svn commit: r314131 - head/sys/ofed/drivers/infiniband/core

[Navdeep Parhar]

Author: np
Date: Thu Feb 23 07:48:58 2017
New Revision: 314131
URL: https://svnweb.freebsd.org/changeset/base/314131

Log:
  Avoid NULL dereference in a couple of sysctl handlers in ibcore.
  iw_cxgbe sets ib_device->dma_device to NULL (since r311880).
  
  Reviewed by:  hselasky@
  Sponsored by: Chelsio Communications

Modified:
  head/sys/ofed/drivers/infiniband/core/uverbs_main.c

Modified: head/sys/ofed/drivers/infiniband/core/uverbs_main.c
==
--- head/sys/ofed/drivers/infiniband/core/uverbs_main.c Thu Feb 23 07:45:58 
2017(r314130)
+++ head/sys/ofed/drivers/infiniband/core/uverbs_main.c Thu Feb 23 07:48:58 
2017(r314131)
@@ -1225,7 +1225,7 @@ show_dev_device(struct device *device, s
 {
struct ib_uverbs_device *dev = dev_get_drvdata(device);
 
-   if (!dev)
+   if (!dev || !dev->ib_dev->dma_device)
return -ENODEV;
 
return sprintf(buf, "0x%04x\n",
@@ -1238,7 +1238,7 @@ show_dev_vendor(struct device *device, s
 {
struct ib_uverbs_device *dev = dev_get_drvdata(device);
 
-   if (!dev)
+   if (!dev || !dev->ib_dev->dma_device)
return -ENODEV;
 
return sprintf(buf, "0x%04x\n",
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314129 - stable/11/bin/ls

[Konstantin Belousov]

Author: kib
Date: Thu Feb 23 07:42:49 2017
New Revision: 314129
URL: https://svnweb.freebsd.org/changeset/base/314129

Log:
  MFC r313798:
  Use uintmax_t to print st_nlink.

Modified:
  stable/11/bin/ls/print.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/bin/ls/print.c
==
--- stable/11/bin/ls/print.cThu Feb 23 07:39:01 2017(r314128)
+++ stable/11/bin/ls/print.cThu Feb 23 07:42:49 2017(r314129)
@@ -259,12 +259,12 @@ printlong(const DISPLAY *dp)
np = p->fts_pointer;
xo_attr("value", "%03o", (int) sp->st_mode & ALLPERMS);
if (f_numericonly) {
-   xo_emit("{t:mode/%s}{e:mode_octal/%03o} {t:links/%*u} 
{td:user/%-*s}{e:user/%ju}  {td:group/%-*s}{e:group/%ju}  ",
-   buf, (int) sp->st_mode & ALLPERMS, dp->s_nlink, 
sp->st_nlink,
+   xo_emit("{t:mode/%s}{e:mode_octal/%03o} {t:links/%*ju} 
{td:user/%-*s}{e:user/%ju}  {td:group/%-*s}{e:group/%ju}  ",
+   buf, (int) sp->st_mode & ALLPERMS, dp->s_nlink, 
(uintmax_t)sp->st_nlink,
dp->s_user, np->user, (uintmax_t)sp->st_uid, 
dp->s_group, np->group, (uintmax_t)sp->st_gid);
} else {
-   xo_emit("{t:mode/%s}{e:mode_octal/%03o} {t:links/%*u} 
{t:user/%-*s}  {t:group/%-*s}  ",
-   buf, (int) sp->st_mode & ALLPERMS, dp->s_nlink, 
sp->st_nlink,
+   xo_emit("{t:mode/%s}{e:mode_octal/%03o} {t:links/%*ju} 
{t:user/%-*s}  {t:group/%-*s}  ",
+   buf, (int) sp->st_mode & ALLPERMS, dp->s_nlink, 
(uintmax_t)sp->st_nlink,
dp->s_user, np->user, dp->s_group, np->group);
}
if (S_ISBLK(sp->st_mode))
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314128 - stable/11/libexec/rtld-elf

[Konstantin Belousov]

Author: kib
Date: Thu Feb 23 07:39:01 2017
New Revision: 314128
URL: https://svnweb.freebsd.org/changeset/base/314128

Log:
  MFC r313494:
  Handle protected symbols in rtld.

Modified:
  stable/11/libexec/rtld-elf/rtld.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/libexec/rtld-elf/rtld.c
==
--- stable/11/libexec/rtld-elf/rtld.c   Thu Feb 23 07:28:29 2017
(r314127)
+++ stable/11/libexec/rtld-elf/rtld.c   Thu Feb 23 07:39:01 2017
(r314128)
@@ -3952,15 +3952,19 @@ symlook_default(SymLook *req, const Obj_
 donelist_init();
 symlook_init_from_req(, req);
 
-/* Look first in the referencing object if linked symbolically. */
-if (refobj->symbolic && !donelist_check(, refobj)) {
-   res = symlook_obj(, refobj);
-   if (res == 0) {
-   req->sym_out = req1.sym_out;
-   req->defobj_out = req1.defobj_out;
-   assert(req->defobj_out != NULL);
-   }
+/*
+ * Look first in the referencing object if linked symbolically,
+ * and similarly handle protected symbols.
+ */
+res = symlook_obj(, refobj);
+if (res == 0 && (refobj->symbolic ||
+  ELF_ST_VISIBILITY(req1.sym_out->st_other) == STV_PROTECTED)) {
+   req->sym_out = req1.sym_out;
+   req->defobj_out = req1.defobj_out;
+   assert(req->defobj_out != NULL);
 }
+if (refobj->symbolic || req->defobj_out != NULL)
+   donelist_check(, refobj);
 
 symlook_global(req, );
 
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314127 - stable/11/sys/sys

[Konstantin Belousov]

Author: kib
Date: Thu Feb 23 07:28:29 2017
New Revision: 314127
URL: https://svnweb.freebsd.org/changeset/base/314127

Log:
  MFC r313493:
  Define ELF_ST_VISIBILITY().

Modified:
  stable/11/sys/sys/elf_generic.h
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/sys/elf_generic.h
==
--- stable/11/sys/sys/elf_generic.h Thu Feb 23 07:12:18 2017
(r314126)
+++ stable/11/sys/sys/elf_generic.h Thu Feb 23 07:28:29 2017
(r314127)
@@ -84,5 +84,6 @@ __ElfType(Ssize);
 #defineELF_ST_BIND __ELFN(ST_BIND)
 #defineELF_ST_TYPE __ELFN(ST_TYPE)
 #defineELF_ST_INFO __ELFN(ST_INFO)
+#defineELF_ST_VISIBILITY   __ELFN(ST_VISIBILITY)
 
 #endif /* !_SYS_ELF_GENERIC_H_ */
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314126 - in releng/10.3: . crypto/openssl/crypto/evp sys/conf

[Xin LI]

Author: delphij
Date: Thu Feb 23 07:12:18 2017
New Revision: 314126
URL: https://svnweb.freebsd.org/changeset/base/314126

Log:
  Fix OpenSSL RC4_MD5 cipher vulnerability.
  
  Approved by:  so

Modified:
  releng/10.3/UPDATING
  releng/10.3/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c
  releng/10.3/sys/conf/newvers.sh

Modified: releng/10.3/UPDATING
==
--- releng/10.3/UPDATINGThu Feb 23 07:11:48 2017(r314125)
+++ releng/10.3/UPDATINGThu Feb 23 07:12:18 2017(r314126)
@@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITH
 stable/10, and then rebuild without this option. The bootstrap process from
 older version of current is a bit fragile.
 
+20170223   p17 FreeBSD-SA-17:02.openssl
+
+   Fix OpenSSL RC4_MD5 cipher vulnerability.
+
 20170111   p16 FreeBSD-SA-17:01.openssh
 
Fix multiple vulnerabilities of OpenSSH.

Modified: releng/10.3/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c
==
--- releng/10.3/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c  Thu Feb 23 
07:11:48 2017(r314125)
+++ releng/10.3/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c  Thu Feb 23 
07:12:18 2017(r314126)
@@ -267,6 +267,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_
 len = p[arg - 2] << 8 | p[arg - 1];
 
 if (!ctx->encrypt) {
+if (len < MD5_DIGEST_LENGTH)
+return -1;
 len -= MD5_DIGEST_LENGTH;
 p[arg - 2] = len >> 8;
 p[arg - 1] = len;

Modified: releng/10.3/sys/conf/newvers.sh
==
--- releng/10.3/sys/conf/newvers.sh Thu Feb 23 07:11:48 2017
(r314125)
+++ releng/10.3/sys/conf/newvers.sh Thu Feb 23 07:12:18 2017
(r314126)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="10.3"
-BRANCH="RELEASE-p16"
+BRANCH="RELEASE-p17"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
 fi
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314125 - in releng/11.0: . contrib/mdocml crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes/asm crypto/openssl/crypto/asn1 crypto/openssl/crypto/bn cry...

[Xin LI]

Author: delphij
Date: Thu Feb 23 07:11:48 2017
New Revision: 314125
URL: https://svnweb.freebsd.org/changeset/base/314125

Log:
  Fix multiple vulnerabilities of OpenSSL. [SA-17:02]
  
  Fix system hang when booting when PCI-express HotPlug is enabled.
  [EN-17:01]
  
  Fix NIS master updates are not pushed to NIS slave. [EN-17:02]
  
  Fix compatibility with Hyper-V/storage after KB3172614 or
  KB3179574. [EN-17:03]
  
  Make makewhatis output reproducible. [EN-17:04]
  
  Approved by:  so

Modified:
  releng/11.0/UPDATING
  releng/11.0/contrib/mdocml/mandocdb.c
  releng/11.0/crypto/openssl/CHANGES
  releng/11.0/crypto/openssl/CONTRIBUTING
  releng/11.0/crypto/openssl/Configure
  releng/11.0/crypto/openssl/INSTALL
  releng/11.0/crypto/openssl/Makefile
  releng/11.0/crypto/openssl/Makefile.org
  releng/11.0/crypto/openssl/NEWS
  releng/11.0/crypto/openssl/README
  releng/11.0/crypto/openssl/apps/apps.c
  releng/11.0/crypto/openssl/apps/apps.h
  releng/11.0/crypto/openssl/apps/ca.c
  releng/11.0/crypto/openssl/apps/cms.c
  releng/11.0/crypto/openssl/apps/dgst.c
  releng/11.0/crypto/openssl/apps/dh.c
  releng/11.0/crypto/openssl/apps/dhparam.c
  releng/11.0/crypto/openssl/apps/dsa.c
  releng/11.0/crypto/openssl/apps/dsaparam.c
  releng/11.0/crypto/openssl/apps/ec.c
  releng/11.0/crypto/openssl/apps/ecparam.c
  releng/11.0/crypto/openssl/apps/enc.c
  releng/11.0/crypto/openssl/apps/gendh.c
  releng/11.0/crypto/openssl/apps/gendsa.c
  releng/11.0/crypto/openssl/apps/genpkey.c
  releng/11.0/crypto/openssl/apps/genrsa.c
  releng/11.0/crypto/openssl/apps/pkcs12.c
  releng/11.0/crypto/openssl/apps/pkcs7.c
  releng/11.0/crypto/openssl/apps/pkcs8.c
  releng/11.0/crypto/openssl/apps/pkey.c
  releng/11.0/crypto/openssl/apps/pkeyparam.c
  releng/11.0/crypto/openssl/apps/pkeyutl.c
  releng/11.0/crypto/openssl/apps/prime.c
  releng/11.0/crypto/openssl/apps/rand.c
  releng/11.0/crypto/openssl/apps/req.c
  releng/11.0/crypto/openssl/apps/rsa.c
  releng/11.0/crypto/openssl/apps/rsautl.c
  releng/11.0/crypto/openssl/apps/s_cb.c
  releng/11.0/crypto/openssl/apps/s_client.c
  releng/11.0/crypto/openssl/apps/s_server.c
  releng/11.0/crypto/openssl/apps/smime.c
  releng/11.0/crypto/openssl/apps/speed.c
  releng/11.0/crypto/openssl/apps/spkac.c
  releng/11.0/crypto/openssl/apps/srp.c
  releng/11.0/crypto/openssl/apps/verify.c
  releng/11.0/crypto/openssl/apps/x509.c
  releng/11.0/crypto/openssl/crypto/aes/asm/aes-s390x.pl
  releng/11.0/crypto/openssl/crypto/asn1/p5_pbev2.c
  releng/11.0/crypto/openssl/crypto/asn1/x_crl.c
  releng/11.0/crypto/openssl/crypto/bn/asm/x86_64-mont.pl
  releng/11.0/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl
  releng/11.0/crypto/openssl/crypto/bn/bn_exp.c
  releng/11.0/crypto/openssl/crypto/bn/bn_mul.c
  releng/11.0/crypto/openssl/crypto/bn/bn_prime.c
  releng/11.0/crypto/openssl/crypto/bn/bn_sqr.c
  releng/11.0/crypto/openssl/crypto/cms/cms_kari.c
  releng/11.0/crypto/openssl/crypto/dh/dh_key.c
  releng/11.0/crypto/openssl/crypto/dsa/dsa_pmeth.c
  releng/11.0/crypto/openssl/crypto/ec/ec2_mult.c
  releng/11.0/crypto/openssl/crypto/ecdh/ech_ossl.c
  releng/11.0/crypto/openssl/crypto/err/err.c
  releng/11.0/crypto/openssl/crypto/evp/e_aes.c
  releng/11.0/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c
  releng/11.0/crypto/openssl/crypto/evp/evp.h
  releng/11.0/crypto/openssl/crypto/evp/evp_err.c
  releng/11.0/crypto/openssl/crypto/evp/pmeth_fn.c
  releng/11.0/crypto/openssl/crypto/evp/pmeth_lib.c
  releng/11.0/crypto/openssl/crypto/modes/ctr128.c
  releng/11.0/crypto/openssl/crypto/opensslv.h
  releng/11.0/crypto/openssl/crypto/perlasm/x86_64-xlate.pl
  releng/11.0/crypto/openssl/crypto/rsa/rsa_gen.c
  releng/11.0/crypto/openssl/crypto/rsa/rsa_oaep.c
  releng/11.0/crypto/openssl/crypto/rsa/rsa_pmeth.c
  releng/11.0/crypto/openssl/crypto/s390xcap.c
  releng/11.0/crypto/openssl/crypto/ui/ui_lib.c
  releng/11.0/crypto/openssl/crypto/ui/ui_openssl.c
  releng/11.0/crypto/openssl/doc/apps/ocsp.pod
  releng/11.0/crypto/openssl/doc/crypto/EVP_DigestSignInit.pod
  releng/11.0/crypto/openssl/doc/crypto/EVP_DigestVerifyInit.pod
  releng/11.0/crypto/openssl/doc/crypto/RSA_generate_key.pod
  releng/11.0/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod
  releng/11.0/crypto/openssl/doc/crypto/X509_NAME_print_ex.pod
  releng/11.0/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod
  releng/11.0/crypto/openssl/doc/ssl/SSL_get_error.pod
  releng/11.0/crypto/openssl/doc/ssl/SSL_read.pod
  releng/11.0/crypto/openssl/doc/ssl/SSL_write.pod
  releng/11.0/crypto/openssl/engines/ccgost/Makefile
  releng/11.0/crypto/openssl/ssl/bad_dtls_test.c
  releng/11.0/crypto/openssl/ssl/s23_pkt.c
  releng/11.0/crypto/openssl/ssl/s2_lib.c
  releng/11.0/crypto/openssl/ssl/s2_pkt.c
  releng/11.0/crypto/openssl/ssl/s3_clnt.c
  releng/11.0/crypto/openssl/ssl/s3_pkt.c
  releng/11.0/crypto/openssl/ssl/s3_srvr.c
  releng/11.0/crypto/openssl/ssl/ssl_cert.c
  releng/11.0/crypto/openssl/ssl/ssl_err.c
  

svn commit: r314124 - stable/10/sys/dev/hyperv/netvsc

[Dexuan Cui]

Author: dexuan
Date: Thu Feb 23 07:07:21 2017
New Revision: 314124
URL: https://svnweb.freebsd.org/changeset/base/314124

Log:
  MFC r312689, r312690
  
  Approved by:  sephe (mentor)
  
  r312689
  hyperv/hn: add a sysctl name for the VF interface
  
  This makes it easier for the userland script to find the releated
  VF interface.
  
  Reviewed by:  sephe
  Approved by:  sephe (mentor)
  Sponsored by: Microsoft
  Differential Revision:https://reviews.freebsd.org/D9101
  
  r312690
  hyperv/hn: add devctl_notify for VF_UP/DOWN events
  
  Reviewed by:  sephe
  Approved by:  sephe (mentor)
  Sponsored by: Microsoft
  Differential Revision:https://reviews.freebsd.org/D9102

Modified:
  stable/10/sys/dev/hyperv/netvsc/if_hn.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/sys/dev/hyperv/netvsc/if_hn.c
==
--- stable/10/sys/dev/hyperv/netvsc/if_hn.c Thu Feb 23 07:04:17 2017
(r314123)
+++ stable/10/sys/dev/hyperv/netvsc/if_hn.c Thu Feb 23 07:07:21 2017
(r314124)
@@ -294,6 +294,7 @@ static int  hn_txagg_pkts_sysctl(SYSCTL
 static int hn_txagg_pktmax_sysctl(SYSCTL_HANDLER_ARGS);
 static int hn_txagg_align_sysctl(SYSCTL_HANDLER_ARGS);
 static int hn_polling_sysctl(SYSCTL_HANDLER_ARGS);
+static int hn_vf_sysctl(SYSCTL_HANDLER_ARGS);
 
 static voidhn_stop(struct hn_softc *, bool);
 static voidhn_init_locked(struct hn_softc *);
@@ -982,6 +983,9 @@ hn_set_vf(struct hn_softc *sc, struct if
hn_resume_mgmt(sc);
}
 
+   devctl_notify("HYPERV_NIC_VF", if_name(hn_ifp),
+   vf ? "VF_UP" : "VF_DOWN", NULL);
+
if (bootverbose)
if_printf(hn_ifp, "Data path is switched %s %s\n",
vf ? "to" : "from", if_name(ifp));
@@ -1232,6 +1236,9 @@ hn_attach(device_t dev)
CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_MPSAFE, sc, 0,
hn_polling_sysctl, "I",
"Polling frequency: [100,100], 0 disable polling");
+   SYSCTL_ADD_PROC(ctx, child, OID_AUTO, "vf",
+   CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, sc, 0,
+   hn_vf_sysctl, "A", "Virtual Function's name");
 
/*
 * Setup the ifmedia, which has been initialized earlier.
@@ -3205,6 +3212,22 @@ hn_rss_hash_sysctl(SYSCTL_HANDLER_ARGS)
 }
 
 static int
+hn_vf_sysctl(SYSCTL_HANDLER_ARGS)
+{
+   struct hn_softc *sc = arg1;
+   char vf_name[128];
+   struct ifnet *vf;
+
+   HN_LOCK(sc);
+   vf_name[0] = '\0';
+   vf = sc->hn_rx_ring[0].hn_vf;
+   if (vf != NULL)
+   snprintf(vf_name, sizeof(vf_name), "%s", if_name(vf));
+   HN_UNLOCK(sc);
+   return sysctl_handle_string(oidp, vf_name, sizeof(vf_name), req);
+}
+
+static int
 hn_check_iplen(const struct mbuf *m, int hoff)
 {
const struct ip *ip;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314123 - stable/10/sys/dev/hyperv/netvsc

[Dexuan Cui]

Author: dexuan
Date: Thu Feb 23 07:04:17 2017
New Revision: 314123
URL: https://svnweb.freebsd.org/changeset/base/314123

Log:
  MFC: r312688
  
  Approved by:  sephe (mentor)
  
  r312688
  hyperv/hn: add the support for VF drivers (SR-IOV)
  
  Hyper-V's NIC SR-IOV implementation needs a Hyper-V synthetic NIC and
  a VF NIC to work together (both NICs have the same MAC address), mainly to
  support seamless live migration.
  
  When the VF device becomes UP (or DOWN), the synthetic NIC driver needs
  to switch the data path from the synthetic NIC to the VF (or the 
opposite).
  
  Note: multicast/broadcast packets are still received through the synthetic
  NIC and we need to inject the packets through the VF interface (if the VF 
is
  UP), even if the synthetic NIC is DOWN (so we need to force the rxfilter
  to be NDIS_PACKET_TYPE_PROMISCUOUS, when the VF is UP).
  
  Reviewed by:  sephe
  Approved by:  sephe (mentor)
  Sponsored by: Microsoft
  Differential Revision:https://reviews.freebsd.org/D8964

Modified:
  stable/10/sys/dev/hyperv/netvsc/hn_nvs.c
  stable/10/sys/dev/hyperv/netvsc/hn_nvs.h
  stable/10/sys/dev/hyperv/netvsc/if_hn.c
  stable/10/sys/dev/hyperv/netvsc/if_hnreg.h
  stable/10/sys/dev/hyperv/netvsc/if_hnvar.h
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/sys/dev/hyperv/netvsc/hn_nvs.c
==
--- stable/10/sys/dev/hyperv/netvsc/hn_nvs.cThu Feb 23 06:57:18 2017
(r314122)
+++ stable/10/sys/dev/hyperv/netvsc/hn_nvs.cThu Feb 23 07:04:17 2017
(r314123)
@@ -500,6 +500,8 @@ hn_nvs_conf_ndis(struct hn_softc *sc, in
conf.nvs_type = HN_NVS_TYPE_NDIS_CONF;
conf.nvs_mtu = mtu;
conf.nvs_caps = HN_NVS_NDIS_CONF_VLAN;
+   if (sc->hn_nvs_ver >= HN_NVS_VERSION_5)
+   conf.nvs_caps |= HN_NVS_NDIS_CONF_SRIOV;
 
/* NOTE: No response. */
error = hn_nvs_req_send(sc, , sizeof(conf));
@@ -719,3 +721,15 @@ hn_nvs_send_rndis_ctrl(struct vmbus_chan
return hn_nvs_send_rndis_sglist(chan, HN_NVS_RNDIS_MTYPE_CTRL,
sndc, gpa, gpa_cnt);
 }
+
+void
+hn_nvs_set_datapath(struct hn_softc *sc, uint32_t path)
+{
+   struct hn_nvs_datapath dp;
+
+   memset(, 0, sizeof(dp));
+   dp.nvs_type = HN_NVS_TYPE_SET_DATAPATH;
+   dp.nvs_active_path = path;
+
+   hn_nvs_req_send(sc, , sizeof(dp));
+}

Modified: stable/10/sys/dev/hyperv/netvsc/hn_nvs.h
==
--- stable/10/sys/dev/hyperv/netvsc/hn_nvs.hThu Feb 23 06:57:18 2017
(r314122)
+++ stable/10/sys/dev/hyperv/netvsc/hn_nvs.hThu Feb 23 07:04:17 2017
(r314123)
@@ -100,6 +100,7 @@ voidhn_nvs_sent_xact(struct hn_nvs_sen
 inthn_nvs_send_rndis_ctrl(struct vmbus_channel *chan,
struct hn_nvs_sendctx *sndc, struct vmbus_gpa *gpa,
int gpa_cnt);
+void   hn_nvs_set_datapath(struct hn_softc *sc, uint32_t path);
 
 extern struct hn_nvs_sendctx   hn_nvs_sendctx_none;
 

Modified: stable/10/sys/dev/hyperv/netvsc/if_hn.c
==
--- stable/10/sys/dev/hyperv/netvsc/if_hn.c Thu Feb 23 06:57:18 2017
(r314122)
+++ stable/10/sys/dev/hyperv/netvsc/if_hn.c Thu Feb 23 07:04:17 2017
(r314123)
@@ -77,6 +77,7 @@ __FBSDID("$FreeBSD$");
 #include 
 #include 
 #include 
+#include 
 
 #include 
 #include 
@@ -85,6 +86,7 @@ __FBSDID("$FreeBSD$");
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -211,6 +213,11 @@ struct hn_rxinfo {
uint32_thash_value;
 };
 
+struct hn_update_vf {
+   struct hn_rx_ring   *rxr;
+   struct ifnet*vf;
+};
+
 #define HN_RXINFO_VLAN 0x0001
 #define HN_RXINFO_CSUM 0x0002
 #define HN_RXINFO_HASHINF  0x0004
@@ -288,7 +295,7 @@ static int  hn_txagg_pktmax_sysctl(SYSC
 static int hn_txagg_align_sysctl(SYSCTL_HANDLER_ARGS);
 static int hn_polling_sysctl(SYSCTL_HANDLER_ARGS);
 
-static voidhn_stop(struct hn_softc *);
+static voidhn_stop(struct hn_softc *, bool);
 static voidhn_init_locked(struct hn_softc *);
 static int hn_chan_attach(struct hn_softc *,
struct vmbus_channel *);
@@ -696,7 +703,8 @@ hn_rxfilter_config(struct hn_softc *sc)
 
HN_LOCK_ASSERT(sc);
 
-   if (ifp->if_flags & IFF_PROMISC) {
+   if ((ifp->if_flags & IFF_PROMISC) ||
+   (sc->hn_flags & HN_FLAG_VF)) {
filter = NDIS_PACKET_TYPE_PROMISCUOUS;
} else {
filter = NDIS_PACKET_TYPE_DIRECTED;
@@ -883,6 +891,119 @@ 

svn commit: r314122 - stable/10/sys/net

[Dexuan Cui]

Author: dexuan
Date: Thu Feb 23 06:57:18 2017
New Revision: 314122
URL: https://svnweb.freebsd.org/changeset/base/314122

Log:
  MFC: r312687, r312916
  
  Approved by:  sephe (mentor)
  
  r312687
  ifnet: introduce event handlers for ifup/ifdown events
  
  Hyper-V's NIC SR-IOV implementation needs a Hyper-V synthetic NIC and
  a VF NIC to work together, mainly to support seamless live migration.
  
  When the VF device becomes UP (or DOWN), the synthetic NIC driver needs
  to switch the data path from the synthetic NIC to the VF (or the 
opposite).
  
  So the synthetic NIC driver needs to know when a VF device is becoming
  UP or DOWN and hence the patch is made.
  
  Reviewed by:  sephe
  Approved by:  sephe (mentor)
  Sponsored by: Microsoft
  Differential Revision:https://reviews.freebsd.org/D8963
  
  r312916
  ifnet: move the new ifnet_event EVENTHANDLER_DECLARE to net/if_var.h
  
  Thank glebius for pointing this out:
  "The network stuff shall not be added to sys/eventhandler.h"
  
  Reviewed by:  David_A_Bright_DELL.com, sephe, glebius
  Approved by:  sephe (mentor)
  Sponsored by: Microsoft
  Differential Revision:https://reviews.freebsd.org/D9345

Modified:
  stable/10/sys/net/if.c
  stable/10/sys/net/if_var.h

Modified: stable/10/sys/net/if.c
==
--- stable/10/sys/net/if.c  Thu Feb 23 06:49:46 2017(r314121)
+++ stable/10/sys/net/if.c  Thu Feb 23 06:57:18 2017(r314122)
@@ -2183,6 +2183,7 @@ void
 if_down(struct ifnet *ifp)
 {
 
+   EVENTHANDLER_INVOKE(ifnet_event, ifp, IFNET_EVENT_DOWN);
if_unroute(ifp, IFF_UP, AF_UNSPEC);
 }
 
@@ -2195,6 +2196,7 @@ if_up(struct ifnet *ifp)
 {
 
if_route(ifp, IFF_UP, AF_UNSPEC);
+   EVENTHANDLER_INVOKE(ifnet_event, ifp, IFNET_EVENT_UP);
 }
 
 /*

Modified: stable/10/sys/net/if_var.h
==
--- stable/10/sys/net/if_var.h  Thu Feb 23 06:49:46 2017(r314121)
+++ stable/10/sys/net/if_var.h  Thu Feb 23 06:57:18 2017(r314122)
@@ -424,6 +424,11 @@ EVENTHANDLER_DECLARE(ifnet_departure_eve
 /* Interface link state change event */
 typedef void (*ifnet_link_event_handler_t)(void *, struct ifnet *, int);
 EVENTHANDLER_DECLARE(ifnet_link_event, ifnet_link_event_handler_t);
+/* Interface up/down event */
+#define IFNET_EVENT_UP 0
+#define IFNET_EVENT_DOWN   1
+typedef void (*ifnet_event_fn)(void *, struct ifnet *ifp, int event);
+EVENTHANDLER_DECLARE(ifnet_event, ifnet_event_fn);
 
 /*
  * interface groups
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314121 - stable/10/sys/dev/hyperv/netvsc

[Dexuan Cui]

Author: dexuan
Date: Thu Feb 23 06:49:46 2017
New Revision: 314121
URL: https://svnweb.freebsd.org/changeset/base/314121

Log:
  MFC: r312685, r312686
  
  Approved by:  sephe (mentor)
  
  r312685
  hyperv/hn: remember the channel pointer in struct hn_rx_ring
  
  This will be used by the coming NIC SR-IOV patch.
  
  Reviewed by:  sephe
  Approved by:  sephe (mentor)
  Sponsored by: Microsoft
  Differential Revision:https://reviews.freebsd.org/D8909
  
  r312686
  hyperv/hn: remove the MTU and IFF_DRV_RUNNING checking in hn_rxpkt()
  
  It's unnecessary because the upper nework stack does the same checking.
  
  In the case of Hyper-V SR-IOV, we need to remove the checking because
  1) multicast/broadcast packets are still received through the synthetic
  NIC and we need to inject the packets through the VF interface;
  2) we must inject the packets even if the synthetic NIC is down, or has
  a different MTU from the VF device.
  
  Reviewed by:  sephe
  Approved by:  sephe (mentor)
  Sponsored by: Microsoft
  Differential Revision:https://reviews.freebsd.org/D8962

Modified:
  stable/10/sys/dev/hyperv/netvsc/if_hn.c
  stable/10/sys/dev/hyperv/netvsc/if_hnvar.h
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/sys/dev/hyperv/netvsc/if_hn.c
==
--- stable/10/sys/dev/hyperv/netvsc/if_hn.c Thu Feb 23 05:40:59 2017
(r314120)
+++ stable/10/sys/dev/hyperv/netvsc/if_hn.c Thu Feb 23 06:49:46 2017
(r314121)
@@ -2118,15 +2118,7 @@ hn_rxpkt(struct hn_rx_ring *rxr, const v
int size, do_lro = 0, do_csum = 1;
int hash_type = M_HASHTYPE_OPAQUE;
 
-   if (!(ifp->if_drv_flags & IFF_DRV_RUNNING))
-   return (0);
-
-   /*
-* Bail out if packet contains more data than configured MTU.
-*/
-   if (dlen > (ifp->if_mtu + ETHER_HDR_LEN)) {
-   return (0);
-   } else if (dlen <= MHLEN) {
+   if (dlen <= MHLEN) {
m_new = m_gethdr(M_NOWAIT, MT_DATA);
if (m_new == NULL) {
if_inc_counter(ifp, IFCOUNTER_IQDROPS, 1);
@@ -4297,6 +4289,7 @@ hn_chan_attach(struct hn_softc *sc, stru
KASSERT((rxr->hn_rx_flags & HN_RX_FLAG_ATTACHED) == 0,
("RX ring %d already attached", idx));
rxr->hn_rx_flags |= HN_RX_FLAG_ATTACHED;
+   rxr->hn_chan = chan;
 
if (bootverbose) {
if_printf(sc->hn_ifp, "link RX ring %d to chan%u\n",

Modified: stable/10/sys/dev/hyperv/netvsc/if_hnvar.h
==
--- stable/10/sys/dev/hyperv/netvsc/if_hnvar.h  Thu Feb 23 05:40:59 2017
(r314120)
+++ stable/10/sys/dev/hyperv/netvsc/if_hnvar.h  Thu Feb 23 06:49:46 2017
(r314121)
@@ -85,6 +85,8 @@ struct hn_rx_ring {
 
void*hn_br; /* TX/RX bufring */
struct hyperv_dma hn_br_dma;
+
+   struct vmbus_channel *hn_chan;
 } __aligned(CACHE_LINE_SIZE);
 
 #define HN_TRUST_HCSUM_IP  0x0001
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314120 - head/contrib/blacklist/bin

[Kurt Lidl]

Author: lidl
Date: Thu Feb 23 05:40:59 2017
New Revision: 314120
URL: https://svnweb.freebsd.org/changeset/base/314120

Log:
  Reset failed login count to zero when removing a blocked address
  
  The blacklistd daemon keeps records of failed login attempts for
  each address:port that is flagged as a failed login.  When a
  successful login occurs for that address:port combination,
  the record's last update time is set to zero, to indicate no current
  failed login attempts.
  
  Reset the failed login count to zero, so that at the next failed
  login attempt, the counting will restart properly at zero.  Without
  this reset to zero, the first failed login after a successful login
  will cause the address to be blocked immediately.
  
  When debugging is turned on, output more information about database
  state before and after the database updates have occured.
  
  A similar patch has already been upstreamed to NetBSD.
  
  MFC after:3 days
  Sponsored by: The FreeBSD Foundation

Modified:
  head/contrib/blacklist/bin/blacklistd.c

Modified: head/contrib/blacklist/bin/blacklistd.c
==
--- head/contrib/blacklist/bin/blacklistd.c Thu Feb 23 05:33:20 2017
(r314119)
+++ head/contrib/blacklist/bin/blacklistd.c Thu Feb 23 05:40:59 2017
(r314120)
@@ -207,7 +207,7 @@ process(bl_t bl)
 
if (debug) {
char b1[128], b2[128];
-   (*lfun)(LOG_DEBUG, "%s: db state info for %s: count=%d/%d "
+   (*lfun)(LOG_DEBUG, "%s: initial db state for %s: count=%d/%d "
"last=%s now=%s", __func__, rbuf, dbi.count, c.c_nfail,
fmttime(b1, sizeof(b1), dbi.last),
fmttime(b2, sizeof(b2), ts.tv_sec));
@@ -246,15 +246,24 @@ process(bl_t bl)
case BL_DELETE:
if (dbi.last == 0)
goto out;
+   dbi.count = 0;
dbi.last = 0;
break;
default:
(*lfun)(LOG_ERR, "unknown message %d", bi->bi_type); 
}
-   if (state_put(state, , ) == -1)
-   goto out;
+   state_put(state, , );
+
 out:
close(bi->bi_fd);
+
+   if (debug) {
+   char b1[128], b2[128];
+   (*lfun)(LOG_DEBUG, "%s: final db state for %s: count=%d/%d "
+   "last=%s now=%s", __func__, rbuf, dbi.count, c.c_nfail,
+   fmttime(b1, sizeof(b1), dbi.last),
+   fmttime(b2, sizeof(b2), ts.tv_sec));
+   }
 }
 
 static void
@@ -393,7 +402,7 @@ rules_restore(void)
 int
 main(int argc, char *argv[])
 {
-   int c, tout, flags, flush, restore;
+   int c, tout, flags, flush, restore, ret;
const char *spath, *blsock;
 
setprogname(argv[0]);
@@ -512,7 +521,10 @@ main(int argc, char *argv[])
readconf = 0;
conf_parse(configfile);
}
-   switch (poll(pfd, (nfds_t)nfd, tout)) {
+   ret = poll(pfd, (nfds_t)nfd, tout);
+   if (debug)
+   (*lfun)(LOG_DEBUG, "received %d from poll()", ret);
+   switch (ret) {
case -1:
if (errno == EINTR)
continue;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314119 - head/sys/dev/extres/clk

[Emmanuel Vadot]

Author: manu
Date: Thu Feb 23 05:33:20 2017
New Revision: 314119
URL: https://svnweb.freebsd.org/changeset/base/314119

Log:
  Do not check divider length if we have a div table.
  
  Reviewed by:  mmel

Modified:
  head/sys/dev/extres/clk/clk_div.c

Modified: head/sys/dev/extres/clk/clk_div.c
==
--- head/sys/dev/extres/clk/clk_div.c   Thu Feb 23 04:26:17 2017
(r314118)
+++ head/sys/dev/extres/clk/clk_div.c   Thu Feb 23 05:33:20 2017
(r314119)
@@ -195,7 +195,8 @@ clknode_div_set_freq(struct clknode *clk
hw_i_div--;
 
*stop = 1;
-   if (hw_i_div > sc->i_mask) {
+   if (hw_i_div > sc->i_mask &&
+   ((sc->div_flags & CLK_DIV_WITH_TABLE) == 0)) {
/* XXX Or only return error? */
printf("%s: %s integer divider is too big: %u\n",
clknode_get_name(clk), __func__, hw_i_div);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r314075 - head/tests/sys/kern

[Eric Badger]

On 02/22/2017 10:05 PM, Ian Lepore wrote:

On Wed, 2017-02-22 at 04:35 +, Eric Badger wrote:

Author: badger
Date: Wed Feb 22 04:35:07 2017
New Revision: 314075
URL: https://svnweb.freebsd.org/changeset/base/314075

Log:
  Fix world build for archs where __builtin_debugtrap() does not
work.

  The offending code was introduced in r313992.

  Reported by:  rpokala
  Approved by:  kib (mentor)

Modified:
  head/tests/sys/kern/ptrace_test.c

Modified: head/tests/sys/kern/ptrace_test.c
=
=
--- head/tests/sys/kern/ptrace_test.c   Wed Feb 22 04:28:10 2017
(r314074)
+++ head/tests/sys/kern/ptrace_test.c   Wed Feb 22 04:35:07 2017
(r314075)
@@ -37,6 +37,7 @@ __FBSDID("$FreeBSD$");
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -1690,7 +1691,7 @@ ATF_TC_BODY(ptrace__PT_KILL_breakpoint,
ATF_REQUIRE((fpid = fork()) != -1);
if (fpid == 0) {
trace_me();
-   __builtin_debugtrap();
+   breakpoint();
exit(1);
}




This fixes only x86 and sparc64.  All other arches have breakpoint()
under the #ifdef KERNEL wrapper (I have no idea why).  If fixing this
is going to take any longer, can we disconnect this test from the build
until it gets worked out?

-- Ian



Yes, that was my error. In my haste to fix things, I misread the headers 
and thought I had breakpoint() everywhere (and only tested 
sparc64/amd64).  Sorry about that. It should be fixed in r314118.


Eric
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314118 - head/tests/sys/kern

[Eric Badger]

Author: badger
Date: Thu Feb 23 04:26:17 2017
New Revision: 314118
URL: https://svnweb.freebsd.org/changeset/base/314118

Log:
  Actually fix buildworlds other than i386/amd64/sparc64 after r313992
  
  Disable offending test for platforms without a userspace visible
  breakpoint().
  
  Reported by:  rpokala
  Approved by:  vangyzen (mentor)

Modified:
  head/tests/sys/kern/ptrace_test.c

Modified: head/tests/sys/kern/ptrace_test.c
==
--- head/tests/sys/kern/ptrace_test.c   Thu Feb 23 02:28:08 2017
(r314117)
+++ head/tests/sys/kern/ptrace_test.c   Thu Feb 23 04:26:17 2017
(r314118)
@@ -1679,6 +1679,11 @@ ATF_TC_BODY(ptrace__ptrace_vfork_follow,
 }
 
 /*
+ * XXX: There's nothing inherently platform specific about this test, however a
+ * userspace visible breakpoint() is a prerequisite.
+ */
+ #if defined(__amd64__) || defined(__i386__) || defined(__sparc64__)
+/*
  * Verify that no more events are reported after PT_KILL except for the
  * process exit when stopped due to a breakpoint trap.
  */
@@ -1723,6 +1728,7 @@ ATF_TC_BODY(ptrace__PT_KILL_breakpoint, 
ATF_REQUIRE(wpid == -1);
ATF_REQUIRE(errno == ECHILD);
 }
+#endif /* defined(__amd64__) || defined(__i386__) || defined(__sparc64__) */
 
 /*
  * Verify that no more events are reported after PT_KILL except for the
@@ -2806,7 +2812,9 @@ ATF_TP_ADD_TCS(tp)
ATF_TP_ADD_TC(tp, ptrace__event_mask);
ATF_TP_ADD_TC(tp, ptrace__ptrace_vfork);
ATF_TP_ADD_TC(tp, ptrace__ptrace_vfork_follow);
+#if defined(__amd64__) || defined(__i386__) || defined(__sparc64__)
ATF_TP_ADD_TC(tp, ptrace__PT_KILL_breakpoint);
+#endif
ATF_TP_ADD_TC(tp, ptrace__PT_KILL_system_call);
ATF_TP_ADD_TC(tp, ptrace__PT_KILL_threads);
ATF_TP_ADD_TC(tp, ptrace__PT_KILL_competing_signal);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r314075 - head/tests/sys/kern

[Ian Lepore]

On Wed, 2017-02-22 at 04:35 +, Eric Badger wrote:
> Author: badger
> Date: Wed Feb 22 04:35:07 2017
> New Revision: 314075
> URL: https://svnweb.freebsd.org/changeset/base/314075
> 
> Log:
>   Fix world build for archs where __builtin_debugtrap() does not
> work.
>   
>   The offending code was introduced in r313992.
>   
>   Reported by:rpokala
>   Approved by:kib (mentor)
> 
> Modified:
>   head/tests/sys/kern/ptrace_test.c
> 
> Modified: head/tests/sys/kern/ptrace_test.c
> =
> =
> --- head/tests/sys/kern/ptrace_test.c Wed Feb 22 04:28:10 2017
>   (r314074)
> +++ head/tests/sys/kern/ptrace_test.c Wed Feb 22 04:35:07 2017
>   (r314075)
> @@ -37,6 +37,7 @@ __FBSDID("$FreeBSD$");
>  #include 
>  #include 
>  #include 
> +#include 
>  #include 
>  #include 
>  #include 
> @@ -1690,7 +1691,7 @@ ATF_TC_BODY(ptrace__PT_KILL_breakpoint, 
>   ATF_REQUIRE((fpid = fork()) != -1);
>   if (fpid == 0) {
>   trace_me();
> - __builtin_debugtrap();
> + breakpoint();
>   exit(1);
>   }
>  
> 

This fixes only x86 and sparc64.  All other arches have breakpoint()
under the #ifdef KERNEL wrapper (I have no idea why).  If fixing this
is going to take any longer, can we disconnect this test from the build
until it gets worked out?

-- Ian
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314117 - in head/usr.sbin/makefs: . cd9660

[Ed Maste]

Author: emaste
Date: Thu Feb 23 02:28:08 2017
New Revision: 314117
URL: https://svnweb.freebsd.org/changeset/base/314117

Log:
  makefs: eliminate global cd9660 structure
  
  For diff reduction with NetBSD
  
  NetBSD file versions:
  cd9660.c 1.39
  cd9660.h 1.19
  cd9660/cd9660_debug.c 1.12
  cd9660/cd9660_eltorito.c 1.20
  cd9660/cd9660_write.c 1.16
  cd9660/iso9660_rrip.c 1.12
  cd9660/iso9660_rrip.h 1.6
  
  Reviewed by:  ngie
  Obtained from:NetBSD
  MFC after:1 month
  Sponsored by: The FreeBSD Foundation
  Differential Revision:https://reviews.freebsd.org/D9627

Modified:
  head/usr.sbin/makefs/cd9660.c
  head/usr.sbin/makefs/cd9660.h
  head/usr.sbin/makefs/cd9660/cd9660_debug.c
  head/usr.sbin/makefs/cd9660/cd9660_eltorito.c
  head/usr.sbin/makefs/cd9660/cd9660_write.c
  head/usr.sbin/makefs/cd9660/iso9660_rrip.c
  head/usr.sbin/makefs/cd9660/iso9660_rrip.h

Modified: head/usr.sbin/makefs/cd9660.c
==
--- head/usr.sbin/makefs/cd9660.c   Thu Feb 23 01:18:47 2017
(r314116)
+++ head/usr.sbin/makefs/cd9660.c   Thu Feb 23 02:28:08 2017
(r314117)
@@ -109,58 +109,59 @@ __FBSDID("$FreeBSD$");
 #include "cd9660/iso9660_rrip.h"
 #include "cd9660/cd9660_archimedes.h"
 
-/*
- * Global variables
- */
-iso9660_disk diskStructure;
-
-static void cd9660_finalize_PVD(void);
+static void cd9660_finalize_PVD(iso9660_disk *);
 static cd9660node *cd9660_allocate_cd9660node(void);
-static void cd9660_set_defaults(void);
+static void cd9660_set_defaults(iso9660_disk *);
 static int cd9660_arguments_set_string(const char *, const char *, int,
 char, char *);
 static void cd9660_populate_iso_dir_record(
 struct _iso_directory_record_cd9660 *, u_char, u_char, u_char,
 const char *);
-static void cd9660_setup_root_node(void);
-static int cd9660_setup_volume_descriptors(void);
+static void cd9660_setup_root_node(iso9660_disk *);
+static int cd9660_setup_volume_descriptors(iso9660_disk *);
 #if 0
 static int cd9660_fill_extended_attribute_record(cd9660node *);
 #endif
 static void cd9660_sort_nodes(cd9660node *);
-static int cd9660_translate_node_common(cd9660node *);
-static int cd9660_translate_node(fsnode *, cd9660node *);
+static int cd9660_translate_node_common(iso9660_disk *, cd9660node *);
+static int cd9660_translate_node(iso9660_disk *, fsnode *, cd9660node *);
 static int cd9660_compare_filename(const char *, const char *);
 static void cd9660_sorted_child_insert(cd9660node *, cd9660node *);
-static int cd9660_handle_collisions(cd9660node *, int);
-static cd9660node *cd9660_rename_filename(cd9660node *, int, int);
-static void cd9660_copy_filenames(cd9660node *);
+static int cd9660_handle_collisions(iso9660_disk *, cd9660node *, int);
+static cd9660node *cd9660_rename_filename(iso9660_disk *, cd9660node *, int,
+int);
+static void cd9660_copy_filenames(iso9660_disk *, cd9660node *);
 static void cd9660_sorting_nodes(cd9660node *);
 static int cd9660_count_collisions(cd9660node *);
-static cd9660node *cd9660_rrip_move_directory(cd9660node *);
-static int cd9660_add_dot_records(cd9660node *);
+static cd9660node *cd9660_rrip_move_directory(iso9660_disk *, cd9660node *);
+static int cd9660_add_dot_records(iso9660_disk *, cd9660node *);
 
-static void cd9660_convert_structure(fsnode *, cd9660node *, int,
+static void cd9660_convert_structure(iso9660_disk *, fsnode *, cd9660node *, 
int,
 int *, int *);
 static void cd9660_free_structure(cd9660node *);
-static int cd9660_generate_path_table(void);
-static int cd9660_level1_convert_filename(const char *, char *, int);
-static int cd9660_level2_convert_filename(const char *, char *, int);
+static int cd9660_generate_path_table(iso9660_disk *);
+static int cd9660_level1_convert_filename(iso9660_disk *, const char *, char *,
+int);
+static int cd9660_level2_convert_filename(iso9660_disk *, const char *, char *,
+int);
 #if 0
-static int cd9660_joliet_convert_filename(const char *, char *, int);
+static int cd9660_joliet_convert_filename(iso9660_disk *, const char *, char *,
+int);
 #endif
-static int cd9660_convert_filename(const char *, char *, int);
-static void cd9660_populate_dot_records(cd9660node *);
-static int64_t cd9660_compute_offsets(cd9660node *, int64_t);
+static int cd9660_convert_filename(iso9660_disk *, const char *, char *, int);
+static void cd9660_populate_dot_records(iso9660_disk *, cd9660node *);
+static int64_t cd9660_compute_offsets(iso9660_disk *, cd9660node *, int64_t);
 #if 0
 static int cd9660_copy_stat_info(cd9660node *, cd9660node *, int);
 #endif
-static cd9660node *cd9660_create_virtual_entry(const char *, cd9660node *, int,
-int);
-static cd9660node *cd9660_create_file(const char *, cd9660node *, cd9660node 
*);
-static cd9660node *cd9660_create_directory(const char *, cd9660node *,
+static cd9660node *cd9660_create_virtual_entry(iso9660_disk *, const char *,
+cd9660node *, int, int);

Re: svn commit: r314116 - head/sys/kern

[Jonathan Looney]

On Wed, Feb 22, 2017 at 8:18 PM, Jonathan T. Looney  wrote:

> Author: jtl
> Date: Thu Feb 23 01:18:47 2017
> New Revision: 314116
> URL: https://svnweb.freebsd.org/changeset/base/314116
>
> Log:
>   Fix a panic during boot caused by inadequate locking of some vt(4) driver
>   data structures.
>
>   vt_change_font() calls vtbuf_grow() to change some vt driver data
>   structures. It uses TF_MUTE to prevent the console from trying to use
> those
>   data structures while it changes them.
>
>   During the early stage of the boot process, the vt driver's tc_done
> routine
>   uses those data structures; however, it is currently called outside the
>   TF_MUTE check.
>
>   Move the tc_done routine inside the locked TF_MUTE check.
>
>   PR:   217282
>   Reviewed by:  ed, ray
>   Sponsored by: Netflix
>   Differential Revision:https://reviews.freebsd.org/D9709


Sorry, this should also say:

MFC after: 2 weeks

The change should go back to stable/11, since EARLY_AP_STARTUP is an option
there. (It appears EARLY_AP_STARTUP is a prerequisite for hitting this bug.)

Jonathan
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314116 - head/sys/kern

[Jonathan T. Looney]

Author: jtl
Date: Thu Feb 23 01:18:47 2017
New Revision: 314116
URL: https://svnweb.freebsd.org/changeset/base/314116

Log:
  Fix a panic during boot caused by inadequate locking of some vt(4) driver
  data structures.
  
  vt_change_font() calls vtbuf_grow() to change some vt driver data
  structures. It uses TF_MUTE to prevent the console from trying to use those
  data structures while it changes them.
  
  During the early stage of the boot process, the vt driver's tc_done routine
  uses those data structures; however, it is currently called outside the
  TF_MUTE check.
  
  Move the tc_done routine inside the locked TF_MUTE check.
  
  PR:   217282
  Reviewed by:  ed, ray
  Sponsored by: Netflix
  Differential Revision:https://reviews.freebsd.org/D9709

Modified:
  head/sys/kern/subr_terminal.c

Modified: head/sys/kern/subr_terminal.c
==
--- head/sys/kern/subr_terminal.c   Thu Feb 23 00:02:49 2017
(r314115)
+++ head/sys/kern/subr_terminal.c   Thu Feb 23 01:18:47 2017
(r314116)
@@ -375,7 +375,10 @@ termtty_outwakeup(struct tty *tp)
TERMINAL_UNLOCK_TTY(tm);
}
 
-   tm->tm_class->tc_done(tm);
+   TERMINAL_LOCK_TTY(tm);
+   if (!(tm->tm_flags & TF_MUTE))
+   tm->tm_class->tc_done(tm);
+   TERMINAL_UNLOCK_TTY(tm);
if (flags & TF_BELL)
tm->tm_class->tc_bell(tm);
 }
@@ -545,10 +548,9 @@ termcn_cnputc(struct consdev *cp, int c)
teken_set_curattr(>tm_emulator, _message);
teken_input(>tm_emulator, , 1);
teken_set_curattr(>tm_emulator, );
+   tm->tm_class->tc_done(tm);
}
TERMINAL_UNLOCK_CONS(tm);
-
-   tm->tm_class->tc_done(tm);
 }
 
 /*
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r314114 - head/sys/boot/mips/beri/boot2

[John Baldwin]

On Wednesday, February 22, 2017 11:58:54 PM John Baldwin wrote:
> Author: jhb
> Date: Wed Feb 22 23:58:54 2017
> New Revision: 314114
> URL: https://svnweb.freebsd.org/changeset/base/314114
> 
> Log:
>   Use LDFLAGS with CC instead of _LDFLAGS.
>   
>   This is a followup to r311458.  _LDFLAGS is for use with LD, whereas
>   LDFLAGS is for use with CC.

This was actually Reviewed by: kan and D9707.  Forgot to add metadata to
commit. :-/

-- 
John Baldwin
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314115 - head/libexec/rtld-elf/mips

[John Baldwin]

Author: jhb
Date: Thu Feb 23 00:02:49 2017
New Revision: 314115
URL: https://svnweb.freebsd.org/changeset/base/314115

Log:
  Fully handle the special encoding of GOT[1] on mips64.
  
  The MIPS ABI does not require the second GOT entry to be reserved for use
  by the runtime linker as on other architectures.  Instead, static linkers
  use a special value in the second GOT entry to indicate if the entry is
  reserved.  This value is supposed to consist of an address with the MSB
  set and the rest of the bits all zero which is an invalid user address.
  
  However, the old binutils currently in the tree uses the 32-bit mask value
  (2^31) on 64-bit MIPS instead of 2^63.  This was fixed in upstream
  binutils in 2008 to use 2^63 on 64-bit MIPS.
  
  The first part of this change changes the runtime check in init_pltgot()
  to check for both values (2^31 and 2^63) when deciding whether to store
  the current object pointer in GOT[1] which fixes dynamic N64 binaries
  compiled with modern binutils.
  
  However, the initial version of this fix exposed another related bug in
  that _rtld_relocate_nonplt_self() was only checking for the new value
  (2^63) in GOT[1] and incorrectly treated GOT[1] as a local GOT entry
  (and did not relocate the final local GOT entry).  To handle this, fix
  all of the places that check for GOT[1]'s status to use the same macro
  that checks for both values on N64.
  
  Reviewed by:  kan, imp
  Sponsored by: DARPA / AFRL
  Differential Revision:https://reviews.freebsd.org/D9708

Modified:
  head/libexec/rtld-elf/mips/reloc.c

Modified: head/libexec/rtld-elf/mips/reloc.c
==
--- head/libexec/rtld-elf/mips/reloc.c  Wed Feb 22 23:58:54 2017
(r314114)
+++ head/libexec/rtld-elf/mips/reloc.c  Thu Feb 23 00:02:49 2017
(r314115)
@@ -51,12 +51,28 @@ __FBSDID("$FreeBSD$");
 #defineGOT1_MASK   0x8000UL
 #endif
 
+/*
+ * Determine if the second GOT entry is reserved for rtld or if it is
+ * the first "real" GOT entry.
+ *
+ * This must be a macro rather than a function so that
+ * _rtld_relocate_nonplt_self doesn't trigger a GOT invocation trying
+ * to use it before the local GOT entries in rtld are adjusted.
+ */
+#ifdef __mips_n64
+/* Old binutils uses the 32-bit GOT1 mask value for N64. */
+#define GOT1_RESERVED_FOR_RTLD(got)\
+   (((got)[1] == 0x8000) || (got)[1] & GOT1_MASK)
+#else
+#define GOT1_RESERVED_FOR_RTLD(got)((got)[1] & GOT1_MASK)
+#endif
+
 void
 init_pltgot(Obj_Entry *obj)
 {
if (obj->pltgot != NULL) {
obj->pltgot[0] = (Elf_Addr) &_rtld_bind_start;
-   if (obj->pltgot[1] & 0x8000)
+   if (GOT1_RESERVED_FOR_RTLD(obj->pltgot))
obj->pltgot[1] = (Elf_Addr) obj | GOT1_MASK;
}
 }
@@ -175,7 +191,7 @@ _rtld_relocate_nonplt_self(Elf_Dyn *dynp
}
}
 
-   i = (got[1] & GOT1_MASK) ? 2 : 1;
+   i = GOT1_RESERVED_FOR_RTLD(got) ? 2 : 1;
/* Relocate the local GOT entries */
got += i;
for (; i < local_gotno; i++) {
@@ -294,7 +310,7 @@ reloc_non_plt(Obj_Entry *obj, Obj_Entry 
dbg("%s: broken=%d", obj->path, broken);
 #endif
 
-   i = (got[1] & GOT1_MASK) ? 2 : 1;
+   i = GOT1_RESERVED_FOR_RTLD(got) ? 2 : 1;
 
/* Relocate the local GOT entries */
got += i;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314114 - head/sys/boot/mips/beri/boot2

[John Baldwin]

Author: jhb
Date: Wed Feb 22 23:58:54 2017
New Revision: 314114
URL: https://svnweb.freebsd.org/changeset/base/314114

Log:
  Use LDFLAGS with CC instead of _LDFLAGS.
  
  This is a followup to r311458.  _LDFLAGS is for use with LD, whereas
  LDFLAGS is for use with CC.

Modified:
  head/sys/boot/mips/beri/boot2/Makefile

Modified: head/sys/boot/mips/beri/boot2/Makefile
==
--- head/sys/boot/mips/beri/boot2/Makefile  Wed Feb 22 23:57:22 2017
(r314113)
+++ head/sys/boot/mips/beri/boot2/Makefile  Wed Feb 22 23:58:54 2017
(r314114)
@@ -71,7 +71,7 @@ LDFLAGS=  -nostdlib   \
 CFLAGS+=   -I${.CURDIR}/../common
 
 flashboot.elf: relocate.o start.o boot2.o altera_jtag_uart.o cfi.o sdcard.o
-   ${CC} ${_LDFLAGS} -T ${.CURDIR}/flashboot.ldscript -o ${.TARGET}
\
+   ${CC} ${LDFLAGS} -T ${.CURDIR}/flashboot.ldscript -o ${.TARGET} \
${.ALLSRC} ${LIBSTAND}
 flashboot: flashboot.elf
${OBJCOPY} -S -O binary ${.TARGET}.elf ${.TARGET}
@@ -79,7 +79,7 @@ flashboot.md5: flashboot
md5 flashboot > flashboot.md5
 
 jtagboot: start.o boot2.o altera_jtag_uart.o cfi.o sdcard.o
-   ${CC} ${_LDFLAGS} -T ${.CURDIR}/jtagboot.ldscript -o ${.TARGET} \
+   ${CC} ${LDFLAGS} -T ${.CURDIR}/jtagboot.ldscript -o ${.TARGET}  \
${.ALLSRC} ${LIBSTAND}
 jtagboot.md5: jtagboot
md5 jtagboot > jtagboot.md5
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314113 - head/tests/sys/netinet

[Alan Somers]

Author: asomers
Date: Wed Feb 22 23:57:22 2017
New Revision: 314113
URL: https://svnweb.freebsd.org/changeset/base/314113

Log:
  Remove tests/sys/netinet/fibs_tests's dependency on net/socat
  
  Instead of bridging two tap interfaces with socat, just use an epair pair.
  
  MFC after:3 weeks
  Sponsored by: Spectra Logic Corp

Modified:
  head/tests/sys/netinet/fibs_test.sh

Modified: head/tests/sys/netinet/fibs_test.sh
==
--- head/tests/sys/netinet/fibs_test.sh Wed Feb 22 22:00:50 2017
(r314112)
+++ head/tests/sys/netinet/fibs_test.sh Wed Feb 22 23:57:22 2017
(r314113)
@@ -39,8 +39,7 @@
 # arpresolve only checked the default route.
 #
 # Outline:
-# Create two tap(4) interfaces
-# Simulate a crossover cable between them by using net/socat
+# Create two connected epair(4) interfaces
 # Use nping (from security/nmap) to send an ICMP echo request from one
 # interface to the other, spoofing the source IP.  The source IP must be
 # spoofed, or else it will already have an entry in the arp table.
@@ -51,7 +50,7 @@ arpresolve_checks_interface_fib_head()
atf_set "descr" "arpresolve should check the interface fib, not the 
default fib, for routes"
atf_set "require.user" "root"
atf_set "require.config" "fibs"
-   atf_set "require.progs" "socat nping"
+   atf_set "require.progs" "nping"
 }
 arpresolve_checks_interface_fib_body()
 {
@@ -74,19 +73,13 @@ arpresolve_checks_interface_fib_body()
fi
get_fibs 2
 
-   # Configure TAP interfaces
-   setup_tap "$FIB0" inet ${ADDR0} ${MASK0}
-   TAP0=$TAP
-   setup_tap "$FIB1" inet ${ADDR1} ${MASK1}
-   TAP1=$TAP
-
-   # Simulate a crossover cable
-   socat /dev/${TAP0} /dev/${TAP1} &
-   SOCAT_PID=$!
-   echo ${SOCAT_PID} >> "processes_to_kill"
+   # Configure epair interfaces
+   get_epair
+   setup_iface "$EPAIRA" "$FIB0" inet ${ADDR0} ${MASK0}
+   setup_iface "$EPAIRB" "$FIB1" inet ${ADDR1} ${MASK1}
 
# Send an ICMP echo request with a spoofed source IP
-   setfib 2 nping -c 1 -e ${TAP0} -S ${SPOOF_ADDR} \
+   setfib "$FIB0" nping -c 1 -e ${EPAIRA} -S ${SPOOF_ADDR} \
--source-mac ${SPOOF_MAC} --icmp --icmp-type "echo-request" \
--icmp-code 0 --icmp-id 0xdead --icmp-seq 1 --data 0xbeef \
${ADDR1}
@@ -94,17 +87,11 @@ arpresolve_checks_interface_fib_body()
# characteristic error message
dmesg | grep "llinfo.*${SPOOF_ADDR}"
# Check that the ARP entry exists
-   atf_check -o match:"${SPOOF_ADDR}.*expires" setfib 3 arp ${SPOOF_ADDR}
+   atf_check -o match:"${SPOOF_ADDR}.*expires" setfib "$FIB1" arp 
${SPOOF_ADDR}
 }
 arpresolve_checks_interface_fib_cleanup()
 {
-   if [ -f processes_to_kill ]; then
-   for pid in $(cat processes_to_kill); do
-   kill "${pid}"
-   done
-   rm -f processes_to_kill
-   fi
-   cleanup_tap
+   cleanup_ifaces
 }
 
 
@@ -163,7 +150,7 @@ loopback_and_network_routes_on_nondefaul
 
 loopback_and_network_routes_on_nondefault_fib_cleanup()
 {
-   cleanup_tap
+   cleanup_ifaces
 }
 
 atf_test_case loopback_and_network_routes_on_nondefault_fib_inet6 cleanup
@@ -221,7 +208,7 @@ loopback_and_network_routes_on_nondefaul
 
 loopback_and_network_routes_on_nondefault_fib_inet6_cleanup()
 {
-   cleanup_tap
+   cleanup_ifaces
 }
 
 
@@ -270,7 +257,7 @@ default_route_with_multiple_fibs_on_same
 
 default_route_with_multiple_fibs_on_same_subnet_cleanup()
 {
-   cleanup_tap
+   cleanup_ifaces
 }
 
 atf_test_case default_route_with_multiple_fibs_on_same_subnet_inet6 cleanup
@@ -317,7 +304,7 @@ default_route_with_multiple_fibs_on_same
 
 default_route_with_multiple_fibs_on_same_subnet_inet6_cleanup()
 {
-   cleanup_tap
+   cleanup_ifaces
 }
 
 
@@ -357,7 +344,7 @@ same_ip_multiple_ifaces_fib0_body()
 }
 same_ip_multiple_ifaces_fib0_cleanup()
 {
-   cleanup_tap
+   cleanup_ifaces
 }
 
 # Regression test for PR kern/189088
@@ -408,7 +395,7 @@ same_ip_multiple_ifaces_cleanup()
 {
# Due to PR kern/189088, we must destroy the interfaces in LIFO order
# in order for the routes to be correctly cleaned up.
-   for TAPD in `tail -r "tap_devices_to_cleanup"`; do
+   for TAPD in `tail -r "ifaces_to_cleanup"`; do
echo ifconfig ${TAPD} destroy
ifconfig ${TAPD} destroy
done
@@ -453,7 +440,7 @@ same_ip_multiple_ifaces_inet6_body()
 }
 same_ip_multiple_ifaces_inet6_cleanup()
 {
-   cleanup_tap
+   cleanup_ifaces
 }
 
 # Regression test for kern/187550
@@ -491,7 +478,7 @@ subnet_route_with_multiple_fibs_on_same_
 
 subnet_route_with_multiple_fibs_on_same_subnet_cleanup()
 {
-   cleanup_tap
+   cleanup_ifaces
 }
 
 atf_test_case subnet_route_with_multiple_fibs_on_same_subnet_inet6 cleanup
@@ -528,7 +515,7 @@ 

Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts

[Bryan Drewery]

On 2/22/2017 3:10 PM, Allan Jude wrote:
> On 2017-02-22 15:26, Bryan Drewery wrote:
>> On 2/21/2017 11:07 PM, Joel Dahl wrote:
>>> On Tue, Feb 21, 2017 at 02:40:02PM +, Alexey Dokuchaev wrote:
 On Tue, Feb 21, 2017 at 08:34:29AM -0600, Eric Badger wrote:
> Thanks for working on making it easier to harden FreeBSD. While
> defaulting some of these options to "on" seem pretty harmless (e.g.
> random_pid), others are likely to cause confusion for new and
> experienced users alike (e.g. proc_debug. I've never used that option
> before, so I gave it a try. It simply causes gdb to hang when attempting
> to start a process, with no obvious indication of why).

 I concur.  In fact, harmless knobs should probably be turned on by default
 in FreeBSD itself (i.e., without any "hardening" help from the installer),
 while more intrusive ones should be opt-in, not opt-out.
>>>
>>> I agree. Can we back this out and discuss it on current@?
>>>
>>
>> I concur.
>> In the original review for adding this I predicted today would come,
>> https://reviews.freebsd.org/D6826.  I still think that it is very
>> under-designed and under-thought out.
>>
>> I personally agree with hardening my system, but I have a number of
>> issues with this approach:
>>
>> 1. It makes *1 installation* method do hardening, while every other
>> installation method, and *upgrade* methods not do hardening.  So someone
>> upgrading from 11.0 to 12.0 won't get hardening, but someone installing
>> from bsdinstall for 12.0 fresh will get it.  There should not be a
>> distinction between our installation/upgrade methods like this.
> 
> I agree with this point, and it was brought up by nwhitehorn in the very
> initial reviews.
> 
> There may be some value in giving these knobs wider testing before
> turning them on, but -current may be a better place to do that.
> 
> Core is soon to announce a more formalized way to discuss and reach
> consensus on these types of changes. robak@ can I ask that you back this
> out for now, and we use that process to determine what the right set of
> knobs to turn on by default is, and which should be up to the user.
> 
>>
>> 2. It ignores that FreeBSD is *generic Operating System* that serves
>> many workflows.  Developers want all of this off, System Administrators
>> want all of it on, and Desktop users may want a compromise of half of it
>> to allow various drivers to work (not pointing at any specific sysctl
>> right now).
>>
>> I think what is really needed is a system profile that lets you pick the
>> workflow you are going to use the system for, and then set some
>> reasonable defaults from there.  We will never all agree on the same
>> defaults because we all are using the systems differently, but we can
>> find some compromise if we make Use Cases, such as a System Profile
>> would entail.
> 
> I think that is a far better approach, but I am not sure what form it
> would take. Maybe we can discuss as a working group at BSDCan or
> EuroBSDCon to hammer out a better system that the wide array of sysctls
> we have.
> 
> Not just for these hardening ones, but even just for sizing things like
> the maximum number of file descriptors, default socket buffer sizes, etc.
> 
> 'Defaults for a web server'
> 'Defaults for a development laptop'
> 'Defaults for a poudriere build box'
> etc.
> 

Yup.  If the base system goes this route then the ports tree might
follow and give different defaults for each profile.  It's hard
technically but agreeing on such an approach and design is the first
step before figuring out the technical hurdles to solve (speaking of
multiple package sets problem).

>>
>> I too would like to see this backed out.
>>
> 
> 


-- 
Regards,
Bryan Drewery



signature.asc
Description: OpenPGP digital signature

Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts

[Allan Jude]

On 2017-02-22 15:26, Bryan Drewery wrote:
> On 2/21/2017 11:07 PM, Joel Dahl wrote:
>> On Tue, Feb 21, 2017 at 02:40:02PM +, Alexey Dokuchaev wrote:
>>> On Tue, Feb 21, 2017 at 08:34:29AM -0600, Eric Badger wrote:
 Thanks for working on making it easier to harden FreeBSD. While
 defaulting some of these options to "on" seem pretty harmless (e.g.
 random_pid), others are likely to cause confusion for new and
 experienced users alike (e.g. proc_debug. I've never used that option
 before, so I gave it a try. It simply causes gdb to hang when attempting
 to start a process, with no obvious indication of why).
>>>
>>> I concur.  In fact, harmless knobs should probably be turned on by default
>>> in FreeBSD itself (i.e., without any "hardening" help from the installer),
>>> while more intrusive ones should be opt-in, not opt-out.
>>
>> I agree. Can we back this out and discuss it on current@?
>>
> 
> I concur.
> In the original review for adding this I predicted today would come,
> https://reviews.freebsd.org/D6826.  I still think that it is very
> under-designed and under-thought out.
> 
> I personally agree with hardening my system, but I have a number of
> issues with this approach:
> 
> 1. It makes *1 installation* method do hardening, while every other
> installation method, and *upgrade* methods not do hardening.  So someone
> upgrading from 11.0 to 12.0 won't get hardening, but someone installing
> from bsdinstall for 12.0 fresh will get it.  There should not be a
> distinction between our installation/upgrade methods like this.

I agree with this point, and it was brought up by nwhitehorn in the very
initial reviews.

There may be some value in giving these knobs wider testing before
turning them on, but -current may be a better place to do that.

Core is soon to announce a more formalized way to discuss and reach
consensus on these types of changes. robak@ can I ask that you back this
out for now, and we use that process to determine what the right set of
knobs to turn on by default is, and which should be up to the user.

> 
> 2. It ignores that FreeBSD is *generic Operating System* that serves
> many workflows.  Developers want all of this off, System Administrators
> want all of it on, and Desktop users may want a compromise of half of it
> to allow various drivers to work (not pointing at any specific sysctl
> right now).
> 
> I think what is really needed is a system profile that lets you pick the
> workflow you are going to use the system for, and then set some
> reasonable defaults from there.  We will never all agree on the same
> defaults because we all are using the systems differently, but we can
> find some compromise if we make Use Cases, such as a System Profile
> would entail.

I think that is a far better approach, but I am not sure what form it
would take. Maybe we can discuss as a working group at BSDCan or
EuroBSDCon to hammer out a better system that the wide array of sysctls
we have.

Not just for these hardening ones, but even just for sizing things like
the maximum number of file descriptors, default socket buffer sizes, etc.

'Defaults for a web server'
'Defaults for a development laptop'
'Defaults for a poudriere build box'
etc.

> 
> I too would like to see this backed out.
> 


-- 
Allan Jude



signature.asc
Description: OpenPGP digital signature

Re: svn commit: r313996 - in head/sys: kern sys

[Gleb Smirnoff]

  Mateusz,

  why do you __predict_false() the recursion scenario? I'm afraid
that performance loss for mispredictions could outweight the
gain due to predictions. AFAIK, mutex recursion is still a pretty
common event in the kernel.

On Mon, Feb 20, 2017 at 07:08:36PM +, Mateusz Guzik wrote:
M> Author: mjg
M> Date: Mon Feb 20 19:08:36 2017
M> New Revision: 313996
M> URL: https://svnweb.freebsd.org/changeset/base/313996
M> 
M> Log:
M>   mtx: fix spin mutexes interaction with failed fcmpset
M>   
M>   While doing so move recursion support down to the fallback routine.
M> 
M> Modified:
M>   head/sys/kern/kern_mutex.c
M>   head/sys/sys/mutex.h
M> 
M> Modified: head/sys/kern/kern_mutex.c
M> 
==
M> --- head/sys/kern/kern_mutex.c   Mon Feb 20 17:33:25 2017
(r313995)
M> +++ head/sys/kern/kern_mutex.c   Mon Feb 20 19:08:36 2017
(r313996)
M> @@ -696,6 +696,14 @@ _mtx_lock_spin_cookie(volatile uintptr_t
M>  lock_delay_arg_init(, _spin_delay);
M>  m = mtxlock2mtx(c);
M>  
M> +if (__predict_false(v == MTX_UNOWNED))
M> +v = MTX_READ_VALUE(m);
M> +
M> +if (__predict_false(v == tid)) {
M> +m->mtx_recurse++;
M> +return;
M> +}
M> +
M>  if (LOCK_LOG_TEST(>lock_object, opts))
M>  CTR1(KTR_LOCK, "_mtx_lock_spin: %p spinning", m);
M>  KTR_STATE1(KTR_SCHED, "thread", sched_tdname((struct thread *)tid),
M> 
M> Modified: head/sys/sys/mutex.h
M> 
==
M> --- head/sys/sys/mutex.h Mon Feb 20 17:33:25 2017(r313995)
M> +++ head/sys/sys/mutex.h Mon Feb 20 19:08:36 2017(r313996)
M> @@ -223,12 +223,9 @@ voidthread_lock_flags_(struct thread *,
M>  uintptr_t _v = MTX_UNOWNED; \
M>  \
M>  spinlock_enter();   \
M> -if (!_mtx_obtain_lock_fetch((mp), &_v, _tid)) { \
M> -if (_v == _tid) \
M> -(mp)->mtx_recurse++;\
M> -else\
M> -_mtx_lock_spin((mp), _v, _tid, (opts), (file), (line));\
M> -} else  \
M> +if (!_mtx_obtain_lock_fetch((mp), &_v, _tid))   \
M> +_mtx_lock_spin((mp), _v, _tid, (opts), (file), (line)); \
M> +else\
M>  LOCKSTAT_PROFILE_OBTAIN_LOCK_SUCCESS(spin__acquire, \
M>  mp, 0, 0, file, line);  \
M>  } while (0)
M> ___
M> svn-src-all@freebsd.org mailing list
M> https://lists.freebsd.org/mailman/listinfo/svn-src-all
M> To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

-- 
Totus tuus, Glebius.
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts

[Ngie Cooper]

On Wed, Feb 22, 2017 at 2:46 PM, Ngie Cooper  wrote:
...
> (Piggybacking on this thread) Silly question -- can all of these knobs
> please default to off and have a global knob, like securelevel..? Fine
> grained security is great, but it's really cumbersome tweaking
> everything properly if you don't need a set property. Otherwise we end
> up with similar complexity to Windows Group Policies (which is good,
> but also hell to wade through and thus requires MSDNAA training).

Correction: I meant MCE/MCP, not MSDNAA.

> Thanks,
> -Ngie
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts

[Ngie Cooper]

On Wed, Feb 22, 2017 at 12:26 PM, Bryan Drewery  wrote:
...
> I concur.
> In the original review for adding this I predicted today would come,
> https://reviews.freebsd.org/D6826.  I still think that it is very
> under-designed and under-thought out.
>
> I personally agree with hardening my system, but I have a number of
> issues with this approach:
>
> 1. It makes *1 installation* method do hardening, while every other
> installation method, and *upgrade* methods not do hardening.  So someone
> upgrading from 11.0 to 12.0 won't get hardening, but someone installing
> from bsdinstall for 12.0 fresh will get it.  There should not be a
> distinction between our installation/upgrade methods like this.
>
> 2. It ignores that FreeBSD is *generic Operating System* that serves
> many workflows.  Developers want all of this off, System Administrators
> want all of it on, and Desktop users may want a compromise of half of it
> to allow various drivers to work (not pointing at any specific sysctl
> right now).
>
> I think what is really needed is a system profile that lets you pick the
> workflow you are going to use the system for, and then set some
> reasonable defaults from there.  We will never all agree on the same
> defaults because we all are using the systems differently, but we can
> find some compromise if we make Use Cases, such as a System Profile
> would entail.
>
> I too would like to see this backed out.

(Piggybacking on this thread) Silly question -- can all of these knobs
please default to off and have a global knob, like securelevel..? Fine
grained security is great, but it's really cumbersome tweaking
everything properly if you don't need a set property. Otherwise we end
up with similar complexity to Windows Group Policies (which is good,
but also hell to wade through and thus requires MSDNAA training).
Thanks,
-Ngie
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314112 - in head/sys: boot/zfs cddl/boot/zfs

[Toomas Soome]

Author: tsoome
Date: Wed Feb 22 22:00:50 2017
New Revision: 314112
URL: https://svnweb.freebsd.org/changeset/base/314112

Log:
  loader: update symlink support in zfs reader
  
  As the current zfs file system is providing symlink via system attributes, 
need
  to update the code accordingly.
  
  Note, as the zfsboot code does not free the memory at this time, the
  object list will put some stress on the boot2 heap, eventually we should
  address the issue.
  
  Reviewed by:  allanjude, smh
  Approved by:  allanjude (mentor)
  Differential Revision:https://reviews.freebsd.org/D9706

Modified:
  head/sys/boot/zfs/zfsimpl.c
  head/sys/cddl/boot/zfs/zfsimpl.h

Modified: head/sys/boot/zfs/zfsimpl.c
==
--- head/sys/boot/zfs/zfsimpl.c Wed Feb 22 21:50:37 2017(r314111)
+++ head/sys/boot/zfs/zfsimpl.c Wed Feb 22 22:00:50 2017(r314112)
@@ -2264,6 +2264,61 @@ zfs_dnode_stat(const spa_t *spa, dnode_p
return (0);
 }
 
+static int
+zfs_dnode_readlink(const spa_t *spa, dnode_phys_t *dn, char *path, size_t 
psize)
+{
+   int rc = 0;
+
+   if (dn->dn_bonustype == DMU_OT_SA) {
+   sa_hdr_phys_t *sahdrp = NULL;
+   size_t size = 0;
+   void *buf = NULL;
+   int hdrsize;
+   char *p;
+
+   if (dn->dn_bonuslen != 0)
+   sahdrp = (sa_hdr_phys_t *)DN_BONUS(dn);
+   else {
+   blkptr_t *bp;
+
+   if ((dn->dn_flags & DNODE_FLAG_SPILL_BLKPTR) == 0)
+   return (EIO);
+   bp = >dn_spill;
+
+   size = BP_GET_LSIZE(bp);
+   buf = zfs_alloc(size);
+   rc = zio_read(spa, bp, buf);
+   if (rc != 0) {
+   zfs_free(buf, size);
+   return (rc);
+   }
+   sahdrp = buf;
+   }
+   hdrsize = SA_HDR_SIZE(sahdrp);
+   p = (char *)((uintptr_t)sahdrp + hdrsize + SA_SYMLINK_OFFSET);
+   memcpy(path, p, psize);
+   if (buf != NULL)
+   zfs_free(buf, size);
+   return (0);
+   }
+   /*
+* Second test is purely to silence bogus compiler
+* warning about accessing past the end of dn_bonus.
+*/
+   if (psize + sizeof(znode_phys_t) <= dn->dn_bonuslen &&
+   sizeof(znode_phys_t) <= sizeof(dn->dn_bonus)) {
+   memcpy(path, >dn_bonus[sizeof(znode_phys_t)], psize);
+   } else {
+   rc = dnode_read(spa, dn, 0, path, psize);
+   }
+   return (rc);
+}
+
+struct obj_list {
+   uint64_tobjnum;
+   STAILQ_ENTRY(obj_list)  entry;
+};
+
 /*
  * Lookup a file and return its dnode.
  */
@@ -2271,7 +2326,7 @@ static int
 zfs_lookup(const struct zfsmount *mount, const char *upath, dnode_phys_t 
*dnode)
 {
int rc;
-   uint64_t objnum, rootnum, parentnum;
+   uint64_t objnum;
const spa_t *spa;
dnode_phys_t dn;
const char *p, *q;
@@ -2279,6 +2334,8 @@ zfs_lookup(const struct zfsmount *mount,
char path[1024];
int symlinks_followed = 0;
struct stat sb;
+   struct obj_list *entry;
+   STAILQ_HEAD(, obj_list) on_cache = STAILQ_HEAD_INITIALIZER(on_cache);
 
spa = mount->spa;
if (mount->objset.os_type != DMU_OST_ZFS) {
@@ -2287,87 +2344,119 @@ zfs_lookup(const struct zfsmount *mount,
return (EIO);
}
 
+   if ((entry = malloc(sizeof(struct obj_list))) == NULL)
+   return (ENOMEM);
+
/*
 * Get the root directory dnode.
 */
rc = objset_get_dnode(spa, >objset, MASTER_NODE_OBJ, );
-   if (rc)
+   if (rc) {
+   free(entry);
return (rc);
+   }
 
-   rc = zap_lookup(spa, , ZFS_ROOT_OBJ, sizeof (rootnum), 1, );
-   if (rc)
+   rc = zap_lookup(spa, , ZFS_ROOT_OBJ, sizeof (objnum), 1, );
+   if (rc) {
+   free(entry);
return (rc);
+   }
+   entry->objnum = objnum;
+   STAILQ_INSERT_HEAD(_cache, entry, entry);
 
-   rc = objset_get_dnode(spa, >objset, rootnum, );
-   if (rc)
-   return (rc);
+   rc = objset_get_dnode(spa, >objset, objnum, );
+   if (rc != 0)
+   goto done;
 
-   objnum = rootnum;
p = upath;
while (p && *p) {
+   rc = objset_get_dnode(spa, >objset, objnum, );
+   if (rc != 0)
+   goto done;
+
while (*p == '/')
p++;
-   if (!*p)
+   if (*p == '\0')
break;
-   q = strchr(p, '/');
-   if (q) {
-   memcpy(element, p, q - p);
-  

svn commit: r314111 - head/contrib/blacklist/libexec

[Kurt Lidl]

Author: lidl
Date: Wed Feb 22 21:50:37 2017
New Revision: 314111
URL: https://svnweb.freebsd.org/changeset/base/314111

Log:
  Improve ipfw rule creation for blacklist-helper script
  
  When blocking an address, the blacklist-helper script
  needs to do the following things for the ipfw packet
  filter:
  
   - create a table to hold the addresses to be blocked,
 so lookups can be done quickly, and place the address
 to be blocked in that table
   - create rule that does the lookup in the table and
 blocks the packet
  
  The ipfw system allows multiple rules to be inserted for
  a given rule number.  There only needs to be one rule
  to do the lookup per port.  Modify the script to probe
  for the existence of the rule before attempting to create
  it, so only one rule is inserted, rather than one rule per
  blocked address.
  
  PR:   214980
  Reported by:  azhegalov (at) gmail.com
  Reviewed by:  emaste
  MFC after:3 days
  Sponsored by: The FreeBSD Foundation
  Differential Revision:https://reviews.freebsd.org/D9681

Modified:
  head/contrib/blacklist/libexec/blacklistd-helper

Modified: head/contrib/blacklist/libexec/blacklistd-helper
==
--- head/contrib/blacklist/libexec/blacklistd-helperWed Feb 22 20:47:25 
2017(r314110)
+++ head/contrib/blacklist/libexec/blacklistd-helperWed Feb 22 21:50:37 
2017(r314111)
@@ -63,8 +63,11 @@ add)
tname="port$6"
/sbin/ipfw table $tname create type addr 2>/dev/null
/sbin/ipfw -q table $tname add "$addr/$mask"
-   /sbin/ipfw -q add $rule drop $3 from "table("$tname")" to \
-   any dst-port $6 && echo OK
+   # if rule number $rule does not already exist, create it
+   /sbin/ipfw show $rule >/dev/null 2>&1 || \
+   /sbin/ipfw add $rule drop $3 from \
+   table"("$tname")" to any dst-port $6 >/dev/null && \
+   echo OK
;;
npf)
/sbin/npfctl rule "$2" add block in final $proto from \
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314110 - in head: etc share/man/man4 share/man/man4/man4.i386

[Warner Losh]

Author: imp
Date: Wed Feb 22 20:47:25 2017
New Revision: 314110
URL: https://svnweb.freebsd.org/changeset/base/314110

Log:
  Remove more stray EISA refernces: ahb was removed. Remove the cross
  reference and replace, where appropiate, with ahd.4.

Modified:
  head/etc/devd.conf
  head/share/man/man4/adv.4
  head/share/man/man4/ahc.4
  head/share/man/man4/man4.i386/aic.4
  head/share/man/man4/scsi.4

Modified: head/etc/devd.conf
==
--- head/etc/devd.conf  Wed Feb 22 20:24:09 2017(r314109)
+++ head/etc/devd.conf  Wed Feb 22 20:47:25 2017(r314110)
@@ -19,7 +19,7 @@ options {
# Setup some shorthand for regex that we use later in the file.
#XXX Yes, these are gross -- imp
set scsi-controller-regex
-   "(aac|adv|adw|aha|ahb|ahc|ahd|aic|amr|bt|ciss|ct|dpt|\
+   "(aac|adv|adw|aha|ahc|ahd|aic|amr|bt|ciss|ct|dpt|\
esp|ida|iir|ips|isp|mlx|mly|mpt|ncr|ncv|nsp|stg|sym|trm)\
[0-9]+";
set wifi-driver-regex

Modified: head/share/man/man4/adv.4
==
--- head/share/man/man4/adv.4   Wed Feb 22 20:24:09 2017(r314109)
+++ head/share/man/man4/adv.4   Wed Feb 22 20:47:25 2017(r314110)
@@ -201,7 +201,6 @@ AdvanSys ABP980UA/3980UA
 .Sh SEE ALSO
 .Xr adw 4 ,
 .Xr aha 4 ,
-.Xr ahb 4 ,
 .Xr ahc 4 ,
 .Xr cd 4 ,
 .Xr da 4 ,

Modified: head/share/man/man4/ahc.4
==
--- head/share/man/man4/ahc.4   Wed Feb 22 20:24:09 2017(r314109)
+++ head/share/man/man4/ahc.4   Wed Feb 22 20:47:25 2017(r314110)
@@ -361,7 +361,7 @@ more SCB space available, the less host 
 and restoring SCB data.
 .Sh SEE ALSO
 .Xr aha 4 ,
-.Xr ahb 4 ,
+.Xr ahd 4 ,
 .Xr cd 4 ,
 .Xr da 4 ,
 .Xr sa 4 ,

Modified: head/share/man/man4/man4.i386/aic.4
==
--- head/share/man/man4/man4.i386/aic.4 Wed Feb 22 20:24:09 2017
(r314109)
+++ head/share/man/man4/man4.i386/aic.4 Wed Feb 22 20:47:25 2017
(r314110)
@@ -65,7 +65,6 @@ Adaptec AHA-1460, AHA-1460B, AHA-1460C, 
 .El
 .Sh SEE ALSO
 .Xr aha 4 ,
-.Xr ahb 4 ,
 .Xr ahc 4 ,
 .Xr cd 4 ,
 .Xr ch 4 ,

Modified: head/share/man/man4/scsi.4
==
--- head/share/man/man4/scsi.4  Wed Feb 22 20:24:09 2017(r314109)
+++ head/share/man/man4/scsi.4  Wed Feb 22 20:47:25 2017(r314110)
@@ -315,8 +315,8 @@ for details.
 .Sh SEE ALSO
 .Xr ada 4 ,
 .Xr aha 4 ,
-.Xr ahb 4 ,
 .Xr ahc 4 ,
+.Xr ahd 4 ,
 .Xr ahci 4 ,
 .Xr ata 4 ,
 .Xr bt 4 ,
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r314109 - head/sys/compat/linuxkpi/common/include/linux

[Conrad Meyer]

Thanks!

On Wed, Feb 22, 2017 at 12:24 PM, Hans Petter Selasky
 wrote:
> Author: hselasky
> Date: Wed Feb 22 20:24:09 2017
> New Revision: 314109
> URL: https://svnweb.freebsd.org/changeset/base/314109
>
> Log:
>   Convert magic values into macros in the LinuxKPI scatterlist
>   implementation.
>
>   Suggested by: cem @
>   MFC after:1 week
>   Sponsored by: Mellanox Technologies
>
> Modified:
>   head/sys/compat/linuxkpi/common/include/linux/scatterlist.h
>
> Modified: head/sys/compat/linuxkpi/common/include/linux/scatterlist.h
> ==
> --- head/sys/compat/linuxkpi/common/include/linux/scatterlist.h Wed Feb 22 
> 20:11:21 2017(r314108)
> +++ head/sys/compat/linuxkpi/common/include/linux/scatterlist.h Wed Feb 22 
> 20:24:09 2017(r314109)
> @@ -38,12 +38,15 @@
>
>  struct scatterlist {
> unsigned long page_link;
> +#defineSG_PAGE_LINK_CHAIN  0x1UL
> +#defineSG_PAGE_LINK_LAST   0x2UL
> +#defineSG_PAGE_LINK_MASK   0x3UL
> unsigned int offset;
> unsigned int length;
> dma_addr_t address;
>  };
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts

[Bryan Drewery]

On 2/21/2017 11:07 PM, Joel Dahl wrote:
> On Tue, Feb 21, 2017 at 02:40:02PM +, Alexey Dokuchaev wrote:
>> On Tue, Feb 21, 2017 at 08:34:29AM -0600, Eric Badger wrote:
>>> Thanks for working on making it easier to harden FreeBSD. While
>>> defaulting some of these options to "on" seem pretty harmless (e.g.
>>> random_pid), others are likely to cause confusion for new and
>>> experienced users alike (e.g. proc_debug. I've never used that option
>>> before, so I gave it a try. It simply causes gdb to hang when attempting
>>> to start a process, with no obvious indication of why).
>>
>> I concur.  In fact, harmless knobs should probably be turned on by default
>> in FreeBSD itself (i.e., without any "hardening" help from the installer),
>> while more intrusive ones should be opt-in, not opt-out.
> 
> I agree. Can we back this out and discuss it on current@?
> 

I concur.
In the original review for adding this I predicted today would come,
https://reviews.freebsd.org/D6826.  I still think that it is very
under-designed and under-thought out.

I personally agree with hardening my system, but I have a number of
issues with this approach:

1. It makes *1 installation* method do hardening, while every other
installation method, and *upgrade* methods not do hardening.  So someone
upgrading from 11.0 to 12.0 won't get hardening, but someone installing
from bsdinstall for 12.0 fresh will get it.  There should not be a
distinction between our installation/upgrade methods like this.

2. It ignores that FreeBSD is *generic Operating System* that serves
many workflows.  Developers want all of this off, System Administrators
want all of it on, and Desktop users may want a compromise of half of it
to allow various drivers to work (not pointing at any specific sysctl
right now).

I think what is really needed is a system profile that lets you pick the
workflow you are going to use the system for, and then set some
reasonable defaults from there.  We will never all agree on the same
defaults because we all are using the systems differently, but we can
find some compromise if we make Use Cases, such as a System Profile
would entail.

I too would like to see this backed out.

-- 
Regards,
Bryan Drewery



signature.asc
Description: OpenPGP digital signature

Re: svn commit: r314105 - head/sys/compat/linuxkpi/common/include/linux

[Hans Petter Selasky]

Hi,

On 02/22/17 20:42, Conrad Meyer wrote:

On Wed, Feb 22, 2017 at 11:31 AM, Hans Petter Selasky

Hi Hans,

Thanks for all of the linuxkpi work you've done lately.  i915 support
is very important to me!



You're welcome!


It would be nice to have some named constants for these masks.  The
bare numbers are used throughout this change.


See r314109.

--HPS


___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314109 - head/sys/compat/linuxkpi/common/include/linux

[Hans Petter Selasky]

Author: hselasky
Date: Wed Feb 22 20:24:09 2017
New Revision: 314109
URL: https://svnweb.freebsd.org/changeset/base/314109

Log:
  Convert magic values into macros in the LinuxKPI scatterlist
  implementation.
  
  Suggested by: cem @
  MFC after:1 week
  Sponsored by: Mellanox Technologies

Modified:
  head/sys/compat/linuxkpi/common/include/linux/scatterlist.h

Modified: head/sys/compat/linuxkpi/common/include/linux/scatterlist.h
==
--- head/sys/compat/linuxkpi/common/include/linux/scatterlist.h Wed Feb 22 
20:11:21 2017(r314108)
+++ head/sys/compat/linuxkpi/common/include/linux/scatterlist.h Wed Feb 22 
20:24:09 2017(r314109)
@@ -38,12 +38,15 @@
 
 struct scatterlist {
unsigned long page_link;
+#defineSG_PAGE_LINK_CHAIN  0x1UL
+#defineSG_PAGE_LINK_LAST   0x2UL
+#defineSG_PAGE_LINK_MASK   0x3UL
unsigned int offset;
unsigned int length;
dma_addr_t address;
 };
 
-CTASSERT((sizeof(struct scatterlist) & 0x3) == 0);
+CTASSERT((sizeof(struct scatterlist) & SG_PAGE_LINK_MASK) == 0);
 
 struct sg_table {
struct scatterlist *sgl;
@@ -65,10 +68,10 @@ struct sg_page_iter {
 
 #defineSG_MAGIC0x87654321UL
 
-#definesg_is_chain(sg) ((sg)->page_link & 0x01)
-#definesg_is_last(sg)  ((sg)->page_link & 0x02)
+#definesg_is_chain(sg) ((sg)->page_link & SG_PAGE_LINK_CHAIN)
+#definesg_is_last(sg)  ((sg)->page_link & SG_PAGE_LINK_LAST)
 #definesg_chain_ptr(sg)\
-   ((struct scatterlist *) ((sg)->page_link & ~0x03))
+   ((struct scatterlist *) ((sg)->page_link & ~SG_PAGE_LINK_MASK))
 
 #definesg_dma_address(sg)  (sg)->address
 #definesg_dma_len(sg)  (sg)->length
@@ -86,7 +89,7 @@ typedef void (sg_free_fn) (struct scatte
 static inline void
 sg_assign_page(struct scatterlist *sg, struct page *page)
 {
-   unsigned long page_link = sg->page_link & 0x3;
+   unsigned long page_link = sg->page_link & SG_PAGE_LINK_MASK;
 
sg->page_link = page_link | (unsigned long)page;
 }
@@ -103,7 +106,7 @@ sg_set_page(struct scatterlist *sg, stru
 static inline struct page *
 sg_page(struct scatterlist *sg)
 {
-   return ((struct page *)((sg)->page_link & ~0x3));
+   return ((struct page *)((sg)->page_link & ~SG_PAGE_LINK_MASK));
 }
 
 static inline void
@@ -138,14 +141,15 @@ sg_chain(struct scatterlist *prv, unsign
 
sg->offset = 0;
sg->length = 0;
-   sg->page_link = ((unsigned long)sgl | 0x01) & ~0x02;
+   sg->page_link = ((unsigned long)sgl |
+   SG_PAGE_LINK_CHAIN) & ~SG_PAGE_LINK_LAST;
 }
 
 static inline void
 sg_mark_end(struct scatterlist *sg)
 {
-   sg->page_link |= 0x02;
-   sg->page_link &= ~0x01;
+   sg->page_link |= SG_PAGE_LINK_LAST;
+   sg->page_link &= ~SG_PAGE_LINK_CHAIN;
 }
 
 static inline void
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts

[Slawa Olhovchenkov]

On Wed, Feb 22, 2017 at 10:13:41AM -0800, Conrad Meyer wrote:

> On Wed, Feb 22, 2017 at 10:05 AM, Slawa Olhovchenkov  wrote:
> > On Wed, Feb 22, 2017 at 08:11:14AM -0800, Conrad Meyer wrote:
> >
> >> On Wed, Feb 22, 2017 at 3:23 AM, Joel Dahl  wrote:
> >> > On Wed, Feb 22, 2017 at 07:56:52AM +, Bartłomiej Rutkowski wrote:
> >> >> I strongly believe we should, by default, ship as secured and hardened 
> >> >> as
> >> >> possible in order to improve overall security of new users 
> >> >> installations.
> >> >> Power users will and do change the OS as they please, they most likely
> >> >> don't use bsdinstall in first place, so they're not affected in any way.
> >> >
> >> > Sorry, I strongly disagree with that. I'm most likely a "power user" and 
> >> > I use
> >> > bsdinstall.
> >>
> >> Ditto.  I'm also unfamiliar enough with the installer to trip on this
> >> kind of thing.  Slawa's proposed "disable all" option would be fine.
> >
> > My english not enought fluent for more explicate proposal, from my
> > point most of this options do hardened in only limited cases, for
> > other cases same options do system more un-hardened by force working
> > as root. Some have unevident effects (/tmp cleaning, for example).
> 
> Yep.  I am not concerned about disabling sendmail or remote syslog by
> default, though.

Also, what mean by 'disabling remote syslog'?
As I know syslogd by default don't collect remote messages and need -a
options. May be this is about -s options? How many -s? Not clean.

___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314108 - stable/11

[Dmitry Chagin]

Author: dchagin
Date: Wed Feb 22 20:11:21 2017
New Revision: 314108
URL: https://svnweb.freebsd.org/changeset/base/314108

Log:
  Record mergeinfo for r313284, r313285, r313684, r313912 missied in r314107.

Modified:
Directory Properties:
  stable/11/   (props changed)
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314107 - in stable/11/sys: amd64/linux amd64/linux32 compat/linux i386/linux

[Dmitry Chagin]

Author: dchagin
Date: Wed Feb 22 19:57:59 2017
New Revision: 314107
URL: https://svnweb.freebsd.org/changeset/base/314107

Log:
  MFC r313284:
  
Update syscall.master to 4.10-rc6. Also fix comments, a typo,
and wrong numbering for a few unimplemented syscalls.
  
For 32-bit Linuxulator, socketcall() syscall was historically
the entry point for the sockets API. Starting in Linux 4.3, direct
syscalls are provided for the sockets API. Enable it.
  
The initial version of patch was provided by trasz@ and extended by me.
  
  MFC r313285:
  
Regen after r313284.
  
  MFC r313684:
  
Fix r313284.
  
Members of the syscall argument structures are padded to a word size. So,
for COMPAT_LINUX32 we should convert user supplied system call arguments
which is 32-bit in that case to the array of register_t.
  
  MFC r313912:
  
Finish r313684.
  
Convert linux_recv(), linux_send() and linux_accept() system call arguments
to the register_t type too.

Modified:
  stable/11/sys/amd64/linux/linux_dummy.c
  stable/11/sys/amd64/linux/linux_proto.h
  stable/11/sys/amd64/linux/linux_syscall.h
  stable/11/sys/amd64/linux/linux_syscalls.c
  stable/11/sys/amd64/linux/linux_sysent.c
  stable/11/sys/amd64/linux/linux_systrace_args.c
  stable/11/sys/amd64/linux/syscalls.master
  stable/11/sys/amd64/linux32/linux32_dummy.c
  stable/11/sys/amd64/linux32/linux32_proto.h
  stable/11/sys/amd64/linux32/linux32_syscall.h
  stable/11/sys/amd64/linux32/linux32_syscalls.c
  stable/11/sys/amd64/linux32/linux32_sysent.c
  stable/11/sys/amd64/linux32/linux32_systrace_args.c
  stable/11/sys/amd64/linux32/syscalls.master
  stable/11/sys/compat/linux/linux_socket.c
  stable/11/sys/compat/linux/linux_socket.h
  stable/11/sys/i386/linux/linux_dummy.c
  stable/11/sys/i386/linux/linux_proto.h
  stable/11/sys/i386/linux/linux_syscall.h
  stable/11/sys/i386/linux/linux_syscalls.c
  stable/11/sys/i386/linux/linux_sysent.c
  stable/11/sys/i386/linux/linux_systrace_args.c
  stable/11/sys/i386/linux/syscalls.master

Modified: stable/11/sys/amd64/linux/linux_dummy.c
==
--- stable/11/sys/amd64/linux/linux_dummy.c Wed Feb 22 19:39:54 2017
(r314106)
+++ stable/11/sys/amd64/linux/linux_dummy.c Wed Feb 22 19:57:59 2017
(r314107)
@@ -82,41 +82,86 @@ DUMMY(mq_timedreceive);
 DUMMY(mq_notify);
 DUMMY(mq_getsetattr);
 DUMMY(kexec_load);
+/* linux 2.6.11: */
 DUMMY(add_key);
 DUMMY(request_key);
 DUMMY(keyctl);
+/* linux 2.6.13: */
 DUMMY(ioprio_set);
 DUMMY(ioprio_get);
 DUMMY(inotify_init);
 DUMMY(inotify_add_watch);
 DUMMY(inotify_rm_watch);
+/* linux 2.6.16: */
 DUMMY(migrate_pages);
 DUMMY(unshare);
+/* linux 2.6.17: */
 DUMMY(splice);
 DUMMY(tee);
 DUMMY(sync_file_range);
 DUMMY(vmsplice);
+/* linux 2.6.18: */
 DUMMY(move_pages);
+/* linux 2.6.22: */
 DUMMY(signalfd);
-DUMMY(timerfd);
+DUMMY(timerfd_create);
+/* linux 2.6.25: */
 DUMMY(timerfd_settime);
 DUMMY(timerfd_gettime);
+/* linux 2.6.27: */
 DUMMY(signalfd4);
 DUMMY(inotify_init1);
+/* linux 2.6.30: */
 DUMMY(preadv);
 DUMMY(pwritev);
-DUMMY(rt_tsigqueueinfo);
+/* linux 2.6.31: */
+DUMMY(rt_tgsigqueueinfo);
 DUMMY(perf_event_open);
+/* linux 2.6.38: */
 DUMMY(fanotify_init);
 DUMMY(fanotify_mark);
+/* linux 2.6.39: */
 DUMMY(name_to_handle_at);
 DUMMY(open_by_handle_at);
 DUMMY(clock_adjtime);
+/* linux 3.0: */
 DUMMY(setns);
+DUMMY(getcpu);
+/* linux 3.2: */
 DUMMY(process_vm_readv);
 DUMMY(process_vm_writev);
+/* linux 3.5: */
 DUMMY(kcmp);
+/* linux 3.8: */
 DUMMY(finit_module);
+DUMMY(sched_setattr);
+DUMMY(sched_getattr);
+/* linux 3.14: */
+DUMMY(renameat2);
+/* linux 3.15: */
+DUMMY(seccomp);
+DUMMY(getrandom);
+DUMMY(memfd_create);
+DUMMY(kexec_file_load);
+/* linux 3.18: */
+DUMMY(bpf);
+/* linux 3.19: */
+DUMMY(execveat);
+/* linux 4.2: */
+DUMMY(userfaultfd);
+/* linux 4.3: */
+DUMMY(membarrier);
+/* linux 4.4: */
+DUMMY(mlock2);
+/* linux 4.5: */
+DUMMY(copy_file_range);
+/* linux 4.6: */
+DUMMY(preadv2);
+DUMMY(pwritev2);
+/* linux 4.8: */
+DUMMY(pkey_mprotect);
+DUMMY(pkey_alloc);
+DUMMY(pkey_free);
 
 #define DUMMY_XATTR(s) \
 int\

Modified: stable/11/sys/amd64/linux/linux_proto.h
==
--- stable/11/sys/amd64/linux/linux_proto.h Wed Feb 22 19:39:54 2017
(r314106)
+++ stable/11/sys/amd64/linux/linux_proto.h Wed Feb 22 19:57:59 2017
(r314107)
@@ -3,7 +3,7 @@
  *
  * DO NOT EDIT-- this file is automatically generated.
  * $FreeBSD$
- * created from FreeBSD: head/sys/amd64/linux/syscalls.master 302515 
2016-07-10 08:15:50Z dchagin 
+ * created from FreeBSD: head/sys/amd64/linux/syscalls.master 313284 
2017-02-05 14:17:09Z dchagin
  */
 
 #ifndef _LINUX_SYSPROTO_H_
@@ -1000,7 +1000,7 @@ struct linux_epoll_pwait_args {
 struct linux_signalfd_args 

Re: svn commit: r314105 - head/sys/compat/linuxkpi/common/include/linux

[Conrad Meyer]

On Wed, Feb 22, 2017 at 11:31 AM, Hans Petter Selasky
 wrote:
> Author: hselasky
> Date: Wed Feb 22 19:31:02 2017
> New Revision: 314105
> URL: https://svnweb.freebsd.org/changeset/base/314105
>
> Log:
>   Improve LinuxKPI scatter list support.
>
>   The i915kms driver in Linux 4.9 reimplement parts of the scatter list
>   functions with regards to performance. In other words there is not so
>   much room for changing structure layouts and functionality if the
>   i915kms should be built AS-IS. This patch aligns the scatter list
>   support to what is expected by the i915kms driver. Remove some
>   comments not needed while at it.
>
>   ...
>
> +CTASSERT((sizeof(struct scatterlist) & 0x3) == 0);
> +
>  struct sg_table {
> struct scatterlist *sgl;
> unsigned int nents;
> @@ -56,58 +55,79 @@ struct sg_page_iter {
> struct scatterlist *sg;
> unsigned int sg_pgoffset;
> unsigned int maxents;
> +   struct {
> +   unsigned int nents;
> +   int pg_advance;
> +   } internal;
>  };
>
>  #defineSG_MAX_SINGLE_ALLOC (PAGE_SIZE / sizeof(struct 
> scatterlist))
>
> +#defineSG_MAGIC0x87654321UL
> +
> +#definesg_is_chain(sg) ((sg)->page_link & 0x01)
> +#definesg_is_last(sg)  ((sg)->page_link & 0x02)
> +#definesg_chain_ptr(sg)\
> +   ((struct scatterlist *) ((sg)->page_link & ~0x03))

Hi Hans,

Thanks for all of the linuxkpi work you've done lately.  i915 support
is very important to me!

It would be nice to have some named constants for these masks.  The
bare numbers are used throughout this change.

Thanks,
Conrad
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314106 - in head/sys: compat/linuxkpi/common/include/linux compat/linuxkpi/common/src conf modules/linuxkpi

[Hans Petter Selasky]

Author: hselasky
Date: Wed Feb 22 19:39:54 2017
New Revision: 314106
URL: https://svnweb.freebsd.org/changeset/base/314106

Log:
  Optimise unmapped LinuxKPI page allocations.
  
  When allocating unmapped pages, take advantage of the direct map on
  AMD64 to get the virtual address corresponding to a page. Else all
  pages allocated must be mapped because sometimes the virtual address
  of a page is requested.
  
  Move all page allocation and deallocation code into an own C-file.
  
  Add support for GFP_DMA32, GFP_KERNEL, GFP_ATOMIC and __GFP_ZERO
  allocation flags.
  
  Make a clear separation between mapped and unmapped allocations.
  
  Obtained from:kmacy @
  MFC after:1 week
  Sponsored by: Mellanox Technologies

Added:
  head/sys/compat/linuxkpi/common/src/linux_page.c   (contents, props changed)
Modified:
  head/sys/compat/linuxkpi/common/include/linux/gfp.h
  head/sys/conf/files
  head/sys/modules/linuxkpi/Makefile

Modified: head/sys/compat/linuxkpi/common/include/linux/gfp.h
==
--- head/sys/compat/linuxkpi/common/include/linux/gfp.h Wed Feb 22 19:31:02 
2017(r314105)
+++ head/sys/compat/linuxkpi/common/include/linux/gfp.h Wed Feb 22 19:39:54 
2017(r314106)
@@ -2,7 +2,7 @@
  * Copyright (c) 2010 Isilon Systems, Inc.
  * Copyright (c) 2010 iX Systems, Inc.
  * Copyright (c) 2010 Panasas, Inc.
- * Copyright (c) 2013 Mellanox Technologies, Ltd.
+ * Copyright (c) 2013-2017 Mellanox Technologies, Ltd.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -67,94 +67,106 @@
 #defineGFP_TEMPORARY   M_NOWAIT
 #defineGFP_NATIVE_MASK (M_NOWAIT | M_WAITOK | M_USE_RESERVE | M_ZERO)
 
-static inline void *
-page_address(struct page *page)
+/*
+ * Resolve a page into a virtual address:
+ *
+ * NOTE: This function only works for pages allocated by the kernel.
+ */
+extern void *linux_page_address(struct page *);
+
+#definepage_address(page) linux_page_address(page)
+
+/*
+ * Page management for unmapped pages:
+ */
+extern vm_page_t linux_alloc_pages(gfp_t flags, unsigned int order);
+extern void linux_free_pages(vm_page_t page, unsigned int order);
+
+static inline struct page *
+alloc_page(gfp_t flags)
 {
 
-   if (page->object != kmem_object && page->object != kernel_object)
-   return (NULL);
-   return ((void *)(uintptr_t)(VM_MIN_KERNEL_ADDRESS +
-   IDX_TO_OFF(page->pindex)));
+   return (linux_alloc_pages(flags, 0));
 }
 
-static inline unsigned long
-linux_get_page(gfp_t mask)
+static inline struct page *
+alloc_pages(gfp_t flags, unsigned int order)
 {
 
-   return kmem_malloc(kmem_arena, PAGE_SIZE, mask);
+   return (linux_alloc_pages(flags, order));
 }
 
-#defineget_zeroed_page(mask)   linux_get_page((mask) | M_ZERO)
-#definealloc_page(mask)virt_to_page(linux_get_page((mask)))
-#define__get_free_page(mask)   linux_get_page((mask))
+static inline struct page *
+alloc_pages_node(int node_id, gfp_t flags, unsigned int order)
+{
+
+   return (linux_alloc_pages(flags, order));
+}
 
 static inline void
-free_page(unsigned long page)
+__free_pages(struct page *page, unsigned int order)
 {
 
-   if (page == 0)
-   return;
-   kmem_free(kmem_arena, page, PAGE_SIZE);
+   linux_free_pages(page, order);
 }
 
 static inline void
-__free_page(struct page *m)
+__free_page(struct page *page)
 {
 
-   if (m->object != kmem_object)
-   panic("__free_page:  Freed page %p not allocated via wrappers.",
-   m);
-   kmem_free(kmem_arena, (vm_offset_t)page_address(m), PAGE_SIZE);
+   linux_free_pages(page, 0);
 }
 
-static inline void
-__free_pages(struct page *m, unsigned int order)
+/*
+ * Page management for mapped pages:
+ */
+extern vm_offset_t linux_alloc_kmem(gfp_t flags, unsigned int order);
+extern void linux_free_kmem(vm_offset_t, unsigned int order);
+
+static inline vm_offset_t
+get_zeroed_page(gfp_t flags)
 {
-   size_t size;
 
-   if (m == NULL)
-   return;
-   size = PAGE_SIZE << order;
-   kmem_free(kmem_arena, (vm_offset_t)page_address(m), size);
+   return (linux_alloc_kmem(flags | __GFP_ZERO, 0));
 }
 
-static inline void free_pages(uintptr_t addr, unsigned int order)
+static inline vm_offset_t
+__get_free_page(gfp_t flags)
 {
-   if (addr == 0)
-   return;
-   __free_pages(virt_to_page((void *)addr), order);
+
+   return (linux_alloc_kmem(flags, 0));
 }
 
-/*
- * Alloc pages allocates directly from the buddy allocator on linux so
- * order specifies a power of two bucket of pages and the results
- * are expected to be aligned on the size as well.
- */
-static inline struct page *
-alloc_pages(gfp_t gfp_mask, unsigned int order)
+static inline vm_offset_t
+__get_free_pages(gfp_t flags, unsigned int order)
 {
-

Re: svn commit: r314087 - head/sys/x86/x86

[Bruce Evans]

On Wed, 22 Feb 2017, Konstantin Belousov wrote:


Log:
 More fixes for regression in r313898 on i386.
 Use long long constants where needed.


The long long abomination is never needed, and is always a style bug.

I removed almost all long long constants ~20 years ago, but there are
now thousands more than when I started.


Modified: head/sys/x86/x86/x86_mem.c
==
--- head/sys/x86/x86/x86_mem.c  Wed Feb 22 06:43:49 2017(r314086)
+++ head/sys/x86/x86/x86_mem.c  Wed Feb 22 07:07:05 2017(r314087)
@@ -260,7 +260,7 @@ x86_mrfetch(struct mem_range_softc *sc)

/* Compute the range from the mask. Ick. */
mrd->mr_len = (~(msrv & mtrr_physmask) &
-   (mtrr_physmask | 0xfffL)) + 1;
+   (mtrr_physmask | 0xfffLL)) + 1;


Not needed here.  The old i386 version did spell it like this.


if (!mrvalid(mrd->mr_base, mrd->mr_len))
mrd->mr_flags |= MDF_BOGUS;

@@ -638,7 +638,7 @@ x86_mrinit(struct mem_range_softc *sc)
 * Determine the size of the PhysMask and PhysBase fields in
 * the variable range MTRRs.
 */
-   mtrr_physmask = (((uint64_t)1 << cpu_maxphyaddr) - 1) & ~0xfffUL;
+   mtrr_physmask = (((uint64_t)1 << cpu_maxphyaddr) - 1) & ~0xfffULL;


A 64-bit constant is needed here, but spelling it with ULL is a larger
style bug than usual, since the other 64-bit constant on the same line
is spelled without ULL.

The old i386 version spelled both of the constants on this line with ULL,
and the old amd64 version spelled them both with UL, but someone named kib
fixed the style bug for the first and added the type error for the second
when merging them.



/* If fixed MTRRs supported and enabled. */
if ((mtrrcap & MTRR_CAP_FIXED) && (mtrrdef & MTRR_DEF_FIXED_ENABLE)) {


I don't like using explicit long constants either.  Here the number of bits
in the register is fixed by the hardware at 64.  The number of bits in a
long on amd64 and a long on i386 is only fixed by ABI because the ABI is
broken for historical reasons.  Only very MD code can safely assume the
size of long and long long.  This code was MD enough before it was merged,
but now it shouldn't use long since that varies between amd64 and i386,
and it shouldn't use long long since that is a style bug.

x86/x86 only has 17 lines using u_long, and all are wrong:
- most are for counters.  Some counters should be 64 bits, but changing
  them on i386 would cause portability problems.
- ones for lapic timer divisors and frequency should be just int or
  possibly u_register_t
- ones for 16-bit segment registers should be just int or possibly uint16_t
- ones for cr0 and cr4 should be u_register_t.

x86/x86 has 40 lines using long.  Many of the other 23 are wronger:
- some in comments are not about the long type and are not wrong
- many are in comments which say that the resource type is long, but the
  resource type is now rman_res_t = uintmax_t.  It never was signed and
  is now larger than u_long on i386.  Some nearby types are wrong to
  match.  E.g., in nexus_add_irq(), the irq number should be int but
  is u_long.  This u_long matched the old rman type exactly, but now
  gets converted by a prototype.  There is a non-style bug here: smap
  handling above 4GB is turned off for i386 and PAE, with a comment
  saying that this is because resources use long's (sic).  There are
  2 copies of the code for this, with the type suffix spelled as ul
  instead of UL.  ~0ul is a magic i386 way of spelling 4GB-1.  It
  only works because it is under i386 ifdefs.  This is in nexus.c.
  nexus.c otherwise doesn't use 0ul or 0UL.
- some for lapics are for small integers and should be just int
- many in mca.c are the long long abomination used for printf()s and
  should be [u]intmax_t
- 1 in pvclock.c is u_long spelled verbosely as unsigned long
- many in stack_machdep.c are in bogus casts of pointers.  These should
  use uintptr_t.  Casting pointers to access them using atomic ops is
  bogus using (uintptr_t *) too.  uintptr_t is only valid for casting
  pointers directly.  Of course it works indirectly since everything has
  the same width as register_t.

Bruce
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314105 - head/sys/compat/linuxkpi/common/include/linux

[Hans Petter Selasky]

Author: hselasky
Date: Wed Feb 22 19:31:02 2017
New Revision: 314105
URL: https://svnweb.freebsd.org/changeset/base/314105

Log:
  Improve LinuxKPI scatter list support.
  
  The i915kms driver in Linux 4.9 reimplement parts of the scatter list
  functions with regards to performance. In other words there is not so
  much room for changing structure layouts and functionality if the
  i915kms should be built AS-IS. This patch aligns the scatter list
  support to what is expected by the i915kms driver. Remove some
  comments not needed while at it.
  
  Obtained from:kmacy @
  MFC after:1 week
  Sponsored by: Mellanox Technologies

Modified:
  head/sys/compat/linuxkpi/common/include/linux/scatterlist.h

Modified: head/sys/compat/linuxkpi/common/include/linux/scatterlist.h
==
--- head/sys/compat/linuxkpi/common/include/linux/scatterlist.h Wed Feb 22 
18:44:57 2017(r314104)
+++ head/sys/compat/linuxkpi/common/include/linux/scatterlist.h Wed Feb 22 
19:31:02 2017(r314105)
@@ -2,7 +2,7 @@
  * Copyright (c) 2010 Isilon Systems, Inc.
  * Copyright (c) 2010 iX Systems, Inc.
  * Copyright (c) 2010 Panasas, Inc.
- * Copyright (c) 2013-2015 Mellanox Technologies, Ltd.
+ * Copyright (c) 2013-2017 Mellanox Technologies, Ltd.
  * Copyright (c) 2015 Matthew Dillon 
  * All rights reserved.
  *
@@ -34,18 +34,17 @@
 
 #include 
 #include 
+#include 
 
 struct scatterlist {
-   union {
-   struct page *page;
-   struct scatterlist *sg;
-   }   sl_un;
+   unsigned long page_link;
+   unsigned int offset;
+   unsigned int length;
dma_addr_t address;
-   unsigned long offset;
-   uint32_t length;
-   uint32_t flags;
 };
 
+CTASSERT((sizeof(struct scatterlist) & 0x3) == 0);
+
 struct sg_table {
struct scatterlist *sgl;
unsigned int nents;
@@ -56,58 +55,79 @@ struct sg_page_iter {
struct scatterlist *sg;
unsigned int sg_pgoffset;
unsigned int maxents;
+   struct {
+   unsigned int nents;
+   int pg_advance;
+   } internal;
 };
 
 #defineSG_MAX_SINGLE_ALLOC (PAGE_SIZE / sizeof(struct scatterlist))
 
+#defineSG_MAGIC0x87654321UL
+
+#definesg_is_chain(sg) ((sg)->page_link & 0x01)
+#definesg_is_last(sg)  ((sg)->page_link & 0x02)
+#definesg_chain_ptr(sg)\
+   ((struct scatterlist *) ((sg)->page_link & ~0x03))
+
 #definesg_dma_address(sg)  (sg)->address
 #definesg_dma_len(sg)  (sg)->length
-#definesg_page(sg) (sg)->sl_un.page
-#definesg_scatternext(sg)  (sg)->sl_un.sg
 
-#defineSG_END  0x01
-#defineSG_CHAIN0x02
+#definefor_each_sg_page(sgl, iter, nents, pgoffset)
\
+   for (_sg_iter_init(sgl, iter, nents, pgoffset); \
+(iter)->sg; _sg_iter_next(iter))
+
+#definefor_each_sg(sglist, sg, sgmax, iter)
\
+   for (iter = 0, sg = (sglist); iter < (sgmax); iter++, sg = sg_next(sg))
+
+typedef struct scatterlist *(sg_alloc_fn) (unsigned int, gfp_t);
+typedef void (sg_free_fn) (struct scatterlist *, unsigned int);
+
+static inline void
+sg_assign_page(struct scatterlist *sg, struct page *page)
+{
+   unsigned long page_link = sg->page_link & 0x3;
+
+   sg->page_link = page_link | (unsigned long)page;
+}
 
 static inline void
 sg_set_page(struct scatterlist *sg, struct page *page, unsigned int len,
 unsigned int offset)
 {
-   sg_page(sg) = page;
-   sg_dma_len(sg) = len;
+   sg_assign_page(sg, page);
sg->offset = offset;
-   if (offset > PAGE_SIZE)
-   panic("sg_set_page: Invalid offset %d\n", offset);
+   sg->length = len;
 }
 
-static inline void
-sg_set_buf(struct scatterlist *sg, const void *buf, unsigned int buflen)
+static inline struct page *
+sg_page(struct scatterlist *sg)
 {
-   sg_set_page(sg, virt_to_page(buf), buflen,
-   ((uintptr_t)buf) & (PAGE_SIZE - 1));
+   return ((struct page *)((sg)->page_link & ~0x3));
 }
 
 static inline void
-sg_init_table(struct scatterlist *sg, unsigned int nents)
+sg_set_buf(struct scatterlist *sg, const void *buf, unsigned int buflen)
 {
-   bzero(sg, sizeof(*sg) * nents);
-   sg[nents - 1].flags = SG_END;
+   sg_set_page(sg, virt_to_page(buf), buflen,
+   ((uintptr_t)buf) & (PAGE_SIZE - 1));
 }
 
 static inline struct scatterlist *
 sg_next(struct scatterlist *sg)
 {
-   if (sg->flags & SG_END)
+   if (sg_is_last(sg))
return (NULL);
sg++;
-   if (sg->flags & SG_CHAIN)
-   sg = sg_scatternext(sg);
+   if (sg_is_chain(sg))
+   sg = sg_chain_ptr(sg);
return (sg);
 }
 
 static inline 

Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts

[Shawn Webb]

On Wed, Feb 22, 2017 at 02:23:26PM -0500, Allan Jude wrote:
> On 2017-02-22 13:13, Conrad Meyer wrote:
> > On Wed, Feb 22, 2017 at 10:05 AM, Slawa Olhovchenkov  
> > wrote:
> >> On Wed, Feb 22, 2017 at 08:11:14AM -0800, Conrad Meyer wrote:
> >>
> >>> On Wed, Feb 22, 2017 at 3:23 AM, Joel Dahl  wrote:
>  On Wed, Feb 22, 2017 at 07:56:52AM +, Bart??omiej Rutkowski wrote:
> > I strongly believe we should, by default, ship as secured and hardened 
> > as
> > possible in order to improve overall security of new users 
> > installations.
> > Power users will and do change the OS as they please, they most likely
> > don't use bsdinstall in first place, so they're not affected in any way.
> 
>  Sorry, I strongly disagree with that. I'm most likely a "power user" and 
>  I use
>  bsdinstall.
> >>>
> >>> Ditto.  I'm also unfamiliar enough with the installer to trip on this
> >>> kind of thing.  Slawa's proposed "disable all" option would be fine.
> >>
> >> My english not enought fluent for more explicate proposal, from my
> >> point most of this options do hardened in only limited cases, for
> >> other cases same options do system more un-hardened by force working
> >> as root. Some have unevident effects (/tmp cleaning, for example).
> > 
> > Yep.  I am not concerned about disabling sendmail or remote syslog by
> > default, though.
> > 
> >> For many users this options will be source of weird issuses (gdb don't
> >> work? fucking ugly freebsd! migrate to linux).
> > 
> > Yeah, I am concerned about this too.  (Also: "ps doesn't work" would
> > be a big newbie sysadmin headache.)
> > 
> >> This is evil trend of enforcing weird solutions under the auspices of
> >> 'my safety': airport security check, backgound check on every point,
> >> lawfull intercept, block access to hardware management in safety
> >> enviroment by 'leak ecnription'. I am enoght smart for self-sufficient
> >> security risk assessment!
> >>
> >> Industry already have at some "hardened" BSD: OpenBSD and HardenedBSD.
> >> Waht about market share?
> > 
> > Best,
> > Conrad
> > 
> 
> Yeah, a think a number of these options are good, but a bunch are no go.
> I do not want something deleting my files from /tmp unexpectedly. TrueOS
> has that on by default, and it has eaten useful files a few too many times.
> 
> Breaking gdb should NOT be on by default either.
> 
> For some of the others, having them on by default in bsdinstall might be
> a good way to 'test' the features under a wider user load, before we
> switch the defaults for the sysctls.

FYI: HardenedBSD has had the sysctl nodes set for a while now (> 1
year). The only "gotcha" moment we've had is with ASAN requiring the
ability to determine memory maps, which is broken by setting
security.bsd.unprivileged_proc_debug to 0.

HardenedBSD has also set security.bsd.hardlink_check_gid and
security.bsd.hardlink_check_uid both to 1.

Thanks,

-- 
Shawn Webb
Cofounder and Security Engineer
HardenedBSD

GPG Key ID:  0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE


signature.asc
Description: PGP signature

Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts

[Allan Jude]

On 2017-02-22 13:13, Conrad Meyer wrote:
> On Wed, Feb 22, 2017 at 10:05 AM, Slawa Olhovchenkov  wrote:
>> On Wed, Feb 22, 2017 at 08:11:14AM -0800, Conrad Meyer wrote:
>>
>>> On Wed, Feb 22, 2017 at 3:23 AM, Joel Dahl  wrote:
 On Wed, Feb 22, 2017 at 07:56:52AM +, Bartłomiej Rutkowski wrote:
> I strongly believe we should, by default, ship as secured and hardened as
> possible in order to improve overall security of new users installations.
> Power users will and do change the OS as they please, they most likely
> don't use bsdinstall in first place, so they're not affected in any way.

 Sorry, I strongly disagree with that. I'm most likely a "power user" and I 
 use
 bsdinstall.
>>>
>>> Ditto.  I'm also unfamiliar enough with the installer to trip on this
>>> kind of thing.  Slawa's proposed "disable all" option would be fine.
>>
>> My english not enought fluent for more explicate proposal, from my
>> point most of this options do hardened in only limited cases, for
>> other cases same options do system more un-hardened by force working
>> as root. Some have unevident effects (/tmp cleaning, for example).
> 
> Yep.  I am not concerned about disabling sendmail or remote syslog by
> default, though.
> 
>> For many users this options will be source of weird issuses (gdb don't
>> work? fucking ugly freebsd! migrate to linux).
> 
> Yeah, I am concerned about this too.  (Also: "ps doesn't work" would
> be a big newbie sysadmin headache.)
> 
>> This is evil trend of enforcing weird solutions under the auspices of
>> 'my safety': airport security check, backgound check on every point,
>> lawfull intercept, block access to hardware management in safety
>> enviroment by 'leak ecnription'. I am enoght smart for self-sufficient
>> security risk assessment!
>>
>> Industry already have at some "hardened" BSD: OpenBSD and HardenedBSD.
>> Waht about market share?
> 
> Best,
> Conrad
> 

Yeah, a think a number of these options are good, but a bunch are no go.
I do not want something deleting my files from /tmp unexpectedly. TrueOS
has that on by default, and it has eaten useful files a few too many times.

Breaking gdb should NOT be on by default either.

For some of the others, having them on by default in bsdinstall might be
a good way to 'test' the features under a wider user load, before we
switch the defaults for the sysctls.

-- 
Allan Jude



signature.asc
Description: OpenPGP digital signature

svn commit: r314104 - head/lib/libcxxrt

[Dimitry Andric]

Author: dim
Date: Wed Feb 22 18:44:57 2017
New Revision: 314104
URL: https://svnweb.freebsd.org/changeset/base/314104

Log:
  Surround any unmangled C++ names in libcxxrt's version map with 'extern
  "C++"', otherwise ld refuses to make the symbols global in the final
  library.  This causes the __int128-related symbols to go missing when
  the library is stripped during installation.
  
  Helpful hints:emaste
  MFC after:2 weeks
  X-MFC-With:   r314061

Modified:
  head/lib/libcxxrt/Version.map

Modified: head/lib/libcxxrt/Version.map
==
--- head/lib/libcxxrt/Version.map   Wed Feb 22 17:57:24 2017
(r314103)
+++ head/lib/libcxxrt/Version.map   Wed Feb 22 18:44:57 2017
(r314104)
@@ -255,12 +255,14 @@ CXXABI_1.3.1 {
 } CXXABI_1.3;
 
 CXXABI_1.3.5 {
-"typeinfo for __int128 const*";
-"typeinfo for __int128";
-"typeinfo for __int128*";
-"typeinfo for unsigned __int128 const*";
-"typeinfo for unsigned __int128";
-"typeinfo for unsigned __int128*";
+extern "C++" {
+"typeinfo for __int128 const*";
+"typeinfo for __int128";
+"typeinfo for __int128*";
+"typeinfo for unsigned __int128 const*";
+"typeinfo for unsigned __int128";
+"typeinfo for unsigned __int128*";
+};
 } CXXABI_1.3.1;
 
 CXXABI_1.3.6 {
@@ -268,12 +270,14 @@ CXXABI_1.3.6 {
 } CXXABI_1.3.5;
 
 CXXABI_1.3.9 {
-"typeinfo name for __int128 const*";
-"typeinfo name for __int128";
-"typeinfo name for __int128*";
-"typeinfo name for unsigned __int128 const*";
-"typeinfo name for unsigned __int128";
-"typeinfo name for unsigned __int128*";
+extern "C++" {
+"typeinfo name for __int128 const*";
+"typeinfo name for __int128";
+"typeinfo name for __int128*";
+"typeinfo name for unsigned __int128 const*";
+"typeinfo name for unsigned __int128";
+"typeinfo name for unsigned __int128*";
+};
 } CXXABI_1.3.6;
 
 CXXRT_1.0 {
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts

[Conrad Meyer]

On Wed, Feb 22, 2017 at 10:05 AM, Slawa Olhovchenkov  wrote:
> On Wed, Feb 22, 2017 at 08:11:14AM -0800, Conrad Meyer wrote:
>
>> On Wed, Feb 22, 2017 at 3:23 AM, Joel Dahl  wrote:
>> > On Wed, Feb 22, 2017 at 07:56:52AM +, Bartłomiej Rutkowski wrote:
>> >> I strongly believe we should, by default, ship as secured and hardened as
>> >> possible in order to improve overall security of new users installations.
>> >> Power users will and do change the OS as they please, they most likely
>> >> don't use bsdinstall in first place, so they're not affected in any way.
>> >
>> > Sorry, I strongly disagree with that. I'm most likely a "power user" and I 
>> > use
>> > bsdinstall.
>>
>> Ditto.  I'm also unfamiliar enough with the installer to trip on this
>> kind of thing.  Slawa's proposed "disable all" option would be fine.
>
> My english not enought fluent for more explicate proposal, from my
> point most of this options do hardened in only limited cases, for
> other cases same options do system more un-hardened by force working
> as root. Some have unevident effects (/tmp cleaning, for example).

Yep.  I am not concerned about disabling sendmail or remote syslog by
default, though.

> For many users this options will be source of weird issuses (gdb don't
> work? fucking ugly freebsd! migrate to linux).

Yeah, I am concerned about this too.  (Also: "ps doesn't work" would
be a big newbie sysadmin headache.)

> This is evil trend of enforcing weird solutions under the auspices of
> 'my safety': airport security check, backgound check on every point,
> lawfull intercept, block access to hardware management in safety
> enviroment by 'leak ecnription'. I am enoght smart for self-sufficient
> security risk assessment!
>
> Industry already have at some "hardened" BSD: OpenBSD and HardenedBSD.
> Waht about market share?

Best,
Conrad
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts

[Slawa Olhovchenkov]

On Wed, Feb 22, 2017 at 08:11:14AM -0800, Conrad Meyer wrote:

> On Wed, Feb 22, 2017 at 3:23 AM, Joel Dahl  wrote:
> > On Wed, Feb 22, 2017 at 07:56:52AM +, Bartłomiej Rutkowski wrote:
> >> I strongly believe we should, by default, ship as secured and hardened as
> >> possible in order to improve overall security of new users installations.
> >> Power users will and do change the OS as they please, they most likely
> >> don't use bsdinstall in first place, so they're not affected in any way.
> >
> > Sorry, I strongly disagree with that. I'm most likely a "power user" and I 
> > use
> > bsdinstall.
> 
> Ditto.  I'm also unfamiliar enough with the installer to trip on this
> kind of thing.  Slawa's proposed "disable all" option would be fine.

My english not enought fluent for more explicate proposal, from my
point most of this options do hardened in only limited cases, for
other cases same options do system more un-hardened by force working
as root. Some have unevident effects (/tmp cleaning, for example).

For many users this options will be source of weird issuses (gdb don't
work? fucking ugly freebsd! migrate to linux).

This is evil trend of enforcing weird solutions under the auspices of
'my safety': airport security check, backgound check on every point,
lawfull intercept, block access to hardware management in safety
enviroment by 'leak ecnription'. I am enoght smart for self-sufficient
security risk assessment!

Industry already have at some "hardened" BSD: OpenBSD and HardenedBSD.
Waht about market share?
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314103 - stable/10/sys/dev/e1000

[Marius Strobl]

Author: marius
Date: Wed Feb 22 17:57:24 2017
New Revision: 314103
URL: https://svnweb.freebsd.org/changeset/base/314103

Log:
  MFC: r311979
  
  Reset the EIAC register to include the LINK status bit and restore
  link up/down notifications.

Modified:
  stable/10/sys/dev/e1000/if_em.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/sys/dev/e1000/if_em.c
==
--- stable/10/sys/dev/e1000/if_em.c Wed Feb 22 17:57:19 2017
(r314102)
+++ stable/10/sys/dev/e1000/if_em.c Wed Feb 22 17:57:24 2017
(r314103)
@@ -5157,7 +5157,7 @@ em_enable_intr(struct adapter *adapter)
u32 ims_mask = IMS_ENABLE_MASK;
 
if (hw->mac.type == e1000_82574) {
-   E1000_WRITE_REG(hw, EM_EIAC, adapter->ims);
+   E1000_WRITE_REG(hw, EM_EIAC, EM_MSIX_MASK);
ims_mask |= adapter->ims;
} 
E1000_WRITE_REG(hw, E1000_IMS, ims_mask);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314102 - stable/11/sys/dev/e1000

[Marius Strobl]

Author: marius
Date: Wed Feb 22 17:57:19 2017
New Revision: 314102
URL: https://svnweb.freebsd.org/changeset/base/314102

Log:
  MFC: r311979
  
  Reset the EIAC register to include the LINK status bit and restore
  link up/down notifications.

Modified:
  stable/11/sys/dev/e1000/if_em.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/dev/e1000/if_em.c
==
--- stable/11/sys/dev/e1000/if_em.c Wed Feb 22 17:20:18 2017
(r314101)
+++ stable/11/sys/dev/e1000/if_em.c Wed Feb 22 17:57:19 2017
(r314102)
@@ -5114,7 +5114,7 @@ em_enable_intr(struct adapter *adapter)
u32 ims_mask = IMS_ENABLE_MASK;
 
if (hw->mac.type == e1000_82574) {
-   E1000_WRITE_REG(hw, EM_EIAC, adapter->ims);
+   E1000_WRITE_REG(hw, EM_EIAC, EM_MSIX_MASK);
ims_mask |= adapter->ims;
} 
E1000_WRITE_REG(hw, E1000_IMS, ims_mask);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts

[John Baldwin]

On Wednesday, February 22, 2017 07:52:45 AM Bartłomiej Rutkowski wrote:
> On Tue, Feb 21, 2017 at 2:34 PM, Eric Badger  wrote:
> 
> > On 02/21/2017 03:37 AM, Bartek Rutkowski wrote:
> >
> >> Author: robak (ports committer)
> >> Date: Tue Feb 21 09:37:33 2017
> >> New Revision: 314036
> >> URL: https://svnweb.freebsd.org/changeset/base/314036
> >>
> >> Log:
> >>   Enable bsdinstall hardening options by default.
> >>
> >>   As discussed previously, in order to introduce new OS hardening
> >>   defaults, we've added them to bsdinstall in 'off by default' mode.
> >>   It has been there for a while, so the next step is to change them
> >>   to 'on by defaul' mode, so that in future we could simply enable
> >>   them in base OS.
> >>
> >>   Reviewed by:  brd
> >>   Approved by:  adrian
> >>   Differential Revision:https://reviews.freebsd.org/D9641
> >>
> >> Modified:
> >>   head/usr.sbin/bsdinstall/scripts/hardening
> >>
> >> Modified: head/usr.sbin/bsdinstall/scripts/hardening
> >> 
> >> ==
> >> --- head/usr.sbin/bsdinstall/scripts/hardening  Tue Feb 21 09:33:21
> >> 2017(r314035)
> >> +++ head/usr.sbin/bsdinstall/scripts/hardening  Tue Feb 21 09:37:33
> >> 2017(r314036)
> >> @@ -36,15 +36,15 @@ FEATURES=$( dialog --backtitle "FreeBSD
> >>  --title "System Hardening" --nocancel --separate-output \
> >>  --checklist "Choose system security hardening options:" \
> >>  0 0 0 \
> >> -   "0 hide_uids" "Hide processes running as other users"
> >> ${hide_uids:-off} \
> >> -   "1 hide_gids" "Hide processes running as other groups"
> >> ${hide_gids:-off} \
> >> -   "2 read_msgbuf" "Disable reading kernel message buffer for
> >> unprivileged users" ${read_msgbuf:-off} \
> >> -   "3 proc_debug" "Disable process debugging facilities for
> >> unprivileged users" ${proc_debug:-off} \
> >> -   "4 random_pid" "Randomize the PID of newly created processes"
> >> ${random_pid:-off} \
> >> -   "5 stack_guard" "Insert stack guard page ahead of the growable
> >> segments" ${stack_guard:-off} \
> >> -   "6 clear_tmp" "Clean the /tmp filesystem on system startup"
> >> ${clear_tmp:-off} \
> >> -   "7 disable_syslogd" "Disable opening Syslogd network socket
> >> (disables remote logging)" ${disable_syslogd:-off} \
> >> -   "8 disable_sendmail" "Disable Sendmail service"
> >> ${disable_sendmail:-off} \
> >> +   "0 hide_uids" "Hide processes running as other users"
> >> ${hide_uids:-on} \
> >> +   "1 hide_gids" "Hide processes running as other groups"
> >> ${hide_gids:-on} \
> >> +   "2 read_msgbuf" "Disable reading kernel message buffer for
> >> unprivileged users" ${read_msgbuf:-on} \
> >> +   "3 proc_debug" "Disable process debugging facilities for
> >> unprivileged users" ${proc_debug:-on} \
> >> +   "4 random_pid" "Randomize the PID of newly created processes"
> >> ${random_pid:-on} \
> >> +   "5 stack_guard" "Insert stack guard page ahead of the growable
> >> segments" ${stack_guard:-on} \
> >> +   "6 clear_tmp" "Clean the /tmp filesystem on system startup"
> >> ${clear_tmp:-on} \
> >> +   "7 disable_syslogd" "Disable opening Syslogd network socket
> >> (disables remote logging)" ${disable_syslogd:-on} \
> >> +   "8 disable_sendmail" "Disable Sendmail service"
> >> ${disable_sendmail:-on} \
> >>  2>&1 1>&3 )
> >>  exec 3>&-
> >>
> >>
> >>
> > Hi Bartek,
> >
> > Thanks for working on making it easier to harden FreeBSD. While defaulting
> > some of these options to "on" seem pretty harmless (e.g. random_pid),
> > others are likely to cause confusion for new and experienced users alike
> > (e.g. proc_debug. I've never used that option before, so I gave it a try.
> > It simply causes gdb to hang when attempting to start a process, with no
> > obvious indication of why). I think more discussion is merited before they
> > are turned on by default; personally I think they have potential to sour a
> > first impression of FreeBSD by making things people are used to doing on
> > other OSes hard.
> 
> 
> The audience of these changes is not someone like you, who's using gdb
> daily. The audience is the new users who often don't know what they're
> doing, why they're doing that and how to do differently, especially when it
> comes to the security. Power users in most cases don't use bsdinstall to
> install their systems, they use automation of some sort to fine tune the OS
> exactly to their needs and use case, and in their case this change is
> transparent and doesn't affect them. What it affects is the default FreeBSD
> installation and our poor track record of default installation security and
> great track record for not changing and improving things just becuase
> they've been like that for past decade.

Please don't turn FreeBSD into a system that is a pain to develop on.  For my
undergrad students who do their work in Linux VMs I have 

svn commit: r314101 - head/sys/sys

[Andriy Gapon]

Author: avg
Date: Wed Feb 22 17:20:18 2017
New Revision: 314101
URL: https://svnweb.freebsd.org/changeset/base/314101

Log:
  don't use C99 static array indices with older GCC versions
  
  For example, the FreeBSD GCC (4.2.1) has a spotty support for that
  feature.  If the static keyword is used with an unnamed array parameter
  in a function declaration, then the compilation fails with:
  error: static or type qualifiers in abstract declarator
  
  The feature does work if the parameter is named.
  So, the restriction introduced in this commit can be removed when all
  affected function prototypes have the workaround.
  
  MFC after:1 week
  Sponsored by: Panzura

Modified:
  head/sys/sys/cdefs.h

Modified: head/sys/sys/cdefs.h
==
--- head/sys/sys/cdefs.hWed Feb 22 17:13:00 2017(r314100)
+++ head/sys/sys/cdefs.hWed Feb 22 17:20:18 2017(r314101)
@@ -349,6 +349,7 @@
  * void bar(int myArray[__min_size(10)]);
  */
 #if !defined(__cplusplus) && \
+(defined(__clang__) || __GNUC_PREREQ__(4, 6)) && \
 (!defined(__STDC_VERSION__) || (__STDC_VERSION__ >= 199901))
 #define __min_size(x)  static (x)
 #else
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts

[Conrad Meyer]

On Wed, Feb 22, 2017 at 3:23 AM, Joel Dahl  wrote:
> On Wed, Feb 22, 2017 at 07:56:52AM +, Bartłomiej Rutkowski wrote:
>> I strongly believe we should, by default, ship as secured and hardened as
>> possible in order to improve overall security of new users installations.
>> Power users will and do change the OS as they please, they most likely
>> don't use bsdinstall in first place, so they're not affected in any way.
>
> Sorry, I strongly disagree with that. I'm most likely a "power user" and I use
> bsdinstall.

Ditto.  I'm also unfamiliar enough with the installer to trip on this
kind of thing.  Slawa's proposed "disable all" option would be fine.

Thanks,
Conrad
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314100 - head/sys/sys

[Andriy Gapon]

Author: avg
Date: Wed Feb 22 17:13:00 2017
New Revision: 314100
URL: https://svnweb.freebsd.org/changeset/base/314100

Log:
  fix a typo in __STDC_VERSION__ in __min_size requirements
  
  MFC after:1 week
  Sponsored by: Panzura

Modified:
  head/sys/sys/cdefs.h

Modified: head/sys/sys/cdefs.h
==
--- head/sys/sys/cdefs.hWed Feb 22 16:37:45 2017(r314099)
+++ head/sys/sys/cdefs.hWed Feb 22 17:13:00 2017(r314100)
@@ -349,7 +349,7 @@
  * void bar(int myArray[__min_size(10)]);
  */
 #if !defined(__cplusplus) && \
-(!defined(__STDC_VERSION) || (__STDC_VERSION__ >= 199901))
+(!defined(__STDC_VERSION__) || (__STDC_VERSION__ >= 199901))
 #define __min_size(x)  static (x)
 #else
 #define __min_size(x)  (x)
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314099 - head/usr.bin/lam

[Baptiste Daroussin]

Author: bapt
Date: Wed Feb 22 16:37:45 2017
New Revision: 314099
URL: https://svnweb.freebsd.org/changeset/base/314099

Log:
  Better fix for r314098
  
  The actual issue was the fact that if - was used then some restriction were
  already set to stdin when we were applying caph_limit_stdio which was failing
  due to the fact the fd was the fd was already restricted to lower rights.
  
  Restricting stdio before actually opening the files prevent trying to raise 
the
  right and fixes the issue.
  
  And this allows to keep failing the program if restriction failed
  
  Approved by:  allanjude
  Differential Revision:https://reviews.freebsd.org/D9723

Modified:
  head/usr.bin/lam/lam.c

Modified: head/usr.bin/lam/lam.c
==
--- head/usr.bin/lam/lam.c  Wed Feb 22 15:30:57 2017(r314098)
+++ head/usr.bin/lam/lam.c  Wed Feb 22 16:37:45 2017(r314099)
@@ -86,6 +86,8 @@ main(int argc, char *argv[])
 
if (argc == 1)
usage();
+   if (caph_limit_stdio() == -1)
+   err(1, "unable to limit stdio");
getargs(argv);
if (!morefiles)
usage();
@@ -95,7 +97,6 @@ main(int argc, char *argv[])
 * mode.
 */
caph_cache_catpages();
-   caph_limit_stdio();
if (cap_enter() < 0 && errno != ENOSYS)
err(1, "unable to enter capability mode");
 
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r314043 - in head/sys: compat/linuxkpi/common/include/linux compat/linuxkpi/common/src conf modules/linuxkpi

[Adrian Chadd]

Sweet! Thanks!

(God I'd like this for native FreeBSD drivers actually...)


-adrian

On 22 February 2017 at 01:22, Hans Petter Selasky  wrote:
> On 02/22/17 00:18, Adrian Chadd wrote:
>>
>> Hiya,
>>
>> My understanding of tasklets is that they run on the CPU that they
>> were scheduled on, rather than there being a single tasklet thread?
>>
>> Is that the direction you're thinking of heading in, or?
>>
>
> Hi Adrian,
>
> The plan is to use grouptaskqueue in the end. From what I can see all the
> pieces are in place for that. Then the tasklets will run on the same CPU
> that they were scheduled on.
>
> Some patches needs to go into the grouptaskqueue first:
>
> 1) grouptaskqueue needs to support LinuxKPI module unload. There is current
> missing/unimplemented drain logic in grouptaskqueue APIs.
>
> 2) Needs to expose internal gtaskqueues, so that we don't create unneccesary
> threads to handle a single IRQ, which is the case currently.
>
> I've already CC'ed a few people on this, but not action yet. If you can
> help, would be great.
>
> BTW:
> TASKQGROUP_DECLARE(net);
>
> in sys/gtaskqueue.h seems non-existing and should be removed.
>
> --HPS
>
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314098 - head/usr.bin/lam

[Allan Jude]

Author: allanjude
Date: Wed Feb 22 15:30:57 2017
New Revision: 314098
URL: https://svnweb.freebsd.org/changeset/base/314098

Log:
  lam(1): Failing to restrict stdin/stdout/stderr should not be fatal
  
  When fed from a pipe, lam(1) would sometimes fail:
  lam: unable to limit stdio: Capabilities insufficient
  
  fixed regression in portsnap(8) introduced in r313938
  
  This broke portsnap(8), the app that the capsicumization of lam(1) was
  meant to secure.
  
  # portsnap fetch update
  Looking up portsnap.FreeBSD.org mirrors... 6 mirrors found.
  Fetching snapshot tag from ec2-eu-west-1.portsnap.freebsd.org... done.
  Fetching snapshot metadata... done.
  Updating from Tue Feb 21 16:05:39 MSK 2017 to Tue Feb 21 16:59:30 MSK 2017.
  Fetching 5 metadata patches.lam: unable to limit stdio: Capabilities 
insufficient
   done.
  Applying metadata patches... done.
  Fetching 5 metadata files... lam: unable to limit stdio: Capabilities 
insufficient
  /usr/sbin/portsnap: cannot open 
8c94d2c3f8fcea20eb1fd82021566c99c63a010e6b3702ee11e7a491795bcfb8.gz: No such 
file or directory
  metadata is corrupt.
  
  Reported by:  Vladimir Zakharov , Ben Woods 


Modified:
  head/usr.bin/lam/lam.c

Modified: head/usr.bin/lam/lam.c
==
--- head/usr.bin/lam/lam.c  Wed Feb 22 10:21:39 2017(r314097)
+++ head/usr.bin/lam/lam.c  Wed Feb 22 15:30:57 2017(r314098)
@@ -95,8 +95,7 @@ main(int argc, char *argv[])
 * mode.
 */
caph_cache_catpages();
-   if (caph_limit_stdio() == -1)
-   err(1, "unable to limit stdio");
+   caph_limit_stdio();
if (cap_enter() < 0 && errno != ENOSYS)
err(1, "unable to enter capability mode");
 
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r313992 - in head: sys/kern sys/sys tests/sys/kern

[Ravi Pokala]

-Original Message-
> From:  on behalf of Eric Badger 
> 
> Date: 2017-02-21, Tuesday at 20:37
> To: Ravi Pokala , , 
> , 
> Subject: Re: svn commit: r313992 - in head: sys/kern sys/sys tests/sys/kern
> 
> On 02/21/2017 05:45 PM, Ravi Pokala wrote:
>> Hi Eric,
>> 
>> This appears to break buildworld for a bunch of platforms -- possibly all 
>> the ones that use gcc rather than clang?
>> 
>> A representative example from sparc64:
>> 
>> /usr/home/rpokala/freebsd/clean/base/head/tests/sys/kern/ptrace_test.c: 
>> In function 'atfu_ptrace__PT_KILL_breakpoint_body':
>> 
>> /usr/home/rpokala/freebsd/clean/base/head/tests/sys/kern/ptrace_test.c:1693: 
>> warning: implicit declaration of function '__builtin_debugtrap'
>> *** [ptrace_test.o] Error code 1
>> 
>> Thanks,
>> 
>> Ravi (rpokala@)
> 
> Hi Ravi,
> 
> Thanks for letting me know, and sorry for the breakage. It should be 
> fixed as of r314075.
> 
> Eric

Hi Eric,

Alas, no joy:


/usr/home/rpokala/freebsd/clean/base/head/tests/sys/kern/ptrace_test.c:1694:3: 
error: implicit declaration of function 'breakpoint' is invalid in C99 
[-Werror,-Wimplicit-function-declaration]
breakpoint();
^

Try again?

Thanks,

Ravi (rpokala@)


___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts

[Slawa Olhovchenkov]

On Tue, Feb 21, 2017 at 09:37:34AM +, Bartek Rutkowski wrote:

> Author: robak (ports committer)
> Date: Tue Feb 21 09:37:33 2017
> New Revision: 314036
> URL: https://svnweb.freebsd.org/changeset/base/314036
> 
> Log:
>   Enable bsdinstall hardening options by default.
>   
>   As discussed previously, in order to introduce new OS hardening
>   defaults, we've added them to bsdinstall in 'off by default' mode.
>   It has been there for a while, so the next step is to change them
>   to 'on by defaul' mode, so that in future we could simply enable
>   them in base OS.

Please include option "disable all" for simple disable all.

>   Reviewed by:brd
>   Approved by:adrian
>   Differential Revision:  https://reviews.freebsd.org/D9641
> 
> Modified:
>   head/usr.sbin/bsdinstall/scripts/hardening
> 
> Modified: head/usr.sbin/bsdinstall/scripts/hardening
> ==
> --- head/usr.sbin/bsdinstall/scripts/hardeningTue Feb 21 09:33:21 
> 2017(r314035)
> +++ head/usr.sbin/bsdinstall/scripts/hardeningTue Feb 21 09:37:33 
> 2017(r314036)
> @@ -36,15 +36,15 @@ FEATURES=$( dialog --backtitle "FreeBSD 
>  --title "System Hardening" --nocancel --separate-output \
>  --checklist "Choose system security hardening options:" \
>  0 0 0 \
> - "0 hide_uids" "Hide processes running as other users" ${hide_uids:-off} 
> \
> - "1 hide_gids" "Hide processes running as other groups" 
> ${hide_gids:-off} \
> - "2 read_msgbuf" "Disable reading kernel message buffer for unprivileged 
> users" ${read_msgbuf:-off} \
> - "3 proc_debug" "Disable process debugging facilities for unprivileged 
> users" ${proc_debug:-off} \
> - "4 random_pid" "Randomize the PID of newly created processes" 
> ${random_pid:-off} \
> - "5 stack_guard" "Insert stack guard page ahead of the growable 
> segments" ${stack_guard:-off} \
> - "6 clear_tmp" "Clean the /tmp filesystem on system startup" 
> ${clear_tmp:-off} \
> - "7 disable_syslogd" "Disable opening Syslogd network socket (disables 
> remote logging)" ${disable_syslogd:-off} \
> - "8 disable_sendmail" "Disable Sendmail service" 
> ${disable_sendmail:-off} \
> + "0 hide_uids" "Hide processes running as other users" ${hide_uids:-on} \
> + "1 hide_gids" "Hide processes running as other groups" ${hide_gids:-on} 
> \
> + "2 read_msgbuf" "Disable reading kernel message buffer for unprivileged 
> users" ${read_msgbuf:-on} \
> + "3 proc_debug" "Disable process debugging facilities for unprivileged 
> users" ${proc_debug:-on} \
> + "4 random_pid" "Randomize the PID of newly created processes" 
> ${random_pid:-on} \
> + "5 stack_guard" "Insert stack guard page ahead of the growable 
> segments" ${stack_guard:-on} \
> + "6 clear_tmp" "Clean the /tmp filesystem on system startup" 
> ${clear_tmp:-on} \
> + "7 disable_syslogd" "Disable opening Syslogd network socket (disables 
> remote logging)" ${disable_syslogd:-on} \
> + "8 disable_sendmail" "Disable Sendmail service" ${disable_sendmail:-on} 
> \
>  2>&1 1>&3 )
>  exec 3>&-
>  
> ___
> svn-src-all@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/svn-src-all
> To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts

[Joel Dahl]

On Wed, Feb 22, 2017 at 07:56:52AM +, Bartłomiej Rutkowski wrote:
> On Tue, Feb 21, 2017 at 2:40 PM, Alexey Dokuchaev  wrote:
> 
> > On Tue, Feb 21, 2017 at 08:34:29AM -0600, Eric Badger wrote:
> > > Thanks for working on making it easier to harden FreeBSD. While
> > > defaulting some of these options to "on" seem pretty harmless (e.g.
> > > random_pid), others are likely to cause confusion for new and
> > > experienced users alike (e.g. proc_debug. I've never used that option
> > > before, so I gave it a try. It simply causes gdb to hang when attempting
> > > to start a process, with no obvious indication of why).
> >
> > I concur.  In fact, harmless knobs should probably be turned on by default
> > in FreeBSD itself (i.e., without any "hardening" help from the installer),
> > while more intrusive ones should be opt-in, not opt-out.
> >
> > ./danfe
> >
> 
> I strongly believe we should, by default, ship as secured and hardened as
> possible in order to improve overall security of new users installations.
> Power users will and do change the OS as they please, they most likely
> don't use bsdinstall in first place, so they're not affected in any way.

Sorry, I strongly disagree with that. I'm most likely a "power user" and I use
bsdinstall.

-- 
Joel
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314097 - in head/sys: dev/bhnd/cores/chipc dev/fdt dev/nand geom modules/geom modules/geom/geom_flashmap powerpc/mikrotik sys

[Marius Strobl]

Author: marius
Date: Wed Feb 22 10:21:39 2017
New Revision: 314097
URL: https://svnweb.freebsd.org/changeset/base/314097

Log:
  - Allow different slicers for different flash types to be registered
with geom_flashmap(4) and teach it about MMC for slicing enhanced
user data area partitions. The FDT slicer still is the default for
CFI, NAND and SPI flash on FDT-enabled platforms.
  - In addition to a device_t, also pass the name of the GEOM provider
in question to the slicers as a single device may provide more than
provider.
  - Build a geom_flashmap.ko.
  - Use MODULE_VERSION() so other modules can depend on geom_flashmap(4).
  - Remove redundant/superfluous GEOM routines that either do nothing
or provide/just call default GEOM (slice) functionality.
  - Trim/adjust includes
  
  Submitted by: jhibbits (RouterBoard bits)
  Reviewed by:  jhibbits

Added:
  head/sys/modules/geom/geom_flashmap/
  head/sys/modules/geom/geom_flashmap/Makefile   (contents, props changed)
Modified:
  head/sys/dev/bhnd/cores/chipc/chipc_slicer.c
  head/sys/dev/bhnd/cores/chipc/chipc_slicer.h
  head/sys/dev/fdt/fdt_slicer.c
  head/sys/dev/nand/nfc_rb.c
  head/sys/geom/geom_flashmap.c
  head/sys/modules/geom/Makefile
  head/sys/powerpc/mikrotik/platform_rb.c
  head/sys/sys/slicer.h

Modified: head/sys/dev/bhnd/cores/chipc/chipc_slicer.c
==
--- head/sys/dev/bhnd/cores/chipc/chipc_slicer.cWed Feb 22 09:39:15 
2017(r314096)
+++ head/sys/dev/bhnd/cores/chipc/chipc_slicer.cWed Feb 22 10:21:39 
2017(r314097)
@@ -63,10 +63,12 @@ chipc_register_slicer(chipc_flash flash_
switch (flash_type) {
case CHIPC_SFLASH_AT:
case CHIPC_SFLASH_ST:
-   flash_register_slicer(chipc_slicer_spi);
+   flash_register_slicer(chipc_slicer_spi, FLASH_SLICES_TYPE_SPI,
+  TRUE);
break;
case CHIPC_PFLASH_CFI:
-   flash_register_slicer(chipc_slicer_cfi);
+   flash_register_slicer(chipc_slicer_cfi, FLASH_SLICES_TYPE_CFI,
+  TRUE);
break;
default:
/* Unsupported */
@@ -75,7 +77,8 @@ chipc_register_slicer(chipc_flash flash_
 }
 
 int
-chipc_slicer_cfi(device_t dev, struct flash_slice *slices, int *nslices)
+chipc_slicer_cfi(device_t dev, const char *provider __unused,
+struct flash_slice *slices, int *nslices)
 {
struct cfi_softc*sc;
device_t parent;
@@ -100,7 +103,8 @@ chipc_slicer_cfi(device_t dev, struct fl
 }
 
 int
-chipc_slicer_spi(device_t dev, struct flash_slice *slices, int *nslices)
+chipc_slicer_spi(device_t dev, const char *provider __unused,
+struct flash_slice *slices, int *nslices)
 {
struct chipc_spi_softc  *sc;
device_t chipc, spi, spibus;

Modified: head/sys/dev/bhnd/cores/chipc/chipc_slicer.h
==
--- head/sys/dev/bhnd/cores/chipc/chipc_slicer.hWed Feb 22 09:39:15 
2017(r314096)
+++ head/sys/dev/bhnd/cores/chipc/chipc_slicer.hWed Feb 22 10:21:39 
2017(r314097)
@@ -41,9 +41,9 @@
 #defineNVRAM_MAGIC 0x48534C46
 
 void   chipc_register_slicer(chipc_flash flash_type);
-intchipc_slicer_spi(device_t dev, struct flash_slice *slices,
-   int *nslices);
-intchipc_slicer_cfi(device_t dev, struct flash_slice *slices,
-   int *nslices);
+intchipc_slicer_spi(device_t dev, const char *provider,
+   struct flash_slice *slices, int *nslices);
+intchipc_slicer_cfi(device_t dev, const char *provider,
+   struct flash_slice *slices, int *nslices);
 
 #endif /* _BHND_CORES_CHIPC_CHIPC_SLICER_H_ */

Modified: head/sys/dev/fdt/fdt_slicer.c
==
--- head/sys/dev/fdt/fdt_slicer.c   Wed Feb 22 09:39:15 2017
(r314096)
+++ head/sys/dev/fdt/fdt_slicer.c   Wed Feb 22 10:21:39 2017
(r314097)
@@ -30,10 +30,11 @@ __FBSDID("$FreeBSD$");
 #include 
 #include 
 #include 
-#include 
 #include 
 
 #include 
+#include 
+#include 
 
 #ifdef DEBUG
 #define debugf(fmt, args...) do { printf("%s(): ", __func__);  \
@@ -42,8 +43,13 @@ __FBSDID("$FreeBSD$");
 #define debugf(fmt, args...)
 #endif
 
-int
-fdt_flash_fill_slices(device_t dev, struct flash_slice *slices, int 
*slices_num)
+static int fdt_flash_fill_slices(device_t dev, const char *provider,
+struct flash_slice *slices, int *slices_num);
+static void fdt_slicer_init(void);
+
+static int
+fdt_flash_fill_slices(device_t dev, const char *provider __unused,
+struct flash_slice *slices, int *slices_num)
 {
char *slice_name;
phandle_t dt_node, dt_child;
@@ -90,8 +96,8 @@ fdt_flash_fill_slices(device_t dev, stru
   

Re: svn commit: r313975 - in head: contrib/openpam contrib/openpam/bin contrib/openpam/bin/openpam_dump_policy contrib/openpam/bin/pamtest contrib/openpam/bin/su contrib/openpam/doc contrib/openpam/do

[Dag-Erling Smørgrav]

"Ngie Cooper (yaneurabeya)"  writes:
> I figured that you had good reasons for doing this after some of the
> discussion we had off-list about testing in general, but I’ll see what
> I can do to bring back coverage in lib/libpam.

It has nothing to do with my opinion of Kyua.  OpenPAM's unit tests now
use cryb.to's test framework, which I have no intention of importing
into FreeBSD.

DES
-- 
Dag-Erling Smørgrav - d...@des.no
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r314094 - head/sys/dev/xen/timer

[Roger Pau Monné]

On Wed, Feb 22, 2017 at 09:22:18AM +, Roger Pau Monné wrote:
> Author: royger
> Date: Wed Feb 22 09:22:17 2017
> New Revision: 314094
> URL: https://svnweb.freebsd.org/changeset/base/314094
> 
> Log:
>   xen/timer: mark the Xen PV timer as not safe for suspension
>   
>   Note that the timer itself fully supports suspension, but due to the lack of
>   ordering during the resume process FreeBSD cannot guarantee that the timer 
> is
>   resumed before any device attempts to use it.
>   
>   Submitted by:   Liuyingdong 
>   Reviewed by:royger
>   Differential Revision:  https://reviews.freebsd.org/D9639

Forgot to add:

MFC after:  1 week

Roger.
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314096 - vendor/mdocml/1.4.1

[Baptiste Daroussin]

Author: bapt
Date: Wed Feb 22 09:39:15 2017
New Revision: 314096
URL: https://svnweb.freebsd.org/changeset/base/314096

Log:
  Tag import of mandoc 1.4.1

Added:
  vendor/mdocml/1.4.1/
 - copied from r313954, vendor/mdocml/dist/
  vendor/mdocml/1.4.1/catman.8
 - copied unchanged from r313956, vendor/mdocml/dist/catman.8
  vendor/mdocml/1.4.1/catman.c
 - copied unchanged from r313956, vendor/mdocml/dist/catman.c
  vendor/mdocml/1.4.1/man.options.1
 - copied unchanged from r313956, vendor/mdocml/dist/man.options.1
  vendor/mdocml/1.4.1/mandocd.8
 - copied unchanged from r313956, vendor/mdocml/dist/mandocd.8
  vendor/mdocml/1.4.1/mandocd.c
 - copied unchanged from r313956, vendor/mdocml/dist/mandocd.c
  vendor/mdocml/1.4.1/test-O_DIRECTORY.c
 - copied unchanged from r313956, vendor/mdocml/dist/test-O_DIRECTORY.c
  vendor/mdocml/1.4.1/test-cmsg.c
 - copied unchanged from r313956, vendor/mdocml/dist/test-cmsg.c
  vendor/mdocml/1.4.1/test-recvmsg.c
 - copied unchanged from r313956, vendor/mdocml/dist/test-recvmsg.c
Replaced:
  vendor/mdocml/1.4.1/INSTALL
 - copied unchanged from r313956, vendor/mdocml/dist/INSTALL
  vendor/mdocml/1.4.1/LICENSE
 - copied unchanged from r314095, vendor/mdocml/dist/LICENSE
  vendor/mdocml/1.4.1/Makefile
 - copied unchanged from r313956, vendor/mdocml/dist/Makefile
  vendor/mdocml/1.4.1/Makefile.depend
 - copied unchanged from r313956, vendor/mdocml/dist/Makefile.depend
  vendor/mdocml/1.4.1/NEWS
 - copied unchanged from r314095, vendor/mdocml/dist/NEWS
  vendor/mdocml/1.4.1/TODO
 - copied unchanged from r313956, vendor/mdocml/dist/TODO
  vendor/mdocml/1.4.1/apropos.1
 - copied unchanged from r313956, vendor/mdocml/dist/apropos.1
  vendor/mdocml/1.4.1/cgi.c
 - copied unchanged from r313956, vendor/mdocml/dist/cgi.c
  vendor/mdocml/1.4.1/chars.c
 - copied unchanged from r313956, vendor/mdocml/dist/chars.c
  vendor/mdocml/1.4.1/compat_fts.c
 - copied unchanged from r313956, vendor/mdocml/dist/compat_fts.c
  vendor/mdocml/1.4.1/configure
 - copied unchanged from r313956, vendor/mdocml/dist/configure
  vendor/mdocml/1.4.1/configure.local.example
 - copied unchanged from r313956, vendor/mdocml/dist/configure.local.example
  vendor/mdocml/1.4.1/dba.c
 - copied unchanged from r313956, vendor/mdocml/dist/dba.c
  vendor/mdocml/1.4.1/dbm_map.c
 - copied unchanged from r313956, vendor/mdocml/dist/dbm_map.c
  vendor/mdocml/1.4.1/eqn_term.c
 - copied unchanged from r313956, vendor/mdocml/dist/eqn_term.c
  vendor/mdocml/1.4.1/gmdiff
 - copied unchanged from r313956, vendor/mdocml/dist/gmdiff
  vendor/mdocml/1.4.1/html.c
 - copied unchanged from r313956, vendor/mdocml/dist/html.c
  vendor/mdocml/1.4.1/html.h
 - copied unchanged from r313956, vendor/mdocml/dist/html.h
  vendor/mdocml/1.4.1/libmandoc.h
 - copied unchanged from r313956, vendor/mdocml/dist/libmandoc.h
  vendor/mdocml/1.4.1/libmdoc.h
 - copied unchanged from r313956, vendor/mdocml/dist/libmdoc.h
  vendor/mdocml/1.4.1/main.c
 - copied unchanged from r313956, vendor/mdocml/dist/main.c
  vendor/mdocml/1.4.1/man.1
 - copied unchanged from r313956, vendor/mdocml/dist/man.1
  vendor/mdocml/1.4.1/man_html.c
 - copied unchanged from r313956, vendor/mdocml/dist/man_html.c
  vendor/mdocml/1.4.1/man_term.c
 - copied unchanged from r313956, vendor/mdocml/dist/man_term.c
  vendor/mdocml/1.4.1/manconf.h
 - copied unchanged from r313956, vendor/mdocml/dist/manconf.h
  vendor/mdocml/1.4.1/mandoc.1
 - copied unchanged from r313956, vendor/mdocml/dist/mandoc.1
  vendor/mdocml/1.4.1/mandoc.css
 - copied unchanged from r313956, vendor/mdocml/dist/mandoc.css
  vendor/mdocml/1.4.1/mandoc.h
 - copied unchanged from r313956, vendor/mdocml/dist/mandoc.h
  vendor/mdocml/1.4.1/mandoc_aux.h
 - copied unchanged from r313956, vendor/mdocml/dist/mandoc_aux.h
  vendor/mdocml/1.4.1/mandoc_char.7
 - copied unchanged from r313956, vendor/mdocml/dist/mandoc_char.7
  vendor/mdocml/1.4.1/mandoc_html.3
 - copied unchanged from r313956, vendor/mdocml/dist/mandoc_html.3
  vendor/mdocml/1.4.1/mandocdb.c
 - copied unchanged from r313956, vendor/mdocml/dist/mandocdb.c
  vendor/mdocml/1.4.1/manpath.c
 - copied unchanged from r313956, vendor/mdocml/dist/manpath.c
  vendor/mdocml/1.4.1/mdoc.7
 - copied unchanged from r313956, vendor/mdocml/dist/mdoc.7
  vendor/mdocml/1.4.1/mdoc.c
 - copied unchanged from r313956, vendor/mdocml/dist/mdoc.c
  vendor/mdocml/1.4.1/mdoc_html.c
 - copied unchanged from r313956, vendor/mdocml/dist/mdoc_html.c
  vendor/mdocml/1.4.1/mdoc_macro.c
 - copied unchanged from r313956, vendor/mdocml/dist/mdoc_macro.c
  vendor/mdocml/1.4.1/mdoc_man.c
 - copied unchanged from r313956, vendor/mdocml/dist/mdoc_man.c
  vendor/mdocml/1.4.1/mdoc_term.c
 - copied unchanged from r313956, vendor/mdocml/dist/mdoc_term.c
  vendor/mdocml/1.4.1/mdoc_validate.c
 - copied unchanged from 

svn commit: r314095 - vendor/mdocml/dist

[Baptiste Daroussin]

Author: bapt
Date: Wed Feb 22 09:33:50 2017
New Revision: 314095
URL: https://svnweb.freebsd.org/changeset/base/314095

Log:
  Import mandoc 1.14.1

Modified:
  vendor/mdocml/dist/LICENSE
  vendor/mdocml/dist/NEWS

Modified: vendor/mdocml/dist/LICENSE
==
--- vendor/mdocml/dist/LICENSE  Wed Feb 22 09:22:17 2017(r314094)
+++ vendor/mdocml/dist/LICENSE  Wed Feb 22 09:33:50 2017(r314095)
@@ -5,7 +5,7 @@ contained in the mdocml toolkit is prote
 of the following developers:
 
 Copyright (c) 2008-2012, 2014 Kristaps Dzonsons 
-Copyright (c) 2010-2016 Ingo Schwarze 
+Copyright (c) 2010-2017 Ingo Schwarze 
 Copyright (c) 2009, 2010, 2011, 2012 Joerg Sonnenberger 
 Copyright (c) 2013 Franco Fichtner 
 Copyright (c) 2014 Baptiste Daroussin 

Modified: vendor/mdocml/dist/NEWS
==
--- vendor/mdocml/dist/NEWS Wed Feb 22 09:22:17 2017(r314094)
+++ vendor/mdocml/dist/NEWS Wed Feb 22 09:33:50 2017(r314095)
@@ -2,7 +2,7 @@ $Id: NEWS,v 1.20 2017/02/16 14:38:12 sch
 
 This file lists the most important changes in the mdocml.bsd.lv distribution.
 
-Changes in version 1.14.1, released on February XXX, 2017
+Changes in version 1.14.1, released on February 21, 2017
 
 --- MAJOR NEW FEATURES ---
  * apropos(1): Reimplement complete semantic search functionality
@@ -95,28 +95,32 @@ Changes in version 1.14.1, released on F
easier to use and reducing the amount of code by a few hundred lines.
 --- THANKS TO ---
  * Michael Stapelberg (Debian) for designing the new mandocd(8)
-   and parts of the new catman(8), and for a number of patches
-   and bug reports.
+   and parts of the new catman(8), for release testing, and for a
+   number of patches and bug reports.
  * Baptiste Daroussin (FreeBSD) for profiling the new makewhatis(8)
implementation and suggesting an algorithmic improvement which
more than doubled performance, and for a few bug reports.
  * Ed Maste (FreeBSD) for an important patch improving reproducibility
of builds in makewhatis(8), and for a few bug reports.
- * Theo Buehler (OpenBSD) for more than ten important bug reports,
+ * Theo Buehler (OpenBSD) for almost twenty important bug reports,
most of them found by systematic afl(1) fuzzing.
  * Benny Lofgren, David Dahlberg, and in particular Vadim Zhukov
for crucial help in getting .Bl -tag CSS formatting fixed.
  * Svyatoslav Mishyn (Crux Linux) for an initial version of the
-   patch to autodetect a suitable locale for -Tutf8 mode.
+   patch to autodetect a suitable locale for -Tutf8 mode
+   and for release testing.
  * Jason McIntyre (OpenBSD) for multiple useful discussions
and a number of bug reports.
+ * Sevan Janiyan (NetBSD) for extensive release testing and multiple
+   bug reports.
+ * Thomas Klausner and Christos Zoulas (NetBSD), Yuri Pankov (illumos),
+   and Leah Neukirchen (Void Linux) for release testing and bug reports.
+ * Ulrich Spoerlein (FreeBSD) for release testing.
  * Alexander Bluhm, Andrew Fresh, Antoine Jacoutot, Antony Bentley,
Christian Weisgerber, Jonathan Gray, Marc Espie, Martijn van Duren,
Stuart Henderson, Ted Unangst, Theo de Raadt (OpenBSD), Abhinav
-   Upadhyay, Christos Zoulas, Kamil Rytarowski, Sevan Janiyan,
-   Thomas Klausner (NetBSD), Aaron M. Ucko, Bdale Garbee, Reiner
-   Herrmann, Shane Kerr (Debian), Leah Neukirchen (Void Linux),
-   Daniel Sabogal (Alpine Linux), Yuri Pankov (illumos),
+   Upadhyay, Kamil Rytarowski (NetBSD), Aaron M. Ucko, Bdale Garbee,
+   Reiner Herrmann, Shane Kerr (Debian), Daniel Sabogal (Alpine Linux),
Carsten Kunze (Heirloom roff), Kristaps Dzonsons (bsd.lv),
Anton Lindqvist, Jan Stary, Jeremy A. Mates, Mark Patruck,
Pavan Maddamsetti, Sean Levy , and
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r314043 - in head/sys: compat/linuxkpi/common/include/linux compat/linuxkpi/common/src conf modules/linuxkpi

[Hans Petter Selasky]

On 02/22/17 00:18, Adrian Chadd wrote:

Hiya,

My understanding of tasklets is that they run on the CPU that they
were scheduled on, rather than there being a single tasklet thread?

Is that the direction you're thinking of heading in, or?



Hi Adrian,

The plan is to use grouptaskqueue in the end. From what I can see all 
the pieces are in place for that. Then the tasklets will run on the same 
CPU that they were scheduled on.


Some patches needs to go into the grouptaskqueue first:

1) grouptaskqueue needs to support LinuxKPI module unload. There is 
current missing/unimplemented drain logic in grouptaskqueue APIs.


2) Needs to expose internal gtaskqueues, so that we don't create 
unneccesary threads to handle a single IRQ, which is the case currently.


I've already CC'ed a few people on this, but not action yet. If you can 
help, would be great.


BTW:
TASKQGROUP_DECLARE(net);

in sys/gtaskqueue.h seems non-existing and should be removed.

--HPS

commit 0211693a723ce87f184d950d5a3ac5c2b306d418
Author: Matt Macy 
Date:   Wed Aug 10 18:20:58 2016 -0700

make per-cpu grouptaskqueue threads globally visible

diff --git a/sys/kern/subr_gtaskqueue.c b/sys/kern/subr_gtaskqueue.c
index 2d655bd..3aecff3 100644
--- a/sys/kern/subr_gtaskqueue.c
+++ b/sys/kern/subr_gtaskqueue.c
@@ -52,6 +52,7 @@ static MALLOC_DEFINE(M_GTASKQUEUE, "taskqueue", "Task Queues");
 static void	gtaskqueue_thread_enqueue(void *);
 static void	gtaskqueue_thread_loop(void *arg);
 
+TASKQGROUP_DEFINE(softirq, mp_ncpus, 1);
 
 struct gtaskqueue_busy {
 	struct gtask	*tb_running;
diff --git a/sys/net/iflib.c b/sys/net/iflib.c
index 5938aca..7cb00c8 100644
--- a/sys/net/iflib.c
+++ b/sys/net/iflib.c
@@ -93,7 +93,6 @@ __FBSDID("$FreeBSD$");
 #include 
 #endif
 
-
 /*
  * enable accounting of every mbuf as it comes in to and goes out of iflib's software descriptor references
  */
@@ -480,7 +479,6 @@ MODULE_VERSION(iflib, 1);
 MODULE_DEPEND(iflib, pci, 1, 1, 1);
 MODULE_DEPEND(iflib, ether, 1, 1, 1);
 
-TASKQGROUP_DEFINE(if_io_tqg, mp_ncpus, 1);
 TASKQGROUP_DEFINE(if_config_tqg, 1, 1);
 
 #ifndef IFLIB_DEBUG_COUNTERS
@@ -3706,7 +3704,7 @@ iflib_device_deregister(if_ctx_t ctx)
 	if (ctx->ifc_led_dev != NULL)
 		led_destroy(ctx->ifc_led_dev);
 	/* XXX drain any dependent tasks */
-	tqg = qgroup_if_io_tqg;
+	tqg = qgroup_softirq;
 	for (txq = ctx->ifc_txqs, i = 0; i < NTXQSETS(ctx); i++, txq++) {
 		callout_drain(>ift_timer);
 		callout_drain(>ift_db_check);
@@ -4328,7 +4326,7 @@ iflib_irq_alloc_generic(if_ctx_t ctx, if_irq_t irq, int rid,
 		q = >ifc_txqs[qid];
 		info = >ifc_txqs[qid].ift_filter_info;
 		gtask = >ifc_txqs[qid].ift_task;
-		tqg = qgroup_if_io_tqg;
+		tqg = qgroup_softirq;
 		tqrid = irq->ii_rid;
 		fn = _task_fn_tx;
 		break;
@@ -4336,7 +4334,7 @@ iflib_irq_alloc_generic(if_ctx_t ctx, if_irq_t irq, int rid,
 		q = >ifc_rxqs[qid];
 		info = >ifc_rxqs[qid].ifr_filter_info;
 		gtask = >ifc_rxqs[qid].ifr_task;
-		tqg = qgroup_if_io_tqg;
+		tqg = qgroup_softirq;
 		tqrid = irq->ii_rid;
 		fn = _task_fn_rx;
 		break;
@@ -4384,13 +4382,13 @@ iflib_softirq_alloc_generic(if_ctx_t ctx, int rid, iflib_intr_type_t type,  void
 	case IFLIB_INTR_TX:
 		q = >ifc_txqs[qid];
 		gtask = >ifc_txqs[qid].ift_task;
-		tqg = qgroup_if_io_tqg;
+		tqg = qgroup_softirq;
 		fn = _task_fn_tx;
 		break;
 	case IFLIB_INTR_RX:
 		q = >ifc_rxqs[qid];
 		gtask = >ifc_rxqs[qid].ifr_task;
-		tqg = qgroup_if_io_tqg;
+		tqg = qgroup_softirq;
 		fn = _task_fn_rx;
 		break;
 	case IFLIB_INTR_ADMIN:
@@ -4441,7 +4439,7 @@ iflib_legacy_setup(if_ctx_t ctx, driver_filter_t filter, void *filter_arg, int *
 	q = >ifc_rxqs[0];
 	info = [0].ifr_filter_info;
 	gtask = [0].ifr_task;
-	tqg = qgroup_if_io_tqg;
+	tqg = qgroup_softirq;
 	tqrid = irq->ii_rid = *rid;
 	fn = _task_fn_rx;
 
@@ -4457,7 +4455,7 @@ iflib_legacy_setup(if_ctx_t ctx, driver_filter_t filter, void *filter_arg, int *
 	taskqgroup_attach(tqg, gtask, q, tqrid, name);
 
 	GROUPTASK_INIT(>ift_task, 0, _task_fn_tx, txq);
-	taskqgroup_attach(qgroup_if_io_tqg, >ift_task, txq, tqrid, "tx");
+	taskqgroup_attach(qgroup_softirq, >ift_task, txq, tqrid, "tx");
 	GROUPTASK_INIT(>ifc_admin_task, 0, _task_fn_admin, ctx);
 	taskqgroup_attach(qgroup_if_config_tqg, >ifc_admin_task, ctx, -1, "admin/link");
 
@@ -4504,7 +4502,7 @@ void
 iflib_io_tqg_attach(struct grouptask *gt, void *uniq, int cpu, char *name)
 {
 
-	taskqgroup_attach_cpu(qgroup_if_io_tqg, gt, uniq, cpu, -1, name);
+	taskqgroup_attach_cpu(qgroup_softirq, gt, uniq, cpu, -1, name);
 }
 
 void
diff --git a/sys/sys/gtaskqueue.h b/sys/sys/gtaskqueue.h
index 88d4b54..cd0f774 100644
--- a/sys/sys/gtaskqueue.h
+++ b/sys/sys/gtaskqueue.h
@@ -121,5 +121,6 @@ SYSINIT(taskqgroup_adj_##name, SI_SUB_SMP, SI_ORDER_ANY,		\
 struct __hack
 #endif
 TASKQGROUP_DECLARE(net);
+TASKQGROUP_DECLARE(softirq);
 
 #endif /* !_SYS_GTASKQUEUE_H_ */
___
svn-src-all@freebsd.org mailing list

svn commit: r314094 - head/sys/dev/xen/timer

[Roger Pau Monné]

Author: royger
Date: Wed Feb 22 09:22:17 2017
New Revision: 314094
URL: https://svnweb.freebsd.org/changeset/base/314094

Log:
  xen/timer: mark the Xen PV timer as not safe for suspension
  
  Note that the timer itself fully supports suspension, but due to the lack of
  ordering during the resume process FreeBSD cannot guarantee that the timer is
  resumed before any device attempts to use it.
  
  Submitted by: Liuyingdong 
  Reviewed by:  royger
  Differential Revision:https://reviews.freebsd.org/D9639

Modified:
  head/sys/dev/xen/timer/timer.c

Modified: head/sys/dev/xen/timer/timer.c
==
--- head/sys/dev/xen/timer/timer.c  Wed Feb 22 08:49:52 2017
(r314093)
+++ head/sys/dev/xen/timer/timer.c  Wed Feb 22 09:22:17 2017
(r314094)
@@ -417,8 +417,20 @@ xentimer_attach(device_t dev)
/* Register the timecounter. */
sc->tc.tc_name = "XENTIMER";
sc->tc.tc_quality = XENTIMER_QUALITY;
-   sc->tc.tc_flags = TC_FLAGS_SUSPEND_SAFE;
/*
+* FIXME: due to the lack of ordering during resume, FreeBSD cannot
+* guarantee that the Xen PV timer is resumed before any other device
+* attempts to make use of it, so mark it as not safe for suspension
+* (ie: remove the TC_FLAGS_SUSPEND_SAFE flag).
+*
+* NB: This was not a problem in previous FreeBSD versions because the
+* timer was directly attached to the nexus, but it is an issue now
+* that the timer is attached to the xenpv bus, and thus resumed
+* later.
+*
+* sc->tc.tc_flags = TC_FLAGS_SUSPEND_SAFE;
+*/
+   /*
 * The underlying resolution is in nanoseconds, since the timer info
 * scales TSC frequencies using a fraction that represents time in
 * terms of nanoseconds.
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts

[Bartłomiej Rutkowski]

On Wed, Feb 22, 2017 at 8:32 AM, Alexey Dokuchaev  wrote:

> On Wed, Feb 22, 2017 at 07:56:52AM +, Bart??omiej Rutkowski wrote:
> > These options have been around forever, used by a lot of users (once they
> > got to know those even exist) and seem to cause no issues. However,
> despite
> > that, and numerous discussions and mail threads over the years, we've
> > struggled to enable them
>
> I presume they were not enabled by default for some reasons?  A quick
> summary of those reasons would be helpful. :-)
>

The main reason was lack of consensus, and the reasons for the lack of is
were usually along the lines of 'we dont know if it is safe', 'we dont know
if it is fast', 'we dont know if it works', 'it breaks my ps -ax when I
dont see all the processes', 'it breaks POLA when users suddenly see random
PIDs', so on and so forth. And years have been passing with world moving on
with improvements and us stalling behind.


>
> > and, as you can se, we even struggle to present and make them available
> > via installer.
>
> The question was not about whether to make them available, it was about
> turning them all on by default.
>

It is only 'turning them all on by default' if you are using bsdinstall and
you don't disable them, if you don't want them. They are not ON in any
other scenario. Yet, but we will get there :)

Kind regards,
Bartek Rutkowski
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314093 - stable/11/sys/dev/bxe

[Roger Pau Monné]

Author: royger
Date: Wed Feb 22 08:49:52 2017
New Revision: 314093
URL: https://svnweb.freebsd.org/changeset/base/314093

Log:
  MFC r313771
  
  bxe: enable usage with NetXtreme II BCM57840 2x20GbE chip
  
  Sponsored by:   Citrix Systems R

Modified:
  stable/11/sys/dev/bxe/bxe.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/dev/bxe/bxe.c
==
--- stable/11/sys/dev/bxe/bxe.c Wed Feb 22 08:37:51 2017(r314092)
+++ stable/11/sys/dev/bxe/bxe.c Wed Feb 22 08:49:52 2017(r314093)
@@ -168,6 +168,12 @@ static struct bxe_device_type bxe_devs[]
 },
 {
 BRCM_VENDORID,
+CHIP_NUM_57840_2_20,
+PCI_ANY_ID, PCI_ANY_ID,
+"QLogic NetXtreme II BCM57840 2x20GbE"
+},
+{
+BRCM_VENDORID,
 CHIP_NUM_57840_MF,
 PCI_ANY_ID, PCI_ANY_ID,
 "QLogic NetXtreme II BCM57840 MF 10GbE"
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314092 - stable/11/sys/dev/hyperv/netvsc

[Dexuan Cui]

Author: dexuan
Date: Wed Feb 22 08:37:51 2017
New Revision: 314092
URL: https://svnweb.freebsd.org/changeset/base/314092

Log:
  MFC 312689, 312690
  
  Approved by:  sephe (mentor)
  
  r312689
  hyperv/hn: add a sysctl name for the VF interface
  
  This makes it easier for the userland script to find the releated
  VF interface.
  
  Reviewed by:  sephe
  Approved by:  sephe (mentor)
  Sponsored by: Microsoft
  Differential Revision:https://reviews.freebsd.org/D9101
  
  r312690
  hyperv/hn: add devctl_notify for VF_UP/DOWN events
  
  Reviewed by:  sephe
  Approved by:  sephe (mentor)
  Sponsored by: Microsoft
  Differential Revision:https://reviews.freebsd.org/D9102

Modified:
  stable/11/sys/dev/hyperv/netvsc/if_hn.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/dev/hyperv/netvsc/if_hn.c
==
--- stable/11/sys/dev/hyperv/netvsc/if_hn.c Wed Feb 22 08:26:51 2017
(r314091)
+++ stable/11/sys/dev/hyperv/netvsc/if_hn.c Wed Feb 22 08:37:51 2017
(r314092)
@@ -301,6 +301,7 @@ static int  hn_txagg_pkts_sysctl(SYSCTL
 static int hn_txagg_pktmax_sysctl(SYSCTL_HANDLER_ARGS);
 static int hn_txagg_align_sysctl(SYSCTL_HANDLER_ARGS);
 static int hn_polling_sysctl(SYSCTL_HANDLER_ARGS);
+static int hn_vf_sysctl(SYSCTL_HANDLER_ARGS);
 
 static voidhn_stop(struct hn_softc *, bool);
 static voidhn_init_locked(struct hn_softc *);
@@ -995,6 +996,9 @@ hn_set_vf(struct hn_softc *sc, struct if
hn_resume_mgmt(sc);
}
 
+   devctl_notify("HYPERV_NIC_VF", if_name(hn_ifp),
+   vf ? "VF_UP" : "VF_DOWN", NULL);
+
if (bootverbose)
if_printf(hn_ifp, "Data path is switched %s %s\n",
vf ? "to" : "from", if_name(ifp));
@@ -1254,6 +1258,9 @@ hn_attach(device_t dev)
CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_MPSAFE, sc, 0,
hn_polling_sysctl, "I",
"Polling frequency: [100,100], 0 disable polling");
+   SYSCTL_ADD_PROC(ctx, child, OID_AUTO, "vf",
+   CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, sc, 0,
+   hn_vf_sysctl, "A", "Virtual Function's name");
 
/*
 * Setup the ifmedia, which has been initialized earlier.
@@ -3222,6 +3229,22 @@ hn_rss_hash_sysctl(SYSCTL_HANDLER_ARGS)
 }
 
 static int
+hn_vf_sysctl(SYSCTL_HANDLER_ARGS)
+{
+   struct hn_softc *sc = arg1;
+   char vf_name[128];
+   struct ifnet *vf;
+
+   HN_LOCK(sc);
+   vf_name[0] = '\0';
+   vf = sc->hn_rx_ring[0].hn_vf;
+   if (vf != NULL)
+   snprintf(vf_name, sizeof(vf_name), "%s", if_name(vf));
+   HN_UNLOCK(sc);
+   return sysctl_handle_string(oidp, vf_name, sizeof(vf_name), req);
+}
+
+static int
 hn_check_iplen(const struct mbuf *m, int hoff)
 {
const struct ip *ip;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts

[Alexey Dokuchaev]

On Wed, Feb 22, 2017 at 07:56:52AM +, Bart??omiej Rutkowski wrote:
> These options have been around forever, used by a lot of users (once they
> got to know those even exist) and seem to cause no issues. However, despite
> that, and numerous discussions and mail threads over the years, we've
> struggled to enable them

I presume they were not enabled by default for some reasons?  A quick
summary of those reasons would be helpful. :-)

> and, as you can se, we even struggle to present and make them available
> via installer.

The question was not about whether to make them available, it was about
turning them all on by default.

./danfe
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r314091 - stable/11/sys/dev/hyperv/netvsc

[Dexuan Cui]

Author: dexuan
Date: Wed Feb 22 08:26:51 2017
New Revision: 314091
URL: https://svnweb.freebsd.org/changeset/base/314091

Log:
  MFC 312688
  
  Approved by:  sephe (mentor)
  
  r312688
  hyperv/hn: add the support for VF drivers (SR-IOV)
  
  Hyper-V's NIC SR-IOV implementation needs a Hyper-V synthetic NIC and
  a VF NIC to work together (both NICs have the same MAC address), mainly to
  support seamless live migration.
  
  When the VF device becomes UP (or DOWN), the synthetic NIC driver needs
  to switch the data path from the synthetic NIC to the VF (or the 
opposite).
  
  Note: multicast/broadcast packets are still received through the synthetic
  NIC and we need to inject the packets through the VF interface (if the VF 
is
  UP), even if the synthetic NIC is DOWN (so we need to force the rxfilter
  to be NDIS_PACKET_TYPE_PROMISCUOUS, when the VF is UP).
  
  Reviewed by:  sephe
  Approved by:  sephe (mentor)
  Sponsored by: Microsoft
  Differential Revision:https://reviews.freebsd.org/D8964

Modified:
  stable/11/sys/dev/hyperv/netvsc/hn_nvs.c
  stable/11/sys/dev/hyperv/netvsc/hn_nvs.h
  stable/11/sys/dev/hyperv/netvsc/if_hn.c
  stable/11/sys/dev/hyperv/netvsc/if_hnreg.h
  stable/11/sys/dev/hyperv/netvsc/if_hnvar.h
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/dev/hyperv/netvsc/hn_nvs.c
==
--- stable/11/sys/dev/hyperv/netvsc/hn_nvs.cWed Feb 22 08:02:24 2017
(r314090)
+++ stable/11/sys/dev/hyperv/netvsc/hn_nvs.cWed Feb 22 08:26:51 2017
(r314091)
@@ -500,6 +500,8 @@ hn_nvs_conf_ndis(struct hn_softc *sc, in
conf.nvs_type = HN_NVS_TYPE_NDIS_CONF;
conf.nvs_mtu = mtu;
conf.nvs_caps = HN_NVS_NDIS_CONF_VLAN;
+   if (sc->hn_nvs_ver >= HN_NVS_VERSION_5)
+   conf.nvs_caps |= HN_NVS_NDIS_CONF_SRIOV;
 
/* NOTE: No response. */
error = hn_nvs_req_send(sc, , sizeof(conf));
@@ -719,3 +721,15 @@ hn_nvs_send_rndis_ctrl(struct vmbus_chan
return hn_nvs_send_rndis_sglist(chan, HN_NVS_RNDIS_MTYPE_CTRL,
sndc, gpa, gpa_cnt);
 }
+
+void
+hn_nvs_set_datapath(struct hn_softc *sc, uint32_t path)
+{
+   struct hn_nvs_datapath dp;
+
+   memset(, 0, sizeof(dp));
+   dp.nvs_type = HN_NVS_TYPE_SET_DATAPATH;
+   dp.nvs_active_path = path;
+
+   hn_nvs_req_send(sc, , sizeof(dp));
+}

Modified: stable/11/sys/dev/hyperv/netvsc/hn_nvs.h
==
--- stable/11/sys/dev/hyperv/netvsc/hn_nvs.hWed Feb 22 08:02:24 2017
(r314090)
+++ stable/11/sys/dev/hyperv/netvsc/hn_nvs.hWed Feb 22 08:26:51 2017
(r314091)
@@ -100,6 +100,7 @@ voidhn_nvs_sent_xact(struct hn_nvs_sen
 inthn_nvs_send_rndis_ctrl(struct vmbus_channel *chan,
struct hn_nvs_sendctx *sndc, struct vmbus_gpa *gpa,
int gpa_cnt);
+void   hn_nvs_set_datapath(struct hn_softc *sc, uint32_t path);
 
 extern struct hn_nvs_sendctx   hn_nvs_sendctx_none;
 

Modified: stable/11/sys/dev/hyperv/netvsc/if_hn.c
==
--- stable/11/sys/dev/hyperv/netvsc/if_hn.c Wed Feb 22 08:02:24 2017
(r314090)
+++ stable/11/sys/dev/hyperv/netvsc/if_hn.c Wed Feb 22 08:26:51 2017
(r314091)
@@ -77,6 +77,7 @@ __FBSDID("$FreeBSD$");
 #include 
 #include 
 #include 
+#include 
 
 #include 
 #include 
@@ -84,6 +85,7 @@ __FBSDID("$FreeBSD$");
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -216,6 +218,11 @@ struct hn_rxinfo {
uint32_thash_value;
 };
 
+struct hn_update_vf {
+   struct hn_rx_ring   *rxr;
+   struct ifnet*vf;
+};
+
 #define HN_RXINFO_VLAN 0x0001
 #define HN_RXINFO_CSUM 0x0002
 #define HN_RXINFO_HASHINF  0x0004
@@ -295,7 +302,7 @@ static int  hn_txagg_pktmax_sysctl(SYSC
 static int hn_txagg_align_sysctl(SYSCTL_HANDLER_ARGS);
 static int hn_polling_sysctl(SYSCTL_HANDLER_ARGS);
 
-static voidhn_stop(struct hn_softc *);
+static voidhn_stop(struct hn_softc *, bool);
 static voidhn_init_locked(struct hn_softc *);
 static int hn_chan_attach(struct hn_softc *,
struct vmbus_channel *);
@@ -707,7 +714,8 @@ hn_rxfilter_config(struct hn_softc *sc)
 
HN_LOCK_ASSERT(sc);
 
-   if (ifp->if_flags & IFF_PROMISC) {
+   if ((ifp->if_flags & IFF_PROMISC) ||
+   (sc->hn_flags & HN_FLAG_VF)) {
filter = NDIS_PACKET_TYPE_PROMISCUOUS;
} else {
filter = NDIS_PACKET_TYPE_DIRECTED;
@@ -896,6 +904,119 @@ 

svn commit: r314090 - stable/11/sys/net

[Dexuan Cui]

Author: dexuan
Date: Wed Feb 22 08:02:24 2017
New Revision: 314090
URL: https://svnweb.freebsd.org/changeset/base/314090

Log:
  MFC: 312687, 312916
  
  Approved by:sephe (mentor)
  
  r312687
  ifnet: introduce event handlers for ifup/ifdown events
  
  Hyper-V's NIC SR-IOV implementation needs a Hyper-V synthetic NIC and
  a VF NIC to work together, mainly to support seamless live migration.
  
  When the VF device becomes UP (or DOWN), the synthetic NIC driver needs
  to switch the data path from the synthetic NIC to the VF (or the 
opposite).
  
  So the synthetic NIC driver needs to know when a VF device is becoming
  UP or DOWN and hence the patch is made.
  
  Reviewed by:  sephe
  Approved by:  sephe (mentor)
  Sponsored by: Microsoft
  Differential Revision:https://reviews.freebsd.org/D8963
  
  r312916
  ifnet: move the new ifnet_event EVENTHANDLER_DECLARE to net/if_var.h
  
  Thank glebius for pointing this out:
  "The network stuff shall not be added to sys/eventhandler.h"
  
  Reviewed by:  David_A_Bright_DELL.com, sephe, glebius
  Approved by:  sephe (mentor)
  Sponsored by: Microsoft
  Differential Revision:https://reviews.freebsd.org/D9345

Modified:
  stable/11/sys/net/if.c
  stable/11/sys/net/if_var.h

Modified: stable/11/sys/net/if.c
==
--- stable/11/sys/net/if.c  Wed Feb 22 07:42:28 2017(r314089)
+++ stable/11/sys/net/if.c  Wed Feb 22 08:02:24 2017(r314090)
@@ -2218,6 +2218,7 @@ void
 if_down(struct ifnet *ifp)
 {
 
+   EVENTHANDLER_INVOKE(ifnet_event, ifp, IFNET_EVENT_DOWN);
if_unroute(ifp, IFF_UP, AF_UNSPEC);
 }
 
@@ -2230,6 +2231,7 @@ if_up(struct ifnet *ifp)
 {
 
if_route(ifp, IFF_UP, AF_UNSPEC);
+   EVENTHANDLER_INVOKE(ifnet_event, ifp, IFNET_EVENT_UP);
 }
 
 /*

Modified: stable/11/sys/net/if_var.h
==
--- stable/11/sys/net/if_var.h  Wed Feb 22 07:42:28 2017(r314089)
+++ stable/11/sys/net/if_var.h  Wed Feb 22 08:02:24 2017(r314090)
@@ -359,6 +359,11 @@ EVENTHANDLER_DECLARE(ifnet_departure_eve
 /* Interface link state change event */
 typedef void (*ifnet_link_event_handler_t)(void *, struct ifnet *, int);
 EVENTHANDLER_DECLARE(ifnet_link_event, ifnet_link_event_handler_t);
+/* Interface up/down event */
+#define IFNET_EVENT_UP 0
+#define IFNET_EVENT_DOWN   1
+typedef void (*ifnet_event_fn)(void *, struct ifnet *ifp, int event);
+EVENTHANDLER_DECLARE(ifnet_event, ifnet_event_fn);
 #endif /* _SYS_EVENTHANDLER_H_ */
 
 /*
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"