a compromise of half of it > to allow various drivers to work (not pointing at any specific sysctl > right now). > > I think what is really needed is a system profile that lets you pick the > workflow you are going to use the system for, and then set some > reasonable defaults from there. We will never all agree on the same > defaults because we all are using the systems differently, but we can > find some compromise if we make Use Cases, such as a System Profile > would entail. > > I too would like to see this backed out. (Piggybacking on this thread) Silly question -- can all of these knobs please default to off and have a global knob, like securelevel..? Fine grained security is great, but it's really cumbersome tweaking everything properly if you don't need a set property. Otherwise we end up with similar complexity to Windows Group Policies (which is good, but also hell to wade through and thus requires MSDNAA training). Thanks, -Ngie ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314112 - in head/sys: boot/zfs cddl/boot/zfs
Author: tsoome Date: Wed Feb 22 22:00:50 2017 New Revision: 314112 URL: https://svnweb.freebsd.org/changeset/base/314112 Log: loader: update symlink support in zfs reader As the current zfs file system is providing symlink via system attributes, need to update the code accordingly. Note, as the zfsboot code does not free the memory at this time, the object list will put some stress on the boot2 heap, eventually we should address the issue. Reviewed by: allanjude, smh Approved by: allanjude (mentor) Differential Revision:https://reviews.freebsd.org/D9706 Modified: head/sys/boot/zfs/zfsimpl.c head/sys/cddl/boot/zfs/zfsimpl.h Modified: head/sys/boot/zfs/zfsimpl.c == --- head/sys/boot/zfs/zfsimpl.c Wed Feb 22 21:50:37 2017(r314111) +++ head/sys/boot/zfs/zfsimpl.c Wed Feb 22 22:00:50 2017(r314112) @@ -2264,6 +2264,61 @@ zfs_dnode_stat(const spa_t *spa, dnode_p return (0); } +static int +zfs_dnode_readlink(const spa_t *spa, dnode_phys_t *dn, char *path, size_t psize) +{ + int rc = 0; + + if (dn->dn_bonustype == DMU_OT_SA) { + sa_hdr_phys_t *sahdrp = NULL; + size_t size = 0; + void *buf = NULL; + int hdrsize; + char *p; + + if (dn->dn_bonuslen != 0) + sahdrp = (sa_hdr_phys_t *)DN_BONUS(dn); + else { + blkptr_t *bp; + + if ((dn->dn_flags & DNODE_FLAG_SPILL_BLKPTR) == 0) + return (EIO); + bp = >dn_spill; + + size = BP_GET_LSIZE(bp); + buf = zfs_alloc(size); + rc = zio_read(spa, bp, buf); + if (rc != 0) { + zfs_free(buf, size); + return (rc); + } + sahdrp = buf; + } + hdrsize = SA_HDR_SIZE(sahdrp); + p = (char *)((uintptr_t)sahdrp + hdrsize + SA_SYMLINK_OFFSET); + memcpy(path, p, psize); + if (buf != NULL) + zfs_free(buf, size); + return (0); + } + /* +* Second test is purely to silence bogus compiler +* warning about accessing past the end of dn_bonus. +*/ + if (psize + sizeof(znode_phys_t) <= dn->dn_bonuslen && + sizeof(znode_phys_t) <= sizeof(dn->dn_bonus)) { + memcpy(path, >dn_bonus[sizeof(znode_phys_t)], psize); + } else { + rc = dnode_read(spa, dn, 0, path, psize); + } + return (rc); +} + +struct obj_list { + uint64_tobjnum; + STAILQ_ENTRY(obj_list) entry; +}; + /* * Lookup a file and return its dnode. */ @@ -2271,7 +2326,7 @@ static int zfs_lookup(const struct zfsmount *mount, const char *upath, dnode_phys_t *dnode) { int rc; - uint64_t objnum, rootnum, parentnum; + uint64_t objnum; const spa_t *spa; dnode_phys_t dn; const char *p, *q; @@ -2279,6 +2334,8 @@ zfs_lookup(const struct zfsmount *mount, char path[1024]; int symlinks_followed = 0; struct stat sb; + struct obj_list *entry; + STAILQ_HEAD(, obj_list) on_cache = STAILQ_HEAD_INITIALIZER(on_cache); spa = mount->spa; if (mount->objset.os_type != DMU_OST_ZFS) { @@ -2287,87 +2344,119 @@ zfs_lookup(const struct zfsmount *mount, return (EIO); } + if ((entry = malloc(sizeof(struct obj_list))) == NULL) + return (ENOMEM); + /* * Get the root directory dnode. */ rc = objset_get_dnode(spa, >objset, MASTER_NODE_OBJ, ); - if (rc) + if (rc) { + free(entry); return (rc); + } - rc = zap_lookup(spa, , ZFS_ROOT_OBJ, sizeof (rootnum), 1, ); - if (rc) + rc = zap_lookup(spa, , ZFS_ROOT_OBJ, sizeof (objnum), 1, ); + if (rc) { + free(entry); return (rc); + } + entry->objnum = objnum; + STAILQ_INSERT_HEAD(_cache, entry, entry); - rc = objset_get_dnode(spa, >objset, rootnum, ); - if (rc) - return (rc); + rc = objset_get_dnode(spa, >objset, objnum, ); + if (rc != 0) + goto done; - objnum = rootnum; p = upath; while (p && *p) { + rc = objset_get_dnode(spa, >objset, objnum, ); + if (rc != 0) + goto done; + while (*p == '/') p++; - if (!*p) + if (*p == '\0') break; - q = strchr(p, '/'); - if (q) { - memcpy(element, p, q - p); -
svn commit: r314111 - head/contrib/blacklist/libexec
Author: lidl Date: Wed Feb 22 21:50:37 2017 New Revision: 314111 URL: https://svnweb.freebsd.org/changeset/base/314111 Log: Improve ipfw rule creation for blacklist-helper script When blocking an address, the blacklist-helper script needs to do the following things for the ipfw packet filter: - create a table to hold the addresses to be blocked, so lookups can be done quickly, and place the address to be blocked in that table - create rule that does the lookup in the table and blocks the packet The ipfw system allows multiple rules to be inserted for a given rule number. There only needs to be one rule to do the lookup per port. Modify the script to probe for the existence of the rule before attempting to create it, so only one rule is inserted, rather than one rule per blocked address. PR: 214980 Reported by: azhegalov (at) gmail.com Reviewed by: emaste MFC after:3 days Sponsored by: The FreeBSD Foundation Differential Revision:https://reviews.freebsd.org/D9681 Modified: head/contrib/blacklist/libexec/blacklistd-helper Modified: head/contrib/blacklist/libexec/blacklistd-helper == --- head/contrib/blacklist/libexec/blacklistd-helperWed Feb 22 20:47:25 2017(r314110) +++ head/contrib/blacklist/libexec/blacklistd-helperWed Feb 22 21:50:37 2017(r314111) @@ -63,8 +63,11 @@ add) tname="port$6" /sbin/ipfw table $tname create type addr 2>/dev/null /sbin/ipfw -q table $tname add "$addr/$mask" - /sbin/ipfw -q add $rule drop $3 from "table("$tname")" to \ - any dst-port $6 && echo OK + # if rule number $rule does not already exist, create it + /sbin/ipfw show $rule >/dev/null 2>&1 || \ + /sbin/ipfw add $rule drop $3 from \ + table"("$tname")" to any dst-port $6 >/dev/null && \ + echo OK ;; npf) /sbin/npfctl rule "$2" add block in final $proto from \ ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314110 - in head: etc share/man/man4 share/man/man4/man4.i386
Author: imp Date: Wed Feb 22 20:47:25 2017 New Revision: 314110 URL: https://svnweb.freebsd.org/changeset/base/314110 Log: Remove more stray EISA refernces: ahb was removed. Remove the cross reference and replace, where appropiate, with ahd.4. Modified: head/etc/devd.conf head/share/man/man4/adv.4 head/share/man/man4/ahc.4 head/share/man/man4/man4.i386/aic.4 head/share/man/man4/scsi.4 Modified: head/etc/devd.conf == --- head/etc/devd.conf Wed Feb 22 20:24:09 2017(r314109) +++ head/etc/devd.conf Wed Feb 22 20:47:25 2017(r314110) @@ -19,7 +19,7 @@ options { # Setup some shorthand for regex that we use later in the file. #XXX Yes, these are gross -- imp set scsi-controller-regex - "(aac|adv|adw|aha|ahb|ahc|ahd|aic|amr|bt|ciss|ct|dpt|\ + "(aac|adv|adw|aha|ahc|ahd|aic|amr|bt|ciss|ct|dpt|\ esp|ida|iir|ips|isp|mlx|mly|mpt|ncr|ncv|nsp|stg|sym|trm)\ [0-9]+"; set wifi-driver-regex Modified: head/share/man/man4/adv.4 == --- head/share/man/man4/adv.4 Wed Feb 22 20:24:09 2017(r314109) +++ head/share/man/man4/adv.4 Wed Feb 22 20:47:25 2017(r314110) @@ -201,7 +201,6 @@ AdvanSys ABP980UA/3980UA .Sh SEE ALSO .Xr adw 4 , .Xr aha 4 , -.Xr ahb 4 , .Xr ahc 4 , .Xr cd 4 , .Xr da 4 , Modified: head/share/man/man4/ahc.4 == --- head/share/man/man4/ahc.4 Wed Feb 22 20:24:09 2017(r314109) +++ head/share/man/man4/ahc.4 Wed Feb 22 20:47:25 2017(r314110) @@ -361,7 +361,7 @@ more SCB space available, the less host and restoring SCB data. .Sh SEE ALSO .Xr aha 4 , -.Xr ahb 4 , +.Xr ahd 4 , .Xr cd 4 , .Xr da 4 , .Xr sa 4 , Modified: head/share/man/man4/man4.i386/aic.4 == --- head/share/man/man4/man4.i386/aic.4 Wed Feb 22 20:24:09 2017 (r314109) +++ head/share/man/man4/man4.i386/aic.4 Wed Feb 22 20:47:25 2017 (r314110) @@ -65,7 +65,6 @@ Adaptec AHA-1460, AHA-1460B, AHA-1460C, .El .Sh SEE ALSO .Xr aha 4 , -.Xr ahb 4 , .Xr ahc 4 , .Xr cd 4 , .Xr ch 4 , Modified: head/share/man/man4/scsi.4 == --- head/share/man/man4/scsi.4 Wed Feb 22 20:24:09 2017(r314109) +++ head/share/man/man4/scsi.4 Wed Feb 22 20:47:25 2017(r314110) @@ -315,8 +315,8 @@ for details. .Sh SEE ALSO .Xr ada 4 , .Xr aha 4 , -.Xr ahb 4 , .Xr ahc 4 , +.Xr ahd 4 , .Xr ahci 4 , .Xr ata 4 , .Xr bt 4 , ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r314109 - head/sys/compat/linuxkpi/common/include/linux
Thanks! On Wed, Feb 22, 2017 at 12:24 PM, Hans Petter Selaskywrote: > Author: hselasky > Date: Wed Feb 22 20:24:09 2017 > New Revision: 314109 > URL: https://svnweb.freebsd.org/changeset/base/314109 > > Log: > Convert magic values into macros in the LinuxKPI scatterlist > implementation. > > Suggested by: cem @ > MFC after:1 week > Sponsored by: Mellanox Technologies > > Modified: > head/sys/compat/linuxkpi/common/include/linux/scatterlist.h > > Modified: head/sys/compat/linuxkpi/common/include/linux/scatterlist.h > == > --- head/sys/compat/linuxkpi/common/include/linux/scatterlist.h Wed Feb 22 > 20:11:21 2017(r314108) > +++ head/sys/compat/linuxkpi/common/include/linux/scatterlist.h Wed Feb 22 > 20:24:09 2017(r314109) > @@ -38,12 +38,15 @@ > > struct scatterlist { > unsigned long page_link; > +#defineSG_PAGE_LINK_CHAIN 0x1UL > +#defineSG_PAGE_LINK_LAST 0x2UL > +#defineSG_PAGE_LINK_MASK 0x3UL > unsigned int offset; > unsigned int length; > dma_addr_t address; > }; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts
On 2/21/2017 11:07 PM, Joel Dahl wrote: > On Tue, Feb 21, 2017 at 02:40:02PM +, Alexey Dokuchaev wrote: >> On Tue, Feb 21, 2017 at 08:34:29AM -0600, Eric Badger wrote: >>> Thanks for working on making it easier to harden FreeBSD. While >>> defaulting some of these options to "on" seem pretty harmless (e.g. >>> random_pid), others are likely to cause confusion for new and >>> experienced users alike (e.g. proc_debug. I've never used that option >>> before, so I gave it a try. It simply causes gdb to hang when attempting >>> to start a process, with no obvious indication of why). >> >> I concur. In fact, harmless knobs should probably be turned on by default >> in FreeBSD itself (i.e., without any "hardening" help from the installer), >> while more intrusive ones should be opt-in, not opt-out. > > I agree. Can we back this out and discuss it on current@? > I concur. In the original review for adding this I predicted today would come, https://reviews.freebsd.org/D6826. I still think that it is very under-designed and under-thought out. I personally agree with hardening my system, but I have a number of issues with this approach: 1. It makes *1 installation* method do hardening, while every other installation method, and *upgrade* methods not do hardening. So someone upgrading from 11.0 to 12.0 won't get hardening, but someone installing from bsdinstall for 12.0 fresh will get it. There should not be a distinction between our installation/upgrade methods like this. 2. It ignores that FreeBSD is *generic Operating System* that serves many workflows. Developers want all of this off, System Administrators want all of it on, and Desktop users may want a compromise of half of it to allow various drivers to work (not pointing at any specific sysctl right now). I think what is really needed is a system profile that lets you pick the workflow you are going to use the system for, and then set some reasonable defaults from there. We will never all agree on the same defaults because we all are using the systems differently, but we can find some compromise if we make Use Cases, such as a System Profile would entail. I too would like to see this backed out. -- Regards, Bryan Drewery signature.asc Description: OpenPGP digital signature
Re: svn commit: r314105 - head/sys/compat/linuxkpi/common/include/linux
Hi, On 02/22/17 20:42, Conrad Meyer wrote: On Wed, Feb 22, 2017 at 11:31 AM, Hans Petter Selasky Hi Hans, Thanks for all of the linuxkpi work you've done lately. i915 support is very important to me! You're welcome! It would be nice to have some named constants for these masks. The bare numbers are used throughout this change. See r314109. --HPS ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314109 - head/sys/compat/linuxkpi/common/include/linux
Author: hselasky Date: Wed Feb 22 20:24:09 2017 New Revision: 314109 URL: https://svnweb.freebsd.org/changeset/base/314109 Log: Convert magic values into macros in the LinuxKPI scatterlist implementation. Suggested by: cem @ MFC after:1 week Sponsored by: Mellanox Technologies Modified: head/sys/compat/linuxkpi/common/include/linux/scatterlist.h Modified: head/sys/compat/linuxkpi/common/include/linux/scatterlist.h == --- head/sys/compat/linuxkpi/common/include/linux/scatterlist.h Wed Feb 22 20:11:21 2017(r314108) +++ head/sys/compat/linuxkpi/common/include/linux/scatterlist.h Wed Feb 22 20:24:09 2017(r314109) @@ -38,12 +38,15 @@ struct scatterlist { unsigned long page_link; +#defineSG_PAGE_LINK_CHAIN 0x1UL +#defineSG_PAGE_LINK_LAST 0x2UL +#defineSG_PAGE_LINK_MASK 0x3UL unsigned int offset; unsigned int length; dma_addr_t address; }; -CTASSERT((sizeof(struct scatterlist) & 0x3) == 0); +CTASSERT((sizeof(struct scatterlist) & SG_PAGE_LINK_MASK) == 0); struct sg_table { struct scatterlist *sgl; @@ -65,10 +68,10 @@ struct sg_page_iter { #defineSG_MAGIC0x87654321UL -#definesg_is_chain(sg) ((sg)->page_link & 0x01) -#definesg_is_last(sg) ((sg)->page_link & 0x02) +#definesg_is_chain(sg) ((sg)->page_link & SG_PAGE_LINK_CHAIN) +#definesg_is_last(sg) ((sg)->page_link & SG_PAGE_LINK_LAST) #definesg_chain_ptr(sg)\ - ((struct scatterlist *) ((sg)->page_link & ~0x03)) + ((struct scatterlist *) ((sg)->page_link & ~SG_PAGE_LINK_MASK)) #definesg_dma_address(sg) (sg)->address #definesg_dma_len(sg) (sg)->length @@ -86,7 +89,7 @@ typedef void (sg_free_fn) (struct scatte static inline void sg_assign_page(struct scatterlist *sg, struct page *page) { - unsigned long page_link = sg->page_link & 0x3; + unsigned long page_link = sg->page_link & SG_PAGE_LINK_MASK; sg->page_link = page_link | (unsigned long)page; } @@ -103,7 +106,7 @@ sg_set_page(struct scatterlist *sg, stru static inline struct page * sg_page(struct scatterlist *sg) { - return ((struct page *)((sg)->page_link & ~0x3)); + return ((struct page *)((sg)->page_link & ~SG_PAGE_LINK_MASK)); } static inline void @@ -138,14 +141,15 @@ sg_chain(struct scatterlist *prv, unsign sg->offset = 0; sg->length = 0; - sg->page_link = ((unsigned long)sgl | 0x01) & ~0x02; + sg->page_link = ((unsigned long)sgl | + SG_PAGE_LINK_CHAIN) & ~SG_PAGE_LINK_LAST; } static inline void sg_mark_end(struct scatterlist *sg) { - sg->page_link |= 0x02; - sg->page_link &= ~0x01; + sg->page_link |= SG_PAGE_LINK_LAST; + sg->page_link &= ~SG_PAGE_LINK_CHAIN; } static inline void ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts
On Wed, Feb 22, 2017 at 10:13:41AM -0800, Conrad Meyer wrote: > On Wed, Feb 22, 2017 at 10:05 AM, Slawa Olhovchenkovwrote: > > On Wed, Feb 22, 2017 at 08:11:14AM -0800, Conrad Meyer wrote: > > > >> On Wed, Feb 22, 2017 at 3:23 AM, Joel Dahl wrote: > >> > On Wed, Feb 22, 2017 at 07:56:52AM +, Bartłomiej Rutkowski wrote: > >> >> I strongly believe we should, by default, ship as secured and hardened > >> >> as > >> >> possible in order to improve overall security of new users > >> >> installations. > >> >> Power users will and do change the OS as they please, they most likely > >> >> don't use bsdinstall in first place, so they're not affected in any way. > >> > > >> > Sorry, I strongly disagree with that. I'm most likely a "power user" and > >> > I use > >> > bsdinstall. > >> > >> Ditto. I'm also unfamiliar enough with the installer to trip on this > >> kind of thing. Slawa's proposed "disable all" option would be fine. > > > > My english not enought fluent for more explicate proposal, from my > > point most of this options do hardened in only limited cases, for > > other cases same options do system more un-hardened by force working > > as root. Some have unevident effects (/tmp cleaning, for example). > > Yep. I am not concerned about disabling sendmail or remote syslog by > default, though. Also, what mean by 'disabling remote syslog'? As I know syslogd by default don't collect remote messages and need -a options. May be this is about -s options? How many -s? Not clean. ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314108 - stable/11
Author: dchagin Date: Wed Feb 22 20:11:21 2017 New Revision: 314108 URL: https://svnweb.freebsd.org/changeset/base/314108 Log: Record mergeinfo for r313284, r313285, r313684, r313912 missied in r314107. Modified: Directory Properties: stable/11/ (props changed) ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314107 - in stable/11/sys: amd64/linux amd64/linux32 compat/linux i386/linux
Author: dchagin Date: Wed Feb 22 19:57:59 2017 New Revision: 314107 URL: https://svnweb.freebsd.org/changeset/base/314107 Log: MFC r313284: Update syscall.master to 4.10-rc6. Also fix comments, a typo, and wrong numbering for a few unimplemented syscalls. For 32-bit Linuxulator, socketcall() syscall was historically the entry point for the sockets API. Starting in Linux 4.3, direct syscalls are provided for the sockets API. Enable it. The initial version of patch was provided by trasz@ and extended by me. MFC r313285: Regen after r313284. MFC r313684: Fix r313284. Members of the syscall argument structures are padded to a word size. So, for COMPAT_LINUX32 we should convert user supplied system call arguments which is 32-bit in that case to the array of register_t. MFC r313912: Finish r313684. Convert linux_recv(), linux_send() and linux_accept() system call arguments to the register_t type too. Modified: stable/11/sys/amd64/linux/linux_dummy.c stable/11/sys/amd64/linux/linux_proto.h stable/11/sys/amd64/linux/linux_syscall.h stable/11/sys/amd64/linux/linux_syscalls.c stable/11/sys/amd64/linux/linux_sysent.c stable/11/sys/amd64/linux/linux_systrace_args.c stable/11/sys/amd64/linux/syscalls.master stable/11/sys/amd64/linux32/linux32_dummy.c stable/11/sys/amd64/linux32/linux32_proto.h stable/11/sys/amd64/linux32/linux32_syscall.h stable/11/sys/amd64/linux32/linux32_syscalls.c stable/11/sys/amd64/linux32/linux32_sysent.c stable/11/sys/amd64/linux32/linux32_systrace_args.c stable/11/sys/amd64/linux32/syscalls.master stable/11/sys/compat/linux/linux_socket.c stable/11/sys/compat/linux/linux_socket.h stable/11/sys/i386/linux/linux_dummy.c stable/11/sys/i386/linux/linux_proto.h stable/11/sys/i386/linux/linux_syscall.h stable/11/sys/i386/linux/linux_syscalls.c stable/11/sys/i386/linux/linux_sysent.c stable/11/sys/i386/linux/linux_systrace_args.c stable/11/sys/i386/linux/syscalls.master Modified: stable/11/sys/amd64/linux/linux_dummy.c == --- stable/11/sys/amd64/linux/linux_dummy.c Wed Feb 22 19:39:54 2017 (r314106) +++ stable/11/sys/amd64/linux/linux_dummy.c Wed Feb 22 19:57:59 2017 (r314107) @@ -82,41 +82,86 @@ DUMMY(mq_timedreceive); DUMMY(mq_notify); DUMMY(mq_getsetattr); DUMMY(kexec_load); +/* linux 2.6.11: */ DUMMY(add_key); DUMMY(request_key); DUMMY(keyctl); +/* linux 2.6.13: */ DUMMY(ioprio_set); DUMMY(ioprio_get); DUMMY(inotify_init); DUMMY(inotify_add_watch); DUMMY(inotify_rm_watch); +/* linux 2.6.16: */ DUMMY(migrate_pages); DUMMY(unshare); +/* linux 2.6.17: */ DUMMY(splice); DUMMY(tee); DUMMY(sync_file_range); DUMMY(vmsplice); +/* linux 2.6.18: */ DUMMY(move_pages); +/* linux 2.6.22: */ DUMMY(signalfd); -DUMMY(timerfd); +DUMMY(timerfd_create); +/* linux 2.6.25: */ DUMMY(timerfd_settime); DUMMY(timerfd_gettime); +/* linux 2.6.27: */ DUMMY(signalfd4); DUMMY(inotify_init1); +/* linux 2.6.30: */ DUMMY(preadv); DUMMY(pwritev); -DUMMY(rt_tsigqueueinfo); +/* linux 2.6.31: */ +DUMMY(rt_tgsigqueueinfo); DUMMY(perf_event_open); +/* linux 2.6.38: */ DUMMY(fanotify_init); DUMMY(fanotify_mark); +/* linux 2.6.39: */ DUMMY(name_to_handle_at); DUMMY(open_by_handle_at); DUMMY(clock_adjtime); +/* linux 3.0: */ DUMMY(setns); +DUMMY(getcpu); +/* linux 3.2: */ DUMMY(process_vm_readv); DUMMY(process_vm_writev); +/* linux 3.5: */ DUMMY(kcmp); +/* linux 3.8: */ DUMMY(finit_module); +DUMMY(sched_setattr); +DUMMY(sched_getattr); +/* linux 3.14: */ +DUMMY(renameat2); +/* linux 3.15: */ +DUMMY(seccomp); +DUMMY(getrandom); +DUMMY(memfd_create); +DUMMY(kexec_file_load); +/* linux 3.18: */ +DUMMY(bpf); +/* linux 3.19: */ +DUMMY(execveat); +/* linux 4.2: */ +DUMMY(userfaultfd); +/* linux 4.3: */ +DUMMY(membarrier); +/* linux 4.4: */ +DUMMY(mlock2); +/* linux 4.5: */ +DUMMY(copy_file_range); +/* linux 4.6: */ +DUMMY(preadv2); +DUMMY(pwritev2); +/* linux 4.8: */ +DUMMY(pkey_mprotect); +DUMMY(pkey_alloc); +DUMMY(pkey_free); #define DUMMY_XATTR(s) \ int\ Modified: stable/11/sys/amd64/linux/linux_proto.h == --- stable/11/sys/amd64/linux/linux_proto.h Wed Feb 22 19:39:54 2017 (r314106) +++ stable/11/sys/amd64/linux/linux_proto.h Wed Feb 22 19:57:59 2017 (r314107) @@ -3,7 +3,7 @@ * * DO NOT EDIT-- this file is automatically generated. * $FreeBSD$ - * created from FreeBSD: head/sys/amd64/linux/syscalls.master 302515 2016-07-10 08:15:50Z dchagin + * created from FreeBSD: head/sys/amd64/linux/syscalls.master 313284 2017-02-05 14:17:09Z dchagin */ #ifndef _LINUX_SYSPROTO_H_ @@ -1000,7 +1000,7 @@ struct linux_epoll_pwait_args { struct linux_signalfd_args
Re: svn commit: r314105 - head/sys/compat/linuxkpi/common/include/linux
On Wed, Feb 22, 2017 at 11:31 AM, Hans Petter Selaskywrote: > Author: hselasky > Date: Wed Feb 22 19:31:02 2017 > New Revision: 314105 > URL: https://svnweb.freebsd.org/changeset/base/314105 > > Log: > Improve LinuxKPI scatter list support. > > The i915kms driver in Linux 4.9 reimplement parts of the scatter list > functions with regards to performance. In other words there is not so > much room for changing structure layouts and functionality if the > i915kms should be built AS-IS. This patch aligns the scatter list > support to what is expected by the i915kms driver. Remove some > comments not needed while at it. > > ... > > +CTASSERT((sizeof(struct scatterlist) & 0x3) == 0); > + > struct sg_table { > struct scatterlist *sgl; > unsigned int nents; > @@ -56,58 +55,79 @@ struct sg_page_iter { > struct scatterlist *sg; > unsigned int sg_pgoffset; > unsigned int maxents; > + struct { > + unsigned int nents; > + int pg_advance; > + } internal; > }; > > #defineSG_MAX_SINGLE_ALLOC (PAGE_SIZE / sizeof(struct > scatterlist)) > > +#defineSG_MAGIC0x87654321UL > + > +#definesg_is_chain(sg) ((sg)->page_link & 0x01) > +#definesg_is_last(sg) ((sg)->page_link & 0x02) > +#definesg_chain_ptr(sg)\ > + ((struct scatterlist *) ((sg)->page_link & ~0x03)) Hi Hans, Thanks for all of the linuxkpi work you've done lately. i915 support is very important to me! It would be nice to have some named constants for these masks. The bare numbers are used throughout this change. Thanks, Conrad ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314106 - in head/sys: compat/linuxkpi/common/include/linux compat/linuxkpi/common/src conf modules/linuxkpi
Author: hselasky Date: Wed Feb 22 19:39:54 2017 New Revision: 314106 URL: https://svnweb.freebsd.org/changeset/base/314106 Log: Optimise unmapped LinuxKPI page allocations. When allocating unmapped pages, take advantage of the direct map on AMD64 to get the virtual address corresponding to a page. Else all pages allocated must be mapped because sometimes the virtual address of a page is requested. Move all page allocation and deallocation code into an own C-file. Add support for GFP_DMA32, GFP_KERNEL, GFP_ATOMIC and __GFP_ZERO allocation flags. Make a clear separation between mapped and unmapped allocations. Obtained from:kmacy @ MFC after:1 week Sponsored by: Mellanox Technologies Added: head/sys/compat/linuxkpi/common/src/linux_page.c (contents, props changed) Modified: head/sys/compat/linuxkpi/common/include/linux/gfp.h head/sys/conf/files head/sys/modules/linuxkpi/Makefile Modified: head/sys/compat/linuxkpi/common/include/linux/gfp.h == --- head/sys/compat/linuxkpi/common/include/linux/gfp.h Wed Feb 22 19:31:02 2017(r314105) +++ head/sys/compat/linuxkpi/common/include/linux/gfp.h Wed Feb 22 19:39:54 2017(r314106) @@ -2,7 +2,7 @@ * Copyright (c) 2010 Isilon Systems, Inc. * Copyright (c) 2010 iX Systems, Inc. * Copyright (c) 2010 Panasas, Inc. - * Copyright (c) 2013 Mellanox Technologies, Ltd. + * Copyright (c) 2013-2017 Mellanox Technologies, Ltd. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -67,94 +67,106 @@ #defineGFP_TEMPORARY M_NOWAIT #defineGFP_NATIVE_MASK (M_NOWAIT | M_WAITOK | M_USE_RESERVE | M_ZERO) -static inline void * -page_address(struct page *page) +/* + * Resolve a page into a virtual address: + * + * NOTE: This function only works for pages allocated by the kernel. + */ +extern void *linux_page_address(struct page *); + +#definepage_address(page) linux_page_address(page) + +/* + * Page management for unmapped pages: + */ +extern vm_page_t linux_alloc_pages(gfp_t flags, unsigned int order); +extern void linux_free_pages(vm_page_t page, unsigned int order); + +static inline struct page * +alloc_page(gfp_t flags) { - if (page->object != kmem_object && page->object != kernel_object) - return (NULL); - return ((void *)(uintptr_t)(VM_MIN_KERNEL_ADDRESS + - IDX_TO_OFF(page->pindex))); + return (linux_alloc_pages(flags, 0)); } -static inline unsigned long -linux_get_page(gfp_t mask) +static inline struct page * +alloc_pages(gfp_t flags, unsigned int order) { - return kmem_malloc(kmem_arena, PAGE_SIZE, mask); + return (linux_alloc_pages(flags, order)); } -#defineget_zeroed_page(mask) linux_get_page((mask) | M_ZERO) -#definealloc_page(mask)virt_to_page(linux_get_page((mask))) -#define__get_free_page(mask) linux_get_page((mask)) +static inline struct page * +alloc_pages_node(int node_id, gfp_t flags, unsigned int order) +{ + + return (linux_alloc_pages(flags, order)); +} static inline void -free_page(unsigned long page) +__free_pages(struct page *page, unsigned int order) { - if (page == 0) - return; - kmem_free(kmem_arena, page, PAGE_SIZE); + linux_free_pages(page, order); } static inline void -__free_page(struct page *m) +__free_page(struct page *page) { - if (m->object != kmem_object) - panic("__free_page: Freed page %p not allocated via wrappers.", - m); - kmem_free(kmem_arena, (vm_offset_t)page_address(m), PAGE_SIZE); + linux_free_pages(page, 0); } -static inline void -__free_pages(struct page *m, unsigned int order) +/* + * Page management for mapped pages: + */ +extern vm_offset_t linux_alloc_kmem(gfp_t flags, unsigned int order); +extern void linux_free_kmem(vm_offset_t, unsigned int order); + +static inline vm_offset_t +get_zeroed_page(gfp_t flags) { - size_t size; - if (m == NULL) - return; - size = PAGE_SIZE << order; - kmem_free(kmem_arena, (vm_offset_t)page_address(m), size); + return (linux_alloc_kmem(flags | __GFP_ZERO, 0)); } -static inline void free_pages(uintptr_t addr, unsigned int order) +static inline vm_offset_t +__get_free_page(gfp_t flags) { - if (addr == 0) - return; - __free_pages(virt_to_page((void *)addr), order); + + return (linux_alloc_kmem(flags, 0)); } -/* - * Alloc pages allocates directly from the buddy allocator on linux so - * order specifies a power of two bucket of pages and the results - * are expected to be aligned on the size as well. - */ -static inline struct page * -alloc_pages(gfp_t gfp_mask, unsigned int order) +static inline vm_offset_t +__get_free_pages(gfp_t flags, unsigned int order) { -
Re: svn commit: r314087 - head/sys/x86/x86
On Wed, 22 Feb 2017, Konstantin Belousov wrote: Log: More fixes for regression in r313898 on i386. Use long long constants where needed. The long long abomination is never needed, and is always a style bug. I removed almost all long long constants ~20 years ago, but there are now thousands more than when I started. Modified: head/sys/x86/x86/x86_mem.c == --- head/sys/x86/x86/x86_mem.c Wed Feb 22 06:43:49 2017(r314086) +++ head/sys/x86/x86/x86_mem.c Wed Feb 22 07:07:05 2017(r314087) @@ -260,7 +260,7 @@ x86_mrfetch(struct mem_range_softc *sc) /* Compute the range from the mask. Ick. */ mrd->mr_len = (~(msrv & mtrr_physmask) & - (mtrr_physmask | 0xfffL)) + 1; + (mtrr_physmask | 0xfffLL)) + 1; Not needed here. The old i386 version did spell it like this. if (!mrvalid(mrd->mr_base, mrd->mr_len)) mrd->mr_flags |= MDF_BOGUS; @@ -638,7 +638,7 @@ x86_mrinit(struct mem_range_softc *sc) * Determine the size of the PhysMask and PhysBase fields in * the variable range MTRRs. */ - mtrr_physmask = (((uint64_t)1 << cpu_maxphyaddr) - 1) & ~0xfffUL; + mtrr_physmask = (((uint64_t)1 << cpu_maxphyaddr) - 1) & ~0xfffULL; A 64-bit constant is needed here, but spelling it with ULL is a larger style bug than usual, since the other 64-bit constant on the same line is spelled without ULL. The old i386 version spelled both of the constants on this line with ULL, and the old amd64 version spelled them both with UL, but someone named kib fixed the style bug for the first and added the type error for the second when merging them. /* If fixed MTRRs supported and enabled. */ if ((mtrrcap & MTRR_CAP_FIXED) && (mtrrdef & MTRR_DEF_FIXED_ENABLE)) { I don't like using explicit long constants either. Here the number of bits in the register is fixed by the hardware at 64. The number of bits in a long on amd64 and a long on i386 is only fixed by ABI because the ABI is broken for historical reasons. Only very MD code can safely assume the size of long and long long. This code was MD enough before it was merged, but now it shouldn't use long since that varies between amd64 and i386, and it shouldn't use long long since that is a style bug. x86/x86 only has 17 lines using u_long, and all are wrong: - most are for counters. Some counters should be 64 bits, but changing them on i386 would cause portability problems. - ones for lapic timer divisors and frequency should be just int or possibly u_register_t - ones for 16-bit segment registers should be just int or possibly uint16_t - ones for cr0 and cr4 should be u_register_t. x86/x86 has 40 lines using long. Many of the other 23 are wronger: - some in comments are not about the long type and are not wrong - many are in comments which say that the resource type is long, but the resource type is now rman_res_t = uintmax_t. It never was signed and is now larger than u_long on i386. Some nearby types are wrong to match. E.g., in nexus_add_irq(), the irq number should be int but is u_long. This u_long matched the old rman type exactly, but now gets converted by a prototype. There is a non-style bug here: smap handling above 4GB is turned off for i386 and PAE, with a comment saying that this is because resources use long's (sic). There are 2 copies of the code for this, with the type suffix spelled as ul instead of UL. ~0ul is a magic i386 way of spelling 4GB-1. It only works because it is under i386 ifdefs. This is in nexus.c. nexus.c otherwise doesn't use 0ul or 0UL. - some for lapics are for small integers and should be just int - many in mca.c are the long long abomination used for printf()s and should be [u]intmax_t - 1 in pvclock.c is u_long spelled verbosely as unsigned long - many in stack_machdep.c are in bogus casts of pointers. These should use uintptr_t. Casting pointers to access them using atomic ops is bogus using (uintptr_t *) too. uintptr_t is only valid for casting pointers directly. Of course it works indirectly since everything has the same width as register_t. Bruce ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314105 - head/sys/compat/linuxkpi/common/include/linux
Author: hselasky Date: Wed Feb 22 19:31:02 2017 New Revision: 314105 URL: https://svnweb.freebsd.org/changeset/base/314105 Log: Improve LinuxKPI scatter list support. The i915kms driver in Linux 4.9 reimplement parts of the scatter list functions with regards to performance. In other words there is not so much room for changing structure layouts and functionality if the i915kms should be built AS-IS. This patch aligns the scatter list support to what is expected by the i915kms driver. Remove some comments not needed while at it. Obtained from:kmacy @ MFC after:1 week Sponsored by: Mellanox Technologies Modified: head/sys/compat/linuxkpi/common/include/linux/scatterlist.h Modified: head/sys/compat/linuxkpi/common/include/linux/scatterlist.h == --- head/sys/compat/linuxkpi/common/include/linux/scatterlist.h Wed Feb 22 18:44:57 2017(r314104) +++ head/sys/compat/linuxkpi/common/include/linux/scatterlist.h Wed Feb 22 19:31:02 2017(r314105) @@ -2,7 +2,7 @@ * Copyright (c) 2010 Isilon Systems, Inc. * Copyright (c) 2010 iX Systems, Inc. * Copyright (c) 2010 Panasas, Inc. - * Copyright (c) 2013-2015 Mellanox Technologies, Ltd. + * Copyright (c) 2013-2017 Mellanox Technologies, Ltd. * Copyright (c) 2015 Matthew Dillon* All rights reserved. * @@ -34,18 +34,17 @@ #include #include +#include struct scatterlist { - union { - struct page *page; - struct scatterlist *sg; - } sl_un; + unsigned long page_link; + unsigned int offset; + unsigned int length; dma_addr_t address; - unsigned long offset; - uint32_t length; - uint32_t flags; }; +CTASSERT((sizeof(struct scatterlist) & 0x3) == 0); + struct sg_table { struct scatterlist *sgl; unsigned int nents; @@ -56,58 +55,79 @@ struct sg_page_iter { struct scatterlist *sg; unsigned int sg_pgoffset; unsigned int maxents; + struct { + unsigned int nents; + int pg_advance; + } internal; }; #defineSG_MAX_SINGLE_ALLOC (PAGE_SIZE / sizeof(struct scatterlist)) +#defineSG_MAGIC0x87654321UL + +#definesg_is_chain(sg) ((sg)->page_link & 0x01) +#definesg_is_last(sg) ((sg)->page_link & 0x02) +#definesg_chain_ptr(sg)\ + ((struct scatterlist *) ((sg)->page_link & ~0x03)) + #definesg_dma_address(sg) (sg)->address #definesg_dma_len(sg) (sg)->length -#definesg_page(sg) (sg)->sl_un.page -#definesg_scatternext(sg) (sg)->sl_un.sg -#defineSG_END 0x01 -#defineSG_CHAIN0x02 +#definefor_each_sg_page(sgl, iter, nents, pgoffset) \ + for (_sg_iter_init(sgl, iter, nents, pgoffset); \ +(iter)->sg; _sg_iter_next(iter)) + +#definefor_each_sg(sglist, sg, sgmax, iter) \ + for (iter = 0, sg = (sglist); iter < (sgmax); iter++, sg = sg_next(sg)) + +typedef struct scatterlist *(sg_alloc_fn) (unsigned int, gfp_t); +typedef void (sg_free_fn) (struct scatterlist *, unsigned int); + +static inline void +sg_assign_page(struct scatterlist *sg, struct page *page) +{ + unsigned long page_link = sg->page_link & 0x3; + + sg->page_link = page_link | (unsigned long)page; +} static inline void sg_set_page(struct scatterlist *sg, struct page *page, unsigned int len, unsigned int offset) { - sg_page(sg) = page; - sg_dma_len(sg) = len; + sg_assign_page(sg, page); sg->offset = offset; - if (offset > PAGE_SIZE) - panic("sg_set_page: Invalid offset %d\n", offset); + sg->length = len; } -static inline void -sg_set_buf(struct scatterlist *sg, const void *buf, unsigned int buflen) +static inline struct page * +sg_page(struct scatterlist *sg) { - sg_set_page(sg, virt_to_page(buf), buflen, - ((uintptr_t)buf) & (PAGE_SIZE - 1)); + return ((struct page *)((sg)->page_link & ~0x3)); } static inline void -sg_init_table(struct scatterlist *sg, unsigned int nents) +sg_set_buf(struct scatterlist *sg, const void *buf, unsigned int buflen) { - bzero(sg, sizeof(*sg) * nents); - sg[nents - 1].flags = SG_END; + sg_set_page(sg, virt_to_page(buf), buflen, + ((uintptr_t)buf) & (PAGE_SIZE - 1)); } static inline struct scatterlist * sg_next(struct scatterlist *sg) { - if (sg->flags & SG_END) + if (sg_is_last(sg)) return (NULL); sg++; - if (sg->flags & SG_CHAIN) - sg = sg_scatternext(sg); + if (sg_is_chain(sg)) + sg = sg_chain_ptr(sg); return (sg); } static inline
Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts
On Wed, Feb 22, 2017 at 02:23:26PM -0500, Allan Jude wrote: > On 2017-02-22 13:13, Conrad Meyer wrote: > > On Wed, Feb 22, 2017 at 10:05 AM, Slawa Olhovchenkov> > wrote: > >> On Wed, Feb 22, 2017 at 08:11:14AM -0800, Conrad Meyer wrote: > >> > >>> On Wed, Feb 22, 2017 at 3:23 AM, Joel Dahl wrote: > On Wed, Feb 22, 2017 at 07:56:52AM +, Bart??omiej Rutkowski wrote: > > I strongly believe we should, by default, ship as secured and hardened > > as > > possible in order to improve overall security of new users > > installations. > > Power users will and do change the OS as they please, they most likely > > don't use bsdinstall in first place, so they're not affected in any way. > > Sorry, I strongly disagree with that. I'm most likely a "power user" and > I use > bsdinstall. > >>> > >>> Ditto. I'm also unfamiliar enough with the installer to trip on this > >>> kind of thing. Slawa's proposed "disable all" option would be fine. > >> > >> My english not enought fluent for more explicate proposal, from my > >> point most of this options do hardened in only limited cases, for > >> other cases same options do system more un-hardened by force working > >> as root. Some have unevident effects (/tmp cleaning, for example). > > > > Yep. I am not concerned about disabling sendmail or remote syslog by > > default, though. > > > >> For many users this options will be source of weird issuses (gdb don't > >> work? fucking ugly freebsd! migrate to linux). > > > > Yeah, I am concerned about this too. (Also: "ps doesn't work" would > > be a big newbie sysadmin headache.) > > > >> This is evil trend of enforcing weird solutions under the auspices of > >> 'my safety': airport security check, backgound check on every point, > >> lawfull intercept, block access to hardware management in safety > >> enviroment by 'leak ecnription'. I am enoght smart for self-sufficient > >> security risk assessment! > >> > >> Industry already have at some "hardened" BSD: OpenBSD and HardenedBSD. > >> Waht about market share? > > > > Best, > > Conrad > > > > Yeah, a think a number of these options are good, but a bunch are no go. > I do not want something deleting my files from /tmp unexpectedly. TrueOS > has that on by default, and it has eaten useful files a few too many times. > > Breaking gdb should NOT be on by default either. > > For some of the others, having them on by default in bsdinstall might be > a good way to 'test' the features under a wider user load, before we > switch the defaults for the sysctls. FYI: HardenedBSD has had the sysctl nodes set for a while now (> 1 year). The only "gotcha" moment we've had is with ASAN requiring the ability to determine memory maps, which is broken by setting security.bsd.unprivileged_proc_debug to 0. HardenedBSD has also set security.bsd.hardlink_check_gid and security.bsd.hardlink_check_uid both to 1. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature
Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts
On 2017-02-22 13:13, Conrad Meyer wrote: > On Wed, Feb 22, 2017 at 10:05 AM, Slawa Olhovchenkovwrote: >> On Wed, Feb 22, 2017 at 08:11:14AM -0800, Conrad Meyer wrote: >> >>> On Wed, Feb 22, 2017 at 3:23 AM, Joel Dahl wrote: On Wed, Feb 22, 2017 at 07:56:52AM +, Bartłomiej Rutkowski wrote: > I strongly believe we should, by default, ship as secured and hardened as > possible in order to improve overall security of new users installations. > Power users will and do change the OS as they please, they most likely > don't use bsdinstall in first place, so they're not affected in any way. Sorry, I strongly disagree with that. I'm most likely a "power user" and I use bsdinstall. >>> >>> Ditto. I'm also unfamiliar enough with the installer to trip on this >>> kind of thing. Slawa's proposed "disable all" option would be fine. >> >> My english not enought fluent for more explicate proposal, from my >> point most of this options do hardened in only limited cases, for >> other cases same options do system more un-hardened by force working >> as root. Some have unevident effects (/tmp cleaning, for example). > > Yep. I am not concerned about disabling sendmail or remote syslog by > default, though. > >> For many users this options will be source of weird issuses (gdb don't >> work? fucking ugly freebsd! migrate to linux). > > Yeah, I am concerned about this too. (Also: "ps doesn't work" would > be a big newbie sysadmin headache.) > >> This is evil trend of enforcing weird solutions under the auspices of >> 'my safety': airport security check, backgound check on every point, >> lawfull intercept, block access to hardware management in safety >> enviroment by 'leak ecnription'. I am enoght smart for self-sufficient >> security risk assessment! >> >> Industry already have at some "hardened" BSD: OpenBSD and HardenedBSD. >> Waht about market share? > > Best, > Conrad > Yeah, a think a number of these options are good, but a bunch are no go. I do not want something deleting my files from /tmp unexpectedly. TrueOS has that on by default, and it has eaten useful files a few too many times. Breaking gdb should NOT be on by default either. For some of the others, having them on by default in bsdinstall might be a good way to 'test' the features under a wider user load, before we switch the defaults for the sysctls. -- Allan Jude signature.asc Description: OpenPGP digital signature
svn commit: r314104 - head/lib/libcxxrt
Author: dim Date: Wed Feb 22 18:44:57 2017 New Revision: 314104 URL: https://svnweb.freebsd.org/changeset/base/314104 Log: Surround any unmangled C++ names in libcxxrt's version map with 'extern "C++"', otherwise ld refuses to make the symbols global in the final library. This causes the __int128-related symbols to go missing when the library is stripped during installation. Helpful hints:emaste MFC after:2 weeks X-MFC-With: r314061 Modified: head/lib/libcxxrt/Version.map Modified: head/lib/libcxxrt/Version.map == --- head/lib/libcxxrt/Version.map Wed Feb 22 17:57:24 2017 (r314103) +++ head/lib/libcxxrt/Version.map Wed Feb 22 18:44:57 2017 (r314104) @@ -255,12 +255,14 @@ CXXABI_1.3.1 { } CXXABI_1.3; CXXABI_1.3.5 { -"typeinfo for __int128 const*"; -"typeinfo for __int128"; -"typeinfo for __int128*"; -"typeinfo for unsigned __int128 const*"; -"typeinfo for unsigned __int128"; -"typeinfo for unsigned __int128*"; +extern "C++" { +"typeinfo for __int128 const*"; +"typeinfo for __int128"; +"typeinfo for __int128*"; +"typeinfo for unsigned __int128 const*"; +"typeinfo for unsigned __int128"; +"typeinfo for unsigned __int128*"; +}; } CXXABI_1.3.1; CXXABI_1.3.6 { @@ -268,12 +270,14 @@ CXXABI_1.3.6 { } CXXABI_1.3.5; CXXABI_1.3.9 { -"typeinfo name for __int128 const*"; -"typeinfo name for __int128"; -"typeinfo name for __int128*"; -"typeinfo name for unsigned __int128 const*"; -"typeinfo name for unsigned __int128"; -"typeinfo name for unsigned __int128*"; +extern "C++" { +"typeinfo name for __int128 const*"; +"typeinfo name for __int128"; +"typeinfo name for __int128*"; +"typeinfo name for unsigned __int128 const*"; +"typeinfo name for unsigned __int128"; +"typeinfo name for unsigned __int128*"; +}; } CXXABI_1.3.6; CXXRT_1.0 { ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts
On Wed, Feb 22, 2017 at 10:05 AM, Slawa Olhovchenkovwrote: > On Wed, Feb 22, 2017 at 08:11:14AM -0800, Conrad Meyer wrote: > >> On Wed, Feb 22, 2017 at 3:23 AM, Joel Dahl wrote: >> > On Wed, Feb 22, 2017 at 07:56:52AM +, Bartłomiej Rutkowski wrote: >> >> I strongly believe we should, by default, ship as secured and hardened as >> >> possible in order to improve overall security of new users installations. >> >> Power users will and do change the OS as they please, they most likely >> >> don't use bsdinstall in first place, so they're not affected in any way. >> > >> > Sorry, I strongly disagree with that. I'm most likely a "power user" and I >> > use >> > bsdinstall. >> >> Ditto. I'm also unfamiliar enough with the installer to trip on this >> kind of thing. Slawa's proposed "disable all" option would be fine. > > My english not enought fluent for more explicate proposal, from my > point most of this options do hardened in only limited cases, for > other cases same options do system more un-hardened by force working > as root. Some have unevident effects (/tmp cleaning, for example). Yep. I am not concerned about disabling sendmail or remote syslog by default, though. > For many users this options will be source of weird issuses (gdb don't > work? fucking ugly freebsd! migrate to linux). Yeah, I am concerned about this too. (Also: "ps doesn't work" would be a big newbie sysadmin headache.) > This is evil trend of enforcing weird solutions under the auspices of > 'my safety': airport security check, backgound check on every point, > lawfull intercept, block access to hardware management in safety > enviroment by 'leak ecnription'. I am enoght smart for self-sufficient > security risk assessment! > > Industry already have at some "hardened" BSD: OpenBSD and HardenedBSD. > Waht about market share? Best, Conrad ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts
On Wed, Feb 22, 2017 at 08:11:14AM -0800, Conrad Meyer wrote: > On Wed, Feb 22, 2017 at 3:23 AM, Joel Dahlwrote: > > On Wed, Feb 22, 2017 at 07:56:52AM +, Bartłomiej Rutkowski wrote: > >> I strongly believe we should, by default, ship as secured and hardened as > >> possible in order to improve overall security of new users installations. > >> Power users will and do change the OS as they please, they most likely > >> don't use bsdinstall in first place, so they're not affected in any way. > > > > Sorry, I strongly disagree with that. I'm most likely a "power user" and I > > use > > bsdinstall. > > Ditto. I'm also unfamiliar enough with the installer to trip on this > kind of thing. Slawa's proposed "disable all" option would be fine. My english not enought fluent for more explicate proposal, from my point most of this options do hardened in only limited cases, for other cases same options do system more un-hardened by force working as root. Some have unevident effects (/tmp cleaning, for example). For many users this options will be source of weird issuses (gdb don't work? fucking ugly freebsd! migrate to linux). This is evil trend of enforcing weird solutions under the auspices of 'my safety': airport security check, backgound check on every point, lawfull intercept, block access to hardware management in safety enviroment by 'leak ecnription'. I am enoght smart for self-sufficient security risk assessment! Industry already have at some "hardened" BSD: OpenBSD and HardenedBSD. Waht about market share? ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314103 - stable/10/sys/dev/e1000
Author: marius Date: Wed Feb 22 17:57:24 2017 New Revision: 314103 URL: https://svnweb.freebsd.org/changeset/base/314103 Log: MFC: r311979 Reset the EIAC register to include the LINK status bit and restore link up/down notifications. Modified: stable/10/sys/dev/e1000/if_em.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/dev/e1000/if_em.c == --- stable/10/sys/dev/e1000/if_em.c Wed Feb 22 17:57:19 2017 (r314102) +++ stable/10/sys/dev/e1000/if_em.c Wed Feb 22 17:57:24 2017 (r314103) @@ -5157,7 +5157,7 @@ em_enable_intr(struct adapter *adapter) u32 ims_mask = IMS_ENABLE_MASK; if (hw->mac.type == e1000_82574) { - E1000_WRITE_REG(hw, EM_EIAC, adapter->ims); + E1000_WRITE_REG(hw, EM_EIAC, EM_MSIX_MASK); ims_mask |= adapter->ims; } E1000_WRITE_REG(hw, E1000_IMS, ims_mask); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314102 - stable/11/sys/dev/e1000
Author: marius Date: Wed Feb 22 17:57:19 2017 New Revision: 314102 URL: https://svnweb.freebsd.org/changeset/base/314102 Log: MFC: r311979 Reset the EIAC register to include the LINK status bit and restore link up/down notifications. Modified: stable/11/sys/dev/e1000/if_em.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/dev/e1000/if_em.c == --- stable/11/sys/dev/e1000/if_em.c Wed Feb 22 17:20:18 2017 (r314101) +++ stable/11/sys/dev/e1000/if_em.c Wed Feb 22 17:57:19 2017 (r314102) @@ -5114,7 +5114,7 @@ em_enable_intr(struct adapter *adapter) u32 ims_mask = IMS_ENABLE_MASK; if (hw->mac.type == e1000_82574) { - E1000_WRITE_REG(hw, EM_EIAC, adapter->ims); + E1000_WRITE_REG(hw, EM_EIAC, EM_MSIX_MASK); ims_mask |= adapter->ims; } E1000_WRITE_REG(hw, E1000_IMS, ims_mask); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts
On Wednesday, February 22, 2017 07:52:45 AM Bartłomiej Rutkowski wrote: > On Tue, Feb 21, 2017 at 2:34 PM, Eric Badgerwrote: > > > On 02/21/2017 03:37 AM, Bartek Rutkowski wrote: > > > >> Author: robak (ports committer) > >> Date: Tue Feb 21 09:37:33 2017 > >> New Revision: 314036 > >> URL: https://svnweb.freebsd.org/changeset/base/314036 > >> > >> Log: > >> Enable bsdinstall hardening options by default. > >> > >> As discussed previously, in order to introduce new OS hardening > >> defaults, we've added them to bsdinstall in 'off by default' mode. > >> It has been there for a while, so the next step is to change them > >> to 'on by defaul' mode, so that in future we could simply enable > >> them in base OS. > >> > >> Reviewed by: brd > >> Approved by: adrian > >> Differential Revision:https://reviews.freebsd.org/D9641 > >> > >> Modified: > >> head/usr.sbin/bsdinstall/scripts/hardening > >> > >> Modified: head/usr.sbin/bsdinstall/scripts/hardening > >> > >> == > >> --- head/usr.sbin/bsdinstall/scripts/hardening Tue Feb 21 09:33:21 > >> 2017(r314035) > >> +++ head/usr.sbin/bsdinstall/scripts/hardening Tue Feb 21 09:37:33 > >> 2017(r314036) > >> @@ -36,15 +36,15 @@ FEATURES=$( dialog --backtitle "FreeBSD > >> --title "System Hardening" --nocancel --separate-output \ > >> --checklist "Choose system security hardening options:" \ > >> 0 0 0 \ > >> - "0 hide_uids" "Hide processes running as other users" > >> ${hide_uids:-off} \ > >> - "1 hide_gids" "Hide processes running as other groups" > >> ${hide_gids:-off} \ > >> - "2 read_msgbuf" "Disable reading kernel message buffer for > >> unprivileged users" ${read_msgbuf:-off} \ > >> - "3 proc_debug" "Disable process debugging facilities for > >> unprivileged users" ${proc_debug:-off} \ > >> - "4 random_pid" "Randomize the PID of newly created processes" > >> ${random_pid:-off} \ > >> - "5 stack_guard" "Insert stack guard page ahead of the growable > >> segments" ${stack_guard:-off} \ > >> - "6 clear_tmp" "Clean the /tmp filesystem on system startup" > >> ${clear_tmp:-off} \ > >> - "7 disable_syslogd" "Disable opening Syslogd network socket > >> (disables remote logging)" ${disable_syslogd:-off} \ > >> - "8 disable_sendmail" "Disable Sendmail service" > >> ${disable_sendmail:-off} \ > >> + "0 hide_uids" "Hide processes running as other users" > >> ${hide_uids:-on} \ > >> + "1 hide_gids" "Hide processes running as other groups" > >> ${hide_gids:-on} \ > >> + "2 read_msgbuf" "Disable reading kernel message buffer for > >> unprivileged users" ${read_msgbuf:-on} \ > >> + "3 proc_debug" "Disable process debugging facilities for > >> unprivileged users" ${proc_debug:-on} \ > >> + "4 random_pid" "Randomize the PID of newly created processes" > >> ${random_pid:-on} \ > >> + "5 stack_guard" "Insert stack guard page ahead of the growable > >> segments" ${stack_guard:-on} \ > >> + "6 clear_tmp" "Clean the /tmp filesystem on system startup" > >> ${clear_tmp:-on} \ > >> + "7 disable_syslogd" "Disable opening Syslogd network socket > >> (disables remote logging)" ${disable_syslogd:-on} \ > >> + "8 disable_sendmail" "Disable Sendmail service" > >> ${disable_sendmail:-on} \ > >> 2>&1 1>&3 ) > >> exec 3>&- > >> > >> > >> > > Hi Bartek, > > > > Thanks for working on making it easier to harden FreeBSD. While defaulting > > some of these options to "on" seem pretty harmless (e.g. random_pid), > > others are likely to cause confusion for new and experienced users alike > > (e.g. proc_debug. I've never used that option before, so I gave it a try. > > It simply causes gdb to hang when attempting to start a process, with no > > obvious indication of why). I think more discussion is merited before they > > are turned on by default; personally I think they have potential to sour a > > first impression of FreeBSD by making things people are used to doing on > > other OSes hard. > > > The audience of these changes is not someone like you, who's using gdb > daily. The audience is the new users who often don't know what they're > doing, why they're doing that and how to do differently, especially when it > comes to the security. Power users in most cases don't use bsdinstall to > install their systems, they use automation of some sort to fine tune the OS > exactly to their needs and use case, and in their case this change is > transparent and doesn't affect them. What it affects is the default FreeBSD > installation and our poor track record of default installation security and > great track record for not changing and improving things just becuase > they've been like that for past decade. Please don't turn FreeBSD into a system that is a pain to develop on. For my undergrad students who do their work in Linux VMs I have
svn commit: r314101 - head/sys/sys
Author: avg Date: Wed Feb 22 17:20:18 2017 New Revision: 314101 URL: https://svnweb.freebsd.org/changeset/base/314101 Log: don't use C99 static array indices with older GCC versions For example, the FreeBSD GCC (4.2.1) has a spotty support for that feature. If the static keyword is used with an unnamed array parameter in a function declaration, then the compilation fails with: error: static or type qualifiers in abstract declarator The feature does work if the parameter is named. So, the restriction introduced in this commit can be removed when all affected function prototypes have the workaround. MFC after:1 week Sponsored by: Panzura Modified: head/sys/sys/cdefs.h Modified: head/sys/sys/cdefs.h == --- head/sys/sys/cdefs.hWed Feb 22 17:13:00 2017(r314100) +++ head/sys/sys/cdefs.hWed Feb 22 17:20:18 2017(r314101) @@ -349,6 +349,7 @@ * void bar(int myArray[__min_size(10)]); */ #if !defined(__cplusplus) && \ +(defined(__clang__) || __GNUC_PREREQ__(4, 6)) && \ (!defined(__STDC_VERSION__) || (__STDC_VERSION__ >= 199901)) #define __min_size(x) static (x) #else ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts
On Wed, Feb 22, 2017 at 3:23 AM, Joel Dahlwrote: > On Wed, Feb 22, 2017 at 07:56:52AM +, Bartłomiej Rutkowski wrote: >> I strongly believe we should, by default, ship as secured and hardened as >> possible in order to improve overall security of new users installations. >> Power users will and do change the OS as they please, they most likely >> don't use bsdinstall in first place, so they're not affected in any way. > > Sorry, I strongly disagree with that. I'm most likely a "power user" and I use > bsdinstall. Ditto. I'm also unfamiliar enough with the installer to trip on this kind of thing. Slawa's proposed "disable all" option would be fine. Thanks, Conrad ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314100 - head/sys/sys
Author: avg Date: Wed Feb 22 17:13:00 2017 New Revision: 314100 URL: https://svnweb.freebsd.org/changeset/base/314100 Log: fix a typo in __STDC_VERSION__ in __min_size requirements MFC after:1 week Sponsored by: Panzura Modified: head/sys/sys/cdefs.h Modified: head/sys/sys/cdefs.h == --- head/sys/sys/cdefs.hWed Feb 22 16:37:45 2017(r314099) +++ head/sys/sys/cdefs.hWed Feb 22 17:13:00 2017(r314100) @@ -349,7 +349,7 @@ * void bar(int myArray[__min_size(10)]); */ #if !defined(__cplusplus) && \ -(!defined(__STDC_VERSION) || (__STDC_VERSION__ >= 199901)) +(!defined(__STDC_VERSION__) || (__STDC_VERSION__ >= 199901)) #define __min_size(x) static (x) #else #define __min_size(x) (x) ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314099 - head/usr.bin/lam
Author: bapt Date: Wed Feb 22 16:37:45 2017 New Revision: 314099 URL: https://svnweb.freebsd.org/changeset/base/314099 Log: Better fix for r314098 The actual issue was the fact that if - was used then some restriction were already set to stdin when we were applying caph_limit_stdio which was failing due to the fact the fd was the fd was already restricted to lower rights. Restricting stdio before actually opening the files prevent trying to raise the right and fixes the issue. And this allows to keep failing the program if restriction failed Approved by: allanjude Differential Revision:https://reviews.freebsd.org/D9723 Modified: head/usr.bin/lam/lam.c Modified: head/usr.bin/lam/lam.c == --- head/usr.bin/lam/lam.c Wed Feb 22 15:30:57 2017(r314098) +++ head/usr.bin/lam/lam.c Wed Feb 22 16:37:45 2017(r314099) @@ -86,6 +86,8 @@ main(int argc, char *argv[]) if (argc == 1) usage(); + if (caph_limit_stdio() == -1) + err(1, "unable to limit stdio"); getargs(argv); if (!morefiles) usage(); @@ -95,7 +97,6 @@ main(int argc, char *argv[]) * mode. */ caph_cache_catpages(); - caph_limit_stdio(); if (cap_enter() < 0 && errno != ENOSYS) err(1, "unable to enter capability mode"); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r314043 - in head/sys: compat/linuxkpi/common/include/linux compat/linuxkpi/common/src conf modules/linuxkpi
Sweet! Thanks! (God I'd like this for native FreeBSD drivers actually...) -adrian On 22 February 2017 at 01:22, Hans Petter Selaskywrote: > On 02/22/17 00:18, Adrian Chadd wrote: >> >> Hiya, >> >> My understanding of tasklets is that they run on the CPU that they >> were scheduled on, rather than there being a single tasklet thread? >> >> Is that the direction you're thinking of heading in, or? >> > > Hi Adrian, > > The plan is to use grouptaskqueue in the end. From what I can see all the > pieces are in place for that. Then the tasklets will run on the same CPU > that they were scheduled on. > > Some patches needs to go into the grouptaskqueue first: > > 1) grouptaskqueue needs to support LinuxKPI module unload. There is current > missing/unimplemented drain logic in grouptaskqueue APIs. > > 2) Needs to expose internal gtaskqueues, so that we don't create unneccesary > threads to handle a single IRQ, which is the case currently. > > I've already CC'ed a few people on this, but not action yet. If you can > help, would be great. > > BTW: > TASKQGROUP_DECLARE(net); > > in sys/gtaskqueue.h seems non-existing and should be removed. > > --HPS > ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314098 - head/usr.bin/lam
Author: allanjude Date: Wed Feb 22 15:30:57 2017 New Revision: 314098 URL: https://svnweb.freebsd.org/changeset/base/314098 Log: lam(1): Failing to restrict stdin/stdout/stderr should not be fatal When fed from a pipe, lam(1) would sometimes fail: lam: unable to limit stdio: Capabilities insufficient fixed regression in portsnap(8) introduced in r313938 This broke portsnap(8), the app that the capsicumization of lam(1) was meant to secure. # portsnap fetch update Looking up portsnap.FreeBSD.org mirrors... 6 mirrors found. Fetching snapshot tag from ec2-eu-west-1.portsnap.freebsd.org... done. Fetching snapshot metadata... done. Updating from Tue Feb 21 16:05:39 MSK 2017 to Tue Feb 21 16:59:30 MSK 2017. Fetching 5 metadata patches.lam: unable to limit stdio: Capabilities insufficient done. Applying metadata patches... done. Fetching 5 metadata files... lam: unable to limit stdio: Capabilities insufficient /usr/sbin/portsnap: cannot open 8c94d2c3f8fcea20eb1fd82021566c99c63a010e6b3702ee11e7a491795bcfb8.gz: No such file or directory metadata is corrupt. Reported by: Vladimir Zakharov, Ben Woods Modified: head/usr.bin/lam/lam.c Modified: head/usr.bin/lam/lam.c == --- head/usr.bin/lam/lam.c Wed Feb 22 10:21:39 2017(r314097) +++ head/usr.bin/lam/lam.c Wed Feb 22 15:30:57 2017(r314098) @@ -95,8 +95,7 @@ main(int argc, char *argv[]) * mode. */ caph_cache_catpages(); - if (caph_limit_stdio() == -1) - err(1, "unable to limit stdio"); + caph_limit_stdio(); if (cap_enter() < 0 && errno != ENOSYS) err(1, "unable to enter capability mode"); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r313992 - in head: sys/kern sys/sys tests/sys/kern
-Original Message- > From:on behalf of Eric Badger > > Date: 2017-02-21, Tuesday at 20:37 > To: Ravi Pokala , , > , > Subject: Re: svn commit: r313992 - in head: sys/kern sys/sys tests/sys/kern > > On 02/21/2017 05:45 PM, Ravi Pokala wrote: >> Hi Eric, >> >> This appears to break buildworld for a bunch of platforms -- possibly all >> the ones that use gcc rather than clang? >> >> A representative example from sparc64: >> >> /usr/home/rpokala/freebsd/clean/base/head/tests/sys/kern/ptrace_test.c: >> In function 'atfu_ptrace__PT_KILL_breakpoint_body': >> >> /usr/home/rpokala/freebsd/clean/base/head/tests/sys/kern/ptrace_test.c:1693: >> warning: implicit declaration of function '__builtin_debugtrap' >> *** [ptrace_test.o] Error code 1 >> >> Thanks, >> >> Ravi (rpokala@) > > Hi Ravi, > > Thanks for letting me know, and sorry for the breakage. It should be > fixed as of r314075. > > Eric Hi Eric, Alas, no joy: /usr/home/rpokala/freebsd/clean/base/head/tests/sys/kern/ptrace_test.c:1694:3: error: implicit declaration of function 'breakpoint' is invalid in C99 [-Werror,-Wimplicit-function-declaration] breakpoint(); ^ Try again? Thanks, Ravi (rpokala@) ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts
On Tue, Feb 21, 2017 at 09:37:34AM +, Bartek Rutkowski wrote: > Author: robak (ports committer) > Date: Tue Feb 21 09:37:33 2017 > New Revision: 314036 > URL: https://svnweb.freebsd.org/changeset/base/314036 > > Log: > Enable bsdinstall hardening options by default. > > As discussed previously, in order to introduce new OS hardening > defaults, we've added them to bsdinstall in 'off by default' mode. > It has been there for a while, so the next step is to change them > to 'on by defaul' mode, so that in future we could simply enable > them in base OS. Please include option "disable all" for simple disable all. > Reviewed by:brd > Approved by:adrian > Differential Revision: https://reviews.freebsd.org/D9641 > > Modified: > head/usr.sbin/bsdinstall/scripts/hardening > > Modified: head/usr.sbin/bsdinstall/scripts/hardening > == > --- head/usr.sbin/bsdinstall/scripts/hardeningTue Feb 21 09:33:21 > 2017(r314035) > +++ head/usr.sbin/bsdinstall/scripts/hardeningTue Feb 21 09:37:33 > 2017(r314036) > @@ -36,15 +36,15 @@ FEATURES=$( dialog --backtitle "FreeBSD > --title "System Hardening" --nocancel --separate-output \ > --checklist "Choose system security hardening options:" \ > 0 0 0 \ > - "0 hide_uids" "Hide processes running as other users" ${hide_uids:-off} > \ > - "1 hide_gids" "Hide processes running as other groups" > ${hide_gids:-off} \ > - "2 read_msgbuf" "Disable reading kernel message buffer for unprivileged > users" ${read_msgbuf:-off} \ > - "3 proc_debug" "Disable process debugging facilities for unprivileged > users" ${proc_debug:-off} \ > - "4 random_pid" "Randomize the PID of newly created processes" > ${random_pid:-off} \ > - "5 stack_guard" "Insert stack guard page ahead of the growable > segments" ${stack_guard:-off} \ > - "6 clear_tmp" "Clean the /tmp filesystem on system startup" > ${clear_tmp:-off} \ > - "7 disable_syslogd" "Disable opening Syslogd network socket (disables > remote logging)" ${disable_syslogd:-off} \ > - "8 disable_sendmail" "Disable Sendmail service" > ${disable_sendmail:-off} \ > + "0 hide_uids" "Hide processes running as other users" ${hide_uids:-on} \ > + "1 hide_gids" "Hide processes running as other groups" ${hide_gids:-on} > \ > + "2 read_msgbuf" "Disable reading kernel message buffer for unprivileged > users" ${read_msgbuf:-on} \ > + "3 proc_debug" "Disable process debugging facilities for unprivileged > users" ${proc_debug:-on} \ > + "4 random_pid" "Randomize the PID of newly created processes" > ${random_pid:-on} \ > + "5 stack_guard" "Insert stack guard page ahead of the growable > segments" ${stack_guard:-on} \ > + "6 clear_tmp" "Clean the /tmp filesystem on system startup" > ${clear_tmp:-on} \ > + "7 disable_syslogd" "Disable opening Syslogd network socket (disables > remote logging)" ${disable_syslogd:-on} \ > + "8 disable_sendmail" "Disable Sendmail service" ${disable_sendmail:-on} > \ > 2>&1 1>&3 ) > exec 3>&- > > ___ > svn-src-all@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/svn-src-all > To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org" ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts
On Wed, Feb 22, 2017 at 07:56:52AM +, Bartłomiej Rutkowski wrote: > On Tue, Feb 21, 2017 at 2:40 PM, Alexey Dokuchaevwrote: > > > On Tue, Feb 21, 2017 at 08:34:29AM -0600, Eric Badger wrote: > > > Thanks for working on making it easier to harden FreeBSD. While > > > defaulting some of these options to "on" seem pretty harmless (e.g. > > > random_pid), others are likely to cause confusion for new and > > > experienced users alike (e.g. proc_debug. I've never used that option > > > before, so I gave it a try. It simply causes gdb to hang when attempting > > > to start a process, with no obvious indication of why). > > > > I concur. In fact, harmless knobs should probably be turned on by default > > in FreeBSD itself (i.e., without any "hardening" help from the installer), > > while more intrusive ones should be opt-in, not opt-out. > > > > ./danfe > > > > I strongly believe we should, by default, ship as secured and hardened as > possible in order to improve overall security of new users installations. > Power users will and do change the OS as they please, they most likely > don't use bsdinstall in first place, so they're not affected in any way. Sorry, I strongly disagree with that. I'm most likely a "power user" and I use bsdinstall. -- Joel ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314097 - in head/sys: dev/bhnd/cores/chipc dev/fdt dev/nand geom modules/geom modules/geom/geom_flashmap powerpc/mikrotik sys
Author: marius Date: Wed Feb 22 10:21:39 2017 New Revision: 314097 URL: https://svnweb.freebsd.org/changeset/base/314097 Log: - Allow different slicers for different flash types to be registered with geom_flashmap(4) and teach it about MMC for slicing enhanced user data area partitions. The FDT slicer still is the default for CFI, NAND and SPI flash on FDT-enabled platforms. - In addition to a device_t, also pass the name of the GEOM provider in question to the slicers as a single device may provide more than provider. - Build a geom_flashmap.ko. - Use MODULE_VERSION() so other modules can depend on geom_flashmap(4). - Remove redundant/superfluous GEOM routines that either do nothing or provide/just call default GEOM (slice) functionality. - Trim/adjust includes Submitted by: jhibbits (RouterBoard bits) Reviewed by: jhibbits Added: head/sys/modules/geom/geom_flashmap/ head/sys/modules/geom/geom_flashmap/Makefile (contents, props changed) Modified: head/sys/dev/bhnd/cores/chipc/chipc_slicer.c head/sys/dev/bhnd/cores/chipc/chipc_slicer.h head/sys/dev/fdt/fdt_slicer.c head/sys/dev/nand/nfc_rb.c head/sys/geom/geom_flashmap.c head/sys/modules/geom/Makefile head/sys/powerpc/mikrotik/platform_rb.c head/sys/sys/slicer.h Modified: head/sys/dev/bhnd/cores/chipc/chipc_slicer.c == --- head/sys/dev/bhnd/cores/chipc/chipc_slicer.cWed Feb 22 09:39:15 2017(r314096) +++ head/sys/dev/bhnd/cores/chipc/chipc_slicer.cWed Feb 22 10:21:39 2017(r314097) @@ -63,10 +63,12 @@ chipc_register_slicer(chipc_flash flash_ switch (flash_type) { case CHIPC_SFLASH_AT: case CHIPC_SFLASH_ST: - flash_register_slicer(chipc_slicer_spi); + flash_register_slicer(chipc_slicer_spi, FLASH_SLICES_TYPE_SPI, + TRUE); break; case CHIPC_PFLASH_CFI: - flash_register_slicer(chipc_slicer_cfi); + flash_register_slicer(chipc_slicer_cfi, FLASH_SLICES_TYPE_CFI, + TRUE); break; default: /* Unsupported */ @@ -75,7 +77,8 @@ chipc_register_slicer(chipc_flash flash_ } int -chipc_slicer_cfi(device_t dev, struct flash_slice *slices, int *nslices) +chipc_slicer_cfi(device_t dev, const char *provider __unused, +struct flash_slice *slices, int *nslices) { struct cfi_softc*sc; device_t parent; @@ -100,7 +103,8 @@ chipc_slicer_cfi(device_t dev, struct fl } int -chipc_slicer_spi(device_t dev, struct flash_slice *slices, int *nslices) +chipc_slicer_spi(device_t dev, const char *provider __unused, +struct flash_slice *slices, int *nslices) { struct chipc_spi_softc *sc; device_t chipc, spi, spibus; Modified: head/sys/dev/bhnd/cores/chipc/chipc_slicer.h == --- head/sys/dev/bhnd/cores/chipc/chipc_slicer.hWed Feb 22 09:39:15 2017(r314096) +++ head/sys/dev/bhnd/cores/chipc/chipc_slicer.hWed Feb 22 10:21:39 2017(r314097) @@ -41,9 +41,9 @@ #defineNVRAM_MAGIC 0x48534C46 void chipc_register_slicer(chipc_flash flash_type); -intchipc_slicer_spi(device_t dev, struct flash_slice *slices, - int *nslices); -intchipc_slicer_cfi(device_t dev, struct flash_slice *slices, - int *nslices); +intchipc_slicer_spi(device_t dev, const char *provider, + struct flash_slice *slices, int *nslices); +intchipc_slicer_cfi(device_t dev, const char *provider, + struct flash_slice *slices, int *nslices); #endif /* _BHND_CORES_CHIPC_CHIPC_SLICER_H_ */ Modified: head/sys/dev/fdt/fdt_slicer.c == --- head/sys/dev/fdt/fdt_slicer.c Wed Feb 22 09:39:15 2017 (r314096) +++ head/sys/dev/fdt/fdt_slicer.c Wed Feb 22 10:21:39 2017 (r314097) @@ -30,10 +30,11 @@ __FBSDID("$FreeBSD$"); #include #include #include -#include #include #include +#include +#include #ifdef DEBUG #define debugf(fmt, args...) do { printf("%s(): ", __func__); \ @@ -42,8 +43,13 @@ __FBSDID("$FreeBSD$"); #define debugf(fmt, args...) #endif -int -fdt_flash_fill_slices(device_t dev, struct flash_slice *slices, int *slices_num) +static int fdt_flash_fill_slices(device_t dev, const char *provider, +struct flash_slice *slices, int *slices_num); +static void fdt_slicer_init(void); + +static int +fdt_flash_fill_slices(device_t dev, const char *provider __unused, +struct flash_slice *slices, int *slices_num) { char *slice_name; phandle_t dt_node, dt_child; @@ -90,8 +96,8 @@ fdt_flash_fill_slices(device_t dev, stru
Re: svn commit: r313975 - in head: contrib/openpam contrib/openpam/bin contrib/openpam/bin/openpam_dump_policy contrib/openpam/bin/pamtest contrib/openpam/bin/su contrib/openpam/doc contrib/openpam/do
"Ngie Cooper (yaneurabeya)"writes: > I figured that you had good reasons for doing this after some of the > discussion we had off-list about testing in general, but I’ll see what > I can do to bring back coverage in lib/libpam. It has nothing to do with my opinion of Kyua. OpenPAM's unit tests now use cryb.to's test framework, which I have no intention of importing into FreeBSD. DES -- Dag-Erling Smørgrav - d...@des.no ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r314094 - head/sys/dev/xen/timer
On Wed, Feb 22, 2017 at 09:22:18AM +, Roger Pau Monné wrote: > Author: royger > Date: Wed Feb 22 09:22:17 2017 > New Revision: 314094 > URL: https://svnweb.freebsd.org/changeset/base/314094 > > Log: > xen/timer: mark the Xen PV timer as not safe for suspension > > Note that the timer itself fully supports suspension, but due to the lack of > ordering during the resume process FreeBSD cannot guarantee that the timer > is > resumed before any device attempts to use it. > > Submitted by: Liuyingdong> Reviewed by:royger > Differential Revision: https://reviews.freebsd.org/D9639 Forgot to add: MFC after: 1 week Roger. ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314096 - vendor/mdocml/1.4.1
Author: bapt Date: Wed Feb 22 09:39:15 2017 New Revision: 314096 URL: https://svnweb.freebsd.org/changeset/base/314096 Log: Tag import of mandoc 1.4.1 Added: vendor/mdocml/1.4.1/ - copied from r313954, vendor/mdocml/dist/ vendor/mdocml/1.4.1/catman.8 - copied unchanged from r313956, vendor/mdocml/dist/catman.8 vendor/mdocml/1.4.1/catman.c - copied unchanged from r313956, vendor/mdocml/dist/catman.c vendor/mdocml/1.4.1/man.options.1 - copied unchanged from r313956, vendor/mdocml/dist/man.options.1 vendor/mdocml/1.4.1/mandocd.8 - copied unchanged from r313956, vendor/mdocml/dist/mandocd.8 vendor/mdocml/1.4.1/mandocd.c - copied unchanged from r313956, vendor/mdocml/dist/mandocd.c vendor/mdocml/1.4.1/test-O_DIRECTORY.c - copied unchanged from r313956, vendor/mdocml/dist/test-O_DIRECTORY.c vendor/mdocml/1.4.1/test-cmsg.c - copied unchanged from r313956, vendor/mdocml/dist/test-cmsg.c vendor/mdocml/1.4.1/test-recvmsg.c - copied unchanged from r313956, vendor/mdocml/dist/test-recvmsg.c Replaced: vendor/mdocml/1.4.1/INSTALL - copied unchanged from r313956, vendor/mdocml/dist/INSTALL vendor/mdocml/1.4.1/LICENSE - copied unchanged from r314095, vendor/mdocml/dist/LICENSE vendor/mdocml/1.4.1/Makefile - copied unchanged from r313956, vendor/mdocml/dist/Makefile vendor/mdocml/1.4.1/Makefile.depend - copied unchanged from r313956, vendor/mdocml/dist/Makefile.depend vendor/mdocml/1.4.1/NEWS - copied unchanged from r314095, vendor/mdocml/dist/NEWS vendor/mdocml/1.4.1/TODO - copied unchanged from r313956, vendor/mdocml/dist/TODO vendor/mdocml/1.4.1/apropos.1 - copied unchanged from r313956, vendor/mdocml/dist/apropos.1 vendor/mdocml/1.4.1/cgi.c - copied unchanged from r313956, vendor/mdocml/dist/cgi.c vendor/mdocml/1.4.1/chars.c - copied unchanged from r313956, vendor/mdocml/dist/chars.c vendor/mdocml/1.4.1/compat_fts.c - copied unchanged from r313956, vendor/mdocml/dist/compat_fts.c vendor/mdocml/1.4.1/configure - copied unchanged from r313956, vendor/mdocml/dist/configure vendor/mdocml/1.4.1/configure.local.example - copied unchanged from r313956, vendor/mdocml/dist/configure.local.example vendor/mdocml/1.4.1/dba.c - copied unchanged from r313956, vendor/mdocml/dist/dba.c vendor/mdocml/1.4.1/dbm_map.c - copied unchanged from r313956, vendor/mdocml/dist/dbm_map.c vendor/mdocml/1.4.1/eqn_term.c - copied unchanged from r313956, vendor/mdocml/dist/eqn_term.c vendor/mdocml/1.4.1/gmdiff - copied unchanged from r313956, vendor/mdocml/dist/gmdiff vendor/mdocml/1.4.1/html.c - copied unchanged from r313956, vendor/mdocml/dist/html.c vendor/mdocml/1.4.1/html.h - copied unchanged from r313956, vendor/mdocml/dist/html.h vendor/mdocml/1.4.1/libmandoc.h - copied unchanged from r313956, vendor/mdocml/dist/libmandoc.h vendor/mdocml/1.4.1/libmdoc.h - copied unchanged from r313956, vendor/mdocml/dist/libmdoc.h vendor/mdocml/1.4.1/main.c - copied unchanged from r313956, vendor/mdocml/dist/main.c vendor/mdocml/1.4.1/man.1 - copied unchanged from r313956, vendor/mdocml/dist/man.1 vendor/mdocml/1.4.1/man_html.c - copied unchanged from r313956, vendor/mdocml/dist/man_html.c vendor/mdocml/1.4.1/man_term.c - copied unchanged from r313956, vendor/mdocml/dist/man_term.c vendor/mdocml/1.4.1/manconf.h - copied unchanged from r313956, vendor/mdocml/dist/manconf.h vendor/mdocml/1.4.1/mandoc.1 - copied unchanged from r313956, vendor/mdocml/dist/mandoc.1 vendor/mdocml/1.4.1/mandoc.css - copied unchanged from r313956, vendor/mdocml/dist/mandoc.css vendor/mdocml/1.4.1/mandoc.h - copied unchanged from r313956, vendor/mdocml/dist/mandoc.h vendor/mdocml/1.4.1/mandoc_aux.h - copied unchanged from r313956, vendor/mdocml/dist/mandoc_aux.h vendor/mdocml/1.4.1/mandoc_char.7 - copied unchanged from r313956, vendor/mdocml/dist/mandoc_char.7 vendor/mdocml/1.4.1/mandoc_html.3 - copied unchanged from r313956, vendor/mdocml/dist/mandoc_html.3 vendor/mdocml/1.4.1/mandocdb.c - copied unchanged from r313956, vendor/mdocml/dist/mandocdb.c vendor/mdocml/1.4.1/manpath.c - copied unchanged from r313956, vendor/mdocml/dist/manpath.c vendor/mdocml/1.4.1/mdoc.7 - copied unchanged from r313956, vendor/mdocml/dist/mdoc.7 vendor/mdocml/1.4.1/mdoc.c - copied unchanged from r313956, vendor/mdocml/dist/mdoc.c vendor/mdocml/1.4.1/mdoc_html.c - copied unchanged from r313956, vendor/mdocml/dist/mdoc_html.c vendor/mdocml/1.4.1/mdoc_macro.c - copied unchanged from r313956, vendor/mdocml/dist/mdoc_macro.c vendor/mdocml/1.4.1/mdoc_man.c - copied unchanged from r313956, vendor/mdocml/dist/mdoc_man.c vendor/mdocml/1.4.1/mdoc_term.c - copied unchanged from r313956, vendor/mdocml/dist/mdoc_term.c vendor/mdocml/1.4.1/mdoc_validate.c - copied unchanged from
svn commit: r314095 - vendor/mdocml/dist
Author: bapt Date: Wed Feb 22 09:33:50 2017 New Revision: 314095 URL: https://svnweb.freebsd.org/changeset/base/314095 Log: Import mandoc 1.14.1 Modified: vendor/mdocml/dist/LICENSE vendor/mdocml/dist/NEWS Modified: vendor/mdocml/dist/LICENSE == --- vendor/mdocml/dist/LICENSE Wed Feb 22 09:22:17 2017(r314094) +++ vendor/mdocml/dist/LICENSE Wed Feb 22 09:33:50 2017(r314095) @@ -5,7 +5,7 @@ contained in the mdocml toolkit is prote of the following developers: Copyright (c) 2008-2012, 2014 Kristaps Dzonsons-Copyright (c) 2010-2016 Ingo Schwarze +Copyright (c) 2010-2017 Ingo Schwarze Copyright (c) 2009, 2010, 2011, 2012 Joerg Sonnenberger Copyright (c) 2013 Franco Fichtner Copyright (c) 2014 Baptiste Daroussin Modified: vendor/mdocml/dist/NEWS == --- vendor/mdocml/dist/NEWS Wed Feb 22 09:22:17 2017(r314094) +++ vendor/mdocml/dist/NEWS Wed Feb 22 09:33:50 2017(r314095) @@ -2,7 +2,7 @@ $Id: NEWS,v 1.20 2017/02/16 14:38:12 sch This file lists the most important changes in the mdocml.bsd.lv distribution. -Changes in version 1.14.1, released on February XXX, 2017 +Changes in version 1.14.1, released on February 21, 2017 --- MAJOR NEW FEATURES --- * apropos(1): Reimplement complete semantic search functionality @@ -95,28 +95,32 @@ Changes in version 1.14.1, released on F easier to use and reducing the amount of code by a few hundred lines. --- THANKS TO --- * Michael Stapelberg (Debian) for designing the new mandocd(8) - and parts of the new catman(8), and for a number of patches - and bug reports. + and parts of the new catman(8), for release testing, and for a + number of patches and bug reports. * Baptiste Daroussin (FreeBSD) for profiling the new makewhatis(8) implementation and suggesting an algorithmic improvement which more than doubled performance, and for a few bug reports. * Ed Maste (FreeBSD) for an important patch improving reproducibility of builds in makewhatis(8), and for a few bug reports. - * Theo Buehler (OpenBSD) for more than ten important bug reports, + * Theo Buehler (OpenBSD) for almost twenty important bug reports, most of them found by systematic afl(1) fuzzing. * Benny Lofgren, David Dahlberg, and in particular Vadim Zhukov for crucial help in getting .Bl -tag CSS formatting fixed. * Svyatoslav Mishyn (Crux Linux) for an initial version of the - patch to autodetect a suitable locale for -Tutf8 mode. + patch to autodetect a suitable locale for -Tutf8 mode + and for release testing. * Jason McIntyre (OpenBSD) for multiple useful discussions and a number of bug reports. + * Sevan Janiyan (NetBSD) for extensive release testing and multiple + bug reports. + * Thomas Klausner and Christos Zoulas (NetBSD), Yuri Pankov (illumos), + and Leah Neukirchen (Void Linux) for release testing and bug reports. + * Ulrich Spoerlein (FreeBSD) for release testing. * Alexander Bluhm, Andrew Fresh, Antoine Jacoutot, Antony Bentley, Christian Weisgerber, Jonathan Gray, Marc Espie, Martijn van Duren, Stuart Henderson, Ted Unangst, Theo de Raadt (OpenBSD), Abhinav - Upadhyay, Christos Zoulas, Kamil Rytarowski, Sevan Janiyan, - Thomas Klausner (NetBSD), Aaron M. Ucko, Bdale Garbee, Reiner - Herrmann, Shane Kerr (Debian), Leah Neukirchen (Void Linux), - Daniel Sabogal (Alpine Linux), Yuri Pankov (illumos), + Upadhyay, Kamil Rytarowski (NetBSD), Aaron M. Ucko, Bdale Garbee, + Reiner Herrmann, Shane Kerr (Debian), Daniel Sabogal (Alpine Linux), Carsten Kunze (Heirloom roff), Kristaps Dzonsons (bsd.lv), Anton Lindqvist, Jan Stary, Jeremy A. Mates, Mark Patruck, Pavan Maddamsetti, Sean Levy , and ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r314043 - in head/sys: compat/linuxkpi/common/include/linux compat/linuxkpi/common/src conf modules/linuxkpi
On 02/22/17 00:18, Adrian Chadd wrote: Hiya, My understanding of tasklets is that they run on the CPU that they were scheduled on, rather than there being a single tasklet thread? Is that the direction you're thinking of heading in, or? Hi Adrian, The plan is to use grouptaskqueue in the end. From what I can see all the pieces are in place for that. Then the tasklets will run on the same CPU that they were scheduled on. Some patches needs to go into the grouptaskqueue first: 1) grouptaskqueue needs to support LinuxKPI module unload. There is current missing/unimplemented drain logic in grouptaskqueue APIs. 2) Needs to expose internal gtaskqueues, so that we don't create unneccesary threads to handle a single IRQ, which is the case currently. I've already CC'ed a few people on this, but not action yet. If you can help, would be great. BTW: TASKQGROUP_DECLARE(net); in sys/gtaskqueue.h seems non-existing and should be removed. --HPS commit 0211693a723ce87f184d950d5a3ac5c2b306d418 Author: Matt MacyDate: Wed Aug 10 18:20:58 2016 -0700 make per-cpu grouptaskqueue threads globally visible diff --git a/sys/kern/subr_gtaskqueue.c b/sys/kern/subr_gtaskqueue.c index 2d655bd..3aecff3 100644 --- a/sys/kern/subr_gtaskqueue.c +++ b/sys/kern/subr_gtaskqueue.c @@ -52,6 +52,7 @@ static MALLOC_DEFINE(M_GTASKQUEUE, "taskqueue", "Task Queues"); static void gtaskqueue_thread_enqueue(void *); static void gtaskqueue_thread_loop(void *arg); +TASKQGROUP_DEFINE(softirq, mp_ncpus, 1); struct gtaskqueue_busy { struct gtask *tb_running; diff --git a/sys/net/iflib.c b/sys/net/iflib.c index 5938aca..7cb00c8 100644 --- a/sys/net/iflib.c +++ b/sys/net/iflib.c @@ -93,7 +93,6 @@ __FBSDID("$FreeBSD$"); #include #endif - /* * enable accounting of every mbuf as it comes in to and goes out of iflib's software descriptor references */ @@ -480,7 +479,6 @@ MODULE_VERSION(iflib, 1); MODULE_DEPEND(iflib, pci, 1, 1, 1); MODULE_DEPEND(iflib, ether, 1, 1, 1); -TASKQGROUP_DEFINE(if_io_tqg, mp_ncpus, 1); TASKQGROUP_DEFINE(if_config_tqg, 1, 1); #ifndef IFLIB_DEBUG_COUNTERS @@ -3706,7 +3704,7 @@ iflib_device_deregister(if_ctx_t ctx) if (ctx->ifc_led_dev != NULL) led_destroy(ctx->ifc_led_dev); /* XXX drain any dependent tasks */ - tqg = qgroup_if_io_tqg; + tqg = qgroup_softirq; for (txq = ctx->ifc_txqs, i = 0; i < NTXQSETS(ctx); i++, txq++) { callout_drain(>ift_timer); callout_drain(>ift_db_check); @@ -4328,7 +4326,7 @@ iflib_irq_alloc_generic(if_ctx_t ctx, if_irq_t irq, int rid, q = >ifc_txqs[qid]; info = >ifc_txqs[qid].ift_filter_info; gtask = >ifc_txqs[qid].ift_task; - tqg = qgroup_if_io_tqg; + tqg = qgroup_softirq; tqrid = irq->ii_rid; fn = _task_fn_tx; break; @@ -4336,7 +4334,7 @@ iflib_irq_alloc_generic(if_ctx_t ctx, if_irq_t irq, int rid, q = >ifc_rxqs[qid]; info = >ifc_rxqs[qid].ifr_filter_info; gtask = >ifc_rxqs[qid].ifr_task; - tqg = qgroup_if_io_tqg; + tqg = qgroup_softirq; tqrid = irq->ii_rid; fn = _task_fn_rx; break; @@ -4384,13 +4382,13 @@ iflib_softirq_alloc_generic(if_ctx_t ctx, int rid, iflib_intr_type_t type, void case IFLIB_INTR_TX: q = >ifc_txqs[qid]; gtask = >ifc_txqs[qid].ift_task; - tqg = qgroup_if_io_tqg; + tqg = qgroup_softirq; fn = _task_fn_tx; break; case IFLIB_INTR_RX: q = >ifc_rxqs[qid]; gtask = >ifc_rxqs[qid].ifr_task; - tqg = qgroup_if_io_tqg; + tqg = qgroup_softirq; fn = _task_fn_rx; break; case IFLIB_INTR_ADMIN: @@ -4441,7 +4439,7 @@ iflib_legacy_setup(if_ctx_t ctx, driver_filter_t filter, void *filter_arg, int * q = >ifc_rxqs[0]; info = [0].ifr_filter_info; gtask = [0].ifr_task; - tqg = qgroup_if_io_tqg; + tqg = qgroup_softirq; tqrid = irq->ii_rid = *rid; fn = _task_fn_rx; @@ -4457,7 +4455,7 @@ iflib_legacy_setup(if_ctx_t ctx, driver_filter_t filter, void *filter_arg, int * taskqgroup_attach(tqg, gtask, q, tqrid, name); GROUPTASK_INIT(>ift_task, 0, _task_fn_tx, txq); - taskqgroup_attach(qgroup_if_io_tqg, >ift_task, txq, tqrid, "tx"); + taskqgroup_attach(qgroup_softirq, >ift_task, txq, tqrid, "tx"); GROUPTASK_INIT(>ifc_admin_task, 0, _task_fn_admin, ctx); taskqgroup_attach(qgroup_if_config_tqg, >ifc_admin_task, ctx, -1, "admin/link"); @@ -4504,7 +4502,7 @@ void iflib_io_tqg_attach(struct grouptask *gt, void *uniq, int cpu, char *name) { - taskqgroup_attach_cpu(qgroup_if_io_tqg, gt, uniq, cpu, -1, name); + taskqgroup_attach_cpu(qgroup_softirq, gt, uniq, cpu, -1, name); } void diff --git a/sys/sys/gtaskqueue.h b/sys/sys/gtaskqueue.h index 88d4b54..cd0f774 100644 --- a/sys/sys/gtaskqueue.h +++ b/sys/sys/gtaskqueue.h @@ -121,5 +121,6 @@ SYSINIT(taskqgroup_adj_##name, SI_SUB_SMP, SI_ORDER_ANY, \ struct __hack #endif TASKQGROUP_DECLARE(net); +TASKQGROUP_DECLARE(softirq); #endif /* !_SYS_GTASKQUEUE_H_ */ ___ svn-src-all@freebsd.org mailing list
svn commit: r314094 - head/sys/dev/xen/timer
Author: royger Date: Wed Feb 22 09:22:17 2017 New Revision: 314094 URL: https://svnweb.freebsd.org/changeset/base/314094 Log: xen/timer: mark the Xen PV timer as not safe for suspension Note that the timer itself fully supports suspension, but due to the lack of ordering during the resume process FreeBSD cannot guarantee that the timer is resumed before any device attempts to use it. Submitted by: LiuyingdongReviewed by: royger Differential Revision:https://reviews.freebsd.org/D9639 Modified: head/sys/dev/xen/timer/timer.c Modified: head/sys/dev/xen/timer/timer.c == --- head/sys/dev/xen/timer/timer.c Wed Feb 22 08:49:52 2017 (r314093) +++ head/sys/dev/xen/timer/timer.c Wed Feb 22 09:22:17 2017 (r314094) @@ -417,8 +417,20 @@ xentimer_attach(device_t dev) /* Register the timecounter. */ sc->tc.tc_name = "XENTIMER"; sc->tc.tc_quality = XENTIMER_QUALITY; - sc->tc.tc_flags = TC_FLAGS_SUSPEND_SAFE; /* +* FIXME: due to the lack of ordering during resume, FreeBSD cannot +* guarantee that the Xen PV timer is resumed before any other device +* attempts to make use of it, so mark it as not safe for suspension +* (ie: remove the TC_FLAGS_SUSPEND_SAFE flag). +* +* NB: This was not a problem in previous FreeBSD versions because the +* timer was directly attached to the nexus, but it is an issue now +* that the timer is attached to the xenpv bus, and thus resumed +* later. +* +* sc->tc.tc_flags = TC_FLAGS_SUSPEND_SAFE; +*/ + /* * The underlying resolution is in nanoseconds, since the timer info * scales TSC frequencies using a fraction that represents time in * terms of nanoseconds. ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts
On Wed, Feb 22, 2017 at 8:32 AM, Alexey Dokuchaevwrote: > On Wed, Feb 22, 2017 at 07:56:52AM +, Bart??omiej Rutkowski wrote: > > These options have been around forever, used by a lot of users (once they > > got to know those even exist) and seem to cause no issues. However, > despite > > that, and numerous discussions and mail threads over the years, we've > > struggled to enable them > > I presume they were not enabled by default for some reasons? A quick > summary of those reasons would be helpful. :-) > The main reason was lack of consensus, and the reasons for the lack of is were usually along the lines of 'we dont know if it is safe', 'we dont know if it is fast', 'we dont know if it works', 'it breaks my ps -ax when I dont see all the processes', 'it breaks POLA when users suddenly see random PIDs', so on and so forth. And years have been passing with world moving on with improvements and us stalling behind. > > > and, as you can se, we even struggle to present and make them available > > via installer. > > The question was not about whether to make them available, it was about > turning them all on by default. > It is only 'turning them all on by default' if you are using bsdinstall and you don't disable them, if you don't want them. They are not ON in any other scenario. Yet, but we will get there :) Kind regards, Bartek Rutkowski ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314093 - stable/11/sys/dev/bxe
Author: royger Date: Wed Feb 22 08:49:52 2017 New Revision: 314093 URL: https://svnweb.freebsd.org/changeset/base/314093 Log: MFC r313771 bxe: enable usage with NetXtreme II BCM57840 2x20GbE chip Sponsored by: Citrix Systems R Modified: stable/11/sys/dev/bxe/bxe.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/dev/bxe/bxe.c == --- stable/11/sys/dev/bxe/bxe.c Wed Feb 22 08:37:51 2017(r314092) +++ stable/11/sys/dev/bxe/bxe.c Wed Feb 22 08:49:52 2017(r314093) @@ -168,6 +168,12 @@ static struct bxe_device_type bxe_devs[] }, { BRCM_VENDORID, +CHIP_NUM_57840_2_20, +PCI_ANY_ID, PCI_ANY_ID, +"QLogic NetXtreme II BCM57840 2x20GbE" +}, +{ +BRCM_VENDORID, CHIP_NUM_57840_MF, PCI_ANY_ID, PCI_ANY_ID, "QLogic NetXtreme II BCM57840 MF 10GbE" ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314092 - stable/11/sys/dev/hyperv/netvsc
Author: dexuan Date: Wed Feb 22 08:37:51 2017 New Revision: 314092 URL: https://svnweb.freebsd.org/changeset/base/314092 Log: MFC 312689, 312690 Approved by: sephe (mentor) r312689 hyperv/hn: add a sysctl name for the VF interface This makes it easier for the userland script to find the releated VF interface. Reviewed by: sephe Approved by: sephe (mentor) Sponsored by: Microsoft Differential Revision:https://reviews.freebsd.org/D9101 r312690 hyperv/hn: add devctl_notify for VF_UP/DOWN events Reviewed by: sephe Approved by: sephe (mentor) Sponsored by: Microsoft Differential Revision:https://reviews.freebsd.org/D9102 Modified: stable/11/sys/dev/hyperv/netvsc/if_hn.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/dev/hyperv/netvsc/if_hn.c == --- stable/11/sys/dev/hyperv/netvsc/if_hn.c Wed Feb 22 08:26:51 2017 (r314091) +++ stable/11/sys/dev/hyperv/netvsc/if_hn.c Wed Feb 22 08:37:51 2017 (r314092) @@ -301,6 +301,7 @@ static int hn_txagg_pkts_sysctl(SYSCTL static int hn_txagg_pktmax_sysctl(SYSCTL_HANDLER_ARGS); static int hn_txagg_align_sysctl(SYSCTL_HANDLER_ARGS); static int hn_polling_sysctl(SYSCTL_HANDLER_ARGS); +static int hn_vf_sysctl(SYSCTL_HANDLER_ARGS); static voidhn_stop(struct hn_softc *, bool); static voidhn_init_locked(struct hn_softc *); @@ -995,6 +996,9 @@ hn_set_vf(struct hn_softc *sc, struct if hn_resume_mgmt(sc); } + devctl_notify("HYPERV_NIC_VF", if_name(hn_ifp), + vf ? "VF_UP" : "VF_DOWN", NULL); + if (bootverbose) if_printf(hn_ifp, "Data path is switched %s %s\n", vf ? "to" : "from", if_name(ifp)); @@ -1254,6 +1258,9 @@ hn_attach(device_t dev) CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_MPSAFE, sc, 0, hn_polling_sysctl, "I", "Polling frequency: [100,100], 0 disable polling"); + SYSCTL_ADD_PROC(ctx, child, OID_AUTO, "vf", + CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, sc, 0, + hn_vf_sysctl, "A", "Virtual Function's name"); /* * Setup the ifmedia, which has been initialized earlier. @@ -3222,6 +3229,22 @@ hn_rss_hash_sysctl(SYSCTL_HANDLER_ARGS) } static int +hn_vf_sysctl(SYSCTL_HANDLER_ARGS) +{ + struct hn_softc *sc = arg1; + char vf_name[128]; + struct ifnet *vf; + + HN_LOCK(sc); + vf_name[0] = '\0'; + vf = sc->hn_rx_ring[0].hn_vf; + if (vf != NULL) + snprintf(vf_name, sizeof(vf_name), "%s", if_name(vf)); + HN_UNLOCK(sc); + return sysctl_handle_string(oidp, vf_name, sizeof(vf_name), req); +} + +static int hn_check_iplen(const struct mbuf *m, int hoff) { const struct ip *ip; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts
On Wed, Feb 22, 2017 at 07:56:52AM +, Bart??omiej Rutkowski wrote: > These options have been around forever, used by a lot of users (once they > got to know those even exist) and seem to cause no issues. However, despite > that, and numerous discussions and mail threads over the years, we've > struggled to enable them I presume they were not enabled by default for some reasons? A quick summary of those reasons would be helpful. :-) > and, as you can se, we even struggle to present and make them available > via installer. The question was not about whether to make them available, it was about turning them all on by default. ./danfe ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r314091 - stable/11/sys/dev/hyperv/netvsc
Author: dexuan Date: Wed Feb 22 08:26:51 2017 New Revision: 314091 URL: https://svnweb.freebsd.org/changeset/base/314091 Log: MFC 312688 Approved by: sephe (mentor) r312688 hyperv/hn: add the support for VF drivers (SR-IOV) Hyper-V's NIC SR-IOV implementation needs a Hyper-V synthetic NIC and a VF NIC to work together (both NICs have the same MAC address), mainly to support seamless live migration. When the VF device becomes UP (or DOWN), the synthetic NIC driver needs to switch the data path from the synthetic NIC to the VF (or the opposite). Note: multicast/broadcast packets are still received through the synthetic NIC and we need to inject the packets through the VF interface (if the VF is UP), even if the synthetic NIC is DOWN (so we need to force the rxfilter to be NDIS_PACKET_TYPE_PROMISCUOUS, when the VF is UP). Reviewed by: sephe Approved by: sephe (mentor) Sponsored by: Microsoft Differential Revision:https://reviews.freebsd.org/D8964 Modified: stable/11/sys/dev/hyperv/netvsc/hn_nvs.c stable/11/sys/dev/hyperv/netvsc/hn_nvs.h stable/11/sys/dev/hyperv/netvsc/if_hn.c stable/11/sys/dev/hyperv/netvsc/if_hnreg.h stable/11/sys/dev/hyperv/netvsc/if_hnvar.h Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/dev/hyperv/netvsc/hn_nvs.c == --- stable/11/sys/dev/hyperv/netvsc/hn_nvs.cWed Feb 22 08:02:24 2017 (r314090) +++ stable/11/sys/dev/hyperv/netvsc/hn_nvs.cWed Feb 22 08:26:51 2017 (r314091) @@ -500,6 +500,8 @@ hn_nvs_conf_ndis(struct hn_softc *sc, in conf.nvs_type = HN_NVS_TYPE_NDIS_CONF; conf.nvs_mtu = mtu; conf.nvs_caps = HN_NVS_NDIS_CONF_VLAN; + if (sc->hn_nvs_ver >= HN_NVS_VERSION_5) + conf.nvs_caps |= HN_NVS_NDIS_CONF_SRIOV; /* NOTE: No response. */ error = hn_nvs_req_send(sc, , sizeof(conf)); @@ -719,3 +721,15 @@ hn_nvs_send_rndis_ctrl(struct vmbus_chan return hn_nvs_send_rndis_sglist(chan, HN_NVS_RNDIS_MTYPE_CTRL, sndc, gpa, gpa_cnt); } + +void +hn_nvs_set_datapath(struct hn_softc *sc, uint32_t path) +{ + struct hn_nvs_datapath dp; + + memset(, 0, sizeof(dp)); + dp.nvs_type = HN_NVS_TYPE_SET_DATAPATH; + dp.nvs_active_path = path; + + hn_nvs_req_send(sc, , sizeof(dp)); +} Modified: stable/11/sys/dev/hyperv/netvsc/hn_nvs.h == --- stable/11/sys/dev/hyperv/netvsc/hn_nvs.hWed Feb 22 08:02:24 2017 (r314090) +++ stable/11/sys/dev/hyperv/netvsc/hn_nvs.hWed Feb 22 08:26:51 2017 (r314091) @@ -100,6 +100,7 @@ voidhn_nvs_sent_xact(struct hn_nvs_sen inthn_nvs_send_rndis_ctrl(struct vmbus_channel *chan, struct hn_nvs_sendctx *sndc, struct vmbus_gpa *gpa, int gpa_cnt); +void hn_nvs_set_datapath(struct hn_softc *sc, uint32_t path); extern struct hn_nvs_sendctx hn_nvs_sendctx_none; Modified: stable/11/sys/dev/hyperv/netvsc/if_hn.c == --- stable/11/sys/dev/hyperv/netvsc/if_hn.c Wed Feb 22 08:02:24 2017 (r314090) +++ stable/11/sys/dev/hyperv/netvsc/if_hn.c Wed Feb 22 08:26:51 2017 (r314091) @@ -77,6 +77,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include @@ -84,6 +85,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include #include @@ -216,6 +218,11 @@ struct hn_rxinfo { uint32_thash_value; }; +struct hn_update_vf { + struct hn_rx_ring *rxr; + struct ifnet*vf; +}; + #define HN_RXINFO_VLAN 0x0001 #define HN_RXINFO_CSUM 0x0002 #define HN_RXINFO_HASHINF 0x0004 @@ -295,7 +302,7 @@ static int hn_txagg_pktmax_sysctl(SYSC static int hn_txagg_align_sysctl(SYSCTL_HANDLER_ARGS); static int hn_polling_sysctl(SYSCTL_HANDLER_ARGS); -static voidhn_stop(struct hn_softc *); +static voidhn_stop(struct hn_softc *, bool); static voidhn_init_locked(struct hn_softc *); static int hn_chan_attach(struct hn_softc *, struct vmbus_channel *); @@ -707,7 +714,8 @@ hn_rxfilter_config(struct hn_softc *sc) HN_LOCK_ASSERT(sc); - if (ifp->if_flags & IFF_PROMISC) { + if ((ifp->if_flags & IFF_PROMISC) || + (sc->hn_flags & HN_FLAG_VF)) { filter = NDIS_PACKET_TYPE_PROMISCUOUS; } else { filter = NDIS_PACKET_TYPE_DIRECTED; @@ -896,6 +904,119 @@
svn commit: r314090 - stable/11/sys/net
Author: dexuan Date: Wed Feb 22 08:02:24 2017 New Revision: 314090 URL: https://svnweb.freebsd.org/changeset/base/314090 Log: MFC: 312687, 312916 Approved by:sephe (mentor) r312687 ifnet: introduce event handlers for ifup/ifdown events Hyper-V's NIC SR-IOV implementation needs a Hyper-V synthetic NIC and a VF NIC to work together, mainly to support seamless live migration. When the VF device becomes UP (or DOWN), the synthetic NIC driver needs to switch the data path from the synthetic NIC to the VF (or the opposite). So the synthetic NIC driver needs to know when a VF device is becoming UP or DOWN and hence the patch is made. Reviewed by: sephe Approved by: sephe (mentor) Sponsored by: Microsoft Differential Revision:https://reviews.freebsd.org/D8963 r312916 ifnet: move the new ifnet_event EVENTHANDLER_DECLARE to net/if_var.h Thank glebius for pointing this out: "The network stuff shall not be added to sys/eventhandler.h" Reviewed by: David_A_Bright_DELL.com, sephe, glebius Approved by: sephe (mentor) Sponsored by: Microsoft Differential Revision:https://reviews.freebsd.org/D9345 Modified: stable/11/sys/net/if.c stable/11/sys/net/if_var.h Modified: stable/11/sys/net/if.c == --- stable/11/sys/net/if.c Wed Feb 22 07:42:28 2017(r314089) +++ stable/11/sys/net/if.c Wed Feb 22 08:02:24 2017(r314090) @@ -2218,6 +2218,7 @@ void if_down(struct ifnet *ifp) { + EVENTHANDLER_INVOKE(ifnet_event, ifp, IFNET_EVENT_DOWN); if_unroute(ifp, IFF_UP, AF_UNSPEC); } @@ -2230,6 +2231,7 @@ if_up(struct ifnet *ifp) { if_route(ifp, IFF_UP, AF_UNSPEC); + EVENTHANDLER_INVOKE(ifnet_event, ifp, IFNET_EVENT_UP); } /* Modified: stable/11/sys/net/if_var.h == --- stable/11/sys/net/if_var.h Wed Feb 22 07:42:28 2017(r314089) +++ stable/11/sys/net/if_var.h Wed Feb 22 08:02:24 2017(r314090) @@ -359,6 +359,11 @@ EVENTHANDLER_DECLARE(ifnet_departure_eve /* Interface link state change event */ typedef void (*ifnet_link_event_handler_t)(void *, struct ifnet *, int); EVENTHANDLER_DECLARE(ifnet_link_event, ifnet_link_event_handler_t); +/* Interface up/down event */ +#define IFNET_EVENT_UP 0 +#define IFNET_EVENT_DOWN 1 +typedef void (*ifnet_event_fn)(void *, struct ifnet *ifp, int event); +EVENTHANDLER_DECLARE(ifnet_event, ifnet_event_fn); #endif /* _SYS_EVENTHANDLER_H_ */ /* ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"