svn commit: r360325 - head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs
Author: pjd
Date: Sat Apr 25 21:45:31 2020
New Revision: 360325
URL: https://svnweb.freebsd.org/changeset/base/360325
Log:
Avoid the GEOM topology lock recursion when we automatically expand a pool.
The steps to reproduce the problem:
mdconfig -a -t swap -s 3g -u 0
gpart create -s GPT md0
gpart add -t freebsd-zfs -s 1g md0
zpool create -o autoexpand=on foo md0p1
gpart resize -i 1 -s 2g md0
Modified:
head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
==
--- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c Sat Apr
25 21:41:38 2020(r360324)
+++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c Sat Apr
25 21:45:31 2020(r360325)
@@ -973,18 +973,22 @@ static void
vdev_geom_close(vdev_t *vd)
{
struct g_consumer *cp;
+ int locked;
cp = vd->vdev_tsd;
DROP_GIANT();
- g_topology_lock();
+ locked = g_topology_locked();
+ if (!locked)
+ g_topology_lock();
if (!vd->vdev_reopening ||
(cp != NULL && ((cp->flags & G_CF_ORPHAN) != 0 ||
(cp->provider != NULL && cp->provider->error != 0
vdev_geom_close_locked(vd);
- g_topology_unlock();
+ if (!locked)
+ g_topology_unlock();
PICKUP_GIANT();
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r360323 - head/sys/geom
Author: pjd
Date: Sat Apr 25 21:41:09 2020
New Revision: 360323
URL: https://svnweb.freebsd.org/changeset/base/360323
Log:
Add g_topology_locked() macro that returns true if we already hold the GEOM
topology lock.
Modified:
head/sys/geom/geom.h
Modified: head/sys/geom/geom.h
==
--- head/sys/geom/geom.hSat Apr 25 20:24:41 2020(r360322)
+++ head/sys/geom/geom.hSat Apr 25 21:41:09 2020(r360323)
@@ -395,6 +395,8 @@ g_free(void *ptr)
sx_xunlock(_lock); \
} while (0)
+#define g_topology_locked()sx_xlocked(_lock)
+
#define g_topology_assert()\
do {\
sx_assert(_lock, SX_XLOCKED); \
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r357363 - head/sys/geom
Author: pjd
Date: Sat Feb 1 10:15:23 2020
New Revision: 357363
URL: https://svnweb.freebsd.org/changeset/base/357363
Log:
The error variable is not really needed. Remove it.
Modified:
head/sys/geom/geom_disk.c
Modified: head/sys/geom/geom_disk.c
==
--- head/sys/geom/geom_disk.c Sat Feb 1 09:13:11 2020(r357362)
+++ head/sys/geom/geom_disk.c Sat Feb 1 10:15:23 2020(r357363)
@@ -268,7 +268,6 @@ g_disk_ioctl(struct g_provider *pp, u_long cmd, void *
{
struct disk *dp;
struct g_disk_softc *sc;
- int error;
sc = pp->private;
dp = sc->dp;
@@ -277,8 +276,7 @@ g_disk_ioctl(struct g_provider *pp, u_long cmd, void *
if (dp->d_ioctl == NULL)
return (ENOIOCTL);
- error = dp->d_ioctl(dp, cmd, data, fflag, td);
- return (error);
+ return (dp->d_ioctl(dp, cmd, data, fflag, td));
}
static off_t
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r357138 - head/bin/pwait
On 1/30/20 14:47, Jilles Tjoelker wrote:
> On 26-01-2020 11:49, Pawel Jakub Dawidek wrote:
>> Author: pjd
>> Date: Sun Jan 26 10:49:24 2020
>> New Revision: 357138
>> URL: https://svnweb.freebsd.org/changeset/base/357138
>>
>> Log:
>> - Be consistent with using sysexits(3) codes.
>> - Turn fprintf()+exit() into errx().
>> Sponsored by: Fudo Security
>>
>> Modified:
>> head/bin/pwait/pwait.c
>>
>> Modified: head/bin/pwait/pwait.c
>> ==
>>
>> --- head/bin/pwait/pwait.c Sun Jan 26 07:24:49 2020 (r357137)
>> +++ head/bin/pwait/pwait.c Sun Jan 26 10:49:24 2020 (r357138)
>> @@ -53,8 +53,7 @@ static void
>> usage(void)
>> {
>> - fprintf(stderr, "usage: pwait [-t timeout] [-v] pid ...\n");
>> - exit(EX_USAGE);
>> + errx(EX_USAGE, "usage: pwait [-t timeout] [-v] pid ...");
>
> This adds a "pwait: " before the line, which most other programs do not do.
>
Reverted in r357362. Thanks.
--
Pawel Jakub Dawidek
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r357362 - head/bin/pwait
Author: pjd
Date: Sat Feb 1 09:13:11 2020
New Revision: 357362
URL: https://svnweb.freebsd.org/changeset/base/357362
Log:
Restore previous usage presentation (without "pwait: " prefix).
Pointed out by: jilles
Modified:
head/bin/pwait/pwait.c
Modified: head/bin/pwait/pwait.c
==
--- head/bin/pwait/pwait.c Sat Feb 1 06:46:55 2020(r357361)
+++ head/bin/pwait/pwait.c Sat Feb 1 09:13:11 2020(r357362)
@@ -53,7 +53,8 @@ static void
usage(void)
{
- errx(EX_USAGE, "usage: pwait [-t timeout] [-ov] pid ...");
+ fprintf(stderr, "usage: pwait [-t timeout] [-ov] pid ...\n");
+ exit(EX_USAGE);
}
/*
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r357143 - head/bin/pwait
Author: pjd
Date: Sun Jan 26 11:13:34 2020
New Revision: 357143
URL: https://svnweb.freebsd.org/changeset/base/357143
Log:
Style changes, mostly usage of braces around single line statements -
it is safer and allowed for some time now by style(9).
Sponsored by: Fudo Security
Modified:
head/bin/pwait/pwait.c
Modified: head/bin/pwait/pwait.c
==
--- head/bin/pwait/pwait.c Sun Jan 26 11:03:45 2020(r357142)
+++ head/bin/pwait/pwait.c Sun Jan 26 11:13:34 2020(r357143)
@@ -63,12 +63,11 @@ int
main(int argc, char *argv[])
{
struct itimerval itv;
- int kq;
struct kevent *e;
int oflag, tflag, verbose;
- int opt, nleft, n, i, status;
+ int i, kq, n, nleft, opt, status;
long pid;
- char *s, *end;
+ char *end, *s;
double timeout;
oflag = 0;
@@ -76,7 +75,7 @@ main(int argc, char *argv[])
verbose = 0;
memset(, 0, sizeof(itv));
- while ((opt = getopt(argc, argv, "t:ov")) != -1) {
+ while ((opt = getopt(argc, argv, "ot:v")) != -1) {
switch (opt) {
case 'o':
oflag = 1;
@@ -85,9 +84,9 @@ main(int argc, char *argv[])
tflag = 1;
errno = 0;
timeout = strtod(optarg, );
- if (end == optarg || errno == ERANGE ||
- timeout < 0)
+ if (end == optarg || errno == ERANGE || timeout < 0) {
errx(EX_DATAERR, "timeout value");
+ }
switch(*end) {
case 0:
case 's':
@@ -101,8 +100,9 @@ main(int argc, char *argv[])
default:
errx(EX_DATAERR, "timeout unit");
}
- if (timeout > 1L)
+ if (timeout > 1L) {
errx(EX_DATAERR, "timeout value");
+ }
itv.it_value.tv_sec = (time_t)timeout;
timeout -= (time_t)timeout;
itv.it_value.tv_usec =
@@ -120,21 +120,26 @@ main(int argc, char *argv[])
argc -= optind;
argv += optind;
- if (argc == 0)
+ if (argc == 0) {
usage();
+ }
kq = kqueue();
- if (kq == -1)
+ if (kq == -1) {
err(EX_OSERR, "kqueue");
+ }
e = malloc((argc + tflag) * sizeof(struct kevent));
- if (e == NULL)
+ if (e == NULL) {
err(EX_OSERR, "malloc");
+ }
nleft = 0;
for (n = 0; n < argc; n++) {
s = argv[n];
- if (!strncmp(s, "/proc/", 6)) /* Undocumented Solaris compat */
+ /* Undocumented Solaris compat */
+ if (!strncmp(s, "/proc/", 6)) {
s += 6;
+ }
errno = 0;
pid = strtol(s, , 10);
if (pid < 0 || *end != '\0' || errno != 0) {
@@ -142,8 +147,9 @@ main(int argc, char *argv[])
continue;
}
for (i = 0; i < nleft; i++) {
- if (e[i].ident == (uintptr_t)pid)
+ if (e[i].ident == (uintptr_t)pid) {
break;
+ }
}
if (i < nleft) {
/* Duplicate. */
@@ -152,8 +158,9 @@ main(int argc, char *argv[])
EV_SET(e + nleft, pid, EVFILT_PROC, EV_ADD, NOTE_EXIT, 0, NULL);
if (kevent(kq, e + nleft, 1, NULL, 0, NULL) == -1) {
warn("%ld", pid);
- if (oflag)
+ if (oflag) {
exit(EX_OK);
+ }
} else {
nleft++;
}
@@ -165,39 +172,45 @@ main(int argc, char *argv[])
* can be returned rather than 142.
*/
EV_SET(e + nleft, SIGALRM, EVFILT_SIGNAL, EV_ADD, 0, 0, NULL);
- if (kevent(kq, e + nleft, 1, NULL, 0, NULL) == -1)
+ if (kevent(kq, e + nleft, 1, NULL, 0, NULL) == -1) {
err(EX_OSERR, "kevent");
+ }
/* Ignore SIGALRM to not interrupt kevent(2). */
signal(SIGALRM, SIG_IGN);
- if (setitimer(ITIMER_REAL, , NULL) == -1)
+ if (setitimer(ITIMER_REAL, , NULL) == -1) {
err(EX_OSERR, "setitimer");
+ }
}
while (nleft > 0) {
n = kevent(kq, NULL, 0, e, nleft + tflag, NULL);
- if (n == -1)
+ if (n == -1) {
svn commit: r357142 - head/bin/pwait/tests
Author: pjd
Date: Sun Jan 26 11:03:45 2020
New Revision: 357142
URL: https://svnweb.freebsd.org/changeset/base/357142
Log:
Implement tests for the newly added -o flag.
Sponsored by: Fudo Security
Modified:
head/bin/pwait/tests/pwait_test.sh
Modified: head/bin/pwait/tests/pwait_test.sh
==
--- head/bin/pwait/tests/pwait_test.sh Sun Jan 26 11:02:51 2020
(r357141)
+++ head/bin/pwait/tests/pwait_test.sh Sun Jan 26 11:03:45 2020
(r357142)
@@ -232,6 +232,85 @@ timeout_many_cleanup()
wait $p1 $p5 $p10 >/dev/null 2>&1
}
+atf_test_case or_flag
+or_flag_head()
+{
+ atf_set "descr" "Test OR flag"
+}
+
+or_flag_body()
+{
+ sleep 2 &
+ p2=$!
+
+ sleep 4 &
+ p4=$!
+
+ sleep 6 &
+ p6=$!
+
+ atf_check \
+ -o inline:"$p2: exited with status 0.\n" \
+ -e empty \
+ -s exit:0 \
+ timeout --preserve-status 15 pwait -o -v $p2 $p4 $p6
+
+ atf_check \
+ -o empty \
+ -e inline:"pwait: $p2: No such process\n" \
+ -s exit:0 \
+ timeout --preserve-status 15 pwait -o $p2 $p4 $p6
+
+ atf_check \
+ -o empty \
+ -e empty \
+ -s exit:0 \
+ timeout --preserve-status 15 pwait -o $p4 $p6
+
+ atf_check \
+ -o empty \
+ -e inline:"pwait: $p4: No such process\n" \
+ -s exit:0 \
+ timeout --preserve-status 15 pwait -o $p4 $p6
+
+ atf_check \
+ -o inline:"$p6: exited with status 0.\n" \
+ -e empty \
+ -s exit:0 \
+ timeout --preserve-status 15 pwait -o -v $p6
+
+ atf_check \
+ -o empty \
+ -e inline:"pwait: $p6: No such process\n" \
+ -s exit:0 \
+ timeout --preserve-status 15 pwait -o $p6
+
+ atf_check \
+ -o empty \
+ -e inline:"kill: $p2: No such process\n" \
+ -s exit:1 \
+ kill -0 $p2
+
+ atf_check \
+ -o empty \
+ -e inline:"kill: $p4: No such process\n" \
+ -s exit:1 \
+ kill -0 $p4
+
+ atf_check \
+ -o empty \
+ -e inline:"kill: $p6: No such process\n" \
+ -s exit:1 \
+ kill -0 $p6
+
+}
+
+or_flag_cleanup()
+{
+ kill $p2 $p4 $p6 >/dev/null 2>&1
+ wait $p2 $p4 $p6 >/dev/null 2>&1
+}
+
atf_init_test_cases()
{
atf_add_test_case basic
@@ -239,4 +318,5 @@ atf_init_test_cases()
atf_add_test_case timeout_trigger_timeout
atf_add_test_case timeout_no_timeout
atf_add_test_case timeout_many
+ atf_add_test_case or_flag
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r357141 - head/bin/pwait
Author: pjd
Date: Sun Jan 26 11:02:51 2020
New Revision: 357141
URL: https://svnweb.freebsd.org/changeset/base/357141
Log:
Implement -o flag which tells pwait(1) to exit if any of the given processes
has terminated.
Sponsored by: Fudo Security
Modified:
head/bin/pwait/pwait.1
head/bin/pwait/pwait.c
Modified: head/bin/pwait/pwait.1
==
--- head/bin/pwait/pwait.1 Sun Jan 26 10:54:16 2020(r357140)
+++ head/bin/pwait/pwait.1 Sun Jan 26 11:02:51 2020(r357141)
@@ -32,7 +32,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd March 7, 2017
+.Dd January 26, 2020
.Dt PWAIT 1
.Os
.Sh NAME
@@ -41,7 +41,7 @@
.Sh SYNOPSIS
.Nm
.Op Fl t Ar duration
-.Op Fl v
+.Op Fl ov
.Ar pid
\&...
.Sh DESCRIPTION
@@ -51,6 +51,8 @@ utility will wait until each of the given processes ha
.Pp
The following option is available:
.Bl -tag -width indent
+.It Fl o
+Exit when any of the given processes has terminated.
.It Fl t Ar duration
If any process is still running after
.Ar duration ,
Modified: head/bin/pwait/pwait.c
==
--- head/bin/pwait/pwait.c Sun Jan 26 10:54:16 2020(r357140)
+++ head/bin/pwait/pwait.c Sun Jan 26 11:02:51 2020(r357141)
@@ -53,7 +53,7 @@ static void
usage(void)
{
- errx(EX_USAGE, "usage: pwait [-t timeout] [-v] pid ...");
+ errx(EX_USAGE, "usage: pwait [-t timeout] [-ov] pid ...");
}
/*
@@ -65,16 +65,22 @@ main(int argc, char *argv[])
struct itimerval itv;
int kq;
struct kevent *e;
- int tflag, verbose;
+ int oflag, tflag, verbose;
int opt, nleft, n, i, status;
long pid;
char *s, *end;
double timeout;
- tflag = verbose = 0;
+ oflag = 0;
+ tflag = 0;
+ verbose = 0;
memset(, 0, sizeof(itv));
- while ((opt = getopt(argc, argv, "t:v")) != -1) {
+
+ while ((opt = getopt(argc, argv, "t:ov")) != -1) {
switch (opt) {
+ case 'o':
+ oflag = 1;
+ break;
case 't':
tflag = 1;
errno = 0;
@@ -144,10 +150,13 @@ main(int argc, char *argv[])
continue;
}
EV_SET(e + nleft, pid, EVFILT_PROC, EV_ADD, NOTE_EXIT, 0, NULL);
- if (kevent(kq, e + nleft, 1, NULL, 0, NULL) == -1)
+ if (kevent(kq, e + nleft, 1, NULL, 0, NULL) == -1) {
warn("%ld", pid);
- else
+ if (oflag)
+ exit(EX_OK);
+ } else {
nleft++;
+ }
}
if (nleft > 0 && tflag) {
@@ -187,6 +196,8 @@ main(int argc, char *argv[])
printf("%ld: terminated.\n",
(long)e[i].ident);
}
+ if (oflag)
+ exit(EX_OK);
--nleft;
}
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r357140 - head/bin/pwait
Author: pjd
Date: Sun Jan 26 10:54:16 2020
New Revision: 357140
URL: https://svnweb.freebsd.org/changeset/base/357140
Log:
Don't setup a timeout if we are exiting.
Sponsored by: Fudo Security
Modified:
head/bin/pwait/pwait.c
Modified: head/bin/pwait/pwait.c
==
--- head/bin/pwait/pwait.c Sun Jan 26 10:51:57 2020(r357139)
+++ head/bin/pwait/pwait.c Sun Jan 26 10:54:16 2020(r357140)
@@ -150,7 +150,7 @@ main(int argc, char *argv[])
nleft++;
}
- if (tflag) {
+ if (nleft > 0 && tflag) {
/*
* Explicitly detect SIGALRM so that an exit status of 124
* can be returned rather than 142.
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r357139 - head/bin/pwait
Author: pjd
Date: Sun Jan 26 10:51:57 2020
New Revision: 357139
URL: https://svnweb.freebsd.org/changeset/base/357139
Log:
Check for duplicated PID without using additional variable.
Sponsored by: Fudo Security
Modified:
head/bin/pwait/pwait.c
Modified: head/bin/pwait/pwait.c
==
--- head/bin/pwait/pwait.c Sun Jan 26 10:49:24 2020(r357138)
+++ head/bin/pwait/pwait.c Sun Jan 26 10:51:57 2020(r357139)
@@ -66,7 +66,7 @@ main(int argc, char *argv[])
int kq;
struct kevent *e;
int tflag, verbose;
- int opt, nleft, n, i, duplicate, status;
+ int opt, nleft, n, i, status;
long pid;
char *s, *end;
double timeout;
@@ -135,18 +135,19 @@ main(int argc, char *argv[])
warnx("%s: bad process id", s);
continue;
}
- duplicate = 0;
- for (i = 0; i < nleft; i++)
+ for (i = 0; i < nleft; i++) {
if (e[i].ident == (uintptr_t)pid)
- duplicate = 1;
- if (!duplicate) {
- EV_SET(e + nleft, pid, EVFILT_PROC, EV_ADD, NOTE_EXIT,
- 0, NULL);
- if (kevent(kq, e + nleft, 1, NULL, 0, NULL) == -1)
- warn("%ld", pid);
- else
- nleft++;
+ break;
}
+ if (i < nleft) {
+ /* Duplicate. */
+ continue;
+ }
+ EV_SET(e + nleft, pid, EVFILT_PROC, EV_ADD, NOTE_EXIT, 0, NULL);
+ if (kevent(kq, e + nleft, 1, NULL, 0, NULL) == -1)
+ warn("%ld", pid);
+ else
+ nleft++;
}
if (tflag) {
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r357138 - head/bin/pwait
Author: pjd
Date: Sun Jan 26 10:49:24 2020
New Revision: 357138
URL: https://svnweb.freebsd.org/changeset/base/357138
Log:
- Be consistent with using sysexits(3) codes.
- Turn fprintf()+exit() into errx().
Sponsored by: Fudo Security
Modified:
head/bin/pwait/pwait.c
Modified: head/bin/pwait/pwait.c
==
--- head/bin/pwait/pwait.c Sun Jan 26 07:24:49 2020(r357137)
+++ head/bin/pwait/pwait.c Sun Jan 26 10:49:24 2020(r357138)
@@ -53,8 +53,7 @@ static void
usage(void)
{
- fprintf(stderr, "usage: pwait [-t timeout] [-v] pid ...\n");
- exit(EX_USAGE);
+ errx(EX_USAGE, "usage: pwait [-t timeout] [-v] pid ...");
}
/*
@@ -120,11 +119,11 @@ main(int argc, char *argv[])
kq = kqueue();
if (kq == -1)
- err(1, "kqueue");
+ err(EX_OSERR, "kqueue");
e = malloc((argc + tflag) * sizeof(struct kevent));
if (e == NULL)
- err(1, "malloc");
+ err(EX_OSERR, "malloc");
nleft = 0;
for (n = 0; n < argc; n++) {
s = argv[n];
@@ -166,12 +165,12 @@ main(int argc, char *argv[])
while (nleft > 0) {
n = kevent(kq, NULL, 0, e, nleft + tflag, NULL);
if (n == -1)
- err(1, "kevent");
+ err(EX_OSERR, "kevent");
for (i = 0; i < n; i++) {
if (e[i].filter == EVFILT_SIGNAL) {
if (verbose)
printf("timeout\n");
- return (124);
+ exit(124);
}
if (verbose) {
status = e[i].data;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r356962 - stable/12/contrib/openbsm/libauditd
Author: pjd Date: Wed Jan 22 01:10:23 2020 New Revision: 356962 URL: https://svnweb.freebsd.org/changeset/base/356962 Log: MFC r342873: In r316006 the getstrfromtype_locked() function was modified to return an empty string, instead of NULL, if an entry is missing in the audit_control file. Because of that change the getachost() function started to return success even if the host name was not defined in the audit_control. This in turn led to auditd_hostlen always being set (for an empty host it was set to 0). If auditd_hostlen was not equal to -1 we were trying to append the host name to trail file name. All this led to situation where when host name is not defined in audit_control, auditd will create trail files with a leading '.', which breaks auditdistd as it doesn't work with longer audit trail file names. Fix this by appending host name to the trail file name only if the host name is not empty. Sponsored by: Fudo Security Modified: stable/12/contrib/openbsm/libauditd/auditd_lib.c Directory Properties: stable/12/ (props changed) Modified: stable/12/contrib/openbsm/libauditd/auditd_lib.c == --- stable/12/contrib/openbsm/libauditd/auditd_lib.cWed Jan 22 01:08:27 2020(r356961) +++ stable/12/contrib/openbsm/libauditd/auditd_lib.cWed Jan 22 01:10:23 2020(r356962) @@ -193,7 +193,7 @@ affixdir(char *name, struct dir_ent *dirent) /* * If the host is set then also add the hostname to the filename. */ - if (auditd_hostlen != -1) + if (auditd_hostlen > 0) asprintf(, "%s/%s.%s", dirent->dirname, name, auditd_host); else asprintf(, "%s/%s", dirent->dirname, name); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345863 - head/tests/sys/geom/class/eli
Author: pjd
Date: Wed Apr 3 23:58:58 2019
New Revision: 345863
URL: https://svnweb.freebsd.org/changeset/base/345863
Log:
Update configure tests after addition of the online expansion.
Obtained from:Fudo Security
Modified:
head/tests/sys/geom/class/eli/configure_test.sh
Modified: head/tests/sys/geom/class/eli/configure_test.sh
==
--- head/tests/sys/geom/class/eli/configure_test.sh Wed Apr 3 23:57:37
2019(r345862)
+++ head/tests/sys/geom/class/eli/configure_test.sh Wed Apr 3 23:58:58
2019(r345863)
@@ -17,19 +17,19 @@ configure_b_B_body()
atf_check geli init -B none -P -K /dev/null ${md}
- atf_check -s exit:0 -o match:'flags: 0x0$' geli dump ${md}
+ atf_check -s exit:0 -o match:'flags: 0x200$' geli dump ${md}
atf_check geli init -B none -b -P -K /dev/null ${md}
- atf_check -s exit:0 -o match:'flags: 0x2$' geli dump ${md}
+ atf_check -s exit:0 -o match:'flags: 0x202$' geli dump ${md}
atf_check geli configure -B ${md}
- atf_check -s exit:0 -o match:'flags: 0x0$' geli dump ${md}
+ atf_check -s exit:0 -o match:'flags: 0x200$' geli dump ${md}
atf_check geli configure -b ${md}
- atf_check -s exit:0 -o match:'flags: 0x2$' geli dump ${md}
+ atf_check -s exit:0 -o match:'flags: 0x202$' geli dump ${md}
atf_check geli attach -p -k /dev/null ${md}
@@ -39,13 +39,13 @@ configure_b_B_body()
atf_check -o not-match:'^Flags: .*BOOT' geli list ${md}.eli
- atf_check -s exit:0 -o match:'flags: 0x0$' geli dump ${md}
+ atf_check -s exit:0 -o match:'flags: 0x200$' geli dump ${md}
atf_check geli configure -b ${md}
atf_check -s exit:0 -o match:'^Flags: .*BOOT' geli list ${md}.eli
- atf_check -s exit:0 -o match:'flags: 0x2$' geli dump ${md}
+ atf_check -s exit:0 -o match:'flags: 0x202$' geli dump ${md}
atf_check geli detach ${md}
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345864 - head/tests/sys/geom/class/eli
Author: pjd
Date: Thu Apr 4 00:05:36 2019
New Revision: 345864
URL: https://svnweb.freebsd.org/changeset/base/345864
Log:
Implement tests for online expansion:
- init, init -R
- onetime, onetime -R
- 512 and 4k sectors
- encryption only
- encryption and authentication
- configure -r/-R for detached providers
- configure -r/-R for attached providers
- all keys allocated (10, 20 and 30MB provider sizes)
- keys allocated on demand (10, 20 and 30PB provider sizes)
- reading and writing to provider after expansion (10-30MB only)
- checking if metadata in old location is cleared.
Obtained from:Fudo Security
Added:
head/tests/sys/geom/class/eli/online_resize_test.sh (contents, props
changed)
Modified:
head/tests/sys/geom/class/eli/Makefile
Modified: head/tests/sys/geom/class/eli/Makefile
==
--- head/tests/sys/geom/class/eli/Makefile Wed Apr 3 23:58:58 2019
(r345863)
+++ head/tests/sys/geom/class/eli/Makefile Thu Apr 4 00:05:36 2019
(r345864)
@@ -16,6 +16,7 @@ ATF_TESTS_SH+=integrity_test
ATF_TESTS_SH+= kill_test
ATF_TESTS_SH+= misc_test
ATF_TESTS_SH+= onetime_test
+ATF_TESTS_SH+= online_resize_test
ATF_TESTS_SH+= resize_test
ATF_TESTS_SH+= setkey_test
Added: head/tests/sys/geom/class/eli/online_resize_test.sh
==
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/tests/sys/geom/class/eli/online_resize_test.sh Thu Apr 4 00:05:36
2019(r345864)
@@ -0,0 +1,196 @@
+#!/bin/sh
+# $FreeBSD$
+
+. $(atf_get_srcdir)/conf.sh
+
+atf_test_case online_resize cleanup
+online_resize_head()
+{
+ atf_set "descr" "online resize of geli providers"
+ atf_set "require.user" "root"
+}
+online_resize_body()
+{
+ geli_test_setup
+
+ (
+ echo "m 512 none 10485248 1 1 20971008 1 1 31456768 1 1"
+ echo "m 4096 none 10481664 1 1 20967424 1 1 31453184 1 1"
+ echo "m 512 HMAC/SHA256 5242368 1 1 10485248 1 1 15728128 1 1"
+ echo "m 4096 HMAC/SHA256 9318400 1 1 18640896 1 1 27959296 1 1"
+ echo "p 512 none 11258999068425728 [0-9] 20971520
22517998136851968 [0-9] 41943040 33776997205278208 [0-9] 62914560"
+ echo "p 4096 none 11258999068422144 [0-9] 2621440
22517998136848384 [0-9] 5242880 33776997205274624 [0-9] 7864320"
+ echo "p 512 HMAC/SHA256 5629499534212608 [0-9] 20971520
11258999068425728 [0-9] 41943040 16888498602638848 [0-9] 62914560"
+ echo "p 4096 HMAC/SHA256 10007999171932160 [0-9] 20971520
20015998343868416 [0-9] 41943040 30023997515800576 [0-9] 62914560"
+ ) | while read prefix sector auth esize10 ka10 kt10 esize20 ka20 kt20
esize30 ka30 kt30; do
+ if [ "${auth}" = "none" ]; then
+ aalgo=""
+ eflags="0x200"
+ dflags="0x0"
+ else
+ aalgo="-a ${auth}"
+ eflags="0x210"
+ dflags="0x10"
+ fi
+
+ if [ "${prefix}" = "m" ]; then
+ psize10="10485760"
+ psize20="20971520"
+ psize30="31457280"
+ else
+ psize10="11258999068426240"
+ psize20="22517998136852480"
+ psize30="33776997205278720"
+ fi
+
+ md=$(attach_md -t malloc -s40${prefix})
+
+ # Initialise
+ atf_check -s exit:0 -o ignore gpart create -s GPT ${md}
+ atf_check -s exit:0 -o ignore gpart add -t freebsd-ufs -s
10${prefix} ${md}
+
+ echo secret >tmp.key
+
+ atf_check geli init ${aalgo} -s ${sector} -Bnone -PKtmp.key
${md}p1
+ # Autoresize is set by default.
+ atf_check -s exit:0 -o match:"flags: ${eflags}$" geli dump
${md}p1
+
+ atf_check geli configure -R ${md}p1
+ atf_check -s exit:0 -o match:"flags: ${dflags}$" geli dump
${md}p1
+ atf_check geli configure -r ${md}p1
+ atf_check -s exit:0 -o match:"flags: ${eflags}$" geli dump
${md}p1
+
+ atf_check geli init -R ${aalgo} -s ${sector} -Bnone -PKtmp.key
${md}p1
+ atf_check -s exit:0 -o match:"flags: ${dflags}$" geli dump
${md}p1
+
+ atf_check geli configure -r ${md}p1
+ atf_check -s exit:0 -o match:"flags: ${eflags}$" geli dump
${md}p1
+ atf_check geli configure -R ${md}p1
+ atf_check -s exit:0 -o match:"flags: ${dflags}$" geli dump
${md}p1
+
+ atf_check geli init ${aalgo} -s ${sector} -Bnone -PKtmp.key
${md}p1
+ atf_check geli attach -pk tmp.key ${md}p1
+ atf_check -s exit:0 -o
svn commit: r345861 - head/lib/geom/eli
Author: pjd
Date: Wed Apr 3 23:50:52 2019
New Revision: 345861
URL: https://svnweb.freebsd.org/changeset/base/345861
Log:
- Add missing -T (notrim) option to the label subcommand.
- Add missing -T option in the onetime subcommand comment.
Obtained from:Fudo Security
Modified:
head/lib/geom/eli/geom_eli.c
Modified: head/lib/geom/eli/geom_eli.c
==
--- head/lib/geom/eli/geom_eli.cWed Apr 3 22:30:20 2019
(r345860)
+++ head/lib/geom/eli/geom_eli.cWed Apr 3 23:50:52 2019
(r345861)
@@ -96,7 +96,7 @@ static int eli_backup_create(struct gctl_req *req, con
* attach [-Cdprv] [-n keyno] [-j passfile] [-k keyfile] prov ...
* detach [-fl] prov ...
* stop - alias for 'detach'
- * onetime [-d] [-a aalgo] [-e ealgo] [-l keylen] prov
+ * onetime [-dT] [-a aalgo] [-e ealgo] [-l keylen] prov
* configure [-bBgGtT] prov ...
* setkey [-pPv] [-n keyno] [-j passfile] [-J newpassfile] [-k keyfile] [-K
newkeyfile] prov
* delkey [-afv] [-n keyno] prov
@@ -145,6 +145,7 @@ struct g_command class_commands[] = {
{ 'l', "keylen", "0", G_TYPE_NUMBER },
{ 'P', "nonewpassphrase", NULL, G_TYPE_BOOL },
{ 's', "sectorsize", "0", G_TYPE_NUMBER },
+ { 'T', "notrim", NULL, G_TYPE_BOOL },
{ 'V', "mdversion", "-1", G_TYPE_NUMBER },
G_OPT_SENTINEL
},
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345862 - in head: lib/geom/eli sys/geom/eli
Author: pjd Date: Wed Apr 3 23:57:37 2019 New Revision: 345862 URL: https://svnweb.freebsd.org/changeset/base/345862 Log: Implement automatic online expansion of GELI providers - if the underlying provider grows, GELI will expand automatically and will move the metadata to the new location of the last sector. This functionality is turned on by default. It can be turned off with the -R flag, but it is not recommended - if the underlying provider grows and automatic expansion is turned off, it won't be possible to attach this provider again, as the metadata is no longer located in the last sector. If the automatic expansion is turned off and the underlying provider grows, GELI will only log a message with the previous size of the provider, so recovery can be easier. Obtained from:Fudo Security Modified: head/lib/geom/eli/geli.8 head/lib/geom/eli/geom_eli.c head/sys/geom/eli/g_eli.c head/sys/geom/eli/g_eli.h head/sys/geom/eli/g_eli_ctl.c head/sys/geom/eli/g_eli_key_cache.c Modified: head/lib/geom/eli/geli.8 == --- head/lib/geom/eli/geli.8Wed Apr 3 23:50:52 2019(r345861) +++ head/lib/geom/eli/geli.8Wed Apr 3 23:57:37 2019(r345862) @@ -1,4 +1,4 @@ -.\" Copyright (c) 2005-2011 Pawel Jakub Dawidek +.\" Copyright (c) 2005-2019 Pawel Jakub Dawidek .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 24, 2018 +.Dd April 3, 2019 .Dt GELI 8 .Os .Sh NAME @@ -51,7 +51,7 @@ utility: .Pp .Nm .Cm init -.Op Fl bdgPTv +.Op Fl bdgPRTv .Op Fl a Ar aalgo .Op Fl B Ar backupfile .Op Fl e Ar ealgo @@ -81,7 +81,7 @@ utility: .Cm detach .Nm .Cm onetime -.Op Fl dT +.Op Fl dRT .Op Fl a Ar aalgo .Op Fl e Ar ealgo .Op Fl l Ar keylen @@ -89,7 +89,7 @@ utility: .Ar prov .Nm .Cm configure -.Op Fl bBdDgGtT +.Op Fl bBdDgGrRtT .Ar prov ... .Nm .Cm setkey @@ -375,6 +375,18 @@ Change decrypted provider's sector size. Increasing the sector size allows increased performance, because encryption/decryption which requires an initialization vector is done per sector; fewer sectors means less computational work. +.It Fl R +Turn off automatic expansion. +By default, if the underlying provider grows, the encrypted provider will +grow automatically too. +The metadata will be moved to the new location. +If automatic expansion if turned off and the underlying provider changes +size, attaching encrypted provider will no longer be possible as the metadata +will no longer be located in the last sector. +In this case +.Nm GELI +will only log the previous size of the underlying provider, so metadata can +be found easier, if resize was done by mistake. .It Fl T Don't pass through .Dv BIO_DELETE @@ -506,6 +518,11 @@ Change decrypted provider's sector size. For more information, see the description of the .Cm init subcommand. +.It Fl R +Turn off automatic expansion. +For more information, see the description of the +.Cm init +subcommand. .It Fl T Disable TRIM/UNMAP passthru. For more information, see the description of the @@ -540,6 +557,13 @@ The boot loader prompts for the passphrase and loads from the encrypted partition. .It Fl G Deactivate booting from this encrypted root partition. +.It Fl r +Turn on automatic expansion. +For more information, see the description of the +.Cm init +subcommand. +.It Fl R +Turn off automatic expansion. .It Fl t Enable TRIM/UNMAP passthru. For more information, see the description of the Modified: head/lib/geom/eli/geom_eli.c == --- head/lib/geom/eli/geom_eli.cWed Apr 3 23:50:52 2019 (r345861) +++ head/lib/geom/eli/geom_eli.cWed Apr 3 23:57:37 2019 (r345862) @@ -1,7 +1,7 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * - * Copyright (c) 2004-2010 Pawel Jakub Dawidek + * Copyright (c) 2004-2019 Pawel Jakub Dawidek * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -91,13 +91,13 @@ static int eli_backup_create(struct gctl_req *req, con /* * Available commands: * - * init [-bdgPTv] [-a aalgo] [-B backupfile] [-e ealgo] [-i iterations] [-l keylen] [-J newpassfile] [-K newkeyfile] [-s sectorsize] [-V version] prov ... + * init [-bdgPRTv] [-a aalgo] [-B backupfile] [-e ealgo] [-i iterations] [-l keylen] [-J newpassfile] [-K newkeyfile] [-s sectorsize] [-V version] prov ... * label - alias for 'init' * attach [-Cdprv] [-n keyno] [-j passfile] [-k keyfile] prov ... * detach [-fl] prov ... * stop - alias for 'detach' - * onetime [-dT] [-a aalgo] [-e ealgo] [-l keylen] prov - * configure [-bBgGtT] prov ... + * onetime [-dRT] [-a aalgo] [-e ealgo] [-l keylen] prov + * configure [-bBgGrRtT] prov ... * se
svn commit: r345727 - in head: sbin/devd sys/geom
Author: pjd
Date: Sat Mar 30 07:24:34 2019
New Revision: 345727
URL: https://svnweb.freebsd.org/changeset/base/345727
Log:
Introduce new event SIZECHANGE within GEOM system to inform about GEOM
providers mediasize changes.
While here, use GEOM nomenclature to describe providers instead of calling
them device nodes.
Obtained from:Fudo Security
Tested in:AWS
Modified:
head/sbin/devd/devd.conf.5
head/sys/geom/geom_dev.c
Modified: head/sbin/devd/devd.conf.5
==
--- head/sbin/devd/devd.conf.5 Sat Mar 30 07:20:28 2019(r345726)
+++ head/sbin/devd/devd.conf.5 Sat Mar 30 07:24:34 2019(r345727)
@@ -41,7 +41,7 @@
.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
.\" SOFTWARE.
.\"
-.Dd July 20, 2018
+.Dd March 29, 2019
.Dt DEVD.CONF 5
.Os
.Sh NAME
@@ -432,15 +432,19 @@ only includes disk-like devices.
.It Li CREATE
A
.Xr geom 4
-device node is created.
+provider is created.
.It Li DESTROY
A
.Xr geom 4
-device node is destroyed.
+provider is destroyed.
.It Li GEOM::physpath
The physical path of a device has changed.
.It Li MEDIACHANGE
Physical media has changed.
+.It Li SIZECHANGE
+A
+.Xr geom 4
+provider size has changed.
.El
.El
.Pp
Modified: head/sys/geom/geom_dev.c
==
--- head/sys/geom/geom_dev.cSat Mar 30 07:20:28 2019(r345726)
+++ head/sys/geom/geom_dev.cSat Mar 30 07:24:34 2019(r345727)
@@ -92,6 +92,7 @@ static g_fini_t g_dev_fini;
static g_taste_t g_dev_taste;
static g_orphan_t g_dev_orphan;
static g_attrchanged_t g_dev_attrchanged;
+static g_resize_t g_dev_resize;
static struct g_class g_dev_class = {
.name = "DEV",
@@ -100,7 +101,8 @@ static struct g_class g_dev_class = {
.fini = g_dev_fini,
.taste = g_dev_taste,
.orphan = g_dev_orphan,
- .attrchanged = g_dev_attrchanged
+ .attrchanged = g_dev_attrchanged,
+ .resize = g_dev_resize
};
/*
@@ -300,6 +302,15 @@ g_dev_attrchanged(struct g_consumer *cp, const char *a
g_dev_set_physpath(cp);
return;
}
+}
+
+static void
+g_dev_resize(struct g_consumer *cp)
+{
+ char buf[SPECNAMELEN + 6];
+
+ snprintf(buf, sizeof(buf), "cdev=%s", cp->provider->name);
+ devctl_notify_f("GEOM", "DEV", "SIZECHANGE", buf, M_WAITOK);
}
struct g_provider *
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345726 - head/sys/dev/xen/blkfront
Author: pjd
Date: Sat Mar 30 07:20:28 2019
New Revision: 345726
URL: https://svnweb.freebsd.org/changeset/base/345726
Log:
Implement support for online disk capacity changes.
Obtained from:Fudo Security
Tested in:AWS
Modified:
head/sys/dev/xen/blkfront/blkfront.c
Modified: head/sys/dev/xen/blkfront/blkfront.c
==
--- head/sys/dev/xen/blkfront/blkfront.cSat Mar 30 01:56:53 2019
(r345725)
+++ head/sys/dev/xen/blkfront/blkfront.cSat Mar 30 07:20:28 2019
(r345726)
@@ -1227,11 +1227,40 @@ xbd_connect(struct xbd_softc *sc)
int err, feature_barrier, feature_flush;
int i, j;
- if (sc->xbd_state == XBD_STATE_CONNECTED ||
- sc->xbd_state == XBD_STATE_SUSPENDED)
+ DPRINTK("blkfront.c:connect:%s.\n", xenbus_get_otherend_path(dev));
+
+ if (sc->xbd_state == XBD_STATE_SUSPENDED) {
return;
+ }
- DPRINTK("blkfront.c:connect:%s.\n", xenbus_get_otherend_path(dev));
+ if (sc->xbd_state == XBD_STATE_CONNECTED) {
+ struct disk *disk;
+
+ disk = sc->xbd_disk;
+ if (disk == NULL) {
+ return;
+ }
+ err = xs_gather(XST_NIL, xenbus_get_otherend_path(dev),
+ "sectors", "%lu", , NULL);
+ if (err != 0) {
+ xenbus_dev_error(dev, err,
+ "reading sectors at %s",
+ xenbus_get_otherend_path(dev));
+ return;
+ }
+ disk->d_mediasize = disk->d_sectorsize * sectors;
+ err = disk_resize(disk, M_NOWAIT);
+ if (err) {
+ xenbus_dev_error(dev, err,
+ "unable to resize disk %s%u",
+ disk->d_name, disk->d_unit);
+ return;
+ }
+ device_printf(sc->xbd_dev,
+ "changed capacity to %jd\n",
+ (intmax_t)disk->d_mediasize);
+ return;
+ }
err = xs_gather(XST_NIL, xenbus_get_otherend_path(dev),
"sectors", "%lu", ,
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345728 - head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs
Author: pjd
Date: Sat Mar 30 07:29:20 2019
New Revision: 345728
URL: https://svnweb.freebsd.org/changeset/base/345728
Log:
If the autoexpand pool property is turned on and vdev is healthy try to
expand the pool automatically when we detect underlying GEOM provider
size change.
Obtained from:Fudo Security
Tested in:AWS
Modified:
head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
==
--- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c Sat Mar
30 07:24:34 2019(r345727)
+++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c Sat Mar
30 07:29:20 2019(r345728)
@@ -158,6 +158,29 @@ vdev_geom_attrchanged(struct g_consumer *cp, const cha
}
static void
+vdev_geom_resize(struct g_consumer *cp)
+{
+ struct consumer_priv_t *priv;
+ struct consumer_vdev_elem *elem;
+ spa_t *spa;
+ vdev_t *vd;
+
+ priv = (struct consumer_priv_t *)>private;
+ if (SLIST_EMPTY(priv))
+ return;
+
+ SLIST_FOREACH(elem, priv, elems) {
+ vd = elem->vd;
+ if (vd->vdev_state != VDEV_STATE_HEALTHY)
+ continue;
+ spa = vd->vdev_spa;
+ if (!spa->spa_autoexpand)
+ continue;
+ vdev_online(spa, vd->vdev_guid, ZFS_ONLINE_EXPAND, NULL);
+ }
+}
+
+static void
vdev_geom_orphan(struct g_consumer *cp)
{
struct consumer_priv_t *priv;
@@ -229,6 +252,7 @@ vdev_geom_attach(struct g_provider *pp, vdev_t *vd, bo
gp = g_new_geomf(_vdev_class, "zfs::vdev");
gp->orphan = vdev_geom_orphan;
gp->attrchanged = vdev_geom_attrchanged;
+ gp->resize = vdev_geom_resize;
cp = g_new_consumer(gp);
error = g_attach(cp, pp);
if (error != 0) {
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345864 - head/tests/sys/geom/class/eli
Author: pjd
Date: Thu Apr 4 00:05:36 2019
New Revision: 345864
URL: https://svnweb.freebsd.org/changeset/base/345864
Log:
Implement tests for online expansion:
- init, init -R
- onetime, onetime -R
- 512 and 4k sectors
- encryption only
- encryption and authentication
- configure -r/-R for detached providers
- configure -r/-R for attached providers
- all keys allocated (10, 20 and 30MB provider sizes)
- keys allocated on demand (10, 20 and 30PB provider sizes)
- reading and writing to provider after expansion (10-30MB only)
- checking if metadata in old location is cleared.
Obtained from:Fudo Security
Added:
head/tests/sys/geom/class/eli/online_resize_test.sh (contents, props
changed)
Modified:
head/tests/sys/geom/class/eli/Makefile
Modified: head/tests/sys/geom/class/eli/Makefile
==
--- head/tests/sys/geom/class/eli/Makefile Wed Apr 3 23:58:58 2019
(r345863)
+++ head/tests/sys/geom/class/eli/Makefile Thu Apr 4 00:05:36 2019
(r345864)
@@ -16,6 +16,7 @@ ATF_TESTS_SH+=integrity_test
ATF_TESTS_SH+= kill_test
ATF_TESTS_SH+= misc_test
ATF_TESTS_SH+= onetime_test
+ATF_TESTS_SH+= online_resize_test
ATF_TESTS_SH+= resize_test
ATF_TESTS_SH+= setkey_test
Added: head/tests/sys/geom/class/eli/online_resize_test.sh
==
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/tests/sys/geom/class/eli/online_resize_test.sh Thu Apr 4 00:05:36
2019(r345864)
@@ -0,0 +1,196 @@
+#!/bin/sh
+# $FreeBSD$
+
+. $(atf_get_srcdir)/conf.sh
+
+atf_test_case online_resize cleanup
+online_resize_head()
+{
+ atf_set "descr" "online resize of geli providers"
+ atf_set "require.user" "root"
+}
+online_resize_body()
+{
+ geli_test_setup
+
+ (
+ echo "m 512 none 10485248 1 1 20971008 1 1 31456768 1 1"
+ echo "m 4096 none 10481664 1 1 20967424 1 1 31453184 1 1"
+ echo "m 512 HMAC/SHA256 5242368 1 1 10485248 1 1 15728128 1 1"
+ echo "m 4096 HMAC/SHA256 9318400 1 1 18640896 1 1 27959296 1 1"
+ echo "p 512 none 11258999068425728 [0-9] 20971520
22517998136851968 [0-9] 41943040 33776997205278208 [0-9] 62914560"
+ echo "p 4096 none 11258999068422144 [0-9] 2621440
22517998136848384 [0-9] 5242880 33776997205274624 [0-9] 7864320"
+ echo "p 512 HMAC/SHA256 5629499534212608 [0-9] 20971520
11258999068425728 [0-9] 41943040 16888498602638848 [0-9] 62914560"
+ echo "p 4096 HMAC/SHA256 10007999171932160 [0-9] 20971520
20015998343868416 [0-9] 41943040 30023997515800576 [0-9] 62914560"
+ ) | while read prefix sector auth esize10 ka10 kt10 esize20 ka20 kt20
esize30 ka30 kt30; do
+ if [ "${auth}" = "none" ]; then
+ aalgo=""
+ eflags="0x200"
+ dflags="0x0"
+ else
+ aalgo="-a ${auth}"
+ eflags="0x210"
+ dflags="0x10"
+ fi
+
+ if [ "${prefix}" = "m" ]; then
+ psize10="10485760"
+ psize20="20971520"
+ psize30="31457280"
+ else
+ psize10="11258999068426240"
+ psize20="22517998136852480"
+ psize30="33776997205278720"
+ fi
+
+ md=$(attach_md -t malloc -s40${prefix})
+
+ # Initialise
+ atf_check -s exit:0 -o ignore gpart create -s GPT ${md}
+ atf_check -s exit:0 -o ignore gpart add -t freebsd-ufs -s
10${prefix} ${md}
+
+ echo secret >tmp.key
+
+ atf_check geli init ${aalgo} -s ${sector} -Bnone -PKtmp.key
${md}p1
+ # Autoresize is set by default.
+ atf_check -s exit:0 -o match:"flags: ${eflags}$" geli dump
${md}p1
+
+ atf_check geli configure -R ${md}p1
+ atf_check -s exit:0 -o match:"flags: ${dflags}$" geli dump
${md}p1
+ atf_check geli configure -r ${md}p1
+ atf_check -s exit:0 -o match:"flags: ${eflags}$" geli dump
${md}p1
+
+ atf_check geli init -R ${aalgo} -s ${sector} -Bnone -PKtmp.key
${md}p1
+ atf_check -s exit:0 -o match:"flags: ${dflags}$" geli dump
${md}p1
+
+ atf_check geli configure -r ${md}p1
+ atf_check -s exit:0 -o match:"flags: ${eflags}$" geli dump
${md}p1
+ atf_check geli configure -R ${md}p1
+ atf_check -s exit:0 -o match:"flags: ${dflags}$" geli dump
${md}p1
+
+ atf_check geli init ${aalgo} -s ${sector} -Bnone -PKtmp.key
${md}p1
+ atf_check geli attach -pk tmp.key ${md}p1
+ atf_check -s exit:0 -o
svn commit: r345863 - head/tests/sys/geom/class/eli
Author: pjd
Date: Wed Apr 3 23:58:58 2019
New Revision: 345863
URL: https://svnweb.freebsd.org/changeset/base/345863
Log:
Update configure tests after addition of the online expansion.
Obtained from:Fudo Security
Modified:
head/tests/sys/geom/class/eli/configure_test.sh
Modified: head/tests/sys/geom/class/eli/configure_test.sh
==
--- head/tests/sys/geom/class/eli/configure_test.sh Wed Apr 3 23:57:37
2019(r345862)
+++ head/tests/sys/geom/class/eli/configure_test.sh Wed Apr 3 23:58:58
2019(r345863)
@@ -17,19 +17,19 @@ configure_b_B_body()
atf_check geli init -B none -P -K /dev/null ${md}
- atf_check -s exit:0 -o match:'flags: 0x0$' geli dump ${md}
+ atf_check -s exit:0 -o match:'flags: 0x200$' geli dump ${md}
atf_check geli init -B none -b -P -K /dev/null ${md}
- atf_check -s exit:0 -o match:'flags: 0x2$' geli dump ${md}
+ atf_check -s exit:0 -o match:'flags: 0x202$' geli dump ${md}
atf_check geli configure -B ${md}
- atf_check -s exit:0 -o match:'flags: 0x0$' geli dump ${md}
+ atf_check -s exit:0 -o match:'flags: 0x200$' geli dump ${md}
atf_check geli configure -b ${md}
- atf_check -s exit:0 -o match:'flags: 0x2$' geli dump ${md}
+ atf_check -s exit:0 -o match:'flags: 0x202$' geli dump ${md}
atf_check geli attach -p -k /dev/null ${md}
@@ -39,13 +39,13 @@ configure_b_B_body()
atf_check -o not-match:'^Flags: .*BOOT' geli list ${md}.eli
- atf_check -s exit:0 -o match:'flags: 0x0$' geli dump ${md}
+ atf_check -s exit:0 -o match:'flags: 0x200$' geli dump ${md}
atf_check geli configure -b ${md}
atf_check -s exit:0 -o match:'^Flags: .*BOOT' geli list ${md}.eli
- atf_check -s exit:0 -o match:'flags: 0x2$' geli dump ${md}
+ atf_check -s exit:0 -o match:'flags: 0x202$' geli dump ${md}
atf_check geli detach ${md}
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345862 - in head: lib/geom/eli sys/geom/eli
Author: pjd Date: Wed Apr 3 23:57:37 2019 New Revision: 345862 URL: https://svnweb.freebsd.org/changeset/base/345862 Log: Implement automatic online expansion of GELI providers - if the underlying provider grows, GELI will expand automatically and will move the metadata to the new location of the last sector. This functionality is turned on by default. It can be turned off with the -R flag, but it is not recommended - if the underlying provider grows and automatic expansion is turned off, it won't be possible to attach this provider again, as the metadata is no longer located in the last sector. If the automatic expansion is turned off and the underlying provider grows, GELI will only log a message with the previous size of the provider, so recovery can be easier. Obtained from:Fudo Security Modified: head/lib/geom/eli/geli.8 head/lib/geom/eli/geom_eli.c head/sys/geom/eli/g_eli.c head/sys/geom/eli/g_eli.h head/sys/geom/eli/g_eli_ctl.c head/sys/geom/eli/g_eli_key_cache.c Modified: head/lib/geom/eli/geli.8 == --- head/lib/geom/eli/geli.8Wed Apr 3 23:50:52 2019(r345861) +++ head/lib/geom/eli/geli.8Wed Apr 3 23:57:37 2019(r345862) @@ -1,4 +1,4 @@ -.\" Copyright (c) 2005-2011 Pawel Jakub Dawidek +.\" Copyright (c) 2005-2019 Pawel Jakub Dawidek .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 24, 2018 +.Dd April 3, 2019 .Dt GELI 8 .Os .Sh NAME @@ -51,7 +51,7 @@ utility: .Pp .Nm .Cm init -.Op Fl bdgPTv +.Op Fl bdgPRTv .Op Fl a Ar aalgo .Op Fl B Ar backupfile .Op Fl e Ar ealgo @@ -81,7 +81,7 @@ utility: .Cm detach .Nm .Cm onetime -.Op Fl dT +.Op Fl dRT .Op Fl a Ar aalgo .Op Fl e Ar ealgo .Op Fl l Ar keylen @@ -89,7 +89,7 @@ utility: .Ar prov .Nm .Cm configure -.Op Fl bBdDgGtT +.Op Fl bBdDgGrRtT .Ar prov ... .Nm .Cm setkey @@ -375,6 +375,18 @@ Change decrypted provider's sector size. Increasing the sector size allows increased performance, because encryption/decryption which requires an initialization vector is done per sector; fewer sectors means less computational work. +.It Fl R +Turn off automatic expansion. +By default, if the underlying provider grows, the encrypted provider will +grow automatically too. +The metadata will be moved to the new location. +If automatic expansion if turned off and the underlying provider changes +size, attaching encrypted provider will no longer be possible as the metadata +will no longer be located in the last sector. +In this case +.Nm GELI +will only log the previous size of the underlying provider, so metadata can +be found easier, if resize was done by mistake. .It Fl T Don't pass through .Dv BIO_DELETE @@ -506,6 +518,11 @@ Change decrypted provider's sector size. For more information, see the description of the .Cm init subcommand. +.It Fl R +Turn off automatic expansion. +For more information, see the description of the +.Cm init +subcommand. .It Fl T Disable TRIM/UNMAP passthru. For more information, see the description of the @@ -540,6 +557,13 @@ The boot loader prompts for the passphrase and loads from the encrypted partition. .It Fl G Deactivate booting from this encrypted root partition. +.It Fl r +Turn on automatic expansion. +For more information, see the description of the +.Cm init +subcommand. +.It Fl R +Turn off automatic expansion. .It Fl t Enable TRIM/UNMAP passthru. For more information, see the description of the Modified: head/lib/geom/eli/geom_eli.c == --- head/lib/geom/eli/geom_eli.cWed Apr 3 23:50:52 2019 (r345861) +++ head/lib/geom/eli/geom_eli.cWed Apr 3 23:57:37 2019 (r345862) @@ -1,7 +1,7 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * - * Copyright (c) 2004-2010 Pawel Jakub Dawidek + * Copyright (c) 2004-2019 Pawel Jakub Dawidek * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -91,13 +91,13 @@ static int eli_backup_create(struct gctl_req *req, con /* * Available commands: * - * init [-bdgPTv] [-a aalgo] [-B backupfile] [-e ealgo] [-i iterations] [-l keylen] [-J newpassfile] [-K newkeyfile] [-s sectorsize] [-V version] prov ... + * init [-bdgPRTv] [-a aalgo] [-B backupfile] [-e ealgo] [-i iterations] [-l keylen] [-J newpassfile] [-K newkeyfile] [-s sectorsize] [-V version] prov ... * label - alias for 'init' * attach [-Cdprv] [-n keyno] [-j passfile] [-k keyfile] prov ... * detach [-fl] prov ... * stop - alias for 'detach' - * onetime [-dT] [-a aalgo] [-e ealgo] [-l keylen] prov - * configure [-bBgGtT] prov ... + * onetime [-dRT] [-a aalgo] [-e ealgo] [-l keylen] prov + * configure [-bBgGrRtT] prov ... * se
svn commit: r345861 - head/lib/geom/eli
Author: pjd
Date: Wed Apr 3 23:50:52 2019
New Revision: 345861
URL: https://svnweb.freebsd.org/changeset/base/345861
Log:
- Add missing -T (notrim) option to the label subcommand.
- Add missing -T option in the onetime subcommand comment.
Obtained from:Fudo Security
Modified:
head/lib/geom/eli/geom_eli.c
Modified: head/lib/geom/eli/geom_eli.c
==
--- head/lib/geom/eli/geom_eli.cWed Apr 3 22:30:20 2019
(r345860)
+++ head/lib/geom/eli/geom_eli.cWed Apr 3 23:50:52 2019
(r345861)
@@ -96,7 +96,7 @@ static int eli_backup_create(struct gctl_req *req, con
* attach [-Cdprv] [-n keyno] [-j passfile] [-k keyfile] prov ...
* detach [-fl] prov ...
* stop - alias for 'detach'
- * onetime [-d] [-a aalgo] [-e ealgo] [-l keylen] prov
+ * onetime [-dT] [-a aalgo] [-e ealgo] [-l keylen] prov
* configure [-bBgGtT] prov ...
* setkey [-pPv] [-n keyno] [-j passfile] [-J newpassfile] [-k keyfile] [-K
newkeyfile] prov
* delkey [-afv] [-n keyno] prov
@@ -145,6 +145,7 @@ struct g_command class_commands[] = {
{ 'l', "keylen", "0", G_TYPE_NUMBER },
{ 'P', "nonewpassphrase", NULL, G_TYPE_BOOL },
{ 's', "sectorsize", "0", G_TYPE_NUMBER },
+ { 'T', "notrim", NULL, G_TYPE_BOOL },
{ 'V', "mdversion", "-1", G_TYPE_NUMBER },
G_OPT_SENTINEL
},
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345728 - head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs
Author: pjd
Date: Sat Mar 30 07:29:20 2019
New Revision: 345728
URL: https://svnweb.freebsd.org/changeset/base/345728
Log:
If the autoexpand pool property is turned on and vdev is healthy try to
expand the pool automatically when we detect underlying GEOM provider
size change.
Obtained from:Fudo Security
Tested in:AWS
Modified:
head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
==
--- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c Sat Mar
30 07:24:34 2019(r345727)
+++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c Sat Mar
30 07:29:20 2019(r345728)
@@ -158,6 +158,29 @@ vdev_geom_attrchanged(struct g_consumer *cp, const cha
}
static void
+vdev_geom_resize(struct g_consumer *cp)
+{
+ struct consumer_priv_t *priv;
+ struct consumer_vdev_elem *elem;
+ spa_t *spa;
+ vdev_t *vd;
+
+ priv = (struct consumer_priv_t *)>private;
+ if (SLIST_EMPTY(priv))
+ return;
+
+ SLIST_FOREACH(elem, priv, elems) {
+ vd = elem->vd;
+ if (vd->vdev_state != VDEV_STATE_HEALTHY)
+ continue;
+ spa = vd->vdev_spa;
+ if (!spa->spa_autoexpand)
+ continue;
+ vdev_online(spa, vd->vdev_guid, ZFS_ONLINE_EXPAND, NULL);
+ }
+}
+
+static void
vdev_geom_orphan(struct g_consumer *cp)
{
struct consumer_priv_t *priv;
@@ -229,6 +252,7 @@ vdev_geom_attach(struct g_provider *pp, vdev_t *vd, bo
gp = g_new_geomf(_vdev_class, "zfs::vdev");
gp->orphan = vdev_geom_orphan;
gp->attrchanged = vdev_geom_attrchanged;
+ gp->resize = vdev_geom_resize;
cp = g_new_consumer(gp);
error = g_attach(cp, pp);
if (error != 0) {
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345726 - head/sys/dev/xen/blkfront
Author: pjd
Date: Sat Mar 30 07:20:28 2019
New Revision: 345726
URL: https://svnweb.freebsd.org/changeset/base/345726
Log:
Implement support for online disk capacity changes.
Obtained from:Fudo Security
Tested in:AWS
Modified:
head/sys/dev/xen/blkfront/blkfront.c
Modified: head/sys/dev/xen/blkfront/blkfront.c
==
--- head/sys/dev/xen/blkfront/blkfront.cSat Mar 30 01:56:53 2019
(r345725)
+++ head/sys/dev/xen/blkfront/blkfront.cSat Mar 30 07:20:28 2019
(r345726)
@@ -1227,11 +1227,40 @@ xbd_connect(struct xbd_softc *sc)
int err, feature_barrier, feature_flush;
int i, j;
- if (sc->xbd_state == XBD_STATE_CONNECTED ||
- sc->xbd_state == XBD_STATE_SUSPENDED)
+ DPRINTK("blkfront.c:connect:%s.\n", xenbus_get_otherend_path(dev));
+
+ if (sc->xbd_state == XBD_STATE_SUSPENDED) {
return;
+ }
- DPRINTK("blkfront.c:connect:%s.\n", xenbus_get_otherend_path(dev));
+ if (sc->xbd_state == XBD_STATE_CONNECTED) {
+ struct disk *disk;
+
+ disk = sc->xbd_disk;
+ if (disk == NULL) {
+ return;
+ }
+ err = xs_gather(XST_NIL, xenbus_get_otherend_path(dev),
+ "sectors", "%lu", , NULL);
+ if (err != 0) {
+ xenbus_dev_error(dev, err,
+ "reading sectors at %s",
+ xenbus_get_otherend_path(dev));
+ return;
+ }
+ disk->d_mediasize = disk->d_sectorsize * sectors;
+ err = disk_resize(disk, M_NOWAIT);
+ if (err) {
+ xenbus_dev_error(dev, err,
+ "unable to resize disk %s%u",
+ disk->d_name, disk->d_unit);
+ return;
+ }
+ device_printf(sc->xbd_dev,
+ "changed capacity to %jd\n",
+ (intmax_t)disk->d_mediasize);
+ return;
+ }
err = xs_gather(XST_NIL, xenbus_get_otherend_path(dev),
"sectors", "%lu", ,
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345727 - in head: sbin/devd sys/geom
Author: pjd
Date: Sat Mar 30 07:24:34 2019
New Revision: 345727
URL: https://svnweb.freebsd.org/changeset/base/345727
Log:
Introduce new event SIZECHANGE within GEOM system to inform about GEOM
providers mediasize changes.
While here, use GEOM nomenclature to describe providers instead of calling
them device nodes.
Obtained from:Fudo Security
Tested in:AWS
Modified:
head/sbin/devd/devd.conf.5
head/sys/geom/geom_dev.c
Modified: head/sbin/devd/devd.conf.5
==
--- head/sbin/devd/devd.conf.5 Sat Mar 30 07:20:28 2019(r345726)
+++ head/sbin/devd/devd.conf.5 Sat Mar 30 07:24:34 2019(r345727)
@@ -41,7 +41,7 @@
.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
.\" SOFTWARE.
.\"
-.Dd July 20, 2018
+.Dd March 29, 2019
.Dt DEVD.CONF 5
.Os
.Sh NAME
@@ -432,15 +432,19 @@ only includes disk-like devices.
.It Li CREATE
A
.Xr geom 4
-device node is created.
+provider is created.
.It Li DESTROY
A
.Xr geom 4
-device node is destroyed.
+provider is destroyed.
.It Li GEOM::physpath
The physical path of a device has changed.
.It Li MEDIACHANGE
Physical media has changed.
+.It Li SIZECHANGE
+A
+.Xr geom 4
+provider size has changed.
.El
.El
.Pp
Modified: head/sys/geom/geom_dev.c
==
--- head/sys/geom/geom_dev.cSat Mar 30 07:20:28 2019(r345726)
+++ head/sys/geom/geom_dev.cSat Mar 30 07:24:34 2019(r345727)
@@ -92,6 +92,7 @@ static g_fini_t g_dev_fini;
static g_taste_t g_dev_taste;
static g_orphan_t g_dev_orphan;
static g_attrchanged_t g_dev_attrchanged;
+static g_resize_t g_dev_resize;
static struct g_class g_dev_class = {
.name = "DEV",
@@ -100,7 +101,8 @@ static struct g_class g_dev_class = {
.fini = g_dev_fini,
.taste = g_dev_taste,
.orphan = g_dev_orphan,
- .attrchanged = g_dev_attrchanged
+ .attrchanged = g_dev_attrchanged,
+ .resize = g_dev_resize
};
/*
@@ -300,6 +302,15 @@ g_dev_attrchanged(struct g_consumer *cp, const char *a
g_dev_set_physpath(cp);
return;
}
+}
+
+static void
+g_dev_resize(struct g_consumer *cp)
+{
+ char buf[SPECNAMELEN + 6];
+
+ snprintf(buf, sizeof(buf), "cdev=%s", cp->provider->name);
+ devctl_notify_f("GEOM", "DEV", "SIZECHANGE", buf, M_WAITOK);
}
struct g_provider *
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r344690 - head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs
Author: pjd
Date: Fri Mar 1 05:54:13 2019
New Revision: 344690
URL: https://svnweb.freebsd.org/changeset/base/344690
Log:
Improve readability of the code by making it explicit where the 'c' variable
starts. It is also more consistent with similar code in this file.
Modified:
head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_raidz.c
Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_raidz.c
==
--- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_raidz.cFri Mar
1 05:04:29 2019(r344689)
+++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_raidz.cFri Mar
1 05:54:13 2019(r344690)
@@ -568,7 +568,7 @@ vdev_raidz_map_alloc(abd_t *abd, uint64_t size, uint64
abd_alloc_linear(rm->rm_col[c].rc_size, B_TRUE);
}
- for (off = 0; c < acols; c++) {
+ for (off = 0, c = rm->rm_firstdatacol; c < acols; c++) {
rm->rm_col[c].rc_abd = abd_get_offset(abd, off);
off += rm->rm_col[c].rc_size;
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r344325 - head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs
Author: pjd
Date: Wed Feb 20 00:25:45 2019
New Revision: 344325
URL: https://svnweb.freebsd.org/changeset/base/344325
Log:
Simplify the code. No functional changes.
Reviewed by: rpokala
Modified:
head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_raidz.c
Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_raidz.c
==
--- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_raidz.cWed Feb
20 00:19:11 2019(r344324)
+++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_raidz.cWed Feb
20 00:25:45 2019(r344325)
@@ -568,10 +568,7 @@ vdev_raidz_map_alloc(abd_t *abd, uint64_t size, uint64
abd_alloc_linear(rm->rm_col[c].rc_size, B_TRUE);
}
- rm->rm_col[c].rc_abd = abd_get_offset(abd, 0);
- off = rm->rm_col[c].rc_size;
-
- for (c = c + 1; c < acols; c++) {
+ for (off = 0; c < acols; c++) {
rm->rm_col[c].rc_abd = abd_get_offset(abd, off);
off += rm->rm_col[c].rc_size;
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r344320 - head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs
Author: pjd
Date: Tue Feb 19 23:53:33 2019
New Revision: 344320
URL: https://svnweb.freebsd.org/changeset/base/344320
Log:
Simplify the code.
Modified:
head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/trim_map.c
Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/trim_map.c
==
--- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/trim_map.c Tue Feb
19 23:44:00 2019(r344319)
+++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/trim_map.c Tue Feb
19 23:53:33 2019(r344320)
@@ -360,16 +360,13 @@ trim_map_write_start(zio_t *zio)
return (B_FALSE);
}
- ts = avl_find(>tm_queued_frees, , NULL);
- if (ts != NULL) {
- /*
-* Loop until all overlapping segments are removed.
-*/
- do {
- trim_map_segment_remove(tm, ts, start, end);
- ts = avl_find(>tm_queued_frees, , NULL);
- } while (ts != NULL);
+ /*
+* Loop until all overlapping segments are removed.
+*/
+ while ((ts = avl_find(>tm_queued_frees, , NULL)) != NULL) {
+ trim_map_segment_remove(tm, ts, start, end);
}
+
avl_add(>tm_inflight_writes, zio);
mutex_exit(>tm_lock);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r344319 - head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs
Author: pjd Date: Tue Feb 19 23:44:00 2019 New Revision: 344319 URL: https://svnweb.freebsd.org/changeset/base/344319 Log: Correct typo in the comment. Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_raidz.c Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_raidz.c == --- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_raidz.cTue Feb 19 23:43:15 2019(r344318) +++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_raidz.cTue Feb 19 23:44:00 2019(r344319) @@ -2558,7 +2558,7 @@ vdev_raidz_io_done(zio_t *zio) /* * We're here because either: * -* total_errors == rm_first_datacol, or +* total_errors == rm_firstdatacol, or * vdev_raidz_combrec() failed * * In either case, there is enough bad data to prevent ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r344318 - head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs
Author: pjd Date: Tue Feb 19 23:43:15 2019 New Revision: 344318 URL: https://svnweb.freebsd.org/changeset/base/344318 Log: Change assertion to log the incorrect io_type we've got. Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_raidz.c Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_raidz.c == --- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_raidz.cTue Feb 19 23:41:23 2019(r344317) +++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_raidz.cTue Feb 19 23:43:15 2019(r344318) @@ -2020,7 +2020,7 @@ vdev_raidz_io_start(zio_t *zio) return; } - ASSERT(zio->io_type == ZIO_TYPE_READ); + ASSERT3U(zio->io_type, ==, ZIO_TYPE_READ); /* * Iterate over the columns in reverse order so that we hit the parity ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r344317 - head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs
Author: pjd
Date: Tue Feb 19 23:41:23 2019
New Revision: 344317
URL: https://svnweb.freebsd.org/changeset/base/344317
Log:
Grabage-collect no longer used variable.
Modified:
head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_raidz.c
Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_raidz.c
==
--- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_raidz.cTue Feb
19 23:35:55 2019(r344316)
+++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_raidz.cTue Feb
19 23:41:23 2019(r344317)
@@ -270,7 +270,6 @@ static void
vdev_raidz_map_free(raidz_map_t *rm)
{
int c;
- size_t size;
for (c = 0; c < rm->rm_firstdatacol; c++) {
if (rm->rm_col[c].rc_abd != NULL)
@@ -281,11 +280,9 @@ vdev_raidz_map_free(raidz_map_t *rm)
rm->rm_col[c].rc_size);
}
- size = 0;
for (c = rm->rm_firstdatacol; c < rm->rm_cols; c++) {
if (rm->rm_col[c].rc_abd != NULL)
abd_put(rm->rm_col[c].rc_abd);
- size += rm->rm_col[c].rc_size;
}
if (rm->rm_abd_copy != NULL)
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r344316 - head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs
Author: pjd
Date: Tue Feb 19 23:35:55 2019
New Revision: 344316
URL: https://svnweb.freebsd.org/changeset/base/344316
Log:
The way ZFS searches for its vdevs is the following: first it looks for
a vdev that has the same name as the one stored in metadata and that has
all VDEV labels in place. If it cannot find a GEOM provider with the given
name and all VDEV labels it will scan all GEOM providers for the best match
(the most VDEV labels available), but here the name is ignored.
In case the ZFS pool is created, eg. using GPT partition label:
# zpool create tank /dev/gpt/tank
everything works, and on every import ZFS will pick /dev/gpt/tank and
not /dev/da0p4.
The problem occurs when da0p4 is extended and ZFS is unable to find all
VDEV labels in /dev/gpt/tank anymore (the VDEV labels stored at the end
of the partition are now somewhere else). In this case it will scan all
GEOM providers and will pick the first one with the best match, ie. da0p4.
Fix this problem by checking the VDEV/provider name even if we get the same
match. If the name is the same as the one we have in pool's metadata, prefer
this GEOM provider.
Reported by: oshogbo, Michal Mroz
Tested by:Michal Mroz
Obtained from:Fudo Security
Modified:
head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
==
--- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c Tue Feb
19 23:24:39 2019(r344315)
+++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c Tue Feb
19 23:35:55 2019(r344316)
@@ -692,10 +692,12 @@ vdev_geom_attach_by_guids(vdev_t *vd)
struct g_geom *gp;
struct g_provider *pp, *best_pp;
struct g_consumer *cp;
+ const char *vdpath;
enum match match, best_match;
g_topology_assert();
+ vdpath = vd->vdev_path + sizeof("/dev/") - 1;
cp = NULL;
best_pp = NULL;
best_match = NO_MATCH;
@@ -710,6 +712,10 @@ vdev_geom_attach_by_guids(vdev_t *vd)
if (match > best_match) {
best_match = match;
best_pp = pp;
+ } else if (match == best_match) {
+ if (strcmp(pp->name, vdpath) == 0) {
+ best_pp = pp;
+ }
}
if (match == FULL_MATCH)
goto out;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r344314 - head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs
Author: pjd
Date: Tue Feb 19 23:22:39 2019
New Revision: 344314
URL: https://svnweb.freebsd.org/changeset/base/344314
Log:
In the vdev_geom_open_by_path() function we assume that vdev path starts
with "/dev/". Make sure this is the case.
Modified:
head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
==
--- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c Tue Feb
19 22:46:50 2019(r344313)
+++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c Tue Feb
19 23:22:39 2019(r344314)
@@ -794,7 +794,7 @@ vdev_geom_open(vdev_t *vd, uint64_t *psize, uint64_t *
/*
* We must have a pathname, and it must be absolute.
*/
- if (vd->vdev_path == NULL || vd->vdev_path[0] != '/') {
+ if (vd->vdev_path == NULL || strncmp(vd->vdev_path, "/dev/", 5) != 0) {
vd->vdev_stat.vs_aux = VDEV_AUX_BAD_LABEL;
return (EINVAL);
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r342873 - head/contrib/openbsm/libauditd
Author: pjd Date: Wed Jan 9 01:16:35 2019 New Revision: 342873 URL: https://svnweb.freebsd.org/changeset/base/342873 Log: In r316006 the getstrfromtype_locked() function was modified to return an empty string, instead of NULL, if an entry is missing in the audit_control file. Because of that change the getachost() function started to return success even if the host name was not defined in the audit_control. This in turn led to auditd_hostlen always being set (for an empty host it was set to 0). If auditd_hostlen was not equal to -1 we were trying to append the host name to trail file name. All this led to situation where when host name is not defined in audit_control, auditd will create trail files with a leading '.', which breaks auditdistd as it doesn't work with longer audit trail file names. Fix this by appending host name to the trail file name only if the host name is not empty. Modified: head/contrib/openbsm/libauditd/auditd_lib.c Modified: head/contrib/openbsm/libauditd/auditd_lib.c == --- head/contrib/openbsm/libauditd/auditd_lib.c Wed Jan 9 01:11:19 2019 (r342872) +++ head/contrib/openbsm/libauditd/auditd_lib.c Wed Jan 9 01:16:35 2019 (r342873) @@ -193,7 +193,7 @@ affixdir(char *name, struct dir_ent *dirent) /* * If the host is set then also add the hostname to the filename. */ - if (auditd_hostlen != -1) + if (auditd_hostlen > 0) asprintf(, "%s/%s.%s", dirent->dirname, name, auditd_host); else asprintf(, "%s/%s", dirent->dirname, name); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r341675 - head/contrib/openbsm/bin/auditdistd
Author: pjd
Date: Fri Dec 7 03:13:36 2018
New Revision: 341675
URL: https://svnweb.freebsd.org/changeset/base/341675
Log:
Consider the following situation:
The sender has .not_terminated file. It gets disconnected. The last trail
file is then terminated without adding new data (this can happen for example
when auditd is being stopped on the sender). After reconnect the
.not_terminated
was not renamed on the receiver as it should.
We were already handling similar situation where the sender crashed and the
.not_terminated trail file was renamed to .crash_recovery. Extend this case to
handle the situation above.
Modified:
head/contrib/openbsm/bin/auditdistd/trail.c
Modified: head/contrib/openbsm/bin/auditdistd/trail.c
==
--- head/contrib/openbsm/bin/auditdistd/trail.c Fri Dec 7 02:44:04 2018
(r341674)
+++ head/contrib/openbsm/bin/auditdistd/trail.c Fri Dec 7 03:13:36 2018
(r341675)
@@ -264,6 +264,12 @@ again:
* 2. It is fully sent, but is not terminated, so new data can be
*appended still, or
* 3. It is fully sent but file name has changed.
+*There are two cases here:
+*3a. Sender has crashed and the name has changed from
+*.not_terminated to .crash_recovery.
+*3b. Sender was disconnected, no new data was added to the file,
+*but its name has changed from .not_terminated to terminated
+*name.
*
* Note that we are fine if our .not_terminated or .crash_recovery file
* is smaller than the one on the receiver side, as it is possible that
@@ -275,7 +281,7 @@ again:
(offset >= sb.st_size &&
trail_is_not_terminated(trail->tr_filename)) ||
(offset >= sb.st_size && trail_is_not_terminated(filename) &&
-trail_is_crash_recovery(trail->tr_filename))) {
+!trail_is_not_terminated(trail->tr_filename))) {
/* File was not fully send. Let's finish it. */
if (lseek(fd, offset, SEEK_SET) == -1) {
pjdlog_errno(LOG_ERR,
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r339178 - head/contrib/openbsm/bin/auditdistd
Author: pjd
Date: Thu Oct 4 05:57:27 2018
New Revision: 339178
URL: https://svnweb.freebsd.org/changeset/base/339178
Log:
Remove invalid comments and correct some typos.
Approved by: re (kib)
Modified:
head/contrib/openbsm/bin/auditdistd/receiver.c
head/contrib/openbsm/bin/auditdistd/sender.c
Modified: head/contrib/openbsm/bin/auditdistd/receiver.c
==
--- head/contrib/openbsm/bin/auditdistd/receiver.c Thu Oct 4 05:54:57
2018(r339177)
+++ head/contrib/openbsm/bin/auditdistd/receiver.c Thu Oct 4 05:57:27
2018(r339178)
@@ -140,7 +140,7 @@ static void
adreq_decode_and_validate_header(struct adreq *adreq)
{
- /* Byte-swap only is the sender is using different byte order. */
+ /* Byte-swap only if the sender is using different byte order. */
if (adreq->adr_byteorder != ADIST_BYTEORDER) {
adreq->adr_byteorder = ADIST_BYTEORDER;
adreq->adr_seq = bswap64(adreq->adr_seq);
Modified: head/contrib/openbsm/bin/auditdistd/sender.c
==
--- head/contrib/openbsm/bin/auditdistd/sender.cThu Oct 4 05:54:57
2018(r339177)
+++ head/contrib/openbsm/bin/auditdistd/sender.cThu Oct 4 05:57:27
2018(r339178)
@@ -512,9 +512,6 @@ keepalive_send(void)
pjdlog_debug(3, "keepalive_send: Request sent.");
}
-/*
- * Thread sends request to secondary node.
- */
static void *
send_thread(void *arg __unused)
{
@@ -574,7 +571,7 @@ static void
adrep_decode_header(struct adrep *adrep)
{
- /* Byte-swap only is the receiver is using different byte order. */
+ /* Byte-swap only if the receiver is using different byte order. */
if (adrep->adrp_byteorder != ADIST_BYTEORDER) {
adrep->adrp_byteorder = ADIST_BYTEORDER;
adrep->adrp_seq = bswap64(adrep->adrp_seq);
@@ -582,10 +579,6 @@ adrep_decode_header(struct adrep *adrep)
}
}
-/*
- * Thread receives answer from secondary node and passes it to ggate_send
- * thread.
- */
static void *
recv_thread(void *arg __unused)
{
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r339177 - head/contrib/openbsm/bin/auditdistd
Author: pjd
Date: Thu Oct 4 05:54:57 2018
New Revision: 339177
URL: https://svnweb.freebsd.org/changeset/base/339177
Log:
When the adist_free list is empty and we lose connection to the receiver we
move all elements from the adist_send and adist_recv lists back onto the
adist_free list, but we don't wake consumers waitings for the adist_free list
to become non-empty. This can lead to the sender process stopping audit trail
files distribution and waiting forever.
Fix the problem by adding the missing wakeup.
While here slow down spinning on CPU in case of a short race in
sender_disconnect() and add an explaination when it can occur.
PR: 201953
Reported by: peter
Approved by: re (kib)
Modified:
head/contrib/openbsm/bin/auditdistd/auditdistd.h
head/contrib/openbsm/bin/auditdistd/sender.c
Modified: head/contrib/openbsm/bin/auditdistd/auditdistd.h
==
--- head/contrib/openbsm/bin/auditdistd/auditdistd.hThu Oct 4 05:48:09
2018(r339176)
+++ head/contrib/openbsm/bin/auditdistd/auditdistd.hThu Oct 4 05:54:57
2018(r339177)
@@ -248,6 +248,21 @@ struct adrep {
if (_wakeup)\
cv_signal(list##_cond); \
} while (0)
+#defineQUEUE_CONCAT2(tolist, fromlist1, fromlist2) do {
\
+ bool _wakeup; \
+ \
+ mtx_lock(tolist##_lock);\
+ _wakeup = TAILQ_EMPTY(tolist); \
+ mtx_lock(fromlist1##_lock); \
+ TAILQ_CONCAT((tolist), (fromlist1), adr_next); \
+ mtx_unlock(fromlist1##_lock); \
+ mtx_lock(fromlist2##_lock); \
+ TAILQ_CONCAT((tolist), (fromlist2), adr_next); \
+ mtx_unlock(fromlist2##_lock); \
+ mtx_unlock(tolist##_lock); \
+ if (_wakeup)\
+ cv_signal(tolist##_cond); \
+} while (0)
#defineQUEUE_WAIT(list)do {
\
mtx_lock(list##_lock); \
while (TAILQ_EMPTY(list)) \
Modified: head/contrib/openbsm/bin/auditdistd/sender.c
==
--- head/contrib/openbsm/bin/auditdistd/sender.cThu Oct 4 05:48:09
2018(r339176)
+++ head/contrib/openbsm/bin/auditdistd/sender.cThu Oct 4 05:54:57
2018(r339177)
@@ -342,14 +342,7 @@ sender_disconnect(void)
pjdlog_warning("Disconnected from %s.", adhost->adh_remoteaddr);
/* Move all in-flight requests back onto free list. */
- mtx_lock(_free_list_lock);
- mtx_lock(_send_list_lock);
- TAILQ_CONCAT(_free_list, _send_list, adr_next);
- mtx_unlock(_send_list_lock);
- mtx_lock(_recv_list_lock);
- TAILQ_CONCAT(_free_list, _recv_list, adr_next);
- mtx_unlock(_recv_list_lock);
- mtx_unlock(_free_list_lock);
+ QUEUE_CONCAT2(_free_list, _send_list, _recv_list);
}
static void
@@ -609,9 +602,13 @@ recv_thread(void *arg __unused)
if (adhost->adh_remote == NULL) {
/*
* Connection is dead.
-* XXX: We shouldn't be here.
+* There is a short race in sender_disconnect() between
+* setting adh_remote to NULL and removing entries from
+* the recv list, which can result in us being here.
+* To avoid just spinning, wait for 0.1s.
*/
rw_unlock(_remote_lock);
+ usleep(10);
continue;
}
if (proto_recv(adhost->adh_remote, ,
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r339176 - head/contrib/openbsm/bin/auditdistd
Author: pjd
Date: Thu Oct 4 05:48:09 2018
New Revision: 339176
URL: https://svnweb.freebsd.org/changeset/base/339176
Log:
When we look for a new trail file there might be a race between find trail
file name and opening it. This race was not properly handled, because we were
copying new name before checking for openat(2) error and when we were trying
again we were starting with the next trail file. This could result in skipping
distribution of such a trail file.
Fix this problem by checking for ENOENT first (only for .not_terminated files)
and then updating (or not) tr_filename before restarting the search.
PR: 200139
Reported by: peter
Approved by: re (kib)
Modified:
head/contrib/openbsm/bin/auditdistd/trail.c
Modified: head/contrib/openbsm/bin/auditdistd/trail.c
==
--- head/contrib/openbsm/bin/auditdistd/trail.c Thu Oct 4 01:46:56 2018
(r339175)
+++ head/contrib/openbsm/bin/auditdistd/trail.c Thu Oct 4 05:48:09 2018
(r339176)
@@ -361,17 +361,38 @@ again:
pjdlog_debug(1, "No new trail files.");
return;
}
- PJDLOG_VERIFY(strlcpy(trail->tr_filename, curfile,
- sizeof(trail->tr_filename)) < sizeof(trail->tr_filename));
dfd = dirfd(trail->tr_dirfp);
PJDLOG_ASSERT(dfd >= 0);
- trail->tr_filefd = openat(dfd, trail->tr_filename, O_RDONLY);
+ trail->tr_filefd = openat(dfd, curfile, O_RDONLY);
if (trail->tr_filefd == -1) {
- pjdlog_errno(LOG_ERR,
- "Unable to open file \"%s/%s\", skipping",
- trail->tr_dirname, trail->tr_filename);
+ if (errno == ENOENT && trail_is_not_terminated(curfile)) {
+ /*
+* The .not_terminated file was most likely renamed.
+* Keep trail->tr_filename as a starting point and
+* search again.
+*/
+ pjdlog_debug(1,
+ "Unable to open \"%s/%s\", most likely renamed in
the meantime, retrying.",
+ trail->tr_dirname, curfile);
+ } else {
+ /*
+* We were unable to open the file, but not because of
+* the above. This shouldn't happen, but it did.
+* We don't know why it happen, so the best we can do
+* is to just skip this file - this is why we copy the
+* name, so we can start and the next entry.
+*/
+ PJDLOG_VERIFY(strlcpy(trail->tr_filename, curfile,
+ sizeof(trail->tr_filename)) <
+ sizeof(trail->tr_filename));
+ pjdlog_errno(LOG_ERR,
+ "Unable to open file \"%s/%s\", skipping",
+ trail->tr_dirname, curfile);
+ }
goto again;
}
+ PJDLOG_VERIFY(strlcpy(trail->tr_filename, curfile,
+ sizeof(trail->tr_filename)) < sizeof(trail->tr_filename));
pjdlog_debug(1, "Found next trail file: \"%s/%s\".", trail->tr_dirname,
trail->tr_filename);
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r308439 - svnadmin/conf
Author: pjd Date: Tue Nov 8 09:54:11 2016 New Revision: 308439 URL: https://svnweb.freebsd.org/changeset/base/308439 Log: Please welcome Konrad Witaszczyk (def@) as a new source committer. Konrad is interested in working on encrypted kernel dumps and memory deduplication, at least initially. Approved by: core Modified: svnadmin/conf/access svnadmin/conf/mentors Modified: svnadmin/conf/access == --- svnadmin/conf/accessTue Nov 8 09:51:55 2016(r308438) +++ svnadmin/conf/accessTue Nov 8 09:54:11 2016(r308439) @@ -65,6 +65,7 @@ das davidch davidcs dchagin +def deischen delphij des Modified: svnadmin/conf/mentors == --- svnadmin/conf/mentors Tue Nov 8 09:51:55 2016(r308438) +++ svnadmin/conf/mentors Tue Nov 8 09:54:11 2016(r308439) @@ -18,6 +18,7 @@ benl philip Co-mentor: simon carl jimharris cherry gibbs dabvangyzen +defpjd dexuan sephe erignn Co-mentor: thompsa ivadaszadrian Co-mentor: cognet ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r301036 - svnadmin/conf
Author: pjd Date: Tue May 31 12:39:54 2016 New Revision: 301036 URL: https://svnweb.freebsd.org/changeset/base/301036 Log: Release Mariusz Zaborski (oshogbo) from mentorship. Modified: svnadmin/conf/mentors Modified: svnadmin/conf/mentors == ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r292310 - head
Author: pjd Date: Wed Dec 16 01:05:50 2015 New Revision: 292310 URL: https://svnweb.freebsd.org/changeset/base/292310 Log: Keep maintainance of GELI and make it clear which directories I'm interested in. Modified: head/MAINTAINERS Modified: head/MAINTAINERS == --- head/MAINTAINERSWed Dec 16 00:56:45 2015(r292309) +++ head/MAINTAINERSWed Dec 16 01:05:50 2015(r292310) @@ -42,6 +42,7 @@ dev/usb/wlan adrian Pre-commit review re etc/mail gshapiroPre-commit review requested. Keep in sync with -STABLE. etc/sendmail gshapiroPre-commit review requested. Keep in sync with -STABLE. fetch des Pre-commit review requested. +geli pjd Pre-commit review requested (both sys/geom/eli/ and sbin/geom/class/eli/). isci(4)jimharris Pre-commit review requested. iwm(4) adrian Pre-commit review requested, send to freebsd-wirel...@freebsd.org iwn(4) adrian Pre-commit review requested, send to freebsd-wirel...@freebsd.org @@ -125,7 +126,6 @@ fileobrien Insists to keep file blocke contrib/bzip2 obrien Pre-commit review required. geom freebsd-g...@freebsd.org geom_concatpjd Pre-commit review preferred. -geom_eli pjd Pre-commit review preferred. geom_gate pjd Pre-commit review preferred. geom_label pjd Pre-commit review preferred. geom_mirrorpjd Pre-commit review preferred. ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r289941 - head/sys/kern
Author: pjd
Date: Sun Oct 25 18:48:09 2015
New Revision: 289941
URL: https://svnweb.freebsd.org/changeset/base/289941
Log:
The aio_waitcomplete(2) syscall should not sleep when the given timeout
is 0. Without this change it was sleeping for one tick. Maybe not a big
deal, but it makes share/dtrace/blocking script to report that.
Reviewed by: jhb
Differential Revision:https://reviews.freebsd.org/D3814
Sponsored by: Wheel Systems, http://wheelsystems.com
Modified:
head/sys/kern/vfs_aio.c
Modified: head/sys/kern/vfs_aio.c
==
--- head/sys/kern/vfs_aio.c Sun Oct 25 18:09:03 2015(r289940)
+++ head/sys/kern/vfs_aio.c Sun Oct 25 18:48:09 2015(r289941)
@@ -2494,8 +2494,11 @@ kern_aio_waitcomplete(struct thread *td,
ops->store_aiocb(aiocbp, NULL);
- timo = 0;
- if (ts) {
+ if (ts == NULL) {
+ timo = 0;
+ } else if (ts->tv_sec == 0 && ts->tv_nsec == 0) {
+ timo = -1;
+ } else {
if ((ts->tv_nsec < 0) || (ts->tv_nsec >= 10))
return (EINVAL);
@@ -2513,6 +2516,10 @@ kern_aio_waitcomplete(struct thread *td,
cb = NULL;
AIO_LOCK(ki);
while ((cb = TAILQ_FIRST(>kaio_done)) == NULL) {
+ if (timo == -1) {
+ error = EWOULDBLOCK;
+ break;
+ }
ki->kaio_flags |= KAIO_WAKEUP;
error = msleep(>p_aioinfo, AIO_MTX(ki), PRIBIO | PCATCH,
"aiowc", timo);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r288644 - head/share/dtrace
Author: pjd
Date: Sun Oct 4 00:40:12 2015
New Revision: 288644
URL: https://svnweb.freebsd.org/changeset/base/288644
Log:
Add a little, but very useful script for use with programs that work using an
event loop and should sleep only when waiting for events (eg. via kevent(2)).
When a program is going to sleep in the kernel, the script will show its name,
PID, kernel stack trace and userland stack trace. Sleeping in kevent(2) is
ignored as it is expected to be valid.
Sample output:
# ./blocking lynxd
lynxd(15042) is blocking...
kernel`_cv_wait_sig+0x124
kernel`seltdwait+0xae
kernel`sys_poll+0x3a3
kernel`amd64_syscall+0x343
kernel`0x806c79ab
lynxd`poll+0xa
lynxd`pqSocketCheck+0xa2
lynxd`pqWaitTimed+0x29
lynxd`connectDBComplete+0xd7
lynxd`PQsetdbLogin+0x2ec
lynxd`db_connect+0x3c
lynxd`main+0x198
lynxd`_start+0x16f
0x2
lynxd(1925) is blocking...
kernel`_cv_wait+0x125
zfs.ko`zio_wait+0x5b
zfs.ko`dmu_buf_hold_array_by_dnode+0x1dc
zfs.ko`dmu_read+0xcb
zfs.ko`zfs_freebsd_getpages+0x37b
kernel`VOP_GETPAGES_APV+0xa7
kernel`vnode_pager_getpages+0x9a
kernel`vm_fault_hold+0x885
kernel`vm_fault+0x77
kernel`trap_pfault+0x211
kernel`trap+0x506
kernel`0x806c76c2
lynxd`EVP_add_cipher+0x13
lynxd`SSL_library_init+0x11
lynxd`main+0x94
lynxd`_start+0x16f
0x2
lynxd(1925) is blocking...
kernel`_cv_wait+0x125
zfs.ko`zio_wait+0x5b
zfs.ko`dbuf_read+0x791
zfs.ko`dbuf_findbp+0x12f
zfs.ko`dbuf_hold_impl+0xa2
zfs.ko`dbuf_hold+0x1b
zfs.ko`dmu_buf_hold_array_by_dnode+0x153
zfs.ko`dmu_read_uio+0x66
zfs.ko`zfs_freebsd_read+0x3a3
kernel`VOP_READ_APV+0xa1
kernel`vn_read+0x13a
kernel`vn_io_fault+0x10b
kernel`dofileread+0x95
kernel`kern_readv+0x68
kernel`sys_read+0x63
kernel`amd64_syscall+0x343
kernel`0x806c79ab
lynxd`_read+0xa
lynxd`__srefill+0x122
lynxd`fgets+0x78
lynxd`file_gets+0x1d
lynxd`BIO_gets+0x64
lynxd`PEM_read_bio+0xf5
lynxd`PEM_X509_INFO_read_bio+0x90
lynxd`X509_load_cert_crl_file+0x47
lynxd`by_file_ctrl+0x2e
lynxd`X509_STORE_load_locations+0x4a
lynxd`sslctx_init+0x255
lynxd`main+0x215
lynxd`_start+0x16f
0x2
Requested by: gnn
Obtained from:Wheel Systems http://wheelsystems.com
Added:
head/share/dtrace/blocking (contents, props changed)
Modified:
head/share/dtrace/Makefile
Modified: head/share/dtrace/Makefile
==
--- head/share/dtrace/Makefile Sat Oct 3 22:38:08 2015(r288643)
+++ head/share/dtrace/Makefile Sun Oct 4 00:40:12 2015(r288644)
@@ -12,7 +12,8 @@ SUBDIR= ${_toolkit}
_toolkit= toolkit
.endif
-SCRIPTS= disklatency \
+SCRIPTS= blocking \
+ disklatency \
disklatencycmd \
hotopen \
nfsattrstats \
Added: head/share/dtrace/blocking
==
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/dtrace/blocking Sun Oct 4 00:40:12 2015(r288644)
@@ -0,0 +1,57 @@
+#!/usr/sbin/dtrace -s
+/*-
+ * Copyright (c) 2015 Pawel Jakub Dawidek <pa...@dawidek.net>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in the
+ *documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE A
svn commit: r286444 - in head: sbin/geom/class/eli sys/geom/eli
Author: pjd
Date: Sat Aug 8 09:51:38 2015
New Revision: 286444
URL: https://svnweb.freebsd.org/changeset/base/286444
Log:
Enable BIO_DELETE passthru in GELI, so TRIM/UNMAP can work as expected when
GELI is used on a SSD or inside virtual machine, so that guest can tell
host that it is no longer using some of the storage.
Enabling BIO_DELETE passthru comes with a small security consequence - an
attacker can tell how much space is being really used on encrypted device and
has less data no analyse then. This is why the -T option can be given to the
init subcommand to turn off this behaviour and -t/T options for the configure
subcommand can be used to adjust this setting later.
PR: 198863
Submitted by: Matthew D. Fuller fullermd at over-yonder dot net
This commit also includes a fix from Fabian Keil freebsd-listen at
fabiankeil.de for 'configure' on onetime providers which is not strictly
related, but is entangled in the same code, so would cause conflicts if
separated out.
Modified:
head/sbin/geom/class/eli/geli.8
head/sbin/geom/class/eli/geom_eli.c
head/sys/geom/eli/g_eli.c
head/sys/geom/eli/g_eli.h
head/sys/geom/eli/g_eli_ctl.c
Modified: head/sbin/geom/class/eli/geli.8
==
--- head/sbin/geom/class/eli/geli.8 Sat Aug 8 08:40:36 2015
(r286443)
+++ head/sbin/geom/class/eli/geli.8 Sat Aug 8 09:51:38 2015
(r286444)
@@ -24,7 +24,7 @@
.\
.\ $FreeBSD$
.\
-.Dd June 2, 2015
+.Dd July 10, 2015
.Dt GELI 8
.Os
.Sh NAME
@@ -51,7 +51,7 @@ utility:
.Pp
.Nm
.Cm init
-.Op Fl bPv
+.Op Fl bPTv
.Op Fl a Ar aalgo
.Op Fl B Ar backupfile
.Op Fl e Ar ealgo
@@ -80,7 +80,7 @@ utility:
.Cm detach
.Nm
.Cm onetime
-.Op Fl d
+.Op Fl dT
.Op Fl a Ar aalgo
.Op Fl e Ar ealgo
.Op Fl l Ar keylen
@@ -88,7 +88,7 @@ utility:
.Ar prov
.Nm
.Cm configure
-.Op Fl bB
+.Op Fl bBtT
.Ar prov ...
.Nm
.Cm setkey
@@ -351,6 +351,17 @@ Change decrypted provider's sector size.
Increasing the sector size allows increased performance,
because encryption/decryption which requires an initialization vector
is done per sector; fewer sectors means less computational work.
+.It Fl T
+Don't pass through
+.Dv BIO_DELETE
+calls (i.e., TRIM/UNMAP).
+This can prevent an attacker from knowing how much space you're actually
+using and which sectors contain live data, but will also prevent the
+backing store (SSD, etc) from reclaiming space you're not using, which
+may degrade its performance and lifespan.
+The underlying provider may or may not actually obliterate the deleted
+sectors when TRIM is enabled, so it should not be considered to add any
+security.
.It Fl V Ar version
Metadata version to use.
This option is helpful when creating a provider that may be used by older
@@ -456,6 +467,11 @@ Change decrypted provider's sector size.
For more information, see the description of the
.Cm init
subcommand.
+.It Fl T
+Disable TRIM/UNMAP passthru.
+For more information, see the description of the
+.Cm init
+subcommand.
.El
.It Cm configure
Change configuration of the given providers.
@@ -469,6 +485,13 @@ For more information, see the descriptio
subcommand.
.It Fl B
Remove the BOOT flag from the given providers.
+.It Fl t
+Enable TRIM/UNMAP passthru.
+For more information, see the description of the
+.Cm init
+subcommand.
+.It Fl T
+Disable TRIM/UNMAP passthru.
.El
.It Cm setkey
Install a copy of the Master Key into the selected slot, encrypted with
Modified: head/sbin/geom/class/eli/geom_eli.c
==
--- head/sbin/geom/class/eli/geom_eli.c Sat Aug 8 08:40:36 2015
(r286443)
+++ head/sbin/geom/class/eli/geom_eli.c Sat Aug 8 09:51:38 2015
(r286444)
@@ -114,10 +114,11 @@ struct g_command class_commands[] = {
{ 'l', keylen, 0, G_TYPE_NUMBER },
{ 'P', nonewpassphrase, NULL, G_TYPE_BOOL },
{ 's', sectorsize, 0, G_TYPE_NUMBER },
+ { 'T', notrim, NULL, G_TYPE_BOOL },
{ 'V', mdversion, -1, G_TYPE_NUMBER },
G_OPT_SENTINEL
},
- [-bPv] [-a aalgo] [-B backupfile] [-e ealgo] [-i iterations] [-l
keylen] [-J newpassfile] [-K newkeyfile] [-s sectorsize] [-V version] prov
+ [-bPTv] [-a aalgo] [-B backupfile] [-e ealgo] [-i iterations] [-l
keylen] [-J newpassfile] [-K newkeyfile] [-s sectorsize] [-V version] prov
},
{ label, G_FLAG_VERBOSE, eli_main,
{
@@ -170,17 +171,20 @@ struct g_command class_commands[] = {
{ 'e', ealgo, GELI_ENC_ALGO, G_TYPE_STRING },
{ 'l', keylen, 0, G_TYPE_NUMBER },
{ 's', sectorsize, 0, G_TYPE_NUMBER },
+ { 'T', notrim, NULL, G_TYPE_BOOL },
G_OPT_SENTINEL
},
- [-d] [-a aalgo] [-e ealgo] [-l keylen] [-s sectorsize] prov
+
svn commit: r286445 - in head: sbin/swapon share/man/man5
Author: pjd
Date: Sat Aug 8 09:57:38 2015
New Revision: 286445
URL: https://svnweb.freebsd.org/changeset/base/286445
Log:
Allow to disable BIO_DELETE passthru in fstab for swap-on-geli devices by
passing 'notrim' option.
PR: 198863
Submitted by: Matthew D. Fuller fullermd at over-yonder dot net
Modified:
head/sbin/swapon/swapon.c
head/share/man/man5/fstab.5
Modified: head/sbin/swapon/swapon.c
==
--- head/sbin/swapon/swapon.c Sat Aug 8 09:51:38 2015(r286444)
+++ head/sbin/swapon/swapon.c Sat Aug 8 09:57:38 2015(r286445)
@@ -313,7 +313,7 @@ static char *
swap_on_geli_args(const char *mntops)
{
const char *aalgo, *ealgo, *keylen_str, *sectorsize_str;
- const char *aflag, *eflag, *lflag, *sflag;
+ const char *aflag, *eflag, *lflag, *Tflag, *sflag;
char *p, *args, *token, *string, *ops;
int argsize, pagesize;
size_t pagesize_len;
@@ -321,7 +321,7 @@ swap_on_geli_args(const char *mntops)
/* Use built-in defaults for geli(8). */
aalgo = ealgo = keylen_str = ;
- aflag = eflag = lflag = ;
+ aflag = eflag = lflag = Tflag = ;
/* We will always specify sectorsize. */
sflag = -s ;
@@ -365,6 +365,8 @@ swap_on_geli_args(const char *mntops)
free(ops);
return (NULL);
}
+ } else if ((p = strstr(token, notrim)) == token) {
+ Tflag = -T ;
} else if (strcmp(token, sw) != 0) {
warnx(Invalid option: %s, token);
free(ops);
@@ -387,8 +389,8 @@ swap_on_geli_args(const char *mntops)
sectorsize_str = p;
}
- argsize = asprintf(args, %s%s%s%s%s%s%s%s -d,
- aflag, aalgo, eflag, ealgo, lflag, keylen_str,
+ argsize = asprintf(args, %s%s%s%s%s%s%s%s%s -d,
+ aflag, aalgo, eflag, ealgo, lflag, keylen_str, Tflag,
sflag, sectorsize_str);
free(ops);
Modified: head/share/man/man5/fstab.5
==
--- head/share/man/man5/fstab.5 Sat Aug 8 09:51:38 2015(r286444)
+++ head/share/man/man5/fstab.5 Sat Aug 8 09:57:38 2015(r286445)
@@ -242,6 +242,7 @@ The
.Dq ealgo ,
.Dq aalgo ,
.Dq keylen ,
+.Dq notrim ,
and
.Dq sectorsize
options may be passed to control those
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r286373 - head/sys/geom/eli
Author: pjd
Date: Thu Aug 6 17:13:34 2015
New Revision: 286373
URL: https://svnweb.freebsd.org/changeset/base/286373
Log:
After crypto_dispatch() bio might be already delivered and destroyed,
so we cannot access it anymore. Setting an error later lead to memory
corruption.
Assert that crypto_dispatch() was successful. It can fail only if we pass a
bogus crypto request, which is a bug in the program, not a runtime condition.
PR: 199705
Submitted by: luke.tw
Reviewed by: emaste
MFC after:3 days
Modified:
head/sys/geom/eli/g_eli_integrity.c
head/sys/geom/eli/g_eli_privacy.c
Modified: head/sys/geom/eli/g_eli_integrity.c
==
--- head/sys/geom/eli/g_eli_integrity.c Thu Aug 6 17:07:21 2015
(r286372)
+++ head/sys/geom/eli/g_eli_integrity.c Thu Aug 6 17:13:34 2015
(r286373)
@@ -408,8 +408,8 @@ g_eli_auth_run(struct g_eli_worker *wr,
struct cryptodesc *crde, *crda;
u_int i, lsec, nsec, data_secsize, decr_secsize, encr_secsize;
off_t dstoff;
- int err, error;
u_char *p, *data, *auth, *authkey, *plaindata;
+ int error;
G_ELI_LOGREQ(3, bp, %s, __func__);
@@ -451,7 +451,6 @@ g_eli_auth_run(struct g_eli_worker *wr,
bp-bio_inbed = 0;
bp-bio_children = nsec;
- error = 0;
for (i = 1; i = nsec; i++, dstoff += encr_secsize) {
crp = (struct cryptop *)p; p += sizeof(*crp);
crde = (struct cryptodesc *)p; p += sizeof(*crde);
@@ -519,10 +518,8 @@ g_eli_auth_run(struct g_eli_worker *wr,
crda-crd_klen = G_ELI_AUTH_SECKEYLEN * 8;
crp-crp_etype = 0;
- err = crypto_dispatch(crp);
- if (err != 0 error == 0)
- error = err;
+ error = crypto_dispatch(crp);
+ KASSERT(error == 0, (crypto_dispatch() failed (error=%d),
+ error));
}
- if (bp-bio_error == 0)
- bp-bio_error = error;
}
Modified: head/sys/geom/eli/g_eli_privacy.c
==
--- head/sys/geom/eli/g_eli_privacy.c Thu Aug 6 17:07:21 2015
(r286372)
+++ head/sys/geom/eli/g_eli_privacy.c Thu Aug 6 17:13:34 2015
(r286373)
@@ -230,10 +230,10 @@ g_eli_crypto_run(struct g_eli_worker *wr
struct cryptop *crp;
struct cryptodesc *crd;
u_int i, nsec, secsize;
- int err, error;
off_t dstoff;
size_t size;
u_char *p, *data;
+ int error;
G_ELI_LOGREQ(3, bp, %s, __func__);
@@ -271,7 +271,6 @@ g_eli_crypto_run(struct g_eli_worker *wr
bcopy(bp-bio_data, data, bp-bio_length);
}
- error = 0;
for (i = 0, dstoff = bp-bio_offset; i nsec; i++, dstoff += secsize) {
crp = (struct cryptop *)p; p += sizeof(*crp);
crd = (struct cryptodesc *)p; p += sizeof(*crd);
@@ -308,10 +307,8 @@ g_eli_crypto_run(struct g_eli_worker *wr
crd-crd_next = NULL;
crp-crp_etype = 0;
- err = crypto_dispatch(crp);
- if (error == 0)
- error = err;
+ error = crypto_dispatch(crp);
+ KASSERT(error == 0, (crypto_dispatch() failed (error=%d),
+ error));
}
- if (bp-bio_error == 0)
- bp-bio_error = error;
}
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
Re: svn commit: r285021 - head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs
On Mon, Aug 03, 2015 at 04:20:04PM +0300, Andriy Gapon wrote: On 30/07/2015 10:24, K. Macy wrote: Just FYI this change introduces a deadlock with with the spa_namespace_lock. Mount will be holding this lock while trying to acquire the spa_namespace_lock. zfskern on the other hand holds the spa_namespace_lock when calling zfs_freebsd_access which in turn tries to acquire the teardown lock. I missed the fact that zpool.cache file is being written with spa_namespace_lock held. I'll try to either resolve the problem in the next day or I will revert the change. FYI, I'm hitting this deadlock on my laptop. Reverting the change fixes the problem. -- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://mobter.com pgpQSZVhmhx0p.pgp Description: PGP signature
svn commit: r285363 - head/sys/geom/eli
Author: pjd Date: Fri Jul 10 19:27:19 2015 New Revision: 285363 URL: https://svnweb.freebsd.org/changeset/base/285363 Log: Spoil even can happen for some time now even on providers opened exclusively (on the media change event). Update GELI to handle that situation. PR: 201185 Submitted by: Matthew D. Fuller Modified: head/sys/geom/eli/g_eli.c Modified: head/sys/geom/eli/g_eli.c == --- head/sys/geom/eli/g_eli.c Fri Jul 10 19:24:36 2015(r285362) +++ head/sys/geom/eli/g_eli.c Fri Jul 10 19:27:19 2015(r285363) @@ -730,10 +730,10 @@ g_eli_create(struct gctl_req *req, struc sc = malloc(sizeof(*sc), M_ELI, M_WAITOK | M_ZERO); gp-start = g_eli_start; /* -* Spoiling cannot happen actually, because we keep provider open for -* writing all the time or provider is read-only. +* Spoiling can happen even though we have the provider open +* exclusively, e.g. through media change events. */ - gp-spoiled = g_eli_orphan_spoil_assert; + gp-spoiled = g_eli_orphan; gp-orphan = g_eli_orphan; gp-dumpconf = g_eli_dumpconf; /* ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r285023 - in head: sbin/geom/class/eli sys/geom/eli
Author: pjd
Date: Thu Jul 2 10:55:32 2015
New Revision: 285023
URL: https://svnweb.freebsd.org/changeset/base/285023
Log:
Allow to omit keyfile number for the first keyfile.
Modified:
head/sbin/geom/class/eli/geli.8
head/sys/geom/eli/g_eli.c
Modified: head/sbin/geom/class/eli/geli.8
==
--- head/sbin/geom/class/eli/geli.8 Thu Jul 2 10:31:08 2015
(r285022)
+++ head/sbin/geom/class/eli/geli.8 Thu Jul 2 10:55:32 2015
(r285023)
@@ -24,7 +24,7 @@
.\
.\ $FreeBSD$
.\
-.Dd June 18, 2014
+.Dd June 2, 2015
.Dt GELI 8
.Os
.Sh NAME
@@ -893,6 +893,13 @@ geli_da1s3a_keyfile0_type=da1s3a:geli_k
geli_da1s3a_keyfile0_name=/boot/keys/da1s3a.key
.Ed
.Pp
+If there is only one keyfile, the index might be omitted:
+.Bd -literal -offset indent
+geli_da1s3a_keyfile_load=YES
+geli_da1s3a_keyfile_type=da1s3a:geli_keyfile
+geli_da1s3a_keyfile_name=/boot/keys/da1s3a.key
+.Ed
+.Pp
Not only configure encryption, but also data integrity verification using
.Nm HMAC/SHA256 .
.Bd -literal -offset indent
Modified: head/sys/geom/eli/g_eli.c
==
--- head/sys/geom/eli/g_eli.c Thu Jul 2 10:31:08 2015(r285022)
+++ head/sys/geom/eli/g_eli.c Thu Jul 2 10:55:32 2015(r285023)
@@ -998,6 +998,13 @@ g_eli_keyfiles_load(struct hmac_ctx *ctx
for (i = 0; ; i++) {
snprintf(name, sizeof(name), %s:geli_keyfile%d, provider, i);
keyfile = preload_search_by_type(name);
+ if (keyfile == NULL i == 0) {
+ /*
+* If there is only one keyfile, allow simpler name.
+*/
+ snprintf(name, sizeof(name), %s:geli_keyfile,
provider);
+ keyfile = preload_search_by_type(name);
+ }
if (keyfile == NULL)
return (i); /* Return number of loaded keyfiles. */
data = preload_fetch_addr(keyfile);
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r285024 - head/sys/geom/eli
Author: pjd Date: Thu Jul 2 10:57:34 2015 New Revision: 285024 URL: https://svnweb.freebsd.org/changeset/base/285024 Log: Properly propagate errors in metadata reading. PR: 198860 Submitted by: Matthew D. Fuller Modified: head/sys/geom/eli/g_eli.c Modified: head/sys/geom/eli/g_eli.c == --- head/sys/geom/eli/g_eli.c Thu Jul 2 10:55:32 2015(r285023) +++ head/sys/geom/eli/g_eli.c Thu Jul 2 10:57:34 2015(r285024) @@ -633,7 +633,10 @@ g_eli_read_metadata(struct g_class *mp, g_topology_lock(); if (buf == NULL) goto end; - eli_metadata_decode(buf, md); + error = eli_metadata_decode(buf, md); + if (error != 0) + goto end; + /* Metadata was read and decoded successfully. */ end: if (buf != NULL) g_free(buf); ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r283928 - stable/10/sbin/geom/class/eli
Author: pjd Date: Tue Jun 2 20:29:58 2015 New Revision: 283928 URL: https://svnweb.freebsd.org/changeset/base/283928 Log: MFC r265950 (by thomas): Add mention of metadata version 7 in FreeBSD 10.0. Modified: stable/10/sbin/geom/class/eli/geli.8 Directory Properties: stable/10/ (props changed) Modified: stable/10/sbin/geom/class/eli/geli.8 == --- stable/10/sbin/geom/class/eli/geli.8Tue Jun 2 19:20:39 2015 (r283927) +++ stable/10/sbin/geom/class/eli/geli.8Tue Jun 2 20:29:58 2015 (r283928) @@ -1053,6 +1053,8 @@ metadata version supported by the given .It Li 8.2 Ta 5 .Pp .It Li 9.0 Ta 6 +.Pp +.It Li 10.0 Ta 7 .El .Sh AUTHORS .An Pawel Jakub Dawidek Aq p...@freebsd.org ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r281856 - svnadmin/conf
Author: pjd Date: Wed Apr 22 16:06:49 2015 New Revision: 281856 URL: https://svnweb.freebsd.org/changeset/base/281856 Log: Welcome Mariusz Zaborski (oshogbo) as a new src committer. Mariusz will be working (at least initially) on Capsicum, Casper, libnv and surroundings. Approved by: core Modified: svnadmin/conf/access Modified: svnadmin/conf/access == --- svnadmin/conf/accessWed Apr 22 14:38:58 2015(r281855) +++ svnadmin/conf/accessWed Apr 22 16:06:49 2015(r281856) @@ -166,6 +166,7 @@ nwhitehorn nyan obrien oleg +oshogbo peter pe...@wemm.org peterj pfg ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r277920 - head/lib/libnv
Author: pjd
Date: Fri Jan 30 09:44:29 2015
New Revision: 277920
URL: https://svnweb.freebsd.org/changeset/base/277920
Log:
If moving descriptor or binary data to an nvlist fails, we need to close the
descriptor or free the memory before returning.
Submitted by: Mariusz Zaborski osho...@freebsd.org
While here, protect errno, so it won't be overwritted by close(2) or free(3).
Modified:
head/lib/libnv/nvpair.c
Modified: head/lib/libnv/nvpair.c
==
--- head/lib/libnv/nvpair.c Fri Jan 30 09:05:43 2015(r277919)
+++ head/lib/libnv/nvpair.c Fri Jan 30 09:44:29 2015(r277920)
@@ -1100,6 +1100,7 @@ nvpair_t *
nvpair_movev_string(char *value, const char *namefmt, va_list nameap)
{
nvpair_t *nvp;
+ int serrno;
if (value == NULL) {
errno = EINVAL;
@@ -1108,8 +1109,11 @@ nvpair_movev_string(char *value, const c
nvp = nvpair_allocv(NV_TYPE_STRING, (uint64_t)(uintptr_t)value,
strlen(value) + 1, namefmt, nameap);
- if (nvp == NULL)
+ if (nvp == NULL) {
+ serrno = errno;
free(value);
+ errno = serrno;
+ }
return (nvp);
}
@@ -1137,28 +1141,46 @@ nvpair_movev_nvlist(nvlist_t *value, con
nvpair_t *
nvpair_movev_descriptor(int value, const char *namefmt, va_list nameap)
{
+ nvpair_t *nvp;
+ int serrno;
if (value 0 || !fd_is_valid(value)) {
errno = EBADF;
return (NULL);
}
- return (nvpair_allocv(NV_TYPE_DESCRIPTOR, (uint64_t)value,
- sizeof(int64_t), namefmt, nameap));
+ nvp = nvpair_allocv(NV_TYPE_DESCRIPTOR, (uint64_t)value,
+ sizeof(int64_t), namefmt, nameap);
+ if (nvp == NULL) {
+ serrno = errno;
+ close(value);
+ errno = serrno;
+ }
+
+ return (nvp);
}
nvpair_t *
nvpair_movev_binary(void *value, size_t size, const char *namefmt,
va_list nameap)
{
+ nvpair_t *nvp;
+ int serrno;
if (value == NULL || size == 0) {
errno = EINVAL;
return (NULL);
}
- return (nvpair_allocv(NV_TYPE_BINARY, (uint64_t)(uintptr_t)value, size,
- namefmt, nameap));
+ nvp = nvpair_allocv(NV_TYPE_BINARY, (uint64_t)(uintptr_t)value, size,
+ namefmt, nameap);
+ if (nvp == NULL) {
+ serrno = errno;
+ free(value);
+ errno = serrno;
+ }
+
+ return (nvp);
}
bool
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r277921 - head/lib/libnv
Author: pjd
Date: Fri Jan 30 10:08:38 2015
New Revision: 277921
URL: https://svnweb.freebsd.org/changeset/base/277921
Log:
Modify nvlist_get_parent() API to take additional cookie argument.
This allow for non-recursive iteration over nested nvlists, as in documented
example.
Submitted by: Mariusz Zaborski osho...@freebsd.org
Modified:
head/lib/libnv/nv.3
head/lib/libnv/nv.h
head/lib/libnv/nvlist.c
Modified: head/lib/libnv/nv.3
==
--- head/lib/libnv/nv.3 Fri Jan 30 09:44:29 2015(r277920)
+++ head/lib/libnv/nv.3 Fri Jan 30 10:08:38 2015(r277921)
@@ -28,7 +28,7 @@
.\
.\ $FreeBSD$
.\
-.Dd September 25, 2014
+.Dd January 30, 2015
.Dt NV 3
.Os
.Sh NAME
@@ -151,7 +151,7 @@
.Ft const void *
.Fn nvlist_get_binary const nvlist_t *nvl const char *name size_t *sizep
.Ft const nvlist_t *
-.Fn nvlist_get_parent const nvlist_t *nvl
+.Fn nvlist_get_parent const nvlist_t *nvl void **cookiep
.\
.Ft bool
.Fn nvlist_take_bool nvlist_t *nvl const char *name
@@ -588,6 +588,28 @@ while ((name = nvlist_next(nvl, type,
printf(\\n);
}
.Ed
+.Pp
+Iterating over every nested nvlist:
+.Bd -literal
+nvlist_t *nvl;
+const char *name;
+void *cookie;
+int type;
+
+nvl = nvlist_recv(sock);
+if (nvl == NULL)
+ err(1, nvlist_recv() failed);
+
+cookie = NULL;
+do {
+ while ((name = nvlist_next(nvl, type, cookie)) != NULL) {
+ if (type == NV_TYPE_NVLIST) {
+ nvl = nvlist_get_nvlist(nvl, name);
+ cookie = NULL;
+ }
+ }
+} while ((nvl = nvlist_get_parent(nvl, cookie)) != NULL);
+.Ed
.Sh SEE ALSO
.Xr close 2 ,
.Xr dup 2 ,
Modified: head/lib/libnv/nv.h
==
--- head/lib/libnv/nv.h Fri Jan 30 09:44:29 2015(r277920)
+++ head/lib/libnv/nv.h Fri Jan 30 10:08:38 2015(r277921)
@@ -83,7 +83,7 @@ nvlist_t *nvlist_xfer(int sock, nvlist_t
const char *nvlist_next(const nvlist_t *nvl, int *typep, void **cookiep);
-const nvlist_t *nvlist_get_parent(const nvlist_t *nvl);
+const nvlist_t *nvlist_get_parent(const nvlist_t *nvl, void **cookiep);
/*
* The nvlist_exists functions check if the given name (optionally of the given
Modified: head/lib/libnv/nvlist.c
==
--- head/lib/libnv/nvlist.c Fri Jan 30 09:44:29 2015(r277920)
+++ head/lib/libnv/nvlist.c Fri Jan 30 10:08:38 2015(r277921)
@@ -159,15 +159,19 @@ nvlist_get_nvpair_parent(const nvlist_t
}
const nvlist_t *
-nvlist_get_parent(const nvlist_t *nvl)
+nvlist_get_parent(const nvlist_t *nvl, void **cookiep)
{
+ nvpair_t *nvp;
NVLIST_ASSERT(nvl);
- if (nvl-nvl_parent == NULL)
+ nvp = nvl-nvl_parent;
+ if (cookiep != NULL)
+ *cookiep = nvp;
+ if (nvp == NULL)
return (NULL);
- return (nvpair_nvlist(nvl-nvl_parent));
+ return (nvpair_nvlist(nvp));
}
void
@@ -384,11 +388,10 @@ nvlist_dump(const nvlist_t *nvl, int fd)
dprintf(fd, \n);
nvl = nvpair_get_nvlist(nvp);
if (nvlist_dump_error_check(nvl, fd, level + 1)) {
- nvl = nvlist_get_parent(nvl);
+ nvl = nvlist_get_parent(nvl, (void **)nvp);
break;
}
- level += 1;
- nvp = nvlist_first_nvpair(nvl);
+ level++;
continue;
case NV_TYPE_DESCRIPTOR:
dprintf(fd, %d\n, nvpair_get_descriptor(nvp));
@@ -411,11 +414,10 @@ nvlist_dump(const nvlist_t *nvl, int fd)
}
while ((nvp = nvlist_next_nvpair(nvl, nvp)) == NULL) {
- nvp = nvlist_get_nvpair_parent(nvl);
- if (nvp == NULL)
+ nvl = nvlist_get_parent(nvl, (void **)nvp);
+ if (nvl == NULL)
return;
- nvl = nvlist_get_parent(nvl);
- level --;
+ level--;
}
}
}
@@ -457,10 +459,9 @@ nvlist_size(const nvlist_t *nvl)
}
while ((nvp = nvlist_next_nvpair(nvl, nvp)) == NULL) {
- nvp = nvlist_get_nvpair_parent(nvl);
- if (nvp == NULL)
+ nvl = nvlist_get_parent(nvl, (void **)nvp);
+ if (nvl == NULL)
goto out;
- nvl = nvlist_get_parent(nvl);
}
}
@@ -635,13 +636,12 @@ nvlist_xpack(const nvlist_t *nvl, int64_
return (NULL);
}
svn commit: r277927 - head/lib/libnv
Author: pjd
Date: Fri Jan 30 13:03:36 2015
New Revision: 277927
URL: https://svnweb.freebsd.org/changeset/base/277927
Log:
Make gcc happy.
Reported by: bz
Modified:
head/lib/libnv/nvlist.c
Modified: head/lib/libnv/nvlist.c
==
--- head/lib/libnv/nvlist.c Fri Jan 30 12:57:35 2015(r277926)
+++ head/lib/libnv/nvlist.c Fri Jan 30 13:03:36 2015(r277927)
@@ -358,6 +358,7 @@ nvlist_dump(const nvlist_t *nvl, int fd)
{
const nvlist_t *tmpnvl;
nvpair_t *nvp, *tmpnvp;
+ void *cookie;
int level;
level = 0;
@@ -419,9 +420,11 @@ nvlist_dump(const nvlist_t *nvl, int fd)
}
while ((nvp = nvlist_next_nvpair(nvl, nvp)) == NULL) {
- nvl = nvlist_get_parent(nvl, (void **)nvp);
+ cookie = NULL;
+ nvl = nvlist_get_parent(nvl, cookie);
if (nvl == NULL)
return;
+ nvp = cookie;
level--;
}
}
@@ -443,6 +446,7 @@ nvlist_size(const nvlist_t *nvl)
{
const nvlist_t *tmpnvl;
const nvpair_t *nvp, *tmpnvp;
+ void *cookie;
size_t size;
NVLIST_ASSERT(nvl);
@@ -469,9 +473,11 @@ nvlist_size(const nvlist_t *nvl)
}
while ((nvp = nvlist_next_nvpair(nvl, nvp)) == NULL) {
- nvl = nvlist_get_parent(nvl, (void **)nvp);
+ cookie = NULL;
+ nvl = nvlist_get_parent(nvl, cookie);
if (nvl == NULL)
goto out;
+ nvp = cookie;
}
}
@@ -587,6 +593,7 @@ nvlist_xpack(const nvlist_t *nvl, int64_
size_t left, size;
const nvlist_t *tmpnvl;
nvpair_t *nvp, *tmpnvp;
+ void *cookie;
NVLIST_ASSERT(nvl);
@@ -655,9 +662,11 @@ nvlist_xpack(const nvlist_t *nvl, int64_
return (NULL);
}
while ((nvp = nvlist_next_nvpair(nvl, nvp)) == NULL) {
- nvl = nvlist_get_parent(nvl, (void **)nvp);
+ cookie = NULL;
+ nvl = nvlist_get_parent(nvl, cookie);
if (nvl == NULL)
goto out;
+ nvp = cookie;
ptr = nvpair_pack_nvlist_up(ptr, left);
if (ptr == NULL)
goto out;
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r277926 - head/lib/libnv
Author: pjd Date: Fri Jan 30 12:57:35 2015 New Revision: 277926 URL: https://svnweb.freebsd.org/changeset/base/277926 Log: Add missing nvlist_get_parent(3) link. Submitted by: Mariusz Zaborski osho...@freebsd.org Modified: head/lib/libnv/Makefile Modified: head/lib/libnv/Makefile == --- head/lib/libnv/Makefile Fri Jan 30 12:31:29 2015(r277925) +++ head/lib/libnv/Makefile Fri Jan 30 12:57:35 2015(r277926) @@ -61,6 +61,7 @@ MLINKS+=nv.3 nvlist_create.3 \ nv.3 nvlist_get_nvlist.3 \ nv.3 nvlist_get_descriptor.3 \ nv.3 nvlist_get_binary.3 \ + nv.3 nvlist_get_parent.3 \ nv.3 nvlist_take_bool.3 \ nv.3 nvlist_take_number.3 \ nv.3 nvlist_take_string.3 \ ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r277925 - head/lib/libnv
Author: pjd
Date: Fri Jan 30 12:31:29 2015
New Revision: 277925
URL: https://svnweb.freebsd.org/changeset/base/277925
Log:
Handle empty nvlists correctly.
Submitted by: Mariusz Zaborski osho...@freebsd.org
Modified:
head/lib/libnv/nvlist.c
Modified: head/lib/libnv/nvlist.c
==
--- head/lib/libnv/nvlist.c Fri Jan 30 12:07:43 2015(r277924)
+++ head/lib/libnv/nvlist.c Fri Jan 30 12:31:29 2015(r277925)
@@ -356,7 +356,8 @@ nvlist_dump_error_check(const nvlist_t *
void
nvlist_dump(const nvlist_t *nvl, int fd)
{
- nvpair_t *nvp;
+ const nvlist_t *tmpnvl;
+ nvpair_t *nvp, *tmpnvp;
int level;
level = 0;
@@ -386,13 +387,17 @@ nvlist_dump(const nvlist_t *nvl, int fd)
break;
case NV_TYPE_NVLIST:
dprintf(fd, \n);
- nvl = nvpair_get_nvlist(nvp);
- if (nvlist_dump_error_check(nvl, fd, level + 1)) {
- nvl = nvlist_get_parent(nvl, (void **)nvp);
+ tmpnvl = nvpair_get_nvlist(nvp);
+ if (nvlist_dump_error_check(tmpnvl, fd, level + 1))
break;
+ tmpnvp = nvlist_first_nvpair(tmpnvl);
+ if (tmpnvp != NULL) {
+ nvl = tmpnvl;
+ nvp = tmpnvp;
+ level++;
+ continue;
}
- level++;
- continue;
+ break;
case NV_TYPE_DESCRIPTOR:
dprintf(fd, %d\n, nvpair_get_descriptor(nvp));
break;
@@ -436,7 +441,8 @@ nvlist_fdump(const nvlist_t *nvl, FILE *
size_t
nvlist_size(const nvlist_t *nvl)
{
- const nvpair_t *nvp;
+ const nvlist_t *tmpnvl;
+ const nvpair_t *nvp, *tmpnvp;
size_t size;
NVLIST_ASSERT(nvl);
@@ -450,10 +456,14 @@ nvlist_size(const nvlist_t *nvl)
if (nvpair_type(nvp) == NV_TYPE_NVLIST) {
size += sizeof(struct nvlist_header);
size += nvpair_header_size() + 1;
- nvl = nvpair_get_nvlist(nvp);
- PJDLOG_ASSERT(nvl-nvl_error == 0);
- nvp = nvlist_first_nvpair(nvl);
- continue;
+ tmpnvl = nvpair_get_nvlist(nvp);
+ PJDLOG_ASSERT(tmpnvl-nvl_error == 0);
+ tmpnvp = nvlist_first_nvpair(tmpnvl);
+ if (tmpnvp != NULL) {
+ nvl = tmpnvl;
+ nvp = tmpnvp;
+ continue;
+ }
} else {
size += nvpair_size(nvp);
}
@@ -575,7 +585,8 @@ nvlist_xpack(const nvlist_t *nvl, int64_
{
unsigned char *buf, *ptr;
size_t left, size;
- nvpair_t *nvp;
+ const nvlist_t *tmpnvl;
+ nvpair_t *nvp, *tmpnvp;
NVLIST_ASSERT(nvl);
@@ -618,10 +629,18 @@ nvlist_xpack(const nvlist_t *nvl, int64_
ptr = nvpair_pack_string(nvp, ptr, left);
break;
case NV_TYPE_NVLIST:
- nvl = nvpair_get_nvlist(nvp);
- nvp = nvlist_first_nvpair(nvl);
- ptr = nvlist_pack_header(nvl, ptr, left);
- continue;
+ tmpnvl = nvpair_get_nvlist(nvp);
+ ptr = nvlist_pack_header(tmpnvl, ptr, left);
+ if (ptr == NULL)
+ goto out;
+ tmpnvp = nvlist_first_nvpair(tmpnvl);
+ if (tmpnvp != NULL) {
+ nvl = tmpnvl;
+ nvp = tmpnvp;
+ continue;
+ }
+ ptr = nvpair_pack_nvlist_up(ptr, left);
+ break;
case NV_TYPE_DESCRIPTOR:
ptr = nvpair_pack_descriptor(nvp, ptr, fdidxp, left);
break;
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r274366 - in head/sys: dev/null geom kern sys
Author: pjd
Date: Tue Nov 11 04:48:09 2014
New Revision: 274366
URL: https://svnweb.freebsd.org/changeset/base/274366
Log:
Add missing privilege check when setting the dump device. Before that change
it
was possible for a regular user to setup the dump device if he had write
access
to the given device. In theory it is a security issue as user might get access
to kernel's memory after provoking kernel crash, but in practise it is not
recommended to give regular users direct access to storage devices.
Rework the code so that we do privileges check within the set_dumper()
function
to avoid similar problems in the future.
Discussed with: secteam
Modified:
head/sys/dev/null/null.c
head/sys/geom/geom_dev.c
head/sys/kern/kern_shutdown.c
head/sys/sys/conf.h
Modified: head/sys/dev/null/null.c
==
--- head/sys/dev/null/null.cTue Nov 11 04:07:41 2014(r274365)
+++ head/sys/dev/null/null.cTue Nov 11 04:48:09 2014(r274366)
@@ -37,7 +37,6 @@ __FBSDID($FreeBSD$);
#include sys/kernel.h
#include sys/malloc.h
#include sys/module.h
-#include sys/priv.h
#include sys/disk.h
#include sys/bus.h
#include sys/filio.h
@@ -110,9 +109,7 @@ null_ioctl(struct cdev *dev __unused, u_
switch (cmd) {
case DIOCSKERNELDUMP:
- error = priv_check(td, PRIV_SETDUMPER);
- if (error == 0)
- error = set_dumper(NULL, NULL);
+ error = set_dumper(NULL, NULL, td);
break;
case FIONBIO:
break;
Modified: head/sys/geom/geom_dev.c
==
--- head/sys/geom/geom_dev.cTue Nov 11 04:07:41 2014(r274365)
+++ head/sys/geom/geom_dev.cTue Nov 11 04:48:09 2014(r274366)
@@ -127,14 +127,14 @@ g_dev_fini(struct g_class *mp)
}
static int
-g_dev_setdumpdev(struct cdev *dev)
+g_dev_setdumpdev(struct cdev *dev, struct thread *td)
{
struct g_kerneldump kd;
struct g_consumer *cp;
int error, len;
if (dev == NULL)
- return (set_dumper(NULL, NULL));
+ return (set_dumper(NULL, NULL, td));
cp = dev-si_drv2;
len = sizeof(kd);
@@ -142,7 +142,7 @@ g_dev_setdumpdev(struct cdev *dev)
kd.length = OFF_MAX;
error = g_io_getattr(GEOM::kerneldump, cp, len, kd);
if (error == 0) {
- error = set_dumper(kd.di, devtoname(dev));
+ error = set_dumper(kd.di, devtoname(dev), td);
if (error == 0)
dev-si_flags |= SI_DUMPDEV;
}
@@ -157,7 +157,7 @@ init_dumpdev(struct cdev *dev)
return;
if (strcmp(devtoname(dev), dumpdev) != 0)
return;
- if (g_dev_setdumpdev(dev) == 0) {
+ if (g_dev_setdumpdev(dev, curthread) == 0) {
freeenv(dumpdev);
dumpdev = NULL;
}
@@ -453,9 +453,9 @@ g_dev_ioctl(struct cdev *dev, u_long cmd
break;
case DIOCSKERNELDUMP:
if (*(u_int *)data == 0)
- error = g_dev_setdumpdev(NULL);
+ error = g_dev_setdumpdev(NULL, td);
else
- error = g_dev_setdumpdev(dev);
+ error = g_dev_setdumpdev(dev, td);
break;
case DIOCGFLUSH:
error = g_io_flush(cp);
@@ -673,7 +673,7 @@ g_dev_orphan(struct g_consumer *cp)
/* Reset any dump-area set on this device */
if (dev-si_flags SI_DUMPDEV)
- (void)set_dumper(NULL, NULL);
+ (void)set_dumper(NULL, NULL, curthread);
/* Destroy the struct cdev *so we get no more requests */
destroy_dev_sched_cb(dev, g_dev_callback, cp);
Modified: head/sys/kern/kern_shutdown.c
==
--- head/sys/kern/kern_shutdown.c Tue Nov 11 04:07:41 2014
(r274365)
+++ head/sys/kern/kern_shutdown.c Tue Nov 11 04:48:09 2014
(r274366)
@@ -827,9 +827,14 @@ SYSCTL_STRING(_kern_shutdown, OID_AUTO,
/* Registration of dumpers */
int
-set_dumper(struct dumperinfo *di, const char *devname)
+set_dumper(struct dumperinfo *di, const char *devname, struct thread *td)
{
size_t wantcopy;
+ int error;
+
+ error = priv_check(td, PRIV_SETDUMPER);
+ if (error != 0)
+ return (error);
if (di == NULL) {
bzero(dumper, sizeof dumper);
Modified: head/sys/sys/conf.h
==
--- head/sys/sys/conf.h Tue Nov 11 04:07:41 2014(r274365)
+++ head/sys/sys/conf.h Tue Nov 11 04:48:09 2014(r274366)
@@ -336,7 +336,7 @@ struct dumperinfo {
off_t mediasize; /* Space available in bytes. */
svn commit: r272843 - head/lib/libnv
Author: pjd
Date: Thu Oct 9 20:55:05 2014
New Revision: 272843
URL: https://svnweb.freebsd.org/changeset/base/272843
Log:
Fix problem on big endian systems introduced in r271579 - when we were
returning from handling a nested nvlist we were resetting big-endian flag.
Reported by: Kuleshov Aleksey @ yandex.ru
Tested by:Kuleshov Aleksey @ yandex.ru
Modified:
head/lib/libnv/nvlist.c
head/lib/libnv/nvlist_impl.h
head/lib/libnv/nvpair.c
head/lib/libnv/nvpair_impl.h
Modified: head/lib/libnv/nvlist.c
==
--- head/lib/libnv/nvlist.c Thu Oct 9 20:39:18 2014(r272842)
+++ head/lib/libnv/nvlist.c Thu Oct 9 20:55:05 2014(r272843)
@@ -698,7 +698,7 @@ nvlist_check_header(struct nvlist_header
const unsigned char *
nvlist_unpack_header(nvlist_t *nvl, const unsigned char *ptr, size_t nfds,
-int *flagsp, size_t *leftp)
+bool *isbep, size_t *leftp)
{
struct nvlist_header nvlhdr;
@@ -725,7 +725,8 @@ nvlist_unpack_header(nvlist_t *nvl, cons
nvl-nvl_flags = (nvlhdr.nvlh_flags NV_FLAG_PUBLIC_MASK);
ptr += sizeof(nvlhdr);
- *flagsp = (int)nvlhdr.nvlh_flags;
+ if (isbep != NULL)
+ *isbep = (((int)nvlhdr.nvlh_flags NV_FLAG_BIG_ENDIAN) != 0);
*leftp -= sizeof(nvlhdr);
return (ptr);
@@ -741,7 +742,7 @@ nvlist_xunpack(const void *buf, size_t s
nvlist_t *nvl, *retnvl, *tmpnvl;
nvpair_t *nvp;
size_t left;
- int flags;
+ bool isbe;
left = size;
ptr = buf;
@@ -751,44 +752,43 @@ nvlist_xunpack(const void *buf, size_t s
if (nvl == NULL)
goto failed;
- ptr = nvlist_unpack_header(nvl, ptr, nfds, flags, left);
+ ptr = nvlist_unpack_header(nvl, ptr, nfds, isbe, left);
if (ptr == NULL)
goto failed;
while (left 0) {
- ptr = nvpair_unpack(flags, ptr, left, nvp);
+ ptr = nvpair_unpack(isbe, ptr, left, nvp);
if (ptr == NULL)
goto failed;
switch (nvpair_type(nvp)) {
case NV_TYPE_NULL:
- ptr = nvpair_unpack_null(flags, nvp, ptr, left);
+ ptr = nvpair_unpack_null(isbe, nvp, ptr, left);
break;
case NV_TYPE_BOOL:
- ptr = nvpair_unpack_bool(flags, nvp, ptr, left);
+ ptr = nvpair_unpack_bool(isbe, nvp, ptr, left);
break;
case NV_TYPE_NUMBER:
- ptr = nvpair_unpack_number(flags, nvp, ptr, left);
+ ptr = nvpair_unpack_number(isbe, nvp, ptr, left);
break;
case NV_TYPE_STRING:
- ptr = nvpair_unpack_string(flags, nvp, ptr, left);
+ ptr = nvpair_unpack_string(isbe, nvp, ptr, left);
break;
case NV_TYPE_NVLIST:
- ptr = nvpair_unpack_nvlist(flags, nvp, ptr, left,
- nfds, tmpnvl);
+ ptr = nvpair_unpack_nvlist(isbe, nvp, ptr, left, nfds,
+ tmpnvl);
nvlist_set_parent(tmpnvl, nvp);
break;
case NV_TYPE_DESCRIPTOR:
- ptr = nvpair_unpack_descriptor(flags, nvp, ptr, left,
+ ptr = nvpair_unpack_descriptor(isbe, nvp, ptr, left,
fds, nfds);
break;
case NV_TYPE_BINARY:
- ptr = nvpair_unpack_binary(flags, nvp, ptr, left);
+ ptr = nvpair_unpack_binary(isbe, nvp, ptr, left);
break;
case NV_TYPE_NVLIST_UP:
if (nvl-nvl_parent == NULL)
goto failed;
nvl = nvpair_nvlist(nvl-nvl_parent);
- flags = nvl-nvl_flags;
continue;
default:
PJDLOG_ABORT(Invalid type (%d)., nvpair_type(nvp));
Modified: head/lib/libnv/nvlist_impl.h
==
--- head/lib/libnv/nvlist_impl.hThu Oct 9 20:39:18 2014
(r272842)
+++ head/lib/libnv/nvlist_impl.hThu Oct 9 20:55:05 2014
(r272843)
@@ -42,6 +42,6 @@ nvlist_t *nvlist_xunpack(const void *buf
nvpair_t *nvlist_get_nvpair_parent(const nvlist_t *nvl);
const unsigned char *nvlist_unpack_header(nvlist_t *nvl,
-const unsigned char *ptr, size_t nfds, int *flagsp, size_t *leftp);
+const unsigned char *ptr, size_t nfds, bool *isbep, size_t *leftp);
#endif /* !_NVLIST_IMPL_H_ */
Modified: head/lib/libnv/nvpair.c
svn commit: r272297 - head/sys/geom
Author: pjd
Date: Tue Sep 30 11:51:32 2014
New Revision: 272297
URL: http://svnweb.freebsd.org/changeset/base/272297
Log:
Style fixes.
Modified:
head/sys/geom/geom_dev.c
Modified: head/sys/geom/geom_dev.c
==
--- head/sys/geom/geom_dev.cTue Sep 30 07:28:31 2014(r272296)
+++ head/sys/geom/geom_dev.cTue Sep 30 11:51:32 2014(r272297)
@@ -281,7 +281,7 @@ g_dev_open(struct cdev *dev, int flags,
cp = dev-si_drv2;
if (cp == NULL)
- return(ENXIO); /* g_dev_taste() not done yet */
+ return (ENXIO); /* g_dev_taste() not done yet */
g_trace(G_T_ACCESS, g_dev_open(%s, %d, %d, %p),
cp-geom-name, flags, fmt, td);
@@ -312,7 +312,7 @@ g_dev_open(struct cdev *dev, int flags,
sc-sc_open += r + w + e;
mtx_unlock(sc-sc_mtx);
}
- return(error);
+ return (error);
}
static int
@@ -324,10 +324,10 @@ g_dev_close(struct cdev *dev, int flags,
cp = dev-si_drv2;
if (cp == NULL)
- return(ENXIO);
+ return (ENXIO);
g_trace(G_T_ACCESS, g_dev_close(%s, %d, %d, %p),
cp-geom-name, flags, fmt, td);
-
+
r = flags FREAD ? -1 : 0;
w = flags FWRITE ? -1 : 0;
#ifdef notyet
@@ -361,7 +361,6 @@ g_dev_ioctl(struct cdev *dev, u_long cmd
struct g_kerneldump kd;
off_t offset, length, chunk;
int i, error;
- u_int u;
cp = dev-si_drv2;
pp = cp-provider;
@@ -396,8 +395,7 @@ g_dev_ioctl(struct cdev *dev, u_long cmd
error = g_io_getattr(GEOM::frontstuff, cp, i, data);
break;
case DIOCSKERNELDUMP:
- u = *((u_int *)data);
- if (!u) {
+ if (*(u_int *)data != 0) {
set_dumper(NULL, NULL);
error = 0;
break;
@@ -406,9 +404,9 @@ g_dev_ioctl(struct cdev *dev, u_long cmd
kd.length = OFF_MAX;
i = sizeof kd;
error = g_io_getattr(GEOM::kerneldump, cp, i, kd);
- if (!error) {
+ if (error == 0) {
error = set_dumper(kd.di, devtoname(dev));
- if (!error)
+ if (error == 0)
dev-si_flags |= SI_DUMPDEV;
}
break;
@@ -425,7 +423,7 @@ g_dev_ioctl(struct cdev *dev, u_long cmd
error = EINVAL;
break;
}
- while (length 0) {
+ while (length 0) {
chunk = length;
if (g_dev_del_max_sectors != 0 chunk
g_dev_del_max_sectors * cp-provider-sectorsize) {
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r272298 - head/sys/geom
Author: pjd
Date: Tue Sep 30 12:00:50 2014
New Revision: 272298
URL: http://svnweb.freebsd.org/changeset/base/272298
Log:
Be prepared that set_dumper() might fail even when resetting it or prefix
the call with (void) to document that we intentionally ignore the return
value - no way to handle an error in case of device disappearing.
Modified:
head/sys/geom/geom_dev.c
Modified: head/sys/geom/geom_dev.c
==
--- head/sys/geom/geom_dev.cTue Sep 30 11:51:32 2014(r272297)
+++ head/sys/geom/geom_dev.cTue Sep 30 12:00:50 2014(r272298)
@@ -396,8 +396,7 @@ g_dev_ioctl(struct cdev *dev, u_long cmd
break;
case DIOCSKERNELDUMP:
if (*(u_int *)data != 0) {
- set_dumper(NULL, NULL);
- error = 0;
+ error = set_dumper(NULL, NULL);
break;
}
kd.offset = 0;
@@ -616,7 +615,7 @@ g_dev_orphan(struct g_consumer *cp)
/* Reset any dump-area set on this device */
if (dev-si_flags SI_DUMPDEV)
- set_dumper(NULL, NULL);
+ (void)set_dumper(NULL, NULL);
/* Destroy the struct cdev *so we get no more requests */
destroy_dev_sched_cb(dev, g_dev_callback, cp);
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
Re: svn commit: r271241 - head/lib/libnv
On Sun, Sep 07, 2014 at 10:56:57PM +, Garrett Cooper wrote: Author: ngie Date: Sun Sep 7 22:56:57 2014 New Revision: 271241 URL: http://svnweb.freebsd.org/changeset/base/271241 Log: Include src.opts.mk after SHLIBDIR has been defined so libnv is installed to /lib , not /usr/lib Don't forget to add /usr/lib/libnv* to ObsoleteFiles.inc. -- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://mobter.com ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r272102 - head/lib/libnv
Author: pjd Date: Thu Sep 25 10:59:01 2014 New Revision: 272102 URL: http://svnweb.freebsd.org/changeset/base/272102 Log: Document the new nvlist_get_parent() function. Submitted by: Mariusz Zaborski Modified: head/lib/libnv/nv.3 Modified: head/lib/libnv/nv.3 == --- head/lib/libnv/nv.3 Thu Sep 25 09:12:11 2014(r272101) +++ head/lib/libnv/nv.3 Thu Sep 25 10:59:01 2014(r272102) @@ -28,7 +28,7 @@ .\ .\ $FreeBSD$ .\ -.Dd March 21, 2014 +.Dd September 25, 2014 .Dt NV 3 .Os .Sh NAME @@ -150,6 +150,8 @@ .Fn nvlist_get_descriptor const nvlist_t *nvl const char *name .Ft const void * .Fn nvlist_get_binary const nvlist_t *nvl const char *name size_t *sizep +.Ft const nvlist_t * +.Fn nvlist_get_parent const nvlist_t *nvl .\ .Ft bool .Fn nvlist_take_bool nvlist_t *nvl const char *name @@ -437,6 +439,10 @@ extension, which allows to provide defau The nvlist must not be in error state. .Pp The +.Fn nvlist_get_parent +function allows to obtain the parent nvlist from the nested nvlist. +.Pp +The .Fn nvlist_take_bool , .Fn nvlist_take_number , .Fn nvlist_take_string , ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r272042 - stable/9/contrib/openbsm/bin/auditdistd
Author: pjd
Date: Tue Sep 23 21:56:15 2014
New Revision: 272042
URL: http://svnweb.freebsd.org/changeset/base/272042
Log:
MFC r271577:
Fix descriptors leak.
PR: bin/191002
Reported by: Ryan Steinmetz
Submitted by: mjg
Modified:
stable/9/contrib/openbsm/bin/auditdistd/subr.c
Directory Properties:
stable/9/contrib/openbsm/ (props changed)
Modified: stable/9/contrib/openbsm/bin/auditdistd/subr.c
==
--- stable/9/contrib/openbsm/bin/auditdistd/subr.c Tue Sep 23 21:38:05
2014(r272041)
+++ stable/9/contrib/openbsm/bin/auditdistd/subr.c Tue Sep 23 21:56:15
2014(r272042)
@@ -228,6 +228,11 @@ wait_for_file_init(int fd)
PJDLOG_ASSERT(fd != -1);
#ifdef HAVE_KQUEUE
+ if (wait_for_file_kq != -1) {
+ close(wait_for_file_kq);
+ wait_for_file_kq = -1;
+ }
+
kq = kqueue();
if (kq == -1) {
pjdlog_errno(LOG_WARNING, kqueue() failed);
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r272048 - stable/9/sys/kern
Author: pjd Date: Tue Sep 23 22:27:34 2014 New Revision: 272048 URL: http://svnweb.freebsd.org/changeset/base/272048 Log: MFC r236360,r236361: - Add missing system calls. - Remove rmdirat system call which doesn't exist. Modified: stable/9/sys/kern/capabilities.conf Directory Properties: stable/9/sys/ (props changed) Modified: stable/9/sys/kern/capabilities.conf == --- stable/9/sys/kern/capabilities.conf Tue Sep 23 22:23:58 2014 (r272047) +++ stable/9/sys/kern/capabilities.conf Tue Sep 23 22:27:34 2014 (r272048) @@ -445,13 +445,17 @@ olio_listio faccessat fstatat fchmodat +fchownat futimesat +linkat mkdirat -rmdirat mkfifoat mknodat openat +readlinkat renameat +symlinkat +unlinkat ## ## Allow entry into open(2). This system call will fail, since access to the ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r271844 - stable/10/contrib/openbsm/bin/auditdistd
Author: pjd
Date: Thu Sep 18 22:17:46 2014
New Revision: 271844
URL: http://svnweb.freebsd.org/changeset/base/271844
Log:
MFC r271577:
Fix descriptors leak.
PR: bin/191002
Reported by: Ryan Steinmetz
Submitted by: mjg
Approved by: re (gjb)
Modified:
stable/10/contrib/openbsm/bin/auditdistd/subr.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/contrib/openbsm/bin/auditdistd/subr.c
==
--- stable/10/contrib/openbsm/bin/auditdistd/subr.c Thu Sep 18 22:16:20
2014(r271843)
+++ stable/10/contrib/openbsm/bin/auditdistd/subr.c Thu Sep 18 22:17:46
2014(r271844)
@@ -228,6 +228,11 @@ wait_for_file_init(int fd)
PJDLOG_ASSERT(fd != -1);
#ifdef HAVE_KQUEUE
+ if (wait_for_file_kq != -1) {
+ close(wait_for_file_kq);
+ wait_for_file_kq = -1;
+ }
+
kq = kqueue();
if (kq == -1) {
pjdlog_errno(LOG_WARNING, kqueue() failed);
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r271847 - head/lib/libnv
Author: pjd Date: Thu Sep 18 22:34:52 2014 New Revision: 271847 URL: http://svnweb.freebsd.org/changeset/base/271847 Log: Don't use nvl in case of a failure. Reported by: Coverity CID: 1238922 Modified: head/lib/libnv/nvpair.c Modified: head/lib/libnv/nvpair.c == --- head/lib/libnv/nvpair.c Thu Sep 18 22:27:02 2014(r271846) +++ head/lib/libnv/nvpair.c Thu Sep 18 22:34:52 2014(r271847) @@ -963,7 +963,8 @@ nvpair_createv_nvlist(const nvlist_t *va namefmt, nameap); if (nvp == NULL) nvlist_destroy(nvl); - nvlist_set_parent(nvl, nvp); + else + nvlist_set_parent(nvl, nvp); return (nvp); } ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r271577 - head/contrib/openbsm/bin/auditdistd
Author: pjd
Date: Sun Sep 14 09:26:33 2014
New Revision: 271577
URL: http://svnweb.freebsd.org/changeset/base/271577
Log:
Fix descriptors leak.
PR: bin/191002
Reported by: Ryan Steinmetz
Submitted by: mjg
Modified:
head/contrib/openbsm/bin/auditdistd/subr.c
Modified: head/contrib/openbsm/bin/auditdistd/subr.c
==
--- head/contrib/openbsm/bin/auditdistd/subr.c Sun Sep 14 09:20:01 2014
(r271576)
+++ head/contrib/openbsm/bin/auditdistd/subr.c Sun Sep 14 09:26:33 2014
(r271577)
@@ -228,6 +228,11 @@ wait_for_file_init(int fd)
PJDLOG_ASSERT(fd != -1);
#ifdef HAVE_KQUEUE
+ if (wait_for_file_kq != -1) {
+ close(wait_for_file_kq);
+ wait_for_file_kq = -1;
+ }
+
kq = kqueue();
if (kq == -1) {
pjdlog_errno(LOG_WARNING, kqueue() failed);
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r271578 - head/lib/libnv
Author: pjd
Date: Sun Sep 14 09:27:12 2014
New Revision: 271578
URL: http://svnweb.freebsd.org/changeset/base/271578
Log:
Remove the limit on descriptors that can be send in one nvlist.
Submitted by: Mariusz Zaborski
Modified:
head/lib/libnv/msgio.c
Modified: head/lib/libnv/msgio.c
==
--- head/lib/libnv/msgio.c Sun Sep 14 09:26:33 2014(r271577)
+++ head/lib/libnv/msgio.c Sun Sep 14 09:27:12 2014(r271578)
@@ -31,7 +31,7 @@
#include sys/cdefs.h
__FBSDID($FreeBSD$);
-#include sys/types.h
+#include sys/param.h
#include sys/socket.h
#include errno.h
@@ -56,6 +56,8 @@ __FBSDID($FreeBSD$);
#definePJDLOG_ABORT(...) abort()
#endif
+#definePKG_MAX_SIZE(MCLBYTES / CMSG_SPACE(sizeof(int)) - 1)
+
static int
msghdr_add_fd(struct cmsghdr *cmsg, int fd)
{
@@ -234,22 +236,31 @@ cred_recv(int sock, struct cmsgcred *cre
return (0);
}
-int
-fd_send(int sock, const int *fds, size_t nfds)
+static int
+fd_package_send(int sock, const int *fds, size_t nfds)
{
struct msghdr msg;
struct cmsghdr *cmsg;
+ struct iovec iov;
unsigned int i;
int serrno, ret;
+ uint8_t dummy;
- if (nfds == 0 || fds == NULL) {
- errno = EINVAL;
- return (-1);
- }
+ PJDLOG_ASSERT(sock = 0);
+ PJDLOG_ASSERT(fds != NULL);
+ PJDLOG_ASSERT(nfds 0);
bzero(msg, sizeof(msg));
- msg.msg_iov = NULL;
- msg.msg_iovlen = 0;
+
+ /*
+* XXX: Look into cred_send function for more details.
+*/
+ dummy = 0;
+ iov.iov_base = dummy;
+ iov.iov_len = sizeof(dummy);
+
+ msg.msg_iov = iov;
+ msg.msg_iovlen = 1;
msg.msg_controllen = nfds * CMSG_SPACE(sizeof(int));
msg.msg_control = calloc(1, msg.msg_controllen);
if (msg.msg_control == NULL)
@@ -274,22 +285,32 @@ end:
return (ret);
}
-int
-fd_recv(int sock, int *fds, size_t nfds)
+static int
+fd_package_recv(int sock, int *fds, size_t nfds)
{
struct msghdr msg;
struct cmsghdr *cmsg;
unsigned int i;
int serrno, ret;
+ struct iovec iov;
+ uint8_t dummy;
- if (nfds == 0 || fds == NULL) {
- errno = EINVAL;
- return (-1);
- }
+ PJDLOG_ASSERT(sock = 0);
+ PJDLOG_ASSERT(nfds 0);
+ PJDLOG_ASSERT(fds != NULL);
+ i = 0;
bzero(msg, sizeof(msg));
- msg.msg_iov = NULL;
- msg.msg_iovlen = 0;
+ bzero(iov, sizeof(iov));
+
+ /*
+* XXX: Look into cred_send function for more details.
+*/
+ iov.iov_base = dummy;
+ iov.iov_len = sizeof(dummy);
+
+ msg.msg_iov = iov;
+ msg.msg_iovlen = 1;
msg.msg_controllen = nfds * CMSG_SPACE(sizeof(int));
msg.msg_control = calloc(1, msg.msg_controllen);
if (msg.msg_control == NULL)
@@ -333,6 +354,64 @@ end:
}
int
+fd_recv(int sock, int *fds, size_t nfds)
+{
+ unsigned int i, step, j;
+ int ret, serrno;
+
+ if (nfds == 0 || fds == NULL) {
+ errno = EINVAL;
+ return (-1);
+ }
+
+ ret = i = step = 0;
+ while (i nfds) {
+ if (PKG_MAX_SIZE nfds - i)
+ step = PKG_MAX_SIZE;
+ else
+ step = nfds - i;
+ ret = fd_package_recv(sock, fds + i, step);
+ if (ret != 0) {
+ /* Close all received descriptors. */
+ serrno = errno;
+ for (j = 0; j i; j++)
+ close(fds[j]);
+ errno = serrno;
+ break;
+ }
+ i += step;
+ }
+
+ return (ret);
+}
+
+int
+fd_send(int sock, const int *fds, size_t nfds)
+{
+ unsigned int i, step;
+ int ret;
+
+ if (nfds == 0 || fds == NULL) {
+ errno = EINVAL;
+ return (-1);
+ }
+
+ ret = i = step = 0;
+ while (i nfds) {
+ if (PKG_MAX_SIZE nfds - i)
+ step = PKG_MAX_SIZE;
+ else
+ step = nfds - i;
+ ret = fd_package_send(sock, fds + i, step);
+ if (ret != 0)
+ break;
+ i += step;
+ }
+
+ return (ret);
+}
+
+int
buf_send(int sock, void *buf, size_t size)
{
ssize_t done;
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r271579 - head/lib/libnv
Author: pjd
Date: Sun Sep 14 09:30:09 2014
New Revision: 271579
URL: http://svnweb.freebsd.org/changeset/base/271579
Log:
Use non-recursive algorithm for traversing nvlists. This also removes
the limit on number of nested nvlists.
Submitted by: Mariusz Zaborski
Modified:
head/lib/libnv/nv.h
head/lib/libnv/nv_impl.h
head/lib/libnv/nvlist.c
head/lib/libnv/nvlist_impl.h
head/lib/libnv/nvpair.c
head/lib/libnv/nvpair_impl.h
Modified: head/lib/libnv/nv.h
==
--- head/lib/libnv/nv.h Sun Sep 14 09:27:12 2014(r271578)
+++ head/lib/libnv/nv.h Sun Sep 14 09:30:09 2014(r271579)
@@ -83,6 +83,8 @@ nvlist_t *nvlist_xfer(int sock, nvlist_t
const char *nvlist_next(const nvlist_t *nvl, int *typep, void **cookiep);
+const nvlist_t *nvlist_get_parent(const nvlist_t *nvl);
+
/*
* The nvlist_exists functions check if the given name (optionally of the given
* type) exists on nvlist.
Modified: head/lib/libnv/nv_impl.h
==
--- head/lib/libnv/nv_impl.hSun Sep 14 09:27:12 2014(r271578)
+++ head/lib/libnv/nv_impl.hSun Sep 14 09:30:09 2014(r271579)
@@ -39,6 +39,8 @@ struct nvpair;
typedef struct nvpair nvpair_t;
#endif
+#defineNV_TYPE_NVLIST_UP 255
+
#defineNV_TYPE_FIRST NV_TYPE_NULL
#defineNV_TYPE_LASTNV_TYPE_BINARY
@@ -55,6 +57,8 @@ void nvlist_add_nvpair(nvlist_t *nvl, co
void nvlist_move_nvpair(nvlist_t *nvl, nvpair_t *nvp);
+void nvlist_set_parent(nvlist_t *nvl, nvpair_t *parent);
+
const nvpair_t *nvlist_get_nvpair(const nvlist_t *nvl, const char *name);
nvpair_t *nvlist_take_nvpair(nvlist_t *nvl, const char *name);
Modified: head/lib/libnv/nvlist.c
==
--- head/lib/libnv/nvlist.c Sun Sep 14 09:27:12 2014(r271578)
+++ head/lib/libnv/nvlist.c Sun Sep 14 09:30:09 2014(r271579)
@@ -73,10 +73,11 @@ __FBSDID($FreeBSD$);
#defineNVLIST_MAGIC0x6e766c/* nvl */
struct nvlist {
- int nvl_magic;
- int nvl_error;
- int nvl_flags;
- struct nvl_head nvl_head;
+ int nvl_magic;
+ int nvl_error;
+ int nvl_flags;
+ nvpair_t*nvl_parent;
+ struct nvl_head nvl_head;
};
#defineNVLIST_ASSERT(nvl) do {
\
@@ -106,6 +107,7 @@ nvlist_create(int flags)
nvl = malloc(sizeof(*nvl));
nvl-nvl_error = 0;
nvl-nvl_flags = flags;
+ nvl-nvl_parent = NULL;
TAILQ_INIT(nvl-nvl_head);
nvl-nvl_magic = NVLIST_MAGIC;
@@ -147,6 +149,36 @@ nvlist_error(const nvlist_t *nvl)
return (nvl-nvl_error);
}
+nvpair_t *
+nvlist_get_nvpair_parent(const nvlist_t *nvl)
+{
+
+ NVLIST_ASSERT(nvl);
+
+ return (nvl-nvl_parent);
+}
+
+const nvlist_t *
+nvlist_get_parent(const nvlist_t *nvl)
+{
+
+ NVLIST_ASSERT(nvl);
+
+ if (nvl-nvl_parent == NULL)
+ return (NULL);
+
+ return (nvpair_nvlist(nvl-nvl_parent));
+}
+
+void
+nvlist_set_parent(nvlist_t *nvl, nvpair_t *parent)
+{
+
+ NVLIST_ASSERT(nvl);
+
+ nvl-nvl_parent = parent;
+}
+
bool
nvlist_empty(const nvlist_t *nvl)
{
@@ -301,24 +333,34 @@ nvlist_clone(const nvlist_t *nvl)
return (newnvl);
}
+static bool
+nvlist_dump_error_check(const nvlist_t *nvl, int fd, int level)
+{
+
+ if (nvlist_error(nvl) != 0) {
+ dprintf(fd, %*serror: %d\n, level * 4, ,
+ nvlist_error(nvl));
+ return (true);
+ }
+
+ return (false);
+}
+
/*
* Dump content of nvlist.
*/
-static void
-nvlist_xdump(const nvlist_t *nvl, int fd, int level)
+void
+nvlist_dump(const nvlist_t *nvl, int fd)
{
nvpair_t *nvp;
+ int level;
- PJDLOG_ASSERT(level 3);
-
- if (nvlist_error(nvl) != 0) {
- dprintf(fd, %*serror: %d\n, level * 4, ,
- nvlist_error(nvl));
+ level = 0;
+ if (nvlist_dump_error_check(nvl, fd, level))
return;
- }
- for (nvp = nvlist_first_nvpair(nvl); nvp != NULL;
- nvp = nvlist_next_nvpair(nvl, nvp)) {
+ nvp = nvlist_first_nvpair(nvl);
+ while (nvp != NULL) {
dprintf(fd, %*s%s (%s):, level * 4, , nvpair_name(nvp),
nvpair_type_string(nvpair_type(nvp)));
switch (nvpair_type(nvp)) {
@@ -340,8 +382,14 @@ nvlist_xdump(const nvlist_t *nvl, int fd
break;
case NV_TYPE_NVLIST:
dprintf(fd, \n);
- nvlist_xdump(nvpair_get_nvlist(nvp), fd, level + 1);
- break;
+ nvl =
svn commit: r271026 - head/lib/libnv
Author: pjd
Date: Wed Sep 3 14:44:23 2014
New Revision: 271026
URL: http://svnweb.freebsd.org/changeset/base/271026
Log:
Fix descriptors leak in case of nvlist_xunpack() failure.
Submitted by: Mariusz Zaborski osho...@freebsd.org
Modified:
head/lib/libnv/nvlist.c
Modified: head/lib/libnv/nvlist.c
==
--- head/lib/libnv/nvlist.c Wed Sep 3 14:16:50 2014(r271025)
+++ head/lib/libnv/nvlist.c Wed Sep 3 14:44:23 2014(r271026)
@@ -760,8 +760,11 @@ nvlist_recv(int sock)
}
nvl = nvlist_xunpack(buf, size, fds, nfds);
- if (nvl == NULL)
+ if (nvl == NULL) {
+ for (i = 0; i nfds; i++)
+ close(fds[i]);
goto out;
+ }
ret = nvl;
out:
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r271027 - head/lib/libnv
Author: pjd Date: Wed Sep 3 15:06:47 2014 New Revision: 271027 URL: http://svnweb.freebsd.org/changeset/base/271027 Log: Declare i. Reported by: sbruno Modified: head/lib/libnv/nvlist.c Modified: head/lib/libnv/nvlist.c == --- head/lib/libnv/nvlist.c Wed Sep 3 14:44:23 2014(r271026) +++ head/lib/libnv/nvlist.c Wed Sep 3 15:06:47 2014(r271027) @@ -728,7 +728,7 @@ nvlist_recv(int sock) nvlist_t *nvl, *ret; unsigned char *buf; size_t nfds, size; - int serrno, *fds; + int serrno, i, *fds; if (buf_recv(sock, nvlhdr, sizeof(nvlhdr)) == -1) return (NULL); ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r271028 - head/lib/libnv
Author: pjd Date: Wed Sep 3 15:08:33 2014 New Revision: 271028 URL: http://svnweb.freebsd.org/changeset/base/271028 Log: Use better type for i. Modified: head/lib/libnv/nvlist.c Modified: head/lib/libnv/nvlist.c == --- head/lib/libnv/nvlist.c Wed Sep 3 15:06:47 2014(r271027) +++ head/lib/libnv/nvlist.c Wed Sep 3 15:08:33 2014(r271028) @@ -727,8 +727,8 @@ nvlist_recv(int sock) struct nvlist_header nvlhdr; nvlist_t *nvl, *ret; unsigned char *buf; - size_t nfds, size; - int serrno, i, *fds; + size_t nfds, size, i; + int serrno, *fds; if (buf_recv(sock, nvlhdr, sizeof(nvlhdr)) == -1) return (NULL); ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r267914 - in head: sbin/dhclient sys/kern
Author: pjd Date: Thu Jun 26 13:57:44 2014 New Revision: 267914 URL: http://svnweb.freebsd.org/changeset/base/267914 Log: Remove duplicated includes. Submitted by: Mariusz Zaborski osho...@freebsd.org Modified: head/sbin/dhclient/bpf.c head/sbin/dhclient/dhclient.c head/sys/kern/kern_exec.c head/sys/kern/subr_capability.c Modified: head/sbin/dhclient/bpf.c == --- head/sbin/dhclient/bpf.cThu Jun 26 13:02:21 2014(r267913) +++ head/sbin/dhclient/bpf.cThu Jun 26 13:57:44 2014(r267914) @@ -43,8 +43,6 @@ #include sys/cdefs.h __FBSDID($FreeBSD$); -#include sys/capsicum.h - #include dhcpd.h #include privsep.h #include sys/capsicum.h Modified: head/sbin/dhclient/dhclient.c == --- head/sbin/dhclient/dhclient.c Thu Jun 26 13:02:21 2014 (r267913) +++ head/sbin/dhclient/dhclient.c Thu Jun 26 13:57:44 2014 (r267914) @@ -56,8 +56,6 @@ #include sys/cdefs.h __FBSDID($FreeBSD$); -#include sys/capsicum.h - #include dhcpd.h #include privsep.h Modified: head/sys/kern/kern_exec.c == --- head/sys/kern/kern_exec.c Thu Jun 26 13:02:21 2014(r267913) +++ head/sys/kern/kern_exec.c Thu Jun 26 13:57:44 2014(r267914) @@ -35,7 +35,6 @@ __FBSDID($FreeBSD$); #include sys/param.h #include sys/capsicum.h #include sys/systm.h -#include sys/capsicum.h #include sys/eventhandler.h #include sys/lock.h #include sys/mutex.h Modified: head/sys/kern/subr_capability.c == --- head/sys/kern/subr_capability.c Thu Jun 26 13:02:21 2014 (r267913) +++ head/sys/kern/subr_capability.c Thu Jun 26 13:57:44 2014 (r267914) @@ -34,16 +34,14 @@ __FBSDID($FreeBSD$); * Note that this file is compiled into the kernel and into libc. */ -#ifdef _KERNEL #include sys/types.h #include sys/capsicum.h + +#ifdef _KERNEL #include sys/systm.h #include machine/stdarg.h #else /* !_KERNEL */ -#include sys/types.h -#include sys/capsicum.h - #include assert.h #include stdarg.h #include stdbool.h ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r267159 - head/sbin/geom/class/stripe
Author: pjd
Date: Fri Jun 6 13:00:53 2014
New Revision: 267159
URL: http://svnweb.freebsd.org/changeset/base/267159
Log:
The 'create' subcommand doesn't have '-h' option.
Modified:
head/sbin/geom/class/stripe/geom_stripe.c
Modified: head/sbin/geom/class/stripe/geom_stripe.c
==
--- head/sbin/geom/class/stripe/geom_stripe.c Fri Jun 6 12:52:44 2014
(r267158)
+++ head/sbin/geom/class/stripe/geom_stripe.c Fri Jun 6 13:00:53 2014
(r267159)
@@ -62,7 +62,7 @@ struct g_command class_commands[] = {
{ 's', stripesize, GSTRIPE_STRIPESIZE, G_TYPE_NUMBER },
G_OPT_SENTINEL
},
- [-hv] [-s stripesize] name prov prov ...
+ [-v] [-s stripesize] name prov prov ...
},
{ destroy, G_FLAG_VERBOSE, NULL,
{
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
Re: svn commit: r266749 - stable/10/sys/geom/eli
On Tue, May 27, 2014 at 05:40:47PM +0200, Marius Strobl wrote: On Tue, May 27, 2014 at 05:20:58PM +0200, Fabian Keil wrote: Marius Strobl mar...@freebsd.org wrote: Author: marius Date: Tue May 27 14:55:09 2014 New Revision: 266749 URL: http://svnweb.freebsd.org/changeset/base/266749 Log: MFC: r259428 Clear content of keyfiles loaded by the loader after processing them. kern/185084 (Keyfile content potentially cleared prematurely after r259428) is now probably relevant for STABLE, too: http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/185084 Ah, okay, thanks for bringing this to attention. It's probably best for pjd@ (CC'ed) to decided what to do regarding that PR, though. Brad (CCed) already proposed a fix. I believe he is planning to commit it shortly. -- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://mobter.com ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r265145 - head/lib/libcapsicum
Author: pjd
Date: Wed Apr 30 09:58:28 2014
New Revision: 265145
URL: http://svnweb.freebsd.org/changeset/base/265145
Log:
Don't forget to remember previous element at the end of the loop.
Reported by: brueffer
Found with: Coverity Prevent(tm)
CID: 1135301
Modified:
head/lib/libcapsicum/libcapsicum_dns.c
Modified: head/lib/libcapsicum/libcapsicum_dns.c
==
--- head/lib/libcapsicum/libcapsicum_dns.c Wed Apr 30 09:57:38 2014
(r265144)
+++ head/lib/libcapsicum/libcapsicum_dns.c Wed Apr 30 09:58:28 2014
(r265145)
@@ -247,6 +247,7 @@ cap_getaddrinfo(cap_channel_t *chan, con
prevai-ai_next = curai;
else if (firstai == NULL)
firstai = curai;
+ prevai = curai;
}
nvlist_destroy(nvl);
if (curai == NULL nvlai != NULL) {
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r264236 - head/sys/bsm
Author: pjd Date: Mon Apr 7 20:44:00 2014 New Revision: 264236 URL: http://svnweb.freebsd.org/changeset/base/264236 Log: IFp4 @1192291: - Don't include sys/caprights.h, leverage the fact that cap_rights_t is also defined in sys/types.h. - Include sys/types.h directly. - For systems that do not have cap_rights_t, define it, so we can use it in au_to_rights() prototype. Discussed with: rwatson Modified: head/sys/bsm/audit_record.h Modified: head/sys/bsm/audit_record.h == --- head/sys/bsm/audit_record.h Mon Apr 7 19:32:56 2014(r264235) +++ head/sys/bsm/audit_record.h Mon Apr 7 20:44:00 2014(r264236) @@ -33,8 +33,8 @@ #ifndef _BSM_AUDIT_RECORD_H_ #define _BSM_AUDIT_RECORD_H_ +#include sys/types.h #include sys/time.h /* struct timeval */ -#include sys/caprights.h /* cap_rights_t */ /* * Token type identifiers. @@ -191,6 +191,13 @@ struct sockaddr_un; struct vnode_au_info; #endif +#ifndef_CAP_RIGHTS_T_DECLARED +#define_CAP_RIGHTS_T_DECLARED +struct cap_rights; + +typedefstruct cap_rights cap_rights_t; +#endif + int au_open(void); int au_write(int d, token_t *m); int au_close(int d, int keep, short event); ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
Re: svn commit: r262566 - in stable/10: crypto/openssh crypto/openssh/contrib/caldera crypto/openssh/contrib/cygwin crypto/openssh/contrib/redhat crypto/openssh/contrib/suse crypto/openssh/openbsd-com
On Tue, Mar 04, 2014 at 11:46:57AM -0500, John Baldwin wrote: On Tuesday, March 04, 2014 3:40:47 am Dag-Erling Smørgrav wrote: Pawel Jakub Dawidek p...@freebsd.org writes: Dimitry Andric dimi...@andric.com writes: Wouldn't it be enough to merge r261499 (Fix installations that use kernels without CAPABILITIES support) by pjd? Yes, my change should be definiately merged with OpenSSH merge. If nobody beats me to it, I should be able to merge it tomorrow. Please do. I thought I had included it in the MFC since it was already in head, but I'd forgotten that it had been committed separately. Xin already did it. BTW, IWBNI there were a cap_available() predicate or something like that which we could check up front, and short-circuit the entire Capsicum part of ssh_sandbox_child() if it failed. If the capsicum code adds a FEATURE(capsicum) macro in the kernel bits, you can use 'if (feature_present(capsicum))' in userland to check. It does add the following: FEATURE(security_capability_mode, Capsicum Capability Mode); FEATURE(security_capabilities, Capsicum Capabilities); -- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://mobter.com pgp1_FBv_pGRz.pgp Description: PGP signature
Re: svn commit: r262566 - in stable/10: crypto/openssh crypto/openssh/contrib/caldera crypto/openssh/contrib/cygwin crypto/openssh/contrib/redhat crypto/openssh/contrib/suse crypto/openssh/openbsd-com
On Mon, Mar 03, 2014 at 10:47:43PM +0100, Dimitry Andric wrote: On 03 Mar 2014, at 21:36, John Baldwin j...@freebsd.org wrote: On Thursday, February 27, 2014 12:29:02 pm Dag-Erling SmXXrgrav wrote: Author: des Date: Thu Feb 27 17:29:02 2014 New Revision: 262566 URL: http://svnweb.freebsd.org/changeset/base/262566 Log: MFH (r261320): upgrade openssh to 6.5p1 MFH (r261340): enable sandboxing by default Mails on stable@ suggest that this latter change may be a bit of a POLA violation as if people are using a custom kernel configuration that doesn't include CAPSICUM they are now locked out of their boxes as sshd fails. It seems that this is at least worth a note in UPDATING if not adding a workaround to handle the case of a kernel without CAPSICUM. Wouldn't it be enough to merge r261499 (Fix installations that use kernels without CAPABILITIES support) by pjd? Yes, my change should be definiately merged with OpenSSH merge. If nobody beats me to it, I should be able to merge it tomorrow. -- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://mobter.com pgp6dSgCuTJph.pgp Description: PGP signature
svn commit: r262405 - head/usr.bin/kdump
Author: pjd Date: Sun Feb 23 22:13:16 2014 New Revision: 262405 URL: http://svnweb.freebsd.org/changeset/base/262405 Log: Capability rights are held by descriptors, not processes. Reported by: jonathan Modified: head/usr.bin/kdump/kdump.c Modified: head/usr.bin/kdump/kdump.c == --- head/usr.bin/kdump/kdump.c Sun Feb 23 22:12:25 2014(r262404) +++ head/usr.bin/kdump/kdump.c Sun Feb 23 22:13:16 2014(r262405) @@ -1877,7 +1877,7 @@ ktrcapfail(struct ktr_cap_fail *ktr) /* operation on fd with insufficient capabilities */ printf(operation requires ); capname(ktr-cap_needed); - printf(, process holds ); + printf(, descriptor holds ); capname(ktr-cap_held); break; case CAPFAIL_INCREASE: ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r261742 - head/gnu/usr.bin/groff/tmac
Author: pjd Date: Tue Feb 11 09:17:17 2014 New Revision: 261742 URL: http://svnweb.freebsd.org/changeset/base/261742 Log: Add missing libraries here as well, so a warning is not printed when one tries to view their manual pages. Reported by: rwatson Explained by: pluknet Modified: head/gnu/usr.bin/groff/tmac/mdoc.local Modified: head/gnu/usr.bin/groff/tmac/mdoc.local == --- head/gnu/usr.bin/groff/tmac/mdoc.local Tue Feb 11 08:20:45 2014 (r261741) +++ head/gnu/usr.bin/groff/tmac/mdoc.local Tue Feb 11 09:17:17 2014 (r261742) @@ -34,11 +34,13 @@ .\ FreeBSD .Lb values .ds doc-str-Lb-libarchive Streaming Archive Library (libarchive, \-larchive) .ds doc-str-Lb-libbluetooth Bluetooth User Library (libbluetooth, \-lbluetooth) +.ds doc-str-Lb-libcapsicum Capsicum Library (libcapsicum, \-lcapsicum) .ds doc-str-Lb-libedit Line Editor and History Library (libedit, \-ledit) .ds doc-str-Lb-libefi EFI Runtime Services Library (libefi, \-lefi) .ds doc-str-Lb-libelf ELF Parsing Library (libelf, \-lelf) .ds doc-str-Lb-libexecinfo Backtrace Access Library (libexecinfo, \-lexecinfo) .ds doc-str-Lb-libfetchFile Transfer Library (libfetch, \-lfetch) +.ds doc-str-Lb-libnv Name/value pairs library (libnv, \-lnv) .ds doc-str-Lb-libpmc Performance Monitoring Counters Interface Library (libpmc, \-lpmc) .ds doc-str-Lb-libproc Processor Monitoring and Analysis Library (libproc, \-lproc) .ds doc-str-Lb-libprocstat Process and Files Information Retrieval (libprocstat, \-lprocstat) ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r261692 - head/sbin/casperd
Author: pjd
Date: Sun Feb 9 21:42:01 2014
New Revision: 261692
URL: http://svnweb.freebsd.org/changeset/base/261692
Log:
If the main casperd process exits, zygote process should exit as well
instead of spinning.
Reported by: Mikhail m...@lenta.ru
Modified:
head/sbin/casperd/zygote.c
Modified: head/sbin/casperd/zygote.c
==
--- head/sbin/casperd/zygote.c Sun Feb 9 21:27:32 2014(r261691)
+++ head/sbin/casperd/zygote.c Sun Feb 9 21:42:01 2014(r261692)
@@ -132,8 +132,13 @@ zygote_main(int sock)
for (;;) {
nvlin = nvlist_recv(sock);
- if (nvlin == NULL)
+ if (nvlin == NULL) {
+ if (errno == ENOTCONN) {
+ /* Casperd exited. */
+ exit(0);
+ }
continue;
+ }
func = (zygote_func_t *)(uintptr_t)nvlist_get_number(nvlin,
func);
flags = (int)nvlist_get_number(nvlin, flags);
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r261693 - head/lib/libcasper
Author: pjd
Date: Sun Feb 9 21:47:46 2014
New Revision: 261693
URL: http://svnweb.freebsd.org/changeset/base/261693
Log:
Fix descriptor leak.
Modified:
head/lib/libcasper/libcasper.c
Modified: head/lib/libcasper/libcasper.c
==
--- head/lib/libcasper/libcasper.c Sun Feb 9 21:42:01 2014
(r261692)
+++ head/lib/libcasper/libcasper.c Sun Feb 9 21:47:46 2014
(r261693)
@@ -344,7 +344,7 @@ service_message(struct service *service,
if (sock == -1) {
error = errno;
} else {
- nvlist_add_descriptor(nvlout, sock, sock);
+ nvlist_move_descriptor(nvlout, sock, sock);
error = 0;
}
} else {
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r261612 - head/share/man/man4
Author: pjd Date: Fri Feb 7 22:15:48 2014 New Revision: 261612 URL: http://svnweb.freebsd.org/changeset/base/261612 Log: Add cross-references to casperd(8) and libcapsicum(3). Suggested by: rwatson Modified: head/share/man/man4/capsicum.4 Modified: head/share/man/man4/capsicum.4 == --- head/share/man/man4/capsicum.4 Fri Feb 7 22:04:56 2014 (r261611) +++ head/share/man/man4/capsicum.4 Fri Feb 7 22:15:48 2014 (r261612) @@ -104,7 +104,9 @@ associated with file descriptors; descri .Xr shm_open 2 , .Xr write 2 , .Xr cap_rights_get 3 , -.Xr procdesc 4 +.Xr libcapsicum 3 , +.Xr procdesc 4 , +.Xr casperd 8 .Sh HISTORY .Nm first appeared in ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r261498 - head/sbin/ping
Author: pjd
Date: Tue Feb 4 21:43:53 2014
New Revision: 261498
URL: http://svnweb.freebsd.org/changeset/base/261498
Log:
Protect ping(8) using Capsicum and Casper. This is protection against
malicious
network packets that we parse and not against local users trying to gain root
access through ping's set-uid bit - this is handled by dropping privileges
very
early in ping.
Submitted by: Mikhail m...@lenta.ru
Modified:
head/sbin/ping/Makefile
head/sbin/ping/ping.c
Modified: head/sbin/ping/Makefile
==
--- head/sbin/ping/Makefile Tue Feb 4 21:23:12 2014(r261497)
+++ head/sbin/ping/Makefile Tue Feb 4 21:43:53 2014(r261498)
@@ -1,6 +1,8 @@
# @(#)Makefile8.1 (Berkeley) 6/5/93
# $FreeBSD$
+.include bsd.own.mk
+
PROG= ping
MAN= ping.8
BINOWN=root
@@ -9,6 +11,12 @@ WARNS?= 2
DPADD= ${LIBM}
LDADD= -lm
+.if ${MK_CASPER} != no !defined(RESCUE)
+DPADD+=${LIBCAPSICUM}
+LDADD+=-lcapsicum
+CFLAGS+=-DHAVE_LIBCAPSICUM
+.endif
+
.if !defined(RELEASE_CRUNCH)
CFLAGS+=-DIPSEC
DPADD+=${LIBIPSEC}
Modified: head/sbin/ping/ping.c
==
--- head/sbin/ping/ping.c Tue Feb 4 21:23:12 2014(r261497)
+++ head/sbin/ping/ping.c Tue Feb 4 21:43:53 2014(r261498)
@@ -63,6 +63,7 @@ __FBSDID($FreeBSD$);
*/
#include sys/param.h /* NB: we rely on this for sys/types.h */
+#include sys/capability.h
#include sys/socket.h
#include sys/sysctl.h
#include sys/time.h
@@ -74,6 +75,11 @@ __FBSDID($FreeBSD$);
#include netinet/ip_icmp.h
#include netinet/ip_var.h
#include arpa/inet.h
+#ifdef HAVE_LIBCAPSICUM
+#include libcapsicum.h
+#include libcapsicum_dns.h
+#include libcapsicum_service.h
+#endif
#ifdef IPSEC
#include netipsec/ipsec.h
@@ -157,7 +163,8 @@ char rcvd_tbl[MAX_DUP_CHK / 8];
struct sockaddr_in whereto;/* who to ping */
int datalen = DEFDATALEN;
int maxpayload;
-int s; /* socket file descriptor */
+int ssend; /* send socket file descriptor */
+int srecv; /* receive socket file descriptor */
u_char outpackhdr[IP_MAXPACKET], *outpack;
char BBELL = '\a'; /* characters written for MISSED and AUDIBLE */
char BSPACE = '\b';/* characters written for flood */
@@ -197,8 +204,15 @@ double tsumsq = 0.0; /* sum of all time
volatile sig_atomic_t finish_up; /* nonzero if we've been told to finish up */
volatile sig_atomic_t siginfo_p;
+#ifdef HAVE_LIBCAPSICUM
+static cap_channel_t *capdns;
+#endif
+
static void fill(char *, char *);
static u_short in_cksum(u_short *, int);
+#ifdef HAVE_LIBCAPSICUM
+static cap_channel_t *capdns_setup(void);
+#endif
static void check_status(void);
static void finish(void) __dead2;
static void pinger(void);
@@ -233,8 +247,8 @@ main(int argc, char *const *argv)
struct sockaddr_in *to;
double t;
u_long alarmtimeout, ultmp;
- int almost_done, ch, df, hold, i, icmp_len, mib[4], preload, sockerrno,
- tos, ttl;
+ int almost_done, ch, df, hold, i, icmp_len, mib[4], preload;
+ int ssend_errno, srecv_errno, tos, ttl;
char ctrl[CMSG_SPACE(sizeof(struct timeval))];
char hnamebuf[MAXHOSTNAMELEN], snamebuf[MAXHOSTNAMELEN];
#ifdef IP_OPTIONS
@@ -246,14 +260,26 @@ main(int argc, char *const *argv)
#ifdef IPSEC_POLICY_IPSEC
policy_in = policy_out = NULL;
#endif
+ cap_rights_t rights;
+ bool cansandbox;
/*
* Do the stuff that we need root priv's for *first*, and
* then drop our setuid bit. Save error reporting for
* after arg parsing.
+*
+* Historicaly ping was using one socket 's' for sending and for
+* receiving. After capsicum(4) related changes we use two
+* sockets. It was done for special ping use case - when user
+* issue ping on multicast or broadcast address replies come
+* from different addresses, not from the address we
+* connect(2)'ed to, and send socket do not receive those
+* packets.
*/
- s = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
- sockerrno = errno;
+ ssend = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
+ ssend_errno = errno;
+ srecv = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
+ srecv_errno = errno;
if (setuid(getuid()) != 0)
err(EX_NOPERM, setuid() failed);
@@ -527,13 +553,22 @@ main(int argc, char *const *argv)
if (options F_PINGFILLED) {
fill((char *)datap, payload);
}
+#ifdef HAVE_LIBCAPSICUM
+ capdns = capdns_setup();
+#endif
if (source) {
bzero((char *)sock_in, sizeof(sock_in));
sock_in.sin_family = AF_INET;
if (inet_aton(source,
svn commit: r261499 - head/crypto/openssh
Author: pjd Date: Tue Feb 4 21:48:09 2014 New Revision: 261499 URL: http://svnweb.freebsd.org/changeset/base/261499 Log: Fix installations that use kernels without CAPABILITIES support. Approved by: des Modified: head/crypto/openssh/sandbox-capsicum.c Modified: head/crypto/openssh/sandbox-capsicum.c == --- head/crypto/openssh/sandbox-capsicum.c Tue Feb 4 21:43:53 2014 (r261498) +++ head/crypto/openssh/sandbox-capsicum.c Tue Feb 4 21:48:09 2014 (r261499) @@ -94,10 +94,12 @@ ssh_sandbox_child(struct ssh_sandbox *bo fatal(can't limit stderr: %m); cap_rights_init(rights, CAP_READ, CAP_WRITE); - if (cap_rights_limit(box-monitor-m_recvfd, rights) == -1) + if (cap_rights_limit(box-monitor-m_recvfd, rights) == -1 + errno != ENOSYS) fatal(%s: failed to limit the network socket, __func__); cap_rights_init(rights, CAP_WRITE); - if (cap_rights_limit(box-monitor-m_log_sendfd, rights) == -1) + if (cap_rights_limit(box-monitor-m_log_sendfd, rights) == -1 + errno != ENOSYS) fatal(%s: failed to limit the logging socket, __func__); if (cap_enter() 0 errno != ENOSYS) fatal(%s: failed to enter capability mode, __func__); ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r261407 - head/lib/libnv
Author: pjd
Date: Sun Feb 2 19:03:52 2014
New Revision: 261407
URL: http://svnweb.freebsd.org/changeset/base/261407
Log:
Fix sending empty nvlist.
Submitted by: Mariusz Zaborski osho...@freebsd.org
Modified:
head/lib/libnv/msgio.c
Modified: head/lib/libnv/msgio.c
==
--- head/lib/libnv/msgio.c Sun Feb 2 17:48:06 2014(r261406)
+++ head/lib/libnv/msgio.c Sun Feb 2 19:03:52 2014(r261407)
@@ -364,7 +364,7 @@ buf_recv(int sock, void *buf, size_t siz
unsigned char *ptr;
ptr = buf;
- do {
+ while (size 0) {
fd_wait(sock, true);
done = recv(sock, ptr, size, 0);
if (done == -1) {
@@ -377,7 +377,7 @@ buf_recv(int sock, void *buf, size_t siz
}
size -= done;
ptr += done;
- } while (size 0);
+ }
return (0);
}
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r261408 - head/lib/libnv
Author: pjd
Date: Sun Feb 2 19:06:00 2014
New Revision: 261408
URL: http://svnweb.freebsd.org/changeset/base/261408
Log:
Assert input arguments to buf_send() and buf_recv().
Submitted by: Mariusz Zaborski osho...@freebsd.org
Modified:
head/lib/libnv/msgio.c
Modified: head/lib/libnv/msgio.c
==
--- head/lib/libnv/msgio.c Sun Feb 2 19:03:52 2014(r261407)
+++ head/lib/libnv/msgio.c Sun Feb 2 19:06:00 2014(r261408)
@@ -338,6 +338,10 @@ buf_send(int sock, void *buf, size_t siz
ssize_t done;
unsigned char *ptr;
+ PJDLOG_ASSERT(sock = 0);
+ PJDLOG_ASSERT(size 0);
+ PJDLOG_ASSERT(buf != NULL);
+
ptr = buf;
do {
fd_wait(sock, false);
@@ -363,6 +367,9 @@ buf_recv(int sock, void *buf, size_t siz
ssize_t done;
unsigned char *ptr;
+ PJDLOG_ASSERT(sock = 0);
+ PJDLOG_ASSERT(buf != NULL);
+
ptr = buf;
while (size 0) {
fd_wait(sock, true);
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r260471 - head/sbin/casperd
Author: pjd Date: Thu Jan 9 09:19:59 2014 New Revision: 260471 URL: http://svnweb.freebsd.org/changeset/base/260471 Log: Always create /var/run/casper with correct permissions and don't depend on the calling process' umask. Submitted by: Mikhail m...@lenta.ru Modified: head/sbin/casperd/casperd.c Modified: head/sbin/casperd/casperd.c == --- head/sbin/casperd/casperd.c Thu Jan 9 09:16:35 2014(r260470) +++ head/sbin/casperd/casperd.c Thu Jan 9 09:19:59 2014(r260471) @@ -541,6 +541,7 @@ main_loop(const char *sockpath, struct p struct casper_service *casserv; struct service_connection *sconn, *sconntmp; int lsock, sock, maxfd, ret; + mode_t oldumask; lsock = socket(AF_UNIX, SOCK_STREAM, 0); if (lsock == -1) @@ -554,8 +555,10 @@ main_loop(const char *sockpath, struct p sizeof(sun.sun_path)); sun.sun_len = SUN_LEN(sun); + oldumask = umask(S_IXUSR | S_IXGRP | S_IXOTH); if (bind(lsock, (struct sockaddr *)sun, sizeof(sun)) == -1) pjdlog_exit(1, Unable to bind to %s, sockpath); + (void)umask(oldumask); if (listen(lsock, 8) == -1) pjdlog_exit(1, Unable to listen on %s, sockpath); ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r260402 - stable/10/sys/sys
Author: pjd
Date: Tue Jan 7 19:46:17 2014
New Revision: 260402
URL: http://svnweb.freebsd.org/changeset/base/260402
Log:
MFC r260290:
Bring back the old size of the kinfo_file structure to preserve ABI.
Keep only one uint64_t spare for further cap_rights_t expension.
Add a comment clarifying that if the size of this structure changes,
a new sysctl MIB has to be allocate for it and the old structure has
to be returned by the old sysctl MIB.
Requested by: re
Modified:
stable/10/sys/sys/user.h
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/sys/user.h
==
--- stable/10/sys/sys/user.hTue Jan 7 19:33:17 2014(r260401)
+++ stable/10/sys/sys/user.hTue Jan 7 19:46:17 2014(r260402)
@@ -320,7 +320,13 @@ struct kinfo_ofile {
};
#if defined(__amd64__) || defined(__i386__)
-#defineKINFO_FILE_SIZE 1424
+/*
+ * This size should never be changed. If you really need to, you must provide
+ * backward ABI compatibility by allocating a new sysctl MIB that will return
+ * the new structure. The current structure has to be returned by the current
+ * sysctl MIB. See how it is done for the kinfo_ofile structure.
+ */
+#defineKINFO_FILE_SIZE 1392
#endif
struct kinfo_file {
@@ -391,8 +397,7 @@ struct kinfo_file {
uint16_tkf_pad1;/* Round to 32 bit alignment. */
int _kf_ispare0;/* Space for more stuff. */
cap_rights_tkf_cap_rights; /* Capability rights. */
- uint64_t_kf_cap_spare[3]; /* Space for future
cap_rights_t. */
- int _kf_ispare[4]; /* Space for more stuff. */
+ uint64_t_kf_cap_spare; /* Space for future
cap_rights_t. */
/* Truncated before copyout in sysctl */
charkf_path[PATH_MAX]; /* Path to file, if any. */
};
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r260406 - releng/10.0/sys/sys
Author: pjd
Date: Tue Jan 7 20:12:02 2014
New Revision: 260406
URL: http://svnweb.freebsd.org/changeset/base/260406
Log:
MFstable/10 r260402:
Bring back the old size of the kinfo_file structure to preserve ABI.
Keep only one uint64_t spare for further cap_rights_t expension.
Add a comment clarifying that if the size of this structure changes,
a new sysctl MIB has to be allocate for it and the old structure has
to be returned by the old sysctl MIB.
Requested by: re
Approved by: re (gjb)
Modified:
releng/10.0/sys/sys/user.h
Directory Properties:
releng/10.0/ (props changed)
Modified: releng/10.0/sys/sys/user.h
==
--- releng/10.0/sys/sys/user.h Tue Jan 7 20:06:20 2014(r260405)
+++ releng/10.0/sys/sys/user.h Tue Jan 7 20:12:02 2014(r260406)
@@ -320,7 +320,13 @@ struct kinfo_ofile {
};
#if defined(__amd64__) || defined(__i386__)
-#defineKINFO_FILE_SIZE 1424
+/*
+ * This size should never be changed. If you really need to, you must provide
+ * backward ABI compatibility by allocating a new sysctl MIB that will return
+ * the new structure. The current structure has to be returned by the current
+ * sysctl MIB. See how it is done for the kinfo_ofile structure.
+ */
+#defineKINFO_FILE_SIZE 1392
#endif
struct kinfo_file {
@@ -391,8 +397,7 @@ struct kinfo_file {
uint16_tkf_pad1;/* Round to 32 bit alignment. */
int _kf_ispare0;/* Space for more stuff. */
cap_rights_tkf_cap_rights; /* Capability rights. */
- uint64_t_kf_cap_spare[3]; /* Space for future
cap_rights_t. */
- int _kf_ispare[4]; /* Space for more stuff. */
+ uint64_t_kf_cap_spare; /* Space for future
cap_rights_t. */
/* Truncated before copyout in sysctl */
charkf_path[PATH_MAX]; /* Path to file, if any. */
};
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r260253 - head/tools/regression/capsicum/libcapsicum
Author: pjd
Date: Sat Jan 4 09:25:27 2014
New Revision: 260253
URL: http://svnweb.freebsd.org/changeset/base/260253
Log:
MFp4 @1189766:
- Compile the tests with .t suffix, so prove can use them directly.
- The CHECKX() macro should increment ntest just like the CHECK() macro.
- For consistency remove # from the pwd.t output.
Submitted by: Mariusz Zaborski osho...@freebsd.org
Modified:
head/tools/regression/capsicum/libcapsicum/Makefile
head/tools/regression/capsicum/libcapsicum/dns.c
head/tools/regression/capsicum/libcapsicum/grp.c
head/tools/regression/capsicum/libcapsicum/pwd.c
head/tools/regression/capsicum/libcapsicum/sysctl.c
Modified: head/tools/regression/capsicum/libcapsicum/Makefile
==
--- head/tools/regression/capsicum/libcapsicum/Makefile Sat Jan 4 04:48:58
2014(r260252)
+++ head/tools/regression/capsicum/libcapsicum/Makefile Sat Jan 4 09:25:27
2014(r260253)
@@ -15,12 +15,14 @@ CFLAGS+=-Wold-style-definition -Wno-poi
CFLAGS+= -I${.CURDIR}/../../../../lib/libcapsicum
CFLAGS+= -ggdb
-all: ${SERVICES}
+SERVTEST= ${SERVICES:=.t}
+
+all: ${SERVTEST}
.for SERVICE in ${SERVICES}
-${SERVICE}:${SERVICE}.c
- ${CC} ${CFLAGS} ${@}.c -o $@ -lcapsicum -lnv
+${SERVICE}.t: ${SERVICE}.c
+ ${CC} ${CFLAGS} ${@:.t=.c} -o $@ -lcapsicum -lnv
.endfor
@@ -28,4 +30,4 @@ test: all
@prove -r ${.CURDIR}
clean:
- rm -f ${SERVICES}
+ rm -f ${SERVTEST}
Modified: head/tools/regression/capsicum/libcapsicum/dns.c
==
--- head/tools/regression/capsicum/libcapsicum/dns.cSat Jan 4 04:48:58
2014(r260252)
+++ head/tools/regression/capsicum/libcapsicum/dns.cSat Jan 4 09:25:27
2014(r260253)
@@ -64,6 +64,7 @@ static int ntest = 1;
printf(not ok %d %s:%u\n, ntest, __FILE__, __LINE__); \
exit(1);\
} \
+ ntest++;\
} while (0)
#defineGETHOSTBYNAME 0x01
@@ -223,7 +224,7 @@ main(void)
const char *types[2];
int families[2];
- printf(1..89\n);
+ printf(1..91\n);
capcas = cap_init();
CHECKX(capcas != NULL);
Modified: head/tools/regression/capsicum/libcapsicum/grp.c
==
--- head/tools/regression/capsicum/libcapsicum/grp.cSat Jan 4 04:48:58
2014(r260252)
+++ head/tools/regression/capsicum/libcapsicum/grp.cSat Jan 4 09:25:27
2014(r260253)
@@ -61,6 +61,7 @@ static int ntest = 1;
printf(not ok %d %s:%u\n, ntest, __FILE__, __LINE__); \
exit(1);\
} \
+ ntest++;\
} while (0)
#defineGID_WHEEL 0
@@ -1522,7 +1523,7 @@ main(void)
{
cap_channel_t *capcas, *capgrp;
- printf(1..197\n);
+ printf(1..199\n);
capcas = cap_init();
CHECKX(capcas != NULL);
Modified: head/tools/regression/capsicum/libcapsicum/pwd.c
==
--- head/tools/regression/capsicum/libcapsicum/pwd.cSat Jan 4 04:48:58
2014(r260252)
+++ head/tools/regression/capsicum/libcapsicum/pwd.cSat Jan 4 09:25:27
2014(r260253)
@@ -49,18 +49,19 @@ static int ntest = 1;
#define CHECK(expr) do { \
if ((expr)) \
- printf(ok # %d %s:%u\n, ntest, __FILE__, __LINE__); \
+ printf(ok %d %s:%u\n, ntest, __FILE__, __LINE__); \
else\
- printf(not ok # %d %s:%u\n, ntest, __FILE__, __LINE__);\
+ printf(not ok %d %s:%u\n, ntest, __FILE__, __LINE__);\
ntest++;\
} while (0)
#define CHECKX(expr) do { \
if ((expr)) { \
- printf(ok # %d %s:%u\n, ntest, __FILE__, __LINE__); \
+ printf(ok %d %s:%u\n, ntest, __FILE__, __LINE__); \
} else {\
- printf(not ok # %d %s:%u\n, ntest, __FILE__, __LINE__);\
+ printf(not ok %d %s:%u\n, ntest, __FILE__, __LINE__);\
exit(1);\
}
svn commit: r260254 - head/sbin/geom/class/eli
Author: pjd
Date: Sat Jan 4 09:27:49 2014
New Revision: 260254
URL: http://svnweb.freebsd.org/changeset/base/260254
Log:
Don't allow to create GELI providers with a sector size, which is no a
power of 2.
Noticed by: rwatson
MFC after:3 days
Modified:
head/sbin/geom/class/eli/geom_eli.c
Modified: head/sbin/geom/class/eli/geom_eli.c
==
--- head/sbin/geom/class/eli/geom_eli.c Sat Jan 4 09:25:27 2014
(r260253)
+++ head/sbin/geom/class/eli/geom_eli.c Sat Jan 4 09:27:49 2014
(r260254)
@@ -789,7 +789,7 @@ eli_init(struct gctl_req *req)
if (val == 0)
md.md_sectorsize = secsize;
else {
- if (val 0 || (val % secsize) != 0) {
+ if (val 0 || (val % secsize) != 0 || !powerof2(val)) {
gctl_error(req, Invalid sector size.);
return;
}
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r260290 - head/sys/sys
Author: pjd
Date: Sat Jan 4 21:55:06 2014
New Revision: 260290
URL: http://svnweb.freebsd.org/changeset/base/260290
Log:
Bring back the old size of the kinfo_file structure to preserve ABI.
Keep only one uint64_t spare for further cap_rights_t expension.
Add a comment clarifying that if the size of this structure changes,
a new sysctl MIB has to be allocate for it and the old structure has
to be returned by the old sysctl MIB.
Requested by: re
MFC after:3 days
Modified:
head/sys/sys/user.h
Modified: head/sys/sys/user.h
==
--- head/sys/sys/user.h Sat Jan 4 21:45:52 2014(r260289)
+++ head/sys/sys/user.h Sat Jan 4 21:55:06 2014(r260290)
@@ -320,7 +320,13 @@ struct kinfo_ofile {
};
#if defined(__amd64__) || defined(__i386__)
-#defineKINFO_FILE_SIZE 1424
+/*
+ * This size should never be changed. If you really need to, you must provide
+ * backward ABI compatibility by allocating a new sysctl MIB that will return
+ * the new structure. The current structure has to be returned by the current
+ * sysctl MIB. See how it is done for the kinfo_ofile structure.
+ */
+#defineKINFO_FILE_SIZE 1392
#endif
struct kinfo_file {
@@ -391,8 +397,7 @@ struct kinfo_file {
uint16_tkf_pad1;/* Round to 32 bit alignment. */
int _kf_ispare0;/* Space for more stuff. */
cap_rights_tkf_cap_rights; /* Capability rights. */
- uint64_t_kf_cap_spare[3]; /* Space for future
cap_rights_t. */
- int _kf_ispare[4]; /* Space for more stuff. */
+ uint64_t_kf_cap_spare; /* Space for future
cap_rights_t. */
/* Truncated before copyout in sysctl */
charkf_path[PATH_MAX]; /* Path to file, if any. */
};
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r260222 - head/lib/libnv
Author: pjd
Date: Fri Jan 3 09:07:03 2014
New Revision: 260222
URL: http://svnweb.freebsd.org/changeset/base/260222
Log:
MFp4 @1189711:
Fix resource leaks on nvlist_destroy().
Reported by: Mariusz Zaborski osho...@freebsd.org
MFC after:3 days
Modified:
head/lib/libnv/nvlist.c
Modified: head/lib/libnv/nvlist.c
==
--- head/lib/libnv/nvlist.c Fri Jan 3 08:31:42 2014(r260221)
+++ head/lib/libnv/nvlist.c Fri Jan 3 09:07:03 2014(r260222)
@@ -125,8 +125,10 @@ nvlist_destroy(nvlist_t *nvl)
NVLIST_ASSERT(nvl);
- while ((nvp = nvlist_first_nvpair(nvl)) != NULL)
+ while ((nvp = nvlist_first_nvpair(nvl)) != NULL) {
nvlist_remove_nvpair(nvl, nvp);
+ nvpair_free(nvp);
+ }
nvl-nvl_magic = 0;
free(nvl);
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r260223 - head/lib/libcasper
Author: pjd
Date: Fri Jan 3 09:10:04 2014
New Revision: 260223
URL: http://svnweb.freebsd.org/changeset/base/260223
Log:
MFp4 @1189741:
- Add missing nvlist_destroy().
- Don't override nvlout.
Submitted by: Mariusz Zaborski osho...@freebsd.org
MFC after:3 days
Modified:
head/lib/libcasper/libcasper.c
Modified: head/lib/libcasper/libcasper.c
==
--- head/lib/libcasper/libcasper.c Fri Jan 3 09:07:03 2014
(r260222)
+++ head/lib/libcasper/libcasper.c Fri Jan 3 09:10:04 2014
(r260223)
@@ -348,7 +348,6 @@ service_message(struct service *service,
error = 0;
}
} else {
- nvlout = nvlist_create(0);
error = service-s_command(cmd,
service_connection_get_limits(sconn), nvlin, nvlout);
}
@@ -362,8 +361,9 @@ service_message(struct service *service,
if (cap_send_nvlist(service_connection_get_chan(sconn), nvlout) == -1) {
pjdlog_errno(LOG_ERR, Unable to send message to client);
service_connection_remove(service, sconn);
- return;
}
+
+ nvlist_destroy(nvlout);
}
static int
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
Re: svn commit: r255219 - in head: contrib/tcpdump lib/libc lib/libc/capability lib/libc/include lib/libc/sys lib/libprocstat sbin/dhclient sbin/hastd sys/amd64/linux32 sys/bsm sys/cddl/compat/opensol
On Wed, Jan 01, 2014 at 11:16:22PM -0800, Stanislav Sedov wrote:
On Sep 4, 2013, at 5:09 PM, Pawel Jakub Dawidek p...@freebsd.org wrote:
This commit also breaks compatibility with some existing Capsicum system
calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.
Hi!
This change also increases the size of kinfo_file structure, which won’t allow
programs not compiled against HEAD and working with kern.info.filedesc sysctl
to run properly on HEAD (e.g. 8.x, 9.x and 10.x jails won’t run properly on
HEAD,
and it also broke valgrind). Is there absolutely no way to avoid extending
the size
of this struct?
Well, I made this change to have space for future cap_rights_t
expension. I did that change for a major branch, so we don't have to do
it in the middle of 10.x or to not block the work until 11.0.
Note that the structure changed size not only because of _kf_cap_spare[3]
field, but also because cap_rights_t is not uint64_t anymore, it is now
struct that contains two uint64_t (1424 - 1392 = 4 * 8).
I'm afraid it is too late to change it for 10.0 at this point anyway.
Not sure if you are aware this was merged to 10, because you write about
10.x jails not working properly on HEAD. 10.x jails will work properly
on HEAD.
BTW. I'd love if we stop using such structures for a running kernel.
We should really move to using libnv to export data like that.
#if defined(__amd64__) || defined(__i386__)
-#defineKINFO_FILE_SIZE 1392
+#defineKINFO_FILE_SIZE 1424
#endif
struct kinfo_file {
@@ -389,6 +390,7 @@
uint16_tkf_pad1;/* Round to 32 bit
alignment. */
int _kf_ispare0;/* Space for more stuff. */
cap_rights_tkf_cap_rights; /* Capability rights. */
+ uint64_t_kf_cap_spare[3]; /* Space for future
cap_rights_t. */
int _kf_ispare[4]; /* Space for more stuff. */
/* Truncated before copyout in sysctl */
charkf_path[PATH_MAX]; /* Path to file, if any. */
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://mobter.com
pgpTcuR9z57yc.pgp
Description: PGP signature
Re: svn commit: r255219 - in head: contrib/tcpdump lib/libc lib/libc/capability lib/libc/include lib/libc/sys lib/libprocstat sbin/dhclient sbin/hastd sys/amd64/linux32 sys/bsm sys/cddl/compat/opensol
On Thu, Jan 02, 2014 at 02:28:57AM -0800, Alfred Perlstein wrote:
On 1/2/14 1:33 AM, Pawel Jakub Dawidek wrote:
On Wed, Jan 01, 2014 at 11:16:22PM -0800, Stanislav Sedov wrote:
On Sep 4, 2013, at 5:09 PM, Pawel Jakub Dawidek p...@freebsd.org wrote:
This commit also breaks compatibility with some existing Capsicum
system calls,
but I see no other way to do that. This should be fine as Capsicum is
still
experimental and this change is not going to 9.x.
Hi!
This change also increases the size of kinfo_file structure, which won’t
allow
programs not compiled against HEAD and working with kern.info.filedesc
sysctl
to run properly on HEAD (e.g. 8.x, 9.x and 10.x jails won’t run properly
on HEAD,
and it also broke valgrind). Is there absolutely no way to avoid
extending the size
of this struct?
Well, I made this change to have space for future cap_rights_t
expension. I did that change for a major branch, so we don't have to do
it in the middle of 10.x or to not block the work until 11.0.
Note that the structure changed size not only because of _kf_cap_spare[3]
field, but also because cap_rights_t is not uint64_t anymore, it is now
struct that contains two uint64_t (1424 - 1392 = 4 * 8).
I'm afraid it is too late to change it for 10.0 at this point anyway.
Not sure if you are aware this was merged to 10, because you write about
10.x jails not working properly on HEAD. 10.x jails will work properly
on HEAD.
BTW. I'd love if we stop using such structures for a running kernel.
We should really move to using libnv to export data like that.
Aren't there enough bits in int _kf_ispare[4]; /* Space
for more stuff. */
to make this work for the time being until you can provide an alternate
way to fetch the cap stuff from the kernel.
I don't plan to provide alternative way to fetch the cap stuff. Well, I
implemented libnv, which can be used to reimplement how we fetch all
data like kinfo_file in a ABI friendly way, but I don't plan to modify
this specific code myself.
Afaik you could just remove the spare and steal 2 or 4 entries from
_kf_ispare until it is sorted.
Yes, this would work for current cap_rights_t structure, at least for
i386 and amd64, but would only allow to expand the structure by one
uint64_t in the future (which might or might not be enough). The
cap_rights_t structure is designed to be expanded to 5 uint64_ts without
breaking ABI. I don't want to stuck with current cap_rights_t that is
designed to expand, but cannot be, because kinfo_file wasn't modified at
the start of a major branch.
Can you please make use of that and discuss merge to 10 with re@?
I'm Bccing re@, but I'm pretty sure it is too late for such a change,
especially that it breaks ABI with all 10-RCs. I'm also not changing my
mind. I'd like to structure to stay as-is.
It really sounds like breaking top/etc under jails is something that
should and can be avoided.
I agree. Maybe it should be done every 10 major releases (I'm still fine
with that rule), but we cannot just stuck with it forever.
My suggestions would be:
1. Move to libnv.
2. Detect that the given binary was compiled against some older version
of this structure and copy old structure to userland. Not sure if we
can do that now or not, but I'd expect we can detect that.
#if defined(__amd64__) || defined(__i386__)
-#defineKINFO_FILE_SIZE 1392
+#defineKINFO_FILE_SIZE 1424
#endif
struct kinfo_file {
@@ -389,6 +390,7 @@
uint16_tkf_pad1;/* Round to 32 bit
alignment. */
int _kf_ispare0;/* Space for more stuff.
*/
cap_rights_tkf_cap_rights; /* Capability rights. */
+ uint64_t_kf_cap_spare[3]; /* Space for future
cap_rights_t. */
int _kf_ispare[4]; /* Space for more stuff.
*/
/* Truncated before copyout in sysctl */
charkf_path[PATH_MAX]; /* Path to file, if any.
*/
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://mobter.com
pgpebZ6hRAjZ8.pgp
Description: PGP signature
