svn commit: r362642 - head/crypto/openssh
Author: delphij Date: Fri Jun 26 04:46:45 2020 New Revision: 362642 URL: https://svnweb.freebsd.org/changeset/base/362642 Log: Don't log normal login_getpwclass(3) result. The logging was introduced in r314527 but doesn't appear to be useful for regular operation, and as the result, for users with no class set (very common) the administrator would see a message like this in their auth.log: sshd[44251]: user root login class [preauth] (note that the class was "" because that's what's typically configured for most users; we would get 'default' if lc->lc_class is chosen) Remove this log as it can be annoying as the lookup happen before authentication and repeats, and our code is not acting upon lc_class or pw_class directly anyways. Reviewed by: cem, imp MFC after:1 week Differential Revision:https://reviews.freebsd.org/D24997 Modified: head/crypto/openssh/auth2.c Modified: head/crypto/openssh/auth2.c == --- head/crypto/openssh/auth2.c Fri Jun 26 03:18:10 2020(r362641) +++ head/crypto/openssh/auth2.c Fri Jun 26 04:46:45 2020(r362642) @@ -317,8 +317,6 @@ input_userauth_request(int type, u_int32_t seq, struct #ifdef HAVE_LOGIN_CAP if (authctxt->pw != NULL && (lc = PRIVSEP(login_getpwclass(authctxt->pw))) != NULL) { - logit("user %s login class %s", authctxt->pw->pw_name, - authctxt->pw->pw_class); from_host = auth_get_canonical_hostname(ssh, options.use_dns); from_ip = ssh_remote_ipaddr(ssh); if (!auth_hostok(lc, from_host, from_ip)) { ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362641 - head
Author: rmacklem Date: Fri Jun 26 03:18:10 2020 New Revision: 362641 URL: https://svnweb.freebsd.org/changeset/base/362641 Log: Add an entry for r362639. Modified: head/UPDATING Modified: head/UPDATING == --- head/UPDATING Fri Jun 26 03:14:30 2020(r362640) +++ head/UPDATING Fri Jun 26 03:18:10 2020(r362641) @@ -26,6 +26,10 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW: disable the most expensive debugging functionality run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20200625: + r362639 changed the internal API used between the NFS kernel modules. + As such, they all need to be rebuilt from sources. + 20200613: r362158 changed the arguments for VFS_CHECKEXP(). As such, any out of tree file systems need to be modified and rebuilt. ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362640 - head/sys/sys
Author: rmacklem Date: Fri Jun 26 03:14:30 2020 New Revision: 362640 URL: https://svnweb.freebsd.org/changeset/base/362640 Log: Bump the version since r362639 changed the internal API between the NFS kernel modules so they must all be rebuilt. Modified: head/sys/sys/param.h Modified: head/sys/sys/param.h == --- head/sys/sys/param.hFri Jun 26 03:11:54 2020(r362639) +++ head/sys/sys/param.hFri Jun 26 03:14:30 2020(r362640) @@ -60,7 +60,7 @@ * in the range 5 to 9. */ #undef __FreeBSD_version -#define __FreeBSD_version 1300099 /* Master, propagated to newvers */ +#define __FreeBSD_version 1300100 /* Master, propagated to newvers */ /* * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD, ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362639 - in head/sys/fs: nfs nfsclient nfsserver
Author: rmacklem Date: Fri Jun 26 03:11:54 2020 New Revision: 362639 URL: https://svnweb.freebsd.org/changeset/base/362639 Log: Add a boolean argument to nfscl_reqstart() to indicate that ext_pgs mbufs should be used. For KERN_TLS (and possibly some other future network interface) the mbuf list passed into sosend() must be ext_pgs mbufs. The krpc could simply copy all the mbuf data into ext_pgs mbufs before calling sosend(), but that would be inefficient for large RPC messages. This patch adds an argument to nfscl_reqstart() to indicate that it should fill the RPC message into ext_pgs mbufs. It also adds fields to "struct nfsrv_descript" needed for building NFS RPC messages in ext_pgs mbufs, along with new flags for this. Since the argument is always "false", this commit should not result in any semantic change. However, this commit prepares the code for future commits that will add support for building of NFS RPC messages in ext_pgs mbufs. Modified: head/sys/fs/nfs/nfs.h head/sys/fs/nfs/nfs_commonsubs.c head/sys/fs/nfs/nfs_var.h head/sys/fs/nfs/nfscl.h head/sys/fs/nfsclient/nfs_clrpcops.c head/sys/fs/nfsserver/nfs_nfsdport.c Modified: head/sys/fs/nfs/nfs.h == --- head/sys/fs/nfs/nfs.h Fri Jun 26 00:58:59 2020(r362638) +++ head/sys/fs/nfs/nfs.h Fri Jun 26 03:11:54 2020(r362639) @@ -670,6 +670,9 @@ struct nfsrv_descript { nfsv4stateid_t nd_savedcurstateid; /* Saved Current StateID */ uint32_tnd_maxreq; /* Max. request (session). */ uint32_tnd_maxresp; /* Max. reply (session). */ + int nd_bextpg; /* Current ext_pgs page */ + int nd_bextpgsiz; /* Bytes left in page */ + int nd_maxextsiz; /* Max ext_pgs mbuf size */ }; #definend_princlen nd_gssnamelen @@ -711,6 +714,13 @@ struct nfsrv_descript { #defineND_SAVEDCURSTATEID 0x1 #defineND_HASSLOTID0x2 #defineND_NFSV42 0x4 +#defineND_EXTPG0x8 +#defineND_TLS 0x10 +#defineND_TLSCERT 0x20 +#defineND_TLSCERTUSER 0x40 +#defineND_EXTLS0x80 +#defineND_EXTLSCERT0x100 +#defineND_EXTLSCERTUSER0x200 /* * ND_GSS should be the "or" of all GSS type authentications. Modified: head/sys/fs/nfs/nfs_commonsubs.c == --- head/sys/fs/nfs/nfs_commonsubs.cFri Jun 26 00:58:59 2020 (r362638) +++ head/sys/fs/nfs/nfs_commonsubs.cFri Jun 26 03:11:54 2020 (r362639) @@ -50,6 +50,8 @@ __FBSDID("$FreeBSD$"); #include +#include + /* * Data items converted to xdr at startup, since they are constant * This is kinda hokey, but may save a little time doing byte swaps @@ -317,7 +319,7 @@ static int nfs_bigrequest[NFSV42_NPROCS] = { void nfscl_reqstart(struct nfsrv_descript *nd, int procnum, struct nfsmount *nmp, u_int8_t *nfhp, int fhlen, u_int32_t **opcntpp, struct nfsclsession *sep, -int vers, int minorvers) +int vers, int minorvers, bool use_ext) { struct mbuf *mb; u_int32_t *tl; @@ -350,6 +352,9 @@ nfscl_reqstart(struct nfsrv_descript *nd, int procnum, } nd->nd_procnum = procnum; nd->nd_repstat = 0; + nd->nd_maxextsiz = 16384; + if (use_ext && mb_use_ext_pgs && PMAP_HAS_DMAP != 0) + nd->nd_flag |= ND_EXTPG; /* * Get the first mbuf for the request. @@ -360,7 +365,7 @@ nfscl_reqstart(struct nfsrv_descript *nd, int procnum, NFSMGET(mb); mb->m_len = 0; nd->nd_mreq = nd->nd_mb = mb; - nd->nd_bpos = mtod(mb, caddr_t); + nd->nd_bpos = mtod(mb, char *); /* * And fill the first file handle into the request. Modified: head/sys/fs/nfs/nfs_var.h == --- head/sys/fs/nfs/nfs_var.h Fri Jun 26 00:58:59 2020(r362638) +++ head/sys/fs/nfs/nfs_var.h Fri Jun 26 03:11:54 2020(r362639) @@ -312,7 +312,7 @@ void nfsrc_trimcache(uint64_t, uint32_t, int); /* nfs_commonsubs.c */ void nfscl_reqstart(struct nfsrv_descript *, int, struct nfsmount *, -u_int8_t *, int, u_int32_t **, struct nfsclsession *, int, int); +u_int8_t *, int, u_int32_t **, struct nfsclsession *, int, int, bool); void nfsm_stateidtom(struct nfsrv_descript *, nfsv4stateid_t *, int); void nfscl_fillsattr(struct nfsrv_descript *, struct vattr *, vnode_t, int, u_int32_t); Modified: head/sys/fs/nfs/nfscl.h
Re: svn commit: r362589 - in head/lib/csu: aarch64 arm i386 riscv
On 2020-Jun-26 10:25:36 +1000, Peter Jeremy wrote: >On 2020-Jun-24 17:54:25 +, John Baldwin wrote: >>Author: jhb >>Date: Wed Jun 24 17:54:24 2020 >>New Revision: 362589 >>URL: https://svnweb.freebsd.org/changeset/base/362589 >> >>Log: >> Always compile the brand and ignore init ELF notes standalone. > >I'm not sure if this is self-inflicted but I'm now seeing linker failures >trying to build in /usr/src/lib/csu/aarch64: >ld -o Scrt1.o -r Scrt1_c.o crt1_s.o crtbrand.o ignore_init_note.o Scrt1.s >ld: error: Scrt1.s:1: unknown directive: .text .text ^ >*** Error code 1 > >This is running r362580 and trying to buildworld r352310 on arm64. Sorry - that latter revision is obviously wrong. I was building r362612. -- Peter Jeremy signature.asc Description: PGP signature
svn commit: r362638 - in stable: 11/lib/libdevdctl 12/lib/libdevdctl
Author: freqlabs Date: Fri Jun 26 00:58:59 2020 New Revision: 362638 URL: https://svnweb.freebsd.org/changeset/base/362638 Log: MFC r362544: libdevdctl: Force full match of "timestamp" field name OpenZFS generates events with a "zio_timestamp" field, which gets mistaken for "timestamp" by libdevdctl due to imprecise string matching. Then later it is assumed a "timestamp" field exists when it doesn't and an exception is thrown. Add a space to the search string so we match exactly "timestamp" rather than anything with that as a suffix. Approved by:mav (mentor) Sponsored by: iXsystems, Inc. Modified: stable/12/lib/libdevdctl/event.cc Directory Properties: stable/12/ (props changed) Changes in other areas also in this revision: Modified: stable/11/lib/libdevdctl/event.cc Directory Properties: stable/11/ (props changed) Modified: stable/12/lib/libdevdctl/event.cc == --- stable/12/lib/libdevdctl/event.cc Fri Jun 26 00:01:31 2020 (r362637) +++ stable/12/lib/libdevdctl/event.cc Fri Jun 26 00:58:59 2020 (r362638) @@ -427,7 +427,7 @@ Event::TimestampEventString(std::string ) * Add a timestamp as the final field of the event if it is * not already present. */ - if (eventString.find("timestamp=") == string::npos) { + if (eventString.find(" timestamp=") == string::npos) { const size_t bufsize = 32; // Long enough for a 64-bit int timeval now; char timebuf[bufsize]; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362638 - in stable: 11/lib/libdevdctl 12/lib/libdevdctl
Author: freqlabs Date: Fri Jun 26 00:58:59 2020 New Revision: 362638 URL: https://svnweb.freebsd.org/changeset/base/362638 Log: MFC r362544: libdevdctl: Force full match of "timestamp" field name OpenZFS generates events with a "zio_timestamp" field, which gets mistaken for "timestamp" by libdevdctl due to imprecise string matching. Then later it is assumed a "timestamp" field exists when it doesn't and an exception is thrown. Add a space to the search string so we match exactly "timestamp" rather than anything with that as a suffix. Approved by:mav (mentor) Sponsored by: iXsystems, Inc. Modified: stable/11/lib/libdevdctl/event.cc Directory Properties: stable/11/ (props changed) Changes in other areas also in this revision: Modified: stable/12/lib/libdevdctl/event.cc Directory Properties: stable/12/ (props changed) Modified: stable/11/lib/libdevdctl/event.cc == --- stable/11/lib/libdevdctl/event.cc Fri Jun 26 00:01:31 2020 (r362637) +++ stable/11/lib/libdevdctl/event.cc Fri Jun 26 00:58:59 2020 (r362638) @@ -427,7 +427,7 @@ Event::TimestampEventString(std::string ) * Add a timestamp as the final field of the event if it is * not already present. */ - if (eventString.find("timestamp=") == string::npos) { + if (eventString.find(" timestamp=") == string::npos) { const size_t bufsize = 32; // Long enough for a 64-bit int timeval now; char timebuf[bufsize]; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r362589 - in head/lib/csu: aarch64 arm i386 riscv
On 2020-Jun-24 17:54:25 +, John Baldwin wrote: >Author: jhb >Date: Wed Jun 24 17:54:24 2020 >New Revision: 362589 >URL: https://svnweb.freebsd.org/changeset/base/362589 > >Log: > Always compile the brand and ignore init ELF notes standalone. I'm not sure if this is self-inflicted but I'm now seeing linker failures trying to build in /usr/src/lib/csu/aarch64: ld -o Scrt1.o -r Scrt1_c.o crt1_s.o crtbrand.o ignore_init_note.o Scrt1.s ld: error: Scrt1.s:1: unknown directive: .text >>> .text >>> ^ *** Error code 1 This is running r362580 and trying to buildworld r352310 on arm64. -- Peter Jeremy signature.asc Description: PGP signature
svn commit: r362637 - head/sys/dev/cxgbe/crypto
Author: jhb Date: Fri Jun 26 00:01:31 2020 New Revision: 362637 URL: https://svnweb.freebsd.org/changeset/base/362637 Log: Reduce contention on per-adapter lock. - Move temporary sglists into the session structure and protect them with a per-session lock instead of a per-adapter lock. - Retire an unused session field, and move a debugging field under INVARIANTS to avoid using the session lock for completion handling when INVARIANTS isn't enabled. - Use counter_u64 for per-adapter statistics. Note that this helps for cases where multiple sessions are used (e.g. multiple IPsec SAs or multiple KTLS connections). It does not help for workloads that use a single session (e.g. a single GELI volume). Reviewed by: np Sponsored by: Chelsio Communications Differential Revision:https://reviews.freebsd.org/D25457 Modified: head/sys/dev/cxgbe/crypto/t4_crypto.c Modified: head/sys/dev/cxgbe/crypto/t4_crypto.c == --- head/sys/dev/cxgbe/crypto/t4_crypto.c Thu Jun 25 23:59:16 2020 (r362636) +++ head/sys/dev/cxgbe/crypto/t4_crypto.c Fri Jun 26 00:01:31 2020 (r362637) @@ -170,8 +170,9 @@ struct ccr_port { }; struct ccr_session { - bool active; +#ifdef INVARIANTS int pending; +#endif enum { HASH, HMAC, BLKCIPHER, ETA, GCM, CCM } mode; struct ccr_port *port; union { @@ -180,16 +181,7 @@ struct ccr_session { struct ccr_session_ccm_mac ccm_mac; }; struct ccr_session_blkcipher blkcipher; -}; - -struct ccr_softc { - struct adapter *adapter; - device_t dev; - uint32_t cid; struct mtx lock; - bool detaching; - struct ccr_port ports[MAX_NPORTS]; - u_int port_mask; /* * Pre-allocate S/G lists used when preparing a work request. @@ -205,7 +197,17 @@ struct ccr_softc { struct sglist *sg_output; struct sglist *sg_ulptx; struct sglist *sg_dsgl; +}; +struct ccr_softc { + struct adapter *adapter; + device_t dev; + uint32_t cid; + struct mtx lock; + bool detaching; + struct ccr_port ports[MAX_NPORTS]; + u_int port_mask; + /* * Pre-allocate a dummy output buffer for the IV and AAD for * AEAD requests. @@ -214,24 +216,23 @@ struct ccr_softc { struct sglist *sg_iv_aad; /* Statistics. */ - uint64_t stats_blkcipher_encrypt; - uint64_t stats_blkcipher_decrypt; - uint64_t stats_hash; - uint64_t stats_hmac; - uint64_t stats_eta_encrypt; - uint64_t stats_eta_decrypt; - uint64_t stats_gcm_encrypt; - uint64_t stats_gcm_decrypt; - uint64_t stats_ccm_encrypt; - uint64_t stats_ccm_decrypt; - uint64_t stats_wr_nomem; - uint64_t stats_inflight; - uint64_t stats_mac_error; - uint64_t stats_pad_error; - uint64_t stats_bad_session; - uint64_t stats_sglist_error; - uint64_t stats_process_error; - uint64_t stats_sw_fallback; + counter_u64_t stats_blkcipher_encrypt; + counter_u64_t stats_blkcipher_decrypt; + counter_u64_t stats_hash; + counter_u64_t stats_hmac; + counter_u64_t stats_eta_encrypt; + counter_u64_t stats_eta_decrypt; + counter_u64_t stats_gcm_encrypt; + counter_u64_t stats_gcm_decrypt; + counter_u64_t stats_ccm_encrypt; + counter_u64_t stats_ccm_decrypt; + counter_u64_t stats_wr_nomem; + counter_u64_t stats_inflight; + counter_u64_t stats_mac_error; + counter_u64_t stats_pad_error; + counter_u64_t stats_sglist_error; + counter_u64_t stats_process_error; + counter_u64_t stats_sw_fallback; }; /* @@ -307,8 +308,7 @@ ccr_phys_dsgl_len(int nsegs) } static void -ccr_write_phys_dsgl(struct ccr_softc *sc, struct ccr_session *s, void *dst, -int nsegs) +ccr_write_phys_dsgl(struct ccr_session *s, void *dst, int nsegs) { struct sglist *sg; struct cpl_rx_phys_dsgl *cpl; @@ -317,7 +317,7 @@ ccr_write_phys_dsgl(struct ccr_softc *sc, struct ccr_s size_t seglen; u_int i, j; - sg = sc->sg_dsgl; + sg = s->sg_dsgl; cpl = dst; cpl->op_to_tid = htobe32(V_CPL_RX_PHYS_DSGL_OPCODE(CPL_RX_PHYS_DSGL) | V_CPL_RX_PHYS_DSGL_ISRDMA(0)); @@ -366,14 +366,14 @@ ccr_ulptx_sgl_len(int nsegs) } static void -ccr_write_ulptx_sgl(struct ccr_softc *sc, void *dst, int nsegs) +ccr_write_ulptx_sgl(struct ccr_session *s, void *dst, int nsegs) { struct ulptx_sgl *usgl; struct sglist *sg; struct sglist_seg *ss; int i; - sg = sc->sg_ulptx; + sg = s->sg_ulptx; MPASS(nsegs == sg->sg_nseg); ss = >sg_segs[0]; usgl = dst; @@ -496,12 +496,12 @@ ccr_hash(struct ccr_softc *sc, struct ccr_session *s, sgl_len = 0;
svn commit: r362636 - head/sys/netipsec
Author: jhb Date: Thu Jun 25 23:59:16 2020 New Revision: 362636 URL: https://svnweb.freebsd.org/changeset/base/362636 Log: Simplify IPsec transform-specific teardown. - Rename from the teardown callback from 'zeroize' to 'cleanup' since this no longer zeroes keys. - Change the callback return type to void. Nothing checked the return value and it was always zero. - Don't have esp call into ah since it no longer needs to depend on this to clear the auth key. Instead, both are now private and self-contained. Reviewed by: delphij Sponsored by: Chelsio Communications Differential Revision:https://reviews.freebsd.org/D25443 Modified: head/sys/netipsec/key.c head/sys/netipsec/xform.h head/sys/netipsec/xform_ah.c head/sys/netipsec/xform_esp.c head/sys/netipsec/xform_ipcomp.c head/sys/netipsec/xform_tcp.c Modified: head/sys/netipsec/key.c == --- head/sys/netipsec/key.c Thu Jun 25 23:57:30 2020(r362635) +++ head/sys/netipsec/key.c Thu Jun 25 23:59:16 2020(r362636) @@ -3059,11 +3059,8 @@ key_cleansav(struct secasvar *sav) } if (sav->flags & SADB_X_EXT_F_CLONED) return; - /* -* Cleanup xform state. -*/ if (sav->tdb_xform != NULL) { - sav->tdb_xform->xf_zeroize(sav); + sav->tdb_xform->xf_cleanup(sav); sav->tdb_xform = NULL; } if (sav->key_auth != NULL) { Modified: head/sys/netipsec/xform.h == --- head/sys/netipsec/xform.h Thu Jun 25 23:57:30 2020(r362635) +++ head/sys/netipsec/xform.h Thu Jun 25 23:59:16 2020(r362636) @@ -89,7 +89,7 @@ struct xformsw { u_short xf_type;/* xform ID */ const char *xf_name; /* human-readable name */ int (*xf_init)(struct secasvar*, struct xformsw*); /* setup */ - int (*xf_zeroize)(struct secasvar*);/* cleanup */ + void(*xf_cleanup)(struct secasvar*);/* cleanup */ int (*xf_input)(struct mbuf*, struct secasvar*, /* input */ int, int); int (*xf_output)(struct mbuf*, /* output */ @@ -112,7 +112,6 @@ struct crypto_session_params; int xform_ah_authsize(const struct auth_hash *); int ah_init0(struct secasvar *, struct xformsw *, struct crypto_session_params *); -extern int ah_zeroize(struct secasvar *sav); extern size_t ah_hdrsiz(struct secasvar *); /* XF_ESP */ Modified: head/sys/netipsec/xform_ah.c == --- head/sys/netipsec/xform_ah.cThu Jun 25 23:57:30 2020 (r362635) +++ head/sys/netipsec/xform_ah.cThu Jun 25 23:59:16 2020 (r362636) @@ -241,20 +241,13 @@ ah_init(struct secasvar *sav, struct xformsw *xsp) crypto_newsession(>tdb_cryptoid, , V_crypto_support); } -/* - * Paranoia. - * - * NB: public for use by esp_zeroize (XXX). - */ -int -ah_zeroize(struct secasvar *sav) +static void +ah_cleanup(struct secasvar *sav) { crypto_freesession(sav->tdb_cryptoid); sav->tdb_cryptoid = NULL; sav->tdb_authalgxform = NULL; - sav->tdb_xform = NULL; - return 0; } /* @@ -1141,7 +1134,7 @@ static struct xformsw ah_xformsw = { .xf_type = XF_AH, .xf_name = "IPsec AH", .xf_init = ah_init, - .xf_zeroize = ah_zeroize, + .xf_cleanup = ah_cleanup, .xf_input = ah_input, .xf_output =ah_output, }; Modified: head/sys/netipsec/xform_esp.c == --- head/sys/netipsec/xform_esp.c Thu Jun 25 23:57:30 2020 (r362635) +++ head/sys/netipsec/xform_esp.c Thu Jun 25 23:59:16 2020 (r362636) @@ -237,18 +237,14 @@ esp_init(struct secasvar *sav, struct xformsw *xsp) return error; } -/* - * Paranoia. - */ -static int -esp_zeroize(struct secasvar *sav) +static void +esp_cleanup(struct secasvar *sav) { - /* NB: ah_zeroize free's the crypto session state */ - int error = ah_zeroize(sav); + crypto_freesession(sav->tdb_cryptoid); + sav->tdb_cryptoid = NULL; + sav->tdb_authalgxform = NULL; sav->tdb_encalgxform = NULL; - sav->tdb_xform = NULL; - return error; } /* @@ -964,7 +960,7 @@ static struct xformsw esp_xformsw = { .xf_type = XF_ESP, .xf_name = "IPsec ESP", .xf_init = esp_init, - .xf_zeroize = esp_zeroize, + .xf_cleanup = esp_cleanup, .xf_input = esp_input, .xf_output =esp_output, }; Modified: head/sys/netipsec/xform_ipcomp.c
svn commit: r362635 - head/sys/netipsec
Author: jhb Date: Thu Jun 25 23:57:30 2020 New Revision: 362635 URL: https://svnweb.freebsd.org/changeset/base/362635 Log: Enter and exit the network epoch for async IPsec callbacks. When an IPsec packet has been encrypted or decrypted, the next step in the packet's traversal through the network stack is invoked from a crypto worker thread, not from the original calling thread. These threads need to enter the network epoch before passing packets down to IP output routines or up to transport protocols. Reviewed by: ae Sponsored by: Chelsio Communications Differential Revision:https://reviews.freebsd.org/D25444 Modified: head/sys/netipsec/ipsec_input.c head/sys/netipsec/ipsec_output.c Modified: head/sys/netipsec/ipsec_input.c == --- head/sys/netipsec/ipsec_input.c Thu Jun 25 21:34:43 2020 (r362634) +++ head/sys/netipsec/ipsec_input.c Thu Jun 25 23:57:30 2020 (r362635) @@ -278,6 +278,7 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar int protoff) { IPSEC_DEBUG_DECLARE(char buf[IPSEC_ADDRSTRLEN]); + struct epoch_tracker et; struct ipsec_ctx_data ctx; struct xform_history *xh; struct secasindex *saidx; @@ -424,7 +425,9 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar if (saidx->mode == IPSEC_MODE_TUNNEL) error = ipsec_if_input(m, sav, af); if (error == 0) { + NET_EPOCH_ENTER(et); error = netisr_queue_src(isr_prot, (uintptr_t)sav->spi, m); + NET_EPOCH_EXIT(et); if (error) { IPSEC_ISTAT(sproto, qfull); DPRINTF(("%s: queue full; proto %u packet dropped\n", @@ -489,6 +492,7 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar int protoff) { IPSEC_DEBUG_DECLARE(char buf[IPSEC_ADDRSTRLEN]); + struct epoch_tracker et; struct ipsec_ctx_data ctx; struct xform_history *xh; struct secasindex *saidx; @@ -621,8 +625,10 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar if (saidx->mode == IPSEC_MODE_TUNNEL) error = ipsec_if_input(m, sav, af); if (error == 0) { + NET_EPOCH_ENTER(et); error = netisr_queue_src(isr_prot, (uintptr_t)sav->spi, m); + NET_EPOCH_EXIT(et); if (error) { IPSEC_ISTAT(sproto, qfull); DPRINTF(("%s: queue full; proto %u packet" @@ -638,11 +644,12 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar */ nest = 0; nxt = nxt8; + NET_EPOCH_ENTER(et); while (nxt != IPPROTO_DONE) { if (V_ip6_hdrnestlimit && (++nest > V_ip6_hdrnestlimit)) { IP6STAT_INC(ip6s_toomanyhdr); error = EINVAL; - goto bad; + goto bad_epoch; } /* @@ -653,7 +660,7 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar IP6STAT_INC(ip6s_tooshort); in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_truncated); error = EINVAL; - goto bad; + goto bad_epoch; } /* * Enforce IPsec policy checking if we are seeing last header. @@ -663,12 +670,15 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar if ((inet6sw[ip6_protox[nxt]].pr_flags & PR_LASTHDR) != 0 && ipsec6_in_reject(m, NULL)) { error = EINVAL; - goto bad; + goto bad_epoch; } nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(, , nxt); } + NET_EPOCH_EXIT(et); key_freesav(); return (0); +bad_epoch: + NET_EPOCH_EXIT(et); bad: key_freesav(); if (m) Modified: head/sys/netipsec/ipsec_output.c == --- head/sys/netipsec/ipsec_output.cThu Jun 25 21:34:43 2020 (r362634) +++ head/sys/netipsec/ipsec_output.cThu Jun 25 23:57:30 2020 (r362635) @@ -688,6 +688,7 @@ int ipsec_process_done(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav, u_int idx) { + struct epoch_tracker et; struct xform_history *xh; struct secasindex *saidx; struct m_tag *mtag; @@ -789,19 +790,25 @@ ipsec_process_done(struct mbuf *m, struct secpolicy *s * We're done with IPsec processing, transmit the packet using the * appropriate network protocol (IP or IPv6). */ + NET_EPOCH_ENTER(et); switch
svn commit: r362634 - head/lib/libutil
Author: dab Date: Thu Jun 25 21:34:43 2020 New Revision: 362634 URL: https://svnweb.freebsd.org/changeset/base/362634 Log: Add CAP_EVENT to pidfiles. CAP_EVENT was omitted on pidfiles (in pidfile_open()). There seems no reason why a process that creates and writes a pidfile cannot monitor events on that file. This mod adds the capability. Reviewed by: cem@ MFC after:2 weeks Sponsored by: Dell EMC Isilon Differential Revision:https://reviews.freebsd.org/D25363 Modified: head/lib/libutil/pidfile.c Modified: head/lib/libutil/pidfile.c == --- head/lib/libutil/pidfile.c Thu Jun 25 20:43:21 2020(r362633) +++ head/lib/libutil/pidfile.c Thu Jun 25 21:34:43 2020(r362634) @@ -196,7 +196,7 @@ pidfile_open(const char *pathp, mode_t mode, pid_t *pi } if (cap_rights_limit(fd, cap_rights_init(, CAP_PWRITE, - CAP_FSTAT, CAP_FTRUNCATE)) < 0 && + CAP_FSTAT, CAP_FTRUNCATE, CAP_EVENT)) < 0 && errno != ENOSYS) { goto failed; } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r362620 - head/secure/lib/libcrypto
On Thu, Jun 25, 2020 at 12:35 PM Gordon Tetlow wrote: > Author: gordon > Date: Thu Jun 25 19:35:37 2020 > New Revision: 362620 > URL: https://svnweb.freebsd.org/changeset/base/362620 > > Log: > Revert OPENSSL_NO_SSL3_METHOD to keep ABI compatibility. > > This define caused a couple of symbols to disappear. To keep ABI > compatibility, we are going to keep the symbols exposed, but leave SSLv3 > as > not in the default config (this is what OPENSSL_NO_SSL3 achieves). The > ramifications of this is an application can still use SSLv3 if it > specifically calls the SSLv3_method family of APIs. > > I think I've seen some distros that keep the functinos around but just have them always return failure. -Ben ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362633 - head/sys/net
Author: vmaffione Date: Thu Jun 25 20:43:21 2020 New Revision: 362633 URL: https://svnweb.freebsd.org/changeset/base/362633 Log: iflib: fix compilation issue introduced in r362621 The ifp local variable is useful even without netmap and altq, as it is used to check for IFF_DRV_RUNNING. MFC after:2 weeks Modified: head/sys/net/iflib.c Modified: head/sys/net/iflib.c == --- head/sys/net/iflib.cThu Jun 25 20:31:06 2020(r362632) +++ head/sys/net/iflib.cThu Jun 25 20:43:21 2020(r362633) @@ -3751,9 +3751,7 @@ _task_fn_tx(void *context) { iflib_txq_t txq = context; if_ctx_t ctx = txq->ift_ctx; -#if defined(ALTQ) || defined(DEV_NETMAP) if_t ifp = ctx->ifc_ifp; -#endif int abdicate = ctx->ifc_sysctl_tx_abdicate; #ifdef IFLIB_DIAGNOSTICS ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362632 - head/sys/netipsec
Author: jhb Date: Thu Jun 25 20:31:06 2020 New Revision: 362632 URL: https://svnweb.freebsd.org/changeset/base/362632 Log: Use zfree() to explicitly zero IPsec keys. Reviewed by: delphij Sponsored by: Chelsio Communications Differential Revision:https://reviews.freebsd.org/D25442 Modified: head/sys/netipsec/key.c head/sys/netipsec/xform_ah.c head/sys/netipsec/xform_esp.c head/sys/netipsec/xform_tcp.c Modified: head/sys/netipsec/key.c == --- head/sys/netipsec/key.c Thu Jun 25 20:30:30 2020(r362631) +++ head/sys/netipsec/key.c Thu Jun 25 20:31:06 2020(r362632) @@ -3060,27 +3060,19 @@ key_cleansav(struct secasvar *sav) if (sav->flags & SADB_X_EXT_F_CLONED) return; /* -* Cleanup xform state. Note that zeroize'ing causes the -* keys to be cleared; otherwise we must do it ourself. +* Cleanup xform state. */ if (sav->tdb_xform != NULL) { sav->tdb_xform->xf_zeroize(sav); sav->tdb_xform = NULL; - } else { - if (sav->key_auth != NULL) - bzero(sav->key_auth->key_data, _KEYLEN(sav->key_auth)); - if (sav->key_enc != NULL) - bzero(sav->key_enc->key_data, _KEYLEN(sav->key_enc)); } if (sav->key_auth != NULL) { - if (sav->key_auth->key_data != NULL) - free(sav->key_auth->key_data, M_IPSEC_MISC); + zfree(sav->key_auth->key_data, M_IPSEC_MISC); free(sav->key_auth, M_IPSEC_MISC); sav->key_auth = NULL; } if (sav->key_enc != NULL) { - if (sav->key_enc->key_data != NULL) - free(sav->key_enc->key_data, M_IPSEC_MISC); + zfree(sav->key_enc->key_data, M_IPSEC_MISC); free(sav->key_enc, M_IPSEC_MISC); sav->key_enc = NULL; } Modified: head/sys/netipsec/xform_ah.c == --- head/sys/netipsec/xform_ah.cThu Jun 25 20:30:30 2020 (r362631) +++ head/sys/netipsec/xform_ah.cThu Jun 25 20:31:06 2020 (r362632) @@ -250,9 +250,6 @@ int ah_zeroize(struct secasvar *sav) { - if (sav->key_auth) - bzero(sav->key_auth->key_data, _KEYLEN(sav->key_auth)); - crypto_freesession(sav->tdb_cryptoid); sav->tdb_cryptoid = NULL; sav->tdb_authalgxform = NULL; Modified: head/sys/netipsec/xform_esp.c == --- head/sys/netipsec/xform_esp.c Thu Jun 25 20:30:30 2020 (r362631) +++ head/sys/netipsec/xform_esp.c Thu Jun 25 20:31:06 2020 (r362632) @@ -243,11 +243,9 @@ esp_init(struct secasvar *sav, struct xformsw *xsp) static int esp_zeroize(struct secasvar *sav) { - /* NB: ah_zerorize free's the crypto session state */ + /* NB: ah_zeroize free's the crypto session state */ int error = ah_zeroize(sav); - if (sav->key_enc) - bzero(sav->key_enc->key_data, _KEYLEN(sav->key_enc)); sav->tdb_encalgxform = NULL; sav->tdb_xform = NULL; return error; Modified: head/sys/netipsec/xform_tcp.c == --- head/sys/netipsec/xform_tcp.c Thu Jun 25 20:30:30 2020 (r362631) +++ head/sys/netipsec/xform_tcp.c Thu Jun 25 20:31:06 2020 (r362632) @@ -365,8 +365,6 @@ static int tcpsignature_zeroize(struct secasvar *sav) { - if (sav->key_auth != NULL) - bzero(sav->key_auth->key_data, _KEYLEN(sav->key_auth)); sav->tdb_xform = NULL; return (0); } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362631 - head/sys/compat/linux
Author: markj Date: Thu Jun 25 20:30:30 2020 New Revision: 362631 URL: https://svnweb.freebsd.org/changeset/base/362631 Log: Implement an approximation of Linux MADV_DONTNEED semantics. Linux MADV_DONTNEED is not advisory: it has side effects for anonymous memory, and some system software depends on that. In particular, MADV_DONTNEED causes anonymous pages to be discarded. If the mapping is a private mapping of a named object then subsequent faults are to repopulate the range from that object, otherwise pages will be zero-filled. For mappings of non-anonymous objects, Linux MADV_DONTNEED can be implemented in the same way as our MADV_DONTNEED. This implementation differs from Linux semantics in its handling of private mappings, inherited through fork(), of non-anonymous objects. After applying MADV_DONTNEED, subsequent faults will repopulate the mapping from the parent object rather than the root of the shadow chain. PR: 230160 Reviewed by: alc, kib Sponsored by: The FreeBSD Foundation MFC after:2 weeks Differential Revision:https://reviews.freebsd.org/D25330 Modified: head/sys/compat/linux/linux_mmap.c Modified: head/sys/compat/linux/linux_mmap.c == --- head/sys/compat/linux/linux_mmap.c Thu Jun 25 20:29:29 2020 (r362630) +++ head/sys/compat/linux/linux_mmap.c Thu Jun 25 20:30:30 2020 (r362631) @@ -38,9 +38,11 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include #include +#include #include #include #include @@ -48,6 +50,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include @@ -242,6 +245,98 @@ linux_mprotect_common(struct thread *td, uintptr_t add return (kern_mprotect(td, addr, len, prot)); } +/* + * Implement Linux madvise(MADV_DONTNEED), which has unusual semantics: for + * anonymous memory, pages in the range are immediately discarded. + */ +static int +linux_madvise_dontneed(struct thread *td, vm_offset_t start, vm_offset_t end) +{ + vm_map_t map; + vm_map_entry_t entry; + vm_object_t backing_object, object; + vm_offset_t estart, eend; + vm_pindex_t pstart, pend; + int error; + + map = >td_proc->p_vmspace->vm_map; + + if (!vm_map_range_valid(map, start, end)) + return (EINVAL); + start = trunc_page(start); + end = round_page(end); + + error = 0; + vm_map_lock_read(map); + if (!vm_map_lookup_entry(map, start, )) + entry = vm_map_entry_succ(entry); + for (; entry->start < end; entry = vm_map_entry_succ(entry)) { + if ((entry->eflags & MAP_ENTRY_IS_SUB_MAP) != 0) + continue; + + if (entry->wired_count != 0) { + error = EINVAL; + break; + } + + object = entry->object.vm_object; + if (object == NULL) + continue; + + pstart = OFF_TO_IDX(entry->offset); + if (start > entry->start) { + pstart += atop(start - entry->start); + estart = start; + } else { + estart = entry->start; + } + pend = OFF_TO_IDX(entry->offset) + + atop(entry->end - entry->start); + if (entry->end > end) { + pend -= atop(entry->end - end); + eend = end; + } else { + eend = entry->end; + } + + if ((object->flags & (OBJ_ANON | OBJ_ONEMAPPING)) == + (OBJ_ANON | OBJ_ONEMAPPING)) { + /* +* Singly-mapped anonymous memory is discarded. This +* does not match Linux's semantics when the object +* belongs to a shadow chain of length > 1, since +* subsequent faults may retrieve pages from an +* intermediate anonymous object. However, handling +* this case correctly introduces a fair bit of +* complexity. +*/ + VM_OBJECT_WLOCK(object); + if ((object->flags & OBJ_ONEMAPPING) != 0) { + vm_object_collapse(object); + vm_object_page_remove(object, pstart, pend, 0); + backing_object = object->backing_object; + if (backing_object != NULL && + (backing_object->flags & OBJ_ANON) != 0) + linux_msg(td, + "possibly incorrect MADV_DONTNEED"); +
svn commit: r362630 - head/sys/dev/nvme
Author: mav Date: Thu Jun 25 20:29:29 2020 New Revision: 362630 URL: https://svnweb.freebsd.org/changeset/base/362630 Log: Fix few panics on NVMe's timing out initialization requests. MFC after:1 week Sponsored by: iXsystems, Inc. Modified: head/sys/dev/nvme/nvme_ctrlr.c Modified: head/sys/dev/nvme/nvme_ctrlr.c == --- head/sys/dev/nvme/nvme_ctrlr.c Thu Jun 25 20:25:35 2020 (r362629) +++ head/sys/dev/nvme/nvme_ctrlr.c Thu Jun 25 20:29:29 2020 (r362630) @@ -1056,11 +1056,20 @@ nvme_ctrlr_start(void *ctrlr_arg, bool resetting) if (resetting) nvme_qpair_reset(>adminq); - for (i = 0; i < ctrlr->num_io_queues; i++) - nvme_qpair_reset(>ioq[i]); + if (ctrlr->ioq != NULL) { + for (i = 0; i < ctrlr->num_io_queues; i++) + nvme_qpair_reset(>ioq[i]); + } nvme_admin_qpair_enable(>adminq); + /* +* If it was a reset on initialization command timeout, just +* return here, letting initialization code fail gracefully. +*/ + if (resetting && !ctrlr->is_initialized) + return; + if (nvme_ctrlr_identify(ctrlr) != 0) { nvme_ctrlr_fail(ctrlr); return; @@ -1115,7 +1124,6 @@ void nvme_ctrlr_start_config_hook(void *arg) { struct nvme_controller *ctrlr = arg; - int status; /* * Reset controller twice to ensure we do a transition from cc.en==1 to @@ -1123,19 +1131,15 @@ nvme_ctrlr_start_config_hook(void *arg) * controller was left in when boot handed off to OS. Linux doesn't do * this, however. If we adopt that policy, see also nvme_ctrlr_resume(). */ - status = nvme_ctrlr_hw_reset(ctrlr); - if (status != 0) { + if (nvme_ctrlr_hw_reset(ctrlr) != 0) { +fail: nvme_ctrlr_fail(ctrlr); config_intrhook_disestablish(>config_hook); return; } - status = nvme_ctrlr_hw_reset(ctrlr); - if (status != 0) { - nvme_ctrlr_fail(ctrlr); - config_intrhook_disestablish(>config_hook); - return; - } + if (nvme_ctrlr_hw_reset(ctrlr) != 0) + goto fail; nvme_qpair_reset(>adminq); nvme_admin_qpair_enable(>adminq); @@ -1144,7 +1148,7 @@ nvme_ctrlr_start_config_hook(void *arg) nvme_ctrlr_construct_io_qpairs(ctrlr) == 0) nvme_ctrlr_start(ctrlr, false); else - nvme_ctrlr_fail(ctrlr); + goto fail; nvme_sysctl_initialize_ctrlr(ctrlr); config_intrhook_disestablish(>config_hook); @@ -1454,10 +1458,12 @@ nvme_ctrlr_destruct(struct nvme_controller *ctrlr, dev nvme_ctrlr_hmb_enable(ctrlr, false, false); nvme_ctrlr_delete_qpairs(ctrlr); } + nvme_ctrlr_hmb_free(ctrlr); + } + if (ctrlr->ioq != NULL) { for (i = 0; i < ctrlr->num_io_queues; i++) nvme_io_qpair_destroy(>ioq[i]); free(ctrlr->ioq, M_NVME); - nvme_ctrlr_hmb_free(ctrlr); } nvme_admin_qpair_destroy(>adminq); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362629 - in head/sys/geom: bde eli shsec
Author: jhb Date: Thu Jun 25 20:25:35 2020 New Revision: 362629 URL: https://svnweb.freebsd.org/changeset/base/362629 Log: Use explicit_bzero() instead of bzero() for sensitive data. Reviewed by: delphij Sponsored by: Chelsio Communications Differential Revision:https://reviews.freebsd.org/D25441 Modified: head/sys/geom/bde/g_bde.c head/sys/geom/bde/g_bde_lock.c head/sys/geom/eli/g_eli.c head/sys/geom/shsec/g_shsec.c Modified: head/sys/geom/bde/g_bde.c == --- head/sys/geom/bde/g_bde.c Thu Jun 25 20:22:44 2020(r362628) +++ head/sys/geom/bde/g_bde.c Thu Jun 25 20:25:35 2020(r362629) @@ -88,7 +88,7 @@ g_bde_orphan(struct g_consumer *cp) gp->flags |= G_GEOM_WITHER; LIST_FOREACH(pp, >provider, provider) g_wither_provider(pp, ENXIO); - bzero(sc, sizeof(struct g_bde_softc)); /* destroy evidence */ + explicit_bzero(sc, sizeof(struct g_bde_softc)); /* destroy evidence */ return; } @@ -163,7 +163,7 @@ g_bde_create_geom(struct gctl_req *req, struct g_class error = g_bde_decrypt_lock(sc, pass, key, mediasize, sectorsize, NULL); - bzero(sc->sha2, sizeof sc->sha2); + explicit_bzero(sc->sha2, sizeof sc->sha2); if (error) break; kp = >key; @@ -195,9 +195,9 @@ g_bde_create_geom(struct gctl_req *req, struct g_class break; } while (0); if (pass != NULL) - bzero(pass, SHA512_DIGEST_LENGTH); + explicit_bzero(pass, SHA512_DIGEST_LENGTH); if (key != NULL) - bzero(key, 16); + explicit_bzero(key, 16); if (error == 0) return; g_access(cp, -1, -1, -1); @@ -255,7 +255,7 @@ g_bde_destroy_geom(struct gctl_req *req, struct g_clas while (sc->dead != 2 && !LIST_EMPTY(>consumers)) tsleep(sc, PRIBIO, "g_bdedie", hz); mtx_destroy(>worklist_mutex); - bzero(>key, sizeof sc->key); + explicit_bzero(>key, sizeof sc->key); g_free(sc); g_wither_geom(gp, ENXIO); return (0); Modified: head/sys/geom/bde/g_bde_lock.c == --- head/sys/geom/bde/g_bde_lock.c Thu Jun 25 20:22:44 2020 (r362628) +++ head/sys/geom/bde/g_bde_lock.c Thu Jun 25 20:25:35 2020 (r362629) @@ -316,9 +316,9 @@ g_bde_keyloc_encrypt(u_char *sha2, uint64_t v0, uint64 AES_init(); AES_makekey(, DIR_ENCRYPT, G_BDE_KKEYBITS, sha2 + 0); AES_encrypt(, , buf, output, sizeof buf); - bzero(buf, sizeof buf); - bzero(, sizeof ci); - bzero(, sizeof ki); + explicit_bzero(buf, sizeof buf); + explicit_bzero(, sizeof ci); + explicit_bzero(, sizeof ki); return (0); } @@ -333,9 +333,9 @@ g_bde_keyloc_decrypt(u_char *sha2, void *input, uint64 AES_makekey(, DIR_DECRYPT, G_BDE_KKEYBITS, sha2 + 0); AES_decrypt(, , input, buf, sizeof buf); *output = le64dec(buf); - bzero(buf, sizeof buf); - bzero(, sizeof ci); - bzero(, sizeof ki); + explicit_bzero(buf, sizeof buf); + explicit_bzero(, sizeof ci); + explicit_bzero(, sizeof ki); return(0); } Modified: head/sys/geom/eli/g_eli.c == --- head/sys/geom/eli/g_eli.c Thu Jun 25 20:22:44 2020(r362628) +++ head/sys/geom/eli/g_eli.c Thu Jun 25 20:25:35 2020(r362629) @@ -1126,7 +1126,7 @@ g_eli_keyfiles_clear(const char *provider) data = preload_fetch_addr(keyfile); size = preload_fetch_size(keyfile); if (data != NULL && size != 0) - bzero(data, size); + explicit_bzero(data, size); } } @@ -1261,7 +1261,7 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, pkcs5v2_genkey(dkey, sizeof(dkey), md.md_salt, sizeof(md.md_salt), passphrase, md.md_iterations); -bzero(passphrase, sizeof(passphrase)); +explicit_bzero(passphrase, sizeof(passphrase)); g_eli_crypto_hmac_update(, dkey, sizeof(dkey)); explicit_bzero(dkey, sizeof(dkey)); } @@ -1272,7 +1272,7 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, * Decrypt Master-Key. */ error = g_eli_mkey_decrypt_any(, key, mkey, ); -bzero(key, sizeof(key)); +explicit_bzero(key, sizeof(key)); if (error == -1) { if (i == tries) { G_ELI_DEBUG(0, @@ -1305,8 +1305,8 @@ have_key:
svn commit: r362628 - head/sys/dev/cesa
Author: jhb Date: Thu Jun 25 20:22:44 2020 New Revision: 362628 URL: https://svnweb.freebsd.org/changeset/base/362628 Log: Explicitly zero the temporary auth context used to generate HMAC state. Reviewed by: delphij Sponsored by: Chelsio Communications Differential Revision:https://reviews.freebsd.org/D25439 Modified: head/sys/dev/cesa/cesa.c Modified: head/sys/dev/cesa/cesa.c == --- head/sys/dev/cesa/cesa.cThu Jun 25 20:21:34 2020(r362627) +++ head/sys/dev/cesa/cesa.cThu Jun 25 20:22:44 2020(r362628) @@ -459,6 +459,7 @@ cesa_set_mkey(struct cesa_session *cs, int alg, const hin[i] = htobe32(hin[i]); hout[i] = htobe32(hout[i]); } + explicit_bzero(_ctx, sizeof(auth_ctx)); } static int ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362627 - head/sys/dev/glxsb
Author: jhb Date: Thu Jun 25 20:21:34 2020 New Revision: 362627 URL: https://svnweb.freebsd.org/changeset/base/362627 Log: Explicitly zero hash results and context in glxsb_authcompute(). Reviewed by: delphij Sponsored by: Chelsio Communications Differential Revision:https://reviews.freebsd.org/D25438 Modified: head/sys/dev/glxsb/glxsb_hash.c Modified: head/sys/dev/glxsb/glxsb_hash.c == --- head/sys/dev/glxsb/glxsb_hash.c Thu Jun 25 20:20:22 2020 (r362626) +++ head/sys/dev/glxsb/glxsb_hash.c Thu Jun 25 20:21:34 2020 (r362627) @@ -65,7 +65,7 @@ glxsb_hash_key_setup(struct glxsb_session *ses, const static int glxsb_authcompute(struct glxsb_session *ses, struct cryptop *crp) { - u_char hash[HASH_MAX_LEN], hash2[HASH_MAX_LEN]; + u_char hash[HASH_MAX_LEN]; struct auth_hash *axf; union authctx ctx; int error; @@ -86,17 +86,22 @@ glxsb_authcompute(struct glxsb_session *ses, struct cr bcopy(ses->ses_octx, , axf->ctxsize); axf->Update(, hash, axf->hashsize); axf->Final(hash, ); + explicit_bzero(, sizeof(ctx)); /* Verify or inject the authentication data */ if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) { + u_char hash2[HASH_MAX_LEN]; + crypto_copydata(crp, crp->crp_digest_start, ses->ses_mlen, hash2); if (timingsafe_bcmp(hash, hash2, ses->ses_mlen) != 0) - return (EBADMSG); + error = EBADMSG; + explicit_bzero(hash2, sizeof(hash2)); } else crypto_copyback(crp, crp->crp_digest_start, ses->ses_mlen, hash); - return (0); + explicit_bzero(hash, sizeof(hash)); + return (error); } int ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362626 - in head/sys: crypto/armv8 crypto/via dev/glxsb geom/eli
Author: jhb Date: Thu Jun 25 20:20:22 2020 New Revision: 362626 URL: https://svnweb.freebsd.org/changeset/base/362626 Log: Use zfree() instead of bzero() and free(). These bzero's should have been explicit_bzero's. Reviewed by: cem, delphij Sponsored by: Chelsio Communications Differential Revision:https://reviews.freebsd.org/D25437 Modified: head/sys/crypto/armv8/armv8_crypto.c head/sys/crypto/via/padlock_hash.c head/sys/dev/glxsb/glxsb_hash.c head/sys/geom/eli/g_eli.c Modified: head/sys/crypto/armv8/armv8_crypto.c == --- head/sys/crypto/armv8/armv8_crypto.cThu Jun 25 20:18:55 2020 (r362625) +++ head/sys/crypto/armv8/armv8_crypto.cThu Jun 25 20:20:22 2020 (r362626) @@ -357,10 +357,8 @@ armv8_crypto_cipher_process(struct armv8_crypto_sessio fpu_kern_leave(curthread, ctx); RELEASE_CTX(i, ctx); } - if (allocated) { - bzero(buf, crp->crp_payload_length); - free(buf, M_ARMV8_CRYPTO); - } + if (allocated) + zfree(buf, M_ARMV8_CRYPTO); return (0); } Modified: head/sys/crypto/via/padlock_hash.c == --- head/sys/crypto/via/padlock_hash.c Thu Jun 25 20:18:55 2020 (r362625) +++ head/sys/crypto/via/padlock_hash.c Thu Jun 25 20:20:22 2020 (r362626) @@ -199,8 +199,7 @@ padlock_sha_free(void *vctx) ctx = vctx; if (ctx->psc_buf != NULL) { - //bzero(ctx->psc_buf, ctx->psc_size); - free(ctx->psc_buf, M_PADLOCK); + zfree(ctx->psc_buf, M_PADLOCK); ctx->psc_buf = NULL; ctx->psc_offset = 0; ctx->psc_size = 0; @@ -415,14 +414,12 @@ padlock_hash_free(struct padlock_session *ses) if (ses->ses_ictx != NULL) { padlock_free_ctx(ses->ses_axf, ses->ses_ictx); - bzero(ses->ses_ictx, ses->ses_axf->ctxsize); - free(ses->ses_ictx, M_PADLOCK); + zfree(ses->ses_ictx, M_PADLOCK); ses->ses_ictx = NULL; } if (ses->ses_octx != NULL) { padlock_free_ctx(ses->ses_axf, ses->ses_octx); - bzero(ses->ses_octx, ses->ses_axf->ctxsize); - free(ses->ses_octx, M_PADLOCK); + zfree(ses->ses_octx, M_PADLOCK); ses->ses_octx = NULL; } } Modified: head/sys/dev/glxsb/glxsb_hash.c == --- head/sys/dev/glxsb/glxsb_hash.c Thu Jun 25 20:18:55 2020 (r362625) +++ head/sys/dev/glxsb/glxsb_hash.c Thu Jun 25 20:20:22 2020 (r362626) @@ -145,13 +145,11 @@ glxsb_hash_free(struct glxsb_session *ses) { if (ses->ses_ictx != NULL) { - bzero(ses->ses_ictx, ses->ses_axf->ctxsize); - free(ses->ses_ictx, M_GLXSB); + zfree(ses->ses_ictx, M_GLXSB); ses->ses_ictx = NULL; } if (ses->ses_octx != NULL) { - bzero(ses->ses_octx, ses->ses_axf->ctxsize); - free(ses->ses_octx, M_GLXSB); + zfree(ses->ses_octx, M_GLXSB); ses->ses_octx = NULL; } } Modified: head/sys/geom/eli/g_eli.c == --- head/sys/geom/eli/g_eli.c Thu Jun 25 20:18:55 2020(r362625) +++ head/sys/geom/eli/g_eli.c Thu Jun 25 20:20:22 2020(r362626) @@ -1005,8 +1005,7 @@ failed: g_destroy_consumer(cp); g_destroy_geom(gp); g_eli_key_destroy(sc); - bzero(sc, sizeof(*sc)); - free(sc, M_ELI); + zfree(sc, M_ELI); return (NULL); } @@ -1049,8 +1048,7 @@ g_eli_destroy(struct g_eli_softc *sc, boolean_t force) mtx_destroy(>sc_queue_mtx); gp->softc = NULL; g_eli_key_destroy(sc); - bzero(sc, sizeof(*sc)); - free(sc, M_ELI); + zfree(sc, M_ELI); G_ELI_DEBUG(0, "Device %s destroyed.", gp->name); g_wither_geom_close(gp, ENXIO); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362625 - head/sys/opencrypto
Author: jhb Date: Thu Jun 25 20:18:55 2020 New Revision: 362625 URL: https://svnweb.freebsd.org/changeset/base/362625 Log: Zero the temporary HMAC key in hmac_init_pad(). Reviewed by: delphij Sponsored by: Chelsio Communications Differential Revision:https://reviews.freebsd.org/D25436 Modified: head/sys/opencrypto/crypto.c Modified: head/sys/opencrypto/crypto.c == --- head/sys/opencrypto/crypto.cThu Jun 25 20:17:34 2020 (r362624) +++ head/sys/opencrypto/crypto.cThu Jun 25 20:18:55 2020 (r362625) @@ -444,6 +444,7 @@ hmac_init_pad(struct auth_hash *axf, const char *key, axf->Init(auth_ctx); axf->Update(auth_ctx, hmac_key, axf->blocksize); + explicit_bzero(hmac_key, sizeof(hmac_key)); } void ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362624 - in head/sys: crypto/aesni crypto/via dev/cxgbe/crypto dev/random geom geom/eli kern netinet/netdump opencrypto
Author: jhb Date: Thu Jun 25 20:17:34 2020 New Revision: 362624 URL: https://svnweb.freebsd.org/changeset/base/362624 Log: Use zfree() instead of explicit_bzero() and free(). In addition to reducing lines of code, this also ensures that the full allocation is always zeroed avoiding possible bugs with incorrect lengths passed to explicit_bzero(). Suggested by: cem Reviewed by: cem, delphij Approved by: csprng (cem) Sponsored by: Chelsio Communications Differential Revision:https://reviews.freebsd.org/D25435 Modified: head/sys/crypto/aesni/aesni.c head/sys/crypto/via/padlock_cipher.c head/sys/dev/cxgbe/crypto/t4_kern_tls.c head/sys/dev/random/randomdev.c head/sys/geom/eli/g_eli.c head/sys/geom/eli/g_eli_ctl.c head/sys/geom/eli/g_eli_key_cache.c head/sys/geom/geom_dev.c head/sys/kern/kern_environment.c head/sys/kern/kern_shutdown.c head/sys/kern/uipc_ktls.c head/sys/netinet/netdump/netdump_client.c head/sys/opencrypto/crypto.c head/sys/opencrypto/cryptosoft.c head/sys/opencrypto/ktls_ocf.c Modified: head/sys/crypto/aesni/aesni.c == --- head/sys/crypto/aesni/aesni.c Thu Jun 25 20:04:35 2020 (r362623) +++ head/sys/crypto/aesni/aesni.c Thu Jun 25 20:17:34 2020 (r362624) @@ -808,18 +808,12 @@ aesni_cipher_crypt(struct aesni_session *ses, struct c crp->crp_payload_length, outbuf); out: - if (allocated) { - explicit_bzero(buf, crp->crp_payload_length); - free(buf, M_AESNI); - } - if (authallocated) { - explicit_bzero(authbuf, crp->crp_aad_length); - free(authbuf, M_AESNI); - } - if (outallocated) { - explicit_bzero(outbuf, crp->crp_payload_length); - free(outbuf, M_AESNI); - } + if (allocated) + zfree(buf, M_AESNI); + if (authallocated) + zfree(authbuf, M_AESNI); + if (outallocated) + zfree(outbuf, M_AESNI); explicit_bzero(iv, sizeof(iv)); explicit_bzero(tag, sizeof(tag)); return (error); Modified: head/sys/crypto/via/padlock_cipher.c == --- head/sys/crypto/via/padlock_cipher.cThu Jun 25 20:04:35 2020 (r362623) +++ head/sys/crypto/via/padlock_cipher.cThu Jun 25 20:17:34 2020 (r362624) @@ -234,8 +234,7 @@ padlock_cipher_process(struct padlock_session *ses, st crypto_copyback(crp, crp->crp_payload_start, crp->crp_payload_length, abuf); - explicit_bzero(buf, crp->crp_payload_length + 16); - free(buf, M_PADLOCK); + zfree(buf, M_PADLOCK); } return (0); } Modified: head/sys/dev/cxgbe/crypto/t4_kern_tls.c == --- head/sys/dev/cxgbe/crypto/t4_kern_tls.c Thu Jun 25 20:04:35 2020 (r362623) +++ head/sys/dev/cxgbe/crypto/t4_kern_tls.c Thu Jun 25 20:17:34 2020 (r362624) @@ -2337,8 +2337,7 @@ cxgbe_tls_tag_free(struct m_snd_tag *mst) if (tlsp->tx_key_addr >= 0) free_keyid(tlsp, tlsp->tx_key_addr); - explicit_bzero(>keyctx, sizeof(>keyctx)); - free(tlsp, M_CXGBE); + zfree(tlsp, M_CXGBE); } void Modified: head/sys/dev/random/randomdev.c == --- head/sys/dev/random/randomdev.c Thu Jun 25 20:04:35 2020 (r362623) +++ head/sys/dev/random/randomdev.c Thu Jun 25 20:17:34 2020 (r362624) @@ -241,8 +241,7 @@ int if (error == ERESTART || error == EINTR) error = 0; - explicit_bzero(random_buf, bufsize); - free(random_buf, M_ENTROPY); + zfree(random_buf, M_ENTROPY); return (error); } Modified: head/sys/geom/eli/g_eli.c == --- head/sys/geom/eli/g_eli.c Thu Jun 25 20:04:35 2020(r362623) +++ head/sys/geom/eli/g_eli.c Thu Jun 25 20:17:34 2020(r362624) @@ -388,10 +388,7 @@ g_eli_resize(struct g_consumer *cp) } iofail: explicit_bzero(, sizeof(md)); - if (sector != NULL) { - explicit_bzero(sector, pp->sectorsize); - free(sector, M_ELI); - } + zfree(sector, M_ELI); } oldsize = sc->sc_mediasize; Modified: head/sys/geom/eli/g_eli_ctl.c == --- head/sys/geom/eli/g_eli_ctl.c Thu Jun 25 20:04:35 2020 (r362623) +++ head/sys/geom/eli/g_eli_ctl.c Thu Jun 25 20:17:34 2020 (r362624) @@ -655,8 +655,7 @@ g_eli_ctl_configure(struct gctl_req
svn commit: r362623 - head/lib/libkvm
Author: dim Date: Thu Jun 25 20:04:35 2020 New Revision: 362623 URL: https://svnweb.freebsd.org/changeset/base/362623 Log: Fix copy/paste mistake in kvm_getswapinfo(3) It seems this manpage was copied from kvm_getloadavg(3), but the DIAGNOSTICS section was not updated completely. Update the section with correct information about a return value of -1. MFC after:3 days Modified: head/lib/libkvm/kvm_getswapinfo.3 Modified: head/lib/libkvm/kvm_getswapinfo.3 == --- head/lib/libkvm/kvm_getswapinfo.3 Thu Jun 25 19:44:24 2020 (r362622) +++ head/lib/libkvm/kvm_getswapinfo.3 Thu Jun 25 20:04:35 2020 (r362623) @@ -101,8 +101,8 @@ You may call the function with .Dv NULL to clear the cache. .Sh DIAGNOSTICS -If the load average was unobtainable, \-1 is returned; otherwise, -the number of swap devices actually retrieved is returned. +If the swap summary information was unobtainable, \-1 is returned; +otherwise, the number of swap devices actually retrieved is returned. .Pp If the name of the swap device does not fit in the static char buffer in the structure, it is truncated. ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362622 - head/sys/net
Author: vmaffione Date: Thu Jun 25 19:44:24 2020 New Revision: 362622 URL: https://svnweb.freebsd.org/changeset/base/362622 Log: iflib: netmap: add support for partial ring openings Reviewed by: gallatin MFC after:2 weeks Differential Revision:https://reviews.freebsd.org/D25254 Modified: head/sys/net/iflib.c Modified: head/sys/net/iflib.c == --- head/sys/net/iflib.cThu Jun 25 19:35:43 2020(r362621) +++ head/sys/net/iflib.cThu Jun 25 19:44:24 2020(r362622) @@ -1189,7 +1189,7 @@ iflib_netmap_attach(if_ctx_t ctx) return (netmap_attach()); } -static void +static int iflib_netmap_txq_init(if_ctx_t ctx, iflib_txq_t txq) { struct netmap_adapter *na = NA(ctx->ifc_ifp); @@ -1197,7 +1197,7 @@ iflib_netmap_txq_init(if_ctx_t ctx, iflib_txq_t txq) slot = netmap_reset(na, NR_TX, txq->ift_id, 0); if (slot == NULL) - return; + return (0); for (int i = 0; i < ctx->ifc_softc_ctx.isc_ntxd[0]; i++) { /* @@ -1211,21 +1211,24 @@ iflib_netmap_txq_init(if_ctx_t ctx, iflib_txq_t txq) netmap_load_map(na, txq->ift_buf_tag, txq->ift_sds.ifsd_map[i], NMB(na, slot + si)); } + return (1); } -static void +static int iflib_netmap_rxq_init(if_ctx_t ctx, iflib_rxq_t rxq) { struct netmap_adapter *na = NA(ctx->ifc_ifp); - struct netmap_kring *kring = na->rx_rings[rxq->ifr_id]; + struct netmap_kring *kring; struct netmap_slot *slot; uint32_t nm_i; slot = netmap_reset(na, NR_RX, rxq->ifr_id, 0); if (slot == NULL) - return; + return (0); + kring = na->rx_rings[rxq->ifr_id]; nm_i = netmap_idx_n2k(kring, 0); netmap_fl_refill(rxq, kring, nm_i, true); + return (1); } static void @@ -1256,8 +1259,8 @@ iflib_netmap_timer_adjust(if_ctx_t ctx, iflib_txq_t tx #define iflib_netmap_detach(ifp) netmap_detach(ifp) #else -#define iflib_netmap_txq_init(ctx, txq) -#define iflib_netmap_rxq_init(ctx, rxq) +#define iflib_netmap_txq_init(ctx, txq) (0) +#define iflib_netmap_rxq_init(ctx, rxq) (0) #define iflib_netmap_detach(ifp) #define iflib_netmap_attach(ctx) (0) @@ -2368,10 +2371,8 @@ iflib_init_locked(if_ctx_t ctx) IFDI_INIT(ctx); MPASS(if_getdrvflags(ifp) == i); for (i = 0, rxq = ctx->ifc_rxqs; i < sctx->isc_nrxqsets; i++, rxq++) { - /* XXX this should really be done on a per-queue basis */ - if (if_getcapenable(ifp) & IFCAP_NETMAP) { - MPASS(rxq->ifr_id == i); - iflib_netmap_rxq_init(ctx, rxq); + if (iflib_netmap_rxq_init(ctx, rxq) > 0) { + /* This rxq is in netmap mode. Skip normal init. */ continue; } for (j = 0, fl = rxq->ifr_fl; j < rxq->ifr_nfl; j++, fl++) { ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362621 - head/sys/net
Author: vmaffione Date: Thu Jun 25 19:35:43 2020 New Revision: 362621 URL: https://svnweb.freebsd.org/changeset/base/362621 Log: iflib: netmap: add per-tx-queue netmap support Reviewed by: gallatin MFC after:2 weeks Differential Revision:https://reviews.freebsd.org/D25253 Modified: head/sys/net/iflib.c Modified: head/sys/net/iflib.c == --- head/sys/net/iflib.cThu Jun 25 19:35:37 2020(r362620) +++ head/sys/net/iflib.cThu Jun 25 19:35:43 2020(r362621) @@ -1235,7 +1235,9 @@ iflib_netmap_timer_adjust(if_ctx_t ctx, iflib_txq_t tx uint16_t txqid; txqid = txq->ift_id; - kring = NA(ctx->ifc_ifp)->tx_rings[txqid]; + kring = netmap_kring_on(NA(ctx->ifc_ifp), txqid, NR_TX); + if (kring == NULL) + return; if (kring->nr_hwcur != nm_next(kring->nr_hwtail, kring->nkr_num_slots - 1)) { bus_dmamap_sync(txq->ift_ifdi->idi_tag, txq->ift_ifdi->idi_map, @@ -3756,20 +3758,12 @@ _task_fn_tx(void *context) #ifdef IFLIB_DIAGNOSTICS txq->ift_cpu_exec_count[curcpu]++; #endif - if (!(if_getdrvflags(ctx->ifc_ifp) & IFF_DRV_RUNNING)) + if (!(if_getdrvflags(ifp) & IFF_DRV_RUNNING)) return; #ifdef DEV_NETMAP - if (if_getcapenable(ifp) & IFCAP_NETMAP) { - bus_dmamap_sync(txq->ift_ifdi->idi_tag, txq->ift_ifdi->idi_map, - BUS_DMASYNC_POSTREAD); - if (ctx->isc_txd_credits_update(ctx->ifc_softc, txq->ift_id, false)) - netmap_tx_irq(ifp, txq->ift_id); - if (ctx->ifc_flags & IFC_LEGACY) - IFDI_INTR_ENABLE(ctx); - else - IFDI_TX_QUEUE_INTR_ENABLE(ctx, txq->ift_id); - return; - } + if ((if_getcapenable(ifp) & IFCAP_NETMAP) && + netmap_tx_irq(ifp, txq->ift_id)) + goto skip_ifmp; #endif #ifdef ALTQ if (ALTQ_IS_ENABLED(>if_snd)) @@ -3784,6 +3778,9 @@ _task_fn_tx(void *context) */ if (abdicate) ifmp_ring_check_drainage(txq->ift_br, TX_BATCH_SIZE); +#ifdef DEV_NETMAP +skip_ifmp: +#endif if (ctx->ifc_flags & IFC_LEGACY) IFDI_INTR_ENABLE(ctx); else ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362620 - head/secure/lib/libcrypto
Author: gordon Date: Thu Jun 25 19:35:37 2020 New Revision: 362620 URL: https://svnweb.freebsd.org/changeset/base/362620 Log: Revert OPENSSL_NO_SSL3_METHOD to keep ABI compatibility. This define caused a couple of symbols to disappear. To keep ABI compatibility, we are going to keep the symbols exposed, but leave SSLv3 as not in the default config (this is what OPENSSL_NO_SSL3 achieves). The ramifications of this is an application can still use SSLv3 if it specifically calls the SSLv3_method family of APIs. Reported by: kib, others Reviewed by: kib Differential Revision:https://reviews.freebsd.org/D25451 Modified: head/secure/lib/libcrypto/opensslconf.h.in Modified: head/secure/lib/libcrypto/opensslconf.h.in == --- head/secure/lib/libcrypto/opensslconf.h.in Thu Jun 25 19:27:22 2020 (r362619) +++ head/secure/lib/libcrypto/opensslconf.h.in Thu Jun 25 19:35:37 2020 (r362620) @@ -79,9 +79,6 @@ extern "C" { #ifndef OPENSSL_NO_SSL3 # define OPENSSL_NO_SSL3 #endif -#ifndef OPENSSL_NO_SSL3_METHOD -# define OPENSSL_NO_SSL3_METHOD -#endif #ifndef OPENSSL_NO_UBSAN # define OPENSSL_NO_UBSAN #endif ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362619 - head/sbin/ipfw
Author: markj Date: Thu Jun 25 19:27:22 2020 New Revision: 362619 URL: https://svnweb.freebsd.org/changeset/base/362619 Log: ipfw: Support the literal IPv6 address syntax in the fwd command. Discussed with: rgrimes, Lutz Donnerhacke Submitted by: Neel Chauhan MFC after:2 weeks Differential Revision:https://reviews.freebsd.org/D24011 Modified: head/sbin/ipfw/ipfw2.c Modified: head/sbin/ipfw/ipfw2.c == --- head/sbin/ipfw/ipfw2.c Thu Jun 25 19:12:27 2020(r362618) +++ head/sbin/ipfw/ipfw2.c Thu Jun 25 19:27:22 2020(r362619) @@ -3990,8 +3990,7 @@ chkarg: * IPv4 a.b.c.d,port * IPv4 a.b.c.d:port * IPv6 w:x:y::z,port -* The ':' can only be used with hostname and IPv4 address. -* XXX-BZ Should we also support [w:x:y::z]:port? +* IPv6 [w:x:y::z]:port */ struct sockaddr_storage result; struct addrinfo *res; @@ -4001,33 +4000,45 @@ chkarg: NEED1("missing forward address[:port]"); - /* -* locate the address-port separator (':' or ',') -*/ - s = strchr(*av, ','); - if (s == NULL) { - /* Distinguish between IPv4:port and IPv6 cases. */ - s = strchr(*av, ':'); - if (s && strchr(s+1, ':')) - s = NULL; /* no port */ - } - - port_number = 0; - if (s != NULL) { - /* Terminate host portion and set s to start of port. */ - *(s++) = '\0'; - i = strtoport(s, , 0 /* base */, 0 /* proto */); - if (s == end) - errx(EX_DATAERR, - "illegal forwarding port ``%s''", s); - port_number = (u_short)i; - } - if (_substrcmp(*av, "tablearg") == 0) { family = PF_INET; ((struct sockaddr_in*))->sin_addr.s_addr = INADDR_ANY; } else { + /* +* Are we an bracket-enclosed IPv6 address? +*/ + if (strchr(*av, '[')) + (*av)++; + + /* +* locate the address-port separator (':' or ',') +*/ + s = strchr(*av, ','); + if (s == NULL) { + s = strchr(*av, ']'); + /* Prevent erroneous parsing on brackets. */ + if (s != NULL) + *(s++) = '\0'; + else + s = *av; + + /* Distinguish between IPv4:port and IPv6 cases. */ + s = strchr(s, ':'); + if (s && strchr(s+1, ':')) + s = NULL; /* no port */ + } + + if (s != NULL) { + /* Terminate host portion and set s to start of port. */ + *(s++) = '\0'; + i = strtoport(s, , 0 /* base */, 0 /* proto */); + if (s == end) + errx(EX_DATAERR, + "illegal forwarding port ``%s''", s); + port_number = (u_short)i; + } + /* * Resolve the host name or address to a family and a * network representation of the address. ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362618 - head/sys/conf
Author: markj Date: Thu Jun 25 19:12:27 2020 New Revision: 362618 URL: https://svnweb.freebsd.org/changeset/base/362618 Log: Add SCTP_SUPPORT to the default kernel options. Otherwise out-of-tree module builds will be broken for a lack of a definition of MK_SCTP_SUPPORT. Reported by: Michael Butler MFC with: r362614 Sponsored by: The FreeBSD Foundation Modified: head/sys/conf/kern.opts.mk Modified: head/sys/conf/kern.opts.mk == --- head/sys/conf/kern.opts.mk Thu Jun 25 17:44:14 2020(r362617) +++ head/sys/conf/kern.opts.mk Thu Jun 25 19:12:27 2020(r362618) @@ -42,6 +42,7 @@ __DEFAULT_YES_OPTIONS = \ KERNEL_SYMBOLS \ NETGRAPH \ PF \ +SCTP_SUPPORT \ SOURCELESS_HOST \ SOURCELESS_UCODE \ TESTS \ ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362617 - head/sys/sys
Author: dougm Date: Thu Jun 25 17:44:14 2020 New Revision: 362617 URL: https://svnweb.freebsd.org/changeset/base/362617 Log: Eliminate the color field from the RB element struct. Identify the color of a node (or, really, the color of the link from the parent to the node) by using one of the last two bits of the parent pointer in that parent node. Adjust rebalancing methods to account for where colors are stored, and the fact that null children have a color too. Adjust RB_PARENT and RB_SET_PARENT to account for this change. Reviewed by: markj Tested by:pho, hselasky Differential Revision:https://reviews.freebsd.org/D25418 Modified: head/sys/sys/tree.h Modified: head/sys/sys/tree.h == --- head/sys/sys/tree.h Thu Jun 25 17:04:22 2020(r362616) +++ head/sys/sys/tree.h Thu Jun 25 17:44:14 2020(r362617) @@ -307,38 +307,60 @@ struct name { \ (root)->rbh_root = NULL;\ } while (/*CONSTCOND*/ 0) -#define RB_BLACK 0 -#define RB_RED 1 #define RB_ENTRY(type) \ struct { \ struct type *rbe_left; /* left element */ \ struct type *rbe_right; /* right element */ \ struct type *rbe_parent;/* parent element */\ - int rbe_color; /* node color */\ } #define RB_LEFT(elm, field)(elm)->field.rbe_left #define RB_RIGHT(elm, field) (elm)->field.rbe_right -#define RB_PARENT(elm, field) (elm)->field.rbe_parent -#define RB_COLOR(elm, field) (elm)->field.rbe_color -#define RB_ISRED(elm, field) ((elm) != NULL && RB_COLOR(elm, field) == RB_RED) + +/* + * With the expectation that any object of struct type has an + * address that is a multiple of 4, and that therefore the + * 2 least significant bits of a pointer to struct type are + * always zero, this implementation sets those bits to indicate + * that the left or right child of the tree node is "red". + */ +#define RB_UP(elm, field) (elm)->field.rbe_parent +#define RB_BITS(elm, field)*(__uintptr_t *)_UP(elm, field) +#define RB_RED_L (__uintptr_t)1 +#define RB_RED_R (__uintptr_t)2 +#define RB_RED_MASK(__uintptr_t)3 +#define RB_FLIP_LEFT(elm, field) (RB_BITS(elm, field) ^= RB_RED_L) +#define RB_FLIP_RIGHT(elm, field) (RB_BITS(elm, field) ^= RB_RED_R) +#define RB_RED_LEFT(elm, field)((RB_BITS(elm, field) & RB_RED_L) != 0) +#define RB_RED_RIGHT(elm, field) ((RB_BITS(elm, field) & RB_RED_R) != 0) +#define RB_PARENT(elm, field) ((__typeof(RB_UP(elm, field))) \ +(RB_BITS(elm, field) & ~RB_RED_MASK)) + +/* + * This header may appear in user code where 'bool' is not defined, + * so it defines its own boolean type to avoid breaking that code. + */ +#define RB_BOOLint +#define RB_TRUE1 +#define RB_FALSE 0 + #define RB_ROOT(head) (head)->rbh_root #define RB_EMPTY(head) (RB_ROOT(head) == NULL) #define RB_SET_PARENT(dst, src, field) do {\ - RB_PARENT(dst, field) = src;\ + RB_BITS(dst, field) &= RB_RED_MASK; \ + RB_BITS(dst, field) |= (__uintptr_t)src;\ } while (/*CONSTCOND*/ 0) #define RB_SET(elm, parent, field) do { \ - RB_SET_PARENT(elm, parent, field); \ + RB_UP(elm, field) = parent; \ RB_LEFT(elm, field) = RB_RIGHT(elm, field) = NULL; \ - RB_COLOR(elm, field) = RB_RED; \ } while (/*CONSTCOND*/ 0) -#define RB_SET_BLACKRED(black, red, field) do { \ - RB_COLOR(black, field) = RB_BLACK; \ - RB_COLOR(red, field) = RB_RED; \ -} while (/*CONSTCOND*/ 0) +#define RB_COLOR(elm, field) (RB_PARENT(elm, field) == NULL ? RB_FALSE : \ + RB_LEFT(RB_PARENT(elm, field), field) == elm ? \ + RB_RED_LEFT(RB_PARENT(elm, field), field) : \ + RB_RED_RIGHT(RB_PARENT(elm, field), field)) /* * Something to be invoked in a loop at the root of every modified subtree, @@ -442,106 +464,123 @@ struct { \ attr void
svn commit: r362616 - in head/sys/dev/cxgbe: . crypto cxgbei tom
Author: np Date: Thu Jun 25 17:04:22 2020 New Revision: 362616 URL: https://svnweb.freebsd.org/changeset/base/362616 Log: cxgbe(4): Add a pointer to the adapter softc in vi_info. There were quite a few places where port_info was being accessed only to get to the adapter. Reviewed by: jhb@ MFC after:1 week Sponsored by: Chelsio Communications Differential Revision:https://reviews.freebsd.org/D25432 Modified: head/sys/dev/cxgbe/adapter.h head/sys/dev/cxgbe/crypto/t4_kern_tls.c head/sys/dev/cxgbe/cxgbei/icl_cxgbei.c head/sys/dev/cxgbe/t4_main.c head/sys/dev/cxgbe/t4_netmap.c head/sys/dev/cxgbe/t4_sge.c head/sys/dev/cxgbe/t4_vf.c head/sys/dev/cxgbe/tom/t4_listen.c head/sys/dev/cxgbe/tom/t4_tom.c Modified: head/sys/dev/cxgbe/adapter.h == --- head/sys/dev/cxgbe/adapter.hThu Jun 25 16:46:27 2020 (r362615) +++ head/sys/dev/cxgbe/adapter.hThu Jun 25 17:04:22 2020 (r362616) @@ -190,6 +190,7 @@ enum { struct vi_info { device_t dev; struct port_info *pi; + struct adapter *adapter; struct ifnet *ifp; struct pfil_head *pfil; @@ -953,22 +954,22 @@ struct adapter { #define TXQ_LOCK_ASSERT_NOTOWNED(txq) EQ_LOCK_ASSERT_NOTOWNED(&(txq)->eq) #define for_each_txq(vi, iter, q) \ - for (q = >pi->adapter->sge.txq[vi->first_txq], iter = 0; \ + for (q = >adapter->sge.txq[vi->first_txq], iter = 0; \ iter < vi->ntxq; ++iter, ++q) #define for_each_rxq(vi, iter, q) \ - for (q = >pi->adapter->sge.rxq[vi->first_rxq], iter = 0; \ + for (q = >adapter->sge.rxq[vi->first_rxq], iter = 0; \ iter < vi->nrxq; ++iter, ++q) #define for_each_ofld_txq(vi, iter, q) \ - for (q = >pi->adapter->sge.ofld_txq[vi->first_ofld_txq], iter = 0; \ + for (q = >adapter->sge.ofld_txq[vi->first_ofld_txq], iter = 0; \ iter < vi->nofldtxq; ++iter, ++q) #define for_each_ofld_rxq(vi, iter, q) \ - for (q = >pi->adapter->sge.ofld_rxq[vi->first_ofld_rxq], iter = 0; \ + for (q = >adapter->sge.ofld_rxq[vi->first_ofld_rxq], iter = 0; \ iter < vi->nofldrxq; ++iter, ++q) #define for_each_nm_txq(vi, iter, q) \ - for (q = >pi->adapter->sge.nm_txq[vi->first_nm_txq], iter = 0; \ + for (q = >adapter->sge.nm_txq[vi->first_nm_txq], iter = 0; \ iter < vi->nnmtxq; ++iter, ++q) #define for_each_nm_rxq(vi, iter, q) \ - for (q = >pi->adapter->sge.nm_rxq[vi->first_nm_rxq], iter = 0; \ + for (q = >adapter->sge.nm_rxq[vi->first_nm_rxq], iter = 0; \ iter < vi->nnmrxq; ++iter, ++q) #define for_each_vi(_pi, _iter, _vi) \ for ((_vi) = (_pi)->vi, (_iter) = 0; (_iter) < (_pi)->nvi; \ Modified: head/sys/dev/cxgbe/crypto/t4_kern_tls.c == --- head/sys/dev/cxgbe/crypto/t4_kern_tls.c Thu Jun 25 16:46:27 2020 (r362615) +++ head/sys/dev/cxgbe/crypto/t4_kern_tls.c Thu Jun 25 17:04:22 2020 (r362616) @@ -587,7 +587,7 @@ cxgbe_tls_tag_alloc(struct ifnet *ifp, union if_snd_ta } vi = ifp->if_softc; - sc = vi->pi->adapter; + sc = vi->adapter; tlsp = alloc_tlspcb(ifp, vi, M_WAITOK); Modified: head/sys/dev/cxgbe/cxgbei/icl_cxgbei.c == --- head/sys/dev/cxgbe/cxgbei/icl_cxgbei.c Thu Jun 25 16:46:27 2020 (r362615) +++ head/sys/dev/cxgbe/cxgbei/icl_cxgbei.c Thu Jun 25 17:04:22 2020 (r362616) @@ -673,7 +673,7 @@ icl_cxgbei_conn_handoff(struct icl_conn *ic, int fd) MPASS(tp->tod != NULL); MPASS(tp->t_toe != NULL); toep = tp->t_toe; - MPASS(toep->vi->pi->adapter == icc->sc); + MPASS(toep->vi->adapter == icc->sc); icc->toep = toep; icc->cwt = cxgbei_select_worker_thread(icc); Modified: head/sys/dev/cxgbe/t4_main.c == --- head/sys/dev/cxgbe/t4_main.cThu Jun 25 16:46:27 2020 (r362615) +++ head/sys/dev/cxgbe/t4_main.cThu Jun 25 17:04:22 2020 (r362616) @@ -1345,6 +1345,7 @@ t4_attach(device_t dev) pi->nvi = num_vis; for_each_vi(pi, j, vi) { vi->pi = pi; + vi->adapter = sc; vi->qsize_rxq = t4_qsize_rxq; vi->qsize_txq = t4_qsize_txq; @@ -1748,11 +1749,11 @@ cxgbe_vi_attach(device_t dev, struct vi_info *vi) ifp->if_capabilities = T4_CAP; ifp->if_capenable = T4_CAP_ENABLE; #ifdef TCP_OFFLOAD - if (vi->nofldrxq != 0 && (vi->pi->adapter->flags & KERN_TLS_OK) == 0) + if (vi->nofldrxq != 0 && (vi->adapter->flags & KERN_TLS_OK) == 0)
svn commit: r362615 - head/usr.bin/limits
Author: fernape (ports committer) Date: Thu Jun 25 16:46:27 2020 New Revision: 362615 URL: https://svnweb.freebsd.org/changeset/base/362615 Log: limits(1): Add EXAMPLES section * Add four examples showing flags -e, -b, -d, -s * Remove extra space at the end of the line reported by igor Approved by: bcr@ Differential Revision:https://reviews.freebsd.org/D25426 Modified: head/usr.bin/limits/limits.1 Modified: head/usr.bin/limits/limits.1 == --- head/usr.bin/limits/limits.1Thu Jun 25 15:25:00 2020 (r362614) +++ head/usr.bin/limits/limits.1Thu Jun 25 16:46:27 2020 (r362615) @@ -19,7 +19,7 @@ .\" .\" $FreeBSD$ .\" -.Dd May 26, 2020 +.Dd June 25, 2020 .Dt LIMITS 1 .Os .Sh NAME @@ -376,6 +376,44 @@ exits with a status of .Dv EXIT_SUCCESS . When run in command mode and execution of the command succeeds, the exit status will be whatever the executed program returns. +.Sh EXAMPLES +Show current stack size limit: +.Bd -literal -offset indent +$ limits -s +Resource limits (current): + stacksize 524288 kB +.Ed +.Pp +Try to run +.Xr ls 1 +with 1 byte of +.Va datasize +limit: +.Bd -literal -offset indent +$ limits -d 1b ls +Data segment size exceeds process limit +Abort trap +.Ed +.Pp +Produce +.Ql eval mode +output to limit +.Va sbsize +to 1 byte. +Output obtained when command is run from +.Xr sh 1 : +.Bd -literal -offset indent +$ limits -e -b 1b +ulimit -b 512; +.Ed +.Pp +Same as above from +.Xr csh 1 +.Bd -literal -offset indent +% limits -e -b 1b +limit -h sbsize 512; +limit sbsize 512; +.Ed .Sh SEE ALSO .Xr csh 1 , .Xr env 1 , @@ -396,7 +434,7 @@ utility first appeared in The .Nm utility was written by -.An David Nugent Aq Mt dav...@freebsd.org . +.An David Nugent Aq Mt dav...@freebsd.org . .Sh BUGS The .Nm ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r362613 - in head/sys: dev/md fs/tmpfs kern vm
On Thu, Jun 25, 2020 at 03:21:22PM +, Mark Johnston wrote: > Author: markj > Date: Thu Jun 25 15:21:21 2020 > New Revision: 362613 > URL: https://svnweb.freebsd.org/changeset/base/362613 > > Log: > Call swap_pager_freespace() from vm_object_page_remove(). > > All vm_object_page_remove() callers, except > linux_invalidate_mapping_pages() in the LinuxKPI, free swap space when > removing a range of pages from an object. The LinuxKPI case appears to > be an unintentional omission that could result in leaked swap blocks, so > unconditionally free swap space in vm_object_page_remove() to protect > against similar bugs in the future. > > Reviewed by:alc, kib > Tested by: pho > Sponsored by: The FreeBSD Foundation > Differential Revision: https://reviews.freebsd.org/D25329 I forgot to add an MFC tag. I intend to MFC this commit. ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362614 - head/sys/conf
Author: markj Date: Thu Jun 25 15:25:00 2020 New Revision: 362614 URL: https://svnweb.freebsd.org/changeset/base/362614 Log: Add SCTP_SUPPORT handling to config.mk. Reviewed by: jhb, tuexen MFC after:2 weeks Sponsored by: The FreeBSD Foundation Differential Revision:https://reviews.freebsd.org/D25402 Modified: head/sys/conf/config.mk Modified: head/sys/conf/config.mk == --- head/sys/conf/config.mk Thu Jun 25 15:21:21 2020(r362613) +++ head/sys/conf/config.mk Thu Jun 25 15:25:00 2020(r362614) @@ -44,6 +44,10 @@ opt_printf.h: echo "#define PRINTF_BUFR_SIZE 128" > ${.TARGET} opt_scsi.h: echo "#define SCSI_DELAY 15000" > ${.TARGET} +.if ${MK_SCTP_SUPPORT} != "no" +opt_sctp.h: + @echo "#define SCTP_SUPPORT 1" > ${.TARGET} +.endif opt_wlan.h: echo "#define IEEE80211_DEBUG 1" > ${.TARGET} echo "#define IEEE80211_SUPPORT_MESH 1" >> ${.TARGET} @@ -64,6 +68,9 @@ KERN_OPTS+= INET6 .endif .if ${MK_IPSEC_SUPPORT} != "no" KERN_OPTS+= IPSEC_SUPPORT +.endif +.if ${MK_SCTP_SUPPORT} != "no" +KERN_OPTS+= SCTP_SUPPORT .endif .elif !defined(KERN_OPTS) # Add all the options that are mentioned in any opt_*.h file when we ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362613 - in head/sys: dev/md fs/tmpfs kern vm
Author: markj Date: Thu Jun 25 15:21:21 2020 New Revision: 362613 URL: https://svnweb.freebsd.org/changeset/base/362613 Log: Call swap_pager_freespace() from vm_object_page_remove(). All vm_object_page_remove() callers, except linux_invalidate_mapping_pages() in the LinuxKPI, free swap space when removing a range of pages from an object. The LinuxKPI case appears to be an unintentional omission that could result in leaked swap blocks, so unconditionally free swap space in vm_object_page_remove() to protect against similar bugs in the future. Reviewed by: alc, kib Tested by:pho Sponsored by: The FreeBSD Foundation Differential Revision:https://reviews.freebsd.org/D25329 Modified: head/sys/dev/md/md.c head/sys/fs/tmpfs/tmpfs_subr.c head/sys/kern/uipc_shm.c head/sys/vm/vm_map.c head/sys/vm/vm_object.c Modified: head/sys/dev/md/md.c == --- head/sys/dev/md/md.cThu Jun 25 12:35:20 2020(r362612) +++ head/sys/dev/md/md.cThu Jun 25 15:21:21 2020(r362613) @@ -1566,8 +1566,6 @@ mdresize(struct md_s *sc, struct md_req *mdr) if (newpages < oldpages) { VM_OBJECT_WLOCK(sc->object); vm_object_page_remove(sc->object, newpages, 0, 0); - swap_pager_freespace(sc->object, newpages, - oldpages - newpages); swap_release_by_cred(IDX_TO_OFF(oldpages - newpages), sc->cred); sc->object->charge = IDX_TO_OFF(newpages); Modified: head/sys/fs/tmpfs/tmpfs_subr.c == --- head/sys/fs/tmpfs/tmpfs_subr.c Thu Jun 25 12:35:20 2020 (r362612) +++ head/sys/fs/tmpfs/tmpfs_subr.c Thu Jun 25 15:21:21 2020 (r362613) @@ -1517,11 +1517,8 @@ retry: /* * Release any swap space and free any whole pages. */ - if (newpages < oldpages) { - swap_pager_freespace(uobj, newpages, oldpages - - newpages); + if (newpages < oldpages) vm_object_page_remove(uobj, newpages, 0, 0); - } } uobj->size = newpages; VM_OBJECT_WUNLOCK(uobj); Modified: head/sys/kern/uipc_shm.c == --- head/sys/kern/uipc_shm.cThu Jun 25 12:35:20 2020(r362612) +++ head/sys/kern/uipc_shm.cThu Jun 25 15:21:21 2020(r362613) @@ -540,14 +540,9 @@ retry: } delta = IDX_TO_OFF(object->size - nobjsize); - /* Toss in memory pages. */ if (nobjsize < object->size) vm_object_page_remove(object, nobjsize, object->size, 0); - - /* Toss pages from swap. */ - if (object->type == OBJT_SWAP) - swap_pager_freespace(object, nobjsize, delta); /* Free the swap accounted for shm */ swap_release_by_cred(delta, object->cred); Modified: head/sys/vm/vm_map.c == --- head/sys/vm/vm_map.cThu Jun 25 12:35:20 2020(r362612) +++ head/sys/vm/vm_map.cThu Jun 25 15:21:21 2020(r362613) @@ -3644,7 +3644,7 @@ static void vm_map_entry_delete(vm_map_t map, vm_map_entry_t entry) { vm_object_t object; - vm_pindex_t offidxstart, offidxend, count, size1; + vm_pindex_t offidxstart, offidxend, size1; vm_size_t size; vm_map_entry_unlink(map, entry, UNLINK_MERGE_NONE); @@ -3673,9 +3673,8 @@ vm_map_entry_delete(vm_map_t map, vm_map_entry_t entry KASSERT(entry->cred == NULL || object->cred == NULL || (entry->eflags & MAP_ENTRY_NEEDS_COPY), ("OVERCOMMIT vm_map_entry_delete: both cred %p", entry)); - count = atop(size); offidxstart = OFF_TO_IDX(entry->offset); - offidxend = offidxstart + count; + offidxend = offidxstart + atop(size); VM_OBJECT_WLOCK(object); if (object->ref_count != 1 && ((object->flags & OBJ_ONEMAPPING) != 0 || @@ -3690,9 +3689,6 @@ vm_map_entry_delete(vm_map_t map, vm_map_entry_t entry */ vm_object_page_remove(object, offidxstart, offidxend, OBJPR_NOTMAPPED); - if (object->type == OBJT_SWAP) - swap_pager_freespace(object, offidxstart, - count); if (offidxend >= object->size && offidxstart
Re: svn commit: r362612 - head/usr.sbin/bhyve
On 6/25/20 2:35 PM, Pawel Biernacki wrote: > Author: kaktus > Date: Thu Jun 25 12:35:20 2020 > New Revision: 362612 > URL: https://svnweb.freebsd.org/changeset/base/362612 > > Log: > bhyve: allow for automatic destruction on power-off > > Introduce -D flag that allows for the VM to be destroyed on guest initiated > power-off by the bhyve(8) process itself. > This is quality of life change that allows for simpler deployments without > the need for bhyvectl --destroy. > > Requested by: swills > Reviewed by:0mp (manpages), grehan, kib, swills > Approved by:kib (mentor) > MFC after: 2 weeks > Sponsored by: Mysterious Code Ltd. > Differential Revision: https://reviews.freebsd.org/D25414 Relnotes: yes? ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362612 - head/usr.sbin/bhyve
Author: kaktus Date: Thu Jun 25 12:35:20 2020 New Revision: 362612 URL: https://svnweb.freebsd.org/changeset/base/362612 Log: bhyve: allow for automatic destruction on power-off Introduce -D flag that allows for the VM to be destroyed on guest initiated power-off by the bhyve(8) process itself. This is quality of life change that allows for simpler deployments without the need for bhyvectl --destroy. Requested by: swills Reviewed by: 0mp (manpages), grehan, kib, swills Approved by: kib (mentor) MFC after:2 weeks Sponsored by: Mysterious Code Ltd. Differential Revision:https://reviews.freebsd.org/D25414 Modified: head/usr.sbin/bhyve/bhyve.8 head/usr.sbin/bhyve/bhyverun.c Modified: head/usr.sbin/bhyve/bhyve.8 == --- head/usr.sbin/bhyve/bhyve.8 Thu Jun 25 12:31:05 2020(r362611) +++ head/usr.sbin/bhyve/bhyve.8 Thu Jun 25 12:35:20 2020(r362612) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd May 18, 2020 +.Dd Jun 25, 2020 .Dt BHYVE 8 .Os .Sh NAME @@ -32,7 +32,7 @@ .Nd "run a guest operating system inside a virtual machine" .Sh SYNOPSIS .Nm -.Op Fl AabCeHhPSuWwxY +.Op Fl AabCDeHhPSuWwxY .Oo .Sm off .Fl c\~ @@ -131,6 +131,8 @@ If a is specified more than once the last one has precedence. .It Fl C Include guest memory in core file. +.It Fl D +Destroy the VM on guest initiated power-off. .It Fl e Force .Nm Modified: head/usr.sbin/bhyve/bhyverun.c == --- head/usr.sbin/bhyve/bhyverun.c Thu Jun 25 12:31:05 2020 (r362611) +++ head/usr.sbin/bhyve/bhyverun.c Thu Jun 25 12:35:20 2020 (r362612) @@ -197,6 +197,7 @@ static int gdb_port = 0; static int guest_vmexit_on_hlt, guest_vmexit_on_pause; static int virtio_msix = 1; static int x2apic_mode = 0;/* default is xAPIC */ +static int destroy_on_poweroff = 0; static int strictio; static int strictmsr = 1; @@ -236,7 +237,7 @@ usage(int code) { fprintf(stderr, - "Usage: %s [-abehuwxACHPSWY]\n" + "Usage: %s [-abehuwxACDHPSWY]\n" " %*s [-c [[cpus=]numcpus][,sockets=n][,cores=n][,threads=n]]\n" " %*s [-g ] [-l ]\n" " %*s [-m mem] [-p vcpu:hostcpu] [-s ] [-U uuid] \n" @@ -244,6 +245,7 @@ usage(int code) " -A: create ACPI tables\n" " -c: number of cpus and/or topology specification\n" " -C: include guest memory in core file\n" + " -D: destroy on power-off\n" " -e: exit on unhandled I/O access\n" " -g: gdb port\n" " -h: help\n" @@ -815,6 +817,8 @@ vmexit_suspend(struct vmctx *ctx, struct vm_exit *vmex case VM_SUSPEND_RESET: exit(0); case VM_SUSPEND_POWEROFF: + if (destroy_on_poweroff) + vm_destroy(ctx); exit(1); case VM_SUSPEND_HALT: exit(2); @@ -1101,9 +1105,9 @@ main(int argc, char *argv[]) memflags = 0; #ifdef BHYVE_SNAPSHOT - optstr = "abehuwxACHIPSWYp:g:G:c:s:m:l:U:r:"; + optstr = "abehuwxACDHIPSWYp:g:G:c:s:m:l:U:r:"; #else - optstr = "abehuwxACHIPSWYp:g:G:c:s:m:l:U:"; + optstr = "abehuwxACDHIPSWYp:g:G:c:s:m:l:U:"; #endif while ((c = getopt(argc, argv, optstr)) != -1) { switch (c) { @@ -1115,6 +1119,9 @@ main(int argc, char *argv[]) break; case 'b': bvmcons = 1; + break; + case 'D': + destroy_on_poweroff = 1; break; case 'p': if (pincpu_parse(optarg) != 0) { ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362611 - head/lib/libc/sys
Author: kaktus Date: Thu Jun 25 12:31:05 2020 New Revision: 362611 URL: https://svnweb.freebsd.org/changeset/base/362611 Log: man page of select(2) should mention pselect(2) Reviewed by: bcr (manpages), kib, trasz Approved by: kib (mentor) MFC after:7 days Sponsored by: Mysterious Code Ltd. Differential Revision:https://reviews.freebsd.org/D25169 Modified: head/lib/libc/sys/select.2 Modified: head/lib/libc/sys/select.2 == --- head/lib/libc/sys/select.2 Thu Jun 25 11:41:28 2020(r362610) +++ head/lib/libc/sys/select.2 Thu Jun 25 12:31:05 2020(r362611) @@ -28,7 +28,7 @@ .\" @(#)select.2 8.2 (Berkeley) 3/25/94 .\" $FreeBSD$ .\" -.Dd November 17, 2002 +.Dd June 25, 2020 .Dt SELECT 2 .Os .Sh NAME @@ -172,6 +172,7 @@ was invalid. .Xr gettimeofday 2 , .Xr kqueue 2 , .Xr poll 2 , +.Xr pselect 2 , .Xr read 2 , .Xr recv 2 , .Xr send 2 , ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362610 - head/share/man/man7
Author: lwhsu Date: Thu Jun 25 11:41:28 2020 New Revision: 362610 URL: https://svnweb.freebsd.org/changeset/base/362610 Log: Update tests(7) as kyua(1) was imported to base in r359260 PR: 247151 Reported by: 0mp Reviewed by: 0mp, asomers, bcr, emaste, markj Suggested from: brooks, ngie Sponsored by: The FreeBSD Foundation Differential Revision:https://reviews.freebsd.org/D25339 Modified: head/share/man/man7/tests.7 Modified: head/share/man/man7/tests.7 == --- head/share/man/man7/tests.7 Thu Jun 25 08:15:10 2020(r362609) +++ head/share/man/man7/tests.7 Thu Jun 25 11:41:28 2020(r362610) @@ -26,7 +26,7 @@ .\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN .\" IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd June 2, 2019 +.Dd June 25, 2020 .Dt TESTS 7 .Os .Sh NAME @@ -61,10 +61,6 @@ some of its optional features. For information on writing the tests, see .Xr atf 7 . .Ss Installing the test suite -The test suite is installed by default as of -.Fx -11.0-RELEASE. -.Pp If the .Pa /usr/tests directory is missing, then you will have to enable the build of the test @@ -102,11 +98,7 @@ third-party packages or manual modifications to config introduce unexpected failures. .El .Ss Running the tests -First, you will need to install the -.Sq devel/kyua -package from -.Xr ports 7 . -Then use the following command to run the whole test suite: +Use the following command to run the whole test suite: .Bd -literal -offset indent $ kyua test -k /usr/tests/Kyuafile .Ed @@ -158,7 +150,7 @@ skipped. .Pp Test suites are configured by defining their configuration variables in -.Pa /usr/local/etc/kyua/kyua.conf . +.Pa /etc/kyua/kyua.conf . The format of this file is detailed in .Xr kyua.conf 5 . .Pp @@ -205,8 +197,8 @@ For more details please refer to: .Lk https://www.freebsd.org/support.html "Problem Reporting" .El .Sh FILES -.Bl -tag -compact -width usrXlocalXetcXkyuaXkyuaXconfXX -.It Pa /usr/local/etc/kyua/kyua.conf +.Bl -tag -compact -width "/etc/kyua/kyua.conf" +.It Pa /etc/kyua/kyua.conf System-wide configuration file for .Xr kyua 1 . .It Pa ~/.kyua/kyua.conf @@ -230,7 +222,9 @@ Top-level test suite definition file. The .Fx Test Suite first appeared in -.Fx 10.1 . +.Fx 10.1 +and was installed by default in +.Fx 11.0 . .Pp The .Nm @@ -238,5 +232,12 @@ manual page first appeared in .Nx 6.0 and was later ported to .Fx 10.1 . +.Pp +The test driver, +.Xr kyua 1 , +was imported as part of the base system in +.Fx 13.0 , +previously being available only in +.Xr ports 7 . .Sh AUTHORS .An Julio Merino Aq Mt j...@freebsd.org ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r362587 - in head: . lib/clang/libclang share/mk targets/pseudo/bootstrap-tools targets/pseudo/clang tools/build/mk tools/build/options usr.bin/clang
On 6/24/20 7:03 PM, Conrad Meyer wrote: > Author: cem > Date: Wed Jun 24 17:03:42 2020 > New Revision: 362587 > URL: https://svnweb.freebsd.org/changeset/base/362587 > > Log: > Add WITH_CLANG_FORMAT option > > clang-format is enabled conditional on either WITH_CLANG_EXTRAS or > WITH_CLANG_FORMAT. Some sources in libclang are build conditional on > either rule, and obviously the clang-format binary itself depends on the > rule. > > clang-format could still use a manual page. There is only --help available, right? ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362609 - in head: contrib/llvm-project/clang/include/clang/Driver contrib/llvm-project/clang/lib/Basic/Targets contrib/llvm-project/clang/lib/Driver contrib/llvm-project/clang/lib/Driv...
Author: dim Date: Thu Jun 25 08:15:10 2020 New Revision: 362609 URL: https://svnweb.freebsd.org/changeset/base/362609 Log: Merge llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and openmp llvmorg-10.0.0-129-gd24d5c8e308. Getting closer to 10.0.1-rc2. MFC after:3 weeks Added: head/contrib/llvm-project/llvm/include/llvm/CodeGen/RDFGraph.h - copied unchanged from r362594, vendor/llvm-project/release-10.x/llvm/include/llvm/CodeGen/RDFGraph.h head/contrib/llvm-project/llvm/include/llvm/CodeGen/RDFLiveness.h - copied unchanged from r362594, vendor/llvm-project/release-10.x/llvm/include/llvm/CodeGen/RDFLiveness.h head/contrib/llvm-project/llvm/include/llvm/CodeGen/RDFRegisters.h - copied unchanged from r362594, vendor/llvm-project/release-10.x/llvm/include/llvm/CodeGen/RDFRegisters.h head/contrib/llvm-project/llvm/lib/CodeGen/RDFGraph.cpp - copied unchanged from r362594, vendor/llvm-project/release-10.x/llvm/lib/CodeGen/RDFGraph.cpp head/contrib/llvm-project/llvm/lib/CodeGen/RDFLiveness.cpp - copied unchanged from r362594, vendor/llvm-project/release-10.x/llvm/lib/CodeGen/RDFLiveness.cpp head/contrib/llvm-project/llvm/lib/CodeGen/RDFRegisters.cpp - copied unchanged from r362594, vendor/llvm-project/release-10.x/llvm/lib/CodeGen/RDFRegisters.cpp head/contrib/llvm-project/llvm/lib/Target/X86/ImmutableGraph.h - copied unchanged from r362594, vendor/llvm-project/release-10.x/llvm/lib/Target/X86/ImmutableGraph.h head/contrib/llvm-project/llvm/lib/Target/X86/X86IndirectThunks.cpp - copied unchanged from r362594, vendor/llvm-project/release-10.x/llvm/lib/Target/X86/X86IndirectThunks.cpp head/contrib/llvm-project/llvm/lib/Target/X86/X86LoadValueInjectionLoadHardening.cpp - copied unchanged from r362594, vendor/llvm-project/release-10.x/llvm/lib/Target/X86/X86LoadValueInjectionLoadHardening.cpp head/contrib/llvm-project/llvm/lib/Target/X86/X86LoadValueInjectionRetHardening.cpp - copied unchanged from r362594, vendor/llvm-project/release-10.x/llvm/lib/Target/X86/X86LoadValueInjectionRetHardening.cpp Deleted: head/contrib/llvm-project/llvm/lib/Target/Hexagon/RDFGraph.cpp head/contrib/llvm-project/llvm/lib/Target/Hexagon/RDFGraph.h head/contrib/llvm-project/llvm/lib/Target/Hexagon/RDFLiveness.cpp head/contrib/llvm-project/llvm/lib/Target/Hexagon/RDFLiveness.h head/contrib/llvm-project/llvm/lib/Target/Hexagon/RDFRegisters.cpp head/contrib/llvm-project/llvm/lib/Target/Hexagon/RDFRegisters.h head/contrib/llvm-project/llvm/lib/Target/X86/X86RetpolineThunks.cpp Modified: head/contrib/llvm-project/clang/include/clang/Driver/Options.td head/contrib/llvm-project/clang/lib/Basic/Targets/PPC.h head/contrib/llvm-project/clang/lib/Driver/SanitizerArgs.cpp head/contrib/llvm-project/clang/lib/Driver/ToolChain.cpp head/contrib/llvm-project/clang/lib/Driver/ToolChains/Arch/X86.cpp head/contrib/llvm-project/llvm/include/llvm/IR/IntrinsicsPowerPC.td head/contrib/llvm-project/llvm/include/llvm/Support/ManagedStatic.h head/contrib/llvm-project/llvm/include/llvm/Target/TargetSelectionDAG.td head/contrib/llvm-project/llvm/lib/LTO/LTO.cpp head/contrib/llvm-project/llvm/lib/Target/BPF/BPFISelDAGToDAG.cpp head/contrib/llvm-project/llvm/lib/Target/BPF/BTFDebug.cpp head/contrib/llvm-project/llvm/lib/Target/Hexagon/HexagonOptAddrMode.cpp head/contrib/llvm-project/llvm/lib/Target/Hexagon/HexagonRDFOpt.cpp head/contrib/llvm-project/llvm/lib/Target/Hexagon/RDFCopy.cpp head/contrib/llvm-project/llvm/lib/Target/Hexagon/RDFCopy.h head/contrib/llvm-project/llvm/lib/Target/Hexagon/RDFDeadCode.cpp head/contrib/llvm-project/llvm/lib/Target/Hexagon/RDFDeadCode.h head/contrib/llvm-project/llvm/lib/Target/PowerPC/P9InstrResources.td head/contrib/llvm-project/llvm/lib/Target/PowerPC/PPC.td head/contrib/llvm-project/llvm/lib/Target/PowerPC/PPCISelLowering.cpp head/contrib/llvm-project/llvm/lib/Target/PowerPC/PPCISelLowering.h head/contrib/llvm-project/llvm/lib/Target/PowerPC/PPCInstrAltivec.td head/contrib/llvm-project/llvm/lib/Target/PowerPC/PPCInstrInfo.cpp head/contrib/llvm-project/llvm/lib/Target/PowerPC/PPCInstrVSX.td head/contrib/llvm-project/llvm/lib/Target/PowerPC/PPCSubtarget.h head/contrib/llvm-project/llvm/lib/Target/X86/X86.h head/contrib/llvm-project/llvm/lib/Target/X86/X86.td head/contrib/llvm-project/llvm/lib/Target/X86/X86FastISel.cpp head/contrib/llvm-project/llvm/lib/Target/X86/X86FrameLowering.cpp head/contrib/llvm-project/llvm/lib/Target/X86/X86ISelDAGToDAG.cpp head/contrib/llvm-project/llvm/lib/Target/X86/X86ISelLowering.cpp head/contrib/llvm-project/llvm/lib/Target/X86/X86ISelLowering.h head/contrib/llvm-project/llvm/lib/Target/X86/X86InstrCompiler.td head/contrib/llvm-project/llvm/lib/Target/X86/X86InstrControl.td head/contrib/llvm-project/llvm/lib/Target/X86/X86InstrInfo.td head/contrib/llvm-project/llvm/lib/Target/X86/X86MCInstLower.cpp
Re: svn commit: r362608 - stable/11/libexec/rtld-elf
On Thu, Jun 25, 2020 at 06:39:19AM +, Konstantin Belousov wrote: > Author: kib > Date: Thu Jun 25 06:39:18 2020 > New Revision: 362608 > URL: https://svnweb.freebsd.org/changeset/base/362608 > > Log: > MFC r362347: > rtld: Apply relro to itself. On stable/11, due to the configuration of old bfd ld, rtld does not have relro segment, so this is a merge to keep code similar between branches. > > Modified: > stable/11/libexec/rtld-elf/rtld.c > Directory Properties: > stable/11/ (props changed) > > Modified: stable/11/libexec/rtld-elf/rtld.c > == > --- stable/11/libexec/rtld-elf/rtld.c Thu Jun 25 05:44:06 2020 > (r362607) > +++ stable/11/libexec/rtld-elf/rtld.c Thu Jun 25 06:39:18 2020 > (r362608) > @@ -2209,6 +2209,7 @@ init_rtld(caddr_t mapbase, Elf_Auxinfo **aux_info) > obj_rtld.path = xstrdup(ld_path_rtld); > > parse_rtld_phdr(_rtld); > +obj_enforce_relro(_rtld); > > r_debug.r_brk = r_debug_state; > r_debug.r_state = RT_CONSISTENT; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362608 - stable/11/libexec/rtld-elf
Author: kib Date: Thu Jun 25 06:39:18 2020 New Revision: 362608 URL: https://svnweb.freebsd.org/changeset/base/362608 Log: MFC r362347: rtld: Apply relro to itself. Modified: stable/11/libexec/rtld-elf/rtld.c Directory Properties: stable/11/ (props changed) Modified: stable/11/libexec/rtld-elf/rtld.c == --- stable/11/libexec/rtld-elf/rtld.c Thu Jun 25 05:44:06 2020 (r362607) +++ stable/11/libexec/rtld-elf/rtld.c Thu Jun 25 06:39:18 2020 (r362608) @@ -2209,6 +2209,7 @@ init_rtld(caddr_t mapbase, Elf_Auxinfo **aux_info) obj_rtld.path = xstrdup(ld_path_rtld); parse_rtld_phdr(_rtld); +obj_enforce_relro(_rtld); r_debug.r_brk = r_debug_state; r_debug.r_state = RT_CONSISTENT; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"